diff options
Diffstat (limited to 'includes/pages')
-rw-r--r-- | includes/pages/admin_active.php | 94 | ||||
-rw-r--r-- | includes/pages/admin_arrive.php | 98 | ||||
-rw-r--r-- | includes/pages/admin_free.php | 2 | ||||
-rw-r--r-- | includes/pages/admin_groups.php | 14 | ||||
-rw-r--r-- | includes/pages/admin_import.php | 4 | ||||
-rw-r--r-- | includes/pages/admin_news.php | 12 | ||||
-rw-r--r-- | includes/pages/admin_questions.php | 8 | ||||
-rw-r--r-- | includes/pages/admin_rooms.php | 118 | ||||
-rw-r--r-- | includes/pages/admin_shifts.php | 16 | ||||
-rw-r--r-- | includes/pages/admin_user.php | 398 | ||||
-rw-r--r-- | includes/pages/guest_login.php | 32 | ||||
-rw-r--r-- | includes/pages/user_ical.php | 2 | ||||
-rw-r--r-- | includes/pages/user_messages.php | 14 | ||||
-rw-r--r-- | includes/pages/user_myshifts.php | 39 | ||||
-rw-r--r-- | includes/pages/user_news.php | 8 | ||||
-rw-r--r-- | includes/pages/user_questions.php | 10 | ||||
-rw-r--r-- | includes/pages/user_settings.php | 152 | ||||
-rw-r--r-- | includes/pages/user_shifts.php | 159 |
18 files changed, 619 insertions, 561 deletions
diff --git a/includes/pages/admin_active.php b/includes/pages/admin_active.php index 08c436fc..e3fa0996 100644 --- a/includes/pages/admin_active.php +++ b/includes/pages/admin_active.php @@ -1,22 +1,27 @@ <?php + function admin_active_title() { return _("Active angels"); } function admin_active() { global $tshirt_sizes, $shift_sum_formula; - + $msg = ""; $search = ""; $forced_count = sql_num_query("SELECT * FROM `User` WHERE `force_active`=1"); $count = $forced_count; $limit = ""; $set_active = ""; + if (isset($_REQUEST['search'])) $search = strip_request_item('search'); + + $show_all_shifts = isset($_REQUEST['show_all_shifts']); + if (isset($_REQUEST['set_active'])) { $ok = true; - + if (isset($_REQUEST['count']) && preg_match("/^[0-9]+$/", $_REQUEST['count'])) { $count = strip_request_item('count'); if ($count < $forced_count) { @@ -27,7 +32,7 @@ function admin_active() { $ok = false; $msg .= error(_("Please enter a number of angels to be marked as active."), true); } - + if ($ok) $limit = " LIMIT " . $count; if (isset($_REQUEST['ack'])) { @@ -42,23 +47,24 @@ function admin_active() { ORDER BY `force_active` DESC, `shift_length` DESC" . $limit); $user_nicks = array(); foreach ($users as $usr) { - sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`=" . sql_escape($usr['UID'])); + sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`='" . sql_escape($usr['UID']) . "'"); $user_nicks[] = User_Nick_render($usr); } + sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `force_active`=TRUE"); engelsystem_log("These angels are active now: " . join(", ", $user_nicks)); - + $limit = ""; $msg = success(_("Marked angels."), true); } else { $set_active = '<a href="' . page_link_to('admin_active') . '&serach=' . $search . '">« ' . _("back") . '</a> | <a href="' . page_link_to('admin_active') . '&search=' . $search . '&count=' . $count . '&set_active&ack">' . _("apply") . '</a>'; } } - + if (isset($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) { $id = $_REQUEST['active']; $user_source = User($id); if ($user_source != null) { - sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User " . User_Nick_render($user_source) . " is active now."); $msg = success(_("Angel has been marked as active."), true); } else @@ -67,7 +73,7 @@ function admin_active() { $id = $_REQUEST['not_active']; $user_source = User($id); if ($user_source != null) { - sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User " . User_Nick_render($user_source) . " is NOT active now."); $msg = success(_("Angel has been marked as not active."), true); } else @@ -76,7 +82,7 @@ function admin_active() { $id = $_REQUEST['tshirt']; $user_source = User($id); if ($user_source != null) { - sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User " . User_Nick_render($user_source) . " has tshirt now."); $msg = success(_("Angel has got a t-shirt."), true); } else @@ -85,21 +91,22 @@ function admin_active() { $id = $_REQUEST['not_tshirt']; $user_source = User($id); if ($user_source != null) { - sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User " . User_Nick_render($user_source) . " has NO tshirt."); $msg = success(_("Angel has got no t-shirt."), true); } else $msg = error(_("Angel not found."), true); } - + $users = sql_select(" SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, ${shift_sum_formula} as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` - WHERE `User`.`Gekommen` = 1 + WHERE `User`.`Gekommen` = 1 + " . ($show_all_shifts ? "" : "AND (`Shifts`.`end` < " . time() . " OR `Shifts`.`end` IS NULL)") . " GROUP BY `User`.`UID` ORDER BY `force_active` DESC, `shift_length` DESC" . $limit); - + $matched_users = array(); if ($search == "") $tokens = array(); @@ -123,41 +130,47 @@ function admin_active() { $usr['active'] = glyph_bool($usr['Aktiv'] == 1); $usr['force_active'] = glyph_bool($usr['force_active'] == 1); $usr['tshirt'] = glyph_bool($usr['Tshirt'] == 1); - + $actions = array(); if ($usr['Aktiv'] == 0) - $actions[] = '<a href="' . page_link_to('admin_active') . '&active=' . $usr['UID'] . '&search=' . $search . '">' . _("set active") . '</a>'; + $actions[] = '<a href="' . page_link_to('admin_active') . '&active=' . $usr['UID'] . ($show_all_shifts ? '&show_all_shifts=' : '') . '&search=' . $search . '">' . _("set active") . '</a>'; if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) { - $actions[] = '<a href="' . page_link_to('admin_active') . '&not_active=' . $usr['UID'] . '&search=' . $search . '">' . _("remove active") . '</a>'; - $actions[] = '<a href="' . page_link_to('admin_active') . '&tshirt=' . $usr['UID'] . '&search=' . $search . '">' . _("got t-shirt") . '</a>'; + $actions[] = '<a href="' . page_link_to('admin_active') . '&not_active=' . $usr['UID'] . ($show_all_shifts ? '&show_all_shifts=' : '') . '&search=' . $search . '">' . _("remove active") . '</a>'; + $actions[] = '<a href="' . page_link_to('admin_active') . '&tshirt=' . $usr['UID'] . ($show_all_shifts ? '&show_all_shifts=' : '') . '&search=' . $search . '">' . _("got t-shirt") . '</a>'; } if ($usr['Tshirt'] == 1) - $actions[] = '<a href="' . page_link_to('admin_active') . '&not_tshirt=' . $usr['UID'] . '&search=' . $search . '">' . _("remove t-shirt") . '</a>'; - + $actions[] = '<a href="' . page_link_to('admin_active') . '&not_tshirt=' . $usr['UID'] . ($show_all_shifts ? '&show_all_shifts=' : '') . '&search=' . $search . '">' . _("remove t-shirt") . '</a>'; + $usr['actions'] = join(' ', $actions); - + $matched_users[] = $usr; } - - $shirt_statistics = sql_select(" - SELECT `Size`, count(`Size`) AS `count` - FROM `User` - WHERE `Tshirt`=1 - GROUP BY `Size` - ORDER BY `count` DESC"); - $shirt_statistics[] = array( - 'Size' => '<b>' . _("Sum") . '</b>', - 'count' => '<b>' . sql_select_single_cell("SELECT count(*) FROM `User` WHERE `Tshirt`=1") . '</b>' - ); - + + $shirt_statistics = []; + foreach ($tshirt_sizes as $size => $_) { + if ($size != '') { + $shirt_statistics[] = [ + 'size' => $size, + 'needed' => sql_select_single_cell("SELECT count(*) FROM `User` WHERE `Size`='" . sql_escape($size) . "' AND `Gekommen`=1"), + 'given' => sql_select_single_cell("SELECT count(*) FROM `User` WHERE `Size`='" . sql_escape($size) . "' AND `Tshirt`=1") + ]; + } + } + $shirt_statistics[] = [ + 'size' => '<b>' . _("Sum") . '</b>', + 'needed' => '<b>' . User_arrived_count() . '</b>', + 'given' => '<b>' . sql_select_single_cell("SELECT count(*) FROM `User` WHERE `Tshirt`=1") . '</b>' + ]; + return page_with_title(admin_active_title(), array( form(array( form_text('search', _("Search angel:"), $search), - form_submit('submit', _("Search")) - )), + form_checkbox('show_all_shifts', _("Show all shifts"), $show_all_shifts), + form_submit('submit', _("Search")) + ), page_link_to('admin_active')), $set_active == "" ? form(array( form_text('count', _("How much angels should be active?"), $count), - form_submit('set_active', _("Preview")) + form_submit('set_active', _("Preview")) )) : $set_active, msg(), table(array( @@ -168,13 +181,14 @@ function admin_active() { 'active' => _("Active?"), 'force_active' => _("Forced"), 'tshirt' => _("T-shirt?"), - 'actions' => "" + 'actions' => "" ), $matched_users), - '<h2>' . _("Given shirts") . '</h2>', + '<h2>' . _("Shirt statistics") . '</h2>', table(array( - 'Size' => _("Size"), - 'count' => _("Count") - ), $shirt_statistics) + 'size' => _("Size"), + 'needed' => _("Needed shirts"), + 'given' => _("Given shirts") + ), $shirt_statistics) )); } ?> diff --git a/includes/pages/admin_arrive.php b/includes/pages/admin_arrive.php index bec1ae56..64cf785d 100644 --- a/includes/pages/admin_arrive.php +++ b/includes/pages/admin_arrive.php @@ -1,4 +1,5 @@ <?php + function admin_arrive_title() { return _("Arrived angels"); } @@ -13,7 +14,7 @@ function admin_arrive() { $id = $_REQUEST['reset']; $user_source = User($id); if ($user_source != null) { - sql_query("UPDATE `User` SET `Gekommen`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("UPDATE `User` SET `Gekommen`=0, `arrival_date` = NULL WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User set to not arrived: " . User_Nick_render($user_source)); $msg = success(_("Reset done. Angel has not arrived."), true); } else @@ -22,7 +23,7 @@ function admin_arrive() { $id = $_REQUEST['arrived']; $user_source = User($id); if ($user_source != null) { - sql_query("UPDATE `User` SET `Gekommen`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("UPDATE `User` SET `Gekommen`=1, `arrival_date`='" . time() . "' WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User set has arrived: " . User_Nick_render($user_source)); $msg = success(_("Angel has been marked as arrived."), true); } else @@ -30,10 +31,12 @@ function admin_arrive() { } $users = sql_select("SELECT * FROM `User` ORDER BY `Nick`"); + $arrival_count_at_day = []; + $departure_count_at_day = []; $table = ""; - $users_matched = array(); + $users_matched = []; if ($search == "") - $tokens = array(); + $tokens = []; else $tokens = explode(" ", $search); foreach ($users as $usr) { @@ -48,18 +51,53 @@ function admin_arrive() { if (! $match) continue; } - $table .= '<tr>'; - $table .= '<td>' . User_Nick_render($usr) . '</td>'; + $usr['nick'] = User_Nick_render($usr); + if ($usr['planned_departure_date'] != null) + $usr['rendered_planned_departure_date'] = date('Y-m-d', $usr['planned_departure_date']); + else + $usr['rendered_planned_departure_date'] = '-'; + $usr['rendered_planned_arrival_date'] = date('Y-m-d', $usr['planned_arrival_date']); + $usr['rendered_arrival_date'] = $usr['arrival_date'] > 0 ? date('Y-m-d', $usr['arrival_date']) : "-"; $usr['arrived'] = $usr['Gekommen'] == 1 ? _("yes") : ""; $usr['actions'] = $usr['Gekommen'] == 1 ? '<a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">' . _("reset") . '</a>' : '<a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">' . _("arrived") . '</a>'; - if ($usr['Gekommen'] == 1) - $table .= '<td>yes</td><td><a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">reset</a></td>'; - else - $table .= '<td></td><td><a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">arrived</a></td>'; - $table .