summaryrefslogtreecommitdiff
path: root/includes/pages
diff options
context:
space:
mode:
Diffstat (limited to 'includes/pages')
-rw-r--r--includes/pages/admin_active.php24
-rw-r--r--includes/pages/admin_arrive.php12
-rw-r--r--includes/pages/admin_groups.php26
-rw-r--r--includes/pages/admin_news.php12
-rw-r--r--includes/pages/admin_questions.php12
-rw-r--r--includes/pages/admin_rooms.php22
-rw-r--r--includes/pages/admin_user.php34
-rw-r--r--includes/pages/user_messages.php12
-rw-r--r--includes/pages/user_myshifts.php18
-rw-r--r--includes/pages/user_questions.php6
10 files changed, 89 insertions, 89 deletions
diff --git a/includes/pages/admin_active.php b/includes/pages/admin_active.php
index 83f99d5a..733bd506 100644
--- a/includes/pages/admin_active.php
+++ b/includes/pages/admin_active.php
@@ -63,40 +63,40 @@ function admin_active() {
}
if (isset($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) {
- $id = $_REQUEST['active'];
- $user_source = User($id);
+ $user_id = $_REQUEST['active'];
+ $user_source = User($user_id);
if ($user_source != null) {
- sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
+ sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1");
engelsystem_log("User " . User_Nick_render($user_source) . " is active now.");
$msg = success(_("Angel has been marked as active."), true);
} else {
$msg = error(_("Angel not found."), true);
}
} elseif (isset($_REQUEST['not_active']) && preg_match("/^[0-9]+$/", $_REQUEST['not_active'])) {
- $id = $_REQUEST['not_active'];
- $user_source = User($id);
+ $user_id = $_REQUEST['not_active'];
+ $user_source = User($user_id);
if ($user_source != null) {
- sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
+ sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1");
engelsystem_log("User " . User_Nick_render($user_source) . " is NOT active now.");
$msg = success(_("Angel has been marked as not active."), true);
} else {
$msg = error(_("Angel not found."), true);
}
} elseif (isset($_REQUEST['tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['tshirt'])) {
- $id = $_REQUEST['tshirt'];
- $user_source = User($id);
+ $user_id = $_REQUEST['tshirt'];
+ $user_source = User($user_id);
if ($user_source != null) {
- sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
+ sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1");
engelsystem_log("User " . User_Nick_render($user_source) . " has tshirt now.");
$msg = success(_("Angel has got a t-shirt."), true);
} else {
$msg = error("Angel not found.", true);
}
} elseif (isset($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['not_tshirt'])) {
- $id = $_REQUEST['not_tshirt'];
- $user_source = User($id);
+ $user_id = $_REQUEST['not_tshirt'];
+ $user_source = User($user_id);
if ($user_source != null) {
- sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
+ sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1");
engelsystem_log("User " . User_Nick_render($user_source) . " has NO tshirt.");
$msg = success(_("Angel has got no t-shirt."), true);
} else {
diff --git a/includes/pages/admin_arrive.php b/includes/pages/admin_arrive.php
index 932929c2..4a1ee8d7 100644
--- a/includes/pages/admin_arrive.php
+++ b/includes/pages/admin_arrive.php
@@ -12,10 +12,10 @@ function admin_arrive() {
}
if (isset($_REQUEST['reset']) && preg_match("/^[0-9]*$/", $_REQUEST['reset'])) {
- $id = $_REQUEST['reset'];
- $user_source = User($id);
+ $user_id = $_REQUEST['reset'];
+ $user_source = User($user_id);
if ($user_source != null) {
- sql_query("UPDATE `User` SET `Gekommen`=0, `arrival_date` = NULL WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
+ sql_query("UPDATE `User` SET `Gekommen`=0, `arrival_date` = NULL WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1");
