diff options
Diffstat (limited to 'includes/pages')
23 files changed, 4187 insertions, 3067 deletions
diff --git a/includes/pages/admin_active.php b/includes/pages/admin_active.php index a1e31b11..0612202f 100644 --- a/includes/pages/admin_active.php +++ b/includes/pages/admin_active.php @@ -1,202 +1,292 @@ <?php -function admin_active_title() { - return _("Active angels"); +use Engelsystem\Database\DB; + +/** + * @return string + */ +function admin_active_title() +{ + return _('Active angels'); } -function admin_active() { - global $tshirt_sizes, $shift_sum_formula; - - $msg = ""; - $search = ""; - $forced_count = sql_num_query("SELECT * FROM `User` WHERE `force_active`=1"); - $count = $forced_count; - $limit = ""; - $set_active = ""; - - if (isset($_REQUEST['search'])) { - $search = strip_request_item('search'); - } - - $show_all_shifts = isset($_REQUEST['show_all_shifts']); - - if (isset($_REQUEST['set_active'])) { - $valid = true; - - if (isset($_REQUEST['count']) && preg_match("/^[0-9]+$/", $_REQUEST['count'])) { - $count = strip_request_item('count'); - if ($count < $forced_count) { - error(sprintf(_("At least %s angels are forced to be active. The number has to be greater."), $forced_count)); - redirect(page_link_to('admin_active')); - } - } else { - $valid = false; - $msg .= error(_("Please enter a number of angels to be marked as active."), true); - } - - if ($valid) { - $limit = " LIMIT " . $count; - } - if (isset($_REQUEST['ack'])) { - sql_query("UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0"); - $users = sql_select(" - SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, $shift_sum_formula as `shift_length` - FROM `User` - LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` - LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` - WHERE `User`.`Gekommen` = 1 AND `User`.`force_active`=0 - GROUP BY `User`.`UID` - ORDER BY `force_active` DESC, `shift_length` DESC" . $limit); - $user_nicks = []; - foreach ($users as $usr) { - sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`='" . sql_escape($usr['UID']) . "'"); - $user_nicks[] = User_Nick_render($usr); - } - sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `force_active`=TRUE"); - engelsystem_log("These angels are active now: " . join(", ", $user_nicks)); - - $limit = ""; - $msg = success(_("Marked angels."), true); - } else { - $set_active = '<a href="' . page_link_to('admin_active') . '&serach=' . $search . '">« ' . _("back") . '</a> | <a href="' . page_link_to('admin_active') . '&search=' . $search . '&count=' . $count . '&set_active&ack">' . _("apply") . '</a>'; - } - } - - if (isset($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) { - $user_id = $_REQUEST['active']; - $user_source = User($user_id); - if ($user_source != null) { - sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1"); - engelsystem_log("User " . User_Nick_render($user_source) . " is active now."); - $msg = success(_("Angel has been marked as active."), true); - } else { - $msg = error(_("Angel not found."), true); +/** + * @return string + */ +function admin_active() +{ + $tshirt_sizes = config('tshirt_sizes'); + $shift_sum_formula = config('shift_sum_formula'); + $request = request(); + + $msg = ''; + $search = ''; + $forced_count = count(DB::select('SELECT `UID` FROM `User` WHERE `force_active`=1')); + $count = $forced_count; + $limit = ''; + $set_active = ''; + + if ($request->has('search')) { + $search = strip_request_item('search'); } - } elseif (isset($_REQUEST['not_active']) && preg_match("/^[0-9]+$/", $_REQUEST['not_active'])) { - $user_id = $_REQUEST['not_active']; - $user_source = User($user_id); - if ($user_source != null) { - sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1"); - engelsystem_log("User " . User_Nick_render($user_source) . " is NOT active now."); - $msg = success(_("Angel has been marked as not active."), true); - } else { - $msg = error(_("Angel not found."), true); + + $show_all_shifts = $request->has('show_all_shifts'); + + if ($request->has('set_active')) { + $valid = true; + + if ($request->has('count') && preg_match('/^\d+$/', $request->input('count'))) { + $count = strip_request_item('count'); + if ($count < $forced_count) { + error(sprintf( + _('At least %s angels are forced to be active. The number has to be greater.'), + $forced_count + )); + redirect(page_link_to('admin_active')); + } + } else { + $valid = false; + $msg .= error(_('Please enter a number of angels to be marked as active.'), true); + } + + if ($valid) { + $limit = ' LIMIT ' . $count; + } + if ($request->has('ack')) { + DB::update('UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0'); + $users = DB::select(sprintf(' + SELECT + `User`.*, + COUNT(`ShiftEntry`.`id`) AS `shift_count`, + %s AS `shift_length` + FROM `User` + LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` + LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` + WHERE `User`.`Gekommen` = 1 + AND `User`.`force_active`=0 + GROUP BY `User`.`UID` + ORDER BY `force_active` DESC, `shift_length` DESC + %s + ', + $shift_sum_formula, + $limit + )); + $user_nicks = []; + foreach ($users as $usr) { + DB::update('UPDATE `User` SET `Aktiv` = 1 WHERE `UID`=?', [$usr['UID']]); + $user_nicks[] = User_Nick_render($usr); + } + DB::update('UPDATE `User` SET `Aktiv`=1 WHERE `force_active`=TRUE'); + engelsystem_log('These angels are active now: ' . join(', ', $user_nicks)); + + $limit = ''; + $msg = success(_('Marked angels.'), true); + } else { + $set_active = '<a href="' . page_link_to('admin_active', ['search' => $search]) . '">« ' + . _('back') + . '</a> | <a href="' + . page_link_to( + 'admin_active', + ['search' => $search, 'count' => $count, 'set_active' => 1, 'ack' => 1] + ) . '">' + . _('apply') + . '</a>'; + } } - } elseif (isset($_REQUEST['tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['tshirt'])) { - $user_id = $_REQUEST['tshirt']; - $user_source = User($user_id); - if ($user_source != null) { - sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1"); - engelsystem_log("User " . User_Nick_render($user_source) . " has tshirt now."); - $msg = success(_("Angel has got a t-shirt."), true); - } else { - $msg = error("Angel not found.", true); + + if ($request->has('active') && preg_match('/^\d+$/', $request->input('active'))) { + $user_id = $request->input('active'); + $user_source = User($user_id); + if ($user_source != null) { + DB::update('UPDATE `User` SET `Aktiv`=1 WHERE `UID`=? LIMIT 1', [$user_id]); + engelsystem_log('User ' . User_Nick_render($user_source) . ' is active now.'); + $msg = success(_('Angel has been marked as active.'), true); + } else { + $msg = error(_('Angel not found.'), true); + } + } elseif ($request->has('not_active') && preg_match('/^\d+$/', $request->input('not_active'))) { + $user_id = $request->input('not_active'); + $user_source = User($user_id); + if ($user_source != null) { + DB::update('UPDATE `User` SET `Aktiv`=0 WHERE `UID`=? LIMIT 1', [$user_id]); + engelsystem_log('User ' . User_Nick_render($user_source) . ' is NOT active now.'); + $msg = success(_('Angel has been marked as not active.'), true); + } else { + $msg = error(_('Angel not found.'), true); + } + } elseif ($request->has('tshirt') && preg_match('/^\d+$/', $request->input('tshirt'))) { + $user_id = $request->input('tshirt'); + $user_source = User($user_id); + if ($user_source != null) { + DB::update('UPDATE `User` SET `Tshirt`=1 WHERE `UID`=? LIMIT 1', [$user_id]); + engelsystem_log('User ' . User_Nick_render($user_source) . ' has tshirt now.'); + $msg = success(_('Angel has got a t-shirt.'), true); + } else { + $msg = error('Angel not found.', true); + } + } elseif ($request->has('not_tshirt') && preg_match('/^\d+$/', $request->input('not_tshirt'))) { + $user_id = $request->input('not_tshirt'); + $user_source = User($user_id); + if ($user_source != null) { + DB::update('UPDATE `User` SET `Tshirt`=0 WHERE `UID`=? LIMIT 1', [$user_id]); + engelsystem_log('User ' . User_Nick_render($user_source) . ' has NO tshirt.'); + $msg = success(_('Angel has got no t-shirt.'), true); + } else { + $msg = error(_('Angel not found.'), true); + } } - } elseif (isset($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['not_tshirt'])) { - $user_id = $_REQUEST['not_tshirt']; - $user_source = User($user_id); - if ($user_source != null) { - sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1"); - engelsystem_log("User " . User_Nick_render($user_source) . " has NO tshirt."); - $msg = success(_("Angel has got no t-shirt."), true); + + $users = DB::select(sprintf(' + SELECT + `User`.*, + COUNT(`ShiftEntry`.`id`) AS `shift_count`, + %s AS `shift_length` + FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` + LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` ' + . ($show_all_shifts ? '' : 'AND (`Shifts`.`end` < ' . time() . " OR `Shifts`.`end` IS NULL)") . ' + WHERE `User`.`Gekommen` = 1 + GROUP BY `User`.`UID` + ORDER BY `force_active` DESC, `shift_length` DESC + %s + ', + $shift_sum_formula, + $limit + )); + $matched_users = []; + if ($search == '') { + $tokens = []; } else { - $msg = error(_("Angel not found."), true); + $tokens = explode(' ', $search); } - } - - $users = sql_select(" - SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, ${shift_sum_formula} as `shift_length` - FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` - LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` " . ($show_all_shifts ? "" : "AND (`Shifts`.`end` < " . time() . " OR `Shifts`.`end` IS NULL)") . " - WHERE `User`.`Gekommen` = 1 - GROUP BY `User`.`UID` - ORDER BY `force_active` DESC, `shift_length` DESC" . $limit); - $matched_users = []; - if ($search == "") { - $tokens = []; - } else { - $tokens = explode(" ", $search); - } - foreach ($users as &$usr) { - if (count($tokens) > 0) { - $match = false; - foreach ($tokens as $t) { - if (stristr($usr['Nick'], trim($t))) { - $match = true; - break; + foreach ($users as &$usr) { + if (count($tokens) > 0) { + $match = false; + foreach ($tokens as $t) { + if (stristr($usr['Nick'], trim($t))) { + $match = true; + break; + } + } + if (!$match) { + continue; + } } - } - if (! $match) { - continue; - } - } - $usr['nick'] = User_Nick_render($usr); - $usr['shirt_size'] = $tshirt_sizes[$usr['Size']]; - $usr['work_time'] = round($usr['shift_length'] / 60) . ' min (' . round($usr['shift_length'] / 3600) . ' h)'; - $usr['active'] = glyph_bool($usr['Aktiv'] == 1); - $usr['force_active'] = glyph_bool($usr['force_active'] == 1); - $usr['tshirt'] = glyph_bool($usr['Tshirt'] == 1); - - $actions = []; - if ($usr['Aktiv'] == 0) { - $actions[] = '<a href="' . page_link_to('admin_active') . '&active=' . $usr['UID'] . ($show_all_shifts ? '&show_all_shifts=' : '') . '&search=' . $search . '">' . _("set active") . '</a>'; - } - if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) { - $actions[] = '<a href="' . page_link_to('admin_active') . '&not_active=' . $usr['UID'] . ($show_all_shifts ? '&show_all_shifts=' : '') . '&search=' . $search . '">' . _("remove active") . '</a>'; - $actions[] = '<a href="' . page_link_to('admin_active') . '&tshirt=' . $usr['UID'] . ($show_all_shifts ? '&show_all_shifts=' : '') . '&search=' . $search . '">' . _("got t-shirt") . '</a>'; - } - if ($usr['Tshirt'] == 1) { - $actions[] = '<a href="' . page_link_to('admin_active') . '&not_tshirt=' . $usr['UID'] . ($show_all_shifts ? '&show_all_shifts=' : '') . '&search=' . $search . '">' . _("remove t-shirt") . '</a>'; + $usr['nick'] = User_Nick_render($usr); + $usr['shirt_size'] = $tshirt_sizes[$usr['Size']]; + $usr['work_time'] = round($usr['shift_length'] / 60) . ' min (' . round($usr['shift_length'] / 3600) . ' h)'; + $usr['active'] = glyph_bool($usr['Aktiv'] == 1); + $usr['force_active'] = glyph_bool($usr['force_active'] == 1); + $usr['tshirt'] = glyph_bool($usr['Tshirt'] == 1); + + $actions = []; + if ($usr['Aktiv'] == 0) { + $parameters = [ + 'active' => $usr['UID'], + 'search' => $search, + ]; + if ($show_all_shifts) { + $parameters['show_all_shifts'] = 1; + } + $actions[] = '<a href="' . page_link_to('admin_active', $parameters) . '">' + . _('set active') + . '</a>'; + } + if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) { + $parametersRemove = [ + 'not_active' => $usr['UID'], + 'search' => $search, + ]; + $parametersShirt = [ + 'tshirt' => $usr['UID'], + 'search' => $search, + ]; + if ($show_all_shifts) { + $parametersRemove['show_all_shifts'] = 1; + $parametersShirt['show_all_shifts'] = 1; + } + $actions[] = '<a href="' . page_link_to('admin_active', $parametersRemove) . '">' + . _('remove active') + . '</a>'; + $actions[] = '<a href="' . page_link_to('admin_active', $parametersShirt) . '">' + . _('got t-shirt') + . '</a>'; + } + if ($usr['Tshirt'] == 1) { + $parameters = [ + 'not_tshirt' => $usr['UID'], + 'search' => $search, + ]; + if ($show_all_shifts) { + $parameters['show_all_shifts'] = 1; + } + $actions[] = '<a href="' . page_link_to('admin_active', $parameters) . '">' + . _('remove t-shirt') + . '</a>'; + } + + $usr['actions'] = join(' ', $actions); + + $matched_users[] = $usr; } - - $usr['actions'] = join(' ', $actions); - - $matched_users[] = $usr; - } - - $shirt_statistics = []; - foreach (array_keys($tshirt_sizes) as $size) { - if ($size != '') { - $shirt_statistics[] = [ - 'size' => $size, - 'needed' => sql_select_single_cell("SELECT count(*) FROM `User` WHERE `Size`='" . sql_escape($size) . "' AND `Gekommen`=1"), - 'given' => sql_select_single_cell("SELECT count(*) FROM `User` WHERE `Size`='" . sql_escape($size) . "' AND `Tshirt`=1") - ]; + + $shirt_statistics = []; + foreach (array_keys($tshirt_sizes) as $size) { + if (!empty($size)) { + $sc = DB::selectOne( + 'SELECT count(*) FROM `User` WHERE `Size`=? AND `Gekommen`=1', + [$size] + ); + $sc = array_shift($sc); + + $gc = DB::selectOne( + 'SELECT count(*) FROM `User` WHERE `Size`=? AND `Tshirt`=1', + [$size] + ); + $gc = array_shift($gc); + + $shirt_statistics[] = [ + 'size' => $size, + 'needed' => (int)$sc, + 'given' => (int)$gc + ]; + } } - } - $shirt_statistics[] = [ - 'size' => '<b>' . _("Sum") . '</b>', - 'needed' => '<b>' . User_arrived_count() . '</b>', - 'given' => '<b>' . sql_select_single_cell("SELECT count(*) FROM `User` WHERE `Tshirt`=1") . '</b>' - ]; - - return page_with_title(admin_active_title(), [ - form([ - form_text('search', _("Search angel:"), $search), - form_checkbox('show_all_shifts', _("Show all shifts"), $show_all_shifts), - form_submit('submit', _("Search")) - ], page_link_to('admin_active')), - $set_active == "" ? form([ - form_text('count', _("How much angels should be active?"), $count), - form_submit('set_active', _("Preview")) - ]) : $set_active, - msg(), - table([ - 'nick' => _("Nickname"), - 'shirt_size' => _("Size"), - 'shift_count' => _("Shifts"), - 'work_time' => _("Length"), - 'active' => _("Active?"), - 'force_active' => _("Forced"), - 'tshirt' => _("T-shirt?"), - 'actions' => "" - ], $matched_users), - '<h2>' . _("Shirt statistics") . '</h2>', - table([ - 'size' => _("Size"), - 'needed' => _("Needed shirts"), - 'given' => _("Given shirts") - ], $shirt_statistics) - ]); + + $shirtCount = DB::selectOne('SELECT count(*) FROM `User` WHERE `Tshirt`=1'); + $shirtCount = array_shift($shirtCount); + + $shirt_statistics[] = [ + 'size' => '<b>' . _('Sum') . '</b>', + 'needed' => '<b>' . User_arrived_count() . '</b>', + 'given' => '<b>' . (int)$shirtCount . '</b>' + ]; + + return page_with_title(admin_active_title(), [ + form([ + form_text('search', _('Search angel:'), $search), + form_checkbox('show_all_shifts', _('Show all shifts'), $show_all_shifts), + form_submit('submit', _('Search')) + ], page_link_to('admin_active')), + $set_active == '' ? form([ + form_text('count', _('How much angels should be active?'), $count), + form_submit('set_active', _('Preview')) + ]) : $set_active, + $msg . msg(), + table([ + 'nick' => _('Nickname'), + 'shirt_size' => _('Size'), + 'shift_count' => _('Shifts'), + 'work_time' => _('Length'), + 'active' => _('Active?'), + 'force_active' => _('Forced'), + 'tshirt' => _('T-shirt?'), + 'actions' => '' + ], $matched_users), + '<h2>' . _('Shirt statistics') . '</h2>', + table([ + 'size' => _('Size'), + 'needed' => _('Needed shirts'), + 'given' => _('Given shirts') + ], $shirt_statistics) + ]); } -?> diff --git a/includes/pages/admin_arrive.php b/includes/pages/admin_arrive.php index 4a1ee8d7..48e2c91f 100644 --- a/includes/pages/admin_arrive.php +++ b/includes/pages/admin_arrive.php @@ -1,201 +1,230 @@ <?php -function admin_arrive_title() { - return _("Arrived angels"); +use Engelsystem\Database\DB; + +/** + * @return string + */ +function admin_arrive_title() +{ + return _('Arrived angels'); } -function admin_arrive() { - $msg = ""; - $search = ""; - if (isset($_REQUEST['search'])) { - $search = strip_request_item('search'); - } - - if (isset($_REQUEST['reset']) && preg_match("/^[0-9]*$/", $_REQUEST['reset'])) { - $user_id = $_REQUEST['reset']; - $user_source = User($user_id); - if ($user_source != null) { - sql_query("UPDATE `User` SET `Gekommen`=0, `arrival_date` = NULL WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1"); - engelsystem_log("User set to not arrived: " . User_Nick_render($user_source)); - success(_("Reset done. Angel has not arrived.")); - redirect(user_link($user_source)); - } else { - $msg = error(_("Angel not found."), true); - } - } elseif (isset($_REQUEST['arrived']) && preg_match("/^[0-9]*$/", $_REQUEST['arrived'])) { - $user_id = $_REQUEST['arrived']; - $user_source = User($user_id); - if ($user_source != null) { - sql_query("UPDATE `User` SET `Gekommen`=1, `arrival_date`='" . time() . "' WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1"); - engelsystem_log("User set has arrived: " . User_Nick_render($user_source)); - success(_("Angel has been marked as arrived.")); - redirect(user_link($user_source)); - } else { - $msg = error(_("Angel not found."), true); +/** + * @return string + */ +function admin_arrive() +{ + $msg = ''; + $search = ''; + $request = request(); + + if ($request->has('search')) { + $search = strip_request_item('search'); } - } - - $users = sql_select("SELECT * FROM `User` ORDER BY `Nick`"); - $arrival_count_at_day = []; - $planned_arrival_count_at_day = []; - $planned_departure_count_at_day = []; - $users_matched = []; - if ($search == "") { - $tokens = []; - } else { - $tokens = explode(" ", $search); - } - foreach ($users as $usr) { - if (count($tokens) > 0) { - $match = false; - $index = join(" ", $usr); - foreach ($tokens as $t) { - if (stristr($index, trim($t))) { - $match = true; - break; + + if ($request->has('reset') && preg_match('/^\d+$/', $request->input('reset'))) { + $user_id = $request->input('reset'); + $user_source = User($user_id); + if ($user_source != null) { + DB::update(' + UPDATE `User` + SET `Gekommen`=0, `arrival_date` = NULL + WHERE `UID`=? + LIMIT 1 + ', [$user_id]); + engelsystem_log('User set to not arrived: ' . User_Nick_render($user_source)); + success(_('Reset done. Angel has not arrived.')); + redirect(user_link($user_source)); + } else { + $msg = error(_('Angel not found.'), true); + } + } elseif ($request->has('arrived') && preg_match('/^\d+$/', $request->input('arrived'))) { + $user_id = $request->input('arrived'); + $user_source = User($user_id); + if ($user_source != null) { + DB::update(' + UPDATE `User` + SET `Gekommen`=1, `arrival_date`=? + WHERE `UID`=? + LIMIT 1 + ', [time(), $user_id]); + engelsystem_log('User set has arrived: ' . User_Nick_render($user_source)); + success(_('Angel has been marked as arrived.')); + redirect(user_link($user_source)); + } else { + $msg = error(_('Angel not found.'), true); } - } - if (! $match) { - continue; - } } - - $usr['nick'] = User_Nick_render($usr); - if ($usr['planned_departure_date'] != null) { - $usr['rendered_planned_departure_date'] = date('Y-m-d', $usr['planned_departure_date']); + + $users = DB::select('SELECT * FROM `User` ORDER BY `Nick`'); + $arrival_count_at_day = []; + $planned_arrival_count_at_day = []; + $planned_departure_count_at_day = []; + $users_matched = []; + if ($search == '') { + $tokens = []; } else { - $usr['rendered_planned_departure_date'] = '-'; + $tokens = explode(' ', $search); + } + foreach ($users as $usr) { + if (count($tokens) > 0) { + $match = false; + $index = join(' ', $usr); + foreach ($tokens as $t) { + if (stristr($index, trim($t))) { + $match = true; + break; + } + } + if (!$match) { + continue; + } + } + + $usr['nick'] = User_Nick_render($usr); + if ($usr['planned_departure_date'] != null) { + $usr['rendered_planned_departure_date'] = date('Y-m-d', $usr['planned_departure_date']); + } else { + $usr['rendered_planned_departure_date'] = '-'; + } + $usr['rendered_planned_arrival_date'] = date('Y-m-d', $usr['planned_arrival_date']); + $usr['rendered_arrival_date'] = $usr['arrival_date'] > 0 ? date('Y-m-d', $usr['arrival_date']) : '-'; + $usr['arrived'] = $usr['Gekommen'] == 1 ? _('yes') : ''; + $usr['actions'] = $usr['Gekommen'] == 1 + ? '<a href="' . page_link_to( + 'admin_arrive', + ['reset' => $usr['UID'], 'search' => $search] + ) . '">' . _('reset') . '</a>' + : '<a href="' . page_link_to( + 'admin_arrive', + ['arrived' => $usr['UID'], 'search' => $search] + ) . '">' . _('arrived') . '</a>'; + + if ($usr['arrival_date'] > 0) { + $day = date('Y-m-d', $usr['arrival_date']); + if (!isset($arrival_count_at_day[$day])) { + $arrival_count_at_day[$day] = 0; + } + $arrival_count_at_day[$day]++; + } + + if ($usr['planned_arrival_date'] != null) { + $day = date('Y-m-d', $usr['planned_arrival_date']); + if (!isset($planned_arrival_count_at_day[$day])) { + $planned_arrival_count_at_day[$day] = 0; + } + $planned_arrival_count_at_day[$day]++; + } + + if ($usr['planned_departure_date'] != null && $usr['Gekommen'] == 1) { + $day = date('Y-m-d', $usr['planned_departure_date']); + if (!isset($planned_departure_count_at_day[$day])) { + $planned_departure_count_at_day[$day] = 0; + } + $planned_departure_count_at_day[$day]++; + } + + $users_matched[] = $usr; } - $usr['rendered_planned_arrival_date'] = date('Y-m-d', $usr['planned_arrival_date']); - $usr['rendered_arrival_date'] = $usr['arrival_date'] > 0 ? date('Y-m-d', $usr['arrival_date']) : "-"; - $usr['arrived'] = $usr['Gekommen'] == 1 ? _("yes") : ""; - $usr['actions'] = $usr['Gekommen'] == 1 ? '<a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">' . _("reset") . '</a>' : '<a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">' . _("arrived") . '</a>'; - - if ($usr['arrival_date'] > 0) { - $day = date('Y-m-d', $usr['arrival_date']); - if (! isset($arrival_count_at_day[$day])) { - $arrival_count_at_day[$day] = 0; - } - $arrival_count_at_day[$day] ++; + + ksort($arrival_count_at_day); + ksort($planned_arrival_count_at_day); + ksort($planned_departure_count_at_day); + + $arrival_at_day = []; + $arrival_sum = 0; + foreach ($arrival_count_at_day as $day => $count) { + $arrival_sum += $count; + $arrival_at_day[$day] = [ + 'day' => $day, + 'count' => $count, + 'sum' => $arrival_sum + ]; } - - if ($usr['planned_arrival_date'] != null) { - $day = date('Y-m-d', $usr['planned_arrival_date']); - if (! isset($planned_arrival_count_at_day[$day])) { - $planned_arrival_count_at_day[$day] = 0; - } - $planned_arrival_count_at_day[$day] ++; + + $planned_arrival_at_day = []; + $planned_arrival_sum = 0; + foreach ($planned_arrival_count_at_day as $day => $count) { + $planned_arrival_sum += $count; + $planned_arrival_at_day[$day] = [ + 'day' => $day, + 'count' => $count, + 'sum' => $planned_arrival_sum + ]; } - - if ($usr['planned_departure_date'] != null && $usr['Gekommen'] == 1) { - $day = date('Y-m-d', $usr['planned_departure_date']); - if (! isset($planned_departure_count_at_day[$day])) { - $planned_departure_count_at_day[$day] = 0; - } - $planned_departure_count_at_day[$day] ++; + + $planned_departure_at_day = []; + $planned_departure_sum = 0; + foreach ($planned_departure_count_at_day as $day => $count) { + $planned_departure_sum += $count; + $planned_departure_at_day[$day] = [ + 'day' => $day, + 'count' => $count, + 'sum' => $planned_departure_sum + ]; } - - $users_matched[] = $usr; - } - - ksort($arrival_count_at_day); - ksort($planned_arrival_count_at_day); - ksort($planned_departure_count_at_day); - - $arrival_at_day = []; - $arrival_sum = 0; - foreach ($arrival_count_at_day as $day => $count) { - $arrival_sum += $count; - $arrival_at_day[$day] = [ - 'day' => $day, - 'count' => $count, - 'sum' => $arrival_sum - ]; - } - - $planned_arrival_at_day = []; - $planned_arrival_sum = 0; - foreach ($planned_arrival_count_at_day as $day => $count) { - $planned_arrival_sum += $count; - $planned_arrival_at_day[$day] = [ - 'day' => $day, - 'count' => $count, - 'sum' => $planned_arrival_sum - ]; - } - - $planned_departure_at_day = []; - $planned_departure_sum = 0; - foreach ($planned_departure_count_at_day as $day => $count) { - $planned_departure_sum += $count; - $planned_departure_at_day[$day] = [ - 'day' => $day, - 'count' => $count, - 'sum' => $planned_departure_sum - ]; - } - - return page_with_title(admin_arrive_title(), [ - msg(), - form([ - form_text('search', _("Search"), $search), - form_submit('submit', _("Search")) - ]), - table([ - 'nick' => _("Nickname"), - 'rendered_planned_arrival_date' => _("Planned arrival"), - 'arrived' => _("Arrived?"), - 'rendered_arrival_date' => _("Arrival date"), - 'rendered_planned_departure_date' => _("Planned departure"), - 'actions' => "" - ], $users_matched), - div('row', [ - div('col-md-4', [ - heading(_("Planned arrival statistics"), 2), - bargraph('planned_arrives', 'day', [ - 'count' => _("arrived"), - 'sum' => _("arrived sum") - ], [ - 'count' => '#090', - 'sum' => '#888' - ], $planned_arrival_at_day), - table([ - 'day' => _("Date"), - 'count' => _("Count"), - 'sum' => _("Sum") - ], $planned_arrival_at_day) - ]), - div('col-md-4', [ - heading(_("Arrival statistics"), 2), - bargraph('arrives', 'day', [ - 'count' => _("arrived"), - 'sum' => _("arrived sum") - ], [ - 'count' => '#090', - 'sum' => '#888' - ], $arrival_at_day), - table([ - 'day' => _("Date"), - 'count' => _("Count"), - 'sum' => _("Sum") - ], $arrival_at_day) - ]), - div('col-md-4', [ - heading(_("Planned departure statistics"), 2), - bargraph('planned_departures', 'day', [ - 'count' => _("arrived"), - 'sum' => _("arrived sum") - ], [ - 'count' => '#090', - 'sum' => '#888' - ], $planned_departure_at_day), - table([ - 'day' => _("Date"), - 'count' => _("Count"), - 'sum' => _("Sum") - ], $planned_departure_at_day) - ]) - ]) - ]); + + return page_with_title(admin_arrive_title(), [ + $msg . msg(), + form([ + form_text('search', _('Search'), $search), + form_submit('submit', _('Search')) + ]), + table([ + 'nick' => _('Nickname'), + 'rendered_planned_arrival_date' => _('Planned arrival'), + 'arrived' => _('Arrived?'), + 'rendered_arrival_date' => _('Arrival date'), + 'rendered_planned_departure_date' => _('Planned departure'), + 'actions' => '' + ], $users_matched), + div('row', [ + div('col-md-4', [ + heading(_('Planned arrival statistics'), 2), + bargraph('planned_arrives', 'day', [ + 'count' => _('arrived'), + 'sum' => _('arrived sum') + ], [ + 'count' => '#090', + 'sum' => '#888' + ], $planned_arrival_at_day), + table([ + 'day' => _('Date'), + 'count' => _('Count'), + 'sum' => _('Sum') + ], $planned_arrival_at_day) + ]), + div('col-md-4', [ + heading(_('Arrival statistics'), 2), + bargraph('arrives', 'day', [ + 'count' => _('arrived'), + 'sum' => _('arrived sum') + ], [ + 'count' => '#090', + 'sum' => '#888' + ], $arrival_at_day), + table([ + 'day' => _('Date'), + 'count' => _('Count'), + 'sum' => _('Sum') + ], $arrival_at_day) + ]), + div('col-md-4', [ + heading(_('Planned departure statistics'), 2), + bargraph('planned_departures', 'day', [ + 'count' => _('arrived'), + 'sum' => _('arrived sum') + ], [ + 'count' => '#090', + 'sum' => '#888' + ], $planned_departure_at_day), + table([ + 'day' => _('Date'), + 'count' => _('Count'), + 'sum' => _('Sum') + ], $planned_departure_at_day) + ]) + ]) + ]); } -?> diff --git a/includes/pages/admin_free.php b/includes/pages/admin_free.php index 427de61a..a3c0d17f 100644 --- a/includes/pages/admin_free.php +++ b/includes/pages/admin_free.php @@ -1,101 +1,127 @@ <?php -function admin_free_title() { - return _("Free angels"); +use Engelsystem\Database\DB; + +/** + * @return string + */ +function admin_free_title() +{ + return _('Free angels'); } -function admin_free() { - global $privileges; - - $search = ""; - if (isset($_REQUEST['search'])) { - $search = strip_request_item('search'); - } - - $angeltypesearch = ""; - if (empty($_REQUEST['angeltype'])) { - $_REQUEST['angeltype'] = ''; - } else { - $angeltypesearch = " INNER JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id` = '" . sql_escape($_REQUEST['angeltype']) . "' AND `UserAngelTypes`.`user_id` = `User`.`UID`"; - if (isset($_REQUEST['confirmed_only'])) { - $angeltypesearch .