summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
Diffstat (limited to 'includes')
-rw-r--r--includes/pages/admin_active.php12
-rw-r--r--includes/pages/admin_angel_types.php183
-rw-r--r--includes/pages/admin_arrive.php4
-rw-r--r--includes/pages/admin_faq.php47
-rw-r--r--includes/pages/admin_groups.php8
-rw-r--r--includes/pages/admin_import.php12
-rw-r--r--includes/pages/admin_language.php4
-rw-r--r--includes/pages/admin_news.php14
-rw-r--r--includes/pages/admin_questions.php10
-rw-r--r--includes/pages/admin_rooms.php18
-rw-r--r--includes/pages/admin_shifts.php42
-rw-r--r--includes/pages/admin_user.php18
-rw-r--r--includes/pages/guest_login.php377
-rw-r--r--includes/pages/user_messages.php14
-rw-r--r--includes/pages/user_myshifts.php10
-rw-r--r--includes/pages/user_news.php4
-rw-r--r--includes/pages/user_questions.php6
-rw-r--r--includes/pages/user_settings.php10
-rw-r--r--includes/pages/user_shifts.php48
-rw-r--r--includes/pages/user_wakeup.php10
-rw-r--r--includes/sys_page.php106
-rw-r--r--includes/sys_shift.php10
-rw-r--r--includes/sys_template.php144
-rw-r--r--includes/sys_user.php20
24 files changed, 650 insertions, 481 deletions
diff --git a/includes/pages/admin_active.php b/includes/pages/admin_active.php
index d993395b..48d163b1 100644
--- a/includes/pages/admin_active.php
+++ b/includes/pages/admin_active.php
@@ -15,7 +15,7 @@ function admin_active() {
$count = strip_request_item('count');
else {
$ok = false;
- $msg .= error("Please enter a number of angels to be marked as active.");
+ $msg .= error("Please enter a number of angels to be marked as active.", true);
}
if ($ok)
@@ -27,7 +27,7 @@ function admin_active() {
sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`=" . sql_escape($usr['UID']));
$limit = "";
- $msg = success("Marked angels.");
+ $msg = success("Marked angels.", true);
} else {
$set_active = '<a href="' . page_link_to('admin_active') . '&amp;serach=' . $search . '">&laquo; back</a> | <a href="' . page_link_to('admin_active') . '&amp;search=' . $search . '&amp;count=' . $count . '&amp;set_active&amp;ack">apply</a>';
}
@@ -36,22 +36,22 @@ function admin_active() {
if (isset ($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) {
$id = $_REQUEST['active'];
sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- $msg = success("Angel has been marked as active.");
+ $msg = success("Angel has been marked as active.", true);
}
elseif (isset ($_REQUEST['not_active']) && preg_match("/^[0-9]+$/", $_REQUEST['not_active'])) {
$id = $_REQUEST['not_active'];
sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- $msg = success("Angel has been marked as not active.");
+ $msg = success("Angel has been marked as not active.", true);
}
elseif (isset ($_REQUEST['tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['tshirt'])) {
$id = $_REQUEST['tshirt'];
sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- $msg = success("Angel has got a t-shirt.");
+ $msg = success("Angel has got a t-shirt.", true);
}
elseif (isset ($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['not_tshirt'])) {
$id = $_REQUEST['not_tshirt'];
sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- $msg = success("Angel has got no t-shirt.");
+ $msg = success("Angel has got no t-shirt.", true);
}
$users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit);
diff --git a/includes/pages/admin_angel_types.php b/includes/pages/admin_angel_types.php
index 0a7a721c..f9c39ebf 100644
--- a/includes/pages/admin_angel_types.php
+++ b/includes/pages/admin_angel_types.php
@@ -1,96 +1,105 @@
<?php
-
function admin_angel_types() {
- $html = "";
- if (!isset ($_REQUEST['action'])) {
-
- $table = "";
- $angel_types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `Name`");
-
- foreach ($angel_types as $angel_type)
- $table .= sprintf(
- '<tr><td>%s</td><td>%s</td><td>'
- . '<a href="%s&action=edit&id=%s">Edit</a></td></tr>',
- $angel_type['Name'], $angel_type['Man'],
- page_link_to("admin_angel_types"),
- $angel_type['TID']
- );
-
- $html .= template_render('../templates/admin_angel_types.html', array (
- 'link' => page_link_to("admin_angel_types"),
- 'table' => $table
- ));
-
- } else {
-
- switch ($_REQUEST['action']) {
-
- case 'create' :
- $name = strip_request_item("name");
- $man = strip_request_item("man");
-
- sql_query("INSERT INTO `AngelTypes` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "'");
-
- header("Location: " . page_link_to("admin_angel_types"));
- break;
-
- case 'edit' :
- if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
- $id = $_REQUEST['id'];
- else
- return error("Incomplete call, missing AngelType ID.");
-
- $angel_type = sql_select("SELECT * FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1");
- if (count($angel_type) > 0) {
- list ($angel_type) = $angel_type;
-
- $html .= template_render(
- '../templates/admin_angel_types_edit_form.html', array (
- 'link' => page_link_to("admin_angel_types"),
- 'id' => $id,
- 'name' => $angel_type['Name'],
- 'man' => $angel_type['Man']
- ));
- } else
- return error("No Angel Type found.");
- break;
-
- case 'save' :
- if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
- $id = $_REQUEST['id'];
- else
- return error("Incomplete call, missing AngelType ID.");
-
- $angel_type = sql_select("SELECT * FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1");
- if (count($angel_type) > 0) {
- list ($angel_type) = $angel_type;
-
- $name = strip_request_item("name");
- $man = strip_request_item("man");
-
- sql_query("UPDATE `AngelTypes` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "' WHERE `TID`=" . sql_escape($id) . " LIMIT 1");
- header("Location: " . page_link_to("admin_angel_types"));
- } else
- return error("No Angel Type found.");
- break;
+ $angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
+ $angel_types = array ();
+ foreach ($angel_types_source as $angel_type) {
+ $angel_types[] = array (
+ 'id' => $angel_type['id'],
+ 'name' => $angel_type['name'],
+ 'restricted' => $angel_type['restricted'] == 1 ? '&#10003;' : '',
+ 'actions' => '<a class="action edit" href="' . page_link_to('admin_angel_types') . '&show=edit&id=' . $angel_type['id'] . '">edit</a> <a class="action delete" href="' . page_link_to('admin_angel_types') . '&show=delete&id=' . $angel_type['id'] . '">delete</a>'
+ );
+ }
- case 'delete' :
- if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
- $id = $_REQUEST['id'];
- else
- return error("Incomplete call, missing AngelType ID.");
+ if (isset ($_REQUEST['show'])) {
+ if (test_request_int('id')) {
+ $angel_type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($_REQUEST['id']));
+ if (count($angel_type) > 0) {
+ $id = $_REQUEST['id'];
+ $name = $angel_type[0]['name'];
+ $restricted = $angel_type[0]['restricted'];
+ } else
+ redirect(page_link_to('admin_angel_types'));
+ }
- $angel_type = sql_select("SELECT * FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1");
- if (count($angel_type) > 0) {
- sql_query("DELETE FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1");
- sql_query("DELETE FROM `NeededAngelTypes` WHERE `angel_type_id`=" . sql_escape($id) . " LIMIT 1");
- header("Location: " . page_link_to("admin_angel_types"));
- } else
- return error("No Angel Type found.");
- break;
+ if ($_REQUEST['show'] == 'edit') {
+ $msg = "";
+ $name = "";
+ $restricted = 0;
+
+ if (isset ($_REQUEST['submit'])) {
+ $ok = true;
+
+ if (isset ($_REQUEST['name']) && strlen(strip_request_item('name')) > 0) {
+ $name = strip_request_item('name');
+ if (sql_num_query("SELECT * FROM `AngelTypes` WHERE NOT `id`=" . sql_escape(isset ($id) ? $id : 0) . " AND `name`='" . sql_escape(strip_request_item('name')) . "' LIMIT 1") > 0) {
+ $ok = false;
+ $msg .= error("This angel type name is already given.", true);
+ }
+ } else {
+ $ok = false;
+ $msg .= error("Please enter a name.", true);
+ }
+
+ if (isset ($_REQUEST['restricted']))
+ $restricted = 1;
+
+ if ($ok) {
+ if (isset ($id))
+ sql_query("UPDATE `AngelTypes` SET `name`='" . sql_escape($name) . "', `restricted`=" . sql_escape($restricted) . " WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+ else
+ sql_query("INSERT INTO `AngelTypes` SET `name`='" . sql_escape($name) . "', `restricted`=" . sql_escape($restricted));
+
+ success("Angel type saved.");
+ redirect(page_link_to('admin_angel_types'));
+ }
+ }
+
+ return page(array (
+ buttons(array (
+ button(page_link_to('admin_angel_types'), "Back", 'back')
+ )),
+ $msg,
+ form(array (
+ form_text('name', 'Name', $name),
+ form_checkbox('restricted', 'Restricted', $restricted),
+ form_info("", "Restricted angel types can only be used by an angel if enabled by an archangel (double opt-in)."),
+ form_submit('submit', 'Save')
+ ))
+ ));
}
+ elseif ($_REQUEST['show'] == 'delete') {
+ if (isset ($_REQUEST['ack'])) {
+ sql_query("DELETE FROM `NeededAngelTypes` WHERE `angel_type_id`=" . sql_escape($id) . " LIMIT 1");
+ sql_query("DELETE FROM `ShiftEntry` WHERE `TID`=" . sql_escape($id) . " LIMIT 1");
+ sql_query("DELETE FROM `AngelTypes` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+ success(sprintf("Angel type %s deleted.", $name));
+ redirect(page_link_to('admin_angel_types'));
+ }
+
+ return page(array (
+ buttons(array (
+ button(page_link_to('admin_angel_types'), "Back", 'back')
+ )),
+ sprintf("Do you want to delete angel type %s?", $name),
+ buttons(array (
