diff options
Diffstat (limited to 'includes')
24 files changed, 650 insertions, 481 deletions
diff --git a/includes/pages/admin_active.php b/includes/pages/admin_active.php index d993395b..48d163b1 100644 --- a/includes/pages/admin_active.php +++ b/includes/pages/admin_active.php @@ -15,7 +15,7 @@ function admin_active() { $count = strip_request_item('count'); else { $ok = false; - $msg .= error("Please enter a number of angels to be marked as active."); + $msg .= error("Please enter a number of angels to be marked as active.", true); } if ($ok) @@ -27,7 +27,7 @@ function admin_active() { sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`=" . sql_escape($usr['UID'])); $limit = ""; - $msg = success("Marked angels."); + $msg = success("Marked angels.", true); } else { $set_active = '<a href="' . page_link_to('admin_active') . '&serach=' . $search . '">« back</a> | <a href="' . page_link_to('admin_active') . '&search=' . $search . '&count=' . $count . '&set_active&ack">apply</a>'; } @@ -36,22 +36,22 @@ function admin_active() { if (isset ($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) { $id = $_REQUEST['active']; sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - $msg = success("Angel has been marked as active."); + $msg = success("Angel has been marked as active.", true); } elseif (isset ($_REQUEST['not_active']) && preg_match("/^[0-9]+$/", $_REQUEST['not_active'])) { $id = $_REQUEST['not_active']; sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - $msg = success("Angel has been marked as not active."); + $msg = success("Angel has been marked as not active.", true); } elseif (isset ($_REQUEST['tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['tshirt'])) { $id = $_REQUEST['tshirt']; sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - $msg = success("Angel has got a t-shirt."); + $msg = success("Angel has got a t-shirt.", true); } elseif (isset ($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['not_tshirt'])) { $id = $_REQUEST['not_tshirt']; sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - $msg = success("Angel has got no t-shirt."); + $msg = success("Angel has got no t-shirt.", true); } $users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit); diff --git a/includes/pages/admin_angel_types.php b/includes/pages/admin_angel_types.php index 0a7a721c..f9c39ebf 100644 --- a/includes/pages/admin_angel_types.php +++ b/includes/pages/admin_angel_types.php @@ -1,96 +1,105 @@ <?php - function admin_angel_types() { - $html = ""; - if (!isset ($_REQUEST['action'])) { - - $table = ""; - $angel_types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `Name`"); - - foreach ($angel_types as $angel_type) - $table .= sprintf( - '<tr><td>%s</td><td>%s</td><td>' - . '<a href="%s&action=edit&id=%s">Edit</a></td></tr>', - $angel_type['Name'], $angel_type['Man'], - page_link_to("admin_angel_types"), - $angel_type['TID'] - ); - - $html .= template_render('../templates/admin_angel_types.html', array ( - 'link' => page_link_to("admin_angel_types"), - 'table' => $table - )); - - } else { - - switch ($_REQUEST['action']) { - - case 'create' : - $name = strip_request_item("name"); - $man = strip_request_item("man"); - - sql_query("INSERT INTO `AngelTypes` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "'"); - - header("Location: " . page_link_to("admin_angel_types")); - break; - - case 'edit' : - if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) - $id = $_REQUEST['id']; - else - return error("Incomplete call, missing AngelType ID."); - - $angel_type = sql_select("SELECT * FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); - if (count($angel_type) > 0) { - list ($angel_type) = $angel_type; - - $html .= template_render( - '../templates/admin_angel_types_edit_form.html', array ( - 'link' => page_link_to("admin_angel_types"), - 'id' => $id, - 'name' => $angel_type['Name'], - 'man' => $angel_type['Man'] - )); - } else - return error("No Angel Type found."); - break; - - case 'save' : - if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) - $id = $_REQUEST['id']; - else - return error("Incomplete call, missing AngelType ID."); - - $angel_type = sql_select("SELECT * FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); - if (count($angel_type) > 0) { - list ($angel_type) = $angel_type; - - $name = strip_request_item("name"); - $man = strip_request_item("man"); - - sql_query("UPDATE `AngelTypes` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "' WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); - header("Location: " . page_link_to("admin_angel_types")); - } else - return error("No Angel Type found."); - break; + $angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); + $angel_types = array (); + foreach ($angel_types_source as $angel_type) { + $angel_types[] = array ( + 'id' => $angel_type['id'], + 'name' => $angel_type['name'], + 'restricted' => $angel_type['restricted'] == 1 ? '✓' : '', + 'actions' => '<a class="action edit" href="' . page_link_to('admin_angel_types') . '&show=edit&id=' . $angel_type['id'] . '">edit</a> <a class="action delete" href="' . page_link_to('admin_angel_types') . '&show=delete&id=' . $angel_type['id'] . '">delete</a>' + ); + } - case 'delete' : - if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) - $id = $_REQUEST['id']; - else - return error("Incomplete call, missing AngelType ID."); + if (isset ($_REQUEST['show'])) { + if (test_request_int('id')) { + $angel_type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($_REQUEST['id'])); + if (count($angel_type) > 0) { + $id = $_REQUEST['id']; + $name = $angel_type[0]['name']; + $restricted = $angel_type[0]['restricted']; + } else + redirect(page_link_to('admin_angel_types')); + } - $angel_type = sql_select("SELECT * FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); - if (count($angel_type) > 0) { - sql_query("DELETE FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); - sql_query("DELETE FROM `NeededAngelTypes` WHERE `angel_type_id`=" . sql_escape($id) . " LIMIT 1"); - header("Location: " . page_link_to("admin_angel_types")); - } else - return error("No Angel Type found."); - break; + if ($_REQUEST['show'] == 'edit') { + $msg = ""; + $name = ""; + $restricted = 0; + + if (isset ($_REQUEST['submit'])) { + $ok = true; + + if (isset ($_REQUEST['name']) && strlen(strip_request_item('name')) > 0) { + $name = strip_request_item('name'); + if (sql_num_query("SELECT * FROM `AngelTypes` WHERE NOT `id`=" . sql_escape(isset ($id) ? $id : 0) . " AND `name`='" . sql_escape(strip_request_item('name')) . "' LIMIT 1") > 0) { + $ok = false; + $msg .= error("This angel type name is already given.", true); + } + } else { + $ok = false; + $msg .= error("Please enter a name.", true); + } + + if (isset ($_REQUEST['restricted'])) + $restricted = 1; + + if ($ok) { + if (isset ($id)) + sql_query("UPDATE `AngelTypes` SET `name`='" . sql_escape($name) . "', `restricted`=" . sql_escape($restricted) . " WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + else + sql_query("INSERT INTO `AngelTypes` SET `name`='" . sql_escape($name) . "', `restricted`=" . sql_escape($restricted)); + + success("Angel type saved."); + redirect(page_link_to('admin_angel_types')); + } + } + + return page(array ( + buttons(array ( + button(page_link_to('admin_angel_types'), "Back", 'back') + )), + $msg, + form(array ( + form_text('name', 'Name', $name), + form_checkbox('restricted', 'Restricted', $restricted), + form_info("", "Restricted angel types can only be used by an angel if enabled by an archangel (double opt-in)."), + form_submit('submit', 'Save') + )) + )); } + elseif ($_REQUEST['show'] == 'delete') { + if (isset ($_REQUEST['ack'])) { + sql_query("DELETE FROM `NeededAngelTypes` WHERE `angel_type_id`=" . sql_escape($id) . " LIMIT 1"); + sql_query("DELETE FROM `ShiftEntry` WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("DELETE FROM `AngelTypes` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + success(sprintf("Angel type %s deleted.", $name)); + redirect(page_link_to('admin_angel_types')); + } + + return page(array ( + buttons(array ( + button(page_link_to('admin_angel_types'), "Back", 'back') + )), + sprintf("Do you want to delete angel type %s?", $name), + buttons(array ( + button(page_link_to('admin_angel_types') . '&show=delete&id=' . $id . '&ack', "Delete", 'delete') + )) + )); + } else + redirect(page_link_to('admin_angel_types')); } - return $html; + return page(array ( + buttons(array ( + button(page_link_to('admin_angel_types') . '&show=edit', "Add", 'add') + )), + msg(), + table(array ( + 'name' => "Name", + 'restricted' => "Restricted", + 'actions' => "" + ), $angel_types) + )); } ?