diff options
Diffstat (limited to 'includes')
46 files changed, 1098 insertions, 1115 deletions
diff --git a/includes/controller/api.php b/includes/controller/api.php deleted file mode 100644 index 9ecd3a2f..00000000 --- a/includes/controller/api.php +++ /dev/null @@ -1,355 +0,0 @@ -<?php - -/************************************************************************************************ - * API Documentation - ************************************************************************************************ - -General: --------- -All API calls output JSON-encoded data. Client parameters should be passed encoded using JSON in HTTP POST data. -Every API Request must be contained the Api Key (using JSON parameter 'key') and the Command (using JSON parameter 'cmd'). - - -Testing API calls (using curl): -------------------------------- -$ curl -d '{"cmd":"getVersion"}' '<Address>/?p=api' -$ curl -d '{"cmd":"getApiKey","user":"admin","pw":"admin"}' '<Address>/?p=api' -$ curl -d '{"key":"<key>","cmd":"getRoom"}' '<Address>/?p=api' -$ curl -d '{"key":"<key>","cmd":"sendmessage","uid":"23","text":"test message"}' '<Address>/?p=api' - -Methods without key: --------------------- -getVersion - Description: - Returns API version. - Parameters: - nothing - Return Example: - {"status":"success","version": "1"} - -getApiKey - Description: - Returns API Key version. - Parameters: - user (string) - pw (string) - Return Example: - {"status":"success","Key":"1234567890123456789012"} - -Methods with Key: ------------------ -getRoom - Description: - Returns a list of all Rooms (no id set) or details of a single Room (requested id) - Parameters: - id (integer) - Room ID - Return Example: - [{"RID":"1"},{"RID":"23"},{"RID":"42"}] - {"RID":"1","Name":"Room Name","Man":null,"FromPentabarf":"","show":"Y","Number":"0"} - -getAngelType - Description: - Returns a list of all Angel Types (no id set) or details of a single Angel Type (requested id) - Parameters: - id (integer) - Type ID - Return Example: - [{"id":"8"},{"id":"9"}] - {"id":"9","name":"Angeltypes 2","restricted":"0"} - -getUser - Description: - Returns a list of all Users (no id set) or details of a single User (requested id) - Parameters: - id (integer) - User ID - Return Example: - [{"UID":"1"},{"UID":"23"},{"UID":"42"}] - {"UID":"1","Nick":"admin","Name":"Gates","Vorname":"Bill","Telefon":"","DECT":"","Handy":"","email":"","jabber":"","Avatar":"115"} - -getShift - Description: - Returns a list of all Shifte (no id set, filter is optional) or details of a single Shift (requested id) - Parameters: - id (integer) - Shift ID - filterRoom (Array of integer) - Array of Room IDs (optional, for list request) - filterTask (Array of integer) - Array if Task (optional, for list request) - filterOccupancy (integer) - Occupancy state: (optional, for list request) - 1 occupied - 2 free - 3 occupied and free - Return Example: - [{"SID":"1"},{"SID":"2"},{"SID":"3"}] - {"SID":"10","start":"1388264400","end":"1388271600","RID":"1","name":"Shift 1","URL":null,"PSID":null,\ - "ShiftEntry":[{"TID":"8","UID":"4","freeloaded":"0"}], - "NeedAngels":[{"TID":"8","count":"1","restricted":"0","taken":1},{"TID":"9","count":"2","restricted":"0","taken":0}]} - -getMessage - Description: - Returns a list of all Messages (no id set) or details of a single Message (requested id) - Parameters: - id (integer) - Message ID - Return Example: - [{"id":"1"},{"id":"2"},{"id":"3"}] - {"id":"3","Datum":"1388247583","SUID":"23","RUID":"42","isRead":"N","Text":"message text"} - -sendMessage - Description: - send a Message to an other angel - Parameters: - uid (integer) - User ID of the reciever - text (string) - Message Text - Return Example: - {"status":"success"} - -************************************************************************************************/ - -/** - * General API Controller - */ -function api_controller() { - global $user, $DataJson; - - header("Content-Type: application/json; charset=utf-8"); - - // decode JSON request - $input = file_get_contents("php://input"); - $input = json_decode($input, true); - $_REQUEST = $input; - - // get command - $cmd = ''; - if (isset($_REQUEST['cmd'])) - $cmd = strtolower($_REQUEST['cmd']); - - // decode commands, without key - switch ($cmd) { - case 'getversion': - getVersion(); - die(json_encode($DataJson)); - break; - case 'getapikey': - getApiKey(); - die(json_encode($DataJson)); - break; - } - - // get API KEY - if (isset($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}$/", $_REQUEST['key'])) - $key = $_REQUEST['key']; - else - die(json_encode(array( - 'status' => 'failed', - 'error' => 'Missing parameter "key".' - ))); - - // check API key - $user = User_by_api_key($key); - if ($user === false) - die(json_encode(array( - 'status' => 'failed', - 'error' => 'Unable to find user' - ))); - if ($user == null) - die(json_encode(array( - 'status' => 'failed', - 'error' => 'Key invalid.' - ))); - - // decode command - switch ($cmd) { - case 'getroom': - getRoom(); - break; - case 'getangeltype': - getAngelType(); - break; - case 'getuser': - // TODO Dataleak! Only coordinators are allowed to see so much user informations. - //getUser(); - break; - case 'getshift': - getShift(); - break; - case 'getmessage': - // TODO Dataleak! - //getMessage(); - break; - case 'sendmessage': - sendMessage(); - break; - default: - $DataJson = array( - 'status' => 'failed', - 'error' => 'Unknown Command "' . $cmd . '"' - ); - } - - // check - if ($DataJson === false) { - $DataJson = array( - 'status' => 'failed', - 'error' => 'DataJson === false' - ); - } elseif ($DataJson == null) { - $DataJson = array( - 'status' => 'failed', - 'error' => 'DataJson == null' - ); - } - - echo json_encode($DataJson); - die(); -} - -/** - * Get Version of API - */ -function getVersion() { - global $DataJson; - - $DataJson = array( - 'status' => 'success', - 'Version' => 1 - ); -} - -/** - * Get API Key - */ -function getApiKey() { - global $DataJson; - - if (! isset($_REQUEST['user'])) { - $DataJson = array( - 'status' => 'failed', - 'error' => 'Missing parameter "user".' - ); - } elseif (! isset($_REQUEST['pw'])) { - $DataJson = array( - 'status' => 'failed', - 'error' => 'Missing parameter "pw".' - ); - } else { - $Erg = sql_select("SELECT `UID`, `Passwort`, `api_key` FROM `User` WHERE `Nick`='" . sql_escape($_REQUEST['user']) . "'"); - - if (count($Erg) == 1) { - $Erg = $Erg[0]; - if (verify_password($_REQUEST['pw'], $Erg["Passwort"], $Erg["UID"])) { - $key = $Erg["api_key"]; - $DataJson = array( - 'status' => 'success', - 'Key' => $key - ); - } else { - $DataJson = array( - 'status' => 'failed', - 'error' => 'PW wrong' - ); - } - } else { - $DataJson = array( - 'status' => 'failed', - 'error' => 'User not found.' - ); - } - } - - sleep(1); -} - -/** - * Get Room - */ -function getRoom() { - global $DataJson; - - if (isset($_REQUEST['id'])) { - $DataJson = Room($_REQUEST['id']); - } else { - $DataJson = Room_ids(); - } -} - -/** - * Get AngelType - */ -function getAngelType() { - global $DataJson; - - if (isset($_REQUEST['id'])) { - $DataJson = AngelType($_REQUEST['id']); - } else { - $DataJson = AngelType_ids(); - } -} - -/** - * Get User - */ -function getUser() { - global $DataJson; - - if (isset($_REQUEST['id'])) { - $DataJson = mUser_Limit($_REQUEST['id']); - } else { - $DataJson = User_ids(); - } -} - -/** - * Get Shift - */ -function getShift() { - global $DataJson; - - if (isset($_REQUEST['id'])) { - $DataJson = Shift($_REQUEST['id']); - } else { - $DataJson = Shifts_filtered(); - } -} - -/** - * @TODO: Why are ALL messages of ALL users returned? Data leak. It is not checked if this is my message! - * Get Message - */ -function getMessage() { - global $DataJson; - - if (isset($_REQUEST['id'])) { - $DataJson = Message($_REQUEST['id']); - } else { - $DataJson = Message_ids(); - } -} - -/** - * Send Message - */ -function sendMessage() { - global $DataJson; - - if (! isset($_REQUEST['uid'])) { - $DataJson = array( - 'status' => 'failed', - 'error' => 'Missing parameter "uid".' - ); - } elseif (! isset($_REQUEST['text'])) { - $DataJson = array( - 'status' => 'failed', - 'error' => 'Missing parameter "text".' - ); - } else { - if (Message_send($_REQUEST['uid'], $_REQUEST['text']) === true) { - $DataJson = array( - 'status' => 'success' - ); - } else { - $DataJson = array( - 'status' => 'failed', - 'error' => 'Transmitting was terminated with an Error.' - ); - } - } -} - -?> diff --git a/includes/controller/shifts_controller.php b/includes/controller/shifts_controller.php index 90753217..9982388e 100644 --- a/includes/controller/shifts_controller.php +++ b/includes/controller/shifts_controller.php @@ -145,7 +145,7 @@ function shifts_json_export_controller() { INNER JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) INNER JOIN `ShiftTypes` ON (`Shifts`.`shifttype_id`=`ShiftTypes`.`id`) INNER JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) - WHERE `UID`=" . sql_escape($user['UID']) . " + WHERE `UID`='" . sql_escape($user['UID']) . "' ORDER BY `start`"); } diff --git a/includes/controller/user_angeltypes_controller.php b/includes/controller/user_angeltypes_controller.php index 66abc589..f76f10ae 100644 --- a/includes/controller/user_angeltypes_controller.php +++ b/includes/controller/user_angeltypes_controller.php @@ -14,7 +14,7 @@ function user_angeltypes_unconfirmed_hint() { $unconfirmed_links = []; foreach ($unconfirmed_user_angeltypes as $user_angeltype) - $unconfirmed_links[] = '<a href="' . page_link_to('angeltypes') . '&action=view&angeltype_id=' . $user_angeltype['angeltype_id'] . '">' . $user_angeltype['name'] . '</a>'; + $unconfirmed_links[] = '<a href="' . page_link_to('angeltypes') . '&action=view&angeltype_id=' . $user_angeltype['angeltype_id'] . '">' . $user_angeltype['name'] . ' (+' . $user_angeltype['count'] . ')' . '</a>'; return info(sprintf(ngettext("There is %d unconfirmed angeltype.", "There are %d unconfirmed angeltypes.", count($unconfirmed_user_angeltypes)), count($unconfirmed_user_angeltypes)) . " " . _('Angel types which need approvals:') . ' ' . join(', ', $unconfirmed_links), true); } diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php index 3a23835c..067fc4aa 100644 --- a/includes/controller/users_controller.php +++ b/includes/controller/users_controller.php @@ -22,10 +22,20 @@ function users_controller() { return user_edit_controller(); case 'delete': return user_delete_controller(); + case 'edit_vouchers': + return user_edit_vouchers_controller(); } } -function user_controller() { +function users_link() { + return page_link_to('users'); +} + +function user_link($user) { + return page_link_to('users') . '&action=view&user_id=' . $user['UID']; +} + +function user_edit_vouchers_controller() { global $privileges, $user; if (isset($_REQUEST['user_id'])) { @@ -33,19 +43,58 @@ function user_controller() { } else $user_source = $user; - $admin_user_privilege = in_array('admin_user', $privileges); + if (! in_array('admin_user', $privileges)) + redirect(page_link_to('')); + + if (isset($_REQUEST['submit'])) { + $ok = true; + + if (isset($_REQUEST['vouchers']) && test_request_int('vouchers') && trim($_REQUEST['vouchers']) >= 0) + $vouchers = trim($_REQUEST['vouchers']); + else { + $ok = false; + error(_("Please enter a valid number of vouchers.")); + } + + if ($ok) { + $user_source['got_voucher'] = $vouchers; + + $result = User_update($user_source); + if ($result === false) + engelsystem_error('Unable to update user.'); + + success(_("Saved the number of vouchers.")); + engelsystem_log(User_Nick_render($user_source) . ': ' . sprintf("Got %s vouchers", $user_source['got_voucher'])); + + redirect(user_link($user_source)); + } + } + + return array( + sprintf(_("%s's vouchers"), $user_source['Nick']), + User_edit_vouchers_view($user_source) + ); +} + +function user_controller() { + global $privileges, $user; + + if (isset($_REQUEST['user_id'])) { + $user_source = User($_REQUEST['user_id']); + } else + $user_source = $user; $shifts = Shifts_by_user($user_source); foreach ($shifts as &$shift) { // TODO: Move queries to model - $shift['needed_angeltypes'] = sql_select("SELECT DISTINCT `AngelTypes`.* FROM `ShiftEntry` JOIN `AngelTypes` ON `ShiftEntry`.`TID`=`AngelTypes`.`id` WHERE `ShiftEntry`.`SID`=" . sql_escape($shift['SID']) . " ORDER BY `AngelTypes`.`name`"); + $shift['needed_angeltypes'] = sql_select("SELECT DISTINCT `AngelTypes`.* FROM `ShiftEntry` JOIN `AngelTypes` ON `ShiftEntry`.`TID`=`AngelTypes`.`id` WHERE `ShiftEntry`.`SID`='" . sql_escape($shift['SID']) . "' ORDER BY `AngelTypes`.`name`"); foreach ($shift['needed_angeltypes'] as &$needed_angeltype) { $needed_angeltype['users'] = sql_select(" SELECT `ShiftEntry`.`freeloaded`, `User`.* FROM `ShiftEntry` JOIN `User` ON `ShiftEntry`.`UID`=`User`.`UID` - WHERE `ShiftEntry`.`SID`=" . sql_escape($shift['SID']) . " - AND `ShiftEntry`.`TID`=" . sql_escape($needed_angeltype['id'])); + WHERE `ShiftEntry`.`SID`='" . sql_escape($shift['SID']) . "' + AND `ShiftEntry`.`TID`='" . sql_escape($needed_angeltype['id']) . "'"); } } @@ -54,7 +103,7 @@ function user_controller() { return array( $user_source['Nick'], - User_view($user_source, $admin_user_privilege, User_is_freeloader($user_source), User_angeltypes($user_source), User_groups($user_source), $shifts, $user['UID'] == $user_source['UID']) + User_view($user_source, in_array('admin_user', $privileges), User_is_freeloader($user_source), User_angeltypes($user_source), User_groups($user_source), $shifts, $user['UID'] == $user_source['UID']) ); } @@ -80,7 +129,7 @@ function users_list_controller() { return array( _('All users'), - Users_view($users, $order_by, User_arrived_count(), User_active_count(), User_force_active_count(), ShiftEntries_freeleaded_count(), User_tshirts_count()) + Users_view($users, $order_by, User_arrived_count(), User_active_count(), User_force_active_count(), ShiftEntries_freeleaded_count(), User_tshirts_count(), User_got_voucher_count()) ); } diff --git a/includes/engelsystem_provider.php b/includes/engelsystem_provider.php new file mode 100644 index 00000000..057d5513 --- /dev/null +++ b/includes/engelsystem_provider.php @@ -0,0 +1,89 @@ +<?php +/** + * This file includes all needed functions, connects to the db etc. + */ +require_once realpath(__DIR__ . '/../includes/mysqli_provider.php'); + +require_once realpath(__DIR__ . '/../includes/sys_auth.php'); +require_once realpath(__DIR__ . '/../includes/sys_log.php'); +require_once realpath(__DIR__ . '/../includes/sys_menu.php'); +require_once realpath(__DIR__ . '/../includes/sys_page.php'); +require_once realpath(__DIR__ . '/../includes/sys_template.php'); + +require_once realpath(__DIR__ . '/../includes/model/AngelType_model.php'); +require_once realpath(__DIR__ . '/../includes/model/LogEntries_model.php'); +require_once realpath(__DIR__ . '/../includes/model/Message_model.php'); +require_once realpath(__DIR__ . '/../includes/model/NeededAngelTypes_model.php'); +require_once realpath(__DIR__ . '/../includes/model/Room_model.php'); +require_once realpath(__DIR__ . '/../includes/model/ShiftEntry_model.php'); +require_once realpath(__DIR__ . '/../includes/model/Shifts_model.php'); +require_once realpath(__DIR__ . '/../includes/model/ShiftTypes_model.php'); +require_once realpath(__DIR__ . '/../includes/model/UserAngelTypes_model.php'); +require_once realpath(__DIR__ . '/../includes/model/UserGroups_model.php'); +require_once realpath(__DIR__ . '/../includes/model/User_model.php'); + +require_once realpath(__DIR__ . '/../includes/view/AngelTypes_view.php'); +require_once realpath(__DIR__ . '/../includes/view/Questions_view.php'); +require_once realpath(__DIR__ . '/../includes/view/Rooms_view.php'); +require_once realpath(__DIR__ . '/../includes/view/Shifts_view.php'); +require_once realpath(__DIR__ . '/../includes/view/ShiftEntry_view.php'); +require_once realpath(__DIR__ . '/../includes/view/ShiftTypes_view.php'); +require_once realpath(__DIR__ . '/../includes/view/UserAngelTypes_view.php'); +require_once realpath(__DIR__ . '/../includes/view/User_view.php'); + +require_once realpath(__DIR__ . '/../includes/controller/angeltypes_controller.php'); +require_once realpath(__DIR__ . '/../includes/controller/rooms_controller.php'); +require_once realpath(__DIR__ . '/../includes/controller/shifts_controller.php'); +require_once realpath(__DIR__ . '/../includes/controller/shifttypes_controller.php'); +require_once realpath(__DIR__ . '/../includes/controller/users_controller.php'); +require_once realpath(__DIR__ . '/../includes/controller/user_angeltypes_controller.php'); + +require_once realpath(__DIR__ . '/../includes/helper/internationalization_helper.php'); +require_once realpath(__DIR__ . '/../includes/helper/message_helper.php'); +require_once realpath(__DIR__ . '/../includes/helper/error_helper.php'); +require_once realpath(__DIR__ . '/../includes/helper/email_helper.php'); +require_once realpath(__DIR__ . '/../includes/helper/session_helper.php'); + +require_once realpath(__DIR__ . '/../includes/mailer/shifts_mailer.php'); + +require_once realpath(__DIR__ . '/../config/config.default.php'); +if (file_exists(realpath(__DIR__ . '/../config/config.php'))) + require_once realpath(__DIR__ . '/../config/config.php'); + +if ($maintenance_mode) { + echo file_get_contents(__DIR__ . '/../public/maintenance.html'); + die(); +} + +require_once realpath(__DIR__ . '/../includes/pages/admin_active.php'); +require_once realpath(__DIR__ . '/../includes/pages/admin_arrive.php'); +require_once realpath(__DIR__ . '/../includes/pages/admin_free.php'); +require_once realpath(__DIR__ . '/../includes/pages/admin_groups.php'); +require_once realpath(__DIR__ . '/../includes/pages/admin_import.php'); +require_once realpath(__DIR__ . '/../includes/pages/admin_log.php'); +require_once realpath(__DIR__ . '/../includes/pages/admin_questions.php'); +require_once realpath(__DIR__ . '/../includes/pages/admin_rooms.php'); +require_once realpath(__DIR__ . '/../includes/pages/admin_shifts.php'); +require_once realpath(__DIR__ . '/../includes/pages/admin_user.php'); +require_once realpath(__DIR__ . '/../includes/pages/guest_login.php'); +require_once realpath(__DIR__ . '/../includes/pages/user_messages.php'); +require_once realpath(__DIR__ . '/../includes/pages/user_myshifts.php'); +require_once realpath(__DIR__ . '/../includes/pages/user_news.php'); +require_once realpath(__DIR__ . '/../includes/pages/user_questions.php'); +require_once realpath(__DIR__ . '/../includes/pages/user_settings.php'); +require_once realpath(__DIR__ . '/../includes/pages/user_shifts.php'); + +require_once realpath(__DIR__ . '/../vendor/parsedown/Parsedown.php'); + +if (! defined('PHPUNIT_TESTSUITE')) { + session_lifetime(24 * 60, preg_replace("/[^a-z0-9-]/", '', md5(__DIR__))); +} +session_start(); + +gettext_init(); + +sql_connect($config['host'], $config['user'], $config['pw'], $config['db']); + +load_auth(); + +?>
