diff options
Diffstat (limited to 'includes/model')
-rw-r--r-- | includes/model/AngelType_model.php | 12 | ||||
-rw-r--r-- | includes/model/LogEntries_model.php | 11 | ||||
-rw-r--r-- | includes/model/Message_model.php | 6 | ||||
-rw-r--r-- | includes/model/NeededAngelTypes_model.php | 4 | ||||
-rw-r--r-- | includes/model/Room_model.php | 35 | ||||
-rw-r--r-- | includes/model/ShiftEntry_model.php | 18 | ||||
-rw-r--r-- | includes/model/ShiftTypes_model.php | 6 | ||||
-rw-r--r-- | includes/model/Shifts_model.php | 54 | ||||
-rw-r--r-- | includes/model/UserAngelTypes_model.php | 48 | ||||
-rw-r--r-- | includes/model/UserGroups_model.php | 2 | ||||
-rw-r--r-- | includes/model/User_model.php | 73 |
11 files changed, 177 insertions, 92 deletions
diff --git a/includes/model/AngelType_model.php b/includes/model/AngelType_model.php index d0119e6f..5e7f4fb6 100644 --- a/includes/model/AngelType_model.php +++ b/includes/model/AngelType_model.php @@ -8,7 +8,7 @@ function AngelType_delete($angeltype) { return sql_query(" DELETE FROM `AngelTypes` - WHERE `id`=" . sql_escape($angeltype['id']) . " + WHERE `id`='" . sql_escape($angeltype['id']) . "' LIMIT 1"); } @@ -24,9 +24,9 @@ function AngelType_update($angeltype_id, $name, $restricted, $description) { return sql_query(" UPDATE `AngelTypes` SET `name`='" . sql_escape($name) . "', - `restricted`=" . sql_escape($restricted ? 1 : 0) . ", + `restricted`='" . sql_escape($restricted ? 1 : 0) . "', `description`='" . sql_escape($description) . "' - WHERE `id`=" . sql_escape($angeltype_id) . " + WHERE `id`='" . sql_escape($angeltype_id) . "' LIMIT 1"); } @@ -42,7 +42,7 @@ function AngelType_create($name, $restricted, $description) { $result = sql_query(" INSERT INTO `AngelTypes` SET `name`='" . sql_escape($name) . "', - `restricted`=" . sql_escape($restricted ? 1 : 0) . ", + `restricted`='" . sql_escape($restricted ? 1 : 0) . "', `description`='" . sql_escape($description) . "'"); if ($result === false) return false; @@ -69,7 +69,7 @@ function AngelType_validate_name($name, $angeltype) { SELECT * FROM `AngelTypes` WHERE `name`='" . sql_escape($name) . "' - AND NOT `id`=" . sql_escape($angeltype['id']) . " + AND NOT `id`='" . sql_escape($angeltype['id']) . "' LIMIT 1") == 0, $name ); @@ -130,7 +130,7 @@ function AngelType_ids() { * ID */ function AngelType($id) { - $angelType_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + $angelType_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($id) . "' LIMIT 1"); if ($angelType_source === false) return false; if (count($angelType_source) > 0) diff --git a/includes/model/LogEntries_model.php b/includes/model/LogEntries_model.php index 2e8a8cf7..8b7f65a0 100644 --- a/includes/model/LogEntries_model.php +++ b/includes/model/LogEntries_model.php @@ -8,11 +8,11 @@ * Message */ function LogEntry_create($nick, $message) { - return sql_query("INSERT INTO `LogEntries` SET `timestamp`=" . sql_escape(time()) . ", `nick`='" . sql_escape($nick) . "', `message`='" . sql_escape($message) . "'"); + return sql_query("INSERT INTO `LogEntries` SET `timestamp`='" . sql_escape(time()) . "', `nick`='" . sql_escape($nick) . "', `message`='" . sql_escape($message) . "'"); } /** - * Returns log entries of the last 24 hours with maximum count of 1000. + * Returns log entries with maximum count of 10000. */ function LogEntries() { return sql_select("SELECT * FROM `LogEntries` ORDER BY `timestamp` DESC LIMIT 10000"); @@ -25,4 +25,11 @@ function LogEntries_filter($keyword) { return sql_select("SELECT * FROM `LogEntries` WHERE `nick` LIKE '%" . sql_escape($keyword) . "%' OR `message` LIKE '%" . sql_escape($keyword) . "%' ORDER BY `timestamp` DESC"); } +/** + * Delete all log entries. + */ +function LogEntries_clear_all() { + return sql_query("TRUNCATE `LogEntries`"); +} + ?