From 4303b05d08ba3754bb82dfa728cae31317a6aeb8 Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Wed, 7 Sep 2011 23:30:05 +0200
Subject: form validation for creating shifts (admin_shifts) and changed
 database layout

---
 includes/pages/admin_angel_types.php |  2 +-
 includes/pages/admin_rooms.php       | 10 ++--
 includes/pages/admin_shifts.php      | 93 ++++++++++++++++++++++++++++++++----
 includes/pages/user_shifts.php       |  2 +-
 4 files changed, 91 insertions(+), 16 deletions(-)

(limited to 'includes/pages')

diff --git a/includes/pages/admin_angel_types.php b/includes/pages/admin_angel_types.php
index c5283899..0a7a721c 100644
--- a/includes/pages/admin_angel_types.php
+++ b/includes/pages/admin_angel_types.php
@@ -83,7 +83,7 @@ function admin_angel_types() {
 				$angel_type = sql_select("SELECT * FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1");
 				if (count($angel_type) > 0) {
 					sql_query("DELETE FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1");
-					sql_query("DELETE FROM `RoomAngelTypes` WHERE `angel_type_id`=" . sql_escape($id) . " LIMIT 1");
+					sql_query("DELETE FROM `NeededAngelTypes` WHERE `angel_type_id`=" . sql_escape($id) . " LIMIT 1");
 					header("Location: " . page_link_to("admin_angel_types"));
 				} else
 					return error("No Angel Type found.");
diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php
index be54b8ea..c4e8ba46 100644
--- a/includes/pages/admin_rooms.php
+++ b/includes/pages/admin_rooms.php
@@ -63,7 +63,7 @@ function admin_rooms() {
 				$room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
 				if (count($room) > 0) {
 					list ($room) = $room;
-					$room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `RoomAngelTypes` ON (`AngelTypes`.`TID` = `RoomAngelTypes`.`angel_type_id` AND `RoomAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`");
+					$room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `NeededAngelTypes` ON (`AngelTypes`.`TID` = `NeededAngelTypes`.`angel_type_id` AND `NeededAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`");
 
 					$angel_types = "";
 					foreach ($room_angel_types as $room_angel_type) {
@@ -101,7 +101,7 @@ function admin_rooms() {
 				$room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
 				if (count($room) > 0) {
 					list ($room) = $room;
-					$room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `RoomAngelTypes` ON (`AngelTypes`.`TID` = `RoomAngelTypes`.`angel_type_id` AND `RoomAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`");
+					$room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `NeededAngelTypes` ON (`AngelTypes`.`TID` = `NeededAngelTypes`.`angel_type_id` AND `NeededAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`");
 
 					$name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Name']));
 					$man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Man']));
@@ -109,13 +109,13 @@ function admin_rooms() {
 					$show = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['Show']));
 					$number = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['Number']));
 					sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($show) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
-					sql_query("DELETE FROM `RoomAngelTypes` WHERE `room_id`=" . sql_escape($rid));
+					sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($rid));
 					foreach ($room_angel_types as $room_angel_type) {
 						if (isset ($_REQUEST['angel_type_' . $room_angel_type['TID']]) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['angel_type_' . $room_angel_type['TID']]))
 							$count = $_REQUEST['angel_type_' . $room_angel_type['TID']];
 						else
 							$count = "0";
-						sql_query("INSERT INTO `RoomAngelTypes` SET `room_id`=" . sql_escape($rid) . ", `angel_type_id`=" . sql_escape($room_angel_type['TID']) . ", `count`=" . sql_escape($count));
+						sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`=" . sql_escape($rid) . ", `angel_type_id`=" . sql_escape($room_angel_type['TID']) . ", `count`=" . sql_escape($count));
 					}
 					header("Location: " . page_link_to("admin_rooms"));
 				} else
@@ -130,7 +130,7 @@ function admin_rooms() {
 
 				if (sql_num_query("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1") > 0) {
 					sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
-					sql_query("DELETE FROM `RoomAngelTypes` WHERE `room_id`=" . sql_escape($rid) . " LIMIT 1");
+					sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($rid) . " LIMIT 1");
 					header("Location: " . page_link_to("admin_rooms"));
 				} else
 					return error("No Room found.");
diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php
index 45c17591..d1981b5c 100644
--- a/includes/pages/admin_shifts.php
+++ b/includes/pages/admin_shifts.php
@@ -8,8 +8,10 @@ function admin_shifts() {
 