= '</tr>'; + + $day = $usr['arrival_date'] > 0 ? date('Y-m-d', $usr['arrival_date']) : date('Y-m-d', $usr['planned_arrival_date']); + if (! isset($arrival_count_at_day[$day])) + $arrival_count_at_day[$day] = 0; + if (! isset($departure_count_at_day[$day])) + $departure_count_at_day[$day] = 0; + $arrival_count_at_day[$day] ++; + + if ($usr['planned_departure_date'] != null) { + $day = date('Y-m-d', $usr['planned_departure_date']); + if (! isset($arrival_count_at_day[$day])) + $arrival_count_at_day[$day] = 0; + if (! isset($departure_count_at_day[$day])) + $departure_count_at_day[$day] = 0; + $departure_count_at_day[$day] ++; + } + $users_matched[] = $usr; } + + ksort($arrival_count_at_day); + ksort($departure_count_at_day); + + $arrival_count = []; + $arrival_sums = []; + $arrival_sum = 0; + foreach ($arrival_count_at_day as $day => $count) { + $arrival_sum += $count - $departure_count_at_day[$day]; + $arrival_sums[$day] = $arrival_sum; + $arrival_count[] = [ + 'day' => $day, + 'count' => $count, + 'sum' => $arrival_sum, + 'departure' => isset($departure_count_at_day[$day]) ? $departure_count_at_day[$day] : 0 + ]; + } + return page_with_title(admin_arrive_title(), array( msg(), form(array( @@ -68,9 +106,45 @@ function admin_arrive() { )), table(array( 'nick' => _("Nickname"), + 'rendered_planned_arrival_date' => _("Planned arrival"), 'arrived' => _("Arrived?"), + 'rendered_arrival_date' => _("Arrival date"), + 'rendered_planned_departure_date' => _("Planned departure"), 'actions' => "" - ), $users_matched) + ), $users_matched), + heading(_("Arrival statistics"), 2), + '<canvas id="daily_arrives" style="width: 100%; height: 300px;"></canvas> + <script type="text/javascript"> + $(function(){ + var ctx = $("#daily_arrives").get(0).getContext("2d"); + var chart = new Chart(ctx).Bar(' . json_encode(array( + 'labels' => array_keys($arrival_count_at_day), + 'datasets' => array( + array( + 'label' => _("arrived"), + 'fillColor' => "#090", + 'data' => array_values($arrival_count_at_day) + ), + array( + 'label' => _("arrived sum"), + 'fillColor' => "#888", + 'data' => array_values($arrival_sums) + ), + array( + 'label' => _("planned departure"), + 'fillColor' => "#900", + 'data' => array_values($departure_count_at_day) + ) + ) + )) . '); + }); + </script>', + table(array( + 'day' => _("Date"), + 'count' => _("arrived"), + 'sum' => _("arrived sum"), + 'departure' => _("planned departure") + ), $arrival_count) )); } ?> diff --git a/includes/pages/admin_free.php b/includes/pages/admin_free.php index b56da4d1..227769dc 100644 --- a/includes/pages/admin_free.php +++ b/includes/pages/admin_free.php @@ -32,7 +32,7 @@ function admin_free() { FROM `User` ${angeltypesearch} LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` - LEFT JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID` AND `Shifts`.`start` < " . sql_escape(time()) . " AND `Shifts`.`end` > " . sql_escape(time()) . ") + LEFT JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID` AND `Shifts`.`start` < '" . sql_escape(time()) . "' AND `Shifts`.`end` > '" . sql_escape(time()) . "') WHERE `User`.`Gekommen` = 1 AND `Shifts`.`SID` IS NULL GROUP BY `User`.`UID` ORDER BY `Nick`"); diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php index 3133cf8b..f43c63e9 100644 --- a/includes/pages/admin_groups.php +++ b/includes/pages/admin_groups.php @@ -11,7 +11,7 @@ function admin_groups() { if (! isset($_REQUEST["action"])) { $groups_table = array(); foreach ($groups as $group) { - $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID'])); + $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`='" . sql_escape($group['UID']) . "'"); $privileges_html = array(); foreach ($privileges as $priv) @@ -39,10 +39,10 @@ function admin_groups() { else return error("Incomplete call, missing Groups ID.", true); - $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + $room = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); if (count($room) > 0) { list($room) = $room; - $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`"); + $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`='" . sql_escape($id) . "') ORDER BY `Privileges`.`name`"); $privileges_html = ""; $privileges_form = array(); foreach ($privileges as $priv) { @@ -64,18 +64,18 @@ function admin_groups() { else return error("Incomplete call, missing Groups ID.", true); - $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + $room = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); if (! is_array($_REQUEST['privileges'])) $_REQUEST['privileges'] = array(); if (count($room) > 0) { list($room) = $room; - sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id)); + sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`='" . sql_escape($id) . "'"); $privilege_names = array(); foreach ($_REQUEST['privileges'] as $priv) { if (preg_match("/^[0-9]{1,}$/", $priv)) { - $group_privileges_source = sql_select("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv) . " LIMIT 1"); + $group_privileges_source = sql_select("SELECT * FROM `Privileges` WHERE `id`='" . sql_escape($priv) . "' LIMIT 1"); if (count($group_privileges_source) > 0) { - sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv)); + sql_query("INSERT INTO `GroupPrivileges` SET `group_id`='" . sql_escape($id) . "', `privilege_id`='" . sql_escape($priv) . "'"); $privilege_names[] = $group_privileges_source[0]['name']; } } diff --git a/includes/pages/admin_import.php b/includes/pages/admin_import.php index 786ea08b..63104026 100644 --- a/includes/pages/admin_import.php +++ b/includes/pages/admin_import.php @@ -162,7 +162,9 @@ function admin_import() { list($rooms_new, $rooms_deleted) = prepare_rooms($import_file); foreach ($rooms_new as $room) { - sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($room) . "', `FromPentabarf`='Y', `Show`='Y'"); + $result = Room_create($room, true, true); + if ($result === false) + engelsystem_error('Unable to create room.'); $rooms_import[trim($room)] = sql_id(); } foreach ($rooms_deleted as $room) diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php index 0653a045..1c435a14 100644 --- a/includes/pages/admin_news.php +++ b/includes/pages/admin_news.php @@ -11,7 +11,7 @@ function admin_news() { else return error("Incomplete call, missing News ID.", true); - $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + $news = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($id) . "' LIMIT 1"); if (count($news) > 0) { switch ($_REQUEST["action"]) { default: @@ -38,7 +38,13 @@ function admin_news() { case 'save': list($news) = $news; - sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) . "', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("UPDATE `News` SET + `Datum`='" . sql_escape(time()) . "', + `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', + `Text`='" . sql_escape($_POST["eText"]) . "', + `UID`='" . sql_escape($user['UID']) . "', + `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' + WHERE `ID`='" . sql_escape($id) . "'"); engelsystem_log("News updated: " . $_POST["eBetreff"]); success(_("News entry updated.")); redirect(page_link_to("news")); @@ -47,7 +53,7 @@ function admin_news() { case 'delete': list($news) = $news; - sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("DELETE FROM `News` WHERE `ID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("News deleted: " . $news['Betreff']); success(_("News entry deleted.")); redirect(page_link_to("news")); diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php index 6d141251..e2fef880 100644 --- a/includes/pages/admin_questions.php +++ b/includes/pages/admin_questions.php @@ -82,12 +82,12 @@ function admin_questions() { else return error("Incomplete call, missing Question ID.", true); - $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1"); if (count($question) > 0 && $question[0]['AID'] == null) { $answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer']))); if ($answer != "") { - sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("UPDATE `Questions` SET `AID`='" . sql_escape($user['UID']) . "', `Answer`='" . sql_escape($answer) . "' WHERE `QID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("Question " . $question[0]['Question'] . " answered: " . $answer); redirect(page_link_to("admin_questions")); } else @@ -101,9 +101,9 @@ function admin_questions() { else return error("Incomplete call, missing Question ID.", true); - $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1"); if (count($question) > 0) { - sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("DELETE FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("Question deleted: " . $question[0]['Question']); redirect(page_link_to("admin_questions")); } else diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php index 1c10321e..2d5e5ae4 100644 --- a/includes/pages/admin_rooms.php +++ b/includes/pages/admin_rooms.php @@ -1,11 +1,12 @@ <?php + function admin_rooms_title() { return _("Rooms"); } function admin_rooms() { global $user; - + $rooms_source = sql_select("SELECT * FROM `Room` ORDER BY `Name`"); $rooms = array(); foreach ($rooms_source as $room) @@ -15,17 +16,17 @@ function admin_rooms() { 'public' => $room['show'] == 'Y' ? '✓' : '', 'actions' => buttons(array( button(page_link_to('admin_rooms') . '&show=edit&id=' . $room['RID'], _("edit"), 'btn-xs'), - button(page_link_to('admin_rooms') . '&show=delete&id=' . $room['RID'], _("delete"), 'btn-xs') - )) + button(page_link_to('admin_rooms') . '&show=delete&id=' . $room['RID'], _("delete"), 'btn-xs') + )) ); - + if (isset($_REQUEST['show'])) { $msg = ""; $name = ""; $from_pentabarf = ""; $public = 'Y'; $number = ""; - + $angeltypes_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); $angeltypes = array(); $angeltypes_count = array(); @@ -33,47 +34,47 @@ function admin_rooms() { $angeltypes[$angeltype['id']] = $angeltype['name']; $angeltypes_count[$angeltype['id']] = 0; } - + if (test_request_int('id')) { - $room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($_REQUEST['id'])); + $room = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($_REQUEST['id']) . "'"); if (count($room) > 0) { $id = $_REQUEST['id']; $name = $room[0]['Name']; $from_pentabarf = $room[0]['FromPentabarf']; $public = $room[0]['show']; - $needed_angeltypes = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($id)); + $needed_angeltypes = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($id) . "'"); foreach ($needed_angeltypes as $needed_angeltype) $angeltypes_count[$needed_angeltype['angel_type_id']] = $needed_angeltype['count']; } else redirect(page_link_to('admin_rooms')); } - + if ($_REQUEST['show'] == 'edit') { if (isset($_REQUEST['submit'])) { $ok = true; - + if (isset($_REQUEST['name']) && strlen(strip_request_item('name')) > 0) $name = strip_request_item('name'); else { $ok = false; $msg .= error(_("Please enter a name."), true); } - + if (isset($_REQUEST['from_pentabarf'])) $from_pentabarf = 'Y'; else $from_pentabarf = ''; - + if (isset($_REQUEST['public'])) $public = 'Y'; else $public = ''; - + if (isset($_REQUEST['number'])) $number = strip_request_item('number'); else $ok = false; - + foreach ($angeltypes as $angeltype_id => $angeltype) { if (isset($_REQUEST['angeltype_count_' . $angeltype_id]) && preg_match("/^[0-9]{1,4}$/", $_REQUEST['angeltype_count_' . $angeltype_id])) $angeltypes_count[$angeltype_id] = $_REQUEST['angeltype_count_' . $angeltype_id]; @@ -82,27 +83,30 @@ function admin_rooms() { $msg .