> diff --git a/includes/model/Message_model.php b/includes/model/Message_model.php index 1e1923e8..7bae0dd4 100644 --- a/includes/model/Message_model.php +++ b/includes/model/Message_model.php @@ -14,7 +14,7 @@ function Message_ids() { * ID */ function Message($id) { - $message_source = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + $message_source = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1"); if ($message_source === false) return false; if (count($message_source) > 0) @@ -38,8 +38,8 @@ function Message_send($id, $text) { $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($text)); $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($id)); - if (($text != "" && is_numeric($to)) && (sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0)) { - sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'"); + if (($text != "" && is_numeric($to)) && (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($to) . "' AND NOT `UID`='" . sql_escape($user['UID']) . "' LIMIT 1") > 0)) { + sql_query("INSERT INTO `Messages` SET `Datum`='" . sql_escape(time()) . "', `SUID`='" . sql_escape($user['UID']) . "', `RUID`='" . sql_escape($to) . "', `Text`='" . sql_escape($text) . "'"); return true; } else { return false; diff --git a/includes/model/NeededAngelTypes_model.php b/includes/model/NeededAngelTypes_model.php index e9176d34..8d6b8cce 100644 --- a/includes/model/NeededAngelTypes_model.php +++ b/includes/model/NeededAngelTypes_model.php @@ -10,7 +10,7 @@ function NeededAngelTypes_by_shift($shiftId) { SELECT `NeededAngelTypes`.*, `AngelTypes`.`name`, `AngelTypes`.`restricted` FROM `NeededAngelTypes` JOIN `AngelTypes` ON `AngelTypes`.`id` = `NeededAngelTypes`.`angel_type_id` - WHERE `shift_id`=" . sql_escape($shiftId) . " + WHERE `shift_id`='" . sql_escape($shiftId) . "' AND `count` > 0 ORDER BY `room_id` DESC "); @@ -24,7 +24,7 @@ function NeededAngelTypes_by_shift($shiftId) { FROM `NeededAngelTypes` JOIN `AngelTypes` ON `AngelTypes`.`id` = `NeededAngelTypes`.`angel_type_id` JOIN `Shifts` ON `Shifts`.`RID` = `NeededAngelTypes`.`room_id` - WHERE `Shifts`.`SID`=" . sql_escape($shiftId) . " + WHERE `Shifts`.`SID`='" . sql_escape($shiftId) . "' AND `count` > 0 ORDER BY `room_id` DESC "); diff --git a/includes/model/Room_model.php b/includes/model/Room_model.php index c48abc78..2868916e 100644 --- a/includes/model/Room_model.php +++ b/includes/model/Room_model.php @@ -1,15 +1,33 @@ <?php /** - * Returns room id array + * Delete a room + * @param int $room_id */ -function Room_ids() { - $room_source = sql_select("SELECT `RID` FROM `Room` WHERE `show` = 'Y'"); - if ($room_source === false) +function Room_delete($room_id) { + return sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($room_id)); +} + +/** + * Create a new room + * + * @param string $name + * Name of the room + * @param boolean $from_frab + * Is this a frab imported room? + * @param boolean $public + * Is the room visible for angels? + */ +function Room_create($name, $from_frab, $public) { + $result = sql_query(" + INSERT INTO `Room` SET + `Name`='" . sql_escape($name) . "', + `FromPentabarf`='" . sql_escape($from_frab ? 'Y' : 'N') . "', + `show`='" . sql_escape($public ? 