> diff --git a/includes/pages/admin_arrive.php b/includes/pages/admin_arrive.php index e55a2e6f..2acad0b3 100644 --- a/includes/pages/admin_arrive.php +++ b/includes/pages/admin_arrive.php @@ -8,12 +8,12 @@ function admin_arrive() { if (isset ($_REQUEST['reset']) && preg_match("/^[0-9]*$/", $_REQUEST['reset'])) { $id = $_REQUEST['reset']; sql_query("UPDATE `User` SET `Gekommen`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - $msg = success("Reset done. Angel has not arrived."); + $msg = success("Reset done. Angel has not arrived.", true); } elseif (isset ($_REQUEST['arrived']) && preg_match("/^[0-9]*$/", $_REQUEST['arrived'])) { $id = $_REQUEST['arrived']; sql_query("UPDATE `User` SET `Gekommen`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - $msg = success("Angel has been marked as arrived."); + $msg = success("Angel has been marked as arrived.", true); } $users = sql_select("SELECT * FROM `User` ORDER BY `Nick`"); diff --git a/includes/pages/admin_faq.php b/includes/pages/admin_faq.php index b8ba1a64..2cd75955 100644 --- a/includes/pages/admin_faq.php +++ b/includes/pages/admin_faq.php @@ -4,14 +4,7 @@ function admin_faq() { $faqs_html = ""; $faqs = sql_select("SELECT * FROM `FAQ`"); foreach ($faqs as $faq) { - $faqs_html .= sprintf( - '<tr><td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>' - . '<td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>' - . '<td><a href="%s&action=edit&id=%s">Edit</a></td></tr>', - $faq['Frage_de'], $faq['Antwort_de'], - $faq['Frage_en'], $faq['Antwort_en'], - page_link_to('admin_faq'), $faq['FID'] - ); + $faqs_html .= sprintf('<tr><td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>' . '<td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>' . '<td><a href="%s&action=edit&id=%s">Edit</a></td></tr>', $faq['Frage_de'], $faq['Antwort_de'], $faq['Frage_en'], $faq['Antwort_en'], page_link_to('admin_faq'), $faq['FID']); } return template_render('../templates/admin_faq.html', array ( 'link' => page_link_to("admin_faq"), @@ -20,17 +13,12 @@ function admin_faq() { } else { switch ($_REQUEST['action']) { case 'create' : - $frage = strip_request_item_nl('frage'); - $antwort = strip_request_item_nl('antwort'); + $frage = strip_request_item_nl('frage'); + $antwort = strip_request_item_nl('antwort'); $question = strip_request_item_nl('question'); - $answer = strip_request_item_nl('answer'); + $answer = strip_request_item_nl('answer'); - sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage) - . "', `Frage_en`='" . sql_escape($question) - . "', `Antwort_de`='" . sql_escape($antwort) - . "', `Antwort_en`='" . sql_escape($answer) - . "'" - ); + sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "'"); header("Location: " . page_link_to("admin_faq")); break; @@ -39,34 +27,29 @@ function admin_faq() { if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id']; else - return error("Incomplete call, missing FAQ ID."); + return error("Incomplete call, missing FAQ ID.", true); $faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); if (count($faq) > 0) { list ($faq) = $faq; - $frage = strip_request_item_nl('frage'); - $antwort = strip_request_item_nl('antwort'); + $frage = strip_request_item_nl('frage'); + $antwort = strip_request_item_nl('antwort'); $question = strip_request_item_nl('question'); - $answer = strip_request_item_nl('answer'); + $answer = strip_request_item_nl('answer'); - sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage) - . "', `Frage_en`='" . sql_escape($question) - . "', `Antwort_de`='" . sql_escape($antwort) - . "', `Antwort_en`='" . sql_escape($answer) - . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1" - ); + sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); header("Location: " . page_link_to("admin_faq")); } else - return error("No FAQ found."); + return error("No FAQ found.", true); break; case 'edit' : if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id']; else - return error("Incomplete call, missing FAQ ID."); + return error("Incomplete call, missing FAQ ID.", true); $faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); if (count($faq) > 0) { @@ -81,14 +64,14 @@ function admin_faq() { 'answer' => $faq['Antwort_en'] )); } else - return error("No FAQ found."); + return error("No FAQ found.", true); break; case 'delete' : if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id']; else - return error("Incomplete call, missing FAQ ID."); + return error("Incomplete call, missing FAQ ID.", true); $faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); if (count($faq) > 0) { @@ -97,7 +80,7 @@ function admin_faq() { sql_query("DELETE FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); header("Location: " . page_link_to("admin_faq")); } else - return error("No FAQ found."); + return error("No FAQ found.", true); break; } } diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php index 770f09b4..2fc789fa 100644 --- a/includes/pages/admin_groups.php +++ b/includes/pages/admin_groups.php @@ -36,7 +36,7 @@ function admin_groups() { if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id']; else - return error("Incomplete call, missing Groups ID."); + return error("Incomplete call, missing Groups ID.", true); $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); if (count($room) > 0) { @@ -62,14 +62,14 @@ function admin_groups() { 'privileges' => $privileges_html )); } else - return error("No Group found."); + return error("No Group found.", true); break; case 'save' : if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id']; else - return error("Incomplete call, missing Groups ID."); + return error("Incomplete call, missing Groups ID.", true); $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); if (!is_array($_REQUEST['privileges'])) @@ -82,7 +82,7 @@ function admin_groups() { sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv)); header("Location: " . page_link_to("admin_groups")); } else - return error("No Group found."); + return error("No Group found.", true); break; } } diff --git a/includes/pages/admin_import.php b/includes/pages/admin_import.php index 82cfbe1a..5ac62d2d 100644 --- a/includes/pages/admin_import.php +++ b/includes/pages/admin_import.php @@ -26,7 +26,7 @@ function admin_import() { fclose($test_handle); unlink('../import/tmp'); } else { - $msg = error("Webserver has no write-permission on import directory."); + $msg = error("Webserver has no write-permission on import directory.", true); } if (isset ($_REQUEST['submit'])) { @@ -36,7 +36,7 @@ function admin_import() { if (!$fp) { $ok = false; - $msg = error("File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_REQUEST["url"] . "' not readable!" . "[$errstr ($errno)]"); + $msg = error("File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_REQUEST["url"] . "' not readable!" . "[$errstr ($errno)]", true); } else { $fileOut = fopen($import_file, "w"); $head = 'GET /' . $PentabarfXMLpath . $_REQUEST["url"] . ' HTTP/1.1' . "\r\n" . @@ -82,7 +82,7 @@ function admin_import() { } fclose($fileOut); fclose($fp); - $msg .= success("Es wurden $Zeilen Zeilen eingelesen."); + $msg .= success("Es wurden $Zeilen Zeilen eingelesen.", true); } } elseif (isset ($_FILES['xcal_file']) && ($_FILES['xcal_file']['error'] == 0)) { @@ -90,16 +90,16 @@ function admin_import() { libxml_use_internal_errors(true); if (simplexml_load_file($import_file) === false) { $ok = false; - $msg = error("No valid xml/xcal file provided."); + $msg = error("No valid xml/xcal file provided.", true); unlink($import_file); } } else { $ok = false; - $msg = error("File upload went wrong."); + $msg = error("File upload went wrong.", true); } } else { $ok = false; - $msg = error("Please provide some data."); + $msg = error("Please provide some data.", true); } } diff --git a/includes/pages/admin_language.php b/includes/pages/admin_language.php index 749cd643..5ca4b9cf 100644 --- a/includes/pages/admin_language.php +++ b/includes/pages/admin_language.php @@ -86,7 +86,7 @@ function admin_language() { $html .= $sql_save . "<br />"; $Erg = sql_query($sql_save); - $html .= success("$k Save: OK<br />\n"); + $html .= success("$k Save: OK<br />\n", true); } else if (mysql_result($erg_test, 0, "Text") != $v) { $sql_save = "UPDATE `Sprache` SET `Text`='" @@ -97,7 +97,7 @@ function admin_language() { $html .= $sql_save . "<br />"; $Erg = sql_query($sql_save); - $html .= success(" $k Update: OK<br />\n"); + $html .= success(" $k Update: OK<br />\n", true); } else $html .= "\t $k no changes<br />\n"; } diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php index c7194e7c..ca1f81fc 100644 --- a/includes/pages/admin_news.php +++ b/includes/pages/admin_news.php @@ -11,7 +11,7 @@ function admin_news() { if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id']; else - return error("Incomplete call, missing News ID."); + return error("Incomplete call, missing News ID.", true); $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); if (count($news) > 0) { @@ -30,7 +30,7 @@ function admin_news() { $news["Text"] . "</textarea></td></tr>\n"; $html .= " <tr><td>Engel</td><td>" . UID2Nick($news["UID"]) . "</td></tr>\n"; - $html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', array ( + $html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', 'eTreffen', array ( '1' => "Ja", '0' => "Nein" ), $news['Treffen']) . "</td></tr>\n"; @@ -45,14 +45,14 @@ function admin_news() { $html .= "<input type=\"submit\" name=\"submit\" value=\"Löschen\">\n"; $html .