diff options
Diffstat (limited to 'includes')
-rw-r--r-- | includes/controller/shifts_controller.php | 13 | ||||
-rw-r--r-- | includes/helper/error_helper.php | 1 | ||||
-rw-r--r-- | includes/helper/message_helper.php | 8 | ||||
-rw-r--r-- | includes/model/LogEntries_model.php | 7 | ||||
-rw-r--r-- | includes/model/Sprache_model.php | 14 | ||||
-rw-r--r-- | includes/model/User_model.php | 15 | ||||
-rw-r--r-- | includes/mysql_provider.php | 38 | ||||
-rw-r--r-- | includes/sys_auth.php | 161 | ||||
-rw-r--r-- | includes/sys_counter.php | 11 | ||||
-rw-r--r-- | includes/sys_log.php | 28 | ||||
-rw-r--r-- | includes/sys_menu.php | 154 | ||||
-rw-r--r-- | includes/sys_page.php | 22 | ||||
-rw-r--r-- | includes/sys_template.php | 89 |
13 files changed, 325 insertions, 236 deletions
diff --git a/includes/controller/shifts_controller.php b/includes/controller/shifts_controller.php index 1cd7b5d6..0ffc3c75 100644 --- a/includes/controller/shifts_controller.php +++ b/includes/controller/shifts_controller.php @@ -1,25 +1,26 @@ <?php /** - * Export filtered shifts via JSON. (Like iCal Export or shifts view) + * Export filtered shifts via JSON. + * (Like iCal Export or shifts view) */ function shifts_json_export_controller() { global $ical_shifts, $user; - if (isset ($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}$/", $_REQUEST['key'])) + if (isset($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}$/", $_REQUEST['key'])) $key = $_REQUEST['key']; else die("Missing key."); $user = User_by_api_key($key); - if($user === false) + if ($user === false) die("Unable to find user."); - if($user == null) + if ($user == null) die("Key invalid."); - if(!in_array('shifts_json_export', privileges_for_user($user['UID']))) + if (! in_array('shifts_json_export', privileges_for_user($user['UID']))) die("No privilege for shifts_json_export."); - if (isset ($_REQUEST['export']) && $_REQUEST['export'] == 'user_shifts') { + if (isset($_REQUEST['export']) && $_REQUEST['export'] == 'user_shifts') { require_once ('includes/pages/user_shifts.php'); view_user_shifts(); } else { diff --git a/includes/helper/error_helper.php b/includes/helper/error_helper.php index d26485d6..b4b4f248 100644 --- a/includes/helper/error_helper.php +++ b/includes/helper/error_helper.php @@ -2,6 +2,7 @@ /** * Displays a fatal message and stops execution. + * * @param string $message */ function engelsystem_error($message) { diff --git a/includes/helper/message_helper.php b/includes/helper/message_helper.php index c582c5b1..9bb78a05 100644 --- a/includes/helper/message_helper.php +++ b/includes/helper/message_helper.php @@ -4,7 +4,7 @@ * Gibt zwischengespeicherte Fehlermeldungen zurück und löscht den Zwischenspeicher */ function msg() { - if (!isset ($_SESSION['msg'])) + if (! isset($_SESSION['msg'])) return ""; $msg = $_SESSION['msg']; $_SESSION['msg'] = ""; @@ -20,7 +20,7 @@ function info($msg, $immediatly = false) { return ""; return '<p class="info">' . $msg . '</p>'; } else { - if (!isset ($_SESSION['msg'])) + if (! isset($_SESSION['msg'])) $_SESSION['msg'] = ""; $_SESSION['msg'] .= info($msg, true); } @@ -35,7 +35,7 @@ function error($msg, $immediatly = false) { return ""; return '<p class="error">' . $msg . '</p>'; } else { - if (!isset ($_SESSION['msg'])) + if (! isset($_SESSION['msg'])) $_SESSION['msg'] = ""; $_SESSION['msg'] .= error($msg, true); } @@ -50,7 +50,7 @@ function success($msg, $immediatly = false) { return ""; return '<p class="success">' . $msg . '</p>'; } else { - if (!isset ($_SESSION['msg'])) + if (! isset($_SESSION['msg'])) $_SESSION['msg'] = ""; $_SESSION['msg'] .