'Y' : 'N') . "', + `Number`=0"); + if ($result === false) return false; - if (count($room_source) > 0) - return $room_source; - return null; + return sql_id(); } /** @@ -18,7 +36,8 @@ function Room_ids() { * @param $id RID */ function Room($id) { - $room_source = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($id) . " AND `show` = 'Y' LIMIT 1"); + $room_source = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($id) . "' AND `show` = 'Y'"); + if ($room_source === false) return false; if (count($room_source) > 0) diff --git a/includes/model/ShiftEntry_model.php b/includes/model/ShiftEntry_model.php index 5129f15a..008531ff 100644 --- a/includes/model/ShiftEntry_model.php +++ b/includes/model/ShiftEntry_model.php @@ -16,7 +16,7 @@ function ShiftEntries_by_shift($shift_id) { FROM `ShiftEntry` JOIN `User` ON `ShiftEntry`.`UID`=`User`.`UID` JOIN `AngelTypes` ON `ShiftEntry`.`TID`=`AngelTypes`.`id` - WHERE `ShiftEntry`.`SID`=" . sql_escape($shift_id)); + WHERE `ShiftEntry`.`SID`='" . sql_escape($shift_id) . "'"); } /** @@ -27,12 +27,12 @@ function ShiftEntries_by_shift($shift_id) { function ShiftEntry_create($shift_entry) { mail_shift_assign(User($shift_entry['UID']), Shift($shift_entry['SID'])); return sql_query("INSERT INTO `ShiftEntry` SET - `SID`=" . sql_escape($shift_entry['SID']) . ", - `TID`=" . sql_escape($shift_entry['TID']) . ", - `UID`=" . sql_escape($shift_entry['UID']) . ", + `SID`='" . sql_escape($shift_entry['SID']) . "', + `TID`='" . sql_escape($shift_entry['TID']) . "', + `UID`='" . sql_escape($shift_entry['UID']) . "', `Comment`='" . sql_escape($shift_entry['Comment']) . "', `freeload_comment`='" . sql_escape($shift_entry['freeload_comment']) . "', - `freeloaded`=" . sql_escape($shift_entry['freeloaded'] ? 'TRUE' : 'FALSE')); + `freeloaded`=" . sql_bool($shift_entry['freeloaded'])); } /** @@ -42,15 +42,15 @@ function ShiftEntry_update($shift_entry) { return sql_query("UPDATE `ShiftEntry` SET `Comment`='" . sql_escape($shift_entry['Comment']) . "', `freeload_comment`='" . sql_escape($shift_entry['freeload_comment']) . "', - `freeloaded`=" . sql_escape($shift_entry['freeloaded'] ? 'TRUE' : 'FALSE') . " - WHERE `id`=" . sql_escape($shift_entry['id'])); + `freeloaded`=" . sql_bool($shift_entry['freeloaded']) . " + WHERE `id`='" . sql_escape($shift_entry['id']) . "'"); } /** * Get a shift entry. */ function ShiftEntry($shift_entry_id) { - $shift_entry = sql_select("SELECT * FROM `ShiftEntry` WHERE `id`=" . sql_escape($shift_entry_id)); + $shift_entry = sql_select("SELECT * FROM `ShiftEntry` WHERE `id`='" . sql_escape($shift_entry_id) . "'"); if ($shift_entry === false) return false; if (count($shift_entry) == 0) @@ -64,7 +64,7 @@ function ShiftEntry($shift_entry_id) { function ShiftEntry_delete($shift_entry_id) { $shift_entry = ShiftEntry($shift_entry_id); mail_shift_removed(User($shift_entry['UID']), Shift($shift_entry['SID'])); - return sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($shift_entry_id)); + return sql_query("DELETE FROM `ShiftEntry` WHERE `id`='" . sql_escape($shift_entry_id) . "'"); } /** diff --git a/includes/model/ShiftTypes_model.php b/includes/model/ShiftTypes_model.php index 7b502585..7f057da8 100644 --- a/includes/model/ShiftTypes_model.php +++ b/includes/model/ShiftTypes_model.php @@ -5,7 +5,7 @@ * @param int $shifttype_id */ function ShiftType_delete($shifttype_id) { - return sql_query("DELETE FROM `ShiftTypes` WHERE `id`=" . sql_escape($shifttype_id)); + return sql_query("DELETE FROM `ShiftTypes` WHERE `id`='" . sql_escape($shifttype_id) . "'"); } /** @@ -21,7 +21,7 @@ function