From 1e4779938497a580217cf0e082730c731282cd69 Mon Sep 17 00:00:00 2001
From: Angelo Cuccato <cuccato@web.de>
Date: Tue, 23 Nov 2010 10:28:02 +0100
Subject: check link before show

---
 DB/Sprache.sql                    |  8 ++--
 includes/UserCVS.php              | 49 +++++++++++++++++++++++
 includes/funktion_activeUser.php  |  8 ++--
 includes/funktion_schichtplan.php | 82 ++++++++++++++++++++++-----------------
 includes/funktion_xml_schudle.php |  5 ++-
 www-ssl/admin/user.php            | 16 +++++---
 6 files changed, 115 insertions(+), 53 deletions(-)

diff --git a/DB/Sprache.sql b/DB/Sprache.sql
index 5bc5e190..76597b71 100755
--- a/DB/Sprache.sql
+++ b/DB/Sprache.sql
@@ -96,8 +96,8 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('33', 'DE', 'Sprache
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('33', 'EN', 'Language is saved. On the next page it will be active.');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('34', 'DE', 'Avatar wurde gesetzt.');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('34', 'EN', 'Avatar is saved.');
-INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'DE', '&lt;b&gt;Neue Anfrage:&lt;/b&gt;\r\nIn diesem Formular hast du die M&ouml;glichkeit, den Erzengeln eine Frage zu stellen. Wenn diese beantwortet ist, wirst du hier dar&uuml;ber informiert. Sollte die Frage von allgemeinem Interesse sein, wird diese in die Engel-FAQ &uuml;bernommen.');
-INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'EN', '<b>New Question</b>\r\nWith this form you may sumbit questions to our Archangels. Topics of common interest may be added to the FAQ. (Section: answered questions).\r\n');
+INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'DE', 'Neue Anfrage In diesem Formular hast du die M&ouml;glichkeit, den Erzengeln eine Frage zu stellen. Wenn diese beantwortet ist, wirst du hier dar&uuml;ber informiert. Sollte die Frage von allgemeinem Interesse sein, wird diese in die Engel-FAQ &uuml;bernommen.');
+INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'EN', 'New Question With this form you may sumbit questions to our Archangels. Topics of common interest may be added to the FAQ. (Section: answered questions).\r\n');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('36', 'DE', 'Stelle hier deine Frage');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('36', 'EN', 'Tell us your question');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('37', 'DE', 'Deine Anfrage war:');
@@ -325,8 +325,8 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_aktive_Active',
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_add_TextFor', 'EN', 'text for shift');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_add_WriteOK', 'EN', 'Now, you signed up for this shift. Thank you for your cooperation.');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_add_Text1', 'EN', 'Here you can sign up for a shift. As commend can you write what you want, it is only for you.');
-INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'DE', '&lt;h1&gt;Fehler&lt;/h1&gt;\r\n&Uuml;berschneidung von Schichten:');
-INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'EN', '&lt;h1&gt;error&lt;/h1&gt;\r\noverlap on shift:');
+INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'DE', 'Fehler &Uuml;berschneidung von Schichten:');
+INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'EN', 'error noverlap on shift:');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schicht_EmptyShifts', 'DE', 'Die n&auml;chsten 15 freien Schichten:');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schicht_EmptyShifts', 'EN', 'The next 15 empty shifts:');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('inc_schicht_date', 'DE', 'Datum');
diff --git a/includes/UserCVS.php b/includes/UserCVS.php
index 4f606b7e..9210e446 100755
--- a/includes/UserCVS.php
+++ b/includes/UserCVS.php
@@ -50,4 +50,53 @@ if( $DEBUG )
 	