= " AND `UserAngelTypes`.`confirm_user_id`"; +/** + * @return string + */ +function admin_free() +{ + global $privileges; + $request = request(); + + $search = ''; + if ($request->has('search')) { + $search = strip_request_item('search'); } - $angeltypesearch .= ") "; - } - - $angel_types_source = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `name`"); - $angel_types = [ - '' => 'alle Typen' - ]; - foreach ($angel_types_source as $angel_type) { - $angel_types[$angel_type['id']] = $angel_type['name']; - } - - $users = sql_select(" - SELECT `User`.* - FROM `User` - ${angeltypesearch} - LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` - LEFT JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID` AND `Shifts`.`start` < '" . sql_escape(time()) . "' AND `Shifts`.`end` > '" . sql_escape(time()) . "') - WHERE `User`.`Gekommen` = 1 AND `Shifts`.`SID` IS NULL - GROUP BY `User`.`UID` - ORDER BY `Nick`"); - - $free_users_table = []; - if ($search == "") { - $tokens = []; - } else { - $tokens = explode(" ", $search); - } - foreach ($users as $usr) { - if (count($tokens) > 0) { - $match = false; - $index = join("", $usr); - foreach ($tokens as $t) { - if (stristr($index, trim($t))) { - $match = true; - break; + + $angelTypeSearch = ''; + $angelType = $request->input('angeltype', ''); + if (!empty($angelType)) { + $angelTypeSearch = ' INNER JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id` = ' + . DB::getPdo()->quote($angelType) + . ' AND `UserAngelTypes`.`user_id` = `User`.`UID`'; + if ($request->has('confirmed_only')) { + $angelTypeSearch .= ' AND `UserAngelTypes`.`confirm_user_id`'; } - } - if (! $match) { - continue; - } + $angelTypeSearch .= ') '; } - - $free_users_table[] = [ - 'name' => User_Nick_render($usr), - 'shift_state' => User_shift_state_render($usr), - 'dect' => $usr['DECT'], - 'jabber' => $usr['jabber'], - 'email' => $usr['email_by_human_allowed'] ? $usr['email'] : glyph('eye-close'), - 'actions' => in_array('admin_user', $privileges) ? button(page_link_to('admin_user') . '&id=' . $usr['UID'], _("edit"), 'btn-xs') : '' + + $angel_types_source = DB::select('SELECT `id`, `name` FROM `AngelTypes` ORDER BY `name`'); + $angel_types = [ + '' => 'alle Typen' ]; - } - return page_with_title(admin_free_title(), [ - form([ - div('row', [ - div('col-md-4', [ - form_text('search', _("Search"), $search) - ]), - div('col-md-4', [ - form_select('angeltype', _("Angeltype"), $angel_types, $_REQUEST['angeltype']) - ]), - div('col-md-2', [ - form_checkbox('confirmed_only', _("Only confirmed"), isset($_REQUEST['confirmed_only'])) - ]), - div('col-md-2', [ - form_submit('submit', _("Search")) - ]) - ]) - ]), - table([ - 'name' => _("Nick"), - 'shift_state' => '', - 'dect' => _("DECT"), - 'jabber' => _("Jabber"), - 'email' => _("E-Mail"), - 'actions' => '' - ], $free_users_table) - ]); + foreach ($angel_types_source as $angel_type) { + $angel_types[$angel_type['id']] = $angel_type['name']; + } + + $users = DB::select(' + SELECT `User`.* + FROM `User` + ' . $angelTypeSearch . ' + LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` + LEFT JOIN `Shifts` + ON ( + `ShiftEntry`.`SID` = `Shifts`.`SID` + AND `Shifts`.`start` < ? + AND `Shifts`.`end` > ? + ) + WHERE `User`.`Gekommen` = 1 + AND `Shifts`.`SID` IS NULL + GROUP BY `User`.`UID` + ORDER BY `Nick` + ', + [ + time(), + time(), + ] + ); + + $free_users_table = []; + if ($search == '') { + $tokens = []; + } else { + $tokens = explode(' ', $search); + } + foreach ($users as $usr) { + if (count($tokens) > 0) { + $match = false; + $index = join('', $usr); + foreach ($tokens as $t) { + if (stristr($index, trim($t))) { + $match = true; + break; + } + } + if (!$match) { + continue; + } + } + + $free_users_table[] = [ + 'name' => User_Nick_render($usr), + 'shift_state' => User_shift_state_render($usr), + 'dect' => $usr['DECT'], + 'jabber' => $usr['jabber'], + 'email' => $usr['email_by_human_allowed'] ? $usr['email'] : glyph('eye-close'), + 'actions' => + in_array('admin_user', $privileges) + ? button(page_link_to('admin_user', ['id' => $usr['UID']]), _('edit'), 'btn-xs') + : '' + ]; + } + return page_with_title(admin_free_title(), [ + form([ + div('row', [ + div('col-md-4', [ + form_text('search', _('Search'), $search) + ]), + div('col-md-4', [ + form_select('angeltype', _('Angeltype'), $angel_types, $angelType) + ]), + div('col-md-2', [ + form_checkbox('confirmed_only', _('Only confirmed'), $request->has('confirmed_only')) + ]), + div('col-md-2', [ + form_submit('submit', _('Search')) + ]) + ]) + ]), + table([ + 'name' => _('Nick'), + 'shift_state' => '', + 'dect' => _('DECT'), + 'jabber' => _('Jabber'), + 'email' => _('E-Mail'), + 'actions' => '' + ], $free_users_table) + ]); } -?> diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php index 388e2c68..e0260320 100644 --- a/includes/pages/admin_groups.php +++ b/includes/pages/admin_groups.php @@ -1,97 +1,150 @@ <?php -function admin_groups_title() { - return _("Grouprights"); +use Engelsystem\Database\DB; + +/** + * @return string + */ +function admin_groups_title() +{ + return _('Grouprights'); } -function admin_groups() { - $html = ""; - $groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`"); - if (! isset($_REQUEST["action"])) { - $groups_table = []; - foreach ($groups as $group) { - $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`='" . sql_escape($group['UID']) . "'"); - $privileges_html = []; - - foreach ($privileges as $priv) { - $privileges_html[] = $priv['name']; - } - - $groups_table[] = [ - 'name' => $group['Name'], - 'privileges' => join(', ', $privileges_html), - 'actions' => button(page_link_to('admin_groups') . '&action=edit&id=' . $group['UID'], _("edit"), 'btn-xs') - ]; - } - - return page_with_title(admin_groups_title(), [ - table([ - 'name' => _("Name"), - 'privileges' => _("Privileges"), - 'actions' => '' - ], $groups_table) - ]); - } else { - switch ($_REQUEST["action"]) { - case 'edit': - if (isset($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) { - $group_id = $_REQUEST['id']; - } else { - return error("Incomplete call, missing Groups ID.", true); - } - - $group = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($group_id) . "' LIMIT 1"); - if (count($group) > 0) { - list($group) = $group; - $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`='" . sql_escape($group_id) . "') ORDER BY `Privileges`.`name`"); - $privileges_html = ""; - $privileges_form = []; - foreach ($privileges as $priv) { - $privileges_form[] = form_checkbox('privileges[]', $priv['desc'] . ' (' . $priv['name'] . ')', $priv['group_id'] != "", $priv['id']); - $privileges_html .= sprintf('<tr><td><input type="checkbox" ' . 'name="privileges[]" value="%s" %s />' . '</td> <td>%s</td> <td>%s</td></tr>', $priv['id'], ($priv['group_id'] != "" ? 'checked="checked"' : ''), $priv['name'], $priv['desc']); - } - - $privileges_form[] = form_submit('submit', _("Save")); - $html .= page_with_title(_("Edit group"), [ - form($privileges_form, page_link_to('admin_groups') . '&action=save&id=' . $group_id) - ]); - } else { - return error("No Group found.", true); - } - break; - - case 'save': - if (isset($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) { - $group_id = $_REQUEST['id']; - } else { - return error("Incomplete call, missing Groups ID.", true); - } - - $group = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($group_id) . "' LIMIT 1"); - if (! is_array($_REQUEST['privileges'])) { - $_REQUEST['privileges'] = []; - } - if (count($group) > 0) { - list($group) = $group; - sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`='" . sql_escape($group_id) . "'"); - $privilege_names = []; - foreach ($_REQUEST['privileges'] as $priv) { - if (preg_match("/^[0-9]{1,}$/", $priv)) { - $group_privileges_source = sql_select("SELECT * FROM `Privileges` WHERE `id`='" . sql_escape($priv) . "' LIMIT 1"); - if (count($group_privileges_source) > 0) { - sql_query("INSERT INTO `GroupPrivileges` SET `group_id`='" . sql_escape($group_id) . "', `privilege_id`='" . sql_escape($priv) . "'"); - $privilege_names[] = $group_privileges_source[0]['name']; - } +/** + * @return string + */ +function admin_groups() +{ + $html = ''; + $request = request(); + $groups = DB::select('SELECT * FROM `Groups` ORDER BY `Name`'); + + if (!$request->has('action')) { + $groups_table = []; + foreach ($groups as $group) { + $privileges = DB::select(' + SELECT `name` + FROM `GroupPrivileges` + JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) + WHERE `group_id`=? + ', [$group['UID']]); + $privileges_html = []; + + foreach ($privileges as $privilege) { + $privileges_html[] = $privilege['name']; } - } - engelsystem_log("Group privileges of group " . $group['Name'] . " edited: " . join(", ", $privilege_names)); - redirect(page_link_to("admin_groups")); - } else { - return error("No Group found.", true); + + $groups_table[] = [ + 'name' => $group['Name'], + 'privileges' => join(', ', $privileges_html), + 'actions' => button( + page_link_to('admin_groups', + ['action' => 'edit', 'id' => $group['UID']]), + _('edit'), + 'btn-xs' + ) + ]; + } + + return page_with_title(admin_groups_title(), [ + table([ + 'name' => _('Name'), + 'privileges' => _('Privileges'), + 'actions' => '' + ], $groups_table) + ]); + } else { + switch ($request->input('action')) { + case 'edit': + if ($request->has('id') && preg_match('/^-\d{1,11}$/', $request->input('id'))) { + $group_id = $request->input('id'); + } else { + return error('Incomplete call, missing Groups ID.', true); + } + + $group = DB::select('SELECT * FROM `Groups` WHERE `UID`=? LIMIT 1', [$group_id]); + if (!empty($group)) { + $privileges = DB::select(' + SELECT `Privileges`.*, `GroupPrivileges`.`group_id` + FROM `Privileges` + LEFT OUTER JOIN `GroupPrivileges` + ON ( + `Privileges`.`id` = `GroupPrivileges`.`privilege_id` + AND `GroupPrivileges`.`group_id`=? + ) + ORDER BY `Privileges`.`name` + ', [$group_id]); + $privileges_html = ''; + $privileges_form = []; + foreach ($privileges as $privilege) { + $privileges_form[] = form_checkbox( + 'privileges[]', + $privilege['desc'] . ' (' . $privilege['name'] . ')', + $privilege['group_id'] != '', + $privilege['id'], + 'privilege-' . $privilege['name'] + ); + $privileges_html .= sprintf( + '<tr><td><input type="checkbox" name="privileges[]" value="%s" %s /></td> <td>%s</td> <td>%s</td></tr>', + $privilege['id'], + ($privilege['group_id'] != '' ? 'checked="checked"' : ''), + $privilege['name'], + $privilege['desc'] + ); + } + + $privileges_form[] = form_submit('submit', _('Save')); + $html .= page_with_title(_('Edit group'), [ + form( + $privileges_form, + page_link_to('admin_groups', ['action' => 'save', 'id' => $group_id]) + ) + ]); + } else { + return error('No Group found.', true); + } + break; + + case 'save': + if ($request->has('id') && preg_match('/^-\d{1,11}$/', $request->input('id'))) { + $group_id = $request->input('id'); + } else { + return error('Incomplete call, missing Groups ID.', true); + } + + $group = DB::selectOne('SELECT * FROM `Groups` WHERE `UID`=? LIMIT 1', [$group_id]); + $privileges = $request->postData('privileges'); + if (!is_array($privileges)) { + $privileges = []; + } + if (!empty($group)) { + DB::delete('DELETE FROM `GroupPrivileges` WHERE `group_id`=?', [$group_id]); + $privilege_names = []; + foreach ($privileges as $privilege) { + if (preg_match('/^\d{1,}$/', $privilege)) { + $group_privileges_source = DB::selectOne( + 'SELECT `name` FROM `Privileges` WHERE `id`=? LIMIT 1', + [$privilege] + ); + if (!empty($group_privileges_source)) { + DB::insert( + 'INSERT INTO `GroupPrivileges` (`group_id`, `privilege_id`) VALUES (?, ?)', + [$group_id, $privilege] + ); + $privilege_names[] = $group_privileges_source['name']; + } + } + } + engelsystem_log( + 'Group privileges of group ' . $group['Name'] + . ' edited: ' . join(', ', $privilege_names) + ); + redirect(page_link_to('admin_groups')); + } else { + return error('No Group found.', true); + } + break; } - break; } - } - return $html; + return $html; } -?> diff --git a/includes/pages/admin_import.php b/includes/pages/admin_import.php index 0669029d..e97f95e1 100644 --- a/includes/pages/admin_import.php +++ b/includes/pages/admin_import.php @@ -1,392 +1,463 @@ <?php -function admin_import_title() { - return _("Frab import"); +use Engelsystem\Database\DB; + +/** + * @return string + */ +function admin_import_title() +{ + return _('Frab import'); } -function admin_import() { - global $rooms_import; - global $user; - $html = ""; - $import_dir = __DIR__ . '/../../import'; - - $step = "input"; - if (isset($_REQUEST['step']) && in_array($step, [ - 'input', - 'check', - 'import' - ])) { - $step = $_REQUEST['step']; - } - - if ($test_handle = @fopen($import_dir . '/tmp', 'w')) { - fclose($test_handle); - @unlink($import_dir . '/tmp'); - } else { - error(_('Webserver has no write-permission on import directory.')); - } - - $import_file = $import_dir . '/import_' . $user['UID'] . '.xml'; - $shifttype_id = null; - $add_minutes_start = 15; - $add_minutes_end = 15; - - $shifttypes_source = ShiftTypes(); - if ($shifttypes_source === false) { - engelsystem_error('Unable to load shifttypes.'); - } - $shifttypes = []; - foreach ($shifttypes_source as $shifttype) { - $shifttypes[$shifttype['id']] = $shifttype['name']; - } - - switch ($step) { - case 'input': - $valid = false; - - if (isset($_REQUEST['submit'])) { - $valid = true; - - if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) { - $shifttype_id = $_REQUEST['shifttype_id']; - } else { - $valid = false; - error(_('Please select a shift type.')); - } - - if (isset($_REQUEST['add_minutes_start']) && is_numeric(trim($_REQUEST['add_minutes_start']))) { - $add_minutes_start = trim($_REQUEST['add_minutes_start']); - } else { - $valid = false; - error(_("Please enter an amount of minutes to add to a talk's begin.")); - } - - if (isset($_REQUEST['add_minutes_end']) && is_numeric(trim($_REQUEST['add_minutes_end']))) { - $add_minutes_end = trim($_REQUEST['add_minutes_end']); - } else { - $valid = false; - error(_("Please enter an amount of minutes to add to a talk's end.")); - } - - if (isset($_FILES['xcal_file']) && ($_FILES['xcal_file']['error'] == 0)) { - if (move_uploaded_file($_FILES['xcal_file']['tmp_name'], $import_file)) { - libxml_use_internal_errors(true); - if (simplexml_load_file($import_file) === false) { - $valid = false; - error(_('No valid xml/xcal file provided.')); - unlink($import_file); - } - } else { +/** + * @return string + */ +function admin_import() +{ + global $rooms_import, $user; + $html = ''; + $import_dir = __DIR__ . '/../../import'; + $request = request(); + + $step = 'input'; + if ( + $request->has('step') + && in_array($request->input('step'), [ + 'input', + 'check', + 'import' + ]) + ) { + $step = $request->input('step'); + } + + if ($test_handle = @fopen($import_dir . '/tmp', 'w')) { + fclose($test_handle); + @unlink($import_dir . '/tmp'); + } else { + error(_('Webserver has no write-permission on import directory.')); + } + + $import_file = $import_dir . '/import_' . $user['UID'] . '.xml'; + $shifttype_id = null; + $add_minutes_start = 15; + $add_minutes_end = 15; + + $shifttypes_source = ShiftTypes(); + $shifttypes = []; + foreach ($shifttypes_source as $shifttype) { + $shifttypes[$shifttype['id']] = $shifttype['name']; + } + + switch ($step) { + case 'input': $valid = false; - error(_('File upload went wrong.')); - } - } else { - $valid = false; - error(_('Please provide some data.')); - } - } - - if ($valid) { - redirect(page_link_to('admin_import') . "&step=check&shifttype_id=" . $shifttype_id . "&add_minutes_end=" . $add_minutes_end . "&add_minutes_start=" . $add_minutes_start); - } else { - $html .= div('well well-sm text-center', [ - _('File Upload') . mute(glyph('arrow-right')) . mute(_('Validation')) . mute(glyph('arrow-right')) . mute(_('Import')) - ]) . div('row', [ - div('col-md-offset-3 col-md-6', [ - form([ - form_info('', _("This import will create/update/delete rooms and shifts by given FRAB-export file. The needed file format is xcal.")), - form_select('shifttype_id', _('Shifttype'), $shifttypes, $shifttype_id), - form_spinner('add_minutes_start', _("Add minutes to start"), $add_minutes_start), - form_spinner('add_minutes_end', _("Add minutes to end"), $add_minutes_end), - form_file('xcal_file', _("xcal-File (.xcal)")), - form_submit('submit', _("Import")) - ]) - ]) - ]); - } - break; - - case 'check': - if (! file_exists($import_file)) { - error(_('Missing import file.')); - redirect(page_link_to('admin_import')); - } - - if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) { - $shifttype_id = $_REQUEST['shifttype_id']; - } else { - error(_('Please select a shift type.')); - redirect(page_link_to('admin_import')); - } - - if (isset($_REQUEST['add_minutes_start']) && is_numeric(trim($_REQUEST['add_minutes_start']))) { - $add_minutes_start = trim($_REQUEST['add_minutes_start']); - } else { - error(_("Please enter an amount of minutes to add to a talk's begin.")); - redirect(page_link_to('admin_import')); - } - - if (isset($_REQUEST['add_minutes_end']) && is_numeric(trim($_REQUEST['add_minutes_end']))) { - $add_minutes_end = trim($_REQUEST['add_minutes_end']); - } else { - error(_("Please enter an amount of minutes to add to a talk's end.")); - redirect(page_link_to('admin_import')); - } - - list($rooms_new, $rooms_deleted) = prepare_rooms($import_file); - list($events_new, $events_updated, $events_deleted) = prepare_events($import_file, $shifttype_id, $add_minutes_start, $add_minutes_end); - - $html .= div('well well-sm text-center', [ - '<span class="text-success">' . _('File Upload') . glyph('ok-circle') . '</span>' . mute(glyph('arrow-right')) . _('Validation') . mute(glyph('arrow-right')) . mute(_('Import')) - ]) . form([ - div('row', [ - div('col-sm-6', [ - '<h3>' . _("Rooms to create") . '</h3>', - table(_("Name"), $rooms_new) - ]), - div('col-sm-6', [ - '<h3>' . _("Rooms to delete") . '</h3>', - table(_("Name"), $rooms_deleted) - ]) - ]), - '<h3>' . _("Shifts to create") . '</h3>', - table([ - 'day' => _("Day"), - 'start' => _("Start"), - 'end' => _("End"), - 'shifttype' => _('Shift type'), - 'title' => _("Title"), - 'room' => _("Room") - ], shifts_printable($events_new, $shifttypes)), - '<h3>' . _("Shifts to update") . '</h3>', - table([ - 'day' => _("Day"), - 'start' => _("Start"), - 'end' => _("End"), - 'shifttype' => _('Shift type'), - 'title' => _("Title"), - 'room' => _("Room") - ], shifts_printable($events_updated, $shifttypes)), - '<h3>' . _("Shifts to delete") . '</h3>', - table([ - 'day' => _("Day"), - 'start' => _("Start"), - 'end' => _("End"), - 'shifttype' => _('Shift type'), - 'title' => _("Title"), - 'room' => _("Room") - ], shifts_printable($events_deleted, $shifttypes)), - form_submit('submit', _("Import")) - ], page_link_to('admin_import') . '&step=import&shifttype_id=' . $shifttype_id . "&add_minutes_end=" . $add_minutes_end . "&add_minutes_start=" . $add_minutes_start); - break; - - case 'import': - if (! file_exists($import_file)) { - error(_('Missing import file.')); - redirect(page_link_to('admin_import')); - } - - if (! file_exists($import_file)) { - redirect(page_link_to('admin_import')); - } - - if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) { - $shifttype_id = $_REQUEST['shifttype_id']; - } else { - error(_('Please select a shift type.')); - redirect(page_link_to('admin_import')); - } - - if (isset($_REQUEST['add_minutes_start']) && is_numeric(trim($_REQUEST['add_minutes_start']))) { - $add_minutes_start = trim($_REQUEST['add_minutes_start']); - } else { - error(_("Please enter an amount of minutes to add to a talk's begin.")); - redirect(page_link_to('admin_import')); - } - - if (isset($_REQUEST['add_minutes_end']) && is_numeric(trim($_REQUEST['add_minutes_end']))) { - $add_minutes_end = trim($_REQUEST['add_minutes_end']); - } else { - error(_("Please enter an amount of minutes to add to a talk's end.")); - redirect(page_link_to('admin_import')); - } - - list($rooms_new, $rooms_deleted) = prepare_rooms($import_file); - foreach ($rooms_new as $room) { - $result = Room_create($room, true, true); - if ($result === false) { - engelsystem_error('Unable to create room.'); - } - $rooms_import[trim($room)] = sql_id(); - } - foreach ($rooms_deleted as $room) { - sql_query("DELETE FROM `Room` WHERE `Name`='" . sql_escape($room) . "' LIMIT 1"); - } - - list($events_new, $events_updated, $events_deleted) = prepare_events($import_file, $shifttype_id, $add_minutes_start, $add_minutes_end); - foreach ($events_new as $event) { - $result = Shift_create($event); - if ($result === false) { - engelsystem_error('Unable to create shift.'); - } - } - - foreach ($events_updated as $event) { - $result = Shift_update_by_psid($event); - if ($result === false) { - engelsystem_error('Unable to update shift.'); - } - } - - foreach ($events_deleted as $event) { - $result = Shift_delete_by_psid($event['PSID']); - if ($result === false) { - engelsystem_error('Unable to delete shift.'); - } - } - - engelsystem_log("Frab import done"); - - unlink($import_file); - - $html .= div('well well-sm text-center', [ - '<span class="text-success">' . _('File Upload') . glyph('ok-circle') . '</span>' . mute(glyph('arrow-right')) . '<span class="text-success">' . _('Validation') . glyph('ok-circle') . '</span>' . mute(glyph('arrow-right')) . '<span class="text-success">' . _('Import') . glyph('ok-circle') . '</span>' - ]) . success(_("It's done!"), true); - break; - default: - redirect(page_link_to('admin_import')); - } - - return page_with_title(admin_import_title(), [ - msg(), - $html - ]); -} -function prepare_rooms($file) { - global $rooms_import; - $data = read_xml($file); - - // Load rooms from db for compare with input - $rooms = sql_select("SELECT * FROM `Room` WHERE `FromPentabarf`='Y'"); - $rooms_db = []; - $rooms_import = []; - foreach ($rooms as $room) { - $rooms_db[] = (string) $room['Name']; - $rooms_import[$room['Name']] = $room['RID']; - } - - $events = $data->vcalendar->vevent; - $rooms_pb = []; - foreach ($events as $event) { - $rooms_pb[] = (string) $event->location; - if (! isset($rooms_import[trim($event->location)])) { - $rooms_import[trim($event->location)] = trim($event->location); + if ($request->has('submit')) { + $valid = true; + + if ($request->has('shifttype_id') && isset($shifttypes[$request->input('shifttype_id')])) { + $shifttype_id = $request->input('shifttype_id'); + } else { + $valid = false; + error(_('Please select a shift type.')); + } + + if ($request->has('add_minutes_start') && is_numeric(trim($request->input('add_minutes_start')))) { + $add_minutes_start = trim($request->input('add_minutes_start')); + } else { + $valid = false; + error(_('Please enter an amount of minutes to add to a talk\'s begin.')); + } + + if ($request->has('add_minutes_end') && is_numeric(trim($request->input('add_minutes_end')))) { + $add_minutes_end = trim($request->input('add_minutes_end')); + } else { + $valid = false; + error(_('Please enter an amount of minutes to add to a talk\'s end.')); + } + + if (isset($_FILES['xcal_file']) && ($_FILES['xcal_file']['error'] == 0)) { + if (move_uploaded_file($_FILES['xcal_file']['tmp_name'], $import_file)) { + libxml_use_internal_errors(true); + if (simplexml_load_file($import_file) === false) { + $valid = false; + error(_('No valid xml/xcal file provided.')); + unlink($import_file); + } + } else { + $valid = false; + error(_('File upload went wrong.')); + } + } else { + $valid = false; + error(_('Please provide some data.')); + } + } + + if ($valid) { + redirect( + page_link_to('admin_import', [ + 'step' => 'check', + 'shifttype_id' => $shifttype_id, + 'add_minutes_end' => $add_minutes_end, + 'add_minutes_start' => $add_minutes_start, + ]) + ); + } else { + $html .= div('well well-sm text-center', [ + _('File Upload') . mute(glyph('arrow-right')) . mute(_('Validation')) . mute(glyph('arrow-right')) . mute(_('Import')) + ]) . div('row', [ + div('col-md-offset-3 col-md-6', [ + form([ + form_info( + '', + _('This import will create/update/delete rooms and shifts by given FRAB-export file. The needed file format is xcal.') + ), + form_select('shifttype_id', _('Shifttype'), $shifttypes, $shifttype_id), + form_spinner('add_minutes_start', _('Add minutes to start'), $add_minutes_start), + form_spinner('add_minutes_end', _('Add minutes to end'), $add_minutes_end), + form_file('xcal_file', _('xcal-File (.xcal)')), + form_submit('submit', _('Import')) + ]) + ]) + ]); + } + break; + + case 'check': + if (!file_exists($import_file)) { + error(_('Missing import file.')); + redirect(page_link_to('admin_import')); + } + + if ($request->has('shifttype_id') && isset($shifttypes[$request->input('shifttype_id')])) { + $shifttype_id = $request->input('shifttype_id'); + } else { + error(_('Please select a shift type.')); + redirect(page_link_to('admin_import')); + } + + if ($request->has('add_minutes_start') && is_numeric(trim($request->input('add_minutes_start')))) { + $add_minutes_start = trim($request->input('add_minutes_start')); + } else { + error(_('Please enter an amount of minutes to add to a talk\'s begin.')); + redirect(page_link_to('admin_import')); + } + + if ($request->has('add_minutes_end') && is_numeric(trim($request->input(('add_minutes_end'))))) { + $add_minutes_end = trim($request->input('add_minutes_end')); + } else { + error(_('Please enter an amount of minutes to add to a talk\'s end.')); + redirect(page_link_to('admin_import')); + } + + list($rooms_new, $rooms_deleted) = prepare_rooms($import_file); + list($events_new, $events_updated, $events_deleted) = prepare_events( + $import_file, + $shifttype_id, + $add_minutes_start, + $add_minutes_end + ); + + $html .= div( + 'well well-sm text-center', + [ + '<span class="text-success">' . _('File Upload') . glyph('ok-circle') . '</span>' + . mute(glyph('arrow-right')) . _('Validation') . mute(glyph('arrow-right')) . mute(_('Import')) + ] + ) + . form( + [ + div('row', [ + div('col-sm-6', [ + '<h3>' . _('Rooms to create') . '</h3>', + table(_('Name'), $rooms_new) + ]), + div('col-sm-6', [ + '<h3>' . _('Rooms to delete') . '</h3>', + table(_('Name'), $rooms_deleted) + ]) + ]), + '<h3>' . _('Shifts to create') . '</h3>', + table([ + 'day' => _('Day'), + 'start' => _('Start'), + 'end' => _('End'), + 'shifttype' => _('Shift type'), + 'title' => _('Title'), + 'room' => _('Room') + ], shifts_printable($events_new, $shifttypes)), + '<h3>' . _('Shifts to update') . '</h3>', + table([ + 'day' => _('Day'), + 'start' => _('Start'), + 'end' => _('End'), + 'shifttype' => _('Shift type'), + 'title' => _('Title'), + 'room' => _('Room') + ], shifts_printable($events_updated, $shifttypes)), + '<h3>' . _('Shifts to delete') . '</h3>', + table([ + 'day' => _('Day'), + 'start' => _('Start'), + 'end' => _('End'), + 'shifttype' => _('Shift type'), + 'title' => _('Title'), + 'room' => _('Room') + ], shifts_printable($events_deleted, $shifttypes)), + form_submit('submit', _('Import')) + ], + page_link_to('admin_import', [ + 'step' => 'import', + 'shifttype_id' => $shifttype_id, + 'add_minutes_end' => $add_minutes_end, + 'add_minutes_start' => $add_minutes_start, + ]) + ); + break; + + case 'import': + if (!file_exists($import_file)) { + error(_('Missing import file.')); + redirect(page_link_to('admin_import')); + } + + if (!file_exists($import_file)) { + redirect(page_link_to('admin_import')); + } + + if ($request->has('shifttype_id') && isset($shifttypes[$request->input('shifttype_id')])) { + $shifttype_id = $request->input('shifttype_id'); + } else { + error(_('Please select a shift type.')); + redirect(page_link_to('admin_import')); + } + + if ($request->has('add_minutes_start') && is_numeric(trim($request->input('add_minutes_start')))) { + $add_minutes_start = trim($request->input('add_minutes_start')); + } else { + error(_('Please enter an amount of minutes to add to a talk\'s begin.')); + redirect(page_link_to('admin_import')); + } + + if ($request->has('add_minutes_end') && is_numeric(trim($request->input('add_minutes_end')))) { + $add_minutes_end = trim($request->input('add_minutes_end')); + } else { + error(_('Please enter an amount of minutes to add to a talk\'s end.')); + redirect(page_link_to('admin_import')); + } + + list($rooms_new, $rooms_deleted) = prepare_rooms($import_file); + foreach ($rooms_new as $room) { + $result = Room_create($room, true, true); + + $rooms_import[trim($room)] = $result; + } + foreach ($rooms_deleted as $room) { + DB::delete('DELETE FROM `Room` WHERE `Name`=? LIMIT 1', [$room]); + } + + list($events_new, $events_updated, $events_deleted) = prepare_events( + $import_file, + $shifttype_id, + $add_minutes_start, + $add_minutes_end + ); + foreach ($events_new as $event) { + Shift_create($event); + } + + foreach ($events_updated as $event) { + Shift_update_by_psid($event); + } + + foreach ($events_deleted as $event) { + Shift_delete_by_psid($event['PSID']); + } + + engelsystem_log('Frab import done'); + + unlink($import_file); + + $html .