ShiftType_update($shifttype_id, $name, $angeltype_id, $description) { `name`='" . sql_escape($name) . "', `angeltype_id`=" . sql_null($angeltype_id) . ", `description`='" . sql_escape($description) . "' - WHERE `id`=" . sql_escape($shifttype_id)); + WHERE `id`='" . sql_escape($shifttype_id) . "'"); } /** @@ -48,7 +48,7 @@ function ShiftType_create($name, $angeltype_id, $description) { * @param int $shifttype_id */ function ShiftType($shifttype_id) { - $shifttype = sql_select("SELECT * FROM `ShiftTypes` WHERE `id`=" . sql_escape($shifttype_id)); + $shifttype = sql_select("SELECT * FROM `ShiftTypes` WHERE `id`='" . sql_escape($shifttype_id) . "'"); if ($shifttype === false) return false; if ($shifttype == null) diff --git a/includes/model/Shifts_model.php b/includes/model/Shifts_model.php index 37c772bf..d32de0cb 100644 --- a/includes/model/Shifts_model.php +++ b/includes/model/Shifts_model.php @@ -43,11 +43,23 @@ function Shift_signup_allowed($shift, $angeltype, $user_angeltype = null, $user_ $signed_up = true; break; } + + $needed_angeltypes = NeededAngelTypes_by_shift($shift['SID']); + if ($needed_angeltypes === false) + engelsystem_error('Unable to load needed angel types.'); // is the shift still running or alternatively is the user shift admin? $user_may_join_shift = true; - // you cannot join if user alread joined a parallel or this shift + // you canot join if shift is full + foreach ($needed_angeltypes as $needed_angeltype) + if ($needed_angeltype['angel_type_id'] == $angeltype['id']) { + if ($needed_angeltype['taken'] >= $needed_angeltype['count']) + $user_may_join_shift = false; + break; + } + + // you cannot join if user alread joined a parallel or this shift $user_may_join_shift &= ! $collides; // you cannot join if you already singed up for this shift @@ -73,7 +85,7 @@ function Shift_signup_allowed($shift, $angeltype, $user_angeltype = null, $user_ * Delete a shift by its external id. */ function Shift_delete_by_psid($shift_psid) { - return sql_query("DELETE FROM `Shifts` WHERE `PSID`=" . sql_escape($shift_psid)); + return sql_query("DELETE FROM `Shifts` WHERE `PSID`='" . sql_escape($shift_psid) . "'"); } /** @@ -82,25 +94,28 @@ function Shift_delete_by_psid($shift_psid) { function Shift_delete($shift_id) { mail_shift_delete(Shift($shift_id)); - return sql_query("DELETE FROM `Shifts` WHERE `SID`=" . sql_escape($shift_id)); + return sql_query("DELETE FROM `Shifts` WHERE `SID`='" . sql_escape($shift_id) . "'"); } /** * Update a shift. */ function Shift_update($shift) { + global $user; $shift['name'] = ShiftType($shift['shifttype_id'])['name']; mail_shift_change(Shift($shift['SID']), $shift); return sql_query("UPDATE `Shifts` SET - `shifttype_id`=" . sql_escape($shift['shifttype_id']) . ", - `start`=" . sql_escape($shift['start']) . ", - `end`=" . sql_escape($shift['end']) . ", - `RID`=" . sql_escape($shift['RID']) . ", + `shifttype_id`='" . sql_escape($shift['shifttype_id']) . "', + `start`='" . sql_escape($shift['start']) . "', + `end`='" . sql_escape($shift['end']) . "', + `RID`='" . sql_escape($shift['RID']) . "', `title`=" . sql_null($shift['title']) . ", `URL`=" . sql_null($shift['URL']) . ", - `PSID`=" . sql_null($shift['PSID']) . " - WHERE `SID`=" . sql_escape($shift['SID'])); + `PSID`=" . sql_null($shift['PSID']) . ", + `edited_by_user_id`='" . sql_escape($user['UID']) . "', + `edited_at_timestamp`=" . time() . " + WHERE `SID`='" . sql_escape($shift['SID']) . "'"); } /** @@ -122,14 +137,17 @@ function Shift_update_by_psid($shift) { * @return new shift id or false */ function Shift_create($shift) { + global $user; $result = sql_query("INSERT INTO `Shifts` SET - `shifttype_id`=" . sql_escape($shift['shifttype_id']) . ", - `start`=" . sql_escape($shift['start']) . ", - `end`=" . sql_escape($shift['end']) . ", - `RID`=" . sql_escape($shift['RID']) . ", + `shifttype_id`='" . sql_escape($shift['shifttype_id']) . "', + `start`='" . sql_escape($shift['start']) . "', + `end`='" . sql_escape($shift['end']) . "', + `RID`='" . sql_escape($shift['RID']) . "', `title`=" . sql_null($shift['title']) . ", `URL`=" . sql_null($shift['URL']) . ", - `PSID`=" . sql_null($shift['PSID'])); + `PSID`=" . sql_null($shift['PSID']) . ", + `created_by_user_id`='" . sql_escape($user['UID']) . "', + `created_at_timestamp`=" . time()); if ($result === false) return false; return sql_id(); @@ -145,7 +163,7 @@ function Shifts_by_user($user) { JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) - WHERE `UID`=" . sql_escape($user['UID']) . " + WHERE `UID`='" . sql_escape($user['UID']) . "' ORDER BY `start` "); } @@ -161,7 +179,7 @@ function Shifts_filtered() { // filterRoom (Array of integer) - Array of Room IDs (optional, for list request) if (isset($_REQUEST['filterRoom']) && is_array($_REQUEST['filterRoom'])) { foreach ($_REQUEST['filterRoom'] as $key => $value) { - $filter .= ", `RID`=" . sql_escape($value) . " "; + $filter .= ", `RID`='" . sql_escape($value) . "' "; } } @@ -206,8 +224,8 @@ function Shift($id) { SELECT `Shifts`.*, `ShiftTypes`.`name` FROM `Shifts` JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`) - WHERE `SID`=" . sql_escape($id)); - $shiftsEntry_source = sql_select("SELECT `id`, `TID` , `UID` , `freeloaded` FROM `ShiftEntry` WHERE `SID`=" . sql_escape($id)); + WHERE `SID`='" . sql_escape($id) . "'"); + $shiftsEntry_source = sql_select("SELECT `id`, `TID` , `UID` , `freeloaded` FROM `ShiftEntry` WHERE `SID`='" . sql_escape($id) . "'"); if ($shifts_source === false) return false; diff --git a/includes/model/UserAngelTypes_model.php b/includes/model/UserAngelTypes_model.php index 7dcaef7a..b2ebd9fe 100644 --- a/includes/model/UserAngelTypes_model.php +++ b/includes/model/UserAngelTypes_model.php @@ -8,7 +8,7 @@ function User_angeltypes($user) { SELECT `AngelTypes`.*, `UserAngelTypes`.`confirm_user_id`, `UserAngelTypes`.`coordinator` FROM `UserAngelTypes` JOIN `AngelTypes` ON `UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id` - WHERE `UserAngelTypes`.`user_id`=" . sql_escape($user['UID']) . " + WHERE `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "' "); } @@ -19,13 +19,19 @@ function User_angeltypes($user) { */ function User_unconfirmed_AngelTypes($user) { return sql_select(" - SELECT `UnconfirmedMembers`.*, `AngelTypes`.`name` FROM `UserAngelTypes` + SELECT + `UserAngelTypes`.*, + `AngelTypes`.`name`, + count(`UnconfirmedMembers`.`user_id`) as `count` + FROM `UserAngelTypes` JOIN `AngelTypes` ON `UserAngelTypes`.`angeltype_id`=`AngelTypes`.`id` JOIN `UserAngelTypes` as `UnconfirmedMembers` ON `UserAngelTypes`.`angeltype_id`=`UnconfirmedMembers`.`angeltype_id` - WHERE `UserAngelTypes`.`user_id`=" . sql_escape($user['UID']) . " - AND `UserAngelTypes`.`coordinator`=TRUE - AND `AngelTypes`.`restricted`=TRUE - AND `UnconfirmedMembers`.`confirm_user_id` IS NULL"); + WHERE `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "' + AND `UserAngelTypes`.`coordinator`=TRUE + AND `AngelTypes`.`restricted`=TRUE + AND `UnconfirmedMembers`.`confirm_user_id` IS NULL + GROUP BY `UserAngelTypes`.`angeltype_id` + ORDER BY `AngelTypes`.