engelsystem_log("User set to not arrived: " . User_Nick_render($user_source));
success(_("Reset done. Angel has not arrived."));
redirect(user_link($user_source));
@@ -23,10 +23,10 @@ function admin_arrive() {
$msg = error(_("Angel not found."), true);
}
} elseif (isset($_REQUEST['arrived']) && preg_match("/^[0-9]*$/", $_REQUEST['arrived'])) {
- $id = $_REQUEST['arrived'];
- $user_source = User($id);
+ $user_id = $_REQUEST['arrived'];
+ $user_source = User($user_id);
if ($user_source != null) {
- sql_query("UPDATE `User` SET `Gekommen`=1, `arrival_date`='" . time() . "' WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
+ sql_query("UPDATE `User` SET `Gekommen`=1, `arrival_date`='" . time() . "' WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1");
engelsystem_log("User set has arrived: " . User_Nick_render($user_source));
success(_("Angel has been marked as arrived."));
redirect(user_link($user_source));
diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php
index d26e6de7..69b6bf39 100644
--- a/includes/pages/admin_groups.php
+++ b/includes/pages/admin_groups.php
@@ -35,15 +35,15 @@ function admin_groups() {
switch ($_REQUEST["action"]) {
case 'edit':
if (isset($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) {
- $id = $_REQUEST['id'];
+ $group_id = $_REQUEST['id'];
} else {
return error("Incomplete call, missing Groups ID.", true);
}
- $room = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
- if (count($room) > 0) {
- list($room) = $room;
- $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`='" . sql_escape($id) . "') ORDER BY `Privileges`.`name`");
+ $group = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($group_id) . "' LIMIT 1");
+ if (count($group) > 0) {
+ list($group) = $group;
+ $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`='" . sql_escape($group_id) . "') ORDER BY `Privileges`.`name`");
$privileges_html = "";
$privileges_form = [];
foreach ($privileges as $priv) {
@@ -53,7 +53,7 @@ function admin_groups() {
$privileges_form[] = form_submit('submit', _("Save"));
$html .= page_with_title(_("Edit group"), [
- form($privileges_form, page_link_to('admin_groups') . '&action=save&id=' . $id)
+ form($privileges_form, page_link_to('admin_groups') . '&action=save&id=' . $group_id)
]);
} else {
return error("No Group found.", true);
@@ -62,29 +62,29 @@ function admin_groups() {
case 'save':
if (isset($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) {
- $id = $_REQUEST['id'];
+ $group_id = $_REQUEST['id'];
} else {
return error("Incomplete call, missing Groups ID.", true);
}
- $room = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
+ $group = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($group_id) . "' LIMIT 1");
if (! is_array($_REQUEST['privileges'])) {
$_REQUEST['privileges'] = [];
}
- if (count($room) > 0) {
- list($room) = $room;
- sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`='" . sql_escape($id) . "'");
+ if (count($group) > 0) {
+ list($group) = $group;
+ sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`='" . sql_escape($group_id) . "'");
$privilege_names = [];
foreach ($_REQUEST['privileges'] as $priv) {
if (preg_match("/^[0-9]{1,}$/", $priv)) {
$group_privileges_source = sql_select("SELECT * FROM `Privileges` WHERE `id`='" . sql_escape($priv) . "' LIMIT 1");
if (count($group_privileges_source) > 0) {
- sql_query("INSERT INTO `GroupPrivileges` SET `group_id`='" . sql_escape($id) . "', `privilege_id`='" . sql_escape($priv) . "'");
+ sql_query("INSERT INTO `GroupPrivileges` SET `group_id`='" . sql_escape($group_id) . "', `privilege_id`='" . sql_escape($priv) . "'");
$privilege_names[] = $group_privileges_source[0]['name'];
}
}
}
- engelsystem_log("Group privileges of group " . $room['Name'] . " edited: " . join(", ", $privilege_names));
