diff options
Diffstat (limited to 'includes/pages')
| -rw-r--r-- | includes/pages/admin_angel_types.php | 96 | ||||
| -rw-r--r-- | includes/pages/admin_faq.php | 105 | ||||
| -rw-r--r-- | includes/pages/admin_groups.php | 91 | ||||
| -rw-r--r-- | includes/pages/admin_import.php | 253 | ||||
| -rw-r--r-- | includes/pages/admin_language.php | 110 | ||||
| -rw-r--r-- | includes/pages/admin_log.php | 76 | ||||
| -rw-r--r-- | includes/pages/admin_news.php | 87 | ||||
| -rw-r--r-- | includes/pages/admin_questions.php | 85 | ||||
| -rw-r--r-- | includes/pages/admin_rooms.php | 143 | ||||
| -rw-r--r-- | includes/pages/admin_user.php | 324 | ||||
| -rw-r--r-- | includes/pages/guest_credits.php | 5 | ||||
| -rw-r--r-- | includes/pages/guest_faq.php | 24 | ||||
| -rw-r--r-- | includes/pages/guest_login.php | 269 | ||||
| -rw-r--r-- | includes/pages/guest_start.php | 13 | ||||
| -rw-r--r-- | includes/pages/user_messages.php | 239 | ||||
| -rw-r--r-- | includes/pages/user_news.php | 168 | ||||
| -rw-r--r-- | includes/pages/user_questions.php | 50 | ||||
| -rw-r--r-- | includes/pages/user_settings.php | 252 | ||||
| -rw-r--r-- | includes/pages/user_wakeup.php | 86 |
19 files changed, 2476 insertions, 0 deletions
diff --git a/includes/pages/admin_angel_types.php b/includes/pages/admin_angel_types.php new file mode 100644 index 00000000..c5283899 --- /dev/null +++ b/includes/pages/admin_angel_types.php @@ -0,0 +1,96 @@ +<?php + +function admin_angel_types() { + $html = ""; + if (!isset ($_REQUEST['action'])) { + + $table = ""; + $angel_types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `Name`"); + + foreach ($angel_types as $angel_type) + $table .= sprintf( + '<tr><td>%s</td><td>%s</td><td>' + . '<a href="%s&action=edit&id=%s">Edit</a></td></tr>', + $angel_type['Name'], $angel_type['Man'], + page_link_to("admin_angel_types"), + $angel_type['TID'] + ); + + $html .= template_render('../templates/admin_angel_types.html', array ( + 'link' => page_link_to("admin_angel_types"), + 'table' => $table + )); + + } else { + + switch ($_REQUEST['action']) { + + case 'create' : + $name = strip_request_item("name"); + $man = strip_request_item("man"); + + sql_query("INSERT INTO `AngelTypes` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "'"); + + header("Location: " . page_link_to("admin_angel_types")); + break; + + case 'edit' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing AngelType ID."); + + $angel_type = sql_select("SELECT * FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); + if (count($angel_type) > 0) { + list ($angel_type) = $angel_type; + + $html .= template_render( + '../templates/admin_angel_types_edit_form.html', array ( + 'link' => page_link_to("admin_angel_types"), + 'id' => $id, + 'name' => $angel_type['Name'], + 'man' => $angel_type['Man'] + )); + } else + return error("No Angel Type found."); + break; + + case 'save' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing AngelType ID."); + + $angel_type = sql_select("SELECT * FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); + if (count($angel_type) > 0) { + list ($angel_type) = $angel_type; + + $name = strip_request_item("name"); + $man = strip_request_item("man"); + + sql_query("UPDATE `AngelTypes` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "' WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("admin_angel_types")); + } else + return error("No Angel Type found."); + break; + + case 'delete' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing AngelType ID."); + + $angel_type = sql_select("SELECT * FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); + if (count($angel_type) > 0) { + sql_query("DELETE FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("DELETE FROM `RoomAngelTypes` WHERE `angel_type_id`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("admin_angel_types")); + } else + return error("No Angel Type found."); + break; + } + } + + return $html; +} +?> diff --git a/includes/pages/admin_faq.php b/includes/pages/admin_faq.php new file mode 100644 index 00000000..b8ba1a64 --- /dev/null +++ b/includes/pages/admin_faq.php @@ -0,0 +1,105 @@ +<?php +function admin_faq() { + if (!isset ($_REQUEST['action'])) { + $faqs_html = ""; + $faqs = sql_select("SELECT * FROM `FAQ`"); + foreach ($faqs as $faq) { + $faqs_html .= sprintf( + '<tr><td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>' + . '<td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>' + . '<td><a href="%s&action=edit&id=%s">Edit</a></td></tr>', + $faq['Frage_de'], $faq['Antwort_de'], + $faq['Frage_en'], $faq['Antwort_en'], + page_link_to('admin_faq'), $faq['FID'] + ); + } + return template_render('../templates/admin_faq.html', array ( + 'link' => page_link_to("admin_faq"), + 'faqs' => $faqs_html + )); + } else { + switch ($_REQUEST['action']) { + case 'create' : + $frage = strip_request_item_nl('frage'); + $antwort = strip_request_item_nl('antwort'); + $question = strip_request_item_nl('question'); + $answer = strip_request_item_nl('answer'); + + sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage) + . "', `Frage_en`='" . sql_escape($question) + . "', `Antwort_de`='" . sql_escape($antwort) + . "', `Antwort_en`='" . sql_escape($answer) + . "'" + ); + + header("Location: " . page_link_to("admin_faq")); + break; + + case 'save' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing FAQ ID."); + + $faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); + if (count($faq) > 0) { + list ($faq) = $faq; + + $frage = strip_request_item_nl('frage'); + $antwort = strip_request_item_nl('antwort'); + $question = strip_request_item_nl('question'); + $answer = strip_request_item_nl('answer'); + + sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage) + . "', `Frage_en`='" . sql_escape($question) + . "', `Antwort_de`='" . sql_escape($antwort) + . "', `Antwort_en`='" . sql_escape($answer) + . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1" + ); + + header("Location: " . page_link_to("admin_faq")); + } else + return error("No FAQ found."); + break; + + case 'edit' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing FAQ ID."); + + $faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); + if (count($faq) > 0) { + list ($faq) = $faq; + + return template_render('../templates/admin_faq_edit_form.html', array ( + 'link' => page_link_to("admin_faq"), + 'id' => $id, + 'frage' => $faq['Frage_de'], + 'antwort' => $faq['Antwort_de'], + 'question' => $faq['Frage_en'], + 'answer' => $faq['Antwort_en'] + )); + } else + return error("No FAQ found."); + break; + + case 'delete' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing FAQ ID."); + + $faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); + if (count($faq) > 0) { + list ($faq) = $faq; + + sql_query("DELETE FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("admin_faq")); + } else + return error("No FAQ found."); + break; + } + } +} +?> diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php new file mode 100644 index 00000000..770f09b4 --- /dev/null +++ b/includes/pages/admin_groups.php @@ -0,0 +1,91 @@ +<?php +function admin_groups() { + global $user; + + $html = ""; + $groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`"); + if (!isset ($_REQUEST["action"])) { + $groups_html = ""; + foreach ($groups as $group) { + $groups_html .= sprintf( + '<tr><td>%s</td>', + $group['Name'] + ); + $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID'])); + $privileges_html = array (); + + foreach ($privileges as $priv) + $privileges_html[] = $priv['name']; + + $groups_html .= sprintf( + '<td>%s</td>' + . '<td><a href="%s&action=edit&id=%s">Ändern</a></td>', + join(', ', $privileges_html), + page_link_to("admin_groups"), + $group['UID'] + ); + } + + return template_render('../templates/admin_groups.html', array ( + 'nick' => $user['Nick'], + 'groups' => $groups_html + )); + } else { + switch ($_REQUEST["action"]) { + case 'edit' : + if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Groups ID."); + + $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + if (count($room) > 0) { + list ($room) = $room; + $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`"); + $privileges_html = ""; + foreach ($privileges as $priv) + $privileges_html .= sprintf( + '<tr><td><input type="checkbox" ' + . 'name="privileges[]" value="%s" %s />' + . '</td> <td>%s</td> <td>%s</td></tr>', + $priv['id'], + ($priv['group_id'] != "" + ? 'checked="checked"' + : ''), + $priv['name'], + $priv['desc'] + ); + + $html .= template_render('../templates/admin_groups_edit_form.html', array ( + 'link' => page_link_to("admin_groups"), + 'id' => $id, + 'privileges' => $privileges_html + )); + } else + return error("No Group found."); + break; + + case 'save' : + if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Groups ID."); + + $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + if (!is_array($_REQUEST['privileges'])) + $_REQUEST['privileges'] = array (); + if (count($room) > 0) { + list ($room) = $room; + sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id)); + foreach ($_REQUEST['privileges'] as $priv) + if (preg_match("/^[0-9]{1,}$/", $priv) && sql_num_query("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv)) > 0) + sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv)); + header("Location: " . page_link_to("admin_groups")); + } else + return error("No Group found."); + break; + } + } + return $html; +} +?> diff --git a/includes/pages/admin_import.php b/includes/pages/admin_import.php new file mode 100644 index 00000000..6523050c --- /dev/null +++ b/includes/pages/admin_import.php @@ -0,0 +1,253 @@ +<?php +function admin_import() { + global $Room, $RoomID, $RoomName; + global $PentabarfGetWith, $PentabarfXMLpath, $PentabarfXMLhost; + + require_once ("includes/funktion_xml.php"); + /////////// + // DEBUG // + /////////// + $ShowDataStrukture = 0; + $EnableRoomFunctions = 1; + $EnableRooms = 1; + $EnableSchudleFunctions = 1; + $EnableSchudle = 1; + $EnableSchudleDB = 1; + + CreateRoomArrays(); + + $html = ""; + + /*############################################################################################## + F I L E + ##############################################################################################*/ + $html .= "\n\n<br />\n<h1>XML File:</h1>\n"; + if (isset ($_POST["PentabarfUser"]) && isset ($_POST["password"]) && isset ($_POST["PentabarfURL"])) { + $html .= "Update XCAL-File from Pentabarf.."; + if ($PentabarfGetWith == "fsockopen") { + + //backup error messeges and delate + $Backuperror_messages = $error_messages; + $fp = fsockopen("ssl://$PentabarfXMLhost", 443, $errno, $errstr, 30); + // $error_messages = $Backuperror_messages; + + if (!$fp) { + $html .= "<h2>fail: File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . "' not readable!" . + "[$errstr ($errno)]</h2>"; + } else { + if (($fileOut = fopen("$Tempdir/engelXML", "w")) != FALSE) { + $head = 'GET /' . $PentabarfXMLpath . $_POST["PentabarfURL"] . ' HTTP/1.1' . "\r\n" . + 'Host: ' . $PentabarfXMLhost . "\r\n" . + 'User-Agent: Engelsystem' . "\r\n" . + 'Authorization: Basic ' . + base64_encode($_POST["PentabarfUser"] . ':' . $_POST["password"]) . "\r\n" . + "\r\n"; + fputs($fp, $head); + $Zeilen = -1; + while (!feof($fp)) { + $Temp = fgets($fp, 1024); + + // ende des headers + if ($Temp == "f20\r\n") { + $Zeilen = 0; + $Temp = ""; + } + + //file ende? + if ($Temp == "0\r\n") + break; + + if (($Zeilen > -1) && ($Temp != "ffb\r\n")) { + //steuerzeichen ausfiltern + if (strpos("#$Temp", "\r\n") > 0) + $Temp = substr($Temp, 0, strlen($Temp) - 2); + if (strpos("#$Temp", "1005") > 0) + $Temp = ""; + if (strpos("#$Temp", "783") > 0) + $Temp = ""; + //schreiben in file + fputs($fileOut, $Temp); + $Zeilen++; + } + } + fclose($fileOut); + + $html .