`name`"); } /** @@ -38,8 +44,8 @@ function User_is_AngelType_coordinator($user, $angeltype) { return (sql_num_query(" SELECT `id` FROM `UserAngelTypes` - WHERE `user_id`=" . sql_escape($user['UID']) . " - AND `angeltype_id`=" . sql_escape($angeltype['id']) . " + WHERE `user_id`='" . sql_escape($user['UID']) . "' + AND `angeltype_id`='" . sql_escape($angeltype['id']) . "' AND `coordinator`=TRUE LIMIT 1") > 0) || in_array('admin_user_angeltypes', privileges_for_user($user['UID'])); } @@ -53,8 +59,8 @@ function User_is_AngelType_coordinator($user, $angeltype) { function UserAngelType_update($user_angeltype_id, $coordinator) { return sql_query(" UPDATE `UserAngelTypes` - SET `coordinator`=" . ($coordinator ? 'TRUE' : 'FALSE') . " - WHERE `id`=" . sql_escape($user_angeltype_id) . " + SET `coordinator`=" . sql_bool($coordinator) . " + WHERE `id`='" . sql_escape($user_angeltype_id) . "' LIMIT 1"); } @@ -66,7 +72,7 @@ function UserAngelType_update($user_angeltype_id, $coordinator) { function UserAngelTypes_delete_all($angeltype_id) { return sql_query(" DELETE FROM `UserAngelTypes` - WHERE `angeltype_id`=" . sql_escape($angeltype_id) . " + WHERE `angeltype_id`='" . sql_escape($angeltype_id) . "' AND `confirm_user_id` IS NULL"); } @@ -79,8 +85,8 @@ function UserAngelTypes_delete_all($angeltype_id) { function UserAngelTypes_confirm_all($angeltype_id, $confirm_user) { return sql_query(" UPDATE `UserAngelTypes` - SET `confirm_user_id`=" . sql_escape($confirm_user['UID']) . " - WHERE `angeltype_id`=" . sql_escape($angeltype_id) . " + SET `confirm_user_id`='" . sql_escape($confirm_user['UID']) . "' + WHERE `angeltype_id`='" . sql_escape($angeltype_id) . "' AND `confirm_user_id` IS NULL"); } @@ -93,8 +99,8 @@ function UserAngelTypes_confirm_all($angeltype_id, $confirm_user) { function UserAngelType_confirm($user_angeltype_id, $confirm_user) { return sql_query(" UPDATE `UserAngelTypes` - SET `confirm_user_id`=" . sql_escape($confirm_user['UID']) . " - WHERE `id`=" . sql_escape($user_angeltype_id) . " + SET `confirm_user_id`='" . sql_escape($confirm_user['UID']) . "' + WHERE `id`='" . sql_escape($user_angeltype_id) . "' LIMIT 1"); } @@ -106,7 +112,7 @@ function UserAngelType_confirm($user_angeltype_id, $confirm_user) { function UserAngelType_delete($user_angeltype) { return sql_query(" DELETE FROM `UserAngelTypes` - WHERE `id`=" . sql_escape($user_angeltype['id']) . " + WHERE `id`='" . sql_escape($user_angeltype['id']) . "' LIMIT 1"); } @@ -119,8 +125,8 @@ function UserAngelType_delete($user_angeltype) { function UserAngelType_create($user, $angeltype) { $result = sql_query(" INSERT INTO `UserAngelTypes` SET - `user_id`=" . sql_escape($user['UID']) . ", - `angeltype_id`=" . sql_escape($angeltype['id'])); + `user_id`='" . sql_escape($user['UID']) . "', + `angeltype_id`='" . sql_escape($angeltype['id']) . "'"); if ($result === false) return false; return sql_id(); @@ -135,7 +141,7 @@ function UserAngelType($user_angeltype_id) { $angeltype = sql_select(" SELECT * FROM `UserAngelTypes` - WHERE `id`=" . sql_escape($user_angeltype_id) . " + WHERE `id`='" . sql_escape($user_angeltype_id) . "' LIMIT 1"); if ($angeltype === false) return false; @@ -154,8 +160,8 @@ function UserAngelType_by_User_and_AngelType($user, $angeltype) { $angeltype = sql_select(" SELECT * FROM `UserAngelTypes` - WHERE `user_id`=" . sql_escape($user['UID']) . " - AND `angeltype_id`=" . sql_escape($angeltype['id']) . " + WHERE `user_id`='" . sql_escape($user['UID']) . "' + AND `angeltype_id`='" . sql_escape($angeltype['id']) . "' LIMIT 1"); if ($angeltype === false) return false; diff --git a/includes/model/UserGroups_model.php b/includes/model/UserGroups_model.php index 1d018386..766f402f 100644 --- a/includes/model/UserGroups_model.php +++ b/includes/model/UserGroups_model.php @@ -9,7 +9,7 @@ function User_groups($user) { SELECT `Groups`.