From e8c035e166a6a42be519d09ca8b1953e7b244c42 Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Tue, 19 Jul 2011 19:56:15 +0200
Subject: #6 edit my shift comment

---
 includes/pages/user_myshifts.php          |  36 ++++++++--
 includes/pages/user_shifts.php            |   3 +-
 templates/user_shifts_add.html            |   2 +-
 www-ssl_old/nonpublic/schichtplan_add.php | 114 ------------------------------
 4 files changed, 33 insertions(+), 122 deletions(-)
 delete mode 100644 www-ssl_old/nonpublic/schichtplan_add.php
diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php
index 88d78254..9d5b25d6 100644
--- a/includes/pages/user_myshifts.php
+++ b/includes/pages/user_myshifts.php
@@ -7,9 +7,32 @@ function user_myshifts() {
 	global $user, $privileges;
 	$msg = "";
 
-	if (isset ($_REQUEST['cancel']) && preg_match("/^[0-9]*$/", $_REQUEST['cancel'])) {
+	if (isset ($_REQUEST['edit']) && preg_match("/^[0-9]*$/", $_REQUEST['edit'])) {
+		$id = $_REQUEST['edit'];
+		$shift = sql_select("SELECT `ShiftEntry`.`Comment`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`Name` as `angel_type` FROM `ShiftEntry` JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`TID`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($user['UID']) . " LIMIT 1");
+		if (count($shift) > 0) {
+			$shift = $shift[0];
+
+			if (isset ($_REQUEST['submit'])) {
+				$comment = strip_request_item_nl('comment');
+				sql_query("UPDATE `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "' WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+				header("Location: " . page_link_to('user_myshifts'));
+			}
+
+			return template_render('../templates/user_shifts_add.html', array (
+				'angel' => $user['Nick'],
+				'date' => date("Y-m-d H:i", $shift['start']) . ', ' . date("H", $shift['end'] - $shift['start']) . ' h',
+				'location' => $shift['Name'],
+				'title' => $shift['name'],
+				'type' => $shift['angel_type'],
+				'comment' => $shift['Comment']
+			));
+		} else
+			header("Location: " . page_link_to('user_myshifts'));
+	}
+	elseif (isset ($_REQUEST['cancel']) && preg_match("/^[0-9]*$/", $_REQUEST['cancel'])) {
 		$id = $_REQUEST['cancel'];
-		$shift = sql_select("SELECT * FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+		$shift = sql_select("SELECT * FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($user['UID']) . " LIMIT 1");
 		if (count($shift) > 0) {
 			$shift = $shift[0];
 			if (($shift['start'] - time() < $LETZTES_AUSTRAGEN * 60) || in_array('user_shifts_admin', $privileges)) {
@@ -20,7 +43,7 @@ function user_myshifts() {
 		} else
 			header("Location: " . page_link_to('user_myshifts'));
 	}
-	$shifts = sql_select("SELECT * FROM `ShiftEntry` JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `UID`=" . sql_escape($user['UID'])." ORDER BY `start`");
+	$shifts = sql_select("SELECT * FROM `ShiftEntry` JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `UID`=" . sql_escape($user['UID']) . " ORDER BY `start`");
 	$html = "";
 	foreach ($shifts as $shift) {
 		if (time() > $shift['end'])
@@ -32,10 +55,11 @@ function user_myshifts() {
 		$html .= '<td>' . $shift['Name'] . '</td>';
 		$html .= '<td>' . $shift['name'] . '</td>';
 		$html .= '<td>' . $shift['Comment'] . '</td>';
+		$html .= '<td>';
+		$html .= '<a href="' . page_link_to('user_myshifts') . '&edit=' . $shift['id'] . '">edit</a>';
 		if ($shift['start'] - time() > $LETZTES_AUSTRAGEN * 60)