= "<br />Es wurden $Zeilen Zeilen eingelesen<br />"; + } else + $html .= "<h2>fail: File '$Tempdir/engelXML' not writeable!</h2>"; + fclose($fp); + } + } + elseif ($PentabarfGetWith == "fopen") { + //user uns password in url einbauen + $FileNameIn = "https://" . $_POST["PentabarfUser"] . ':' . $_POST["password"] . "@" . + $PentabarfXMLhost . "/" . $PentabarfXMLpath . $_POST["PentabarfURL"]; + + if (($fileIn = fopen($FileNameIn, "r")) != FALSE) { + if (($fileOut = fopen("$Tempdir/engelXML", "w")) != FALSE) { + $Zeilen = 0; + while (!feof($fileIn)) { + $Zeilen++; + fputs($fileOut, fgets($fileIn)); + } + fclose($fileOut); + $html .= "<br />Es wurden $Zeilen Zeilen eingelesen<br />"; + } else + $html .= "<h2>fail: File '$Tempdir/engelXML' not writeable!</h2>"; + fclose($fileIn); + } else + $html .= "<h2>fail: File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . "' not readable!</h2>"; + } + elseif ($PentabarfGetWith == "wget") { + $Command = "wget --http-user=" . $_POST["PentabarfUser"] . " --http-passwd=" . $_POST["password"] . " " . + "https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . + " --output-file=$Tempdir/engelXMLwgetLog --output-document=$Tempdir/engelXML" . + " --no-check-certificate"; + $html .= system($Command, $Status); + if ($Status == 0) + $html .= "OK.<br />"; + else + $html .= "fail ($Status)($Command).<br />"; + } + elseif ($PentabarfGetWith == "lynx") { + $Command = "lynx -auth=" . $_POST["PentabarfUser"] . ":" . $_POST["password"] . " -dump " . + "https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . " > $Tempdir/engelXML"; + $html .= system($Command, $Status); + if ($Status == 0) + $html .= "OK.<br />"; + else + $html .= "fail ($Status)($Command).<br />"; + } + elseif ($PentabarfGetWith == "fopen") { + //user uns password in url einbauen + $FileNameIn = "https://" . $_POST["PentabarfUser"] . ':' . $_POST["password"] . "@" . + $PentabarfXMLhost . "/" . $PentabarfXMLpath . $_POST["PentabarfURL"]; + + if (($fileIn = fopen($FileNameIn, "r")) != FALSE) { + if (($fileOut = fopen("$Tempdir/engelXML", "w")) != FALSE) { + $Zeilen = 0; + while (!feof($fileIn)) { + $Zeilen++; + fputs($fileOut, fgets($fileIn)); + } + fclose($fileOut); + $html .= "<br />Es wurden $Zeilen Zeilen eingelesen<br />"; + } else + $html .= "<h2>fail: File '$Tempdir/engelXML' not writeable!</h2>"; + fclose($fileIn); + } else + $html .= "<h2>fail: File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . "' not readable!</h2>"; + } + elseif ($PentabarfGetWith == "wget") { + $Command = "wget --http-user=" . $_POST["PentabarfUser"] . " --http-passwd=" . $_POST["password"] . " " . + "https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . + " --output-file=$Tempdir/engelXMLwgetLog --output-document=$Tempdir/engelXML" . + " --no-check-certificate"; + $html .= system($Command, $Status); + if ($Status == 0) + $html .= "OK.<br />"; + else + $html .= "fail ($Status)($Command).<br />"; + } + elseif ($PentabarfGetWith == "lynx") { + $Command = "lynx -auth=" . $_POST["PentabarfUser"] . ":" . $_POST["password"] . " -dump " . + "https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . " > $Tempdir/engelXML"; + $html .= system($Command, $Status); + if ($Status == 0) + $html .= "OK.<br />"; + else + $html .= "fail ($Status)($Command).<br />"; + } else + $html .= "<h1>The PentabarfGetWith='$PentabarfGetWith' not supported</h1>"; + } else { + $html .= "<form action=\"dbUpdateFromXLS.php\" method=\"post\">\n"; + $html .= "<table border=\"0\">\n"; + $html .= "\t<tr><td>XCAL-File: https://$PentabarfXMLhost/$PentabarfXMLpath</td>" . + "<td><input name=\"PentabarfURL\" type=\"text\" size=\"4\" maxlength=\"5\" " . + "value=\"$PentabarfXMLEventID\"></td></tr>\n"; + $html .= "\t<tr><td>Username:</td>" . + "<td><input name=\"PentabarfUser\" type=\"text\" size=\"30\" maxlength=\"30\"></td></tr>\n"; + $html .= "\t<tr><td>Password:</td>" . + "<td><input name=\"password\" type=\"password\" size=\"30\" maxlength=\"30\"></td></tr>\n"; + $html .= "\t<tr><td></td><td><input type=\"submit\" name=\"FileUpload\" value=\"upload\"></td></tr>\n"; + $html .= "</table>\n"; + $html .= "</form>\n"; + } + + //readXMLfile("xml.php.xml"); + if (readXMLfile("../import/27C3_sample.xcs.xml") == 0) { + $XMLmain = getXMLsubPease($XMLmain, "VCALENDAR"); + + if ($ShowDataStrukture) { + $html .= "<pre><br />"; + $html .= $XMLmain->name; + $html .= "<br />"; + print_r(array_values($XMLmain->sub)); + $html .= "</pre>"; + } + + /* + $html .= "<br />"; + $Feld=7; + $html .= "$Feld#". $XMLmain->sub[$Feld]->name. "<br />"; + $html .= "$Feld#". $XMLmain->sub[$Feld]->sub; + //print_r(array_values ($XMLmain->sub[$Feld]->sub)); + while(list($key, $value) = each($XMLmain->sub[$Feld]->sub)) + $html .= "?ID".$value->sub[1]->data. "=". $value->sub[2]->data. "\n"; + $html .= "</pre>"; + */ + + /*############################################################################################## + V e r s i o n + ##############################################################################################*/ + + $html .= "<hr>\n"; + $XMLrelease = getXMLsubPease($XMLmain, "X-WR-CALDESC"); + $html .= "release: " . $XMLrelease->data . "<br />\n"; + //$XMLreleaseDate = getXMLsubPease( $XMLmain, "RELEASE-DATE"); + //$html .= "release date: ". $XMLreleaseDate->data. "<br />\n"; + $html .= "<hr>\n"; + + /*############################################################################################## + V e r s i o n + ##############################################################################################*/ + if ($EnableRoomFunctions) + include ("includes/funktion_xml_room.php"); + + if ($EnableSchudleFunctions) + include ("includes/funktion_xml_schudle.php"); + + /*############################################################################################## + U P D A T E A L L + ##############################################################################################*/ + $html .= "\n\n<br />\n<h1>Update ALL:</h1>\n"; + + $html .= "<form action=\"dbUpdateFromXLS.php\">\n"; + $html .= "\t<input type=\"submit\" name=\"UpdateALL\" value=\"now\">\n"; + $html .= "</form>\n"; + + } //if XMLopenOOK + return $html; +} + +/*############################################################################################## + erstellt Arrays der Reume + ##############################################################################################*/ +function CreateRoomArrays() { + global $Room, $RoomID, $RoomName, $con; + + $sql = "SELECT `RID`, `Name` FROM `Room` " . + "WHERE `Show`='Y'" . + "ORDER BY `Number`, `Name`;"; + $Erg = mysql_query($sql, $con); + $rowcount = mysql_num_rows($Erg); + + for ($i = 0; $i < $rowcount; $i++) { + $Room[$i]["RID"] = mysql_result($Erg, $i, "RID"); + $Room[$i]["Name"] = mysql_result($Erg, $i, "Name"); + $RoomID[mysql_result($Erg, $i, "RID")] = mysql_result($Erg, $i, "Name"); + $RoomName[mysql_result($Erg, $i, "Name")] = mysql_result($Erg, $i, "RID"); + } +} +?> + diff --git a/includes/pages/admin_language.php b/includes/pages/admin_language.php new file mode 100644 index 00000000..749cd643 --- /dev/null +++ b/includes/pages/admin_language.php @@ -0,0 +1,110 @@ +<?php +function admin_language() { + global $user; + + $html = ""; + if (!isset ($_POST["TextID"])) { + $html .= Get_Text("Hello") . $user['Nick'] . ", <br />\n"; + $html .= Get_Text("pub_sprache_text1") . "<br /><br />\n"; + + $html .= "<a href=\"" . page_link_to("admin_language") . "&ShowEntry=y\">" . Get_Text("pub_sprache_ShowEntry") . "</a>"; + // ausgabe Tabellenueberschift + $SQL_Sprachen = "SELECT `Sprache` FROM `Sprache` GROUP BY `Sprache`;"; + $erg_Sprachen = sql_query($SQL_Sprachen); + + for ($i = 0; $i < mysql_num_rows($erg_Sprachen); $i++) + $Sprachen[mysql_result($erg_Sprachen, $i, "Sprache")] = $i; + + $html .= "\t<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n\t\t<tr>"; + $html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_TextID") . "</b></td>"; + foreach ($Sprachen as $Name => $Value) + $html .= "<td class=\"contenttopic\"><b>" . + Get_Text("pub_sprache_Sprache") . " " . $Name . + "</b></td>"; + $html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_Edit") . "</b></td>"; + $html .= "\t\t</tr>"; + + if (isset ($_GET["ShowEntry"])) { + // ausgabe eintraege + $SQL = "SELECT * FROM `Sprache` ORDER BY `TextID`;"; + $erg = sql_query($SQL); + + $TextID_Old = mysql_result($erg, 0, "TextID"); + for ($i = 0; $i < mysql_num_rows($erg); $i++) { + $TextID_New = mysql_result($erg, $i, "TextID"); + if ($TextID_Old != $TextID_New) { + $html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">"; + $html .= "<tr class=\"content\">\n"; + $html .= "\t\t<td>$TextID_Old " . + "<input name=\"TextID\" type=\"hidden\" value=\"$TextID_Old\"> </td>\n"; + + foreach ($Sprachen as $Name => $Value) { + $Value = html_entity_decode($Value, ENT_QUOTES); + $html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Value</textarea></td>\n"; + $Sprachen[$Name] = ""; + } + + $html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n"; + $html .= "</tr>"; + $html .= "</form>\n"; + $TextID_Old = $TextID_New; + } + $Sprachen[mysql_result($erg, $i, "Sprache")] = mysql_result($erg, $i, "Text"); + } /*FOR*/ + } + + //fuer neu eintraege + $html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">"; + $html .= "<tr class=\"content\">\n"; + $html .= "\t\t<td><input name=\"TextID\" type=\"text\" size=\"40\" value=\"new\"> </td>\n"; + + foreach ($Sprachen as $Name => $Value) + $html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Name Text</textarea></td>\n"; + + $html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n"; + $html .= "</tr>"; + $html .= "</form>\n"; + + $html .= "</table>\n"; + } /*if( !isset( $TextID ) )*/ + else { + $html .= "edit: " . $_POST["TextID"] . "<br /><br />"; + foreach ($_POST as $k => $v) { + if ($k != "TextID") { + $sql_test = "SELECT * FROM `Sprache` " . + "WHERE `TextID`='" . sql_escape($_POST["TextID"]) + . "' AND `Sprache`='" + . sql_escape($k) . "'"; + + $erg_test = sql_query($sql_test); + + if (mysql_num_rows($erg_test) == 0) { + $sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) " . + "VALUES ('" . sql_escape($_POST["TextID"]) . "', '" + . sql_escape($k) . "', '" + . sql_escape($v) . "')"; + + $html .= $sql_save . "<br />"; + $Erg = sql_query($sql_save); + $html .= success("$k Save: OK<br />\n"); + } else + if (mysql_result($erg_test, 0, "Text") != $v) { + $sql_save = "UPDATE `Sprache` SET `Text`='" + . sql_escape($v) . "' " . + "WHERE `TextID`='" + . sql_escape($_POST["TextID"]) + . "' AND `Sprache`='" . sql_escape($k) . "' "; + + $html .= $sql_save . "<br />"; + $Erg = sql_query($sql_save); + $html .= success(" $k Update: OK<br />\n"); + } else + $html .= "\t $k no changes<br />\n"; + } + } + + } + return $html; +} +?