diff options
Diffstat (limited to 'includes/pages')
-rw-r--r-- | includes/pages/admin_active.php | 232 | ||||
-rw-r--r-- | includes/pages/admin_angel_types.php | 8 | ||||
-rw-r--r-- | includes/pages/admin_arrive.php | 100 | ||||
-rw-r--r-- | includes/pages/admin_groups.php | 166 | ||||
-rw-r--r-- | includes/pages/admin_import.php | 522 | ||||
-rw-r--r-- | includes/pages/admin_news.php | 144 | ||||
-rw-r--r-- | includes/pages/admin_questions.php | 138 | ||||
-rw-r--r-- | includes/pages/admin_rooms.php | 19 | ||||
-rw-r--r-- | includes/pages/admin_shifts.php | 9 | ||||
-rw-r--r-- | includes/pages/admin_user_angeltypes.php | 20 |
10 files changed, 717 insertions, 641 deletions
diff --git a/includes/pages/admin_active.php b/includes/pages/admin_active.php index 55384345..0dabe568 100644 --- a/includes/pages/admin_active.php +++ b/includes/pages/admin_active.php @@ -1,120 +1,144 @@ <?php function admin_active() { - global $tshirt_sizes; - - $msg = ""; - $search = ""; - $count = 0; - $limit = ""; - $set_active = ""; - if (isset ($_REQUEST['search'])) - $search = strip_request_item('search'); + global $tshirt_sizes; - if (isset ($_REQUEST['set_active'])) { - $ok = true; + $msg = ""; + $search = ""; + $count = 0; + $limit = ""; + $set_active = ""; + if (isset ($_REQUEST['search'])) + $search = strip_request_item('search'); - if (isset ($_REQUEST['count']) && preg_match("/^[0-9]+$/", $_REQUEST['count'])) - $count = strip_request_item('count'); - else { - $ok = false; - $msg .= error("Please enter a number of angels to be marked as active.", true); - } + if (isset ($_REQUEST['set_active'])) { + $ok = true; - if ($ok) - $limit = " LIMIT " . $count; - if (isset ($_REQUEST['ack'])) { - sql_query("UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0"); - $users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit); - foreach ($users as $usr) - sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`=" . sql_escape($usr['UID'])); + if (isset ($_REQUEST['count']) && preg_match("/^[0-9]+$/", $_REQUEST['count'])) + $count = strip_request_item('count'); + else { + $ok = false; + $msg .= error("Please enter a number of angels to be marked as active.", true); + } - $limit = ""; - $msg = success("Marked angels.", true); - } else { - $set_active = '<a href="' . page_link_to('admin_active') . '&serach=' . $search . '">« back</a> | <a href="' . page_link_to('admin_active') . '&search=' . $search . '&count=' . $count . '&set_active&ack">apply</a>'; - } - } + if ($ok) + $limit = " LIMIT " . $count; + if (isset ($_REQUEST['ack'])) { + sql_query("UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0"); + $users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit); + $user_nicks = array(); + foreach ($users as $usr) { + sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`=" . sql_escape($usr['UID'])); + $user_nicks[] = $usr['Nick']; + } + engelsystem_log("These angels are active now: " . join(", ", $user_nicks)); - if (isset ($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) { - $id = $_REQUEST['active']; - sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - $msg = success("Angel has been marked as active.", true); - } - elseif (isset ($_REQUEST['not_active']) && preg_match("/^[0-9]+$/", $_REQUEST['not_active'])) { - $id = $_REQUEST['not_active']; - sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - $msg = success("Angel has been marked as not active.", true); - } - elseif (isset ($_REQUEST['tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['tshirt'])) { - $id = $_REQUEST['tshirt']; - sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - $msg = success("Angel has got a t-shirt.", true); - } - elseif (isset ($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['not_tshirt'])) { - $id = $_REQUEST['not_tshirt']; - sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - $msg = success("Angel has got no t-shirt.", true); - } + $limit = ""; + $msg = success("Marked angels.", true); + } else { + $set_active = '<a href="' . page_link_to('admin_active') . '&serach=' . $search . '">« back</a> | <a href="' . page_link_to('admin_active') . '&search=' . $search . '&count=' . $count . '&set_active&ack">apply</a>'; + } + } - $users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit); + if (isset ($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) { + $id = $_REQUEST['active']; + $user_source = User($id); + if($user_source != null) { + sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + engelsystem_log("User " . $user_source['Nick'] . " is active now."); + $msg = success("Angel has been marked as active.", true); + } + else $msg = error("Angel not found.", true); + } + elseif (isset ($_REQUEST['not_active']) && preg_match("/^[0-9]+$/", $_REQUEST['not_active'])) { + $id = $_REQUEST['not_active']; + $user_source = User($id); + if($user_source != null) { + sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + engelsystem_log("User " . $user_source['Nick'] . " is NOT active now."); + $msg = success("Angel has been marked as not active.", true); + } + else $msg = error("Angel not found.", true); + } + elseif (isset ($_REQUEST['tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['tshirt'])) { + $id = $_REQUEST['tshirt']; + $user_source = User($id); + if($user_source != null) { + sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + engelsystem_log("User " . $user_source['Nick'] . " has tshirt now."); + $msg = success("Angel has got a t-shirt.", true); + } + else $msg = error("Angel not found.", true); + } + elseif (isset ($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['not_tshirt'])) { + $id = $_REQUEST['not_tshirt']; + $user_source = User($id); + if($user_source != null) { + sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + engelsystem_log("User " . $user_source['Nick'] . " NO tshirt."); + $msg = success("Angel has got no t-shirt.", true); + } + else $msg = error("Angel not found.", true); + } - $table = ""; - if ($search == "") - $tokens = array (); - else - $tokens = explode(" ", $search); - foreach ($users as $usr) { - if (count($tokens) > 0) { - $match = false; - $index = join("", $usr); - foreach ($tokens as $t) - if (strstr($index, trim($t))) { - $match = true; - break; - } - if (!$match) - continue; - } - $table .= '<tr>'; - $table .= '<td>' . $usr['Nick'] . '</td>'; - $table .= '<td>' . $tshirt_sizes[$usr['Size']] . '</td>'; - $table .= '<td>' . $usr['shift_count'] . '</td>'; + $users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit); - if ($usr['shift_count'] == 0) - $table .= '<td>-</td>'; - else - $table .