= success($msg, true); } diff --git a/includes/model/LogEntries_model.php b/includes/model/LogEntries_model.php index 1fa97356..30e2b58c 100644 --- a/includes/model/LogEntries_model.php +++ b/includes/model/LogEntries_model.php @@ -2,8 +2,10 @@ /** * Creates a log entry. + * * @param $nick Username - * @param $message Log Message + * @param $message Log + * Message */ function LogEntry_create($nick, $message) { return sql_query("INSERT INTO `LogEntries` SET `timestamp`=" . sql_escape(time()) . ", `nick`='" . sql_escape($nick) . "', `message`='" . sql_escape($message) . "'"); @@ -13,8 +15,7 @@ function LogEntry_create($nick, $message) { * Returns log entries of the last 24 hours with maximum count of 1000. */ function LogEntries() { - return sql_select("SELECT * FROM `LogEntries` WHERE `timestamp` > " . (time() - 24*60*60) . " ORDER BY `timestamp` DESC LIMIT 1000"); + return sql_select("SELECT * FROM `LogEntries` WHERE `timestamp` > " . (time() - 24 * 60 * 60) . " ORDER BY `timestamp` DESC LIMIT 1000"); } - ?>
\ No newline at end of file diff --git a/includes/model/Sprache_model.php b/includes/model/Sprache_model.php index 55683411..0b18dbca 100644 --- a/includes/model/Sprache_model.php +++ b/includes/model/Sprache_model.php @@ -2,17 +2,23 @@ /** * Load a string by key. + * * @param string $textid * @param string $sprache */ function Sprache($textid, $sprache) { - $sprache_source = sql_select("SELECT * FROM `Sprache` WHERE `TextID`='" . sql_escape($textid) . "' AND `Sprache`='" . sql_escape($sprache) . "' LIMIT 1"); - if($sprache_source === false) + $sprache_source = sql_select(" + SELECT * + FROM `Sprache` + WHERE `TextID`='" . sql_escape($textid) . "' + AND `Sprache`='" . sql_escape($sprache) . "' + LIMIT 1 + "); + if ($sprache_source === false) return false; - if(count($sprache_source) == 1) + if (count($sprache_source) == 1) return $sprache_source[0]; return null; } - ?>
\ No newline at end of file diff --git a/includes/model/User_model.php b/includes/model/User_model.php index 7eb31e8e..884aeae8 100644 --- a/includes/model/User_model.php +++ b/includes/model/User_model.php @@ -1,25 +1,29 @@ <?php + /** * Returns user by id. + * * @param $id UID */ function User($id) { $user_source = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - if($user_source === false) + if ($user_source === false) return false; - if(count($user_source) > 0) + if (count($user_source) > 0) return $user_source[0]; return null; } /** * Returns User by api_key. - * @param string $api_key User api key + * + * @param string $api_key + * User api key * @return Matching user, null or false on error */ function User_by_api_key($api_key) { $user = sql_select("SELECT * FROM `User` WHERE `api_key`='" . sql_escape($api_key) . "' LIMIT 1"); - if($user === false) + if ($user === false) return false; if (count($user) == 0) return null; @@ -28,12 +32,13 @@ function User_by_api_key($api_key) { /** * Generates a new api key for given user. + * * @param User $user */ function User_reset_api_key(&$user) { $user['api_key'] = md5($user['Nick'] . time() . rand()); $result = sql_query("UPDATE `User` SET `api_key`='" . sql_escape($user['api_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1"); - if($result === false) + if ($result === false) return false; engelsystem_log("API key resetted."); } diff --git a/includes/mysql_provider.php b/includes/mysql_provider.php index d9e78fb4..9f901a40 100644 --- a/includes/mysql_provider.php +++ b/includes/mysql_provider.php @@ -15,7 +15,7 @@ function sql_close() { function sql_transaction_start() { global $sql_nested_transaction_level; - if($sql_nested_transaction_level++ == 0) + if ($sql_nested_transaction_level ++ == 0) return sql_query("BEGIN"); else return true; @@ -27,7 +27,7 @@ function sql_transaction_start() { function sql_transaction_commit() { global $sql_nested_transaction_level; - if(--$sql_nested_transaction_level == 0) + if (-- $sql_nested_transaction_level == 0) return sql_query("COMMIT"); else return true; @@ -39,7 +39,7 @@ function sql_transaction_commit() { function sql_transaction_rollback() { global $sql_nested_transaction_level; - if(--$sql_nested_transaction_level == 0) + if (-- $sql_nested_transaction_level == 0) return sql_query("ROLLBACK"); else return true; @@ -47,6 +47,7 @@ function sql_transaction_rollback() { /** * Logs an sql error. + * * @param string $message * @return false */ @@ -63,10 +64,15 @@ function sql_error($message) { /** * Connect to mysql server. - * @param string $host Host - * @param string $user Username - * @param string $pass Password - * @param string $db DB to select + * + * @param string $host + * Host + * @param string $user + * Username + * @param string $pass + * Password + * @param string $db + * DB to select * @return mysqli The connection handler */ function sql_connect($host, $user, $pass, $db) { @@ -89,18 +95,21 @@ function sql_connect($host, $user, $pass, $db) { /** * Change the selected db in current mysql-connection. - * @param $db_name + * + * @param + * $db_name * @return bool true on success, false on error */ function sql_select_db($db_name) { global $sql_connection; - if (!$sql_connection->select_db($db_name)) + if (! $sql_connection->select_db($db_name)) return sql_error("No database selected."); return true; } /** * MySQL SELECT query + * * @param string $query * @return Result array or false on error */ @@ -119,8 +128,9 @@ function sql_select($query) { /** * MySQL execute a query + * * @param string $query - * @return mysqli_result|boolean Result resource or false on error + * @return mysqli_result boolean resource or false on error */ function sql_query($query) { global $sql_connection; @@ -129,7 +139,7 @@ function sql_query($query) { if ($result) { return $result; } else - usr_error("MySQL-query error: " . $query . " (" . $sql_connection->errno . ") " . $sql_connection->error); + return sql_error("MySQL-query error: " . $query . " (" . $sql_connection->errno . ") " . $sql_connection->error); } /** @@ -165,12 +175,12 @@ function sql_num_query($query) { } function sql_select_single_col($query) { - $result = sql_select($query); - return array_map('array_shift', $result); + $result = sql_select($query); + return array_map('array_shift', $result); } function sql_select_single_cell($query) { - return array_shift(array_shift(sql_select($query))); + return array_shift(array_shift(sql_select($query))); } ?> diff --git a/includes/sys_auth.php b/includes/sys_auth.php index a2fd98d8..9718f0c0 100644 --- a/includes/sys_auth.php +++ b/includes/sys_auth.php @@ -1,110 +1,109 @@ <?php - // Testet ob ein User eingeloggt ist und lädt die entsprechenden Privilegien function load_auth() { - global $user, $privileges; - - $user = null; - if (isset ($_SESSION['uid'])) { - $user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_SESSION['uid']) . " LIMIT 1"); - if (count($user) > 0) { - // User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten - list ($user) = $user; - sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;"); - } else - unset ($_SESSION['uid']); - } - - $privileges = isset ($user) ? privileges_for_user($user['UID']) : privileges_for_group(-1); + global $user, $privileges; + + $user = null; + if (isset($_SESSION['uid'])) { + $user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_SESSION['uid']) . " LIMIT 1"); + if (count($user) > 0) { + // User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten + list ($user) = $user; + sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;"); + } else + unset($_SESSION['uid']); + } + + $privileges = isset($user) ? privileges_for_user($user['UID']) : privileges_for_group(- 1); } // generate a salt (random string) of arbitrary length suitable for the use with crypt() function generate_salt($length = 16) { - $alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - $salt = ""; - for ($i = 0; $i < $length; $i++) { - $salt .= $alphabet[rand(0, strlen($alphabet)-1)]; - } - return $salt; + $alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + $salt = ""; + for($i = 0; $i < $length; $i ++) { + $salt .