> + diff --git a/includes/pages/admin_log.php b/includes/pages/admin_log.php new file mode 100644 index 00000000..2798b2cf --- /dev/null +++ b/includes/pages/admin_log.php @@ -0,0 +1,76 @@ +<?php +function admin_log() { + require_once ("includes/funktion_db_list.php"); + + $html = ""; + $SQL = "SELECT * FROM `ChangeLog` ORDER BY `Time` DESC LIMIT 0,10000"; + $Erg = sql_query($SQL); + + if (mysql_num_rows($Erg) > 0) { + $html .= "<table border=1>\n"; + $html .= "<tr>\n\t<th>Time</th>\n\t<th>User</th>\n\t<th>Commend</th>\n\t<th>SQL Command</th>\n</tr>\n"; + for ($n = 0; $n < mysql_num_rows($Erg); $n++) { + $html .= "<tr>\n"; + $html .= "\t<td>" . mysql_result($Erg, $n, "Time") . "</td>\n"; + $html .= "\t<td>" . UID2Nick(mysql_result($Erg, $n, "UID")) . displayavatar(mysql_result($Erg, $n, "UID")) . "</td>\n"; + $html .= "\t<td>" . mysql_result($Erg, $n, "Commend") . "</td>\n"; + $html .= "\t<td>" . mysql_result($Erg, $n, "SQLCommad") . "</td>\n"; + $html .= "</tr>\n"; + } + $html .= "</table>\n"; + } else { + $html .= "Log is empty..."; + } + $html .= "<hr />"; + + $html .= "<h1>Web Counter</h1>"; + $html .= funktion_db_list("Counter"); + + /* + $html .= "<h1>Raeume</h1> <br />"; + funktion_db_list("Raeume"); + + $html .= "<h1>Schichtbelegung</h1> <br />"; + funktion_db_list("Schichtbelegung"); + + $html .= "<h1>Schichtplan</h1> <br />Hier findest du alle bisher eingetragenen Schichten:"; + funktion_db_list("Schichtplan"); + + $html .= "<h1>User</h1> <br />"; + funktion_db_list("User"); + + $html .= "<h1>News</h1> <br />"; + funktion_db_list("News"); + + $html .= "<h1>FAQ</h1> <br />"; + funktion_db_list("FAQ"); + + $html .= "Deaktiviert"; + */ + + $html .= "<hr>\n"; + $html .= funktion_db_element_list_2row("Tshirt-Size aller engel", "SELECT `Size`, COUNT(`Size`) FROM `User` GROUP BY `Size`"); + $html .= "<br />\n"; + $html .= funktion_db_element_list_2row("Tshirt ausgegeben", "SELECT `Size`, COUNT(`Size`) FROM `User` WHERE `Tshirt`='1' GROUP BY `Size`"); + $html .= "<br />\n"; + $html .= funktion_db_element_list_2row("Tshirt nicht ausgegeben (Gekommen=1)", "SELECT COUNT(`Size`), `Size` FROM `User` WHERE `Gekommen`='1' and `Tshirt`='0' GROUP BY `Size`"); + + $html .= "<hr>\n"; + $html .= funktion_db_element_list_2row("Hometown", "SELECT COUNT(`Hometown`), `Hometown` FROM `User` GROUP BY `Hometown`"); + $html .= "<br />\n"; + $html .= funktion_db_element_list_2row("Engeltypen", "SELECT COUNT(`Art`), `Art` FROM `User` GROUP BY `Art`"); + + $html .= "<hr>\n"; + $html .= funktion_db_element_list_2row("Gesamte Arbeit", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID)"); + $html .= "<br />\n"; + $html .= funktion_db_element_list_2row("Geleisteter Arbeit", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (ShiftEntry.UID!=0)"); + + $html .= "<hr>\n"; + $html .= funktion_db_element_list_2row("Gesamte Arbeit (Ohne Raum aufabau (RID=7)", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (Shifts.RID!=7)"); + $html .= "<br />\n"; + $html .= funktion_db_element_list_2row("Geleisteter Arbeit (Ohne Raum aufabau (RID=7)", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (ShiftEntry.UID!=0) AND (Shifts.RID!=7)"); + + return $html; +} +?> + diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php new file mode 100644 index 00000000..2c6e1f45 --- /dev/null +++ b/includes/pages/admin_news.php @@ -0,0 +1,87 @@ +<?php +function admin_news() { + global $user; + + if (!isset ($_GET["action"])) { + header("Location: " . page_link_to("news")); + } else { + $html = ""; + switch ($_GET["action"]) { + case 'edit' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing News ID."); + + $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + if (count($news) > 0) { + list ($news) = $news; + + $html .= '<a href="' . page_link_to("news") . '">« Back</a>'; + + $html .= "<form action=\"" . page_link_to("admin_news") . "&action=save\" method=\"post\">\n"; + + $html .= "<table>\n"; + $html .= " <tr><td>Datum</td><td>" . + date("Y-m-d H:i", $news['Datum']) . "</td></tr>\n"; + $html .= " <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"" . + $news["Betreff"] . "\"></td></tr>\n"; + $html .= " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">" . + $news["Text"] . "</textarea></td></tr>\n"; + $html .= " <tr><td>Engel</td><td>" . + UID2Nick($news["UID"]) . "</td></tr>\n"; + $html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', array ( + '1' => "Ja", + '0' => "Nein" + ), $news['Treffen']) . "</td></tr>\n"; + $html .= "</table>"; + + $html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n"; + $html .= "<input type=\"submit\" name=\"submit\" value=\"Speichern\">\n"; + $html .= "</form>"; + + $html .= "<form action=\"" . page_link_to("admin_news") . "&action=delete\" method=\"POST\">\n"; + $html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n"; + $html .= "<input type=\"submit\" name=\"submit\" value=\"Löschen\">\n"; + $html .= "</form>"; + } else + return error("No News found."); + break; + + case 'save' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing News ID."); + + $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + if (count($news) > 0) { + list ($news) = $news; + + sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) . + "', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1"); + header("Location: " . page_link_to("news")); + } else + return error("No News found."); + break; + + case 'delete' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing News ID."); + + $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + if (count($news) > 0) { + list ($news) = $news; + + sql_query("DELETE FROM `news` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("news")); + } else + return error("No News found."); + break; + } + } + return $html; +} +?>
\ No newline at end of file diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php new file mode 100644 index 00000000..0e4469d5 --- /dev/null +++ b/includes/pages/admin_questions.php @@ -0,0 +1,85 @@ +<?php +function admin_new_questions() { + global $user, $privileges; + + if (in_array("admin_questions", $privileges)) { + $new_messages = sql_num_query("SELECT * FROM `Questions` WHERE `AID`=0"); + + if ($new_messages > 0) + return '<p class="notice"><a href="' . page_link_to("admin_questions") . '">There are unanswered questions!</a></p><hr />'; + } + + return ""; +} + +function admin_questions() { + global $user; + + if (!isset ($_REQUEST['action'])) { + $open_questions = ""; + $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0"); + foreach ($questions as $question) + $open_questions .= template_render( + '../templates/admin_question_unanswered.html', array ( + 'question_nick' => UID2Nick($question['UID']), + 'question_id' => $question['QID'], + 'link' => page_link_to("admin_questions"), + 'question' => str_replace("\n", '<br />', $question['Question']) + )); + + $answered_questions = ""; + $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0"); + + foreach ($questions as $question) + $answered_questions .= template_render( + '../templates/admin_question_answered.html', array ( + 'question_id' => $question['QID'], + 'question_nick' => UID2Nick($question['UID']), + 'question' => str_replace("\n", "<br />", $question['Question']), + 'answer_nick' => UID2Nick($question['AID']), + 'answer' => str_replace("\n", "<br />", $question['Answer']), + 'link' => page_link_to("admin_questions"), + )); + + return template_render('../templates/admin_questions.html', array ( + 'link' => page_link_to("admin_questions"), + 'open_questions' => $open_questions, + 'answered_questions' => $answered_questions + )); + } else { + switch ($_REQUEST['action']) { + case 'answer' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Question ID."); + + $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + if (count($question) > 0 && $question[0]['AID'] == "0") { + $answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer']))); + + if ($answer != "") { + sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("admin_questions")); + } else + return error("Please enter an answer!"); + } else + return error("No question found."); + break; + case 'delete' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Question ID."); + + $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + if (count($question) > 0) { + sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("admin_questions")); + } else + return error("No question found."); + break; + } + } +} +?> diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php new file mode 100644 index 00000000..be54b8ea --- /dev/null +++ b/includes/pages/admin_rooms.php @@ -0,0 +1,143 @@ +<?php +function admin_rooms() { + global $user; + + $html = ""; + $rooms = sql_select("SELECT * FROM `Room` ORDER BY `Number`, `Name`"); + if (!isset ($_REQUEST["action"])) { + $html .= "Hallo " . $user['Nick'] . + ",<br />\nhier hast du die Möglichkeit, neue Räume für die Schichtpläne einzutragen " . + "oder vorhandene abzuändern:<br /><br />\n"; + + // Räume auflisten + if (count($rooms) > 0) { + $html .= '<table><thead><tr>'; + + $html .= "<table width=\"100%\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n"; + $html .= "<tr class=\"contenttopic\">\n"; + + // Tabellenüberschriften generieren + foreach ($rooms[0] as $attr => $tmp) + if ($attr != 'RID') + $html .= '<th>' . $attr . '</th>'; + $html .= '<th> </th>'; + $html .= '</tr></thead><tbody>'; + + foreach ($rooms as $i => $room) { + $html .= '<tr>'; + foreach ($room as $attr => $value) + if ($attr != 'RID') + $html .= '<td>' . $value . '</td>'; + $html .= '<td><a href="' . page_link_to("admin_rooms") . '&action=change&RID=' . $room['RID'] . '">Edit</a></td>'; + $html .= '</tr>'; + } + + $html .= '</tbody></table>'; + } + $html .= "<hr /><a href=\"" . page_link_to("admin_rooms") . "&action=new\">Neuen Raum/Ort eintragen</a><br />\n"; + } else { + switch ($_REQUEST["action"]) { + + case 'new' : + $html .= template_render('../templates/admin_rooms_new_form.html', array ( + 'link' => page_link_to("admin_rooms") + )); + break; + + case 'newsave' : + $name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Name'])); + $man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Man'])); + $from_pentabarf = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['FromPentabarf'])); + $show = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['Show'])); + $number = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['Number'])); + sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($show) . "', `Number`='" . sql_escape($number) . "'"); + header("Location: " . page_link_to("admin_rooms")); + break; + + case 'change' : + if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID'])) + $rid = $_REQUEST['RID']; + else + return error("Incomplete call, missing Room ID."); + + $room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1"); + if (count($room) > 0) { + list ($room) = $room; + $room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `RoomAngelTypes` ON (`AngelTypes`.`TID` = `RoomAngelTypes`.`angel_type_id` AND `RoomAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`"); + + $angel_types = ""; + foreach ($room_angel_types as $room_angel_type) { + if ($room_angel_type['count'] == "") + $room_angel_type['count'] = "0"; + $angel_types .