+ engelsystem_log("Group privileges of group " . $group['Name'] . " edited: " . join(", ", $privilege_names));
redirect(page_link_to("admin_groups"));
} else {
return error("No Group found.", true);
diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php
index 192f3cce..af7046c9 100644
--- a/includes/pages/admin_news.php
+++ b/includes/pages/admin_news.php
@@ -8,12 +8,12 @@ function admin_news() {
} else {
$html = '<div class="col-md-12"><h1>' . _("Edit news entry") . '</h1>' . msg();
if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) {
- $id = $_REQUEST['id'];
+ $news_id = $_REQUEST['id'];
} else {
return error("Incomplete call, missing News ID.", true);
}
- $news = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($id) . "' LIMIT 1");
+ $news = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($news_id) . "' LIMIT 1");
if (count($news) > 0) {
switch ($_REQUEST["action"]) {
default:
@@ -33,9 +33,9 @@ function admin_news() {
form_textarea('eText', _("Message"), $news['Text']),
form_checkbox('eTreffen', _("Meeting"), $news['Treffen'] == 1, 1),
form_submit('submit', _("Save"))
- ], page_link_to('admin_news&action=save&id=' . $id));
+ ], page_link_to('admin_news&action=save&id=' . $news_id));
- $html .= '<a class="btn btn-danger" href="' . page_link_to('admin_news&action=delete&id=' . $id) . '"><span class="glyphicon glyphicon-trash"></span> ' . _("Delete") . '</a>';
+ $html .= '<a class="btn btn-danger" href="' . page_link_to('admin_news&action=delete&id=' . $news_id) . '"><span class="glyphicon glyphicon-trash"></span> ' . _("Delete") . '</a>';
break;
case 'save':
@@ -47,7 +47,7 @@ function admin_news() {
`Text`='" . sql_escape($_POST["eText"]) . "',
`UID`='" . sql_escape($user['UID']) . "',
`Treffen`='" . sql_escape($_POST["eTreffen"]) . "'
- WHERE `ID`='" . sql_escape($id) . "'");
+ WHERE `ID`='" . sql_escape($news_id) . "'");
engelsystem_log("News updated: " . $_POST["eBetreff"]);
success(_("News entry updated."));
redirect(page_link_to("news"));
@@ -56,7 +56,7 @@ function admin_news() {
case 'delete':
list($news) = $news;
- sql_query("DELETE FROM `News` WHERE `ID`='" . sql_escape($id) . "' LIMIT 1");
+ sql_query("DELETE FROM `News` WHERE `ID`='" . sql_escape($news_id) . "' LIMIT 1");
engelsystem_log("News deleted: " . $news['Betreff']);
success(_("News entry deleted."));
redirect(page_link_to("news"));
diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php
index 183f7944..f67c6ce8 100644
--- a/includes/pages/admin_questions.php
+++ b/includes/pages/admin_questions.php
@@ -83,17 +83,17 @@ function admin_questions() {
switch ($_REQUEST['action']) {
case 'answer':
if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) {
- $id = $_REQUEST['id'];
+ $question_id = $_REQUEST['id'];
} else {
return error("Incomplete call, missing Question ID.", true);
}
- $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1");
+ $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($question_id) . "' LIMIT 1");
if (count($question) > 0 && $question[0]['AID'] == null) {
$answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer'])));
if ($answer != "") {
- sql_query("UPDATE `Questions` SET `AID`='" . sql_escape($user['UID']) . "', `Answer`='" . sql_escape($answer) . "' WHERE `QID`='" . sql_escape($id) . "' LIMIT 1");
+ sql_query("UPDATE `Questions` SET `AID`='" . sql_escape($user['UID']) . "', `Answer`='" . sql_escape($answer) . "' WHERE `QID`='" . sql_escape($question_id) . "' LIMIT 1");
engelsystem_log("Question " . $question[0]['Question'] . " answered: " . $answer);
redirect(page_link_to("admin_questions"));
} else {
@@ -105,14 +105,14 @@ function admin_questions() {
break;
case 'delete':
if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) {
- $id = $_REQUEST['id'];
+ $question_id = $_REQUEST['id'];