= error(sprintf(_("Please enter needed angels for type %s.", $angeltype)), true); } } - + if ($ok) { if (isset($id)) { - sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("Room updated: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number); } else { - sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "'"); - $id = sql_id(); + $id = Room_create($name, $from_pentabarf, $public, $number); + if ($id === false) + engelsystem_error("Unable to create room."); engelsystem_log("Room created: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number); } - - sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($id)); + + sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($id) . "'"); $needed_angeltype_info = array(); foreach ($angeltypes_count as $angeltype_id => $angeltype_count) { - $angeltype_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($angeltype_id) . " LIMIT 1"); - if (count($angeltype_source) > 0) { - sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`=" . sql_escape($id) . ", `angel_type_id`=" . sql_escape($angeltype_id) . ", `count`=" . sql_escape($angeltype_count)); - $needed_angeltype_info[] = $angeltypes_source[0]['name'] . ": " . $angeltype_count; + $angeltype = AngelType($angeltype_id); + if ($angeltype === false) + engelsystem_error("Unable to load angeltype."); + if ($angeltype != null) { + sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`='" . sql_escape($id) . "', `angel_type_id`='" . sql_escape($angeltype_id) . "', `count`='" . sql_escape($angeltype_count) . "'"); + $needed_angeltype_info[] = $angeltype['name'] . ": " . $angeltype_count; } } - + engelsystem_log("Set needed angeltypes of room " . $name . " to: " . join(", ", $needed_angeltype_info)); success(_("Room saved.")); redirect(page_link_to("admin_rooms")); @@ -110,66 +114,68 @@ function admin_rooms() { } $angeltypes_count_form = array(); foreach ($angeltypes as $angeltype_id => $angeltype) - $angeltypes_count_form[] = div('col-lg-4 col-md-6 col-xs-6', array(form_spinner('angeltype_count_' . $angeltype_id, $angeltype, $angeltypes_count[$angeltype_id]))); - + $angeltypes_count_form[] = div('col-lg-4 col-md-6 col-xs-6', array( + form_spinner('angeltype_count_' . $angeltype_id, $angeltype, $angeltypes_count[$angeltype_id]) + )); + return page_with_title(admin_rooms_title(), array( buttons(array( - button(page_link_to('admin_rooms'), _("back"), 'back') + button(page_link_to('admin_rooms'), _("back"), 'back') )), $msg, form(array( - div('row', array( - div('col-md-6', array( - form_text('name', _("Name"), $name), - form_checkbox('from_pentabarf', _("Frab import"), $from_pentabarf), - form_checkbox('public', _("Public"), $public), - form_text('number', _("Room number"), $number) - )), - div('col-md-6', array( - div('row', array( - div('col-md-12', array( - form_info(_("Needed angels:")), + div('row', array( + div('col-md-6', array( + form_text('name', _("Name"), $name), + form_checkbox('from_pentabarf', _("Frab import"), $from_pentabarf), + form_checkbox('public', _("Public"), $public), + form_text('number', _("Room number"), $number) )), - join($angeltypes_count_form) - )) - )) - )), - form_submit('submit', _("Save")) - )) + div('col-md-6', array( + div('row', array( + div('col-md-12', array( + form_info(_("Needed angels:")) + )), + join($angeltypes_count_form) + )) + )) + )), + form_submit('submit', _("Save")) + )) )); } elseif ($_REQUEST['show'] == 'delete') { if (isset($_REQUEST['ack'])) { - sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($id) . " LIMIT 1"); - sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($id) . " LIMIT 1"); - + sql_query("DELETE FROM `Room` WHERE `RID`='" . sql_escape($id) . "' LIMIT 1"); + sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($id) . "' LIMIT 1"); + engelsystem_log("Room deleted: " . $name); success(sprintf(_("Room %s deleted."), $name)); redirect(page_link_to('admin_rooms')); } - + return page_with_title(admin_rooms_title(), array( buttons(array( - button(page_link_to('admin_rooms'), _("back"), 'back') + button(page_link_to('admin_rooms'), _("back"), 'back') )), sprintf(_("Do you want to delete room %s?"), $name), buttons(array( - button(page_link_to('admin_rooms') . '&show=delete&id=' . $id . '&ack', _("Delete"), 'delete') - )) + button(page_link_to('admin_rooms') . '&show=delete&id=' . $id . '&ack', _("Delete"), 'delete') + )) )); } } - + return page_with_title(admin_rooms_title(), array( buttons(array( - button(page_link_to('admin_rooms') . '&show=edit', _("add")) + button(page_link_to('admin_rooms') . '&show=edit', _("add")) )), msg(), table(array( 'name' => _("Name"), 'from_pentabarf' => _("Frab import"), 'public' => _("Public"), - 'actions' => "" - ), $rooms) + 'actions' => "" + ), $rooms) )); } ?> diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php index 733144b3..346e9046 100644 --- a/includes/pages/admin_shifts.php +++ b/includes/pages/admin_shifts.php @@ -10,7 +10,7 @@ function admin_shifts() { $rid = 0; $start = DateTime::createFromFormat("Y-m-d H:i", date("Y-m-d") . " 00:00")->getTimestamp(); - $end = $start + 24 * 60 * 60; + $end = $start; $mode = 'single'; $angelmode = 'manually'; $length = ''; @@ -143,7 +143,7 @@ function admin_shifts() { if ($ok) { if ($angelmode == 'location') { $needed_angel_types = array(); - $needed_angel_types_location = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($rid)); + $needed_angel_types_location = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($rid) . "'"); foreach ($needed_angel_types_location as $type) $needed_angel_types[$type['angel_type_id']] = $type['count']; } @@ -206,7 +206,7 @@ function admin_shifts() { 'start' => $shift_start, 'end' => $shift_end, 'RID' => $rid, - 'name' => $title, + 'title' => $title, 'shifttype_id' => $shifttype_id ); @@ -269,12 +269,12 @@ function admin_shifts() { if ($shift_id === false) engelsystem_error('Unable to create shift.'); - engelsystem_log("Shift created: " . $shift['name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end'])); + engelsystem_log("Shift created: " . $shifttypes[$shift['shifttype_id']] . " with title " . $shift['title'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end'])); $needed_angel_types_info = array(); foreach ($_SESSION['admin_shifts_types'] as $type_id => $count) { - $angel_type_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($type_id) . " LIMIT 1"); + $angel_type_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($type_id) . "' LIMIT 1"); if (count($angel_type_source) > 0) { - sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count)); + sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`='" . sql_escape($shift_id) . "', `angel_type_id`='" . sql_escape($type_id) . "', `count`='" . sql_escape($count) . "'"); $needed_angel_types_info[] = $angel_type_source[0]['name'] . ": " . $count; } } @@ -293,7 +293,7 @@ function admin_shifts() { $room_select = html_select_key('rid', 'rid', $room_array, $_REQUEST['rid']); $angel_types = ""; foreach ($types as $type) - $angel_types .= form_spinner('type_' . $type['id'], $type['name'], $needed_angel_types[$type['id']]); + $angel_types .= '<div class="col-md-4">' . form_spinner('type_' . $type['id'], $type['name'], $needed_angel_types[$type['id']]) . '</div>'; return page_with_title(admin_shifts_title(), array( msg(), @@ -316,7 +316,7 @@ function admin_shifts() { form_info(_("Needed angels"), ''), form_radio('angelmode', _("Take needed angels from room settings"), $angelmode == 'location', 'location'), form_radio('angelmode', _("The following angels are needed"), $angelmode == 'manually', 'manually'), - $angel_types, + '<div class="row">'.$angel_types.'</div>', '</div>', '</div>', form_submit('preview', _("Preview")) diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index 4e10ca1e..ee244925 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -9,224 +9,174 @@ function admin_user() { $html = ''; - if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) { - $id = $_REQUEST['id']; - if (! isset($_REQUEST['action'])) { - $html .= "Hallo,<br />" . "hier kannst du den Eintrag ändern. Unter dem Punkt 'Gekommen' " . "wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " . "dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " . "Wenn T-Shirt ein 'Ja' enthält, bedeutet dies, dass der Engel " . "bereits sein T-Shirt erhalten hat.<br /><br />\n"; - - $html .= "<form action=\"" . page_link_to("admin_user") . "&action=save&id=$id\" method=\"post\">\n"; - $html .= "<table border=\"0\">\n"; - $html .= "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n"; - - $SQL = "SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "'"; - $Erg = sql_query($SQL); - list($user_source) = sql_select($SQL); - - $html .= "<tr><td>\n"; - $html .= "<table>\n"; - $html .= " <tr><td>Nick</td><td>" . "<input type=\"text\" size=\"40\" name=\"eNick\" value=\"" . $user_source['Nick'] . "\"></td></tr>\n"; - $html .= " <tr><td>lastLogIn</td><td>" . date("Y-m-d H:i", $user_source['lastLogIn']) . "</td></tr>\n"; - $html .= " <tr><td>Name</td><td>" . "<input type=\"text\" size=\"40\" name=\"eName\" value=\"" . $user_source['Name'] . "\"></td></tr>\n"; - $html .= " <tr><td>Vorname</td><td>" . "<input type=\"text\" size=\"40\" name=\"eVorname\" value=\"" . $user_source['Vorname'] . "\"></td></tr>\n"; - $html .= " <tr><td>Alter</td><td>" . "<input type=\"text\" size=\"5\" name=\"eAlter\" value=\"" . $user_source['Alter'] . "\"></td></tr>\n"; - $html .= " <tr><td>Telefon</td><td>" . "<input type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" . $user_source['Telefon'] . "\"></td></tr>\n"; - $html .= " <tr><td>Handy</td><td>" . "<input type=\"text\" size=\"40\" name=\"eHandy\" value=\"" . $user_source['Handy'] . "\"></td></tr>\n"; - $html .= " <tr><td>DECT</td><td>" . "<input type=\"text\" size=\"4\" name=\"eDECT\" value=\"" . $user_source['DECT'] . "\"></td></tr>\n"; - $html .= " <tr><td>email</td><td>" . "<input type=\"text\" size=\"40\" name=\"eemail\" value=\"" . $user_source['email'] . "\"></td></tr>\n"; - $html .= "<tr><td>".form_checkbox('email_shiftinfo', _("Please send me an email if my shifts change"), $user_source['email_shiftinfo']) . "</td></tr>\n"; - $html .= " <tr><td>jabber</td><td>" . "<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"" . $user_source['jabber'] . "\"></td></tr>\n"; - $html .= " <tr><td>Size</td><td>" . html_select_key('size', 'eSize', $tshirt_sizes, $user_source['Size']) . "</td></tr>\n"; - - $options = array( - '1' => "Yes", - '0' => "No" - ); - - // Gekommen? - $html .= " <tr><td>Gekommen</td><td>\n"; - $html .= html_options('eGekommen', $options, $user_source['Gekommen']) . "</td></tr>\n"; - - // Aktiv? - $html .= " <tr><td>Aktiv</td><td>\n"; - $html .= html_options('eAktiv', $options, $user_source['Aktiv']) . "</td></tr>\n"; - - // Aktiv erzwingen - if (in_array('admin_active', $privileges)) { - $html .= " <tr><td>" . _("Force active") . "</td><td>\n"; - $html .= html_options('force_active', $options, $user_source['force_active']) . "</td></tr>\n"; - } - - // T-Shirt bekommen? - $html .= " <tr><td>T-Shirt</td><td>\n"; - $html .= html_options('eTshirt', $options, $user_source['Tshirt']) . "</td></tr>\n"; - - $html .= " <tr><td>Hometown</td><td>" . "<input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" . $user_source['Hometown'] . "\"></td></tr>\n"; - - $html .= "</table>\n</td><td valign=\"top\">" . User_Avatar_render($user_source) . "</td></tr>"; - - $html .= "</td></tr>\n"; - $html .= "</table>\n<br />\n"; - $html .= "<input type=\"submit\" value=\"Speichern\">\n"; - $html .= "</form>"; - - $html .= "<hr />"; - - // UserAngelType subform - list($user_source) = sql_select($SQL); - - $selected_angel_types = sql_select_single_col("SELECT `angeltype_id` FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID'])); - $accepted_angel_types = sql_select_single_col("SELECT `angeltype_id` FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `confirm_user_id` IS NOT NULL"); - $nonrestricted_angel_types = sql_select_single_col("SELECT `id` FROM `AngelTypes` WHERE `restricted` = 0"); - - $angel_types_source = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `name`"); - $angel_types = array(); - foreach ($angel_types_source as $angel_type) - $angel_types[$angel_type['id']] = $angel_type['name']; - - if (isset($_REQUEST['submit_user_angeltypes'])) { - $selected_angel_types = isset($_REQUEST['selected_angel_types']) && is_array($_REQUEST['selected_angel_types']) ? array_intersect($_REQUEST['selected_angel_types'], array_keys($angel_types)) : array(); - $accepted_angel_types = isset($_REQUEST['accepted_angel_types']) && is_array($_REQUEST['accepted_angel_types']) ? array_unique(array_diff(array_intersect($_REQUEST['accepted_angel_types'], array_keys($angel_types)), $nonrestricted_angel_types)) : array(); - if (in_array("admin_user_angeltypes", $privileges)) - $selected_angel_types = array_merge((array) $selected_angel_types, $accepted_angel_types); - $selected_angel_types = array_unique($selected_angel_types); - - // Assign angel-types - sql_transaction_start(); - sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID'])); - $user_angel_type_info = array(); - if (! empty($selected_angel_types)) { - $SQL = "INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`) VALUES "; - foreach ($selected_angel_types as $selected_angel_type_id) { - $SQL .