diff options
Diffstat (limited to 'includes/controller')
| -rw-r--r-- | includes/controller/api.php | 355 | ||||
| -rw-r--r-- | includes/controller/user_angeltypes_controller.php | 2 | ||||
| -rw-r--r-- | includes/controller/users_controller.php | 47 |
3 files changed, 31 insertions, 373 deletions
diff --git a/includes/controller/api.php b/includes/controller/api.php deleted file mode 100644 index 9ecd3a2f..00000000 --- a/includes/controller/api.php +++ /dev/null @@ -1,355 +0,0 @@ -<?php - -/************************************************************************************************ - * API Documentation - ************************************************************************************************ - -General: --------- -All API calls output JSON-encoded data. Client parameters should be passed encoded using JSON in HTTP POST data. -Every API Request must be contained the Api Key (using JSON parameter 'key') and the Command (using JSON parameter 'cmd'). - - -Testing API calls (using curl): -------------------------------- -$ curl -d '{"cmd":"getVersion"}' '<Address>/?p=api' -$ curl -d '{"cmd":"getApiKey","user":"admin","pw":"admin"}' '<Address>/?p=api' -$ curl -d '{"key":"<key>","cmd":"getRoom"}' '<Address>/?p=api' -$ curl -d '{"key":"<key>","cmd":"sendmessage","uid":"23","text":"test message"}' '<Address>/?p=api' - -Methods without key: --------------------- -getVersion - Description: - Returns API version. - Parameters: - nothing - Return Example: - {"status":"success","version": "1"} - -getApiKey - Description: - Returns API Key version. - Parameters: - user (string) - pw (string) - Return Example: - {"status":"success","Key":"1234567890123456789012"} - -Methods with Key: ------------------ -getRoom - Description: - Returns a list of all Rooms (no id set) or details of a single Room (requested id) - Parameters: - id (integer) - Room ID - Return Example: - [{"RID":"1"},{"RID":"23"},{"RID":"42"}] - {"RID":"1","Name":"Room Name","Man":null,"FromPentabarf":"","show":"Y","Number":"0"} - -getAngelType - Description: - Returns a list of all Angel Types (no id set) or details of a single Angel Type (requested id) - Parameters: - id (integer) - Type ID - Return Example: - [{"id":"8"},{"id":"9"}] - {"id":"9","name":"Angeltypes 2","restricted":"0"} - -getUser - Description: - Returns a list of all Users (no id set) or details of a single User (requested id) - Parameters: - id (integer) - User ID - Return Example: - [{"UID":"1"},{"UID":"23"},{"UID":"42"}] - {"UID":"1","Nick":"admin","Name":"Gates","Vorname":"Bill","Telefon":"","DECT":"","Handy":"","email":"","jabber":"","Avatar":"115"} - -getShift - Description: - Returns a list of all Shifte (no id set, filter is optional) or details of a single Shift (requested id) - Parameters: - id (integer) - Shift ID - filterRoom (Array of integer) - Array of Room IDs (optional, for list request) - filterTask (Array of integer) - Array if Task (optional, for list request) - filterOccupancy (integer) - Occupancy state: (optional, for list request) - 1 occupied - 2 free - 3 occupied and free - Return Example: - [{"SID":"1"},{"SID":"2"},{"SID":"3"}] - {"SID":"10","start":"1388264400","end":"1388271600","RID":"1","name":"Shift 1","URL":null,"PSID":null,\ - "ShiftEntry":[{"TID":"8","UID":"4","freeloaded":"0"}], - "NeedAngels":[{"TID":"8","count":"1","restricted":"0","taken":1},{"TID":"9","count":"2","restricted":"0","taken":0}]} - -getMessage - Description: - Returns a list of all Messages (no id set) or details of a single Message (requested id) - Parameters: - id (integer) - Message ID - Return Example: - [{"id":"1"},{"id":"2"},{"id":"3"}] - {"id":"3","Datum":"1388247583","SUID":"23","RUID":"42","isRead":"N","Text":"message text"} - -sendMessage - Description: - send a Message to an other angel - Parameters: - uid (integer) - User ID of the reciever - text (string) - Message Text - Return Example: - {"status":"success"} - -************************************************************************************************/ - -/** - * General API Controller - */ -function api_controller() { - global $user, $DataJson; - - header("Content-Type: application/json; charset=utf-8"); - - // decode JSON request - $input = file_get_contents("php://input"); - $input = json_decode($input, true); - $_REQUEST = $input; - - // get command - $cmd = ''; - if (isset($_REQUEST['cmd'])) - $cmd = strtolower($_REQUEST['cmd']); - - // decode commands, without key - switch ($cmd) { - case 'getversion': - getVersion(); - die(json_encode($DataJson)); - break; - case 'getapikey': - getApiKey(); - die(json_encode($DataJson)); - break; - } - - // get API KEY - if (isset($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}$/", $_REQUEST['key'])) - $key = $_REQUEST['key']; - else - die(json_encode(array( - 'status' => 'failed', - 'error' => 'Missing parameter "key".' - ))); - - // check API key - $user = User_by_api_key($key); - if ($user === false) - die(json_encode(array( - 'status' => 'failed', - 'error' => 'Unable to find user' - ))); - if ($user == null) - die(json_encode(array( - 'status' => 'failed', - 'error' => 'Key invalid.' - ))); - - // decode command - switch ($cmd) { - case 'getroom': - getRoom(); - break; - case 'getangeltype': - getAngelType(); - break; - case 'getuser': - // TODO Dataleak! Only coordinators are allowed to see so much user informations. - //getUser(); - break; - case 'getshift': - getShift(); - break; - case 'getmessage': - // TODO Dataleak! - //getMessage(); - break; - case 'sendmessage': - sendMessage(); - break; - default: - $DataJson = array( - 'status' => 'failed', - 'error' => 'Unknown Command "' . $cmd . '"' - ); - } - - // check - if ($DataJson === false) { - $DataJson = array( - 'status' => 'failed', - 'error' => 'DataJson === false' - ); - } elseif ($DataJson == null) { - $DataJson = array( - 'status' => 'failed', - 'error' => 'DataJson == null' - ); - } - - echo json_encode($DataJson); - die(); -} - -/** - * Get Version of API - */ -function getVersion() { - global $DataJson; - - $DataJson = array( - 'status' => 'success', - 'Version' => 1 - ); -} - -/** - * Get API Key - */ -function getApiKey() { - global $DataJson; - - if (! isset($_REQUEST['user'])) { - $DataJson = array( - 'status' => 'failed', - 'error' => 'Missing parameter "user".' - ); - } elseif (! isset($_REQUEST['pw'])) { - $DataJson = array( - 'status' => 'failed', - 'error' => 'Missing parameter "pw".' - ); - } else { - $Erg = sql_select("SELECT `UID`, `Passwort`, `api_key` FROM `User` WHERE `Nick`='" . sql_escape($_REQUEST['user']) . "'"); - - if (count($Erg) == 1) { - $Erg = $Erg[0]; - if (verify_password($_REQUEST['pw'], $Erg["Passwort"], $Erg["UID"])) { - $key = $Erg["api_key"]; - $DataJson = array( - 'status' => 'success', - 'Key' => $key - ); - } else { - $DataJson = array( - 'status' => 'failed', - 'error' => 'PW wrong' - ); - } - } else { - $DataJson = array( - 'status' => 'failed', - 'error' => 'User not found.' - ); - } - } - - sleep(1); -} - -/** - * Get Room - */ -function getRoom() { - global $DataJson; - - if (isset($_REQUEST['id'])) { - $DataJson = Room($_REQUEST['id']); - } else { - $DataJson = Room_ids(); - } -} - -/** - * Get AngelType - */ -function getAngelType() { - global $DataJson; - - if (isset($_REQUEST['id'])) { - $DataJson = AngelType($_REQUEST['id']); - } else { - $DataJson = AngelType_ids(); - } -} - -/** - * Get User - */ -function getUser() { - global $DataJson; - - if (isset($_REQUEST['id'])) { - $DataJson = mUser_Limit($_REQUEST['id']); - } else { - $DataJson = User_ids(); - } -} - -/** - * Get Shift - */ -function getShift() { - global $DataJson; - - if (isset($_REQUEST['id'])) { - $DataJson = Shift($_REQUEST['id']); - } else { - $DataJson = Shifts_filtered(); - } -} - -/** - * @TODO: Why are ALL messages of ALL users returned? Data leak. It is not checked if this is my message! - * Get Message - */ -function getMessage() { - global $DataJson; - - if (isset($_REQUEST['id'])) { - $DataJson = Message($_REQUEST['id']); - } else { - $DataJson = Message_ids(); - } -} - -/** - * Send Message - */ -function sendMessage() { - global $DataJson; - - if (! isset($_REQUEST['uid'])) { - $DataJson = array( - 'status' => 'failed', - 'error' => 'Missing parameter "uid".' - ); - } elseif (! isset($_REQUEST['text'])) { - $DataJson = array( - 'status' => 'failed', - 'error' => 'Missing parameter "text".' - ); - } else { - if (Message_send($_REQUEST['uid'], $_REQUEST['text']) === true) { - $DataJson = array( - 'status' => 'success' - ); - } else { - $DataJson = array( - 'status' => 'failed', - 'error' => 'Transmitting was terminated with an Error.' - ); - } - } -} - -?> diff --git a/includes/controller/user_angeltypes_controller.php b/includes/controller/user_angeltypes_controller.php index 66abc589..f76f10ae 100644 --- a/includes/controller/user_angeltypes_controller.php +++ b/includes/controller/user_angeltypes_controller.php @@ -14,7 +14,7 @@ function user_angeltypes_unconfirmed_hint() { $unconfirmed_links = []; foreach ($unconfirmed_user_angeltypes as $user_angeltype) - $unconfirmed_links[] = '<a href="' . page_link_to('angeltypes') . '&action=view&angeltype_id=' . $user_angeltype['angeltype_id'] . '">' . $user_angeltype['name'] . '</a>'; + $unconfirmed_links[] = '<a href="' . page_link_to('angeltypes') . '&action=view&angeltype_id=' . $user_angeltype['angeltype_id'] . '">' . $user_angeltype['name'] . ' (+' . $user_angeltype['count'] . ')' . '</a>'; return info(sprintf(ngettext("There is %d unconfirmed angeltype.", "There are %d unconfirmed angeltypes.", count($unconfirmed_user_angeltypes)), count($unconfirmed_user_angeltypes)) . " " . _('Angel types which need approvals:') . ' ' . join(', ', $unconfirmed_links), true); } diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php index 7810ce77..067fc4aa 100644 --- a/includes/controller/users_controller.php +++ b/includes/controller/users_controller.php @@ -22,8 +22,8 @@ function users_controller() { return user_edit_controller(); case 'delete': return user_delete_controller(); - case 'got_voucher': - return user_got_voucher_controller(); + case 'edit_vouchers': + return user_edit_vouchers_controller(); } } @@ -35,7 +35,7 @@ function user_link($user) { return page_link_to('users') . '&action=view&user_id=' . $user['UID']; } -function user_got_voucher_controller() { +function user_edit_vouchers_controller() { global $privileges, $user; if (isset($_REQUEST['user_id'])) { @@ -43,24 +43,37 @@ function user_got_voucher_controller() { } else $user_source = $user; - $admin_user_privilege = in_array('admin_user', $privileges); - if (! in_array('admin_user', $privileges)) redirect(page_link_to('')); - if (! isset($_REQUEST['got_voucher'])) - redirect(page_link_to('')); - - $user_source['got_voucher'] = $_REQUEST['got_voucher'] == 'true'; - - $result = User_update($user_source); - if ($result === false) - engelsystem_error('Unable to update user.'); - - success($user_source['got_voucher'] ? _('User got vouchers.') : _('User didnt got vouchers.')); - engelsystem_log(User_Nick_render($user_source) . ($user_source['got_voucher'] ? ' got vouchers' : ' didnt got vouchers')); + if (isset($_REQUEST['submit'])) { + $ok = true; + + if (isset($_REQUEST['vouchers']) && test_request_int('vouchers') && trim($_REQUEST['vouchers']) >= 0) + $vouchers = trim($_REQUEST['vouchers']); + else { + $ok = false; + error(_("Please enter a valid number of vouchers.")); + } + + if ($ok) { + $user_source['got_voucher'] = $vouchers; + + $result = User_update($user_source); + if ($result === false) + engelsystem_error('Unable to update user.'); + + success(_("Saved the number of vouchers.")); + engelsystem_log(User_Nick_render($user_source) . ': ' . sprintf("Got %s vouchers", $user_source['got_voucher'])); + + redirect(user_link($user_source)); + } + } - redirect(user_link($user_source)); + return array( + sprintf(_("%s's vouchers"), $user_source['Nick']), + User_edit_vouchers_view($user_source) + ); } function user_controller() { |