\ No newline at end of file diff --git a/includes/helper/internationalization_helper.php b/includes/helper/internationalization_helper.php index 836bbc6a..a8fdd0f0 100644 --- a/includes/helper/internationalization_helper.php +++ b/includes/helper/internationalization_helper.php @@ -7,6 +7,20 @@ $locales = array( $default_locale = 'en_US.UTF-8'; /** + * Return currently active locale + */ +function locale() { + return $_SESSION['locale']; +} + +/** + * Returns two letter language code from currently active locale + */ +function locale_short() { + return substr(locale(), 0, 2); +} + +/** * Initializes gettext for internationalization and updates the sessions locale to use for translation. */ function gettext_init() { diff --git a/includes/helper/session_helper.php b/includes/helper/session_helper.php index 4063ff69..443701ee 100644 --- a/includes/helper/session_helper.php +++ b/includes/helper/session_helper.php @@ -9,7 +9,7 @@ */ function session_lifetime($lifetime, $application_name) { // Set session save path and name - $session_save_path = rtrim(session_save_path(), '/') . '/' . $application_name; + $session_save_path = '/tmp/' . $application_name; if (! file_exists($session_save_path)) mkdir($session_save_path); if (file_exists($session_save_path)) @@ -22,7 +22,7 @@ function session_lifetime($lifetime, $application_name) { ini_set('session.gc_divisor', 100); // Cookie settings (lifetime) - ini_set('session.cookie_secure', ! (preg_match("/^localhost/", $_SERVER["HTTP_HOST"]) || isset($_GET['debug']))); + ini_set('session.cookie_secure', ! (isset($_SERVER['HTTP_HOST']) && preg_match("/^localhost/", $_SERVER["HTTP_HOST"]) || isset($_GET['debug']))); ini_set('session.use_only_cookies', true); ini_set('session.cookie_lifetime', $lifetime * 60); } diff --git a/includes/model/AngelType_model.php b/includes/model/AngelType_model.php index d0119e6f..5e7f4fb6 100644 --- a/includes/model/AngelType_model.php +++ b/includes/model/AngelType_model.php @@ -8,7 +8,7 @@ function AngelType_delete($angeltype) { return sql_query(" DELETE FROM `AngelTypes` - WHERE `id`=" . sql_escape($angeltype['id']) . " + WHERE `id`='" . sql_escape($angeltype['id']) . "' LIMIT 1"); } @@ -24,9 +24,9 @@ function AngelType_update($angeltype_id, $name, $restricted, $description) { return sql_query(" UPDATE `AngelTypes` SET `name`='" . sql_escape($name) . "', - `restricted`=" . sql_escape($restricted ? 1 : 0) . ", + `restricted`='" . sql_escape($restricted ? 1 : 0) . "', `description`='" . sql_escape($description) . "' - WHERE `id`=" . sql_escape($angeltype_id) . " + WHERE `id`='" . sql_escape($angeltype_id) . "' LIMIT 1"); } @@ -42,7 +42,7 @@ function AngelType_create($name, $restricted, $description) { $result = sql_query(" INSERT INTO `AngelTypes` SET `name`='" . sql_escape($name) . "', - `restricted`=" . sql_escape($restricted ? 1 : 0) . ", + `restricted`='" . sql_escape($restricted ? 1 : 0) . "', `description`='" . sql_escape($description) . "'"); if ($result === false) return false; @@ -69,7 +69,7 @@ function AngelType_validate_name($name, $angeltype) { SELECT * FROM `AngelTypes` WHERE `name`='" . sql_escape($name) . "' - AND NOT `id`=" . sql_escape($angeltype['id']) . " + AND NOT `id`='" . sql_escape($angeltype['id']) . "' LIMIT 1") == 0, $name ); @@ -130,7 +130,7 @@ function AngelType_ids() { * ID */ function AngelType($id) { - $angelType_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + $angelType_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($id) . "' LIMIT 1"); if ($angelType_source === false) return false; if (count($angelType_source) > 0) diff --git a/includes/model/LogEntries_model.php b/includes/model/LogEntries_model.php index 2e8a8cf7..8b7f65a0 100644 --- a/includes/model/LogEntries_model.php +++ b/includes/model/LogEntries_model.php @@ -8,11 +8,11 @@ * Message */ function LogEntry_create($nick, $message) { - return sql_query("INSERT INTO `LogEntries` SET `timestamp`=" . sql_escape(time()) . ", `nick`='" . sql_escape($nick) . "', `message`='" . sql_escape($message) . "'"); + return sql_query("INSERT INTO `LogEntries` SET `timestamp`='" . sql_escape(time()) . "', `nick`='" . sql_escape($nick) . "', `message`='" . sql_escape($message) . "'"); } /** - * Returns log entries of the last 24 hours with maximum count of 1000. + * Returns log entries with maximum count of 10000. */ function LogEntries() { return sql_select("SELECT * FROM `LogEntries` ORDER BY `timestamp` DESC LIMIT 10000"); @@ -25,4 +25,11 @@ function LogEntries_filter($keyword) { return sql_select("SELECT * FROM `LogEntries` WHERE `nick` LIKE '%" . sql_escape($keyword) . "%' OR `message` LIKE '%" . sql_escape($keyword) . "%' ORDER BY `timestamp` DESC"); } +/** + * Delete all log entries. + */ +function LogEntries_clear_all() { + return sql_query("TRUNCATE `LogEntries`"); +} + ?> diff --git a/includes/model/Message_model.php b/includes/model/Message_model.php index 1e1923e8..7bae0dd4 100644 --- a/includes/model/Message_model.php +++ b/includes/model/Message_model.php @@ -14,7 +14,7 @@ function Message_ids() { * ID */ function Message($id) { - $message_source = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + $message_source = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1"); if ($message_source === false) return false; if (count($message_source) > 0) @@ -38,8 +38,8 @@ function Message_send($id, $text) { $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($text)); $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($id)); - if (($text != "" && is_numeric($to)) && (sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0)) { - sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'"); + if (($text != "" && is_numeric($to)) && (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($to) . "' AND NOT `UID`='" . sql_escape($user['UID']) . "' LIMIT 1") > 0)) { + sql_query("INSERT INTO `Messages` SET `Datum`='" . sql_escape(time()) . "', `SUID`='" . sql_escape($user['UID']) . "', `RUID`='" . sql_escape($to) . "', `Text`='" . sql_escape($text) . "'"); return true; } else { return false; diff --git a/includes/model/NeededAngelTypes_model.php b/includes/model/NeededAngelTypes_model.php index e9176d34..8d6b8cce 100644 --- a/includes/model/NeededAngelTypes_model.php +++ b/includes/model/NeededAngelTypes_model.php @@ -10,7 +10,7 @@ function NeededAngelTypes_by_shift($shiftId) { SELECT `NeededAngelTypes`.*, `AngelTypes`.`name`, `AngelTypes`.`restricted` FROM `NeededAngelTypes` JOIN `AngelTypes` ON `AngelTypes`.`id` = `NeededAngelTypes`.`angel_type_id` - WHERE `shift_id`=" . sql_escape($shiftId) . " + WHERE `shift_id`='" . sql_escape($shiftId) . "' AND `count` > 0 ORDER BY `room_id` DESC "); @@ -24,7 +24,7 @@ function NeededAngelTypes_by_shift($shiftId) { FROM `NeededAngelTypes` JOIN `AngelTypes` ON `AngelTypes`.`id` = `NeededAngelTypes`.`angel_type_id` JOIN `Shifts` ON `Shifts`.`RID` = `NeededAngelTypes`.`room_id` - WHERE `Shifts`.`SID`=" . sql_escape($shiftId) . " + WHERE `Shifts`.`SID`='" . sql_escape($shiftId) . "' AND `count` > 0 ORDER BY `room_id` DESC "); diff --git a/includes/model/Room_model.php b/includes/model/Room_model.php index c48abc78..2868916e 100644 --- a/includes/model/Room_model.php +++ b/includes/model/Room_model.php @@ -1,15 +1,33 @@ <?php /** - * Returns room id array + * Delete a room + * @param int $room_id */ -function Room_ids() { - $room_source = sql_select("SELECT `RID` FROM `Room` WHERE `show` = 'Y'"); - if ($room_source === false) +function Room_delete($room_id) { + return sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($room_id)); +} + +/** + * Create a new room + * + * @param string $name + * Name of the room + * @param boolean $from_frab + * Is this a frab imported room? + * @param boolean $public + * Is the room visible for angels? + */ +function Room_create($name, $from_frab, $public) { + $result = sql_query(" + INSERT INTO `Room` SET + `Name`='" . sql_escape($name) . "', + `FromPentabarf`='" . sql_escape($from_frab ? 'Y' : 'N') . "', + `show`='" . sql_escape($public ? 'Y' : 'N') . "', + `Number`=0"); + if ($result === false) return false; - if (count($room_source) > 0) - return $room_source; - return null; + return sql_id(); } /** @@ -18,7 +36,8 @@ function Room_ids() { * @param $id RID */ function Room($id) { - $room_source = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($id) . " AND `show` = 'Y' LIMIT 1"); + $room_source = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($id) . "' AND `show` = 'Y'"); + if ($room_source === false) return false; if (count($room_source) > 0) diff --git a/includes/model/ShiftEntry_model.php b/includes/model/ShiftEntry_model.php index 5129f15a..008531ff 100644 --- a/includes/model/ShiftEntry_model.php +++ b/includes/model/ShiftEntry_model.php @@ -16,7 +16,7 @@ function ShiftEntries_by_shift($shift_id) { FROM `ShiftEntry` JOIN `User` ON `ShiftEntry`.`UID`=`User`.`UID` JOIN `AngelTypes` ON `ShiftEntry`.`TID`=`AngelTypes`.`id` - WHERE `ShiftEntry`.`SID`=" . sql_escape($shift_id)); + WHERE `ShiftEntry`.`SID`='" . sql_escape($shift_id) . "'"); } /** @@ -27,12 +27,12 @@ function ShiftEntries_by_shift($shift_id) { function ShiftEntry_create($shift_entry) { mail_shift_assign(User($shift_entry['UID']), Shift($shift_entry['SID'])); return sql_query("INSERT INTO `ShiftEntry` SET - `SID`=" . sql_escape($shift_entry['SID']) . ", - `TID`=" . sql_escape($shift_entry['TID']) . ", - `UID`=" . sql_escape($shift_entry['UID']) . ", + `SID`='" . sql_escape($shift_entry['SID']) . "', + `TID`='" . sql_escape($shift_entry['TID']) . "', + `UID`='" . sql_escape($shift_entry['UID']) . "', `Comment`='" . sql_escape($shift_entry['Comment']) . "', `freeload_comment`='" . sql_escape($shift_entry['freeload_comment']) . "', - `freeloaded`=" . sql_escape($shift_entry['freeloaded'] ? 'TRUE' : 'FALSE')); + `freeloaded`=" . sql_bool($shift_entry['freeloaded'])); } /** @@ -42,15 +42,15 @@ function ShiftEntry_update($shift_entry) { return sql_query("UPDATE `ShiftEntry` SET `Comment`='" . sql_escape($shift_entry['Comment']) . "', `freeload_comment`='" . sql_escape($shift_entry['freeload_comment']) . "', - `freeloaded`=" . sql_escape($shift_entry['freeloaded'] ? 'TRUE' : 'FALSE') . " - WHERE `id`=" . sql_escape($shift_entry['id'])); + `freeloaded`=" . sql_bool($shift_entry['freeloaded']) . " + WHERE `id`='" . sql_escape($shift_entry['id']) . "'"); } /** * Get a shift entry. */ function ShiftEntry($shift_entry_id) { - $shift_entry = sql_select("SELECT * FROM `ShiftEntry` WHERE `id`=" . sql_escape($shift_entry_id)); + $shift_entry = sql_select("SELECT * FROM `ShiftEntry` WHERE `id`='" . sql_escape($shift_entry_id) . "'"); if ($shift_entry === false) return false; if (count($shift_entry) == 0) @@ -64,7 +64,7 @@ function ShiftEntry($shift_entry_id) { function ShiftEntry_delete($shift_entry_id) { $shift_entry = ShiftEntry($shift_entry_id); mail_shift_removed(User($shift_entry['UID']), Shift($shift_entry['SID'])); - return sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($shift_entry_id)); + return sql_query("DELETE FROM `ShiftEntry` WHERE `id`='" . sql_escape($shift_entry_id) . "'"); } /** diff --git a/includes/model/ShiftTypes_model.php b/includes/model/ShiftTypes_model.php index 7b502585..7f057da8 100644 --- a/includes/model/ShiftTypes_model.php +++ b/includes/model/ShiftTypes_model.php @@ -5,7 +5,7 @@ * @param int $shifttype_id */ function ShiftType_delete($shifttype_id) { - return sql_query("DELETE FROM `ShiftTypes` WHERE `id`=" . sql_escape($shifttype_id)); + return sql_query("DELETE FROM `ShiftTypes` WHERE `id`='" . sql_escape($shifttype_id) . "'"); } /** @@ -21,7 +21,7 @@ function ShiftType_update($shifttype_id, $name, $angeltype_id, $description) { `name`='" . sql_escape($name) . "', `angeltype_id`=" . sql_null($angeltype_id) . ", `description`='" . sql_escape($description) . "' - WHERE `id`=" . sql_escape($shifttype_id)); + WHERE `id`='" . sql_escape($shifttype_id) . "'"); } /** @@ -48,7 +48,7 @@ function ShiftType_create($name, $angeltype_id, $description) { * @param int $shifttype_id */ function ShiftType($shifttype_id) { - $shifttype = sql_select("SELECT * FROM `ShiftTypes` WHERE `id`=" . sql_escape($shifttype_id)); + $shifttype = sql_select("SELECT * FROM `ShiftTypes` WHERE `id`='" . sql_escape($shifttype_id) . "'"); if ($shifttype === false) return false; if ($shifttype == null) diff --git a/includes/model/Shifts_model.php b/includes/model/Shifts_model.php index 37c772bf..d32de0cb 100644 --- a/includes/model/Shifts_model.php +++ b/includes/model/Shifts_model.php @@ -43,11 +43,23 @@ function Shift_signup_allowed($shift, $angeltype, $user_angeltype = null, $user_ $signed_up = true; break; } + + $needed_angeltypes = NeededAngelTypes_by_shift($shift['SID']); + if ($needed_angeltypes === false) + engelsystem_error('Unable to load needed angel types.'); // is the shift still running or alternatively is the user shift admin? $user_may_join_shift = true; - // you cannot join if user alread joined a parallel or this shift + // you canot join if shift is full + foreach ($needed_angeltypes as $needed_angeltype) + if ($needed_angeltype['angel_type_id'] == $angeltype['id']) { + if ($needed_angeltype['taken'] >= $needed_angeltype['count']) + $user_may_join_shift = false; + break; + } + + // you cannot join if user alread joined a parallel or this shift $user_may_join_shift &= ! $collides; // you cannot join if you already singed up for this shift @@ -73,7 +85,7 @@ function Shift_signup_allowed($shift, $angeltype, $user_angeltype = null, $user_ * Delete a shift by its external id. */ function Shift_delete_by_psid($shift_psid) { - return sql_query("DELETE FROM `Shifts` WHERE `PSID`=" . sql_escape($shift_psid)); + return sql_query("DELETE FROM `Shifts` WHERE `PSID`='" . sql_escape($shift_psid) . "'"); } /** @@ -82,25 +94,28 @@ function Shift_delete_by_psid($shift_psid) { function Shift_delete($shift_id) { mail_shift_delete(Shift($shift_id)); - return sql_query("DELETE FROM `Shifts` WHERE `SID`=" . sql_escape($shift_id)); + return sql_query("DELETE FROM `Shifts` WHERE `SID`='" . sql_escape($shift_id) . "'"); } /** * Update a shift. */ function Shift_update($shift) { + global $user; $shift['name'] = ShiftType($shift['shifttype_id'])['name']; mail_shift_change(Shift($shift['SID']), $shift); return sql_query("UPDATE `Shifts` SET - `shifttype_id`=" . sql_escape($shift['shifttype_id']) . ", - `start`=" . sql_escape($shift['start']) . ", - `end`=" . sql_escape($shift['end']) . ", - `RID`=" . sql_escape($shift['RID']) . ", + `shifttype_id`='" . sql_escape($shift['shifttype_id']) . "', + `start`='" . sql_escape($shift['start']) . "', + `end`='" . sql_escape($shift['end']) . "', + `RID`='" . sql_escape($shift['RID']) . "', `title`=" . sql_null($shift['title']) . ", `URL`=" . sql_null($shift['URL']) . ", - `PSID`=" . sql_null($shift['PSID']) . " - WHERE `SID`=" . sql_escape($shift['SID'])); + `PSID`=" . sql_null($shift['PSID']) . ", + `edited_by_user_id`='" . sql_escape($user['UID']) . "', + `edited_at_timestamp`=" . time() . " + WHERE `SID`='" . sql_escape($shift['SID']) . "'"); } /** @@ -122,14 +137,17 @@ function Shift_update_by_psid($shift) { * @return new shift id or false */ function Shift_create($shift) { + global $user; $result = sql_query("INSERT INTO `Shifts` SET - `shifttype_id`=" . sql_escape($shift['shifttype_id']) . ", - `start`=" . sql_escape($shift['start']) . ", - `end`=" . sql_escape($shift['end']) . ", - `RID`=" . sql_escape($shift['RID']) . ", + `shifttype_id`='" . sql_escape($shift['shifttype_id']) . "', + `start`='" . sql_escape($shift['start']) . "', + `end`='" . sql_escape($shift['end']) . "', + `RID`='" . sql_escape($shift['RID']) . "', `title`=" . sql_null($shift['title']) . ", `URL`=" . sql_null($shift['URL']) . ", - `PSID`=" . sql_null($shift['PSID'])); + `PSID`=" . sql_null($shift['PSID']) . ", + `created_by_user_id`='" . sql_escape($user['UID']) . "', + `created_at_timestamp`=" . time()); if ($result === false) return false; return sql_id(); @@ -145,7 +163,7 @@ function Shifts_by_user($user) { JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) - WHERE `UID`=" . sql_escape($user['UID']) . " + WHERE `UID`='" . sql_escape($user['UID']) . "' ORDER BY `start` "); } @@ -161,7 +179,7 @@ function Shifts_filtered() { // filterRoom (Array of integer) - Array of Room IDs (optional, for list request) if (isset($_REQUEST['filterRoom']) && is_array($_REQUEST['filterRoom'])) { foreach ($_REQUEST['filterRoom'] as $key => $value) { - $filter .= ", `RID`=" . sql_escape($value) . " "; + $filter .= ", `RID`='" . sql_escape($value) . "' "; } } @@ -206,8 +224,8 @@ function Shift($id) { SELECT `Shifts`.*, `ShiftTypes`.`name` FROM `Shifts` JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`) - WHERE `SID`=" . sql_escape($id)); - $shiftsEntry_source = sql_select("SELECT `id`, `TID` , `UID` , `freeloaded` FROM `ShiftEntry` WHERE `SID`=" . sql_escape($id)); + WHERE `SID`='" . sql_escape($id) . "'"); + $shiftsEntry_source = sql_select("SELECT `id`, `TID` , `UID` , `freeloaded` FROM `ShiftEntry` WHERE `SID`='" . sql_escape($id) . "'"); if ($shifts_source === false) return false; diff --git a/includes/model/UserAngelTypes_model.php b/includes/model/UserAngelTypes_model.php index 7dcaef7a..b2ebd9fe 100644 --- a/includes/model/UserAngelTypes_model.php +++ b/includes/model/UserAngelTypes_model.php @@ -8,7 +8,7 @@ function User_angeltypes($user) { SELECT `AngelTypes`.*, `UserAngelTypes`.`confirm_user_id`, `UserAngelTypes`.`coordinator` FROM `UserAngelTypes` JOIN `AngelTypes` ON `UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id` - WHERE `UserAngelTypes`.`user_id`=" . sql_escape($user['UID']) . " + WHERE `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "' "); } @@ -19,13 +19,19 @@ function User_angeltypes($user) { */ function User_unconfirmed_AngelTypes($user) { return sql_select(" - SELECT `UnconfirmedMembers`.*, `AngelTypes`.`name` FROM `UserAngelTypes` + SELECT + `UserAngelTypes`.*, + `AngelTypes`.`name`, + count(`UnconfirmedMembers`.`user_id`) as `count` + FROM `UserAngelTypes` JOIN `AngelTypes` ON `UserAngelTypes`.`angeltype_id`=`AngelTypes`.`id` JOIN `UserAngelTypes` as `UnconfirmedMembers` ON `UserAngelTypes`.`angeltype_id`=`UnconfirmedMembers`.`angeltype_id` - WHERE `UserAngelTypes`.`user_id`=" . sql_escape($user['UID']) . " - AND `UserAngelTypes`.`coordinator`=TRUE - AND `AngelTypes`.`restricted`=TRUE - AND `UnconfirmedMembers`.`confirm_user_id` IS NULL"); + WHERE `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "' + AND `UserAngelTypes`.`coordinator`=TRUE + AND `AngelTypes`.`restricted`=TRUE + AND `UnconfirmedMembers`.`confirm_user_id` IS NULL + GROUP BY `UserAngelTypes`.`angeltype_id` + ORDER BY `AngelTypes`.`name`"); } /** @@ -38,8 +44,8 @@ function User_is_AngelType_coordinator($user, $angeltype) { return (sql_num_query(" SELECT `id` FROM `UserAngelTypes` - WHERE `user_id`=" . sql_escape($user['UID']) . " - AND `angeltype_id`=" . sql_escape($angeltype['id']) . " + WHERE `user_id`='" . sql_escape($user['UID']) . "' + AND `angeltype_id`='" . sql_escape($angeltype['id']) . "' AND `coordinator`=TRUE LIMIT 1") > 0) || in_array('admin_user_angeltypes', privileges_for_user($user['UID'])); } @@ -53,8 +59,8 @@ function User_is_AngelType_coordinator($user, $angeltype) { function UserAngelType_update($user_angeltype_id, $coordinator) { return sql_query(" UPDATE `UserAngelTypes` - SET `coordinator`=" . ($coordinator ? 'TRUE' : 'FALSE') . " - WHERE `id`=" . sql_escape($user_angeltype_id) . " + SET `coordinator`=" . sql_bool($coordinator) . " + WHERE `id`='" . sql_escape($user_angeltype_id) . "' LIMIT 1"); } @@ -66,7 +72,7 @@ function UserAngelType_update($user_angeltype_id, $coordinator) { function UserAngelTypes_delete_all($angeltype_id) { return sql_query(" DELETE FROM `UserAngelTypes` - WHERE `angeltype_id`=" . sql_escape($angeltype_id) . " + WHERE `angeltype_id`='" . sql_escape($angeltype_id) . "' AND `confirm_user_id` IS NULL"); } @@ -79,8 +85,8 @@ function UserAngelTypes_delete_all($angeltype_id) { function UserAngelTypes_confirm_all($angeltype_id, $confirm_user) { return sql_query(" UPDATE `UserAngelTypes` - SET `confirm_user_id`=" . sql_escape($confirm_user['UID']) . " - WHERE `angeltype_id`=" . sql_escape($angeltype_id) . " + SET `confirm_user_id`='" . sql_escape($confirm_user['UID']) . "' + WHERE `angeltype_id`='" . sql_escape($angeltype_id) . "' AND `confirm_user_id` IS NULL"); } @@ -93,8 +99,8 @@ function UserAngelTypes_confirm_all($angeltype_id, $confirm_user) { function UserAngelType_confirm($user_angeltype_id, $confirm_user) { return sql_query(" UPDATE `UserAngelTypes` - SET `confirm_user_id`=" . sql_escape($confirm_user['UID']) . " - WHERE `id`=" . sql_escape($user_angeltype_id) . " + SET `confirm_user_id`='" . sql_escape($confirm_user['UID']) . "' + WHERE `id`='" . sql_escape($user_angeltype_id) . "' LIMIT 1"); } @@ -106,7 +112,7 @@ function UserAngelType_confirm($user_angeltype_id, $confirm_user) { function UserAngelType_delete($user_angeltype) { return sql_query(" DELETE FROM `UserAngelTypes` - WHERE `id`=" . sql_escape($user_angeltype['id']) . " + WHERE `id`='" . sql_escape($user_angeltype['id']) . "' LIMIT 1"); } @@ -119,8 +125,8 @@ function UserAngelType_delete($user_angeltype) { function UserAngelType_create($user, $angeltype) { $result = sql_query(" INSERT INTO `UserAngelTypes` SET - `user_id`=" . sql_escape($user['UID']) . ", - `angeltype_id`=" . sql_escape($angeltype['id'])); + `user_id`='" . sql_escape($user['UID']) . "', + `angeltype_id`='" . sql_escape($angeltype['id']) . "'"); if ($result === false) return false; return sql_id(); @@ -135,7 +141,7 @@ function UserAngelType($user_angeltype_id) { $angeltype = sql_select(" SELECT * FROM `UserAngelTypes` - WHERE `id`=" . sql_escape($user_angeltype_id) . " + WHERE `id`='" . sql_escape($user_angeltype_id) . "' LIMIT 1"); if ($angeltype === false) return false; @@ -154,8 +160,8 @@ function UserAngelType_by_User_and_AngelType($user, $angeltype) { $angeltype = sql_select(" SELECT * FROM `UserAngelTypes` - WHERE `user_id`=" . sql_escape($user['UID']) . " - AND `angeltype_id`=" . sql_escape($angeltype['id']) . " + WHERE `user_id`='" . sql_escape($user['UID']) . "' + AND `angeltype_id`='" . sql_escape($angeltype['id']) . "' LIMIT 1"); if ($angeltype === false) return false; diff --git a/includes/model/UserGroups_model.php b/includes/model/UserGroups_model.php index 1d018386..766f402f 100644 --- a/includes/model/UserGroups_model.php +++ b/includes/model/UserGroups_model.php @@ -9,7 +9,7 @@ function User_groups($user) { SELECT `Groups`.