= "(" . $user_source['UID'] . ", " . $selected_angel_type_id . "),"; - $user_angel_type_info[] = $angel_types[$selected_angel_type_id] . (in_array($selected_angel_type_id, $accepted_angel_types) ? ' (confirmed)' : ''); - } - // remove superfluous comma - $SQL = substr($SQL, 0, - 1); - sql_query($SQL); - } - if (in_array("admin_user_angeltypes", $privileges)) { - sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id` = NULL WHERE `user_id` = " . sql_escape($user_source['UID'])); - if (! empty($accepted_angel_types)) - sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id` = '" . sql_escape($user['UID']) . "' WHERE `user_id` = '" . sql_escape($user_source['UID']) . "' AND `angeltype_id` IN (" . implode(',', $accepted_angel_types) . ")"); - } - sql_transaction_commit(); - - engelsystem_log("Set angeltypes of " . User_Nick_render($user_source) . " to: " . join(", ", $user_angel_type_info)); - success("Angeltypes saved."); - redirect(page_link_to('admin_user') . '&id=' . $user_source['UID']); - } - - $html .= form(array( - msg(), - form_multi_checkboxes(array( - 'selected_angel_types' => 'gewünscht', - 'accepted_angel_types' => 'akzeptiert' - ), "Angeltypes", $angel_types, array( - 'selected_angel_types' => $selected_angel_types, - 'accepted_angel_types' => array_merge($accepted_angel_types, $nonrestricted_angel_types) - ), array( - 'accepted_angel_types' => $nonrestricted_angel_types - )), - form_submit('submit_user_angeltypes', _("Save")) - )); - - $html .= "<hr />"; - - $html .= "Hier kannst Du das Passwort dieses Engels neu setzen:<form action=\"" . page_link_to("admin_user") . "&action=change_pw&id=$id\" method=\"post\">\n"; - $html .= "<table>\n"; - $html .= " <tr><td>Passwort</td><td>" . "<input type=\"password\" size=\"40\" name=\"new_pw\" value=\"\"></td></tr>\n"; - $html .= " <tr><td>Wiederholung</td><td>" . "<input type=\"password\" size=\"40\" name=\"new_pw2\" value=\"\"></td></tr>\n"; - - $html .= "</table>"; - $html .= "<input type=\"submit\" value=\"Speichern\">\n"; - $html .= "</form>"; - - $html .= "<hr />"; - + if (! isset($_REQUEST['id'])) + redirect(users_link()); + + $id = $_REQUEST['id']; + if (! isset($_REQUEST['action'])) { + $user_source = User($id); + if ($user_source === false) + engelsystem_error('Unable to load user.'); + if ($user_source == null) { + error(_('This user does not exist.')); + redirect(users_link()); + } + + $html .= "Hallo,<br />" . "hier kannst du den Eintrag ändern. Unter dem Punkt 'Gekommen' " . "wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " . "dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " . "Wenn T-Shirt ein 'Ja' enthält, bedeutet dies, dass der Engel " . "bereits sein T-Shirt erhalten hat.<br /><br />\n"; + + $html .= "<form action=\"" . page_link_to("admin_user") . "&action=save&id=$id\" method=\"post\">\n"; + $html .= "<table border=\"0\">\n"; + $html .= "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n"; + + $SQL = "SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "'"; + list($user_source) = sql_select($SQL); + + $html .= "<tr><td>\n"; + $html .= "<table>\n"; + $html .= " <tr><td>Nick</td><td>" . "<input type=\"text\" size=\"40\" name=\"eNick\" value=\"" . $user_source['Nick'] . "\"></td></tr>\n"; + $html .= " <tr><td>lastLogIn</td><td>" . date("Y-m-d H:i", $user_source['lastLogIn']) . "</td></tr>\n"; + $html .= " <tr><td>Name</td><td>" . "<input type=\"text\" size=\"40\" name=\"eName\" value=\"" . $user_source['Name'] . "\"></td></tr>\n"; + $html .= " <tr><td>Vorname</td><td>" . "<input type=\"text\" size=\"40\" name=\"eVorname\" value=\"" . $user_source['Vorname'] . "\"></td></tr>\n"; + $html .= " <tr><td>Alter</td><td>" . "<input type=\"text\" size=\"5\" name=\"eAlter\" value=\"" . $user_source['Alter'] . "\"></td></tr>\n"; + $html .= " <tr><td>Telefon</td><td>" . "<input type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" . $user_source['Telefon'] . "\"></td></tr>\n"; + $html .= " <tr><td>Handy</td><td>" . "<input type=\"text\" size=\"40\" name=\"eHandy\" value=\"" . $user_source['Handy'] . "\"></td></tr>\n"; + $html .= " <tr><td>DECT</td><td>" . "<input type=\"text\" size=\"4\" name=\"eDECT\" value=\"" . $user_source['DECT'] . "\"></td></tr>\n"; + $html .= " <tr><td>email</td><td>" . "<input type=\"text\" size=\"40\" name=\"eemail\" value=\"" . $user_source['email'] . "\"></td></tr>\n"; + $html .= "<tr><td>" . form_checkbox('email_shiftinfo', _("Please send me an email if my shifts change"), $user_source['email_shiftinfo']) . "</td></tr>\n"; + $html .= " <tr><td>jabber</td><td>" . "<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"" . $user_source['jabber'] . "\"></td></tr>\n"; + $html .= " <tr><td>Size</td><td>" . html_select_key('size', 'eSize', $tshirt_sizes, $user_source['Size']) . "</td></tr>\n"; + + $options = array( + '1' => "Yes", + '0' => "No" + ); + + // Gekommen? + $html .= " <tr><td>Gekommen</td><td>\n"; + $html .= html_options('eGekommen', $options, $user_source['Gekommen']) . "</td></tr>\n"; + + // Aktiv? + $html .= " <tr><td>Aktiv</td><td>\n"; + $html .= html_options('eAktiv', $options, $user_source['Aktiv']) . "</td></tr>\n"; + + // Aktiv erzwingen + if (in_array('admin_active', $privileges)) { + $html .= " <tr><td>" . _("Force active") . "</td><td>\n"; + $html .= html_options('force_active', $options, $user_source['force_active']) . "</td></tr>\n"; + } + + // T-Shirt bekommen? + $html .= " <tr><td>T-Shirt</td><td>\n"; + $html .= html_options('eTshirt', $options, $user_source['Tshirt']) . "</td></tr>\n"; + + $html .= " <tr><td>Hometown</td><td>" . "<input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" . $user_source['Hometown'] . "\"></td></tr>\n"; + + $html .= "</table>\n</td><td valign=\"top\"></td></tr>"; + + $html .= "</td></tr>\n"; + $html .= "</table>\n<br />\n"; + $html .= "<input type=\"submit\" value=\"Speichern\">\n"; + $html .= "</form>"; + + $html .= "<hr />"; + + $html .= form_info('', _('Please visit the angeltypes page or the users profile to manage users angeltypes.')); + + $html .= "Hier kannst Du das Passwort dieses Engels neu setzen:<form action=\"" . page_link_to("admin_user") . "&action=change_pw&id=$id\" method=\"post\">\n"; + $html .= "<table>\n"; + $html .= " <tr><td>Passwort</td><td>" . "<input type=\"password\" size=\"40\" name=\"new_pw\" value=\"\"></td></tr>\n"; + $html .= " <tr><td>Wiederholung</td><td>" . "<input type=\"password\" size=\"40\" name=\"new_pw2\" value=\"\"></td></tr>\n"; + + $html .= "</table>"; + $html .= "<input type=\"submit\" value=\"Speichern\">\n"; + $html .= "</form>"; + + $html .= "<hr />"; + + $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user['UID']) . "' ORDER BY `group_id` LIMIT 1"); + if (count($my_highest_group) > 0) + $my_highest_group = $my_highest_group[0]['group_id']; + + $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "' ORDER BY `group_id` LIMIT 1"); + if (count($his_highest_group) > 0) + $his_highest_group = $his_highest_group[0]['group_id']; + + if ($id != $user['UID'] && $my_highest_group <= $his_highest_group) { $html .= "Hier kannst Du die Benutzergruppen des Engels festlegen:<form action=\"" . page_link_to("admin_user") . "&action=save_groups&id=" . $id . "\" method=\"post\">\n"; $html .= '<table>'; - $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($user['UID']) . " ORDER BY `uid` LIMIT 1"); - if (count($my_highest_group) > 0) - $my_highest_group = $my_highest_group[0]['group_id']; - - $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `uid` LIMIT 1"); - if (count($his_highest_group) > 0) - $his_highest_group = $his_highest_group[0]['group_id']; + $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group) . "' ORDER BY `Groups`.`Name`"); + foreach ($groups as $group) + $html .= '<tr><td><input type="checkbox" name="groups[]" value="' . $group['UID'] . '"' . ($group['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $group['Name'] . '</td></tr>'; - if ($id != $user['UID'] && $my_highest_group <= $his_highest_group) { - $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group) . " ORDER BY `Groups`.`Name`"); - foreach ($groups as $group) - $html .= '<tr><td><input type="checkbox" name="groups[]" value="' . $group['UID'] . '"' . ($group['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $group['Name'] . '</td></tr>'; - - $html .= '</table>'; - - $html .= "<input type=\"submit\" value=\"Speichern\">\n"; - $html .= "</form>"; - - $html .= "<hr />"; - } + $html .= '</table>'; - $html .= "<form action=\"" . page_link_to("admin_user") . "&action=delete&id=" . $id . "\" method=\"post\">\n"; - $html .= "<input type=\"submit\" value=\"Löschen\">\n"; + $html .= "<input type=\"submit\" value=\"Speichern\">\n"; $html .= "</form>"; $html .= "<hr />"; - } else { - switch ($_REQUEST['action']) { - case 'save_groups': - if ($id != $user['UID']) { - $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($user['UID']) . " ORDER BY `group_id`"); - $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `group_id`"); + } + + $html .= "<form action=\"" . page_link_to("admin_user") . "&action=delete&id=" . $id . "\" method=\"post\">\n"; + $html .= "<input type=\"submit\" value=\"Löschen\">\n"; + $html .= "</form>"; + + $html .= "<hr />"; + } else { + switch ($_REQUEST['action']) { + case 'save_groups': + if ($id != $user['UID']) { + $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user['UID']) . "' ORDER BY `group_id`"); + $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "' ORDER BY `group_id`"); + + if (count($my_highest_group) > 0 && (count($his_highest_group) == 0 || ($my_highest_group[0]['group_id'] <= $his_highest_group[0]['group_id']))) { + $groups_source = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group[0]['group_id']) . "' ORDER BY `Groups`.`Name`"); + $groups = array(); + $grouplist = array(); + foreach ($groups_source as $group) { + $groups[$group['UID']] = $group; + $grouplist[] = $group['UID']; + } - if (count($my_highest_group) > 0 && (count($his_highest_group) == 0 || ($my_highest_group[0]['group_id'] <= $his_highest_group[0]['group_id']))) { - $groups_source = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group[0]['group_id']) . " ORDER BY `Groups`.`Name`"); - $groups = array(); - $grouplist = array(); - foreach ($groups_source as $group) { - $groups[$group['UID']] = $group; - $grouplist[] = $group['UID']; - } - - if (! is_array($_REQUEST['groups'])) - $_REQUEST['groups'] = array(); - - sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id)); - $user_groups_info = array(); - foreach ($_REQUEST['groups'] as $group) { - if (in_array($group, $grouplist)) { - sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape($id) . ", `group_id`=" . sql_escape($group)); - $user_groups_info[] = $groups[$group]['Name']; - } + if (! is_array($_REQUEST['groups'])) + $_REQUEST['groups'] = array(); + + sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'"); + $user_groups_info = array(); + foreach ($_REQUEST['groups'] as $group) { + if (in_array($group, $grouplist)) { + sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($id) . "', `group_id`='" . sql_escape($group) . "'"); + $user_groups_info[] = $groups[$group]['Name']; } - $user_source = User($id); - engelsystem_log("Set groups of " . User_Nick_render($user_source) . " to: " . join(", ", $user_groups_info)); - $html .= success("Benutzergruppen gespeichert.", true); - } else { - $html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.", true); } + $user_source = User($id); + engelsystem_log("Set groups of " . User_Nick_render($user_source) . " to: " . join(", ", $user_groups_info)); + $html .= success("Benutzergruppen gespeichert.", true); } else { - $html .