From d381f57951463a366b5264986a147ef5798ba205 Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Thu, 2 Jun 2011 20:18:01 +0200
Subject: user settings

---
 txt/TODO | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'txt/TODO')

diff --git a/txt/TODO b/txt/TODO
index 21ea5ecc..c6d32b39 100644
--- a/txt/TODO
+++ b/txt/TODO
@@ -1,3 +1,8 @@
+ * MD5-Passwörter mit Salt speichern
+ * Passwort-Mindestanforderungen stellen
+ * Avatare
+
+
 * schichten ueber monatsgrenzen einbaue im moment werden die tage nur 
   hochgezaehlt und die monatzgrenzen werden ignoriert
 * verify use of dect_clear.php and jabberserver.php
-- 
cgit v1.2.3-54-g00ecf


From c0b15dfe0dce7c4603cc7ec7c19b5a6cf226dc95 Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Thu, 2 Jun 2011 21:38:19 +0200
Subject: user messages

---
 DB/db_rewrite.sql                   |  64 +++---
 includes/pages/user_messages.php    | 216 +++++++++++++++++++++
 includes/sys_menu.php               |   1 +
 templates/user_messages.html        |  50 +++++
 txt/TODO                            |   5 +-
 www-ssl/css/base.css                |  11 ++
 www-ssl/css/style6.css              |   2 +-
 www-ssl/index.php                   |  11 +-
 www-ssl/nonpublic/einstellungen.php | 376 ------------------------------------
 www-ssl/nonpublic/index.php         |  77 --------
 10 files changed, 331 insertions(+), 482 deletions(-)
 create mode 100644 includes/pages/user_messages.php
 create mode 100644 templates/user_messages.html
 delete mode 100644 www-ssl/nonpublic/einstellungen.php
 delete mode 100644 www-ssl/nonpublic/index.php

(limited to 'txt/TODO')

diff --git a/DB/db_rewrite.sql b/DB/db_rewrite.sql
index 71b968e7..d4811235 100644
--- a/DB/db_rewrite.sql
+++ b/DB/db_rewrite.sql
@@ -3,7 +3,7 @@
 -- http://www.phpmyadmin.net
 --
 -- Host: localhost
--- Erstellungszeit: 02. Juni 2011 um 18:17
+-- Erstellungszeit: 02. Juni 2011 um 19:37
 -- Server Version: 5.1.44
 -- PHP-Version: 5.3.1
 
@@ -71,16 +71,17 @@ CREATE TABLE IF NOT EXISTS `Counter` (
 --
 
 INSERT INTO `Counter` (`URL`, `Anz`) VALUES
-('news', 44),
-('login', 12),
-('logout', 5),
-('start', 13),
+('news', 73),
+('login', 18),
+('logout', 11),
+('start', 23),
 ('faq', 4),
 ('credits', 3),
 ('register', 3),
 ('admin_rooms', 70),
-('admin_angel_types', 68),
-('user_settings', 109);
+('admin_angel_types', 69),
+('user_settings', 111),
+('user_messages', 102);
 
 -- --------------------------------------------------------
 
@@ -124,7 +125,7 @@ CREATE TABLE IF NOT EXISTS `GroupPrivileges` (
   `privilege_id` int(11) NOT NULL,
   PRIMARY KEY (`id`),
   KEY `group_id` (`group_id`,`privilege_id`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=9 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=10 ;
 
 --
 -- Daten für Tabelle `GroupPrivileges`
@@ -138,7 +139,8 @@ INSERT INTO `GroupPrivileges` (`id`, `group_id`, `privilege_id`) VALUES
 (5, -1, 5),
 (6, -4, 6),
 (7, -4, 7),
-(8, -2, 8);
+(8, -2, 8),
+(9, -2, 9);
 
 -- --------------------------------------------------------
 
@@ -170,18 +172,28 @@ INSERT INTO `Groups` (`Name`, `UID`) VALUES
 --
 
 CREATE TABLE IF NOT EXISTS `Messages` (
-  `Datum` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `Datum` int(11) NOT NULL,
   `SUID` int(11) NOT NULL DEFAULT '0',
   `RUID` int(11) NOT NULL DEFAULT '0',
   `isRead` char(1) NOT NULL DEFAULT 'N',
   `Text` text NOT NULL,
-  PRIMARY KEY (`Datum`,`SUID`,`RUID`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='Fuers interen Communikationssystem';
+  PRIMARY KEY (`id`),
+  KEY `Datum` (`Datum`),
+  KEY `SUID` (`SUID`),
+  KEY `RUID` (`RUID`)
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COMMENT='Fuers interen Communikationssystem' AUTO_INCREMENT=8 ;
 
 --
 -- Daten für Tabelle `Messages`
 --
 
+INSERT INTO `Messages` (`id`, `Datum`, `SUID`, `RUID`, `isRead`, `Text`) VALUES
+(2, 1307042342, 1, 147, 'Y', 'asdfasdfasdfasdf'),
+(4, 1307042622, 1, 147, 'Y', 'asdfasdfasdf'),
+(5, 1307042643, 1, 147, 'Y', 'foobar'),
+(6, 1307042663, 1, 147, 'Y', 'foobar'),
+(7, 1307042692, 147, 1, 'Y', 'foobar');
 
 -- --------------------------------------------------------
 
@@ -197,19 +209,16 @@ CREATE TABLE IF NOT EXISTS `News` (
   `UID` int(11) NOT NULL DEFAULT '0',
   `Treffen` tinyint(4) NOT NULL DEFAULT '0',
   PRIMARY KEY (`ID`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=9 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=4 ;
 
 --
 -- Daten für Tabelle `News`
 --
 
 INSERT INTO `News` (`ID`, `Datum`, `Betreff`, `Text`, `UID`, `Treffen`) VALUES
-(3, '2011-06-02 01:32:31', '', '', 0, 0),
-(4, '2011-06-02 01:36:27', 'Darf ich News erstellen?', 'Darf ich.', 0, 0),
-(5, '2011-06-02 01:36:35', 'Darf ich News erstellen?', 'asdfasdfasdf', 1, 0),
-(6, '2011-06-02 01:38:59', '"''>', '"''>\r\n', 1, 0),
-(7, '2011-06-02 01:38:59', '"''>', '"''>\r\n', 1, 0),
-(8, '2011-06-02 01:38:59', '"''>', '"''>\r\n', 1, 0);
+(1, '2011-06-02 21:35:27', '', '', 1, 0),
+(2, '2011-06-02 21:36:57', '', '', 1, 0),
+(3, '2011-06-02 21:36:57', '', '', 1, 0);
 
 -- --------------------------------------------------------
 
@@ -244,7 +253,7 @@ CREATE TABLE IF NOT EXISTS `Privileges` (
   `desc` varchar(1024) NOT NULL,
   PRIMARY KEY (`id`),
   UNIQUE KEY `name` (`name`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=9 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=10 ;
 
 --
 -- Daten für Tabelle `Privileges`
@@ -258,7 +267,8 @@ INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES
 (5, 'register', 'Einen neuen Engel registerieren'),
 (6, 'admin_rooms', 'Räume administrieren'),
 (7, 'admin_angel_types', 'Engel Typen administrieren'),
-(8, 'user_settings', 'User profile settings');
+(8, 'user_settings', 'User profile settings'),
+(9, 'user_messages', 'Writing and reading messages from user to user');
 
 -- --------------------------------------------------------
 
@@ -800,8 +810,8 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES
 ('pub_einstellungen_Hometown', 'EN', 'hometown'),
 ('makeuser_error_Alter', 'DE', 'Fehler: Dein Alter muss eine Zahl oder leer sein'),
 ('makeuser_error_Alter', 'EN', 'error: your age must be a number or empty'),
-('pub_menu_messages', 'DE', 'Nachrichten'),
-('pub_menu_messages', 'EN', 'messages'),
+('user_messages', 'DE', 'Nachrichten'),
+('user_messages', 'EN', 'Messages'),
 ('pub_messages_Datum', 'DE', 'Datum'),
 ('pub_messages_Datum', 'EN', 'date'),
 ('pub_messages_Von', 'DE', 'Gesendet'),
@@ -983,7 +993,9 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES
 ('login', 'DE', 'Login'),
 ('login', 'EN', 'Login'),
 ('credits', 'DE', 'Credits'),
-('credits', 'EN', 'Credits');
+('credits', 'EN', 'Credits'),
+('pub_messages_Neu', 'DE', 'Neu'),
+('pub_messages_Neu', 'EN', 'New');
 
 -- --------------------------------------------------------
 
@@ -1026,8 +1038,8 @@ CREATE TABLE IF NOT EXISTS `User` (
 --
 
 INSERT INTO `User` (`UID`, `Nick`, `Name`, `Vorname`, `Alter`, `Telefon`, `DECT`, `Handy`, `email`, `ICQ`, `jabber`, `Size`, `Passwort`, `Gekommen`, `Aktiv`, `Tshirt`, `color`, `Sprache`, `Avatar`, `Menu`, `lastLogIn`, `CreateDate`, `Art`, `kommentar`, `Hometown`) VALUES
-(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307038600, '0000-00-00 00:00:00', '', '', ''),
-(147, 'msquare', '', '', 23, '', '', '', 'msquare@notrademark.de', '', '', 'L', 'e10adc3949ba59abbe56e057f20f883e', 0, 0, 0, 6, 'EN', 0, 'L', 1306971362, '2011-06-02 00:55:09', '', '', '');
+(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307043433, '0000-00-00 00:00:00', '', '', ''),
+(147, 'msquare', '', '', 23, '', '', '', 'msquare@notrademark.de', '', '', 'L', 'e10adc3949ba59abbe56e057f20f883e', 0, 0, 0, 6, 'EN', 0, 'L', 1307042703, '2011-06-02 00:55:09', '', '', '');
 
 -- --------------------------------------------------------
 
diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php
new file mode 100644
index 00000000..e3e9a469
--- /dev/null
+++ b/includes/pages/user_messages.php
@@ -0,0 +1,216 @@
+<?php
+function user_unread_messages() {
+	global $user;
+
+	$new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID']));
+
+	if ($new_messages > 0)
+		return '<p class="notice"><a href="' . page_link_to("user_messages") . '">' . Get_Text("pub_messages_new1") . " " . $new_messages . " " . Get_Text("pub_messages_new2") . '</a></p><hr />';
+
+	return "";
+}
+
+function user_messages() {
+	global $user;
+
+	if (!isset ($_REQUEST['action'])) {
+		$users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`");
+		$to_select_data = array (
+			"" => "Select receiver..."
+		);
+		foreach ($users as $u)
+			$to_select_data[$u['UID']] = $u['Nick'];
+		$to_select = html_select_key('to', $to_select_data, '');
+
+		$messages_html = "";
+		$messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC");
+		foreach ($messages as $message) {
+			$messages_html .= '<tr' . ($message['isRead'] == 'N' ? ' class="new_message"' : '') . '>';
+			$messages_html .= '<td>' . ($message['isRead'] == 'N' ? '•' : '') . '</td>';
+			$messages_html .= '<td>' . date("Y-m-d H:i", $message['Datum']) . '</td>';
+			$messages_html .= '<td>' . UID2Nick($message['SUID']) . '</td>';
+			$messages_html .= '<td>' . UID2Nick($message['RUID']) . '</td>';
+			$messages_html .= '<td>' . str_replace("\n", '<br />', $message['Text']) . '</td>';
+			$messages_html .= '<td>';
+			if ($message['RUID'] == $user['UID']) {
+				if ($message['isRead'] == 'N')
+					$messages_html .= '<a href="' . page_link_to("user_messages") . '&action=read&id=' . $message['id'] . '">' . Get_Text("pub_messages_MarkRead") . '</a>';
+			} else {
+				$messages_html .= '<a href="' . page_link_to("user_messages") . '&action=delete&id=' . $message['id'] . '">' . Get_Text("pub_messages_DelMsg") . '</a>';
+			}
+			$messages_html .= '</td></tr>';
+		}
+
+		return template_render('../templates/user_messages.html', array (
+			'link' => page_link_to("user_messages"),
+			'greeting' => Get_Text("Hello") . $user['Nick'] . ", <br />\n" . Get_Text("pub_messages_text1") . "<br /><br />\n",
+			'messages' => $messages_html,
+			'new_label' => Get_Text("pub_messages_Neu"),
+			'date_label' => Get_Text("pub_messages_Datum"),
+			'from_label' => Get_Text("pub_messages_Von"),
+			'to_label' => Get_Text("pub_messages_An"),
+			'text_label' => Get_Text("pub_messages_Text"),
+			'date' => date("Y-m-d H:i"),
+			'from' => $user['Nick'],
+			'to_select' => $to_select,
+			'submit_label' => Get_Text("save")
+		));
+	} else {
+		switch ($_REQUEST['action']) {
+			case "read" :
+				if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+					$id = $_REQUEST['id'];
+				else
+					return error("Incomplete call, missing Message ID.");
+
+				$message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+				if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) {
+					sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+					header("Location: " . page_link_to("user_messages"));
+				} else
+					return error("No Message found.");
+				break;
+
+			case "delete" :
+				if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+					$id = $_REQUEST['id'];
+				else
+					return error("Incomplete call, missing Message ID.");
+
+				$message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+				if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) {
+					sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+					header("Location: " . page_link_to("user_messages"));
+				} else
+					return error("No Message found.");
+				break;
+
+			case "send" :
+				$text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
+				$to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['to']));
+				if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) {
+					sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'");
+					header("Location: " . page_link_to("user_messages"));
+				} else {
+					return error(Get_Text("pub_messages_Send_Error"));
+				}
+				break;
+		}
+		return "";
+	}
+
+	if (!isset ($_GET["action"]))
+		$_GET["action"] = "start";
+
+	switch ($_GET["action"]) {
+		case "start" :
+			echo Get_Text("Hello") . $_SESSION['Nick'] . ", <br />\n";
+			echo Get_Text("pub_messages_text1") . "<br /><br />\n";
+
+			//show exist Messages
+			$SQL = "SELECT * FROM `Messages` WHERE `SUID`='" . $_SESSION["UID"] . "' OR `RUID`='" . $_SESSION["UID"] . "'";
+			$erg = mysql_query($SQL, $con);
+
+			echo "<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n";
+			echo "<tr>\n";
+			echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Datum") . "</b></td>\n";
+			echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Von") . "</b></td>\n";
+			echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_An") . "</b></td>\n";
+			echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Text") . "</b></td>\n";
+			echo "<td class=\"contenttopic\"></td>\n";
+			echo "</tr>\n";
+
+			for ($i = 0; $i < mysql_num_rows($erg); $i++) {
+				echo "<tr class=\"content\">\n";
+				echo "<td>" . mysql_result($erg, $i, "Datum") . "</td>\n";
+				echo "<td>" . UID2Nick(mysql_result($erg, $i, "SUID")) . "</td>\n";
+				echo "<td>" . UID2Nick(mysql_result($erg, $i, "RUID")) . "</td>\n";
+				echo "<td>" . mysql_result($erg, $i, "Text") . "</td>\n";
+				echo "<td>";
+
+				if (mysql_result($erg, $i, "RUID") == $_SESSION["UID"]) {
+					echo "<a href=\"?action=DelMsg&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_DelMsg") . "</a>";
+
+					if (mysql_result($erg, $i, "isRead") == "N")
+						echo "<a href=\"?action=MarkRead&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_MarkRead") . "</a>";
+				} else {
+					if (mysql_result($erg, $i, "isRead") == "N")
+						echo Get_Text("pub_messages_NotRead");
+				}
+
+				echo "</td>\n";
+				echo "</tr>\n";
+			}
+
+			// send Messeges
+			echo "<form action=\"" . $_SERVER['SCRIPT_NAME'] . "?action=SendMsg\" method=\"POST\">";
+			echo "<tr class=\"content\">\n";
+			echo "<td></td>\n";
+			echo "<td></td>\n";
+
+			// Listet alle Nicks auf
+			echo "<td><select name=\"RUID\">\n";
+
+			$usql = "SELECT * FROM `User` WHERE (`UID`!='" . $_SESSION["UID"] . "') ORDER BY `Nick`";
+			$uErg = mysql_query($usql, $con);
+			$urowcount = mysql_num_rows($uErg);
+
+			for ($k = 0; $k < $urowcount; $k++) {
+				echo "<option value=\"" . mysql_result($uErg, $k, "UID") . "\">" . mysql_result($uErg, $k, "Nick") . "</option>\n";
+			}
+
+			echo "</select></td>\n";
+			echo "<td><textarea name=\"Text\"  cols=\"30\" rows=\"10\"></textarea></td>\n";
+			echo "<td><input type=\"submit\" value=\"" . Get_Text("save") . "\"></td>\n";
+			echo "</tr>\n";
+			echo "</form>";
+
+			echo "</table>\n";
+			break;
+
+		case "SendMsg" :
+			echo Get_Text("pub_messages_Send1") . "...<br />\n";
+
+			$SQL = "INSERT INTO `Messages` ( `Datum` , `SUID` , `RUID` , `Text` ) VALUES (" .
+			"'" . gmdate("Y-m-j H:i:s", time()) . "', " .
+			"'" . $_SESSION["UID"] . "', " .
+			"'" . $_POST["RUID"] . "', " .
+			"'" . $_POST["Text"] . "');";
+
+			$Erg = mysql_query($SQL, $con);
+
+			if ($Erg == 1)
+				echo Get_Text("pub_messages_Send_OK") . "\n";
+			else
+				echo Get_Text("pub_messages_Send_Error") . "...\n(" . mysql_error($con) . ")";
+			break;
+
+		case "MarkRead" :
+			$SQL = "UPDATE `Messages` SET `isRead` = 'Y' " .
+			"WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID`='" . $_SESSION["UID"] . "' " .
+			"LIMIT 1 ;";
+			$Erg = mysql_query($SQL, $con);
+
+			if ($Erg == 1)
+				echo Get_Text("pub_messages_MarkRead_OK") . "\n";
+			else
+				echo Get_Text("pub_messages_MarkRead_KO") . "...\n(" . mysql_error($con) . ")";
+			break;
+
+		case "DelMsg" :
+			$SQL = "DELETE FROM `Messages` " .
+			"WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID` ='" . $_SESSION["UID"] . "' " .
+			"LIMIT 1;";
+			$Erg = mysql_query($SQL, $con);
+
+			if ($Erg == 1)
+				echo Get_Text("pub_messages_DelMsg_OK") . "\n";
+			else
+				echo Get_Text("pub_messages_DelMsg_KO") . "...\n(" . mysql_error($con) . ")";
+			break;
+
+		default :
+			echo Get_Text("pub_messages_NoCommand");
+	}
+}
+?>
diff --git a/includes/sys_menu.php b/includes/sys_menu.php
index da9d5666..822d558f 100644
--- a/includes/sys_menu.php
+++ b/includes/sys_menu.php
@@ -22,6 +22,7 @@ function make_navigation() {
 	// Engel Navigation
 	$menu .= make_navigation_for(Get_Text('inc_schicht_engel'), array (
 		"news",
+		"user_messages",
 		"user_settings"
 	));
 
diff --git a/templates/user_messages.html b/templates/user_messages.html
new file mode 100644
index 00000000..b7bb26fb
--- /dev/null
+++ b/templates/user_messages.html
@@ -0,0 +1,50 @@
+%greeting%
+<form action="%link%&action=send" method="post">
+    <table>
+        <thead>
+            <tr>
+                <th>
+                    %new_label%
+                </th>
+                <th>
+                    %date_label%
+                </th>
+                <th>
+                    %from_label%
+                </th>
+                <th>
+                    %to_label%
+                </th>
+                <th>
+                    %text_label%
+                </th>
+                <th>
+                    &nbsp;
+                </th>
+            </tr>
+        </thead>
+        <tbody>
+            %messages%
+            <tr>
+                <td>
+                    &nbsp;
+                </td>
+                <td>
+                    %date%
+                </td>
+                <td>
+                    %from%
+                </td>
+                <td>
+                    %to_select%
+                </td>
+                <td>
+                    <textarea name="text"></textarea>
+                </td>
+                <td>
+                    <input type="submit" name="submit" value="%submit_label%" />
+                </td>
+            </tr>
+        </tbody>
+    </table>
+</form>
\ No newline at end of file
diff --git a/txt/TODO b/txt/TODO
index c6d32b39..fbaf4377 100644
--- a/txt/TODO
+++ b/txt/TODO
@@ -1,6 +1,9 @@
  * MD5-Passwörter mit Salt speichern
  * Passwort-Mindestanforderungen stellen
- * Avatare
+ * User-Avatare
+ * user_messages schön machen
+ * Formulare weg von Tabellen
+ * user_news lässt sich nicht bedienen (POST ohne redirects...)
 