= '<td>' . round($usr['shift_length'] / 60) . ' min (' . round($usr['shift_length'] / 3600) . ' h)</td>'; + $table = ""; + if ($search == "") + $tokens = array (); + else + $tokens = explode(" ", $search); + foreach ($users as $usr) { + if (count($tokens) > 0) { + $match = false; + $index = join("", $usr); + foreach ($tokens as $t) + if (strstr($index, trim($t))) { + $match = true; + break; + } + if (!$match) + continue; + } + $table .= '<tr>'; + $table .= '<td>' . $usr['Nick'] . '</td>'; + $table .= '<td>' . $tshirt_sizes[$usr['Size']] . '</td>'; + $table .= '<td>' . $usr['shift_count'] . '</td>'; - if ($usr['Aktiv'] == 1) - $table .= '<td>yes</td>'; - else - $table .= '<td></td>'; - if ($usr['Tshirt'] == 1) - $table .= '<td>yes</td>'; - else - $table .= '<td></td>'; + if ($usr['shift_count'] == 0) + $table .= '<td>-</td>'; + else + $table .= '<td>' . round($usr['shift_length'] / 60) . ' min (' . round($usr['shift_length'] / 3600) . ' h)</td>'; - $actions = array (); - if ($usr['Aktiv'] == 0) - $actions[] = '<a href="' . page_link_to('admin_active') . '&active=' . $usr['UID'] . '&search=' . $search . '">set active</a>'; - if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) { - $actions[] = '<a href="' . page_link_to('admin_active') . '&not_active=' . $usr['UID'] . '&search=' . $search . '">remove active</a>'; - $actions[] = '<a href="' . page_link_to('admin_active') . '&tshirt=' . $usr['UID'] . '&search=' . $search . '">got t-shirt</a>'; - } - if ($usr['Tshirt'] == 1) - $actions[] = '<a href="' . page_link_to('admin_active') . '&not_tshirt=' . $usr['UID'] . '&search=' . $search . '">remove t-shirt</a>'; + if ($usr['Aktiv'] == 1) + $table .= '<td>yes</td>'; + else + $table .= '<td></td>'; + if ($usr['Tshirt'] == 1) + $table .= '<td>yes</td>'; + else + $table .= '<td></td>'; - $table .= '<td>' . join(' | ', $actions) . '</td>'; + $actions = array (); + if ($usr['Aktiv'] == 0) + $actions[] = '<a href="' . page_link_to('admin_active') . '&active=' . $usr['UID'] . '&search=' . $search . '">set active</a>'; + if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) { + $actions[] = '<a href="' . page_link_to('admin_active') . '&not_active=' . $usr['UID'] . '&search=' . $search . '">remove active</a>'; + $actions[] = '<a href="' . page_link_to('admin_active') . '&tshirt=' . $usr['UID'] . '&search=' . $search . '">got t-shirt</a>'; + } + if ($usr['Tshirt'] == 1) + $actions[] = '<a href="' . page_link_to('admin_active') . '&not_tshirt=' . $usr['UID'] . '&search=' . $search . '">remove t-shirt</a>'; - $table .= '</tr>'; - } - return template_render('../templates/admin_active.html', array ( - 'search' => $search, - 'count' => $count, - 'set_active' => $set_active, - 'table' => $table, - 'msg' => $msg, - 'link' => page_link_to('admin_active') - )); + $table .= '<td>' . join(' | ', $actions) . '</td>'; + + $table .= '</tr>'; + } + return template_render('../templates/admin_active.html', array ( + 'search' => $search, + 'count' => $count, + 'set_active' => $set_active, + 'table' => $table, + 'msg' => $msg, + 'link' => page_link_to('admin_active') + )); } ?>
\ No newline at end of file diff --git a/includes/pages/admin_angel_types.php b/includes/pages/admin_angel_types.php index 90289d61..d5841d1c 100644 --- a/includes/pages/admin_angel_types.php +++ b/includes/pages/admin_angel_types.php @@ -47,10 +47,13 @@ function admin_angel_types() { $restricted = 0; if ($ok) { - if (isset ($id)) + if (isset ($id)) { sql_query("UPDATE `AngelTypes` SET `name`='" . sql_escape($name) . "', `restricted`=" . sql_escape($restricted) . " WHERE `id`=" . sql_escape($id) . " LIMIT 1"); - else + engelsystem_log("Updated angeltype: " . $name . ", restricted: " . $restricted); + } else { sql_query("INSERT INTO `AngelTypes` SET `name`='" . sql_escape($name) . "', `restricted`=" . sql_escape($restricted)); + engelsystem_log("Created angeltype: " . $name . ", restricted: " . $restricted); + } success("Angel type saved."); redirect(page_link_to('admin_angel_types')); @@ -76,6 +79,7 @@ function admin_angel_types() { sql_query("DELETE FROM `ShiftEntry` WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `AngelTypes` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `UserAngelTypes` WHERE `angeltype_id`=" . sql_escape($id) . " LIMIT 1"); + engelsystem_log("Deleted angel type: " . $name); success(sprintf("Angel type %s deleted.", $name)); redirect(page_link_to('admin_angel_types')); } diff --git a/includes/pages/admin_arrive.php b/includes/pages/admin_arrive.php index 2acad0b3..70a43394 100644 --- a/includes/pages/admin_arrive.php +++ b/includes/pages/admin_arrive.php @@ -1,52 +1,60 @@ <?php function admin_arrive() { - $msg = ""; - $search = ""; - if (isset ($_REQUEST['search'])) - $search = strip_request_item('search'); + $msg = ""; + $search = ""; + if (isset ($_REQUEST['search'])) + $search = strip_request_item('search'); - if (isset ($_REQUEST['reset']) && preg_match("/^[0-9]*$/", $_REQUEST['reset'])) { - $id = $_REQUEST['reset']; - sql_query("UPDATE `User` SET `Gekommen`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - $msg = success("Reset done. Angel has not arrived.", true); - } - elseif (isset ($_REQUEST['arrived']) && preg_match("/^[0-9]*$/", $_REQUEST['arrived'])) { - $id = $_REQUEST['arrived']; - sql_query("UPDATE `User` SET `Gekommen`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - $msg = success("Angel has been marked as arrived.", true); - } + if (isset ($_REQUEST['reset']) && preg_match("/^[0-9]*$/", $_REQUEST['reset'])) { + $id = $_REQUEST['reset']; + $user_source = User($id); + if($user_source != null) { + sql_query("UPDATE `User` SET `Gekommen`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + engelsystem_log("User set to not arrived: " . $user_source['Nick']); + $msg = success("Reset done. Angel has not arrived.", true); + } else $msg = error("Angel not found.", true); + } + elseif (isset ($_REQUEST['arrived']) && preg_match("/^[0-9]*$/", $_REQUEST['arrived'])) { + $id = $_REQUEST['arrived']; + $user_source = User($id); + if($user_source != null) { + sql_query("UPDATE `User` SET `Gekommen`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + engelsystem_log("User set has arrived: " . $user_source['Nick']); + $msg = success("Angel has been marked as arrived.", true); + } else $msg = error("Angel not found.", true); + } - $users = sql_select("SELECT * FROM `User` ORDER BY `Nick`"); - $table = ""; - if ($search == "") - $tokens = array (); - else - $tokens = explode(" ", $search); - foreach ($users as $usr) { - if (count($tokens) > 0) { - $match = false; - $index = join("", $usr); - foreach ($tokens as $t) - if (strstr($index, trim($t))) { - $match = true; - break; - } - if (!