+ button(page_link_to('admin_angel_types') . '&show=delete&id=' . $id . '&ack', "Delete", 'delete')
+ ))
+ ));
+ } else
+ redirect(page_link_to('admin_angel_types'));
}
- return $html;
+ return page(array (
+ buttons(array (
+ button(page_link_to('admin_angel_types') . '&show=edit', "Add", 'add')
+ )),
+ msg(),
+ table(array (
+ 'name' => "Name",
+ 'restricted' => "Restricted",
+ 'actions' => ""
+ ), $angel_types)
+ ));
}
?>
diff --git a/includes/pages/admin_arrive.php b/includes/pages/admin_arrive.php
index e55a2e6f..2acad0b3 100644
--- a/includes/pages/admin_arrive.php
+++ b/includes/pages/admin_arrive.php
@@ -8,12 +8,12 @@ function admin_arrive() {
if (isset ($_REQUEST['reset']) && preg_match("/^[0-9]*$/", $_REQUEST['reset'])) {
$id = $_REQUEST['reset'];
sql_query("UPDATE `User` SET `Gekommen`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- $msg = success("Reset done. Angel has not arrived.");
+ $msg = success("Reset done. Angel has not arrived.", true);
}
elseif (isset ($_REQUEST['arrived']) && preg_match("/^[0-9]*$/", $_REQUEST['arrived'])) {
$id = $_REQUEST['arrived'];
sql_query("UPDATE `User` SET `Gekommen`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- $msg = success("Angel has been marked as arrived.");
+ $msg = success("Angel has been marked as arrived.", true);
}
$users = sql_select("SELECT * FROM `User` ORDER BY `Nick`");
diff --git a/includes/pages/admin_faq.php b/includes/pages/admin_faq.php
index b8ba1a64..2cd75955 100644
--- a/includes/pages/admin_faq.php
+++ b/includes/pages/admin_faq.php
@@ -4,14 +4,7 @@ function admin_faq() {
$faqs_html = "";
$faqs = sql_select("SELECT * FROM `FAQ`");
foreach ($faqs as $faq) {
- $faqs_html .= sprintf(
- '<tr><td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>'
- . '<td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>'
- . '<td><a href="%s&action=edit&id=%s">Edit</a></td></tr>',
- $faq['Frage_de'], $faq['Antwort_de'],
- $faq['Frage_en'], $faq['Antwort_en'],
- page_link_to('admin_faq'), $faq['FID']
- );
+ $faqs_html .= sprintf('<tr><td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>' . '<td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>' . '<td><a href="%s&action=edit&id=%s">Edit</a></td></tr>', $faq['Frage_de'], $faq['Antwort_de'], $faq['Frage_en'], $faq['Antwort_en'], page_link_to('admin_faq'), $faq['FID']);
}
return template_render('../templates/admin_faq.html', array (
'link' => page_link_to("admin_faq"),
@@ -20,17 +13,12 @@ function admin_faq() {
} else {
switch ($_REQUEST['action']) {
case 'create' :
- $frage = strip_request_item_nl('frage');
- $antwort = strip_request_item_nl('antwort');
+ $frage = strip_request_item_nl('frage');
+ $antwort = strip_request_item_nl('antwort');
$question = strip_request_item_nl('question');
- $answer = strip_request_item_nl('answer');
+ $answer = strip_request_item_nl('answer');
- sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage)
- . "', `Frage_en`='" . sql_escape($question)
- . "', `Antwort_de`='" . sql_escape($antwort)
- . "', `Antwort_en`='" . sql_escape($answer)
- . "'"
- );
+ sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "'");
header("Location: " . page_link_to("admin_faq"));
break;
@@ -39,34 +27,29 @@ function admin_faq() {
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
- return error("Incomplete call, missing FAQ ID.");
+ return error("Incomplete call, missing FAQ ID.", true);
$faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
if (count($faq) > 0) {
list ($faq) = $faq;
- $frage = strip_request_item_nl('frage');
- $antwort = strip_request_item_nl('antwort');
+ $frage = strip_request_item_nl('frage');
+ $antwort = strip_request_item_nl('antwort');
$question = strip_request_item_nl('question');
- $answer = strip_request_item_nl('answer');
+ $answer = strip_request_item_nl('answer');
- sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage)
- . "', `Frage_en`='" . sql_escape($question)
- . "', `Antwort_de`='" . sql_escape($antwort)
- . "', `Antwort_en`='" . sql_escape($answer)
- . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1"
- );
+ sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("admin_faq"));
} else
- return error("No FAQ found.");
+ return error("No FAQ found.", true);
break;
case 'edit' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
- return error("Incomplete call, missing FAQ ID.");
+ return error("Incomplete call, missing FAQ ID.", true);
$faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
if (count($faq) > 0) {
@@ -81,14 +64,14 @@ function admin_faq() {
'answer' => $faq['Antwort_en']
));
} else
- return error("No FAQ found.");
+ return error("No FAQ found.", true);
break;
case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
- return error("Incomplete call, missing FAQ ID.");
+ return error("Incomplete call, missing FAQ ID.", true);
$faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
if (count($faq) > 0) {
@@ -97,7 +80,7 @@ function admin_faq() {
sql_query("DELETE FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("admin_faq"));
} else
- return error("No FAQ found.");
+ return error("No FAQ found.", true);
break;
}
}
diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php
index 770f09b4..2fc789fa 100644
--- a/includes/pages/admin_groups.php
+++ b/includes/pages/admin_groups.php
@@ -36,7 +36,7 @@ function admin_groups() {
if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
- return error("Incomplete call, missing Groups ID.");
+ return error("Incomplete call, missing Groups ID.", true);
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
if (count($room) > 0) {
@@ -62,14 +62,14 @@ function admin_groups() {
'privileges' => $privileges_html
));
} else
- return error("No Group found.");
+ return error("No Group found.", true);
break;
case 'save' :
if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
- return error("Incomplete call, missing Groups ID.");
+ return error("Incomplete call, missing Groups ID.", true);
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
if (!is_array($_REQUEST['privileges']))
@@ -82,7 +82,7 @@ function admin_groups() {
sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
header("Location: " . page_link_to("admin_groups"));
} else
- return error("No Group found.");
+ return error("No Group found.", true);
break;
}
}
diff --git a/includes/pages/admin_import.php b/includes/pages/admin_import.php
index 82cfbe1a..5ac62d2d 100644
--- a/includes/pages/admin_import.php
+++ b/includes/pages/admin_import.php
@@ -26,7 +26,7 @@ function admin_import() {
fclose($test_handle);
unlink('../import/tmp');
} else {
- $msg = error("Webserver has no write-permission on import directory.");
+ $msg = error("Webserver has no write-permission on import directory.", true);
}
if (isset ($_REQUEST['submit'])) {
@@ -36,7 +36,7 @@ function admin_import() {
if (!$fp) {
$ok = false;
- $msg = error("File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_REQUEST["url"] . "' not readable!" . "[$errstr ($errno)]");
+ $msg = error("File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_REQUEST["url"] . "' not readable!" . "[$errstr ($errno)]", true);
} else {
$fileOut = fopen($import_file, "w");
$head = 'GET /' . $PentabarfXMLpath . $_REQUEST["url"] . ' HTTP/1.1' . "\r\n" .
@@ -82,7 +82,7 @@ function admin_import() {
}
fclose($fileOut);
fclose($fp);
- $msg .= success("Es wurden $Zeilen Zeilen eingelesen.");
+ $msg .= success("Es wurden $Zeilen Zeilen eingelesen.", true);
}
}
elseif (isset ($_FILES['xcal_file']) && ($_FILES['xcal_file']['error'] == 0)) {
@@ -90,16 +90,16 @@ function admin_import() {
libxml_use_internal_errors(true);
if (simplexml_load_file($import_file) === false) {
$ok = false;
- $msg = error("No valid xml/xcal file provided.");
+ $msg = error("No valid xml/xcal file provided.", true);
unlink($import_file);
}
} else {
$ok = false;
- $msg = error("File upload went wrong.");
+ $msg = error("File upload went wrong.", true);
}
} else {
$ok = false;
- $msg = error("Please provide some data.");
+ $msg = error("Please provide some data.", true);
}
}
diff --git a/includes/pages/admin_language.php b/includes/pages/admin_language.php
index 749cd643..5ca4b9cf 100644
--- a/includes/pages/admin_language.php
+++ b/includes/pages/admin_language.php
@@ -86,7 +86,7 @@ function admin_language() {
$html .= $sql_save . "<br />";
$Erg = sql_query($sql_save);
- $html .= success("$k Save: OK<br />\n");
+ $html .= success("$k Save: OK<br />\n", true);
} else
if (mysql_result($erg_test, 0, "Text") != $v) {
$sql_save = "UPDATE `Sprache` SET `Text`='"
@@ -97,7 +97,7 @@ function admin_language() {
$html .= $sql_save . "<br />";
$Erg = sql_query($sql_save);
- $html .= success(" $k Update: OK<br />\n");
+ $html .= success(" $k Update: OK<br />\n", true);
} else
$html .= "\t $k no changes<br />\n";
}
diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php
index c7194e7c..ca1f81fc 100644
--- a/includes/pages/admin_news.php
+++ b/includes/pages/admin_news.php
@@ -11,7 +11,7 @@ function admin_news() {
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
- return error("Incomplete call, missing News ID.");
+ return error("Incomplete call, missing News ID.", true);
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($news) > 0) {
@@ -30,7 +30,7 @@ function admin_news() {
$news["Text"] . "</textarea></td></tr>\n";
$html .= " <tr><td>Engel</td><td>" .