 
 * schichten ueber monatsgrenzen einbaue im moment werden die tage nur 
diff --git a/www-ssl/css/base.css b/www-ssl/css/base.css
index 5731fec0..bfe050a5 100644
--- a/www-ssl/css/base.css
+++ b/www-ssl/css/base.css
@@ -128,3 +128,14 @@ td, th {
 .success {
 	color: #090;
 }
+
+.notice {
+	background: #f0f0f0;
+	border: 2px solid #888;
+	margin: 10px;
+	padding: 10px;
+}
+
+.new_message {
+	font-weight: bold;
+}
diff --git a/www-ssl/css/style6.css b/www-ssl/css/style6.css
index 2272f598..8dc008e7 100644
--- a/www-ssl/css/style6.css
+++ b/www-ssl/css/style6.css
@@ -71,6 +71,6 @@ h4.menu {
 	font-size : 6pt;
 }
 
-h4, h1 {
+h4, h1, th {
 	background: #333E47;
 }
diff --git a/www-ssl/index.php b/www-ssl/index.php
index 6b2e267b..48aea75c 100644
--- a/www-ssl/index.php
+++ b/www-ssl/index.php
@@ -13,6 +13,8 @@ require_once ('includes/sys_user.php');
 require_once ('config/config.php');
 require_once ('config/config_db.php');
 
+require_once ('includes/pages/user_messages.php');
+
 session_start();
 
 sql_connect($config['host'], $config['user'], $config['pw'], $config['db']);
@@ -20,7 +22,7 @@ sql_connect($config['host'], $config['user'], $config['pw'], $config['db']);
 load_auth();
 
 // Gewünschte Seite/Funktion
-$p = "start";
+$p = isset ($user) ? "news" : "start";
 if (isset ($_REQUEST['p']))
 	$p = $_REQUEST['p'];
 
@@ -33,6 +35,9 @@ if (in_array($p, $privileges)) {
 		require_once ('includes/pages/user_news.php');
 		$content = user_news();
 	}
+	elseif ($p == "user_messages") {
+		$content = user_messages();
+	}
 	elseif ($p == "user_settings") {
 		require_once ('includes/pages/user_settings.php');
 		$content = user_settings();
@@ -79,6 +84,10 @@ elseif ($p == "faq") {
 	}
 }
 
+// Hinweis für ungelesene Nachrichten
+if (isset ($user) && $p != "user_messages")
+	$content = user_unread_messages() . $content;
+
 echo template_render('../templates/layout.html', array (
 	'theme' => isset ($user) ? $user['color'] : $default_theme,
 	'title' => $title,
diff --git a/www-ssl/nonpublic/einstellungen.php b/www-ssl/nonpublic/einstellungen.php
deleted file mode 100644
index 713425bb..00000000
--- a/www-ssl/nonpublic/einstellungen.php
+++ /dev/null
@@ -1,376 +0,0 @@
-<?php
-require_once ('../bootstrap.php');
-
-$title = "Himmel";
-$header = "Deine pers&ouml;nlichen Einstellungen";
-include "includes/header.php";
-include "includes/crypt.php";
-
-if (!isset ($_POST["action"])) {
-	echo Get_Text("Hallo") . $_SESSION['Nick'] . ",<br />\n\n";
-	Print_Text(13);
-?>
-<hr width="100%">
-<?php Print_Text("pub_einstellungen_Text_UserData"); ?>
-<form action="./einstellungen.php" method="post">
-  <input type="hidden" name="action" value="setUserData">
-  <table>
-    <tr>
-      <td><?php Print_Text("pub_einstellungen_Nick"); ?></td>
-      <td><input type="text" name="eNick" size="23" value="<?php echo $_SESSION["Nick"]; ?>"></td>
-    </tr>
-
-    <tr>
-      <td><?php Print_Text("pub_einstellungen_Name"); ?></td>
-      <td><input type="text" name="eName" size="23" value="<?php echo $_SESSION['Name']; ?>"></td>
-    </tr>
-
-    <tr>
-      <td><?php Print_Text("pub_einstellungen_Vorname"); ?></td>
-      <td><input type="text" name="eVorname" size="23" value="<?php echo $_SESSION['Vorname']; ?>"></td>
-    </tr>
-
-    <tr>
-      <td><?php Print_Text("pub_einstellungen_Alter"); ?></td>
-      <td><input type="text" name="eAlter" size="3" value="<?php echo $_SESSION['Alter']; ?>"></td>
-    </tr>
-
-    <tr>
-      <td><?php Print_Text("pub_einstellungen_Telefon"); ?></td>
-      <td><input type="text" name="eTelefon" size="40" value="<?php echo $_SESSION['Telefon']; ?>"></td>
-    </tr>
-
-    <tr>
-      <td><?php Print_Text("pub_einstellungen_Handy"); ?></td>
-      <td><input type="text" name="eHandy" size="40" value="<?php echo $_SESSION['Handy']; ?>"></td>
-    </tr>
-
-    <tr>
-      <td><?php Print_Text("pub_einstellungen_DECT"); ?></td>
-      <td><input type="text" name="eDECT" size="4" value="<?php echo $_SESSION['DECT']; ?>"></td>
-    </tr>
-
-    <tr>
-      <td><?php Print_Text("pub_einstellungen_email"); ?></td>
-      <td><input type="text" name="eemail" size="40" value="<?php echo $_SESSION['email']; ?>"></td>
-    </tr>
-
-    <tr>
-      <td>ICQ</td>
-      <td><input type="text" name="eICQ" size="40" value="<?php echo $_SESSION['ICQ']; ?>"></td>
-    </tr>
-
-    <tr>
-      <td>jabber</td>
-      <td><input type="text" name="ejabber" size="40" value="<?php echo $_SESSION['jabber']; ?>"></td>
-    </tr>
-
-    <tr>
-      <td><?php Print_Text("pub_einstellungen_Hometown"); ?></td>
-      <td><input type="text" name="Hometown" size="40" value="<?php echo $_SESSION['Hometown']; ?>"></td>
-    </tr>
-
-<?php
-
-
-	if ($_SESSION['CVS']["Change T_Shirt Size"] == "Y") {
-?>
-    <tr>
-      <td><?php Print_Text("makeuser_T-Shirt"); ?></td>
-      <td><select name="Sizeid">
-        <option <?php if($_SESSION['Size'] == 'S') { echo "selected"; } ?> value="S">S</option>
-        <option <?php if($_SESSION['Size'] == 'M') { echo "selected"; } ?> value="M">M</option>
-        <option <?php if($_SESSION['Size'] == 'L') { echo "selected"; } ?> value="L">L</option>
-        <option <?php if($_SESSION['Size'] == 'XL') { echo "selected"; } ?> value="XL">XL</option>
-        <option <?php if($_SESSION['Size'] == 'XXL') { echo "selected"; } ?> value="XXL">XXL</option>
-        <option <?php if($_SESSION['Size'] == 'XXXL') { echo "selected"; } ?> value="XXXL">XXXL</option>
-      </select></td>
-    </tr>
-<?php
-
-
-	}
-?>
-  </table>
-  <input type="submit" value="<?php Print_Text("save"); ?>">
-</form>
-<br />
-
-<hr width="100%">
-<?php Print_Text(14); ?>
-<form action="./einstellungen.php" method="post">
-  <input type="hidden" name="action" value="set">
-  <table>
-    <tr><td><?php Print_Text(15); ?></td><td><input type="password" name="old" size="20"></td></tr>
-    <tr><td><?php Print_Text(16); ?></td><td><input type="password" name="new1" size="20"></td></tr>
-    <tr><td><?php Print_Text(17); ?></td><td><input type="password" name="new2" size="20"></td></tr>
-  </table>
-  <input type="submit" value="<?php Print_Text("save"); ?>">
-</form>
-<br />
-
-<hr width="100%">
-<br />
-<?php Print_Text(18); ?>
-<form action="./einstellungen.php" method="post">
-  <input type="hidden" name="action" value="colour">
-  <table>
-     <tr>
-       <td><?php Print_Text(19); ?></td>
-       <td>
-         <select name="colourid">
-           <option <?php if($_SESSION['color'] == 1) { echo "selected"; } ?> value="1">Standard-Style</option>
-           <option <?php if($_SESSION['color'] == 2) { echo "selected"; } ?> value="2">Rot/Gelber Style</option>
-           <option <?php if($_SESSION['color'] == 3) { echo "selected"; } ?> value="3">Club-Mate Style</option>
-           <option <?php if($_SESSION['color'] == 5) { echo "selected"; } ?> value="5">Debian Style</option>
-           <option <?php if($_SESSION['color'] == 6) { echo "selected"; } ?> value="6">c-base Style</option>
-           <option <?php if($_SESSION['color'] == 7) { echo "selected"; } ?> value="7">Blau/Gelber Style </option>
-           <option <?php if($_SESSION['color'] == 8) { echo "selected"; } ?> value="8">Pastel Style</option>
-           <option <?php if($_SESSION['color'] == 4) { echo "selected"; } ?> value="4">Test Style</option>
-           <option <?php if($_SESSION['color'] == 9) { echo "selected"; } ?> value="9">Test Style 21c3 </option>
-           <option <?php if($_SESSION['color'] == 10) { echo "selected"; } ?> value="10">msquare (cccamp2011)</option>
-         </select>
-       </td>
-     </tr>
-     <tr>
-       <td>Menu</td>
-       <td><input type="radio" name="eMenu" value="L"<?php if($_SESSION['Menu'] == 'L') echo " checked"; ?>>L
-           <input type="radio" name="eMenu" value="R"<?php if($_SESSION['Menu'] == 'R') echo " checked"; ?>>R
-       </td>
-     </tr>
-  </table>
-  <input type="submit" value="<?php Print_Text("save"); ?>">
-</form>
-<br />
-<hr width="100%">
-<br />
-<?php Print_Text(20); ?>
-<form action="./einstellungen.php" method="post">
-  <input type="hidden" name="action" value="sprache" />
-  <table>
-  <tr>
-    <td><?php Print_Text(21); ?></td>
-    <td>
-      <select name="language">
-        <option value="DE" <?php if($_SESSION['Sprache'] == 'DE') { echo "selected"; } ?>>Deutsch</option>
-        <option value="EN" <?php if($_SESSION['Sprache'] == 'EN') { echo "selected"; } ?>>English</option>
-<?php
-
-
-	/*       <option value="NL" <?php if($_SESSION['Sprache'] == 'NL') { echo "selected"; } ?>>Dutch</option>  */
-?>
-      </select>
-    </td></tr>
-  </table>
-  <input type="submit" value="<?php Print_Text("save"); ?>">
-</form>
-
-<?php
-
-
-	if (get_cfg_var("file_uploads")) {
-		echo "<br />\n<hr width=\"100%\">\n<br />\n\n";
-		echo Get_Text('pub_einstellungen_PictureUpload') . "<br />";
-		echo "<form action=\"./einstellungen.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
-		echo "<input type=\"hidden\" name=\"action\" value=\"sendPicture\">\n";
-		echo "<input name=\"file\" type=\"file\" size=\"50\" maxlength=\"" . get_cfg_var("post_max_size") . "\">\n";
-		echo "(max " . get_cfg_var("post_max_size") . "Byte)<br />\n";
-		echo "<input type=\"submit\" value=\"" . Get_Text("upload"), "\">\n";
-		echo "</form>\n";
-	}
-
-	switch (GetPicturShow($_SESSION['UID'])) {
-		case 'Y' :
-			echo Get_Text('pub_einstellungen_PictureShow') . "<br />";
-			echo displayPictur($_SESSION['UID'], 0);
-			echo "<form action=\"./einstellungen.php\" method=\"post\">\n";
-			echo "<input type=\"hidden\" name=\"action\" value=\"delPicture\">\n";
-			echo "<input type=\"submit\" value=\"" . Get_Text("delete"), "\">\n";
-			echo "</form>\n";
-			break;
-		case 'N' :
-			echo Get_Text('pub_einstellungen_PictureNoShow') . "<br />";
-			echo displayPictur($_SESSION['UID'], 0);
-			echo "<form action=\"./einstellungen.php\" method=\"post\">\n";
-			echo "<input type=\"hidden\" name=\"action\" value=\"delPicture\">\n";
-			echo "<input type=\"submit\" value=\"" . Get_Text("delete"), "\">\n";
-			echo "</form>\n";
-			echo "<br />\n<hr width=\"100%\">\n<br />\n\n";
-		case '' :
-			echo "<br />\n<hr width=\"100%\">\n<br />\n\n";
-			echo Get_Text(22) . "<br />";
-			echo "\n<form action=\"./einstellungen.php\" method=\"post\">\n";
-			echo "<input type=\"hidden\" name=\"action\" value=\"avatar\">\n";
-			echo "<table>\n";
-			echo "<tr>\n<td>" . Get_Text(23) . "<br /></td>\n</tr>\n";
-			echo "<tr>\n";
-			echo "<td>\n";
-			echo "<select name=\"eAvatar\" onChange=\"document.avatar.src = '" . $url . $ENGEL_ROOT . "pic/avatar/avatar' + this.value  + '.gif'\" onKeyup=\"document.avatar.src = '" . $url . $ENGEL_ROOT . "pic/avatar/avatar' + this.value  + '.gif'\">\n";
-
-			for ($i = 1; file_exists("../pic/avatar/avatar" . $i . ".gif"); $i++)
-				echo "<option value=\"" . $i . "\"" . ($_SESSION['Avatar'] == $i ? " selected" : "") . ">avatar" . $i . "</option>\n";
-
-			echo "</select>&nbsp;&nbsp;\n";
-			echo "<img src=\"" . $url . $ENGEL_ROOT . "pic/avatar/avatar" . $_SESSION['Avatar'] . ".gif\" name=\"avatar\" border=\"0\" align=\"top\">\n";
-			echo "</td>\n</tr>\n";
-			echo "</table>\n";
-			echo "<input type=\"submit\" value=\"" . Get_Text("save") . "\">\n";
-			echo "</form>\n";
-			break;
-	} //CASE
-
-} else {
-	switch ($_POST["action"]) {
-		case 'set' :
-			if ($_POST["new1"] == $_POST["new2"]) {
-				Print_Text(25);
-				$sql = "SELECT * FROM `User` WHERE `UID`='" . $_SESSION['UID'] . "'";
-				$Erg = mysql_query($sql, $con);
-
-				if (PassCrypt($_POST["old"]) == mysql_result($Erg, 0, "Passwort")) {
-					Print_Text(26);
-					Print_Text(27);
-					$usql = "UPDATE `User` SET `Passwort`='" . PassCrypt($_POST["new1"]) . "' WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1";
-					$Erg = mysql_query($usql, $con);
-
-					if ($Erg == 1) {
-						Print_Text(28);
-					} else {
-						Print_Text(29);
-					}
-				} else {
-					Print_Text(30);
-				}
-			} else {
-				Print_Text(31);
-			}
-			break;
-
-		case 'colour' :
-
-			$chsql = "UPDATE `User` SET " .
-			"`color`= '" . $_POST["colourid"] . "', " .
-			"`Menu`= '" . $_POST["eMenu"] . "' " .
-			"WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1";
-			$Erg = mysql_query($chsql, $con);
-			echo mysql_error($con);
-			$_SESSION['color'] = $_POST["colourid"];
-			$_SESSION['Menu'] = $_POST["eMenu"];
-			if ($Erg == 1) {
-				Print_Text(32);
-			} else {
-				Print_Text(29);
-			}
-			break;
-
-		case 'sprache' :
-
-			$chsql = "UPDATE `User` SET `Sprache` = '" . $_POST["language"] . "' WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1";
-			$Erg = mysql_query($chsql, $con);
-			$_SESSION['Sprache'] = $_POST["language"];
-			if ($Erg == 1) {
-				Print_Text(33);
-			} else {
-				Print_Text(29);
-			}
-			break;
-
-		case 'avatar' :
-			$chsql = "UPDATE `User` SET `Avatar`='" . $_POST["eAvatar"] . "' WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1";
-			$Erg = mysql_query($chsql, $con);
-			$_SESSION['Avatar'] = $_POST["eAvatar"];
-			if ($Erg == 1)
-				Print_Text(34);
-			else
-				Print_Text(29);
-			break;
-
-		case 'setUserData' :
-			if ($_SESSION['CVS']["Change T_Shirt Size"] == "Y") {
-				$chsql = "UPDATE `User` SET " .
-				"`Nick`='" . $_POST["eNick"] . "', `Name`='" . $_POST["eName"] . "', " .
-				"`Vorname`='" . $_POST["eVorname"] . "', `Alter`='" . $_POST["eAlter"] . "', " .
-				"`Telefon`='" . $_POST["eTelefon"] . "', `Handy`='" . $_POST["eHandy"] . "', " .
-				"`DECT`='" . $_POST["eDECT"] . "', `email`='" . $_POST["eemail"] . "', " .
-				"`ICQ`='" . $_POST["eICQ"] . "', `jabber`='" . $_POST["ejabber"] . "', " .
-				"`Hometown`='" . $_POST["Hometown"] . "', `Size`='" . $_POST["Sizeid"] . "' " .
-				"WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1;";
-			} else {
-				$chsql = "UPDATE `User` SET " .
-				"`Nick`='" . $_POST["eNick"] . "', `Name`='" . $_POST["eName"] . "', " .
-				"`Vorname`='" . $_POST["eVorname"] . "', `Alter`='" . $_POST["eAlter"] . "', " .
-				"`Telefon`='" . $_POST["eTelefon"] . "', `Handy`='" . $_POST["eHandy"] . "', " .
-				"`DECT`='" . $_POST["eDECT"] . "', `email`='" . $_POST["eemail"] . "', " .
-				"`ICQ`='" . $_POST["eICQ"] . "', `jabber`='" . $_POST["ejabber"] . "', " .
-				"`Hometown`='" . $_POST["Hometown"] . "' " .
-				"WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1;";
-			}
-			$Erg = mysql_query($chsql, $con);
-
-			if ($Erg == 1) {
-				$_SESSION['Nick'] = $_POST["eNick"];
-				$_SESSION['Name'] = $_POST["eName"];
-				$_SESSION['Vorname'] = $_POST["eVorname"];
-				$_SESSION['Alter'] = $_POST["eAlter"];
-				$_SESSION['Telefon'] = $_POST["eTelefon"];
-				$_SESSION['Handy'] = $_POST["eHandy"];
-				$_SESSION['DECT'] = $_POST["eDECT"];
-				$_SESSION['email'] = $_POST["eemail"];
-				$_SESSION['ICQ'] = $_POST["eICQ"];
-				$_SESSION['jabber'] = $_POST["ejabber"];
-				$_SESSION['Hometown'] = $_POST["Hometown"];
-				if ($_SESSION['CVS']["Change T_Shirt Size"] == "Y") {
-					$_SESSION['Size'] = $_POST["Sizeid"];
-				} else
-					if ($_SESSION['Size'] != $_POST["Sizeid"]) {
-						array_push($error_messages, "einstellungen.php, change t-shirt size not allowed\n");
-					}
-
-				Print_Text("pub_einstellungen_UserDateSaved");
-			} else {
-				Print_Text(29);
-				echo mysql_error($con);
-			}
-			break;
-
-		case 'sendPicture' :
-			if ($_FILES["file"]["size"] > 0) {
-				if (($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/png") || ($_FILES["file"]["type"] == "image/gif")) {
-					$data = addslashes(fread(fopen($_FILES["file"]["tmp_name"], "r"), filesize($_FILES["file"]["tmp_name"])));
-
-					if (GetPicturShow($_SESSION['UID']) == "")
-						$SQL = "INSERT INTO `UserPicture` " .
-						"( `UID`,`Bild`, `ContentType`, `show`) " .
-						"VALUES ('" . $_SESSION['UID'] . "', '$data', '" . $_FILES["file"]["type"] . "', 'N')";
-					else
-						$SQL = "UPDATE `UserPicture` SET " .
-						"`Bild`='$data', " .
-						"`ContentType`='" . $_FILES["file"]["type"] . "', " .
-						"`show`='N' " .
-						"WHERE `UID`='" . $_SESSION['UID'] . "'";
-
-					$res = mysql_query($SQL, $con);
-					if ($res)
-						Print_Text("pub_einstellungen_send_OK");
-					else
-						Print_Text("pub_einstellungen_send_KO");
-
-					echo "<h6>('" . $_FILES["file"]["name"] . "', MIME-Type: " . $_FILES["file"]["type"] . ", " . $_FILES["file"]["size"] . " Byte)</h6>";
-				} else
-					Print_Text("pub_einstellungen_send_KO");
-			} else
-				Print_Text("pub_einstellungen_send_KO");
-			break;
-
-		case 'delPicture' :
-			$chsql = "DELETE FROM `UserPicture` WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1";
-			$Erg = mysql_query($chsql, $con);
-			if ($Erg == 1)
-				Print_Text("pub_einstellungen_del_OK");
-			else
-				Print_Text("pub_einstellungen_del_KO");
-			Break;
-	}
-}
-include ("includes/footer.php");
-?>
diff --git a/www-ssl/nonpublic/index.php b/www-ssl/nonpublic/index.php
deleted file mode 100644
index b53f8088..00000000
--- a/www-ssl/nonpublic/index.php
+++ /dev/null
@@ -1,77 +0,0 @@
-<?PHP
-include ('../bootstrap.php');
-
-$title = "Index";
-$header = "Index";
-
-include ("config/config_db.php");
-include ("includes/crypt.php");
-
-session_start(); // alte Session - falls vorhanden - wiederherstellen...
-
-function LoginOK() {
-	include ("config/config.php");
-	header("HTTP/1.1 302 Moved Temporarily");
-	header("Location: " . $url . $ENGEL_ROOT . "nonpublic/news.php");
-}
-
-if (!IsSet ($_POST["user"])) { // User ist bereits angemeldet... normaler Inhalt...
-	LoginOK();
-} else { // User ist noch nicht angemeldet 
-	$sql = "SELECT * FROM `User` WHERE `Nick`='" . $_POST["user"] . "'";
-	$userstring = mysql_query($sql, $con);
-
-	// anzahl zeilen
-	$user_anz = mysql_num_rows($userstring);
-
-	if ($user_anz == 1) { // Check, ob User angemeldet wird...
-		if (mysql_result($userstring, 0, "Passwort") == PassCrypt($_POST["password"])) { // Passwort ok...
-			// Session wird eingeleitet und Session-Variablen gesetzt..
-			//  session_start();
-			session_name("Himmel");
-			$_SESSION['UID'] = mysql_result($userstring, 0, "UID");
-			$_SESSION['Nick'] = mysql_result($userstring, 0, "Nick");
-			$_SESSION['Name'] = mysql_result($userstring, 0, "Name");
-			$_SESSION['Vorname'] = mysql_result($userstring, 0, "Vorname");
-			$_SESSION['Alter'] = mysql_result($userstring, 0, "Alter");
-			$_SESSION['Telefon'] = mysql_result($userstring, 0, "Telefon");
-			$_SESSION['Handy'] = mysql_result($userstring, 0, "Handy");
-			$_SESSION['DECT'] = mysql_result($userstring, 0, "DECT");
-			$_SESSION['email'] = mysql_result($userstring, 0, "email");
-			$_SESSION['ICQ'] = mysql_result($userstring, 0, "ICQ");
-			$_SESSION['jabber'] = mysql_result($userstring, 0, "jabber");
-			$_SESSION['Size'] = mysql_result($userstring, 0, "Size");
-			$_SESSION['Gekommen'] = mysql_result($userstring, 0, "Gekommen");
-			$_SESSION['Aktiv'] = mysql_result($userstring, 0, "Aktiv");
-			$_SESSION['Tshirt'] = mysql_result($userstring, 0, "Tshirt");
-			$_SESSION['Menu'] = mysql_result($userstring, 0, "Menu");
-			$_SESSION['color'] = mysql_result($userstring, 0, "color");
-			$_SESSION['Avatar'] = mysql_result($userstring, 0, "Avatar");
-			$_SESSION['Sprache'] = mysql_result($userstring, 0, "Sprache");
-			$_SESSION['Hometown'] = mysql_result($userstring, 0, "Hometown");
-			$_SESSION['IP'] = $_SERVER['REMOTE_ADDR'];
-
-			// CVS import Data
-			$SQL = "SELECT * FROM `UserCVS` WHERE `UID`='" . $_SESSION['UID'] . "'";
-			$Erg_CVS = mysql_query($SQL, $con);
-			$_SESSION['CVS'] = mysql_fetch_array($Erg_CVS);
-
-			LoginOK();
-		} else { // Passwort nicht ok...
-			$ErrorText = "pub_index_pass_no_ok";
-		} // Ende Passwort-Check
-	} else { // Anzahl der User in User-Tabelle <> 1 --> keine Anmeldung
-		if ($user_anz == 0)
-			$ErrorText = "pub_index_User_unset";
-		else
-			$ErrorText = "pub_index_User_more_as_one";
-	} // Ende Check, ob User angemeldet wurde
-}
-include ("includes/header.php");
-if (isset ($ErrorText))
-	echo "<h2>" . Get_Text($ErrorText) . "</h2><br />\n";
-include ("includes/login_eingabefeld.php");
-include ("includes/footer.php");
-?>
-
-
-- 
cgit v1.2.3-54-g00ecf