= "</form>"; } else - return error("No News found."); + return error("No News found.", true); break; case 'save' : if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id']; else - return error("Incomplete call, missing News ID."); + return error("Incomplete call, missing News ID.", true); $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); if (count($news) > 0) { @@ -62,14 +62,14 @@ function admin_news() { "', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1"); header("Location: " . page_link_to("news")); } else - return error("No News found."); + return error("No News found.", true); break; case 'delete' : if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id']; else - return error("Incomplete call, missing News ID."); + return error("Incomplete call, missing News ID.", true); $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); if (count($news) > 0) { @@ -78,7 +78,7 @@ function admin_news() { sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); header("Location: " . page_link_to("news")); } else - return error("No News found."); + return error("No News found.", true); break; } } diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php index 0be05c7b..8df779ac 100644 --- a/includes/pages/admin_questions.php +++ b/includes/pages/admin_questions.php @@ -52,7 +52,7 @@ function admin_questions() { if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id']; else - return error("Incomplete call, missing Question ID."); + return error("Incomplete call, missing Question ID.", true); $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); if (count($question) > 0 && $question[0]['AID'] == "0") { @@ -62,22 +62,22 @@ function admin_questions() { sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); header("Location: " . page_link_to("admin_questions")); } else - return error("Gib eine Antwort ein!"); + return error("Gib eine Antwort ein!", true); } else - return error("No question found."); + return error("No question found.", true); break; case 'delete' : if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id']; else - return error("Incomplete call, missing Question ID."); + return error("Incomplete call, missing Question ID.", true); $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); if (count($question) > 0) { sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); header("Location: " . page_link_to("admin_questions")); } else - return error("No question found."); + return error("No question found.", true); break; } } diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php index c4e8ba46..a547e798 100644 --- a/includes/pages/admin_rooms.php +++ b/includes/pages/admin_rooms.php @@ -58,18 +58,18 @@ function admin_rooms() { if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID'])) $rid = $_REQUEST['RID']; else - return error("Incomplete call, missing Room ID."); + return error("Incomplete call, missing Room ID.", true); $room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1"); if (count($room) > 0) { list ($room) = $room; - $room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `NeededAngelTypes` ON (`AngelTypes`.`TID` = `NeededAngelTypes`.`angel_type_id` AND `NeededAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`"); + $room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `NeededAngelTypes` ON (`AngelTypes`.`id` = `NeededAngelTypes`.`angel_type_id` AND `NeededAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`name`"); $angel_types = ""; foreach ($room_angel_types as $room_angel_type) { if ($room_angel_type['count'] == "") $room_angel_type['count'] = "0"; - $angel_types .= '<tr><td>' . $room_angel_type['Name'] . '</td><td><input type="text" name="angel_type_' . $room_angel_type['TID'] . '" value="' . $room_angel_type['count'] . '" /></td></tr>'; + $angel_types .= '<tr><td>' . $room_angel_type['name'] . '</td><td><input type="text" name="angel_type_' . $room_angel_type['TID'] . '" value="' . $room_angel_type['count'] . '" /></td></tr>'; } $html .= template_render('../templates/admin_rooms_edit_form.html', array ( @@ -89,19 +89,19 @@ function admin_rooms() { 'angel_types' => $angel_types )); } else - return error("No Room found."); + return error("No Room found.", true); break; case 'changesave' : if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID'])) $rid = $_REQUEST['RID']; else - return error("Incomplete call, missing Room ID."); + return error("Incomplete call, missing Room ID.", true); $room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1"); if (count($room) > 0) { list ($room) = $room; - $room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `NeededAngelTypes` ON (`AngelTypes`.`TID` = `NeededAngelTypes`.`angel_type_id` AND `NeededAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`"); + $room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `NeededAngelTypes` ON (`AngelTypes`.`id` = `NeededAngelTypes`.`angel_type_id` AND `NeededAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`name`"); $name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Name'])); $man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Man'])); @@ -119,21 +119,21 @@ function admin_rooms() { } header("Location: " . page_link_to("admin_rooms")); } else - return error("No Room found."); + return error("No Room found.", true); break; case 'delete' : if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID'])) $rid = $_REQUEST['RID']; else - return error("Incomplete call, missing Room ID."); + return error("Incomplete call, missing Room ID.", true); if (sql_num_query("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1") > 0) { sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1"); sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($rid) . " LIMIT 1"); header("Location: " . page_link_to("admin_rooms")); } else - return error("No Room found."); + return error("No Room found.", true); break; } diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php index 94c6f38a..c5dc28cd 100644 --- a/includes/pages/admin_shifts.php +++ b/includes/pages/admin_shifts.php @@ -21,10 +21,10 @@ function admin_shifts() { $room_array[$room['RID']] = $room['Name']; // Engeltypen laden - $types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `Name`"); + $types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); $needed_angel_types = array (); foreach ($types as $type) - $needed_angel_types[$type['TID']] = 0; + $needed_angel_types[$type['id']] = 0; if (isset ($_REQUEST['preview']) || isset ($_REQUEST['back'])) { // Name/Bezeichnung der Schicht, darf leer sein @@ -36,26 +36,26 @@ function admin_shifts() { else { $ok = false; $rid = $rooms[0]['RID']; - $msg .= error("Wähle bitte einen Raum aus."); + $msg .= error("Wähle bitte einen Raum aus.", true); } if (isset ($_REQUEST['start']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['start']))) $start = $tmp->getTimestamp(); else { $ok = false; - $msg .= error("Bitte gib einen Startzeitpunkt für die Schichten an."); + $msg .= error("Bitte gib einen Startzeitpunkt für die Schichten an.", true); } if (isset ($_REQUEST['end']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['end']))) $end = $tmp->getTimestamp(); else { $ok = false; - $msg .= error("Bitte gib einen Endzeitpunkt für die Schichten an."); + $msg .= error("Bitte gib einen Endzeitpunkt für die Schichten an.", true); } if ($start >= $end) { $ok = false; - $msg .= error("Das Ende muss nach dem Startzeitpunkt liegen!"); + $msg .= error("Das Ende muss nach dem Startzeitpunkt liegen!", true); } if (isset ($_REQUEST['mode'])) { @@ -68,7 +68,7 @@ function admin_shifts() { $length = trim($_REQUEST['length']); } else { $ok = false; - $msg .= error("Bitte gib eine Schichtlänge in Minuten an."); + $msg .= error("Bitte gib eine Schichtlänge in Minuten an.", true); } } elseif ($_REQUEST['mode'] == 'variable') { @@ -77,12 +77,12 @@ function admin_shifts() { $change_hours = explode(",", $_REQUEST['change_hours']); } else { $ok = false; - $msg .= error("Bitte gib die Schichtwechsel-Stunden kommagetrennt ein."); + $msg .= error("Bitte gib die Schichtwechsel-Stunden kommagetrennt ein.", true); } } } else { $ok = false; - $msg .= error("Bitte wähle einen Modus."); + $msg .= error("Bitte wähle einen Modus.", true); } if (isset ($_REQUEST['angelmode'])) { @@ -92,24 +92,24 @@ function admin_shifts() { elseif ($_REQUEST['angelmode'] == 'manually') { $angelmode = 'manually'; foreach ($types as $type) { - if (isset ($_REQUEST['type_' . $type['TID']]) && preg_match("/^[0-9]+$/", trim($_REQUEST['type_' . $type['TID']]))) { - $needed_angel_types[$type['TID']] = trim($_REQUEST['type_' . $type['TID']]); + if (isset ($_REQUEST['type_' . $type['id']]) && preg_match("/^[0-9]+$/", trim($_REQUEST['type_' . $type['id']]))) { + $needed_angel_types[$type['id']] = trim($_REQUEST['type_' . $type['id']]); } else { $ok = false; - $msg .= error("Bitte überprüfe die Eingaben für die benötigten Engel des Typs " . $type['Name'] . "."); + $msg .= error("Bitte überprüfe die Eingaben für die benötigten Engel des Typs " . $type['name'] . ".", true); } } if (array_sum($needed_angel_types) == 0) { $ok = false; - $msg .= error("Es werden 0 Engel benötigt. Bitte wähle benötigte Engel."); + $msg .= error("Es werden 0 Engel benötigt. Bitte wähle benötigte Engel.", true); } } else { $ok = false; - $msg .= error("Bitte Wähle einen Modus für die benötigten Engel."); + $msg .= error("Bitte Wähle einen Modus für die benötigten Engel.", true); } } else { $ok = false; - $msg .