= '<tr><td>' . $room_angel_type['Name'] . '</td><td><input type="text" name="angel_type_' . $room_angel_type['TID'] . '" value="' . $room_angel_type['count'] . '" /></td></tr>'; + } + + $html .= template_render('../templates/admin_rooms_edit_form.html', array ( + 'link' => page_link_to("admin_rooms"), + 'room_id' => $rid, + 'name' => $room['Name'], + 'man' => $room['Man'], + 'number' => $room['Number'], + 'from_pentabarf_options' => html_options('FromPentabarf', array ( + 'Y' => 'Yes', + 'N' => 'No' + ), $room['FromPentabarf']), + 'show_options' => html_options('Show', array ( + 'Y' => 'Yes', + 'N' => 'No' + ), $room['show']), + 'angel_types' => $angel_types + )); + } else + return error("No Room found."); + break; + + case 'changesave' : + if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID'])) + $rid = $_REQUEST['RID']; + else + return error("Incomplete call, missing Room ID."); + + $room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1"); + if (count($room) > 0) { + list ($room) = $room; + $room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `RoomAngelTypes` ON (`AngelTypes`.`TID` = `RoomAngelTypes`.`angel_type_id` AND `RoomAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`"); + + $name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Name'])); + $man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Man'])); + $from_pentabarf = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['FromPentabarf'])); + $show = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['Show'])); + $number = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['Number'])); + sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($show) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`=" . sql_escape($rid) . " LIMIT 1"); + sql_query("DELETE FROM `RoomAngelTypes` WHERE `room_id`=" . sql_escape($rid)); + foreach ($room_angel_types as $room_angel_type) { + if (isset ($_REQUEST['angel_type_' . $room_angel_type['TID']]) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['angel_type_' . $room_angel_type['TID']])) + $count = $_REQUEST['angel_type_' . $room_angel_type['TID']]; + else + $count = "0"; + sql_query("INSERT INTO `RoomAngelTypes` SET `room_id`=" . sql_escape($rid) . ", `angel_type_id`=" . sql_escape($room_angel_type['TID']) . ", `count`=" . sql_escape($count)); + } + header("Location: " . page_link_to("admin_rooms")); + } else + return error("No Room found."); + break; + + case 'delete' : + if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID'])) + $rid = $_REQUEST['RID']; + else + return error("Incomplete call, missing Room ID."); + + if (sql_num_query("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1") > 0) { + sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1"); + sql_query("DELETE FROM `RoomAngelTypes` WHERE `room_id`=" . sql_escape($rid) . " LIMIT 1"); + header("Location: " . page_link_to("admin_rooms")); + } else + return error("No Room found."); + break; + + } + } + return $html; +} +?> diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php new file mode 100644 index 00000000..0399dda8 --- /dev/null +++ b/includes/pages/admin_user.php @@ -0,0 +1,324 @@ +<?php +function admin_user() { + global $user; + + include ("includes/funktion_db_list.php"); + + $html = ""; + + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) { + $id = $_REQUEST['id']; + if (!isset ($_REQUEST['action'])) { + $html .= "Hallo,<br />" . + "hier kannst du den Eintrag ändern. Unter dem Punkt 'Gekommen' " . + "wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " . + "dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " . + "Wenn T-Shirt ein 'Ja' enthält, bedeutet dies, dass der Engel " . + "bereits sein T-Shirt erhalten hat.<br /><br />\n"; + + $html .= "<form action=\"" . page_link_to("admin_user") . "&action=save&id=$id\" method=\"post\">\n"; + $html .= "<table border=\"0\">\n"; + $html .= "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n"; + + $SQL = "SELECT * FROM `User` WHERE `UID`='" . $id . "'"; + $Erg = sql_query($SQL); + + $html .= "<tr><td>\n"; + $html .= "<table>\n"; + $html .= " <tr><td>Nick</td><td>" . + "<input type=\"text\" size=\"40\" name=\"eNick\" value=\"" . + mysql_result($Erg, 0, "Nick") . "\"></td></tr>\n"; + $html .= " <tr><td>lastLogIn</td><td>" . + date("Y-m-d H:i", mysql_result($Erg, 0, "lastLogIn")) . "</td></tr>\n"; + $html .= " <tr><td>Name</td><td>" . + "<input type=\"text\" size=\"40\" name=\"eName\" value=\"" . + mysql_result($Erg, 0, "Name") . "\"></td></tr>\n"; + $html .= " <tr><td>Vorname</td><td>" . + "<input type=\"text\" size=\"40\" name=\"eVorname\" value=\"" . + mysql_result($Erg, 0, "Vorname") . "\"></td></tr>\n"; + $html .= " <tr><td>Alter</td><td>" . + "<input type=\"text\" size=\"5\" name=\"eAlter\" value=\"" . + mysql_result($Erg, 0, "Alter") . "\"></td></tr>\n"; + $html .= " <tr><td>Telefon</td><td>" . + "<input type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" . + mysql_result($Erg, 0, "Telefon") . "\"></td></tr>\n"; + $html .= " <tr><td>Handy</td><td>" . + "<input type=\"text\" size=\"40\" name=\"eHandy\" value=\"" . + mysql_result($Erg, 0, "Handy") . "\"></td></tr>\n"; + $html .= " <tr><td>DECT</td><td>" . + "<input type=\"text\" size=\"4\" name=\"eDECT\" value=\"" . + mysql_result($Erg, 0, "DECT") . "\"></td></tr>\n"; + $html .= " <tr><td>email</td><td>" . + "<input type=\"text\" size=\"40\" name=\"eemail\" value=\"" . + mysql_result($Erg, 0, "email") . "\"></td></tr>\n"; + $html .= " <tr><td>ICQ</td><td>" . + "<input type=\"text\" size=\"40\" name=\"eICQ\" value=\"" . + mysql_result($Erg, 0, "ICQ") . "\"></td></tr>\n"; + $html .= " <tr><td>jabber</td><td>" . + "<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"" . + mysql_result($Erg, 0, "jabber") . "\"></td></tr>\n"; + $html .= " <tr><td>Size</td><td>" . + html_select_key('size', array ( + 'S' => "S", + 'M' => "M", + 'L' => "L", + 'XL' => "XL", + '2XL' => "2XL", + '3XL' => "3XL", + '4XL' => "4XL", + '5XL' => "5XL", + 'S-G' => "S Girl", + 'M-G' => "M Girl", + 'L-G' => "L Girl", + 'XL-G' => "XL Girl" + ), mysql_result($Erg, 0, "Size")) . "</td></tr>\n"; + + $options = array ( + '1' => "Yes", + '0' => "No" + ); + + // Gekommen? + $html .= " <tr><td>Gekommen</td><td>\n"; + $html .= html_options('eGekommen', $options, mysql_result($Erg, 0, "Gekommen")) . "</td></tr>\n"; + + // Aktiv? + $html .= " <tr><td>Aktiv</td><td>\n"; + $html .= html_options('eAktiv', $options, mysql_result($Erg, 0, "Aktiv")) . "</td></tr>\n"; + + // T-Shirt bekommen? + $html .= " <tr><td>T-Shirt</td><td>\n"; + $html .= html_options('eTshirt', $options, mysql_result($Erg, 0, "Tshirt")) . "</td></tr>\n"; + + $html .= " <tr><td>Hometown</td><td>" . + "<input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" . + mysql_result($Erg, 0, "Hometown") . "\"></td></tr>\n"; + + $html .= "</table>\n</td><td valign=\"top\">" . displayavatar($id, false) . "</td></tr>"; + + $html .= "</td></tr>\n"; + $html .= "</table>\n<br />\n"; + $html .= "<input type=\"submit\" value=\"Speichern\">\n"; + $html .= "</form>"; + + $html .= "<hr />"; + + $html .= "Hier kannst Du das Passwort dieses Engels neu setzen:<form action=\"" . page_link_to("admin_user") . "&action=change_pw&id=$id\" method=\"post\">\n"; + $html .= "<table>\n"; + $html .= " <tr><td>Passwort</td><td>" . + "<input type=\"password\" size=\"40\" name=\"new_pw\" value=\"\"></td></tr>\n"; + $html .= " <tr><td>Wiederholung</td><td>" . + "<input type=\"password\" size=\"40\" name=\"new_pw2\" value=\"\"></td></tr>\n"; + + $html .= "</table>"; + $html .= "<input type=\"submit\" value=\"Speichern\">\n"; + $html .= "</form>"; + + $html .= "<hr />"; + + $html .= "Hier kannst Du die Benutzergruppen des Engels festlegen:<form action=\"" . page_link_to("admin_user") . "&action=save_groups&id=" . $id . "\" method=\"post\">\n"; + $html .= '<table>'; + + list ($my_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($user['UID']) . " ORDER BY `uid`"); + list ($his_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `uid`"); + + if ($id != $user['UID'] && $my_highest_group <= $his_highest_group) { + $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group['group_id']) . " ORDER BY `Groups`.`Name`"); + foreach ($groups as $group) + $html .= '<tr><td><input type="checkbox" name="groups[]" value="' . $group['UID'] . '"' . ($group['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $group['Name'] . '</td></tr>'; + + $html .= '</table>'; + + $html .= "<input type=\"submit\" value=\"Speichern\">\n"; + $html .= "</form>"; + + $html .= "<hr />"; + } + + $html .= "<form action=\"" . page_link_to("admin_user") . "&action=delete&id=" . $id . "\" method=\"post\">\n"; + $html .= "<input type=\"submit\" value=\"Löschen\">\n"; + $html .= "</form>"; + + $html .= "<hr />"; + $html .= funktion_db_element_list_2row("Freeloader Shifts", "SELECT `Remove_Time`, `Length`, `Comment` FROM `ShiftFreeloader` WHERE UID=" . $_REQUEST['id']); + } else { + switch ($_REQUEST['action']) { + case 'save_groups' : + if ($id != $user['UID']) { + list ($my_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($user['UID']) . " ORDER BY `uid`"); + list ($his_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `uid`"); + + if ($my_highest_group <= $his_highest_group) { + $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group['group_id']) . " ORDER BY `Groups`.`Name`"); + $grouplist = array (); + foreach ($groups as $group) + $grouplist[] = $group['UID']; + + if (!is_array($_REQUEST['groups'])) + $_REQUEST['groups'] = array (); + + sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id)); + foreach ($_REQUEST['groups'] as $group) + if (in_array($group, $grouplist)) + sql_query("INSERT INTO `UserGroups` SET `uid`=" . + sql_escape($id) . ", `group_id`=" . sql_escape($group)); + $html .= success("Benutzergruppen gespeichert."); + } else { + $html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten."); + } + } else { + $html .= error("Du kannst Deine eigenen Rechte nicht bearbeiten."); + } + break; + + case 'delete' : + if ($user['UID'] != $id) { + sql_query("DELETE FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id)); + sql_query("UPDATE `ShiftEntry` SET `UID`=0, `Comment`=NULL WHERE `UID`=" . sql_escape($id)); + $html .= success("Benutzer gelöscht!"); + } else { + $html .= error("Du kannst Dich nicht selber löschen!"); + } + break; + + case 'save' : + $SQL = "UPDATE `User` SET "; + $SQL .= " `Nick` = '" . $_POST["eNick"] . "', `Name` = '" . $_POST["eName"] . "', " . + "`Vorname` = '" . $_POST["eVorname"] . "', " . + "`Telefon` = '" . $_POST["eTelefon"] . "', " . + "`Handy` = '" . $_POST["eHandy"] . "', " . + "`Alter` = '" . $_POST["eAlter"] . "', " . + "`DECT` = '" . $_POST["eDECT"] . "', " . + "`email` = '" . $_POST["eemail"] . "', " . + "`ICQ` = '" . $_POST["eICQ"] . "', " . + "`jabber` = '" . $_POST["ejabber"] . "', " . + "`Size` = '" . $_POST["eSize"] . "', " . + "`Gekommen`= '" . $_POST["eGekommen"] . "', " . + "`Aktiv`= '" . $_POST["eAktiv"] . "', " . + "`Tshirt` = '" . $_POST["eTshirt"] . "', " . + "`Hometown` = '" . $_POST["Hometown"] . "' " . + "WHERE `UID` = '" . $id . + "' LIMIT 1;"; + sql_query($SQL); + $html .= success("Änderung wurde gespeichert...\n"); + break; + + case 'change_pw' : + if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) { + sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + $html .