summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
Diffstat (limited to 'includes')
-rw-r--r--includes/controller/shifts_controller.php34
-rw-r--r--includes/model/User_model.php24
-rw-r--r--includes/pages/admin_shifts.php3
-rw-r--r--includes/pages/user_atom.php23
-rw-r--r--includes/pages/user_ical.php10
-rw-r--r--includes/pages/user_myshifts.php4
-rw-r--r--includes/pages/user_shifts.php6
-rw-r--r--includes/sys_user.php6
8 files changed, 83 insertions, 27 deletions
diff --git a/includes/controller/shifts_controller.php b/includes/controller/shifts_controller.php
new file mode 100644
index 00000000..1cd7b5d6
--- /dev/null
+++ b/includes/controller/shifts_controller.php
@@ -0,0 +1,34 @@
+<?php
+
+/**
+ * Export filtered shifts via JSON. (Like iCal Export or shifts view)
+ */
+function shifts_json_export_controller() {
+ global $ical_shifts, $user;
+
+ if (isset ($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}$/", $_REQUEST['key']))
+ $key = $_REQUEST['key'];
+ else
+ die("Missing key.");
+
+ $user = User_by_api_key($key);
+ if($user === false)
+ die("Unable to find user.");
+ if($user == null)
+ die("Key invalid.");
+ if(!in_array('shifts_json_export', privileges_for_user($user['UID'])))
+ die("No privilege for shifts_json_export.");
+
+ if (isset ($_REQUEST['export']) && $_REQUEST['export'] == 'user_shifts') {
+ require_once ('includes/pages/user_shifts.php');
+ view_user_shifts();
+ } else {
+ $ical_shifts = sql_select("SELECT `Shifts`.*, `Room`.`Name` as `room_name` FROM `ShiftEntry` INNER JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) INNER JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `UID`=" . sql_escape($user['UID']) . " ORDER BY `start`");
+ }
+
+ header("Content-Type: application/json; charset=utf-8");
+ echo json_encode($ical_shifts);
+ die();
+}
+
+?> \ No newline at end of file
diff --git a/includes/model/User_model.php b/includes/model/User_model.php
index c2d2282e..d79ede17 100644
--- a/includes/model/User_model.php
+++ b/includes/model/User_model.php
@@ -11,4 +11,28 @@ function User($id) {
return null;
}
+/**
+ * Returns User by api_key.
+ * @param string $api_key User api key
+ * @return Matching user, null or false on error
+ */
+function User_by_api_key($api_key) {
+ $user = sql_select("SELECT * FROM `User` WHERE `api_key`='" . sql_escape($api_key) . "' LIMIT 1");
+ if($user === false)
+ return false;
+ if (count($user) == 0)
+ return null;
+ return $user[0];
+}
+
+/**
+ * Generates a new api key for given user.
+ * @param User $user
+ */
+function User_reset_api_key($user) {
+ $user['api_key'] = md5($user['Nick'] . time() . rand());
+ sql_query("UPDATE `User` SET `api_key`='" . sql_escape($user['api_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
+ engelsystem_log("API key resetted.");
+}
+
?> \ No newline at end of file
diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php
index 9a0dde35..178e4e88 100644
--- a/includes/pages/admin_shifts.php
+++ b/includes/pages/admin_shifts.php
@@ -12,7 +12,7 @@ function admin_shifts() {
$mode = '';
$angelmode = '';
$length = '';
- $change_hours = '';
+ $change_hours = array();
// Locations laden (auch unsichtbare - fuer Erzengel ist das ok)
$rooms = sql_select("SELECT * FROM `Room` ORDER BY `Name`");
@@ -209,7 +209,6 @@ function admin_shifts() {
$hidden_types = "";
foreach ($needed_angel_types as $type_id => $count)
$hidden_types .= '<input type="hidden" name="type_' . $type_id . '" value="' . $count . '" />';
- sort($change_hours);
return template_render('../templates/admin_shift_preview.html', array (
'shifts_table' => $shifts_table,
'name' => $name,
diff --git a/includes/pages/user_atom.php b/includes/pages/user_atom.php
index fd28510f..c9420c91 100644
--- a/includes/pages/user_atom.php
+++ b/includes/pages/user_atom.php
@@ -9,16 +9,19 @@ function user_atom() {
else
die("Missing key.");
- $user = sql_select("SELECT * FROM `User` WHERE `ical_key`='" . sql_escape($key) . "' LIMIT 1");
- if (count($user) == 0)
+ $user = User_by_api_key($key);
+ if($user === false)
+ die("Unable to find user.");
+ if($user == null)
die("Key invalid.");
+ if(!in_array('atom', privileges_for_user($user['UID'])))
+ die("No privilege for atom.");
- $user = $user[0];
$news = sql_select("SELECT * FROM `News` " . (empty($_REQUEST['meetings'])? '' : 'WHERE `Treffen` = 1 ') . "ORDER BY `ID` DESC LIMIT " . sql_escape($DISPLAY_NEWS));
header('Content-Type: application/atom+xml; charset=utf-8');
$html = '<?xml version="1.0" encoding="utf-8"?>