UID2Nick($news["UID"]) . "</td></tr>\n";
- $html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', array (
+ $html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', 'eTreffen', array (
'1' => "Ja",
'0' => "Nein"
), $news['Treffen']) . "</td></tr>\n";
@@ -45,14 +45,14 @@ function admin_news() {
$html .= "<input type=\"submit\" name=\"submit\" value=\"Löschen\">\n";
$html .= "</form>";
} else
- return error("No News found.");
+ return error("No News found.", true);
break;
case 'save' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
- return error("Incomplete call, missing News ID.");
+ return error("Incomplete call, missing News ID.", true);
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($news) > 0) {
@@ -62,14 +62,14 @@ function admin_news() {
"', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1");
header("Location: " . page_link_to("news"));
} else
- return error("No News found.");
+ return error("No News found.", true);
break;
case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
- return error("Incomplete call, missing News ID.");
+ return error("Incomplete call, missing News ID.", true);
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($news) > 0) {
@@ -78,7 +78,7 @@ function admin_news() {
sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("news"));
} else
- return error("No News found.");
+ return error("No News found.", true);
break;
}
}
diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php
index 0be05c7b..8df779ac 100644
--- a/includes/pages/admin_questions.php
+++ b/includes/pages/admin_questions.php
@@ -52,7 +52,7 @@ function admin_questions() {
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
- return error("Incomplete call, missing Question ID.");
+ return error("Incomplete call, missing Question ID.", true);
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
if (count($question) > 0 && $question[0]['AID'] == "0") {
@@ -62,22 +62,22 @@ function admin_questions() {
sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("admin_questions"));
} else
- return error("Gib eine Antwort ein!");
+ return error("Gib eine Antwort ein!", true);
} else
- return error("No question found.");
+ return error("No question found.", true);
break;
case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
- return error("Incomplete call, missing Question ID.");
+ return error("Incomplete call, missing Question ID.", true);
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
if (count($question) > 0) {
sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("admin_questions"));
} else
- return error("No question found.");
+ return error("No question found.", true);
break;
}
}
diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php
index c4e8ba46..a547e798 100644
--- a/includes/pages/admin_rooms.php
+++ b/includes/pages/admin_rooms.php
@@ -58,18 +58,18 @@ function admin_rooms() {
if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
$rid = $_REQUEST['RID'];
else
- return error("Incomplete call, missing Room ID.");
+ return error("Incomplete call, missing Room ID.", true);
$room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
if (count($room) > 0) {
list ($room) = $room;
- $room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `NeededAngelTypes` ON (`AngelTypes`.`TID` = `NeededAngelTypes`.`angel_type_id` AND `NeededAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`");
+ $room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `NeededAngelTypes` ON (`AngelTypes`.`id` = `NeededAngelTypes`.`angel_type_id` AND `NeededAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`name`");
$angel_types = "";
foreach ($room_angel_types as $room_angel_type) {
if ($room_angel_type['count'] == "")
$room_angel_type['count'] = "0";
- $angel_types .= '<tr><td>' . $room_angel_type['Name'] . '</td><td><input type="text" name="angel_type_' . $room_angel_type['TID'] . '" value="' . $room_angel_type['count'] . '" /></td></tr>';
+ $angel_types .= '<tr><td>' . $room_angel_type['name'] . '</td><td><input type="text" name="angel_type_' . $room_angel_type['TID'] . '" value="' . $room_angel_type['count'] . '" /></td></tr>';
}
$html .= template_render('../templates/admin_rooms_edit_form.html', array (
@@ -89,19 +89,19 @@ function admin_rooms() {
'angel_types' => $angel_types
));
} else
- return error("No Room found.");
+ return error("No Room found.", true);
break;
case 'changesave' :
if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
$rid = $_REQUEST['RID'];
else
- return error("Incomplete call, missing Room ID.");
+ return error("Incomplete call, missing Room ID.", true);
$room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
if (count($room) > 0) {
list ($room) = $room;
- $room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `NeededAngelTypes` ON (`AngelTypes`.`TID` = `NeededAngelTypes`.`angel_type_id` AND `NeededAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`");
+ $room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `NeededAngelTypes` ON (`AngelTypes`.`id` = `NeededAngelTypes`.`angel_type_id` AND `NeededAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`name`");
$name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Name']));
$man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Man']));
@@ -119,21 +119,21 @@ function admin_rooms() {
}
header("Location: " . page_link_to("admin_rooms"));
} else
- return error("No Room found.");
+ return error("No Room found.", true);
break;
case 'delete' :
if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
$rid = $_REQUEST['RID'];
else
- return error("Incomplete call, missing Room ID.");
+ return error("Incomplete call, missing Room ID.", true);
if (sql_num_query("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1") > 0) {
sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($rid) . " LIMIT 1");
header("Location: " . page_link_to("admin_rooms"));
} else
- return error("No Room found.");
+ return error("No Room found.", true);
break;
}
diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php
index 94c6f38a..c5dc28cd 100644
--- a/includes/pages/admin_shifts.php
+++ b/includes/pages/admin_shifts.php
@@ -21,10 +21,10 @@ function admin_shifts() {
$room_array[$room['RID']] = $room['Name'];
// Engeltypen laden
- $types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `Name`");
+ $types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
$needed_angel_types = array ();
foreach ($types as $type)
- $needed_angel_types[$type['TID']] = 0;
+ $needed_angel_types[$type['id']] = 0;
if (isset ($_REQUEST['preview']) || isset ($_REQUEST['back'])) {
// Name/Bezeichnung der Schicht, darf leer sein
@@ -36,26 +36,26 @@ function admin_shifts() {
else {
$ok = false;
$rid = $rooms[0]['RID'];
- $msg .= error("Wähle bitte einen Raum aus.");
+ $msg .= error("Wähle bitte einen Raum aus.", true);
}
if (isset ($_REQUEST['start']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['start'])))
$start = $tmp->getTimestamp();
else {
$ok = false;
- $msg .= error("Bitte gib einen Startzeitpunkt für die Schichten an.");
+ $msg .= error("Bitte gib einen Startzeitpunkt für die Schichten an.", true);
}
if (isset ($_REQUEST['end']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['end'])))
$end = $tmp->getTimestamp();
else {
$ok = false;
- $msg .= error("Bitte gib einen Endzeitpunkt für die Schichten an.");
+ $msg .= error("Bitte gib einen Endzeitpunkt für die Schichten an.", true);
}
if ($start >= $end) {
$ok = false;
- $msg .= error("Das Ende muss nach dem Startzeitpunkt liegen!");
+ $msg .= error("Das Ende muss nach dem Startzeitpunkt liegen!", true);
}
if (isset ($_REQUEST['mode'])) {
@@ -68,7 +68,7 @@ function admin_shifts() {
$length = trim($_REQUEST['length']);
} else {
$ok = false;
- $msg .= error("Bitte gib eine Schichtlänge in Minuten an.");
+ $msg .= error("Bitte gib eine Schichtlänge in Minuten an.", true);
}
}
elseif ($_REQUEST['mode'] == 'variable') {
@@ -77,12 +77,12 @@ function admin_shifts() {
$change_hours = explode(",", $_REQUEST['change_hours']);
} else {
$ok = false;
- $msg .= error("Bitte gib die Schichtwechsel-Stunden kommagetrennt ein.");
+ $msg .= error("Bitte gib die Schichtwechsel-Stunden kommagetrennt ein.", true);
}
}
} else {
$ok = false;
- $msg .= error("Bitte wähle einen Modus.");
+ $msg .= error("Bitte wähle einen Modus.", true);
}
if (isset ($_REQUEST['angelmode'])) {
@@ -92,24 +92,24 @@ function admin_shifts() {
elseif ($_REQUEST['angelmode'] == 'manually') {
$angelmode = 'manually';
foreach ($types as $type) {
- if (isset ($_REQUEST['type_' . $type['TID']]) && preg_match("/^[0-9]+$/", trim($_REQUEST['type_' . $type['TID']]))) {
- $needed_angel_types[$type['TID']] = trim($_REQUEST['type_' . $type['TID']]);
+ if (isset ($_REQUEST['type_' . $type['id']]) && preg_match("/^[0-9]+$/", trim($_REQUEST['type_' . $type['id']]))) {
+ $needed_angel_types[$type['id']] = trim($_REQUEST['type_' . $type['id']]);
} else {
$ok = false;
- $msg .= error("Bitte überprüfe die Eingaben für die benötigten Engel des Typs " . $type['Name'] . ".");
+ $msg .= error("Bitte überprüfe die Eingaben für die benötigten Engel des Typs " . $type['name'] . ".", true);
}
}
if (array_sum($needed_angel_types) == 0) {
$ok = false;
- $msg .= error("Es werden 0 Engel benötigt. Bitte wähle benötigte Engel.");
+ $msg .= error("Es werden 0 Engel benötigt. Bitte wähle benötigte Engel.", true);
}
} else {
$ok = false;
- $msg .= error("Bitte Wähle einen Modus für die benötigten Engel.");
+ $msg .= error("Bitte Wähle einen Modus für die benötigten Engel.", true);
}
} else {
$ok = false;
- $msg .= error("Bitte wähle benötigte Engel.");
+ $msg .= error("Bitte wähle benötigte Engel.", true);
}
// Beim Zurück-Knopf das Formular zeigen
@@ -196,8 +196,8 @@ function admin_shifts() {
$shifts_table .= '<tr><td>' . date("Y-m-d H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']) . '<br />' . $room_array[$shift['RID']] . '</td>';
$shifts_table .= '<td>' . $shift['name'];
foreach ($types as $type) {
- if (isset ($needed_angel_types[$type['TID']]) && $needed_angel_types[$type['TID']] > 0)
- $shifts_table .= '<br /><b>' . $type['Name'] . ':</b> ' . $needed_angel_types[$type['TID']] . ' missing';
+ if (isset ($needed_angel_types[$type['id']]) && $needed_angel_types[$type['id']] > 0)
+ $shifts_table .= '<br /><b>' . $type['name'] . ':</b> ' . $needed_angel_types[$type['id']] . ' missing';
}
$shifts_table .= '</td></tr>';
}
@@ -238,19 +238,19 @@ function admin_shifts() {
}
}
- $msg = success("Schichten angelegt.");
+ $msg = success("Schichten angelegt.", true);
} else {
unset ($_SESSION['admin_shifts_shifts']);
unset ($_SESSION['admin_shifts_types']);
}
- $room_select = html_select_key('rid', $room_array, $_REQUEST['rid']);
+ $room_select = html_select_key('rid', 'rid', $room_array, $_REQUEST['rid']);
$angel_types = "";
foreach ($types as $type) {
$angel_types .= template_render('../templates/admin_shifts_angel_types.html', array (
'id' => $type['TID'],
- 'type' => $type['Name'],
- 'value' => $needed_angel_types[$type['TID']]
+ 'type' => $type['name'],
+ 'value' => $needed_angel_types[$type['id']]
));
}
return template_render('../templates/admin_shifts.html', array (
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index 611b6dcb..62f312ea 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -56,7 +56,7 @@ function admin_user() {
"<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"" .
mysql_result($Erg, 0, "jabber") . "\"></td></tr>\n";
$html .= " <tr><td>Size</td><td>" .