$match) - continue; - } - $table .= '<tr>'; - $table .= '<td>' . $usr['Nick'] . '</td>'; - if ($usr['Gekommen'] == 1) - $table .= '<td>yes</td><td><a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">reset</a></td>'; - else - $table .= '<td></td><td><a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">arrived</a></td>'; - $table .= '</tr>'; - } - return template_render('../templates/admin_arrive.html', array ( - 'search' => $search, - 'table' => $table, - 'msg' => $msg, - 'link' => page_link_to('admin_arrive') - )); + $users = sql_select("SELECT * FROM `User` ORDER BY `Nick`"); + $table = ""; + if ($search == "") + $tokens = array (); + else + $tokens = explode(" ", $search); + foreach ($users as $usr) { + if (count($tokens) > 0) { + $match = false; + $index = join("", $usr); + foreach ($tokens as $t) + if (strstr($index, trim($t))) { + $match = true; + break; + } + if (!$match) + continue; + } + $table .= '<tr>'; + $table .= '<td>' . $usr['Nick'] . '</td>'; + if ($usr['Gekommen'] == 1) + $table .= '<td>yes</td><td><a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">reset</a></td>'; + else + $table .= '<td></td><td><a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">arrived</a></td>'; + $table .= '</tr>'; + } + return template_render('../templates/admin_arrive.html', array ( + 'search' => $search, + 'table' => $table, + 'msg' => $msg, + 'link' => page_link_to('admin_arrive') + )); } ?>
\ No newline at end of file diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php index 2fc789fa..df472359 100644 --- a/includes/pages/admin_groups.php +++ b/includes/pages/admin_groups.php @@ -1,91 +1,99 @@ <?php function admin_groups() { - global $user; + global $user; - $html = ""; - $groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`"); - if (!isset ($_REQUEST["action"])) { - $groups_html = ""; - foreach ($groups as $group) { - $groups_html .= sprintf( - '<tr><td>%s</td>', - $group['Name'] - ); - $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID'])); - $privileges_html = array (); + $html = ""; + $groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`"); + if (!isset ($_REQUEST["action"])) { + $groups_html = ""; + foreach ($groups as $group) { + $groups_html .= sprintf( + '<tr><td>%s</td>', + $group['Name'] + ); + $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID'])); + $privileges_html = array (); - foreach ($privileges as $priv) - $privileges_html[] = $priv['name']; + foreach ($privileges as $priv) + $privileges_html[] = $priv['name']; - $groups_html .= sprintf( - '<td>%s</td>' - . '<td><a href="%s&action=edit&id=%s">Ändern</a></td>', - join(', ', $privileges_html), - page_link_to("admin_groups"), - $group['UID'] - ); - } + $groups_html .= sprintf( + '<td>%s</td>' + . '<td><a href="%s&action=edit&id=%s">Ändern</a></td>', + join(', ', $privileges_html), + page_link_to("admin_groups"), + $group['UID'] + ); + } - return template_render('../templates/admin_groups.html', array ( - 'nick' => $user['Nick'], - 'groups' => $groups_html - )); - } else { - switch ($_REQUEST["action"]) { - case 'edit' : - if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) - $id = $_REQUEST['id']; - else - return error("Incomplete call, missing Groups ID.", true); + return template_render('../templates/admin_groups.html', array ( + 'nick' => $user['Nick'], + 'groups' => $groups_html + )); + } else { + switch ($_REQUEST["action"]) { + case 'edit' : + if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Groups ID.", true); - $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - if (count($room) > 0) { - list ($room) = $room; - $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`"); - $privileges_html = ""; - foreach ($privileges as $priv) - $privileges_html .= sprintf( - '<tr><td><input type="checkbox" ' - . 'name="privileges[]" value="%s" %s />' - . '</td> <td>%s</td> <td>%s</td></tr>', - $priv['id'], - ($priv['group_id'] != "" - ? 'checked="checked"' - : ''), - $priv['name'], - $priv['desc'] - ); + $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + if (count($room) > 0) { + list ($room) = $room; + $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`"); + $privileges_html = ""; + foreach ($privileges as $priv) + $privileges_html .= sprintf( + '<tr><td><input type="checkbox" ' + . 'name="privileges[]" value="%s" %s />' + . '</td> <td>%s</td> <td>%s</td></tr>', + $priv['id'], + ($priv['group_id'] != "" + ? 'checked="checked"' + : ''), + $priv['name'], + $priv['desc'] + ); - $html .= template_render('../templates/admin_groups_edit_form.html', array ( - 'link' => page_link_to("admin_groups"), - 'id' => $id, - 'privileges' => $privileges_html - )); - } else - return error("No Group found.", true); - break; + $html .= template_render('../templates/admin_groups_edit_form.html', array ( + 'link' => page_link_to("admin_groups"), + 'id' => $id, + 'privileges' => $privileges_html + )); + } else + return error("No Group found.", true); + break; - case 'save' : - if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) - $id = $_REQUEST['id']; - else - return error("Incomplete call, missing Groups ID.", true); + case 'save' : + if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Groups ID.", true); - $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - if (!is_array($_REQUEST['privileges'])) - $_REQUEST['privileges'] = array (); - if (count($room) > 0) { - list ($room) = $room; - sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id)); - foreach ($_REQUEST['privileges'] as $priv) - if (preg_match("/^[0-9]{1,}$/", $priv) && sql_num_query("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv)) > 0) - sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv)); - header("Location: " . page_link_to("admin_groups")); - } else - return error("No Group found.", true); - break; - } - } - return $html; + $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + if (!is_array($_REQUEST['privileges'])) + $_REQUEST['privileges'] = array (); + if (count($room) > 0) { + list ($room) = $room; + sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id)); + $privilege_names = array(); + foreach ($_REQUEST['privileges'] as $priv) { + if (preg_match("/^[0-9]{1,}$/", $priv)) { + $group_privileges_source = sql_select("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv) . " LIMIT 1"); + if(count($group_privileges_source) > 0) { + sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv)); + $privilege_names[] = $group_privileges_source[0]['name']; + } + } + } + engelsystem_log("Group privileges of group " . $room['Name'] . " edited: " . join(", ", $privilege_names)); + header("Location: " . page_link_to("admin_groups")); + } else + return error("No Group found.", true); + break; + } + } + return $html; } ?