= $alphabet[rand(0, strlen($alphabet) - 1)]; + } + return $salt; } // set the password of a user function set_password($uid, $password) { - return sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "' WHERE `UID` = " . intval($uid) . " LIMIT 1"); + return sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "' WHERE `UID` = " . intval($uid) . " LIMIT 1"); } // verify a password given a precomputed salt. // if $uid is given and $salt is an old-style salt (plain md5), we convert it automatically function verify_password($password, $salt, $uid = false) { - $correct = false; - if (substr($salt, 0, 1) == '$') // new-style crypt() - $correct = crypt($password, $salt) == $salt; - elseif (substr($salt, 0, 7) == '{crypt}') // old-style crypt() with DES and static salt - not used anymore - $correct = crypt($password, '77') == $salt; - elseif (strlen($salt) == 32) // old-style md5 without salt - not used anymore - $correct = md5($password) == $salt; - - if($correct && substr($salt, 0, strlen(CRYPT_ALG)) != CRYPT_ALG && $uid) { - // this password is stored in another format than we want it to be. - // let's update it! - // we duplicate the query from the above set_password() function to have the extra safety of checking the old hash - sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt() . '$')) . "' WHERE `UID` = " . intval($uid) . " AND `Passwort` = '" . sql_escape($salt) . "' LIMIT 1"); - } - return $correct; + $correct = false; + if (substr($salt, 0, 1) == '$') // new-style crypt() + $correct = crypt($password, $salt) == $salt; + elseif (substr($salt, 0, 7) == '{crypt}') // old-style crypt() with DES and static salt - not used anymore + $correct = crypt($password, '77') == $salt; + elseif (strlen($salt) == 32) // old-style md5 without salt - not used anymore + $correct = md5($password) == $salt; + + if ($correct && substr($salt, 0, strlen(CRYPT_ALG)) != CRYPT_ALG && $uid) { + // this password is stored in another format than we want it to be. + // let's update it! + // we duplicate the query from the above set_password() function to have the extra safety of checking the old hash + sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt() . '$')) . "' WHERE `UID` = " . intval($uid) . " AND `Passwort` = '" . sql_escape($salt) . "' LIMIT 1"); + } + return $correct; } // JSON Authorisierungs-Schnittstelle function json_auth_service() { - global $CurrentExternAuthPass; - - header("Content-Type: application/json"); - - $User = $_REQUEST['user']; - $Pass = $_REQUEST['pw']; - $SourceOuth = $_REQUEST['so']; - - if (isset ($CurrentExternAuthPass) && $SourceOuth == $CurrentExternAuthPass) { - $sql = "SELECT `UID`, `Passwort` FROM `User` WHERE `Nick`='" . sql_escape($User) . "'"; - $Erg = sql_select($sql); - - if (count($Erg) == 1) { - $Erg = $Erg[0]; - if (verify_password($Pass, $Erg["Passwort"], $Erg["UID"])) { - $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($UID) . ";"); - foreach ($user_privs as $user_priv) - $privileges[] = $user_priv['name']; - - $msg = array ( - 'status' => 'success', - 'rights' => $privileges - ); - echo json_encode($msg); - die(); - } - } - } - - echo json_encode(array ( - 'status' => 'failed', - 'error' => "JSON Service GET syntax: https://engelsystem.de/?auth&user=<user>&pw=<password>&so=<key>, POST is possible too" - )); - die(); + global $CurrentExternAuthPass; + + header("Content-Type: application/json"); + + $User = $_REQUEST['user']; + $Pass = $_REQUEST['pw']; + $SourceOuth = $_REQUEST['so']; + + if (isset($CurrentExternAuthPass) && $SourceOuth == $CurrentExternAuthPass) { + $sql = "SELECT `UID`, `Passwort` FROM `User` WHERE `Nick`='" . sql_escape($User) . "'"; + $Erg = sql_select($sql); + + if (count($Erg) == 1) { + $Erg = $Erg[0]; + if (verify_password($Pass, $Erg["Passwort"], $Erg["UID"])) { + $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($UID) . ";"); + foreach ($user_privs as $user_priv) + $privileges[] = $user_priv['name']; + + $msg = array ( + 'status' => 'success', + 'rights' => $privileges + ); + echo json_encode($msg); + die(); + } + } + } + + echo json_encode(array ( + 'status' => 'failed', + 'error' => "JSON Service GET syntax: https://engelsystem.de/?auth&user=<user>&pw=<password>&so=<key>, POST is possible too" + )); + die(); } function privileges_for_user($user_id) { - $privileges = array (); - $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($user_id) . ";"); - foreach ($user_privs as $user_priv) - $privileges[] = $user_priv['name']; - return $privileges; + $privileges = array (); + $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($user_id) . ";"); + foreach ($user_privs as $user_priv) + $privileges[] = $user_priv['name']; + return $privileges; } function privileges_for_group($group_id) { - $privileges = array (); - $groups_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group_id)); - foreach ($groups_privs as $guest_priv) - $privileges[] = $guest_priv['name']; - return $privileges; + $privileges = array (); + $groups_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group_id)); + foreach ($groups_privs as $guest_priv) + $privileges[] = $guest_priv['name']; + return $privileges; } ?> diff --git a/includes/sys_counter.php b/includes/sys_counter.php index abcb652b..40110165 100644 --- a/includes/sys_counter.php +++ b/includes/sys_counter.php @@ -1,10 +1,11 @@ <?php + function counter() { - global $p; + global $p; - if (sql_num_query("SELECT `Anz` FROM `Counter` WHERE `URL`='" . sql_escape($p) . "'") == 0) - sql_query("INSERT INTO `Counter` ( `URL` , `Anz` ) VALUES ('" . sql_escape($p) . "', '1');"); - else - sql_query("UPDATE `Counter` SET `Anz` = `Anz` + 1 WHERE `URL` = '" . sql_escape($p) . "' LIMIT 1 ;"); + if (sql_num_query("SELECT `Anz` FROM `Counter` WHERE `URL`='" . sql_escape($p) . "'") == 0) + sql_query("INSERT INTO `Counter` ( `URL` , `Anz` ) VALUES ('" . sql_escape($p) . "', '1');"); + else + sql_query("UPDATE `Counter` SET `Anz` = `Anz` + 1 WHERE `URL` = '" . sql_escape($p) . "' LIMIT 1 ;"); } ?> diff --git a/includes/sys_log.php b/includes/sys_log.php index 65c0aa41..60c765c0 100644 --- a/includes/sys_log.php +++ b/includes/sys_log.php @@ -1,13 +1,16 @@ <?php /** - * Write a log entry. This should be used to log user's activity. - * @param $message + * Write a log entry. + * This should be used to log user's activity. + * + * @param + * $message */ function engelsystem_log($message) { global $user; - if(isset($user)) { + if (isset($user)) { $nick = $user['Nick']; } else { $nick = "Guest"; @@ -16,4 +19,23 @@ function engelsystem_log($message) { LogEntry_create($nick, $message); } +/** + * Generates a PHP Stacktrace. + */ +function debug_string_backtrace() { + ob_start(); + debug_print_backtrace(); + $trace = ob_get_contents(); + ob_end_clean(); + + // Remove first item from backtrace as it's this function which + // is redundant. + $trace = preg_replace('/^#0\s+' . __FUNCTION__ . "[^\n]*\n/", '', $trace, 1); + + // Renumber backtrace items. + $trace = preg_replace('/^#(\d+)/me', '\'#\' . ($1 - 1)', $trace); + + return $trace; +} + ?>
\ No newline at end of file diff --git a/includes/sys_menu.php b/includes/sys_menu.php index 5c69be39..f2611397 100644 --- a/includes/sys_menu.php +++ b/includes/sys_menu.php @@ -1,89 +1,109 @@ <?php + function page_link_to($page) { - return '?p=' . $page; + return '?p=' . $page; } function page_link_to_absolute($page) { - return (isset ($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . preg_replace("/\?.*$/", '', $_SERVER['REQUEST_URI']) . page_link_to($page); + return (isset($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . preg_replace("/\?.*$/", '', $_SERVER['REQUEST_URI']) . page_link_to($page); +} + +/** + * Renders the header toolbar containing search, login/logout, user and settings links. + */ +function header_toolbar() { + global $p, $privileges, $user; + + $toolbar_items = array(); + + if(in_array('register', $privileges)) + $toolbar_items[] = toolbar_item_link(page_link_to('register'), 'register', "Register", $p == 'register'); + + if(in_array('user_myshifts', $privileges)) + $toolbar_items[] = toolbar_item_link(page_link_to('user_myshifts'), 'engel', $user['Nick'], $p == 'user_myshifts'); + + if(in_array('user_settings', $privileges)) + $toolbar_items[] = toolbar_item_link(page_link_to('user_settings'), 'settings', "Settings", $p == 'user_settings'); + + if(in_array('login', $privileges)) + $toolbar_items[] = toolbar_item_link(page_link_to('login'), 'login', "Login", $p == 'login'); + + if(in_array('logout', $privileges)) + $toolbar_items[] = toolbar_item_link(page_link_to('logout'), 'logout', "Logout", $p == 'logout'); + + return toolbar($toolbar_items); } function make_navigation() { - global $p; - global $privileges; - $menu_items = $privileges; - $menu_items[] = "faq"; - $menu = ""; - - // Standard Navigation - $menu .