From 1e4779938497a580217cf0e082730c731282cd69 Mon Sep 17 00:00:00 2001
From: Angelo Cuccato <cuccato@web.de>
Date: Tue, 23 Nov 2010 10:28:02 +0100
Subject: check link before show

---
 includes/UserCVS.php              | 49 +++++++++++++++++++++++
 includes/funktion_activeUser.php  |  8 ++--
 includes/funktion_schichtplan.php | 82 ++++++++++++++++++++++-----------------
 includes/funktion_xml_schudle.php |  5 ++-
 4 files changed, 101 insertions(+), 43 deletions(-)

(limited to 'includes')

diff --git a/includes/UserCVS.php b/includes/UserCVS.php
index 4f606b7e..9210e446 100755
--- a/includes/UserCVS.php
+++ b/includes/UserCVS.php
@@ -50,4 +50,53 @@ if( $DEBUG )
 	
 }
 
+function funktion_isLinkAllowed( $PageName)
+{
+        global $_SESSION;
+
+	// separate page parameter
+	$ParameterPos = strpos( $PageName, ".php?");
+	if( $ParameterPos === FALSE)
+	{
+		$pName = $PageName;
+	}
+	else
+	{
+		$pName = substr( $PageName, 0, $ParameterPos + 4);
+	}
+	
+	// check rights
+	if( (isset( $_SESSION['CVS'][ $pName ]) === TRUE) &&
+	    ($_SESSION['CVS'][ $pName ] == "Y") )
+	{
+		return TRUE;
+	}
+
+	return FALSE;
+}
+
+function funktion_isLinkAllowed_addLink_OrLinkText( $PageName, $LinkText)
+{
+        global $url, $ENGEL_ROOT;
+
+	if( funktion_isLinkAllowed( $PageName) === TRUE)
+	{
+		return "<a href=\"". $url. $ENGEL_ROOT. $PageName. "\">". $LinkText. "</a>";
+	}
+	
+	return $LinkText;
+}
+
+function funktion_isLinkAllowed_addLink_OrEmpty( $PageName, $LinkText)
+{
+        global $url, $ENGEL_ROOT;
+
+	if( funktion_isLinkAllowed( $PageName) === TRUE)
+	{
+		return "<a href=\"". $url. $ENGEL_ROOT. $PageName. "\">". $LinkText. "</a>";
+	}
+
+	return "";
+}
+
 ?>
diff --git a/includes/funktion_activeUser.php b/includes/funktion_activeUser.php
index 808ccf73..d19895a8 100755
--- a/includes/funktion_activeUser.php
+++ b/includes/funktion_activeUser.php
@@ -39,11 +39,9 @@ for( $i=0; $i<mysql_num_rows($Erg); $i++)
 	if( $_SESSION['UID']>0 )
 		echo DisplayAvatar( mysql_result( $Erg, $i, "UID"));
 	// Schow Admin Page
-	if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" )
-		echo " <a href=\"./../admin/userChangeNormal.php?enterUID=". mysql_result( $Erg, $i, "UID"). "&Type=Normal\">". 
-			mysql_result( $Erg, $i, "Nick"). "</a>";
-	else
-		echo mysql_result( $Erg, $i, "Nick");
+	echo funktion_isLinkAllowed_addLink_OrLinkText(
+		"admin/userChangeNormal.php?enterUID=". mysql_result( $Erg, $i, "UID"). "&Type=Normal",
+		mysql_result( $Erg, $i, "Nick"));
 
 	$Tlog =	(substr( mysql_result( $Erg, $i, "lastLogIn"),  8, 2) * 60 * 60 * 24) +	// Tag
 		(substr( mysql_result( $Erg, $i, "lastLogIn"), 11, 2) * 60 * 60) +	// Stunde
diff --git a/includes/funktion_schichtplan.php b/includes/funktion_schichtplan.php
index ae4bf821..0b5b9910 100755
--- a/includes/funktion_schichtplan.php
+++ b/includes/funktion_schichtplan.php
@@ -18,11 +18,9 @@ function ausgabe_Feld_Inhalt( $SID, $Man )
 	///////////////////////////////////////////////////////////////////
 	// Schow Admin Page
 	///////////////////////////////////////////////////////////////////
-	if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" )
-	{
-		$Spalten.= "<a href=\"./../admin/schichtplan.php?action=change&SID=$SID\">edit</a><br>\n\t\t";
-	}
-	
+	$Spalten.=funktion_isLinkAllowed_addLink_OrEmpty( 
+		"admin/schichtplan.php?action=change&SID=$SID",
+		"edit<br>\n\t\t");
 
 	///////////////////////////////////////////////////////////////////
   	// Ausgabe des Schischtnamens
@@ -104,28 +102,30 @@ function ausgabe_Feld_Inhalt( $SID, $Man )
 			