> diff --git a/includes/pages/admin_import.php b/includes/pages/admin_import.php index 5ac62d2d..9a31d5cd 100644 --- a/includes/pages/admin_import.php +++ b/includes/pages/admin_import.php @@ -1,279 +1,281 @@ <?php function admin_import() { - global $PentabarfXMLhost, $PentabarfXMLpath; - global $rooms_import; - global $user; - $html = ""; - - $step = "input"; - if (isset ($_REQUEST['step'])) - $step = $_REQUEST['step']; - - $html .= '<p>'; - $html .= $step == "input" ? '<b>1. Input</b>' : '1. Input'; - $html .= ' » '; - $html .= $step == "check" ? '<b>2. Validate</b>' : '2. Validate'; - $html .= ' » '; - $html .= $step == "import" ? '<b>3. Import</b>' : '3. Import'; - $html .= '</p>'; - - $import_file = '../import/import_' . $user['UID'] . '.xml'; - - switch ($step) { - case "input" : - $ok = false; - if ($test_handle = fopen('../import/tmp', 'w')) { - fclose($test_handle); - unlink('../import/tmp'); - } else { - $msg = error("Webserver has no write-permission on import directory.", true); - } - - if (isset ($_REQUEST['submit'])) { - $ok = true; - if (isset ($_REQUEST['user']) && $_REQUEST['user'] != "" && isset ($_REQUEST['password']) && $_REQUEST['password'] != "") { - $fp = fsockopen("ssl://$PentabarfXMLhost", 443, $errno, $errstr, 5); - - if (!$fp) { - $ok = false; - $msg = error("File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_REQUEST["url"] . "' not readable!" . "[$errstr ($errno)]", true); - } else { - $fileOut = fopen($import_file, "w"); - $head = 'GET /' . $PentabarfXMLpath . $_REQUEST["url"] . ' HTTP/1.1' . "\r\n" . - 'Host: ' . $PentabarfXMLhost . "\r\n" . - 'User-Agent: Engelsystem' . "\r\n" . - 'Authorization: Basic ' . - base64_encode($_REQUEST["user"] . ':' . $_REQUEST["password"]) . "\r\n" . - "\r\n"; - fputs($fp, $head); - $Zeilen = -1; - echo "<pre>"; - while (!feof($fp)) { - $Temp = fgets($fp, 1024); - - // show header - if ($Zeilen == -1) { - echo $Temp; - } - - // ende des headers - if ($Temp == "\r\n") { - echo "</pre>\n"; - $Zeilen = 0; - $Temp = ""; - } - - //file ende? - if ($Temp == "0\r\n") - break; - - if (($Zeilen > -1) && ($Temp != "ffb\r\n")) { - //steuerzeichen ausfiltern - if (strpos("#$Temp", "\r\n") > 0) - $Temp = substr($Temp, 0, strlen($Temp) - 2); - if (strpos("#$Temp", "1005") > 0) - $Temp = ""; - if (strpos("#$Temp", "783") > 0) - $Temp = ""; - //schreiben in file - fputs($fileOut, $Temp); - $Zeilen++; - } - } - fclose($fileOut); - fclose($fp); - $msg .= success("Es wurden $Zeilen Zeilen eingelesen.", true); - } - } - elseif (isset ($_FILES['xcal_file']) && ($_FILES['xcal_file']['error'] == 0)) { - if (move_uploaded_file($_FILES['xcal_file']['tmp_name'], $import_file)) { - libxml_use_internal_errors(true); - if (simplexml_load_file($import_file) === false) { - $ok = false; - $msg = error("No valid xml/xcal file provided.", true); - unlink($import_file); - } - } else { - $ok = false; - $msg = error("File upload went wrong.", true); - } - } else { - $ok = false; - $msg = error("Please provide some data.", true); - } - } - - if ($ok) - header("Location: " . page_link_to('admin_import') . "&step=check"); - else - $html .= template_render('../templates/admin_import_input.html', array ( - 'link' => page_link_to('admin_import'), - 'msg' => $msg, - 'url' => "https://$PentabarfXMLhost/$PentabarfXMLpath" - )); - break; - - case "check" : - if (!file_exists($import_file)) - header("Location: " . page_link_to('admin_import')); - - list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file); - list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file); - - $html .= template_render('../templates/admin_import_check.html', array ( - 'link' => page_link_to('admin_import'), - 'rooms_new' => count($rooms_new) == 0 ? "<tr><td>None</td></tr>" : table_body($rooms_new), - 'rooms_deleted' => count($rooms_deleted) == 0 ? "<tr><td>None</td></tr>" : table_body($rooms_deleted), - 'events_new' => count($events_new) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_new)), - 'events_updated' => count($events_updated) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_updated)), - 'events_deleted' => count($events_deleted) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_deleted)) - )); - break; - - case "import" : - if (!file_exists($import_file)) - header("Location: " . page_link_to('admin_import')); - - list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file); - foreach ($rooms_new as $room) { - sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($room) . "', `FromPentabarf`='Y', `Show`='Y'"); - $rooms_import[trim($room)] = sql_id(); - } - foreach ($rooms_deleted as $room) - sql_query("DELETE FROM `Room` WHERE `Name`='" . sql_escape($room) . "' LIMIT 1"); - - list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file); - foreach ($events_new as $event) - sql_query("INSERT INTO `Shifts` SET `name`='" . - sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "'"); - - foreach ($events_updated as $event) - sql_query("UPDATE `Shifts` SET `name`='" . - sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "' WHERE `PSID`=" . sql_escape($event['PSID']) . " LIMIT 1"); - - foreach ($events_deleted as $event) - sql_query("DELETE FROM `Shifts` WHERE `PSID`=" . - sql_escape($event['PSID']) . " LIMIT 1"); - - unlink($import_file); - - $html .= template_render('../templates/admin_import_import.html', array ()); - break; - } - - return $html; + global $PentabarfXMLhost, $PentabarfXMLpath; + global $rooms_import; + global $user; + $html = ""; + + $step = "input"; + if (isset ($_REQUEST['step'])) + $step = $_REQUEST['step']; + + $html .= '<p>'; + $html .= $step == "input" ? '<b>1. Input</b>' : '1. Input'; + $html .= ' » '; + $html .= $step == "check" ? '<b>2. Validate</b>' : '2. Validate'; + $html .= ' » '; + $html .= $step == "import" ? '<b>3. Import</b>' : '3. Import'; + $html .= '</p>'; + + $import_file = '../import/import_' . $user['UID'] . '.xml'; + + switch ($step) { + case "input" : + $ok = false; + if ($test_handle = fopen('../import/tmp', 'w')) { + fclose($test_handle); + unlink('../import/tmp'); + } else { + $msg = error("Webserver has no write-permission on import directory.", true); + } + + if (isset ($_REQUEST['submit'])) { + $ok = true; + if (isset ($_REQUEST['user']) && $_REQUEST['user'] != "" && isset ($_REQUEST['password']) && $_REQUEST['password'] != "") { + $fp = fsockopen("ssl://$PentabarfXMLhost", 443, $errno, $errstr, 5); + + if (!