= error("Bitte wähle benötigte Engel."); + $msg .= error("Bitte wähle benötigte Engel.", true); } // Beim Zurück-Knopf das Formular zeigen @@ -196,8 +196,8 @@ function admin_shifts() { $shifts_table .= '<tr><td>' . date("Y-m-d H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']) . '<br />' . $room_array[$shift['RID']] . '</td>'; $shifts_table .= '<td>' . $shift['name']; foreach ($types as $type) { - if (isset ($needed_angel_types[$type['TID']]) && $needed_angel_types[$type['TID']] > 0) - $shifts_table .= '<br /><b>' . $type['Name'] . ':</b> ' . $needed_angel_types[$type['TID']] . ' missing'; + if (isset ($needed_angel_types[$type['id']]) && $needed_angel_types[$type['id']] > 0) + $shifts_table .= '<br /><b>' . $type['name'] . ':</b> ' . $needed_angel_types[$type['id']] . ' missing'; } $shifts_table .= '</td></tr>'; } @@ -238,19 +238,19 @@ function admin_shifts() { } } - $msg = success("Schichten angelegt."); + $msg = success("Schichten angelegt.", true); } else { unset ($_SESSION['admin_shifts_shifts']); unset ($_SESSION['admin_shifts_types']); } - $room_select = html_select_key('rid', $room_array, $_REQUEST['rid']); + $room_select = html_select_key('rid', 'rid', $room_array, $_REQUEST['rid']); $angel_types = ""; foreach ($types as $type) { $angel_types .= template_render('../templates/admin_shifts_angel_types.html', array ( 'id' => $type['TID'], - 'type' => $type['Name'], - 'value' => $needed_angel_types[$type['TID']] + 'type' => $type['name'], + 'value' => $needed_angel_types[$type['id']] )); } return template_render('../templates/admin_shifts.html', array ( diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index 611b6dcb..62f312ea 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -56,7 +56,7 @@ function admin_user() { "<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"" . mysql_result($Erg, 0, "jabber") . "\"></td></tr>\n"; $html .= " <tr><td>Size</td><td>" . - html_select_key('size', array ( + html_select_key('size', 'size', array ( 'S' => "S", 'M' => "M", 'L' => "L", @@ -165,12 +165,12 @@ function admin_user() { if (in_array($group, $grouplist)) sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape($id) . ", `group_id`=" . sql_escape($group)); - $html .= success("Benutzergruppen gespeichert."); + $html .= success("Benutzergruppen gespeichert.", true); } else { - $html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten."); + $html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.", true); } } else { - $html .= error("Du kannst Deine eigenen Rechte nicht bearbeiten."); + $html .= error("Du kannst Deine eigenen Rechte nicht bearbeiten.", true); } break; @@ -179,9 +179,9 @@ function admin_user() { sql_query("DELETE FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id)); sql_query("UPDATE `ShiftEntry` SET `UID`=0, `Comment`=NULL WHERE `UID`=" . sql_escape($id)); - $html .= success("Benutzer gelöscht!"); + $html .= success("Benutzer gelöscht!", true); } else { - $html .= error("Du kannst Dich nicht selber löschen!"); + $html .= error("Du kannst Dich nicht selber löschen!", true); } break; @@ -204,15 +204,15 @@ function admin_user() { "WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1;"; sql_query($SQL); - $html .= success("Änderung wurde gespeichert...\n"); + $html .= success("Änderung wurde gespeichert...\n", true); break; case 'change_pw' : if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) { sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - $html .= success("Passwort neu gesetzt."); + $html .= success("Passwort neu gesetzt.", true); } else { - $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!"); + $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true); } break; } diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index 51afd9c5..a210a7ce 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -3,198 +3,132 @@ // Engel registrieren function guest_register() { - global $SubscribeMailinglist, $enable_tshirt_size; - - $html = ""; - $success = "none"; - - if (isset ($_POST["send"])) { - $eNick = trim($_POST["Nick"]); - - if ($_POST["Alter"] == "") - $_POST["Alter"] = 23; - - // user vorhanden? - $Ergans = sql_select("SELECT UID FROM `User` WHERE `Nick`='" . sql_escape($_POST["Nick"]) . "'"); - - if (strlen($_POST["Nick"]) < 2) - $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick2"); - - elseif (count($Ergans) > 0) $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick3"); - - elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false) $error = Get_Text("makeuser_error_mail"); - - elseif (!is_numeric($_POST["Alter"])) $error = Get_Text("makeuser_error_Alter"); - - elseif ($_POST["Passwort"] != $_POST["Passwort2"]) $error = Get_Text("makeuser_error_password1"); - - elseif (strlen($_POST["Passwort"]) < 6) $error = Get_Text("makeuser_error_password2"); - - else { - $_POST["Passwort"] = PassCrypt($_POST["Passwort"]); - unset ($_POST["Passwort2"]); - - $Erg = sql_query("INSERT INTO `User` (" . - "`Nick` , " . "`Name` , " . - "`Vorname`, " . "`Alter` , " . - "`Telefon`, " . "`DECT`, " . - "`Handy`, " . "`email`, " . - "`ICQ`, " . "`jabber`, " . - "`Size`, " . "`Passwort`, " . - "`Art` , " . "`kommentar`, " . - "`Hometown`," . "`CreateDate`, `Sprache` ) " . - "VALUES ( '" . sql_escape($_POST["Nick"]) . "', " . "'" . sql_escape($_POST["Name"]) . "', " . "'" . sql_escape($_POST["Vorname"]) . "', " . "'" . sql_escape($_POST["Alter"]) . "', " . "'" . sql_escape($_POST["Telefon"]) . "', " . "'" . sql_escape($_POST["DECT"]) . "', " . "'" . sql_escape($_POST["Handy"]) . "', " . "'" . sql_escape($_POST["email"]) . "', " . "'" . sql_escape($_POST["ICQ"]) . "', " . "'" . sql_escape($_POST["jabber"]) . "', " . "'" . sql_escape($_POST["Size"]) . "', " . "'" . sql_escape($_POST["Passwort"]) . "', " . "'" . sql_escape($_POST["Art"]) . "', " . "'" . sql_escape($_POST["kommentar"]) . "', " . "'" . sql_escape($_POST["Hometown"]) . "'," . "NOW(), '" . sql_escape($_SESSION["Sprache"]) . "')"); - - if ($Erg != 1) { - $html .= Get_Text("makeuser_error_write1") . "<br />\n"; - $error = sql_error(); - } else { - $html .= "<p class=\"success\">" . Get_Text("makeuser_writeOK") . "\n"; - - // Assign user-group - sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape(sql_id()) . ", `group_id`=-2"); - - $html .= Get_Text("makeuser_writeOK2") . "<br />\n"; - $html .= "<h1>" . Get_Text("makeuser_writeOK3") . "</h1>\n"; - - $html .= Get_Text("makeuser_writeOK4") . "</p><p></p>\n<br /><br />\n"; - $success = "any"; - - if (isset ($SubscribeMailinglist)) { - if ($_POST["subscribe-mailinglist"] == "") { - $headers = "From: " . $_POST["email"] . "\r\n" . - "X-Mailer: PHP/" . phpversion(); - mail($SubscribeMailinglist, "subject", "message", $headers); - } - } + global $tshirt_sizes, $enable_tshirt_size; + + $msg = ""; + $nick = ""; + $lastname = ""; + $prename = ""; + $age = 23; + $tel = ""; + $dect = ""; + $mobile = ""; + $mail = ""; + $icq = ""; + $jabber = ""; + $hometown = ""; + $comment = ""; + $tshirt_size = 'S'; + $password_hash = ""; + + if (isset ($_REQUEST['submit'])) { + $ok = true; + + if (isset ($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 1) { + $nick = strip_request_item('nick'); + if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' LIMIT 1") > 0) { + $ok = false; + $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick3"), $nick), true); } + } else { + $ok = false; + $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick2"), strip_request_item('nick')), true); } - if (isset ($error)) - $html .= error($error); - } else { - // init vars - $_POST["Nick"] = ""; - $_POST["Name"] = ""; - $_POST["Vorname"] = ""; - $_POST["Alter"] = ""; - $_POST["Telefon"] = ""; - $_POST["DECT"] = ""; - $_POST["Handy"] = ""; - $_POST["email"] = ""; - $_POST["subscribe-mailinglist"] = ""; - $_POST["ICQ"] = ""; - $_POST["jabber"] = ""; - $_POST["Size"] = "L"; - $_POST["Art"] = ""; - $_POST["kommentar"] = ""; - $_POST["Hometown"] = ""; - } - - if ($success == "none") { - $html .= "<h1>" . Get_Text("makeuser_text0") . "</h1>\n"; - $html .= "<h2>" . Get_Text("makeuser_text1") . "</h2>\n"; - $html .= "<form action=\"\" method=\"post\">\n"; - $html .= "<table>\n"; - $html .= "<tr><td>" . Get_Text("makeuser_Nickname") . "*</td><td><input type=\"text\" size=\"40\" name=\"Nick\" value=\"" . $_POST["Nick"] . "\" /></td></tr>\n"; - $html .= "<tr><td>" . Get_Text("makeuser_Nachname") . "</td><td><input type=\"text\" size=\"40\" name=\"Name\" value=\"" . $_POST["Name"] . "\" /></td></tr>\n"; - $html .= "<tr><td>" . Get_Text("makeuser_Vorname") . "</td><td><input type=\"text\" size=\"40\" name=\"Vorname\" value=\"" . $_POST["Vorname"] . "\" /></td></tr>\n"; - $html .= "<tr><td>" . Get_Text("makeuser_Alter") . "</td><td><input type=\"text\" size=\"40\" name=\"Alter\" value=\"" . $_POST["Alter"] . "\"></td></tr>\n"; - $html .= "<tr><td>" . Get_Text("makeuser_Telefon") . "</td><td><input type=\"text\" size=\"40\" name=\"Telefon\" value=\"" . $_POST["Telefon"] . "\"></td></tr>\n"; - $html .= "<tr><td>" . Get_Text("makeuser_DECT") . "</td><td><input type=\"text\" size=\"40\" name=\"DECT\" value=\"" . $_POST["DECT"] . "\"></td><td>\n"; - $html .= "<!--a href=\"https://21c3.ccc.de/wiki/index.php/POC\"><img src=\"./pic/external.png\" alt=\"external: \">DECT</a--></td></tr>\n"; - $html .