} else {
return error("Incomplete call, missing Question ID.", true);
}
- $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1");
+ $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($question_id) . "' LIMIT 1");
if (count($question) > 0) {
- sql_query("DELETE FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1");
+ sql_query("DELETE FROM `Questions` WHERE `QID`='" . sql_escape($question_id) . "' LIMIT 1");
engelsystem_log("Question deleted: " . $question[0]['Question']);
redirect(page_link_to("admin_questions"));
} else {
diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php
index 3c26048a..155fd7b3 100644
--- a/includes/pages/admin_rooms.php
+++ b/includes/pages/admin_rooms.php
@@ -38,12 +38,12 @@ function admin_rooms() {
if (test_request_int('id')) {
$room = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($_REQUEST['id']) . "'");
if (count($room) > 0) {
- $id = $_REQUEST['id'];
+ $room_id = $_REQUEST['id'];
$name = $room[0]['Name'];
$from_pentabarf = $room[0]['FromPentabarf'];
$public = $room[0]['show'];
$number = $room[0]['Number'];
- $needed_angeltypes = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($id) . "'");
+ $needed_angeltypes = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($room_id) . "'");
foreach ($needed_angeltypes as $needed_angeltype) {
$angeltypes_count[$needed_angeltype['angel_type_id']] = $needed_angeltype['count'];
}
@@ -58,7 +58,7 @@ function admin_rooms() {
if (isset($_REQUEST['name']) && strlen(strip_request_item('name')) > 0) {
$name = strip_request_item('name');
- if (isset($room) && sql_num_query("SELECT * FROM `Room` WHERE `Name`='" . sql_escape($name) . "' AND NOT `RID`=" . sql_escape($id)) > 0) {
+ if (isset($room) && sql_num_query("SELECT * FROM `Room` WHERE `Name`='" . sql_escape($name) . "' AND NOT `RID`=" . sql_escape($room_id)) > 0) {
$valid = false;
$msg .= error(_("This name is already in use."), true);
}
@@ -95,18 +95,18 @@ function admin_rooms() {
}
if ($valid) {
- if (isset($id)) {
- sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`='" . sql_escape($id) . "' LIMIT 1");
+ if (isset($room_id)) {
+ sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`='" . sql_escape($room_id) . "' LIMIT 1");
engelsystem_log("Room updated: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number);
} else {
- $id = Room_create($name, $from_pentabarf, $public, $number);
- if ($id === false) {
+ $room_id = Room_create($name, $from_pentabarf, $public, $number);
+ if ($room_id === false) {
engelsystem_error("Unable to create room.");
}
engelsystem_log("Room created: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number);
}
- sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($id) . "'");
+ sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($room_id) . "'");
$needed_angeltype_info = array();
foreach ($angeltypes_count as $angeltype_id => $angeltype_count) {
$angeltype = AngelType($angeltype_id);
@@ -114,7 +114,7 @@ function admin_rooms() {
engelsystem_error("Unable to load angeltype.");
}
if ($angeltype != null) {
- sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`='" . sql_escape($id) . "', `angel_type_id`='" . sql_escape($angeltype_id) . "', `count`='" . sql_escape($angeltype_count) . "'");
+ sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`='" . sql_escape($room_id) . "', `angel_type_id`='" . sql_escape($angeltype_id) . "', `count`='" . sql_escape($angeltype_count) . "'");
$needed_angeltype_info[] = $angeltype['name'] . ": " . $angeltype_count;
}
}
@@ -158,7 +158,7 @@ function admin_rooms() {
]);
} elseif ($_REQUEST['show'] == 'delete') {
if (isset($_REQUEST['ack'])) {
- if (! Room_delete($id)) {
+ if (! Room_delete($room_id)) {
engelsystem_error("Unable to delete room.");
}
@@ -173,7 +173,7 @@ function admin_rooms() {