 }
 
+function funktion_isLinkAllowed( $PageName)
+{
+        global $_SESSION;
+
+	// separate page parameter
+	$ParameterPos = strpos( $PageName, ".php?");
+	if( $ParameterPos === FALSE)
+	{
+		$pName = $PageName;
+	}
+	else
+	{
+		$pName = substr( $PageName, 0, $ParameterPos + 4);
+	}
+	
+	// check rights
+	if( (isset( $_SESSION['CVS'][ $pName ]) === TRUE) &&
+	    ($_SESSION['CVS'][ $pName ] == "Y") )
+	{
+		return TRUE;
+	}
+
+	return FALSE;
+}
+
+function funktion_isLinkAllowed_addLink_OrLinkText( $PageName, $LinkText)
+{
+        global $url, $ENGEL_ROOT;
+
+	if( funktion_isLinkAllowed( $PageName) === TRUE)
+	{
+		return "<a href=\"". $url. $ENGEL_ROOT. $PageName. "\">". $LinkText. "</a>";
+	}
+	
+	return $LinkText;
+}
+
+function funktion_isLinkAllowed_addLink_OrEmpty( $PageName, $LinkText)
+{
+        global $url, $ENGEL_ROOT;
+
+	if( funktion_isLinkAllowed( $PageName) === TRUE)
+	{
+		return "<a href=\"". $url. $ENGEL_ROOT. $PageName. "\">". $LinkText. "</a>";
+	}
+
+	return "";
+}
+
 ?>
diff --git a/includes/funktion_activeUser.php b/includes/funktion_activeUser.php
index 808ccf73..d19895a8 100755
--- a/includes/funktion_activeUser.php
+++ b/includes/funktion_activeUser.php
@@ -39,11 +39,9 @@ for( $i=0; $i<mysql_num_rows($Erg); $i++)
 	if( $_SESSION['UID']>0 )
 		echo DisplayAvatar( mysql_result( $Erg, $i, "UID"));
 	// Schow Admin Page
-	if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" )
-		echo " <a href=\"./../admin/userChangeNormal.php?enterUID=". mysql_result( $Erg, $i, "UID"). "&Type=Normal\">". 
-			mysql_result( $Erg, $i, "Nick"). "</a>";
-	else
-		echo mysql_result( $Erg, $i, "Nick");
+	echo funktion_isLinkAllowed_addLink_OrLinkText(
+		"admin/userChangeNormal.php?enterUID=". mysql_result( $Erg, $i, "UID"). "&Type=Normal",
+		mysql_result( $Erg, $i, "Nick"));
 
 	$Tlog =	(substr( mysql_result( $Erg, $i, "lastLogIn"),  8, 2) * 60 * 60 * 24) +	// Tag
 		(substr( mysql_result( $Erg, $i, "lastLogIn"), 11, 2) * 60 * 60) +	// Stunde
diff --git a/includes/funktion_schichtplan.php b/includes/funktion_schichtplan.php
index ae4bf821..0b5b9910 100755
--- a/includes/funktion_schichtplan.php
+++ b/includes/funktion_schichtplan.php
@@ -18,11 +18,9 @@ function ausgabe_Feld_Inhalt( $SID, $Man )
 	///////////////////////////////////////////////////////////////////
 	// Schow Admin Page
 	///////////////////////////////////////////////////////////////////
-	if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" )
-	{
-		$Spalten.= "<a href=\"./../admin/schichtplan.php?action=change&SID=$SID\">edit</a><br>\n\t\t";
-	}
-	
+	$Spalten.=funktion_isLinkAllowed_addLink_OrEmpty( 
+		"admin/schichtplan.php?action=change&SID=$SID",
+		"edit<br>\n\t\t");
 
 	///////////////////////////////////////////////////////////////////
   	// Ausgabe des Schischtnamens
@@ -104,28 +102,30 @@ function ausgabe_Feld_Inhalt( $SID, $Man )
 			