From 3afd05636e46aedb53e1c1d954d23d6563b5e104 Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Thu, 2 Jun 2011 22:40:08 +0200
Subject: admin groups

---
 DB/db_rewrite.sql                     |  28 ++++----
 includes/funktion_menu.php            |  40 -----------
 includes/pages/admin_groups.php       |  73 ++++++++++++++++++++
 includes/sys_menu.php                 |   3 +-
 templates/admin_groups.html           |  21 ++++++
 templates/admin_groups_edit_form.html |  21 ++++++
 txt/TODO                              |   2 +
 www-ssl/admin/group.php               |  49 --------------
 www-ssl/index.php                     |   4 ++
 www-ssl/nonpublic/messages.php        | 124 ----------------------------------
 10 files changed, 139 insertions(+), 226 deletions(-)
 delete mode 100644 includes/funktion_menu.php
 create mode 100644 includes/pages/admin_groups.php
 create mode 100644 templates/admin_groups.html
 create mode 100644 templates/admin_groups_edit_form.html
 delete mode 100644 www-ssl/admin/group.php
 delete mode 100644 www-ssl/nonpublic/messages.php

(limited to 'txt/TODO')

diff --git a/DB/db_rewrite.sql b/DB/db_rewrite.sql
index d4811235..5041ce9b 100644
--- a/DB/db_rewrite.sql
+++ b/DB/db_rewrite.sql
@@ -3,7 +3,7 @@
 -- http://www.phpmyadmin.net
 --
 -- Host: localhost
--- Erstellungszeit: 02. Juni 2011 um 19:37
+-- Erstellungszeit: 02. Juni 2011 um 20:39
 -- Server Version: 5.1.44
 -- PHP-Version: 5.3.1
 
@@ -80,8 +80,9 @@ INSERT INTO `Counter` (`URL`, `Anz`) VALUES
 ('register', 3),
 ('admin_rooms', 70),
 ('admin_angel_types', 69),
-('user_settings', 111),
-('user_messages', 102);
+('user_settings', 115),
+('user_messages', 102),
+('admin_groups', 86);
 
 -- --------------------------------------------------------
 
@@ -125,22 +126,22 @@ CREATE TABLE IF NOT EXISTS `GroupPrivileges` (
   `privilege_id` int(11) NOT NULL,
   PRIMARY KEY (`id`),
   KEY `group_id` (`group_id`,`privilege_id`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=10 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=28 ;
 
 --
 -- Daten für Tabelle `GroupPrivileges`
 --
 
 INSERT INTO `GroupPrivileges` (`id`, `group_id`, `privilege_id`) VALUES
-(1, -1, 1),
-(2, -1, 2),
+(24, -1, 5),
 (3, -2, 3),
 (4, -2, 4),
-(5, -1, 5),
+(23, -1, 2),
 (6, -4, 6),
 (7, -4, 7),
 (8, -2, 8),
-(9, -2, 9);
+(9, -2, 9),
+(12, -5, 10);
 
 -- --------------------------------------------------------
 
@@ -253,7 +254,7 @@ CREATE TABLE IF NOT EXISTS `Privileges` (
   `desc` varchar(1024) NOT NULL,
   PRIMARY KEY (`id`),
   UNIQUE KEY `name` (`name`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=10 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=11 ;
 
 --
 -- Daten für Tabelle `Privileges`
@@ -268,7 +269,8 @@ INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES
 (6, 'admin_rooms', 'Räume administrieren'),
 (7, 'admin_angel_types', 'Engel Typen administrieren'),
 (8, 'user_settings', 'User profile settings'),
-(9, 'user_messages', 'Writing and reading messages from user to user');
+(9, 'user_messages', 'Writing and reading messages from user to user'),
+(10, 'admin_groups', 'Manage usergroups and their rights');
 
 -- --------------------------------------------------------
 
@@ -995,7 +997,9 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES
 ('credits', 'DE', 'Credits'),
 ('credits', 'EN', 'Credits'),
 ('pub_messages_Neu', 'DE', 'Neu'),
-('pub_messages_Neu', 'EN', 'New');
+('pub_messages_Neu', 'EN', 'New'),
+('admin_groups', 'DE', 'Gruppenrechte'),
+('admin_groups', 'EN', 'Grouprights');
 
 -- --------------------------------------------------------
 
@@ -1038,7 +1042,7 @@ CREATE TABLE IF NOT EXISTS `User` (
 --
 
 INSERT INTO `User` (`UID`, `Nick`, `Name`, `Vorname`, `Alter`, `Telefon`, `DECT`, `Handy`, `email`, `ICQ`, `jabber`, `Size`, `Passwort`, `Gekommen`, `Aktiv`, `Tshirt`, `color`, `Sprache`, `Avatar`, `Menu`, `lastLogIn`, `CreateDate`, `Art`, `kommentar`, `Hometown`) VALUES
-(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307043433, '0000-00-00 00:00:00', '', '', ''),
+(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307046926, '0000-00-00 00:00:00', '', '', ''),
 (147, 'msquare', '', '', 23, '', '', '', 'msquare@notrademark.de', '', '', 'L', 'e10adc3949ba59abbe56e057f20f883e', 0, 0, 0, 6, 'EN', 0, 'L', 1307042703, '2011-06-02 00:55:09', '', '', '');
 
 -- --------------------------------------------------------
diff --git a/includes/funktion_menu.php b/includes/funktion_menu.php
deleted file mode 100644
index 0a324758..00000000
--- a/includes/funktion_menu.php
+++ /dev/null
@@ -1,40 +0,0 @@
-<?php
-// Menue generieren
-function ShowMenu($MenuName) {
-	global $MenueTableStart, $MenueTableEnd, $_SESSION, $debug, $url, $ENGEL_ROOT;
-	$Gefunden = false;
-
-	// Ueberschift
-	$Text = "";
-
-	// Eintraege
-	foreach ($_SESSION['CVS'] as $Key => $Entry)
-		if (strpos($Key, ".php") > 0)
-			if ((strpos("00$Key", "0$MenuName") > 0) || ((strlen($MenuName) == 0) && (strpos("0$Key", "/") == 0))) {
-				$TempName = Get_Text($Key, true);
-
-				if ((true || $debug) && ($TempName == ""))
-					$TempName = "not found: \"$Key\"";
-
-				if ($Entry == "Y") {
-					//zum absichtlkichen ausblenden von einträgen
-					if (strlen($TempName) > 1) {
-						//sonderfälle:
-
-						if ($Key == "admin/faq.php")
-							$TempName .= " (" . noAnswer() . ")";
-						elseif ($Key == "credits.php") continue;
-						//ausgabe
-						$Text .= "<li><a href=\"" . $url . $ENGEL_ROOT . $Key . "\">$TempName</a></li>\n";
-						$Gefunden = true;
-					}
-				}
-				elseif ($debug) {
-					$Gefunden = true;
-					$Text .= "<li>$TempName ($Key)</li>\n";
-				}
-			}
-	if ($Gefunden)
-		echo '<nav class="container"><h4>' . Get_Text("$MenuName/") . '</h4><ul class="content">' . $Text . '</ul></nav>';
-} //function ShowMenue
-?>
diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php
new file mode 100644
index 00000000..5d9d8180
--- /dev/null
+++ b/includes/pages/admin_groups.php
@@ -0,0 +1,73 @@
+<?php
+function admin_groups() {
+	global $user;
+
+	$html = "";
+	$groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`");
+	if (!isset ($_REQUEST["action"])) {
+		$groups_html = "";
+		foreach ($groups as $group) {
+			$groups_html .= '<tr>';
+			$groups_html .= '<td>' . $group['Name'] . '</td>';
+			$privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
+			$privileges_html = array ();
+			foreach ($privileges as $priv)
+				$privileges_html[] = $priv['name'];
+			$groups_html .= '<td>' . join(", ", $privileges_html) . '</td>';
+			$groups_html .= '<td><a href="' . page_link_to("admin_groups") . '&action=edit&id=' . $group['UID'] . '">Ändern</a></td>';
+			$groups_html .= '</tr>';
+		}
+
+		return template_render('../templates/admin_groups.html', array (
+			'nick' => $user['Nick'],
+			'groups' => $groups_html
+		));
+	} else {
+		switch ($_REQUEST["action"]) {
+			case 'edit' :
+				if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
+					$id = $_REQUEST['id'];
+				else
+					return error("Incomplete call, missing Groups ID.");
+
+				$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+				if (count($room) > 0) {
+					list ($room) = $room;
+					$privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
+					$privileges_html = "";
+					foreach ($privileges as $priv)
+						$privileges_html .= '<tr><td><input type="checkbox" name="privileges[]" value="' . $priv['id'] . '"' . ($priv['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $priv['name'] . '</td><td>' . $priv['desc'] . '</td></tr>';
+
+					$html .= template_render('../templates/admin_groups_edit_form.html', array (
+						'link' => page_link_to("admin_groups"),
+						'id' => $id,
+						'privileges' => $privileges_html
+					));
+				} else
+					return error("No Group found.");
+				break;
+
+			case 'save' :
+				if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
+					$id = $_REQUEST['id'];
+				else
+					return error("Incomplete call, missing Groups ID.");
+
+				$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+				if (!is_array($_REQUEST['privileges']))
+					$_REQUEST['privileges'] = array ();
+				if (count($room) > 0) {
+					list ($room) = $room;
+					sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
+					foreach ($_REQUEST['privileges'] as $priv)
+						if (preg_match("/^[0-9]{1,}$/", $priv) && sql_num_query("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv)) > 0)
+							sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
+					header("Location: " . page_link_to("admin_groups"));
+				} else
+					return error("No Group found.");
+				break;
+		}
+	}
+	return $html;
+}
+?>
diff --git a/includes/sys_menu.php b/includes/sys_menu.php
index 822d558f..739cb9d1 100644
--- a/includes/sys_menu.php
+++ b/includes/sys_menu.php
@@ -29,7 +29,8 @@ function make_navigation() {
 	// Admin Navigation
 	$menu .= make_navigation_for(Get_Text('admin/'), array (
 		"admin_angel_types",
-		"admin_rooms"
+		"admin_rooms",
+		"admin_groups"
 	));
 	return $menu;
 }
diff --git a/templates/admin_groups.html b/templates/admin_groups.html
new file mode 100644
index 00000000..c5b4ac57
--- /dev/null
+++ b/templates/admin_groups.html
@@ -0,0 +1,21 @@
+Hallo %nick%,
+<br/>
+hier hast du die Möglichkeit Gruppenrechte zu ändern:
+<table>
+    <thead>
+        <tr>
+            <th>
+                Name
+            </th>
+            <th>
+                Rechte
+            </th>
+            <th>
+                &nbsp;
+            </th>
+        </tr>
+    </thead>
+    <tbody>
+        %groups%
+    </tbody>
+</table>
diff --git a/templates/admin_groups_edit_form.html b/templates/admin_groups_edit_form.html
new file mode 100644
index 00000000..5729df64
--- /dev/null
+++ b/templates/admin_groups_edit_form.html
@@ -0,0 +1,21 @@
+<form action="%link%&action=save" method="post">
+    <table>
+        <thead>
+            <tr>
+                <th>
+                    &nbsp;
+                </th>
+                <th>
+                    Name
+                </th>
+                <th>
+                    Description
+                </th>
+            </tr>
+        </thead>
+        <tbody>
+            %privileges%
+        </tbody>
+    </table>
+    <input type="hidden" name="id" value="%id%" /><input type="submit" name="submit" value="Save" />
+</form>
\ No newline at end of file
diff --git a/txt/TODO b/txt/TODO
index fbaf4377..1ebf5e52 100644
--- a/txt/TODO
+++ b/txt/TODO
@@ -4,6 +4,8 @@
  * user_messages schön machen
  * Formulare weg von Tabellen
  * user_news lässt sich nicht bedienen (POST ohne redirects...)
+ * Privilegien korrigieren (an die vom CVS anpassen)
+ * Beim Raum-Management die benötigten Engel anzeigen
 