= "<tr><td>" . Get_Text("makeuser_Handy") . "</td><td><input type=\"text\" size=\"40\" name=\"Handy\" value=\"" . $_POST["Handy"] . "\"></td></tr>\n"; - $html .= "<tr><td>" . Get_Text("makeuser_E-Mail") . "*</td><td><input type=\"text\" size=\"40\" name=\"email\" value=\"" . $_POST["email"] . "\"></td></tr>\n"; - - if (isset ($SubscribeMailinglist)) - $html .= "<tr><td>" . Get_Text("makeuser_subscribe-mailinglist") . "</td><td><input type=\"checkbox\" name=\"subscribe-mailinglist\" value=\"" . $_POST["subscribe-mailinglist"] . "\">($SubscribeMailinglist)</td></tr>\n"; - - $html .= "<tr><td>ICQ</td><td><input type=\"text\" size=\"40\" name=\"ICQ\" value=\"" . $_POST["ICQ"] . "\"></td></tr>\n"; - $html .= "<tr><td>jabber</td><td><input type=\"text\" size=\"40\" name=\"jabber\" value=\"" . $_POST["jabber"] . "\"></td></tr>\n"; - if ($enable_tshirt_size) { - $html .= "<tr><td>" . Get_Text("makeuser_T-Shirt") . " Grösse*</td><td align=\"left\">\n"; - $html .= "<select name=\"Size\">\n"; - $html .= "<option value=\"S\""; - if ($_POST["Size"] == "S") - $html .= " selected"; - $html .= ">S</option>\n"; - $html .= "<option value=\"M\""; - if ($_POST["Size"] == "M") - $html .= " selected"; - $html .= ">M</option>\n"; - $html .= "<option value=\"L\""; - if ($_POST["Size"] == "L") - $html .= " selected"; - $html .= ">L</option>\n"; - $html .= "<option value=\"XL\""; - if ($_POST["Size"] == "XL") - $html .= " selected"; - $html .= ">XL</option>\n"; - $html .= "<option value=\"2XL\""; - if ($_POST["Size"] == "2XL") - $html .= " selected"; - $html .= ">2XL</option>\n"; - $html .= "<option value=\"3XL\""; - if ($_POST["Size"] == "3XL") - $html .= " selected"; - $html .= ">3XL</option>\n"; - $html .= "<option value=\"4XL\""; - if ($_POST["Size"] == "4XL") - $html .= " selected"; - $html .= ">4XL</option>\n"; - $html .= "<option value=\"5XL\""; - if ($_POST["Size"] == "5XL") - $html .= " selected"; - $html .= ">5XL</option>\n"; - $html .= "<option value=\"S-G\""; - if ($_POST["Size"] == "S-G") - $html .= " selected"; - $html .= ">S Girl</option>\n"; - $html .= "<option value=\"M-G\""; - if ($_POST["Size"] == "M-G") - $html .= " selected"; - $html .= ">M Girl</option>\n"; - $html .= "<option value=\"L-G\""; - if ($_POST["Size"] == "L-G") - $html .= " selected"; - $html .= ">L Girl</option>\n"; - $html .= "<option value=\"XL-G\""; - if ($_POST["Size"] == "XL-G") - $html .= " selected"; - $html .= ">XL Girl</option>\n"; - $html .= "</select>\n"; - $html .= "</td></tr>\n"; + if (isset ($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) { + $mail = strip_request_item('mail'); + if (!check_email($mail)) { + $ok = false; + $msg .= error(Get_Text("makeuser_error_mail"), true); + } + } else { + $ok = false; + $msg .= error("Please enter your e-mail.", true); } - $html .= "<tr><td>" . Get_Text("makeuser_Engelart") . "</td><td align=\"left\">\n"; - $html .= "<select name=\"Art\">\n"; - $engel_types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `NAME`"); - foreach ($engel_types as $engel_type) { - $Name = $engel_type['Name'] . Get_Text("inc_schicht_engel"); - $html .= "<option value=\"" . $Name . "\""; + if (isset ($_REQUEST['icq'])) + $icq = strip_request_item('icq'); + if (isset ($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) { + $jabber = strip_request_item('jabber'); + if (!check_email($jabber)) { + $ok = false; + $msg .= error("Please check your jabber.", true); + } + } - if ($_POST["Art"] == $Name) - $html .= " selected"; + if (isset ($_REQUEST['tshirt_size']) && isset ($tshirt_sizes[$_REQUEST['tshirt_size']])) + $tshirt_size = $_REQUEST['tshirt_size']; + else { + $ok = false; + } - $html .= ">$Name</option>\n"; + if (isset ($_REQUEST['password']) && strlen($_REQUEST['password']) >= 6) { + if ($_REQUEST['password'] == $_REQUEST['password2']) { + $password_hash = PassCrypt($_REQUEST['password']); + } else { + $ok = false; + $msg .= error(Get_Text("makeuser_error_password1"), true); + } + } else { + $ok = false; + $msg .= error(Get_Text("makeuser_error_password2"), true); } - $html .= "</select>\n"; - $html .= "</td>\n"; - $html .= "</tr>\n"; - $html .= "<tr>\n"; - $html .= "<td>" . Get_Text("makeuser_text2") . "</td>\n"; - $html .= "<td><textarea rows=\"5\" cols=\"40\" name=\"kommentar\">" . $_POST["kommentar"] . "</textarea></td>\n"; - $html .= "</tr>\n"; - $html .= "<tr><td>" . Get_Text("makeuser_Hometown") . "</td><td><input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" . $_POST["Hometown"] . "\"></td></tr>\n"; - $html .= "<tr><td>" . Get_Text("makeuser_Passwort") . "*</td><td><input type=\"password\" size=\"40\" name=\"Passwort\"/></td></tr>\n"; - $html .= "<tr><td>" . Get_Text("makeuser_Passwort2") . "*</td><td><input type=\"password\" size=\"40\" name=\"Passwort2\"/></td></tr>\n"; - $html .= "<tr><td> </td><td><input type=\"submit\" name=\"send\" value=\"" . Get_Text("makeuser_Anmelden") . "\"/></td></tr>\n"; - $html .= "</table>\n"; - $html .= "</form>\n"; - $html .= Get_Text("makeuser_text3"); + // Trivia + if (isset ($_REQUEST['lastname'])) + $lastname = strip_request_item('lastname'); + if (isset ($_REQUEST['prename'])) + $prename = strip_request_item('prename'); + if (isset ($_REQUEST['age']) && preg_match("/^[0-9]{0,4}$/", $_REQUEST['age'])) + $age = strip_request_item('age'); + if (isset ($_REQUEST['tel'])) + $tel = strip_request_item('tel'); + if (isset ($_REQUEST['dect'])) + $dect = strip_request_item('dect'); + if (isset ($_REQUEST['mobile'])) + $mobile = strip_request_item('mobile'); + if (isset ($_REQUEST['hometown'])) + $hometown = strip_request_item('hometown'); + if (isset ($_REQUEST['comment'])) + $comment = strip_request_item_nl('comment'); + + if ($ok) { + sql_query("INSERT INTO `User` SET `Nick`='" . sql_escape($nick) . "', `Vorname`='" . sql_escape($prename) . "', `Name`='" . sql_escape($lastname) . + "', `Alter`='" . sql_escape($age) . "', `Telefon`='" . sql_escape($tel) . "', `DECT`='" . sql_escape($dect) . "', `Handy`='" . sql_escape($mobile) . + "', `email`='" . sql_escape($mail) . "', `ICQ`='" . sql_escape($icq) . "', `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) . + "', `Passwort`='" . sql_escape($password_hash) . "', `kommentar`='" . sql_escape($comment) . "', `Hometown`='" . sql_escape($hometown) . "', `CreateDate`=NOW(), `Sprache`='" . sql_escape($_SESSION["Sprache"]) . "'"); + + // Assign user-group + sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape(sql_id()) . ", `group_id`=-2"); + + success(Get_Text("makeuser_writeOK4")); + redirect(page_link_to('login')); + } } - return $html; + + return page(array ( + Get_Text("makeuser_text1"), + $msg, + form(array ( + form_text('nick', Get_Text("makeuser_Nickname") . "*", $nick), + form_text('lastname', Get_Text("makeuser_Nachname"), $lastname), + form_text('prename', Get_Text("makeuser_Vorname"), $prename), + form_text('age', Get_Text("makeuser_Alter"), $age), + form_text('tel', Get_Text("makeuser_Telefon"), $tel), + form_text('dect', Get_Text("makeuser_DECT"), $tel), + form_text('mobile', Get_Text("makeuser_Handy"), $mobile), + form_text('mail', Get_Text("makeuser_E-Mail") . "*", $mail), + form_text('icq', "ICQ", $icq), + form_text('jabber', "Jabber", $jabber), + form_text('hometown', Get_Text("makeuser_Hometown"), $hometown), + $enable_tshirt_size ? form_select('tshirt_size', Get_Text("makeuser_T-Shirt"), $tshirt_sizes, $tshirt_size) : '', + form_textarea('comment', Get_Text("makeuser_text2"), $comment), + form_password('password', Get_Text("makeuser_Passwort")), + form_password('password2', Get_Text("makeuser_Passwort2")), + info(Get_Text("makeuser_text3"), true), + form_submit('submit', Get_Text("makeuser_Anmelden")) + )) + )); } function guest_logout() { @@ -204,44 +138,55 @@ function guest_logout() { function guest_login() { global $user; + + $msg = ""; + $nick = ""; + unset ($_SESSION['uid']); - $html = ""; - if (isset ($_REQUEST['login_submit'])) { - $login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($_REQUEST["user"]) . "'"); - - if (count($login_user) == 1) { // Check, ob User angemeldet wird... - $login_user = $login_user[0]; - if ($login_user["Passwort"] == PassCrypt($_REQUEST["password"])) { // Passwort ok... - $_SESSION['uid'] = $login_user['UID']; - $_SESSION['Sprache'] = $login_user['Sprache']; - header("Location: " . page_link_to("news")); - } else { // Passwort nicht ok... - $ErrorText = "pub_index_pass_no_ok"; - } // Ende Passwort-Check - } else { // Anzahl der User in User-Tabelle <> 1 --> keine Anmeldung - if ($user_anz == 0) - $ErrorText = "pub_index_User_unset"; - else - $ErrorText = "pub_index_User_more_as_one"; - } // Ende Check, ob User angemeldet wurde} + if (isset ($_REQUEST['submit'])) { + $ok = true; + + if (isset ($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 0) { + $nick = strip_request_item('nick'); + $login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "'"); + if (count($login_user) > 0) { + $login_user = $login_user[0]; + if (isset ($_REQUEST['password'])) { + if ($login_user['Passwort'] != PassCrypt($_REQUEST['password'])) { + $ok = false; + $msg .= error(Get_Text("pub_index_pass_no_ok"), true); + } + } else { + $ok = false; + $msg .