5 files changed, 52 insertions, 26 deletions

diff --git a/includes/pages/admin_import.php b/includes/pages/admin_import.php
index 8362391d..120ab91b 100644
--- a/includes/pages/admin_import.php
+++ b/includes/pages/admin_import.php
@@ -1,4 +1,5 @@
 <?php
+
 function admin_import_title() {
   return _("Frab import");
 }
@@ -116,14 +117,23 @@ function admin_import() {
         sql_query("DELETE FROM `Room` WHERE `Name`='" . sql_escape($room) . "' LIMIT 1");
       
       list($events_new, $events_updated, $events_deleted) = prepare_events($import_file);
-      foreach ($events_new as $event)
-        sql_query("INSERT INTO `Shifts` SET `name`='" . sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "'");
+      foreach ($events_new as $event) {
+        $result = Shift_create($event);
+        if ($result === false)
+          engelsystem_error('Unable to create shift.');
+      }
       
-      foreach ($events_updated as $event)
-        sql_query("UPDATE `Shifts` SET `name`='" . sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "' WHERE `PSID`=" . sql_escape($event['PSID']) . " LIMIT 1");
+      foreach ($events_updated as $event) {
+        $result = Shift_update_by_psid($event);
+        if ($result === false)
+          engelsystem_error('Unable to update shift.');
+      }
       
-      foreach ($events_deleted as $event)
-        sql_query("DELETE FROM `Shifts` WHERE `PSID`=" . sql_escape($event['PSID']) . " LIMIT 1");
+      foreach ($events_deleted as $event) {
+        $result = Shift_delete_by_psid($event['PSID']);
+        if ($result === false)
+          engelsystem_error('Unable to delete shift.');
+      }
       
       engelsystem_log("Pentabarf import done");
       
@@ -165,7 +175,7 @@ function prepare_rooms($file) {
   
   return array(
       $rooms_new,
-      $rooms_deleted
+      $rooms_deleted 
   );
 }
 
diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php
index 473022eb..fd5b9b55 100644
--- a/includes/pages/admin_shifts.php
+++ b/includes/pages/admin_shifts.php
@@ -1,4 +1,5 @@
 <?php
+
 function admin_shifts_title() {
   return _("Create shifts");
 }
@@ -229,14 +230,17 @@ function admin_shifts() {
           )) 
       ));
     }
-  
   } elseif (isset($_REQUEST['submit'])) {
     if (! is_array($_SESSION['admin_shifts_shifts']) || ! is_array($_SESSION['admin_shifts_types']))
       redirect(page_link_to('admin_shifts'));
     
     foreach ($_SESSION['admin_shifts_shifts'] as $shift) {
-      sql_query("INSERT INTO `Shifts` SET `start`=" . sql_escape($shift['start']) . ",  `end`=" . sql_escape($shift['end']) . ", `RID`=" . sql_escape($shift['RID']) . ", `name`='" . sql_escape($shift['name']) . "'");
-      $shift_id = sql_id();
+      $shift['URL'] = null;
+      $shift['PSID'] = null;
+      $shift_id = Shift_create($shift);
+      if ($shift_id === false)
+        engelsystem_error('Unable to create shift.');
+      
       engelsystem_log("Shift created: " . $shift['name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']));
       $needed_angel_types_info = array();
       foreach ($_SESSION['admin_shifts_types'] as $type_id => $count) {
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index 87190857..4e10ca1e 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -215,7 +215,6 @@ function admin_user() {
             $user_source = sql_select("SELECT `Nick`, `UID` FROM `User` WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1");
             sql_query("DELETE FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
             sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id));
-            sql_query("UPDATE `ShiftEntry` SET `UID`=0, `Comment`=NULL WHERE `UID`=" . sql_escape($id));
             engelsystem_log("Deleted user " . User_Nick_render($user_source));
             $html .= success("Benutzer gelöscht!", true);
           } else {
diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php
index d1c60dd6..d74475d2 100644
--- a/includes/pages/user_myshifts.php
+++ b/includes/pages/user_myshifts.php
@@ -57,12 +57,15 @@ function user_myshifts() {
         