= error("Du kannst Deine eigenen Rechte nicht bearbeiten.", true); - } - break; - - case 'delete': - if ($user['UID'] != $id) { - $user_source = sql_select("SELECT `Nick`, `UID` FROM `User` WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1"); - sql_query("DELETE FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id)); - engelsystem_log("Deleted user " . User_Nick_render($user_source)); - $html .= success("Benutzer gelöscht!", true); - } else { - $html .= error("Du kannst Dich nicht selber löschen!", true); + $html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.", true); } - break; - - case 'save': - $force_active = $user['force_active']; - if (in_array('admin_active', $privileges)) - $force_active = $_REQUEST['force_active']; - $SQL = "UPDATE `User` SET + } else { + $html .= error("Du kannst Deine eigenen Rechte nicht bearbeiten.", true); + } + break; + + case 'delete': + if ($user['UID'] != $id) { + $user_source = sql_select("SELECT `Nick`, `UID` FROM `User` WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1"); + sql_query("DELETE FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); + sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'"); + engelsystem_log("Deleted user " . User_Nick_render($user_source)); + $html .= success("Benutzer gelöscht!", true); + } else { + $html .= error("Du kannst Dich nicht selber löschen!", true); + } + break; + + case 'save': + $force_active = $user['force_active']; + if (in_array('admin_active', $privileges)) + $force_active = $_REQUEST['force_active']; + $SQL = "UPDATE `User` SET `Nick` = '" . sql_escape($_POST["eNick"]) . "', `Name` = '" . sql_escape($_POST["eName"]) . "', `Vorname` = '" . sql_escape($_POST["eVorname"]) . "', @@ -235,7 +185,7 @@ function admin_user() { `Alter` = '" . sql_escape($_POST["eAlter"]) . "', `DECT` = '" . sql_escape($_POST["eDECT"]) . "', `email` = '" . sql_escape($_POST["eemail"]) . "', - `email_shiftinfo` = " . sql_escape(isset($_REQUEST['email_shiftinfo']) ? 'TRUE' : 'FALSE') . ", + `email_shiftinfo` = " . sql_bool(isset($_REQUEST['email_shiftinfo'])) . ", `jabber` = '" . sql_escape($_POST["ejabber"]) . "', `Size` = '" . sql_escape($_POST["eSize"]) . "', `Gekommen`= '" . sql_escape($_POST["eGekommen"]) . "', @@ -244,27 +194,23 @@ function admin_user() { `Tshirt` = '" . sql_escape($_POST["eTshirt"]) . "', `Hometown` = '" . sql_escape($_POST["Hometown"]) . "' WHERE `UID` = '" . sql_escape($id) . "' - LIMIT 1;"; - sql_query($SQL); - engelsystem_log("Updated user: " . $_POST["eNick"] . ", " . $_POST["eSize"] . ", arrived: " . $_POST["eGekommen"] . ", active: " . $_POST["eAktiv"] . ", tshirt: " . $_POST["eTshirt"]); - $html .= success("Änderung wurde gespeichert...\n", true); - break; - - case 'change_pw': - if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) { - set_password($id, $_REQUEST['new_pw']); - $user_source = User($id); - engelsystem_log("Set new password for " . User_Nick_render($user_source)); - $html .= success("Passwort neu gesetzt.", true); - } else { - $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true); - } - break; - } + LIMIT 1"; + sql_query($SQL); + engelsystem_log("Updated user: " . $_POST["eNick"] . ", " . $_POST["eSize"] . ", arrived: " . $_POST["eGekommen"] . ", active: " . $_POST["eAktiv"] . ", tshirt: " . $_POST["eTshirt"]); + $html .= success("Änderung wurde gespeichert...\n", true); + break; + + case 'change_pw': + if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) { + set_password($id, $_REQUEST['new_pw']); + $user_source = User($id); + engelsystem_log("Set new password for " . User_Nick_render($user_source)); + $html .= success("Passwort neu gesetzt.", true); + } else { + $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true); + } + break; } - } else { - msg(); - redirect(page_link_to('users')); } return page_with_title(_('Edit user'), array( diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index fc375092..677b057b 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -32,6 +32,7 @@ function guest_register() { $tshirt_size = ''; $password_hash = ""; $selected_angel_types = array(); + $planned_arrival_date = null; $angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); $angel_types = array(); @@ -96,6 +97,13 @@ function guest_register() { $msg .= error(sprintf(_("Your password is too short (please use at least %s characters)."), MIN_PASSWORD_LENGTH), true); } + if (isset($_REQUEST['planned_arrival_date']) && DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))) { + $planned_arrival_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))->getTimestamp(); + } else { + $ok = false; + $msg .= error(_("Please enter your planned date of arrival."), true); + } + $selected_angel_types = array(); foreach ($angel_types as $angel_type_id => $angel_type_name) if (isset($_REQUEST['angel_types_' . $angel_type_id])) @@ -122,7 +130,7 @@ function guest_register() { if ($ok) { sql_query(" INSERT INTO `User` SET - `color`=" . sql_escape($default_theme) . ", + `color`='" . sql_escape($default_theme) . "', `Nick`='" . sql_escape($nick) . "', `Vorname`='" . sql_escape($prename) . "', `Name`='" . sql_escape($lastname) . "', @@ -131,24 +139,26 @@ function guest_register() { `DECT`='" . sql_escape($dect) . "', `Handy`='" . sql_escape($mobile) . "', `email`='" . sql_escape($mail) . "', - `email_shiftinfo`=" . sql_escape($email_shiftinfo ? 'TRUE' : 'FALSE') . ", + `email_shiftinfo`=" . sql_bool($email_shiftinfo) . ", `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) . "', `Passwort`='" . sql_escape($password_hash) . "', `kommentar`='" . sql_escape($comment) . "', `Hometown`='" . sql_escape($hometown) . "', `CreateDate`=NOW(), - `Sprache`='" . sql_escape($_SESSION["locale"]) . "'"); + `Sprache`='" . sql_escape($_SESSION["locale"]) . "', + `arrival_date`=NULL, + `planned_arrival_date`='" . sql_escape($planned_arrival_date) . "'"); // Assign user-group and set password $user_id = sql_id(); - sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape($user_id) . ", `group_id`=-2"); + sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($user_id) . "', `group_id`=-2"); set_password($user_id, $_REQUEST['password']); // Assign angel-types $user_angel_types_info = array(); foreach ($selected_angel_types as $selected_angel_type_id) { - sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user_id) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id)); + sql_query("INSERT INTO `UserAngelTypes` SET `user_id`='" . sql_escape($user_id) . "', `angeltype_id`='" . sql_escape($selected_angel_type_id) . "'"); $user_angel_types_info[] = $angel_types[$selected_angel_type_id]; } engelsystem_log("User " . $nick . " signed up as: " . join(", ", $user_angel_types_info)); @@ -170,11 +180,18 @@ function guest_register() { form_text('nick', _("Nick") . ' ' . entry_required(), $nick) )), div('col-sm-8', array( - form_text('mail', _("E-Mail") . ' ' . entry_required(), $mail), + form_email('mail', _("E-Mail") . ' ' . entry_required(), $mail), form_checkbox('email_shiftinfo', _("Please send me an email if my shifts change"), $email_shiftinfo) )) )), - $enable_tshirt_size ? form_select('tshirt_size', _("Shirt size") . ' ' . entry_required(), $tshirt_sizes, $tshirt_size) : '', + div('row', array( + div('col-sm-6', array( + form_date('planned_arrival_date', _("Planned date of arrival") . ' ' . entry_required(), $planned_arrival_date, time()) + )), + div('col-sm-6', array( + $enable_tshirt_size ? form_select('tshirt_size', _("Shirt size") . ' ' . entry_required(), $tshirt_sizes, $tshirt_size) : '' + )) + )), div('row', array( div('col-sm-6', array( form_password('password', _("Password") . ' ' . entry_required()) @@ -269,6 +286,7 @@ function guest_login() { if ($ok) { $_SESSION['uid'] = $login_user['UID']; $_SESSION['locale'] = $login_user['Sprache']; + redirect(page_link_to('news')); } } diff --git a/includes/pages/user_ical.php b/includes/pages/user_ical.php index ba832842..bd954a87 100644 --- a/includes/pages/user_ical.php +++ b/includes/pages/user_ical.php @@ -28,7 +28,7 @@ function user_ical() { INNER JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`) INNER JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) - WHERE `UID`=" . sql_escape($user['UID']) . " + WHERE `UID`='" . sql_escape($user['UID']) . "' ORDER BY `start`"); } diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php index fe1b85ff..1785d5b6 100644 --- a/includes/pages/user_messages.php +++ b/includes/pages/user_messages.php @@ -7,7 +7,7 @@ function user_unread_messages() { global $user; if (isset($user)) { - $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID'])); + $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`='" . sql_escape($user['UID']) . "'"); if ($new_messages > 0) return ' <span class="badge danger">' . $new_messages . '</span>'; } @@ -18,7 +18,7 @@ function user_messages() { global $user; if (! isset($_REQUEST['action'])) { - $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`"); + $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`='" . sql_escape($user['UID']) . "' ORDER BY `Nick`"); $to_select_data = array( "" => _("Select recipient...") @@ -29,7 +29,7 @@ function user_messages() { $to_select = html_select_key('to', 'to', $to_select_data, ''); - $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC"); + $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`='" . sql_escape($user['UID']) . "' OR `RUID`='" . sql_escape($user['UID']) . "' ORDER BY `isRead`,`Datum` DESC"); foreach ($messages as $message) { $sender_user_source = User($message['SUID']); if ($sender_user_source === false) @@ -84,9 +84,9 @@ function user_messages() { else return error(_("Incomplete call, missing Message ID."), true); - $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1"); if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) { - sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`='" . sql_escape($id) . "' LIMIT 1"); redirect(page_link_to("user_messages")); } else return error(_("No Message found."), true); @@ -98,9 +98,9 @@ function user_messages() { else return error(_("Incomplete call, missing Message ID."), true); - $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1"); if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) { - sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + sql_query("DELETE FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1"); redirect(page_link_to("user_messages")); } else return error(_("No Message found."), true); diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php index e557054d..ee3cf1be 100644 --- a/includes/pages/user_myshifts.php +++ b/includes/pages/user_myshifts.php @@ -9,15 +9,15 @@ function user_myshifts() { global $LETZTES_AUSTRAGEN; global $user, $privileges; $msg = ""; - - if (isset($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) { + + if (isset($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($_REQUEST['id']) . "'") > 0) { $id = $_REQUEST['id']; } else { $id = $user['UID']; } - - list($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - + + list($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); + if (isset($_REQUEST['reset'])) { if ($_REQUEST['reset'] == "ack") { User_reset_api_key($user); @@ -26,7 +26,7 @@ function user_myshifts() { } return page_with_title(_("Reset API key"), array( error(_("If you reset the key, the url to your iCal- and JSON-export and your atom feed changes! You have to update it in every application using one of these exports."), true), - button(page_link_to('user_myshifts') . '&reset=ack', _("Continue"), 'btn-danger') + button(page_link_to('user_myshifts') . '&reset=ack', _("Continue"), 'btn-danger') )); } elseif (isset($_REQUEST['edit']) && preg_match("/^[0-9]*$/", $_REQUEST['edit'])) { $id = $_REQUEST['edit']; @@ -44,11 +44,11 @@ function user_myshifts() { JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) - WHERE `ShiftEntry`.`id`=" . sql_escape($id) . " - AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1"); + WHERE `ShiftEntry`.