* FROM `UserGroups` JOIN `Groups` ON `Groups`.`UID`=`UserGroups`.`group_id` - WHERE `UserGroups`.`uid`=" . sql_escape($user['UID']) . " + WHERE `UserGroups`.`uid`='" . sql_escape($user['UID']) . "' ORDER BY `UserGroups`.`group_id` "); } diff --git a/includes/model/User_model.php b/includes/model/User_model.php index a6c12f9d..bd3ec31f 100644 --- a/includes/model/User_model.php +++ b/includes/model/User_model.php @@ -5,6 +5,37 @@ */ /** + * Update user. + * + * @param User $user + */ +function User_update($user) { + return sql_query("UPDATE `User` SET + `Nick`='" . sql_escape($user['Nick']) . "', + `Name`='" . sql_escape($user['Name']) . "', + `Vorname`='" . sql_escape($user['Vorname']) . "', + `Alter`='" . sql_escape($user['Alter']) . "', + `Telefon`='" . sql_escape($user['Telefon']) . "', + `DECT`='" . sql_escape($user['DECT']) . "', + `Handy`='" . sql_escape($user['Handy']) . "', + `email`='" . sql_escape($user['email']) . "', + `email_shiftinfo`=" . sql_bool($user['email_shiftinfo']) . ", + `jabber`='" . sql_escape($user['jabber']) . "', + `Size`='" . sql_escape($user['Size']) . "', + `Gekommen`='" . sql_escape($user['Gekommen']) . "', + `Aktiv`='" . sql_escape($user['Aktiv']) . "', + `force_active`=" . sql_bool($user['force_active']) . ", + `Tshirt`='" . sql_escape($user['Tshirt']) . "', + `color`='" . sql_escape($user['color']) . "', + `Sprache`='" . sql_escape($user['Sprache']) . "', + `Hometown`='" . sql_escape($user['Hometown']) . "', + `got_voucher`='" . sql_escape($user['got_voucher']) . "', + `arrival_date`='" . sql_escape($user['arrival_date']) . "', + `planned_arrival_date`='" . sql_escape($user['planned_arrival_date']) . "' + WHERE `UID`='" . sql_escape($user['UID']) . "'"); +} + +/** * Counts all forced active users. */ function User_force_active_count() { @@ -15,6 +46,10 @@ function User_active_count() { return sql_select_single_cell("SELECT COUNT(*) FROM `User` WHERE `Aktiv` = 1"); } +function User_got_voucher_count() { + return sql_select_single_cell("SELECT SUM(`got_voucher`) FROM `User`"); +} + function User_arrived_count() { return sql_select_single_cell("SELECT COUNT(*) FROM `User` WHERE `Gekommen` = 1"); } @@ -39,14 +74,14 @@ function User_sortable_columns() { 'Aktiv', 'force_active', 'Tshirt', - 'lastLogIn' + 'lastLogIn' ); } /** * Get all users, ordered by Nick by default or by given param. * - * @param string $order_by + * @param string $order_by */ function Users($order_by = 'Nick') { return sql_select("SELECT * FROM `User` ORDER BY `" . sql_escape($order_by) . "` ASC"); @@ -55,24 +90,24 @@ function Users($order_by = 'Nick') { /** * Returns true if user is freeloader * - * @param User $user + * @param User $user */ function User_is_freeloader($user) { global $max_freeloadable_shifts, $user; - + return count(ShiftEntries_freeloaded_by_user($user)) >= $max_freeloadable_shifts; } /** * Returns all users that are not member of given angeltype. * - * @param Angeltype $angeltype + * @param Angeltype $angeltype */ function Users_by_angeltype_inverted($angeltype) { return sql_select(" SELECT `User`.* FROM `User` - LEFT JOIN `UserAngelTypes` ON (`User`.`UID`=`UserAngelTypes`.`user_id` AND `angeltype_id`=" . sql_escape($angeltype['id']) . ") + LEFT JOIN `UserAngelTypes` ON (`User`.`UID`=`UserAngelTypes`.`user_id` AND `angeltype_id`='" . sql_escape($angeltype['id']) . "') WHERE `UserAngelTypes`.`id` IS NULL ORDER BY `Nick`"); } @@ -80,7 +115,7 @@ function Users_by_angeltype_inverted($angeltype) { /** * Returns all members of given angeltype. * - * @param Angeltype $angeltype + * @param Angeltype $angeltype */ function Users_by_angeltype($angeltype) { return sql_select(" @@ -91,7 +126,7 @@ function Users_by_angeltype($angeltype) { `UserAngelTypes`.`coordinator` FROM `User` JOIN `UserAngelTypes` ON `User`.`UID`=`UserAngelTypes`.`user_id` - WHERE `UserAngelTypes`.`angeltype_id`=" . sql_escape($angeltype['id']) . " + WHERE `UserAngelTypes`.`angeltype_id`='" . sql_escape($angeltype['id']) . "' ORDER BY `Nick`"); } @@ -105,7 +140,7 @@ function User_ids() { /** * Strip unwanted characters from a users nick. * - * @param string $nick + * @param string $nick */ function User_validate_Nick($nick) { return preg_replace("/([^a-z0-9üöäß. _+*-]{1,})/ui", '', $nick); @@ -114,10 +149,10 @@ function User_validate_Nick($nick) { /** * Returns user by id. * - * @param $id UID + * @param $id UID */ function User($id) { - $user_source = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + $user_source = sql_select("SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); if ($user_source === false) return false; if (count($user_source) > 0) @@ -129,10 +164,10 @@ function User($id) { * TODO: Merge into normal user function * Returns user by id (limit informations. * - * @param $id UID + * @param $id UID */ function mUser_Limit($id) { - $user_source = sql_select("SELECT `UID`, `Nick`, `Name`, `Vorname`, `Telefon`, `DECT`, `Handy`, `email`, `jabber`, `Avatar` FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + $user_source = sql_select("SELECT `UID`, `Nick`, `Name`, `Vorname`, `Telefon`, `DECT`, `Handy`, `email`, `jabber` FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); if ($user_source === false) return false; if (count($user_source) > 0) @@ -159,7 +194,7 @@ function User_by_api_key($api_key) { /** * Returns User by email. * - * @param string $email + * @param string $email * @return Matching user, null or false on error */ function User_by_email($email) { @@ -174,7 +209,7 @@ function User_by_email($email) { /** * Returns User by password token. * - * @param string $token + * @param string $token * @return Matching user, null or false on error */ function User_by_password_recovery_token($token) { @@ -189,7 +224,7 @@ function User_by_password_recovery_token($token) { /** * Generates a new api key for given user. * - * @param User $user + * @param User $user */ function User_reset_api_key(&$user, $log = true) { $user['api_key'] = md5($user['Nick'] . time() . rand()); @@ -197,20 +232,20 @@ function User_reset_api_key(&$user, $log = true) { if ($result === false) return false; if ($log) - engelsystem_log(sprintf("API key resetted (%s).",User_Nick_render($user))); + engelsystem_log(sprintf("API key resetted (%s).", User_Nick_render($user))); } /** * Generates a new password recovery token for given user. * - * @param User $user + * @param User $user */ function User_generate_password_recovery_token(&$user) { $user['password_recovery_token'] = md5($user['Nick'] . time() . rand()); $result = sql_query("UPDATE `User` SET `password_recovery_token`='" . sql_escape($user['password_recovery_token']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1"); if ($result === false) return false; - engelsystem_log("Password recovery for " . $user['Nick'] . " started."); + engelsystem_log("Password recovery for " . User_Nick_render($user) . " started."); return $user['password_recovery_token']; } diff --git a/includes/mysqli_provider.php b/includes/mysqli_provider.php index 9f4f1396..f141e0de 100644 --- a/includes/mysqli_provider.php +++ b/includes/mysqli_provider.php @@ -171,6 +171,16 @@ function sql_escape($query) { } /** + * Convert a boolean for mysql-queries. + * + * @param boolean $boolean + * @return string + */ +function sql_bool($boolean) { + return $boolean === true ? 'TRUE' : 'FALSE'; +} + +/** * Count query result lines. * * @param string $query diff --git a/includes/pages/admin_active.php b/includes/pages/admin_active.php index 08c436fc..e3fa0996 100644 --- a/includes/pages/admin_active.php +++ b/includes/pages/admin_active.php @@ -1,22 +1,27 @@ <?php + function admin_active_title() { return _("Active angels"); } function admin_active() { global $tshirt_sizes, $shift_sum_formula; - + $msg = ""; $search = ""; $forced_count = sql_num_query("SELECT * FROM `User` WHERE `force_active`=1"); $count = $forced_count; $limit = ""; $set_active = ""; + if (isset($_REQUEST['search'])) $search = strip_request_item('search'); + + $show_all_shifts = isset($_REQUEST['show_all_shifts']); + if (isset($_REQUEST['set_active'])) { $ok = true; - + if (isset($_REQUEST['count']) && preg_match("/^[0-9]+$/", $_REQUEST['count'])) { $count = strip_request_item('count'); if ($count < $forced_count) { @@ -27,7 +32,7 @@ function admin_active() { $ok = false; $msg .= error(_("Please enter a number of angels to be marked as active."), true); } - + if ($ok) $limit = " LIMIT " . $count; if (isset($_REQUEST['ack'])) { @@ -42,23 +47,24 @@ function admin_active() { ORDER BY `force_active` DESC, `shift_length` DESC" . $limit); $user_nicks = array(); foreach ($users as $usr) { - sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`=" . sql_escape($usr['UID'])); + sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`='" . sql_escape($usr['UID']) . "'"); $user_nicks[] = User_Nick_render($usr); } + sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `force_active`=TRUE"); engelsystem_log("These angels are active now: " . join(", ", $user_nicks)); - + $limit = ""; $msg = success(_("Marked angels."), true); } else { $set_active = '<a href="' . page_link_to('admin_active') . '&serach=' . $search . '">« ' . _("back") . '</a> | <a href="' . page_link_to('admin_active') . '&search=' . $search . '&count=' . $count . '&set_active&ack">' . _("apply") . '</a>'; } } - + if (isset($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) { $id = $_REQUEST['active']; $user_source = User($id); if ($user_source != null) { - sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User " . User_Nick_render($user_source) . " is active now."); $msg = success(_("Angel has been marked as active."), true); } else @@ -67,7 +73,7 @@ function admin_active() { $id = $_REQUEST['not_active']; $user_source = User($id); if ($user_source != null) { - sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User " . User_Nick_render($user_source) . " is NOT active now."); $msg = success(_("Angel has been marked as not active."), true); } else @@ -76,7 +82,7 @@ function admin_active() { $id = $_REQUEST['tshirt']; $user_source = User($id); if ($user_source != null) { - sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User " . User_Nick_render($user_source) . " has tshirt now."); $msg = success(_("Angel has got a t-shirt."), true); } else @@ -85,21 +91,22 @@ function admin_active() { $id = $_REQUEST['not_tshirt']; $user_source = User($id); if ($user_source != null) { - sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User " . User_Nick_render($user_source) . " has NO tshirt."); $msg = success(_("Angel has got no t-shirt."), true); } else $msg = error(_("Angel not found."), true); } - + $users = sql_select(" SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, ${shift_sum_formula} as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` - WHERE `User`.`Gekommen` = 1 + WHERE `User`.`Gekommen` = 1 + " . ($show_all_shifts ? "" : "AND (`Shifts`.`end` < " . time() . " OR `Shifts`.`end` IS NULL)") . " GROUP BY `User`.`UID` ORDER BY `force_active` DESC, `shift_length` DESC" . $limit); - + $matched_users = array(); if ($search == "") $tokens = array(); @@ -123,41 +130,47 @@ function admin_active() { $usr['active'] = glyph_bool($usr['Aktiv'] == 1); $usr['force_active'] = glyph_bool($usr['force_active'] == 1); $usr['tshirt'] = glyph_bool($usr['Tshirt'] == 1); - + $actions = array(); if ($usr['Aktiv'] == 0) - $actions[] = '<a href="' . page_link_to('admin_active') . '&active=' . $usr['UID'] . '&search=' . $search . '">' . _("set active") . '</a>'; + $actions[] = '<a href="' . page_link_to('admin_active') . '&active=' . $usr['UID'] . ($show_all_shifts ? '&show_all_shifts=' : '') . '&search=' . $search . '">' . _("set active") . '</a>'; if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) { - $actions[] = '<a href="' . page_link_to('admin_active') . '&not_active=' . $usr['UID'] . '&search=' . $search . '">' . _("remove active") . '</a>'; - $actions[] = '<a href="' . page_link_to('admin_active') . '&tshirt=' . $usr['UID'] . '&search=' . $search . '">' . _("got t-shirt") . '</a>'; + $actions[] = '<a href="' . page_link_to('admin_active') . '&not_active=' . $usr['UID'] . ($show_all_shifts ? '&show_all_shifts=' : '') . '&search=' . $search . '">' . _("remove active") . '</a>'; + $actions[] = '<a href="' . page_link_to('admin_active') . '&tshirt=' . $usr['UID'] . ($show_all_shifts ? '&show_all_shifts=' : '') . '&search=' . $search . '">' . _("got t-shirt") . '</a>'; } if ($usr['Tshirt'] == 1) - $actions[] = '<a href="' . page_link_to('admin_active') . '&not_tshirt=' . $usr['UID'] . '&search=' . $search . '">' . _("remove t-shirt") . '</a>'; - + $actions[] = '<a href="' . page_link_to('admin_active') . '&not_tshirt=' . $usr['UID'] . ($show_all_shifts ? '&show_all_shifts=' : '') . '&search=' . $search . '">' . _("remove t-shirt") . '</a>'; + $usr['actions'] = join(' ', $actions); - + $matched_users[] = $usr; } - - $shirt_statistics = sql_select(" - SELECT `Size`, count(`Size`) AS `count` - FROM `User` - WHERE `Tshirt`=1 - GROUP BY `Size` - ORDER BY `count` DESC"); - $shirt_statistics[] = array( - 'Size' => '<b>' . _("Sum") . '</b>', - 'count' => '<b>' . sql_select_single_cell("SELECT count(*) FROM `User` WHERE `Tshirt`=1") . '</b>' - ); - + + $shirt_statistics = []; + foreach ($tshirt_sizes as $size => $_) { + if ($size != '') { + $shirt_statistics[] = [ + 'size' => $size, + 'needed' => sql_select_single_cell("SELECT count(*) FROM `User` WHERE `Size`='" . sql_escape($size) . "' AND `Gekommen`=1"), + 'given' => sql_select_single_cell("SELECT count(*) FROM `User` WHERE `Size`='" . sql_escape($size) . "' AND `Tshirt`=1") + ]; + } + } + $shirt_statistics[] = [ + 'size' => '<b>' . _("Sum") . '</b>', + 'needed' => '<b>' . User_arrived_count() . '</b>', + 'given' => '<b>' . sql_select_single_cell("SELECT count(*) FROM `User` WHERE `Tshirt`=1") . '</b>' + ]; + return page_with_title(admin_active_title(), array( form(array( form_text('search', _("Search angel:"), $search), - form_submit('submit', _("Search")) - )), + form_checkbox('show_all_shifts', _("Show all shifts"), $show_all_shifts), + form_submit('submit', _("Search")) + ), page_link_to('admin_active')), $set_active == "" ? form(array( form_text('count', _("How much angels should be active?"), $count), - form_submit('set_active', _("Preview")) + form_submit('set_active', _("Preview")) )) : $set_active, msg(), table(array( @@ -168,13 +181,14 @@ function admin_active() { 'active' => _("Active?"), 'force_active' => _("Forced"), 'tshirt' => _("T-shirt?"), - 'actions' => "" + 'actions' => "" ), $matched_users), - '<h2>' . _("Given shirts") . '</h2>', + '<h2>' . _("Shirt statistics") . '</h2>', table(array( - 'Size' => _("Size"), - 'count' => _("Count") - ), $shirt_statistics) + 'size' => _("Size"), + 'needed' => _("Needed shirts"), + 'given' => _("Given shirts") + ), $shirt_statistics) )); } ?> diff --git a/includes/pages/admin_arrive.php b/includes/pages/admin_arrive.php index bec1ae56..64cf785d 100644 --- a/includes/pages/admin_arrive.php +++ b/includes/pages/admin_arrive.php @@ -1,4 +1,5 @@ <?php + function admin_arrive_title() { return _("Arrived angels"); } @@ -13,7 +14,7 @@ function admin_arrive() { $id = $_REQUEST['reset']; $user_source = User($id); if ($user_source != null) { - sql_query("UPDATE `User` SET `Gekommen`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("UPDATE `User` SET `Gekommen`=0, `arrival_date` = NULL WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User set to not arrived: " . User_Nick_render($user_source)); $msg = success(_("Reset done. Angel has not arrived."), true); } else @@ -22,7 +23,7 @@ function admin_arrive() { $id = $_REQUEST['arrived']; $user_source = User($id); if ($user_source != null) { - sql_query("UPDATE `User` SET `Gekommen`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("UPDATE `User` SET `Gekommen`=1, `arrival_date`='" . time() . "' WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User set has arrived: " . User_Nick_render($user_source)); $msg = success(_("Angel has been marked as arrived."), true); } else @@ -30,10 +31,12 @@ function admin_arrive() { } $users = sql_select("SELECT * FROM `User` ORDER BY `Nick`"); + $arrival_count_at_day = []; + $departure_count_at_day = []; $table = ""; - $users_matched = array(); + $users_matched = []; if ($search == "") - $tokens = array(); + $tokens = []; else $tokens = explode(" ", $search); foreach ($users as $usr) { @@ -48,18 +51,53 @@ function admin_arrive() { if (! $match) continue; } - $table .= '<tr>'; - $table .= '<td>' . User_Nick_render($usr) . '</td>'; + $usr['nick'] = User_Nick_render($usr); + if ($usr['planned_departure_date'] != null) + $usr['rendered_planned_departure_date'] = date('Y-m-d', $usr['planned_departure_date']); + else + $usr['rendered_planned_departure_date'] = '-'; + $usr['rendered_planned_arrival_date'] = date('Y-m-d', $usr['planned_arrival_date']); + $usr['rendered_arrival_date'] = $usr['arrival_date'] > 0 ? date('Y-m-d', $usr['arrival_date']) : "-"; $usr['arrived'] = $usr['Gekommen'] == 1 ? _("yes") : ""; $usr['actions'] = $usr['Gekommen'] == 1 ? '<a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">' . _("reset") . '</a>' : '<a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">' . _("arrived") . '</a>'; - if ($usr['Gekommen'] == 1) - $table .= '<td>yes</td><td><a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">reset</a></td>'; - else - $table .= '<td></td><td><a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">arrived</a></td>'; - $table .= '</tr>'; + + $day = $usr['arrival_date'] > 0 ? date('Y-m-d', $usr['arrival_date']) : date('Y-m-d', $usr['planned_arrival_date']); + if (! isset($arrival_count_at_day[$day])) + $arrival_count_at_day[$day] = 0; + if (! isset($departure_count_at_day[$day])) + $departure_count_at_day[$day] = 0; + $arrival_count_at_day[$day] ++; + + if ($usr['planned_departure_date'] != null) { + $day = date('Y-m-d', $usr['planned_departure_date']); + if (! isset($arrival_count_at_day[$day])) + $arrival_count_at_day[$day] = 0; + if (! isset($departure_count_at_day[$day])) + $departure_count_at_day[$day] = 0; + $departure_count_at_day[$day] ++; + } + $users_matched[] = $usr; } + + ksort($arrival_count_at_day); + ksort($departure_count_at_day); + + $arrival_count = []; + $arrival_sums = []; + $arrival_sum = 0; + foreach ($arrival_count_at_day as $day => $count) { + $arrival_sum += $count - $departure_count_at_day[$day]; + $arrival_sums[$day] = $arrival_sum; + $arrival_count[] = [ + 'day' => $day, + 'count' => $count, + 'sum' => $arrival_sum, + 'departure' => isset($departure_count_at_day[$day]) ? $departure_count_at_day[$day] : 0 + ]; + } + return page_with_title(admin_arrive_title(), array( msg(), form(array( @@ -68,9 +106,45 @@ function admin_arrive() { )), table(array( 'nick' => _("Nickname"), + 'rendered_planned_arrival_date' => _("Planned arrival"), 'arrived' => _("Arrived?"), + 'rendered_arrival_date' => _("Arrival date"), + 'rendered_planned_departure_date' => _("Planned departure"), 'actions' => "" - ), $users_matched) + ), $users_matched), + heading(_("Arrival statistics"), 2), + '<canvas id="daily_arrives" style="width: 100%; height: 300px;"></canvas> + <script type="text/javascript"> + $(function(){ + var ctx = $("#daily_arrives").get(0).getContext("2d"); + var chart = new Chart(ctx).Bar(' . json_encode(array( + 'labels' => array_keys($arrival_count_at_day), + 'datasets' => array( + array( + 'label' => _("arrived"), + 'fillColor' => "#090", + 'data' => array_values($arrival_count_at_day) + ), + array( + 'label' => _("arrived sum"), + 'fillColor' => "#888", + 'data' => array_values($arrival_sums) + ), + array( + 'label' => _("planned departure"), + 'fillColor' => "#900", + 'data' => array_values($departure_count_at_day) + ) + ) + )) . '); + }); + </script>', + table(array( + 'day' => _("Date"), + 'count' => _("arrived"), + 'sum' => _("arrived sum"), + 'departure' => _("planned departure") + ), $arrival_count) )); } ?> diff --git a/includes/pages/admin_free.php b/includes/pages/admin_free.php index b56da4d1..227769dc 100644 --- a/includes/pages/admin_free.php +++ b/includes/pages/admin_free.php @@ -32,7 +32,7 @@ function admin_free() { FROM `User` ${angeltypesearch} LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` - LEFT JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID` AND `Shifts`.`start` < " . sql_escape(time()) . " AND `Shifts`.