= error("Please enter a password.", true); + } + } else { + $ok = false; + $msg .= error(Get_Text("pub_index_User_unset"), true); + } + } else { + $ok = false; + $msg .= error("Please enter a nickname.", true); + } + + if ($ok) { + $_SESSION['uid'] = $login_user['UID']; + $_SESSION['Sprache'] = $login_user['Sprache']; + redirect(page_link_to('news')); + } } - if (isset ($ErrorText)) - $html .= error(Get_Text($ErrorText)); - $html .= guest_login_form(); - return $html; -} -function guest_login_form() { - return template_render("../templates/guest_login_form.html", array ( - 'link' => page_link_to("login"), - 'nick' => Get_Text("index_lang_nick"), - 'pass' => Get_Text("index_lang_pass"), - 'send' => Get_Text("index_lang_send"), - 'text1' => Get_Text("index_text1"), - 'text2' => Get_Text("index_text2"), - 'text3' => Get_Text("index_text3"), - 'text4' => Get_Text("index_text4") + return page(array ( + Get_Text("index_text1") . " " . Get_Text("index_text2") . " " . Get_Text("index_text3"), + $msg, + msg(), + form(array ( + form_text('nick', Get_Text("index_lang_nick"), $nick), + form_password('password', Get_Text("index_lang_pass")), + form_submit('submit', Get_Text("index_lang_send")) + )), + info(Get_Text("index_text4"), true) )); } ?> diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php index 29b41cae..1d490843 100644 --- a/includes/pages/user_messages.php +++ b/includes/pages/user_messages.php @@ -25,7 +25,7 @@ function user_messages() { foreach ($users as $u) $to_select_data[$u['UID']] = $u['Nick']; - $to_select = html_select_key('to', $to_select_data, ''); + $to_select = html_select_key('to', 'to', $to_select_data, ''); $messages_html = ""; $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC"); @@ -64,28 +64,28 @@ function user_messages() { if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id']; else - return error("Incomplete call, missing Message ID."); + return error("Incomplete call, missing Message ID.", true); $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) { sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1"); header("Location: " . page_link_to("user_messages")); } else - return error("No Message found."); + return error("No Message found.", true); break; case "delete" : if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id']; else - return error("Incomplete call, missing Message ID."); + return error("Incomplete call, missing Message ID.", true); $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) { sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); header("Location: " . page_link_to("user_messages")); } else - return error("No Message found."); + return error("No Message found.", true); break; case "send" : @@ -95,12 +95,12 @@ function user_messages() { sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'"); header("Location: " . page_link_to("user_messages")); } else { - return error(Get_Text("pub_messages_Send_Error")); + return error(Get_Text("pub_messages_Send_Error"), true); } break; default : - return error("Wrong action."); + return error("Wrong action.", true); } } } diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php index dd53d134..c9050b6e 100644 --- a/includes/pages/user_myshifts.php +++ b/includes/pages/user_myshifts.php @@ -16,18 +16,18 @@ function user_myshifts() { list ($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); if ($id != $user['UID']) - $msg .= error("Du betrachtest die Schichten von " . $shifts_user['Nick'] . "."); + $msg .= info(sprintf("You are viewing %s's shifts.", $shifts_user['Nick']), true); if (isset ($_REQUEST['reset'])) { if ($_REQUEST['reset'] == "ack") { user_reset_ical_key(); - return success("Key geändert."); + return success("Key geändert.", true); } return template_render('../templates/user_myshifts_reset.html', array ()); } elseif (isset ($_REQUEST['edit']) && preg_match("/^[0-9]*$/", $_REQUEST['edit'])) { $id = $_REQUEST['edit']; - $shift = sql_select("SELECT `ShiftEntry`.`Comment`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`Name` as `angel_type` FROM `ShiftEntry` JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`TID`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1"); + $shift = sql_select("SELECT `ShiftEntry`.`Comment`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type` FROM `ShiftEntry` JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1"); if (count($shift) > 0) { $shift = $shift[0]; @@ -55,9 +55,9 @@ function user_myshifts() { $shift = $shift[0]; if (($shift['start'] - time() < $LETZTES_AUSTRAGEN * 60) || in_array('user_shifts_admin', $privileges)) { sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); - $msg .= success("Du wurdest aus der Schicht ausgetragen."); + $msg .= success("Du wurdest aus der Schicht ausgetragen.", true); } else - $msg .= error("Es ist zu spät um sich aus der Schicht auszutragen. Frage ggf. einen Orga.'"); + $msg .= error("Es ist zu spät um sich aus der Schicht auszutragen. Frage ggf. einen Orga.", true); } else header("Location: " . page_link_to('user_myshifts')); } diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php index 5d725c13..69f4022c 100644 --- a/includes/pages/user_news.php +++ b/includes/pages/user_news.php @@ -58,7 +58,7 @@ function user_news_comments() { if (isset ($_REQUEST["text"])) { $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); sql_query("INSERT INTO `news_comments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')"); - $html .= success("Eintrag wurde gespeichert"); + $html .= success("Eintrag wurde gespeichert", true); } $html .= '<a href="' . page_link_to("news") . '">« Back</a>'; @@ -114,7 +114,7 @@ function user_news() { sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " . "VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) . "', '" . sql_escape($_POST["treffen"]) . "');"); - $html .= success(Get_Text(4)); + $html .= success(Get_Text(4), true); } if (isset ($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page'])) diff --git a/includes/pages/user_questions.php b/includes/pages/user_questions.php index 18b9c6dd..e30663f7 100644 --- a/includes/pages/user_questions.php +++ b/includes/pages/user_questions.php @@ -29,20 +29,20 @@ function user_questions() { sql_query("INSERT INTO `Questions` SET `UID`=" . sql_escape($user['UID']) . ", `Question`='" . sql_escape($question) . "'"); header("Location: " . page_link_to("user_questions")); } else - return error("Gib eine Frage ein!"); + return error("Gib eine Frage ein!", true); break; case 'delete' : if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id']; else - return error("Incomplete call, missing Question ID."); + return error("Incomplete call, missing Question ID.", true); $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); if (count($question) > 0 && $question[0]['UID'] == $user['UID']) { sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); header("Location: " . page_link_to("user_questions")); } else - return error("No question found."); + return error("No question found.", true); break; } } diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php index aed0ccb0..ce632b93 100644 --- a/includes/pages/user_settings.php +++ b/includes/pages/user_settings.php @@ -7,7 +7,7 @@ function user_settings() { if ($enable_tshirt_size) $tshirt_html = template_render('../templates/user_settings_tshirt.html', array ( 'label_size' => Get_Text("makeuser_T-Shirt"), - 'size_select' => ($user['Tshirt'] == 0) ? html_select_key('size', array ( + 'size_select' => ($user['Tshirt'] == 0) ? html_select_key('size', 'size', array ( 'S' => "S", 'M' => "M", 'L' => "L", @@ -57,7 +57,7 @@ function user_settings() { 'new_pw2_label' => Get_Text(17), 'text_theme' => Get_Text(18), 'theme_label' => Get_Text(19), - 'theme_select' => html_select_key('theme', array ( + 'theme_select' => html_select_key('theme', 'theme', array ( "1" => "Standard-Style", "2" => "ot/Gelber Style", "3" => "Club-Mate Style", @@ -72,7 +72,7 @@ function user_settings() { ), $user['color']), 'text_language' => Get_Text(20), 'language_label' => Get_Text(21), - 'language_select' => html_select_key('language', array ( + 'language_select' => html_select_key('language', 'language', array ( 'DE' => "Deutsch", 'EN' => "English" ), $user['Sprache']) @@ -102,10 +102,10 @@ function user_settings() { sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1"); header("Location: " . page_link_to("user_settings")); } else { - $html .= error(Get_Text(30)); + $html .= error(Get_Text(30), true); } } else { - $html .= error(Get_Text(31)); + $html .= error(Get_Text(31), true); } return $html; break; diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index 668fe8b7..49078c05 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -9,7 +9,7 @@ function user_shifts() { header("Location: " . page_link_to('user_shifts')); sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($entry_id) . " LIMIT 1"); - return success("Der Schicht-Eintrag wurde gelöscht.."); + return success("Der Schicht-Eintrag wurde gelöscht..", true); } // Schicht bearbeiten elseif (isset ($_REQUEST['edit_shift']) && in_array('admin_shifts', $privileges)) { @@ -22,7 +22,7 @@ function user_shifts() { header("Location: " . page_link_to('user_shifts')); if (sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1") > 0) - return error("Du kannst nur Schichten bearbeiten, bei denen niemand eingetragen ist."); + return error("Du kannst nur Schichten bearbeiten, bei denen niemand eingetragen ist.", true); $shift = sql_select("SELECT * FROM `Shifts` JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1"); if (count($shift) == 0) @@ -36,7 +36,7 @@ function user_shifts() { $room_array[$room['RID']] = $room['Name']; // Engeltypen laden - $types = sql_select("SELECT * FROM `NeededAngelTypes` JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`TID`) WHERE `shift_id`=" . sql_escape($shift_id) . " ORDER BY `AngelTypes`.