- html_select_key('size', array (
+ html_select_key('size', 'size', array (
'S' => "S",
'M' => "M",
'L' => "L",
@@ -165,12 +165,12 @@ function admin_user() {
if (in_array($group, $grouplist))
sql_query("INSERT INTO `UserGroups` SET `uid`=" .
sql_escape($id) . ", `group_id`=" . sql_escape($group));
- $html .= success("Benutzergruppen gespeichert.");
+ $html .= success("Benutzergruppen gespeichert.", true);
} else {
- $html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.");
+ $html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.", true);
}
} else {
- $html .= error("Du kannst Deine eigenen Rechte nicht bearbeiten.");
+ $html .= error("Du kannst Deine eigenen Rechte nicht bearbeiten.", true);
}
break;
@@ -179,9 +179,9 @@ function admin_user() {
sql_query("DELETE FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id));
sql_query("UPDATE `ShiftEntry` SET `UID`=0, `Comment`=NULL WHERE `UID`=" . sql_escape($id));
- $html .= success("Benutzer gelöscht!");
+ $html .= success("Benutzer gelöscht!", true);
} else {
- $html .= error("Du kannst Dich nicht selber löschen!");
+ $html .= error("Du kannst Dich nicht selber löschen!", true);
}
break;
@@ -204,15 +204,15 @@ function admin_user() {
"WHERE `UID` = '" . sql_escape($id) .
"' LIMIT 1;";
sql_query($SQL);
- $html .= success("Änderung wurde gespeichert...\n");
+ $html .= success("Änderung wurde gespeichert...\n", true);
break;
case 'change_pw' :
if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) {
sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- $html .= success("Passwort neu gesetzt.");
+ $html .= success("Passwort neu gesetzt.", true);
} else {
- $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!");
+ $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true);
}
break;
}
diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php
index 51afd9c5..a210a7ce 100644
--- a/includes/pages/guest_login.php
+++ b/includes/pages/guest_login.php
@@ -3,198 +3,132 @@
// Engel registrieren
function guest_register() {
- global $SubscribeMailinglist, $enable_tshirt_size;
-
- $html = "";
- $success = "none";
-
- if (isset ($_POST["send"])) {
- $eNick = trim($_POST["Nick"]);
-
- if ($_POST["Alter"] == "")
- $_POST["Alter"] = 23;
-
- // user vorhanden?
- $Ergans = sql_select("SELECT UID FROM `User` WHERE `Nick`='" . sql_escape($_POST["Nick"]) . "'");
-
- if (strlen($_POST["Nick"]) < 2)
- $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick2");
-
- elseif (count($Ergans) > 0) $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick3");
-
- elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false) $error = Get_Text("makeuser_error_mail");
-
- elseif (!is_numeric($_POST["Alter"])) $error = Get_Text("makeuser_error_Alter");
-
- elseif ($_POST["Passwort"] != $_POST["Passwort2"]) $error = Get_Text("makeuser_error_password1");
-
- elseif (strlen($_POST["Passwort"]) < 6) $error = Get_Text("makeuser_error_password2");
-
- else {
- $_POST["Passwort"] = PassCrypt($_POST["Passwort"]);
- unset ($_POST["Passwort2"]);
-
- $Erg = sql_query("INSERT INTO `User` (" .
- "`Nick` , " . "`Name` , " .
- "`Vorname`, " . "`Alter` , " .
- "`Telefon`, " . "`DECT`, " .
- "`Handy`, " . "`email`, " .
- "`ICQ`, " . "`jabber`, " .
- "`Size`, " . "`Passwort`, " .
- "`Art` , " . "`kommentar`, " .
- "`Hometown`," . "`CreateDate`, `Sprache` ) " .
- "VALUES ( '" . sql_escape($_POST["Nick"]) . "', " . "'" . sql_escape($_POST["Name"]) . "', " . "'" . sql_escape($_POST["Vorname"]) . "', " . "'" . sql_escape($_POST["Alter"]) . "', " . "'" . sql_escape($_POST["Telefon"]) . "', " . "'" . sql_escape($_POST["DECT"]) . "', " . "'" . sql_escape($_POST["Handy"]) . "', " . "'" . sql_escape($_POST["email"]) . "', " . "'" . sql_escape($_POST["ICQ"]) . "', " . "'" . sql_escape($_POST["jabber"]) . "', " . "'" . sql_escape($_POST["Size"]) . "', " . "'" . sql_escape($_POST["Passwort"]) . "', " . "'" . sql_escape($_POST["Art"]) . "', " . "'" . sql_escape($_POST["kommentar"]) . "', " . "'" . sql_escape($_POST["Hometown"]) . "'," . "NOW(), '" . sql_escape($_SESSION["Sprache"]) . "')");
-
- if ($Erg != 1) {
- $html .= Get_Text("makeuser_error_write1") . "<br />\n";
- $error = sql_error();
- } else {
- $html .= "<p class=\"success\">" . Get_Text("makeuser_writeOK") . "\n";
-
- // Assign user-group
- sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape(sql_id()) . ", `group_id`=-2");
-
- $html .= Get_Text("makeuser_writeOK2") . "<br />\n";
- $html .= "<h1>" . Get_Text("makeuser_writeOK3") . "</h1>\n";
-
- $html .= Get_Text("makeuser_writeOK4") . "</p><p></p>\n<br /><br />\n";
- $success = "any";
-
- if (isset ($SubscribeMailinglist)) {
- if ($_POST["subscribe-mailinglist"] == "") {
- $headers = "From: " . $_POST["email"] . "\r\n" .
- "X-Mailer: PHP/" . phpversion();
- mail($SubscribeMailinglist, "subject", "message", $headers);
- }
- }
+ global $tshirt_sizes, $enable_tshirt_size;
+
+ $msg = "";
+ $nick = "";
+ $lastname = "";
+ $prename = "";
+ $age = 23;
+ $tel = "";
+ $dect = "";
+ $mobile = "";
+ $mail = "";
+ $icq = "";
+ $jabber = "";
+ $hometown = "";
+ $comment = "";
+ $tshirt_size = 'S';
+ $password_hash = "";
+
+ if (isset ($_REQUEST['submit'])) {
+ $ok = true;
+
+ if (isset ($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 1) {
+ $nick = strip_request_item('nick');
+ if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' LIMIT 1") > 0) {
+ $ok = false;
+ $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick3"), $nick), true);
}
+ } else {
+ $ok = false;
+ $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick2"), strip_request_item('nick')), true);
}
- if (isset ($error))
- $html .= error($error);
- } else {
- // init vars
- $_POST["Nick"] = "";
- $_POST["Name"] = "";
- $_POST["Vorname"] = "";
- $_POST["Alter"] = "";
- $_POST["Telefon"] = "";
- $_POST["DECT"] = "";
- $_POST["Handy"] = "";
- $_POST["email"] = "";
- $_POST["subscribe-mailinglist"] = "";
- $_POST["ICQ"] = "";
- $_POST["jabber"] = "";
- $_POST["Size"] = "L";
- $_POST["Art"] = "";
- $_POST["kommentar"] = "";
- $_POST["Hometown"] = "";
- }
-
- if ($success == "none") {
- $html .= "<h1>" . Get_Text("makeuser_text0") . "</h1>\n";
- $html .= "<h2>" . Get_Text("makeuser_text1") . "</h2>\n";
- $html .= "<form action=\"\" method=\"post\">\n";
- $html .= "<table>\n";
- $html .= "<tr><td>" . Get_Text("makeuser_Nickname") . "*</td><td><input type=\"text\" size=\"40\" name=\"Nick\" value=\"" . $_POST["Nick"] . "\" /></td></tr>\n";
- $html .= "<tr><td>" . Get_Text("makeuser_Nachname") . "</td><td><input type=\"text\" size=\"40\" name=\"Name\" value=\"" . $_POST["Name"] . "\" /></td></tr>\n";
- $html .= "<tr><td>" . Get_Text("makeuser_Vorname") . "</td><td><input type=\"text\" size=\"40\" name=\"Vorname\" value=\"" . $_POST["Vorname"] . "\" /></td></tr>\n";
- $html .= "<tr><td>" . Get_Text("makeuser_Alter") . "</td><td><input type=\"text\" size=\"40\" name=\"Alter\" value=\"" . $_POST["Alter"] . "\"></td></tr>\n";
- $html .= "<tr><td>" . Get_Text("makeuser_Telefon") . "</td><td><input type=\"text\" size=\"40\" name=\"Telefon\" value=\"" . $_POST["Telefon"] . "\"></td></tr>\n";
- $html .= "<tr><td>" . Get_Text("makeuser_DECT") . "</td><td><input type=\"text\" size=\"40\" name=\"DECT\" value=\"" . $_POST["DECT"] . "\"></td><td>\n";
- $html .= "<!--a href=\"https://21c3.ccc.de/wiki/index.php/POC\"><img src=\"./pic/external.png\" alt=\"external: \">DECT</a--></td></tr>\n";
- $html .= "<tr><td>" . Get_Text("makeuser_Handy") . "</td><td><input type=\"text\" size=\"40\" name=\"Handy\" value=\"" . $_POST["Handy"] . "\"></td></tr>\n";
- $html .= "<tr><td>" . Get_Text("makeuser_E-Mail") . "*</td><td><input type=\"text\" size=\"40\" name=\"email\" value=\"" . $_POST["email"] . "\"></td></tr>\n";
-
- if (isset ($SubscribeMailinglist))
- $html .= "<tr><td>" . Get_Text("makeuser_subscribe-mailinglist") . "</td><td><input type=\"checkbox\" name=\"subscribe-mailinglist\" value=\"" . $_POST["subscribe-mailinglist"] . "\">($SubscribeMailinglist)</td></tr>\n";