 
 * schichten ueber monatsgrenzen einbaue im moment werden die tage nur 
diff --git a/www-ssl/admin/group.php b/www-ssl/admin/group.php
deleted file mode 100644
index b8a52ec2..00000000
--- a/www-ssl/admin/group.php
+++ /dev/null
@@ -1,49 +0,0 @@
-<?php
-require_once ('../bootstrap.php');
-
-$title = "User-Liste";
-$header = "Editieren der Engelliste";
-include ("includes/header.php");
-include ("includes/funktion_db_list.php");
-
-if (!IsSet ($_GET["enterGID"])) {
-	// Userliste, keine UID uebergeben...
-
-	$SQL = "SELECT * FROM `UserGroups` ORDER BY `Name` ASC";
-	$Erg = mysql_query($SQL, $con);
-	echo mysql_error($con);
-
-	// anzahl zeilen
-	$Zeilen = mysql_num_rows($Erg);
-
-	echo "<table class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n";
-	echo "<tr class=\"contenttopic\">\n";
-	echo "\t<td>Groupname</td>\n";
-	echo "\t<td>Link</td>\n";
-	echo "</tr>\n";
-
-	for ($n = 0; $n < $Zeilen; $n++) {
-		echo "<tr class=\"content\">\n";
-		echo "\t<td>" . mysql_result($Erg, $n, "Name") . "</td>\n";
-
-		echo "<td><a href=\"./userChangeSecure.php?enterUID=" .
-		mysql_result($Erg, $n, "UID") . "&Type=Secure\">change</a></td>\n";
-		echo "</tr>\n";
-	}
-
-	// new form
-	echo "<tr class=\"content\">\n";
-	echo "\t<form action=\"userSaveSecure.php?new=newGroup\"  method=\"POST\">\n";
-	echo "\t\t<td><input name=\"GroupName\" type=\"text\" value=\"--new group--\"></td>\n";
-	echo "\t\t<td><input type=\"submit\" name=\"Send\" value=\"Save\"></td>\n";
-	echo "\t</form>\n";
-	echo "</tr>\n";
-
-	echo "\t</table>\n";
-	// Ende Userliste
-}
-
-include ("includes/footer.php");
-?>
-
-
diff --git a/www-ssl/index.php b/www-ssl/index.php
index 48aea75c..6bfbcc32 100644
--- a/www-ssl/index.php
+++ b/www-ssl/index.php
@@ -61,6 +61,10 @@ if (in_array($p, $privileges)) {
 	elseif ($p == "admin_rooms") {
 		require_once ('includes/pages/admin_rooms.php');
 		$content = admin_rooms();
+	}
+	elseif ($p == "admin_groups") {
+		require_once ('includes/pages/admin_groups.php');
+		$content = admin_groups();
 	} else {
 		require_once ('includes/pages/guest_start.php');
 		$content = guest_start();
diff --git a/www-ssl/nonpublic/messages.php b/www-ssl/nonpublic/messages.php
deleted file mode 100644
index 4868136d..00000000
--- a/www-ssl/nonpublic/messages.php
+++ /dev/null
@@ -1,124 +0,0 @@
-<?php
-require_once ('../bootstrap.php');
-
-$title = "Himmel";
-$header = "";
-
-include "includes/header.php";
-
-if (!isset ($_GET["action"]))
-	$_GET["action"] = "start";
-
-switch ($_GET["action"]) {
-	case "start" :
-		echo Get_Text("Hello") . $_SESSION['Nick'] . ", <br />\n";
-		echo Get_Text("pub_messages_text1") . "<br /><br />\n";
-
-		//show exist Messages
-		$SQL = "SELECT * FROM `Messages` WHERE `SUID`='" . $_SESSION["UID"] . "' OR `RUID`='" . $_SESSION["UID"] . "'";
-		$erg = mysql_query($SQL, $con);
-
-		echo "<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n";
-		echo "<tr>\n";
-		echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Datum") . "</b></td>\n";
-		echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Von") . "</b></td>\n";
-		echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_An") . "</b></td>\n";
-		echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Text") . "</b></td>\n";
-		echo "<td class=\"contenttopic\"></td>\n";
-		echo "</tr>\n";
-
-		for ($i = 0; $i < mysql_num_rows($erg); $i++) {
-			echo "<tr class=\"content\">\n";
-			echo "<td>" . mysql_result($erg, $i, "Datum") . "</td>\n";
-			echo "<td>" . UID2Nick(mysql_result($erg, $i, "SUID")) . "</td>\n";
-			echo "<td>" . UID2Nick(mysql_result($erg, $i, "RUID")) . "</td>\n";
-			echo "<td>" . mysql_result($erg, $i, "Text") . "</td>\n";
-			echo "<td>";
-
-			if (mysql_result($erg, $i, "RUID") == $_SESSION["UID"]) {
-				echo "<a href=\"?action=DelMsg&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_DelMsg") . "</a>";
-
-				if (mysql_result($erg, $i, "isRead") == "N")
-					echo "<a href=\"?action=MarkRead&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_MarkRead") . "</a>";
-			} else {
-				if (mysql_result($erg, $i, "isRead") == "N")
-					echo Get_Text("pub_messages_NotRead");
-			}
-
-			echo "</td>\n";
-			echo "</tr>\n";
-		}
-
-		// send Messeges
-		echo "<form action=\"" . $_SERVER['SCRIPT_NAME'] . "?action=SendMsg\" method=\"POST\">";
-		echo "<tr class=\"content\">\n";
-		echo "<td></td>\n";
-		echo "<td></td>\n";
-
-		// Listet alle Nicks auf
-		echo "<td><select name=\"RUID\">\n";
-
-		$usql = "SELECT * FROM `User` WHERE (`UID`!='" . $_SESSION["UID"] . "') ORDER BY `Nick`";
-		$uErg = mysql_query($usql, $con);
-		$urowcount = mysql_num_rows($uErg);
-
-		for ($k = 0; $k < $urowcount; $k++) {
-			echo "<option value=\"" . mysql_result($uErg, $k, "UID") . "\">" . mysql_result($uErg, $k, "Nick") . "</option>\n";
-		}
-
-		echo "</select></td>\n";
-		echo "<td><textarea name=\"Text\"  cols=\"30\" rows=\"10\"></textarea></td>\n";
-		echo "<td><input type=\"submit\" value=\"" . Get_Text("save") . "\"></td>\n";
-		echo "</tr>\n";
-		echo "</form>";
-
-		echo "</table>\n";
-		break;
-
-	case "SendMsg" :
-		echo Get_Text("pub_messages_Send1") . "...<br />\n";
-
-		$SQL = "INSERT INTO `Messages` ( `Datum` , `SUID` , `RUID` , `Text` ) VALUES (" .
-		"'" . gmdate("Y-m-j H:i:s", time()) . "', " .
-		"'" . $_SESSION["UID"] . "', " .
-		"'" . $_POST["RUID"] . "', " .
-		"'" . $_POST["Text"] . "');";
-
-		$Erg = mysql_query($SQL, $con);
-
-		if ($Erg == 1)
-			echo Get_Text("pub_messages_Send_OK") . "\n";
-		else
-			echo Get_Text("pub_messages_Send_Error") . "...\n(" . mysql_error($con) . ")";
-		break;
-
-	case "MarkRead" :
-		$SQL = "UPDATE `Messages` SET `isRead` = 'Y' " .
-		"WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID`='" . $_SESSION["UID"] . "' " .
-		"LIMIT 1 ;";
-		$Erg = mysql_query($SQL, $con);
-
-		if ($Erg == 1)
-			echo Get_Text("pub_messages_MarkRead_OK") . "\n";
-		else
-			echo Get_Text("pub_messages_MarkRead_KO") . "...\n(" . mysql_error($con) . ")";
-		break;
-
-	case "DelMsg" :
-		$SQL = "DELETE FROM `Messages` " .
-		"WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID` ='" . $_SESSION["UID"] . "' " .
-		"LIMIT 1;";
-		$Erg = mysql_query($SQL, $con);
-
-		if ($Erg == 1)
-			echo Get_Text("pub_messages_DelMsg_OK") . "\n";
-		else
-			echo Get_Text("pub_messages_DelMsg_KO") . "...\n(" . mysql_error($con) . ")";
-		break;
-
-	default :
-		echo Get_Text("pub_messages_NoCommand");
-}
-
-include "includes/footer.php";
-?>
-- 
cgit v1.2.3-54-g00ecf


From 0d6499f7f1aadabc345f6896fa3ad26f7a299150 Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Thu, 2 Jun 2011 23:45:54 +0200
Subject: user questions

---
 DB/db_rewrite.sql                 | 45 ++++++++++++++++++---------------
 includes/pages/user_questions.php | 41 ++++++++++++++++++++++++++++++
 includes/sys_menu.php             |  1 +
 templates/user_questions.html     | 52 +++++++++++++++++++++++++++++++++++++++
 txt/TODO                          |  4 +--
 www-ssl/admin/dect_call.php       |  8 ------
 www-ssl/index.php                 |  4 +++
 7 files changed, 125 insertions(+), 30 deletions(-)
 create mode 100644 includes/pages/user_questions.php
 create mode 100644 templates/user_questions.html
 delete mode 100644 www-ssl/admin/dect_call.php

(limited to 'txt/TODO')

diff --git a/DB/db_rewrite.sql b/DB/db_rewrite.sql
index 5041ce9b..6a259c61 100644
--- a/DB/db_rewrite.sql
+++ b/DB/db_rewrite.sql
@@ -3,7 +3,7 @@
 -- http://www.phpmyadmin.net
 --
 -- Host: localhost
--- Erstellungszeit: 02. Juni 2011 um 20:39
+-- Erstellungszeit: 02. Juni 2011 um 21:45
 -- Server Version: 5.1.44
 -- PHP-Version: 5.3.1
 
@@ -71,18 +71,19 @@ CREATE TABLE IF NOT EXISTS `Counter` (
 --
 
 INSERT INTO `Counter` (`URL`, `Anz`) VALUES
-('news', 73),
-('login', 18),
-('logout', 11),
-('start', 23),
+('news', 78),
+('login', 20),
+('logout', 12),
+('start', 24),
 ('faq', 4),
 ('credits', 3),
 ('register', 3),
 ('admin_rooms', 70),
 ('admin_angel_types', 69),
-('user_settings', 115),
-('user_messages', 102),
-('admin_groups', 86);
+('user_settings', 116),
+('user_messages', 107),
+('admin_groups', 94),
+('user_questions', 30);
 
 -- --------------------------------------------------------
 
@@ -126,21 +127,22 @@ CREATE TABLE IF NOT EXISTS `GroupPrivileges` (
   `privilege_id` int(11) NOT NULL,
   PRIMARY KEY (`id`),
   KEY `group_id` (`group_id`,`privilege_id`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=28 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=33 ;
 
 --
 -- Daten für Tabelle `GroupPrivileges`
 --
 
 INSERT INTO `GroupPrivileges` (`id`, `group_id`, `privilege_id`) VALUES
+(32, -2, 8),
 (24, -1, 5),
-(3, -2, 3),
-(4, -2, 4),
+(31, -2, 11),
+(30, -2, 9),
 (23, -1, 2),
 (6, -4, 6),
 (7, -4, 7),
-(8, -2, 8),
-(9, -2, 9),
+(29, -2, 3),
+(28, -2, 4),
 (12, -5, 10);
 
 -- --------------------------------------------------------
@@ -192,8 +194,6 @@ CREATE TABLE IF NOT EXISTS `Messages` (
 INSERT INTO `Messages` (`id`, `Datum`, `SUID`, `RUID`, `isRead`, `Text`) VALUES
 (2, 1307042342, 1, 147, 'Y', 'asdfasdfasdfasdf'),
 (4, 1307042622, 1, 147, 'Y', 'asdfasdfasdf'),
-(5, 1307042643, 1, 147, 'Y', 'foobar'),
-(6, 1307042663, 1, 147, 'Y', 'foobar'),
 (7, 1307042692, 147, 1, 'Y', 'foobar');
 
 -- --------------------------------------------------------
@@ -254,7 +254,7 @@ CREATE TABLE IF NOT EXISTS `Privileges` (
   `desc` varchar(1024) NOT NULL,
   PRIMARY KEY (`id`),
   UNIQUE KEY `name` (`name`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=11 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=12 ;
 
 --
 -- Daten für Tabelle `Privileges`
@@ -270,7 +270,8 @@ INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES
 (7, 'admin_angel_types', 'Engel Typen administrieren'),
 (8, 'user_settings', 'User profile settings'),
 (9, 'user_messages', 'Writing and reading messages from user to user'),
-(10, 'admin_groups', 'Manage usergroups and their rights');
+(10, 'admin_groups', 'Manage usergroups and their rights'),
+(11, 'user_questions', 'Let users ask questions');
 
 -- --------------------------------------------------------
 
@@ -285,12 +286,14 @@ CREATE TABLE IF NOT EXISTS `Questions` (
   `AID` int(11) NOT NULL DEFAULT '0',
   `Answer` text NOT NULL,
   PRIMARY KEY (`QID`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COMMENT='Fragen und Antworten' AUTO_INCREMENT=21 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COMMENT='Fragen und Antworten' AUTO_INCREMENT=4 ;
 
 --
 -- Daten für Tabelle `Questions`
 --
 
+INSERT INTO `Questions` (`QID`, `UID`, `Question`, `AID`, `Answer`) VALUES
+(3, 1, 'Ficken?', 0, '');
 
 -- --------------------------------------------------------
 
@@ -999,7 +1002,9 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES
 ('pub_messages_Neu', 'DE', 'Neu'),
 ('pub_messages_Neu', 'EN', 'New'),
 ('admin_groups', 'DE', 'Gruppenrechte'),
-('admin_groups', 'EN', 'Grouprights');
+('admin_groups', 'EN', 'Grouprights'),
+('user_questions', 'DE', 'Erzengel fragen'),
+('user_questions', 'EN', 'Ask arch angel');
 
 -- --------------------------------------------------------
 
@@ -1042,7 +1047,7 @@ CREATE TABLE IF NOT EXISTS `User` (
 --
 
 INSERT INTO `User` (`UID`, `Nick`, `Name`, `Vorname`, `Alter`, `Telefon`, `DECT`, `Handy`, `email`, `ICQ`, `jabber`, `Size`, `Passwort`, `Gekommen`, `Aktiv`, `Tshirt`, `color`, `Sprache`, `Avatar`, `Menu`, `lastLogIn`, `CreateDate`, `Art`, `kommentar`, `Hometown`) VALUES
-(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307046926, '0000-00-00 00:00:00', '', '', ''),
+(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307051093, '0000-00-00 00:00:00', '', '', ''),
 (147, 'msquare', '', '', 23, '', '', '', 'msquare@notrademark.de', '', '', 'L', 'e10adc3949ba59abbe56e057f20f883e', 0, 0, 0, 6, 'EN', 0, 'L', 1307042703, '2011-06-02 00:55:09', '', '', '');
 
 -- --------------------------------------------------------
diff --git a/includes/pages/user_questions.php b/includes/pages/user_questions.php
new file mode 100644
index 00000000..8201c6d6
--- /dev/null
+++ b/includes/pages/user_questions.php
@@ -0,0 +1,41 @@
+<?php
+function user_questions() {
+	global $user;
+
+	if (!isset ($_REQUEST['action'])) {
+		$open_questions = "";
+		$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0 AND `UID`=" . sql_escape($user['UID']));
+		foreach ($questions as $question)
+			$open_questions .= '<tr><td>' . $question['Question'] . '</td><td><a href="' . page_link_to("user_questions") . '&action=delete&id=' . $question['QID'] . '">Delete</a></td><tr>';
+
+		return template_render('../templates/user_questions.html', array (
+			'link' => page_link_to("user_questions"),
+			'open_questions' => $open_questions
+		));
+	} else {
+		switch ($_REQUEST['action']) {
+			case 'ask' :
+				$question = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question'])));
+				if ($question != "") {
+					sql_query("INSERT INTO `Questions` SET `UID`=" . sql_escape($user['UID']) . ", `Question`='" . sql_escape($question) . "'");
+					header("Location: " . page_link_to("user_questions"));
+				} else
+					return error("Please enter a Question!");
+				break;
+			case 'delete' :
+				if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+					$id = $_REQUEST['id'];
+				else
+					return error("Incomplete call, missing Question ID.");
+
+				$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
+				if (count($question) > 0 && $question[0]['UID'] == $user['UID']) {
+					sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
+					header("Location: " . page_link_to("user_questions"));
+				} else
+					return error("No Question found.");
+				break;
+		}
+	}
+}
+?>
\ No newline at end of file
diff --git a/includes/sys_menu.php b/includes/sys_menu.php
index 739cb9d1..6cddf66a 100644
--- a/includes/sys_menu.php
+++ b/includes/sys_menu.php
@@ -23,6 +23,7 @@ function make_navigation() {
 	$menu .= make_navigation_for(Get_Text('inc_schicht_engel'), array (
 		"news",
 		"user_messages",
+		"user_questions",
 		"user_settings"
 	));
 
diff --git a/templates/user_questions.html b/templates/user_questions.html
new file mode 100644
index 00000000..96b1e980
--- /dev/null
+++ b/templates/user_questions.html
@@ -0,0 +1,52 @@
+Not yet answered questions:
+<table>
+    <thead>
+        <tr>
+            <th>
+                Question
+            </th>
+            <th>
+                &nbsp;
+            </th>
+        </tr>
+    </thead>
+    <tbody>
+        %open_questions%
+    </tbody>
+</table>
+<hr/> Answered questions:
+<table>
+    <thead>
+        <tr>
+            <th>
+                Question
+            </th>
+            <th>
+                From
+            </th>
+            <th>
+                Answer
+            </th>
+            <th>
+                &nbsp;
+            </th>
+        </tr>
+    </thead>
+    <tbody>
+        %answered_questions%
+    </tbody>
+</table>
+<hr/>
+<form action="%link%&action=ask" method="post">
+    <table>
+        <tr>
+            <td>
+                Question:
+            </td>
+            <td>
+                <textarea name="question"></textarea>
+            </td>
+        </tr>
+    </table>
+    <input type="submit" name="submit" value="Ask" />
+</form>
\ No newline at end of file
diff --git a/txt/TODO b/txt/TODO
index 1ebf5e52..14188a6f 100644
--- a/txt/TODO
+++ b/txt/TODO
@@ -1,12 +1,12 @@
  * MD5-Passwörter mit Salt speichern
  * Passwort-Mindestanforderungen stellen
- * User-Avatare
+ * User-Avatare (code liegt auskommentiert in user_settings.php)
  * user_messages schön machen
  * Formulare weg von Tabellen
  * user_news lässt sich nicht bedienen (POST ohne redirects...)
  * Privilegien korrigieren (an die vom CVS anpassen)
  * Beim Raum-Management die benötigten Engel anzeigen
-
+ * Löschen nur mit Rückfrage
 
 * schichten ueber monatsgrenzen einbaue im moment werden die tage nur 
   hochgezaehlt und die monatzgrenzen werden ignoriert
diff --git a/www-ssl/admin/dect_call.php b/www-ssl/admin/dect_call.php
deleted file mode 100644
index 0799c2be..00000000
--- a/www-ssl/admin/dect_call.php
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-require_once ('../bootstrap.php');
-
-include ("includes/header.php");
-
-include ("includes/footer.php");
-?>
-
diff --git a/www-ssl/index.php b/www-ssl/index.php
index 6bfbcc32..831225e6 100644
--- a/www-ssl/index.php
+++ b/www-ssl/index.php
@@ -38,6 +38,10 @@ if (in_array($p, $privileges)) {
 	elseif ($p == "user_messages") {
 		$content = user_messages();
 	}
+	elseif ($p == "user_questions") {
+		require_once ('includes/pages/user_questions.php');
+		$content = user_questions();
+	}
 	elseif ($p == "user_settings") {
 		require_once ('includes/pages/user_settings.php');
 		$content = user_settings();
-- 
cgit v1.2.3-54-g00ecf


From 626b9a81f303a07fab5be1302496d8823d1fede4 Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Fri, 3 Jun 2011 01:03:39 +0200
Subject: admin faq

---
 DB/db_rewrite.sql                  |  65 +++++----
 includes/pages/admin_faq.php       |  85 ++++++++++++
 includes/pages/guest_faq.php       |  32 ++---
 includes/sys_menu.php              |   3 +-
 templates/admin_faq.html           |  56 ++++++++
 templates/admin_faq_edit_form.html |  41 ++++++
 txt/TODO                           |   1 +
 www-ssl/admin/faq.1.php            |   6 -
 www-ssl/admin/faq.php              | 271 -------------------------------------
 www-ssl/css/base.css               |   5 +
 www-ssl/index.php                  |   4 +
 www-ssl/nonpublic/faq.php          |  73 ----------
 12 files changed, 240 insertions(+), 402 deletions(-)
 create mode 100644 includes/pages/admin_faq.php
 create mode 100644 templates/admin_faq.html
 create mode 100644 templates/admin_faq_edit_form.html
 delete mode 100644 www-ssl/admin/faq.1.php
 delete mode 100644 www-ssl/admin/faq.php
 delete mode 100644 www-ssl/nonpublic/faq.php

(limited to 'txt/TODO')

diff --git a/DB/db_rewrite.sql b/DB/db_rewrite.sql
index 5d6b4e2c..fa31c6f8 100644
--- a/DB/db_rewrite.sql
+++ b/DB/db_rewrite.sql
@@ -3,7 +3,7 @@
 -- http://www.phpmyadmin.net
 --
 -- Host: localhost
--- Erstellungszeit: 02. Juni 2011 um 22:21
+-- Erstellungszeit: 02. Juni 2011 um 23:02
 -- Server Version: 5.1.44
 -- PHP-Version: 5.3.1
 
@@ -75,16 +75,17 @@ INSERT INTO `Counter` (`URL`, `Anz`) VALUES
 ('login', 24),
 ('logout', 13),
 ('start', 25),
-('faq', 6),
+('faq', 16),
 ('credits', 3),
 ('register', 3),
 ('admin_rooms', 70),
 ('admin_angel_types', 69),
 ('user_settings', 116),
-('user_messages', 108),
-('admin_groups', 99),
-('user_questions', 53),
-('admin_questions', 41);
+('user_messages', 111),
+('admin_groups', 104),
+('user_questions', 54),
+('admin_questions', 41),
+('admin_faq', 53);
 
 -- --------------------------------------------------------
 
@@ -94,27 +95,29 @@ INSERT INTO `Counter` (`URL`, `Anz`) VALUES
 
 CREATE TABLE IF NOT EXISTS `FAQ` (
   `FID` bigint(20) NOT NULL AUTO_INCREMENT,
-  `Frage` text NOT NULL,
-  `Antwort` text NOT NULL,
+  `Frage_de` text NOT NULL,
+  `Antwort_de` text NOT NULL,
+  `Frage_en` text NOT NULL,
+  `Antwort_en` text NOT NULL,
   PRIMARY KEY (`FID`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=24 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=26 ;
 