`Name`"); + $types = sql_select("SELECT * FROM `NeededAngelTypes` JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id`) WHERE `shift_id`=" . sql_escape($shift_id) . " ORDER BY `AngelTypes`.`name`"); $needed_angel_types = array (); foreach ($types as $type) $needed_angel_types[$type['TID']] = $type['count']; @@ -56,39 +56,39 @@ function user_shifts() { else { $ok = false; $rid = $rooms[0]['RID']; - $msg .= error("Wähle bitte einen Raum aus."); + $msg .= error("Wähle bitte einen Raum aus.", true); } if (isset ($_REQUEST['start']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['start']))) $start = $tmp->getTimestamp(); else { $ok = false; - $msg .= error("Bitte gib einen Startzeitpunkt für die Schichten an."); + $msg .= error("Bitte gib einen Startzeitpunkt für die Schichten an.", true); } if (isset ($_REQUEST['end']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['end']))) $end = $tmp->getTimestamp(); else { $ok = false; - $msg .= error("Bitte gib einen Endzeitpunkt für die Schichten an."); + $msg .= error("Bitte gib einen Endzeitpunkt für die Schichten an.", true); } if ($start >= $end) { $ok = false; - $msg .= error("Das Ende muss nach dem Startzeitpunkt liegen!"); + $msg .= error("Das Ende muss nach dem Startzeitpunkt liegen!", true); } foreach ($types as $type) { - if (isset ($_REQUEST['type_' . $type['TID']]) && preg_match("/^[0-9]+$/", trim($_REQUEST['type_' . $type['TID']]))) { - $needed_angel_types[$type['TID']] = trim($_REQUEST['type_' . $type['TID']]); + if (isset ($_REQUEST['type_' . $type['id']]) && preg_match("/^[0-9]+$/", trim($_REQUEST['type_' . $type['id']]))) { + $needed_angel_types[$type['id']] = trim($_REQUEST['type_' . $type['id']]); } else { $ok = false; - $msg .= error("Bitte überprüfe die Eingaben für die benötigten Engel des Typs " . $type['Name'] . "."); + $msg .= error("Bitte überprüfe die Eingaben für die benötigten Engel des Typs " . $type['name'] . ".", true); } } if (array_sum($needed_angel_types) == 0) { $ok = false; - $msg .= error("Es werden 0 Engel benötigt. Bitte wähle benötigte Engel."); + $msg .= error("Es werden 0 Engel benötigt. Bitte wähle benötigte Engel.", true); } if ($ok) { @@ -96,17 +96,17 @@ function user_shifts() { sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id)); foreach ($needed_angel_types as $type_id => $count) sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count)); - return success("Schicht gespeichert."); + return success("Schicht gespeichert.", true); } } - $room_select = html_select_key('rid', $room_array, $rid); + $room_select = html_select_key('rid', 'rid', $room_array, $rid); $angel_types = ""; foreach ($types as $type) { $angel_types .= template_render('../templates/admin_shifts_angel_types.html', array ( 'id' => $type['TID'], - 'type' => $type['Name'], - 'value' => $needed_angel_types[$type['TID']] + 'type' => $type['name'], + 'value' => $needed_angel_types[$type['id']] )); } return template_render('../templates/user_shifts_edit.html', array ( @@ -136,7 +136,7 @@ function user_shifts() { sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id)); sql_query("DELETE FROM `Shifts` WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1"); - return success("Die Schicht wurde gelöscht."); + return success("Die Schicht wurde gelöscht.", true); } return template_render('../templates/user_shifts_admin_delete.html', array ( @@ -162,7 +162,7 @@ function user_shifts() { else header("Location: " . page_link_to('user_shifts')); - $type = sql_select("SELECT * FROM `AngelTypes` WHERE `TID`=" . sql_escape($type_id) . " LIMIT 1"); + $type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($type_id) . " LIMIT 1"); if (count($type) == 0) header("Location: " . page_link_to('user_shifts')); $type = $type[0]; @@ -184,11 +184,11 @@ function user_shifts() { $entries = sql_select("SELECT * FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift['SID'])); foreach ($entries as $entry) if ($entry['UID'] == $user_id) - return error("This angel does already have an entry for this shift."); + return error("This angel does already have an entry for this shift.", true); $comment = strip_request_item_nl('comment'); sql_query("INSERT INTO `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "', `UID`=" . sql_escape($user_id) . ", `TID`=" . sql_escape($type_id) . ", `SID`=" . sql_escape($shift_id)); - return success("Du bist eingetragen. Danke!") . '<a href="' . page_link_to('user_myshifts') . '">Meine Schichten »</a>'; + return success("Du bist eingetragen. Danke!", true) . '<a href="' . page_link_to('user_myshifts') . '">Meine Schichten »</a>'; } if (in_array('user_shifts_admin', $privileges)) { @@ -196,7 +196,7 @@ function user_shifts() { $users_select = array (); foreach ($users as $usr) $users_select[$usr['UID']] = $usr['Nick']; - $user_text = html_select_key('user_id', $users_select, $user['UID']); + $user_text = html_select_key('user_id', 'user_id', $users_select, $user['UID']); } else $user_text = $user['Nick']; @@ -206,7 +206,7 @@ function user_shifts() { 'title' => $shift['name'], 'location' => $shift['Name'], 'angel' => $user_text, - 'type' => $type['Name'], + 'type' => $type['name'], 'comment' => "" )); } else { @@ -240,9 +240,9 @@ function user_shifts() { $shift_row .= ' <a href="?p=user_shifts&edit_shift=' . $shift['SID'] . '">[edit]</a> <a href="?p=user_shifts&delete_shift=' . $shift['SID'] . '">[x]</a>'; $shift_row .= '<br />'; $show_shift = false; - $angeltypes = sql_select("SELECT * FROM `NeededAngelTypes` JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`TID`) WHERE `shift_id`=" . sql_escape($shift['SID']) . " AND `count` > 0 ORDER BY `AngelTypes`.`Name`"); + $angeltypes = sql_select("SELECT * FROM `NeededAngelTypes` JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id`) WHERE `shift_id`=" . sql_escape($shift['SID']) . " AND `count` > 0 ORDER BY `AngelTypes`.`name`"); if (count($angeltypes) == 0) - $angeltypes = sql_select("SELECT * FROM `NeededAngelTypes` JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`TID`) WHERE `room_id`=" . sql_escape($shift['RID']) . " AND `count` > 0 ORDER BY `AngelTypes`.`Name`"); + $angeltypes = sql_select("SELECT * FROM `NeededAngelTypes` JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id`) WHERE `room_id`=" . sql_escape($shift['RID']) . " AND `count` > 0 ORDER BY `AngelTypes`.`name`"); if (count($angeltypes) > 0) { $my_shift = sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift['SID']) . " AND `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0; @@ -262,7 +262,7 @@ function user_shifts() { } else $entry_list[] = ($angeltype['count'] - count($entries)) . ' Helfer gebraucht'; - $shift_row .= '<b>' . $angeltype['Name'] . ':</b> '; + $shift_row .= '<b>' . $angeltype['name'] . ':</b> '; $shift_row .= join(", ", $entry_list); $shift_row .= '<br />'; } diff --git a/includes/pages/user_wakeup.php b/includes/pages/user_wakeup.php index 2c6940e7..fbb47a0d 100644 --- a/includes/pages/user_wakeup.php +++ b/includes/pages/user_wakeup.php @@ -17,23 +17,23 @@ function user_wakeup() { . sql_escape($date) . "', '" . sql_escape($ort) . "', " . "'" . sql_escape($bemerkung) . "')"; sql_query($SQL); - $html .= success(Get_Text(4)); + $html .= success(Get_Text(4), true); } else - $html .= error("Broken date!"); + $html .= error("Broken date!", true); break; case 'delete' : if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id']; else - return error("Incomplete call, missing wake-up ID."); + return error("Incomplete call, missing wake-up ID.", true); $wakeup = sql_select("SELECT * FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); if (count($wakeup) > 0 && $wakeup[0]['UID'] == $user['UID']) { sql_query("DELETE FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); - $html .= success("Wake-up call deleted."); + $html .