 			foreach( $TempValue["Engel"] as $TempEngelEntry=> $TempEngelID )
 			{
-				if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" )
-					$Spalten.= " <a href=\"./../admin/userChangeNormal.php?enterUID=$TempEngelID&Type=Normal\">"; 
-
-				if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" )
+				if( funktion_isLinkAllowed( "admin/user.php") === TRUE)
 				{
-					if( UIDgekommen( $TempEngelID ) == "1")
-	      					$Spalten.= "&nbsp;&nbsp;<span style=\"color: blue;\">".
-							   UID2Nick( $TempEngelID ).
-      							   ($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): "").
-							   "</span><br>\n\t\t";
-					else
-      						$Spalten.= "&nbsp;&nbsp;<span style=\"color: red;\">". 
-							   UID2Nick( $TempEngelID ).
-      							   ($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): "").
-							   "</span><br>\n\t\t";
+					// add color, wenn Engel "Gekommen"
+	      				$TempText= 
+						((UIDgekommen( $TempEngelID ) == "1")
+							? "<span style=\"color: blue;\">"
+							: "<span style=\"color: red;\">").
+						UID2Nick( $TempEngelID). "</span>";
 				}
 				else
-      					$Spalten.= "&nbsp;&nbsp;". UID2Nick( $TempEngelID ).
-      						   ($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): "").
-						   "<br>\n\t\t";
-				if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" )
-					$Spalten.= " </a>"; 
+				{
+					$TempText = UID2Nick( $TempEngelID );
+				}
+				
+				// add link to user
+				$TempText= funktion_isLinkAllowed_addLink_OrLinkText(
+					"admin/userChangeNormal.php?enterUID=$TempEngelID&Type=Normal",
+					$TempText);
+				
+				$Spalten.= "&nbsp;&nbsp;". $TempText.
+						( ($_GET["Icon"]==1) ? DisplayAvatar( $TempEngelID): "").
+						"<br>\n\t\t";
+
+
 			}
 			$Spalten = substr( $Spalten, 0, strlen($Spalten)-7 );
 		  }
@@ -205,13 +205,17 @@ function CreateRoomShifts( $raum )
 	$ErgSonder = mysql_query($SQLSonder, $con);
 	if( (mysql_num_rows( $ErgSonder) > 1) )
 	{
-		if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" )
+		if( funktion_isLinkAllowed( "admin/schichtplan.php") === TRUE )
 		{
 			echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> ";
-			echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". mysql_result($ErgSonder, 0, "SID"). "\">".
-				mysql_result($ErgSonder, 0, "DateS"). 
-				" '". mysql_result($ErgSonder, 0, "Man")."' (RID $raum) (00-24)".
-				"</a><br>\n\t\t";
+			for( $i=0; $i<mysql_num_rows( $ErgSonder); $i++)
+			{
+				echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". 
+					mysql_result($ErgSonder, $i, "SID"). "\">".
+					mysql_result($ErgSonder, $i, "DateS"). 
+					" '". mysql_result($ErgSonder, $i, "Man")."' (RID $raum) (00-24)".
+					"</a><br>\n\t\t";
+			}
 		}
 	}
 	elseif( (mysql_num_rows( $ErgSonder) == 1) )
@@ -236,13 +240,17 @@ function CreateRoomShifts( $raum )
 	$ErgSonder = mysql_query($SQLSonder, $con);
 	if( (mysql_num_rows( $ErgSonder) > 1) )
 	{
-		if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" )
+		if( funktion_isLinkAllowed( "admin/schichtplan.php") === TRUE )
 		{
 			echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> ";
-			echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". mysql_result($ErgSonder, 0, "SID"). "\">".
-				mysql_result($ErgSonder, 0, "DateS"). 