= div('well well-sm text-center', [ + '<span class="text-success">' . _('File Upload') . glyph('ok-circle') . '</span>' + . mute(glyph('arrow-right')) + . '<span class="text-success">' . _('Validation') . glyph('ok-circle') . '</span>' + . mute(glyph('arrow-right')) + . '<span class="text-success">' . _('Import') . glyph('ok-circle') . '</span>' + ]) . success(_('It\'s done!'), true); + break; + default: + redirect(page_link_to('admin_import')); } - } - $rooms_pb = array_unique($rooms_pb); - - $rooms_new = array_diff($rooms_pb, $rooms_db); - $rooms_deleted = array_diff($rooms_db, $rooms_pb); - - return [ - $rooms_new, - $rooms_deleted - ]; + + return page_with_title(admin_import_title(), [ + msg(), + $html + ]); } -function prepare_events($file, $shifttype_id, $add_minutes_start, $add_minutes_end) { - global $rooms_import; - $data = read_xml($file); - - $rooms = sql_select("SELECT * FROM `Room`"); - $rooms_db = []; - foreach ($rooms as $room) { - $rooms_db[$room['Name']] = $room['RID']; - } - - $events = $data->vcalendar->vevent; - $shifts_pb = []; - foreach ($events as $event) { - $event_pb = $event->children("http://pentabarf.org"); - $event_id = trim($event_pb->{ - 'event-id' }); - $shifts_pb[$event_id] = [ - 'shifttype_id' => $shifttype_id, - 'start' => parse_date("Ymd\THis", $event->dtstart) - $add_minutes_start * 60, - 'end' => parse_date("Ymd\THis", $event->dtend) + $add_minutes_end * 60, - 'RID' => $rooms_import[trim($event->location)], - 'title' => trim($event->summary), - 'URL' => trim($event->url), - 'PSID' => $event_id +/** + * @param string $file + * @return array + */ +function prepare_rooms($file) +{ + global $rooms_import; + $data = read_xml($file); + + // Load rooms from db for compare with input + $rooms = DB::select('SELECT `Name`, `RID` FROM `Room` WHERE `FromPentabarf`=\'Y\''); + $rooms_db = []; + $rooms_import = []; + foreach ($rooms as $room) { + $rooms_db[] = $room['Name']; + $rooms_import[$room['Name']] = $room['RID']; + } + + $events = $data->vcalendar->vevent; + $rooms_pb = []; + foreach ($events as $event) { + $rooms_pb[] = (string)$event->location; + if (!isset($rooms_import[trim($event->location)])) { + $rooms_import[trim($event->location)] = trim($event->location); + } + } + $rooms_pb = array_unique($rooms_pb); + + $rooms_new = array_diff($rooms_pb, $rooms_db); + $rooms_deleted = array_diff($rooms_db, $rooms_pb); + + return [ + $rooms_new, + $rooms_deleted ]; - } - - $shifts = sql_select("SELECT * FROM `Shifts` WHERE `PSID` IS NOT NULL ORDER BY `start`"); - $shifts_db = []; - foreach ($shifts as $shift) { - $shifts_db[$shift['PSID']] = $shift; - } - - $shifts_new = []; - $shifts_updated = []; - foreach ($shifts_pb as $shift) { - if (! isset($shifts_db[$shift['PSID']])) { - $shifts_new[] = $shift; - } else { - $tmp = $shifts_db[$shift['PSID']]; - if ($shift['shifttype_id'] != $tmp['shifttype_id'] || $shift['title'] != $tmp['title'] || $shift['start'] != $tmp['start'] || $shift['end'] != $tmp['end'] || $shift['RID'] != $tmp['RID'] || $shift['URL'] != $tmp['URL']) { - $shifts_updated[] = $shift; - } +} + +/** + * @param string $file + * @param int $shifttype_id + * @param int $add_minutes_start + * @param int $add_minutes_end + * @return array + */ +function prepare_events($file, $shifttype_id, $add_minutes_start, $add_minutes_end) +{ + global $rooms_import; + $data = read_xml($file); + + $rooms = Rooms(true); + $rooms_db = []; + foreach ($rooms as $room) { + $rooms_db[$room['Name']] = $room['RID']; + } + + $events = $data->vcalendar->vevent; + $shifts_pb = []; + foreach ($events as $event) { + $event_pb = $event->children('http://pentabarf.org'); + $event_id = trim($event_pb->{'event-id'}); + $shifts_pb[$event_id] = [ + 'shifttype_id' => $shifttype_id, + 'start' => parse_date("Ymd\THis", $event->dtstart) - $add_minutes_start * 60, + 'end' => parse_date("Ymd\THis", $event->dtend) + $add_minutes_end * 60, + 'RID' => $rooms_import[trim($event->location)], + 'title' => trim($event->summary), + 'URL' => trim($event->url), + 'PSID' => $event_id + ]; } - } - - $shifts_deleted = []; - foreach ($shifts_db as $shift) { - if (! isset($shifts_pb[$shift['PSID']])) { - $shifts_deleted[] = $shift; + + $shifts = DB::select('SELECT * FROM `Shifts` WHERE `PSID` IS NOT NULL ORDER BY `start`'); + $shifts_db = []; + foreach ($shifts as $shift) { + $shifts_db[$shift['PSID']] = $shift; } - } - - return [ - $shifts_new, - $shifts_updated, - $shifts_deleted - ]; + + $shifts_new = []; + $shifts_updated = []; + foreach ($shifts_pb as $shift) { + if (!isset($shifts_db[$shift['PSID']])) { + $shifts_new[] = $shift; + } else { + $tmp = $shifts_db[$shift['PSID']]; + if ( + $shift['shifttype_id'] != $tmp['shifttype_id'] + || $shift['title'] != $tmp['title'] + || $shift['start'] != $tmp['start'] + || $shift['end'] != $tmp['end'] + || $shift['RID'] != $tmp['RID'] + || $shift['URL'] != $tmp['URL'] + ) { + $shifts_updated[] = $shift; + } + } + } + + $shifts_deleted = []; + foreach ($shifts_db as $shift) { + if (!isset($shifts_pb[$shift['PSID']])) { + $shifts_deleted[] = $shift; + } + } + + return [ + $shifts_new, + $shifts_updated, + $shifts_deleted + ]; } -function read_xml($file) { - global $xml_import; - if (! isset($xml_import)) { - $xml_import = simplexml_load_file($file); - } - return $xml_import; +/** + * @param string $file + * @return SimpleXMLElement + */ +function read_xml($file) +{ + global $xml_import; + if (!isset($xml_import)) { + $xml_import = simplexml_load_file($file); + } + return $xml_import; } -function shifts_printable($shifts, $shifttypes) { - global $rooms_import; - $rooms = array_flip($rooms_import); - - uasort($shifts, 'shift_sort'); - - $shifts_printable = []; - foreach ($shifts as $shift) { - $shifts_printable[] = [ - 'day' => date("l, Y-m-d", $shift['start']), - 'start' => date("H:i", $shift['start']), - 'shifttype' => ShiftType_name_render([ - 'id' => $shift['shifttype_id'], - 'name' => $shifttypes[$shift['shifttype_id']] - ]), - 'title' => shorten($shift['title']), - 'end' => date("H:i", $shift['end']), - 'room' => $rooms[$shift['RID']] - ]; - } - return $shifts_printable; +/** + * @param array $shifts + * @param array $shifttypes + * @return array + */ +function shifts_printable($shifts, $shifttypes) +{ + global $rooms_import; + $rooms = array_flip($rooms_import); + + uasort($shifts, 'shift_sort'); + + $shifts_printable = []; + foreach ($shifts as $shift) { + $shifts_printable[] = [ + 'day' => date('l, Y-m-d', $shift['start']), + 'start' => date('H:i', $shift['start']), + 'shifttype' => ShiftType_name_render([ + 'id' => $shift['shifttype_id'], + 'name' => $shifttypes[$shift['shifttype_id']] + ]), + 'title' => shorten($shift['title']), + 'end' => date('H:i', $shift['end']), + 'room' => $rooms[$shift['RID']] + ]; + } + return $shifts_printable; } -function shift_sort($shift_a, $shift_b) { - return ($shift_a['start'] < $shift_b['start']) ? - 1 : 1; +/** + * @param array $shift_a + * @param array $shift_b + * @return int + */ +function shift_sort($shift_a, $shift_b) +{ + return ($shift_a['start'] < $shift_b['start']) ? -1 : 1; } -?> diff --git a/includes/pages/admin_log.php b/includes/pages/admin_log.php index 97b81585..694b1d5a 100644 --- a/includes/pages/admin_log.php +++ b/includes/pages/admin_log.php @@ -1,33 +1,38 @@ <?php -function admin_log_title() { - return _("Log"); +/** + * @return string + */ +function admin_log_title() +{ + return _('Log'); } -function admin_log() { - $filter = ""; - if (isset($_REQUEST['keyword'])) { - $filter = strip_request_item('keyword'); - } - $log_entries_source = LogEntries_filter($filter); - - $log_entries = []; - foreach ($log_entries_source as $log_entry) { - $log_entry['date'] = date("d.m.Y H:i", $log_entry['timestamp']); - $log_entries[] = $log_entry; - } - - return page_with_title(admin_log_title(), [ - msg(), - form([ - form_text('keyword', _("Search"), $filter), - form_submit(_("Search"), "Go") - ]), - table([ - 'date' => "Time", - 'nick' => "Angel", - 'message' => "Log Entry" - ], $log_entries) - ]); +/** + * @return string + */ +function admin_log() +{ + $filter = ''; + if (request()->has('keyword')) { + $filter = strip_request_item('keyword'); + } + $log_entries = LogEntries_filter($filter); + + foreach ($log_entries as &$log_entry) { + $log_entry['date'] = date('d.m.Y H:i', $log_entry['timestamp']); + } + + return page_with_title(admin_log_title(), [ + msg(), + form([ + form_text('keyword', _('Search'), $filter), + form_submit(_('Search'), 'Go') + ]), + table([ + 'date' => 'Time', + 'level' => 'Type', + 'message' => 'Log Entry' + ], $log_entries) + ]); } -?> diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php index 789fc728..eb3a250e 100644 --- a/includes/pages/admin_news.php +++ b/includes/pages/admin_news.php @@ -1,67 +1,92 @@ <?php -function admin_news() { - global $user; - - if (! isset($_GET["action"])) { - redirect(page_link_to("news")); - } - - $html = '<div class="col-md-12"><h1>' . _("Edit news entry") . '</h1>' . msg(); - if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) { - $news_id = $_REQUEST['id']; - } else { - return error("Incomplete call, missing News ID.", true); - } - - $news = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($news_id) . "' LIMIT 1"); - if (empty($news)) { - return error("No News found.", true); - } - switch ($_REQUEST["action"]) { - default: - redirect(page_link_to('news')); - case 'edit': - list($news) = $news; - - $user_source = User($news['UID']); - - $html .= form([ - form_info(_("Date"), date("Y-m-d H:i", $news['Datum'])), - form_info(_("Author"), User_Nick_render($user_source)), - form_text('eBetreff', _("Subject"), $news['Betreff']), - form_textarea('eText', _("Message"), $news['Text']), - form_checkbox('eTreffen', _("Meeting"), $news['Treffen'] == 1, 1), - form_submit('submit', _("Save")) - ], page_link_to('admin_news&action=save&id=' . $news_id)); - - $html .= '<a class="btn btn-danger" href="' . page_link_to('admin_news&action=delete&id=' . $news_id) . '"><span class="glyphicon glyphicon-trash"></span> ' . _("Delete") . '</a>'; - break; - - case 'save': - list($news) = $news; - - sql_query("UPDATE `News` SET - `Datum`='" . sql_escape(time()) . "', - `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', - `Text`='" . sql_escape($_POST["eText"]) . "', - `UID`='" . sql_escape($user['UID']) . "', - `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' - WHERE `ID`='" . sql_escape($news_id) . "'"); - engelsystem_log("News updated: " . $_POST["eBetreff"]); - success(_("News entry updated.")); - redirect(page_link_to("news")); - break; - - case 'delete': - list($news) = $news; - - sql_query("DELETE FROM `News` WHERE `ID`='" . sql_escape($news_id) . "' LIMIT 1"); - engelsystem_log("News deleted: " . $news['Betreff']); - success(_("News entry deleted.")); - redirect(page_link_to("news")); - break; - } - return $html . '</div>'; +use Engelsystem\Database\DB; + +/** + * @return string + */ +function admin_news() +{ + global $user, $privileges; + $request = request(); + + if (!$request->has('action')) { + redirect(page_link_to('news')); + } + + $html = '<div class="col-md-12"><h1>' . _('Edit news entry') . '</h1>' . msg(); + if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) { + $news_id = $request->input('id'); + } else { + return error('Incomplete call, missing News ID.', true); + } + + $news = DB::selectOne('SELECT * FROM `News` WHERE `ID`=? LIMIT 1', [$news_id]); + if (empty($news)) { + return error('No News found.', true); + } + + switch ($request->input('action')) { + case 'edit': + $user_source = User($news['UID']); + + $html .= form( + [ + form_info(_('Date'), date('Y-m-d H:i', $news['Datum'])), + form_info(_('Author'), User_Nick_render($user_source)), + form_text('eBetreff', _('Subject'), $news['Betreff']), + form_textarea('eText', _('Message'), $news['Text']), + form_checkbox('eTreffen', _('Meeting'), $news['Treffen'] == 1, 1), + form_submit('submit', _('Save')) + ], + page_link_to('admin_news', ['action' => 'save', 'id' => $news_id]) + ); + + $html .= '<a class="btn btn-danger" href="' + . page_link_to('admin_news', ['action' => 'delete', 'id' => $news_id]) + . '">' + . '<span class="glyphicon glyphicon-trash"></span> ' . _('Delete') + . '</a>'; + break; + + case 'save': + $text = $request->postData('eText'); + if (!in_array('admin_news_html', $privileges)) { + $text = strip_tags($text); + } + + DB::update(' + UPDATE `News` SET + `Datum`=?, + `Betreff`=?, + `Text`=?, + `UID`=?, + `Treffen`=? + WHERE `ID`=? + ', + [ + time(), + strip_tags($request->postData('eBetreff')), + $text, + $user['UID'], + $request->has('eTreffen') ? 1 : 0, + $news_id + ] + ); + + engelsystem_log('News updated: ' . $request->postData('eBetreff')); + success(_('News entry updated.')); + redirect(page_link_to('news')); + break; + + case 'delete': + DB::delete('DELETE FROM `News` WHERE `ID`=? LIMIT 1', [$news_id]); + engelsystem_log('News deleted: ' . $news['Betreff']); + success(_('News entry deleted.')); + redirect(page_link_to('news')); + break; + default: + redirect(page_link_to('news')); + } + return $html . '</div>'; } -?>
\ No newline at end of file diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php index f53cfab9..5f2e3a2b 100644 --- a/includes/pages/admin_questions.php +++ b/includes/pages/admin_questions.php @@ -1,120 +1,164 @@ <?php -function admin_questions_title() { - return _("Answer questions"); +use Engelsystem\Database\DB; + +/** + * @return string + */ +function admin_questions_title() +{ + return _('Answer questions'); } /** * Renders a hint for new questions to answer. + * + * @return string|null */ -function admin_new_questions() { - global $privileges, $page; - - if ($page != "admin_questions") { - if (in_array("admin_questions", $privileges)) { - $new_messages = sql_num_query("SELECT * FROM `Questions` WHERE `AID` IS NULL"); - - if ($new_messages > 0) { - return '<a href="' . page_link_to("admin_questions") . '">' . _('There are unanswered questions!') . '</a>'; - } +function admin_new_questions() +{ + global $privileges, $page; + + if ($page != 'admin_questions') { + if (in_array('admin_questions', $privileges)) { + $new_messages = count(DB::select('SELECT `QID` FROM `Questions` WHERE `AID` IS NULL')); + + if ($new_messages > 0) { + return '<a href="' . page_link_to('admin_questions') . '">' . _('There are unanswered questions!') . '</a>'; + } + } } - } - - return null; + + return null; } -function admin_questions() { - global $user; - - if (! isset($_REQUEST['action'])) { - $unanswered_questions_table = []; - $questions = sql_select("SELECT * FROM `Questions` WHERE `AID` IS NULL"); - foreach ($questions as $question) { - $user_source = User($question['UID']); - - $unanswered_questions_table[] = [ - 'from' => User_Nick_render($user_source), - 'question' => str_replace("\n", "<br />", $question['Question']), - 'answer' => form([ - form_textarea('answer', '', ''), - form_submit('submit', _("Save")) - ], page_link_to('admin_questions') . '&action=answer&id=' . $question['QID']), - 'actions' => button(page_link_to("admin_questions") . '&action=delete&id=' . $question['QID'], _("delete"), 'btn-xs') - ]; - } - - $answered_questions_table = []; - $questions = sql_select("SELECT * FROM `Questions` WHERE NOT `AID` IS NULL"); - foreach ($questions as $question) { - $user_source = User($question['UID']); - $answer_user_source = User($question['AID']); - $answered_questions_table[] = [ - 'from' => User_Nick_render($user_source), - 'question' => str_replace("\n", "<br />", $question['Question']), - 'answered_by' => User_Nick_render($answer_user_source), - 'answer' => str_replace("\n", "<br />", $question['Answer']), - 'actions' => button(page_link_to("admin_questions") . '&action=delete&id=' . $question['QID'], _("delete"), 'btn-xs') - ]; - } - - return page_with_title(admin_questions_title(), [ - '<h2>' . _("Unanswered questions") . '</h2>', - table([ - 'from' => _("From"), - 'question' => _("Question"), - 'answer' => _("Answer"), - 'actions' => '' - ], $unanswered_questions_table), - '<h2>' . _("Answered questions") . '</h2>', - table([ - 'from' => _("From"), - 'question' => _("Question"), - 'answered_by' => _("Answered by"), - 'answer' => _("Answer"), - 'actions' => '' - ], $answered_questions_table) - ]); - } else { - switch ($_REQUEST['action']) { - case 'answer': - if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) { - $question_id = $_REQUEST['id']; - } else { - return error("Incomplete call, missing Question ID.", true); - } - - $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($question_id) . "' LIMIT 1"); - if (count($question) > 0 && $question[0]['AID'] == null) { - $answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer']))); - - if ($answer != "") { - sql_query("UPDATE `Questions` SET `AID`='" . sql_escape($user['UID']) . "', `Answer`='" . sql_escape($answer) . "' WHERE `QID`='" . sql_escape($question_id) . "' LIMIT 1"); - engelsystem_log("Question " . $question[0]['Question'] . " answered: " . $answer); - redirect(page_link_to("admin_questions")); - } else { - return error("Enter an answer!", true); - } - } else { - return error("No question found.", true); +/** + * @return string + */ +function admin_questions() +{ + global $user; + $request = request(); + + if (!$request->has('action')) { + $unanswered_questions_table = []; + $questions = DB::select('SELECT * FROM `Questions` WHERE `AID` IS NULL'); + foreach ($questions as $question) { + $user_source = User($question['UID']); + + $unanswered_questions_table[] = [ + 'from' => User_Nick_render($user_source), + 'question' => str_replace("\n", '<br />', $question['Question']), + 'answer' => form([ + form_textarea('answer', '', ''), + form_submit('submit', _('Save')) + ], page_link_to('admin_questions', ['action' => 'answer', 'id' => $question['QID']])), + 'actions' => button( + page_link_to('admin_questions', ['action' => 'delete', 'id' => $question['QID']]), + _('delete'), + 'btn-xs' + ) + ]; } - break; - case 'delete': - if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) { - $question_id = $_REQUEST['id']; - } else { - return error("Incomplete call, missing Question ID.", true); + + $answered_questions_table = []; + $questions = DB::select('SELECT * FROM `Questions` WHERE NOT `AID` IS NULL'); + foreach ($questions as $question) { + $user_source = User($question['UID']); + $answer_user_source = User($question['AID']); + $answered_questions_table[] = [ + 'from' => User_Nick_render($user_source), + 'question' => str_replace("\n", '<br />', $question['Question']), + 'answered_by' => User_Nick_render($answer_user_source), + 'answer' => str_replace("\n", '<br />', $question['Answer']), + 'actions' => button( + page_link_to('admin_questions', ['action' => 'delete', 'id' => $question['QID']]), + _('delete'), + 'btn-xs' + ) + ]; } - - $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($question_id) . "' LIMIT 1"); - if (count($question) > 0) { - sql_query("DELETE FROM `Questions` WHERE `QID`='" . sql_escape($question_id) . "' LIMIT 1"); - engelsystem_log("Question deleted: " . $question[0]['Question']); - redirect(page_link_to("admin_questions")); - } else { - return error("No question found.", true); + + return page_with_title(admin_questions_title(), [ + '<h2>' . _('Unanswered questions') . '</h2>', + table([ + 'from' => _('From'), + 'question' => _('Question'), + 'answer' => _('Answer'), + 'actions' => '' + ], $unanswered_questions_table), + '<h2>' . _('Answered questions') . '</h2>', + table([ + 'from' => _('From'), + 'question' => _('Question'), + 'answered_by' => _('Answered by'), + 'answer' => _('Answer'), + 'actions' => '' + ], $answered_questions_table) + ]); + } else { + switch ($request->input('action')) { + case 'answer': + if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) { + $question_id = $request->input('id'); + } else { + return error('Incomplete call, missing Question ID.', true); + } + + $question = DB::selectOne( + 'SELECT * FROM `Questions` WHERE `QID`=? LIMIT 1', + [$question_id] + ); + if (!empty($question) && $question['AID'] == null) { + $answer = trim( + preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", + '', + strip_tags($request->input('answer')) + )); + + if ($answer != '') { + DB::update(' + UPDATE `Questions` + SET `AID`=?, `Answer`=? + WHERE `QID`=? + LIMIT 1 + ', + [ + $user['UID'], + $answer, + $question_id, + ] + ); + engelsystem_log('Question ' . $question['Question'] . ' answered: ' . $answer); + redirect(page_link_to('admin_questions')); + } else { + return error('Enter an answer!', true); + } + } else { + return error('No question found.', true); + } + break; + case 'delete': + if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) { + $question_id = $request->input('id'); + } else { + return error('Incomplete call, missing Question ID.', true); + } + + $question = DB::selectOne( + 'SELECT * FROM `Questions` WHERE `QID`=? LIMIT 1', + [$question_id] + ); + if (!empty($question)) { + DB::delete('DELETE FROM `Questions` WHERE `QID`=? LIMIT 1', [$question_id]); + engelsystem_log('Question deleted: ' . $question['Question']); + redirect(page_link_to('admin_questions')); + } else { + return error('No question found.', true); + } + break; } - break; } - } + + return ''; } -?> diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php index 129ed423..9e153bf1 100644 --- a/includes/pages/admin_rooms.php +++ b/includes/pages/admin_rooms.php @@ -1,196 +1,247 @@ <?php -function admin_rooms_title() { - return _("Rooms"); +use Engelsystem\Database\DB; + +/** + * @return string + */ +function admin_rooms_title() +{ + return _('Rooms'); } -function admin_rooms() { - $rooms_source = sql_select("SELECT * FROM `Room` ORDER BY `Name`"); - $rooms = []; - foreach ($rooms_source as $room) { - $rooms[] = [ - 'name' => Room_name_render($room), - 'from_pentabarf' => $room['FromPentabarf'] == 'Y' ? '✓' : '', - 'public' => $room['show'] == 'Y' ? '✓' : '', - 'actions' => table_buttons([ - button(page_link_to('admin_rooms') . '&show=edit&id=' . $room['RID'], _("edit"), 'btn-xs'), - button(page_link_to('admin_rooms') . '&show=delete&id=' . $room['RID'], _("delete"), 'btn-xs') - ]) - ]; - } - $room = null; - - if (isset($_REQUEST['show'])) { - $msg = ""; - $name = ""; - $from_pentabarf = ""; - $public = 'Y'; - $number = ""; - - $angeltypes_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); - $angeltypes = []; - $angeltypes_count = []; - foreach ($angeltypes_source as $angeltype) { - $angeltypes[$angeltype['id']] = $angeltype['name']; - $angeltypes_count[$angeltype['id']] = 0; - } - - if (test_request_int('id')) { - $room = Room($_REQUEST['id']); - if ($room === false) { - engelsystem_error("Unable to load room."); - } - if ($room == null) { - redirect(page_link_to('admin_rooms')); - } - - $room_id = $_REQUEST['id']; - $name = $room['Name']; - $from_pentabarf = $room['FromPentabarf']; - $public = $room['show']; - $number = $room['Number']; - - $needed_angeltypes = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($room_id) . "'"); - foreach ($needed_angeltypes as $needed_angeltype) { - $angeltypes_count[$needed_angeltype['angel_type_id']] = $needed_angeltype['count']; - } +/** + * @return string + */ +function admin_rooms() +{ + $rooms_source = DB::select('SELECT * FROM `Room` ORDER BY `Name`'); + $rooms = []; + $request = request(); + + foreach ($rooms_source as $room) { + $rooms[] = [ + 'name' => Room_name_render($room), + 'from_pentabarf' => glyph_bool($room['FromPentabarf'] == 'Y'), + 'public' => glyph_bool($room['show'] == 'Y'), + 'actions' => table_buttons([ + button(page_link_to('admin_rooms', ['show' => 'edit', 'id' => $room['RID']]), _('edit'), 'btn-xs'), + button(page_link_to('admin_rooms', ['show' => 'delete', 'id' => $room['RID']]), _('delete'), 'btn-xs') + ]) + ]; } - - if ($_REQUEST['show'] == 'edit') { - if (isset($_REQUEST['submit'])) { - $valid = true; - - if (isset($_REQUEST['name']) && strlen(strip_request_item('name')) > 0) { - $name = strip_request_item('name'); - if (isset($room) && sql_num_query("SELECT * FROM `Room` WHERE `Name`='" . sql_escape($name) . "' AND NOT `RID`=" . sql_escape($room_id)) > 0) { - $valid = false; - $msg .= error(_("This name is already in use."), true); - } - } else { - $valid = false; - $msg .= error(_("Please enter a name."), true); - } - - if (isset($_REQUEST['from_pentabarf'])) { - $from_pentabarf = 'Y'; - } else { - $from_pentabarf = ''; - } - - if (isset($_REQUEST['public'])) { - $public = 'Y'; - } else { - $public = ''; - } - - if (isset($_REQUEST['number'])) { - $number = strip_request_item('number'); - } else { - $valid = false; - } - - foreach ($angeltypes as $angeltype_id => $angeltype) { - if (isset($_REQUEST['angeltype_count_' . $angeltype_id]) && preg_match("/^[0-9]{1,4}$/", $_REQUEST['angeltype_count_' . $angeltype_id])) { - $angeltypes_count[$angeltype_id] = $_REQUEST['angeltype_count_' . $angeltype_id]; - } else { - $valid = false; - $msg .= error(sprintf(_("Please enter needed angels for type %s.", $angeltype)), true); - } + $room = null; + + if ($request->has('show')) { + $msg = ''; + $name = ''; + $from_pentabarf = ''; + $public = 'Y'; + $number = ''; + $room_id = 0; + + $angeltypes_source = DB::select('SELECT `id`, `name` FROM `AngelTypes` ORDER BY `name`'); + $angeltypes = []; + $angeltypes_count = []; + foreach ($angeltypes_source as $angeltype) { + $angeltypes[$angeltype['id']] = $angeltype['name']; + $angeltypes_count[$angeltype['id']] = 0; } - - if ($valid) { - if (isset($room_id)) { - sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`='" . sql_escape($room_id) . "' LIMIT 1"); - engelsystem_log("Room updated: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number); - } else { - $room_id = Room_create($name, $from_pentabarf, $public, $number); - if ($room_id === false) { - engelsystem_error("Unable to create room."); + + if (test_request_int('id')) { + $room = Room($request->input('id'), false); + if ($room == null) { + redirect(page_link_to('admin_rooms')); } - engelsystem_log("Room created: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number); - } - - NeededAngelTypes_delete_by_room($room_id); - $needed_angeltype_info = []; - foreach ($angeltypes_count as $angeltype_id => $angeltype_count) { - $angeltype = AngelType($angeltype_id); - if ($angeltype != null) { - NeededAngelType_add(null, $angeltype_id, $room_id, $angeltype_count); - $needed_angeltype_info[] = $angeltype['name'] . ": " . $angeltype_count; + + $room_id = $request->input('id'); + $name = $room['Name']; + $from_pentabarf = $room['FromPentabarf']; + $public = $room['show']; + $number = $room['Number']; + + $needed_angeltypes = DB::select( + 'SELECT `angel_type_id`, `count` FROM `NeededAngelTypes` WHERE `room_id`=?', + [$room_id] + ); + foreach ($needed_angeltypes as $needed_angeltype) { + $angeltypes_count[$needed_angeltype['angel_type_id']] = $needed_angeltype['count']; } - } - - engelsystem_log("Set needed angeltypes of room " . $name . " to: " . join(", ", $needed_angeltype_info)); - success(_("Room saved.")); - redirect(page_link_to("admin_rooms")); } - } - $angeltypes_count_form = []; - foreach ($angeltypes as $angeltype_id => $angeltype) { - $angeltypes_count_form[] = div('col-lg-4 col-md-6 col-xs-6', [ - form_spinner('angeltype_count_' . $angeltype_id, $angeltype, $angeltypes_count[$angeltype_id]) - ]); - } - - return page_with_title(admin_rooms_title(), [ - buttons([ - button(page_link_to('admin_rooms'), _("back"), 'back') - ]), - $msg, - form([ - div('row', [ - div('col-md-6', [ - form_text('name', _("Name"), $name), - form_checkbox('from_pentabarf', _("Frab import"), $from_pentabarf), - form_checkbox('public', _("Public"), $public), - form_text('number', _("Room number"), $number) - ]), - div('col-md-6', [ - div('row', [ - div('col-md-12', [ - form_info(_("Needed angels:")) - ]), - join($angeltypes_count_form) - ]) - ]) - ]), - form_submit('submit', _("Save")) - ]) - ]); - } elseif ($_REQUEST['show'] == 'delete') { - if (isset($_REQUEST['ack'])) { - if (! Room_delete($room_id)) { - engelsystem_error("Unable to delete room."); + + if ($request->input('show') == 'edit') { + if ($request->has('submit')) { + $valid = true; + + if ($request->has('name') && strlen(strip_request_item('name')) > 0) { + $name = strip_request_item('name'); + if ( + isset($room) + && count(DB::select( + 'SELECT RID FROM `Room` WHERE `Name`=? AND NOT `RID`=?', + [$name, $room_id] + )) > 0 + ) { + $valid = false; + $msg .= error(_('This name is already in use.'), true); + } + } else { + $valid = false; + $msg .