 	$name = "";
 	$rid = 0;
-	$start = date('Y-m-d 00:00');
-	$end = date('Y-m-d 00:00', time() + 24 * 60 * 60);
+	$start = DateTime :: createFromFormat("Y-m-d H:i", date("Y-m-d") . " 00:00")->getTimestamp();
+	$end = $start +24 * 60 * 60;
+	$mode = 'single';
+	$angelmode = 'location';
 
 	// Locations laden
 	$rooms = sql_select("SELECT * FROM `Room` WHERE `show`='Y' ORDER BY `Name`");
@@ -17,18 +19,22 @@ function admin_shifts() {
 	foreach ($rooms as $room)
 		$room_array[$room['RID']] = $room['Name'];
 
+	// Engeltypen laden
+	$types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `Name`");
+	$needed_angel_types = array ();
+	foreach ($types as $type)
+		$needed_angel_types[$type['TID']] = 0;
+
 	if (isset ($_REQUEST['preview'])) {
 		// Name/Bezeichnung der Schicht, darf nicht leer sein
 		if (isset ($_REQUEST['name']) && strlen($_REQUEST['name']) > 0)
 			$name = strip_request_item('name');
 		else {
 			$ok = false;
-			$name = "";
 			$msg .= error("Gib bitte einen Namen für die Schicht(en) an.");
 		}
 
 		// Auswahl der sichtbaren Locations für die Schichten
-
 		if (isset ($_REQUEST['rid']) && preg_match("/^[0-9]+$/", $_REQUEST['rid']) && isset ($room_array[$_REQUEST['rid']]))
 			$rid = $_REQUEST['rid'];
 		else {
@@ -36,16 +42,80 @@ function admin_shifts() {
 			$rid = $rooms[0]['RID'];
 			$msg .= error("Wähle bitte einen Raum aus.");
 		}
+
+		if (isset ($_REQUEST['start']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['start'])))
+			$start = $tmp->getTimestamp();
+		else {
+			$ok = false;
+			$msg .= error("Bitte gib einen Startzeitpunkt für die Schichten an.");
+		}
+
+		if (isset ($_REQUEST['end']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['end'])))
+			$end = $tmp->getTimestamp();
+		else {
+			$ok = false;
+			$msg .= error("Bitte gib einen Endzeitpunkt für die Schichten an.");
+		}
+
+		if ($start >= $end) {
+			$ok = false;
+			$msg .= error("Das Ende muss nach dem Startzeitpunkt liegen!");
+		}
+
+		if (isset ($_REQUEST['mode'])) {
+			if ($_REQUEST['mode'] == 'single') {
+				$mode = 'single';
+			}
+			elseif ($_REQUEST['mode'] == 'multi') {
+				if (isset ($_REQUEST['length']) && preg_match("/^[0-9]+$/", trim($_REQUEST['length']))) {
+					$mode = 'multi';
+					$length = trim($_REQUEST['length']);
+				} else {
+					$ok = false;
+					$msg .= error("Bitte gib eine Schichtlänge in Minuten an.");
+				}
+			}
+			elseif ($_REQUEST['mode'] == 'variable') {
+				if (isset ($_REQUEST['change_hours']) && preg_match("/^([0-9]+(,|$))/", trim(str_replace(" ", "", $_REQUEST['change_hours'])))) {
+					$mode = 'variable';
+					$change_hours = explode(",", $_REQUEST['change_hours']);
+				} else {
+					$ok = false;
+					$msg .= error("Bitte gib die Schichtwechsel-Stunden kommagetrennt ein.");
+				}
+			}
+		} else {
+			$ok = false;
+			$msg .= error("Bitte wähle einen Modus.");
+		}
+
+		if (isset ($_REQUEST['angelmode'])) {
+			if ($_REQUEST['angelmode'] == 'location') {
+				$angelmode = 'location';
+			}
+			elseif ($_REQUEST['angelmode'] == 'manually') {
+				foreach ($types as $type) {
+					if (isset ($_REQUEST['type_' . $type['TID']]) && preg_match("/^[0-9]+$/", trim($_REQUEST['type_' . $type['TID']]))) {
+						$needed_angel_types[$type['TID']] = trim($_REQUEST['type_' . $type['TID']]);
+					} else {
+						$ok = false;
+						$msg .= error("Bitte überprüfe die Eingaben für die benötigten Engel des Typs " . $type['Name'] . ".");
+					}
+				}
+			} else {
+				$ok = false;
+				$msg .= error("Bitte Wähle einen Modus für die benötigten Engel.");
+			}
+		}
 	}
-	$room_select = html_select_key('rid', $room_array, '');
 