-
- $html .= "<tr><td>ICQ</td><td><input type=\"text\" size=\"40\" name=\"ICQ\" value=\"" . $_POST["ICQ"] . "\"></td></tr>\n";
- $html .= "<tr><td>jabber</td><td><input type=\"text\" size=\"40\" name=\"jabber\" value=\"" . $_POST["jabber"] . "\"></td></tr>\n";
- if ($enable_tshirt_size) {
- $html .= "<tr><td>" . Get_Text("makeuser_T-Shirt") . " Gr&ouml;sse*</td><td align=\"left\">\n";
- $html .= "<select name=\"Size\">\n";
- $html .= "<option value=\"S\"";
- if ($_POST["Size"] == "S")
- $html .= " selected";
- $html .= ">S</option>\n";
- $html .= "<option value=\"M\"";
- if ($_POST["Size"] == "M")
- $html .= " selected";
- $html .= ">M</option>\n";
- $html .= "<option value=\"L\"";
- if ($_POST["Size"] == "L")
- $html .= " selected";
- $html .= ">L</option>\n";
- $html .= "<option value=\"XL\"";
- if ($_POST["Size"] == "XL")
- $html .= " selected";
- $html .= ">XL</option>\n";
- $html .= "<option value=\"2XL\"";
- if ($_POST["Size"] == "2XL")
- $html .= " selected";
- $html .= ">2XL</option>\n";
- $html .= "<option value=\"3XL\"";
- if ($_POST["Size"] == "3XL")
- $html .= " selected";
- $html .= ">3XL</option>\n";
- $html .= "<option value=\"4XL\"";
- if ($_POST["Size"] == "4XL")
- $html .= " selected";
- $html .= ">4XL</option>\n";
- $html .= "<option value=\"5XL\"";
- if ($_POST["Size"] == "5XL")
- $html .= " selected";
- $html .= ">5XL</option>\n";
- $html .= "<option value=\"S-G\"";
- if ($_POST["Size"] == "S-G")
- $html .= " selected";
- $html .= ">S Girl</option>\n";
- $html .= "<option value=\"M-G\"";
- if ($_POST["Size"] == "M-G")
- $html .= " selected";
- $html .= ">M Girl</option>\n";
- $html .= "<option value=\"L-G\"";
- if ($_POST["Size"] == "L-G")
- $html .= " selected";
- $html .= ">L Girl</option>\n";
- $html .= "<option value=\"XL-G\"";
- if ($_POST["Size"] == "XL-G")
- $html .= " selected";
- $html .= ">XL Girl</option>\n";
- $html .= "</select>\n";
- $html .= "</td></tr>\n";
+ if (isset ($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) {
+ $mail = strip_request_item('mail');
+ if (!check_email($mail)) {
+ $ok = false;
+ $msg .= error(Get_Text("makeuser_error_mail"), true);
+ }
+ } else {
+ $ok = false;
+ $msg .= error("Please enter your e-mail.", true);
}
- $html .= "<tr><td>" . Get_Text("makeuser_Engelart") . "</td><td align=\"left\">\n";
- $html .= "<select name=\"Art\">\n";
- $engel_types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `NAME`");
- foreach ($engel_types as $engel_type) {
- $Name = $engel_type['Name'] . Get_Text("inc_schicht_engel");
- $html .= "<option value=\"" . $Name . "\"";
+ if (isset ($_REQUEST['icq']))
+ $icq = strip_request_item('icq');
+ if (isset ($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) {
+ $jabber = strip_request_item('jabber');
+ if (!check_email($jabber)) {
+ $ok = false;
+ $msg .= error("Please check your jabber.", true);
+ }
+ }
- if ($_POST["Art"] == $Name)
- $html .= " selected";
+ if (isset ($_REQUEST['tshirt_size']) && isset ($tshirt_sizes[$_REQUEST['tshirt_size']]))
+ $tshirt_size = $_REQUEST['tshirt_size'];
+ else {
+ $ok = false;
+ }
- $html .= ">$Name</option>\n";
+ if (isset ($_REQUEST['password']) && strlen($_REQUEST['password']) >= 6) {
+ if ($_REQUEST['password'] == $_REQUEST['password2']) {
+ $password_hash = PassCrypt($_REQUEST['password']);
+ } else {
+ $ok = false;
+ $msg .= error(Get_Text("makeuser_error_password1"), true);
+ }
+ } else {
+ $ok = false;
+ $msg .= error(Get_Text("makeuser_error_password2"), true);
}
- $html .= "</select>\n";
- $html .= "</td>\n";
- $html .= "</tr>\n";
- $html .= "<tr>\n";
- $html .= "<td>" . Get_Text("makeuser_text2") . "</td>\n";
- $html .= "<td><textarea rows=\"5\" cols=\"40\" name=\"kommentar\">" . $_POST["kommentar"] . "</textarea></td>\n";
- $html .= "</tr>\n";
- $html .= "<tr><td>" . Get_Text("makeuser_Hometown") . "</td><td><input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" . $_POST["Hometown"] . "\"></td></tr>\n";
- $html .= "<tr><td>" . Get_Text("makeuser_Passwort") . "*</td><td><input type=\"password\" size=\"40\" name=\"Passwort\"/></td></tr>\n";
- $html .= "<tr><td>" . Get_Text("makeuser_Passwort2") . "*</td><td><input type=\"password\" size=\"40\" name=\"Passwort2\"/></td></tr>\n";
- $html .= "<tr><td>&nbsp;</td><td><input type=\"submit\" name=\"send\" value=\"" . Get_Text("makeuser_Anmelden") . "\"/></td></tr>\n";
- $html .= "</table>\n";
- $html .= "</form>\n";
- $html .= Get_Text("makeuser_text3");
+ // Trivia
+ if (isset ($_REQUEST['lastname']))
+ $lastname = strip_request_item('lastname');
+ if (isset ($_REQUEST['prename']))
+ $prename = strip_request_item('prename');
+ if (isset ($_REQUEST['age']) && preg_match("/^[0-9]{0,4}$/", $_REQUEST['age']))
+ $age = strip_request_item('age');
+ if (isset ($_REQUEST['tel']))
+ $tel = strip_request_item('tel');
+ if (isset ($_REQUEST['dect']))
+ $dect = strip_request_item('dect');
+ if (isset ($_REQUEST['mobile']))
+ $mobile = strip_request_item('mobile');
+ if (isset ($_REQUEST['hometown']))
+ $hometown = strip_request_item('hometown');
+ if (isset ($_REQUEST['comment']))
+ $comment = strip_request_item_nl('comment');
+
+ if ($ok) {
+ sql_query("INSERT INTO `User` SET `Nick`='" . sql_escape($nick) . "', `Vorname`='" . sql_escape($prename) . "', `Name`='" . sql_escape($lastname) .
+ "', `Alter`='" . sql_escape($age) . "', `Telefon`='" . sql_escape($tel) . "', `DECT`='" . sql_escape($dect) . "', `Handy`='" . sql_escape($mobile) .
+ "', `email`='" . sql_escape($mail) . "', `ICQ`='" . sql_escape($icq) . "', `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) .
+ "', `Passwort`='" . sql_escape($password_hash) . "', `kommentar`='" . sql_escape($comment) . "', `Hometown`='" . sql_escape($hometown) . "', `CreateDate`=NOW(), `Sprache`='" . sql_escape($_SESSION["Sprache"]) . "'");
+
+ // Assign user-group
+ sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape(sql_id()) . ", `group_id`=-2");
+
+ success(Get_Text("makeuser_writeOK4"));
+ redirect(page_link_to('login'));
+ }
}
- return $html;
+
+ return page(array (
+ Get_Text("makeuser_text1"),
+ $msg,
+ form(array (
+ form_text('nick', Get_Text("makeuser_Nickname") . "*", $nick),
+ form_text('lastname', Get_Text("makeuser_Nachname"), $lastname),
+ form_text('prename', Get_Text("makeuser_Vorname"), $prename),
+ form_text('age', Get_Text("makeuser_Alter"), $age),
+ form_text('tel', Get_Text("makeuser_Telefon"), $tel),
+ form_text('dect', Get_Text("makeuser_DECT"), $tel),
+ form_text('mobile', Get_Text("makeuser_Handy"), $mobile),
+ form_text('mail', Get_Text("makeuser_E-Mail") . "*", $mail),
+ form_text('icq', "ICQ", $icq),
+ form_text('jabber', "Jabber", $jabber),
+ form_text('hometown', Get_Text("makeuser_Hometown"), $hometown),
+ $enable_tshirt_size ? form_select('tshirt_size', Get_Text("makeuser_T-Shirt"), $tshirt_sizes, $tshirt_size) : '',
+ form_textarea('comment', Get_Text("makeuser_text2"), $comment),
+ form_password('password', Get_Text("makeuser_Passwort")),
+ form_password('password2', Get_Text("makeuser_Passwort2")),
+ info(Get_Text("makeuser_text3"), true),
+ form_submit('submit', Get_Text("makeuser_Anmelden"))
+ ))
+ ));
}
function guest_logout() {
@@ -204,44 +138,55 @@ function guest_logout() {
function guest_login() {
global $user;
+
+ $msg = "";
+ $nick = "";
+
unset ($_SESSION['uid']);
- $html = "";
- if (isset ($_REQUEST['login_submit'])) {
- $login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($_REQUEST["user"]) . "'");
-
- if (count($login_user) == 1) { // Check, ob User angemeldet wird...
- $login_user = $login_user[0];
- if ($login_user["Passwort"] == PassCrypt($_REQUEST["password"])) { // Passwort ok...
- $_SESSION['uid'] = $login_user['UID'];
- $_SESSION['Sprache'] = $login_user['Sprache'];
- header("Location: " . page_link_to("news"));
- } else { // Passwort nicht ok...
