From a47b1935cb6310e05e4e6b15512b21b7cd4eec3c Mon Sep 17 00:00:00 2001 From: Philip Häusler Date: Tue, 10 Sep 2013 14:27:31 +0200 Subject: #119 added basic shift json export support using same pattern like ical export --- includes/controller/shifts_controller.php | 34 +++++++++++++++++++++++++++++++ includes/model/User_model.php | 24 ++++++++++++++++++++++ includes/pages/admin_shifts.php | 3 +-- includes/pages/user_atom.php | 23 ++++++++++++--------- includes/pages/user_ical.php | 10 +++++---- includes/pages/user_myshifts.php | 4 ++-- includes/pages/user_shifts.php | 6 +++--- includes/sys_user.php | 6 ------ 8 files changed, 83 insertions(+), 27 deletions(-) create mode 100644 includes/controller/shifts_controller.php (limited to 'includes') diff --git a/includes/controller/shifts_controller.php b/includes/controller/shifts_controller.php new file mode 100644 index 00000000..1cd7b5d6 --- /dev/null +++ b/includes/controller/shifts_controller.php @@ -0,0 +1,34 @@ + \ No newline at end of file diff --git a/includes/model/User_model.php b/includes/model/User_model.php index c2d2282e..d79ede17 100644 --- a/includes/model/User_model.php +++ b/includes/model/User_model.php @@ -11,4 +11,28 @@ function User($id) { return null; } +/** + * Returns User by api_key. + * @param string $api_key User api key + * @return Matching user, null or false on error + */ +function User_by_api_key($api_key) { + $user = sql_select("SELECT * FROM `User` WHERE `api_key`='" . sql_escape($api_key) . "' LIMIT 1"); + if($user === false) + return false; + if (count($user) == 0) + return null; + return $user[0]; +} + +/** + * Generates a new api key for given user. + * @param User $user + */ +function User_reset_api_key($user) { + $user['api_key'] = md5($user['Nick'] . time() . rand()); + sql_query("UPDATE `User` SET `api_key`='" . sql_escape($user['api_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1"); + engelsystem_log("API key resetted."); +} + ?> \ No newline at end of file diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php index 9a0dde35..178e4e88 100644 --- a/includes/pages/admin_shifts.php +++ b/includes/pages/admin_shifts.php @@ -12,7 +12,7 @@ function admin_shifts() { $mode = ''; $angelmode = ''; $length = ''; - $change_hours = ''; + $change_hours = array(); // Locations laden (auch unsichtbare - fuer Erzengel ist das ok) $rooms = sql_select("SELECT * FROM `Room` ORDER BY `Name`"); @@ -209,7 +209,6 @@ function admin_shifts() { $hidden_types = ""; foreach ($needed_angel_types as $type_id => $count) $hidden_types .= ''; - sort($change_hours); return template_render('../templates/admin_shift_preview.html', array ( 'shifts_table' => $shifts_table, 'name' => $name, diff --git a/includes/pages/user_atom.php b/includes/pages/user_atom.php index fd28510f..c9420c91 100644 --- a/includes/pages/user_atom.php +++ b/includes/pages/user_atom.php @@ -9,16 +9,19 @@ function user_atom() { else die("Missing key."); - $user = sql_select("SELECT * FROM `User` WHERE `ical_key`='" . sql_escape($key) . "' LIMIT 1"); - if (count($user) == 0) + $user = User_by_api_key($key); + if($user === false) + die("Unable to find user."); + if($user == null) die("Key invalid."); + if(!in_array('atom', privileges_for_user($user['UID']))) + die("No privilege for atom."); - $user = $user[0]; $news = sql_select("SELECT * FROM `News` " . (empty($_REQUEST['meetings'])? '' : 'WHERE `Treffen` = 1 ') . "ORDER BY `ID` DESC LIMIT " . sql_escape($DISPLAY_NEWS)); header('Content-Type: application/atom+xml; charset=utf-8'); $html = ' - + Engelsystem ' . $_SERVER['HTTP_HOST'] . htmlspecialchars(preg_replace('#[&?]key=[a-f0-9]{32}#', '', $_SERVER['REQUEST_URI'])) . ' ' . date('Y-m-d\TH:i:sP', $news[0]['Datum']) . "\n"; @@ -29,11 +32,11 @@ function user_atom() { " . preg_replace('#^https?://#', '', page_link_to_absolute("news")) . "-${news_entry['ID']} " . date('Y-m-d\TH:i:sP', $news_entry['Datum']) . " " . htmlspecialchars($news_entry['Text']) . " - \n"; - } - $html .= ""; - header("Content-Length: " . strlen($html)); - echo $html; - die(); + \n"; +} +$html .= ""; +header("Content-Length: " . strlen($html)); +echo $html; +die(); } ?> diff --git a/includes/pages/user_ical.php b/includes/pages/user_ical.php index 2b5632e3..d994ce31 100644 --- a/includes/pages/user_ical.php +++ b/includes/pages/user_ical.php @@ -10,11 +10,13 @@ function user_ical() { else die("Missing key."); - $user = sql_select("SELECT * FROM `User` WHERE `ical_key`='" . sql_escape($key) . "' LIMIT 1"); - if (count($user) == 0) + $user = User_by_api_key($key); + if($user === false) + die("Unable to find user."); + if($user == null) die("Key invalid."); - - $user = $user[0]; + if(!in_array('ical', privileges_for_user($user['UID']))) + die("No privilege for ical."); if (isset ($_REQUEST['export']) && $_REQUEST['export'] == 'user_shifts') { require_once ('includes/pages/user_shifts.php'); diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php index 4fec4872..a19ee34e 100644 --- a/includes/pages/user_myshifts.php +++ b/includes/pages/user_myshifts.php @@ -17,7 +17,7 @@ function user_myshifts() { if (isset ($_REQUEST['reset'])) { if ($_REQUEST['reset'] == "ack") { - user_reset_ical_key($user); + User_reset_api_key($user); success("Key geändert."); redirect(page_link_to('user_myshifts')); } @@ -118,7 +118,7 @@ function user_myshifts() { 'actions' => "Aktion" ), $myshifts_table), $id == $user['UID'] && count($shifts) == 0 ? error(sprintf(Get_Text('pub_myshifts_goto_shifts'), page_link_to('user_shifts')), true) : '', - "