 --
 -- Daten für Tabelle `FAQ`
 --
 
-INSERT INTO `FAQ` (`FID`, `Frage`, `Antwort`) VALUES
-(1, 'Komme ich als Engel billiger/kostenlos auf den Congress?<br />\r\nDo I get in cheaper / for free to the congress as an angel ?', 'Nein, jeder Engel muss normal Eintritt bezahlen.<br />\r\nNo, every angel has to pay full price.'),
-(2, 'Was bekomme ich f&uuml;r meine Mitarbeit?<br />\r\nWhat can i expect in return for my help? \r\n', 'Jeder Engel der arbeitet bekommt ein kostenloses T-Shirt nach der Veranstalltung <br />\r\nEvery working angel gets a free shirt after the event. '),
-(3, 'Wie lange muss ich als Engel arbeiten?<br />\r\nHow long do I have to work as an angel ?', 'Diese Frage ist schwer zu beantworten. Es h&auml;ngt z.B. davon ab, was man macht (z.B. Workshop-Engel) und wieviele Engel wir zusammen bekommen. <br />\r\nThis is difficult to answer. It depends on what you decide to do (e.g. workshop angel) and how many people will attend. '),
-(6, 'Ich bin erst XX Jahre alt. Kann ich &uuml;berhaupt helfen?<br />\r\nI''m only XX years old. Can I help anyway?', 'Wir k&ouml;nnen jede helfende Hand gebrauchen. Wenn du alt genug bist, um zum Congress zu kommen, bist du auch alt genug zu helfen. <br />\r\nWe need every help we can get. If your old enough to come to the congress, your old enough to help.'),
-(8, 'Wer sind eigentlich die Erzengel?<br />\r\nWho <b>are</b> the Arch-Angels?\r\n', 'Erzengel sind dieses Jahr: BugBlue, TabascoEye, Jeedi, Daizy, volty<br /> \r\nThe ArchAngels for this year are: BugBlue, TabascoEye, Jeedi, Daizy, volty\r\n'),
-(9, 'Gibt es dieses Jahr wieder einen IRC-Channel f&uuml;r Engel?<br />\r\nWill there be an IRC-channel for angels again?', 'Ja, im IRC-Net existiert #chaos-angel. Einfach mal reinschaun!<br />\r\nYes, in the IRC-net there''s #chaos-angel. Just have a look!'),
-(10, 'Wie gehe ich mit den Besuchern um? <br />\r\nHow do I treat visitors?', 'Man soll gegen&uuml;ber den Besuchern immer h&ouml;flich und freundlich sein, auch wenn diese gestresst sind. Wenn man das Gef&uuml;hl hat, dass man mit der Situation nicht mehr klarkommt, sollte man sich jemanden zur Unterst&uuml;tzung holen, bevor man selbst auch gestresst wird :-)  <br />\r\nYou should always be polite and friendly, especially if they are stressed. When you feel you can''t handle it on your own, get someone to help you out before you get so stressed yourself that you get impolite.'),
-(11, 'Wann sind die Engelbesprechungen? <br />\r\nWhen are the angels briefings?', 'Das wird vor Ort noch festgelegt und steht im Himmelnewssystem.<br />\r\nThe information on the Angel Briefings will be in the news section of this system.'),
-(12, 'Was muss ich noch bedenken?<br />\r\nAnything else I should know?', 'Man sollte nicht total &uuml;berm&uuml;det oder ausgehungert, wenn n man einen Einsatz hat. Eine gewisse Fitness ist hilfreich.<br />\r\nYou should not be exhausted or starving when you arrive for a shift. A reasonable amount of fitness for work would be very helpful.'),
-(13, 'Ich habe eine Frage, auf die ich in der FAQ keine Antwort gefunden habe. Wohin soll ich mich wenden? <br />\r\nI have a guestion not answered here. Who can I ask?', 'Bei weitere Fragen kannst du die Anfragen an die Erzengel Formular benutzen.<br />\r\nIf you have further questions, you can use the Questions for the ArchAngels form.'),
-(20, 'Wer muss alles Eintritt zahlen?<br />\r\nWho has to pay the full entrance price?', 'Jeder. Zumindest, solange er/sie &auml;lter als 12 Jahre ist...<br />\r\nEveryone who is at older than 12 years old.');
+INSERT INTO `FAQ` (`FID`, `Frage_de`, `Antwort_de`, `Frage_en`, `Antwort_en`) VALUES
+(1, 'Komme ich als Engel billiger/kostenlos auf den Congress?', 'Nein, jeder Engel muss normal Eintritt bezahlen.', 'Do I get in cheaper / for free to the congress as an angel ?', 'No, every angel has to pay full price.'),
+(2, 'Was bekomme ich f&uuml;r meine Mitarbeit?', 'Jeder Engel der arbeitet bekommt ein kostenloses T-Shirt nach der Veranstalltung', 'What can i expect in return for my help?', 'Every working angel gets a free shirt after the event.'),
+(3, 'Wie lange muss ich als Engel arbeiten?', 'Diese Frage ist schwer zu beantworten. Es h&auml;ngt z.B. davon ab, was man macht (z.B. Workshop-Engel) und wieviele Engel wir zusammen bekommen.', 'How long do I have to work as an angel ?', 'This is difficult to answer. It depends on what you decide to do (e.g. workshop angel) and how many people will attend.'),
+(6, 'Ich bin erst XX Jahre alt. Kann ich &uuml;berhaupt helfen?', 'Wir k&ouml;nnen jede helfende Hand gebrauchen. Wenn du alt genug bist, um zum Congress zu kommen, bist du auch alt genug zu helfen.', 'I''m only XX years old. Can I help anyway?', 'We need every help we can get. If your old enough to come to the congress, your old enough to help.'),
+(8, 'Wer sind eigentlich die Erzengel?', 'Erzengel sind dieses Jahr: BugBlue, TabascoEye, Jeedi, Daizy, volty', 'Who <b>are</b> the Arch-Angels?', 'The ArchAngels for this year are: BugBlue, TabascoEye, Jeedi, Daizy, volty'),
+(9, 'Gibt es dieses Jahr wieder einen IRC-Channel f&uuml;r Engel?', 'Ja, im IRC-Net existiert #chaos-angel. Einfach mal reinschaun!', 'Will there be an IRC-channel for angels again?', 'Yes, in the IRC-net there''s #chaos-angel. Just have a look!'),
+(10, 'Wie gehe ich mit den Besuchern um?', 'Man soll gegen&uuml;ber den Besuchern immer h&ouml;flich und freundlich sein, auch wenn diese gestresst sind. Wenn man das Gef&uuml;hl hat, dass man mit der Situation nicht mehr klarkommt, sollte man sich jemanden zur Unterst&uuml;tzung holen, bevor man selbst auch gestresst wird :-)', 'How do I treat visitors?', 'You should always be polite and friendly, especially if they are stressed. When you feel you can''t handle it on your own, get someone to help you out before you get so stressed yourself that you get impolite.'),
+(11, 'Wann sind die Engelbesprechungen?', 'Das wird vor Ort noch festgelegt und steht im Himmelnewssystem.', 'When are the angels briefings?', 'The information on the Angel Briefings will be in the news section of this system.'),
+(12, 'Was muss ich noch bedenken?', 'Man sollte nicht total &uuml;berm&uuml;det oder ausgehungert, wenn n man einen Einsatz hat. Eine gewisse Fitness ist hilfreich.', 'Anything else I should know?', 'You should not be exhausted or starving when you arrive for a shift. A reasonable amount of fitness for work would be very helpful.'),
+(13, 'Ich habe eine Frage, auf die ich in der FAQ keine Antwort gefunden habe. Wohin soll ich mich wenden?', 'Bei weitere Fragen kannst du die Anfragen an die Erzengel Formular benutzen.', 'I have a guestion not answered here. Who can I ask?', 'If you have further questions, you can use the Questions for the ArchAngels form.'),
+(20, 'Wer muss alles Eintritt zahlen?', 'Jeder. Zumindest, solange er/sie &auml;lter als 12 Jahre ist...', 'Who has to pay the full entrance price?', 'Everyone who is at older than 12 years old.');
 
 -- --------------------------------------------------------
 
@@ -128,7 +131,7 @@ CREATE TABLE IF NOT EXISTS `GroupPrivileges` (
   `privilege_id` int(11) NOT NULL,
   PRIMARY KEY (`id`),
   KEY `group_id` (`group_id`,`privilege_id`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=36 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=40 ;
 
 --
 -- Daten für Tabelle `GroupPrivileges`
@@ -140,12 +143,13 @@ INSERT INTO `GroupPrivileges` (`id`, `group_id`, `privilege_id`) VALUES
 (31, -2, 11),
 (30, -2, 9),
 (23, -1, 2),
-(34, -4, 12),
-(33, -4, 7),
+(36, -4, 7),
+(37, -4, 13),
 (29, -2, 3),
 (28, -2, 4),
 (12, -5, 10),
-(35, -4, 6);
+(38, -4, 12),
+(39, -4, 6);
 
 -- --------------------------------------------------------
 
@@ -256,7 +260,7 @@ CREATE TABLE IF NOT EXISTS `Privileges` (
   `desc` varchar(1024) NOT NULL,
   PRIMARY KEY (`id`),
   UNIQUE KEY `name` (`name`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=13 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=14 ;
 
 --
 -- Daten für Tabelle `Privileges`
@@ -274,7 +278,8 @@ INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES
 (9, 'user_messages', 'Writing and reading messages from user to user'),
 (10, 'admin_groups', 'Manage usergroups and their rights'),
 (11, 'user_questions', 'Let users ask questions'),
-(12, 'admin_questions', 'Answer user''s questions');
+(12, 'admin_questions', 'Answer user''s questions'),
+(13, 'admin_faq', 'Edit FAQs');
 
 -- --------------------------------------------------------
 
@@ -1009,7 +1014,9 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES
 ('user_questions', 'DE', 'Erzengel fragen'),
 ('user_questions', 'EN', 'Ask arch angel'),
 ('admin_questions', 'DE', 'Fragen beantworten'),
-('admin_questions', 'EN', 'Answer questions');
+('admin_questions', 'EN', 'Answer questions'),
+('admin_faq', 'DE', 'FAQs bearbeiten'),
+('admin_faq', 'EN', 'Edit FAQs');
 
 -- --------------------------------------------------------
 
@@ -1052,7 +1059,7 @@ CREATE TABLE IF NOT EXISTS `User` (
 --
 
 INSERT INTO `User` (`UID`, `Nick`, `Name`, `Vorname`, `Alter`, `Telefon`, `DECT`, `Handy`, `email`, `ICQ`, `jabber`, `Size`, `Passwort`, `Gekommen`, `Aktiv`, `Tshirt`, `color`, `Sprache`, `Avatar`, `Menu`, `lastLogIn`, `CreateDate`, `Art`, `kommentar`, `Hometown`) VALUES
-(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307053257, '0000-00-00 00:00:00', '', '', ''),
+(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307055685, '0000-00-00 00:00:00', '', '', ''),
 (147, 'msquare', '', '', 23, '', '', '', 'msquare@notrademark.de', '', '', 'L', 'e10adc3949ba59abbe56e057f20f883e', 0, 0, 0, 6, 'EN', 0, 'L', 1307042703, '2011-06-02 00:55:09', '', '', '');
 
 -- --------------------------------------------------------
diff --git a/includes/pages/admin_faq.php b/includes/pages/admin_faq.php
new file mode 100644
index 00000000..5b9a338f
--- /dev/null
+++ b/includes/pages/admin_faq.php
@@ -0,0 +1,85 @@
+<?php
+function admin_faq() {
+	if (!isset ($_REQUEST['action'])) {
+		$faqs_html = "";
+		$faqs = sql_select("SELECT * FROM `FAQ`");
+		foreach ($faqs as $faq) {
+			$faqs_html .= '<tr><td><dl><dt>' . $faq['Frage_de'] . '</dt><dd>' . $faq['Antwort_de'] . '</dd></dl></td><td><dl><dt>' . $faq['Frage_en'] . '</dt><dd>' . $faq['Antwort_en'] . '</dd></dl></td>';
+			$faqs_html .= '<td><a href="' . page_link_to("admin_faq") . '&action=edit&id=' . $faq['FID'] . '">Edit</a></td></tr>';
+		}
+		return template_render('../templates/admin_faq.html', array (
+			'link' => page_link_to("admin_faq"),
+			'faqs' => $faqs_html
+		));
+	} else {
+		switch ($_REQUEST['action']) {
+			case 'create' :
+				$frage = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['frage']));
+				$antwort = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['antwort']));
+				$question = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question']));
+				$answer = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer']));
+				sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "'");
+				header("Location: " . page_link_to("admin_faq"));
+				break;
+
+			case 'save' :
+				if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+					$id = $_REQUEST['id'];
+				else
+					return error("Incomplete call, missing FAQ ID.");
+
+				$faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
+				if (count($faq) > 0) {
+					list ($faq) = $faq;
+
+					$frage = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['frage']));
+					$antwort = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['antwort']));
+					$question = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question']));
+					$answer = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer']));
+					sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
+					header("Location: " . page_link_to("admin_faq"));
+				} else
+					return error("No FAQ found.");
+				break;
+
+			case 'edit' :
+				if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+					$id = $_REQUEST['id'];
+				else
+					return error("Incomplete call, missing FAQ ID.");
+
+				$faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
+				if (count($faq) > 0) {
+					list ($faq) = $faq;
+
+					return template_render('../templates/admin_faq_edit_form.html', array (
+						'link' => page_link_to("admin_faq"),
+						'id' => $id,
+						'frage' => $faq['Frage_de'],
+						'antwort' => $faq['Antwort_de'],
+						'question' => $faq['Frage_en'],
+						'answer' => $faq['Antwort_en']
+					));
+				} else
+					return error("No FAQ found.");
+				break;
+
+			case 'delete' :
+				if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+					$id = $_REQUEST['id'];
+				else
+					return error("Incomplete call, missing FAQ ID.");
+
+				$faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
+				if (count($faq) > 0) {
+					list ($faq) = $faq;
+
+					sql_query("DELETE FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
+					header("Location: " . page_link_to("admin_faq"));
+				} else
+					return error("No FAQ found.");
+				break;
+		}
+	}
+}
+?>
\ No newline at end of file
diff --git a/includes/pages/guest_faq.php b/includes/pages/guest_faq.php
index 48e75d16..c4bcd0bb 100644
--- a/includes/pages/guest_faq.php
+++ b/includes/pages/guest_faq.php
@@ -2,29 +2,17 @@
 function guest_faq() {
 	$html = "";
 	$faqs = sql_select("SELECT * FROM `FAQ`");
-	foreach ($faqs as $faq)
-		if ($faq['Antwort'] != "") {
-			list ($frage_de, $frage_en) = explode('<br />', $faq['Frage']);
-			list ($antwort_de, $antwort_en) = explode('<br />', $faq['Antwort']);
-			$html .= "<dl>";
-			if ($_SESSION['Sprache'] == "DE") {
-				$html .= "<dt>" . $frage_de . "</dt>";
-				$html .= "<dd>" . $antwort_de . "</dd>";
-			} else {
-				$html .= "<dt>" . $frage_en . "</dt>";
-				$html .= "<dd>" . $antwort_en . "</dd>";
-			}
-			$html .= "</dl>";
+	foreach ($faqs as $faq) {
+		$html .= "<dl>";
+		if ($_SESSION['Sprache'] == "DE") {
+			$html .= "<dt>" . $faq['Frage_de'] . "</dt>";
+			$html .= "<dd>" . $faq['Antwort_de'] . "</dd>";
+		} else {
+			$html .= "<dt>" . $faq['Frage_en'] . "</dt>";
+			$html .= "<dd>" . $faq['Antwort_en'] . "</dd>";
 		}
+		$html .= "</dl>";
+	}
 	return $html;
 }
-
-function noAnswer() {
-	global $con;
-
-	$SQL = "SELECT UID FROM Questions WHERE `AID`='0'";
-	$Res = mysql_query($SQL, $con);
-
-	return mysql_num_rows($Res);
-}
 ?>
diff --git a/includes/sys_menu.php b/includes/sys_menu.php
index c3dfa041..ca34ee6c 100644
--- a/includes/sys_menu.php
+++ b/includes/sys_menu.php
@@ -32,7 +32,8 @@ function make_navigation() {
 		"admin_questions",
 		"admin_angel_types",
 		"admin_rooms",
-		"admin_groups"
+		"admin_groups",
+		"admin_faq"
 	));
 	return $menu;
 }
diff --git a/templates/admin_faq.html b/templates/admin_faq.html
new file mode 100644
index 00000000..5dacf522
--- /dev/null
+++ b/templates/admin_faq.html
@@ -0,0 +1,56 @@
+<table>
+    <thead>
+        <tr>
+            <th>
+                Deutsch
+            </th>
+            <th>
+                English
+            </th>
+            <th>
+                &nbsp;
+            </th>
+        </tr>
+    </thead>
+    <tbody>
+        %faqs%
+    </tbody>
+</table>
+<hr/>Create new FAQ:
+<form action="%link%&action=create" method="post">
+    <table>
+        <tr>
+            <td>
+                Frage
+            </td>
+            <td>
+                <textarea name="frage"></textarea>
+            </td>
+        </tr>
+        <tr>
+            <td>
+                Antwort
+            </td>
+            <td>
+                <textarea name="antwort"></textarea>
+            </td>
+        </tr>
+        <tr>
+            <td>
+                Question
+            </td>
+            <td>
+                <textarea name="question"></textarea>
+            </td>
+        </tr>
+        <tr>
+            <td>
+                Answer
+            </td>
+            <td>
+                <textarea name="answer"></textarea>
+            </td>
+        </tr>
+    </table>
+    <input type="submit" name="submit" value="Create" />
+</form>
\ No newline at end of file
diff --git a/templates/admin_faq_edit_form.html b/templates/admin_faq_edit_form.html
new file mode 100644
index 00000000..1ef791aa
--- /dev/null
+++ b/templates/admin_faq_edit_form.html
@@ -0,0 +1,41 @@
+Edit FAQ:
+<form action="%link%&action=save" method="post">
+    <table>
+        <tr>
+            <td>
+                Frage
+            </td>
+            <td>
+                <textarea name="frage">%frage%</textarea>
+            </td>
+        </tr>
+        <tr>
+            <td>
+                Antwort
+            </td>
+            <td>
+                <textarea name="antwort">%antwort%</textarea>
+            </td>
+        </tr>
+        <tr>
+            <td>
+                Question
+            </td>
+            <td>
+                <textarea name="question">%question%</textarea>
+            </td>
+        </tr>
+        <tr>
+            <td>
+                Answer
+            </td>
+            <td>
+                <textarea name="answer">%answer%</textarea>
+            </td>
+        </tr>
+    </table>
+    <input type="hidden" name="id" value="%id%" /><input type="submit" name="submit" value="Save" />
+</form><hr/>
+<form action="%link%&action=delete" method="post">
+    Delete FAQ: <input type="hidden" name="id" value="%id%" /><input type="submit" name="submit" value="Delete" />
+</form>
\ No newline at end of file
diff --git a/txt/TODO b/txt/TODO
index 14188a6f..5609482b 100644
--- a/txt/TODO
+++ b/txt/TODO
@@ -7,6 +7,7 @@
  * Privilegien korrigieren (an die vom CVS anpassen)
  * Beim Raum-Management die benötigten Engel anzeigen
  * Löschen nur mit Rückfrage
+ * FAQ ordentlich mehrsprachig machen
 