$fp) { + $ok = false; + $msg = error("File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_REQUEST["url"] . "' not readable!" . "[$errstr ($errno)]", true); + } else { + $fileOut = fopen($import_file, "w"); + $head = 'GET /' . $PentabarfXMLpath . $_REQUEST["url"] . ' HTTP/1.1' . "\r\n" . + 'Host: ' . $PentabarfXMLhost . "\r\n" . + 'User-Agent: Engelsystem' . "\r\n" . + 'Authorization: Basic ' . + base64_encode($_REQUEST["user"] . ':' . $_REQUEST["password"]) . "\r\n" . + "\r\n"; + fputs($fp, $head); + $Zeilen = -1; + echo "<pre>"; + while (!feof($fp)) { + $Temp = fgets($fp, 1024); + + // show header + if ($Zeilen == -1) { + echo $Temp; + } + + // ende des headers + if ($Temp == "\r\n") { + echo "</pre>\n"; + $Zeilen = 0; + $Temp = ""; + } + + //file ende? + if ($Temp == "0\r\n") + break; + + if (($Zeilen > -1) && ($Temp != "ffb\r\n")) { + //steuerzeichen ausfiltern + if (strpos("#$Temp", "\r\n") > 0) + $Temp = substr($Temp, 0, strlen($Temp) - 2); + if (strpos("#$Temp", "1005") > 0) + $Temp = ""; + if (strpos("#$Temp", "783") > 0) + $Temp = ""; + //schreiben in file + fputs($fileOut, $Temp); + $Zeilen++; + } + } + fclose($fileOut); + fclose($fp); + $msg .= success("Es wurden $Zeilen Zeilen eingelesen.", true); + } + } + elseif (isset ($_FILES['xcal_file']) && ($_FILES['xcal_file']['error'] == 0)) { + if (move_uploaded_file($_FILES['xcal_file']['tmp_name'], $import_file)) { + libxml_use_internal_errors(true); + if (simplexml_load_file($import_file) === false) { + $ok = false; + $msg = error("No valid xml/xcal file provided.", true); + unlink($import_file); + } + } else { + $ok = false; + $msg = error("File upload went wrong.", true); + } + } else { + $ok = false; + $msg = error("Please provide some data.", true); + } + } + + if ($ok) + header("Location: " . page_link_to('admin_import') . "&step=check"); + else + $html .= template_render('../templates/admin_import_input.html', array ( + 'link' => page_link_to('admin_import'), + 'msg' => $msg, + 'url' => "https://$PentabarfXMLhost/$PentabarfXMLpath" + )); + break; + + case "check" : + if (!file_exists($import_file)) + header("Location: " . page_link_to('admin_import')); + + list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file); + list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file); + + $html .= template_render('../templates/admin_import_check.html', array ( + 'link' => page_link_to('admin_import'), + 'rooms_new' => count($rooms_new) == 0 ? "<tr><td>None</td></tr>" : table_body($rooms_new), + 'rooms_deleted' => count($rooms_deleted) == 0 ? "<tr><td>None</td></tr>" : table_body($rooms_deleted), + 'events_new' => count($events_new) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_new)), + 'events_updated' => count($events_updated) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_updated)), + 'events_deleted' => count($events_deleted) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_deleted)) + )); + break; + + case "import" : + if (!file_exists($import_file)) + header("Location: " . page_link_to('admin_import')); + + list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file); + foreach ($rooms_new as $room) { + sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($room) . "', `FromPentabarf`='Y', `Show`='Y'"); + $rooms_import[trim($room)] = sql_id(); + } + foreach ($rooms_deleted as $room) + sql_query("DELETE FROM `Room` WHERE `Name`='" . sql_escape($room) . "' LIMIT 1"); + + list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file); + foreach ($events_new as $event) + sql_query("INSERT INTO `Shifts` SET `name`='" . + sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "'"); + + foreach ($events_updated as $event) + sql_query("UPDATE `Shifts` SET `name`='" . + sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "' WHERE `PSID`=" . sql_escape($event['PSID']) . " LIMIT 1"); + + foreach ($events_deleted as $event) + sql_query("DELETE FROM `Shifts` WHERE `PSID`=" . + sql_escape($event['PSID']) . " LIMIT 1"); + + engelsystem_log("Pentabarf import done"); + + unlink($import_file); + + $html .= template_render('../templates/admin_import_import.html', array ()); + break; + } + + return $html; } function prepare_rooms($file) { - global $rooms_import; - $data = read_xml($file); - - // Load rooms from db for compare with input - $rooms = sql_select("SELECT * FROM `Room` WHERE `FromPentabarf`='Y'"); - $rooms_db = array (); - $rooms_import = array (); - foreach ($rooms as $room) { - $rooms_db[] = $room['Name']; - $rooms_import[$room['Name']] = $room['RID']; - } - - $events = $data->vcalendar->vevent; - $rooms_pb = array (); - foreach ($events as $event) { - $rooms_pb[] = $event->location; - if (!isset ($rooms_import[trim($event->location)])) - $rooms_import[trim($event->location)] = trim($event->location); - } - $rooms_pb = array_unique($rooms_pb); - - $rooms_new = array_diff($rooms_pb, $rooms_db); - $rooms_deleted = array_diff($rooms_db, $rooms_pb); - - return array ( - $rooms_new, - $rooms_deleted - ); + global $rooms_import; + $data = read_xml($file); + + // Load rooms from db for compare with input + $rooms = sql_select("SELECT * FROM `Room` WHERE `FromPentabarf`='Y'"); + $rooms_db = array (); + $rooms_import = array (); + foreach ($rooms as $room) { + $rooms_db[] = $room['Name']; + $rooms_import[$room['Name']] = $room['RID']; + } + + $events = $data->vcalendar->vevent; + $rooms_pb = array (); + foreach ($events as $event) { + $rooms_pb[] = $event->location; + if (!isset ($rooms_import[trim($event->location)])) + $rooms_import[trim($event->location)] = trim($event->location); + } + $rooms_pb = array_unique($rooms_pb); + + $rooms_new = array_diff($rooms_pb, $rooms_db); + $rooms_deleted = array_diff($rooms_db, $rooms_pb); + + return array ( + $rooms_new, + $rooms_deleted + ); } function prepare_events($file) { - global $rooms_import; - $data = read_xml($file); - - $rooms = sql_select("SELECT * FROM `Room`"); - $rooms_db = array (); - foreach ($rooms as $room) - $rooms_db[$room['Name']] = $room['RID']; - - $events = $data->vcalendar->vevent; - $shifts_pb = array (); - foreach ($events as $event) { - $event_pb = $event->children("http://pentabarf.org"); - $event_id = trim($event_pb-> { - 'event-id' }); - $shifts_pb[$event_id] = array ( - 'start' => DateTime :: createFromFormat("Ymd\THis", $event->dtstart)->getTimestamp(), - 'end' => DateTime :: createFromFormat("Ymd\THis", $event->dtend)->getTimestamp(), - 'RID' => $rooms_import[trim($event->location)], - 'name' => trim($event->summary), - 'URL' => trim($event->url), - 'PSID' => $event_id - ); - } - - $shifts = sql_select("SELECT * FROM `Shifts` WHERE `PSID` IS NOT NULL ORDER BY `start`"); - $shifts_db = array (); - foreach ($shifts as $shift) - $shifts_db[$shift['PSID']] = $shift; - - $shifts_new = array (); - $shifts_updated = array (); - foreach ($shifts_pb as $shift) - if (!isset ($shifts_db[$shift['PSID']])) - $shifts_new[] = $shift; - else { - $tmp = $shifts_db[$shift['PSID']]; - if ($shift['name'] != $tmp['name'] || $shift['start'] != $tmp['start'] || $shift['end'] != $tmp['end'] || $shift['RID'] != $tmp['RID'] || $shift['URL'] != $tmp['URL']) - $shifts_updated[] = $shift; - } - - $shifts_deleted = array (); - foreach ($shifts_db as $shift) - if (!isset ($shifts_pb[$shift['PSID']])) - $shifts_deleted[] = $shift; - - return array ( - $shifts_new, - $shifts_updated, - $shifts_deleted - ); + global $rooms_import; + $data = read_xml($file); + + $rooms = sql_select("SELECT * FROM `Room`"); + $rooms_db = array (); + foreach ($rooms as $room) + $rooms_db[$room['Name']] = $room['RID']; + + $events = $data->vcalendar->vevent; + $shifts_pb = array (); + foreach ($events as $event) { + $event_pb = $event->children("http://pentabarf.org"); + $event_id = trim($event_pb-> { + 'event-id' }); + $shifts_pb[$event_id] = array ( + 'start' => DateTime :: createFromFormat("Ymd\THis", $event->dtstart)->getTimestamp(), + 'end' => DateTime :: createFromFormat("Ymd\THis", $event->dtend)->getTimestamp(), + 'RID' => $rooms_import[trim($event->location)], + 'name' => trim($event->summary), + 'URL' => trim($event->url), + 'PSID' => $event_id + ); + } + + $shifts = sql_select("SELECT * FROM `Shifts` WHERE `PSID` IS NOT NULL ORDER BY `start`"); + $shifts_db = array (); + foreach ($shifts as $shift) + $shifts_db[$shift['PSID']] = $shift; + + $shifts_new = array (); + $shifts_updated = array (); + foreach ($shifts_pb as $shift) + if (!isset ($shifts_db[$shift['PSID']])) + $shifts_new[] = $shift; + else { + $tmp = $shifts_db[$shift['PSID']]; + if ($shift['name'] != $tmp['name'] || $shift['start'] != $tmp['start'] || $shift['end'] != $tmp['end'] || $shift['RID'] != $tmp['RID'] || $shift['URL'] != $tmp['URL']) + $shifts_updated[] = $shift; + } + + $shifts_deleted = array (); + foreach ($shifts_db as $shift) + if (!isset ($shifts_pb[$shift['PSID']])) + $shifts_deleted[] = $shift; + + return array ( + $shifts_new, + $shifts_updated, + $shifts_deleted + ); } function read_xml($file) { - global $xml_import; - if (!isset ($xml_import)) - $xml_import = simplexml_load_file($file); - return $xml_import; + global $xml_import; + if (!isset ($xml_import)) + $xml_import = simplexml_load_file($file); + return $xml_import; } function shifts_printable($shifts) { - global $rooms_import; - $rooms = array_flip($rooms_import); - - uasort($shifts, 'shift_sort'); - - $shifts_printable = array (); - foreach ($shifts as $shift) - $shifts_printable[] = array ( - 'day' => date("l, Y-m-d", $shift['start']), - 'start' => date("H:i", $shift['start']), - 'name' => shorten($shift['name']), - 'end' => date("H:i", $shift['end']), - 'room' => $rooms[$shift['RID']] - ); - return $shifts_printable; + global $rooms_import; + $rooms = array_flip($rooms_import); + + uasort($shifts, 'shift_sort'); + + $shifts_printable = array (); + foreach ($shifts as $shift) + $shifts_printable[] = array ( + 'day' => date("l, Y-m-d", $shift['start']), + 'start' => date("H:i", $shift['start']), + 'name' => shorten($shift['name']), + 'end' => date("H:i", $shift['end']), + 'room' => $rooms[$shift['RID']] + ); + return $shifts_printable; } function shift_sort($a, $b) { - return ($a['start'] < $b['start']) ? -1 : 1; + return ($a['start'] < $b['start']) ? -1 : 1; } ?> diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php index ca1f81fc..f6c06001 100644 --- a/includes/pages/admin_news.php +++ b/includes/pages/admin_news.php @@ -1,87 +1,89 @@ <?php function admin_news() { - global $user; - - if (!isset ($_GET["action"])) { - header("Location: " . page_link_to("news")); - } else { - $html = ""; - switch ($_GET["action"]) { - case 'edit' : - if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) - $id = $_REQUEST['id']; - else - return error("Incomplete call, missing News ID.", true); + global $user; - $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); - if (count($news) > 0) { - list ($news) = $news; + if (!isset ($_GET["action"])) { + header("Location: " . page_link_to("news")); + } else { + $html = ""; + switch ($_GET["action"]) { + case 'edit' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing News ID.", true); - $html .= '<a href="' . page_link_to("news") . '">« Back</a>'; + $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + if (count($news) > 0) { + list ($news) = $news; - $html .= "<form action=\"" . page_link_to("admin_news") . "&action=save\" method=\"post\">\n"; + $html .= '<a href="' . page_link_to("news") . '">« Back</a>'; - $html .= "<table>\n"; - $html .= " <tr><td>Datum</td><td>" . - date("Y-m-d H:i", $news['Datum']) . "</td></tr>\n"; - $html .= " <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"" . - $news["Betreff"] . "\"></td></tr>\n"; - $html .= " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">" . - $news["Text"] . "</textarea></td></tr>\n"; - $html .= " <tr><td>Engel</td><td>" . - UID2Nick($news["UID"]) . "</td></tr>\n"; - $html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', 'eTreffen', array ( - '1' => "Ja", - '0' => "Nein" - ), $news['Treffen']) . "</td></tr>\n"; - $html .= "</table>"; + $html .= "<form action=\"" . page_link_to("admin_news") . "&action=save\" method=\"post\">\n"; - $html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n"; - $html .= "<input type=\"submit\" name=\"submit\" value=\"Speichern\">\n"; - $html .= "</form>"; + $html .= "<table>\n"; + $html .= " <tr><td>Datum</td><td>" . + date("Y-m-d H:i", $news['Datum']) . "</td></tr>\n"; + $html .= " <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"" . + $news["Betreff"] . "\"></td></tr>\n"; + $html .= " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">" . + $news["Text"] . "</textarea></td></tr>\n"; + $html .= " <tr><td>Engel</td><td>" . + UID2Nick($news["UID"]) . "</td></tr>\n"; + $html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', 'eTreffen', array ( + '1' => "Ja", + '0' => "Nein" + ), $news['Treffen']) . "</td></tr>\n"; + $html .= "</table>"; - $html .= "<form action=\"" . page_link_to("admin_news") . "&action=delete\" method=\"POST\">\n"; - $html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n"; - $html .= "<input type=\"submit\" name=\"submit\" value=\"Löschen\">\n"; - $html .= "</form>"; - } else - return error("No News found.", true); - break; + $html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n"; + $html .= "<input type=\"submit\" name=\"submit\" value=\"Speichern\">\n"; + $html .