]),
sprintf(_("Do you want to delete room %s?"), $name),
buttons([
- button(page_link_to('admin_rooms') . '&show=delete&id=' . $id . '&ack', _("Delete"), 'delete')
+ button(page_link_to('admin_rooms') . '&show=delete&id=' . $room_id . '&ack', _("Delete"), 'delete')
])
]);
}
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index fb3283bd..56987e12 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -13,9 +13,9 @@ function admin_user() {
redirect(users_link());
}
- $id = $_REQUEST['id'];
+ $user_id = $_REQUEST['id'];
if (! isset($_REQUEST['action'])) {
- $user_source = User($id);
+ $user_source = User($user_id);
if ($user_source === false) {
engelsystem_error('Unable to load user.');
}
@@ -26,7 +26,7 @@ function admin_user() {
$html .= "Hallo,<br />" . "hier kannst du den Eintrag &auml;ndern. Unter dem Punkt 'Gekommen' " . "wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " . "dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " . "Wenn T-Shirt ein 'Ja' enth&auml;lt, bedeutet dies, dass der Engel " . "bereits sein T-Shirt erhalten hat.<br /><br />\n";
- $html .= "<form action=\"" . page_link_to("admin_user") . "&action=save&id=$id\" method=\"post\">\n";
+ $html .= "<form action=\"" . page_link_to("admin_user") . "&action=save&id=$user_id\" method=\"post\">\n";
$html .= "<table border=\"0\">\n";
$html .= "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n";
$html .= "<tr><td>\n";
@@ -80,7 +80,7 @@ function admin_user() {
$html .= form_info('', _('Please visit the angeltypes page or the users profile to manage users angeltypes.'));
- $html .= "Hier kannst Du das Passwort dieses Engels neu setzen:<form action=\"" . page_link_to("admin_user") . "&action=change_pw&id=$id\" method=\"post\">\n";
+ $html .= "Hier kannst Du das Passwort dieses Engels neu setzen:<form action=\"" . page_link_to("admin_user") . "&action=change_pw&id=$user_id\" method=\"post\">\n";
$html .= "<table>\n";
$html .= " <tr><td>Passwort</td><td>" . "<input type=\"password\" size=\"40\" name=\"new_pw\" value=\"\"></td></tr>\n";
$html .= " <tr><td>Wiederholung</td><td>" . "<input type=\"password\" size=\"40\" name=\"new_pw2\" value=\"\"></td></tr>\n";
@@ -96,16 +96,16 @@ function admin_user() {
$my_highest_group = $my_highest_group[0]['group_id'];
}
- $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "' ORDER BY `group_id` LIMIT 1");
+ $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user_id) . "' ORDER BY `group_id` LIMIT 1");
if (count($his_highest_group) > 0) {
$his_highest_group = $his_highest_group[0]['group_id'];
}
- if ($id != $user['UID'] && $my_highest_group <= $his_highest_group) {
- $html .= "Hier kannst Du die Benutzergruppen des Engels festlegen:<form action=\"" . page_link_to("admin_user") . "&action=save_groups&id=" . $id . "\" method=\"post\">\n";
+ if ($user_id != $user['UID'] && $my_highest_group <= $his_highest_group) {
+ $html .= "Hier kannst Du die Benutzergruppen des Engels festlegen:<form action=\"" . page_link_to("admin_user") . "&action=save_groups&id=" . $user_id . "\" method=\"post\">\n";
$html .= '<table>';
- $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group) . "' ORDER BY `Groups`.`Name`");
+ $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($user_id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group) . "' ORDER BY `Groups`.`Name`");
foreach ($groups as $group) {
$html .= '<tr><td><input type="checkbox" name="groups[]" value="' . $group['UID'] . '"' . ($group['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $group['Name'] . '</td></tr>';
}
@@ -126,12 +126,12 @@ function admin_user() {
} else {
switch ($_REQUEST['action']) {
case 'save_groups':
- if ($id != $user['UID']) {
+ if ($user_id != $user['UID']) {