`id`='" . sql_escape($id) . "' + AND `UID`='" . sql_escape($shifts_user['UID']) . "' LIMIT 1"); if (count($shift) > 0) { $shift = $shift[0]; - + if (isset($_REQUEST['submit'])) { $freeloaded = $shift['freeloaded']; $freeload_comment = $shift['freeload_comment']; @@ -56,46 +56,51 @@ function user_myshifts() { $freeloaded = isset($_REQUEST['freeloaded']); $freeload_comment = strip_request_item_nl('freeload_comment'); } - + $comment = strip_request_item_nl('comment'); $user_source = User($shift['UID']); $result = ShiftEntry_update(array( 'id' => $id, 'Comment' => $comment, 'freeloaded' => $freeloaded, - 'freeload_comment' => $freeload_comment + 'freeload_comment' => $freeload_comment )); if ($result === false) engelsystem_error('Unable to update shift entr.'); - + engelsystem_log("Updated " . User_Nick_render($user_source) . "'s shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end']) . " with comment " . $comment . ". Freeloaded: " . ($freeloaded ? "YES Comment: " . $freeload_comment : "NO")); success(_("Shift saved.")); redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']); } - + return ShiftEntry_edit_view(User_Nick_render($shifts_user), date("Y-m-d H:i", $shift['start']) . ', ' . shift_length($shift), $shift['Name'], $shift['name'], $shift['angel_type'], $shift['Comment'], $shift['freeloaded'], $shift['freeload_comment'], in_array("user_shifts_admin", $privileges)); } else redirect(page_link_to('user_myshifts')); } elseif (isset($_REQUEST['cancel']) && preg_match("/^[0-9]*$/", $_REQUEST['cancel'])) { $id = $_REQUEST['cancel']; $shift = sql_select(" - SELECT `Shifts`.`start` + SELECT * FROM `Shifts` INNER JOIN `ShiftEntry` USING (`SID`) - WHERE `ShiftEntry`.`id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID'])); + WHERE `ShiftEntry`.`id`='" . sql_escape($id) . "' AND `UID`='" . sql_escape($shifts_user['UID']) . "'"); if (count($shift) > 0) { $shift = $shift[0]; if (($shift['start'] > time() + $LETZTES_AUSTRAGEN * 3600) || in_array('user_shifts_admin', $privileges)) { $result = ShiftEntry_delete($id); if ($result === false) engelsystem_error('Unable to delete shift entry.'); + $room = Room($shift['RID']); + $angeltype = AngelType($shift['TID']); + $shifttype = ShiftType($shift['shifttype_id']); + + engelsystem_log("Deleted own shift: " . $shifttype['name'] . " at " . $room['Name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end']) . " as " . $angeltype['name']); success(_("You have been signed off from the shift.")); } else error(_("It's too late to sign yourself off the shift. If neccessary, ask the dispatcher to do so.")); } else - redirect(page_link_to('user_myshifts')); + redirect(user_link($shifts_user)); } - + redirect(page_link_to('users') . '&action=view'); } ?> diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php index 8a4c0aa8..7c104095 100644 --- a/includes/pages/user_news.php +++ b/includes/pages/user_news.php @@ -21,7 +21,7 @@ function user_meetings() { else $page = 0; - $news = sql_select("SELECT * FROM `News` WHERE `Treffen`=1 ORDER BY `ID` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS)); + $news = sql_select("SELECT * FROM `News` WHERE `Treffen`=1 ORDER BY `Datum` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS)); foreach ($news as $entry) $html .= display_news($entry); @@ -73,9 +73,9 @@ function user_news_comments() { global $user; $html = '<div class="col-md-12"><h1>' . user_news_comments_title() . '</h1>'; - if (isset($_REQUEST["nid"]) && preg_match("/^[0-9]{1,}$/", $_REQUEST['nid']) && sql_num_query("SELECT * FROM `News` WHERE `ID`=" . sql_escape($_REQUEST['nid']) . " LIMIT 1") > 0) { + if (isset($_REQUEST["nid"]) && preg_match("/^[0-9]{1,}$/", $_REQUEST['nid']) && sql_num_query("SELECT * FROM `News` WHERE `ID`='" . sql_escape($_REQUEST['nid']) . "' LIMIT 1") > 0) { $nid = $_REQUEST["nid"]; - list($news) = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($nid) . " LIMIT 1"); + list($news) = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($nid) . "' LIMIT 1"); if (isset($_REQUEST["text"])) { $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); sql_query("INSERT INTO `NewsComments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')"); @@ -132,7 +132,7 @@ function user_news() { else $page = 0; - $news = sql_select("SELECT * FROM `News` ORDER BY `ID` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS)); + $news = sql_select("SELECT * FROM `News` ORDER BY `Datum` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS)); foreach ($news as $entry) $html .= display_news($entry); diff --git a/includes/pages/user_questions.php b/includes/pages/user_questions.php index be7f9930..0a2786d1 100644 --- a/includes/pages/user_questions.php +++ b/includes/pages/user_questions.php @@ -7,9 +7,9 @@ function user_questions() { global $user; if (! isset($_REQUEST['action'])) { - $open_questions = sql_select("SELECT * FROM `Questions` WHERE `AID` IS NULL AND `UID`=" . sql_escape($user['UID'])); + $open_questions = sql_select("SELECT * FROM `Questions` WHERE `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'"); - $answered_questions = sql_select("SELECT * FROM `Questions` WHERE NOT `AID` IS NULL AND `UID`=" . sql_escape($user['UID'])); + $answered_questions = sql_select("SELECT * FROM `Questions` WHERE NOT `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'"); foreach ($answered_questions as &$question) { $answer_user_source = User($question['AID']); if ($answer_user_source === false) @@ -23,7 +23,7 @@ function user_questions() { case 'ask': $question = strip_request_item_nl('question'); if ($question != "") { - $result = sql_query("INSERT INTO `Questions` SET `UID`=" . sql_escape($user['UID']) . ", `Question`='" . sql_escape($question) . "'"); + $result = sql_query("INSERT INTO `Questions` SET `UID`='" . sql_escape($user['UID']) . "', `Question`='" . sql_escape($question) . "'"); if ($result === false) engelsystem_error(_("Unable to save question.")); success(_("You question was saved.")); @@ -39,9 +39,9 @@ function user_questions() { else return error(_("Incomplete call, missing Question ID."), true); - $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1"); if (count($question) > 0 && $question[0]['UID'] == $user['UID']) { - sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("DELETE FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1"); redirect(page_link_to("user_questions")); } else return page_with_title(questions_title(), array( diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php index 47744474..466d3c3e 100644 --- a/includes/pages/user_settings.php +++ b/includes/pages/user_settings.php @@ -7,7 +7,7 @@ function settings_title() { function user_settings() { global $enable_tshirt_size, $tshirt_sizes, $themes, $locales; global $user; - + $msg = ""; $nick = $user['Nick']; $lastname = $user['Name']; @@ -24,34 +24,12 @@ function user_settings() { $password_hash = ""; $selected_theme = $user['color']; $selected_language = $user['Sprache']; - - $selected_angel_types_source = sql_select("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID'])); - $selected_angel_types_source_ids = array(); - $selected_angel_types = array(); - foreach ($selected_angel_types_source as $selected_angel_type) { - $selected_angel_types[] = $selected_angel_type['angeltype_id']; - $selected_angel_types_source_ids[] = $selected_angel_type['angeltype_id']; - } - - $angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); - $angel_types = array(); - foreach ($angel_types_source as $angel_type) - $angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : ""); - + $planned_arrival_date = $user['planned_arrival_date']; + $planned_departure_date = $user['planned_departure_date']; + if (isset($_REQUEST['submit'])) { $ok = true; - - if (isset($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 1) { - $nick = strip_request_item('nick'); - if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) { - $ok = false; - $msg .= error(sprintf(_("Your nick "%s" already exists."), $nick), true); - } - } else { - $ok = false; - $msg .= error(sprintf(_("Your nick "%s" is too short (min. 2 characters)."), strip_request_item('nick')), true); - } - + if (isset($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) { $mail = strip_request_item('mail'); if (! check_email($mail)) { @@ -62,9 +40,9 @@ function user_settings() { $ok = false; $msg .= error(_("Please enter your e-mail."), true); } - + $email_shiftinfo = isset($_REQUEST['email_shiftinfo']); - + if (isset($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) { $jabber = strip_request_item('jabber'); if (! check_email($jabber)) { @@ -72,18 +50,30 @@ function user_settings() { $msg .= error(_("Please check your jabber account information."), true); } } - + if (isset($_REQUEST['tshirt_size']) && isset($tshirt_sizes[$_REQUEST['tshirt_size']])) $tshirt_size = $_REQUEST['tshirt_size']; elseif ($enable_tshirt_size) { $ok = false; } - - $selected_angel_types = array(); - foreach ($angel_types as $angel_type_id => $angel_type_name) - if (isset($_REQUEST['angel_types_' . $angel_type_id])) - $selected_angel_types[] = $angel_type_id; - + + if (isset($_REQUEST['planned_arrival_date']) && DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))) { + $planned_arrival_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))->getTimestamp(); + } else { + $ok = false; + $msg .= error(_("Please enter your planned date of arrival."), true); + } + + if (isset($_REQUEST['planned_departure_date']) && $_REQUEST['planned_departure_date'] != '') { + if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_departure_date']))) { + $planned_departure_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_departure_date']))->getTimestamp(); + } else { + $ok = false; + $msg .= error(_("Please enter your planned date of departure."), true); + } + } else + $planned_departure_date = null; + // Trivia if (isset($_REQUEST['lastname'])) $lastname = strip_request_item('lastname'); @@ -99,7 +89,7 @@ function user_settings() { $mobile = strip_request_item('mobile'); if (isset($_REQUEST['hometown'])) $hometown = strip_request_item('hometown'); - + if ($ok) { sql_query(" UPDATE `User` SET @@ -111,48 +101,20 @@ function user_settings() { `DECT`='" . sql_escape($dect) . "', `Handy`='" . sql_escape($mobile) . "', `email`='" . sql_escape($mail) . "', - `email_shiftinfo`=" . sql_escape($email_shiftinfo ? 'TRUE' : 'FALSE') . ", + `email_shiftinfo`=" . sql_bool($email_shiftinfo) . ", `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) . "', - `Hometown`='" . sql_escape($hometown) . "' - WHERE `UID`=" . sql_escape($user['UID'])); - - // Assign angel-types - - $deleted_angel_type_names = array(); - $added_angel_type_names = array(); - - foreach($selected_angel_types_source as $source_angel_type) { - if (!in_array($source_angel_type["angeltype_id"], $selected_angel_types)) { - $deleted_angel_type_names[] = $angel_types[$source_angel_type["angeltype_id"]]; - sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`='" . sql_escape($user['UID']) . "' AND `angeltype_id` = ". sql_escape($source_angel_type["angeltype_id"])); - } - } - - foreach($selected_angel_types as $selected_angel_type) { - if (!in_array($selected_angel_type, $selected_angel_types_source_ids)) { - $added_angel_type_names[] = $angel_types[$selected_angel_type]; - sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type)); - } - } - - if(count($deleted_angel_type_names) > 0 || count($added_angel_type_names) > 0) { - $log_message = "User changed his own Angel Types. "; - if(count($deleted_angel_type_names) > 0) { - $log_message .= "Removed: " . implode(", ", $deleted_angel_type_names) . " "; - } - if(count($added_angel_type_names) > 0) { - $log_message .