= error(_('Please enter a name.'), true); + } + + $from_pentabarf = ''; + if ($request->has('from_pentabarf')) { + $from_pentabarf = 'Y'; + } + + $public = ''; + if ($request->has('public')) { + $public = 'Y'; + } + + if ($request->has('number')) { + $number = strip_request_item('number'); + } else { + $valid = false; + } + + foreach ($angeltypes as $angeltype_id => $angeltype) { + $angeltypes_count[$angeltype_id] = 0; + $queryKey = 'angeltype_count_' . $angeltype_id; + if (!$request->has($queryKey)) { + continue; + } + + if (preg_match('/^\d{1,4}$/', $request->input($queryKey))) { + $angeltypes_count[$angeltype_id] = $request->input($queryKey); + } else { + $valid = false; + $msg .= error(sprintf(_('Please enter needed angels for type %s.'), $angeltype), true); + } + } + + if ($valid) { + if (!empty($room_id)) { + DB::update(' + UPDATE `Room` + SET + `Name`=?, + `FromPentabarf`=?, + `show`=?, + `Number`=? + WHERE `RID`=? + LIMIT 1 + ', [ + $name, + $from_pentabarf, + $public, + $number, + $room_id, + ]); + engelsystem_log( + 'Room updated: ' . $name + . ', pentabarf import: ' . $from_pentabarf + . ', public: ' . $public + . ', number: ' . $number + ); + } else { + $room_id = Room_create($name, $from_pentabarf, $public, $number); + + engelsystem_log( + 'Room created: ' . $name + . ', pentabarf import: ' + . $from_pentabarf + . ', public: ' . $public + . ', number: ' . $number + ); + } + + NeededAngelTypes_delete_by_room($room_id); + $needed_angeltype_info = []; + foreach ($angeltypes_count as $angeltype_id => $angeltype_count) { + $angeltype = AngelType($angeltype_id); + if ($angeltype != null) { + NeededAngelType_add(null, $angeltype_id, $room_id, $angeltype_count); + $needed_angeltype_info[] = $angeltype['name'] . ': ' . $angeltype_count; + } + } + + engelsystem_log( + 'Set needed angeltypes of room ' . $name + . ' to: ' . join(', ', $needed_angeltype_info) + ); + success(_('Room saved.')); + redirect(page_link_to('admin_rooms')); + } + } + $angeltypes_count_form = []; + foreach ($angeltypes as $angeltype_id => $angeltype) { + $angeltypes_count_form[] = div('col-lg-4 col-md-6 col-xs-6', [ + form_spinner('angeltype_count_' . $angeltype_id, $angeltype, $angeltypes_count[$angeltype_id]) + ]); + } + + return page_with_title(admin_rooms_title(), [ + buttons([ + button(page_link_to('admin_rooms'), _('back'), 'back') + ]), + $msg, + form([ + div('row', [ + div('col-md-6', [ + form_text('name', _('Name'), $name), + form_checkbox('from_pentabarf', _('Frab import'), $from_pentabarf), + form_checkbox('public', _('Public'), $public), + form_text('number', _('Room number'), $number) + ]), + div('col-md-6', [ + div('row', [ + div('col-md-12', [ + form_info(_('Needed angels:')) + ]), + join($angeltypes_count_form) + ]) + ]) + ]), + form_submit('submit', _('Save')) + ]) + ]); + } elseif ($request->input('show') == 'delete') { + if ($request->has('ack')) { + Room_delete($room_id); + + engelsystem_log('Room deleted: ' . $name); + success(sprintf(_('Room %s deleted.'), $name)); + redirect(page_link_to('admin_rooms')); + } + + return page_with_title(admin_rooms_title(), [ + buttons([ + button(page_link_to('admin_rooms'), _('back'), 'back') + ]), + sprintf(_('Do you want to delete room %s?'), $name), + buttons([ + button( + page_link_to('admin_rooms', ['show' => 'delete', 'id' => $room_id, 'ack' => 1]), + _('Delete'), + 'delete btn-danger' + ) + ]) + ]); } - - engelsystem_log("Room deleted: " . $name); - success(sprintf(_("Room %s deleted."), $name)); - redirect(page_link_to('admin_rooms')); - } - - return page_with_title(admin_rooms_title(), [ - buttons([ - button(page_link_to('admin_rooms'), _("back"), 'back') - ]), - sprintf(_("Do you want to delete room %s?"), $name), - buttons([ - button(page_link_to('admin_rooms') . '&show=delete&id=' . $room_id . '&ack', _("Delete"), 'delete') - ]) - ]); } - } - - return page_with_title(admin_rooms_title(), [ - buttons([ - button(page_link_to('admin_rooms') . '&show=edit', _("add")) - ]), - msg(), - table([ - 'name' => _("Name"), - 'from_pentabarf' => _("Frab import"), - 'public' => _("Public"), - 'actions' => "" - ], $rooms) - ]); + + return page_with_title(admin_rooms_title(), [ + buttons([ + button(page_link_to('admin_rooms', ['show' => 'edit']), _('add')) + ]), + msg(), + table([ + 'name' => _('Name'), + 'from_pentabarf' => _('Frab import'), + 'public' => _('Public'), + 'actions' => '' + ], $rooms) + ]); } -?> diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php index 42a8c682..721d0f4f 100644 --- a/includes/pages/admin_shifts.php +++ b/includes/pages/admin_shifts.php @@ -1,346 +1,411 @@ <?php -function admin_shifts_title() { - return _("Create shifts"); +use Engelsystem\Database\DB; + +/** + * @return string + */ +function admin_shifts_title() +{ + return _('Create shifts'); } -// Assistent zum Anlegen mehrerer neuer Schichten -function admin_shifts() { - $valid = true; - - $rid = 0; - $start = parse_date("Y-m-d H:i", date("Y-m-d") . " 00:00"); - $end = $start; - $mode = 'single'; - $angelmode = 'manually'; - $length = ''; - $change_hours = []; - $title = ""; - $shifttype_id = null; - - // Locations laden (auch unsichtbare - fuer Erzengel ist das ok) - $rooms = sql_select("SELECT * FROM `Room` ORDER BY `Name`"); - $room_array = []; - foreach ($rooms as $room) { - $room_array[$room['RID']] = $room['Name']; - } - - // Engeltypen laden - $types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); - $needed_angel_types = []; - foreach ($types as $type) { - $needed_angel_types[$type['id']] = 0; - } - - // Load shift types - $shifttypes_source = ShiftTypes(); - if ($shifttypes_source === false) { - engelsystem_error('Unable to load shift types.'); - } - $shifttypes = []; - foreach ($shifttypes_source as $shifttype) { - $shifttypes[$shifttype['id']] = $shifttype['name']; - } - - if (isset($_REQUEST['preview']) || isset($_REQUEST['back'])) { - if (isset($_REQUEST['shifttype_id'])) { - $shifttype = ShiftType($_REQUEST['shifttype_id']); - if ($shifttype === false) { - engelsystem_error('Unable to load shift type.'); - } - if ($shifttype == null) { - $valid = false; - error(_('Please select a shift type.')); - } else { - $shifttype_id = $_REQUEST['shifttype_id']; - } - } else { - $valid = false; - error(_('Please select a shift type.')); - } - - // Name/Bezeichnung der Schicht, darf leer sein - $title = strip_request_item('title'); - - // Auswahl der sichtbaren Locations für die Schichten - if (isset($_REQUEST['rid']) && preg_match("/^[0-9]+$/", $_REQUEST['rid']) && isset($room_array[$_REQUEST['rid']])) { - $rid = $_REQUEST['rid']; - } else { - $valid = false; - $rid = $rooms[0]['RID']; - error(_('Please select a location.')); - } - - if (isset($_REQUEST['start']) && $tmp = parse_date("Y-m-d H:i", $_REQUEST['start'])) { - $start = $tmp; - } else { - $valid = false; - error(_('Please select a start time.')); +/** + * Assistent zum Anlegen mehrerer neuer Schichten + * + * @return string + */ +function admin_shifts() +{ + $valid = true; + $request = request(); + $session = session(); + $start = parse_date('Y-m-d H:i', date('Y-m-d') . ' 00:00'); + $end = $start; + $mode = 'single'; + $angelmode = 'manually'; + $length = ''; + $change_hours = []; + $title = ''; + $shifttype_id = null; + + // Locations laden (auch unsichtbare - fuer Erzengel ist das ok) + $rooms = DB::select('SELECT `RID`, `Name` FROM `Room` ORDER BY `Name`'); + $room_array = []; + foreach ($rooms as $room) { + $room_array[$room['RID']] = $room['Name']; } - - if (isset($_REQUEST['end']) && $tmp = parse_date("Y-m-d H:i", $_REQUEST['end'])) { - $end = $tmp; - } else { - $valid = false; - error(_('Please select an end time.')); + + // Engeltypen laden + $types = DB::select('SELECT * FROM `AngelTypes` ORDER BY `name`'); + $needed_angel_types = []; + foreach ($types as $type) { + $needed_angel_types[$type['id']] = 0; } - - if ($start >= $end) { - $valid = false; - error(_('The shifts end has to be after its start.')); + + // Load shift types + $shifttypes_source = ShiftTypes(); + $shifttypes = []; + foreach ($shifttypes_source as $shifttype) { + $shifttypes[$shifttype['id']] = $shifttype['name']; } - - if (isset($_REQUEST['mode'])) { - if ($_REQUEST['mode'] == 'single') { - $mode = 'single'; - } elseif ($_REQUEST['mode'] == 'multi') { - if (isset($_REQUEST['length']) && preg_match("/^[0-9]+$/", trim($_REQUEST['length']))) { - $mode = 'multi'; - $length = trim($_REQUEST['length']); + + if ($request->has('preview') || $request->has('back')) { + if ($request->has('shifttype_id')) { + $shifttype = ShiftType($request->input('shifttype_id')); + if ($shifttype == null) { + $valid = false; + error(_('Please select a shift type.')); + } else { + $shifttype_id = $request->input('shifttype_id'); + } } else { - $valid = false; - error(_('Please enter a shift duration in minutes.')); + $valid = false; + error(_('Please select a shift type.')); } - } elseif ($_REQUEST['mode'] == 'variable') { - if (isset($_REQUEST['change_hours']) && preg_match("/^([0-9]{2}(,|$))/", trim(str_replace(" ", "", $_REQUEST['change_hours'])))) { - $mode = 'variable'; - $change_hours = array_map('trim', explode(",", $_REQUEST['change_hours'])); + + // Name/Bezeichnung der Schicht, darf leer sein + $title = strip_request_item('title'); + + // Auswahl der sichtbaren Locations für die Schichten + if ( + $request->has('rid') + && preg_match('/^\d+$/', $request->input('rid')) + && isset($room_array[$request->input('rid')]) + ) { + $rid = $request->input('rid'); } else { - $valid = false; - error(_('Please split the shift-change hours by colons.')); + $valid = false; + $rid = $rooms[0]['RID']; + error(_('Please select a location.')); } - } - } else { - $valid = false; - error(_('Please select a mode.')); - } - - if (isset($_REQUEST['angelmode'])) { - if ($_REQUEST['angelmode'] == 'location') { - $angelmode = 'location'; - } elseif ($_REQUEST['angelmode'] == 'manually') { - $angelmode = 'manually'; - foreach ($types as $type) { - if (isset($_REQUEST['type_' . $type['id']]) && preg_match("/^[0-9]+$/", trim($_REQUEST['type_' . $type['id']]))) { - $needed_angel_types[$type['id']] = trim($_REQUEST['type_' . $type['id']]); - } else { + + if ($request->has('start') && $tmp = parse_date('Y-m-d H:i', $request->input('start'))) { + $start = $tmp; + } else { $valid = false; - error(sprintf(_('Please check the needed angels for team %s.'), $type['name'])); - } + error(_('Please select a start time.')); } - if (array_sum($needed_angel_types) == 0) { - $valid = false; - error(_('There are 0 angels needed. Please enter the amounts of needed angels.')); + + if ($request->has('end') && $tmp = parse_date('Y-m-d H:i', $request->input('end'))) { + $end = $tmp; + } else { + $valid = false; + error(_('Please select an end time.')); } - } else { - $valid = false; - error(_('Please select a mode for needed angels.')); - } - } else { - $valid = false; - error(_('Please select needed angels.')); - } - - // Beim Zurück-Knopf das Formular zeigen - if (isset($_REQUEST['back'])) { - $valid = false; - } - - // Alle Eingaben in Ordnung - if ($valid) { - if ($angelmode == 'location') { - $needed_angel_types = []; - $needed_angel_types_location = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($rid) . "'"); - foreach ($needed_angel_types_location as $type) { - $needed_angel_types[$type['angel_type_id']] = $type['count']; + + if ($start >= $end) { + $valid = false; + error(_('The shifts end has to be after its start.')); } - } - $shifts = []; - if ($mode == 'single') { - $shifts[] = [ - 'start' => $start, - 'end' => $end, - 'RID' => $rid, - 'title' => $title, - 'shifttype_id' => $shifttype_id - ]; - } elseif ($mode == 'multi') { - $shift_start = $start; - do { - $shift_end = $shift_start + $length * 60; - - if ($shift_end > $end) { - $shift_end = $end; - } - if ($shift_start >= $shift_end) { - break; - } - - $shifts[] = [ - 'start' => $shift_start, - 'end' => $shift_end, - 'RID' => $rid, - 'title' => $title, - 'shifttype_id' => $shifttype_id - ]; - - $shift_start = $shift_end; - } while ($shift_end < $end); - } elseif ($mode == 'variable') { - rsort($change_hours); - $day = parse_date("Y-m-d H:i", date("Y-m-d", $start) . " 00:00"); - $change_index = 0; - // Ersten/nächsten passenden Schichtwechsel suchen - foreach ($change_hours as $i => $change_hour) { - if ($start < $day + $change_hour * 60 * 60) { - $change_index = $i; - } elseif ($start == $day + $change_hour * 60 * 60) { - // Start trifft Schichtwechsel - $change_index = ($i + count($change_hours) - 1) % count($change_hours); - break; - } else { - break; - } + + if ($request->has('mode')) { + if ($request->input('mode') == 'single') { + $mode = 'single'; + } elseif ($request->input('mode') == 'multi') { + if ($request->has('length') && preg_match('/^\d+$/', trim($request->input('length')))) { + $mode = 'multi'; + $length = trim($request->input('length')); + } else { + $valid = false; + error(_('Please enter a shift duration in minutes.')); + } + } elseif ($request->input('mode') == 'variable') { + if ( + $request->has('change_hours') + && preg_match('/^(\d{2}(,|$))/', trim(str_replace(' ', '', $request->input('change_hours')))) + ) { + $mode = 'variable'; + $change_hours = array_map('trim', explode(',', $request->input('change_hours'))); + } else { + $valid = false; + error(_('Please split the shift-change hours by colons.')); + } + } + } else { + $valid = false; + error(_('Please select a mode.')); } - - $shift_start = $start; - do { - $day = parse_date("Y-m-d H:i", date("Y-m-d", $shift_start) . " 00:00"); - $shift_end = $day + $change_hours[$change_index] * 60 * 60; - - if ($shift_end > $end) { - $shift_end = $end; - } - if ($shift_start >= $shift_end) { - $shift_end += 24 * 60 * 60; - } - - $shifts[] = [ - 'start' => $shift_start, - 'end' => $shift_end, - 'RID' => $rid, - 'title' => $title, - 'shifttype_id' => $shifttype_id - ]; - - $shift_start = $shift_end; - $change_index = ($change_index + count($change_hours) - 1) % count($change_hours); - } while ($shift_end < $end); - } - - $shifts_table = []; - foreach ($shifts as $shift) { - $shifts_table_entry = [ - 'timeslot' => '<span class="glyphicon glyphicon-time"></span> ' . date("Y-m-d H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']) . '<br />' . Room_name_render(Room($shift['RID'])), - 'title' => ShiftType_name_render(ShiftType($shifttype_id)) . ($shift['title'] ? '<br />' . $shift['title'] : ''), - 'needed_angels' => '' - ]; - foreach ($types as $type) { - if (isset($needed_angel_types[$type['id']]) && $needed_angel_types[$type['id']] > 0) { - $shifts_table_entry['needed_angels'] .= '<b>' . AngelType_name_render($type) . ':</b> ' . $needed_angel_types[$type['id']] . '<br />'; - } + + if ($request->has('angelmode')) { + if ($request->input('angelmode') == 'location') { + $angelmode = 'location'; + } elseif ($request->input('angelmode') == 'manually') { + $angelmode = 'manually'; + foreach ($types as $type) { + if (preg_match('/^\d+$/', trim($request->input('type_' . $type['id'], 0)))) { + $needed_angel_types[$type['id']] = trim($request->input('type_' . $type['id'], 0)); + } else { + $valid = false; + error(sprintf(_('Please check the needed angels for team %s.'), $type['name'])); + } + } + + if (array_sum($needed_angel_types) == 0) { + $valid = false; + error(_('There are 0 angels needed. Please enter the amounts of needed angels.')); + } + } else { + $valid = false; + error(_('Please select a mode for needed angels.')); + } + } else { + $valid = false; + error(_('Please select needed angels.')); } - $shifts_table[] = $shifts_table_entry; - } - - // Fürs Anlegen zwischenspeichern: - $_SESSION['admin_shifts_shifts'] = $shifts; - $_SESSION['admin_shifts_types'] = $needed_angel_types; - - $hidden_types = ""; - foreach ($needed_angel_types as $type_id => $count) { - $hidden_types .= form_hidden('type_' . $type_id, $count); - } - return page_with_title(_("Preview"), [ - form([ - $hidden_types, - form_hidden('shifttype_id', $shifttype_id), - form_hidden('title', $title), - form_hidden('rid', $rid), - form_hidden('start', date("Y-m-d H:i", $start)), - form_hidden('end', date("Y-m-d H:i", $end)), - form_hidden('mode', $mode), - form_hidden('length', $length), - form_hidden('change_hours', implode(', ', $change_hours)), - form_hidden('angelmode', $angelmode), - form_submit('back', _("back")), - table([ - 'timeslot' => _('Time and location'), - 'title' => _('Type and title'), - 'needed_angels' => _('Needed angels') - ], $shifts_table), - form_submit('submit', _("Save")) - ]) - ]); + + // Beim Zurück-Knopf das Formular zeigen + if ($request->has('back')) { + $valid = false; + } + + // Alle Eingaben in Ordnung + if ($valid) { + if ($angelmode == 'location') { + $needed_angel_types = []; + $needed_angel_types_location = DB::select(' + SELECT `angel_type_id`, `count` + FROM `NeededAngelTypes` + WHERE `room_id`=? + ', + [$rid] + ); + foreach ($needed_angel_types_location as $type) { + $needed_angel_types[$type['angel_type_id']] = $type['count']; + } + } + $shifts = []; + if ($mode == 'single') { + $shifts[] = [ + 'start' => $start, + 'end' => $end, + 'RID' => $rid, + 'title' => $title, + 'shifttype_id' => $shifttype_id + ]; + } elseif ($mode == 'multi') { + $shift_start = (int)$start; + do { + $shift_end = $shift_start + (int)$length * 60; + + if ($shift_end > $end) { + $shift_end = $end; + } + if ($shift_start >= $shift_end) { + break; + } + + $shifts[] = [ + 'start' => $shift_start, + 'end' => $shift_end, + 'RID' => $rid, + 'title' => $title, + 'shifttype_id' => $shifttype_id + ]; + + $shift_start = $shift_end; + } while ($shift_end < $end); + } elseif ($mode == 'variable') { + rsort($change_hours); + $day = parse_date('Y-m-d H:i', date('Y-m-d', $start) . ' 00:00'); + $change_index = 0; + // Ersten/nächsten passenden Schichtwechsel suchen + foreach ($change_hours as $i => $change_hour) { + if ($start < $day + $change_hour * 60 * 60) { + $change_index = $i; + } elseif ($start == $day + $change_hour * 60 * 60) { + // Start trifft Schichtwechsel + $change_index = ($i + count($change_hours) - 1) % count($change_hours); + break; + } else { + break; + } + } + + $shift_start = $start; + do { + $day = parse_date('Y-m-d H:i', date('Y-m-d', $shift_start) . ' 00:00'); + $shift_end = $day + $change_hours[$change_index] * 60 * 60; + + if ($shift_end > $end) { + $shift_end = $end; + } + if ($shift_start >= $shift_end) { + $shift_end += 24 * 60 * 60; + } + + $shifts[] = [ + 'start' => $shift_start, + 'end' => $shift_end, + 'RID' => $rid, + 'title' => $title, + 'shifttype_id' => $shifttype_id + ]; + + $shift_start = $shift_end; + $change_index = ($change_index + count($change_hours) - 1) % count($change_hours); + } while ($shift_end < $end); + } + + $shifts_table = []; + foreach ($shifts as $shift) { + $shifts_table_entry = [ + 'timeslot' => + '<span class="glyphicon glyphicon-time"></span> ' + . date('Y-m-d H:i', $shift['start']) + . ' - ' + . date('H:i', $shift['end']) + . '<br />' + . Room_name_render(Room($shift['RID'])), + 'title' => + ShiftType_name_render(ShiftType($shifttype_id)) + . ($shift['title'] ? '<br />' . $shift['title'] : ''), + 'needed_angels' => '' + ]; + foreach ($types as $type) { + if (isset($needed_angel_types[$type['id']]) && $needed_angel_types[$type['id']] > 0) { + $shifts_table_entry['needed_angels'] .= '<b>' . AngelType_name_render($type) . ':</b> ' . $needed_angel_types[$type['id']] . '<br />'; + } + } + $shifts_table[] = $shifts_table_entry; + } + + // Fürs Anlegen zwischenspeichern: + $session->set('admin_shifts_shifts', $shifts); + $session->set('admin_shifts_types', $needed_angel_types); + + $hidden_types = ''; + foreach ($needed_angel_types as $type_id => $count) { + $hidden_types .= form_hidden('type_' . $type_id, $count); + } + return page_with_title(_('Preview'), [ + form([ + $hidden_types, + form_hidden('shifttype_id', $shifttype_id), + form_hidden('title', $title), + form_hidden('rid', $rid), + form_hidden('start', date('Y-m-d H:i', $start)), + form_hidden('end', date('Y-m-d H:i', $end)), + form_hidden('mode', $mode), + form_hidden('length', $length), + form_hidden('change_hours', implode(', ', $change_hours)), + form_hidden('angelmode', $angelmode), + form_submit('back', _('back')), + table([ + 'timeslot' => _('Time and location'), + 'title' => _('Type and title'), + 'needed_angels' => _('Needed angels') + ], $shifts_table), + form_submit('submit', _('Save')) + ]) + ]); + } + } elseif ($request->has('submit')) { + if ( + !is_array($session->get('admin_shifts_shifts')) + || !is_array($session->get('admin_shifts_types')) + ) { + redirect(page_link_to('admin_shifts')); + } + + foreach ($session->get('admin_shifts_shifts', []) as $shift) { + $shift['URL'] = null; + $shift['PSID'] = null; + $shift_id = Shift_create($shift); + + engelsystem_log( + 'Shift created: ' . $shifttypes[$shift['shifttype_id']] + . ' with title ' . $shift['title'] + . ' from ' . date('Y-m-d H:i', $shift['start']) + . ' to ' . date('Y-m-d H:i', $shift['end']) + ); + + $needed_angel_types_info = []; + foreach ($session->get('admin_shifts_types', []) as $type_id => $count) { + $angel_type_source = DB::selectOne(' + SELECT * + FROM `AngelTypes` + WHERE `id` = ? + LIMIT 1', [$type_id]); + if (!empty($angel_type_source)) { + DB::insert(' + INSERT INTO `NeededAngelTypes` (`shift_id`, `angel_type_id`, `count`) + VALUES (?, ?, ?) + ', + [ + $shift_id, + $type_id, + $count + ] + ); + $needed_angel_types_info[] = $angel_type_source['name'] . ': ' . $count; + } + } + engelsystem_log('Shift needs following angel types: ' . join(', ', $needed_angel_types_info)); + } + + success('Schichten angelegt.'); + redirect(page_link_to('admin_shifts')); + } else { + $session->remove('admin_shifts_shifts'); + $session->remove('admin_shifts_types'); } - } elseif (isset($_REQUEST['submit'])) { - if (! is_array($_SESSION['admin_shifts_shifts']) || ! is_array($_SESSION['admin_shifts_types'])) { - redirect(page_link_to('admin_shifts')); + + $rid = null; + if ($request->has('rid')) { + $rid = $request->input('rid'); } - - foreach ($_SESSION['admin_shifts_shifts'] as $shift) { - $shift['URL'] = null; - $shift['PSID'] = null; - $shift_id = Shift_create($shift); - if ($shift_id === false) { - engelsystem_error('Unable to create shift.'); - } - - engelsystem_log("Shift created: " . $shifttypes[$shift['shifttype_id']] . " with title " . $shift['title'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end'])); - $needed_angel_types_info = []; - foreach ($_SESSION['admin_shifts_types'] as $type_id => $count) { - $angel_type_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($type_id) . "' LIMIT 1"); - if (count($angel_type_source) > 0) { - sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`='" . sql_escape($shift_id) . "', `angel_type_id`='" . sql_escape($type_id) . "', `count`='" . sql_escape($count) . "'"); - $needed_angel_types_info[] = $angel_type_source[0]['name'] . ": " . $count; - } - } + $angel_types = ''; + foreach ($types as $type) { + $angel_types .= '<div class="col-md-4">' . form_spinner( + 'type_' . $type['id'], + $type['name'], + $needed_angel_types[$type['id']] + ) + . '</div>'; } - - engelsystem_log("Shift needs following angel types: " . join(", ", $needed_angel_types_info)); - success("Schichten angelegt."); - redirect(page_link_to('admin_shifts')); - } else { - unset($_SESSION['admin_shifts_shifts']); - unset($_SESSION['admin_shifts_types']); - } - - if (! isset($_REQUEST['rid'])) { - $_REQUEST['rid'] = null; - } - $angel_types = ""; - foreach ($types as $type) { - $angel_types .= '<div class="col-md-4">' . form_spinner('type_' . $type['id'], $type['name'], $needed_angel_types[$type['id']]) . '</div>'; - } - - return page_with_title(admin_shifts_title(), [ - msg(), - form([ - form_select('shifttype_id', _('Shifttype'), $shifttypes, $shifttype_id), - form_text('title', _("Title"), $title), - form_select('rid', _("Room"), $room_array, $_REQUEST['rid']), - div('row', [ - div('col-md-6', [ - form_text('start', _("Start"), date("Y-m-d H:i", $start)), - form_text('end', _("End"), date("Y-m-d H:i", $end)), - form_info(_("Mode"), ''), - form_radio('mode', _("Create one shift"), $mode == 'single', 'single'), - form_radio('mode', _("Create multiple shifts"), $mode == 'multi', 'multi'), - form_text('length', _("Length"), ! empty($_REQUEST['length']) ? $_REQUEST['length'] : '120'), - form_radio('mode', _("Create multiple shifts with variable length"), $mode == 'variable', 'variable'), - form_text('change_hours', _("Shift change hours"), ! empty($_REQUEST['change_hours']) ? $_REQUEST['change_hours'] : '00, 04, 08, 10, 12, 14, 16, 18, 20, 22') - ]), - div('col-md-6', [ - form_info(_("Needed angels"), ''), - form_radio('angelmode', _("Take needed angels from room settings"), $angelmode == 'location', 'location'), - form_radio('angelmode', _("The following angels are needed"), $angelmode == 'manually', 'manually'), - div('row', [ - $angel_types - ]) - ]) - ]), - form_submit('preview', _("Preview")) - ]) - ]); + + return page_with_title(admin_shifts_title(), [ + msg(), + form([ + form_select('shifttype_id', _('Shifttype'), $shifttypes, $shifttype_id), + form_text('title', _('Title'), $title), + form_select('rid', _('Room'), $room_array, $rid), + div('row', [ + div('col-md-6', [ + form_text('start', _('Start'), date('Y-m-d H:i', $start)), + form_text('end', _('End'), date('Y-m-d H:i', $end)), + form_info(_('Mode'), ''), + form_radio('mode', _('Create one shift'), $mode == 'single', 'single'), + form_radio('mode', _('Create multiple shifts'), $mode == 'multi', 'multi'), + form_text('length', _('Length'), $request->has('length') ? $request->input('length') : '120'), + form_radio( + 'mode', + _('Create multiple shifts with variable length'), + $mode == 'variable', + 'variable' + ), + form_text( + 'change_hours', + _('Shift change hours'), + $request->has('change_hours') ? $request->input('input') : '00, 04, 08, 10, 12, 14, 16, 18, 20, 22' + ) + ]), + div('col-md-6', [ + form_info(_('Needed angels'), ''), + form_radio( + 'angelmode', + _('Take needed angels from room settings'), + $angelmode == 'location', + 'location' + ), + form_radio('angelmode', _('The following angels are needed'), $angelmode == 'manually', 'manually'), + div('row', [ + $angel_types + ]) + ]) + ]), + form_submit('preview', _('Preview')) + ]) + ]); } -?> diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index 737bd91f..0620155b 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -1,208 +1,316 @@ <?php -function admin_user_title() { - return _("All Angels"); +use Engelsystem\Database\DB; + +/** + * @return string + */ +function admin_user_title() +{ + return _('All Angels'); } -function admin_user() { - global $user, $privileges, $tshirt_sizes, $privileges; - - $html = ''; - - if (! isset($_REQUEST['id'])) { - redirect(users_link()); - } - - $user_id = $_REQUEST['id']; - if (! isset($_REQUEST['action'])) { - $user_source = User($user_id); - if ($user_source == null) { - error(_('This user does not exist.')); - redirect(users_link()); - } - - $html .= "Hallo,<br />" . "hier kannst du den Eintrag ändern. Unter dem Punkt 'Gekommen' " . "wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " . "dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " . "Wenn T-Shirt ein 'Ja' enthält, bedeutet dies, dass der Engel " . "bereits sein T-Shirt erhalten hat.<br /><br />\n"; - - $html .= "<form action=\"" . page_link_to("admin_user") . "&action=save&id=$user_id\" method=\"post\">\n"; - $html .= "<table border=\"0\">\n"; - $html .= "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n"; - $html .= "<tr><td>\n"; - $html .= "<table>\n"; - $html .= " <tr><td>Nick</td><td>" . "<input type=\"text\" size=\"40\" name=\"eNick\" value=\"" . $user_source['Nick'] . "\"></td></tr>\n"; - $html .= " <tr><td>lastLogIn</td><td>" . date("Y-m-d H:i", $user_source['lastLogIn']) . "</td></tr>\n"; - $html .= " <tr><td>Name</td><td>" . "<input type=\"text\" size=\"40\" name=\"eName\" value=\"" . $user_source['Name'] . "\"></td></tr>\n"; - $html .= " <tr><td>Vorname</td><td>" . "<input type=\"text\" size=\"40\" name=\"eVorname\" value=\"" . $user_source['Vorname'] . "\"></td></tr>\n"; - $html .= " <tr><td>Alter</td><td>" . "<input type=\"text\" size=\"5\" name=\"eAlter\" value=\"" . $user_source['Alter'] . "\"></td></tr>\n"; - $html .= " <tr><td>Telefon</td><td>" . "<input type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" . $user_source['Telefon'] . "\"></td></tr>\n"; - $html .= " <tr><td>Handy</td><td>" . "<input type=\"text\" size=\"40\" name=\"eHandy\" value=\"" . $user_source['Handy'] . "\"></td></tr>\n"; - $html .= " <tr><td>DECT</td><td>" . "<input type=\"text\" size=\"4\" name=\"eDECT\" value=\"" . $user_source['DECT'] . "\"></td></tr>\n"; - if ($user_source['email_by_human_allowed']) { - $html .= " <tr><td>email</td><td>" . "<input type=\"text\" size=\"40\" name=\"eemail\" value=\"" . $user_source['email'] . "\"></td></tr>\n"; - } - $html .= " <tr><td>jabber</td><td>" . "<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"" . $user_source['jabber'] . "\"></td></tr>\n"; - $html .