= make_navigation_for(Get_Text('/'), array ( - "login", - "logout", - "register", - "faq" - )); - - // Engel Navigation - $menu .= make_navigation_for(Get_Text('inc_schicht_engel'), array ( - "news", - "user_meetings", - "user_myshifts", - "user_shifts", - "user_messages", - "user_questions", - "user_wakeup", - "user_settings" - )); - - // Admin Navigation - $menu .= make_navigation_for(Get_Text('admin/'), array ( - "admin_arrive", - "admin_active", - "admin_user", - "admin_free", - "admin_usershifts", - "admin_questions", - "admin_angel_types", - "admin_user_angeltypes", - "admin_shifts", - "admin_rooms", - "admin_groups", - "admin_faq", - "admin_language", - "admin_import", - "admin_log" - )); - return $menu; + global $p; + global $privileges; + $menu = ""; + + $specials = array( + "faq" + ); + + $pages = array( + "news", + "user_meetings", + "user_myshifts", + "user_shifts", + "user_messages", + "user_questions", + "user_wakeup", + "admin_arrive", + "admin_active", + "admin_user", + "admin_free", + "admin_usershifts", + "admin_questions", + "admin_angel_types", + "admin_user_angeltypes", + "admin_shifts", + "admin_rooms", + "admin_groups", + "admin_faq", + "admin_language", + "admin_import", + "admin_log" + ); + + foreach ($pages as $page) + if (in_array($page, $privileges) || in_array($page, $specials)) + $menu .= '<li' . ($page == $p ? ' class="selected"' : '') . '><a href="' . page_link_to($page) . '">' . Get_Text($page) . '</a></li>'; + + return '<nav><ul>' . $menu . '</ul></nav>'; } function make_navigation_for($name, $pages) { - global $privileges, $p; + global $privileges, $p; - $specials = array ( - "faq" - ); + $specials = array( + "faq" + ); - $menu = ""; - foreach ($pages as $page) - if (in_array($page, $privileges) || in_array($page, $specials)) - $menu .= '<li' . ($page == $p ? ' class="selected"' : '') . '><a href="' . page_link_to($page) . '">' . Get_Text($page) . '</a></li>'; + $menu = ""; + foreach ($pages as $page) + if (in_array($page, $privileges) || in_array($page, $specials)) + $menu .= '<li' . ($page == $p ? ' class="selected"' : '') . '><a href="' . page_link_to($page) . '">' . Get_Text($page) . '</a></li>'; - if ($menu != "") - $menu = '<nav class="container"><h4>' . $name . '</h4><ul class="content">' . $menu . '</ul></nav>'; - return $menu; + if ($menu != "") + $menu = '<nav class="container"><h4>' . $name . '</h4><ul class="content">' . $menu . '</ul></nav>'; + return $menu; } function make_menu() { - return make_navigation() . make_langselect(); + return make_navigation() . make_langselect(); } function make_langselect() { - if (strpos($_SERVER["REQUEST_URI"], "?") > 0) - $URL = $_SERVER["REQUEST_URI"] . "&SetLanguage="; - else - $URL = $_SERVER["REQUEST_URI"] . "?SetLanguage="; - - $html = '<p class="content"><a class="sprache" href="' . htmlspecialchars($URL) . 'DE"><img src="pic/flag/de.png" alt="DE" title="Deutsch"></a>'; - $html .= '<a class="sprache" href="' . htmlspecialchars($URL) . 'EN"><img src="pic/flag/en.png" alt="EN" title="English"></a></p>'; - return '<nav class="container"><h4>' . Get_Text("Sprache") . '</h4>' . $html . '</nav>'; + if (strpos($_SERVER["REQUEST_URI"], "?") > 0) + $URL = $_SERVER["REQUEST_URI"] . "&SetLanguage="; + else + $URL = $_SERVER["REQUEST_URI"] . "?SetLanguage="; + + $html = '<p class="content"><a class="sprache" href="' . htmlspecialchars($URL) . 'DE"><img src="pic/flag/de.png" alt="DE" title="Deutsch"></a>'; + $html .= '<a class="sprache" href="' . htmlspecialchars($URL) . 