iCal Export

" . sprintf(Get_Text('inc_schicht_ical_text'), page_link_to_absolute('ical') . '&key=' . $shifts_user['ical_key'], page_link_to('user_myshifts') . '&reset') + "

iCal Export

" . sprintf(Get_Text('inc_schicht_ical_text'), page_link_to_absolute('ical') . '&key=' . $shifts_user['api_key'], page_link_to('user_myshifts') . '&reset') )); } ?> diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index 727bd696..6a7d6ed5 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -690,8 +690,8 @@ function view_user_shifts() { ), $shifts_table); } -if ($user['ical_key'] == "") - user_reset_ical_key($user); +if ($user['api_key'] == "") + User_reset_api_key($user); return msg() . template_render('../templates/user_shifts.html', array ( 'room_select' => make_select($rooms, $_SESSION['user_shifts']['rooms'], "rooms", ucfirst(Get_Text("rooms"))), @@ -704,7 +704,7 @@ return msg() . template_render('../templates/user_shifts.html', array ( 'task_notice' => '1' . Get_Text("pub_schichtplan_tasks_notice"), 'new_style_checkbox' => '', 'shifts_table' => $shifts_table, - 'ical_text' => sprintf(Get_Text('inc_schicht_ical_text'), htmlspecialchars(make_user_shifts_ical_link($user['ical_key'])), page_link_to('user_myshifts') . '&reset'), + 'ical_text' => sprintf(Get_Text('inc_schicht_ical_text'), htmlspecialchars(make_user_shifts_ical_link($user['api_key'])), page_link_to('user_myshifts') . '&reset'), 'filter' => ucfirst(Get_Text("to_filter")), )); } diff --git a/includes/sys_user.php b/includes/sys_user.php index 231b2b62..53976f5a 100644 --- a/includes/sys_user.php +++ b/includes/sys_user.php @@ -28,12 +28,6 @@ $tshirt_sizes = array ( 'XL-G' => "XL Girl" ); -function user_reset_ical_key($user) { - $user['ical_key'] = md5($user['Nick'] . time() . rand()); - sql_query("UPDATE `User` SET `ical_key`='" . sql_escape($user['ical_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1"); - engelsystem_log("iCal key resetted."); -} - function UID2Nick($UID) { if ($UID > 0) $SQL = "SELECT Nick FROM `User` WHERE UID='" . sql_escape($UID) . "'"; -- cgit v1.2.3-70-g09d2