= " <tr><td>Size</td><td>" . html_select_key('size', 'eSize', $tshirt_sizes, $user_source['Size']) . "</td></tr>\n"; - - $options = [ - '1' => _("Yes"), - '0' => _("No") - ]; - - // Gekommen? - $html .= " <tr><td>Gekommen</td><td>\n"; - $html .= html_options('eGekommen', $options, $user_source['Gekommen']) . "</td></tr>\n"; - - // Aktiv? - $html .= " <tr><td>Aktiv</td><td>\n"; - $html .= html_options('eAktiv', $options, $user_source['Aktiv']) . "</td></tr>\n"; - - // Aktiv erzwingen - if (in_array('admin_active', $privileges)) { - $html .= " <tr><td>" . _("Force active") . "</td><td>\n"; - $html .= html_options('force_active', $options, $user_source['force_active']) . "</td></tr>\n"; - } - - // T-Shirt bekommen? - $html .= " <tr><td>T-Shirt</td><td>\n"; - $html .= html_options('eTshirt', $options, $user_source['Tshirt']) . "</td></tr>\n"; - - $html .= " <tr><td>Hometown</td><td>" . "<input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" . $user_source['Hometown'] . "\"></td></tr>\n"; - - $html .= "</table>\n</td><td valign=\"top\"></td></tr>"; - - $html .= "</td></tr>\n"; - $html .= "</table>\n<br />\n"; - $html .= "<input type=\"submit\" value=\"Speichern\">\n"; - $html .= "</form>"; - - $html .= "<hr />"; - - $html .= form_info('', _('Please visit the angeltypes page or the users profile to manage users angeltypes.')); - - $html .= "Hier kannst Du das Passwort dieses Engels neu setzen:<form action=\"" . page_link_to("admin_user") . "&action=change_pw&id=$user_id\" method=\"post\">\n"; - $html .= "<table>\n"; - $html .= " <tr><td>Passwort</td><td>" . "<input type=\"password\" size=\"40\" name=\"new_pw\" value=\"\"></td></tr>\n"; - $html .= " <tr><td>Wiederholung</td><td>" . "<input type=\"password\" size=\"40\" name=\"new_pw2\" value=\"\"></td></tr>\n"; - - $html .= "</table>"; - $html .= "<input type=\"submit\" value=\"Speichern\">\n"; - $html .= "</form>"; - - $html .= "<hr />"; - - $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user['UID']) . "' ORDER BY `group_id` LIMIT 1"); - if (count($my_highest_group) > 0) { - $my_highest_group = $my_highest_group[0]['group_id']; - } - - $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user_id) . "' ORDER BY `group_id` LIMIT 1"); - if (count($his_highest_group) > 0) { - $his_highest_group = $his_highest_group[0]['group_id']; +/** + * @return string + */ +function admin_user() +{ + global $user, $privileges; + $tshirt_sizes = config('tshirt_sizes'); + $request = request(); + + foreach ($tshirt_sizes as $key => $size) { + if (empty($size)) { + unset($tshirt_sizes[$key]); + } } - - if ($user_id != $user['UID'] && $my_highest_group <= $his_highest_group) { - $html .= "Hier kannst Du die Benutzergruppen des Engels festlegen:<form action=\"" . page_link_to("admin_user") . "&action=save_groups&id=" . $user_id . "\" method=\"post\">\n"; - $html .= '<table>'; - - $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($user_id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group) . "' ORDER BY `Groups`.`Name`"); - foreach ($groups as $group) { - $html .= '<tr><td><input type="checkbox" name="groups[]" value="' . $group['UID'] . '"' . ($group['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $group['Name'] . '</td></tr>'; - } - - $html .= '</table>'; - - $html .= "<input type=\"submit\" value=\"Speichern\">\n"; - $html .= "</form>"; - - $html .= "<hr />"; + + $html = ''; + + if (!$request->has('id')) { + redirect(users_link()); } - - $html .= buttons([ - button(user_delete_link($user_source), glyph('lock') . _("delete"), 'btn-danger') - ]); - - $html .= "<hr />"; - } else { - switch ($_REQUEST['action']) { - case 'save_groups': - if ($user_id != $user['UID']) { - $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user['UID']) . "' ORDER BY `group_id`"); - $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user_id) . "' ORDER BY `group_id`"); - - if (count($my_highest_group) > 0 && (count($his_highest_group) == 0 || ($my_highest_group[0]['group_id'] <= $his_highest_group[0]['group_id']))) { - $groups_source = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($user_id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group[0]['group_id']) . "' ORDER BY `Groups`.`Name`"); - $groups = []; - $grouplist = []; - foreach ($groups_source as $group) { - $groups[$group['UID']] = $group; - $grouplist[] = $group['UID']; - } - - if (! is_array($_REQUEST['groups'])) { - $_REQUEST['groups'] = []; - } - - sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($user_id) . "'"); - $user_groups_info = []; - foreach ($_REQUEST['groups'] as $group) { - if (in_array($group, $grouplist)) { - sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($user_id) . "', `group_id`='" . sql_escape($group) . "'"); - $user_groups_info[] = $groups[$group]['Name']; - } - } - $user_source = User($user_id); - engelsystem_log("Set groups of " . User_Nick_render($user_source) . " to: " . join(", ", $user_groups_info)); - $html .= success("Benutzergruppen gespeichert.", true); - } else { - $html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.", true); - } - } else { - $html .= error("Du kannst Deine eigenen Rechte nicht bearbeiten.", true); + + $user_id = $request->input('id'); + if (!$request->has('action')) { + $user_source = User($user_id); + if ($user_source == null) { + error(_('This user does not exist.')); + redirect(users_link()); + } + + $html .= 'Hallo,<br />' + . 'hier kannst du den Eintrag ändern. Unter dem Punkt \'Gekommen\' ' + . 'wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, ' + . 'dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. ' + . 'Wenn T-Shirt ein \'Ja\' enthält, bedeutet dies, dass der Engel ' + . 'bereits sein T-Shirt erhalten hat.<br /><br />' . "\n"; + + $html .= '<form action="' + . page_link_to('admin_user', ['action' => 'save', 'id' => $user_id]) + . '" method="post">' . "\n"; + $html .= '<table border="0">' . "\n"; + $html .= '<input type="hidden" name="Type" value="Normal">' . "\n"; + $html .= '<tr><td>' . "\n"; + $html .= '<table>' . "\n"; + $html .= ' <tr><td>Nick</td><td>' . '<input size="40" name="eNick" value="' . $user_source['Nick'] . '" class="form-control"></td></tr>' . "\n"; + $html .= ' <tr><td>Last login</td><td><p class="help-block">' + . date('Y-m-d H:i', $user_source['lastLogIn']) + . '</p></td></tr>' . "\n"; + $html .= ' <tr><td>Name</td><td>' . '<input size="40" name="eName" value="' . $user_source['Name'] . '" class="form-control"></td></tr>' . "\n"; + $html .= ' <tr><td>Vorname</td><td>' . '<input size="40" name="eVorname" value="' . $user_source['Vorname'] . '" class="form-control"></td></tr>' . "\n"; + $html .= ' <tr><td>Alter</td><td>' . '<input size="5" name="eAlter" value="' . $user_source['Alter'] . '" class="form-control"></td></tr>' . "\n"; + $html .= ' <tr><td>Telefon</td><td>' . '<input size="40" name="eTelefon" value="' . $user_source['Telefon'] . '" class="form-control"></td></tr>' . "\n"; + $html .= ' <tr><td>Handy</td><td>' . '<input size="40" name="eHandy" value="' . $user_source['Handy'] . '" class="form-control"></td></tr>' . "\n"; + $html .= ' <tr><td>DECT</td><td>' . '<input size="4" name="eDECT" value="' . $user_source['DECT'] . '" class="form-control"></td></tr>' . "\n"; + if ($user_source['email_by_human_allowed']) { + $html .= " <tr><td>email</td><td>" . '<input size="40" name="eemail" value="' . $user_source['email'] . '" class="form-control"></td></tr>' . "\n"; } - break; - - case 'save': - $force_active = $user['force_active']; + $html .= " <tr><td>jabber</td><td>" . '<input size="40" name="ejabber" value="' . $user_source['jabber'] . '" class="form-control"></td></tr>' . "\n"; + $html .= ' <tr><td>Size</td><td>' + . html_select_key('size', 'eSize', $tshirt_sizes, $user_source['Size']) . '</td></tr>' . "\n"; + + $options = [ + '1' => _('Yes'), + '0' => _('No') + ]; + + // Gekommen? + $html .= ' <tr><td>Gekommen</td><td>' . "\n"; + $html .= html_options('eGekommen', $options, $user_source['Gekommen']) . '</td></tr>' . "\n"; + + // Aktiv? + $html .= ' <tr><td>Aktiv</td><td>' . "\n"; + $html .= html_options('eAktiv', $options, $user_source['Aktiv']) . '</td></tr>' . "\n"; + + // Aktiv erzwingen if (in_array('admin_active', $privileges)) { - $force_active = $_REQUEST['force_active']; + $html .= ' <tr><td>' . _('Force active') . '</td><td>' . "\n"; + $html .= html_options('force_active', $options, $user_source['force_active']) . '</td></tr>' . "\n"; + } + + // T-Shirt bekommen? + $html .= ' <tr><td>T-Shirt</td><td>' . "\n"; + $html .= html_options('eTshirt', $options, $user_source['Tshirt']) . '</td></tr>' . "\n"; + + $html .= ' <tr><td>Hometown</td><td>' . '<input size="40" name="Hometown" value="' . $user_source['Hometown'] . '" class="form-control"></td></tr>' . "\n"; + + $html .= '</table>' . "\n" . '</td><td valign="top"></td></tr>'; + + $html .= '</td></tr>' . "\n"; + $html .= '</table>' . "\n" . '<br />' . "\n"; + $html .= '<input type="submit" value="Speichern" class="btn btn-primary">'; + $html .= '</form>'; + + $html .= '<hr />'; + + $html .= form_info('', _('Please visit the angeltypes page or the users profile to manage users angeltypes.')); + + $html .= 'Hier kannst Du das Passwort dieses Engels neu setzen:<form action="' + . page_link_to('admin_user', ['action' => 'change_pw', 'id' => $user_id]) + . '" method="post">' . "\n"; + $html .= '<table>' . "\n"; + $html .= ' <tr><td>Passwort</td><td>' . '<input type="password" size="40" name="new_pw" value="" class="form-control"></td></tr>' . "\n"; + $html .= ' <tr><td>Wiederholung</td><td>' . '<input type="password" size="40" name="new_pw2" value="" class="form-control"></td></tr>' . "\n"; + + $html .= '</table>' . "\n" . '<br />' . "\n"; + $html .= '<input type="submit" value="Speichern" class="btn btn-primary">' . "\n"; + $html .= '</form>'; + + $html .= '<hr />'; + + $my_highest_group = DB::selectOne( + 'SELECT group_id FROM `UserGroups` WHERE `uid`=? ORDER BY `group_id` LIMIT 1', + [$user['UID']] + ); + if (!empty($my_highest_group)) { + $my_highest_group = $my_highest_group['group_id']; } - $SQL = "UPDATE `User` SET - `Nick` = '" . sql_escape($_POST["eNick"]) . "', - `Name` = '" . sql_escape($_POST["eName"]) . "', - `Vorname` = '" . sql_escape($_POST["eVorname"]) . "', - `Telefon` = '" . sql_escape($_POST["eTelefon"]) . "', - `Handy` = '" . sql_escape($_POST["eHandy"]) . "', - `Alter` = '" . sql_escape($_POST["eAlter"]) . "', - `DECT` = '" . sql_escape($_POST["eDECT"]) . "', - " . ($user_source['email_by_human_allowed'] ? "`email` = '" . sql_escape($_POST["eemail"]) . "'" : "") . " - `jabber` = '" . sql_escape($_POST["ejabber"]) . "', - `Size` = '" . sql_escape($_POST["eSize"]) . "', - `Gekommen`= '" . sql_escape($_POST["eGekommen"]) . "', - `Aktiv`= '" . sql_escape($_POST["eAktiv"]) . "', - `force_active`= " . sql_escape($force_active) . ", - `Tshirt` = '" . sql_escape($_POST["eTshirt"]) . "', - `Hometown` = '" . sql_escape($_POST["Hometown"]) . "' - WHERE `UID` = '" . sql_escape($user_id) . "' - LIMIT 1"; - sql_query($SQL); - engelsystem_log("Updated user: " . $_POST["eNick"] . ", " . $_POST["eSize"] . ", arrived: " . $_POST["eGekommen"] . ", active: " . $_POST["eAktiv"] . ", tshirt: " . $_POST["eTshirt"]); - $html .= success("Änderung wurde gespeichert...\n", true); - break; - - case 'change_pw': - if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) { - set_password($user_id, $_REQUEST['new_pw']); - $user_source = User($user_id); - engelsystem_log("Set new password for " . User_Nick_render($user_source)); - $html .= success("Passwort neu gesetzt.", true); - } else { - $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true); + + $his_highest_group = DB::selectOne( + 'SELECT `group_id` FROM `UserGroups` WHERE `uid`=? ORDER BY `group_id` LIMIT 1', + [$user_id] + ); + if (!empty($his_highest_group)) { + $his_highest_group = $his_highest_group['group_id']; + } + + if ($user_id != $user['UID'] && $my_highest_group <= $his_highest_group) { + $html .= 'Hier kannst Du die Benutzergruppen des Engels festlegen:<form action="' + . page_link_to('admin_user', ['action' => 'save_groups', 'id' => $user_id]) + . '" method="post">' . "\n"; + $html .= '<table>'; + + $groups = DB::select(' + SELECT * + FROM `Groups` + LEFT OUTER JOIN `UserGroups` ON ( + `UserGroups`.`group_id` = `Groups`.`UID` + AND `UserGroups`.`uid` = ? + ) + WHERE `Groups`.`UID` >= ? + ORDER BY `Groups`.`Name` + ', + [ + $user_id, + $my_highest_group, + ] + ); + foreach ($groups as $group) { + $html .= '<tr><td><input type="checkbox" name="groups[]" value="' . $group['UID'] . '" ' + . ($group['group_id'] != '' ? ' checked="checked"' : '') + . ' /></td><td>' . $group['Name'] . '</td></tr>'; + } + + $html .= '</table><br>'; + + $html .= '<input type="submit" value="Speichern" class="btn btn-primary">' . "\n"; + $html .= '</form>'; + + $html .= '<hr />'; + } + + $html .= buttons([ + button(user_delete_link($user_source), glyph('lock') . _('delete'), 'btn-danger') + ]); + + $html .= "<hr />"; + } else { + switch ($request->input('action')) { + case 'save_groups': + if ($user_id != $user['UID']) { + $my_highest_group = DB::selectOne( + 'SELECT * FROM `UserGroups` WHERE `uid`=? ORDER BY `group_id`', + [$user['UID']] + ); + $his_highest_group = DB::selectOne( + 'SELECT * FROM `UserGroups` WHERE `uid`=? ORDER BY `group_id`', + [$user_id] + ); + + if ( + count($my_highest_group) > 0 + && ( + count($his_highest_group) == 0 + || ($my_highest_group['group_id'] <= $his_highest_group['group_id']) + ) + ) { + $groups_source = DB::select(' + SELECT * + FROM `Groups` + LEFT OUTER JOIN `UserGroups` ON ( + `UserGroups`.`group_id` = `Groups`.`UID` + AND `UserGroups`.`uid` = ? + ) + WHERE `Groups`.`UID` >= ? + ORDER BY `Groups`.`Name` + ', + [ + $user_id, + $my_highest_group['group_id'], + ] + ); + $groups = []; + $grouplist = []; + foreach ($groups_source as $group) { + $groups[$group['UID']] = $group; + $grouplist[] = $group['UID']; + } + + $groupsRequest = $request->input('groups'); + if (!is_array($groupsRequest)) { + $groupsRequest = []; + } + + DB::delete('DELETE FROM `UserGroups` WHERE `uid`=?', [$user_id]); + $user_groups_info = []; + foreach ($groupsRequest as $group) { + if (in_array($group, $grouplist)) { + DB::insert( + 'INSERT INTO `UserGroups` (`uid`, `group_id`) VALUES (?, ?)', + [$user_id, $group] + ); + $user_groups_info[] = $groups[$group]['Name']; + } + } + $user_source = User($user_id); + engelsystem_log( + 'Set groups of ' . User_Nick_render($user_source) . ' to: ' . join(', ', $user_groups_info) + ); + $html .= success('Benutzergruppen gespeichert.', true); + } else { + $html .= error('Du kannst keine Engel mit mehr Rechten bearbeiten.', true); + } + } else { + $html .= error('Du kannst Deine eigenen Rechte nicht bearbeiten.', true); + } + break; + + case 'save': + $force_active = $user['force_active']; + $user_source = User($user_id); + if (in_array('admin_active', $privileges)) { + $force_active = $request->input('force_active'); + } + $sql = ' + UPDATE `User` SET + `Nick` = ?, + `Name` = ?, + `Vorname` = ?, + `Telefon` = ?, + `Handy` = ?, + `Alter` =?, + `DECT` = ?, + ' . ($user_source['email_by_human_allowed'] ? '`email` = ' . DB::getPdo()->quote($request->postData('eemail')) . ',' : '') . ' + `jabber` = ?, + `Size` = ?, + `Gekommen`= ?, + `Aktiv`= ?, + `force_active`= ?, + `Tshirt` = ?, + `Hometown` = ? + WHERE `UID` = ? + LIMIT 1'; + DB::update($sql, [ + User_validate_Nick($request->postData('eNick')), + $request->postData('eName'), + $request->postData('eVorname'), + $request->postData('eTelefon'), + $request->postData('eHandy'), + $request->postData('eAlter'), + $request->postData('eDECT'), + $request->postData('ejabber'), + $request->postData('eSize'), + $request->postData('eGekommen'), + $request->postData('eAktiv'), + $force_active, + $request->postData('eTshirt'), + $request->postData('Hometown'), + $user_id, + ]); + engelsystem_log( + 'Updated user: ' . $request->postData('eNick') . ', ' . $request->postData('eSize') + . ', arrived: ' . $request->postData('eVorname') + . ', active: ' . $request->postData('eAktiv') + . ', tshirt: ' . $request->postData('eTshirt') + ); + $html .= success('Änderung wurde gespeichert...' . "\n", true); + break; + + case 'change_pw': + if ($request->postData('new_pw') != '' && $request->postData('new_pw') == $request->postData('new_pw2')) { + set_password($user_id, $request->postData('new_pw')); + $user_source = User($user_id); + engelsystem_log('Set new password for ' . User_Nick_render($user_source)); + $html .= success('Passwort neu gesetzt.', true); + } else { + $html .= error('Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!', true); + } + break; } - break; } - } - - return page_with_title(_("Edit user"), [ - $html - ]); + + return page_with_title(_('Edit user'), [ + $html + ]); } -?> diff --git a/includes/pages/guest_credits.php b/includes/pages/guest_credits.php index cbdc3133..db86132d 100644 --- a/includes/pages/guest_credits.php +++ b/includes/pages/guest_credits.php @@ -1,9 +1,17 @@ <?php -function credits_title() { - return _("Credits"); + +/** + * @return string + */ +function credits_title() +{ + return _('Credits'); } -function guest_credits() { - return template_render(__DIR__ . '/../../templates/guest_credits.html', []); +/** + * @return string + */ +function guest_credits() +{ + return view(__DIR__ . '/../../templates/guest_credits.html'); } -?>
\ No newline at end of file diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index 54abe5ca..76c944c5 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -1,400 +1,529 @@ <?php -function login_title() { - return _("Login"); +use Engelsystem\Database\DB; + +/** + * @return string + */ +function login_title() +{ + return _('Login'); } -function register_title() { - return _("Register"); +/** + * @return string + */ +function register_title() +{ + return _('Register'); } -function logout_title() { - return _("Logout"); +/** + * @return string + */ +function logout_title() +{ + return _('Logout'); } -// Engel registrieren -function guest_register() { - global $tshirt_sizes, $enable_tshirt_size, $default_theme, $user, $min_password_length; - - $event_config = EventConfig(); - - $msg = ""; - $nick = ""; - $lastname = ""; - $prename = ""; - $age = ""; - $tel = ""; - $dect = ""; - $mobile = ""; - $mail = ""; - $email_shiftinfo = false; - $email_by_human_allowed = false; - $jabber = ""; - $hometown = ""; - $comment = ""; - $tshirt_size = ''; - $password_hash = ""; - $selected_angel_types = []; - $planned_arrival_date = null; - - $angel_types_source = AngelTypes(); - $angel_types = []; - foreach ($angel_types_source as $angel_type) { - $angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : ""); - if (! $angel_type['restricted']) { - $selected_angel_types[] = $angel_type['id']; - } - } - - if (isset($_REQUEST['submit'])) { - $valid = true; - - if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 1) { - $nick = User_validate_Nick($_REQUEST['nick']); - if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' LIMIT 1") > 0) { - $valid = false; - $msg .= error(sprintf(_("Your nick "%s" already exists."), $nick), true); - } - } else { - $valid = false; - $msg .= error(sprintf(_("Your nick "%s" is too short (min. 2 characters)."), User_validate_Nick($_REQUEST['nick'])), true); - } - - if (isset($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) { - $mail = strip_request_item('mail'); - if (! check_email($mail)) { - $valid = false; - $msg .= error(_("E-mail address is not correct."), true); - } - } else { - $valid = false; - $msg .= error(_("Please enter your e-mail."), true); - } - - if (isset($_REQUEST['email_shiftinfo'])) { - $email_shiftinfo = true; - } - - if (isset($_REQUEST['email_by_human_allowed'])) { - $email_by_human_allowed = true; - } - - if (isset($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) { - $jabber = strip_request_item('jabber'); - if (! check_email($jabber)) { - $valid = false; - $msg .= error(_("Please check your jabber account information."), true); - } - } - - if ($enable_tshirt_size) { - if (isset($_REQUEST['tshirt_size']) && isset($tshirt_sizes[$_REQUEST['tshirt_size']]) && $_REQUEST['tshirt_size'] != '') { - $tshirt_size = $_REQUEST['tshirt_size']; - } else { - $valid = false; - $msg .= error(_("Please select your shirt size."), true); - } - } - - if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= $min_password_length) { - if ($_REQUEST['password'] != $_REQUEST['password2']) { - $valid = false; - $msg .= error(_("Your passwords don't match."), true); - } - } else { - $valid = false; - $msg .= error(sprintf(_("Your password is too short (please use at least %s characters)."), $min_password_length), true); - } - - if (isset($_REQUEST['planned_arrival_date'])) { - $tmp = parse_date("Y-m-d H:i", $_REQUEST['planned_arrival_date'] . " 00:00"); - $result = User_validate_planned_arrival_date($tmp); - $planned_arrival_date = $result->getValue(); - if (! $result->isValid()) { - $valid = false; - error(_("Please enter your planned date of arrival. It should be after the buildup start date and before teardown end date.")); - } - } - +/** + * Engel registrieren + * + * @return string + */ +function guest_register() +{ + global $user, $privileges; + $tshirt_sizes = config('tshirt_sizes'); + $enable_tshirt_size = config('enable_tshirt_size'); + $min_password_length = config('min_password_length'); + $event_config = EventConfig(); + $request = request(); + $session = session(); + + $msg = ''; + $nick = ''; + $lastName = ''; + $preName = ''; + $age = 0; + $tel = ''; + $dect = ''; + $mobile = ''; + $mail = ''; + $email_shiftinfo = false; + $email_by_human_allowed = false; + $jabber = ''; + $hometown = ''; + $comment = ''; + $tshirt_size = ''; + $password_hash = ''; $selected_angel_types = []; - foreach (array_keys($angel_types) as $angel_type_id) { - if (isset($_REQUEST['angel_types_' . $angel_type_id])) { - $selected_angel_types[] = $angel_type_id; - } - } - - // Trivia - if (isset($_REQUEST['lastname'])) { - $lastname = strip_request_item('lastname'); - } - if (isset($_REQUEST['prename'])) { - $prename = strip_request_item('prename'); - } - if (isset($_REQUEST['age']) && preg_match("/^[0-9]{0,4}$/", $_REQUEST['age'])) { - $age = strip_request_item('age'); - } - if (isset($_REQUEST['tel'])) { - $tel = strip_request_item('tel'); - } - if (isset($_REQUEST['dect'])) { - $dect = strip_request_item('dect'); - } - if (isset($_REQUEST['mobile'])) { - $mobile = strip_request_item('mobile'); - } - if (isset($_REQUEST['hometown'])) { - $hometown = strip_request_item('hometown'); + $planned_arrival_date = null; + + $angel_types_source = AngelTypes(); + $angel_types = []; + foreach ($angel_types_source as $angel_type) { + $angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? ' (restricted)' : ''); + if (!$angel_type['restricted']) { + $selected_angel_types[] = $angel_type['id']; + } } - if (isset($_REQUEST['comment'])) { - $comment = strip_request_item_nl('comment'); + + foreach ($tshirt_sizes as $key => $size) { + if (empty($size)) { + unset($tshirt_sizes[$key]); + } } - - if ($valid) { - sql_query(" - INSERT INTO `User` SET - `color`='" . sql_escape($default_theme) . "', - `Nick`='" . sql_escape($nick) . "', - `Vorname`='" . sql_escape($prename) . "', - `Name`='" . sql_escape($lastname) . "', - `Alter`='" . sql_escape($age) . "', - `Telefon`='" . sql_escape($tel) . "', - `DECT`='" . sql_escape($dect) . "', - `Handy`='" . sql_escape($mobile) . "', - `email`='" . sql_escape($mail) . "', - `email_shiftinfo`=" . sql_bool($email_shiftinfo) . ", - `email_by_human_allowed`=" . sql_bool($email_by_human_allowed) . ", - `jabber`='" . sql_escape($jabber) . "', - `Size`='" . sql_escape($tshirt_size) . "', - `Passwort`='" . sql_escape($password_hash) . "', - `kommentar`='" . sql_escape($comment) . "', - `Hometown`='" . sql_escape($hometown) . "', - `CreateDate`=NOW(), - `Sprache`='" . sql_escape($_SESSION["locale"]) . "', - `arrival_date`=NULL, - `planned_arrival_date`='" . sql_escape($planned_arrival_date) . "'"); - - // Assign user-group and set password - $user_id = sql_id(); - sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($user_id) . "', `group_id`=-2"); - set_password($user_id, $_REQUEST['password']); - - // Assign angel-types - $user_angel_types_info = []; - foreach ($selected_angel_types as $selected_angel_type_id) { - sql_query("INSERT INTO `UserAngelTypes` SET `user_id`='" . sql_escape($user_id) . "', `angeltype_id`='" . sql_escape($selected_angel_type_id) . "'"); - $user_angel_types_info[] = $angel_types[$selected_angel_type_id]; - } - - engelsystem_log("User " . User_Nick_render(User($user_id)) . " signed up as: " . join(", ", $user_angel_types_info)); - success(_("Angel registration successful!")); - - // User is already logged in - that means a supporter has registered an angel. Return to register page. - if (isset($user)) { - redirect(page_link_to('register')); - } - - // If a welcome message is present, display registration success page. - if ($event_config != null && $event_config['event_welcome_msg'] != null) { - return User_registration_success_view($event_config['event_welcome_msg']); - } - - redirect('?'); + + if (!in_array('register', $privileges) || (!isset($user) && !config('registration_enabled'))) { + error(_('Registration is disabled.')); + + return page_with_title(register_title(), [ + msg(), + ]); } - } - - $buildup_start_date = time(); - $teardown_end_date = null; - if ($event_config != null) { - if (isset($event_config['buildup_start_date'])) { - $buildup_start_date = $event_config['buildup_start_date']; + + if ($request->has('submit')) { + $valid = true; + + if ($request->has('nick') && strlen(User_validate_Nick($request->input('nick'))) > 1) { + $nick = User_validate_Nick($request->input('nick')); + if (count(DB::select('SELECT `UID` FROM `User` WHERE `Nick`=? LIMIT 1', [$nick])) > 0) { + $valid = false; + $msg .= error(sprintf(_('Your nick "%s" already exists.'), $nick), true); + } + } else { + $valid = false; + $msg .= error(sprintf( + _('Your nick "%s" is too short (min. 2 characters).'), + User_validate_Nick($request->input('nick')) + ), true); + } + + if ($request->has('mail') && strlen(strip_request_item('mail')) > 0) { + $mail = strip_request_item('mail'); + if (!check_email($mail)) { + $valid = false; + $msg .= error(_('E-mail address is not correct.'), true); + } + } else { + $valid = false; + $msg .= error(_('Please enter your e-mail.'), true); + } + + if ($request->has('email_shiftinfo')) { + $email_shiftinfo = true; + } + + if ($request->has('email_by_human_allowed')) { + $email_by_human_allowed = true; + } + + if ($request->has('jabber') && strlen(strip_request_item('jabber')) > 0) { + $jabber = strip_request_item('jabber'); + if (!check_email($jabber)) { + $valid = false; + $msg .= error(_('Please check your jabber account information.'), true); + } + } + + if ($enable_tshirt_size) { + if ($request->has('tshirt_size') && isset($tshirt_sizes[$request->input('tshirt_size')])) { + $tshirt_size = $request->input('tshirt_size'); + } else { + $valid = false; + $msg .= error(_('Please select your shirt size.'), true); + } + } + + if ($request->has('password') && strlen($request->postData('password')) >= $min_password_length) { + if ($request->postData('password') != $request->postData('password2')) { + $valid = false; + $msg .= error(_('Your passwords don\'t match.'), true); + } + } else { + $valid = false; + $msg .= error(sprintf( + _('Your password is too short (please use at least %s characters).'), + $min_password_length + ), true); + } + + if ($request->has('planned_arrival_date')) { + $tmp = parse_date('Y-m-d H:i', $request->input('planned_arrival_date') . ' 00:00'); + $result = User_validate_planned_arrival_date($tmp); + $planned_arrival_date = $result->getValue(); + if (!