= success("Passwort neu gesetzt."); + } else { + $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!"); + } + break; + } + } + } else { + // Userliste, keine UID uebergeben... + + $html .= "<a href=\"" . page_link_to("register") . "\">Neuen Engel eintragen »</a><br /><br />\n"; + + if (!isset ($_GET["OrderBy"])) + $_GET["OrderBy"] = "Nick"; + $SQL = "SELECT * FROM `User` ORDER BY `" . sql_escape($_GET["OrderBy"]) . "` ASC"; + $Erg = sql_query($SQL); + + // anzahl zeilen + $Zeilen = mysql_num_rows($Erg); + + $html .= "Anzahl Engel: $Zeilen<br /><br />\n"; + $html .= ' + <table width="100%" class="border" cellpadding="2" cellspacing="1"> <thead> + <tr class="contenttopic"> + <th> + <a href="' . page_link_to("admin_user") . '&OrderBy=Nick">Nick</a> + </th> + <th><a href="' . page_link_to("admin_user") . '&OrderBy=Vorname">Vorname</a> <a href="' . page_link_to("admin_user") . '&OrderBy=Name">Name</a></th> + <th><a href="' . page_link_to("admin_user") . '&OrderBy=Alter">Alter</a></th> + <th> + <a href="' . page_link_to("admin_user") . '&OrderBy=email">E-Mail</a> + </th> + <th><a href="' . page_link_to("admin_user") . '&OrderBy=Size">Größe</a></th> + <th><a href="' . page_link_to("admin_user") . '&OrderBy=Gekommen">Gekommen</a></th> + <th><a href="' . page_link_to("admin_user") . '&OrderBy=Aktiv">Aktiv</a></th> + <th><a href="' . page_link_to("admin_user") . '&OrderBy=Tshirt">T-Shirt</a></th> + <th><a href="' . page_link_to("admin_user") . '&OrderBy=CreateDate">Registriert</a></th> + <th>Änd.</th> + </tr></thead>'; + $Gekommen = 0; + $Active = 0; + $Tshirt = 0; + + for ($n = 0; $n < $Zeilen; $n++) { + $title = ""; + $user_groups = sql_select("SELECT * FROM `UserGroups` JOIN `Groups` ON (`Groups`.`UID` = `UserGroups`.`group_id`) WHERE `UserGroups`.`uid`=" . sql_escape(mysql_result($Erg, $n, "UID")) . " ORDER BY `Groups`.`Name`"); + $groups = array (); + foreach ($user_groups as $user_group) { + $groups[] = $user_group['Name']; + } + $title .= 'Groups: ' . join(", ", $groups) . "<br />"; + if (strlen(mysql_result($Erg, $n, "Telefon")) > 0) + $title .= "Tel: " . mysql_result($Erg, $n, "Telefon") . "<br />"; + if (strlen(mysql_result($Erg, $n, "Handy")) > 0) + $title .= "Handy: " . mysql_result($Erg, $n, "Handy") . "<br />"; + if (strlen(mysql_result($Erg, $n, "DECT")) > 0) + $title .= "DECT: <a href=\"./dect.php?custum=" . mysql_result($Erg, $n, "DECT") . "\">" . + mysql_result($Erg, $n, "DECT") . "</a><br />"; + if (strlen(mysql_result($Erg, $n, "Hometown")) > 0) + $title .= "Hometown: " . mysql_result($Erg, $n, "Hometown") . "<br />"; + if (strlen(mysql_result($Erg, $n, "lastLogIn")) > 0) + $title .= "Last login: " . date("Y-m-d H:i", mysql_result($Erg, $n, "lastLogIn")) . "<br />"; + if (strlen(mysql_result($Erg, $n, "Art")) > 0) + $title .= "Type: " . mysql_result($Erg, $n, "Art") . "<br />"; + if (strlen(mysql_result($Erg, $n, "ICQ")) > 0) + $title .= "ICQ: " . mysql_result($Erg, $n, "ICQ") . "<br />"; + if (strlen(mysql_result($Erg, $n, "jabber")) > 0) + $title .= "jabber: " . mysql_result($Erg, $n, "jabber") . "<br />"; + + $html .= "<tr class=\"content\">\n"; + $html .= "\t<td>" . mysql_result($Erg, $n, "Nick") . "</td>\n"; + $html .= "\t<td>" . mysql_result($Erg, $n, "Vorname") . " " . mysql_result($Erg, $n, "Name") . "</td>\n"; + $html .= "\t<td>" . mysql_result($Erg, $n, "Alter") . "</td>\n"; + $html .= "\t<td>"; + if (strlen(mysql_result($Erg, $n, "email")) > 0) + $html .= "<a href=\"mailto:" . mysql_result($Erg, $n, "email") . "\">" . + mysql_result($Erg, $n, "email") . "</a>"; + $html .= '<div class="hidden">' . $title . '</div>'; + $html .= "</td>\n"; + $html .= "\t<td>" . mysql_result($Erg, $n, "Size") . "</td>\n"; + $Gekommen += mysql_result($Erg, $n, "Gekommen"); + $html .= "\t<td>" . mysql_result($Erg, $n, "Gekommen") . "</td>\n"; + $Active += mysql_result($Erg, $n, "Aktiv"); + $html .= "\t<td>" . mysql_result($Erg, $n, "Aktiv") . "</td>\n"; + $Tshirt += mysql_result($Erg, $n, "Tshirt"); + $html .= "\t<td>" . mysql_result($Erg, $n, "Tshirt") . "</td>\n"; + $html .= "<td>" . mysql_result($Erg, $n, "CreateDate") . "</td>"; + $html .= "\t<td>" . '<a href="' . page_link_to("admin_user") . '&id=' . mysql_result($Erg, $n, "UID") . '">Edit</a>' . + "</td>\n"; + $html .= "</tr>\n"; + } + $html .= "<tr>" . + "<td></td><td></td><td></td><td></td><td></td>" . + "<td>$Gekommen</td><td>$Active</td><td>$Tshirt</td><td></td><td></td></tr>\n"; + $html .= "\t</table>\n"; + // Ende Userliste + + $html .= "<hr /><h2>Statistics</h2>"; + $html .= funktion_db_element_list_2row("Hometown", "SELECT COUNT(`Hometown`), `Hometown` FROM `User` GROUP BY `Hometown`"); + + $html .= "<br />\n"; + + $html .= funktion_db_element_list_2row("Engeltypen", "SELECT COUNT(`Art`), `Art` FROM `User` GROUP BY `Art`"); + + $html .= "<br />\n"; + + $html .= funktion_db_element_list_2row("Used Groups", "SELECT Groups.Name AS 'GroupName', COUNT(Groups.Name) AS Count FROM `UserGroups` " . + "LEFT JOIN `Groups` ON Groups.UID = UserGroups.group_id " . + "WHERE (UserGroups.group_id!='NULL') " . + "GROUP BY `GroupName` " . + ""); + } + return $html; +} +?>
\ No newline at end of file diff --git a/includes/pages/guest_credits.php b/includes/pages/guest_credits.php new file mode 100644 index 00000000..89f68fde --- /dev/null +++ b/includes/pages/guest_credits.php @@ -0,0 +1,5 @@ +<?php +function guest_credits() { + return template_render('../templates/guest_credits.html', array ()); +} +?>
\ No newline at end of file diff --git a/includes/pages/guest_faq.php b/includes/pages/guest_faq.php new file mode 100644 index 00000000..e639731b --- /dev/null +++ b/includes/pages/guest_faq.php @@ -0,0 +1,24 @@ +<?php +function guest_faq() { + $html = ""; + $faqs = sql_select("SELECT * FROM `FAQ`"); + foreach ($faqs as $faq) { + $html .= "<dl>"; + if ($_SESSION['Sprache'] == "DE") { + $html .= sprintf( + '<dt>%s</dt> <dd>%s</dd>', + $faq['Frage_de'], + $faq['Antwort_de'] + ); + } else { + $html .= sprintf( + '<dt>%s</dt> <dd>%s</dd>', + $faq['Frage_en'], + $faq['Antwort_en'] + ); + } + $html .= "</dl>"; + } + return $html; +} +?> diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php new file mode 100644 index 00000000..db20a207 --- /dev/null +++ b/includes/pages/guest_login.php @@ -0,0 +1,269 @@ +<?php + + +// Engel registrieren +function guest_register() { + $html = ""; + $success = "none"; + + if (isset ($_POST["send"])) { + $eNick = trim($_POST["Nick"]); + + if ($_POST["Alter"] == "") + $_POST["Alter"] = 23; + + // user vorhanden? + $Ergans = sql_select("SELECT UID FROM `User` WHERE `Nick`='" . sql_escape($_POST["Nick"]) . "'"); + + if (strlen($_POST["Nick"]) < 2) + $error = Get_Text("makeuser_error_nick1") + . $_POST["Nick"] . Get_Text("makeuser_error_nick2"); + + elseif (count($Ergans) > 0) + $error = Get_Text("makeuser_error_nick1") + . $_POST["Nick"] . Get_Text("makeuser_error_nick3"); + + elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false) + $error = Get_Text("makeuser_error_mail"); + + elseif (!is_numeric($_POST["Alter"])) + $error = Get_Text("makeuser_error_Alter"); + + elseif ($_POST["Passwort"] != $_POST["Passwort2"]) + $error = Get_Text("makeuser_error_password1"); + + elseif (strlen($_POST["Passwort"]) < 6) + $error = Get_Text("makeuser_error_password2"); + + else { + $_POST["Passwort"] = PassCrypt($_POST["Passwort"]); + unset ($_POST["Passwort2"]); + + $Erg = sql_query("INSERT INTO `User` (" . + "`Nick` , " . "`Name` , " . + "`Vorname`, " . "`Alter` , " . + "`Telefon`, " . "`DECT`, " . + "`Handy`, " . "`email`, " . + "`ICQ`, " . "`jabber`, " . + "`Size`, " . "`Passwort`, " . + "`Art` , " . "`kommentar`, " . + "`Hometown`," . "`CreateDate`, `Sprache` ) " . + "VALUES ( '" + . sql_escape($_POST["Nick"]) . "', " . "'" + . sql_escape($_POST["Name"]) . "', " . "'" + . sql_escape($_POST["Vorname"]) . "', " . "'" + . sql_escape($_POST["Alter"]) . "', " . "'" + . sql_escape($_POST["Telefon"]) . "', " . "'" + . sql_escape($_POST["DECT"]) . "', " . "'" + . sql_escape($_POST["Handy"]) . "', " . "'" + . sql_escape($_POST["email"]) . "', " . "'" + . sql_escape($_POST["ICQ"]) . "', " . "'" + . sql_escape($_POST["jabber"]) . "', " . "'" + . sql_escape($_POST["Size"]) . "', " . "'" + . sql_escape($_POST["Passwort"]) . "', " . "'" + . sql_escape($_POST["Art"]) . "', " . "'" + . sql_escape($_POST["kommentar"]) . "', " . "'" + . sql_escape($_POST["Hometown"]) . "'," + . "NOW(), '" + . sql_escape($_SESSION["Sprache"]) + . "')" + ); + + if ($Erg != 1) { + $html .= Get_Text("makeuser_error_write1") . "<br />\n"; + $error = sql_error(); + } else { + $html .= "<p class=\"success\">" . Get_Text("makeuser_writeOK") . "\n"; + + $Erg3 = mysql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape(sql_id()) . ", `group_id`=-2"); + + if ($Erg3 != 1) { + $html .= "<h1>" . Get_Text("makeuser_error_write2") . "<br />\n"; + $error = sql_error(); + } else { + $html .= Get_Text("makeuser_writeOK2") . "<br />\n"; + $html .= "<h1>" . Get_Text("makeuser_writeOK3") . "</h1>\n"; + } + + $html .= Get_Text("makeuser_writeOK4") . "</p><p></p>\n<br /><br />\n"; + $success = "any"; + + if (isset ($SubscribeMailinglist)) { + if ($_POST["subscribe-mailinglist"] == "") { + $headers = "From: " . $_POST["email"] . "\r\n" . + "X-Mailer: PHP/" . phpversion(); + mail($SubscribeMailinglist, "subject", "message", $headers); + } + } + } + } + + if (isset ($error)) + $html .= error($error); + } else { + // init vars + $_POST["Nick"] = ""; + $_POST["Name"] = ""; + $_POST["Vorname"] = ""; + $_POST["Alter"] = ""; + $_POST["Telefon"] = ""; + $_POST["DECT"] = ""; + $_POST["Handy"] = ""; + $_POST["email"] = ""; + $_POST["subscribe-mailinglist"] = ""; + $_POST["ICQ"] = ""; + $_POST["jabber"] = ""; + $_POST["Size"] = "L"; + $_POST["Art"] = ""; + $_POST["kommentar"] = ""; + $_POST["Hometown"] = ""; + } + + if ($success == "none") { + $html .= "<h1>" . Get_Text("makeuser_text0") . "</h1>\n"; + $html .= "<h2>" . Get_Text("makeuser_text1") . "</h2>\n"; + $html .= "<form action=\"\" method=\"post\">\n"; + $html .= "<table>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Nickname") . "*</td><td><input type=\"text\" size=\"40\" name=\"Nick\" value=\"" . $_POST["Nick"] . "\" /></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Nachname") . "</td><td><input type=\"text\" size=\"40\" name=\"Name\" value=\"" . $_POST["Name"] . "\" /></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Vorname") . "</td><td><input type=\"text\" size=\"40\" name=\"Vorname\" value=\"" . $_POST["Vorname"] . "\" /></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Alter") . "</td><td><input type=\"text\" size=\"40\" name=\"Alter\" value=\"" . $_POST["Alter"] . "\"></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Telefon") . "</td><td><input type=\"text\" size=\"40\" name=\"Telefon\" value=\"" . $_POST["Telefon"] . "\"></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_DECT") . "</td><td><input type=\"text\" size=\"40\" name=\"DECT\" value=\"" . $_POST["DECT"] . "\"></td><td>\n"; + $html .= "<!--a href=\"https://21c3.ccc.de/wiki/index.php/POC\"><img src=\"./pic/external.png\" alt=\"external: \">DECT</a--></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Handy") . "</td><td><input type=\"text\" size=\"40\" name=\"Handy\" value=\"" . $_POST["Handy"] . "\"></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_E-Mail") . "*</td><td><input type=\"text\" size=\"40\" name=\"email\" value=\"" . $_POST["email"] . "\"></td></tr>\n"; + + if (isset ($SubscribeMailinglist)) + $html .