'EN"><img src="pic/flag/en.png" alt="EN" title="English"></a></p>'; + return '<nav class="container"><h4>' . Get_Text("Sprache") . '</h4>' . $html . '</nav>'; } ?> diff --git a/includes/sys_page.php b/includes/sys_page.php index a49e76cb..f9ee0ea6 100644 --- a/includes/sys_page.php +++ b/includes/sys_page.php @@ -1,49 +1,49 @@ <?php - /** * Leitet den Browser an die übergebene URL weiter und hält das Script an. */ function redirect($to) { - header("Location: " . $to, true, 302); - die(); + header("Location: " . $to, true, 302); + die(); } /** * Gibt den gefilterten REQUEST Wert ohne Zeilenumbrüche zurück */ function strip_request_item($name) { - return strip_item($_REQUEST[$name]); + return strip_item($_REQUEST[$name]); } /** - * Testet, ob der angegebene REQUEST Wert ein Integer ist, bzw. eine ID sein könnte. + * Testet, ob der angegebene REQUEST Wert ein Integer ist, bzw. + * eine ID sein könnte. */ function test_request_int($name) { - if (isset ($_REQUEST[$name])) - return preg_match("/^[0-9]*$/", $_REQUEST[$name]); - return false; + if (isset($_REQUEST[$name])) + return preg_match("/^[0-9]*$/", $_REQUEST[$name]); + return false; } /** * Gibt den gefilterten REQUEST Wert mit Zeilenumbrüchen zurück */ function strip_request_item_nl($name) { - return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+\n]{1,})/ui", '', strip_tags($_REQUEST[$name])); + return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+\n]{1,})/ui", '', strip_tags($_REQUEST[$name])); } /** * Entfernt unerwünschte Zeichen */ function strip_item($item) { - return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+]{1,})/ui", '', strip_tags($item)); + return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+]{1,})/ui", '', strip_tags($item)); } /** * Überprüft eine E-Mail-Adresse. */ function check_email($email) { - return (bool) preg_match("#^([a-zA-Z0-9_+\-])+(\.([a-zA-Z0-9_+\-])+)*@((\[(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5]))\]))|((([\p{L}0-9])+(([\-])+([\p{L}0-9])+)*\.)+([\p{L}])+(([\-])+([\p{L}0-9])+)*))$#u", $email); + return (bool) preg_match("#^([a-zA-Z0-9_+\-])+(\.([a-zA-Z0-9_+\-])+)*@((\[(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5]))\]))|((([\p{L}0-9])+(([\-])+([\p{L}0-9])+)*\.)+([\p{L}])+(([\-])+([\p{L}0-9])+)*))$#u", $email); } ?> diff --git a/includes/sys_template.php b/includes/sys_template.php index e15af7f8..a7662e84 100644 --- a/includes/sys_template.php +++ b/includes/sys_template.php @@ -1,29 +1,46 @@ <?php - /** * Liste der verfügbaren Themes */ -$themes = array ( - "1" => "Standard-Style", - "2" => "ot/Gelber Style", - "3" => "Club-Mate Style", - "5" => "Debian Style", - "6" => "c-base Style", - "7" => "Blau/Gelber Style", - "8" => "Pastel Style", - "4" => "Test Style", - "9" => "Test Style 21c3", - "10" => "Engelsystem 2.0", - "11" => "msquare (29c3)" +$themes = array( + "1" => "30C3 light", + "2" => "30C3 dark" ); /** + * Render a toolbar. + * + * @param array $items + * @return string + */ +function toolbar($items = array()) { + return '<div class="toolbar">' . join("\n", $items) . '</div>'; +} + +/** + * Render a link for a toolbar. + * @param string $href + * @param string $class + * @param string $label + * @param bool $selected + * @return string + */ +function toolbar_item_link($href, $class, $label, $selected = false) { + return '<a href="' . $href . '" class="' . ($selected ? 'selected ' : '') . '' . $class . '">' . $label . '</a>'; +} + +/** * Rendert eine Liste von Checkboxen für ein Formular - * @param name Die Namen der Checkboxen werden aus name_key gebildet - * @param label Die Beschriftung der Liste - * @param items Array mit den einzelnen Checkboxen - * @param selected Array mit den Keys, die ausgewählt sind + * + * @param + * name Die Namen der Checkboxen werden aus name_key gebildet + * @param + * label Die Beschriftung der Liste + * @param + * items Array mit den einzelnen Checkboxen + * @param + * selected Array mit den Keys, die ausgewählt sind */ function