$result->isValid()) { + $valid = false; + error(_('Please enter your planned date of arrival. It should be after the buildup start date and before teardown end date.')); + } + } else { + $valid = false; + error(_('Please enter your planned date of arrival. It should be after the buildup start date and before teardown end date.')); + } + + $selected_angel_types = []; + foreach (array_keys($angel_types) as $angel_type_id) { + if ($request->has('angel_types_' . $angel_type_id)) { + $selected_angel_types[] = $angel_type_id; + } + } + + // Trivia + if ($request->has('lastname')) { + $lastName = strip_request_item('lastname'); + } + if ($request->has('prename')) { + $preName = strip_request_item('prename'); + } + if ($request->has('age') && preg_match('/^\d{0,4}$/', $request->input('age'))) { + $age = strip_request_item('age'); + } + if ($request->has('tel')) { + $tel = strip_request_item('tel'); + } + if ($request->has('dect')) { + if(strlen(strip_request_item('dect')) <= 5) { + $dect = strip_request_item('dect'); + } else { + $valid = false; + error(_('For dect numbers are only 5 digits allowed.')); + } + } + if ($request->has('mobile')) { + $mobile = strip_request_item('mobile'); + } + if ($request->has('hometown')) { + $hometown = strip_request_item('hometown'); + } + if ($request->has('comment')) { + $comment = strip_request_item_nl('comment'); + } + + if ($valid) { + DB::insert(' + INSERT INTO `User` ( + `color`, + `Nick`, + `Vorname`, + `Name`, + `Alter`, + `Telefon`, + `DECT`, + `Handy`, + `email`, + `email_shiftinfo`, + `email_by_human_allowed`, + `jabber`, + `Size`, + `Passwort`, + `kommentar`, + `Hometown`, + `CreateDate`, + `Sprache`, + `arrival_date`, + `planned_arrival_date`, + `force_active`, + `lastLogIn`, + `api_key`, + `got_voucher` + ) + VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW(), ?, NULL, ?, FALSE, 0, "", 0) + ', + [ + config('theme'), + $nick, + $preName, + $lastName, + $age, + $tel, + $dect, + $mobile, + $mail, + (int)$email_shiftinfo, + (int)$email_by_human_allowed, + $jabber, + $tshirt_size, + $password_hash, + $comment, + $hometown, + $session->get('locale'), + $planned_arrival_date, + ] + ); + + // Assign user-group and set password + $user_id = DB::getPdo()->lastInsertId(); + DB::insert('INSERT INTO `UserGroups` (`uid`, `group_id`) VALUES (?, -20)', [$user_id]); + set_password($user_id, $request->postData('password')); + + // Assign angel-types + $user_angel_types_info = []; + foreach ($selected_angel_types as $selected_angel_type_id) { + DB::insert( + 'INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`, `supporter`) VALUES (?, ?, FALSE)', + [$user_id, $selected_angel_type_id] + ); + $user_angel_types_info[] = $angel_types[$selected_angel_type_id]; + } + + engelsystem_log( + 'User ' . User_Nick_render(User($user_id)) + . ' signed up as: ' . join(', ', $user_angel_types_info) + ); + success(_('Angel registration successful!')); + + // User is already logged in - that means a supporter has registered an angel. Return to register page. + if (isset($user)) { + redirect(page_link_to('register')); + } + + // If a welcome message is present, display registration success page. + if ($event_config != null && $event_config['event_welcome_msg'] != null) { + return User_registration_success_view($event_config['event_welcome_msg']); + } + + redirect(page_link_to('/')); + } } - if(isset($event_config['teardown_end_date'])) { - $teardown_end_date = $event_config['teardown_end_date']; + + $buildup_start_date = time(); + $teardown_end_date = null; + if ($event_config != null) { + if (isset($event_config['buildup_start_date'])) { + $buildup_start_date = $event_config['buildup_start_date']; + } + if (isset($event_config['teardown_end_date'])) { + $teardown_end_date = $event_config['teardown_end_date']; + } } - } - - return page_with_title(register_title(), [ - _("By completing this form you're registering as a Chaos-Angel. This script will create you an account in the angel task scheduler."), - $msg, - msg(), - form([ - div('row', [ - div('col-md-6', [ - div('row', [ - div('col-sm-4', [ - form_text('nick', _("Nick") . ' ' . entry_required(), $nick) - ]), - div('col-sm-8', [ - form_email('mail', _("E-Mail") . ' ' . entry_required(), $mail), - form_checkbox('email_shiftinfo', _("The engelsystem is allowed to send me an email (e.g. when my shifts change)"), $email_shiftinfo), - form_checkbox('email_by_human_allowed', _("Humans are allowed to send me an email (e.g. for ticket vouchers)"), $email_by_human_allowed) - ]) - ]), - div('row', [ - div('col-sm-6', [ - form_date('planned_arrival_date', _("Planned date of arrival") . ' ' . entry_required(), $planned_arrival_date, $buildup_start_date, $teardown_end_date) - ]), - div('col-sm-6', [ - $enable_tshirt_size ? form_select('tshirt_size', _("Shirt size") . ' ' . entry_required(), $tshirt_sizes, $tshirt_size) : '' - ]) - ]), - div('row', [ - div('col-sm-6', [ - form_password('password', _("Password") . ' ' . entry_required()) - ]), - div('col-sm-6', [ - form_password('password2', _("Confirm password") . ' ' . entry_required()) - ]) - ]), - form_checkboxes('angel_types', _("What do you want to do?") . sprintf(" (<a href=\"%s\">%s</a>)", page_link_to('angeltypes') . '&action=about', _("Description of job types")), $angel_types, $selected_angel_types), - form_info("", _("Restricted angel types need will be confirmed later by a supporter. You can change your selection in the options section.")) - ]), - div('col-md-6', [ - div('row', [ - div('col-sm-4', [ - form_text('dect', _("DECT"), $dect) - ]), - div('col-sm-4', [ - form_text('mobile', _("Mobile"), $mobile) - ]), - div('col-sm-4', [ - form_text('tel', _("Phone"), $tel) - ]) - ]), - form_text('jabber', _("Jabber"), $jabber), - div('row', [ - div('col-sm-6', [ - form_text('prename', _("First name"), $prename) - ]), - div('col-sm-6', [ - form_text('lastname', _("Last name"), $lastname) - ]) - ]), - div('row', [ - div('col-sm-3', [ - form_text('age', _("Age"), $age) - ]), - div('col-sm-9', [ - form_text('hometown', _("Hometown"), $hometown) - ]) - ]), - form_info(entry_required() . ' = ' . _("Entry required!")) - ]) - ]), - // form_textarea('comment', _("Did you help at former CCC events and which tasks have you performed then?"), $comment), - form_submit('submit', _("Register")) - ]) - ]); + + return page_with_title(register_title(), [ + _('By completing this form you\'re registering as a Chaos-Angel. This script will create you an account in the angel task scheduler.'), + $msg, + msg(), + form([ + div('row', [ + div('col-md-6', [ + div('row', [ + div('col-sm-4', [ + form_text('nick', _('Nick') . ' ' . entry_required(), $nick) + ]), + div('col-sm-8', [ + form_email('mail', _('E-Mail') . ' ' . entry_required(), $mail), + form_checkbox( + 'email_shiftinfo', + _('The engelsystem is allowed to send me an email (e.g. when my shifts change)'), + $email_shiftinfo + ), + form_checkbox( + 'email_by_human_allowed', + _('Humans are allowed to send me an email (e.g. for ticket vouchers)'), + $email_by_human_allowed + ) + ]) + ]), + div('row', [ + div('col-sm-6', [ + form_date( + 'planned_arrival_date', + _('Planned date of arrival') . ' ' . entry_required(), + $planned_arrival_date, $buildup_start_date, $teardown_end_date + ) + ]), + div('col-sm-6', [ + $enable_tshirt_size ? form_select('tshirt_size', + _('Shirt size') . ' ' . entry_required(), + $tshirt_sizes, $tshirt_size) : '' + ]) + ]), + div('row', [ + div('col-sm-6', [ + form_password('password', _('Password') . ' ' . entry_required()) + ]), + div('col-sm-6', [ + form_password('password2', _('Confirm password') . ' ' . entry_required()) + ]) + ]), + form_checkboxes( + 'angel_types', + _('What do you want to do?') . sprintf( + ' (<a href="%s">%s</a>)', + page_link_to('angeltypes', ['action' => 'about']), + _('Description of job types') + ), + $angel_types, + $selected_angel_types + ), + form_info( + '', + _('Restricted angel types need will be confirmed later by a supporter. You can change your selection in the options section.') + ) + ]), + div('col-md-6', [ + div('row', [ + div('col-sm-4', [ + form_text('dect', _('DECT'), $dect) + ]), + div('col-sm-4', [ + form_text('mobile', _('Mobile'), $mobile) + ]), + div('col-sm-4', [ + form_text('tel', _('Phone'), $tel) + ]) + ]), + form_text('jabber', _('Jabber'), $jabber), + div('row', [ + div('col-sm-6', [ + form_text('prename', _('First name'), $preName) + ]), + div('col-sm-6', [ + form_text('lastname', _('Last name'), $lastName) + ]) + ]), + div('row', [ + div('col-sm-3', [ + form_text('age', _('Age'), $age) + ]), + div('col-sm-9', [ + form_text('hometown', _('Hometown'), $hometown) + ]) + ]), + form_info(entry_required() . ' = ' . _('Entry required!')) + ]) + ]), + // form_textarea('comment', _('Did you help at former CCC events and which tasks have you performed then?'), $comment), + form_submit('submit', _('Register')) + ]) + ]); } -function entry_required() { - return '<span class="text-info glyphicon glyphicon-warning-sign"></span>'; +/** + * @return string + */ +function entry_required() +{ + return '<span class="text-info glyphicon glyphicon-warning-sign"></span>'; } -function guest_logout() { - session_destroy(); - redirect(page_link_to("start")); +/** + * @return bool + */ +function guest_logout() +{ + session()->invalidate(); + redirect(page_link_to('start')); + return true; } -function guest_login() { - $nick = ""; - - unset($_SESSION['uid']); - $valid = true; - - if (isset($_REQUEST['submit'])) { - - if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 0) { - $nick = User_validate_Nick($_REQUEST['nick']); - $login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "'"); - if (count($login_user) > 0) { - $login_user = $login_user[0]; - if (isset($_REQUEST['password'])) { - if (! verify_password($_REQUEST['password'], $login_user['Passwort'], $login_user['UID'])) { - $valid = false; - error(_("Your password is incorrect. Please try it again.")); - } +/** + * @return string + */ +function guest_login() +{ + $nick = ''; + $request = request(); + $session = session(); + $valid = true; + + $session->remove('uid'); + + if ($request->has('submit')) { + if ($request->has('nick') && strlen(User_validate_Nick($request->input('nick'))) > 0) { + $nick = User_validate_Nick($request->input('nick')); + $login_user = DB::selectOne('SELECT * FROM `User` WHERE `Nick`=?', [$nick]); + if (!empty($login_user)) { + if ($request->has('password')) { + if (!verify_password($request->postData('password'), $login_user['Passwort'], $login_user['UID'])) { + $valid = false; + error(_('Your password is incorrect. Please try it again.')); + } + } else { + $valid = false; + error(_('Please enter a password.')); + } + } else { + $valid = false; + error(_('No user was found with that Nickname. Please try again. If you are still having problems, ask a Dispatcher.')); + } } else { - $valid = false; - error(_("Please enter a password.")); + $valid = false; + error(_('Please enter a nickname.')); + } + + if ($valid && !empty($login_user)) { + $session->set('uid', $login_user['UID']); + $session->set('locale', $login_user['Sprache']); + + redirect(page_link_to('news')); } - } else { - $valid = false; - error(_("No user was found with that Nickname. Please try again. If you are still having problems, ask a Dispatcher.")); - } - } else { - $valid = false; - error(_("Please enter a nickname.")); - } - - if ($valid) { - $_SESSION['uid'] = $login_user['UID']; - $_SESSION['locale'] = $login_user['Sprache']; - - redirect(page_link_to('news')); } - } - - $event_config = EventConfig(); - - return page([ - div('col-md-12', [ - div('row', [ - EventConfig_countdown_page($event_config) - ]), - div('row', [ - div('col-sm-6 col-sm-offset-3 col-md-4 col-md-offset-4', [ - div('panel panel-primary first', [ - div('panel-heading', [ - '<span class="icon-icon_angel"></span> ' . _("Login") - ]), - div('panel-body', [ - msg(), - form([ - form_text_placeholder('nick', _("Nick"), $nick), - form_password_placeholder('password', _("Password")), - form_submit('submit', _("Login")), - ! $valid ? buttons([ - button(page_link_to('user_password_recovery'), _("I forgot my password")) - ]) : '' - ]) - ]), - div('panel-footer', [ - glyph('info-sign') . _("Please note: You have to activate cookies!") - ]) - ]) - ]) - ]), - div('row', [ - div('col-sm-6 text-center', [ - heading(register_title(), 2), - get_register_hint() - ]), - div('col-sm-6 text-center', [ - heading(_("What can I do?"), 2), - '<p>' . _("Please read about the jobs you can do to help us.") . '</p>', - buttons([ - button(page_link_to('angeltypes') . '&action=about', _("Teams/Job description") . ' »') - ]) - ]) - ]) - ]) - ]); -} -function get_register_hint() { - global $privileges; - - if (in_array('register', $privileges)) { - return join('', [ - '<p>' . _("Please sign up, if you want to help us!") . '</p>', - buttons([ - button(page_link_to('register'), register_title() . ' »') - ]) + $event_config = EventConfig(); + + return page([ + div('col-md-12', [ + div('row', [ + EventConfig_countdown_page($event_config) + ]), + div('row', [ + div('col-sm-6 col-sm-offset-3 col-md-4 col-md-offset-4', [ + div('panel panel-primary first', [ + div('panel-heading', [ + '<span class="icon-icon_angel"></span> ' . _('Login') + ]), + div('panel-body', [ + msg(), + form([ + form_text_placeholder('nick', _('Nick'), $nick), + form_password_placeholder('password', _('Password')), + form_submit('submit', _('Login')), + !$valid ? buttons([ + button(page_link_to('user_password_recovery'), _('I forgot my password')) + ]) : '' + ]) + ]), + div('panel-footer', [ + glyph('info-sign') . _('Please note: You have to activate cookies!') + ]) + ]) + ]) + ]), + div('row', [ + div('col-sm-6 text-center', [ + heading(register_title(), 2), + get_register_hint() + ]), + div('col-sm-6 text-center', [ + heading(_('What can I do?'), 2), + '<p>' . _('Please read about the jobs you can do to help us.') . '</p>', + buttons([ + button( + page_link_to('angeltypes', ['action' => 'about']), + _('Teams/Job description') . ' »' + ) + ]) + ]) + ]) + ]) ]); - } - - //FIXME: return error(_("Registration is disabled."), true); - return error("Registration is <a href='https://engelsystem.de/33c3/overwhelmed.html'>disabled</a>.", true); } -?> + +/** + * @return string + */ +function get_register_hint() +{ + global $privileges; + + if (in_array('register', $privileges) && config('registration_enabled')) { + return join('', [ + '<p>' . _('Please sign up, if you want to help us!') . '</p>', + buttons([ + button(page_link_to('register'), register_title() . ' »') + ]) + ]); + } + + return error(_('Registration is disabled.'), true); +} diff --git a/includes/pages/guest_start.php b/includes/pages/guest_start.php index 8f008a8d..4cd2fa42 100644 --- a/includes/pages/guest_start.php +++ b/includes/pages/guest_start.php @@ -1,5 +1,6 @@ <?php -function guest_start() { - redirect(page_link_to('login')); +function guest_start() +{ + redirect(page_link_to('login')); + return true; } -?>
\ No newline at end of file diff --git a/includes/pages/guest_stats.php b/includes/pages/guest_stats.php index 71fde137..bf1814a3 100644 --- a/includes/pages/guest_stats.php +++ b/includes/pages/guest_stats.php @@ -1,35 +1,48 @@ <?php -function guest_stats() { - global $api_key; - - if (isset($_REQUEST['api_key'])) { - if ($_REQUEST['api_key'] == $api_key) { - $stats = []; - - list($user_count) = sql_select("SELECT count(*) as `user_count` FROM `User`"); - $stats['user_count'] = $user_count['user_count']; - - list($arrived_user_count) = sql_select("SELECT count(*) as `user_count` FROM `User` WHERE `Gekommen`=1"); - $stats['arrived_user_count'] = $arrived_user_count['user_count']; - - $done_shifts_seconds = sql_select_single_cell("SELECT SUM(`Shifts`.`end` - `Shifts`.`start`) FROM `ShiftEntry` JOIN `Shifts` USING (`SID`) WHERE `Shifts`.`end` < UNIX_TIMESTAMP()"); - $stats['done_work_hours'] = round($done_shifts_seconds / (60 * 60), 0); - - $users_in_action = sql_select("SELECT `Shifts`.`start`, `Shifts`.`end` FROM `ShiftEntry` JOIN `Shifts` ON `Shifts`.`SID`=`ShiftEntry`.`SID` WHERE UNIX_TIMESTAMP() BETWEEN `Shifts`.`start` AND `Shifts`.`end`"); - $stats['users_in_action'] = count($users_in_action); - - header("Content-Type: application/json"); - raw_output(json_encode($stats)); - return; +use Engelsystem\Database\DB; + +function guest_stats() +{ + $apiKey = config('api_key'); + $request = request(); + + if ($request->has('api_key')) { + if (!empty($apiKey) && $request->input('api_key') == $apiKey) { + $stats = []; + + list($user_count) = DB::select('SELECT count(*) AS `user_count` FROM `User`'); + $stats['user_count'] = $user_count['user_count']; + + list($arrived_user_count) = DB::select('SELECT count(*) AS `user_count` FROM `User` WHERE `Gekommen`=1'); + $stats['arrived_user_count'] = $arrived_user_count['user_count']; + + $done_shifts_seconds = DB::selectOne(' + SELECT SUM(`Shifts`.`end` - `Shifts`.`start`) + FROM `ShiftEntry` + JOIN `Shifts` USING (`SID`) + WHERE `Shifts`.`end` < UNIX_TIMESTAMP() + '); + $done_shifts_seconds = (int)array_shift($done_shifts_seconds); + $stats['done_work_hours'] = round($done_shifts_seconds / (60 * 60), 0); + + $users_in_action = DB::select(' + SELECT `Shifts`.`start`, `Shifts`.`end` + FROM `ShiftEntry` + JOIN `Shifts` ON `Shifts`.`SID`=`ShiftEntry`.`SID` + WHERE UNIX_TIMESTAMP() BETWEEN `Shifts`.`start` AND `Shifts`.`end` + '); + $stats['users_in_action'] = count($users_in_action); + + header('Content-Type: application/json'); + raw_output(json_encode($stats)); + return; + } + raw_output(json_encode([ + 'error' => 'Wrong api_key.' + ])); } raw_output(json_encode([ - 'error' => "Wrong api_key." + 'error' => 'Missing parameter api_key.' ])); - } - raw_output(json_encode([ - 'error' => "Missing parameter api_key." - ])); } - -?> diff --git a/includes/pages/user_atom.php b/includes/pages/user_atom.php index 9a765634..c9d9398e 100644 --- a/includes/pages/user_atom.php +++ b/includes/pages/user_atom.php @@ -1,51 +1,76 @@ <?php -// publically available page to feed the news to feedreaders -function user_atom() { - global $user, $DISPLAY_NEWS; - - if (! isset($_REQUEST['key']) || ! preg_match("/^[0-9a-f]{32}$/", $_REQUEST['key'])) { - engelsystem_error("Missing key."); - } - $key = $_REQUEST['key']; - - $user = User_by_api_key($key); - if ($user == null) { - engelsystem_error("Key invalid."); - } - if (! in_array('atom', privileges_for_user($user['UID']))) { - engelsystem_error("No privilege for atom."); - } - - $news = sql_select("SELECT * FROM `News` " . (empty($_REQUEST['meetings']) ? '' : 'WHERE `Treffen` = 1 ') . "ORDER BY `ID` DESC LIMIT " . sql_escape($DISPLAY_NEWS)); - - $output = make_atom_entries_from_news($news); - - header('Content-Type: application/atom+xml; charset=utf-8'); - header("Content-Length: " . strlen($output)); - raw_output($output); +use Engelsystem\Database\DB; + +/** + * Publically available page to feed the news to feed readers + */ +function user_atom() +{ + global $user; + $request = request(); + + if (!$request->has('key') || !preg_match('/^[\da-f]{32}$/', $request->input('key'))) { + engelsystem_error('Missing key.'); + } + $key = $request->input('key'); + + $user = User_by_api_key($key); + if ($user == null) { + engelsystem_error('Key invalid.'); + } + if (!in_array('atom', privileges_for_user($user['UID']))) { + engelsystem_error('No privilege for atom.'); + } + + $news = DB::select(' + SELECT * + FROM `News` + ' . (!$request->has('meetings') ? '' : 'WHERE `Treffen` = 1 ') . ' + ORDER BY `ID` + DESC LIMIT ' . (int)config('display_news') + ); + + $output = make_atom_entries_from_news($news); + + header('Content-Type: application/atom+xml; charset=utf-8'); + header('Content-Length: ' . strlen($output)); + raw_output($output); } -function make_atom_entries_from_news($news_entries) { - $html = '<?xml version="1.0" encoding="utf-8"?> +/** + * @param array[] $news_entries + * @return string + */ +function make_atom_entries_from_news($news_entries) +{ + $request = app('request'); + $html = '<?xml version="1.0" encoding="utf-8"?> <feed xmlns="http://www.w3.org/2005/Atom"> <title>Engelsystem</title> - <id>' . $_SERVER['HTTP_HOST'] . htmlspecialchars(preg_replace('#[&?]key=[a-f0-9]{32}#', '', $_SERVER['REQUEST_URI'])) . '</id> - <updated>' . date('Y-m-d\TH:i:sP', $news_entries[0]['Datum']) . "</updated>\n"; - foreach ($news_entries as $news_entry) { - $html .= make_atom_entry_from_news($news_entry); - } - $html .= "</feed>"; - return $html; + <id>' . $request->getHttpHost() + . htmlspecialchars(preg_replace( + '#[&?]key=[a-f\d]{32}#', + '', + $request->getRequestUri() + )) + . '</id> + <updated>' . date('Y-m-d\TH:i:sP', $news_entries[0]['Datum']) . '</updated>' . "\n"; + foreach ($news_entries as $news_entry) { + $html .= make_atom_entry_from_news($news_entry); + } + $html .= '</feed>'; + return $html; } -function make_atom_entry_from_news($news_entry) { - return " <entry> - <title>" . htmlspecialchars($news_entry['Betreff']) . "</title> - <link href=\"" . page_link_to_absolute("news_comments&nid=") . "${news_entry['ID']}\"/> - <id>" . preg_replace('#^https?://#', '', page_link_to_absolute("news")) . "-${news_entry['ID']}</id> - <updated>" . date('Y-m-d\TH:i:sP', $news_entry['Datum']) . "</updated> - <summary type=\"html\">" . htmlspecialchars($news_entry['Text']) . "</summary> - </entry>\n"; +function make_atom_entry_from_news($news_entry) +{ + return ' + <entry> + <title>' . htmlspecialchars($news_entry['Betreff']) . '</title> + <link href="' . page_link_to('news_comments', ['nid' => $news_entry['ID']]) . '"/> + <id>' . preg_replace('#^https?://#', '', page_link_to('news_comments', ['nid' => $news_entry['ID']])) . '</id> + <updated>' . date('Y-m-d\TH:i:sP', $news_entry['Datum']) . '</updated> + <summary>' . htmlspecialchars($news_entry['Text']) . '</summary> + </entry>' . "\n"; } -?> diff --git a/includes/pages/user_ical.php b/includes/pages/user_ical.php index 34860b70..8d22c4eb 100644 --- a/includes/pages/user_ical.php +++ b/includes/pages/user_ical.php @@ -3,61 +3,67 @@ /** * Controller for ical output of users own shifts or any user_shifts filter. */ -function user_ical() { - global $user; - - if (! isset($_REQUEST['key']) || ! preg_match("/^[0-9a-f]{32}$/", $_REQUEST['key'])) { - engelsystem_error("Missing key."); - } - $key = $_REQUEST['key']; - - $user = User_by_api_key($key); - if ($user == null) { - engelsystem_error("Key invalid."); - } - - if (! in_array('ical', privileges_for_user($user['UID']))) { - engelsystem_error("No privilege for ical."); - } - - $ical_shifts = load_ical_shifts(); - - send_ical_from_shifts($ical_shifts); +function user_ical() +{ + global $user; + $request = request(); + + if (!$request->has('key') || !preg_match('/^[\da-f]{32}$/', $request->input('key'))) { + engelsystem_error('Missing key.'); + } + $key = $request->input('key'); + + $user = User_by_api_key($key); + if ($user == null) { + engelsystem_error('Key invalid.'); + } + + if (!in_array('ical', privileges_for_user($user['UID']))) { + engelsystem_error('No privilege for ical.'); + } + + $ical_shifts = load_ical_shifts(); + + send_ical_from_shifts($ical_shifts); } /** * Renders an ical calender from given shifts array. * - * @param array<Shift> $shifts + * @param array <Shift> $shifts */ -function send_ical_from_shifts($shifts) { - header("Content-Type: text/calendar; charset=utf-8"); - $output = "BEGIN:VCALENDAR\r\nVERSION:2.0\r\nPRODID:-//-//Engelsystem//DE\r\nCALSCALE:GREGORIAN\r\n"; - foreach ($shifts as $shift) { - $output .= make_ical_entry_from_shift($shift); - } - $output .= "END:VCALENDAR\r\n"; - $output = trim($output, "\x0A"); - header("Content-Length: " . strlen($output)); - raw_output($output); +function send_ical_from_shifts($shifts) +{ + header('Content-Type: text/calendar; charset=utf-8'); + header('Content-Disposition: attachment; filename=shifts.ics'); + $output = "BEGIN:VCALENDAR\r\nVERSION:2.0\r\nPRODID:-//-//Engelsystem//DE\r\nCALSCALE:GREGORIAN\r\n"; + foreach ($shifts as $shift) { + $output .= make_ical_entry_from_shift($shift); + } + $output .= "END:VCALENDAR\r\n"; + $output = trim($output, "\x0A"); + header('Content-Length: ' . strlen($output)); + raw_output($output); } /** * Renders an ical vevent from given shift. * - * @param Shift $shift + * @param array $shift + * @return string */ -function make_ical_entry_from_shift($shift) { - $output = "BEGIN:VEVENT\r\n"; - $output .= "UID:" . md5($shift['start'] . $shift['end'] . $shift['name']) . "\r\n"; - $output .= "SUMMARY:" . str_replace("\n", "\\n", $shift['name']) . " (" . str_replace("\n", "\\n", $shift['title']) . ")\r\n"; - if (isset($shift['Comment'])) { - $output .= "DESCRIPTION:" . str_replace("\n", "\\n", $shift['Comment']) . "\r\n"; - } - $output .= "DTSTART;TZID=Europe/Berlin:" . date("Ymd\THis", $shift['start']) . "\r\n"; - $output .= "DTEND;TZID=Europe/Berlin:" . date("Ymd\THis", $shift['end']) . "\r\n"; - $output .= "LOCATION:" . $shift['Name'] . "\r\n"; - $output .= "END:VEVENT\r\n"; - return $output; +function make_ical_entry_from_shift($shift) +{ + $output = "BEGIN:VEVENT\r\n"; + $output .= 'UID:' . md5($shift['start'] . $shift['end'] . $shift['name']) . "\r\n"; + $output .= 'SUMMARY:' . str_replace("\n", "\\n", $shift['name']) + . ' (' . str_replace("\n", "\\n", $shift['title']) . ")\r\n"; + if (isset($shift['Comment'])) { + $output .= 'DESCRIPTION:' . str_replace("\n", "\\n", $shift['Comment']) . "\r\n"; + } + $output .= 'DTSTART;TZID=Europe/Berlin:' . date("Ymd\THis", $shift['start']) . "\r\n"; + $output .= 'DTEND;TZID=Europe/Berlin:' . date("Ymd\THis", $shift['end']) . "\r\n"; + $output .= 'LOCATION:' . $shift['Name'] . "\r\n"; + $output .= "END:VEVENT\r\n"; + return $output; } -?> diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php index eb07deea..06ae7e75 100644 --- a/includes/pages/user_messages.php +++ b/includes/pages/user_messages.php @@ -1,131 +1,182 @@ <?php -function messages_title() { - return _("Messages"); -} +use Engelsystem\Database\DB; -function user_unread_messages() { - global $user; - - if (isset($user)) { - $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`='" . sql_escape($user['UID']) . "'"); - if ($new_messages > 0) { - return ' <span class="badge danger">' . $new_messages . '</span>'; - } - } - return ''; +/** + * @return string + */ +function messages_title() +{ + return _('Messages'); } -function user_messages() { - global $user; - - if (! isset($_REQUEST['action'])) { - $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`='" . sql_escape($user['UID']) . "' ORDER BY `Nick`"); - - $to_select_data = [ - "" => _("Select recipient...") - ]; - - foreach ($users as $u) { - $to_select_data[$u['UID']] = $u['Nick']; - } - - $to_select = html_select_key('to', 'to', $to_select_data, ''); - - $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`='" . sql_escape($user['UID']) . "' OR `RUID`='" . sql_escape($user['UID']) . "' ORDER BY `isRead`,`Datum` DESC"); - - $messages_table = [ - [ - 'news' => '', - 'timestamp' => date("Y-m-d H:i"), - 'from' => User_Nick_render($user), - 'to' => $to_select, - 'text' => form_textarea('text', '', ''), - 'actions' => form_submit('submit', _("Save")) - ] - ]; - - foreach ($messages as $message) { - $sender_user_source = User($message['SUID']); - $receiver_user_source = User($message['RUID']); - - $messages_table_entry = [ - 'new' => $message['isRead'] == 'N' ? '<span class="glyphicon glyphicon-envelope"></span>' : '', - 'timestamp' => date("Y-m-d H:i", $message['Datum']), - 'from' => User_Nick_render($sender_user_source), - 'to' => User_Nick_render($receiver_user_source), - 'text' => str_replace("\n", '<br />', $message['Text']) - ]; - - if ($message['RUID'] == $user['UID']) { - if ($message['isRead'] == 'N') { - $messages_table_entry['actions'] = button(page_link_to("user_messages") . '&action=read&id=' . $message['id'], _("mark as read"), 'btn-xs'); +/** + * @return string + */ +function user_unread_messages() +{ + global $user; + + if (isset($user)) { + $new_messages = count(DB::select( + 'SELECT `id` FROM `Messages` WHERE isRead=\'N\' AND `RUID`=?', + [$user['UID']] + )); + if ($new_messages > 0) { + return ' <span class="badge danger">' . $new_messages . '</span>'; } - } else { - $messages_table_entry['actions'] = button(page_link_to("user_messages") . '&action=delete&id=' . $message['id'], _("delete message"), 'btn-xs'); - } - $messages_table[] = $messages_table_entry; } - - return page_with_title(messages_title(), [ - msg(), - sprintf(_("Hello %s, here can you leave messages for other angels"), User_Nick_render($user)), - form([ - table([ - 'new' => _("New"), - 'timestamp' => _("Date"), - 'from' => _("Transmitted"), - 'to' => _("Recipient"), - 'text' => _("Message"), - 'actions' => '' - ], $messages_table) - ], page_link_to('user_messages') . '&action=send') - ]); - } else { - switch ($_REQUEST['action']) { - case "read": - if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) { - $message_id = $_REQUEST['id']; - } else { - return error(_("Incomplete call, missing Message ID."), true); - } - - $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1"); - if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) { - sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1"); - redirect(page_link_to("user_messages")); - } else { - return error(_("No Message found."), true); - } - break; - - case "delete": - if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) { - $message_id = $_REQUEST['id']; - } else { - return error(_("Incomplete call, missing Message ID."), true); + return ''; +} + +/** + * @return string + */ +function user_messages() +{ + global $user; + $request = request(); + + if (!