-	$types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `Name`");
+	$room_select = html_select_key('rid', $room_array, '');
 	$angel_types = "";
 	foreach ($types as $type) {
 		$angel_types .= template_render('../templates/admin_shifts_angel_types.html', array (
 			'id' => $type['TID'],
 			'type' => $type['Name'],
-			'value' => "0"
+			'value' => $needed_angel_types[$type['TID']]
 		));
 	}
 	return template_render('../templates/admin_shifts.html', array (
@@ -53,8 +123,13 @@ function admin_shifts() {
 		'room_select' => $room_select,
 		'msg' => $msg,
 		'name' => $name,
-		'start' => $start,
-		'end' => $end
+		'start' => date("Y-m-d H:i", $start),
+		'end' => date("Y-m-d H:i", $end),
+		'mode_single_selected' => $_REQUEST['mode'] == 'single' ? 'checked="checked"' : '',
+		'mode_multi_selected' => $_REQUEST['mode'] == 'multi' ? 'checked="checked"' : '',
+		'mode_variable_selected' => $_REQUEST['mode'] == 'variable' ? 'checked="checked"' : '',
+		'angelmode_location_selected' => $_REQUEST['angelmode'] == 'location' ? 'checked="checked"' : '',
+		'angelmode_manually_selected' => $_REQUEST['angelmode'] == 'manually' ? 'checked="checked"' : ''
 	));
 }
 ?>
\ No newline at end of file
diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php
index 3c05725e..d5367073 100644
--- a/includes/pages/user_shifts.php
+++ b/includes/pages/user_shifts.php
@@ -98,7 +98,7 @@ function user_shifts() {
 		foreach ($shifts as $shift) {
 			$shift_row = '<tr><td>' . date(($id == 0 ? "Y-m-d " : "") . "H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']) . ($id == 0 ? "<br />" . $shift['Name'] : "") . '</td><td>' . $shift['name'] . '<br />';
 			$show_shift = false;
-			$angeltypes = sql_select("SELECT * FROM `RoomAngelTypes` JOIN `AngelTypes` ON (`RoomAngelTypes`.`angel_type_id` = `AngelTypes`.`TID`) WHERE `room_id`=" . sql_escape($shift['RID']) . " AND `count` > 0 ORDER BY `AngelTypes`.`Name`");
+			$angeltypes = sql_select("SELECT * FROM `NeededAngelTypes` JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`TID`) WHERE `room_id`=" . sql_escape($shift['RID']) . " AND `count` > 0 ORDER BY `AngelTypes`.`Name`");
 
 			if (count($angeltypes) > 0) {
 				$my_shift = sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift['SID']) . " AND `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0;
-- 
cgit v1.2.3-54-g00ecf