From 51c6547610066912c0b0a3e6309cfb6b149aa0c2 Mon Sep 17 00:00:00 2001
From: Jan-Philipp Litza <janphilipp@litza.de>
Date: Wed, 26 Dec 2012 16:58:09 +0100
Subject: advanced form in user administration for confirming angeltypes

---
 includes/pages/admin_user.php | 46 ++++++++++++++++++++++++++++---------------
 includes/sys_mysql.php        | 19 ++++++++++++++++++
 includes/sys_template.php     | 28 ++++++++++++++++++++++++++
 3 files changed, 77 insertions(+), 16 deletions(-)

(limited to 'includes')

diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index 5a986eca..a2ab7b07 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -92,28 +92,38 @@ function admin_user() {
       // UserAngelType subform
       list ($user_source) = sql_select($SQL);
 
-      $selected_angel_types_source = sql_select("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']));
-      $selected_angel_types = array ();
-      foreach ($selected_angel_types_source as $selected_angel_type)
-        $selected_angel_types[] = $selected_angel_type['angeltype_id'];
+      $selected_angel_types = sql_select_single_col("SELECT `angeltype_id` FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']));
+      $accepted_angel_types = sql_select_single_col("SELECT `angeltype_id` FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `confirm_user_id` IS NOT NULL");
+      $nonrestricted_angel_types = sql_select_single_col("SELECT `id` FROM `AngelTypes` WHERE `restricted` = 0");
 
-      $angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
-      $angel_types = array ();
+      $angel_types_source = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `name`");
+      $angel_types = array();
       foreach ($angel_types_source as $angel_type)
-        $angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : "");
+        $angel_types[$angel_type['id']] = $angel_type['name'];
 
       if (isset ($_REQUEST['submit_user_angeltypes'])) {
-        $selected_angel_types = array ();
-        foreach ($angel_types as $angel_type_id => $angel_type_name) {
-          if (isset ($_REQUEST['angel_types_' . $angel_type_id]))
-            $selected_angel_types[] = $angel_type_id;
-        }
+        $selected_angel_types = array_intersect($_REQUEST['selected_angel_types'], array_keys($angel_types));
+        $accepted_angel_types = array_diff(array_intersect($_REQUEST['accepted_angel_types'], array_keys($angel_types)), $nonrestricted_angel_types);
+        if (in_array("admin_user_angeltypes", $privileges))
+          $selected_angel_types = array_merge($selected_angel_types, $accepted_angel_types);
 
         // Assign angel-types
-        foreach ($angel_types_source as $angel_type) {
-          if (!in_array($angel_type['id'], $selected_angel_types))
-            sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `angeltype_id`=" . sql_escape($angel_type['id']) . " LIMIT 1");
+        sql_start_transaction();
+        sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']));
+        if (!empty($selected_angel_types)) {
+          $SQL = "INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`) VALUES ";
+          foreach ($selected_angel_types as $selected_angel_type_id)
+            $SQL .= "(${user_source['UID']}, ${selected_angel_type_id}),";
+          // remove superfluous comma
+          $SQL = substr($SQL, 0, -1);
+          sql_query($SQL);
+        }
+        if (in_array("admin_user_angeltypes", $privileges)) {
+          sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id` = NULL WHERE `user_id` = " . sql_escape($user_source['UID']));
+          if (!empty($accepted_angel_types))
+            sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id` = '" . sql_escape($user['UID']) . "' WHERE `user_id` = '" . sql_escape($user_source['UID']) . "' AND `angeltype_id` IN (" . implode(',', $accepted_angel_types) . ")");
         }
+        sql_stop_transaction();
 
         foreach ($selected_angel_types as $selected_angel_type_id) {
           if (sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `angeltype_id`=" . sql_escape($selected_angel_type_id) . " LIMIT 1") == 0) {
@@ -131,7 +141,11 @@ function admin_user() {
 
       $html .= form(array (
         msg(),
-        form_checkboxes('angel_types', "Angeltypes", $angel_types, $selected_angel_types),
+        form_multi_checkboxes(array('selected_angel_types' => 'gewünscht', 'accepted_angel_types' => 'akzeptiert'),
+          "Angeltypes",
+          $angel_types,
+          array('selected_angel_types' => $selected_angel_types, 'accepted_angel_types' => array_merge($accepted_angel_types, $nonrestricted_angel_types)),
+          array('accepted_angel_types' => $nonrestricted_angel_types)),
         form_submit('submit_user_angeltypes', Get_Text("Save"))
       ));
 
diff --git a/includes/sys_mysql.php b/includes/sys_mysql.php
index e418ddb8..81747ec2 100644
--- a/includes/sys_mysql.php
+++ b/includes/sys_mysql.php
@@ -31,6 +31,12 @@ function sql_select($query) {
 	}
 }
 
+function sql_select_single_col($query) {
+	$result = sql_select($query);
+	return array_map('array_pop', $result);
+
+}
+
 // Execute a query
 function sql_query($query) {
 	global $con;
@@ -59,4 +65,17 @@ function sql_error() {
 	global $con;
 	return mysql_error($con);
 }
+
+$sql_transaction_counter = 0;
+function sql_start_transaction() {
+	global $sql_transaction_counter;
+	if ($sql_transaction_counter++ == 0)
+		sql_query("START TRANSACTION");
+}
+
+function sql_stop_transaction() {
+	global $sql_transaction_counter;
+	if ($sql_transaction_counter-- == 1)
+		sql_query("COMMIT");
+}
 ?>
diff --git a/includes/sys_template.php b/includes/sys_template.php
index 4e701879..a988ff23 100644
--- a/includes/sys_template.php
+++ b/includes/sys_template.php
@@ -36,6 +36,34 @@ function form_checkboxes($name, $label, $items, $selected) {
 	return form_element($label, $html);
 }
 
+/**
+ * Rendert eine Tabelle von Checkboxen für ein Formular
+ * @param names Assoziatives Array mit Namen der Checkboxen als Keys und Überschriften als Values
+ * @param label Die Beschriftung der gesamten Tabelle
+ * @param items Array mit den Beschriftungen der Zeilen
+ * @param selected Mehrdimensionales Array, wobei $selected[foo] ein Array der in der Datenreihe foo markierten Checkboxen ist
+ * @param disabled Wie selected, nur dass die entsprechenden Checkboxen deaktiviert statt markiert sind
+ */
+function form_multi_checkboxes($names, $label, $items, $selected, $disabled = array()) {
+	$html = "<table><thead><tr>";
+	foreach ($names as $title)
+		$html .= "<th>$title</th>";
+	$html .= "</tr></thead><tbody>";
+	foreach ($items as $key => $item) {
+		$html .= "<tr>";
+		foreach ($names as $name => $title) {
+			$id = $name . '_' . $key;
+			$sel = array_search($key, $selected[$name]) !== false ? ' checked="checked"' : "";
+			if (!empty($disabled) && !empty($disabled[$name]) && array_search($key, $disabled[$name]) !== false)
+				$sel .= ' disabled="disabled"';
+			$html .= '<td style="text-align: center;"><input type="checkbox" id="' . $id . '" name="' . $name . '[]" value="' . $key . '"' . $sel . ' /></td>';
+		}
+		$html .= '<td><label for="' . $id . '">' . $item . '</label></td></tr>';
+	}
+	$html .= "</tbody></table>";
+	return form_element($label, $html);
+}
+
 /**
  * Rendert eine Checkbox
  */
-- 
cgit v1.2.3-54-g00ecf