- $ErrorText = "pub_index_pass_no_ok";
- } // Ende Passwort-Check
- } else { // Anzahl der User in User-Tabelle <> 1 --> keine Anmeldung
- if ($user_anz == 0)
- $ErrorText = "pub_index_User_unset";
- else
- $ErrorText = "pub_index_User_more_as_one";
- } // Ende Check, ob User angemeldet wurde}
+ if (isset ($_REQUEST['submit'])) {
+ $ok = true;
+
+ if (isset ($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 0) {
+ $nick = strip_request_item('nick');
+ $login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "'");
+ if (count($login_user) > 0) {
+ $login_user = $login_user[0];
+ if (isset ($_REQUEST['password'])) {
+ if ($login_user['Passwort'] != PassCrypt($_REQUEST['password'])) {
+ $ok = false;
+ $msg .= error(Get_Text("pub_index_pass_no_ok"), true);
+ }
+ } else {
+ $ok = false;
+ $msg .= error("Please enter a password.", true);
+ }
+ } else {
+ $ok = false;
+ $msg .= error(Get_Text("pub_index_User_unset"), true);
+ }
+ } else {
+ $ok = false;
+ $msg .= error("Please enter a nickname.", true);
+ }
+
+ if ($ok) {
+ $_SESSION['uid'] = $login_user['UID'];
+ $_SESSION['Sprache'] = $login_user['Sprache'];
+ redirect(page_link_to('news'));
+ }
}
- if (isset ($ErrorText))
- $html .= error(Get_Text($ErrorText));
- $html .= guest_login_form();
- return $html;
-}
-function guest_login_form() {
- return template_render("../templates/guest_login_form.html", array (
- 'link' => page_link_to("login"),
- 'nick' => Get_Text("index_lang_nick"),
- 'pass' => Get_Text("index_lang_pass"),
- 'send' => Get_Text("index_lang_send"),
- 'text1' => Get_Text("index_text1"),
- 'text2' => Get_Text("index_text2"),
- 'text3' => Get_Text("index_text3"),
- 'text4' => Get_Text("index_text4")
+ return page(array (
+ Get_Text("index_text1") . " " . Get_Text("index_text2") . " " . Get_Text("index_text3"),
+ $msg,
+ msg(),
+ form(array (
+ form_text('nick', Get_Text("index_lang_nick"), $nick),
+ form_password('password', Get_Text("index_lang_pass")),
+ form_submit('submit', Get_Text("index_lang_send"))
+ )),
+ info(Get_Text("index_text4"), true)
));
}
?>
diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php
index 29b41cae..1d490843 100644
--- a/includes/pages/user_messages.php
+++ b/includes/pages/user_messages.php
@@ -25,7 +25,7 @@ function user_messages() {
foreach ($users as $u)
$to_select_data[$u['UID']] = $u['Nick'];
- $to_select = html_select_key('to', $to_select_data, '');
+ $to_select = html_select_key('to', 'to', $to_select_data, '');
$messages_html = "";
$messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC");
@@ -64,28 +64,28 @@ function user_messages() {
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
- return error("Incomplete call, missing Message ID.");
+ return error("Incomplete call, missing Message ID.", true);
$message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) {
sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("user_messages"));
} else
- return error("No Message found.");
+ return error("No Message found.", true);
break;
case "delete" :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
- return error("Incomplete call, missing Message ID.");
+ return error("Incomplete call, missing Message ID.", true);
$message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) {
sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("user_messages"));
} else
- return error("No Message found.");
+ return error("No Message found.", true);
break;
case "send" :
@@ -95,12 +95,12 @@ function user_messages() {
sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'");
header("Location: " . page_link_to("user_messages"));
} else {
- return error(Get_Text("pub_messages_Send_Error"));
+ return error(Get_Text("pub_messages_Send_Error"), true);
}
break;
default :
- return error("Wrong action.");
+ return error("Wrong action.", true);
}
}
}
diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php
index dd53d134..c9050b6e 100644
--- a/includes/pages/user_myshifts.php
+++ b/includes/pages/user_myshifts.php
@@ -16,18 +16,18 @@ function user_myshifts() {
list ($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
if ($id != $user['UID'])
- $msg .= error("Du betrachtest die Schichten von " . $shifts_user['Nick'] . ".");
+ $msg .= info(sprintf("You are viewing %s's shifts.", $shifts_user['Nick']), true);
if (isset ($_REQUEST['reset'])) {
if ($_REQUEST['reset'] == "ack") {
user_reset_ical_key();
- return success("Key geändert.");
+ return success("Key geändert.", true);
}
return template_render('../templates/user_myshifts_reset.html', array ());
}
elseif (isset ($_REQUEST['edit']) && preg_match("/^[0-9]*$/", $_REQUEST['edit'])) {
$id = $_REQUEST['edit'];
- $shift = sql_select("SELECT `ShiftEntry`.`Comment`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`Name` as `angel_type` FROM `ShiftEntry` JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`TID`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1");
+ $shift = sql_select("SELECT `ShiftEntry`.`Comment`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type` FROM `ShiftEntry` JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1");
if (count($shift) > 0) {
$shift = $shift[0];
@@ -55,9 +55,9 @@ function user_myshifts() {
$shift = $shift[0];
if (($shift['start'] - time() < $LETZTES_AUSTRAGEN * 60) || in_array('user_shifts_admin', $privileges)) {
sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
- $msg .= success("Du wurdest aus der Schicht ausgetragen.");
+ $msg .= success("Du wurdest aus der Schicht ausgetragen.", true);
} else
- $msg .= error("Es ist zu spät um sich aus der Schicht auszutragen. Frage ggf. einen Orga.'");
+ $msg .= error("Es ist zu spät um sich aus der Schicht auszutragen. Frage ggf. einen Orga.", true);
} else
header("Location: " . page_link_to('user_myshifts'));
}
diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php
index 5d725c13..69f4022c 100644
--- a/includes/pages/user_news.php
+++ b/includes/pages/user_news.php
@@ -58,7 +58,7 @@ function user_news_comments() {
if (isset ($_REQUEST["text"])) {
$text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
sql_query("INSERT INTO `news_comments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')");
- $html .= success("Eintrag wurde gespeichert");
+ $html .= success("Eintrag wurde gespeichert", true);
}
$html .= '<a href="' . page_link_to("news") . '">&laquo; Back</a>';
@@ -114,7 +114,7 @@ function user_news() {
sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " .
"VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) .
"', '" . sql_escape($_POST["treffen"]) . "');");
- $html .= success(Get_Text(4));
+ $html .= success(Get_Text(4), true);
}
if (isset ($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page']))
diff --git a/includes/pages/user_questions.php b/includes/pages/user_questions.php
index 18b9c6dd..e30663f7 100644
--- a/includes/pages/user_questions.php
+++ b/includes/pages/user_questions.php
@@ -29,20 +29,20 @@ function user_questions() {
sql_query("INSERT INTO `Questions` SET `UID`=" . sql_escape($user['UID']) . ", `Question`='" . sql_escape($question) . "'");
header("Location: " . page_link_to("user_questions"));
} else
- return error("Gib eine Frage ein!");
+ return error("Gib eine Frage ein!", true);
break;
case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
- return error("Incomplete call, missing Question ID.");
+ return error("Incomplete call, missing Question ID.", true);
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
if (count($question) > 0 && $question[0]['UID'] == $user['UID']) {
sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("user_questions"));
} else
- return error("No question found.");
+ return error("No question found.", true);
break;
}
}
diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php
index aed0ccb0..ce632b93 100644
--- a/includes/pages/user_settings.php
+++ b/includes/pages/user_settings.php
@@ -7,7 +7,7 @@ function user_settings() {
if ($enable_tshirt_size)
$tshirt_html = template_render('../templates/user_settings_tshirt.html', array (
'label_size' => Get_Text("makeuser_T-Shirt"),
- 'size_select' => ($user['Tshirt'] == 0) ? html_select_key('size', array (
+ 'size_select' => ($user['Tshirt'] == 0) ? html_select_key('size', 'size', array (
'S' => "S",
'M' => "M",
'L' => "L",
@@ -57,7 +57,7 @@ function user_settings() {
'new_pw2_label' => Get_Text(17),
'text_theme' => Get_Text(18),
'theme_label' => Get_Text(19),
- 'theme_select' => html_select_key('theme', array (
+ 'theme_select' => html_select_key('theme', 'theme', array (
"1" => "Standard-Style",
"2" => "ot/Gelber Style",
"3" => "Club-Mate Style",
@@ -72,7 +72,7 @@ function user_settings() {
), $user['color']),
'text_language' => Get_Text(20),
'language_label' => Get_Text(21),
- 'language_select' => html_select_key('language', array (
+ 'language_select' => html_select_key('language', 'language', array (
'DE' => "Deutsch",
'EN' => "English"
), $user['Sprache'])
@@ -102,10 +102,10 @@ function user_settings() {
sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1");
header("Location: " . page_link_to("user_settings"));
} else {
- $html .= error(Get_Text(30));
+ $html .= error(Get_Text(30), true);
}
} else {
- $html .= error(Get_Text(31));
+ $html .= error(Get_Text(31), true);
}
return $html;
break;
diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php
index 668fe8b7..49078c05 100644
--- a/includes/pages/user_shifts.php
+++ b/includes/pages/user_shifts.php
@@ -9,7 +9,7 @@ function user_shifts() {
header("Location: " . page_link_to('user_shifts'));
sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($entry_id) . " LIMIT 1");
- return success("Der Schicht-Eintrag wurde gelöscht..");
+ return success("Der Schicht-Eintrag wurde gelöscht..", true);
}
// Schicht bearbeiten
elseif (isset ($_REQUEST['edit_shift']) && in_array('admin_shifts', $privileges)) {
@@ -22,7 +22,7 @@ function user_shifts() {
header("Location: " . page_link_to('user_shifts'));
if (sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1") > 0)