`end` > " . sql_escape(time()) . ") + LEFT JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID` AND `Shifts`.`start` < '" . sql_escape(time()) . "' AND `Shifts`.`end` > '" . sql_escape(time()) . "') WHERE `User`.`Gekommen` = 1 AND `Shifts`.`SID` IS NULL GROUP BY `User`.`UID` ORDER BY `Nick`"); diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php index 3133cf8b..f43c63e9 100644 --- a/includes/pages/admin_groups.php +++ b/includes/pages/admin_groups.php @@ -11,7 +11,7 @@ function admin_groups() { if (! isset($_REQUEST["action"])) { $groups_table = array(); foreach ($groups as $group) { - $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID'])); + $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`='" . sql_escape($group['UID']) . "'"); $privileges_html = array(); foreach ($privileges as $priv) @@ -39,10 +39,10 @@ function admin_groups() { else return error("Incomplete call, missing Groups ID.", true); - $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + $room = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); if (count($room) > 0) { list($room) = $room; - $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`"); + $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`='" . sql_escape($id) . "') ORDER BY `Privileges`.`name`"); $privileges_html = ""; $privileges_form = array(); foreach ($privileges as $priv) { @@ -64,18 +64,18 @@ function admin_groups() { else return error("Incomplete call, missing Groups ID.", true); - $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + $room = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); if (! is_array($_REQUEST['privileges'])) $_REQUEST['privileges'] = array(); if (count($room) > 0) { list($room) = $room; - sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id)); + sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`='" . sql_escape($id) . "'"); $privilege_names = array(); foreach ($_REQUEST['privileges'] as $priv) { if (preg_match("/^[0-9]{1,}$/", $priv)) { - $group_privileges_source = sql_select("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv) . " LIMIT 1"); + $group_privileges_source = sql_select("SELECT * FROM `Privileges` WHERE `id`='" . sql_escape($priv) . "' LIMIT 1"); if (count($group_privileges_source) > 0) { - sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv)); + sql_query("INSERT INTO `GroupPrivileges` SET `group_id`='" . sql_escape($id) . "', `privilege_id`='" . sql_escape($priv) . "'"); $privilege_names[] = $group_privileges_source[0]['name']; } } diff --git a/includes/pages/admin_import.php b/includes/pages/admin_import.php index 786ea08b..63104026 100644 --- a/includes/pages/admin_import.php +++ b/includes/pages/admin_import.php @@ -162,7 +162,9 @@ function admin_import() { list($rooms_new, $rooms_deleted) = prepare_rooms($import_file); foreach ($rooms_new as $room) { - sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($room) . "', `FromPentabarf`='Y', `Show`='Y'"); + $result = Room_create($room, true, true); + if ($result === false) + engelsystem_error('Unable to create room.'); $rooms_import[trim($room)] = sql_id(); } foreach ($rooms_deleted as $room) diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php index 0653a045..1c435a14 100644 --- a/includes/pages/admin_news.php +++ b/includes/pages/admin_news.php @@ -11,7 +11,7 @@ function admin_news() { else return error("Incomplete call, missing News ID.", true); - $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + $news = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($id) . "' LIMIT 1"); if (count($news) > 0) { switch ($_REQUEST["action"]) { default: @@ -38,7 +38,13 @@ function admin_news() { case 'save': list($news) = $news; - sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) . "', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("UPDATE `News` SET + `Datum`='" . sql_escape(time()) . "', + `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', + `Text`='" . sql_escape($_POST["eText"]) . "', + `UID`='" . sql_escape($user['UID']) . "', + `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' + WHERE `ID`='" . sql_escape($id) . "'"); engelsystem_log("News updated: " . $_POST["eBetreff"]); success(_("News entry updated.")); redirect(page_link_to("news")); @@ -47,7 +53,7 @@ function admin_news() { case 'delete': list($news) = $news; - sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("DELETE FROM `News` WHERE `ID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("News deleted: " . $news['Betreff']); success(_("News entry deleted.")); redirect(page_link_to("news")); diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php index 6d141251..e2fef880 100644 --- a/includes/pages/admin_questions.php +++ b/includes/pages/admin_questions.php @@ -82,12 +82,12 @@ function admin_questions() { else return error("Incomplete call, missing Question ID.", true); - $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1"); if (count($question) > 0 && $question[0]['AID'] == null) { $answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer']))); if ($answer != "") { - sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("UPDATE `Questions` SET `AID`='" . sql_escape($user['UID']) . "', `Answer`='" . sql_escape($answer) . "' WHERE `QID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("Question " . $question[0]['Question'] . " answered: " . $answer); redirect(page_link_to("admin_questions")); } else @@ -101,9 +101,9 @@ function admin_questions() { else return error("Incomplete call, missing Question ID.", true); - $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1"); if (count($question) > 0) { - sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("DELETE FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("Question deleted: " . $question[0]['Question']); redirect(page_link_to("admin_questions")); } else diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php index 1c10321e..2d5e5ae4 100644 --- a/includes/pages/admin_rooms.php +++ b/includes/pages/admin_rooms.php @@ -1,11 +1,12 @@ <?php + function admin_rooms_title() { return _("Rooms"); } function admin_rooms() { global $user; - + $rooms_source = sql_select("SELECT * FROM `Room` ORDER BY `Name`"); $rooms = array(); foreach ($rooms_source as $room) @@ -15,17 +16,17 @@ function admin_rooms() { 'public' => $room['show'] == 'Y' ? '✓' : '', 'actions' => buttons(array( button(page_link_to('admin_rooms') . '&show=edit&id=' . $room['RID'], _("edit"), 'btn-xs'), - button(page_link_to('admin_rooms') . '&show=delete&id=' . $room['RID'], _("delete"), 'btn-xs') - )) + button(page_link_to('admin_rooms') . '&show=delete&id=' . $room['RID'], _("delete"), 'btn-xs') + )) ); - + if (isset($_REQUEST['show'])) { $msg = ""; $name = ""; $from_pentabarf = ""; $public = 'Y'; $number = ""; - + $angeltypes_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); $angeltypes = array(); $angeltypes_count = array(); @@ -33,47 +34,47 @@ function admin_rooms() { $angeltypes[$angeltype['id']] = $angeltype['name']; $angeltypes_count[$angeltype['id']] = 0; } - + if (test_request_int('id')) { - $room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($_REQUEST['id'])); + $room = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($_REQUEST['id']) . "'"); if (count($room) > 0) { $id = $_REQUEST['id']; $name = $room[0]['Name']; $from_pentabarf = $room[0]['FromPentabarf']; $public = $room[0]['show']; - $needed_angeltypes = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($id)); + $needed_angeltypes = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($id) . "'"); foreach ($needed_angeltypes as $needed_angeltype) $angeltypes_count[$needed_angeltype['angel_type_id']] = $needed_angeltype['count']; } else redirect(page_link_to('admin_rooms')); } - + if ($_REQUEST['show'] == 'edit') { if (isset($_REQUEST['submit'])) { $ok = true; - + if (isset($_REQUEST['name']) && strlen(strip_request_item('name')) > 0) $name = strip_request_item('name'); else { $ok = false; $msg .= error(_("Please enter a name."), true); } - + if (isset($_REQUEST['from_pentabarf'])) $from_pentabarf = 'Y'; else $from_pentabarf = ''; - + if (isset($_REQUEST['public'])) $public = 'Y'; else $public = ''; - + if (isset($_REQUEST['number'])) $number = strip_request_item('number'); else $ok = false; - + foreach ($angeltypes as $angeltype_id => $angeltype) { if (isset($_REQUEST['angeltype_count_' . $angeltype_id]) && preg_match("/^[0-9]{1,4}$/", $_REQUEST['angeltype_count_' . $angeltype_id])) $angeltypes_count[$angeltype_id] = $_REQUEST['angeltype_count_' . $angeltype_id]; @@ -82,27 +83,30 @@ function admin_rooms() { $msg .= error(sprintf(_("Please enter needed angels for type %s.", $angeltype)), true); } } - + if ($ok) { if (isset($id)) { - sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("Room updated: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number); } else { - sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "'"); - $id = sql_id(); + $id = Room_create($name, $from_pentabarf, $public, $number); + if ($id === false) + engelsystem_error("Unable to create room."); engelsystem_log("Room created: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number); } - - sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($id)); + + sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($id) . "'"); $needed_angeltype_info = array(); foreach ($angeltypes_count as $angeltype_id => $angeltype_count) { - $angeltype_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($angeltype_id) . " LIMIT 1"); - if (count($angeltype_source) > 0) { - sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`=" . sql_escape($id) . ", `angel_type_id`=" . sql_escape($angeltype_id) . ", `count`=" . sql_escape($angeltype_count)); - $needed_angeltype_info[] = $angeltypes_source[0]['name'] . ": " . $angeltype_count; + $angeltype = AngelType($angeltype_id); + if ($angeltype === false) + engelsystem_error("Unable to load angeltype."); + if ($angeltype != null) { + sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`='" . sql_escape($id) . "', `angel_type_id`='" . sql_escape($angeltype_id) . "', `count`='" . sql_escape($angeltype_count) . "'"); + $needed_angeltype_info[] = $angeltype['name'] . ": " . $angeltype_count; } } - + engelsystem_log("Set needed angeltypes of room " . $name . " to: " . join(", ", $needed_angeltype_info)); success(_("Room saved.")); redirect(page_link_to("admin_rooms")); @@ -110,66 +114,68 @@ function admin_rooms() { } $angeltypes_count_form = array(); foreach ($angeltypes as $angeltype_id => $angeltype) - $angeltypes_count_form[] = div('col-lg-4 col-md-6 col-xs-6', array(form_spinner('angeltype_count_' . $angeltype_id, $angeltype, $angeltypes_count[$angeltype_id]))); - + $angeltypes_count_form[] = div('col-lg-4 col-md-6 col-xs-6', array( + form_spinner('angeltype_count_' . $angeltype_id, $angeltype, $angeltypes_count[$angeltype_id]) + )); + return page_with_title(admin_rooms_title(), array( buttons(array( - button(page_link_to('admin_rooms'), _("back"), 'back') + button(page_link_to('admin_rooms'), _("back"), 'back') )), $msg, form(array( - div('row', array( - div('col-md-6', array( - form_text('name', _("Name"), $name), - form_checkbox('from_pentabarf', _("Frab import"), $from_pentabarf), - form_checkbox('public', _("Public"), $public), - form_text('number', _("Room number"), $number) - )), - div('col-md-6', array( - div('row', array( - div('col-md-12', array( - form_info(_("Needed angels:")), + div('row', array( + div('col-md-6', array( + form_text('name', _("Name"), $name), + form_checkbox('from_pentabarf', _("Frab import"), $from_pentabarf), + form_checkbox('public', _("Public"), $public), + form_text('number', _("Room number"), $number) )), - join($angeltypes_count_form) - )) - )) - )), - form_submit('submit', _("Save")) - )) + div('col-md-6', array( + div('row', array( + div('col-md-12', array( + form_info(_("Needed angels:")) + )), + join($angeltypes_count_form) + )) + )) + )), + form_submit('submit', _("Save")) + )) )); } elseif ($_REQUEST['show'] == 'delete') { if (isset($_REQUEST['ack'])) { - sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($id) . " LIMIT 1"); - sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($id) . " LIMIT 1"); - + sql_query("DELETE FROM `Room` WHERE `RID`='" . sql_escape($id) . "' LIMIT 1"); + sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($id) . "' LIMIT 1"); + engelsystem_log("Room deleted: " . $name); success(sprintf(_("Room %s deleted."), $name)); redirect(page_link_to('admin_rooms')); } - + return page_with_title(admin_rooms_title(), array( buttons(array( - button(page_link_to('admin_rooms'), _("back"), 'back') + button(page_link_to('admin_rooms'), _("back"), 'back') )), sprintf(_("Do you want to delete room %s?"), $name), buttons(array( - button(page_link_to('admin_rooms') . '&show=delete&id=' . $id . '&ack', _("Delete"), 'delete') - )) + button(page_link_to('admin_rooms') . '&show=delete&id=' . $id . '&ack', _("Delete"), 'delete') + )) )); } } - + return page_with_title(admin_rooms_title(), array( buttons(array( - button(page_link_to('admin_rooms') . '&show=edit', _("add")) + button(page_link_to('admin_rooms') . '&show=edit', _("add")) )), msg(), table(array( 'name' => _("Name"), 'from_pentabarf' => _("Frab import"), 'public' => _("Public"), - 'actions' => "" - ), $rooms) + 'actions' => "" + ), $rooms) )); } ?> diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php index 733144b3..346e9046 100644 --- a/includes/pages/admin_shifts.php +++ b/includes/pages/admin_shifts.php @@ -10,7 +10,7 @@ function admin_shifts() { $rid = 0; $start = DateTime::createFromFormat("Y-m-d H:i", date("Y-m-d") . " 00:00")->getTimestamp(); - $end = $start + 24 * 60 * 60; + $end = $start; $mode = 'single'; $angelmode = 'manually'; $length = ''; @@ -143,7 +143,7 @@ function admin_shifts() { if ($ok) { if ($angelmode == 'location') { $needed_angel_types = array(); - $needed_angel_types_location = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($rid)); + $needed_angel_types_location = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($rid) . "'"); foreach ($needed_angel_types_location as $type) $needed_angel_types[$type['angel_type_id']] = $type['count']; } @@ -206,7 +206,7 @@ function admin_shifts() { 'start' => $shift_start, 'end' => $shift_end, 'RID' => $rid, - 'name' => $title, + 'title' => $title, 'shifttype_id' => $shifttype_id ); @@ -269,12 +269,12 @@ function admin_shifts() { if ($shift_id === false) engelsystem_error('Unable to create shift.'); - engelsystem_log("Shift created: " . $shift['name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end'])); + engelsystem_log("Shift created: " . $shifttypes[$shift['shifttype_id']] . " with title " . $shift['title'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end'])); $needed_angel_types_info = array(); foreach ($_SESSION['admin_shifts_types'] as $type_id => $count) { - $angel_type_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($type_id) . " LIMIT 1"); + $angel_type_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($type_id) . "' LIMIT 1"); if (count($angel_type_source) > 0) { - sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count)); + sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`='" . sql_escape($shift_id) . "', `angel_type_id`='" . sql_escape($type_id) . "', `count`='" . sql_escape($count) . "'"); $needed_angel_types_info[] = $angel_type_source[0]['name'] . ": " . $count; } } @@ -293,7 +293,7 @@ function admin_shifts() { $room_select = html_select_key('rid', 'rid', $room_array, $_REQUEST['rid']); $angel_types = ""; foreach ($types as $type) - $angel_types .= form_spinner('type_' . $type['id'], $type['name'], $needed_angel_types[$type['id']]); + $angel_types .= '<div class="col-md-4">' . form_spinner('type_' . $type['id'], $type['name'], $needed_angel_types[$type['id']]) . '</div>'; return page_with_title(admin_shifts_title(), array( msg(), @@ -316,7 +316,7 @@ function admin_shifts() { form_info(_("Needed angels"), ''), form_radio('angelmode', _("Take needed angels from room settings"), $angelmode == 'location', 'location'), form_radio('angelmode', _("The following angels are needed"), $angelmode == 'manually', 'manually'), - $angel_types, + '<div class="row">'.$angel_types.'</div>', '</div>', '</div>', form_submit('preview', _("Preview")) diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index 4e10ca1e..ee244925 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -9,224 +9,174 @@ function admin_user() { $html = ''; - if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) { - $id = $_REQUEST['id']; - if (! isset($_REQUEST['action'])) { - $html .= "Hallo,<br />" . "hier kannst du den Eintrag ändern. Unter dem Punkt 'Gekommen' " . "wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " . "dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " . "Wenn T-Shirt ein 'Ja' enthält, bedeutet dies, dass der Engel " . "bereits sein T-Shirt erhalten hat.<br /><br />\n"; - - $html .= "<form action=\"" . page_link_to("admin_user") . "&action=save&id=$id\" method=\"post\">\n"; - $html .= "<table border=\"0\">\n"; - $html .= "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n"; - - $SQL = "SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "'"; - $Erg = sql_query($SQL); - list($user_source) = sql_select($SQL); - - $html .= "<tr><td>\n"; - $html .= "<table>\n"; - $html .= " <tr><td>Nick</td><td>" . "<input type=\"text\" size=\"40\" name=\"eNick\" value=\"" . $user_source['Nick'] . "\"></td></tr>\n"; - $html .= " <tr><td>lastLogIn</td><td>" . date("Y-m-d H:i", $user_source['lastLogIn']) . "</td></tr>\n"; - $html .= " <tr><td>Name</td><td>" . "<input type=\"text\" size=\"40\" name=\"eName\" value=\"" . $user_source['Name'] . "\"></td></tr>\n"; - $html .= " <tr><td>Vorname</td><td>" . "<input type=\"text\" size=\"40\" name=\"eVorname\" value=\"" . $user_source['Vorname'] . "\"></td></tr>\n"; - $html .= " <tr><td>Alter</td><td>" . "<input type=\"text\" size=\"5\" name=\"eAlter\" value=\"" . $user_source['Alter'] . "\"></td></tr>\n"; - $html .= " <tr><td>Telefon</td><td>" . "<input type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" . $user_source['Telefon'] . "\"></td></tr>\n"; - $html .= " <tr><td>Handy</td><td>" . "<input type=\"text\" size=\"40\" name=\"eHandy\" value=\"" . $user_source['Handy'] . "\"></td></tr>\n"; - $html .= " <tr><td>DECT</td><td>" . "<input type=\"text\" size=\"4\" name=\"eDECT\" value=\"" . $user_source['DECT'] . "\"></td></tr>\n"; - $html .= " <tr><td>email</td><td>" . "<input type=\"text\" size=\"40\" name=\"eemail\" value=\"" . $user_source['email'] . "\"></td></tr>\n"; - $html .= "<tr><td>".form_checkbox('email_shiftinfo', _("Please send me an email if my shifts change"), $user_source['email_shiftinfo']) . "</td></tr>\n"; - $html .= " <tr><td>jabber</td><td>" . "<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"" . $user_source['jabber'] . "\"></td></tr>\n"; - $html .= " <tr><td>Size</td><td>" . html_select_key('size', 'eSize', $tshirt_sizes, $user_source['Size']) . "</td></tr>\n"; - - $options = array( - '1' => "Yes", - '0' => "No" - ); - - // Gekommen? - $html .= " <tr><td>Gekommen</td><td>\n"; - $html .= html_options('eGekommen', $options, $user_source['Gekommen']) . "</td></tr>\n"; - - // Aktiv? - $html .= " <tr><td>Aktiv</td><td>\n"; - $html .= html_options('eAktiv', $options, $user_source['Aktiv']) . "</td></tr>\n"; - - // Aktiv erzwingen - if (in_array('admin_active', $privileges)) { - $html .= " <tr><td>" . _("Force active") . "</td><td>\n"; - $html .= html_options('force_active', $options, $user_source['force_active']) . "</td></tr>\n"; - } - - // T-Shirt bekommen? - $html .= " <tr><td>T-Shirt</td><td>\n"; - $html .= html_options('eTshirt', $options, $user_source['Tshirt']) . "</td></tr>\n"; - - $html .= " <tr><td>Hometown</td><td>" . "<input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" . $user_source['Hometown'] . "\"></td></tr>\n"; - - $html .= "</table>\n</td><td valign=\"top\">" . User_Avatar_render($user_source) . "</td></tr>"; - - $html .= "</td></tr>\n"; - $html .= "</table>\n<br />\n"; - $html .= "<input type=\"submit\" value=\"Speichern\">\n"; - $html .= "</form>"; - - $html .