 			foreach( $TempValue["Engel"] as $TempEngelEntry=> $TempEngelID )
 			{
-				if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" )
-					$Spalten.= " <a href=\"./../admin/userChangeNormal.php?enterUID=$TempEngelID&Type=Normal\">"; 
-
-				if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" )
+				if( funktion_isLinkAllowed( "admin/user.php") === TRUE)
 				{
-					if( UIDgekommen( $TempEngelID ) == "1")
-	      					$Spalten.= "&nbsp;&nbsp;<span style=\"color: blue;\">".
-							   UID2Nick( $TempEngelID ).
-      							   ($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): "").
-							   "</span><br>\n\t\t";
-					else
-      						$Spalten.= "&nbsp;&nbsp;<span style=\"color: red;\">". 
-							   UID2Nick( $TempEngelID ).
-      							   ($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): "").
-							   "</span><br>\n\t\t";
+					// add color, wenn Engel "Gekommen"
+	      				$TempText= 
+						((UIDgekommen( $TempEngelID ) == "1")
+							? "<span style=\"color: blue;\">"
+							: "<span style=\"color: red;\">").
+						UID2Nick( $TempEngelID). "</span>";
 				}
 				else
-      					$Spalten.= "&nbsp;&nbsp;". UID2Nick( $TempEngelID ).
-      						   ($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): "").
-						   "<br>\n\t\t";
-				if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" )
-					$Spalten.= " </a>"; 
+				{
+					$TempText = UID2Nick( $TempEngelID );
+				}
+				
+				// add link to user
+				$TempText= funktion_isLinkAllowed_addLink_OrLinkText(
+					"admin/userChangeNormal.php?enterUID=$TempEngelID&Type=Normal",
+					$TempText);
+				
+				$Spalten.= "&nbsp;&nbsp;". $TempText.
+						( ($_GET["Icon"]==1) ? DisplayAvatar( $TempEngelID): "").
+						"<br>\n\t\t";
+
+
 			}
 			$Spalten = substr( $Spalten, 0, strlen($Spalten)-7 );
 		  }
@@ -205,13 +205,17 @@ function CreateRoomShifts( $raum )
 	$ErgSonder = mysql_query($SQLSonder, $con);
 	if( (mysql_num_rows( $ErgSonder) > 1) )
 	{
-		if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" )
+		if( funktion_isLinkAllowed( "admin/schichtplan.php") === TRUE )
 		{
 			echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> ";
-			echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". mysql_result($ErgSonder, 0, "SID"). "\">".
-				mysql_result($ErgSonder, 0, "DateS"). 
-				" '". mysql_result($ErgSonder, 0, "Man")."' (RID $raum) (00-24)".
-				"</a><br>\n\t\t";
+			for( $i=0; $i<mysql_num_rows( $ErgSonder); $i++)
+			{
+				echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". 
+					mysql_result($ErgSonder, $i, "SID"). "\">".
+					mysql_result($ErgSonder, $i, "DateS"). 
+					" '". mysql_result($ErgSonder, $i, "Man")."' (RID $raum) (00-24)".
+					"</a><br>\n\t\t";
+			}
 		}
 	}
 	elseif( (mysql_num_rows( $ErgSonder) == 1) )
@@ -236,13 +240,17 @@ function CreateRoomShifts( $raum )
 	$ErgSonder = mysql_query($SQLSonder, $con);
 	if( (mysql_num_rows( $ErgSonder) > 1) )
 	{
-		if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" )
+		if( funktion_isLinkAllowed( "admin/schichtplan.php") === TRUE )
 		{
 			echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> ";
-			echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". mysql_result($ErgSonder, 0, "SID"). "\">".
-				mysql_result($ErgSonder, 0, "DateS"). 
-				" '". mysql_result($ErgSonder, 0, "Man")."' (RID $raum) (00-xx)".
-				"</a><br>\n\t\t";
+			for( $i=0; $i<mysql_num_rows( $ErgSonder); $i++)
+			{
+				echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". 
+					mysql_result($ErgSonder, $i, "SID"). "\">".
+					mysql_result($ErgSonder, $i, "DateS"). 
+					" '". mysql_result($ErgSonder, $i, "Man")."' (RID $raum) (00-xx)".
+					"</a><br>\n\t\t";
+			}
 		}
 	}
 	elseif( (mysql_num_rows( $ErgSonder) == 1) )
@@ -297,10 +305,12 @@ function CreateRoomShifts( $raum )
 		}
 		else
 		{
-			echo Get_Text("pub_schichtplan_colision"). " ".
+			echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> ";
+			echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". 
+				mysql_result($Erg, $i, "SID"). "\">".
 				mysql_result($Erg, $i, "DateS"). 
 				" '". mysql_result($Erg, $i, "Man"). "' ".
-				" (".  mysql_result($Erg, $i, "SID"). " R$raum) (xx-xx)<br><br>";
+				" (".  mysql_result($Erg, $i, "SID"). " R$raum) (xx-xx)</a><br><br>";
 		}
 	}
 	if( $ZeitZeiger < 24 )
diff --git a/includes/funktion_xml_schudle.php b/includes/funktion_xml_schudle.php
index f6931301..4ef0a42f 100755
--- a/includes/funktion_xml_schudle.php
+++ b/includes/funktion_xml_schudle.php
@@ -259,7 +259,7 @@ foreach($XMLmain->sub as $EventKey => $Event)
 		}
 		else
 		{
-			echo "\t<td><a href=\"./schichtplan.php?action=change&SID=$SIDDB\">edit</a></td>\n";
+			echo "\t<td>". funktion_isLinkAllowed_addLink_OrLinkText("admin/schichtplan.php?action=change&SID=".$SIDDB, "edit"). "</td>\n";
 			$DS_OK++;
 		}
 		echo "\t</tr>\n";
@@ -299,7 +299,8 @@ if(mysql_num_rows($Erg2)>0 && $EnableSchudleDB )
 			   "<input name=\"LenDB\" type=\"text\" value=\"$Len\" size=\"1\"readonly></td>\n";
 		echo "\t<td><input name=\"ManXML\" type=\"text\" value=\"\" size=\"40\"readonly>\n\t\t".
 			   "<input name=\"ManDB\" type=\"text\" value=\"$Man\" size=\"40\"readonly></td>\n";
-		echo "\t<td><a href=\"./schichtplan.php?action=change&SID=$SID\">edit</a></td>\n";
+		echo "\t<td>". funktion_isLinkAllowed_addLink_OrLinkText( "admin/schichtplan.php?action=change&SID=".$SID, "edit"). 
+				"</td>\n";
 		echo "\t<tr>\n";
 	}
 echo "</table>";
-- 
cgit v1.2.3-54-g00ecf