diff options
Diffstat (limited to 'includes/pages')
-rw-r--r-- | includes/pages/admin_rooms.php | 148 | ||||
-rw-r--r-- | includes/pages/user_news.php | 54 |
2 files changed, 175 insertions, 27 deletions
diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php new file mode 100644 index 00000000..6695d6a9 --- /dev/null +++ b/includes/pages/admin_rooms.php @@ -0,0 +1,148 @@ +<?php +function admin_rooms() { + global $user; + + $html = ""; + $rooms = sql_select("SELECT * FROM `Room` ORDER BY `Number`, `Name`"); + if (!isset ($_REQUEST["action"])) { + $html .= "Hallo " . $user['Nick'] . + ",<br />\nhier hast du die Möglichkeit, neue Räume für die Schichtpläne einzutragen " . + "oder vorhandene abzuändern:<br /><br />\n"; + + $html .= "<a href=\"" . page_link_to("admin_rooms") . "&action=new\">Neuen Raum/Ort eintragen</a><br />\n"; + + // Räume auflisten + if (count($rooms) > 0) { + $html .= '<table><thead><tr>'; + + $html .= "<table width=\"100%\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n"; + $html .= "<tr class=\"contenttopic\">\n"; + + // TabellenĂĽberschriften generieren + foreach ($rooms[0] as $attr => $tmp) + if ($attr == 'RID') + $html .= '<th>Anzahl: ' . count($rooms) . '</th>'; + else + $html .= '<th>' . $attr . '</th>'; + $html .= '<th> </th>'; + $html .= '</tr></thead><tbody>'; + + foreach ($rooms as $i => $room) { + $html .= '<tr>'; + foreach ($room as $attr => $value) + if ($attr == 'RID') + $html .= '<td>' . ($i +1) . '</td>'; + else + $html .= '<td>' . $value . '</td>'; + $html .= '<td><a href="' . page_link_to("admin_rooms") . '&action=change&RID=' . $room['RID'] . '">Edit</a></td>'; + $html .= '</tr>'; + } + + $html .= '</tbody></table>'; + } + } else { + switch ($_REQUEST["action"]) { + + case 'new' : + $html .= template_render('../templates/admin_rooms_new_form.html', array ( + 'link' => page_link_to("admin_rooms") + )); + break; + + case 'newsave' : + $name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Name'])); + $man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Man'])); + $from_pentabarf = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['FromPentabarf'])); + $show = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['Show'])); + $number = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['Number'])); + sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($show) . "', `Number`='" . sql_escape($number) . "'"); + header("Location: " . page_link_to("admin_rooms")); + break; + + case 'change' : + if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID'])) + $rid = $_REQUEST['RID']; + else + return error("Incomplete call, missing Room ID."); + + $room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1"); + if (count($room) > 0) { + list ($room) = $room; + $room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `RoomAngelTypes` ON (`AngelTypes`.`TID` = `RoomAngelTypes`.`angel_type_id` AND `RoomAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`"); + + $angel_types = ""; + foreach ($room_angel_types as $room_angel_type) { + if ($room_angel_type['count'] == "") + $room_angel_type['count'] = "0"; + $angel_types .= '<tr><td>' . $room_angel_type['Name'] . '</td><td><input type="text" name="angel_type_' . $room_angel_type['TID'] . '" value="' . $room_angel_type['count'] . '" /></td></tr>'; + } + + $html .= template_render('../templates/admin_rooms_edit_form.html', array ( + 'link' => page_link_to("admin_rooms"), + 'room_id' => $rid, + 'name' => $room['Name'], + 'man' => $room['Man'], + 'number' => $room['Number'], + 'from_pentabarf_options' => html_options('FromPentabarf', array ( + 'Y' => 'Yes', + 'N' => 'No' + ), $room['FromPentabarf']), + 'show_options' => html_options('Show', array ( + 'Y' => 'Yes', + 'N' => 'No' + ), $room['show']), + 'angel_types' => $angel_types + )); + } else + return error("No Room found."); + break; + + case 'changesave' : + if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID'])) + $rid = $_REQUEST['RID']; + else + return error("Incomplete call, missing Room ID."); + + $room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1"); + if (count($room) > 0) { + list ($room) = $room; + $room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `RoomAngelTypes` ON (`AngelTypes`.