= "<hr />"; - - // UserAngelType subform - list($user_source) = sql_select($SQL); - - $selected_angel_types = sql_select_single_col("SELECT `angeltype_id` FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID'])); - $accepted_angel_types = sql_select_single_col("SELECT `angeltype_id` FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `confirm_user_id` IS NOT NULL"); - $nonrestricted_angel_types = sql_select_single_col("SELECT `id` FROM `AngelTypes` WHERE `restricted` = 0"); - - $angel_types_source = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `name`"); - $angel_types = array(); - foreach ($angel_types_source as $angel_type) - $angel_types[$angel_type['id']] = $angel_type['name']; - - if (isset($_REQUEST['submit_user_angeltypes'])) { - $selected_angel_types = isset($_REQUEST['selected_angel_types']) && is_array($_REQUEST['selected_angel_types']) ? array_intersect($_REQUEST['selected_angel_types'], array_keys($angel_types)) : array(); - $accepted_angel_types = isset($_REQUEST['accepted_angel_types']) && is_array($_REQUEST['accepted_angel_types']) ? array_unique(array_diff(array_intersect($_REQUEST['accepted_angel_types'], array_keys($angel_types)), $nonrestricted_angel_types)) : array(); - if (in_array("admin_user_angeltypes", $privileges)) - $selected_angel_types = array_merge((array) $selected_angel_types, $accepted_angel_types); - $selected_angel_types = array_unique($selected_angel_types); - - // Assign angel-types - sql_transaction_start(); - sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID'])); - $user_angel_type_info = array(); - if (! empty($selected_angel_types)) { - $SQL = "INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`) VALUES "; - foreach ($selected_angel_types as $selected_angel_type_id) { - $SQL .= "(" . $user_source['UID'] . ", " . $selected_angel_type_id . "),"; - $user_angel_type_info[] = $angel_types[$selected_angel_type_id] . (in_array($selected_angel_type_id, $accepted_angel_types) ? ' (confirmed)' : ''); - } - // remove superfluous comma - $SQL = substr($SQL, 0, - 1); - sql_query($SQL); - } - if (in_array("admin_user_angeltypes", $privileges)) { - sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id` = NULL WHERE `user_id` = " . sql_escape($user_source['UID'])); - if (! empty($accepted_angel_types)) - sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id` = '" . sql_escape($user['UID']) . "' WHERE `user_id` = '" . sql_escape($user_source['UID']) . "' AND `angeltype_id` IN (" . implode(',', $accepted_angel_types) . ")"); - } - sql_transaction_commit(); - - engelsystem_log("Set angeltypes of " . User_Nick_render($user_source) . " to: " . join(", ", $user_angel_type_info)); - success("Angeltypes saved."); - redirect(page_link_to('admin_user') . '&id=' . $user_source['UID']); - } - - $html .= form(array( - msg(), - form_multi_checkboxes(array( - 'selected_angel_types' => 'gewünscht', - 'accepted_angel_types' => 'akzeptiert' - ), "Angeltypes", $angel_types, array( - 'selected_angel_types' => $selected_angel_types, - 'accepted_angel_types' => array_merge($accepted_angel_types, $nonrestricted_angel_types) - ), array( - 'accepted_angel_types' => $nonrestricted_angel_types - )), - form_submit('submit_user_angeltypes', _("Save")) - )); - - $html .= "<hr />"; - - $html .= "Hier kannst Du das Passwort dieses Engels neu setzen:<form action=\"" . page_link_to("admin_user") . "&action=change_pw&id=$id\" method=\"post\">\n"; - $html .= "<table>\n"; - $html .= " <tr><td>Passwort</td><td>" . "<input type=\"password\" size=\"40\" name=\"new_pw\" value=\"\"></td></tr>\n"; - $html .= " <tr><td>Wiederholung</td><td>" . "<input type=\"password\" size=\"40\" name=\"new_pw2\" value=\"\"></td></tr>\n"; - - $html .= "</table>"; - $html .= "<input type=\"submit\" value=\"Speichern\">\n"; - $html .= "</form>"; - - $html .= "<hr />"; - + if (! isset($_REQUEST['id'])) + redirect(users_link()); + + $id = $_REQUEST['id']; + if (! isset($_REQUEST['action'])) { + $user_source = User($id); + if ($user_source === false) + engelsystem_error('Unable to load user.'); + if ($user_source == null) { + error(_('This user does not exist.')); + redirect(users_link()); + } + + $html .= "Hallo,<br />" . "hier kannst du den Eintrag ändern. Unter dem Punkt 'Gekommen' " . "wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " . "dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " . "Wenn T-Shirt ein 'Ja' enthält, bedeutet dies, dass der Engel " . "bereits sein T-Shirt erhalten hat.<br /><br />\n"; + + $html .= "<form action=\"" . page_link_to("admin_user") . "&action=save&id=$id\" method=\"post\">\n"; + $html .= "<table border=\"0\">\n"; + $html .= "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n"; + + $SQL = "SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "'"; + list($user_source) = sql_select($SQL); + + $html .= "<tr><td>\n"; + $html .= "<table>\n"; + $html .= " <tr><td>Nick</td><td>" . "<input type=\"text\" size=\"40\" name=\"eNick\" value=\"" . $user_source['Nick'] . "\"></td></tr>\n"; + $html .= " <tr><td>lastLogIn</td><td>" . date("Y-m-d H:i", $user_source['lastLogIn']) . "</td></tr>\n"; + $html .= " <tr><td>Name</td><td>" . "<input type=\"text\" size=\"40\" name=\"eName\" value=\"" . $user_source['Name'] . "\"></td></tr>\n"; + $html .= " <tr><td>Vorname</td><td>" . "<input type=\"text\" size=\"40\" name=\"eVorname\" value=\"" . $user_source['Vorname'] . "\"></td></tr>\n"; + $html .= " <tr><td>Alter</td><td>" . "<input type=\"text\" size=\"5\" name=\"eAlter\" value=\"" . $user_source['Alter'] . "\"></td></tr>\n"; + $html .= " <tr><td>Telefon</td><td>" . "<input type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" . $user_source['Telefon'] . "\"></td></tr>\n"; + $html .= " <tr><td>Handy</td><td>" . "<input type=\"text\" size=\"40\" name=\"eHandy\" value=\"" . $user_source['Handy'] . "\"></td></tr>\n"; + $html .= " <tr><td>DECT</td><td>" . "<input type=\"text\" size=\"4\" name=\"eDECT\" value=\"" . $user_source['DECT'] . "\"></td></tr>\n"; + $html .= " <tr><td>email</td><td>" . "<input type=\"text\" size=\"40\" name=\"eemail\" value=\"" . $user_source['email'] . "\"></td></tr>\n"; + $html .= "<tr><td>" . form_checkbox('email_shiftinfo', _("Please send me an email if my shifts change"), $user_source['email_shiftinfo']) . "</td></tr>\n"; + $html .= " <tr><td>jabber</td><td>" . "<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"" . $user_source['jabber'] . "\"></td></tr>\n"; + $html .= " <tr><td>Size</td><td>" . html_select_key('size', 'eSize', $tshirt_sizes, $user_source['Size']) . "</td></tr>\n"; + + $options = array( + '1' => "Yes", + '0' => "No" + ); + + // Gekommen? + $html .= " <tr><td>Gekommen</td><td>\n"; + $html .= html_options('eGekommen', $options, $user_source['Gekommen']) . "</td></tr>\n"; + + // Aktiv? + $html .= " <tr><td>Aktiv</td><td>\n"; + $html .= html_options('eAktiv', $options, $user_source['Aktiv']) . "</td></tr>\n"; + + // Aktiv erzwingen + if (in_array('admin_active', $privileges)) { + $html .= " <tr><td>" . _("Force active") . "</td><td>\n"; + $html .= html_options('force_active', $options, $user_source['force_active']) . "</td></tr>\n"; + } + + // T-Shirt bekommen? + $html .= " <tr><td>T-Shirt</td><td>\n"; + $html .= html_options('eTshirt', $options, $user_source['Tshirt']) . "</td></tr>\n"; + + $html .= " <tr><td>Hometown</td><td>" . "<input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" . $user_source['Hometown'] . "\"></td></tr>\n"; + + $html .= "</table>\n</td><td valign=\"top\"></td></tr>"; + + $html .= "</td></tr>\n"; + $html .= "</table>\n<br />\n"; + $html .= "<input type=\"submit\" value=\"Speichern\">\n"; + $html .= "</form>"; + + $html .= "<hr />"; + + $html .= form_info('', _('Please visit the angeltypes page or the users profile to manage users angeltypes.')); + + $html .= "Hier kannst Du das Passwort dieses Engels neu setzen:<form action=\"" . page_link_to("admin_user") . "&action=change_pw&id=$id\" method=\"post\">\n"; + $html .= "<table>\n"; + $html .= " <tr><td>Passwort</td><td>" . "<input type=\"password\" size=\"40\" name=\"new_pw\" value=\"\"></td></tr>\n"; + $html .= " <tr><td>Wiederholung</td><td>" . "<input type=\"password\" size=\"40\" name=\"new_pw2\" value=\"\"></td></tr>\n"; + + $html .= "</table>"; + $html .= "<input type=\"submit\" value=\"Speichern\">\n"; + $html .= "</form>"; + + $html .= "<hr />"; + + $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user['UID']) . "' ORDER BY `group_id` LIMIT 1"); + if (count($my_highest_group) > 0) + $my_highest_group = $my_highest_group[0]['group_id']; + + $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "' ORDER BY `group_id` LIMIT 1"); + if (count($his_highest_group) > 0) + $his_highest_group = $his_highest_group[0]['group_id']; + + if ($id != $user['UID'] && $my_highest_group <= $his_highest_group) { $html .= "Hier kannst Du die Benutzergruppen des Engels festlegen:<form action=\"" . page_link_to("admin_user") . "&action=save_groups&id=" . $id . "\" method=\"post\">\n"; $html .= '<table>'; - $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($user['UID']) . " ORDER BY `uid` LIMIT 1"); - if (count($my_highest_group) > 0) - $my_highest_group = $my_highest_group[0]['group_id']; - - $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `uid` LIMIT 1"); - if (count($his_highest_group) > 0) - $his_highest_group = $his_highest_group[0]['group_id']; + $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group) . "' ORDER BY `Groups`.`Name`"); + foreach ($groups as $group) + $html .= '<tr><td><input type="checkbox" name="groups[]" value="' . $group['UID'] . '"' . ($group['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $group['Name'] . '</td></tr>'; - if ($id != $user['UID'] && $my_highest_group <= $his_highest_group) { - $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group) . " ORDER BY `Groups`.`Name`"); - foreach ($groups as $group) - $html .= '<tr><td><input type="checkbox" name="groups[]" value="' . $group['UID'] . '"' . ($group['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $group['Name'] . '</td></tr>'; - - $html .= '</table>'; - - $html .= "<input type=\"submit\" value=\"Speichern\">\n"; - $html .= "</form>"; - - $html .= "<hr />"; - } + $html .= '</table>'; - $html .= "<form action=\"" . page_link_to("admin_user") . "&action=delete&id=" . $id . "\" method=\"post\">\n"; - $html .= "<input type=\"submit\" value=\"Löschen\">\n"; + $html .= "<input type=\"submit\" value=\"Speichern\">\n"; $html .= "</form>"; $html .= "<hr />"; - } else { - switch ($_REQUEST['action']) { - case 'save_groups': - if ($id != $user['UID']) { - $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($user['UID']) . " ORDER BY `group_id`"); - $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `group_id`"); + } + + $html .= "<form action=\"" . page_link_to("admin_user") . "&action=delete&id=" . $id . "\" method=\"post\">\n"; + $html .= "<input type=\"submit\" value=\"Löschen\">\n"; + $html .= "</form>"; + + $html .= "<hr />"; + } else { + switch ($_REQUEST['action']) { + case 'save_groups': + if ($id != $user['UID']) { + $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user['UID']) . "' ORDER BY `group_id`"); + $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "' ORDER BY `group_id`"); + + if (count($my_highest_group) > 0 && (count($his_highest_group) == 0 || ($my_highest_group[0]['group_id'] <= $his_highest_group[0]['group_id']))) { + $groups_source = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group[0]['group_id']) . "' ORDER BY `Groups`.`Name`"); + $groups = array(); + $grouplist = array(); + foreach ($groups_source as $group) { + $groups[$group['UID']] = $group; + $grouplist[] = $group['UID']; + } - if (count($my_highest_group) > 0 && (count($his_highest_group) == 0 || ($my_highest_group[0]['group_id'] <= $his_highest_group[0]['group_id']))) { - $groups_source = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group[0]['group_id']) . " ORDER BY `Groups`.`Name`"); - $groups = array(); - $grouplist = array(); - foreach ($groups_source as $group) { - $groups[$group['UID']] = $group; - $grouplist[] = $group['UID']; - } - - if (! is_array($_REQUEST['groups'])) - $_REQUEST['groups'] = array(); - - sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id)); - $user_groups_info = array(); - foreach ($_REQUEST['groups'] as $group) { - if (in_array($group, $grouplist)) { - sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape($id) . ", `group_id`=" . sql_escape($group)); - $user_groups_info[] = $groups[$group]['Name']; - } + if (! is_array($_REQUEST['groups'])) + $_REQUEST['groups'] = array(); + + sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'"); + $user_groups_info = array(); + foreach ($_REQUEST['groups'] as $group) { + if (in_array($group, $grouplist)) { + sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($id) . "', `group_id`='" . sql_escape($group) . "'"); + $user_groups_info[] = $groups[$group]['Name']; } - $user_source = User($id); - engelsystem_log("Set groups of " . User_Nick_render($user_source) . " to: " . join(", ", $user_groups_info)); - $html .= success("Benutzergruppen gespeichert.", true); - } else { - $html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.", true); } + $user_source = User($id); + engelsystem_log("Set groups of " . User_Nick_render($user_source) . " to: " . join(", ", $user_groups_info)); + $html .= success("Benutzergruppen gespeichert.", true); } else { - $html .= error("Du kannst Deine eigenen Rechte nicht bearbeiten.", true); - } - break; - - case 'delete': - if ($user['UID'] != $id) { - $user_source = sql_select("SELECT `Nick`, `UID` FROM `User` WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1"); - sql_query("DELETE FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id)); - engelsystem_log("Deleted user " . User_Nick_render($user_source)); - $html .= success("Benutzer gelöscht!", true); - } else { - $html .= error("Du kannst Dich nicht selber löschen!", true); + $html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.", true); } - break; - - case 'save': - $force_active = $user['force_active']; - if (in_array('admin_active', $privileges)) - $force_active = $_REQUEST['force_active']; - $SQL = "UPDATE `User` SET + } else { + $html .= error("Du kannst Deine eigenen Rechte nicht bearbeiten.", true); + } + break; + + case 'delete': + if ($user['UID'] != $id) { + $user_source = sql_select("SELECT `Nick`, `UID` FROM `User` WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1"); + sql_query("DELETE FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); + sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'"); + engelsystem_log("Deleted user " . User_Nick_render($user_source)); + $html .= success("Benutzer gelöscht!", true); + } else { + $html .= error("Du kannst Dich nicht selber löschen!", true); + } + break; + + case 'save': + $force_active = $user['force_active']; + if (in_array('admin_active', $privileges)) + $force_active = $_REQUEST['force_active']; + $SQL = "UPDATE `User` SET `Nick` = '" . sql_escape($_POST["eNick"]) . "', `Name` = '" . sql_escape($_POST["eName"]) . "', `Vorname` = '" . sql_escape($_POST["eVorname"]) . "', @@ -235,7 +185,7 @@ function admin_user() { `Alter` = '" . sql_escape($_POST["eAlter"]) . "', `DECT` = '" . sql_escape($_POST["eDECT"]) . "', `email` = '" . sql_escape($_POST["eemail"]) . "', - `email_shiftinfo` = " . sql_escape(isset($_REQUEST['email_shiftinfo']) ? 'TRUE' : 'FALSE') . ", + `email_shiftinfo` = " . sql_bool(isset($_REQUEST['email_shiftinfo'])) . ", `jabber` = '" . sql_escape($_POST["ejabber"]) . "', `Size` = '" . sql_escape($_POST["eSize"]) . "', `Gekommen`= '" . sql_escape($_POST["eGekommen"]) . "', @@ -244,27 +194,23 @@ function admin_user() { `Tshirt` = '" . sql_escape($_POST["eTshirt"]) . "', `Hometown` = '" . sql_escape($_POST["Hometown"]) . "' WHERE `UID` = '" . sql_escape($id) . "' - LIMIT 1;"; - sql_query($SQL); - engelsystem_log("Updated user: " . $_POST["eNick"] . ", " . $_POST["eSize"] . ", arrived: " . $_POST["eGekommen"] . ", active: " . $_POST["eAktiv"] . ", tshirt: " . $_POST["eTshirt"]); - $html .= success("Änderung wurde gespeichert...\n", true); - break; - - case 'change_pw': - if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) { - set_password($id, $_REQUEST['new_pw']); - $user_source = User($id); - engelsystem_log("Set new password for " . User_Nick_render($user_source)); - $html .= success("Passwort neu gesetzt.", true); - } else { - $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true); - } - break; - } + LIMIT 1"; + sql_query($SQL); + engelsystem_log("Updated user: " . $_POST["eNick"] . ", " . $_POST["eSize"] . ", arrived: " . $_POST["eGekommen"] . ", active: " . $_POST["eAktiv"] . ", tshirt: " . $_POST["eTshirt"]); + $html .= success("Änderung wurde gespeichert...\n", true); + break; + + case 'change_pw': + if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) { + set_password($id, $_REQUEST['new_pw']); + $user_source = User($id); + engelsystem_log("Set new password for " . User_Nick_render($user_source)); + $html .= success("Passwort neu gesetzt.", true); + } else { + $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true); + } + break; } - } else { - msg(); - redirect(page_link_to('users')); } return page_with_title(_('Edit user'), array( diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index fc375092..677b057b 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -32,6 +32,7 @@ function guest_register() { $tshirt_size = ''; $password_hash = ""; $selected_angel_types = array(); + $planned_arrival_date = null; $angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); $angel_types = array(); @@ -96,6 +97,13 @@ function guest_register() { $msg .= error(sprintf(_("Your password is too short (please use at least %s characters)."), MIN_PASSWORD_LENGTH), true); } + if (isset($_REQUEST['planned_arrival_date']) && DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))) { + $planned_arrival_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))->getTimestamp(); + } else { + $ok = false; + $msg .= error(_("Please enter your planned date of arrival."), true); + } + $selected_angel_types = array(); foreach ($angel_types as $angel_type_id => $angel_type_name) if (isset($_REQUEST['angel_types_' . $angel_type_id])) @@ -122,7 +130,7 @@ function guest_register() { if ($ok) { sql_query(" INSERT INTO `User` SET - `color`=" . sql_escape($default_theme) . ", + `color`='" . sql_escape($default_theme) . "', `Nick`='" . sql_escape($nick) . "', `Vorname`='" . sql_escape($prename) . "', `Name`='" . sql_escape($lastname) . "', @@ -131,24 +139,26 @@ function guest_register() { `DECT`='" . sql_escape($dect) . "', `Handy`='" . sql_escape($mobile) . "', `email`='" . sql_escape($mail) . "', - `email_shiftinfo`=" . sql_escape($email_shiftinfo ? 