= "Added: " . implode(", ", $added_angel_type_names); - } - engelsystem_log($log_message); - } - + `Hometown`='" . sql_escape($hometown) . "', + `planned_arrival_date`='" . sql_escape($planned_arrival_date) . "', + `planned_departure_date`=" . sql_null($planned_departure_date) . " + WHERE `UID`='" . sql_escape($user['UID']) . "'"); + success(_("Settings saved.")); redirect(page_link_to('user_settings')); } } elseif (isset($_REQUEST['submit_password'])) { $ok = true; - + if (! isset($_REQUEST['password']) || ! verify_password($_REQUEST['password'], $user['Passwort'], $user['UID'])) $msg .= error(_("-> not OK. Please try again."), true); elseif (strlen($_REQUEST['new_password']) < MIN_PASSWORD_LENGTH) @@ -166,58 +128,60 @@ function user_settings() { redirect(page_link_to('user_settings')); } elseif (isset($_REQUEST['submit_theme'])) { $ok = true; - + if (isset($_REQUEST['theme']) && isset($themes[$_REQUEST['theme']])) $selected_theme = $_REQUEST['theme']; else $ok = false; - + if ($ok) { - sql_query("UPDATE `User` SET `color`='" . sql_escape($selected_theme) . "' WHERE `UID`=" . sql_escape($user['UID'])); - + sql_query("UPDATE `User` SET `color`='" . sql_escape($selected_theme) . "' WHERE `UID`='" . sql_escape($user['UID']) . "'"); + success(_("Theme changed.")); redirect(page_link_to('user_settings')); } } elseif (isset($_REQUEST['submit_language'])) { $ok = true; - + if (isset($_REQUEST['language']) && isset($locales[$_REQUEST['language']])) $selected_language = $_REQUEST['language']; else $ok = false; - + if ($ok) { - sql_query("UPDATE `User` SET `Sprache`='" . sql_escape($selected_language) . "' WHERE `UID`=" . sql_escape($user['UID'])); + sql_query("UPDATE `User` SET `Sprache`='" . sql_escape($selected_language) . "' WHERE `UID`='" . sql_escape($user['UID']) . "'"); $_SESSION['locale'] = $selected_language; - + success("Language changed."); redirect(page_link_to('user_settings')); } } - + return page_with_title(settings_title(), array( - sprintf(_("Hello %s, here you can change your personal settings i.e. password, color settings etc."), User_Nick_render($user)), $msg, msg(), div('row', array( div('col-md-6', array( form(array( - form_info(_("Here you can change your user details.")), - form_text('nick', _("Nick") . "*", $nick), + form_info('', _("Here you can change your user details.")), + form_info(entry_required() . ' = ' . _("Entry required!")), + form_text('nick', _("Nick"), $nick, true), form_text('lastname', _("Last name"), $lastname), form_text('prename', _("First name"), $prename), + form_date('planned_arrival_date', _("Planned date of arrival") . ' ' . entry_required(), $planned_arrival_date, time()), + form_date('planned_departure_date', _("Planned date of departure"), $planned_departure_date, time()), form_text('age', _("Age"), $age), form_text('tel', _("Phone"), $tel), form_text('dect', _("DECT"), $dect), form_text('mobile', _("Mobile"), $mobile), - form_text('mail', _("E-Mail") . "*", $mail), + form_text('mail', _("E-Mail") . ' ' . entry_required(), $mail), form_checkbox('email_shiftinfo', _("Please send me an email if my shifts change"), $email_shiftinfo), form_text('jabber', _("Jabber"), $jabber), form_text('hometown', _("Hometown"), $hometown), $enable_tshirt_size ? form_select('tshirt_size', _("Shirt size"), $tshirt_sizes, $tshirt_size) : '', - form_checkboxes('angel_types', _("What do you want to do?") . sprintf(" (<a href=\"%s\">%s</a>)", page_link_to('angeltypes') . '&action=about', _("Description of job types")), $angel_types, $selected_angel_types), - form_submit('submit', _("Save")) - )) + form_info('', _('Please visit the angeltypes page to manage your angeltypes.')), + form_submit('submit', _("Save")) + )) )), div('col-md-6', array( form(array( @@ -225,20 +189,20 @@ function user_settings() { form_password('password', _("Old password:")), form_password('new_password', _("New password:")), form_password('new_password2', _("Password confirmation:")), - form_submit('submit_password', _("Save")) + form_submit('submit_password', _("Save")) )), form(array( form_info(_("Here you can choose your color settings:")), form_select('theme', _("Color settings:"), $themes, $selected_theme), - form_submit('submit_theme', _("Save")) + form_submit('submit_theme', _("Save")) )), form(array( form_info(_("Here you can choose your language:")), form_select('language', _("Language:"), $locales, $selected_language), - form_submit('submit_language', _("Save")) - )) - )) - )) + form_submit('submit_language', _("Save")) + )) + )) + )) )); } ?> diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index 603ca993..8c01eef8 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -31,7 +31,7 @@ function user_shifts() { JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) - WHERE `ShiftEntry`.`id`=" . sql_escape($entry_id)); + WHERE `ShiftEntry`.`id`='" . sql_escape($entry_id) . "'"); if (count($shift_entry_source) > 0) { $shift_entry_source = $shift_entry_source[0]; @@ -58,7 +58,7 @@ function user_shifts() { SELECT `ShiftTypes`.`name`, `Shifts`.*, `Room`.* FROM `Shifts` JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`) - WHERE `SID`=" . sql_escape($shift_id)); + WHERE `SID`='" . sql_escape($shift_id) . "'"); if (count($shift) == 0) redirect(page_link_to('user_shifts')); $shift = $shift[0]; @@ -72,28 +72,34 @@ function user_shifts() { $needed_angel_types[$type['id']] = 0; } - // Benötigte Engeltypen vom Raum - $needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`room_id`=" . sql_escape($shift['RID']) . ") ORDER BY `AngelTypes`.`name`"); + $shifttypes_source = ShiftTypes(); + $shifttypes = []; + foreach ($shifttypes_source as $shifttype) + $shifttypes[$shifttype['id']] = $shifttype['name']; + + // Benötigte Engeltypen vom Raum + $needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`room_id`='" . sql_escape($shift['RID']) . "') ORDER BY `AngelTypes`.`name`"); foreach ($needed_angel_types_source as $type) { if ($type['count'] != "") $needed_angel_types[$type['id']] = $type['count']; } // Benötigte Engeltypen von der Schicht - $needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`shift_id`=" . sql_escape($shift_id) . ") ORDER BY `AngelTypes`.`name`"); + $needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`shift_id`='" . sql_escape($shift_id) . "') ORDER BY `AngelTypes`.`name`"); foreach ($needed_angel_types_source as $type) { if ($type['count'] != "") $needed_angel_types[$type['id']] = $type['count']; } - $name = $shift['name']; + $shifttype_id = $shift['shifttype_id']; + $title = $shift['title']; $rid = $shift['RID']; $start = $shift['start']; $end = $shift['end']; if (isset($_REQUEST['submit'])) { // Name/Bezeichnung der Schicht, darf leer sein - $name = strip_request_item('name'); + $title = strip_request_item('title'); // Auswahl der sichtbaren Locations für die Schichten if (isset($_REQUEST['rid']) && preg_match("/^[0-9]+$/", $_REQUEST['rid']) && isset($room_array[$_REQUEST['rid']])) @@ -104,6 +110,13 @@ function user_shifts() { $msg .= error(_("Please select a room."), true); } + if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) + $shifttype_id = $_REQUEST['shifttype_id']; + else { + $ok = false; + $msg .= error(_('Please select a shifttype.'), true); + } + if (isset($_REQUEST['start']) && $tmp = DateTime::createFromFormat("Y-m-d H:i", trim($_REQUEST['start']))) $start = $tmp->getTimestamp(); else { @@ -133,23 +146,28 @@ function user_shifts() { } if ($ok) { - $shift['name'] = $name; + $shift['shifttype_id'] = $shifttype_id; + $shift['title'] = $title; $shift['RID'] = $rid; $shift['start'] = $start; $shift['end'] = $end; + $result = Shift_update($shift); if ($result === false) engelsystem_error('Unable to update shift.'); - sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id)); + sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`='" . sql_escape($shift_id) . "'"); $needed_angel_types_info = array(); foreach ($needed_angel_types as $type_id => $count) { - sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count)); + sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`='" . sql_escape($shift_id) . "', `angel_type_id`='" . sql_escape($type_id) . "', `count`='" . sql_escape($count) . "'"); $needed_angel_types_info[] = $angel_types[$type_id]['name'] . ": " . $count; } engelsystem_log("Updated shift '" . $name . "' from " . date("y-m-d H:i", $start) . " to " . date("y-m-d H:i", $end) . " with angel types " . join(", ", $needed_angel_types_info)); success(_("Shift updated.")); - redirect(shift_link($shift_id)); + + redirect(shift_link([ + 'SID' => $shift_id + ])); } } @@ -163,7 +181,8 @@ function user_shifts() { msg(), '<noscript>' . info(_("This page is much more comfortable with javascript."), true) . '</noscript>', form(array( - form_text('name', _("Name/Description:"), $name), + form_select('shifttype_id', _('Shifttype'), $shifttypes, $shifttype_id), + form_text('title', _("Title"), $title), form_select('rid', _("Room:"), $room_array, $rid), form_text('start', _("Start:"), date("Y-m-d H:i", $start)), form_text('end', _("End:"), date("Y-m-d H:i", $end)), @@ -218,32 +237,21 @@ function user_shifts() { $type_id = $_REQUEST['type_id']; else redirect(page_link_to('user_shifts')); - - // Schicht läuft schon, Eintragen für Engel nicht mehr möglich - if (! in_array('user_shifts_admin', $privileges) && time() > $shift['start']) { - error(_("This shift is running now or ended already. Please contact a dispatcher to join the shift.")); - redirect(shift_link($shift)); - } - - // Another shift the user is signed up for collides with this one - if (! in_array('user_shifts_admin', $privileges) && sql_num_query(" - SELECT `Shifts`.`SID` - FROM `Shifts` - INNER JOIN `ShiftEntry` ON (`Shifts`.`SID` = `ShiftEntry`.`SID` AND `ShiftEntry`.`UID` = " . sql_escape($user['UID']) . ") - WHERE `start` < '" . sql_escape($shift['end']) . "' AND `end` > '" . sql_escape($shift['start']) . "'") > 0) { - error(_("You already subscribed to shift in the same timeslot. Please contact a dispatcher to join the shift.")); - redirect(shift_link($shift)); - } if (in_array('user_shifts_admin', $privileges)) - $type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($type_id) . " LIMIT 1"); + $type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($type_id) . "' LIMIT 1"); else - $type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = " . sql_escape($type_id) . " AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = " . sql_escape($user['UID']) . " AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1"); + $type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1"); if (count($type) == 0) redirect(page_link_to('user_shifts')); $type = $type[0]; + if (! Shift_signup_allowed($shift, $type)) { + error(_('You are not allowed to sign up for this shift. Maybe shift is full or already running.')); + redirect(shift_link($shift)); + } + if (isset($_REQUEST['submit'])) { $selected_type_id = $type_id; if (in_array('user_shifts_admin', $privileges)) { @@ -252,10 +260,10 @@ function user_shifts() { else $user_id = $user['UID']; - if (sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($user_id) . " LIMIT 1") == 0) + if (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1") == 0) redirect(page_link_to('user_shifts')); - if (isset($_REQUEST['angeltype_id']) && test_request_int('angeltype_id') && sql_num_query("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($_REQUEST['angeltype_id']) . " LIMIT 1") > 0) + if (isset($_REQUEST['angeltype_id']) && test_request_int('angeltype_id') && sql_num_query("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($_REQUEST['angeltype_id']) . "' LIMIT 1") > 0) $selected_type_id = $_REQUEST['angeltype_id']; } else $user_id = $user['UID']; @@ -340,7 +348,7 @@ function view_user_shifts() { if (in_array('user_shifts_admin', $privileges)) $types = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `AngelTypes`.`name`"); else - $types = sql_select("SELECT `AngelTypes`.`id`, `AngelTypes`.`name`, (`AngelTypes`.`restricted`=0 OR (NOT `UserAngelTypes`.`confirm_user_id` IS NULL OR `UserAngelTypes`.`id` IS NULL)) as `enabled` FROM `AngelTypes` LEFT JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id`=`AngelTypes`.`id` AND `UserAngelTypes`.