 * schichten ueber monatsgrenzen einbaue im moment werden die tage nur 
   hochgezaehlt und die monatzgrenzen werden ignoriert
diff --git a/www-ssl/admin/faq.1.php b/www-ssl/admin/faq.1.php
deleted file mode 100644
index 04dda6aa..00000000
--- a/www-ssl/admin/faq.1.php
+++ /dev/null
@@ -1,6 +0,0 @@
-<h4 class="menu"> Anfragen und FAQ </h4>
-
-<li><a href="faq.php?quest=all">Alle Anfragen</a></li>
-<li><a href="faq.php?quest=open">Offene Anfragen (<?php echo noAnswer(); ?>)</a></li>
-<li><a href="faq.php?quest=faq">FAQ-Liste editiern</a></li>
-
diff --git a/www-ssl/admin/faq.php b/www-ssl/admin/faq.php
deleted file mode 100644
index 779d8822..00000000
--- a/www-ssl/admin/faq.php
+++ /dev/null
@@ -1,271 +0,0 @@
-<?php
-require_once ('../bootstrap.php');
-
-$title = "Himmel";
-$header = "FAQ / Fragen an die Erzengel";
-$submenus = 1;
-include ("includes/header.php");
-include ("includes/funktion_db.php");
-
-//var init
-$quest_bearb = 0;
-
-if (IsSet ($_GET["quest"])) {
-
-	switch ($_GET["quest"]) {
-
-		// *---------------------------------------------------------------------------
-		// * Anfragen - Bearbeitung
-		// *---------------------------------------------------------------------------
-		// * je nach �bergabeoption ($quest) koennen Anfragen beantwortet werden oder
-		// * als FAQ uebergeben werden 
-		// *---------------------------------------------------------------------------
-
-		case "all" :
-			$SQL = "SELECT * FROM `Questions` ORDER BY QID DESC";
-?>
-  Alle Anfragen:<br />
-        <table  width="100%" class="border" cellpadding="2" cellspacing="1">
-                <tr class="contenttopic">
-      <th>Frage</th>
-      <th>Anfragender</th>
-                        <th>Beantwortet?</th>
-                        <th>Antwort</th>
-                        <th>Antwort von</th>
-      <th>change</th>
-                </tr>
-
-<?php
-
-
-			$Erg = mysql_query($SQL, $con);
-			// anzahl zeilen
-			$Zeilen = mysql_num_rows($Erg);
-			for ($n = 0; $n < $Zeilen; $n++) {
-				echo "<tr class=\"content\">\n";
-				echo "<td>" . mysql_result($Erg, $n, "Question") . "</td>\n";
-				echo "<td>" . UID2Nick(mysql_result($Erg, $n, "UID")) . "</td>\n";
-				echo "<td>";
-				if (mysql_result($Erg, $n, "AID") > 0) {
-					echo "Ja</td>\n";
-					echo "<td>" . mysql_result($Erg, $n, "Answer") . "</td>\n";
-					echo "<td>" . UID2Nick(mysql_result($Erg, $n, "AID")) . "</td>\n";
-				} else {
-					echo "Nein</td>\n";
-					echo "<td>&nbsp;</td>\n";
-					echo "<td>&nbsp;</td>\n";
-				}
-				echo "<td><a href=\"faq.php?quest=edit&QID=" . mysql_result($Erg, $n, "QID") . "\">xxx</a></td>";
-				echo "</tr>\n";
-			}
-			echo "</table>\n";
-			break;
-
-		case "open" :
-			$SQL = "SELECT * FROM `Questions` WHERE `AID`='0' ORDER BY `QID` DESC";
-			$quest_bearb = 1; // Fragenliste anzeigen
-			echo "\t\tOffene Anfragen:<br />\n";
-			break;
-
-		case "edit" :
-			if (!IsSet ($_GET["QID"]))
-				echo "\t\tFehlerhafter Aufruf...<br />Bitte die Bearbeitung nochmals beginnen :)\n";
-			else {
-				$SQL = "SELECT * FROM `Questions` WHERE `QID`='" . $_GET["QID"] . "'";
-				$Erg = mysql_query($SQL, $con);
-				echo "\t\t<form action=\"./faq.php\" method=\"GET\">\n";
-				echo "\t\tAnfrage von <b>" . UID2NICK(mysql_result($Erg, 0, "UID")) . "</b>:<br />\n";
-				echo "\t\t<textarea name=\"Question\" rows=\"3\" cols=\"80\">" .
-				mysql_result($Erg, 0, "Question") . "</textarea>\n";
-				echo "<br /><br />Antwort der Erzengel:<br />\n";
-				if (mysql_result($Erg, 0, "Answer") == "")
-					echo "\t\t<textarea name=\"Answer\" rows=\"5\" cols=\"80\">" .
-					"Bitte hier die Antwort eintragen...</textarea><br />\n";
-				else
-					echo "\t\t<textarea name=\"Answer\" rows=\"5\" cols=\"80\">" .
-					mysql_result($Erg, 0, "Answer") . "</textarea>\n<br />\n";
-				echo "\t\t<input type=\"hidden\" name=\"QID\" value=\"" . $_GET["QID"] . "\">\n";
-				echo "\t\t<input type=\"hidden\" name=\"quest\" value=\"save\">\n";
-				echo "\t\t<input type=\"submit\" value=\"Sichern...\">\n";
-				echo "\t</form>\n";
-				if (mysql_result($Erg, 0, "AID") <> "0") {
-					echo "\tDu kannst diese Anfrage so wie sie ist, als Engel-FAQ eintrag &uuml;bernehmen.<br />\n";
-					echo "<a href=\"./faq.php?quest=transfer&QID=" . $_GET["QID"] . "\">Als FAQ-Eintrag sichern...</a>\n";
-				}
-			} // Abfrage der QID
-			break;
-
-		case "save" :
-			if (!IsSet ($_GET["QID"]))
-				echo "\tFehlerhafter Aufruf... Bitte die Bearbeitung nochmal starten...";
-			else {
-				$SQL = "UPDATE `Questions` SET `Question`='" . $_GET["Question"] .
-				"', `AID`='" . $_SESSION['UID'] . "' , `Answer`='" . $_GET["Answer"] . "' " .
-				"WHERE `QID`='" . $_GET["QID"] . "' LIMIT 1";
-				$Erg = db_query($SQL, "save Question");
-				if ($Erg == 1) {
-					echo "\tDer Eintrag wurde ge&auml;ndert<br />\n";
-					SetHeaderGo2Back();
-				} else
-					echo "\tEin Fehler ist aufgetreten. Sorry, du kannst es aber ja nochmal probieren :)\n";
-			}
-			break;
-
-		case "transfer" :
-			if (!IsSet ($_GET["QID"]))
-				echo "\tFehlerhafter Aufruf... Bitte die Bearbeitung nochmal starten...\n";
-			else {
-				$SQL1 = "SELECT * FROM `Questions` WHERE `QID`='" . $_GET["QID"] . "'";
-				$Erg = mysql_query($SQL1, $con);
-				$SQL2 = "INSERT INTO `FAQ` Values ('', '" .
-				mysql_result($Erg, 0, "Question") . "', '" . mysql_result($Erg, 0, "Answer") . "')";
-				$Erg = db_query($SQL2, "trasfert to request to the FAQ");
-				if ($Erg == 1)
-					echo "\tDer Eintrag wurde &uuml;bertragen.<br />\n";
-				else
-					echo "\tEin Fehler ist aufgetreten. Sorry, du kannst es aber ja nochmal probieren :)\n";
-			}
-
-			break;
-
-			// *---------------------------------------------------------------------------
-			// * FAQ - Bearbeitung
-			// *---------------------------------------------------------------------------
-			// * je nach �bergabeoption ($quest) koennen FAQ's erfasst werden,
-			// * geaendert oder geloscht werden...
-			// *---------------------------------------------------------------------------
-		case "faq" :
-			$quest_bearb = 0; // keine Fragenliste anzeigen, FAQ editieren...
-			echo "\tFAQ-Liste:<br />";
-			echo "<a href=\"./faq.php?quest=faqnew\">Neuen Eintrag</a>";
-
-			$SQL = "SELECT * FROM `FAQ`";
-			$Erg = mysql_query($SQL, $con);
-
-			// anzahl zeilen
-			$Zeilen = mysql_num_rows($Erg);
-
-			for ($n = 0; $n < $Zeilen; $n++)
-				if (mysql_result($Erg, $n, "Antwort") != "") {
-					echo "\t<p class=\"question\">" . mysql_result($Erg, $n, "Frage") . "</p>\n";
-					echo "\t<p class=\"answetion\">" . mysql_result($Erg, $n, "Antwort") . "</p>\n";
-					echo "\t<a href=\"./faq.php?quest=faqedit&FAQID=" . mysql_result($Erg, $n, "FID") .
-					"\">Bearbeiten</a>\n<br />---<br />\n";
-				}
-			break;
-
-		case "faqedit" :
-			if (!IsSet ($_GET["FAQID"]))
-				echo "\tFehlerhafter Aufruf...<br />Bitte die Bearbeitung nochmals beginnen :)\n";
-			else {
-				$SQL = "SELECT * FROM `FAQ` WHERE `FID`='" . $_GET["FAQID"] . "'";
-				$Erg = mysql_query($SQL, $con);
-
-				// anzahl zeilen
-				$Zeilen = mysql_num_rows($Erg);
-?>
-  <form action="./faq.php" method="GET">
-    Frage:<br />
-  <textarea name="Frage" rows="3" cols="80"><?php echo mysql_result($Erg, 0, "Frage"); ?></textarea>
-  <br /><br />
-  Antwort:<br />
-  <textarea name="Antwort" rows="5" cols="80"><?php echo mysql_result($Erg, 0, "Antwort"); ?></textarea><br />
-  <input type="hidden" name="FAQID" value="<?php echo $_GET["FAQID"]; ?>">
-  <input type="hidden" name="quest" value="faqsave">
-  <input type="submit" value="Sichern...">
-  </form>
-  <form action="./faq.php">  
-        <input type="hidden" name="FAQID" value="<?php echo $_GET["FAQID"]; ?>">
-        <input type="hidden" name="quest" value="faqdelete">
-        <input type="submit" value="L&ouml;schen...">
-  </form>
-<?php
-
-
-			}
-			break;
-
-		case "faqdelete";
-			if (!IsSet ($_GET["FAQID"]))
-				echo "\tFehlerhafter Aufruf... Bitte die Bearbeitung nochmal starten...\n";
-			else {
-				$SQL = "DELETE FROM `FAQ` WHERE `FID`='" . $_GET["FAQID"] . "' LIMIT 1";
-				$Erg = db_query($SQL, "delate faq item");
-				if ($Erg == 1)
-					echo "\tDer Eintrag wurde gel&ouml;scht<br />\n";
-				else
-					echo "\tEin Fehler ist aufgetreten. Ist der Eintag bereits gel&ouml;scht gewesen?\n";
-			}
-			break;
-
-		case "faqsave";
-			if (!IsSet ($_GET["FAQID"]))
-				echo "\tFehlerhafter Aufruf... Bitte die Bearbeitung nochmal starten...\n";
-			else {
-				$SQL = "UPDATE `FAQ` SET `Frage`='" . $_GET["Frage"] . "', `Antwort`='" . $_GET["Antwort"] .
-				"' WHERE `FID`='" . $_GET["FAQID"] . "' LIMIT 1";
-				$Erg = db_query($SQL, $con);
-				if ($Erg == 1)
-					echo "\tDer Eintrag wurde ge&auml;ndert<br />\n";
-				else
-					echo "\tEin Fehler ist aufgetreten. Sorry, du kannst es aber ja nochmal probieren :)\n";
-			}
-			break;
-
-		case "faqnew" :
-?>
-  <form action="./faq.php" method="GET">
-        Frage:<br />
-        <textarea name="Frage" rows="3" cols="80">Frage...</textarea><br /><br />
-        Antwort:<br />
-  <textarea name="Antwort" rows="5" cols="80">Antwort</textarea><br />
-        <input type="hidden" name="quest" value="faqnewsave">
-        <input type="submit" value="Sichern...">
-        </form>
-<?php
-
-
-			break;
-
-		case "faqnewsave";
-			$SQL = "INSERT INTO `FAQ` VALUES ('', '" . $_GET["Frage"] . "', '" . $_GET["Antwort"] . "')";
-			$Erg = db_query($SQL, "Save new FAQ entry");
-			if ($Erg == 1)
-				echo "\tDer Eintrag wurde erfasst.<br />\n";
-			else
-				echo "\tEin Fehler ist aufgetreten. Sorry, du kannst es aber ja nochmal probieren :)\n";
-			break;
-
-	} //switch ($_GET["quest"])
-
-	// Hilfsroutine f�r die Anfragen:
-	// Fragenliste anzeigen???
-	if ($quest_bearb == 1) {
-		$Erg = mysql_query($SQL, $con);
-		// anzahl zeilen
-		$Zeilen = mysql_num_rows($Erg);
-
-		if ($Zeilen == 0)
-			echo "\tkeine vorhanden...\n";
-		else
-			for ($n = 0; $n < $Zeilen; $n++) {
-				echo "\t<p>" . nl2br(mysql_result($Erg, $n, "Question")) . "\n</p><br />\n";
-				echo "\t<a href=\"./faq.php?quest=edit&QID=" . mysql_result($Erg, $n, "QID") . "\">Bearbeiten</a>\n";
-				echo "<br />---<br />\n";
-			}
-
-	}
-
-} //if (IsSet($_GET["quest"]))
-else {
-	echo "Bitte w&auml;hle aus, ob du:\n";
-	echo "<ul>\n";
-	echo "\t<li><a href=\"./faq.php?quest=all\">Alle Anfragen anzeigen/bearbeiten m&ouml;chtest</a></li>\n";
-	echo "\t<li><a href=\"./faq.php?quest=open\">Alle offenen Anfragen anzeigen/bearbeiten m&ouml;chtest (" .
-	noAnswer() . ")</a></li>\n";
-	echo "\t<li><a href=\"./faq.php?quest=faq\">Die FAQ's anzeigen/bearbeiten</a></li>\n";
-	echo "</ul>\n";
-}
-
-include ("includes/footer.php");
-?>
diff --git a/www-ssl/css/base.css b/www-ssl/css/base.css
index bfe050a5..44e1959c 100644
--- a/www-ssl/css/base.css
+++ b/www-ssl/css/base.css
@@ -109,6 +109,11 @@ td, th {
 	border: 1px solid #888;
 }
 
+textarea {
+	height: 200px;
+	width: 300px;
+}
+
 .background {
     background: #f0f0f0;
 }
diff --git a/www-ssl/index.php b/www-ssl/index.php
index d722de32..8ad025aa 100644
--- a/www-ssl/index.php
+++ b/www-ssl/index.php
@@ -73,6 +73,10 @@ if (in_array($p, $privileges)) {
 	elseif ($p == "admin_groups") {
 		require_once ('includes/pages/admin_groups.php');
 		$content = admin_groups();
+	} 
+	elseif ($p == "admin_faq") {
+		require_once ('includes/pages/admin_faq.php');
+		$content = admin_faq();
 	} else {
 		require_once ('includes/pages/guest_start.php');
 		$content = guest_start();
diff --git a/www-ssl/nonpublic/faq.php b/www-ssl/nonpublic/faq.php
deleted file mode 100644
index fcc17158..00000000
--- a/www-ssl/nonpublic/faq.php
+++ /dev/null
@@ -1,73 +0,0 @@
-<?php
-require_once ('../bootstrap.php');
-
-$title = "Himmel";
-$header = "FAQ / Fragen an die Erzengel";
-include "includes/header.php";
-
-// Erstaufruf, oder Frage bereits abgeschickt?
-if (!isset ($_POST["eUID"])) {
-	Print_Text(35);
-?>
-<br /><br />
-<form action="./faq.php" method="POST">
-  <input type="hidden" name="eUID" value="<?php echo $_SESSION['UID']; ?>">
-  <textarea name="frage"  cols="40" rows="10"><?php Print_Text(36); ?></textarea><br /><br />
-  <input type="submit" value="<?php Print_Text("save"); ?>">
-</form>
-<?php
-
-
-} else {
-	// Auswertung d. Formular-Daten:
-
-	echo "<b>" . Get_Text(37) . "</b><br /><br />\n" . nl2br($_POST["frage"]) . "<br /><br />\n" . Get_Text(38) . "<br />\n";
-
-	$SQL = "INSERT INTO `Questions` VALUES ('', '" . $_SESSION['UID'] . "', '" . $_POST["frage"] . "', '', '')";
-	$Erg = mysql_query($SQL, $con);
-
-}
-// Bisherige Anfragen:
-echo "<br />\n<b>" . Get_Text(39) . "</b><br />\n";
-echo "<hr width=\"99%\">\n";
-echo "<br /><b>" . Get_Text(40) . "</b><br />\n";
-
-$SQL = "SELECT * FROM `Questions` WHERE `UID` = " . $_SESSION['UID'] . " AND `AID`='0' ORDER BY 'QID' DESC";
-$Erg = mysql_query($SQL, $con);
-
-// anzahl zeilen
-$Zeilen = mysql_num_rows($Erg);
-
-if ($Zeilen == 0) {
-	Print_Text(41);
-
-} else {
-	for ($n = 0; $n < $Zeilen; $n++) {
-		echo "<p class='question'>" . nl2br(mysql_result($Erg, $n, "Question")) . "<br />\n";
-		// Es gibt ja noch keine Antwort:
-		//    echo "<p class='answer'>".nl2br(mysql_result($Erg, $n, "Answer"))."</p>\n";
-		echo "\n<br />---<br />";
-	}
-}
-
-echo "<hr width=\"99%\">\n";
-echo "<br /><b>" . Get_Text(42) . "</b><br />\n";
-$SQL = "SELECT * FROM `Questions` WHERE `UID`='" . $_SESSION['UID'] . "' and `AID`<>'0' ORDER BY 'QID' DESC";
-$Erg = mysql_query($SQL, $con);
-
-// anzahl zeilen
-$Zeilen = mysql_num_rows($Erg);
-
-if ($Zeilen == 0) {
-	Print_Text(41);
-} else {
-	for ($n = 0; $n < $Zeilen; $n++) {
-		echo "<p class='question'>" . nl2br(mysql_result($Erg, $n, "Question")) . "<br />\n";
-		echo "<p class='answer'>" . nl2br(mysql_result($Erg, $n, "Answer")) .
-		"@" . UID2Nick(mysql_result($Erg, $n, "AID")) . "\n";
-		echo "\n<br />---<br />";
-	}
-}
-
-include ("includes/footer.php");
-?>
-- 
cgit v1.2.3-54-g00ecf


From d5d3db847e5202d2e0cc52881c5ecb970f2c7b98 Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Fri, 3 Jun 2011 01:40:25 +0200
Subject: cleanup, preparation

---
 includes/sys_menu.php |  4 ++++
 txt/TODO              | 12 ++++++++++++
 2 files changed, 16 insertions(+)

(limited to 'txt/TODO')

diff --git a/includes/sys_menu.php b/includes/sys_menu.php
index ca34ee6c..2a05fdb4 100644
--- a/includes/sys_menu.php
+++ b/includes/sys_menu.php
@@ -22,6 +22,8 @@ function make_navigation() {
 	// Engel Navigation
 	$menu .= make_navigation_for(Get_Text('inc_schicht_engel'), array (
 		"news",
+		"user_myshifts",
+		"user_shifts",
 		"user_messages",
 		"user_questions",
 		"user_settings"
@@ -29,8 +31,10 @@ function make_navigation() {
 
 	// Admin Navigation
 	$menu .= make_navigation_for(Get_Text('admin/'), array (
+		"admin_usershifts",
 		"admin_questions",
 		"admin_angel_types",
+		"admin_shifts",
 		"admin_rooms",
 		"admin_groups",
 		"admin_faq"
diff --git a/txt/TODO b/txt/TODO
index 5609482b..cebcb0de 100644
--- a/txt/TODO
+++ b/txt/TODO
@@ -1,3 +1,15 @@
+jetzt:
+ * news kommentieren
+ * news administrieren
+ * user administrieren
+ * schichtimport
+ * schichtadministration
+ * meine schichten
+ * schichten
+ * meetings
+ * weckservice?
+
+später:
  * MD5-Passwörter mit Salt speichern
  * Passwort-Mindestanforderungen stellen
  * User-Avatare (code liegt auskommentiert in user_settings.php)
-- 
cgit v1.2.3-54-g00ecf


From 91f6e7bbaf7c9ed8820fea59e041c8fa17bcea91 Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Fri, 3 Jun 2011 05:12:50 +0200
Subject: news refined

---
 DB/db_rewrite.sql            |  76 ++++++++++-------
 includes/pages/user_news.php | 197 +++++++++++++++++++++++++------------------
 includes/sys_user.php        |   6 +-
 txt/TODO                     |   2 +-
 www-ssl/css/base.css         |  73 ++++++++++++----
 www-ssl/index.php            |   4 +
 6 files changed, 224 insertions(+), 134 deletions(-)

