summaryrefslogtreecommitdiff
path: root/includes/pages/admin_rooms.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/pages/admin_rooms.php')
-rw-r--r--includes/pages/admin_rooms.php148
1 files changed, 148 insertions, 0 deletions
diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php
new file mode 100644
index 00000000..6695d6a9
--- /dev/null
+++ b/includes/pages/admin_rooms.php
@@ -0,0 +1,148 @@
+<?php
+function admin_rooms() {
+ global $user;
+
+ $html = "";
+ $rooms = sql_select("SELECT * FROM `Room` ORDER BY `Number`, `Name`");
+ if (!isset ($_REQUEST["action"])) {
+ $html .= "Hallo " . $user['Nick'] .
+ ",<br />\nhier hast du die M&ouml;glichkeit, neue R&auml;ume f&uuml;r die Schichtpl&auml;ne einzutragen " .
+ "oder vorhandene abzu&auml;ndern:<br /><br />\n";
+
+ $html .= "<a href=\"" . page_link_to("admin_rooms") . "&action=new\">Neuen Raum/Ort eintragen</a><br />\n";
+
+ // Räume auflisten
+ if (count($rooms) > 0) {
+ $html .= '<table><thead><tr>';
+
+ $html .= "<table width=\"100%\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n";
+ $html .= "<tr class=\"contenttopic\">\n";
+
+ // TabellenĂĽberschriften generieren
+ foreach ($rooms[0] as $attr => $tmp)
+ if ($attr == 'RID')
+ $html .= '<th>Anzahl: ' . count($rooms) . '</th>';
+ else
+ $html .= '<th>' . $attr . '</th>';
+ $html .= '<th>&nbsp;</th>';
+ $html .= '</tr></thead><tbody>';
+
+ foreach ($rooms as $i => $room) {
+ $html .= '<tr>';
+ foreach ($room as $attr => $value)
+ if ($attr == 'RID')
+ $html .= '<td>' . ($i +1) . '</td>';
+ else
+ $html .= '<td>' . $value . '</td>';
+ $html .= '<td><a href="' . page_link_to("admin_rooms") . '&action=change&RID=' . $room['RID'] . '">Edit</a></td>';
+ $html .= '</tr>';
+ }
+
+ $html .= '</tbody></table>';
+ }
+ } else {
+ switch ($_REQUEST["action"]) {
+
+ case 'new' :
+ $html .= template_render('../templates/admin_rooms_new_form.html', array (
+ 'link' => page_link_to("admin_rooms")
+ ));
+ break;
+
+ case 'newsave' :
+ $name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Name']));
+ $man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Man']));
+ $from_pentabarf = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['FromPentabarf']));
+ $show = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['Show']));
+ $number = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['Number']));
+ sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($show) . "', `Number`='" . sql_escape($number) . "'");
+ header("Location: " . page_link_to("admin_rooms"));
+ break;
+
+ case 'change' :
+ if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
+ $rid = $_REQUEST['RID'];
+ else
+ return error("Incomplete call, missing Room ID.");
+
+ $room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
+ if (count($room) > 0) {
+ list ($room) = $room;
+ $room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `RoomAngelTypes` ON (`AngelTypes`.`TID` = `RoomAngelTypes`.`angel_type_id` AND `RoomAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`");
+
+ $angel_types = "";
+ foreach ($room_angel_types as $room_angel_type) {
+ if ($room_angel_type['count'] == "")
+ $room_angel_type['count'] = "0";
+ $angel_types .= '<tr><td>' . $room_angel_type['Name'] . '</td><td><input type="text" name="angel_type_' . $room_angel_type['TID'] . '" value="' . $room_angel_type['count'] . '" /></td></tr>';
+ }
+
+ $html .= template_render('../templates/admin_rooms_edit_form.html', array (
+ 'link' => page_link_to("admin_rooms"),
+ 'room_id' => $rid,
+ 'name' => $room['Name'],
+ 'man' => $room['Man'],
+ 'number' => $room['Number'],
+ 'from_pentabarf_options' => html_options('FromPentabarf', array (
+ 'Y' => 'Yes',
+ 'N' => 'No'
+ ), $room['FromPentabarf']),
+ 'show_options' => html_options('Show', array (
+ 'Y' => 'Yes',
+ 'N' => 'No'
+ ), $room['show']),
+ 'angel_types' => $angel_types
+ ));
+ } else
+ return error("No Room found.");
+ break;
+
+ case 'changesave' :
+ if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
+ $rid = $_REQUEST['RID'];
+ else
+ return error("Incomplete call, missing Room ID.");
+
+ $room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
+ if (count($room) > 0) {
+ list ($room) = $room;
+ $room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `RoomAngelTypes` ON (`AngelTypes`.`TID` = `RoomAngelTypes`.`angel_type_id` AND `RoomAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`");
+
+ $name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Name']));
+ $man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Man']));
+ $from_pentabarf = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['FromPentabarf']));
+ $show = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['Show']));
+ $number = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['Number']));
+ sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($show) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
+ sql_query("DELETE FROM `RoomAngelTypes` WHERE `room_id`=" . sql_escape($rid));
+ foreach ($room_angel_types as $room_angel_type) {
+ if (isset ($_REQUEST['angel_type_' . $room_angel_type['TID']]) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['angel_type_' . $room_angel_type['TID']]))
+ $count = $_REQUEST['angel_type_' . $room_angel_type['TID']];
+ else
+ $count = "0";
+ sql_query("INSERT INTO `RoomAngelTypes` SET `room_id`=" . sql_escape($rid) . ", `angel_type_id`=" . sql_escape($room_angel_type['TID']) . ", `count`=" . sql_escape($count));
+ }
+ header("Location: " . page_link_to("admin_rooms"));
+ } else
+ return error("No Room found.");
+ break;
+
+ case 'delete' :
+ if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
+ $rid = $_REQUEST['RID'];
+ else
+ return error("Incomplete call, missing Room ID.");
+
+ if (sql_num_query("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1") > 0) {
+ sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
+ sql_query("DELETE FROM `RoomAngelTypes` WHERE `room_id`=" . sql_escape($rid) . " LIMIT 1");
+ header("Location: " . page_link_to("admin_rooms"));
+ } else
+ return error("No Room found.");
+ break;
+
+ }
+ }
+ return $html;
+}
+?>