$request->has('action')) { + $users = DB::select( + 'SELECT `UID`, `Nick` FROM `User` WHERE NOT `UID`=? ORDER BY `Nick`', + [$user['UID']] + ); + + $to_select_data = [ + '' => _('Select recipient...') + ]; + + foreach ($users as $u) { + $to_select_data[$u['UID']] = $u['Nick']; } - - $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1"); - if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) { - sql_query("DELETE FROM `Messages` WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1"); - redirect(page_link_to("user_messages")); - } else { - return error(_("No Message found."), true); + + $to_select = html_select_key('to', 'to', $to_select_data, ''); + + $messages = DB::select(' + SELECT * + FROM `Messages` + WHERE `SUID`=? + OR `RUID`=? + ORDER BY `isRead`,`Datum` DESC + ', + [ + $user['UID'], + $user['UID'], + ] + ); + + $messages_table = [ + [ + 'news' => '', + 'timestamp' => date('Y-m-d H:i'), + 'from' => User_Nick_render($user), + 'to' => $to_select, + 'text' => form_textarea('text', '', ''), + 'actions' => form_submit('submit', _('Save')) + ] + ]; + + foreach ($messages as $message) { + $sender_user_source = User($message['SUID']); + $receiver_user_source = User($message['RUID']); + + $messages_table_entry = [ + 'new' => $message['isRead'] == 'N' ? '<span class="glyphicon glyphicon-envelope"></span>' : '', + 'timestamp' => date('Y-m-d H:i', $message['Datum']), + 'from' => User_Nick_render($sender_user_source), + 'to' => User_Nick_render($receiver_user_source), + 'text' => str_replace("\n", '<br />', $message['Text']) + ]; + + if ($message['RUID'] == $user['UID']) { + if ($message['isRead'] == 'N') { + $messages_table_entry['actions'] = button( + page_link_to('user_messages', ['action' => 'read', 'id' => $message['id']]), + _('mark as read'), + 'btn-xs' + ); + } + } else { + $messages_table_entry['actions'] = button( + page_link_to('user_messages', ['action' => 'delete', 'id' => $message['id']]), + _('delete message'), + 'btn-xs' + ); + } + $messages_table[] = $messages_table_entry; } - break; - - case "send": - if (Message_send($_REQUEST['to'], $_REQUEST['text']) === true) { - redirect(page_link_to("user_messages")); - } else { - return error(_("Transmitting was terminated with an Error."), true); + + return page_with_title(messages_title(), [ + msg(), + sprintf(_('Hello %s, here can you leave messages for other angels'), User_Nick_render($user)), + form([ + table([ + 'new' => _('New'), + 'timestamp' => _('Date'), + 'from' => _('Transmitted'), + 'to' => _('Recipient'), + 'text' => _('Message'), + 'actions' => '' + ], $messages_table) + ], page_link_to('user_messages', ['action' => 'send'])) + ]); + } else { + switch ($request->input('action')) { + case 'read': + if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) { + $message_id = $request->input('id'); + } else { + return error(_('Incomplete call, missing Message ID.'), true); + } + + $message = DB::selectOne( + 'SELECT `RUID` FROM `Messages` WHERE `id`=? LIMIT 1', + [$message_id] + ); + if (!empty($message) && $message['RUID'] == $user['UID']) { + DB::update( + 'UPDATE `Messages` SET `isRead`=\'Y\' WHERE `id`=? LIMIT 1', + [$message_id] + ); + redirect(page_link_to('user_messages')); + } else { + return error(_('No Message found.'), true); + } + break; + + case 'delete': + if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) { + $message_id = $request->input('id'); + } else { + return error(_('Incomplete call, missing Message ID.'), true); + } + + $message = DB::selectOne( + 'SELECT `SUID` FROM `Messages` WHERE `id`=? LIMIT 1', + [$message_id] + ); + if (!empty($message) && $message['SUID'] == $user['UID']) { + DB::delete('DELETE FROM `Messages` WHERE `id`=? LIMIT 1', [$message_id]); + redirect(page_link_to('user_messages')); + } else { + return error(_('No Message found.'), true); + } + break; + + case 'send': + // @TODO: Validation? + if (Message_send($request->input('to'), $request->input('text'))) { + redirect(page_link_to('user_messages')); + } else { + return error(_('Transmitting was terminated with an Error.'), true); + } + break; + + default: + return error(_('Wrong action.'), true); } - break; - - default: - return error(_("Wrong action."), true); } - } + + return ''; } -?> diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php index 3cf0c571..836bd566 100644 --- a/includes/pages/user_myshifts.php +++ b/includes/pages/user_myshifts.php @@ -1,118 +1,169 @@ <?php -function myshifts_title() { - return _("My shifts"); +use Engelsystem\Database\DB; + +/** + * @return string + */ +function myshifts_title() +{ + return _('My shifts'); } -// Zeigt die Schichten an, die ein Benutzer belegt -function user_myshifts() { - global $LETZTES_AUSTRAGEN; - global $user, $privileges; - - if (isset($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($_REQUEST['id']) . "'") > 0) { - $user_id = $_REQUEST['id']; - } else { - $user_id = $user['UID']; - } - - list($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1"); - - if (isset($_REQUEST['reset'])) { - if ($_REQUEST['reset'] == "ack") { - User_reset_api_key($user); - success(_("Key changed.")); - redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']); +/** + * Zeigt die Schichten an, die ein Benutzer belegt + * + * @return string + */ +function user_myshifts() +{ + global $user, $privileges; + $request = request(); + + if ( + $request->has('id') + && in_array('user_shifts_admin', $privileges) + && preg_match('/^\d{1,}$/', $request->input('id')) + && count(DB::select('SELECT `UID` FROM `User` WHERE `UID`=?', [$request->input('id')])) > 0 + ) { + $user_id = $request->input('id'); + } else { + $user_id = $user['UID']; } - return page_with_title(_("Reset API key"), [ - error(_("If you reset the key, the url to your iCal- and JSON-export and your atom feed changes! You have to update it in every application using one of these exports."), true), - button(page_link_to('user_myshifts') . '&reset=ack', _("Continue"), 'btn-danger') - ]); - } elseif (isset($_REQUEST['edit']) && preg_match("/^[0-9]*$/", $_REQUEST['edit'])) { - $user_id = $_REQUEST['edit']; - $shift = sql_select("SELECT - `ShiftEntry`.`freeloaded`, - `ShiftEntry`.`freeload_comment`, - `ShiftEntry`.`Comment`, - `ShiftEntry`.`UID`, - `ShiftTypes`.`name`, - `Shifts`.*, - `Room`.`Name`, - `AngelTypes`.`name` as `angel_type` - FROM `ShiftEntry` - JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) - JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) - JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`) - JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) - WHERE `ShiftEntry`.`id`='" . sql_escape($user_id) . "' - AND `UID`='" . sql_escape($shifts_user['UID']) . "' LIMIT 1"); - if (count($shift) > 0) { - $shift = $shift[0]; - $freeloaded = $shift['freeloaded']; - $freeload_comment = $shift['freeload_comment']; - - if (isset($_REQUEST['submit'])) { - $valid = true; - if (in_array("user_shifts_admin", $privileges)) { - $freeloaded = isset($_REQUEST['freeloaded']); - $freeload_comment = strip_request_item_nl('freeload_comment'); - if ($freeloaded && $freeload_comment == '') { - $valid = false; - error(_("Please enter a freeload comment!")); - } + + $shifts_user = DB::selectOne('SELECT * FROM `User` WHERE `UID`=? LIMIT 1', [$user_id]); + + if ($request->has('reset')) { + if ($request->input('reset') == 'ack') { + User_reset_api_key($user); + success(_('Key changed.')); + redirect(page_link_to('users', ['action' => 'view', 'user_id' => $shifts_user['UID']])); } - - $comment = strip_request_item_nl('comment'); - $user_source = User($shift['UID']); - - if ($valid) { - $result = ShiftEntry_update([ - 'id' => $user_id, - 'Comment' => $comment, - 'freeloaded' => $freeloaded, - 'freeload_comment' => $freeload_comment - ]); - if ($result === false) { - engelsystem_error('Unable to update shift entry.'); - } - - engelsystem_log("Updated " . User_Nick_render($user_source) . "'s shift " . $shift['name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']) . " with comment " . $comment . ". Freeloaded: " . ($freeloaded ? "YES Comment: " . $freeload_comment : "NO")); - success(_("Shift saved.")); - redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']); + return page_with_title(_('Reset API key'), [ + error( + _('If you reset the key, the url to your iCal- and JSON-export and your atom feed changes! You have to update it in every application using one of these exports.'), + true + ), + button(page_link_to('user_myshifts', ['reset' => 'ack']), _('Continue'), 'btn-danger') + ]); + } elseif ($request->has('edit') && preg_match('/^\d+$/', $request->input('edit'))) { + $user_id = $request->input('edit'); + $shift = DB::selectOne(' + SELECT + `ShiftEntry`.`freeloaded`, + `ShiftEntry`.`freeload_comment`, + `ShiftEntry`.`Comment`, + `ShiftEntry`.`UID`, + `ShiftTypes`.`name`, + `Shifts`.*, + `Room`.`Name`, + `AngelTypes`.`name` AS `angel_type` + FROM `ShiftEntry` + JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) + JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) + JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`) + JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) + WHERE `ShiftEntry`.`id`=? + AND `UID`=? + LIMIT 1 + ', + [ + $user_id, + $shifts_user['UID'], + ] + ); + if (count($shift) > 0) { + $freeloaded = $shift['freeloaded']; + $freeload_comment = $shift['freeload_comment']; + + if ($request->has('submit')) { + $valid = true; + if (in_array('user_shifts_admin', $privileges)) { + $freeloaded = $request->has('freeloaded'); + $freeload_comment = strip_request_item_nl('freeload_comment'); + if ($freeloaded && $freeload_comment == '') { + $valid = false; + error(_('Please enter a freeload comment!')); + } + } + + $comment = strip_request_item_nl('comment'); + $user_source = User($shift['UID']); + + if ($valid) { + ShiftEntry_update([ + 'id' => $user_id, + 'Comment' => $comment, + 'freeloaded' => $freeloaded, + 'freeload_comment' => $freeload_comment + ]); + + engelsystem_log( + 'Updated ' . User_Nick_render($user_source) . '\'s shift ' . $shift['name'] + . ' from ' . date('Y-m-d H:i', $shift['start']) + . ' to ' . date('Y-m-d H:i', $shift['end']) + . ' with comment ' . $comment + . '. Freeloaded: ' . ($freeloaded ? 'YES Comment: ' . $freeload_comment : 'NO') + ); + success(_('Shift saved.')); + redirect(page_link_to('users', ['action' => 'view', 'user_id' => $shifts_user['UID']])); + } + } + + return ShiftEntry_edit_view( + User_Nick_render($shifts_user), + date('Y-m-d H:i', $shift['start']) . ', ' . shift_length($shift), + $shift['Name'], + $shift['name'], + $shift['angel_type'], + $shift['Comment'], + $shift['freeloaded'], + $shift['freeload_comment'], + in_array('user_shifts_admin', $privileges) + ); + } else { + redirect(page_link_to('user_myshifts')); } - } - - return ShiftEntry_edit_view(User_Nick_render($shifts_user), date("Y-m-d H:i", $shift['start']) . ', ' . shift_length($shift), $shift['Name'], $shift['name'], $shift['angel_type'], $shift['Comment'], $shift['freeloaded'], $shift['freeload_comment'], in_array("user_shifts_admin", $privileges)); - } else { - redirect(page_link_to('user_myshifts')); - } - } elseif (isset($_REQUEST['cancel']) && preg_match("/^[0-9]*$/", $_REQUEST['cancel'])) { - $user_id = $_REQUEST['cancel']; - $shift = sql_select(" - SELECT * - FROM `Shifts` - INNER JOIN `ShiftEntry` USING (`SID`) - WHERE `ShiftEntry`.`id`='" . sql_escape($user_id) . "' AND `UID`='" . sql_escape($shifts_user['UID']) . "'"); - if (count($shift) > 0) { - $shift = $shift[0]; - if (($shift['start'] > time() + $LETZTES_AUSTRAGEN * 3600) || in_array('user_shifts_admin', $privileges)) { - $result = ShiftEntry_delete($user_id); - if ($result === false) { - engelsystem_error('Unable to delete shift entry.'); + } elseif ($request->has('cancel') && preg_match('/^\d+$/', $request->input('cancel'))) { + $user_id = $request->input('cancel'); + $shift = DB::selectOne(' + SELECT * + FROM `Shifts` + INNER JOIN `ShiftEntry` USING (`SID`) + WHERE `ShiftEntry`.`id`=? AND `UID`=? + ', + [ + $user_id, + $shifts_user['UID'], + ] + ); + if (count($shift) > 0) { + if ( + ($shift['start'] > time() + config('last_unsubscribe') * 3600) + || in_array('user_shifts_admin', $privileges) + ) { + ShiftEntry_delete($user_id); + + $room = Room($shift['RID']); + $angeltype = AngelType($shift['TID']); + $shifttype = ShiftType($shift['shifttype_id']); + + engelsystem_log( + 'Deleted own shift: ' . $shifttype['name'] + . ' at ' . $room['Name'] + . ' from ' . date('Y-m-d H:i', $shift['start']) + . ' to ' . date('Y-m-d H:i', $shift['end']) + . ' as ' . $angeltype['name'] + ); + success(_('Shift canceled.')); + } else { + error(_('It\'s too late to sign yourself off the shift. If neccessary, ask the dispatcher to do so.')); + } + } else { + redirect(user_link($shifts_user)); } - $room = Room($shift['RID']); - $angeltype = AngelType($shift['TID']); - $shifttype = ShiftType($shift['shifttype_id']); - - engelsystem_log("Deleted own shift: " . $shifttype['name'] . " at " . $room['Name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']) . " as " . $angeltype['name']); - success(_("Shift canceled.")); - } else { - error(_("It's too late to sign yourself off the shift. If neccessary, ask the dispatcher to do so.")); - } - } else { - redirect(user_link($shifts_user)); } - } - - redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']); + + redirect(page_link_to('users', ['action' => 'view', 'user_id' => $shifts_user['UID']])); + return ''; } -?> diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php index 97f7ec83..b51b0a4c 100644 --- a/includes/pages/user_news.php +++ b/includes/pages/user_news.php @@ -1,169 +1,261 @@ <?php -function user_news_comments_title() { - return _("News comments"); +use Engelsystem\Database\DB; + +/** + * @return string + */ +function user_news_comments_title() +{ + return _('News comments'); } -function news_title() { - return _("News"); +/** + * @return string + */ +function news_title() +{ + return _('News'); } -function meetings_title() { - return _("Meetings"); +/** + * @return string + */ +function meetings_title() +{ + return _('Meetings'); } -function user_meetings() { - global $DISPLAY_NEWS; - - $html = '<div class="col-md-12"><h1>' . meetings_title() . '</h1>' . msg(); - - if (isset($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page'])) { - $page = $_REQUEST['page']; - } else { - $page = 0; - } - - $news = sql_select("SELECT * FROM `News` WHERE `Treffen`=1 ORDER BY `Datum` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS)); - foreach ($news as $entry) { - $html .= display_news($entry); - } - - $dis_rows = ceil(sql_num_query("SELECT * FROM `News`") / $DISPLAY_NEWS); - $html .= '<div class="text-center">' . '<ul class="pagination">'; - for ($i = 0; $i < $dis_rows; $i ++) { - if (isset($_REQUEST['page']) && $i == $_REQUEST['page']) { - $html .= '<li class="active">'; - } elseif (! isset($_REQUEST['page']) && $i == 0) { - $html .= '<li class="active">'; +/** + * @return string + */ +function user_meetings() +{ + $display_news = config('display_news'); + $html = '<div class="col-md-12"><h1>' . meetings_title() . '</h1>' . msg(); + $request = request(); + + if (preg_match('/^\d{1,}$/', $request->input('page', 0))) { + $page = $request->input('page', 0); } else { - $html .= '<li>'; + $page = 0; + } + + $news = DB::select(sprintf(' + SELECT * + FROM `News` + WHERE `Treffen`=1 + ORDER BY `Datum`DESC + LIMIT %u, %u', + $page * $display_news, + $display_news + )); + foreach ($news as $entry) { + $html .= display_news($entry); } - $html .= '<a href="' . page_link_to("user_meetings") . '&page=' . $i . '">' . ($i + 1) . '</a></li>'; - } - $html .= '</ul></div></div>'; - - return $html; -} -function display_news($news) { - global $privileges, $page; - - $html = ''; - $html .= '<div class="panel' . ($news['Treffen'] == 1 ? ' panel-info' : ' panel-default') . '">'; - $html .= '<div class="panel-heading">'; - $html .= '<h3 class="panel-title">' . ($news['Treffen'] == 1 ? '[Meeting] ' : '') . ReplaceSmilies($news['Betreff']) . '</h3>'; - $html .= '</div>'; - $html .= '<div class="panel-body">' . ReplaceSmilies(nl2br($news['Text'])) . '</div>'; - - $html .= '<div class="panel-footer text-muted">'; - if (in_array("admin_news", $privileges)) { - $html .= '<div class="pull-right">' . button_glyph(page_link_to("admin_news") . '&action=edit&id=' . $news['ID'], 'edit', 'btn-xs') . '</div>'; - } - $html .= '<span class="glyphicon glyphicon-time"></span> ' . date("Y-m-d H:i", $news['Datum']) . ' '; - - $user_source = User($news['UID']); - - $html .= User_Nick_render($user_source); - if ($page != "news_comments") { - $html .= ' <a href="' . page_link_to("news_comments") . '&nid=' . $news['ID'] . '"><span class="glyphicon glyphicon-comment"></span> ' . _("Comments") . ' »</a> <span class="badge">' . sql_num_query("SELECT * FROM `NewsComments` WHERE `Refid`='" . sql_escape($news['ID']) . "'") . '</span>'; - } - $html .= '</div>'; - $html .= '</div>'; - return $html; + $dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news); + $html .= '<div class="text-center">' . '<ul class="pagination">'; + for ($i = 0; $i < $dis_rows; $i++) { + if ($request->has('page') && $i == $request->input('page', 0)) { + $html .= '<li class="active">'; + } elseif (!$request->has('page') && $i == 0) { + $html .= '<li class="active">'; + } else { + $html .= '<li>'; + } + $html .= '<a href="' . page_link_to('user_meetings', ['page' => $i]) . '">' . ($i + 1) . '</a></li>'; + } + $html .= '</ul></div></div>'; + + return $html; } -function user_news_comments() { - global $user; - - $html = '<div class="col-md-12"><h1>' . user_news_comments_title() . '</h1>'; - if (isset($_REQUEST["nid"]) && preg_match("/^[0-9]{1,}$/", $_REQUEST['nid']) && sql_num_query("SELECT * FROM `News` WHERE `ID`='" . sql_escape($_REQUEST['nid']) . "' LIMIT 1") > 0) { - $nid = $_REQUEST["nid"]; - list($news) = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($nid) . "' LIMIT 1"); - if (isset($_REQUEST["text"])) { - $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); - sql_query("INSERT INTO `NewsComments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')"); - engelsystem_log("Created news_comment: " . $text); - $html .= success(_("Entry saved."), true); +/** + * @param array $news + * @return string + */ +function display_news($news) +{ + global $privileges, $page; + + $html = ''; + $html .= '<div class="panel' . ($news['Treffen'] == 1 ? ' panel-info' : ' panel-default') . '">'; + $html .= '<div class="panel-heading">'; + $html .= '<h3 class="panel-title">' . ($news['Treffen'] == 1 ? '[Meeting] ' : '') . ReplaceSmilies($news['Betreff']) . '</h3>'; + $html .= '</div>'; + $html .= '<div class="panel-body">' . ReplaceSmilies(nl2br($news['Text'])) . '</div>'; + + $html .= '<div class="panel-footer text-muted">'; + if (in_array('admin_news', $privileges)) { + $html .= '<div class="pull-right">' + . button_glyph(page_link_to('admin_news', ['action' => 'edit', 'id' => $news['ID']]), 'edit', 'btn-xs') + . '</div>'; } - - $html .= display_news($news); - - $comments = sql_select("SELECT * FROM `NewsComments` WHERE `Refid`='" . sql_escape($nid) . "' ORDER BY 'ID'"); - foreach ($comments as $comment) { - $user_source = User($comment['UID']); - - $html .= '<div class="panel panel-default">'; - $html .= '<div class="panel-body">' . nl2br($comment['Text']) . '</div>'; - $html .= '<div class="panel-footer text-muted">'; - $html .= '<span class="glyphicon glyphicon-time"></span> ' . $comment['Datum'] . ' '; - $html .= User_Nick_render($user_source); - $html .= '</div>'; - $html .= '</div>'; + $html .= '<span class="glyphicon glyphicon-time"></span> ' . date('Y-m-d H:i', $news['Datum']) . ' '; + + $user_source = User($news['UID']); + + $html .= User_Nick_render($user_source); + if ($page != 'news_comments') { + $html .= ' <a href="' . page_link_to('news_comments', ['nid' => $news['ID']]) . '">' + . '<span class="glyphicon glyphicon-comment"></span> ' + . _('Comments') . ' »</a> ' + . '<span class="badge">' + . count(DB::select('SELECT `ID` FROM `NewsComments` WHERE `Refid`=?', [$news['ID']])) + . '</span>'; + } + $html .= '</div>'; + $html .= '</div>'; + return $html; +} + +/** + * @return string + */ +function user_news_comments() +{ + global $user; + + $request = request(); + + $html = '<div class="col-md-12"><h1>' . user_news_comments_title() . '</h1>'; + if ( + $request->has('nid') + && preg_match('/^\d{1,}$/', $request->input('nid')) + && count(DB::select('SELECT `ID` FROM `News` WHERE `ID`=? LIMIT 1', [$request->input('nid')])) > 0 + ) { + $nid = $request->input('nid'); + $news = DB::selectOne('SELECT * FROM `News` WHERE `ID`=? LIMIT 1', [$nid]); + if ($request->has('text')) { + $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($request->input('text'))); + DB::insert(' + INSERT INTO `NewsComments` (`Refid`, `Datum`, `Text`, `UID`) + VALUES (?, ?, ?, ?) + ', + [ + $nid, + date('Y-m-d H:i:s'), + $text, + $user["UID"], + ] + ); + engelsystem_log('Created news_comment: ' . $text); + $html .= success(_('Entry saved.'), true); + } + + $html .= display_news($news); + + $comments = DB::select( + 'SELECT * FROM `NewsComments` WHERE `Refid`=? ORDER BY \'ID\'', + [$nid] + ); + foreach ($comments as $comment) { + $user_source = User($comment['UID']); + + $html .= '<div class="panel panel-default">'; + $html .= '<div class="panel-body">' . nl2br(htmlspecialchars($comment['Text'])) . '</div>'; + $html .= '<div class="panel-footer text-muted">'; + $html .= '<span class="glyphicon glyphicon-time"></span> ' . $comment['Datum'] . ' '; + $html .= User_Nick_render($user_source); + $html .= '</div>'; + $html .= '</div>'; + } + + $html .= '<hr /><h2>' . _('New Comment:') . '</h2>'; + $html .= form([ + form_textarea('text', _('Message'), ''), + form_submit('submit', _('Save')) + ], page_link_to('news_comments', ['nid' => $news['ID']])); + } else { + $html .= _('Invalid request.'); } - - $html .= '<hr /><h2>' . _("New Comment:") . '</h2>'; - $html .= form([ - form_textarea('text', _("Message"), ''), - form_submit('submit', _("Save")) - ], page_link_to('news_comments') . '&nid=' . $news['ID']); - } else { - $html .= _("Invalid request."); - } - - return $html . '</div>'; + + return $html . '</div>'; } -function user_news() { - global $DISPLAY_NEWS, $privileges, $user; - - $html = '<div class="col-md-12"><h1>' . news_title() . '</h1>' . msg(); - - if (isset($_POST["text"]) && isset($_POST["betreff"]) && in_array("admin_news", $privileges)) { - if (! isset($_POST["treffen"]) || ! in_array("admin_news", $privileges)) { - $_POST["treffen"] = 0; +/** + * @return string + */ +function user_news() +{ + global $privileges, $user; + $display_news = config('display_news'); + $request = request(); + + $html = '<div class="col-md-12"><h1>' . news_title() . '</h1>' . msg(); + + $isMeeting = $request->postData('treffen'); + if ($request->has('text') && $request->has('betreff') && in_array('admin_news', $privileges)) { + if (!$request->has('treffen')) { + $isMeeting = 0; + } + + $text = $request->postData('text'); + if (!in_array('admin_news_html', $privileges)) { + $text = strip_tags($text); + } + + DB::insert(' + INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) + VALUES (?, ?, ?, ?, ?) + ', + [ + time(), + strip_tags($request->postData('betreff')), + $text, + $user['UID'], + $isMeeting, + ] + ); + engelsystem_log('Created news: ' . $request->postData('betreff') . ', treffen: ' . $isMeeting); + success(_('Entry saved.')); + redirect(page_link_to('news')); } - sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " . "VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) . "', '" . sql_escape($_POST["treffen"]) . "');"); - engelsystem_log("Created news: " . $_POST["betreff"] . ", treffen: " . $_POST["treffen"]); - success(_("Entry saved.")); - redirect(page_link_to('news')); - } - - if (isset($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page'])) { - $page = $_REQUEST['page']; - } else { - $page = 0; - } - - $news = sql_select("SELECT * FROM `News` ORDER BY `Datum` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS)); - foreach ($news as $entry) { - $html .= display_news($entry); - } - - $dis_rows = ceil(sql_num_query("SELECT * FROM `News`") / $DISPLAY_NEWS); - $html .= '<div class="text-center">' . '<ul class="pagination">'; - for ($i = 0; $i < $dis_rows; $i ++) { - if (isset($_REQUEST['page']) && $i == $_REQUEST['page']) { - $html .= '<li class="active">'; - } elseif (! isset($_REQUEST['page']) && $i == 0) { - $html .= '<li class="active">'; + + if (preg_match('/^\d{1,}$/', $request->input('page', 0))) { + $page = $request->input('page', 0); } else { - $html .= '<li>'; + $page = 0; + } + + $news = DB::select(sprintf(' + SELECT * + FROM `News` + ORDER BY `Datum` + DESC LIMIT %u, %u + ', + $page * $display_news, + $display_news + )); + foreach ($news as $entry) { + $html .= display_news($entry); + } + + $dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news); + $html .= '<div class="text-center">' . '<ul class="pagination">'; + for ($i = 0; $i < $dis_rows; $i++) { + if ($request->has('page') && $i == $request->input('page', 0)) { + $html .= '<li class="active">'; + } elseif (!$request->has('page') && $i == 0) { + $html .= '<li class="active">'; + } else { + $html .= '<li>'; + } + $html .= '<a href="' . page_link_to('news', ['page' => $i]) . '">' . ($i + 1) . '</a></li>'; + } + $html .= '</ul></div>'; + + if (in_array('admin_news', $privileges)) { + $html .= '<hr />'; + $html .= '<h2>' . _('Create news:') . '</h2>'; + + $html .= form([ + form_text('betreff', _('Subject'), ''), + form_textarea('text', _('Message'), ''), + form_checkbox('treffen', _('Meeting'), false, 1), + form_submit('submit', _('Save')) + ]); } - $html .= '<a href="' . page_link_to("news") . '&page=' . $i . '">' . ($i + 1) . '</a></li>'; - } - $html .= '</ul></div>'; - - if (in_array("admin_news", $privileges)) { - $html .= '<hr />'; - $html .= '<h2>' . _("Create news:") . '</h2>'; - - $html .= form([ - form_text('betreff', _("Subject"), ''), - form_textarea('text', _("Message"), ''), - form_checkbox('treffen', _("Meeting"), false, 1), - form_submit('submit', _("Save")) - ]); - } - return $html . '</div>'; + return $html . '</div>'; } -?> diff --git a/includes/pages/user_questions.php b/includes/pages/user_questions.php index 4abceb92..41fbe64d 100644 --- a/includes/pages/user_questions.php +++ b/includes/pages/user_questions.php @@ -1,57 +1,88 @@ <?php -function questions_title() { - return _("Ask the Heaven"); +use Engelsystem\Database\DB; + +/** + * @return string + */ +function questions_title() +{ + return _('Ask the Heaven'); } -function user_questions() { - global $user; - - if (! isset($_REQUEST['action'])) { - $open_questions = sql_select("SELECT * FROM `Questions` WHERE `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'"); - - $answered_questions = sql_select("SELECT * FROM `Questions` WHERE NOT `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'"); - foreach ($answered_questions as &$question) { - $answer_user_source = User($question['AID']); - $question['answer_user'] = User_Nick_render($answer_user_source); - } - - return Questions_view($open_questions, $answered_questions, page_link_to("user_questions") . '&action=ask'); - } else { - switch ($_REQUEST['action']) { - case 'ask': - $question = strip_request_item_nl('question'); - if ($question != "") { - $result = sql_query("INSERT INTO `Questions` SET `UID`='" . sql_escape($user['UID']) . "', `Question`='" . sql_escape($question) . "'"); - if ($result === false) { - engelsystem_error(_("Unable to save question.")); - } - success(_("You question was saved.")); - redirect(page_link_to("user_questions")); - } else { - return page_with_title(questions_title(), [ - error(_("Please enter a question!"), true) - ]); - } - break; - case 'delete': - if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) { - $question_id = $_REQUEST['id']; - } else { - return error(_("Incomplete call, missing Question ID."), true); +/** + * @return string + */ +function user_questions() +{ + global $user; + $request = request(); + + if (!$request->has('action')) { + $open_questions = DB::select( + 'SELECT * FROM `Questions` WHERE `AID` IS NULL AND `UID`=?', + [$user['UID']] + ); + + $answered_questions = DB::select( + 'SELECT * FROM `Questions` WHERE NOT `AID` IS NULL AND `UID`=?', + [$user['UID']] + ); + foreach ($answered_questions as &$question) { + $answer_user_source = User($question['AID']); + $question['answer_user'] = User_Nick_render($answer_user_source); } - - $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($question_id) . "' LIMIT 1"); - if (count($question) > 0 && $question[0]['UID'] == $user['UID']) { - sql_query("DELETE FROM `Questions` WHERE `QID`='" . sql_escape($question_id) . "' LIMIT 1"); - redirect(page_link_to("user_questions")); - } else { - return page_with_title(questions_title(), [ - error(_("No question found."), true) - ]); + + return Questions_view( + $open_questions, + $answered_questions, + page_link_to('user_questions', ['action' => 'ask']) + ); + } else { + switch ($request->input('action')) { + case 'ask': + $question = strip_request_item_nl('question'); + if ($question != '') { + DB::insert(' + INSERT INTO `Questions` (`UID`, `Question`) + VALUES (?, ?) + ', + [$user['UID'], $question] + ); + + success(_('You question was saved.')); + redirect(page_link_to('user_questions')); + } else { + return page_with_title(questions_title(), [ + error(_('Please enter a question!'), true) + ]); + } + break; + case 'delete': + if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) { + $question_id = $request->input('id'); + } else { + return error(_('Incomplete call, missing Question ID.'), true); + } + + $question = DB::selectOne( + 'SELECT `UID` FROM `Questions` WHERE `QID`=? LIMIT 1', + [$question_id] + ); + if (!empty($question) && $question['UID'] == $user['UID']) { + DB::delete( + 'DELETE FROM `Questions` WHERE `QID`=? LIMIT 1', + [$question_id] + ); + redirect(page_link_to('user_questions')); + } else { + return page_with_title(questions_title(), [ + error(_('No question found.'), true) + ]); + } + break; } - break; } - } + + return ''; } -?>