- return error("Du kannst nur Schichten bearbeiten, bei denen niemand eingetragen ist.");
+ return error("Du kannst nur Schichten bearbeiten, bei denen niemand eingetragen ist.", true);
$shift = sql_select("SELECT * FROM `Shifts` JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1");
if (count($shift) == 0)
@@ -36,7 +36,7 @@ function user_shifts() {
$room_array[$room['RID']] = $room['Name'];
// Engeltypen laden
- $types = sql_select("SELECT * FROM `NeededAngelTypes` JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`TID`) WHERE `shift_id`=" . sql_escape($shift_id) . " ORDER BY `AngelTypes`.`Name`");
+ $types = sql_select("SELECT * FROM `NeededAngelTypes` JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id`) WHERE `shift_id`=" . sql_escape($shift_id) . " ORDER BY `AngelTypes`.`name`");
$needed_angel_types = array ();
foreach ($types as $type)
$needed_angel_types[$type['TID']] = $type['count'];
@@ -56,39 +56,39 @@ function user_shifts() {
else {
$ok = false;
$rid = $rooms[0]['RID'];
- $msg .= error("Wähle bitte einen Raum aus.");
+ $msg .= error("Wähle bitte einen Raum aus.", true);
}
if (isset ($_REQUEST['start']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['start'])))
$start = $tmp->getTimestamp();
else {
$ok = false;
- $msg .= error("Bitte gib einen Startzeitpunkt für die Schichten an.");
+ $msg .= error("Bitte gib einen Startzeitpunkt für die Schichten an.", true);
}
if (isset ($_REQUEST['end']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['end'])))
$end = $tmp->getTimestamp();
else {
$ok = false;
- $msg .= error("Bitte gib einen Endzeitpunkt für die Schichten an.");
+ $msg .= error("Bitte gib einen Endzeitpunkt für die Schichten an.", true);
}
if ($start >= $end) {
$ok = false;
- $msg .= error("Das Ende muss nach dem Startzeitpunkt liegen!");
+ $msg .= error("Das Ende muss nach dem Startzeitpunkt liegen!", true);
}
foreach ($types as $type) {
- if (isset ($_REQUEST['type_' . $type['TID']]) && preg_match("/^[0-9]+$/", trim($_REQUEST['type_' . $type['TID']]))) {
- $needed_angel_types[$type['TID']] = trim($_REQUEST['type_' . $type['TID']]);
+ if (isset ($_REQUEST['type_' . $type['id']]) && preg_match("/^[0-9]+$/", trim($_REQUEST['type_' . $type['id']]))) {
+ $needed_angel_types[$type['id']] = trim($_REQUEST['type_' . $type['id']]);
} else {
$ok = false;
- $msg .= error("Bitte überprüfe die Eingaben für die benötigten Engel des Typs " . $type['Name'] . ".");
+ $msg .= error("Bitte überprüfe die Eingaben für die benötigten Engel des Typs " . $type['name'] . ".", true);
}
}
if (array_sum($needed_angel_types) == 0) {
$ok = false;
- $msg .= error("Es werden 0 Engel benötigt. Bitte wähle benötigte Engel.");
+ $msg .= error("Es werden 0 Engel benötigt. Bitte wähle benötigte Engel.", true);
}
if ($ok) {
@@ -96,17 +96,17 @@ function user_shifts() {
sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id));
foreach ($needed_angel_types as $type_id => $count)
sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count));
- return success("Schicht gespeichert.");
+ return success("Schicht gespeichert.", true);
}
}
- $room_select = html_select_key('rid', $room_array, $rid);
+ $room_select = html_select_key('rid', 'rid', $room_array, $rid);
$angel_types = "";
foreach ($types as $type) {
$angel_types .= template_render('../templates/admin_shifts_angel_types.html', array (
'id' => $type['TID'],
- 'type' => $type['Name'],
- 'value' => $needed_angel_types[$type['TID']]
+ 'type' => $type['name'],
+ 'value' => $needed_angel_types[$type['id']]
));
}
return template_render('../templates/user_shifts_edit.html', array (
@@ -136,7 +136,7 @@ function user_shifts() {
sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id));
sql_query("DELETE FROM `Shifts` WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1");
- return success("Die Schicht wurde gelöscht.");
+ return success("Die Schicht wurde gelöscht.", true);
}
return template_render('../templates/user_shifts_admin_delete.html', array (
@@ -162,7 +162,7 @@ function user_shifts() {
else
header("Location: " . page_link_to('user_shifts'));
- $type = sql_select("SELECT * FROM `AngelTypes` WHERE `TID`=" . sql_escape($type_id) . " LIMIT 1");
+ $type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($type_id) . " LIMIT 1");
if (count($type) == 0)
header("Location: " . page_link_to('user_shifts'));
$type = $type[0];
@@ -184,11 +184,11 @@ function user_shifts() {
$entries = sql_select("SELECT * FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift['SID']));
foreach ($entries as $entry)
if ($entry['UID'] == $user_id)
- return error("This angel does already have an entry for this shift.");
+ return error("This angel does already have an entry for this shift.", true);
$comment = strip_request_item_nl('comment');
sql_query("INSERT INTO `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "', `UID`=" . sql_escape($user_id) . ", `TID`=" . sql_escape($type_id) . ", `SID`=" . sql_escape($shift_id));
- return success("Du bist eingetragen. Danke!") . '<a href="' . page_link_to('user_myshifts') . '">Meine Schichten &raquo;</a>';
+ return success("Du bist eingetragen. Danke!", true) . '<a href="' . page_link_to('user_myshifts') . '">Meine Schichten &raquo;</a>';
}
if (in_array('user_shifts_admin', $privileges)) {
@@ -196,7 +196,7 @@ function user_shifts() {
$users_select = array ();
foreach ($users as $usr)
$users_select[$usr['UID']] = $usr['Nick'];
- $user_text = html_select_key('user_id', $users_select, $user['UID']);
+ $user_text = html_select_key('user_id', 'user_id', $users_select, $user['UID']);
} else
$user_text = $user['Nick'];
@@ -206,7 +206,7 @@ function user_shifts() {
'title' => $shift['name'],
'location' => $shift['Name'],
'angel' => $user_text,
- 'type' => $type['Name'],
+ 'type' => $type['name'],
'comment' => ""
));
} else {
@@ -240,9 +240,9 @@ function user_shifts() {
$shift_row .= ' <a href="?p=user_shifts&edit_shift=' . $shift['SID'] . '">[edit]</a> <a href="?p=user_shifts&delete_shift=' . $shift['SID'] . '">[x]</a>';
$shift_row .= '<br />';
$show_shift = false;
- $angeltypes = sql_select("SELECT * FROM `NeededAngelTypes` JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`TID`) WHERE `shift_id`=" . sql_escape($shift['SID']) . " AND `count` > 0 ORDER BY `AngelTypes`.`Name`");
+ $angeltypes = sql_select("SELECT * FROM `NeededAngelTypes` JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id`) WHERE `shift_id`=" . sql_escape($shift['SID']) . " AND `count` > 0 ORDER BY `AngelTypes`.`name`");
if (count($angeltypes) == 0)
- $angeltypes = sql_select("SELECT * FROM `NeededAngelTypes` JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`TID`) WHERE `room_id`=" . sql_escape($shift['RID']) . " AND `count` > 0 ORDER BY `AngelTypes`.`Name`");
+ $angeltypes = sql_select("SELECT * FROM `NeededAngelTypes` JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id`) WHERE `room_id`=" . sql_escape($shift['RID']) . " AND `count` > 0 ORDER BY `AngelTypes`.`name`");
if (count($angeltypes) > 0) {
$my_shift = sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift['SID']) . " AND `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0;
@@ -262,7 +262,7 @@ function user_shifts() {
} else
$entry_list[] = ($angeltype['count'] - count($entries)) . ' Helfer gebraucht';
- $shift_row .= '<b>' . $angeltype['Name'] . ':</b> ';
+ $shift_row .= '<b>' . $angeltype['name'] . ':</b> ';
$shift_row .= join(", ", $entry_list);
$shift_row .= '<br />';
}
diff --git a/includes/pages/user_wakeup.php b/includes/pages/user_wakeup.php
index 2c6940e7..fbb47a0d 100644
--- a/includes/pages/user_wakeup.php
+++ b/includes/pages/user_wakeup.php
@@ -17,23 +17,23 @@ function user_wakeup() {
. sql_escape($date) . "', '" . sql_escape($ort) . "', " . "'"
. sql_escape($bemerkung) . "')";
sql_query($SQL);
- $html .= success(Get_Text(4));
+ $html .= success(Get_Text(4), true);
} else
- $html .= error("Broken date!");
+ $html .= error("Broken date!", true);
break;
case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
- return error("Incomplete call, missing wake-up ID.");
+ return error("Incomplete call, missing wake-up ID.", true);
$wakeup = sql_select("SELECT * FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($wakeup) > 0 && $wakeup[0]['UID'] == $user['UID']) {
sql_query("DELETE FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
- $html .= success("Wake-up call deleted.");
+ $html .= success("Wake-up call deleted.", true);
} else
- return error("No wake-up found.");
+ return error("No wake-up found.", true);
break;
}
}
diff --git a/includes/sys_page.php b/includes/sys_page.php
index e499cd57..c423155f 100644
--- a/includes/sys_page.php
+++ b/includes/sys_page.php
@@ -1,26 +1,104 @@
<?php
+
+/**
+ * Leitet den Browser an die übergebene URL weiter und hält das Script an.
+ */
+function redirect($to) {
+ header("Location: " . $to, true, 302);
+ die();
+}
+
+/**
+ * Gibt den gefilterten REQUEST Wert ohne Zeilenumbrüche zurück
+ */
function strip_request_item($name) {
- return preg_replace(
- "/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui",
- '',
- strip_tags($_REQUEST[$name])
- );
+ return strip_item($_REQUEST[$name]);
}
+/**
+ * Testet, ob der angegebene REQUEST Wert ein Integer ist, bzw. eine ID sein könnte.
+ */
+function test_request_int($name) {
+ if (isset ($_REQUEST[$name]))
+ return preg_match("/^[0-9]*$/", $_REQUEST[$name]);
+ return false;
+}
+
+/**
+ * Gibt den gefilterten REQUEST Wert mit Zeilenumbrüchen zurück
+ */
function strip_request_item_nl($name) {
- return preg_replace(
- "/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui",
- '',
- strip_tags($_REQUEST[$name])
- );
+ return preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}+\n]{1,})/ui", '', strip_tags($_REQUEST[$name]));
+}
+
+/**
+ * Entfernt unerwünschte Zeichen
+ */
+function strip_item($item) {
+ return preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}+]{1,})/ui", '', strip_tags($item));
+}
+
+/**
+ * Überprüft eine E-Mail-Adresse.