`TID` = `RoomAngelTypes`.`angel_type_id` AND `RoomAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`"); + + $name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Name'])); + $man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Man'])); + $from_pentabarf = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['FromPentabarf'])); + $show = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['Show'])); + $number = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['Number'])); + sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($show) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`=" . sql_escape($rid) . " LIMIT 1"); + sql_query("DELETE FROM `RoomAngelTypes` WHERE `room_id`=" . sql_escape($rid)); + foreach ($room_angel_types as $room_angel_type) { + if (isset ($_REQUEST['angel_type_' . $room_angel_type['TID']]) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['angel_type_' . $room_angel_type['TID']])) + $count = $_REQUEST['angel_type_' . $room_angel_type['TID']]; + else + $count = "0"; + sql_query("INSERT INTO `RoomAngelTypes` SET `room_id`=" . sql_escape($rid) . ", `angel_type_id`=" . sql_escape($room_angel_type['TID']) . ", `count`=" . sql_escape($count)); + } + header("Location: " . page_link_to("admin_rooms")); + } else + return error("No Room found."); + break; + + case 'delete' : + if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID'])) + $rid = $_REQUEST['RID']; + else + return error("Incomplete call, missing Room ID."); + + if (sql_num_query("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1") > 0) { + sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1"); + sql_query("DELETE FROM `RoomAngelTypes` WHERE `room_id`=" . sql_escape($rid) . " LIMIT 1"); + header("Location: " . page_link_to("admin_rooms")); + } else + return error("No Room found."); + break; + + } + } + return $html; +} +?> diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php index 7012bb99..4295edb8 100644 --- a/includes/pages/user_news.php +++ b/includes/pages/user_news.php @@ -64,43 +64,43 @@ function user_news_output() { for ($i = 1; $i <= $dis_rows; $i++) { if (!((($i * $DISPLAY_NEWS) - $_GET["news_begin"]) == $DISPLAY_NEWS)) { - $html .= "<a href=\"./news.php?news_begin=" . (($i * $DISPLAY_NEWS) - $DISPLAY_NEWS -1) . "\">$i</a> "; + $html .= '<a href="' . page_link_to("news") . '&news_begin=' . (($i * $DISPLAY_NEWS) - $DISPLAY_NEWS -1) . '">' . $i . '</a> '; } else { $html .= "$i "; } } $html .= '</div> - <br /><hr /> - <h2>' . Get_Text(6) . '</h2> - <a name="Neu"> </a> - - <form action="" method="post"> - <?PHP - - // Datum mit uebergeben, um doppelte Eintraege zu verhindern - // (Reload nach dem Eintragen!) - ?> - <input type="hidden" name="date" value="' . date("Y-m-d H:i:s") . '"> - <table> - <tr> - <td align="right">' . Get_Text(7) . '</td> - <td><input type="text" name="betreff" size="60"></td> - </tr> - <tr> - <td align="right">' . Get_Text(8) . '</td> - <td><textarea name="text" cols="50" rows="10"></textarea></td> - </tr>'; + <br /><hr /> + <h2>' . Get_Text(6) . '</h2> + <a name="Neu"> </a> + + <form action="" method="post"> + <?PHP + + // Datum mit uebergeben, um doppelte Eintraege zu verhindern + // (Reload nach dem Eintragen!) + ?> + <input type="hidden" name="date" value="' . date("Y-m-d H:i:s") . '"> + <table> + <tr> + <td align="right">' . Get_Text(7) . '</td> + <td><input type="text" name="betreff" size="60"></td> + </tr> + <tr> + <td align="right">' . Get_Text(8) . '</td> + <td><textarea name="text" cols="50" rows="10"></textarea></td> + </tr>'; if (in_array('news_add_meeting', $privileges)) { $html .= ' <tr> - <td align="right">' . Get_Text(9) . '</td> - <td><input type="checkbox" name="treffen" size="1" value="1"></td> - </tr>'; + <td align="right">' . Get_Text(9) . '</td> + <td><input type="checkbox" name="treffen" size="1" value="1"></td> + </tr>'; } $html .= '</table> - <br /> - <input type="submit" value="' . Get_Text("save") . '"> - </form>'; + <br /> + <input type="submit" value="' . Get_Text("save") . '"> + </form>'; return $html; } ?>
\ No newline at end of file |