= "</form>"; - case 'save' : - if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) - $id = $_REQUEST['id']; - else - return error("Incomplete call, missing News ID.", true); + $html .= "<form action=\"" . page_link_to("admin_news") . "&action=delete\" method=\"POST\">\n"; + $html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n"; + $html .= "<input type=\"submit\" name=\"submit\" value=\"Löschen\">\n"; + $html .= "</form>"; + } else + return error("No News found.", true); + break; - $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); - if (count($news) > 0) { - list ($news) = $news; + case 'save' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing News ID.", true); - sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) . - "', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1"); - header("Location: " . page_link_to("news")); - } else - return error("No News found.", true); - break; + $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + if (count($news) > 0) { + list ($news) = $news; - case 'delete' : - if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) - $id = $_REQUEST['id']; - else - return error("Incomplete call, missing News ID.", true); + sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) . + "', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1"); + engelsystem_log("News updated: " . $_POST["eBetreff"]); + header("Location: " . page_link_to("news")); + } else + return error("No News found.", true); + break; - $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); - if (count($news) > 0) { - list ($news) = $news; + case 'delete' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing News ID.", true); - sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); - header("Location: " . page_link_to("news")); - } else - return error("No News found.", true); - break; - } - } - return $html; + $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + if (count($news) > 0) { + list ($news) = $news; + + sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + engelsystem_log("News deleted: " . $news['Betreff']); + header("Location: " . page_link_to("news")); + } else + return error("No News found.", true); + break; + } + } + return $html; } ?>
\ No newline at end of file diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php index df5e9196..a85c8c0f 100644 --- a/includes/pages/admin_questions.php +++ b/includes/pages/admin_questions.php @@ -1,85 +1,87 @@ <?php function admin_new_questions() { - global $user, $privileges; + global $user, $privileges; - if (in_array("admin_questions", $privileges)) { - $new_messages = sql_num_query("SELECT * FROM `Questions` WHERE `AID`=0"); + if (in_array("admin_questions", $privileges)) { + $new_messages = sql_num_query("SELECT * FROM `Questions` WHERE `AID`=0"); - if ($new_messages > 0) - return '<p class="info"><a href="' . page_link_to("admin_questions") . '">Es gibt unbeantwortete Fragen!</a></p><hr />'; - } + if ($new_messages > 0) + return '<p class="info"><a href="' . page_link_to("admin_questions") . '">Es gibt unbeantwortete Fragen!</a></p><hr />'; + } - return ""; + return ""; } function admin_questions() { - global $user; + global $user; - if (!isset ($_REQUEST['action'])) { - $open_questions = ""; - $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0"); - foreach ($questions as $question) - $open_questions .= template_render( - '../templates/admin_question_unanswered.html', array ( - 'question_nick' => UID2Nick($question['UID']), - 'question_id' => $question['QID'], - 'link' => page_link_to("admin_questions"), - 'question' => str_replace("\n", '<br />', $question['Question']) - )); + if (!isset ($_REQUEST['action'])) { + $open_questions = ""; + $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0"); + foreach ($questions as $question) + $open_questions .= template_render( + '../templates/admin_question_unanswered.html', array ( + 'question_nick' => UID2Nick($question['UID']), + 'question_id' => $question['QID'], + 'link' => page_link_to("admin_questions"), + 'question' => str_replace("\n", '<br />', $question['Question']) + )); - $answered_questions = ""; - $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0"); + $answered_questions = ""; + $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0"); - foreach ($questions as $question) - $answered_questions .= template_render( - '../templates/admin_question_answered.html', array ( - 'question_id' => $question['QID'], - 'question_nick' => UID2Nick($question['UID']), - 'question' => str_replace("\n", "<br />", $question['Question']), - 'answer_nick' => UID2Nick($question['AID']), - 'answer' => str_replace("\n", "<br />", $question['Answer']), - 'link' => page_link_to("admin_questions"), - )); + foreach ($questions as $question) + $answered_questions .= template_render( + '../templates/admin_question_answered.html', array ( + 'question_id' => $question['QID'], + 'question_nick' => UID2Nick($question['UID']), + 'question' => str_replace("\n", "<br />", $question['Question']), + 'answer_nick' => UID2Nick($question['AID']), + 'answer' => str_replace("\n", "<br />", $question['Answer']), + 'link' => page_link_to("admin_questions"), + )); - return template_render('../templates/admin_questions.html', array ( - 'link' => page_link_to("admin_questions"), - 'open_questions' => $open_questions, - 'answered_questions' => $answered_questions - )); - } else { - switch ($_REQUEST['action']) { - case 'answer' : - if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) - $id = $_REQUEST['id']; - else - return error("Incomplete call, missing Question ID.", true); + return template_render('../templates/admin_questions.html', array ( + 'link' => page_link_to("admin_questions"), + 'open_questions' => $open_questions, + 'answered_questions' => $answered_questions + )); + } else { + switch ($_REQUEST['action']) { + case 'answer' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Question ID.", true); - $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); - if (count($question) > 0 && $question[0]['AID'] == "0") { - $answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer']))); + $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + if (count($question) > 0 && $question[0]['AID'] == "0") { + $answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer']))); - if ($answer != "") { - sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); - header("Location: " . page_link_to("admin_questions")); - } else - return error("Gib eine Antwort ein!", true); - } else - return error("No question found.", true); - break; - case 