-<feed xmlns="http://www.w3.org/2005/Atom">
+ <feed xmlns="http://www.w3.org/2005/Atom">
<title>Engelsystem</title>
<id>' . $_SERVER['HTTP_HOST'] . htmlspecialchars(preg_replace('#[&?]key=[a-f0-9]{32}#', '', $_SERVER['REQUEST_URI'])) . '</id>
<updated>' . date('Y-m-d\TH:i:sP', $news[0]['Datum']) . "</updated>\n";
@@ -29,11 +32,11 @@ function user_atom() {
<id>" . preg_replace('#^https?://#', '', page_link_to_absolute("news")) . "-${news_entry['ID']}</id>
<updated>" . date('Y-m-d\TH:i:sP', $news_entry['Datum']) . "</updated>
<summary type=\"html\">" . htmlspecialchars($news_entry['Text']) . "</summary>
- </entry>\n";
- }
- $html .= "</feed>";
- header("Content-Length: " . strlen($html));
- echo $html;
- die();
+ </entry>\n";
+}
+$html .= "</feed>";
+header("Content-Length: " . strlen($html));
+echo $html;
+die();
}
?>
diff --git a/includes/pages/user_ical.php b/includes/pages/user_ical.php
index 2b5632e3..d994ce31 100644
--- a/includes/pages/user_ical.php
+++ b/includes/pages/user_ical.php
@@ -10,11 +10,13 @@ function user_ical() {
else
die("Missing key.");
- $user = sql_select("SELECT * FROM `User` WHERE `ical_key`='" . sql_escape($key) . "' LIMIT 1");
- if (count($user) == 0)
+ $user = User_by_api_key($key);
+ if($user === false)
+ die("Unable to find user.");
+ if($user == null)
die("Key invalid.");
-
- $user = $user[0];
+ if(!in_array('ical', privileges_for_user($user['UID'])))
+ die("No privilege for ical.");
if (isset ($_REQUEST['export']) && $_REQUEST['export'] == 'user_shifts') {
require_once ('includes/pages/user_shifts.php');
diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php
index 4fec4872..a19ee34e 100644
--- a/includes/pages/user_myshifts.php
+++ b/includes/pages/user_myshifts.php
@@ -17,7 +17,7 @@ function user_myshifts() {
if (isset ($_REQUEST['reset'])) {
if ($_REQUEST['reset'] == "ack") {
- user_reset_ical_key($user);
+ User_reset_api_key($user);
success("Key geƤndert.");
redirect(page_link_to('user_myshifts'));
}
@@ -118,7 +118,7 @@ function user_myshifts() {
'actions' => "Aktion"
), $myshifts_table),
$id == $user['UID'] && count($shifts) == 0 ? error(sprintf(Get_Text('pub_myshifts_goto_shifts'), page_link_to('user_shifts')), true) : '',
- "<h2>iCal Export</h2>" . sprintf(Get_Text('inc_schicht_ical_text'), page_link_to_absolute('ical') . '&key=' . $shifts_user['ical_key'], page_link_to('user_myshifts') . '&reset')
+ "<h2>iCal Export</h2>" . sprintf(Get_Text('inc_schicht_ical_text'), page_link_to_absolute('ical') . '&key=' . $shifts_user['api_key'], page_link_to('user_myshifts') . '&reset')
));
}
?>
diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php
index 727bd696..6a7d6ed5 100644
--- a/includes/pages/user_shifts.php
+++ b/includes/pages/user_shifts.php
@@ -690,8 +690,8 @@ function view_user_shifts() {
), $shifts_table);
}
-if ($user['ical_key'] == "")
- user_reset_ical_key($user);
+if ($user['api_key'] == "")
+ User_reset_api_key($user);
return msg() . template_render('../templates/user_shifts.html', array (
'room_select' => make_select($rooms, $_SESSION['user_shifts']['rooms'], "rooms", ucfirst(Get_Text("rooms"))),
@@ -704,7 +704,7 @@ return msg() . template_render('../templates/user_shifts.html', array (
'task_notice' => '<sup>1</sup>' . Get_Text("pub_schichtplan_tasks_notice"),
'new_style_checkbox' => '<label><input type="checkbox" name="new_style" value="1" ' . ($_SESSION['user_shifts']['new_style']? ' checked' : '') . '> Use new style if possible</label>',
'shifts_table' => $shifts_table,
- 'ical_text' => sprintf(Get_Text('inc_schicht_ical_text'), htmlspecialchars(make_user_shifts_ical_link($user['ical_key'])), page_link_to('user_myshifts') . '&amp;reset'),
+ 'ical_text' => sprintf(Get_Text('inc_schicht_ical_text'), htmlspecialchars(make_user_shifts_ical_link($user['api_key'])), page_link_to('user_myshifts') . '&amp;reset'),
'filter' => ucfirst(Get_Text("to_filter")),
));
}
diff --git a/includes/sys_user.php b/includes/sys_user.php
index 231b2b62..53976f5a 100644
--- a/includes/sys_user.php
+++ b/includes/sys_user.php
@@ -28,12 +28,6 @@ $tshirt_sizes = array (
'XL-G' => "XL Girl"
);
-function user_reset_ical_key($user) {
- $user['ical_key'] = md5($user['Nick'] . time() . rand());
- sql_query("UPDATE `User` SET `ical_key`='" . sql_escape($user['ical_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
- engelsystem_log("iCal key resetted.");
-}
-
function UID2Nick($UID) {
if ($UID > 0)
$SQL = "SELECT Nick FROM `User` WHERE UID='" . sql_escape($UID) . "'";