(limited to 'txt/TODO')

diff --git a/DB/db_rewrite.sql b/DB/db_rewrite.sql
index fa31c6f8..b85f04c9 100644
--- a/DB/db_rewrite.sql
+++ b/DB/db_rewrite.sql
@@ -3,7 +3,7 @@
 -- http://www.phpmyadmin.net
 --
 -- Host: localhost
--- Erstellungszeit: 02. Juni 2011 um 23:02
+-- Erstellungszeit: 03. Juni 2011 um 03:12
 -- Server Version: 5.1.44
 -- PHP-Version: 5.3.1
 
@@ -71,21 +71,23 @@ CREATE TABLE IF NOT EXISTS `Counter` (
 --
 
 INSERT INTO `Counter` (`URL`, `Anz`) VALUES
-('news', 80),
-('login', 24),
+('news', 164),
+('login', 26),
 ('logout', 13),
-('start', 25),
-('faq', 16),
+('start', 26),
+('faq', 18),
 ('credits', 3),
 ('register', 3),
-('admin_rooms', 70),
-('admin_angel_types', 69),
-('user_settings', 116),
-('user_messages', 111),
-('admin_groups', 104),
-('user_questions', 54),
-('admin_questions', 41),
-('admin_faq', 53);
+('admin_rooms', 75),
+('admin_angel_types', 70),
+('user_settings', 125),
+('user_messages', 112),
+('admin_groups', 114),
+('user_questions', 55),
+('admin_questions', 42),
+('admin_faq', 55),
+('admin_news', 2),
+('news_comments', 144);
 
 -- --------------------------------------------------------
 
@@ -131,25 +133,27 @@ CREATE TABLE IF NOT EXISTS `GroupPrivileges` (
   `privilege_id` int(11) NOT NULL,
   PRIMARY KEY (`id`),
   KEY `group_id` (`group_id`,`privilege_id`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=40 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=51 ;
 
 --
 -- Daten für Tabelle `GroupPrivileges`
 --
 
 INSERT INTO `GroupPrivileges` (`id`, `group_id`, `privilege_id`) VALUES
-(32, -2, 8),
+(42, -2, 15),
 (24, -1, 5),
-(31, -2, 11),
-(30, -2, 9),
+(40, -2, 4),
+(41, -2, 3),
 (23, -1, 2),
-(36, -4, 7),
-(37, -4, 13),
-(29, -2, 3),
-(28, -2, 4),
+(48, -4, 14),
+(46, -4, 7),
+(44, -2, 11),
+(43, -2, 9),
 (12, -5, 10),
-(38, -4, 12),
-(39, -4, 6);
+(47, -4, 13),
+(49, -4, 12),
+(45, -2, 8),
+(50, -4, 6);
 
 -- --------------------------------------------------------
 
@@ -210,7 +214,7 @@ INSERT INTO `Messages` (`id`, `Datum`, `SUID`, `RUID`, `isRead`, `Text`) VALUES
 
 CREATE TABLE IF NOT EXISTS `News` (
   `ID` int(11) NOT NULL AUTO_INCREMENT,
-  `Datum` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
+  `Datum` int(11) NOT NULL,
   `Betreff` varchar(150) NOT NULL DEFAULT '',
   `Text` text NOT NULL,
   `UID` int(11) NOT NULL DEFAULT '0',
@@ -223,9 +227,9 @@ CREATE TABLE IF NOT EXISTS `News` (
 --
 
 INSERT INTO `News` (`ID`, `Datum`, `Betreff`, `Text`, `UID`, `Treffen`) VALUES
-(1, '2011-06-02 21:35:27', '', '', 1, 0),
-(2, '2011-06-02 21:36:57', '', '', 1, 0),
-(3, '2011-06-02 21:36:57', '', '', 1, 0);
+(1, 1307070566, 'asdf', 'asdf', 1, 0),
+(2, 1307070579, 'Achtung, Treffen!', 'Uiuiuiui.', 1, 0),
+(3, 1307070686, 'Achtung, Treffen!', 'Jojojo!', 1, 1);
 
 -- --------------------------------------------------------
 
@@ -241,12 +245,16 @@ CREATE TABLE IF NOT EXISTS `news_comments` (
   `UID` int(11) NOT NULL DEFAULT '0',
   PRIMARY KEY (`ID`),
   KEY `Refid` (`Refid`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=4 ;
 
 --
 -- Daten für Tabelle `news_comments`
 --
 
+INSERT INTO `news_comments` (`ID`, `Refid`, `Datum`, `Text`, `UID`) VALUES
+(1, 10, '2011-06-03 04:12:28', 'FOobar :)', 1),
+(2, 10, '2011-06-03 04:13:03', 'FOobar :)', 1),
+(3, 10, '2011-06-03 04:13:06', 'FOobar :)', 1);
 
 -- --------------------------------------------------------
 
@@ -260,7 +268,7 @@ CREATE TABLE IF NOT EXISTS `Privileges` (
   `desc` varchar(1024) NOT NULL,
   PRIMARY KEY (`id`),
   UNIQUE KEY `name` (`name`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=14 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=16 ;
 
 --
 -- Daten für Tabelle `Privileges`
@@ -279,7 +287,9 @@ INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES
 (10, 'admin_groups', 'Manage usergroups and their rights'),
 (11, 'user_questions', 'Let users ask questions'),
 (12, 'admin_questions', 'Answer user''s questions'),
-(13, 'admin_faq', 'Edit FAQs');
+(13, 'admin_faq', 'Edit FAQs'),
+(14, 'admin_news', 'Administrate the news section'),
+(15, 'news_comments', 'User can comment news');
 
 -- --------------------------------------------------------
 
@@ -1016,7 +1026,9 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES
 ('admin_questions', 'DE', 'Fragen beantworten'),
 ('admin_questions', 'EN', 'Answer questions'),
 ('admin_faq', 'DE', 'FAQs bearbeiten'),
-('admin_faq', 'EN', 'Edit FAQs');
+('admin_faq', 'EN', 'Edit FAQs'),
+('news_comments', 'DE', 'News Kommentare'),
+('news_comments', 'EN', 'News comments');
 
 -- --------------------------------------------------------
 
@@ -1059,7 +1071,7 @@ CREATE TABLE IF NOT EXISTS `User` (
 --
 
 INSERT INTO `User` (`UID`, `Nick`, `Name`, `Vorname`, `Alter`, `Telefon`, `DECT`, `Handy`, `email`, `ICQ`, `jabber`, `Size`, `Passwort`, `Gekommen`, `Aktiv`, `Tshirt`, `color`, `Sprache`, `Avatar`, `Menu`, `lastLogIn`, `CreateDate`, `Art`, `kommentar`, `Hometown`) VALUES
-(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307055685, '0000-00-00 00:00:00', '', '', ''),
+(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307070695, '0000-00-00 00:00:00', '', '', ''),
 (147, 'msquare', '', '', 23, '', '', '', 'msquare@notrademark.de', '', '', 'L', 'e10adc3949ba59abbe56e057f20f883e', 0, 0, 0, 6, 'EN', 0, 'L', 1307042703, '2011-06-02 00:55:09', '', '', '');
 
 -- --------------------------------------------------------
diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php
index 56c5bb68..34c346dd 100644
--- a/includes/pages/user_news.php
+++ b/includes/pages/user_news.php
@@ -1,108 +1,139 @@
 <?php
-function user_news() {
-	return "<a href=\"#Neu\">" . Get_Text(3) . "</a>" . user_news_output();
+function display_news($news) {
+	global $privileges, $p;
+
+	$html .= "";
+	$html .= '<article class="news' . ($news['Treffen'] == 1 ? ' meeting' : '') . '">';
+	$html .= '<details>';
+	$html .= date("Y-m-d H:i",$news['Datum']) . ', ';
+	$html .= UID2Nick($news['UID']);
+	if ($p != "news_comments")
+		$html .= ', <a href="' . page_link_to("news_comments") . '&nid=' . $news['ID'] . '">Kommentare (' . sql_num_query("SELECT * FROM `news_comments` WHERE `Refid`='" . sql_escape($news['ID']) . "'") . ') &raquo;</a>';
+	$html .= '</details>';
+	$html .= '<h3>'.($news['Treffen'] == 1 ? '[Meeting] ' : '') . ReplaceSmilies($news['Betreff']) . '</h3>';
+	$html .= '<p>' . ReplaceSmilies(nl2br($news['Text'])) . '</p>';
+	if (in_array("admin_news", $privileges))
+		$html .= "<details><a href=\"" . page_link_to("admin_news") . "&action=edit&id=" . $news['ID'] . "\">Edit</a></details>\n";
+
+	$html .= '</article>';
+	return $html;
 }
 
-function user_news_output() {
-	global $DISPLAY_NEWS, $privileges;
-	
+function user_news_comments() {
+	global $user;
+
 	$html = "";
+	if (isset ($_REQUEST["nid"]) && preg_match("/^[0-9]{1,}$/", $_REQUEST['nid']) && sql_num_query("SELECT * FROM `News` WHERE `ID`=" . sql_escape($_REQUEST['nid']) . " LIMIT 1") > 0) {
+		$nid = $_REQUEST["nid"];
+		list ($news) = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($_REQUEST['nid']) . " LIMIT 1");
+		if (isset ($_REQUEST["text"])) {
+			$text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
+			sql_query("INSERT INTO `news_comments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')");
+			$html .= success("Eintrag wurde gespeichert");
+		}
 
-	if (isset ($_POST["text"]) && isset ($_POST["betreff"]) && IsSet ($_POST["date"])) {
-		if (!isset ($_POST["treffen"]))
-			$_POST["treffen"] = 0;
-		$SQL = "INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " .
-		"VALUES ('" . sql_escape($_POST["date"]) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($_SESSION['uid']) .
-		"', '" . sql_escape($_POST["treffen"]) . "');";
-		$Erg = sql_query($SQL);
-		if ($Erg == 1)
-			$html .= Get_Text(4);
-	}
+		$html .= '<a href="' . page_link_to("news") . '">&laquo; Back</a>';
+		$html .= display_news($news);
 
-	if (!IsSet ($_GET["news_begin"]))
-		$_GET["news_begin"] = 0;
+		$html .= '<h2>Comments</h2>';
+
+		$comments = sql_select("SELECT * FROM `news_comments` WHERE `Refid`='" . $nid . "' ORDER BY 'ID'");
+		foreach ($comments as $comment) {
+			$html .= '<article class="news_comment">';
+			$html .= DisplayAvatar($comment['UID']);
+			$html .= '<details>';
+			$html .= $comment['Datum'] . ', ';
+			$html .= UID2Nick($comment['UID']);
+			$html .= '</details>';
+			$html .= '<p>' . nl2br($comment['Text']) . '</p>';
+			$html .= '</article>';
+		}
 
-	if (!IsSet ($_GET["DISPLAY_NEWS"]))
-		$_GET["DISPLAY_NEWS"] = 5;
+		$html .= "</table>";
+		$html .= '
+					<br />
+					<hr>
+					<h2>Neuer Kommentar:</h2>
+					<a name="Neu">&nbsp;</a>
+					
+					<form action="' . page_link_to("news_comments") . '" method="post">
+					<input type="hidden" name="nid" value="' . $_REQUEST["nid"] . '">
+					<table>
+					 <tr>
+					  <td align="right" valign="top">Text:</td>
+					  <td><textarea name="text" cols="50" rows="10"></textarea></td>
+					 </tr>
+					</table>
+					<br />
+					<input type="submit" value="sichern...">
+					</form>';
+	} else {
+		$html .= "Fehlerhafter Aufruf!";
+	}
 
-	$SQL = "SELECT * FROM `News` ORDER BY `ID` DESC LIMIT " . intval($_GET["news_begin"]) . ", " . intval($_GET["DISPLAY_NEWS"]);
-	$Erg = sql_query($SQL);
+	return $html;
+}
 
-	// anzahl zeilen
-	$news_rows = mysql_num_rows($Erg);
+function user_news() {
+	global $DISPLAY_NEWS, $privileges, $user;
 
-	for ($n = 0; $n < $news_rows; $n++) {
+	$html = "";
 
-		if (mysql_result($Erg, $n, "Treffen") == 0)
-			$html .= "<p class='question'>";
-		else
-			$html .= "<p class='engeltreffen'>";
-
-		$html .= "<u>" . ReplaceSmilies(mysql_result($Erg, $n, "Betreff")) . "</u>\n";
-
-		// Schow Admin Page
-		if ($_SESSION['CVS']["admin/news.php"] == "Y")
-			$html .= " <a href=\"./../admin/news.php?action=change&date=" . mysql_result($Erg, $n, "Datum") . "\">[edit]</a><br />\n\t\t";
-
-		$html .= "<br />&nbsp; &nbsp;<font size=1>" . mysql_result($Erg, $n, "Datum") . ", ";
-		$html .= UID2Nick(mysql_result($Erg, $n, "UID")) . "</font>";
-		// avatar anzeigen?
-		$html .= DisplayAvatar(mysql_result($Erg, $n, "UID"));
-		$html .= "</p>\n";
-		$html .= "<p class='answer'>" . ReplaceSmilies(nl2br(mysql_result($Erg, $n, "Text"))) . "</p>\n";
-		$RefID = mysql_result($Erg, $n, "ID");
-		$countSQL = "SELECT COUNT(*) FROM `news_comments` WHERE `Refid`='$RefID'";
-		$countErg = sql_query($countSQL);
-		$countcom = mysql_result($countErg, 0, "COUNT(*)");
-		$html .= "<p class='comment' align='right'><a href=\"./news_comments.php?nid=$RefID\">$countcom comments</a></p>\n\n";
+	if (isset ($_POST["text"]) && isset ($_POST["betreff"])) {
+		if (!isset ($_POST["treffen"]) || !in_array("admin_news", $privileges))
+			$_POST["treffen"] = 0;
+		sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " .
+		"VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) .
+		"', '" . sql_escape($_POST["treffen"]) . "');");
+		$html .= success(Get_Text(4));
 	}
 
-	$html .= "<div align=\"center\">\n\n";
-	$rowerg = sql_query("SELECT * FROM `News`");
-	$rows = mysql_num_rows($rowerg);
-	$dis_rows = round(($rows / $DISPLAY_NEWS) + 0.5);
+	if (isset ($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page']))
+		$page = $_REQUEST['page'];
+	else
+		$page = 0;
+
+	$news = sql_select("SELECT * FROM `News` ORDER BY `ID` DESC LIMIT " . ($page * $DISPLAY_NEWS) . ", " . $DISPLAY_NEWS);
+	foreach ($news as $entry)
+		$html .= display_news($entry);
+
+	$html .= "<div class=\"pagination\">\n\n";
+	$dis_rows = ceil(sql_num_query("SELECT * FROM `News`") / $DISPLAY_NEWS);
 
 	$html .= Get_Text(5);
 
-	for ($i = 1; $i <= $dis_rows; $i++) {
-		if (!((($i * $DISPLAY_NEWS) - $_GET["news_begin"]) == $DISPLAY_NEWS)) {
-			$html .= '<a href="' . page_link_to("news") . '&news_begin=' . (($i * $DISPLAY_NEWS) - $DISPLAY_NEWS -1) . '">' . $i . '</a>&nbsp; ';
-		} else {
-			$html .= "$i&nbsp; ";
-		}
+	for ($i = 0; $i < $dis_rows; $i++) {
+		if ($i == $_REQUEST['page'])
+			$html .= ($i +1) . "&nbsp; ";
+		else
+			$html .= '<a href="' . page_link_to("news") . '&page=' . $i . '">' . ($i +1) . '</a>&nbsp; ';
 	}
 	$html .= '</div>
-					<br /><hr />
-					<h2>' . Get_Text(6) . '</h2>
-					<a name="Neu">&nbsp;</a>
-					
-					<form action="" method="post">
-					<?PHP
-					
-						// Datum mit uebergeben, um doppelte Eintraege zu verhindern 
-						// (Reload nach dem Eintragen!)
-					?>
-					<input type="hidden" name="date" value="' . date("Y-m-d H:i:s") . '">
-					<table>
-					 <tr>
-					  <td align="right">' . Get_Text(7) . '</td>
-					  <td><input type="text" name="betreff" size="60"></td>
-					 </tr>
-					 <tr>
-					  <td align="right">' . Get_Text(8) . '</td>
-					  <td><textarea name="text" cols="50" rows="10"></textarea></td>
-					 </tr>';
-	if (in_array('news_add_meeting', $privileges)) {
+			<br /><hr />
+			<h2>' . Get_Text(6) . '</h2>
+			<a name="Neu">&nbsp;</a>
+			
+			<form action="" method="post">
+			<table>
+			 <tr>
+			  <td align="right">' . Get_Text(7) . '</td>
+			  <td><input type="text" name="betreff" size="60"></td>
+			 </tr>
+			 <tr>
+			  <td align="right">' . Get_Text(8) . '</td>
+			  <td><textarea name="text" cols="50" rows="10"></textarea></td>
+			 </tr>';
+	if (in_array('admin_news', $privileges)) {
 		$html .= ' <tr>
-										  <td align="right">' . Get_Text(9) . '</td>
-										  <td><input type="checkbox" name="treffen" size="1" value="1"></td>
-										 </tr>';
+		  <td align="right">' . Get_Text(9) . '</td>
+		  <td><input type="checkbox" name="treffen" size="1" value="1"></td>
+		 </tr>';
 
 	}
 	$html .= '</table>
-					<br />
-					<input type="submit" value="' . Get_Text("save") . '">
-					</form>';
+		<br />
+		<input type="submit" value="' . Get_Text("save") . '">
+		</form>';
 	return $html;
 }
 ?>
\ No newline at end of file
diff --git a/includes/sys_user.php b/includes/sys_user.php
index 6274003d..5dcf3f1f 100644
--- a/includes/sys_user.php
+++ b/includes/sys_user.php
@@ -75,9 +75,9 @@ function displayPictur($UID, $height = "30") {
 	global $url, $ENGEL_ROOT;
 
 	if ($height > 0)
-		return ("<img src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" height=\"$height\" alt=\"picture of USER$UID\" class=\"photo\">");
+		return ("<div class=\"avatar\"><img src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" height=\"$height\" alt=\"picture of USER$UID\" class=\"photo\"></div>");
 	else
-		return ("<img src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" alt=\"picture of USER$UID\">");
+		return ("<div class=\"avatar\"><img class=\"avatar\" src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" alt=\"picture of USER$UID\"></div>");
 }
 
 function displayavatar($UID, $height = "30") {
@@ -92,7 +92,7 @@ function displayavatar($UID, $height = "30") {
 
 	if (mysql_num_rows($aerg))
 		if (mysql_result($aerg, 0, "Avatar") > 0)
-			return ("&nbsp;<img src=\"" . $url . $ENGEL_ROOT . "pic/avatar/avatar" . mysql_result($aerg, 0, "Avatar") . ".gif\">");
+			return'<div class="avatar">'. ("&nbsp;<img src=\"" . $url . $ENGEL_ROOT . "pic/avatar/avatar" . mysql_result($aerg, 0, "Avatar") . ".gif\">").'</div>';
 }
 
 function UIDgekommen($UID) {
diff --git a/txt/TODO b/txt/TODO
index cebcb0de..fb1b3098 100644
--- a/txt/TODO
+++ b/txt/TODO
@@ -10,12 +10,12 @@ jetzt:
  * weckservice?
 
 später:
+ * Zurück-/Backlinks setzen
  * MD5-Passwörter mit Salt speichern
  * Passwort-Mindestanforderungen stellen
  * User-Avatare (code liegt auskommentiert in user_settings.php)
  * user_messages schön machen
  * Formulare weg von Tabellen
- * user_news lässt sich nicht bedienen (POST ohne redirects...)
  * Privilegien korrigieren (an die vom CVS anpassen)
  * Beim Raum-Management die benötigten Engel anzeigen
  * Löschen nur mit Rückfrage
diff --git a/www-ssl/css/base.css b/www-ssl/css/base.css
index 44e1959c..0a137099 100644
--- a/www-ssl/css/base.css
+++ b/www-ssl/css/base.css
@@ -15,6 +15,12 @@ header {
     width: 100%;
 }
 