= "<tr><td>" . Get_Text("makeuser_subscribe-mailinglist") . "</td><td><input type=\"checkbox\" name=\"subscribe-mailinglist\" value=\"" . $_POST["subscribe-mailinglist"] . "\">($SubscribeMailinglist)</td></tr>\n"; + + $html .= "<tr><td>ICQ</td><td><input type=\"text\" size=\"40\" name=\"ICQ\" value=\"" . $_POST["ICQ"] . "\"></td></tr>\n"; + $html .= "<tr><td>jabber</td><td><input type=\"text\" size=\"40\" name=\"jabber\" value=\"" . $_POST["jabber"] . "\"></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_T-Shirt") . " Grösse*</td><td align=\"left\">\n"; + $html .= "<select name=\"Size\">\n"; + $html .= "<option value=\"S\""; + if ($_POST["Size"] == "S") + $html .= " selected"; + $html .= ">S</option>\n"; + $html .= "<option value=\"M\""; + if ($_POST["Size"] == "M") + $html .= " selected"; + $html .= ">M</option>\n"; + $html .= "<option value=\"L\""; + if ($_POST["Size"] == "L") + $html .= " selected"; + $html .= ">L</option>\n"; + $html .= "<option value=\"XL\""; + if ($_POST["Size"] == "XL") + $html .= " selected"; + $html .= ">XL</option>\n"; + $html .= "<option value=\"2XL\""; + if ($_POST["Size"] == "2XL") + $html .= " selected"; + $html .= ">2XL</option>\n"; + $html .= "<option value=\"3XL\""; + if ($_POST["Size"] == "3XL") + $html .= " selected"; + $html .= ">3XL</option>\n"; + $html .= "<option value=\"4XL\""; + if ($_POST["Size"] == "4XL") + $html .= " selected"; + $html .= ">4XL</option>\n"; + $html .= "<option value=\"5XL\""; + if ($_POST["Size"] == "5XL") + $html .= " selected"; + $html .= ">5XL</option>\n"; + $html .= "<option value=\"S-G\""; + if ($_POST["Size"] == "S-G") + $html .= " selected"; + $html .= ">S Girl</option>\n"; + $html .= "<option value=\"M-G\""; + if ($_POST["Size"] == "M-G") + $html .= " selected"; + $html .= ">M Girl</option>\n"; + $html .= "<option value=\"L-G\""; + if ($_POST["Size"] == "L-G") + $html .= " selected"; + $html .= ">L Girl</option>\n"; + $html .= "<option value=\"XL-G\""; + if ($_POST["Size"] == "XL-G") + $html .= " selected"; + $html .= ">XL Girl</option>\n"; + $html .= "</select>\n"; + $html .= "</td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Engelart") . "</td><td align=\"left\">\n"; + $html .= "<select name=\"Art\">\n"; + + $engel_types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `NAME`"); + foreach ($engel_types as $engel_type) { + $Name = $engel_type['Name'] . Get_Text("inc_schicht_engel"); + $html .= "<option value=\"" . $Name . "\""; + + if ($_POST["Art"] == $Name) + $html .= " selected"; + + $html .= ">$Name</option>\n"; + } + + $html .= "</select>\n"; + $html .= "</td>\n"; + $html .= "</tr>\n"; + $html .= "<tr>\n"; + $html .= "<td>" . Get_Text("makeuser_text2") . "</td>\n"; + $html .= "<td><textarea rows=\"5\" cols=\"40\" name=\"kommentar\">" . $_POST["kommentar"] . "</textarea></td>\n"; + $html .= "</tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Hometown") . "</td><td><input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" . $_POST["Hometown"] . "\"></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Passwort") . "*</td><td><input type=\"password\" size=\"40\" name=\"Passwort\"/></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Passwort2") . "*</td><td><input type=\"password\" size=\"40\" name=\"Passwort2\"/></td></tr>\n"; + $html .= "<tr><td> </td><td><input type=\"submit\" name=\"send\" value=\"" . Get_Text("makeuser_Anmelden") . "\"/></td></tr>\n"; + $html .= "</table>\n"; + $html .= "</form>\n"; + $html .= Get_Text("makeuser_text3"); + } + return $html; +} + +function guest_logout() { + unset ($_SESSION['uid']); + header("Location: " . page_link_to("start")); +} + +function guest_login() { + global $user; + unset ($_SESSION['uid']); + + $html = ""; + if (isset ($_REQUEST['login_submit'])) { + $login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($_REQUEST["user"]) . "'"); + + if (count($login_user) == 1) { // Check, ob User angemeldet wird... + $login_user = $login_user[0]; + if ($login_user["Passwort"] == PassCrypt($_REQUEST["password"])) { // Passwort ok... + $_SESSION['uid'] = $login_user['UID']; + $_SESSION['Sprache'] = $login_user['Sprache']; + header("Location: " . page_link_to("news")); + } else { // Passwort nicht ok... + $ErrorText = "pub_index_pass_no_ok"; + } // Ende Passwort-Check + } else { // Anzahl der User in User-Tabelle <> 1 --> keine Anmeldung + if ($user_anz == 0) + $ErrorText = "pub_index_User_unset"; + else + $ErrorText = "pub_index_User_more_as_one"; + } // Ende Check, ob User angemeldet wurde} + } + if (isset ($ErrorText)) + $html .= error(Get_Text($ErrorText)); + $html .= guest_login_form(); + return $html; +} + +function guest_login_form() { + return template_render("../templates/guest_login_form.html", array ( + 'link' => page_link_to("login"), + 'nick' => Get_Text("index_lang_nick"), + 'pass' => Get_Text("index_lang_pass"), + 'send' => Get_Text("index_lang_send") + )); +} +?> diff --git a/includes/pages/guest_start.php b/includes/pages/guest_start.php new file mode 100644 index 00000000..286511f2 --- /dev/null +++ b/includes/pages/guest_start.php @@ -0,0 +1,13 @@ +<?php +function guest_start() { + require_once ('includes/pages/guest_login.php'); + $html = "<p>" . Get_Text("index_text1") . "</p>\n"; + $html .= "<p>" . Get_Text("index_text2") . "</p>\n"; + $html .= "<p>" . Get_Text("index_text3") . "</p>\n"; + + $html .= guest_login_form(); + + $html .= "<h6>" . Get_Text("index_text4") . "</h6>"; + return $html; +} +?>
\ No newline at end of file diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php new file mode 100644 index 00000000..a13b28f0 --- /dev/null +++ b/includes/pages/user_messages.php @@ -0,0 +1,239 @@ +<?php +function user_unread_messages() { + global $user, $privileges; + + if (in_array("user_messages", $privileges)) { + $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID'])); + + if ($new_messages > 0) + return sprintf( + '<p class="notice"><a href="%s">%s %s %s</a></p><hr />', + page_link_to("user_messages"), + Get_Text("pub_messages_new1"), + $new_messages, + Get_Text("pub_messages_new2") + ); + } + + return ""; +} + +function user_messages() { + global $user; + + if (!isset ($_REQUEST['action'])) { + $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" + . sql_escape($user['UID']) . " ORDER BY `Nick`"); + + $to_select_data = array ( + "" => "Select receiver..." + ); + + foreach ($users as $u) + $to_select_data[$u['UID']] = $u['Nick']; + + $to_select = html_select_key('to', $to_select_data, ''); + + $messages_html = ""; + $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" + . sql_escape($user['UID']) + . " OR `RUID`=" . sql_escape($user['UID']) + . " ORDER BY `isRead`,`Datum` DESC" + ); + foreach ($messages as $message) { + + $messages_html .= sprintf( + '<tr %s> <td>%s</td> <td>%s</td> <td>%s</td> <td>%s</td>' + .'<td>%s</td>', + ($message['isRead'] == 'N' ? ' class="new_message"' : ''), + ($message['isRead'] == 'N' ? '•' : ''), + date("Y-m-d H:i", $message['Datum']), + UID2Nick($message['SUID']), + UID2Nick($message['RUID']), + str_replace("\n", '<br />', $message['Text']) + ); + + $messages_html .= '<td>'; + if ($message['RUID'] == $user['UID']) { + if ($message['isRead'] == 'N') + $messages_html .= '<a href="' . page_link_to("user_messages") . '&action=read&id=' . $message['id'] . '">' . Get_Text("pub_messages_MarkRead") . '</a>'; + } else { + $messages_html .= '<a href="' . page_link_to("user_messages") . '&action=delete&id=' . $message['id'] . '">' . Get_Text("pub_messages_DelMsg") . '</a>'; + } + $messages_html .= '</td></tr>'; + } + + return template_render('../templates/user_messages.html', array ( + 'link' => page_link_to("user_messages"), + 'greeting' => Get_Text("Hello") . $user['Nick'] . ", <br />\n" + . Get_Text("pub_messages_text1") . "<br /><br />\n", + 'messages' => $messages_html, + 'new_label' => Get_Text("pub_messages_Neu"), + 'date_label' => Get_Text("pub_messages_Datum"), + 'from_label' => Get_Text("pub_messages_Von"), + 'to_label' => Get_Text("pub_messages_An"), + 'text_label' => Get_Text("pub_messages_Text"), + 'date' => date("Y-m-d H:i"), + 'from' => $user['Nick'], + 'to_select' => $to_select, + 'submit_label' => Get_Text("save") + )); + } else { + switch ($_REQUEST['action']) { + case "read" : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Message ID."); + + $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) { + sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("user_messages")); + } else + return error("No Message found."); + break; + + case "delete" : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Message ID."); + + $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) { + sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("user_messages")); + } else + return error("No Message found."); + break; + + case "send" : + $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); + $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['to'])); + if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) { + sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'"); + header("Location: " . page_link_to("user_messages")); + } else { + return error(Get_Text("pub_messages_Send_Error")); + } + break; + } + return ""; + } + + if (!isset ($_GET["action"])) + $_GET["action"] = "start"; + + switch ($_GET["action"]) { + case "start" : + echo Get_Text("Hello") . $_SESSION['Nick'] . ", <br />\n"; + echo Get_Text("pub_messages_text1") . "<br /><br />\n"; + + //show exist Messages + $SQL = "SELECT * FROM `Messages` WHERE `SUID`='" . $_SESSION["UID"] . "' OR `RUID`='" . $_SESSION["UID"] . "'"; + $erg = mysql_query($SQL, $con); + + echo "<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n"; + echo "<tr>\n"; + echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Datum") . "</b></td>\n"; + echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Von") . "</b></td>\n"; + echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_An") . "</b></td>\n"; + echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Text") . "</b></td>\n"; + echo "<td class=\"contenttopic\"></td>\n"; + echo "</tr>\n"; + + for ($i = 0; $i < mysql_num_rows($erg); $i++) { + echo "<tr class=\"content\">\n"; + echo "<td>" . mysql_result($erg, $i, "Datum") . "</td>\n"; + echo "<td>" . UID2Nick(mysql_result($erg, $i, "SUID")) . "</td>\n"; + echo "<td>" . UID2Nick(mysql_result($erg, $i, "RUID")) . "</td>\n"; + echo "<td>" . mysql_result($erg, $i, "Text") . "</td>\n"; + echo "<td>"; + + if (mysql_result($erg, $i, "RUID") == $_SESSION["UID"]) { + echo "<a href=\"?action=DelMsg&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_DelMsg") . "</a>"; + + if (mysql_result($erg, $i, "isRead") == "N") + echo "<a href=\"?action=MarkRead&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_MarkRead") . "</a>"; + } else { + if (mysql_result($erg, $i, "isRead") == "N") + echo Get_Text("pub_messages_NotRead"); + } + + echo "</td>\n"; + echo "</tr>\n"; + } + + // send Messeges + echo "<form action=\"" . $_SERVER['SCRIPT_NAME'] . "?action=SendMsg\" method=\"POST\">"; + echo "<tr class=\"content\">\n"; + echo "<td></td>\n"; + echo "<td></td>\n"; + + // Listet alle Nicks auf + echo "<td><select name=\"RUID\">\n"; + + $usql = "SELECT * FROM `User` WHERE (`UID`!