-				" '". mysql_result($ErgSonder, 0, "Man")."' (RID $raum) (00-xx)".
-				"</a><br>\n\t\t";
+			for( $i=0; $i<mysql_num_rows( $ErgSonder); $i++)
+			{
+				echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". 
+					mysql_result($ErgSonder, $i, "SID"). "\">".
+					mysql_result($ErgSonder, $i, "DateS"). 
+					" '". mysql_result($ErgSonder, $i, "Man")."' (RID $raum) (00-xx)".
+					"</a><br>\n\t\t";
+			}
 		}
 	}
 	elseif( (mysql_num_rows( $ErgSonder) == 1) )
@@ -297,10 +305,12 @@ function CreateRoomShifts( $raum )
 		}
 		else
 		{
-			echo Get_Text("pub_schichtplan_colision"). " ".
+			echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> ";
+			echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". 
+				mysql_result($Erg, $i, "SID"). "\">".
 				mysql_result($Erg, $i, "DateS"). 
 				" '". mysql_result($Erg, $i, "Man"). "' ".
-				" (".  mysql_result($Erg, $i, "SID"). " R$raum) (xx-xx)<br><br>";
+				" (".  mysql_result($Erg, $i, "SID"). " R$raum) (xx-xx)</a><br><br>";
 		}
 	}
 	if( $ZeitZeiger < 24 )
diff --git a/includes/funktion_xml_schudle.php b/includes/funktion_xml_schudle.php
index f6931301..4ef0a42f 100755
--- a/includes/funktion_xml_schudle.php
+++ b/includes/funktion_xml_schudle.php
@@ -259,7 +259,7 @@ foreach($XMLmain->sub as $EventKey => $Event)
 		}
 		else
 		{
-			echo "\t<td><a href=\"./schichtplan.php?action=change&SID=$SIDDB\">edit</a></td>\n";
+			echo "\t<td>". funktion_isLinkAllowed_addLink_OrLinkText("admin/schichtplan.php?action=change&SID=".$SIDDB, "edit"). "</td>\n";
 			$DS_OK++;
 		}
 		echo "\t</tr>\n";
@@ -299,7 +299,8 @@ if(mysql_num_rows($Erg2)>0 && $EnableSchudleDB )
 			   "<input name=\"LenDB\" type=\"text\" value=\"$Len\" size=\"1\"readonly></td>\n";
 		echo "\t<td><input name=\"ManXML\" type=\"text\" value=\"\" size=\"40\"readonly>\n\t\t".
 			   "<input name=\"ManDB\" type=\"text\" value=\"$Man\" size=\"40\"readonly></td>\n";
-		echo "\t<td><a href=\"./schichtplan.php?action=change&SID=$SID\">edit</a></td>\n";
+		echo "\t<td>". funktion_isLinkAllowed_addLink_OrLinkText( "admin/schichtplan.php?action=change&SID=".$SID, "edit"). 
+				"</td>\n";
 		echo "\t<tr>\n";
 	}
 echo "</table>";
diff --git a/www-ssl/admin/user.php b/www-ssl/admin/user.php
index a792f864..f8691563 100755
--- a/www-ssl/admin/user.php
+++ b/www-ssl/admin/user.php
@@ -88,12 +88,16 @@ if (!IsSet($_GET["enterUID"]))
 		echo "\t<td>".mysql_result($Erg, $n, "Aktiv")."</td>\n";
 		$Tshirt += mysql_result($Erg, $n, "Tshirt");
 		echo "\t<td>".mysql_result($Erg, $n, "Tshirt")."</td>\n";
-		echo "\t<td><a href=\"./userChangeNormal.php?enterUID=".
-			mysql_result($Erg, $n, "UID")."&Type=Normal\">&Auml;nd.</a></td>\n";
-		echo "\t<td>";
-		
-		echo "<a href=\"./userChangeSecure.php?enterUID=".
-			mysql_result($Erg, $n, "UID")."&Type=Secure\">Secure</a></td>\n";
+		echo "\t<td>". funktion_isLinkAllowed_addLink_OrEmpty( 
+				"admin/userChangeNormal.php?enterUID=". 
+					mysql_result($Erg, $n, "UID")."&Type=Normal",
+				"&Auml;nd.").
+			"</td>\n";
+		echo "\t<td>". funktion_isLinkAllowed_addLink_OrEmpty( 
+				"admin/userChangeSecure.php?enterUID=". 
+					mysql_result($Erg, $n, "UID")."&Type=Secure",
+				"Secure").
+			"</td>\n";
 		echo "</tr>\n";
 	}
 	echo "<tr>".
-- 
cgit v1.2.3-54-g00ecf