`user_id`=" . sql_escape($user['UID']) . ") ORDER BY `AngelTypes`.`name`"); + $types = sql_select("SELECT `AngelTypes`.`id`, `AngelTypes`.`name`, (`AngelTypes`.`restricted`=0 OR (NOT `UserAngelTypes`.`confirm_user_id` IS NULL OR `UserAngelTypes`.`id` IS NULL)) as `enabled` FROM `AngelTypes` LEFT JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id`=`AngelTypes`.`id` AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "') ORDER BY `AngelTypes`.`name`"); if (empty($types)) $types = sql_select("SELECT `id`, `name` FROM `AngelTypes` WHERE `restricted` = 0"); $filled = array( @@ -363,9 +371,13 @@ function view_user_shifts() { $_SESSION['user_shifts'] = array(); if (! isset($_SESSION['user_shifts']['filled'])) { - $_SESSION['user_shifts']['filled'] = array( + // User shift admins see free and occupied shifts by default + $_SESSION['user_shifts']['filled'] = in_array('user_shifts_admin', $privileges) ? [ + 0, + 1 + ] : [ 0 - ); + ]; } foreach (array( @@ -441,10 +453,10 @@ function view_user_shifts() { if (count($_SESSION['user_shifts']['filled']) == 1) { if ($_SESSION['user_shifts']['filled'][0] == 0) $SQL .= " - AND (nat.`count` > entries.`count` OR entries.`count` IS NULL OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = " . sql_escape($user['UID']) . " AND `ShiftEntry`.`SID` = `Shifts`.`SID`))"; + AND (nat.`count` > entries.`count` OR entries.`count` IS NULL OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = '" . sql_escape($user['UID']) . "' AND `ShiftEntry`.`SID` = `Shifts`.`SID`))"; elseif ($_SESSION['user_shifts']['filled'][0] == 1) $SQL .= " - AND (nat.`count` <= entries.`count` OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = " . sql_escape($user['UID']) . " AND `ShiftEntry`.`SID` = `Shifts`.`SID`))"; + AND (nat.`count` <= entries.`count` OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = '" . sql_escape($user['UID']) . "' AND `ShiftEntry`.`SID` = `Shifts`.`SID`))"; } $SQL .= " ORDER BY `start`"; @@ -506,7 +518,10 @@ function view_user_shifts() { if ($colspan == 0) $colspan = 1; $todo[$rid] = array_fill(0, $maxshow, $colspan); - $shifts_table .= "<th" . (($colspan > 1) ? ' colspan="' . $colspan . '"' : '') . ">${room['name']}</th>\n"; + $shifts_table .= "<th" . (($colspan > 1) ? ' colspan="' . $colspan . '"' : '') . ">" . Room_name_render([ + 'RID' => $room['id'], + 'Name' => $room['name'] + ]) . "</th>\n"; } unset($block, $blocks, $firstblock, $colspan, $key, $room); @@ -543,7 +558,17 @@ function view_user_shifts() { // qqqqqq $is_free = false; - $shifts_row = '<a href="' . shift_link($shift) . '">' . date('d.m. H:i', $shift['start']); + $shifts_row = ''; + if (in_array('admin_shifts', $privileges)) + $shifts_row .= '<div class="pull-right">' . table_buttons(array( + button(page_link_to('user_shifts') . '&edit_shift=' . $shift['SID'], glyph('edit'), 'btn-xs'), + button(page_link_to('user_shifts') . '&delete_shift=' . $shift['SID'], glyph('trash'), 'btn-xs') + )) . '</div>'; + $shifts_row .= Room_name_render([ + 'RID' => $room['id'], + 'Name' => $room['name'] + ]) . '<br />'; + $shifts_row .= '<a href="' . shift_link($shift) . '">' . date('d.m. H:i', $shift['start']); $shifts_row .= " – "; $shifts_row .= date('H:i', $shift['end']); $shifts_row .= "<br /><b>"; @@ -553,23 +578,19 @@ function view_user_shifts() { $shifts_row .= $shift['title']; $shifts_row .= "<br />"; } - if (in_array('admin_shifts', $privileges)) - $shifts_row .= ' ' . table_buttons(array( - button(page_link_to('user_shifts') . '&edit_shift=' . $shift['SID'], glyph('edit'), 'btn-xs'), - button(page_link_to('user_shifts') . '&delete_shift=' . $shift['SID'], glyph('trash'), 'btn-xs') - )); + $shifts_row .= '</a>'; $shifts_row .= '<br />'; $query = "SELECT `NeededAngelTypes`.`count`, `AngelTypes`.`id`, `AngelTypes`.`restricted`, `UserAngelTypes`.`confirm_user_id`, `AngelTypes`.`name`, `UserAngelTypes`.`user_id` FROM `NeededAngelTypes` JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id`) - LEFT JOIN `UserAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `UserAngelTypes`.`angeltype_id`AND `UserAngelTypes`.`user_id`=" . sql_escape($user['UID']) . ") + LEFT JOIN `UserAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `UserAngelTypes`.`angeltype_id`AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "') WHERE `count` > 0 AND "; if ($shift['has_special_needs']) - $query .= "`shift_id` = " . sql_escape($shift['SID']); + $query .= "`shift_id` = '" . sql_escape($shift['SID']) . "'"; else - $query .= "`room_id` = " . sql_escape($shift['RID']); + $query .= "`room_id` = '" . sql_escape($shift['RID']) . "'"; if (! empty($_SESSION['user_shifts']['types'])) $query .= " AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") "; $query .= " ORDER BY `AngelTypes`.`name`"; @@ -577,17 +598,14 @@ function view_user_shifts() { if (count($angeltypes) > 0) { foreach ($angeltypes as $angeltype) { - $entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`=" . sql_escape($shift['SID']) . " AND `TID`=" . sql_escape($angeltype['id']) . " ORDER BY `Nick`"); + $entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `TID`='" . sql_escape($angeltype['id']) . "' ORDER BY `Nick`"); $entry_list = array(); $freeloader = 0; foreach ($entries as $entry) { - if ($entry['Gekommen'] == 1) - $style = "font-weight:bold;"; - else - $style = "font-weight:normal;"; + $style = ''; if ($entry['freeloaded']) { $freeloader ++; - $style .= " text-decoration: line-through;"; + $style = " text-decoration: line-through;"; } if (in_array('user_shifts_admin', $privileges)) $entry_list[] = "<span style=\"$style\">" . User_Nick_render($entry) . ' ' . table_buttons(array( @@ -617,29 +635,30 @@ function view_user_shifts() { // User shift admins may join anybody in every shift $user_may_join_shift |= in_array('user_shifts_admin', $privileges); if ($user_may_join_shift) - $entry_list[] = '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . $inner_text . ' »</a>'; + $entry_list[] = '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . $inner_text . '</a> ' . button(page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'], _('Sign up'), 'btn-xs'); else { if (time() > $shift['start']) - $entry_list[] = $inner_text . ' (vorbei)'; + $entry_list[] = $inner_text . ' (' . _('ended') . ')'; elseif ($angeltype['restricted'] == 1 && isset($angeltype['user_id']) && ! isset($angeltype['confirm_user_id'])) $entry_list[] = $inner_text . glyph('lock'); + elseif ($angeltype['restricted'] == 1) + $entry_list[] = $inner_text; elseif ($collides) $entry_list[] = $inner_text; else - $entry_list[] = $inner_text . ' <a href="' . page_link_to('user_settings') . '#angel_types_anchor">(Werde ' . $angeltype['name'] . ')</a>'; + $entry_list[] = $inner_text . '<br />' . button(page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], sprintf(_('Become %s'), $angeltype['name']), 'btn-xs'); } unset($inner_text); $is_free = true; } - $shifts_row .= '<b>' . $angeltype['name'] . ':</b> '; + $shifts_row .= '<strong>' . AngelType_name_render($angeltype) . ':</strong> '; $shifts_row .= join(", ", $entry_list); $shifts_row .= '<br />'; } - if (in_array('user_shifts_admin', $privileges)) { - $shifts_row .= '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . _("Add more angels") . ' »</a>'; - } + if (in_array('user_shifts_admin', $privileges)) + $shifts_row .= ' ' . button(page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'], _("Add more angels"), 'btn-xs'); } if ($shift['own'] && ! in_array('user_shifts_admin', $privileges)) $class = 'own'; @@ -695,23 +714,24 @@ function view_user_shifts() { $query = "SELECT `NeededAngelTypes`.`count`, `AngelTypes`.`id`, `AngelTypes`.`restricted`, `UserAngelTypes`.`confirm_user_id`, `AngelTypes`.`name`, `UserAngelTypes`.`user_id` FROM `NeededAngelTypes` JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id`) - LEFT JOIN `UserAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `UserAngelTypes`.`angeltype_id`AND `UserAngelTypes`.`user_id`=" . sql_escape($user['UID']) . ") + LEFT JOIN `UserAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `UserAngelTypes`.`angeltype_id`AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "') WHERE "; if ($shift_has_special_needs) - $query .= "`shift_id` = " . sql_escape($shift['SID']); + $query .= "`shift_id` = '" . sql_escape($shift['SID']) . "'"; else - $query .= "`room_id` = " . sql_escape($shift['RID']); + $query .= "`room_id` = '" . sql_escape($shift['RID']) . "'"; $query .= " AND `count` > 0 "; if (! empty($_SESSION['user_shifts']['types'])) $query .= "AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") "; $query .= "ORDER BY `AngelTypes`.`name`"; $angeltypes = sql_select($query); if (count($angeltypes) > 0) { - $my_shift = sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift['SID']) . " AND `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0; + $my_shift = sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `UID`='" . sql_escape($user['UID']) . "' LIMIT 1") > 0; foreach ($angeltypes as &$angeltype) { - $entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`=" . sql_escape($shift['SID']) . " AND `TID`=" . sql_escape($angeltype['id']) . " ORDER BY `Nick`"); + $entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `TID`='" . sql_escape($angeltype['id']) . "' ORDER BY `Nick`"); $entry_list = array(); + $entry_nicks = []; $freeloader = 0; foreach ($entries as $entry) { if (in_array('user_shifts_admin', $privileges)) @@ -725,8 +745,11 @@ function view_user_shifts() { $freeloader ++; } $entry_list[] = $member; + $entry_nicks[] = $entry['Nick']; } $angeltype['taken'] = count($entries) - $freeloader; + $angeltype['angels'] = $entry_nicks; + // do we need more angles of this type? if ($angeltype['count'] - count($entries) + $freeloader > 0) { $inner_text = sprintf(ngettext("%d helper needed", "%d helpers needed", $angeltype['count'] - count($entries) + $freeloader), $angeltype['count'] - count($entries) + $freeloader); @@ -756,7 +779,7 @@ function view_user_shifts() { } elseif ($angeltype['restricted'] == 1 && isset($angeltype['user_id']) && ! isset($angeltype['confirm_user_id'])) { $entry_list[] = $inner_text . glyph("lock"); } else { - $entry_list[] = $inner_text . ' <a href="' . page_link_to('user_settings') . '#angel_types_anchor">(Werde ' . $angeltype['name'] . ')</a>'; + $entry_list[] = $inner_text . ' <a href="' . page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'] . '">' . sprintf(_('Become %s'), $angeltype['name']) . '</a>'; } } @@ -769,7 +792,7 @@ function view_user_shifts() { $shift_row['entries'] .= '<br />'; } if (in_array('user_shifts_admin', $privileges)) { - $shift_row['entries'] .= '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">Weitere Helfer eintragen »</a>'; + $shift_row['entries'] .= '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . _('Add more angels') . ' »</a>'; } $shifts_table[] = $shift_row; $shift['angeltypes'] = $angeltypes; @@ -795,7 +818,7 @@ function view_user_shifts() { 'start_time' => $_SESSION['user_shifts']['start_time'], 'end_select' => html_select_key("end_day", "end_day", array_combine($days, $days), $_SESSION['user_shifts']['end_day']), 'end_time' => $_SESSION['user_shifts']['end_time'], - 'type_select' => make_select($types, $_SESSION['user_shifts']['types'], "types", _("Tasks") . '<sup>1</sup>'), + 'type_select' => make_select($types, $_SESSION['user_shifts']['types'], "types", _("Angeltypes") . '<sup>1</sup>'), 'filled_select' => make_select($filled, $_SESSION['user_shifts']['filled'], "filled", _("Occupancy")), 'task_notice' => '<sup>1</sup>' . _("The tasks shown here are influenced by the preferences you defined in your settings!") . " <a href=\"" . page_link_to('angeltypes') . '&action=about' . "\">" . _("Description of the jobs.") . "</a>", 'new_style_checkbox' => '<label><input type="checkbox" name="new_style" value="1" ' . ($_SESSION['user_shifts']['new_style'] ? ' checked' : '') . '> ' . _("Use new style if possible") . '</label>', |