-			$html .= '<td><a href="' . page_link_to('user_myshifts') . '&cancel=' . $shift['id'] . '">Cancel</a></td>';
-		else
-			$html .= '<td></td>';
+			$html .= ' | <a href="' . page_link_to('user_myshifts') . '&cancel=' . $shift['id'] . '">cancel</a>';
+		$html .= '</td>';
 		$html .= '</tr>';
 	}
 	if ($html == "")
diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php
index 64fcbac5..f4542703 100644
--- a/includes/pages/user_shifts.php
+++ b/includes/pages/user_shifts.php
@@ -69,7 +69,8 @@ function user_shifts() {
 			'title' => $shift['name'],
 			'location' => $shift['Name'],
 			'angel' => $user_text,
-			'type' => $type['Name']
+			'type' => $type['Name'],
+			'comment' => ""
 		));
 	} else {
 		$shifts = sql_select("SELECT * FROM `Shifts` ORDER BY `start`");
diff --git a/templates/user_shifts_add.html b/templates/user_shifts_add.html
index a8218120..52245790 100644
--- a/templates/user_shifts_add.html
+++ b/templates/user_shifts_add.html
@@ -36,7 +36,7 @@
                 <br/>
                 (For your eyes only)
             </label>
-            <textarea name="comment"></textarea>
+            <textarea name="comment">%comment%</textarea>
         </p>
         <p>
             <input type="submit" name="submit" value="Send" />
diff --git a/www-ssl_old/nonpublic/schichtplan_add.php b/www-ssl_old/nonpublic/schichtplan_add.php
deleted file mode 100644
index 1bbcdc4b..00000000
--- a/www-ssl_old/nonpublic/schichtplan_add.php
+++ /dev/null
@@ -1,114 +0,0 @@
-<?php
-require_once ('../bootstrap.php');
-
-$title = "Himmel";
-$header = "Schichtpl&auml;ne";
-include "includes/header.php";
-include "includes/funktion_schichtplan.php";
-include "includes/funktion_schichtplan_aray.php";
-include "includes/funktionen.php";
-
-if (isset ($_POST["newtext"]) && isset ($_POST["SID"]) && isset ($_POST["TID"])) {
-	SetHeaderGo2Back();
-
-	// datum der einzutragenden Schicht heraussuhen...
-	$ShiftSQL = "SELECT `DateS`, `DateE` FROM `Shifts` WHERE `SID`='" . $_POST["SID"] . ".'";
-	$ShiftErg = mysql_query($ShiftSQL, $con);
-	$beginSchicht = mysql_result($ShiftErg, 0, "DateS");
-	$endSchicht = mysql_result($ShiftErg, 0, "DateE");
-
-	// wenn keien rechte definiert sind
-	if (!isset ($_SESSION['CVS'][$TID2Name[$_POST["TID"]]]))
-		$_SESSION['CVS'][$TID2Name[$_POST["TID"]]] = "Y";
-
-	if ($_SESSION['CVS'][$TID2Name[$_POST["TID"]]] == "Y") {
-		// Ueberpruefung, ob der Engel bereits fuer eine Schicht zu dieser Zeit eingetragen ist
-		$SSQL = "SELECT * FROM `Shifts`" .
-		" INNER JOIN `ShiftEntry` ON `ShiftEntry`.`SID` = `Shifts`.`SID`" .
-		" WHERE ((" .
-		" ((`Shifts`.`DateS` >= '$beginSchicht') and " .
-		"  (`Shifts`.`DateS` < '$endSchicht'))" .
-		" OR " .
-		" ((`Shifts`.`DateE` > '$beginSchicht') and " .
-		"  (`Shifts`.`DateE` <= '$endSchicht')) " .
-		") and " .
-		"(`ShiftEntry`.`UID` = '" . $_SESSION['UID'] . "'));";
-		$bErg = mysql_query($SSQL, $con);
-
-		if (mysql_num_rows($bErg) != 0)
-			echo Get_Text("pub_schichtplan_add_AllreadyinShift");
-		else {
-			// ermitteln der noch gesuchten
-			$SQL3 = "SELECT * FROM `ShiftEntry`" .
-			" WHERE ((`SID` = '" . $_POST["SID"] . "') AND (`TID` = '" . $_POST["TID"] . "') AND (`UID` = '0'));";
-			$Erg3 = mysql_query($SQL3, $con);
-
-			if (mysql_num_rows($Erg3) <= 0)
-				echo Get_Text("pub_schichtplan_add_ToManyYousers");
-			else {
-				//write shift
-				$SQL = "UPDATE `ShiftEntry` SET " .
-				"`UID` = '" . $_SESSION['UID'] . "', " .