'TRUE' : 'FALSE') . ", + `email_shiftinfo`=" . sql_bool($email_shiftinfo) . ", `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) . "', `Passwort`='" . sql_escape($password_hash) . "', `kommentar`='" . sql_escape($comment) . "', `Hometown`='" . sql_escape($hometown) . "', `CreateDate`=NOW(), - `Sprache`='" . sql_escape($_SESSION["locale"]) . "'"); + `Sprache`='" . sql_escape($_SESSION["locale"]) . "', + `arrival_date`=NULL, + `planned_arrival_date`='" . sql_escape($planned_arrival_date) . "'"); // Assign user-group and set password $user_id = sql_id(); - sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape($user_id) . ", `group_id`=-2"); + sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($user_id) . "', `group_id`=-2"); set_password($user_id, $_REQUEST['password']); // Assign angel-types $user_angel_types_info = array(); foreach ($selected_angel_types as $selected_angel_type_id) { - sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user_id) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id)); + sql_query("INSERT INTO `UserAngelTypes` SET `user_id`='" . sql_escape($user_id) . "', `angeltype_id`='" . sql_escape($selected_angel_type_id) . "'"); $user_angel_types_info[] = $angel_types[$selected_angel_type_id]; } engelsystem_log("User " . $nick . " signed up as: " . join(", ", $user_angel_types_info)); @@ -170,11 +180,18 @@ function guest_register() { form_text('nick', _("Nick") . ' ' . entry_required(), $nick) )), div('col-sm-8', array( - form_text('mail', _("E-Mail") . ' ' . entry_required(), $mail), + form_email('mail', _("E-Mail") . ' ' . entry_required(), $mail), form_checkbox('email_shiftinfo', _("Please send me an email if my shifts change"), $email_shiftinfo) )) )), - $enable_tshirt_size ? form_select('tshirt_size', _("Shirt size") . ' ' . entry_required(), $tshirt_sizes, $tshirt_size) : '', + div('row', array( + div('col-sm-6', array( + form_date('planned_arrival_date', _("Planned date of arrival") . ' ' . entry_required(), $planned_arrival_date, time()) + )), + div('col-sm-6', array( + $enable_tshirt_size ? form_select('tshirt_size', _("Shirt size") . ' ' . entry_required(), $tshirt_sizes, $tshirt_size) : '' + )) + )), div('row', array( div('col-sm-6', array( form_password('password', _("Password") . ' ' . entry_required()) @@ -269,6 +286,7 @@ function guest_login() { if ($ok) { $_SESSION['uid'] = $login_user['UID']; $_SESSION['locale'] = $login_user['Sprache']; + redirect(page_link_to('news')); } } diff --git a/includes/pages/user_ical.php b/includes/pages/user_ical.php index ba832842..bd954a87 100644 --- a/includes/pages/user_ical.php +++ b/includes/pages/user_ical.php @@ -28,7 +28,7 @@ function user_ical() { INNER JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`) INNER JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) - WHERE `UID`=" . sql_escape($user['UID']) . " + WHERE `UID`='" . sql_escape($user['UID']) . "' ORDER BY `start`"); } diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php index fe1b85ff..1785d5b6 100644 --- a/includes/pages/user_messages.php +++ b/includes/pages/user_messages.php @@ -7,7 +7,7 @@ function user_unread_messages() { global $user; if (isset($user)) { - $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID'])); + $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`='" . sql_escape($user['UID']) . "'"); if ($new_messages > 0) return ' <span class="badge danger">' . $new_messages . '</span>'; } @@ -18,7 +18,7 @@ function user_messages() { global $user; if (! isset($_REQUEST['action'])) { - $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`"); + $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`='" . sql_escape($user['UID']) . "' ORDER BY `Nick`"); $to_select_data = array( "" => _("Select recipient...") @@ -29,7 +29,7 @@ function user_messages() { $to_select = html_select_key('to', 'to', $to_select_data, ''); - $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC"); + $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`='" . sql_escape($user['UID']) . "' OR `RUID`='" . sql_escape($user['UID']) . "' ORDER BY `isRead`,`Datum` DESC"); foreach ($messages as $message) { $sender_user_source = User($message['SUID']); if ($sender_user_source === false) @@ -84,9 +84,9 @@ function user_messages() { else return error(_("Incomplete call, missing Message ID."), true); - $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1"); if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) { - sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`='" . sql_escape($id) . "' LIMIT 1"); redirect(page_link_to("user_messages")); } else return error(_("No Message found."), true); @@ -98,9 +98,9 @@ function user_messages() { else return error(_("Incomplete call, missing Message ID."), true); - $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1"); if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) { - sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + sql_query("DELETE FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1"); redirect(page_link_to("user_messages")); } else return error(_("No Message found."), true); diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php index e557054d..ee3cf1be 100644 --- a/includes/pages/user_myshifts.php +++ b/includes/pages/user_myshifts.php @@ -9,15 +9,15 @@ function user_myshifts() { global $LETZTES_AUSTRAGEN; global $user, $privileges; $msg = ""; - - if (isset($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) { + + if (isset($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($_REQUEST['id']) . "'") > 0) { $id = $_REQUEST['id']; } else { $id = $user['UID']; } - - list($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - + + list($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); + if (isset($_REQUEST['reset'])) { if ($_REQUEST['reset'] == "ack") { User_reset_api_key($user); @@ -26,7 +26,7 @@ function user_myshifts() { } return page_with_title(_("Reset API key"), array( error(_("If you reset the key, the url to your iCal- and JSON-export and your atom feed changes! You have to update it in every application using one of these exports."), true), - button(page_link_to('user_myshifts') . '&reset=ack', _("Continue"), 'btn-danger') + button(page_link_to('user_myshifts') . '&reset=ack', _("Continue"), 'btn-danger') )); } elseif (isset($_REQUEST['edit']) && preg_match("/^[0-9]*$/", $_REQUEST['edit'])) { $id = $_REQUEST['edit']; @@ -44,11 +44,11 @@ function user_myshifts() { JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) - WHERE `ShiftEntry`.`id`=" . sql_escape($id) . " - AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1"); + WHERE `ShiftEntry`.`id`='" . sql_escape($id) . "' + AND `UID`='" . sql_escape($shifts_user['UID']) . "' LIMIT 1"); if (count($shift) > 0) { $shift = $shift[0]; - + if (isset($_REQUEST['submit'])) { $freeloaded = $shift['freeloaded']; $freeload_comment = $shift['freeload_comment']; @@ -56,46 +56,51 @@ function user_myshifts() { $freeloaded = isset($_REQUEST['freeloaded']); $freeload_comment = strip_request_item_nl('freeload_comment'); } - + $comment = strip_request_item_nl('comment'); $user_source = User($shift['UID']); $result = ShiftEntry_update(array( 'id' => $id, 'Comment' => $comment, 'freeloaded' => $freeloaded, - 'freeload_comment' => $freeload_comment + 'freeload_comment' => $freeload_comment )); if ($result === false) engelsystem_error('Unable to update shift entr.'); - + engelsystem_log("Updated " . User_Nick_render($user_source) . "'s shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end']) . " with comment " . $comment . ". Freeloaded: " . ($freeloaded ? "YES Comment: " . $freeload_comment : "NO")); success(_("Shift saved.")); redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']); } - + return ShiftEntry_edit_view(User_Nick_render($shifts_user), date("Y-m-d H:i", $shift['start']) . ', ' . shift_length($shift), $shift['Name'], $shift['name'], $shift['angel_type'], $shift['Comment'], $shift['freeloaded'], $shift['freeload_comment'], in_array("user_shifts_admin", $privileges)); } else redirect(page_link_to('user_myshifts')); } elseif (isset($_REQUEST['cancel']) && preg_match("/^[0-9]*$/", $_REQUEST['cancel'])) { $id = $_REQUEST['cancel']; $shift = sql_select(" - SELECT `Shifts`.`start` + SELECT * FROM `Shifts` INNER JOIN `ShiftEntry` USING (`SID`) - WHERE `ShiftEntry`.`id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID'])); + WHERE `ShiftEntry`.`id`='" . sql_escape($id) . "' AND `UID`='" . sql_escape($shifts_user['UID']) . "'"); if (count($shift) > 0) { $shift = $shift[0]; if (($shift['start'] > time() + $LETZTES_AUSTRAGEN * 3600) || in_array('user_shifts_admin', $privileges)) { $result = ShiftEntry_delete($id); if ($result === false) engelsystem_error('Unable to delete shift entry.'); + $room = Room($shift['RID']); + $angeltype = AngelType($shift['TID']); + $shifttype = ShiftType($shift['shifttype_id']); + + engelsystem_log("Deleted own shift: " . $shifttype['name'] . " at " . $room['Name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end']) . " as " . $angeltype['name']); success(_("You have been signed off from the shift.")); } else error(_("It's too late to sign yourself off the shift. If neccessary, ask the dispatcher to do so.")); } else - redirect(page_link_to('user_myshifts')); + redirect(user_link($shifts_user)); } - + redirect(page_link_to('users') . '&action=view'); } ?> diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php index 8a4c0aa8..7c104095 100644 --- a/includes/pages/user_news.php +++ b/includes/pages/user_news.php @@ -21,7 +21,7 @@ function user_meetings() { else $page = 0; - $news = sql_select("SELECT * FROM `News` WHERE `Treffen`=1 ORDER BY `ID` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS)); + $news = sql_select("SELECT * FROM `News` WHERE `Treffen`=1 ORDER BY `Datum` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS)); foreach ($news as $entry) $html .= display_news($entry); @@ -73,9 +73,9 @@ function user_news_comments() { global $user; $html = '<div class="col-md-12"><h1>' . user_news_comments_title() . '</h1>'; - if (isset($_REQUEST["nid"]) && preg_match("/^[0-9]{1,}$/", $_REQUEST['nid']) && sql_num_query("SELECT * FROM `News` WHERE `ID`=" . sql_escape($_REQUEST['nid']) . " LIMIT 1") > 0) { + if (isset($_REQUEST["nid"]) && preg_match("/^[0-9]{1,}$/", $_REQUEST['nid']) && sql_num_query("SELECT * FROM `News` WHERE `ID`='" . sql_escape($_REQUEST['nid']) . "' LIMIT 1") > 0) { $nid = $_REQUEST["nid"]; - list($news) = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($nid) . " LIMIT 1"); + list($news) = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($nid) . "' LIMIT 1"); if (isset($_REQUEST["text"])) { $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); sql_query("INSERT INTO `NewsComments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')"); @@ -132,7 +132,7 @@ function user_news() { else $page = 0; - $news = sql_select("SELECT * FROM `News` ORDER BY `ID` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS)); + $news = sql_select("SELECT * FROM `News` ORDER BY `Datum` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS)); foreach ($news as $entry) $html .= display_news($entry); diff --git a/includes/pages/user_questions.php b/includes/pages/user_questions.php index be7f9930..0a2786d1 100644 --- a/includes/pages/user_questions.php +++ b/includes/pages/user_questions.php @@ -7,9 +7,9 @@ function user_questions() { global $user; if (! isset($_REQUEST['action'])) { - $open_questions = sql_select("SELECT * FROM `Questions` WHERE `AID` IS NULL AND `UID`=" . sql_escape($user['UID'])); + $open_questions = sql_select("SELECT * FROM `Questions` WHERE `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'"); - $answered_questions = sql_select("SELECT * FROM `Questions` WHERE NOT `AID` IS NULL AND `UID`=" . sql_escape($user['UID'])); + $answered_questions = sql_select("SELECT * FROM `Questions` WHERE NOT `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'"); foreach ($answered_questions as &$question) { $answer_user_source = User($question['AID']); if ($answer_user_source === false) @@ -23,7 +23,7 @@ function user_questions() { case 'ask': $question = strip_request_item_nl('question'); if ($question != "") { - $result = sql_query("INSERT INTO `Questions` SET `UID`=" . sql_escape($user['UID']) . ", `Question`='" . sql_escape($question) . "'"); + $result = sql_query("INSERT INTO `Questions` SET `UID`='" . sql_escape($user['UID']) . "', `Question`='" . sql_escape($question) . "'"); if ($result === false) engelsystem_error(_("Unable to save question.")); success(_("You question was saved.")); @@ -39,9 +39,9 @@ function user_questions() { else return error(_("Incomplete call, missing Question ID."), true); - $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1"); if (count($question) > 0 && $question[0]['UID'] == $user['UID']) { - sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("DELETE FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1"); redirect(page_link_to("user_questions")); } else return page_with_title(questions_title(), array( diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php index 47744474..466d3c3e 100644 --- a/includes/pages/user_settings.php +++ b/includes/pages/user_settings.php @@ -7,7 +7,7 @@ function settings_title() { function user_settings() { global $enable_tshirt_size, $tshirt_sizes, $themes, $locales; global $user; - + $msg = ""; $nick = $user['Nick']; $lastname = $user['Name']; @@ -24,34 +24,12 @@ function user_settings() { $password_hash = ""; $selected_theme = $user['color']; $selected_language = $user['Sprache']; - - $selected_angel_types_source = sql_select("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID'])); - $selected_angel_types_source_ids = array(); - $selected_angel_types = array(); - foreach ($selected_angel_types_source as $selected_angel_type) { - $selected_angel_types[] = $selected_angel_type['angeltype_id']; - $selected_angel_types_source_ids[] = $selected_angel_type['angeltype_id']; - } - - $angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); - $angel_types = array(); - foreach ($angel_types_source as $angel_type) - $angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : ""); - + $planned_arrival_date = $user['planned_arrival_date']; + $planned_departure_date = $user['planned_departure_date']; + if (isset($_REQUEST['submit'])) { $ok = true; - - if (isset($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 1) { - $nick = strip_request_item('nick'); - if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) { - $ok = false; - $msg .= error(sprintf(_("Your nick "%s" already exists."), $nick), true); - } - } else { - $ok = false; - $msg .= error(sprintf(_("Your nick "%s" is too short (min. 2 characters)."), strip_request_item('nick')), true); - } - + if (isset($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) { $mail = strip_request_item('mail'); if (! check_email($mail)) { @@ -62,9 +40,9 @@ function user_settings() { $ok = false; $msg .= error(_("Please enter your e-mail."), true); } - + $email_shiftinfo = isset($_REQUEST['email_shiftinfo']); - + if (isset($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) { $jabber = strip_request_item('jabber'); if (! check_email($jabber)) { @@ -72,18 +50,30 @@ function user_settings() { $msg .= error(_("Please check your jabber account information."), true); } } - + if (isset($_REQUEST['tshirt_size']) && isset($tshirt_sizes[$_REQUEST['tshirt_size']])) $tshirt_size = $_REQUEST['tshirt_size']; elseif ($enable_tshirt_size) { $ok = false; } - - $selected_angel_types = array(); - foreach ($angel_types as $angel_type_id => $angel_type_name) - if (isset($_REQUEST['angel_types_' . $angel_type_id])) - $selected_angel_types[] = $angel_type_id; - + + if (isset($_REQUEST['planned_arrival_date']) && DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))) { + $planned_arrival_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))->getTimestamp(); + } else { + $ok = false; + $msg .= error(_("Please enter your planned date of arrival."), true); + } + + if (isset($_REQUEST['planned_departure_date']) && $_REQUEST['planned_departure_date'] != '') { + if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_departure_date']))) { + $planned_departure_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_departure_date']))->getTimestamp(); + } else { + $ok = false; + $msg .= error(_("Please enter your planned date of departure."), true); + } + } else + $planned_departure_date = null; + // Trivia if (isset($_REQUEST['lastname'])) $lastname = strip_request_item('lastname'); @@ -99,7 +89,7 @@ function user_settings() { $mobile = strip_request_item('mobile'); if (isset($_REQUEST['hometown'])) $hometown = strip_request_item('hometown'); - + if ($ok) { sql_query(" UPDATE `User` SET @@ -111,48 +101,20 @@ function user_settings() { `DECT`='" . sql_escape($dect) . "', `Handy`='" . sql_escape($mobile) . "', `email`='" . sql_escape($mail) . "', - `email_shiftinfo`=" . sql_escape($email_shiftinfo ? 'TRUE' : 'FALSE') . ", + `email_shiftinfo`=" . sql_bool($email_shiftinfo) . ", `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) . "', - `Hometown`='" . sql_escape($hometown) . "' - WHERE `UID`=" . sql_escape($user['UID'])); - - // Assign angel-types - - $deleted_angel_type_names = array(); - $added_angel_type_names = array(); - - foreach($selected_angel_types_source as $source_angel_type) { - if (!in_array($source_angel_type["angeltype_id"], $selected_angel_types)) { - $deleted_angel_type_names[] = $angel_types[$source_angel_type["angeltype_id"]]; - sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`='" . sql_escape($user['UID']) . "' AND `angeltype_id` = ". sql_escape($source_angel_type["angeltype_id"])); - } - } - - foreach($selected_angel_types as $selected_angel_type) { - if (!in_array($selected_angel_type, $selected_angel_types_source_ids)) { - $added_angel_type_names[] = $angel_types[$selected_angel_type]; - sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type)); - } - } - - if(count($deleted_angel_type_names) > 0 || count($added_angel_type_names) > 0) { - $log_message = "User changed his own Angel Types. "; - if(count($deleted_angel_type_names) > 0) { - $log_message .= "Removed: " . implode(", ", $deleted_angel_type_names) . " "; - } - if(count($added_angel_type_names) > 0) { - $log_message .= "Added: " . implode(", ", $added_angel_type_names); - } - engelsystem_log($log_message); - } - + `Hometown`='" . sql_escape($hometown) . "', + `planned_arrival_date`='" . sql_escape($planned_arrival_date) . "', + `planned_departure_date`=" . sql_null($planned_departure_date) . " + WHERE `UID`='" . sql_escape($user['UID']) . "'"); + success(_("Settings saved.")); redirect(page_link_to('user_settings')); } } elseif (isset($_REQUEST['submit_password'])) { $ok = true; - + if (! isset($_REQUEST['password']) || ! verify_password($_REQUEST['password'], $user['Passwort'], $user['UID'])) $msg .= error(_("-> not OK. Please try again."), true); elseif (strlen($_REQUEST['new_password']) < MIN_PASSWORD_LENGTH) @@ -166,58 +128,60 @@ function user_settings() { redirect(page_link_to('user_settings')); } elseif (isset($_REQUEST['submit_theme'])) { $ok = true; - + if (isset($_REQUEST['theme']) && isset($themes[$_REQUEST['theme']])) $selected_theme = $_REQUEST['theme']; else $ok = false; - + if ($ok) { - sql_query("UPDATE `User` SET `color`='" . sql_escape($selected_theme) . "' WHERE `UID`=" . sql_escape($user['UID'])); - + sql_query("UPDATE `User` SET `color`='" . sql_escape($selected_theme) . "' WHERE `UID`='" . sql_escape($user['UID']) . "'"); + success(_("Theme changed.")); redirect(page_link_to('user_settings')); } } elseif (isset($_REQUEST['submit_language'])) { $ok = true; - + if (isset($_REQUEST['language']) && isset($locales[$_REQUEST['language']])) $selected_language = $_REQUEST['language']; else $ok = false; - + if ($ok) { - sql_query("UPDATE `User` SET `Sprache`='" . sql_escape($selected_language) . "' WHERE `UID`=" . sql_escape($user['UID'])); + sql_query("UPDATE `User` SET `Sprache`='" . sql_escape($selected_language) . "' WHERE `UID`='" . sql_escape($user['UID']) . "'"); $_SESSION['locale'] = $selected_language; - + success("Language changed."); redirect(page_link_to('user_settings')); } } - + return page_with_title(settings_title(), array( - sprintf(_("Hello %s, here you can change your personal settings i.e. password, color settings etc."), User_Nick_render($user)), $msg, msg(), div('row', array( div('col-md-6', array( form(array( - form_info(_("Here you can change your user details.")), - form_text('nick', _("Nick") . "*", $nick), + form_info('', _("Here you can change your user details.")), + form_info(entry_required() . ' = ' . _("Entry required!")), + form_text('nick', _("Nick"), $nick, true), form_text('lastname', _("Last name"), $lastname), form_text('prename', _("First name"), $prename), + form_date('planned_arrival_date', _("Planned date of arrival") . ' ' . entry_required(), $planned_arrival_date, time()), + form_date('planned_departure_date', _("Planned date of departure"), $planned_departure_date, time()), form_text('age', _("Age"), $age), form_text('tel', _("Phone"), $tel), form_text('dect', _("DECT"), $dect), form_text('mobile', _("Mobile"), $mobile), - form_text('mail', _("E-Mail") . "*", $mail), + form_text('mail', _("E-Mail") . ' ' . entry_required(), $mail), form_checkbox('email_shiftinfo', _("Please send me an email if my shifts change"), $email_shiftinfo), form_text('jabber', _("Jabber"), $jabber), form_text('hometown', _("Hometown"), $hometown), $enable_tshirt_size ? form_select('tshirt_size', _("Shirt size"), $tshirt_sizes, $tshirt_size) : '', - form_checkboxes('angel_types', _("What do you want to do?") . sprintf(" (<a href=\"%s\">%s</a>)", page_link_to('angeltypes') . '&action=about', _("Description of job types")), $angel_types, $selected_angel_types), - form_submit('submit', _("Save")) - )) + form_info('', _('Please visit the angeltypes page to manage your angeltypes.')), + form_submit('submit', _("Save")) + )) )), div('col-md-6', array( form(array( @@ -225,20 +189,20 @@ function user_settings() { form_password('password', _("Old password:")), form_password('new_password', _("New password:")), form_password('new_password2', _("Password confirmation:")), - form_submit('submit_password', _("Save")) + form_submit('submit_password', _("Save")) )), form(array( form_info(_("Here you can choose your color settings:")), form_select('theme', _("Color settings:"), $themes, $selected_theme), - form_submit('submit_theme', _("Save")) + form_submit('submit_theme', _("Save")) )), form(array( form_info(_("Here you can choose your language:")), form_select('language', _("Language:"), $locales, $selected_language), - form_submit('submit_language', _("Save")) - )) - )) - )) + form_submit('submit_language', _("Save")) + )) + )) + )) )); } ?> diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index 603ca993..8c01eef8 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -31,7 +31,7 @@ function user_shifts() { JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) - WHERE `ShiftEntry`.`id`=" . sql_escape($entry_id)); + WHERE `ShiftEntry`.`id`='" . sql_escape($entry_id) . "'"); if (count($shift_entry_source) > 0) { $shift_entry_source = $shift_entry_source[0]; @@ -58,7 +58,7 @@ function user_shifts() { SELECT `ShiftTypes`.`name`, `Shifts`.*, `Room`.* FROM `Shifts` JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`) - WHERE `SID`=" . sql_escape($shift_id)); + WHERE `SID`='" . sql_escape($shift_id) . "'"); if (count($shift) == 0) redirect(page_link_to('user_shifts')); $shift = $shift[0]; @@ -72,28 +72,34 @@ function user_shifts() { $needed_angel_types[$type['id']] = 0; } - // Benötigte Engeltypen vom Raum - $needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`room_id`=" . sql_escape($shift['RID']) . ") ORDER BY `AngelTypes`.`name`"); + $shifttypes_source = ShiftTypes(); + $shifttypes = []; + foreach ($shifttypes_source as $shifttype) + $shifttypes[$shifttype['id']] = $shifttype['name']; + + // Benötigte Engeltypen vom Raum + $needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`room_id`='" . sql_escape($shift['RID']) . "') ORDER BY `AngelTypes`.`name`"); foreach ($needed_angel_types_source as $type) { if ($type['count'] != "") $needed_angel_types[$type['id']] = $type['count']; } // Benötigte Engeltypen von der Schicht - $needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`shift_id`=" . sql_escape($shift_id) . ") ORDER BY `AngelTypes`.`name`"); + $needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`shift_id`='" . sql_escape($shift_id) . "') ORDER BY `AngelTypes`.`name`"); foreach ($needed_angel_types_source as $type) { if ($type['count'] != "") $needed_angel_types[$type['id']] = $type['count']; } - $name = $shift['name']; + $shifttype_id = $shift['shifttype_id']; + $title = $shift['title']; $rid = $shift['RID']; $start = $shift['start']; $end = $shift['end']; if (isset($_REQUEST['submit'])) { // Name/Bezeichnung der Schicht, darf leer sein - $name = strip_request_item('name'); + $title = strip_request_item('title'); // Auswahl der sichtbaren Locations für die Schichten if (isset($_REQUEST['rid']) && preg_match("/^[0-9]+$/", $_REQUEST['rid']) && isset($room_array[$_REQUEST['rid']])) @@ -104,6 +110,13 @@ function user_shifts() { $msg .= error(_("Please select a room."), true); } + if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) + $shifttype_id = $_REQUEST['shifttype_id']; + else { + $ok = false; + $msg .= error(_('Please select a shifttype.'), true); + } + if (isset($_REQUEST['start']) && $tmp = DateTime::createFromFormat("Y-m-d H:i", trim($_REQUEST['start']))) $start = $tmp->getTimestamp(); else { @@ -133,23 +146,28 @@ function user_shifts() { } if ($ok) { - $shift['name'] = $name; + $shift['shifttype_id'] = $shifttype_id; + $shift['title'] = $title; $shift['RID'] = $rid; $shift['start'] = $start; $shift['end'] = $end; + $result = Shift_update($shift); if ($result === false) engelsystem_error('Unable to update shift.'); - sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id)); + sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`='" . sql_escape($shift_id) . "'"); $needed_angel_types_info = array(); foreach ($needed_angel_types as $type_id => $count) { - sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count)); + sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`='" . sql_escape($shift_id) . "', `angel_type_id`='" . sql_escape($type_id) . "', `count`='" . sql_escape($count) . "'"); $needed_angel_types_info[] = $angel_types[$type_id]['name'] . ": " . $count; } engelsystem_log("Updated shift '" . $name . "' from " . date("y-m-d H:i", $start) . " to " . date("y-m-d H:i", $end) . " with angel types " . join(", ", $needed_angel_types_info)); success(_("Shift updated.")); - redirect(shift_link($shift_id)); + + redirect(shift_link([ + 'SID' => $shift_id + ])); } } @@ -163,7 +181,8 @@ function user_shifts() { msg(), '<noscript>' . info(_("This page is much more comfortable with javascript."), true) . '</noscript>', form(array( - form_text('name', _("Name/Description:"), $name), + form_select('shifttype_id', _('Shifttype'), $shifttypes, $shifttype_id), + form_text('title', _("Title"), $title), form_select('rid', _("Room:"), $room_array, $rid), form_text('start', _("Start:"), date("Y-m-d H:i", $start)), form_text('end', _("End:"), date("Y-m-d H:i", $end)), @@ -218,32 +237,21 @@ function user_shifts() { $type_id = $_REQUEST['type_id']; else redirect(page_link_to('user_shifts')); - - // Schicht läuft schon, Eintragen für Engel nicht mehr möglich - if (! in_array('user_shifts_admin', $privileges) && time() > $shift['start']) { - error(_("This shift is running now or ended already. Please contact a dispatcher to join the shift.")); - redirect(shift_link($shift)); - } - - // Another shift the user is signed up for collides with this one - if (! in_array('user_shifts_admin', $privileges) && sql_num_query(" - SELECT `Shifts`.`SID` - FROM `Shifts` - INNER JOIN `ShiftEntry` ON (`Shifts`.`SID` = `ShiftEntry`.`SID` AND `ShiftEntry`.`UID` = " . sql_escape($user['UID']) . ") - WHERE `start` < '" . sql_escape($shift['end']) . "' AND `end` > '" . sql_escape($shift['start']) . "'") > 0) { - error(_("You already subscribed to shift in the same timeslot. Please contact a dispatcher to join the shift.")); - redirect(shift_link($shift)); - } if (in_array('user_shifts_admin', $privileges)) - $type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($type_id) . " LIMIT 1"); + $type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($type_id) . "' LIMIT 1"); else - $type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = " . sql_escape($type_id) . " AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = " . sql_escape($user['UID']) . " AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1"); + $type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1"); if (count($type) == 0) redirect(page_link_to('user_shifts')); $type = $type[0]; + if (! Shift_signup_allowed($shift, $type)) { + error(_('You are not allowed to sign up for this shift. Maybe shift is full or already running.')); + redirect(shift_link($shift)); + } + if (isset($_REQUEST['submit'])) { $selected_type_id = $type_id; if (in_array('user_shifts_admin', $privileges)) { @@ -252,10 +260,10 @@ function user_shifts() { else $user_id = $user['UID']; - if (sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($user_id) . " LIMIT 1") == 0) + if (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1") == 0) redirect(page_link_to('user_shifts')); - if (isset($_REQUEST['angeltype_id']) && test_request_int('angeltype_id') && sql_num_query("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($_REQUEST['angeltype_id']) . " LIMIT 1") > 0) + if (isset($_REQUEST['angeltype_id']) && test_request_int('angeltype_id') && sql_num_query("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($_REQUEST['angeltype_id']) . "' LIMIT 1") > 0) $selected_type_id = $_REQUEST['angeltype_id']; } else $user_id = $user['UID']; @@ -340,7 +348,7 @@ function view_user_shifts() { if (in_array('user_shifts_admin', $privileges)) $types = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `AngelTypes`.`name`"); else - $types = sql_select("SELECT `AngelTypes`.`id`, `AngelTypes`.`name`, (`AngelTypes`.`restricted`=0 OR (NOT `UserAngelTypes`.`confirm_user_id` IS NULL OR `UserAngelTypes`.`id` IS NULL)) as `enabled` FROM `AngelTypes` LEFT JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id`=`AngelTypes`.`id` AND `UserAngelTypes`.`user_id`=" . sql_escape($user['UID']) . ") ORDER BY `AngelTypes`.`name`"); + $types = sql_select("SELECT `AngelTypes`.`id`, `AngelTypes`.`name`, (`AngelTypes`.`restricted`=0 OR (NOT `UserAngelTypes`.`confirm_user_id` IS NULL OR `UserAngelTypes`.`id` IS NULL)) as `enabled` FROM `AngelTypes` LEFT JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id`=`AngelTypes`.`id` AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "') ORDER BY `AngelTypes`.`name`"); if (empty($types)) $types = sql_select("SELECT `id`, `name` FROM `AngelTypes` WHERE `restricted` = 0"); $filled = array( @@ -363,9 +371,13 @@ function view_user_shifts() { $_SESSION['user_shifts'] = array(); if (! isset($_SESSION['user_shifts']['filled'])) { - $_SESSION['user_shifts']['filled'] = array( + // User shift admins see free and occupied shifts by default + $_SESSION['user_shifts']['filled'] = in_array('user_shifts_admin', $privileges) ? [ + 0, + 1 + ] : [ 0 - ); + ]; } foreach (array( @@ -441,10 +453,10 @@ function view_user_shifts() { if (count($_SESSION['user_shifts']['filled']) == 1) { if ($_SESSION['user_shifts']['filled'][0] == 0) $SQL .= " - AND (nat.`count` > entries.`count` OR entries.`count` IS NULL OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = " . sql_escape($user['UID']) . " AND `ShiftEntry`.`SID` = `Shifts`.`SID`))"; + AND (nat.`count` > entries.`count` OR entries.`count` IS NULL OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = '" . sql_escape($user['UID']) . "' AND `ShiftEntry`.`SID` = `Shifts`.`SID`))"; elseif ($_SESSION['user_shifts']['filled'][0] == 1) $SQL .= " - AND (nat.`count` <= entries.`count` OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = " . sql_escape($user['UID']) . " AND `ShiftEntry`.`SID` = `Shifts`.`SID`))"; + AND (nat.`count` <= entries.`count` OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = '" . sql_escape($user['UID']) . "' AND `ShiftEntry`.`SID` = `Shifts`.`SID`))"; } $SQL .= " ORDER BY `start`"; @@ -506,7 +518,10 @@ function view_user_shifts() { if ($colspan == 0) $colspan = 1; $todo[$rid] = array_fill(0, $maxshow, $colspan); - $shifts_table .= "<th" . (($colspan > 1) ? ' colspan="' . $colspan . '"' : '') . ">${room['name']}</th>\n"; + $shifts_table .= "<th" . (($colspan > 1) ? ' colspan="' . $colspan . '"' : '') . ">" . Room_name_render([ + 'RID' => $room['id'], + 'Name' => $room['name'] + ]) . "</th>\n"; } unset($block, $blocks, $firstblock, $colspan, $key, $room); @@ -543,7 +558,17 @@ function view_user_shifts() { // qqqqqq $is_free = false; - $shifts_row = '<a href="' . shift_link($shift) . '">' . date('d.m. H:i', $shift['start']); + $shifts_row = ''; + if (in_array('admin_shifts', $privileges)) + $shifts_row .= '<div class="pull-right">' . table_buttons(array( + button(page_link_to('user_shifts') . '&edit_shift=' . $shift['SID'], glyph('edit'), 'btn-xs'), + button(page_link_to('user_shifts') . '&delete_shift=' . $shift['SID'], glyph('trash'), 'btn-xs') + )) . '</div>'; + $shifts_row .= Room_name_render([ + 'RID' => $room['id'], + 'Name' => $room['name'] + ]) . '<br />'; + $shifts_row .= '<a href="' . shift_link($shift) . '">' . date('d.m. H:i', $shift['start']); $shifts_row .= " – "; $shifts_row .= date('H:i', $shift['end']); $shifts_row .= "<br /><b>"; @@ -553,23 +578,19 @@ function view_user_shifts() { $shifts_row .= $shift['title']; $shifts_row .= "<br />"; } - if (in_array('admin_shifts', $privileges)) - $shifts_row .= ' ' . table_buttons(array( - button(page_link_to('user_shifts') . '&edit_shift=' . $shift['SID'], glyph('edit'), 'btn-xs'), - button(page_link_to('user_shifts') . '&delete_shift=' . $shift['SID'], glyph('trash'), 'btn-xs') - )); + $shifts_row .= '</a>'; $shifts_row .= '<br />'; $query = "SELECT `NeededAngelTypes`.`count`, `AngelTypes`.`id`, `AngelTypes`.`restricted`, `UserAngelTypes`.`confirm_user_id`, `AngelTypes`.`name`, `UserAngelTypes`.`user_id` FROM `NeededAngelTypes` JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id`) - LEFT JOIN `UserAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `UserAngelTypes`.`angeltype_id`AND `UserAngelTypes`.`user_id`=" . sql_escape($user['UID']) . ") + LEFT JOIN `UserAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `UserAngelTypes`.`angeltype_id`AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "') WHERE `count` > 0 AND "; if ($shift['has_special_needs']) - $query .= "`shift_id` = " . sql_escape($shift['SID']); + $query .= "`shift_id` = '" . sql_escape($shift['SID']) . "'"; else - $query .= "`room_id` = " . sql_escape($shift['RID']); + $query .= "`room_id` = '" . sql_escape($shift['RID']) . "'"; if (! empty($_SESSION['user_shifts']['types'])) $query .= " AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") "; $query .= " ORDER BY `AngelTypes`.`name`"; @@ -577,17 +598,14 @@ function view_user_shifts() { if (count($angeltypes) > 0) { foreach ($angeltypes as $angeltype) { - $entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`=" . sql_escape($shift['SID']) . " AND `TID`=" . sql_escape($angeltype['id']) . " ORDER BY `Nick`"); + $entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `TID`='" . sql_escape($angeltype['id']) . "' ORDER BY `Nick`"); $entry_list = array(); $freeloader = 0; foreach ($entries as $entry) { - if ($entry['Gekommen'] == 1) - $style = "font-weight:bold;"; - else - $style = "font-weight:normal;"; + $style = ''; if ($entry['freeloaded']) { $freeloader ++; - $style .= " text-decoration: line-through;"; + $style = " text-decoration: line-through;"; } if (in_array('user_shifts_admin', $privileges)) $entry_list[] = "<span style=\"$style\">" . User_Nick_render($entry) . ' ' . table_buttons(array( @@ -617,29 +635,30 @@ function view_user_shifts() { // User shift admins may join anybody in every shift $user_may_join_shift |= in_array('user_shifts_admin', $privileges); if ($user_may_join_shift) - $entry_list[] = '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . $inner_text . ' »</a>'; + $entry_list[] = '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . $inner_text . '</a> ' . button(page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'], _('Sign up'), 'btn-xs'); else { if (time() > $shift['start']) - $entry_list[] = $inner_text . ' (vorbei)'; + $entry_list[] = $inner_text . ' (' . _('ended') . ')'; elseif ($angeltype['restricted'] == 1 && isset($angeltype['user_id']) && ! isset($angeltype['confirm_user_id'])) $entry_list[] = $inner_text . glyph('lock'); + elseif ($angeltype['restricted'] == 1) + $entry_list[] = $inner_text; elseif ($collides) $entry_list[] = $inner_text; else - $entry_list[] = $inner_text . ' <a href="' . page_link_to('user_settings') . '#angel_types_anchor">(Werde ' . $angeltype['name'] . ')</a>'; + $entry_list[] = $inner_text . '<br />' . button(page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], sprintf(_('Become %s'), $angeltype['name']), 'btn-xs'); } unset($inner_text); $is_free = true; } - $shifts_row .= '<b>' . $angeltype['name'] . ':</b> '; + $shifts_row .= '<strong>' . AngelType_name_render($angeltype) . ':</strong> '; $shifts_row .= join(", ", $entry_list); $shifts_row .= '<br />'; } - if (in_array('user_shifts_admin', $privileges)) { - $shifts_row .= '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . _("Add more angels") . ' »</a>'; - } + if (in_array('user_shifts_admin', $privileges)) + $shifts_row .= ' ' . button(page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'], _("Add more angels"), 'btn-xs'); } if ($shift['own'] && ! in_array('user_shifts_admin', $privileges)) $class = 'own'; @@ -695,23 +714,24 @@ function view_user_shifts() { $query = "SELECT `NeededAngelTypes`.`count`, `AngelTypes`.`id`, `AngelTypes`.`restricted`, `UserAngelTypes`.`confirm_user_id`, `AngelTypes`.`name`, `UserAngelTypes`.`user_id` FROM `NeededAngelTypes` JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id`) - LEFT JOIN `UserAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `UserAngelTypes`.`angeltype_id`AND `UserAngelTypes`.`user_id`=" . sql_escape($user['UID']) . ") + LEFT JOIN `UserAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `UserAngelTypes`.`angeltype_id`AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "') WHERE "; if ($shift_has_special_needs) - $query .= "`shift_id` = " . sql_escape($shift['SID']); + $query .= "`shift_id` = '" . sql_escape($shift['SID']) . "'"; else - $query .= "`room_id` = " . sql_escape($shift['RID']); + $query .= "`room_id` = '" . sql_escape($shift['RID']) . "'"; $query .= " AND `count` > 0 "; if (! empty($_SESSION['user_shifts']['types'])) $query .= "AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") "; $query .= "ORDER BY `AngelTypes`.`name`"; $angeltypes = sql_select($query); if (count($angeltypes) > 0) { - $my_shift = sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift['SID']) . " AND `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0; + $my_shift = sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `UID`='" . sql_escape($user['UID']) . "' LIMIT 1") > 0; foreach ($angeltypes as &$angeltype) { - $entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`=" . sql_escape($shift['SID']) . " AND `TID`=" . sql_escape($angeltype['id']) . " ORDER BY `Nick`"); + $entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `TID`='" . sql_escape($angeltype['id']) . "' ORDER BY `Nick`"); $entry_list = array(); + $entry_nicks = []; $freeloader = 0; foreach ($entries as $entry) { if (in_array('user_shifts_admin', $privileges)) @@ -725,8 +745,11 @@ function view_user_shifts() { $freeloader ++; } $entry_list[] = $member; + $entry_nicks[] = $entry['Nick']; } $angeltype['taken'] = count($entries) - $freeloader; + $angeltype['angels'] = $entry_nicks; + // do we need more angles of this type? if ($angeltype['count'] - count($entries) + $freeloader > 0) { $inner_text = sprintf(ngettext("%d helper needed", "%d helpers needed", $angeltype['count'] - count($entries) + $freeloader), $angeltype['count'] - count($entries) + $freeloader); @@ -756,7 +779,7 @@ function view_user_shifts() { } elseif ($angeltype['restricted'] == 1 && isset($angeltype['user_id']) && ! isset($angeltype['confirm_user_id'])) { $entry_list[] = $inner_text . glyph("lock"); } else { - $entry_list[] = $inner_text . ' <a href="' . page_link_to('user_settings') . '#angel_types_anchor">(Werde ' . $angeltype['name'] . ')</a>'; + $entry_list[] = $inner_text . ' <a href="' . page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'] . '">' . sprintf(_('Become %s'), $angeltype['name']) . '</a>'; } } @@ -769,7 +792,7 @@ function view_user_shifts() { $shift_row['entries'] .= '<br />'; } if (in_array('user_shifts_admin', $privileges)) { - $shift_row['entries'] .= '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">Weitere Helfer eintragen »</a>'; + $shift_row['entries'] .= '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . _('Add more angels') . ' »</a>'; } $shifts_table[] = $shift_row; $shift['angeltypes'] = $angeltypes; @@ -795,7 +818,7 @@ function view_user_shifts() { 'start_time' => $_SESSION['user_shifts']['start_time'], 'end_select' => html_select_key("end_day", "end_day", array_combine($days, $days), $_SESSION['user_shifts']['end_day']), 'end_time' => $_SESSION['user_shifts']['end_time'], - 'type_select' => make_select($types, $_SESSION['user_shifts']['types'], "types", _("Tasks") . '<sup>1</sup>'), + 'type_select' => make_select($types, $_SESSION['user_shifts']['types'], "types", _("Angeltypes") . '<sup>1</sup>'), 'filled_select' => make_select($filled, $_SESSION['user_shifts']['filled'], "filled", _("Occupancy")), 'task_notice' => '<sup>1</sup>' . _("The tasks shown here are influenced by the preferences you defined in your settings!") . " <a href=\"" . page_link_to('angeltypes') . '&action=about' . "\">" . _("Description of the jobs.") . "</a>", 'new_style_checkbox' => '<label><input type="checkbox" name="new_style" value="1" ' . ($_SESSION['user_shifts']['new_style'] ? ' checked' : '') . '> ' . _("Use new style if possible") . '</label>', diff --git a/includes/sys_auth.php b/includes/sys_auth.php index e9fa197d..d4f35fa6 100644 --- a/includes/sys_auth.php +++ b/includes/sys_auth.php @@ -6,7 +6,7 @@ function load_auth() { $user = null; if (isset($_SESSION['uid'])) { - $user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_SESSION['uid']) . " LIMIT 1"); + $user = sql_select("SELECT * FROM `User` WHERE `UID`='" . sql_escape($_SESSION['uid']) . "' LIMIT 1"); if (count($user) > 0) { // User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten list ($user) = $user; @@ -53,47 +53,9 @@ function verify_password($password, $salt, $uid = false) { return $correct; } -// JSON Authorisierungs-Schnittstelle -function json_auth_service() { - global $api_key; - - header("Content-Type: application/json"); - - $User = $_REQUEST['user']; - $Pass = $_REQUEST['pw']; - $SourceOuth = $_REQUEST['so']; - - if (isset($api_key) && $SourceOuth == $api_key) { - $sql = "SELECT `UID`, `Passwort` FROM `User` WHERE `Nick`='" . sql_escape($User) . "'"; - $Erg = sql_select($sql); - - if (count($Erg) == 1) { - $Erg = $Erg[0]; - if (verify_password($Pass, $Erg["Passwort"], $Erg["UID"])) { - $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($UID) . ";"); - foreach ($user_privs as $user_priv) - $privileges[] = $user_priv['name']; - - $msg = array ( - 'status' => 'success', - 'rights' => $privileges - ); - echo json_encode($msg); - die(); - } - } - } - - echo json_encode(array ( - 'status' => 'failed', - 'error' => "JSON Service GET syntax: https://engelsystem.de/?auth&user=<user>&pw=<password>&so=<key>, POST is possible too" - )); - die(); -} - function privileges_for_user($user_id) { $privileges = array (); - $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($user_id) . ";"); + $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`='" . sql_escape($user_id) . "'"); foreach ($user_privs as $user_priv) $privileges[] = $user_priv['name']; return $privileges; @@ -101,7 +63,7 @@ function privileges_for_user($user_id) { function privileges_for_group($group_id) { $privileges = array (); - $groups_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group_id)); + $groups_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`='" . sql_escape($group_id) . "'"); foreach ($groups_privs as $guest_priv) $privileges[] = $guest_priv['name']; return $privileges; diff --git a/includes/sys_counter.php b/includes/sys_counter.php deleted file mode 100644 index 40110165..00000000 --- a/includes/sys_counter.php +++ /dev/null @@ -1,11 +0,0 @@ -<?php - -function counter() { - global $p; - - if (sql_num_query("SELECT `Anz` FROM `Counter` WHERE `URL`='" . sql_escape($p) . "'") == 0) - sql_query("INSERT INTO `Counter` ( `URL` , `Anz` ) VALUES ('" . sql_escape($p) . "', '1');"); - else - sql_query("UPDATE `Counter` SET `Anz` = `Anz` + 1 WHERE `URL` = '" . sql_escape($p) . "' LIMIT 1 ;"); -} -?