$my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user['UID']) . "' ORDER BY `group_id`");
- $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "' ORDER BY `group_id`");
+ $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user_id) . "' ORDER BY `group_id`");
if (count($my_highest_group) > 0 && (count($his_highest_group) == 0 || ($my_highest_group[0]['group_id'] <= $his_highest_group[0]['group_id']))) {
- $groups_source = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group[0]['group_id']) . "' ORDER BY `Groups`.`Name`");
+ $groups_source = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($user_id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group[0]['group_id']) . "' ORDER BY `Groups`.`Name`");
$groups = [];
$grouplist = [];
foreach ($groups_source as $group) {
@@ -143,15 +143,15 @@ function admin_user() {
$_REQUEST['groups'] = [];
}
- sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'");
+ sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($user_id) . "'");
$user_groups_info = [];
foreach ($_REQUEST['groups'] as $group) {
if (in_array($group, $grouplist)) {
- sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($id) . "', `group_id`='" . sql_escape($group) . "'");
+ sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($user_id) . "', `group_id`='" . sql_escape($group) . "'");
$user_groups_info[] = $groups[$group]['Name'];
}
}
- $user_source = User($id);
+ $user_source = User($user_id);
engelsystem_log("Set groups of " . User_Nick_render($user_source) . " to: " . join(", ", $user_groups_info));
$html .= success("Benutzergruppen gespeichert.", true);
} else {
@@ -184,7 +184,7 @@ function admin_user() {
`force_active`= " . sql_escape($force_active) . ",
`Tshirt` = '" . sql_escape($_POST["eTshirt"]) . "',
`Hometown` = '" . sql_escape($_POST["Hometown"]) . "'
- WHERE `UID` = '" . sql_escape($id) . "'
+ WHERE `UID` = '" . sql_escape($user_id) . "'
LIMIT 1";
sql_query($SQL);
engelsystem_log("Updated user: " . $_POST["eNick"] . ", " . $_POST["eSize"] . ", arrived: " . $_POST["eGekommen"] . ", active: " . $_POST["eAktiv"] . ", tshirt: " . $_POST["eTshirt"]);
@@ -193,8 +193,8 @@ function admin_user() {
case 'change_pw':
if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) {
- set_password($id, $_REQUEST['new_pw']);
- $user_source = User($id);
+ set_password($user_id, $_REQUEST['new_pw']);
+ $user_source = User($user_id);
engelsystem_log("Set new password for " . User_Nick_render($user_source));
$html .= success("Passwort neu gesetzt.", true);
} else {
diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php
index a3d17741..4af2a0cb 100644
--- a/includes/pages/user_messages.php
+++ b/includes/pages/user_messages.php
@@ -91,14 +91,14 @@ function user_messages() {
switch ($_REQUEST['action']) {
case "read":
if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) {
- $id = $_REQUEST['id'];
+ $message_id = $_REQUEST['id'];
} else {
return error(_("Incomplete call, missing Message ID."), true);
}
- $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1");
+ $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1");
if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) {
- sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`='" . sql_escape($id) . "' LIMIT 1");
+ sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1");
redirect(page_link_to("user_messages"));
} else {
return error(_("No Message found."), true);
@@ -107,14 +107,14 @@ function user_messages() {
case "delete":
if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) {
- $id = $_REQUEST['id'];
+ $message_id = $_REQUEST['id'];
} else {
return error(_("Incomplete call, missing Message ID."), true);
}
- $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1");
+ $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1");