* FROM `UserGroups` JOIN `Groups` ON `Groups`.`UID`=`UserGroups`.`group_id` - WHERE `UserGroups`.`uid`=" . sql_escape($user['UID']) . " + WHERE `UserGroups`.`uid`='" . sql_escape($user['UID']) . "' ORDER BY `UserGroups`.`group_id` "); } diff --git a/includes/model/User_model.php b/includes/model/User_model.php index a6c12f9d..bd3ec31f 100644 --- a/includes/model/User_model.php +++ b/includes/model/User_model.php @@ -5,6 +5,37 @@ */ /** + * Update user. + * + * @param User $user + */ +function User_update($user) { + return sql_query("UPDATE `User` SET + `Nick`='" . sql_escape($user['Nick']) . "', + `Name`='" . sql_escape($user['Name']) . "', + `Vorname`='" . sql_escape($user['Vorname']) . "', + `Alter`='" . sql_escape($user['Alter']) . "', + `Telefon`='" . sql_escape($user['Telefon']) . "', + `DECT`='" . sql_escape($user['DECT']) . "', + `Handy`='" . sql_escape($user['Handy']) . "', + `email`='" . sql_escape($user['email']) . "', + `email_shiftinfo`=" . sql_bool($user['email_shiftinfo']) . ", + `jabber`='" . sql_escape($user['jabber']) . "', + `Size`='" . sql_escape($user['Size']) . "', + `Gekommen`='" . sql_escape($user['Gekommen']) . "', + `Aktiv`='" . sql_escape($user['Aktiv']) . "', + `force_active`=" . sql_bool($user['force_active']) . ", + `Tshirt`='" . sql_escape($user['Tshirt']) . "', + `color`='" . sql_escape($user['color']) . "', + `Sprache`='" . sql_escape($user['Sprache']) . "', + `Hometown`='" . sql_escape($user['Hometown']) . "', + `got_voucher`='" . sql_escape($user['got_voucher']) . "', + `arrival_date`='" . sql_escape($user['arrival_date']) . "', + `planned_arrival_date`='" . sql_escape($user['planned_arrival_date']) . "' + WHERE `UID`='" . sql_escape($user['UID']) . "'"); +} + +/** * Counts all forced active users. */ function User_force_active_count() { @@ -15,6 +46,10 @@ function User_active_count() { return sql_select_single_cell("SELECT COUNT(*) FROM `User` WHERE `Aktiv` = 1"); } +function User_got_voucher_count() { + return sql_select_single_cell("SELECT SUM(`got_voucher`) FROM `User`"); +} + function User_arrived_count() { return sql_select_single_cell("SELECT COUNT(*) FROM `User` WHERE `Gekommen` = 1"); } @@ -39,14 +74,14 @@ function User_sortable_columns() { 'Aktiv', 'force_active', 'Tshirt', - 'lastLogIn' + 'lastLogIn' ); } /** * Get all users, ordered by Nick by default or by given param. * - * @param string $order_by + * @param string $order_by */ function Users($order_by = 'Nick') { return sql_select("SELECT * FROM `User` ORDER BY `" . sql_escape($order_by) . "` ASC"); @@ -55,24 +90,24 @@ function Users($order_by = 'Nick') { /** * Returns true if user is freeloader * - * @param User $user + * @param User $user */ function User_is_freeloader($user) { global $max_freeloadable_shifts, $user; - + return count(ShiftEntries_freeloaded_by_user($user)) >= $max_freeloadable_shifts; } /** * Returns all users that are not member of given angeltype. * - * @param Angeltype $angeltype + * @param Angeltype $angeltype */ function Users_by_angeltype_inverted($angeltype) { return sql_select(" SELECT `User`.* FROM `User` - LEFT JOIN `UserAngelTypes` ON (`User`.`UID`=`UserAngelTypes`.`user_id` AND `angeltype_id`=" . sql_escape($angeltype['id']) . ") + LEFT JOIN `UserAngelTypes` ON (`User`.`UID`=`UserAngelTypes`.`user_id` AND `angeltype_id`='" . sql_escape($angeltype['id']) . "') WHERE `UserAngelTypes`.