='" . $_SESSION["UID"] . "') ORDER BY `Nick`"; + $uErg = mysql_query($usql, $con); + $urowcount = mysql_num_rows($uErg); + + for ($k = 0; $k < $urowcount; $k++) { + echo "<option value=\"" . mysql_result($uErg, $k, "UID") . "\">" . mysql_result($uErg, $k, "Nick") . "</option>\n"; + } + + echo "</select></td>\n"; + echo "<td><textarea name=\"Text\" cols=\"30\" rows=\"10\"></textarea></td>\n"; + echo "<td><input type=\"submit\" value=\"" . Get_Text("save") . "\"></td>\n"; + echo "</tr>\n"; + echo "</form>"; + + echo "</table>\n"; + break; + + case "SendMsg" : + echo Get_Text("pub_messages_Send1") . "...<br />\n"; + + $SQL = "INSERT INTO `Messages` ( `Datum` , `SUID` , `RUID` , `Text` ) VALUES (" . + "'" . gmdate("Y-m-j H:i:s", time()) . "', " . + "'" . $_SESSION["UID"] . "', " . + "'" . $_POST["RUID"] . "', " . + "'" . $_POST["Text"] . "');"; + + $Erg = mysql_query($SQL, $con); + + if ($Erg == 1) + echo Get_Text("pub_messages_Send_OK") . "\n"; + else + echo Get_Text("pub_messages_Send_Error") . "...\n(" . mysql_error($con) . ")"; + break; + + case "MarkRead" : + $SQL = "UPDATE `Messages` SET `isRead` = 'Y' " . + "WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID`='" . $_SESSION["UID"] . "' " . + "LIMIT 1 ;"; + $Erg = mysql_query($SQL, $con); + + if ($Erg == 1) + echo Get_Text("pub_messages_MarkRead_OK") . "\n"; + else + echo Get_Text("pub_messages_MarkRead_KO") . "...\n(" . mysql_error($con) . ")"; + break; + + case "DelMsg" : + $SQL = "DELETE FROM `Messages` " . + "WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID` ='" . $_SESSION["UID"] . "' " . + "LIMIT 1;"; + $Erg = mysql_query($SQL, $con); + + if ($Erg == 1) + echo Get_Text("pub_messages_DelMsg_OK") . "\n"; + else + echo Get_Text("pub_messages_DelMsg_KO") . "...\n(" . mysql_error($con) . ")"; + break; + + default : + echo Get_Text("pub_messages_NoCommand"); + } +} +?> diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php new file mode 100644 index 00000000..818c2da2 --- /dev/null +++ b/includes/pages/user_news.php @@ -0,0 +1,168 @@ +<?php +function user_meetings() { + global $DISPLAY_NEWS, $privileges, $user; + + $html = ""; + + if (isset ($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page'])) + $page = $_REQUEST['page']; + else + $page = 0; + + $news = sql_select("SELECT * FROM `News` WHERE `Treffen`=1 ORDER BY `ID` DESC LIMIT " . ($page * $DISPLAY_NEWS) . ", " . $DISPLAY_NEWS); + foreach ($news as $entry) + $html .= display_news($entry); + + $html .= "<div class=\"pagination\">\n\n"; + $dis_rows = ceil(sql_num_query("SELECT * FROM `News` WHERE `Treffen`=1") / $DISPLAY_NEWS); + + $html .= Get_Text(5); + + for ($i = 0; $i < $dis_rows; $i++) { + if ($i == $_REQUEST['page']) + $html .= ($i +1) . " "; + else + $html .= '<a href="' . page_link_to("news") . '&page=' . $i . '">' . ($i +1) . '</a> '; + } + $html .= '</div>'; + return $html; +} + +function display_news($news) { + global $privileges, $p; + + $html .= ""; + $html .= '<article class="news' . ($news['Treffen'] == 1 ? ' meeting' : '') . '">'; + $html .= '<details>'; + $html .= date("Y-m-d H:i", $news['Datum']) . ', '; + $html .= UID2Nick($news['UID']); + if ($p != "news_comments") + $html .= ', <a href="' . page_link_to("news_comments") . '&nid=' . $news['ID'] . '">Kommentare (' . sql_num_query("SELECT * FROM `news_comments` WHERE `Refid`='" . sql_escape($news['ID']) . "'") . ') »</a>'; + $html .= '</details>'; + $html .= '<h3>' . ($news['Treffen'] == 1 ? '[Meeting] ' : '') . ReplaceSmilies($news['Betreff']) . '</h3>'; + $html .= '<p>' . ReplaceSmilies(nl2br($news['Text'])) . '</p>'; + if (in_array("admin_news", $privileges)) + $html .= "<details><a href=\"" . page_link_to("admin_news") . "&action=edit&id=" . $news['ID'] . "\">Edit</a></details>\n"; + + $html .= '</article>'; + return $html; +} + +function user_news_comments() { + global $user; + + $html = ""; + if (isset ($_REQUEST["nid"]) && preg_match("/^[0-9]{1,}$/", $_REQUEST['nid']) && sql_num_query("SELECT * FROM `News` WHERE `ID`=" . sql_escape($_REQUEST['nid']) . " LIMIT 1") > 0) { + $nid = $_REQUEST["nid"]; + list ($news) = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($_REQUEST['nid']) . " LIMIT 1"); + if (isset ($_REQUEST["text"])) { + $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); + sql_query("INSERT INTO `news_comments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')"); + $html .= success("Eintrag wurde gespeichert"); + } + + $html .= '<a href="' . page_link_to("news") . '">« Back</a>'; + $html .= display_news($news); + + $html .= '<h2>Kommentare</h2>'; + + $comments = sql_select("SELECT * FROM `news_comments` WHERE `Refid`='" . $nid . "' ORDER BY 'ID'"); + foreach ($comments as $comment) { + $html .= '<article class="news_comment">'; + $html .= DisplayAvatar($comment['UID']); + $html .= '<details>'; + $html .= $comment['Datum'] . ', '; + $html .= UID2Nick($comment['UID']); + $html .= '</details>'; + $html .= '<p>' . nl2br($comment['Text']) . '</p>'; + $html .= '</article>'; + } + + $html .= "</table>"; + $html .= ' + <br /> + <hr> + <h2>Neuer Kommentar:</h2> + <a name="Neu"> </a> + + <form action="' . page_link_to("news_comments") . '" method="post"> + <input type="hidden" name="nid" value="' . $_REQUEST["nid"] . '"> + <table> + <tr> + <td align="right" valign="top">Text:</td> + <td><textarea name="text" cols="50" rows="10"></textarea></td> + </tr> + </table> + <br /> + <input type="submit" value="sichern..."> + </form>'; + } else { + $html .= "Fehlerhafter Aufruf!"; + } + + return $html; +} + +function user_news() { + global $DISPLAY_NEWS, $privileges, $user; + + $html = ""; + + if (isset ($_POST["text"]) && isset ($_POST["betreff"])) { + if (!isset ($_POST["treffen"]) || !in_array("admin_news", $privileges)) + $_POST["treffen"] = 0; + sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " . + "VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) . + "', '" . sql_escape($_POST["treffen"]) . "');"); + $html .= success(Get_Text(4)); + } + + if (isset ($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page'])) + $page = $_REQUEST['page']; + else + $page = 0; + + $news = sql_select("SELECT * FROM `News` ORDER BY `ID` DESC LIMIT " . ($page * $DISPLAY_NEWS) . ", " . $DISPLAY_NEWS); + foreach ($news as $entry) + $html .= display_news($entry); + + $html .= "<div class=\"pagination\">\n\n"; + $dis_rows = ceil(sql_num_query("SELECT * FROM `News`") / $DISPLAY_NEWS); + + $html .= Get_Text(5); + + for ($i = 0; $i < $dis_rows; $i++) { + if ($i == $_REQUEST['page']) + $html .= ($i +1) . " "; + else + $html .= '<a href="' . page_link_to("news") . '&page=' . $i . '">' . ($i +1) . '</a> '; + } + $html .= '</div> + <br /><hr /> + <h2>' . Get_Text(6) . '</h2> + <a name="Neu"> </a> + + <form action="" method="post"> + <table> + <tr> + <td align="right">' . Get_Text(7) . '</td> + <td><input type="text" name="betreff" size="60"></td> + </tr> + <tr> + <td align="right">' . Get_Text(8) . '</td> + <td><textarea name="text" cols="50" rows="10"></textarea></td> + </tr>'; + if (in_array('admin_news', $privileges)) { + $html .= ' <tr> + <td align="right">' . Get_Text(9) . '</td> + <td><input type="checkbox" name="treffen" size="1" value="1"></td> + </tr>'; + + } + $html .= '</table> + <br /> + <input type="submit" value="' . Get_Text("save") . '"> + </form>'; + return $html; +} +?>
\ No newline at end of file diff --git a/includes/pages/user_questions.php b/includes/pages/user_questions.php new file mode 100644 index 00000000..4e9daa5a --- /dev/null +++ b/includes/pages/user_questions.php @@ -0,0 +1,50 @@ +<?php +function user_questions() { + global $user; + + if (!isset ($_REQUEST['action'])) { + $open_questions = ""; + $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0 AND `UID`=" . sql_escape($user['UID'])); + foreach ($questions as $question) + $open_questions .= '<tr><td>' . str_replace("\n", '<br />', $question['Question']) . '</td><td><a href="' . page_link_to("user_questions") . '&action=delete&id=' . $question['QID'] . '">Delete</a></td><tr>'; + + $answered_questions = ""; + $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0 AND `UID`=" . sql_escape($user['UID'])); + foreach ($questions as $question) { + $answered_questions .= '<tr><td>' . str_replace("\n", '<br />', $question['Question']) . '</td>'; + $answered_questions .= '<td>' . UID2Nick($question['AID']) . '</td><td>' . str_replace("\n", '<br />', $question['Answer']) . '</td>'; + $answered_questions .= '<td><a href="' . page_link_to("user_questions") . '&action=delete&id=' . $question['QID'] . '">Delete</a></td><tr>'; + } + + return template_render('../templates/user_questions.html', array ( + 'link' => page_link_to("user_questions"), + 'open_questions' => $open_questions, + 'answered_questions' => $answered_questions + )); + } else { + switch ($_REQUEST['action']) { + case 'ask' : + $question = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question']))); + if ($question != "") { + sql_query("INSERT INTO `Questions` SET `UID`=" . sql_escape($user['UID']) . ", `Question`='" . sql_escape($question) . "'"); + header("Location: " . page_link_to("user_questions")); + } else + return error("Please enter a question!"); + break; + case 'delete' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Question ID."); + + $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + if (count($question) > 0 && $question[0]['UID'] == $user['UID']) { + sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("user_questions")); + } else + return error("No question found."); + break; + } + } +} +?>