if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) {
- sql_query("DELETE FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1");
+ sql_query("DELETE FROM `Messages` WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1");
redirect(page_link_to("user_messages"));
} else {
return error(_("No Message found."), true);
diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php
index f50711a7..b60d2ed8 100644
--- a/includes/pages/user_myshifts.php
+++ b/includes/pages/user_myshifts.php
@@ -10,12 +10,12 @@ function user_myshifts() {
global $user, $privileges;
if (isset($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($_REQUEST['id']) . "'") > 0) {
- $id = $_REQUEST['id'];
+ $user_id = $_REQUEST['id'];
} else {
- $id = $user['UID'];
+ $user_id = $user['UID'];
}
- list($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
+ list($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1");
if (isset($_REQUEST['reset'])) {
if ($_REQUEST['reset'] == "ack") {
@@ -28,7 +28,7 @@ function user_myshifts() {
button(page_link_to('user_myshifts') . '&reset=ack', _("Continue"), 'btn-danger')
]);
} elseif (isset($_REQUEST['edit']) && preg_match("/^[0-9]*$/", $_REQUEST['edit'])) {
- $id = $_REQUEST['edit'];
+ $user_id = $_REQUEST['edit'];
$shift = sql_select("SELECT
`ShiftEntry`.`freeloaded`,
`ShiftEntry`.`freeload_comment`,
@@ -43,7 +43,7 @@ function user_myshifts() {
JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`)
JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)
JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`)
- WHERE `ShiftEntry`.`id`='" . sql_escape($id) . "'
+ WHERE `ShiftEntry`.`id`='" . sql_escape($user_id) . "'
AND `UID`='" . sql_escape($shifts_user['UID']) . "' LIMIT 1");
if (count($shift) > 0) {
$shift = $shift[0];
@@ -66,7 +66,7 @@ function user_myshifts() {
if ($valid) {
$result = ShiftEntry_update([
- 'id' => $id,
+ 'id' => $user_id,
'Comment' => $comment,
'freeloaded' => $freeloaded,
'freeload_comment' => $freeload_comment
@@ -85,16 +85,16 @@ function user_myshifts() {
} else
redirect(page_link_to('user_myshifts'));
} elseif (isset($_REQUEST['cancel']) && preg_match("/^[0-9]*$/", $_REQUEST['cancel'])) {
- $id = $_REQUEST['cancel'];
+ $user_id = $_REQUEST['cancel'];
$shift = sql_select("
SELECT *
FROM `Shifts`
INNER JOIN `ShiftEntry` USING (`SID`)
- WHERE `ShiftEntry`.`id`='" . sql_escape($id) . "' AND `UID`='" . sql_escape($shifts_user['UID']) . "'");
+ WHERE `ShiftEntry`.`id`='" . sql_escape($user_id) . "' AND `UID`='" . sql_escape($shifts_user['UID']) . "'");
if (count($shift) > 0) {
$shift = $shift[0];
if (($shift['start'] > time() + $LETZTES_AUSTRAGEN * 3600) || in_array('user_shifts_admin', $privileges)) {
- $result = ShiftEntry_delete($id);
+ $result = ShiftEntry_delete($user_id);
if ($result === false) {
engelsystem_error('Unable to delete shift entry.');
}
diff --git a/includes/pages/user_questions.php b/includes/pages/user_questions.php
index 6d9ded8e..10e8fef6 100644
--- a/includes/pages/user_questions.php
+++ b/includes/pages/user_questions.php
@@ -39,14 +39,14 @@ function user_questions() {
break;
case 'delete':
if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) {
- $id = $_REQUEST['id'];
+ $question_id = $_REQUEST['id'];
} else {
return error(_("Incomplete call, missing Question ID."), true);
}
- $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1");
+ $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($question_id) . "' LIMIT 1");
if (count($question) > 0 && $question[0]['UID'] == $user['UID']) {
- sql_query("DELETE FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1");
+ sql_query("DELETE FROM `Questions` WHERE `QID`='" . sql_escape($question_id) . "' LIMIT 1");
redirect(page_link_to("user_questions"));
} else {
return page_with_title(questions_title(), [