-				"`Comment` = '" . $_POST["newtext"] . "' " .
-				"WHERE ( (`SID` = '" . $_POST["SID"] . "') and " .
-				"(`TID` = '" . $_POST["TID"] . "') and " .
-				"(`UID` = '0')) LIMIT 1;";
-				$Erg = mysql_query($SQL, $con);
-
-				if ($Erg != 1)
-					echo Get_Text("pub_schichtplan_add_Error");
-				else
-					echo Get_Text("pub_schichtplan_add_WriteOK");
-			}
-		}
-	} else {
-		echo "<h1>:-(</h1>";
-		array_push($error_messages, "Hack atteck\n");
-	}
-}
-elseif (isset ($_GET["SID"]) && isset ($_GET["TID"])) {
-	//wenn keine Rechte definiert sind
-	if (!isset ($_SESSION['CVS'][$TID2Name[$_GET["TID"]]]))
-		$_SESSION['CVS'][$TID2Name[$_GET["TID"]]] = "Y";
-
-	if ($_SESSION['CVS'][$TID2Name[$_GET["TID"]]] == "Y") {
-		echo Get_Text("pub_schichtplan_add_Text1") . "<br /><br />\n\n" .
-		"<form action=\"./schichtplan_add.php\" method=\"post\">\n" .
-		"<table border=\"0\">\n";
-
-		$SQL = "SELECT * FROM `Shifts` WHERE ";
-		$SQL .= "(`SID` = '" . $_GET["SID"] . "')";
-		$Erg = mysql_query($SQL, $con);
-
-		echo "<tr><td>" . Get_Text("pub_schichtplan_add_Date") . ":</td> <td>" .
-		mysql_result($Erg, 0, "DateS") . "</td></tr>\n";
-
-		echo "<tr><td>" . Get_Text("pub_schichtplan_add_Place") . ":</td> <td>" .
-		$RoomID[mysql_result($Erg, 0, "RID")] . "</td></tr>\n";
-
-		echo "<tr><td>" . Get_Text("pub_schichtplan_add_Job") . ":</td> <td>" .
-		$EngelTypeID[$_GET["TID"]] . "</td></tr>\n";
-
-		echo "<tr><td>" . Get_Text("pub_schichtplan_add_Len") . ":</td> <td>" .
-		mysql_result($Erg, 0, "Len") . "h</td></tr>\n";
-
-		echo "<tr><td>" . Get_Text("pub_schichtplan_add_TextFor") . ":</td> <td>" .
-		mysql_result($Erg, 0, "Man") . "</td></tr>\n";
-
-		echo "<tr><td valign='top'>" . Get_Text("pub_schichtplan_add_Comment") . ":</td>\n <td>" .
-		"<textarea name='newtext' cols='50' rows='10'></textarea> </td></tr>\n";
-
-		echo "<tr><td>&nbsp;</td>\n" .
-		"<td><input type=\"submit\" value=\"" . Get_Text("pub_schichtplan_add_submit") . "\"> </td></tr>\n" .
-		"</table>\n" .
-		"<input type=\"hidden\" name=\"SID\" value=\"" . $_GET["SID"] . "\">\n" .
-		"<input type=\"hidden\" name=\"TID\" value=\"" . $_GET["TID"] . "\">\n" .
-		"</form>";
-	} else {
-		echo "<h1>:-(</h1>";
-		array_push($error_messages, "Hack atteck\n");
-	}
-}
-
-include "includes/footer.php";
-?>
-- 
cgit v1.2.3-54-g00ecf


" . Get_Text("pub_schichtplan_add_Date") . ":	" . - mysql_result($Erg, 0, "DateS") . "
" . Get_Text("pub_schichtplan_add_Place") . ":	" . - $RoomID[mysql_result($Erg, 0, "RID")] . "
" . Get_Text("pub_schichtplan_add_Job") . ":	" . - $EngelTypeID[$_GET["TID"]] . "
" . Get_Text("pub_schichtplan_add_Len") . ":	" . - mysql_result($Erg, 0, "Len") . "h
" . Get_Text("pub_schichtplan_add_TextFor") . ":	" . - mysql_result($Erg, 0, "Man") . "
" . Get_Text("pub_schichtplan_add_Comment") . ":	" . - "