\ No newline at end of file diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php new file mode 100644 index 00000000..97c8626f --- /dev/null +++ b/includes/pages/user_settings.php @@ -0,0 +1,252 @@ +<?php +function user_settings() { + global $user; + + if (!isset ($_REQUEST['action'])) { + $tshirt_html = template_render('../templates/user_settings_tshirt.html', array ( + 'label_size' => Get_Text("makeuser_T-Shirt"), + 'size_select' => ($user['Tshirt'] == 0) ? html_select_key('size', array ( + 'S' => "S", + 'M' => "M", + 'L' => "L", + 'XL' => "XL", + '2XL' => "2XL", + '3XL' => "3XL", + '4XL' => "4XL", + '5XL' => "5XL", + 'S-G' => "S Girl", + 'M-G' => "M Girl", + 'L-G' => "L Girl", + 'XL-G' => "XL Girl" + ), $user['Size']) : $user['Size'] + )); + + return template_render('../templates/user_settings.html', array ( + 'link' => page_link_to("user_settings"), + 'greeting' => Get_Text("Hallo") . $user['Nick'] . ",<br />" . Get_Text(13), + 'text_user_data' => Get_Text("pub_einstellungen_Text_UserData"), + 'label_nick' => Get_Text("pub_einstellungen_Nick"), + 'label_name' => Get_Text("pub_einstellungen_Name"), + 'label_prename' => Get_Text("pub_einstellungen_Vorname"), + 'label_age' => Get_Text("pub_einstellungen_Alter"), + 'label_tel' => Get_Text("pub_einstellungen_Telefon"), + 'label_mobile' => Get_Text("pub_einstellungen_Handy"), + 'label_dect' => Get_Text("pub_einstellungen_DECT"), + 'label_mail' => Get_Text("pub_einstellungen_Email"), + 'label_hometown' => Get_Text("pub_einstellungen_Hometown"), + 'nick' => $user['Nick'], + 'name' => $user['Name'], + 'prename' => $user['Vorname'], + 'age' => $user['Alter'], + 'tel' => $user['Telefon'], + 'mobile' => $user['Handy'], + 'dect' => $user['DECT'], + 'mail' => $user['email'], + 'icq' => $user['ICQ'], + 'jabber' => $user['jabber'], + 'hometown' => $user['Hometown'], + 'label_save' => Get_Text("save"), + 'tshirts' => $tshirt_html, + 'text_password' => Get_Text(14), + 'current_pw_label' => Get_Text(15), + 'new_pw_label' => Get_Text(16), + 'new_pw2_label' => Get_Text(17), + 'text_theme' => Get_Text(18), + 'theme_label' => Get_Text(19), + 'theme_select' => html_select_key('theme', array ( + "1" => "Standard-Style", + "2" => "ot/Gelber Style", + "3" => "Club-Mate Style", + "5" => "Debian Style", + "6" => "c-base Style", + "7" => "Blau/Gelber Style", + "8" => "Pastel Style", + "4" => "Test Style", + "9" => "Test Style 21c3", + "10" => "msquare (cccamp2011)" + ), $user['color']), + 'text_language' => Get_Text(20), + 'language_label' => Get_Text(21), + 'language_select' => html_select_key('language', array ( + 'DE' => "Deutsch", + 'EN' => "English" + ), $user['Sprache']) + )); + } else { + switch ($_REQUEST['action']) { + case 'sprache' : + if (isset ($_REQUEST['language']) && preg_match("/^DE|EN$/", $_REQUEST['language'])) + $language = $_REQUEST['language']; + else + $language = "EN"; + sql_query("UPDATE `User` SET " . "`Sprache`='" . sql_escape($language) . "' WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1"); + $_SESSION['Sprache'] = $language; + header("Location: " . page_link_to("user_settings")); + break; + + case 'colour' : + $theme = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['theme'])); + sql_query("UPDATE `User` SET " . "`color`='" . sql_escape($theme) . "' WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1"); + header("Location: " . page_link_to("user_settings")); + break; + + case 'set' : + $html = ""; + if ($_REQUEST["new_pw"] == $_REQUEST["new_pw2"]) { + if (PassCrypt($_REQUEST["current_pw"]) == $user['Passwort']) { + sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1"); + header("Location: " . page_link_to("user_settings")); + } else { + $html .= error(Get_Text(30)); + } + } else { + $html .= error(Get_Text(31)); + } + return $html; + break; + + case "setUserData" : + $nick = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['nick'])); + $name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['name'])); + $prename = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['prename'])); + $age = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['age'])); + $tel = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['tel'])); + $mobile = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['mobile'])); + $dect = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['dect'])); + $mail = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['mail'])); + $icq = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['icq'])); + $jabber = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['jabber'])); + $hometown = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['hometown'])); + $size = ($user['TShirt'] == 0) ? preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['size'])) : $user['Size']; + + sql_query("UPDATE `User` SET " . + "`Nick`='" . sql_escape($nick) . "', " . + "`Name`='" . sql_escape($name) . "', " . + "`Vorname`='" . sql_escape($prename) . "', " . + "`Alter`='" . sql_escape($age) . "', " . + "`Telefon`='" . sql_escape($tel) . "', " . + "`Handy`='" . sql_escape($mobile) . "', " . + "`DECT`='" . sql_escape($dect) . "', " . + "`email`='" . sql_escape($mail) . "', " . + "`ICQ`='" . sql_escape($icq) . "', " . + "`jabber`='" . sql_escape($jabber) . "', " . + "`Hometown`='" . sql_escape($hometown) . "', " . + "`Size`='" . sql_escape($size) . "' " . + "WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1"); + header("Location: " . page_link_to("user_settings")); + break; + } + } + + // AVATARE + /* + if (get_cfg_var("file_uploads")) { + echo "<br />\n<hr width=\"100%\">\n<br />\n\n"; + echo Get_Text('pub_einstellungen_PictureUpload') . "<br />"; + echo "<form action=\"./einstellungen.php\" method=\"post\" enctype=\"multipart/form-data\">\n"; + echo "<input type=\"hidden\" name=\"action\" value=\"sendPicture\">\n"; + echo "<input name=\"file\" type=\"file\" size=\"50\" maxlength=\"" . get_cfg_var("post_max_size") . "\">\n"; + echo "(max " . get_cfg_var("post_max_size") . "Byte)<br />\n"; + echo "<input type=\"submit\" value=\"" . Get_Text("upload"), "\">\n"; + echo "</form>\n"; + } + + switch (GetPicturShow($_SESSION['UID'])) { + case 'Y' : + echo Get_Text('pub_einstellungen_PictureShow') . "<br />"; + echo displayPictur($_SESSION['UID'], 0); + echo "<form action=\"./einstellungen.php\" method=\"post\">\n"; + echo "<input type=\"hidden\" name=\"action\" value=\"delPicture\">\n"; + echo "<input type=\"submit\" value=\"" . Get_Text("delete"), "\">\n"; + echo "</form>\n"; + break; + case 'N' : + echo Get_Text('pub_einstellungen_PictureNoShow') . "<br />"; + echo displayPictur($_SESSION['UID'], 0); + echo "<form action=\"./einstellungen.php\" method=\"post\">\n"; + echo "<input type=\"hidden\" name=\"action\" value=\"delPicture\">\n"; + echo "<input type=\"submit\" value=\"" . Get_Text("delete"), "\">\n"; + echo "</form>\n"; + echo "<br />\n<hr width=\"100%\">\n<br />\n\n"; + case '' : + echo "<br />\n<hr width=\"100%\">\n<br />\n\n"; + echo Get_Text(22) . "<br />"; + echo "\n<form action=\"./einstellungen.php\" method=\"post\">\n"; + echo "<input type=\"hidden\" name=\"action\" value=\"avatar\">\n"; + echo "<table>\n"; + echo "<tr>\n<td>" . Get_Text(23) . "<br /></td>\n</tr>\n"; + echo "<tr>\n"; + echo "<td>\n"; + echo "<select name=\"eAvatar\" onChange=\"document.avatar.src = '" . $url . $ENGEL_ROOT . "pic/avatar/avatar' + this.value + '.gif'\" onKeyup=\"document.avatar.src = '" . $url . $ENGEL_ROOT . "pic/avatar/avatar' + this.value + '.gif'\">\n"; + + for ($i = 1; file_exists("../pic/avatar/avatar" . $i . ".gif"); $i++) + echo "<option value=\"" . $i . "\"" . ($_SESSION['Avatar'] == $i ? " selected" : "") . ">avatar" . $i . "</option>\n"; + + echo "</select> \n"; + echo "<img src=\"" . $url . $ENGEL_ROOT . "pic/avatar/avatar" . $_SESSION['Avatar'] . ".gif\" name=\"avatar\" border=\"0\" align=\"top\">\n"; + echo "</td>\n</tr>\n"; + echo "</table>\n"; + echo "<input type=\"submit\" value=\"" . Get_Text("save") . "\">\n"; + echo "</form>\n"; + break; + } //CASE + + } else { + switch ($_POST["action"]) { + + case 'avatar' : + $chsql = "UPDATE `User` SET `Avatar`='" . $_POST["eAvatar"] . "' WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1"; + $Erg = mysql_query($chsql, $con); + $_SESSION['Avatar'] = $_POST["eAvatar"]; + if ($Erg == 1) + Print_Text(34); + else + Print_Text(29); + break; + + case 'setUserData' : + + break; + + case 'sendPicture' : + if ($_FILES["file"]["size"] > 0) { + if (($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/png") || ($_FILES["file"]["type"] == "image/gif")) { + $data = addslashes(fread(fopen($_FILES["file"]["tmp_name"], "r"), filesize($_FILES["file"]["tmp_name"]))); + + if (GetPicturShow($_SESSION['UID']) == "") + $SQL = "INSERT INTO `UserPicture` " . + "( `UID`,`Bild`, `ContentType`, `show`) " . + "VALUES ('" . $_SESSION['UID'] . "', '$data', '" . $_FILES["file"]["type"] . "', 'N')"; + else + $SQL = "UPDATE `UserPicture` SET " . + "`Bild`='$data', " . + "`ContentType`='" . $_FILES["file"]["type"] . "', " . + "`show`='N' " . + "WHERE `UID`='" . $_SESSION['UID'] . "'"; + + $res = mysql_query($SQL, $con); + if ($res) + Print_Text("pub_einstellungen_send_OK"); + else + Print_Text("pub_einstellungen_send_KO"); + + echo "<h6>('" . $_FILES["file"]["name"] . "', MIME-Type: " . $_FILES["file"]["type"] . ", " . $_FILES["file"]["size"] . " Byte)</h6>"; + } else + Print_Text("pub_einstellungen_send_KO"); + } else + Print_Text("pub_einstellungen_send_KO"); + break; + + case 'delPicture' : + $chsql = "DELETE FROM `UserPicture` WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1"; + $Erg = mysql_query($chsql, $con); + if ($Erg == 1) + Print_Text("pub_einstellungen_del_OK"); + else + Print_Text("pub_einstellungen_del_KO"); + Break; + } + } + */ +} +?> diff --git a/includes/pages/user_wakeup.php b/includes/pages/user_wakeup.php new file mode 100644 index 00000000..2c6940e7 --- /dev/null +++ b/includes/pages/user_wakeup.php @@ -0,0 +1,86 @@ +<?php +function user_wakeup() { + global $user; + + $html = ""; + + if (isset ($_REQUEST['action'])) { + switch ($_REQUEST['action']) { + case 'create' : + $date = DateTime::createFromFormat("Y-m-d H:i", $_REQUEST['Date']); + if ($date != null) { + $date = $date->getTimestamp(); + $bemerkung = strip_request_item_nl('Bemerkung'); + $ort = strip_request_item('Ort'); + $SQL = "INSERT INTO `Wecken` (`UID`, `Date`, `Ort`, `Bemerkung`) " + . "VALUES ('" . sql_escape($user['UID']) . "', '" + . sql_escape($date) . "', '" . sql_escape($ort) . "', " . "'" + . sql_escape($bemerkung) . "')"; + sql_query($SQL); + $html .= success(Get_Text(4)); + } else + $html .= error("Broken date!"); + break; + + case 'delete' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing wake-up ID."); + + $wakeup = sql_select("SELECT * FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + if (count($wakeup) > 0 && $wakeup[0]['UID'] == $user['UID']) { + sql_query("DELETE FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + $html .= success("Wake-up call deleted."); + } else + return error("No wake-up found."); + break; + } + } + + $html .= "<p>" . Get_Text("Hello") . $user['Nick'] . ",<br />" + . Get_Text("pub_wake_beschreibung") . "</p>\n\n"; + $html .= Get_Text("pub_wake_beschreibung2"); + $html .= ' +<table border="0" width="100%" class="border" cellpadding="2" cellspacing="1"> + <tr class="contenttopic"> + <th>' . Get_Text("pub_wake_Datum") . '</th> + <th>' . Get_Text("pub_waeckliste_Nick") . '</th> + <th>' . Get_Text("pub_wake_Ort") . '</th> + <th>' . Get_Text("pub_wake_Bemerkung") . '</th> + <th></th> + </tr> +'; + + $sql = "SELECT * FROM `Wecken` ORDER BY `Date` ASC"; + $Erg = sql_query($sql); + $count = mysql_num_rows($Erg); + + for ($i = 0; $i < $count; $i++) { + $row = mysql_fetch_row($Erg); + $html .= '<tr class="content">'; + $html .= '<td>' . date("Y-m-d H:i", mysql_result($Erg, $i, "Date")) . ' </td>'; + $html .= '<td>' . UID2Nick(mysql_result($Erg, $i, "UID")) . ' </td>'; + $html .= '<td>' . mysql_result($Erg, $i, "Ort") . ' </td>'; + $html .= '<td>' . mysql_result($Erg, $i, "Bemerkung") . ' </td>'; + if (mysql_result($Erg, $i, "UID") == $user['UID']) + $html .= '<td><a href="' . page_link_to("user_wakeup") . '&action=delete&id=' . mysql_result($Erg, $i, "ID") . "\">" . Get_Text("pub_wake_del") . '</a></td>'; + else + $html .= '<td></td>'; + $html .= '</tr>'; + } + + $html .= '</table><hr />' . Get_Text("pub_wake_Text2"); + + $html .= template_render('../templates/user_wakeup.html', array ( + 'wakeup_link' => page_link_to("user_wakeup"), + 'date_text' => Get_Text("pub_wake_Datum"), + 'date_value' => date("Y-m-d H:i"), + 'place_text' => Get_Text("pub_wake_Ort"), + 'comment_text' => Get_Text("pub_wake_Bemerkung"), + 'comment_value' => "Knock knock Leo, follow the white rabbit to the blue tent", + 'submit_text' => Get_Text("pub_wake_bouton") + )); + return $html; +} +?> |