'delete' : - if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) - $id = $_REQUEST['id']; - else - return error("Incomplete call, missing Question ID.", true); + if ($answer != "") { + sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + engelsystem_log("Question " . $question[0]['Question'] . " answered: " . $answer); + header("Location: " . page_link_to("admin_questions")); + } else + return error("Gib eine Antwort ein!", true); + } else + return error("No question found.", true); + break; + case 'delete' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Question ID.", true); - $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); - if (count($question) > 0) { - sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); - header("Location: " . page_link_to("admin_questions")); - } else - return error("No question found.", true); - break; - } - } + $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + if (count($question) > 0) { + sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + engelsystem_log("Question deleted: " . $question[0]['Question']); + header("Location: " . page_link_to("admin_questions")); + } else + return error("No question found.", true); + break; + } + } } ?> diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php index 160316c6..b92ea6a8 100644 --- a/includes/pages/admin_rooms.php +++ b/includes/pages/admin_rooms.php @@ -77,17 +77,26 @@ function admin_rooms() { } if ($ok) { - if(isset($id)) + if(isset($id)) { sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`=" . sql_escape($id) . " LIMIT 1"); - else { + engelsystem_log("Room updated: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number); + } else { sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "'");
$id = sql_id(); + engelsystem_log("Room created: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number); } sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($id)); - foreach ($angeltypes_count as $angeltype_id => $angeltype_count) - sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`=" . sql_escape($id) . ", `angel_type_id`=" . sql_escape($angeltype_id) . ", `count`=" . sql_escape($angeltype_count)); + $needed_angeltype_info = array(); + foreach ($angeltypes_count as $angeltype_id => $angeltype_count) { + $angeltype_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($angeltype_id) . " LIMIT 1"); + if(count($angeltype_source) > 0) { + sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`=" . sql_escape($id) . ", `angel_type_id`=" . sql_escape($angeltype_id) . ", `count`=" . sql_escape($angeltype_count)); + $needed_angeltype_info[] = $angeltypes_source[0]['name'] . ": " . $angeltype_count; + } + } + engelsystem_log("Set needed angeltypes of room " . $name . " to: " . join(", ", $needed_angeltype_info)); success("Room saved."); redirect(page_link_to("admin_rooms")); } @@ -116,6 +125,8 @@ function admin_rooms() { if (isset ($_REQUEST['ack'])) { sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($id) . " LIMIT 1"); + + engelsystem_log("Room deleted: " . $name); success(sprintf("Room %s deleted.", $name)); redirect(page_link_to('admin_rooms')); } diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php index 303c580c..f35fa312 100644 --- a/includes/pages/admin_shifts.php +++ b/includes/pages/admin_shifts.php @@ -233,11 +233,18 @@ function admin_shifts() { foreach ($_SESSION['admin_shifts_shifts'] as $shift) { sql_query("INSERT INTO `Shifts` SET `start`=" . sql_escape($shift['start']) . ", `end`=" . sql_escape($shift['end']) . ", `RID`=" . sql_escape($shift['RID']) . ", `name`='" . sql_escape($shift['name']) . "'"); $shift_id = sql_id(); + engelsystem_log("Shift created: " . $shift['name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end'])); + $needed_angel_types_info = array(); foreach ($_SESSION['admin_shifts_types'] as $type_id => $count) { - sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count)); + $angel_type_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($type_id) . " LIMIT 1"); + if(count($angel_type_source) > 0) { + sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count)); + $needed_angel_types_info[] = $angel_type_source[0]['name'] . ": " . $count; + } } } + engelsystem_log("Shift needs following angel types: " . join(", ", $needed_angel_types_info)); $msg = success("Schichten angelegt.", true); } else { unset ($_SESSION['admin_shifts_shifts']); diff --git a/includes/pages/admin_user_angeltypes.php b/includes/pages/admin_user_angeltypes.php index b22178e0..38c4d9c8 100644 --- a/includes/pages/admin_user_angeltypes.php +++ b/includes/pages/admin_user_angeltypes.php @@ -8,16 +8,24 @@ function admin_user_angeltypes() { global $privileges; if (isset ($_REQUEST['confirm']) && test_request_int('confirm') && sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " AND `confirm_user_id` IS NULL") > 0) { - sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($_SESSION['uid']) . " WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1"); - - success("Confirmed."); + $user_angel_type_source = sql_select("SELECT `UserAngelTypes`.*, `User`.`Nick`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `User` ON `User`.`UID`=`UserAngelTypes`.`user_id` JOIN `AngelTypes` ON `AngelTypes`.`id`=`UserAngelTypes`.`angeltype_id` WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1"); + if(count($user_angel_type_source) > 0) { + sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($_SESSION['uid']) . " WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1"); + engelsystem_log("Confirmed " . $user_angel_type_source[0]['Nick'] . " as " . $user_angel_type_source[0]['name']); + success("Confirmed."); + } + else error("Entry not found."); redirect(page_link_to('admin_user_angeltypes')); } if (isset ($_REQUEST['discard']) && test_request_int('discard') && sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " AND `confirm_user_id` IS NULL") > 0) { - sql_query("DELETE FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1"); - - success("Discarded."); + $user_angel_type_source = sql_select("SELECT `UserAngelTypes`.*, `User`.`Nick`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `User` ON `User`.`UID`=`UserAngelTypes`.`user_id` JOIN `AngelTypes` ON `AngelTypes`.`id`=`UserAngelTypes`.`angeltype_id` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1"); + if(count($user_angel_type_source) > 0) { + sql_query("DELETE FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1"); + engelsystem_log("Discarded " . $user_angel_type_source[0]['Nick'] . " as " . $user_angel_type_source[0]['name']); + success("Discarded."); + } + else error("Entry not found."); redirect(page_link_to('admin_user_angeltypes')); } |