\ No newline at end of file diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php index e776320f..83d593ad 100644 --- a/includes/pages/user_settings.php +++ b/includes/pages/user_settings.php @@ -1,194 +1,254 @@ <?php -function settings_title() { - return _("Settings"); +use Engelsystem\Database\DB; + +/** + * @return string + */ +function settings_title() +{ + return _('Settings'); } /** * Change user main attributes (name, dates, etc.) * - * @param User $user_source - * The user + * @param array $user_source The user + * @param bool $enable_tshirt_size + * @param array $tshirt_sizes + * @return array */ -function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes) { - $valid = true; - - if (isset($_REQUEST['mail'])) { - $result = User_validate_mail($_REQUEST['mail']); - $user_source['email'] = $result->getValue(); - if (! $result->isValid()) { - $valid = false; - error(_("E-mail address is not correct.")); +function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes) +{ + $valid = true; + $request = request(); + + if ($request->has('mail')) { + $result = User_validate_mail($request->input('mail')); + $user_source['email'] = $result->getValue(); + if (!$result->isValid()) { + $valid = false; + error(_('E-mail address is not correct.')); + } + } else { + $valid = false; + error(_('Please enter your e-mail.')); } - } else { - $valid = false; - error(_("Please enter your e-mail.")); - } - - $user_source['email_shiftinfo'] = isset($_REQUEST['email_shiftinfo']); - $user_source['email_by_human_allowed'] = isset($_REQUEST['email_by_human_allowed']); - - if (isset($_REQUEST['jabber'])) { - $result = User_validate_jabber($_REQUEST['jabber']); - $user_source['jabber'] = $result->getValue(); - if (! $result->isValid()) { - $valid = false; - error(_("Please check your jabber account information.")); + + $user_source['email_shiftinfo'] = $request->has('email_shiftinfo'); + $user_source['email_by_human_allowed'] = $request->has('email_by_human_allowed'); + + if ($request->has('jabber')) { + $result = User_validate_jabber($request->input('jabber')); + $user_source['jabber'] = $result->getValue(); + if (!$result->isValid()) { + $valid = false; + error(_('Please check your jabber account information.')); + } } - } - - if (isset($_REQUEST['tshirt_size']) && isset($tshirt_sizes[$_REQUEST['tshirt_size']])) { - $user_source['Size'] = $_REQUEST['tshirt_size']; - } elseif ($enable_tshirt_size) { - $valid = false; - } - - if (isset($_REQUEST['planned_arrival_date'])) { - $tmp = parse_date("Y-m-d H:i", $_REQUEST['planned_arrival_date'] . " 00:00"); - $result = User_validate_planned_arrival_date($tmp); - $user_source['planned_arrival_date'] = $result->getValue(); - if (! $result->isValid()) { - $valid = false; - error(_("Please enter your planned date of arrival. It should be after the buildup start date and before teardown end date.")); + + if ($request->has('tshirt_size') && isset($tshirt_sizes[$request->input('tshirt_size')])) { + $user_source['Size'] = $request->input('tshirt_size'); + } elseif ($enable_tshirt_size) { + $valid = false; } - } - - if (isset($_REQUEST['planned_departure_date'])) { - $tmp = parse_date("Y-m-d H:i", $_REQUEST['planned_departure_date'] . " 00:00"); - $result = User_validate_planned_departure_date($user_source['planned_arrival_date'], $tmp); - $user_source['planned_departure_date'] = $result->getValue(); - if (! $result->isValid()) { - $valid = false; - error(_("Please enter your planned date of departure. It should be after your planned arrival date and after buildup start date and before teardown end date.")); + + if ($request->has('planned_arrival_date')) { + $tmp = parse_date('Y-m-d H:i', $request->input('planned_arrival_date') . ' 00:00'); + $result = User_validate_planned_arrival_date($tmp); + $user_source['planned_arrival_date'] = $result->getValue(); + if (!$result->isValid()) { + $valid = false; + error(_('Please enter your planned date of arrival. It should be after the buildup start date and before teardown end date.')); + } } - } - - // Trivia - $user_source['Name'] = strip_request_item('lastname', $user_source['Name']); - $user_source['Vorname'] = strip_request_item('prename', $user_source['Vorname']); - $user_source['Alter'] = strip_request_item('age', $user_source['Alter']); - $user_source['Telefon'] = strip_request_item('tel', $user_source['Telefon']); - $user_source['DECT'] = strip_request_item('dect', $user_source['DECT']); - $user_source['Handy'] = strip_request_item('mobile', $user_source['Handy']); - $user_source['Hometown'] = strip_request_item('hometown', $user_source['Hometown']); - - if ($valid) { - User_update($user_source); - success(_("Settings saved.")); - redirect(page_link_to('user_settings')); - } - - return $user_source; + + if ($request->has('planned_departure_date')) { + $tmp = parse_date('Y-m-d H:i', $request->input('planned_departure_date') . ' 00:00'); + $result = User_validate_planned_departure_date($user_source['planned_arrival_date'], $tmp); + $user_source['planned_departure_date'] = $result->getValue(); + if (!$result->isValid()) { + $valid = false; + error(_('Please enter your planned date of departure. It should be after your planned arrival date and after buildup start date and before teardown end date.')); + } + } + + // Trivia + $user_source['Name'] = strip_request_item('lastname', $user_source['Name']); + $user_source['Vorname'] = strip_request_item('prename', $user_source['Vorname']); + $user_source['Alter'] = strip_request_item('age', $user_source['Alter']); + $user_source['Telefon'] = strip_request_item('tel', $user_source['Telefon']); + if(strlen(strip_request_item('dect')) <= 5) { + $user_source['DECT'] = strip_request_item('dect', $user_source['DECT']); + } else { + $valid = false; + error(_('For dect numbers are only 5 digits allowed.')); + } + $user_source['Handy'] = strip_request_item('mobile', $user_source['Handy']); + $user_source['Hometown'] = strip_request_item('hometown', $user_source['Hometown']); + + if ($valid) { + User_update($user_source); + + success(_('Settings saved.')); + redirect(page_link_to('user_settings')); + } + + return $user_source; } /** * Change user password. * - * @param User $user_source - * The user + * @param array $user_source The user */ -function user_settings_password($user_source) { - global $min_password_length; - if (! isset($_REQUEST['password']) || ! verify_password($_REQUEST['password'], $user_source['Passwort'], $user_source['UID'])) { - error(_("-> not OK. Please try again.")); - } elseif (strlen($_REQUEST['new_password']) < $min_password_length) { - error(_("Your password is to short (please use at least 6 characters).")); - } elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2']) { - error(_("Your passwords don't match.")); - } elseif (set_password($user_source['UID'], $_REQUEST['new_password'])) { - success(_("Password saved.")); - } else { - error(_("Failed setting password.")); - } - redirect(page_link_to('user_settings')); +function user_settings_password($user_source) +{ + $request = request(); + if ( + !$request->has('password') + || !verify_password($request->postData('password'), $user_source['Passwort'], $user_source['UID']) + ) { + error(_('-> not OK. Please try again.')); + } elseif (strlen($request->postData('new_password')) < config('min_password_length')) { + error(_('Your password is to short (please use at least 6 characters).')); + } elseif ($request->postData('new_password') != $request->postData('new_password2')) { + error(_('Your passwords don\'t match.')); + } else { + set_password($user_source['UID'], $request->postData('new_password')); + success(_('Password saved.')); + } + redirect(page_link_to('user_settings')); } /** * Change user theme * - * @param User $user_sources - * The user - * @param array<String> $themes - * List of available themes + * @param array $user_source The user + * @param array $themes List of available themes + * @return mixed */ -function user_settings_theme($user_source, $themes) { - $valid = true; - - if (isset($_REQUEST['theme']) && isset($themes[$_REQUEST['theme']])) { - $user_source['color'] = $_REQUEST['theme']; - } else { - $valid = false; - } - - if ($valid) { - sql_query("UPDATE `User` SET `color`='" . sql_escape($user_source['color']) . "' WHERE `UID`='" . sql_escape($user_source['UID']) . "'"); - - success(_("Theme changed.")); - redirect(page_link_to('user_settings')); - } - - return $user_source; +function user_settings_theme($user_source, $themes) +{ + $valid = true; + $request = request(); + + if ($request->has('theme') && isset($themes[$request->input('theme')])) { + $user_source['color'] = $request->input('theme'); + } else { + $valid = false; + } + + if ($valid) { + DB::update(' + UPDATE `User` + SET `color`=? + WHERE `UID`=? + ', + [ + $user_source['color'], + $user_source['UID'], + ] + ); + + success(_('Theme changed.')); + redirect(page_link_to('user_settings')); + } + + return $user_source; } /** * Change use locale * - * @param User $user_source - * The user - * @param array<String> $locales - * List of available locales + * @param array $user_source The user + * @param array $locales List of available locales + * @return array */ -function user_settings_locale($user_source, $locales) { - $valid = true; - - if (isset($_REQUEST['language']) && isset($locales[$_REQUEST['language']])) { - $user_source['Sprache'] = $_REQUEST['language']; - } else { - $valid = false; - } - - if ($valid) { - sql_query("UPDATE `User` SET `Sprache`='" . sql_escape($user_source['Sprache']) . "' WHERE `UID`='" . sql_escape($user_source['UID']) . "'"); - $_SESSION['locale'] = $user_source['Sprache']; - - success("Language changed."); - redirect(page_link_to('user_settings')); - } - - return $user_source; +function user_settings_locale($user_source, $locales) +{ + $valid = true; + $request = request(); + $session = session(); + + if ($request->has('language') && isset($locales[$request->input('language')])) { + $user_source['Sprache'] = $request->input('language'); + } else { + $valid = false; + } + + if ($valid) { + DB::update(' + UPDATE `User` + SET `Sprache`=? + WHERE `UID`=? + ', + [ + $user_source['Sprache'], + $user_source['UID'], + ] + ); + $session->set('locale', $user_source['Sprache']); + + success('Language changed.'); + redirect(page_link_to('user_settings')); + } + + return $user_source; } /** * Main user settings page/controller + * + * @return string */ -function user_settings() { - global $enable_tshirt_size, $tshirt_sizes, $themes, $locales; - global $user; - - $buildup_start_date = null; - $teardown_end_date = null; - $event_config = EventConfig(); - if ($event_config != null) { - if (isset($event_config['buildup_start_date'])) { - $buildup_start_date = $event_config['buildup_start_date']; +function user_settings() +{ + global $user; + $request = request(); + $themes = config('available_themes'); + + $enable_tshirt_size = config('enable_tshirt_size'); + $tshirt_sizes = config('tshirt_sizes'); + $locales = config('locales'); + + $buildup_start_date = null; + $teardown_end_date = null; + $event_config = EventConfig(); + if ($event_config != null) { + if (isset($event_config['buildup_start_date'])) { + $buildup_start_date = $event_config['buildup_start_date']; + } + if (isset($event_config['teardown_end_date'])) { + $teardown_end_date = $event_config['teardown_end_date']; + } } - if (isset($event_config['teardown_end_date'])) { - $teardown_end_date = $event_config['teardown_end_date']; + + foreach ($tshirt_sizes as $key => $size) { + if (empty($size)) { + unset($tshirt_sizes[$key]); + } } - } - - $user_source = $user; - - if (isset($_REQUEST['submit'])) { - $user_source = user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes); - } elseif (isset($_REQUEST['submit_password'])) { - user_settings_password($user_source); - } elseif (isset($_REQUEST['submit_theme'])) { - $user_source = user_settings_theme($user_source, $themes); - } elseif (isset($_REQUEST['submit_language'])) { - $user_source = user_settings_locale($user_source, $locales); - } - - return User_settings_view($user_source, $locales, $themes, $buildup_start_date, $teardown_end_date, $enable_tshirt_size, $tshirt_sizes); + + $user_source = $user; + + if ($request->has('submit')) { + $user_source = user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes); + } elseif ($request->has('submit_password')) { + user_settings_password($user_source); + } elseif ($request->has('submit_theme')) { + $user_source = user_settings_theme($user_source, $themes); + } elseif ($request->has('submit_language')) { + $user_source = user_settings_locale($user_source, $locales); + } + + return User_settings_view( + $user_source, + $locales, + $themes, + $buildup_start_date, + $teardown_end_date, + $enable_tshirt_size, + $tshirt_sizes + ); } -?> diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index c990ee4a..f8cf71cd 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -1,8 +1,14 @@ <?php + +use Engelsystem\Database\DB; use Engelsystem\ShiftsFilter; -function shifts_title() { - return _("Shifts"); +/** + * @return string + */ +function shifts_title() +{ + return _('Shifts'); } /** @@ -11,187 +17,267 @@ function shifts_title() { * Transform into shift controller and shift entry controller. * Split actions into shift edit, shift delete, shift entry edit, shift entry delete * Introduce simpler and beautiful actions for shift entry join/leave for users + * + * @return string */ -function user_shifts() { - global $user; - - if (User_is_freeloader($user)) { - redirect(page_link_to('user_myshifts')); - } - - // Löschen einzelner Schicht-Einträge (Also Belegung einer Schicht von Engeln) durch Admins - if (isset($_REQUEST['entry_id'])) { - return shift_entry_delete_controller(); - } elseif (isset($_REQUEST['edit_shift'])) { - return shift_edit_controller(); - } elseif (isset($_REQUEST['delete_shift'])) { - return shift_delete_controller(); - } elseif (isset($_REQUEST['shift_id'])) { - return shift_entry_add_controller(); - } - return view_user_shifts(); +function user_shifts() +{ + global $user; + $request = request(); + + if (User_is_freeloader($user)) { + redirect(page_link_to('user_myshifts')); + } + + // Löschen einzelner Schicht-Einträge (Also Belegung einer Schicht von Engeln) durch Admins + if ($request->has('entry_id')) { + shift_entry_delete_controller(); + return ''; + } elseif ($request->has('edit_shift')) { + return shift_edit_controller(); + } elseif ($request->has('delete_shift')) { + return shift_delete_controller(); + } elseif ($request->has('shift_id')) { + return shift_entry_add_controller(); + } + return view_user_shifts(); } /** * Helper function that updates the start and end time from request data. * Use update_ShiftsFilter(). * - * @param ShiftsFilter $shiftsFilter - * The shiftfilter to update. + * @param ShiftsFilter $shiftsFilter The shiftfilter to update. + * @param string[] $days */ -function update_ShiftsFilter_timerange(ShiftsFilter $shiftsFilter, $days) { - $start_time = $shiftsFilter->getStartTime(); - if ($start_time == null) { - $start_time = time(); - } - - $end_time = $shiftsFilter->getEndTime(); - if ($end_time == null) { - $end_time = $start_time + 24 * 60 * 60; - } - - $shiftsFilter->setStartTime(check_request_datetime('start_day', 'start_time', $days, $start_time)); - $shiftsFilter->setEndTime(check_request_datetime('end_day', 'end_time', $days, $end_time)); - - if ($shiftsFilter->getStartTime() > $shiftsFilter->getEndTime()) { - $shiftsFilter->setEndTime($shiftsFilter->getStartTime() + 24 * 60 * 60); - } +function update_ShiftsFilter_timerange(ShiftsFilter $shiftsFilter, $days) +{ + $start_time = $shiftsFilter->getStartTime(); + if ($start_time == null) { + $start_time = time(); + } + + $end_time = $shiftsFilter->getEndTime(); + if ($end_time == null) { + $end_time = $start_time + 24 * 60 * 60; + } + + $shiftsFilter->setStartTime(check_request_datetime('start_day', 'start_time', $days, $start_time)); + $shiftsFilter->setEndTime(check_request_datetime('end_day', 'end_time', $days, $end_time)); + + if ($shiftsFilter->getStartTime() > $shiftsFilter->getEndTime()) { + $shiftsFilter->setEndTime($shiftsFilter->getStartTime() + 24 * 60 * 60); + } } /** * Update given ShiftsFilter with filter params from user input * - * @param ShiftsFilter $shiftsFilter - * The shifts filter to update from request data - * @param boolean $user_shifts_admin - * Has the user user_shift_admin privilege? - * @param string[] $days - * An array of available filter days + * @param ShiftsFilter $shiftsFilter The shifts filter to update from request data + * @param boolean $user_shifts_admin Has the user user_shift_admin privilege? + * @param string[] $days An array of available filter days */ -function update_ShiftsFilter(ShiftsFilter $shiftsFilter, $user_shifts_admin, $days) { - $shiftsFilter->setUserShiftsAdmin($user_shifts_admin); - $shiftsFilter->setFilled(check_request_int_array('filled', $shiftsFilter->getFilled())); - $shiftsFilter->setRooms(check_request_int_array('rooms', $shiftsFilter->getRooms())); - $shiftsFilter->setTypes(check_request_int_array('types', $shiftsFilter->getTypes())); - update_ShiftsFilter_timerange($shiftsFilter, $days); +function update_ShiftsFilter(ShiftsFilter $shiftsFilter, $user_shifts_admin, $days) +{ + $shiftsFilter->setUserShiftsAdmin($user_shifts_admin); + $shiftsFilter->setFilled(check_request_int_array('filled', $shiftsFilter->getFilled())); + $shiftsFilter->setRooms(check_request_int_array('rooms', $shiftsFilter->getRooms())); + $shiftsFilter->setTypes(check_request_int_array('types', $shiftsFilter->getTypes())); + update_ShiftsFilter_timerange($shiftsFilter, $days); } -function load_rooms() { - $rooms = sql_select("SELECT `RID` AS `id`, `Name` AS `name` FROM `Room` WHERE `show`='Y' ORDER BY `Name`"); - if (count($rooms) == 0) { - error(_("The administration has not configured any rooms yet.")); - redirect('?'); - } - return $rooms; +/** + * @return array + */ +function load_rooms() +{ + $rooms = DB::select( + 'SELECT `RID` AS `id`, `Name` AS `name` FROM `Room` WHERE `show`=\'Y\' ORDER BY `Name`' + ); + if (empty($rooms)) { + error(_('The administration has not configured any rooms yet.')); + redirect(page_link_to('/')); + } + return $rooms; } -function load_days() { - $days = sql_select_single_col(" +/** + * @return array + */ +function load_days() +{ + $days = DB::select(' SELECT DISTINCT DATE(FROM_UNIXTIME(`start`)) AS `id`, DATE(FROM_UNIXTIME(`start`)) AS `name` FROM `Shifts` - ORDER BY `start`"); - if (count($days) == 0) { - error(_("The administration has not configured any shifts yet.")); - redirect('?'); - } - return $days; + ORDER BY `id`, `name` + '); + $days = array_map('array_shift', $days); + + if (empty($days)) { + error(_('The administration has not configured any shifts yet.')); + redirect(page_link_to('/')); + } + return $days; } -function load_types() { - global $user; - - if (sql_num_query("SELECT `id`, `name` FROM `AngelTypes` WHERE `restricted` = 0") == 0) { - error(_("The administration has not configured any angeltypes yet - or you are not subscribed to any angeltype.")); - redirect('?'); - } - $types = sql_select("SELECT `AngelTypes`.`id`, `AngelTypes`.`name`, (`AngelTypes`.`restricted`=0 OR (NOT `UserAngelTypes`.`confirm_user_id` IS NULL OR `UserAngelTypes`.`id` IS NULL)) as `enabled` FROM `AngelTypes` LEFT JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id`=`AngelTypes`.`id` AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "') ORDER BY `AngelTypes`.`name`"); - if (empty($types)) { - return sql_select("SELECT `id`, `name` FROM `AngelTypes` WHERE `restricted` = 0"); - } - return $types; +/** + * @return array|false + */ +function load_types() +{ + global $user; + + if (!count(DB::select('SELECT `id`, `name` FROM `AngelTypes` WHERE `restricted` = 0'))) { + error(_('The administration has not configured any angeltypes yet - or you are not subscribed to any angeltype.')); + redirect(page_link_to('/')); + } + $types = DB::select(' + SELECT + `AngelTypes`.`id`, + `AngelTypes`.`name`, + ( + `AngelTypes`.`restricted`=0 + OR ( + NOT `UserAngelTypes`.`confirm_user_id` IS NULL + OR `UserAngelTypes`.`id` IS NULL + ) + ) AS `enabled` + FROM `AngelTypes` + LEFT JOIN `UserAngelTypes` + ON ( + `UserAngelTypes`.`angeltype_id`=`AngelTypes`.`id` + AND `UserAngelTypes`.`user_id`=? + ) + ORDER BY `AngelTypes`.`name` + ', + [ + $user['UID'], + ] + ); + if (empty($types)) { + return DB::select('SELECT `id`, `name` FROM `AngelTypes` WHERE `restricted` = 0'); + } + return $types; } -function view_user_shifts() { - global $user, $privileges; - global $ical_shifts; - - $ical_shifts = []; - $days = load_days(); - $rooms = load_rooms(); - $types = load_types(); - - if (! isset($_SESSION['ShiftsFilter'])) { - $room_ids = [ - $rooms[0]['id'] +/** + * @return string + */ +function view_user_shifts() +{ + global $user, $privileges, $ical_shifts; + + $session = session(); + $ical_shifts = []; + $days = load_days(); + $rooms = load_rooms(); + $types = load_types(); + + if (!$session->has('ShiftsFilter')) { + $room_ids = [ + $rooms[0]['id'] + ]; + $type_ids = array_map('get_ids_from_array', $types); + $shiftsFilter = new ShiftsFilter(in_array('user_shifts_admin', $privileges), $room_ids, $type_ids); + $session->set('ShiftsFilter', $shiftsFilter); + } + + $shiftsFilter = $session->get('ShiftsFilter'); + update_ShiftsFilter($shiftsFilter, in_array('user_shifts_admin', $privileges), $days); + + $shiftCalendarRenderer = shiftCalendarRendererByShiftFilter($shiftsFilter); + + if ($user['api_key'] == '') { + User_reset_api_key($user, false); + } + + $filled = [ + [ + 'id' => '1', + 'name' => _('occupied') + ], + [ + 'id' => '0', + 'name' => _('free') + ] ]; - $type_ids = array_map('get_ids_from_array', $types); - $_SESSION['ShiftsFilter'] = new ShiftsFilter(in_array('user_shifts_admin', $privileges), $room_ids, $type_ids); - } - update_ShiftsFilter($_SESSION['ShiftsFilter'], in_array('user_shifts_admin', $privileges), $days); - $shiftsFilter = $_SESSION['ShiftsFilter']; - - $shiftCalendarRenderer = shiftCalendarRendererByShiftFilter($shiftsFilter); - - if ($user['api_key'] == "") { - User_reset_api_key($user, false); - } - - $filled = [ - [ - 'id' => '1', - 'name' => _("occupied") - ], - [ - 'id' => '0', - 'name' => _("free") - ] - ]; - $start_day = date("Y-m-d", $shiftsFilter->getStartTime()); - $start_time = date("H:i", $shiftsFilter->getStartTime()); - $end_day = date("Y-m-d", $shiftsFilter->getEndTime()); - $end_time = date("H:i", $shiftsFilter->getEndTime()); - - return page([ - div('col-md-12', [ - msg(), - template_render(__DIR__ . '/../../templates/user_shifts.html', [ - 'title' => shifts_title(), - 'room_select' => make_select($rooms, $shiftsFilter->getRooms(), "rooms", _("Rooms")), - 'start_select' => html_select_key("start_day", "start_day", array_combine($days, $days), $start_day), - 'start_time' => $start_time, - 'end_select' => html_select_key("end_day", "end_day", array_combine($days, $days), $end_day), - 'end_time' => $end_time, - 'type_select' => make_select($types, $shiftsFilter->getTypes(), "types", _("Angeltypes") . '<sup>1</sup>'), - 'filled_select' => make_select($filled, $shiftsFilter->getFilled(), "filled", _("Occupancy")), - 'task_notice' => '<sup>1</sup>' . _("The tasks shown here are influenced by the angeltypes you joined already!") . " <a href=\"" . page_link_to('angeltypes') . '&action=about' . "\">" . _("Description of the jobs.") . "</a>", - 'shifts_table' => msg() . $shiftCalendarRenderer->render(), - 'ical_text' => '<h2>' . _("iCal export") . '</h2><p>' . sprintf(_("Export of shown shifts. <a href=\"%s\">iCal format</a> or <a href=\"%s\">JSON format</a> available (please keep secret, otherwise <a href=\"%s\">reset the api key</a>)."), page_link_to_absolute('ical') . '&key=' . $user['api_key'], page_link_to_absolute('shifts_json_export') . '&key=' . $user['api_key'], page_link_to('user_myshifts') . '&reset') . '</p>', - 'filter' => _("Filter") - ]) - ]) - ]); + $start_day = date('Y-m-d', $shiftsFilter->getStartTime()); + $start_time = date('H:i', $shiftsFilter->getStartTime()); + $end_day = date('Y-m-d', $shiftsFilter->getEndTime()); + $end_time = date('H:i', $shiftsFilter->getEndTime()); + + $assignNotice = ''; + if (config('signup_requires_arrival') && !$user['Gekommen']) { + $assignNotice = info(render_user_arrived_hint(), true); + } + + return page([ + div('col-md-12', [ + msg(), + view(__DIR__ . '/../../templates/user_shifts.html', [ + 'title' => shifts_title(), + 'room_select' => make_select($rooms, $shiftsFilter->getRooms(), 'rooms', _('Rooms')), + 'start_select' => html_select_key('start_day', 'start_day', array_combine($days, $days), $start_day), + 'start_time' => $start_time, + 'end_select' => html_select_key('end_day', 'end_day', array_combine($days, $days), $end_day), + 'end_time' => $end_time, + 'type_select' => make_select( + $types, + $shiftsFilter->getTypes(), + 'types', + _('Angeltypes') . '<sup>1</sup>' + ), + 'filled_select' => make_select($filled, $shiftsFilter->getFilled(), 'filled', _('Occupancy')), + 'task_notice' => + '<sup>1</sup>' + . _('The tasks shown here are influenced by the angeltypes you joined already!') + . ' <a href="' . page_link_to('angeltypes', ['action' => 'about']) . '">' + . _('Description of the jobs.') + . '</a>', + 'assign_notice' => $assignNotice, + 'shifts_table' => msg() . $shiftCalendarRenderer->render(), + 'ical_text' => '<h2>' . _('iCal export') . '</h2><p>' . sprintf( + _('Export of shown shifts. <a href="%s">iCal format</a> or <a href="%s">JSON format</a> available (please keep secret, otherwise <a href="%s">reset the api key</a>).'), + page_link_to('ical', ['key' => $user['api_key']]), + page_link_to('shifts_json_export', ['key' => $user['api_key']]), + page_link_to('user_myshifts', ['reset' => 1]) + ) . '</p>', + 'filter' => _('Filter') + ]) + ]) + ]); } -function get_ids_from_array($array) { - return $array["id"]; +/** + * @param array $array + * @return array + */ +function get_ids_from_array($array) +{ + return $array['id']; } -function make_select($items, $selected, $name, $title = null) { - $html_items = []; - if (isset($title)) { - $html_items[] = '<h4>' . $title . '</h4>' . "\n"; - } - - foreach ($items as $i) { - $html_items[] = '<div class="checkbox"><label><input type="checkbox" name="' . $name . '[]" value="' . $i['id'] . '"' . (in_array($i['id'], $selected) ? ' checked="checked"' : '') . '> ' . $i['name'] . '</label>' . (! isset($i['enabled']) || $i['enabled'] ? '' : glyph("lock")) . '</div><br />'; - } - $html = '<div id="selection_' . $name . '" class="selection ' . $name . '">' . "\n"; - $html .= implode("\n", $html_items); - $html .= buttons([ - button("javascript: checkAll('selection_" . $name . "', true)", _("All"), ""), - button("javascript: checkAll('selection_" . $name . "', false)", _("None"), "") - ]); - $html .= '</div>' . "\n"; - return $html; +function make_select($items, $selected, $name, $title = null) +{ + $html_items = []; + if (isset($title)) { + $html_items[] = '<h4>' . $title . '</h4>' . "\n"; + } + + foreach ($items as $i) { + $html_items[] = '<div class="checkbox">' + . '<label><input type="checkbox" name="' . $name . '[]" value="' . $i['id'] . '" ' + . (in_array($i['id'], $selected) ? ' checked="checked"' : '') + . ' > ' . $i['name'] . '</label>' + . (!isset($i['enabled']) || $i['enabled'] ? '' : glyph('lock')) + . '</div><br />'; + } + $html = '<div id="selection_' . $name . '" class="selection ' . $name . '">' . "\n"; + $html .= implode("\n", $html_items); + $html .= buttons([ + button('javascript: checkAll(\'selection_' . $name . '\', true)', _('All'), ''), + button('javascript: checkAll(\'selection_' . $name . '\', false)', _('None'), '') + ]); + $html .= '</div>' . "\n"; + return $html; } -?> |