         $comment = strip_request_item_nl('comment');
         $user_source = User($shift['UID']);
-        sql_query("UPDATE `ShiftEntry` SET 
-            `Comment`='" . sql_escape($comment) . "',
-            `freeloaded`=" . sql_escape($freeloaded ? 1 : 0) . ",
-            `freeload_comment`='" . sql_escape($freeload_comment) . "'
-            WHERE `id`=" . sql_escape($id) . " 
-            LIMIT 1");
+        $result = ShiftEntry_update(array(
+            'id' => $id,
+            'Comment' => $comment,
+            'freeloaded' => $freeloaded,
+            'freeload_comment' => $freeload_comment 
+        ));
+        if ($result === false)
+          engelsystem_error('Unable to update shift entr.');
+        
         engelsystem_log("Updated " . User_Nick_render($user_source) . "'s shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end']) . " with comment " . $comment);
         success(_("Shift saved."));
         redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']);
@@ -77,15 +80,16 @@ function user_myshifts() {
     if (count($shift) > 0) {
       $shift = $shift[0];
       if (($shift['start'] > time() + $LETZTES_AUSTRAGEN * 3600) || in_array('user_shifts_admin', $privileges)) {
-        sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
-        $msg .= success(_("You have been signed off from the shift."), true);
+        $result = ShiftEntry_delete($id);
+        if ($result === false)
+          engelsystem_error('Unable to delete shift entry.');
+        success(_("You have been signed off from the shift."));
       } else
-        $msg .= error(_("It's too late to sign yourself off the shift. If neccessary, ask the dispatcher to do so."), true);
+        error(_("It's too late to sign yourself off the shift. If neccessary, ask the dispatcher to do so."));
     } else
       redirect(page_link_to('user_myshifts'));
   }
   
-  msg();
   redirect(page_link_to('users') . '&action=view');
 }
 ?>
diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php
index ee8e3b19..c1a5cc91 100644
--- a/includes/pages/user_shifts.php
+++ b/includes/pages/user_shifts.php
@@ -20,7 +20,10 @@ function user_shifts() {
     $shift_entry_source = sql_select("SELECT `User`.`Nick`, `ShiftEntry`.`Comment`, `ShiftEntry`.`UID`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type` FROM `ShiftEntry` JOIN `User` ON (`User`.`UID`=`ShiftEntry`.`UID`) JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `ShiftEntry`.`id`=" . sql_escape($entry_id) . " LIMIT 1");
     if (count($shift_entry_source) > 0) {
       $shift_entry_source = $shift_entry_source[0];
-      sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($entry_id) . " LIMIT 1");
+      
+      $result = ShiftEntry_delete($entry_id);
+      if ($result === false)
+        engelsystem_error('Unable to delete shift entry.');
       
       engelsystem_log("Deleted " . User_Nick_render($shift_entry_source) . "'s shift: " . $shift_entry_source['name'] . " at " . $shift_entry_source['Name'] . " from " . date("y-m-d H:i", $shift_entry_source['start']) . " to " . date("y-m-d H:i", $shift_entry_source['end']) . " as " . $shift_entry_source['angel_type']);
       success(_("Shift entry deleted."));
@@ -122,7 +125,13 @@ function user_shifts() {
       }
       
       if ($ok) {
-        sql_query("UPDATE `Shifts` SET `start`=" . sql_escape($start) . ", `end`=" . sql_escape($end) . ", `RID`=" . sql_escape($rid) . ", `name`='" . sql_escape($name) . "' WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1");
+        $shift['name'] = $name;
+        $shift['RID'] = $rid;
+        $shift['start'] = $start;
+        $shift['end'] = $end;
+        $result = Shift_update($shift);
+        if ($result === false)
+          engelsystem_error('Unable to update shift.');
         sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id));
         $needed_angel_types_info = array();
         foreach ($needed_angel_types as $type_id => $count) {
@@ -169,9 +178,9 @@ function user_shifts() {
     
     // Schicht löschen bestätigt
     if (isset($_REQUEST['delete'])) {
-      sql_query("DELETE FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift_id));
-      sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id));
-      sql_query("DELETE FROM `Shifts` WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1");
+      $result = Shift_delete($shift_id);
+      if ($result === false)
+        engelsystem_error('Unable to delete shift.');
       
       engelsystem_log("Deleted shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end']));
       success(_("Shift deleted."));