form_checkboxes($name, $label, $items, $selected) { $html = "<ul>"; @@ -38,11 +55,17 @@ function form_checkboxes($name, $label, $items, $selected) { /** * Rendert eine Tabelle von Checkboxen für ein Formular - * @param names Assoziatives Array mit Namen der Checkboxen als Keys und Überschriften als Values - * @param label Die Beschriftung der gesamten Tabelle - * @param items Array mit den Beschriftungen der Zeilen - * @param selected Mehrdimensionales Array, wobei $selected[foo] ein Array der in der Datenreihe foo markierten Checkboxen ist - * @param disabled Wie selected, nur dass die entsprechenden Checkboxen deaktiviert statt markiert sind + * + * @param + * names Assoziatives Array mit Namen der Checkboxen als Keys und Überschriften als Values + * @param + * label Die Beschriftung der gesamten Tabelle + * @param + * items Array mit den Beschriftungen der Zeilen + * @param + * selected Mehrdimensionales Array, wobei $selected[foo] ein Array der in der Datenreihe foo markierten Checkboxen ist + * @param + * disabled Wie selected, nur dass die entsprechenden Checkboxen deaktiviert statt markiert sind */ function form_multi_checkboxes($names, $label, $items, $selected, $disabled = array()) { $html = "<table><thead><tr>"; @@ -54,7 +77,7 @@ function form_multi_checkboxes($names, $label, $items, $selected, $disabled = ar foreach ($names as $name => $title) { $id = $name . '_' . $key; $sel = array_search($key, $selected[$name]) !== false ? ' checked="checked"' : ""; - if (!empty($disabled) && !empty($disabled[$name]) && array_search($key, $disabled[$name]) !== false) + if (! empty($disabled) && ! empty($disabled[$name]) && array_search($key, $disabled[$name]) !== false) $sel .= ' disabled="disabled"'; $html .= '<td style="text-align: center;"><input type="checkbox" id="' . $id . '" name="' . $name . '[]" value="' . $key . '"' . $sel . ' /></td>'; } @@ -131,7 +154,8 @@ function form($elements, $action = "") { } /** - * Generiert HTML Code für eine "Seite". Fügt dazu die übergebenen Elemente zusammen. + * Generiert HTML Code für eine "Seite". + * Fügt dazu die übergebenen Elemente zusammen. */ function page($elements) { return join($elements); @@ -153,10 +177,10 @@ function table($columns, $rows, $data = true) { foreach ($rows as $row) { $html .= '<tr>'; foreach ($columns as $key => $column) - if (isset ($row[$key])) - $html .= '<td class="' . $key . '">' . $row[$key] . '</td>'; - else - $html .= '<td class="' . $key . '"> </td>'; + if (isset($row[$key])) + $html .= '<td class="' . $key . '">' . $row[$key] . '</td>'; + else + $html .= '<td class="' . $key . '"> </td>'; $html .= '</tr>'; } $html .= '</tbody>'; @@ -184,8 +208,8 @@ function template_render($file, $data) { $template = file_get_contents($file); if (is_array($data)) foreach ($data as $name => $content) { - $template = str_replace("%" . $name . "%", $content, $template); - } + $template = str_replace("%" . $name . "%", $content, $template); + } return $template; } else { die('Cannot find template file «' . $file . '».'); @@ -235,11 +259,10 @@ function html_select_key($id, $name, $rows, $selected) { } function img_button($link, $icon, $text, $extra_text = '') { - $translation = empty($text)? '' : Get_Text($text); - return '<a href="' . htmlspecialchars($link) . '"><img src="pic/icons/' . htmlspecialchars($icon) . '.png" alt="' . $translation . '" ' . (empty($translation)? '' : 'title="' . $translation . '"') . '>' . (empty($extra_text)? '' : ' ' . $extra_text) . '</a>'; + $translation = empty($text) ? '' : Get_Text($text); + return '<a href="' . htmlspecialchars($link) . '"><img src="pic/icons/' . htmlspecialchars($icon) . '.png" alt="' . $translation . '" ' . (empty($translation) ? '' : 'title="' . $translation . '"') . '>' . (empty($extra_text) ? '' : ' ' . $extra_text) . '</a>'; } - function ReplaceSmilies($neueckig) { $neueckig = str_replace(";o))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig); $neueckig = str_replace(":-))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig); |