`id` IS NULL ORDER BY `Nick`"); } @@ -80,7 +115,7 @@ function Users_by_angeltype_inverted($angeltype) { /** * Returns all members of given angeltype. * - * @param Angeltype $angeltype + * @param Angeltype $angeltype */ function Users_by_angeltype($angeltype) { return sql_select(" @@ -91,7 +126,7 @@ function Users_by_angeltype($angeltype) { `UserAngelTypes`.`coordinator` FROM `User` JOIN `UserAngelTypes` ON `User`.`UID`=`UserAngelTypes`.`user_id` - WHERE `UserAngelTypes`.`angeltype_id`=" . sql_escape($angeltype['id']) . " + WHERE `UserAngelTypes`.`angeltype_id`='" . sql_escape($angeltype['id']) . "' ORDER BY `Nick`"); } @@ -105,7 +140,7 @@ function User_ids() { /** * Strip unwanted characters from a users nick. * - * @param string $nick + * @param string $nick */ function User_validate_Nick($nick) { return preg_replace("/([^a-z0-9üöäß. _+*-]{1,})/ui", '', $nick); @@ -114,10 +149,10 @@ function User_validate_Nick($nick) { /** * Returns user by id. * - * @param $id UID + * @param $id UID */ function User($id) { - $user_source = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + $user_source = sql_select("SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); if ($user_source === false) return false; if (count($user_source) > 0) @@ -129,10 +164,10 @@ function User($id) { * TODO: Merge into normal user function * Returns user by id (limit informations. * - * @param $id UID + * @param $id UID */ function mUser_Limit($id) { - $user_source = sql_select("SELECT `UID`, `Nick`, `Name`, `Vorname`, `Telefon`, `DECT`, `Handy`, `email`, `jabber`, `Avatar` FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + $user_source = sql_select("SELECT `UID`, `Nick`, `Name`, `Vorname`, `Telefon`, `DECT`, `Handy`, `email`, `jabber` FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); if ($user_source === false) return false; if (count($user_source) > 0) @@ -159,7 +194,7 @@ function User_by_api_key($api_key) { /** * Returns User by email. * - * @param string $email + * @param string $email * @return Matching user, null or false on error */ function User_by_email($email) { @@ -174,7 +209,7 @@ function User_by_email($email) { /** * Returns User by password token. * - * @param string $token + * @param string $token * @return Matching user, null or false on error */ function User_by_password_recovery_token($token) { @@ -189,7 +224,7 @@ function User_by_password_recovery_token($token) { /** * Generates a new api key for given user. * - * @param User $user + * @param User $user */ function User_reset_api_key(&$user, $log = true) { $user['api_key'] = md5($user['Nick'] . time() . rand()); @@ -197,20 +232,20 @@ function User_reset_api_key(&$user, $log = true) { if ($result === false) return false; if ($log) - engelsystem_log(sprintf("API key resetted (%s).",User_Nick_render($user))); + engelsystem_log(sprintf("API key resetted (%s).", User_Nick_render($user))); } /** * Generates a new password recovery token for given user. * - * @param User $user + * @param User $user */ function User_generate_password_recovery_token(&$user) { $user['password_recovery_token'] = md5($user['Nick'] . time() . rand()); $result = sql_query("UPDATE `User` SET `password_recovery_token`='" . sql_escape($user['password_recovery_token']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1"); if ($result === false) return false; - engelsystem_log("Password recovery for " . $user['Nick'] . " started."); + engelsystem_log("Password recovery for " . User_Nick_render($user) . " started."); return $user['password_recovery_token']; } |