+ */
+function check_email($email) {
+ return (bool) preg_match("#^([a-zA-Z0-9_\-])+(\.([a-zA-Z0-9_\-])+)*@((\[(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5]))\]))|((([\p{L}0-9])+(([\-])+([\p{L}0-9])+)*\.)+([\p{L}])+(([\-])+([\p{L}0-9])+)*))$#u", $email);
+}
+
+/**
+ * Gibt zwischengespeicherte Fehlermeldungen zurück und löscht den Zwischenspeicher
+ */
+function msg() {
+ if (!isset ($_SESSION['msg']))
+ return "";
+ $msg = $_SESSION['msg'];
+ $_SESSION['msg'] = "";
+ return $msg;
+}
+
+/**
+ * Rendert eine Information
+ */
+function info($msg, $immediatly = false) {
+ if ($immediatly) {
+ if ($msg == "")
+ return "";
+ return '<p class="info">' . $msg . '</p>';
+ } else {
+ if (!isset ($_SESSION['msg']))
+ $_SESSION['msg'] = "";
+ $_SESSION['msg'] .= info($msg, true);
+ }
}
-function error($msg) {
- return '<p class="error">' . $msg . '</p>';
+/**
+ * Rendert eine Fehlermeldung
+ */
+function error($msg, $immediatly = false) {
+ if ($immediatly) {
+ if ($msg == "")
+ return "";
+ return '<p class="error">' . $msg . '</p>';
+ } else {
+ if (!isset ($_SESSION['msg']))
+ $_SESSION['msg'] = "";
+ $_SESSION['msg'] .= error($msg, true);
+ }
}
-function success($msg) {
- return '<p class="success">' . $msg . '</p>';
+/**
+ * Rendert eine Erfolgsmeldung
+ */
+function success($msg, $immediatly = false) {
+ if ($immediatly) {
+ if ($msg == "")
+ return "";
+ return '<p class="success">' . $msg . '</p>';
+ } else {
+ if (!isset ($_SESSION['msg']))
+ $_SESSION['msg'] = "";
+ $_SESSION['msg'] .= success($msg, true);
+ }
}
?>
diff --git a/includes/sys_shift.php b/includes/sys_shift.php
index 329a40ff..728e7a83 100644
--- a/includes/sys_shift.php
+++ b/includes/sys_shift.php
@@ -24,14 +24,14 @@ function load_shift_basics() {
}
// erstellt ein Array der Engeltypen
- $engel_types = sql_select("SELECT `TID`, `Name` FROM `EngelType` ORDER BY `Name`");
+ $engel_types = sql_select("SELECT * FROM `EngelType` ORDER BY `name`");
foreach ($engel_types as $engel_type) {
$EngelType[$i] = array (
- 'TID' => $engel_type['TID'],
- 'Name' => $engel_type['Name'] . Get_Text("inc_schicht_engel")
+ 'id' => $engel_type['id'],
+ 'name' => $engel_type['name'] . Get_Text("inc_schicht_engel")
);
- $EngelTypeID[$engel_type['TID']] = $engel_type['Name'] . Get_Text("inc_schicht_engel");
- $TID2Name[$engel_type['TID']] = $engel_type['Name'];
+ $EngelTypeID[$engel_type['id']] = $engel_type['name'] . Get_Text("inc_schicht_engel");
+ $TID2Name[$engel_type['id']] = $engel_type['name'];
}
// Erste Schicht suchen
diff --git a/includes/sys_template.php b/includes/sys_template.php
index 92e6e674..0a42d9ac 100644
--- a/includes/sys_template.php
+++ b/includes/sys_template.php
@@ -1,6 +1,138 @@
<?php
+/**
+ * Rendert eine Liste von Checkboxen für ein Formular
+ * @param name Die Namen der Checkboxen werden aus name_key gebildet
+ * @param label Die Beschriftung der Liste
+ * @param items Array mit den einzelnen Checkboxen
+ * @param selected Array mit den Keys, die ausgewählt sind
+ */
+function form_checkboxes($name, $label, $items, $selected) {
+ $html = "<ul>";
+ foreach ($items as $key => $item) {
+ $id = $name . '_' . $key;
+ $sel = array_search($key, $selected) !== false ? ' checked="checked"' : "";
+ $html .= '<li><input type="checkbox" id="' . $id . '" name="' . $id . '" value="checked"' . $sel . ' /><label for="' . $id . '">' . $item . '</label></li>';
+ }
+ $html .= "</ul>";
+ return form_element($label, $html);
+}
+
+/**
+ * Rendert eine Checkbox
+ */
+function form_checkbox($name, $label, $selected, $value = 'checked') {
+ return form_element("", '<input type="checkbox" id="' . $name . '" name="' . $name . '" value="' . $value . '"' . ($selected ? ' checked="checked"' : '') . ' /><label for="' . $name . '">' . $label . '</label>');
+}
+
+/**
+ * Rendert einen Infotext in das Formular
+ */
+function form_info($label, $text) {
+ return form_element($label, $text, "");
+}
+
+/**
+ * Rendert den Absenden-Button eines Formulars
+ */
+function form_submit($name, $label) {
+ return form_element('<input class="button save ' . $name . '" type="submit" name="' . $name . '" value="' . $label . '" />', "");
+}
+
+/**
+ * Rendert ein Formular-Textfeld
+ */
+function form_text($name, $label, $value, $disabled = false) {
+ $disabled = $disabled ? ' disabled="disabled"' : '';
+ return form_element($label, '<input id="form_' . $name . '" type="text" name="' . $name . '" value="' . $value . '" ' . $disabled . '/>', 'form_' . $name);
+}
+
+/**
+ * Rendert ein Formular-Passwortfeld
+ */
+function form_password($name, $label, $disabled = false) {
+ $disabled = $disabled ? ' disabled="disabled"' : '';
+ return form_element($label, '<input id="form_' . $name . '" type="password" name="' . $name . '" value="" ' . $disabled . '/>', 'form_' . $name);
+}
+
+/**
+ * Rendert ein Formular-Textfeld
+ */
+function form_textarea($name, $label, $value, $disabled = false) {
+ $disabled = $disabled ? ' disabled="disabled"' : '';
+ return form_element($label, '<textarea id="form_' . $name . '" type="text" name="' . $name . '" ' . $disabled . '>' . $value . '</textarea>', 'form_' . $name);
+}
+
+/**
+ * Rendert ein Formular-Auswahlfeld
+ */
+function form_select($name, $label, $values, $selected) {
+ return form_element($label, html_select_key('form_' . $name, $name, $values, $selected), 'form_' . $name);
+}
+
+/**
+ * Rendert ein Formular-Element
+ */
+function form_element($label, $input, $for = "") {
+ return '<div class="form_element">' . '<label for="' . $for . '" class="form_label">' . $label . '</label><div class="form_input">' . $input . '</div></div>';
+}
+
+/**
+ * Rendert ein Formular
+ */
+function form($elements, $action = "") {
+ return '<form action="' . $action . '" enctype="multipart/form-data" method="post"><div class="form">' . join($elements) . '</div></form>';
+}
+
+/**
+ * Generiert HTML Code für eine "Seite". Fügt dazu die übergebenen Elemente zusammen.
+ */
+function page($elements) {
+ return join($elements);
+}
+
+/**
+ * Rendert eine Datentabelle
+ */
+function table($columns, $rows, $data = true) {
+ if (count($rows) == 0)
+ return info("No data available.", true);
+ $html = "";
+ $html .= '<table' . ($data ? ' class="data"' : '') . '>';
+ $html .= '<thead><tr>';
+ foreach ($columns as $key => $column)
+ $html .= '<th>' . $column . '</th>';
+ $html .= '</tr></thead>';
+ $html .= '<tbody>';
+ foreach ($rows as $row) {
+ $html .= '<tr>';
+ foreach ($columns as $key => $column)
+ if (isset ($row[$key]))
+ $html .= '<td class="' . $key . '">' . $row[$key] . '</td>';
+ else
+ $html .= '<td class="' . $key . '">&nbsp;</td>';
+ $html .= '</tr>';
+ }
+ $html .= '</tbody>';
+ $html .= '</table>';
+ return $html;
+}
+
+/**
+ * Rendert einen Knopf
+ */
+function button($href, $label, $class = "") {
+ return '<a href="' . $href . '" class="button ' . $class . '">' . $label . '</a>';
+}
+
+/**
+ * Rendert eine Toolbar mit Knöpfen
+ */
+function buttons($buttons = array ()) {
+ return '<div class="toolbar">' . join($buttons) . '</div>';
+}
+
// Load and render template
function template_render($file, $data) {
if (file_exists($file)) {
@@ -44,13 +176,15 @@ function html_options($name, $options, $selected = "") {
return $html;
}
-function html_select_key($name, $rows, $selected) {
- $html = '<select name="' . $name . '">';
- foreach ($rows as $key => $row)
- if (($key == $selected) || ($row == $selected))
+function html_select_key($id, $name, $rows, $selected) {
+ $html = '<select id="' . $id . '" name="' . $name . '">';
+ foreach ($rows as $key => $row) {
+ if (($key == $selected) || ($row == $selected)) {
$html .= '<option value="' . $key . '" selected="selected">' . $row . '</option>';
- else
+ } else {
$html .= '<option value="' . $key . '">' . $row . '</option>';
+ }
+ }
$html .= '</select>';
return $html;
}
diff --git a/includes/sys_user.php b/includes/sys_user.php
index c44fbc85..ccf5da6c 100644
--- a/includes/sys_user.php
+++ b/includes/sys_user.php
@@ -1,4 +1,24 @@
<?php
+
+
+/**
+ * Available T-Shirt sizes
+ */
+$tshirt_sizes = array (
+ 'S' => "S",
+ 'M' => "M",
+ 'L' => "L",
+ 'XL' => "XL",
+ '2XL' => "2XL",
+ '3XL' => "3XL",
+ '4XL' => "4XL",
+ '5XL' => "5XL",
+ 'S-G' => "S Girl",
+ 'M-G' => "M Girl",
+ 'L-G' => "L Girl",
+ 'XL-G' => "XL Girl"
+);
+
function UID2Nick($UID) {
if ($UID > 0)
$SQL = "SELECT Nick FROM `User` WHERE UID='" . sql_escape($UID) . "'";