diff options
Diffstat (limited to 'includes/pages/user_myshifts.php')
-rw-r--r-- | includes/pages/user_myshifts.php | 39 |
1 files changed, 22 insertions, 17 deletions
diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php index e557054d..ee3cf1be 100644 --- a/includes/pages/user_myshifts.php +++ b/includes/pages/user_myshifts.php @@ -9,15 +9,15 @@ function user_myshifts() { global $LETZTES_AUSTRAGEN; global $user, $privileges; $msg = ""; - - if (isset($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) { + + if (isset($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($_REQUEST['id']) . "'") > 0) { $id = $_REQUEST['id']; } else { $id = $user['UID']; } - - list($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - + + list($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); + if (isset($_REQUEST['reset'])) { if ($_REQUEST['reset'] == "ack") { User_reset_api_key($user); @@ -26,7 +26,7 @@ function user_myshifts() { } return page_with_title(_("Reset API key"), array( error(_("If you reset the key, the url to your iCal- and JSON-export and your atom feed changes! You have to update it in every application using one of these exports."), true), - button(page_link_to('user_myshifts') . '&reset=ack', _("Continue"), 'btn-danger') + button(page_link_to('user_myshifts') . '&reset=ack', _("Continue"), 'btn-danger') )); } elseif (isset($_REQUEST['edit']) && preg_match("/^[0-9]*$/", $_REQUEST['edit'])) { $id = $_REQUEST['edit']; @@ -44,11 +44,11 @@ function user_myshifts() { JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) - WHERE `ShiftEntry`.`id`=" . sql_escape($id) . " - AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1"); + WHERE `ShiftEntry`.`id`='" . sql_escape($id) . "' + AND `UID`='" . sql_escape($shifts_user['UID']) . "' LIMIT 1"); if (count($shift) > 0) { $shift = $shift[0]; - + if (isset($_REQUEST['submit'])) { $freeloaded = $shift['freeloaded']; $freeload_comment = $shift['freeload_comment']; @@ -56,46 +56,51 @@ function user_myshifts() { $freeloaded = isset($_REQUEST['freeloaded']); $freeload_comment = strip_request_item_nl('freeload_comment'); } - + $comment = strip_request_item_nl('comment'); $user_source = User($shift['UID']); $result = ShiftEntry_update(array( 'id' => $id, 'Comment' => $comment, 'freeloaded' => $freeloaded, - 'freeload_comment' => $freeload_comment + 'freeload_comment' => $freeload_comment )); if ($result === false) engelsystem_error('Unable to update shift entr.'); - + engelsystem_log("Updated " . User_Nick_render($user_source) . "'s shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end']) . " with comment " . $comment . ". Freeloaded: " . ($freeloaded ? "YES Comment: " . $freeload_comment : "NO")); success(_("Shift saved.")); redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']); } - + return ShiftEntry_edit_view(User_Nick_render($shifts_user), date("Y-m-d H:i", $shift['start']) . ', ' . shift_length($shift), $shift['Name'], $shift['name'], $shift['angel_type'], $shift['Comment'], $shift['freeloaded'], $shift['freeload_comment'], in_array("user_shifts_admin", $privileges)); } else redirect(page_link_to('user_myshifts')); } elseif (isset($_REQUEST['cancel']) && preg_match("/^[0-9]*$/", $_REQUEST['cancel'])) { $id = $_REQUEST['cancel']; $shift = sql_select(" - SELECT `Shifts`.`start` + SELECT * FROM `Shifts` INNER JOIN `ShiftEntry` USING (`SID`) - WHERE `ShiftEntry`.`id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID'])); + WHERE `ShiftEntry`.`id`='" . sql_escape($id) . "' AND `UID`='" . sql_escape($shifts_user['UID']) . "'"); if (count($shift) > 0) { $shift = $shift[0]; if (($shift['start'] > time() + $LETZTES_AUSTRAGEN * 3600) || in_array('user_shifts_admin', $privileges)) { $result = ShiftEntry_delete($id); if ($result === false) engelsystem_error('Unable to delete shift entry.'); + $room = Room($shift['RID']); + $angeltype = AngelType($shift['TID']); + $shifttype = ShiftType($shift['shifttype_id']); + + engelsystem_log("Deleted own shift: " . $shifttype['name'] . " at " . $room['Name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end']) . " as " . $angeltype['name']); success(_("You have been signed off from the shift.")); } else error(_("It's too late to sign yourself off the shift. If neccessary, ask the dispatcher to do so.")); } else - redirect(page_link_to('user_myshifts')); + redirect(user_link($shifts_user)); } - + redirect(page_link_to('users') . '&action=view'); } ?> |