= success("Wake-up call deleted.", true); } else - return error("No wake-up found."); + return error("No wake-up found.", true); break; } } diff --git a/includes/sys_page.php b/includes/sys_page.php index e499cd57..c423155f 100644 --- a/includes/sys_page.php +++ b/includes/sys_page.php @@ -1,26 +1,104 @@ <?php + +/** + * Leitet den Browser an die übergebene URL weiter und hält das Script an. + */ +function redirect($to) { + header("Location: " . $to, true, 302); + die(); +} + +/** + * Gibt den gefilterten REQUEST Wert ohne Zeilenumbrüche zurück + */ function strip_request_item($name) { - return preg_replace( - "/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", - '', - strip_tags($_REQUEST[$name]) - ); + return strip_item($_REQUEST[$name]); } +/** + * Testet, ob der angegebene REQUEST Wert ein Integer ist, bzw. eine ID sein könnte. + */ +function test_request_int($name) { + if (isset ($_REQUEST[$name])) + return preg_match("/^[0-9]*$/", $_REQUEST[$name]); + return false; +} + +/** + * Gibt den gefilterten REQUEST Wert mit Zeilenumbrüchen zurück + */ function strip_request_item_nl($name) { - return preg_replace( - "/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", - '', - strip_tags($_REQUEST[$name]) - ); + return preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}+\n]{1,})/ui", '', strip_tags($_REQUEST[$name])); +} + +/** + * Entfernt unerwünschte Zeichen + */ +function strip_item($item) { + return preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}+]{1,})/ui", '', strip_tags($item)); +} + +/** + * Überprüft eine E-Mail-Adresse. + */ +function check_email($email) { + return (bool) preg_match("#^([a-zA-Z0-9_\-])+(\.([a-zA-Z0-9_\-])+)*@((\[(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5]))\]))|((([\p{L}0-9])+(([\-])+([\p{L}0-9])+)*\.)+([\p{L}])+(([\-])+([\p{L}0-9])+)*))$#u", $email); +} + +/** + * Gibt zwischengespeicherte Fehlermeldungen zurück und löscht den Zwischenspeicher + */ +function msg() { + if (!isset ($_SESSION['msg'])) + return ""; + $msg = $_SESSION['msg']; + $_SESSION['msg'] = ""; + return $msg; +} + +/** + * Rendert eine Information + */ +function info($msg, $immediatly = false) { + if ($immediatly) { + if ($msg == "") + return ""; + return '<p class="info">' . $msg . '</p>'; + } else { + if (!isset ($_SESSION['msg'])) + $_SESSION['msg'] = ""; + $_SESSION['msg'] .= info($msg, true); + } } -function error($msg) { - return '<p class="error">' . $msg . '</p>'; +/** + * Rendert eine Fehlermeldung + */ +function error($msg, $immediatly = false) { + if ($immediatly) { + if ($msg == "") + return ""; + return '<p class="error">' . $msg . '</p>'; + } else { + if (!isset ($_SESSION['msg'])) + $_SESSION['msg'] = ""; + $_SESSION['msg'] .= error($msg, true); + } } -function success($msg) { - return '<p class="success">' . $msg . '</p>'; +/** + * Rendert eine Erfolgsmeldung + */ +function success($msg, $immediatly = false) { + if ($immediatly) { + if ($msg == "") + return ""; + return '<p class="success">' . $msg . '</p>'; + } else { + if (!isset ($_SESSION['msg'])) + $_SESSION['msg'] = ""; + $_SESSION['msg'] .= success($msg, true); + } } ?> diff --git a/includes/sys_shift.php b/includes/sys_shift.php index 329a40ff..728e7a83 100644 --- a/includes/sys_shift.php +++ b/includes/sys_shift.php @@ -24,14 +24,14 @@ function load_shift_basics() { } // erstellt ein Array der Engeltypen - $engel_types = sql_select("SELECT `TID`, `Name` FROM `EngelType` ORDER BY `Name`"); + $engel_types = sql_select("SELECT * FROM `EngelType` ORDER BY `name`"); foreach ($engel_types as $engel_type) { $EngelType[$i] = array ( - 'TID' => $engel_type['TID'], - 'Name' => $engel_type['Name'] . Get_Text("inc_schicht_engel") + 'id' => $engel_type['id'], + 'name' => $engel_type['name'] . Get_Text("inc_schicht_engel") ); - $EngelTypeID[$engel_type['TID']] = $engel_type['Name'] . Get_Text("inc_schicht_engel"); - $TID2Name[$engel_type['TID']] = $engel_type['Name']; + $EngelTypeID[$engel_type['id']] = $engel_type['name'] . Get_Text("inc_schicht_engel"); + $TID2Name[$engel_type['id']] = $engel_type['name']; } // Erste Schicht suchen diff --git a/includes/sys_template.php b/includes/sys_template.php index 92e6e674..0a42d9ac 100644 --- a/includes/sys_template.php +++ b/includes/sys_template.php @@ -1,6 +1,138 @@ <?php +/** + * Rendert eine Liste von Checkboxen für ein Formular + * @param name Die Namen der Checkboxen werden aus name_key gebildet + * @param label Die Beschriftung der Liste + * @param items Array mit den einzelnen Checkboxen + * @param selected Array mit den Keys, die ausgewählt sind + */ +function form_checkboxes($name, $label, $items, $selected) { + $html = "<ul>"; + foreach ($items as $key => $item) { + $id = $name . '_' . $key; + $sel = array_search($key, $selected) !== false ? ' checked="checked"' : ""; + $html .= '<li><input type="checkbox" id="' . $id . '" name="' . $id . '" value="checked"' . $sel . ' /><label for="' . $id . '">' . $item . '</label></li>'; + } + $html .= "</ul>"; + return form_element($label, $html); +} + +/** + * Rendert eine Checkbox + */ +function form_checkbox($name, $label, $selected, $value = 'checked') { + return form_element("", '<input type="checkbox" id="' . $name . '" name="' . $name . '" value="' . $value . '"' . ($selected ? ' checked="checked"' : '') . ' /><label for="' . $name . '">' . $label . '</label>'); +} + +/** + * Rendert einen Infotext in das Formular + */ +function form_info($label, $text) { + return form_element($label, $text, ""); +} + +/** + * Rendert den Absenden-Button eines Formulars + */ +function form_submit($name, $label) { + return form_element('<input class="button save ' . $name . '" type="submit" name="' . $name . '" value="' . $label . '" />', ""); +} + +/** + * Rendert ein Formular-Textfeld + */ +function form_text($name, $label, $value, $disabled = false) { + $disabled = $disabled ? ' disabled="disabled"' : ''; + return form_element($label, '<input id="form_' . $name . '" type="text" name="' . $name . '" value="' . $value . '" ' . $disabled . '/>', 'form_' . $name); +} + +/** + * Rendert ein Formular-Passwortfeld + */ +function form_password($name, $label, $disabled = false) { + $disabled = $disabled ? ' disabled="disabled"' : ''; + return form_element($label, '<input id="form_' . $name . '" type="password" name="' . $name . '" value="" ' . $disabled . '/>', 'form_' . $name); +} + +/** + * Rendert ein Formular-Textfeld + */ +function form_textarea($name, $label, $value, $disabled = false) { + $disabled = $disabled ? ' disabled="disabled"' : ''; + return form_element($label, '<textarea id="form_' . $name . '" type="text" name="' . $name . '" ' . $disabled . '>' . $value . '</textarea>', 'form_' . $name); +} + +/** + * Rendert ein Formular-Auswahlfeld + */ +function form_select($name, $label, $values, $selected) { + return form_element($label, html_select_key('form_' . $name, $name, $values, $selected), 'form_' . $name); +} + +/** + * Rendert ein Formular-Element + */ +function form_element($label, $input, $for = "") { + return '<div class="form_element">' . '<label for="' . $for . '" class="form_label">' . $label . '</label><div class="form_input">' . $input . '</div></div>'; +} + +/** + * Rendert ein Formular + */ +function form($elements, $action = "") { + return '<form action="' . $action . '" enctype="multipart/form-data" method="post"><div class="form">' . join($elements) . '</div></form>'; +} + +/** + * Generiert HTML Code für eine "Seite". Fügt dazu die übergebenen Elemente zusammen. + */ +function page($elements) { + return join($elements); +} + +/** + * Rendert eine Datentabelle + */ +function table($columns, $rows, $data = true) { + if (count($rows) == 0) + return info("No data available.", true); + $html = ""; + $html .= '<table' . ($data ? ' class="data"' : '') . '>'; + $html .= '<thead><tr>'; + foreach ($columns as $key => $column) + $html .= '<th>' . $column . '</th>'; + $html .= '</tr></thead>'; + $html .= '<tbody>'; + foreach ($rows as $row) { + $html .= '<tr>'; + foreach ($columns as $key => $column) + if (isset ($row[$key])) + $html .= '<td class="' . $key . '">' . $row[$key] . '</td>'; + else + $html .= '<td class="' . $key . '"> </td>'; + $html .= '</tr>'; + } + $html .= '</tbody>'; + $html .= '</table>'; + return $html; +} + +/** + * Rendert einen Knopf + */ +function button($href, $label, $class = "") { + return '<a href="' . $href . '" class="button ' . $class . '">' . $label . '</a>'; +} + +/** + * Rendert eine Toolbar mit Knöpfen + */ +function buttons($buttons = array ()) { + return '<div class="toolbar">' . join($buttons) . '</div>'; +} + // Load and render template function template_render($file, $data) { if (file_exists($file)) { @@ -44,13 +176,15 @@ function html_options($name, $options, $selected = "") { return $html; } -function html_select_key($name, $rows, $selected) { - $html = '<select name="' . $name . '">'; - foreach ($rows as $key => $row) - if (($key == $selected) || ($row == $selected)) +function html_select_key($id, $name, $rows, $selected) { + $html = '<select id="' . $id . '" name="' . $name . '">'; + foreach ($rows as $key => $row) { + if (($key == $selected) || ($row == $selected)) { $html .= '<option value="' . $key . '" selected="selected">' . $row . '</option>'; - else + } else { $html .= '<option value="' . $key . '">' . $row . '</option>'; + } + } $html .= '</select>'; return $html; } diff --git a/includes/sys_user.php b/includes/sys_user.php index c44fbc85..ccf5da6c 100644 --- a/includes/sys_user.php +++ b/includes/sys_user.php @@ -1,4 +1,24 @@ <?php + + +/** + * Available T-Shirt sizes + */ +$tshirt_sizes = array ( + 'S' => "S", + 'M' => "M", + 'L' => "L", + 'XL' => "XL", + '2XL' => "2XL", + '3XL' => "3XL", + '4XL' => "4XL", + '5XL' => "5XL", + 'S-G' => "S Girl", + 'M-G' => "M Girl", + 'L-G' => "L Girl", + 'XL-G' => "XL Girl" +); + function UID2Nick($UID) { if ($UID > 0) $SQL = "SELECT Nick FROM `User` WHERE UID='" . sql_escape($UID) . "'"; |