> diff --git a/includes/sys_log.php b/includes/sys_log.php index 60c765c0..66ff5820 100644 --- a/includes/sys_log.php +++ b/includes/sys_log.php @@ -9,13 +9,12 @@ */ function engelsystem_log($message) { global $user; - + if (isset($user)) { - $nick = $user['Nick']; + $nick = User_Nick_render($user); } else { $nick = "Guest"; } - LogEntry_create($nick, $message); } @@ -27,14 +26,14 @@ function debug_string_backtrace() { debug_print_backtrace(); $trace = ob_get_contents(); ob_end_clean(); - + // Remove first item from backtrace as it's this function which // is redundant. $trace = preg_replace('/^#0\s+' . __FUNCTION__ . "[^\n]*\n/", '', $trace, 1); - + // Renumber backtrace items. $trace = preg_replace('/^#(\d+)/me', '\'#\' . ($1 - 1)', $trace); - + return $trace; } diff --git a/includes/sys_menu.php b/includes/sys_menu.php index 16577cbc..c7ecfb88 100644 --- a/includes/sys_menu.php +++ b/includes/sys_menu.php @@ -45,6 +45,9 @@ function header_toolbar() { if ($unconfirmed_hint != '') $hints[] = $unconfirmed_hint; + if (! isset($user['planned_departure_date']) || $user['planned_departure_date'] == null) + $hints[] = info(_("Please enter your planned date of departure on your settings page to give us a feeling for teardown capacities."), true); + if (User_is_freeloader($user)) { $hints[] = error(sprintf(_("You freeloaded at least %s shifts. Shift signup is locked. Please go to heavens desk to be unlocked again."), $max_freeloadable_shifts), true); $hint_class = 'danger'; diff --git a/includes/sys_template.php b/includes/sys_template.php index 3b6d7d3b..dd5edde7 100644 --- a/includes/sys_template.php +++ b/includes/sys_template.php @@ -6,7 +6,7 @@ $themes = array( "0" => "Engelsystem light", "1" => "Engelsystem dark", - "2" => "Engelsystem 31c3" + "2" => "Engelsystem cccamp15" ); /** @@ -85,9 +85,18 @@ function toolbar_dropdown($glyphicon, $label, $submenu, $class = '') { function toolbar_popover($glyphicon, $label, $content, $class = '') { $id = md5(microtime() . $glyphicon . $label); return '<li class="dropdown messages ' . $class . '"> - <a id="' . $id . '" href="#" tabindex="0">' . ($glyphicon != '' ? '<span class="glyphicon glyphicon-' . $glyphicon . '"></span> ' : '') . $label . ' <span class="caret"></span></a> + <a id="' . $id . '" href="#">' . ($glyphicon != '' ? '<span class="glyphicon glyphicon-' . $glyphicon . '"></span> ' : '') + . $label . ' <span class="caret"></span></a> <script type="text/javascript"> - $(document).ready(function(){$("#' . $id . '").popover({trigger: "click focus", html: true, content: "' . addslashes(join('', $content)) . '", placement: "bottom", container: "#navbar-collapse-1"})}); + $(function(){ + $("#' . $id . '").popover({ + trigger: "focus", + html: true, + content: "' . addslashes(join('', $content)) . '", + placement: "bottom", + container: "#navbar-collapse-1" + }) + }); </script></li>'; } @@ -123,6 +132,40 @@ function form_spinner($name, $label, $value) { } /** + * Render a bootstrap datepicker + * + * @param string $name + * Name of the parameter + * @param string $label + * Label + * @param int $value + * Unix Timestamp + * @param int $min_date + * Earliest possible date + * @return HTML + */ +function form_date($name, $label, $value, $start_date = '') { + $id = $name . '-date'; + $value = is_numeric($value) ? date('Y-m-d', $value) : ''; + $start_date = is_numeric($start_date) ? date('Y-m-d', $start_date) : ''; + return form_element($label, ' + <div class="input-group date" id="' . $id . '"> + <input type="text" name="' . $name . '" class="form-control" value="' . $value . '"><span class="input-group-addon">' . glyph('th') . '</span> + </div> + <script type="text/javascript"> + $(function(){ + $("#' . $id . '").datepicker({ + language: "' . locale_short() . '", + todayBtn: "linked", + format: "yyyy-mm-dd", + startDate: "' . $start_date . '" + }); + }); + </script> + ', $id); +} + +/** * Rendert eine Liste von Checkboxen für ein Formular * * @param diff --git a/includes/view/AngelTypes_view.php b/includes/view/AngelTypes_view.php index 78563c0b..ce38a096 100644 --- a/includes/view/AngelTypes_view.php +++ b/includes/view/AngelTypes_view.php @@ -103,23 +103,25 @@ function AngelType_view($angeltype, $members, $user_angeltype, $admin_user_angel foreach ($members as $member) { $member['Nick'] = User_Nick_render($member); if ($angeltype['restricted'] && $member['confirm_user_id'] == null) { - $member['actions'] = join(" ", array( - '<a href="' . page_link_to('user_angeltypes') . '&action=confirm&user_angeltype_id=' . $member['user_angeltype_id'] . '" class="ok">' . _("confirm") . '</a>', - '<a href="' . page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $member['user_angeltype_id'] . '" class="cancel">' . _("deny") . '</a>' - )); + $member['actions'] = table_buttons([ + button(page_link_to('user_angeltypes') . '&action=confirm&user_angeltype_id=' . $member['user_angeltype_id'], _("confirm"), 'btn-xs'), + button(page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $member['user_angeltype_id'], _("deny"), 'btn-xs') + ]); $members_unconfirmed[] = $member; } elseif ($member['coordinator']) { if ($admin_angeltypes) - $member['actions'] = '<a href="' . page_link_to('user_angeltypes') . '&action=update&user_angeltype_id=' . $member['user_angeltype_id'] . '&coordinator=0" class="cancel">' . _("Remove coordinator rights") . '</a>'; + $member['actions'] = table_buttons([ + button(page_link_to('user_angeltypes') . '&action=update&user_angeltype_id=' . $member['user_angeltype_id'] . '&coordinator=0', _("Remove coordinator rights"), 'btn-xs') + ]); else $member['actions'] = ''; $coordinators[] = $member; } else { if ($admin_user_angeltypes) - $member['actions'] = join(" ", array( - $admin_angeltypes ? '<a href="' . page_link_to('user_angeltypes') . '&action=update&user_angeltype_id=' . $member['user_angeltype_id'] . '&coordinator=1" class="add">' . _("Add coordinator rights") . '</a>' : '', - '<a href="' . page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $member['user_angeltype_id'] . '" class="cancel">' . _("remove") . '</a>' - )); + $member['actions'] = table_buttons([ + $admin_angeltypes ? button(page_link_to('user_angeltypes') . '&action=update&user_angeltype_id=' . $member['user_angeltype_id'] . '&coordinator=1', _("Add coordinator rights"), 'btn-xs') : '', + button(page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $member['user_angeltype_id'], _("remove"), 'btn-xs') + ]); $members_confirmed[] = $member; } } @@ -131,6 +133,21 @@ function AngelType_view($angeltype, $members, $user_angeltype, $admin_user_angel 'actions' => "" ), $coordinators); } + + if (count($members_confirmed) > 0) + $members_confirmed[] = [ + 'Nick' => _('Sum'), + 'DECT' => count($members_confirmed), + 'actions' => '' + ]; + + if (count($members_unconfirmed) > 0) + $members_unconfirmed[] = [ + 'Nick' => _('Sum'), + 'DECT' => count($members_unconfirmed), + 'actions' => '' + ]; + $page[] = '<h3>' . _("Members") . '</h3>'; if ($admin_user_angeltypes) $page[] = buttons(array( diff --git a/includes/view/Rooms_view.php b/includes/view/Rooms_view.php index bb41a4d3..e1d411cb 100644 --- a/includes/view/Rooms_view.php +++ b/includes/view/Rooms_view.php @@ -4,7 +4,7 @@ function Room_name_render($room) { global $privileges; if (in_array('admin_rooms', $privileges)) return '<a href="' . room_link($room) . '">' . glyph('map-marker') . $room['Name'] . '</a>'; - return $room['Name']; + return glyph('map-marker') . $room['Name']; } ?>
\ No newline at end of file diff --git a/includes/view/Shifts_view.php b/includes/view/Shifts_view.php index 00c18572..b0628a3b 100644 --- a/includes/view/Shifts_view.php +++ b/includes/view/Shifts_view.php @@ -1,5 +1,14 @@ <?php +function Shift_editor_info_render($shift) { + $info = []; + if ($shift['created_by_user_id'] != null) + $info[] = sprintf(glyph('plus') . _("created at %s by %s"), date('Y-m-d H:i', $shift['created_at_timestamp']), User_Nick_render(User($shift['created_by_user_id']))); + if ($shift['edited_by_user_id'] != null) + $info[] = sprintf(glyph('pencil') . _("edited at %s by %s"), date('Y-m-d H:i', $shift['edited_at_timestamp']), User_Nick_render(User($shift['edited_by_user_id']))); + return join('<br />', $info); +} + function Shift_signup_button_render($shift, $angeltype, $user_angeltype = null, $user_shifts = null) { global $user; @@ -12,7 +21,7 @@ function Shift_signup_button_render($shift, $angeltype, $user_angeltype = null, if (Shift_signup_allowed($shift, $angeltype, $user_angeltype, $user_shifts)) return button(page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'], _('Sign up')); elseif ($user_angeltype == null) - return button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], sprintf('Become %s', $angeltype['name'])); + return button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], sprintf(_('Become %s'), $angeltype['name'])); else return ''; } @@ -36,7 +45,7 @@ function Shift_view($shift, $shifttype, $room, $shift_admin, $angeltypes_source, $needed_angels .= '<div class="pull-right">' . Shift_signup_button_render($shift, $angeltypes[$needed_angeltype['TID']]) . '</div>'; $needed_angels .= '<h3>' . AngelType_name_render($angeltypes[$needed_angeltype['TID']]) . '</h3>'; - $needed_angels .= progress_bar(0, $needed_angeltype['count'], $needed_angeltype['taken'], $class, $needed_angeltype['taken'] . ' / ' . $needed_angeltype['count']); + $needed_angels .= progress_bar(0, $needed_angeltype['count'], min($needed_angeltype['taken'], $needed_angeltype['count']), $class, $needed_angeltype['taken'] . ' / ' . $needed_angeltype['count']); $angels = []; foreach ($shift['ShiftEntry'] as $shift_entry) { @@ -46,7 +55,7 @@ function Shift_view($shift, $shifttype, $room, $shift_admin, $angeltypes_source, $entry = '<strike>' . $entry . '</strike>'; if ($user_shift_admin) { $entry .= ' <div class="btn-group">'; - $entry .= button_glyph(page_link_to('user_myshifts') . '&edit=' . $shift['SID'] . '&id=' . $shift_entry['UID'], 'pencil', 'btn-xs'); + $entry .= button_glyph(page_link_to('user_myshifts') . '&edit=' . $shift_entry['id'] . '&id=' . $shift_entry['UID'], 'pencil', 'btn-xs'); $entry .= button_glyph(page_link_to('user_shifts') . '&entry_id=' . $shift_entry['id'], 'trash', 'btn-xs'); $entry .= '</div>'; } @@ -60,6 +69,7 @@ function Shift_view($shift, $shifttype, $room, $shift_admin, $angeltypes_source, } return page_with_title($shift['name'] . ' <small class="moment-countdown" data-timestamp="' . $shift['start'] . '">%c</small>', [ + msg(), Shift_collides($shift, $user_shifts) ? info(_('This shift collides with one of your shifts.'), true) : '', $signed_up ? info(_('You are signed up for this shift.'), true) : '', @@ -104,7 +114,8 @@ function Shift_view($shift, $shifttype, $room, $shift_admin, $angeltypes_source, '<h2>' . _('Description') . '</h2>', $parsedown->parse($shifttype['description']) ]) - ]) + ]), + $shift_admin ? Shift_editor_info_render($shift) : '' ]); } diff --git a/includes/view/User_view.php b/includes/view/User_view.php index a7d77b19..3ab5f816 100644 --- a/includes/view/User_view.php +++ b/includes/view/User_view.php @@ -19,10 +19,27 @@ $tshirt_sizes = array( 'XL-G' => "XL Girl" ); -function Users_view($users, $order_by, $arrived_count, $active_count, $force_active_count, $freeloads_count, $tshirts_count) { +/** + * View for editing the number of given vouchers + */ +function User_edit_vouchers_view($user) { + return page_with_title(sprintf(_("%s's vouchers"), User_Nick_render($user)), [ + msg(), + buttons([ + button(user_link($user), glyph('chevron-left') . _("back")) + ]), + form([ + form_spinner('vouchers', _("Number of vouchers"), $user['got_voucher']), + form_submit('submit', _("Save")) + ], page_link_to('users') . '&action=edit_vouchers&user_id=' . $user['UID']) + ]); +} + +function Users_view($users, $order_by, $arrived_count, $active_count, $force_active_count, $freeloads_count, $tshirts_count, $voucher_count) { foreach ($users as &$user) { $user['Nick'] = User_Nick_render($user); $user['Gekommen'] = glyph_bool($user['Gekommen']); + $user['got_voucher'] = $user['got_voucher']; $user['Aktiv'] = glyph_bool($user['Aktiv']); $user['force_active'] = glyph_bool($user['force_active']); $user['Tshirt'] = glyph_bool($user['Tshirt']); @@ -34,6 +51,7 @@ function Users_view($users, $order_by, $arrived_count, $active_count, $force_act $users[] = array( 'Nick' => '<strong>' . _('Sum') . '</strong>', 'Gekommen' => $arrived_count, + 'got_voucher' => $voucher_count, 'Aktiv' => $active_count, 'force_active' => $force_active_count, 'freeloads' => $freeloads_count, @@ -52,6 +70,7 @@ function Users_view($users, $order_by, $arrived_count, $active_count, $force_act 'Name' => Users_table_header_link('Name', _('Name'), $order_by), 'DECT' => Users_table_header_link('DECT', _('DECT'), $order_by), 'Gekommen' => Users_table_header_link('Gekommen', _('Arrived'), $order_by), + 'got_voucher' => Users_table_header_link('got_voucher', _('Voucher'), $order_by), 'freeloads' => _('Freeloads'), 'Aktiv' => Users_table_header_link('Aktiv', _('Active'), $order_by), 'force_active' => Users_table_header_link('force_active', _('Forced'), $order_by), @@ -106,10 +125,7 @@ function User_view($user_source, $admin_user_privilege, $freeloader, $user_angel $shift_entries = array(); foreach ($needed_angel_type['users'] as $user_shift) { - if ($its_me) - $member = '<strong>' . User_Nick_render($user_shift) . '</strong>'; - else - $member = User_Nick_render($user_shift); + $member = User_Nick_render($user_shift); if ($user_shift['freeloaded']) $member = '<strike>' . $member . '</strike>'; @@ -143,15 +159,15 @@ function User_view($user_source, $admin_user_privilege, $freeloader, $user_angel $myshift['actions'] = table_buttons($myshift['actions']); if ($shift['freeloaded']) - $timesum += - 2 * ($shift['end'] - $shift['start']); + $timesum += (- 2 * ($shift['end'] - $shift['start'])); else - $timesum += $shift['end'] - $shift['start']; + $timesum += ($shift['end'] - $shift['start']); $myshifts_table[] = $myshift; } if (count($myshifts_table) > 0) $myshifts_table[] = array( 'date' => '<b>' . _("Sum:") . '</b>', - 'time' => "<b>" . round($timesum / (60 * 60), 1) . " h</b>", + 'time' => "<b>" . round($timesum / 3600, 1) . " h</b>", 'room' => "", 'shift_info' => "", 'comment' => "", @@ -171,7 +187,8 @@ function User_view($user_source, $admin_user_privilege, $freeloader, $user_angel '<h4>' . _("User state") . '</h4>', ($admin_user_privilege && $freeloader) ? '<span class="text-danger"><span class="glyphicon glyphicon-exclamation-sign"></span> ' . _("Freeloader") . '</span><br />' : '', $user_source['Gekommen'] ? User_shift_state_render($user_source) . '<br />' : '', - ($user_source['Gekommen'] ? '<span class="text-success"><span class="glyphicon glyphicon-home"></span> ' . _("Arrived") . '</span>' : '<span class="text-danger">' . _("Not arrived") . '</span>'), + $admin_user_privilege || $its_me ? ($user_source['Gekommen'] ? '<span class="text-success"><span class="glyphicon glyphicon-home"></span> ' . sprintf(_("Arrived at %s"), date('Y-m-d', $user_source['arrival_date'])) . '</span>' : '<span class="text-danger">' . sprintf(_("Not arrived (Planned: %s)"), date('Y-m-d', $user_source['planned_arrival_date'])) . '</span>') : ($user_source['Gekommen'] ? '<span class="text-success"><span class="glyphicon glyphicon-home"></span> ' . _("Arrived") . '</span>' : '<span class="text-danger">' . _("Not arrived") . '</span>'), + $admin_user_privilege ? ($user_source['got_voucher'] > 0 ? '<br /><span class="text-success">' . glyph('cutlery') . sprintf(ngettext("Got %s voucher", "Got %s vouchers", $user_source['got_voucher']), $user_source['got_voucher']) . '</span><br />' : '<br /><span class="text-danger">' . _("Got no vouchers") . '</span><br />') : '', ($user_source['Gekommen'] && $admin_user_privilege && $user_source['Aktiv']) ? ' <span class="text-success">' . _("Active") . '</span>' : '', ($user_source['Gekommen'] && $admin_user_privilege && $user_source['Tshirt']) ? ' <span class="text-success">' . _("T-Shirt") . '</span>' : '' )), @@ -189,6 +206,7 @@ function User_view($user_source, $admin_user_privilege, $freeloader, $user_angel buttons(array( $admin_user_privilege ? button(page_link_to('admin_user') . '&id=' . $user_source['UID'], glyph("edit") . _("edit")) : '', ($admin_user_privilege && ! $user_source['Gekommen']) ? button(page_link_to('admin_arrive') . '&arrived=' . $user_source['UID'], _("arrived")) : '', + $admin_user_privilege ? button(page_link_to('users') . '&action=edit_vouchers&user_id=' . $user_source['UID'], glyph('cutlery') . _('Edit vouchers')) : '', $its_me ? button(page_link_to('user_settings'), glyph('list-alt') . _("Settings")) : '', $its_me ? button(page_link_to('ical') . '&key=' . $user_source['api_key'], glyph('calendar') . _("iCal Export")) : '', $its_me ? button(page_link_to('shifts_json_export') . '&key=' . $user_source['api_key'], glyph('export') . _("JSON Export")) : '', @@ -205,6 +223,7 @@ function User_view($user_source, $admin_user_privilege, $freeloader, $user_angel 'comment' => _("Comment"), 'actions' => _("Action") ), $myshifts_table) : '', + $its_me ? info(glyph('info-sign') . _("Your night shifts between 2 and 8 am count twice."), true) : '', $its_me && count($shifts) == 0 ? error(sprintf(_("Go to the <a href=\"%s\">shifts table</a> to sign yourself up for some shifts."), page_link_to('user_shifts')), true) : '' )); } @@ -249,7 +268,7 @@ function User_angeltypes_render($user_angeltypes) { $class = 'text-warning'; else $class = 'text-success'; - $output[] = '<span class="' . $class . '">' . ($angeltype['coordinator'] ? '<span class="glyphicon glyphicon-certificate"></span> ' : '') . $angeltype['name'] . '</span>'; + $output[] = '<span class="' . $class . '">' . ($angeltype['coordinator'] ? glyph('education') : '') . $angeltype['name'] . '</span>'; } return join('<br />', $output); } @@ -263,23 +282,13 @@ function User_groups_render($user_groups) { } /** - * Render a users avatar. - * - * @param User $user - * @return string - */ -function User_Avatar_render($user) { - return '<div class="avatar"> <img src="pic/avatar/avatar' . $user['Avatar'] . '.gif"></div>'; -} - -/** * Render a user nickname. * * @param User $user_source * @return string */ function User_Nick_render($user_source) { - return '<a href="' . page_link_to('users') . '&action=view&user_id=' . $user_source['UID'] . '"><span class="icon-icon_angel"></span> ' . htmlspecialchars($user_source['Nick']) . '</a>'; + return '<a class="' . ($user_source['Gekommen'] ? '' : 'text-muted') . '" href="' . page_link_to('users') . '&action=view&user_id=' . $user_source['UID'] . '"><span class="icon-icon_angel"></span> ' . htmlspecialchars($user_source['Nick']) . '</a>'; } ?> |