+article, details {
+    clear: none;
+    display: block;
+    float: none;
+}
+
 footer {
     clear: both;
     display: block;
@@ -64,13 +70,13 @@ dd {
     margin-left: 20px;
 }
 
-h1, h4 {
+h1, h2, h3, h4 {
     font-size: 16px;
     padding: 0 4px;
 }
 
 hr {
-	margin: 10px 0;
+    margin: 10px 0;
 }
 
 ul {
@@ -81,7 +87,7 @@ nav {
     margin: 0 10px 10px 0;
 }
 
-#content article {
+#content > article {
     padding: 10px;
 }
 
@@ -98,20 +104,28 @@ a.sprache img {
 }
 
 table {
-	border-collapse: collapse;
+    border-collapse: collapse;
 }
 
 th {
-	background: #f0f0f0;
+    background: #f0f0f0;
 }
 
 td, th {
-	border: 1px solid #888;
+    border: 1px solid #888;
 }
 
 textarea {
-	height: 200px;
-	width: 300px;
+    height: 200px;
+    width: 300px;
+}
+
+.clear {
+    clear: both;
+}
+
+.pagination {
+    text-align: center;
 }
 
 .background {
@@ -127,20 +141,49 @@ textarea {
 }
 
 .error {
-	color: #f00;
+    color: #f00;
 }
 
 .success {
-	color: #090;
+    color: #090;
 }
 
 .notice {
-	background: #f0f0f0;
-	border: 2px solid #888;
-	margin: 10px;
-	padding: 10px;
+    background: #f0f0f0;
+    border: 2px solid #888;
+    margin: 10px;
+    padding: 10px;
 }
 
 .new_message {
-	font-weight: bold;
+    font-weight: bold;
+}
+
+.news_comment, .news {
+    border: 1px solid #888;
+    margin: 10px 0;
+}
+
+.news_comment details, .news details {
+    background: #f0f0f0;
+    padding: 4px;
+}
+
+.news_comment p, .news p, h3 {
+    padding: 4px;
+}
+
+.news_comment p, .news_comment details {
+    margin-left: 72px;
+}
+
+.avatar {
+    float: left;
+    margin: 4px;
+    max-width: 64px;
+}
+
+.news.meeting {
+    border: 1px solid #000;
+    box-shadow: 1px 1px 5px #888;
 }
diff --git a/www-ssl/index.php b/www-ssl/index.php
index 8ad025aa..9524459a 100644
--- a/www-ssl/index.php
+++ b/www-ssl/index.php
@@ -36,6 +36,10 @@ if (in_array($p, $privileges)) {
 		require_once ('includes/pages/user_news.php');
 		$content = user_news();
 	}
+	elseif ($p == "news_comments") {
+		require_once ('includes/pages/user_news.php');
+		$content = user_news_comments();
+	}
 	elseif ($p == "user_messages") {
 		$content = user_messages();
 	}
-- 
cgit v1.2.3-54-g00ecf


From 9325d7a78adac2aeee96324fa23528f8110d198f Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Fri, 3 Jun 2011 05:21:11 +0200
Subject: news refined

---
 includes/pages/admin_rooms.php      | 11 ++---
 includes/pages/user_news.php        |  2 +-
 txt/TODO                            |  6 +--
 www-ssl/nonpublic/news_comments.php | 86 -------------------------------------
 4 files changed, 7 insertions(+), 98 deletions(-)
 delete mode 100644 www-ssl/nonpublic/news_comments.php

(limited to 'txt/TODO')

diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php
index 6695d6a9..be54b8ea 100644
--- a/includes/pages/admin_rooms.php
+++ b/includes/pages/admin_rooms.php
@@ -9,8 +9,6 @@ function admin_rooms() {
 		",<br />\nhier hast du die M&ouml;glichkeit, neue R&auml;ume f&uuml;r die Schichtpl&auml;ne einzutragen " .
 		"oder vorhandene abzu&auml;ndern:<br /><br />\n";
 
-		$html .= "<a href=\"" . page_link_to("admin_rooms") . "&action=new\">Neuen Raum/Ort eintragen</a><br />\n";
-
 		// Räume auflisten
 		if (count($rooms) > 0) {
 			$html .= '<table><thead><tr>';
@@ -20,9 +18,7 @@ function admin_rooms() {
 
 			// Tabellenüberschriften generieren
 			foreach ($rooms[0] as $attr => $tmp)
-				if ($attr == 'RID')
-					$html .= '<th>Anzahl: ' . count($rooms) . '</th>';
-				else
+				if ($attr != 'RID')
 					$html .= '<th>' . $attr . '</th>';
 			$html .= '<th>&nbsp;</th>';
 			$html .= '</tr></thead><tbody>';
@@ -30,9 +26,7 @@ function admin_rooms() {
 			foreach ($rooms as $i => $room) {
 				$html .= '<tr>';
 				foreach ($room as $attr => $value)
-					if ($attr == 'RID')
-						$html .= '<td>' . ($i +1) . '</td>';
-					else
+					if ($attr != 'RID')
 						$html .= '<td>' . $value . '</td>';
 				$html .= '<td><a href="' . page_link_to("admin_rooms") . '&action=change&RID=' . $room['RID'] . '">Edit</a></td>';
 				$html .= '</tr>';
@@ -40,6 +34,7 @@ function admin_rooms() {
 
 			$html .= '</tbody></table>';
 		}
+		$html .= "<hr /><a href=\"" . page_link_to("admin_rooms") . "&action=new\">Neuen Raum/Ort eintragen</a><br />\n";
 	} else {
 		switch ($_REQUEST["action"]) {
 
diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php
index 34c346dd..7b4f9482 100644
--- a/includes/pages/user_news.php
+++ b/includes/pages/user_news.php
@@ -35,7 +35,7 @@ function user_news_comments() {
 		$html .= '<a href="' . page_link_to("news") . '">&laquo; Back</a>';
 		$html .= display_news($news);
 
-		$html .= '<h2>Comments</h2>';
+		$html .= '<h2>Kommentare</h2>';
 
 		$comments = sql_select("SELECT * FROM `news_comments` WHERE `Refid`='" . $nid . "' ORDER BY 'ID'");
 		foreach ($comments as $comment) {
diff --git a/txt/TODO b/txt/TODO
index fb1b3098..42684e23 100644
--- a/txt/TODO
+++ b/txt/TODO
@@ -1,5 +1,4 @@
 jetzt:
- * news kommentieren
  * news administrieren
  * user administrieren
  * schichtimport
@@ -14,12 +13,13 @@ später:
  * MD5-Passwörter mit Salt speichern
  * Passwort-Mindestanforderungen stellen
  * User-Avatare (code liegt auskommentiert in user_settings.php)
- * user_messages schön machen
+ * user_messages schön machen (dialogbasiert)
  * Formulare weg von Tabellen
  * Privilegien korrigieren (an die vom CVS anpassen)
- * Beim Raum-Management die benötigten Engel anzeigen
+ * (Beim Raum-Management die benötigten Engel anzeigen)
  * Löschen nur mit Rückfrage
  * FAQ ordentlich mehrsprachig machen
+ * Fertig übersetzen/Sprachwirrwarr beseitigen
 
 * schichten ueber monatsgrenzen einbaue im moment werden die tage nur 
   hochgezaehlt und die monatzgrenzen werden ignoriert
diff --git a/www-ssl/nonpublic/news_comments.php b/www-ssl/nonpublic/news_comments.php
deleted file mode 100644
index db95ec8c..00000000
--- a/www-ssl/nonpublic/news_comments.php
+++ /dev/null
@@ -1,86 +0,0 @@
-<?php
-require_once ('../bootstrap.php');
-
-$title = "Kommentare zu den News";
-$header = "Kommentar";
-include ("includes/header.php");
-
-if (isset ($_GET["nid"])) {
-	if (isset ($_GET["text"])) {
-		$ch_sql = "INSERT INTO `news_comments` (`Refid`, `Datum`, `Text`, `UID`) " .
-		"VALUES ('" . $_GET["nid"] . "', '" . date("Y-m-d H:i:s") . "', '" . $_GET["text"] . "', '" . $_SESSION["UID"] . "')";
-		$Erg = mysql_query($ch_sql, $con);
-
-		if ($Erg == 1) {
-			echo "Eintrag wurde gespeichert<br /><br />";
-			SetHeaderGo2Back();
-		}
-	}
-
-	$SQL = "SELECT * FROM `news_comments` WHERE `Refid`='" . $_GET["nid"] . "' ORDER BY 'ID'";
-	$Erg = mysql_query($SQL, $con);
-	echo mysql_error($con);
-
-	// anzahl zeilen
-	$news_rows = mysql_num_rows($Erg);
-?>
-
-<table border="0" width="100%" class="border" cellpadding="2" cellspacing="1">
-  <tr class="contenttopic">
-    <th width=100 align="left">Datum</th>
-    <th align="left">Nick</th>
-  </tr>
-  <tr class="contenttopic">
-    <th align="left" colspan=2>Kommentar</th>
-  </tr>
-
-<?php
-
-
-	for ($n = 0; $n < $news_rows; $n++) {
-		echo "\t<tr class=\"content\">";
-		echo "\t\t<td width=100>";
-		echo mysql_result($Erg, $n, "Datum");
-		echo "\t\t</td>";
-		echo "\t\t<td>";
-		echo UID2Nick(mysql_result($Erg, $n, "UID"));
-		// avatar anzeigen?
-		echo DisplayAvatar(mysql_result($Erg, $n, "UID"));
-		echo "\t\t</td>";
-		echo "</tr>";
-		echo "\t<tr class=\"content\">";
-		echo "\t\t<td colspan=\"2\">";
-		echo nl2br(mysql_result($Erg, $n, "Text")) . "\n";
-		echo "\t\t</td>";
-		echo "</tr>";
-	}
-
-	echo "</table>";
-?>
-
-<br />
-<hr>
-<h4>Neuer Kommentar:</h4>
-<a name="Neu">&nbsp;</a>
-
-<form action="./news_comments.php" method="GET">
-<input type="hidden" name="nid" value="<?php echo $_GET["nid"]; ?>">
-<table>
- <tr>
-  <td align="right" valign="top">Text:</td>
-  <td><textarea name="text" cols="50" rows="10"></textarea></td>
- </tr>
-</table>
-<br />
-<input type="submit" value="sichern...">
-</form>
-
-<?php
-
-
-} else {
-	echo "Fehlerhafter Aufruf!";
-}
-
-include ("includes/footer.php");
-?>
-- 
cgit v1.2.3-54-g00ecf


From 9941d2a7a799ad45b8e54c528c2161f880ab159e Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Fri, 3 Jun 2011 05:49:56 +0200
Subject: admin news

---
 DB/db_rewrite.sql             | 39 +++++++++----------
 includes/pages/admin_news.php | 87 +++++++++++++++++++++++++++++++++++++++++++
 txt/TODO                      |  2 +-
 www-ssl/admin/index.php       | 21 -----------
 www-ssl/index.php             |  4 ++
 5 files changed, 112 insertions(+), 41 deletions(-)
 create mode 100644 includes/pages/admin_news.php
 delete mode 100644 www-ssl/admin/index.php

(limited to 'txt/TODO')

diff --git a/DB/db_rewrite.sql b/DB/db_rewrite.sql
index b85f04c9..f5ba1c6d 100644
--- a/DB/db_rewrite.sql
+++ b/DB/db_rewrite.sql
@@ -3,7 +3,7 @@
 -- http://www.phpmyadmin.net
 --
 -- Host: localhost
--- Erstellungszeit: 03. Juni 2011 um 03:12
+-- Erstellungszeit: 03. Juni 2011 um 03:49
 -- Server Version: 5.1.44
 -- PHP-Version: 5.3.1
 
@@ -71,23 +71,23 @@ CREATE TABLE IF NOT EXISTS `Counter` (
 --
 
 INSERT INTO `Counter` (`URL`, `Anz`) VALUES
-('news', 164),
+('news', 187),
 ('login', 26),
 ('logout', 13),
 ('start', 26),
-('faq', 18),
+('faq', 19),
 ('credits', 3),
 ('register', 3),
-('admin_rooms', 75),
-('admin_angel_types', 70),
-('user_settings', 125),
-('user_messages', 112),
-('admin_groups', 114),
+('admin_rooms', 89),
+('admin_angel_types', 71),
+('user_settings', 126),
+('user_messages', 113),
+('admin_groups', 117),
 ('user_questions', 55),
 ('admin_questions', 42),
 ('admin_faq', 55),
-('admin_news', 2),
-('news_comments', 144);
+('admin_news', 32),
+('news_comments', 151);
 
 -- --------------------------------------------------------
 
@@ -226,10 +226,6 @@ CREATE TABLE IF NOT EXISTS `News` (
 -- Daten für Tabelle `News`
 --
 
-INSERT INTO `News` (`ID`, `Datum`, `Betreff`, `Text`, `UID`, `Treffen`) VALUES
-(1, 1307070566, 'asdf', 'asdf', 1, 0),
-(2, 1307070579, 'Achtung, Treffen!', 'Uiuiuiui.', 1, 0),
-(3, 1307070686, 'Achtung, Treffen!', 'Jojojo!', 1, 1);
 
 -- --------------------------------------------------------
 
@@ -245,7 +241,7 @@ CREATE TABLE IF NOT EXISTS `news_comments` (
   `UID` int(11) NOT NULL DEFAULT '0',
   PRIMARY KEY (`ID`),
   KEY `Refid` (`Refid`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=4 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=5 ;
 
 --
 -- Daten für Tabelle `news_comments`
@@ -254,7 +250,8 @@ CREATE TABLE IF NOT EXISTS `news_comments` (
 INSERT INTO `news_comments` (`ID`, `Refid`, `Datum`, `Text`, `UID`) VALUES
 (1, 10, '2011-06-03 04:12:28', 'FOobar :)', 1),
 (2, 10, '2011-06-03 04:13:03', 'FOobar :)', 1),
-(3, 10, '2011-06-03 04:13:06', 'FOobar :)', 1);
+(3, 10, '2011-06-03 04:13:06', 'FOobar :)', 1),
+(4, 3, '2011-06-03 05:20:05', 'Fünününü!', 1);
 
 -- --------------------------------------------------------
 
@@ -327,12 +324,14 @@ CREATE TABLE IF NOT EXISTS `Room` (
   `show` char(1) NOT NULL DEFAULT 'Y',
   `Number` int(11) DEFAULT NULL,
   PRIMARY KEY (`RID`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=3 ;
 
 --
 -- Daten für Tabelle `Room`
 --
 
+INSERT INTO `Room` (`RID`, `Name`, `Man`, `FromPentabarf`, `show`, `Number`) VALUES
+(2, 'Mein Zimmer', 'msquare', 'N', 'Y', 1337);
 
 -- --------------------------------------------------------
 
@@ -1028,7 +1027,9 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES
 ('admin_faq', 'DE', 'FAQs bearbeiten'),
 ('admin_faq', 'EN', 'Edit FAQs'),
 ('news_comments', 'DE', 'News Kommentare'),
-('news_comments', 'EN', 'News comments');
+('news_comments', 'EN', 'News comments'),
+('admin_news', 'DE', 'News verwalten'),
+('admin_news', 'EN', 'Manage news');
 
 -- --------------------------------------------------------
 
@@ -1071,7 +1072,7 @@ CREATE TABLE IF NOT EXISTS `User` (
 --
 
 INSERT INTO `User` (`UID`, `Nick`, `Name`, `Vorname`, `Alter`, `Telefon`, `DECT`, `Handy`, `email`, `ICQ`, `jabber`, `Size`, `Passwort`, `Gekommen`, `Aktiv`, `Tshirt`, `color`, `Sprache`, `Avatar`, `Menu`, `lastLogIn`, `CreateDate`, `Art`, `kommentar`, `Hometown`) VALUES
-(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307070695, '0000-00-00 00:00:00', '', '', ''),
+(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307072950, '0000-00-00 00:00:00', '', '', ''),
 (147, 'msquare', '', '', 23, '', '', '', 'msquare@notrademark.de', '', '', 'L', 'e10adc3949ba59abbe56e057f20f883e', 0, 0, 0, 6, 'EN', 0, 'L', 1307042703, '2011-06-02 00:55:09', '', '', '');
 
 -- --------------------------------------------------------
diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php
new file mode 100644
index 00000000..2c6e1f45
--- /dev/null
+++ b/includes/pages/admin_news.php
@@ -0,0 +1,87 @@
+<?php
+function admin_news() {
+	global $user;
+	
+	if (!isset ($_GET["action"])) {
+		header("Location: " . page_link_to("news"));
+	} else {
+		$html = "";
+		switch ($_GET["action"]) {
+			case 'edit' :
+				if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+					$id = $_REQUEST['id'];
+				else
+					return error("Incomplete call, missing News ID.");
+
+				$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
+				if (count($news) > 0) {
+					list ($news) = $news;
+
+					$html .= '<a href="' . page_link_to("news") . '">&laquo Back</a>';
+
+					$html .= "<form action=\"" . page_link_to("admin_news") . "&action=save\" method=\"post\">\n";
+
+					$html .= "<table>\n";
+					$html .= "  <tr><td>Datum</td><td>" .
+					date("Y-m-d H:i", $news['Datum']) . "</td></tr>\n";
+					$html .= "  <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"" .
+					$news["Betreff"] . "\"></td></tr>\n";
+					$html .= "  <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">" .
+					$news["Text"] . "</textarea></td></tr>\n";
+					$html .= "  <tr><td>Engel</td><td>" .
+					UID2Nick($news["UID"]) . "</td></tr>\n";
+					$html .= "  <tr><td>Treffen</td><td>" . html_select_key('eTreffen', array (
+						'1' => "Ja",
+						'0' => "Nein"
+					), $news['Treffen']) . "</td></tr>\n";
+					$html .= "</table>";
+
+					$html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
+					$html .= "<input type=\"submit\" name=\"submit\" value=\"Speichern\">\n";
+					$html .= "</form>";
+
+					$html .= "<form action=\"" . page_link_to("admin_news") . "&action=delete\" method=\"POST\">\n";
+					$html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
+					$html .= "<input type=\"submit\" name=\"submit\" value=\"Löschen\">\n";
+					$html .= "</form>";
+				} else
+					return error("No News found.");
+				break;
+
+			case 'save' :
+				if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+					$id = $_REQUEST['id'];
+				else
+					return error("Incomplete call, missing News ID.");
+
+				$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
+				if (count($news) > 0) {
+					list ($news) = $news;
+
+					sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) .
+					"', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1");
+					header("Location: " . page_link_to("news"));
+				} else
+					return error("No News found.");
+				break;
+
+			case 'delete' :
+				if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+					$id = $_REQUEST['id'];
+				else
+					return error("Incomplete call, missing News ID.");
+
+				$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
+				if (count($news) > 0) {
+					list ($news) = $news;
+
+					sql_query("DELETE FROM `news` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
+					header("Location: " . page_link_to("news"));
+				} else
+					return error("No News found.");
+				break;
+		}
+	}
+	return $html;
+}
+?>
\ No newline at end of file
diff --git a/txt/TODO b/txt/TODO
index 42684e23..02dd8626 100644
--- a/txt/TODO
+++ b/txt/TODO
@@ -1,5 +1,4 @@
 jetzt:
- * news administrieren
  * user administrieren
  * schichtimport
  * schichtadministration
@@ -20,6 +19,7 @@ später:
  * Löschen nur mit Rückfrage
  * FAQ ordentlich mehrsprachig machen
  * Fertig übersetzen/Sprachwirrwarr beseitigen
+ * Übersetzung
 
 * schichten ueber monatsgrenzen einbaue im moment werden die tage nur 
   hochgezaehlt und die monatzgrenzen werden ignoriert
diff --git a/www-ssl/admin/index.php b/www-ssl/admin/index.php
deleted file mode 100644
index 4e761078..00000000
--- a/www-ssl/admin/index.php
+++ /dev/null
@@ -1,21 +0,0 @@
-<?php
-require_once ('../bootstrap.php');
-
-$title = "Erzengel";
-$header = "Index";
-include ("includes/header.php");
-include ("includes/funktion_db_list.php");
-
-echo "Hallo Erzengel " . $_SESSION['Nick'] . ",<br />\n";
-?>
-
-du bist jetzt im Erzengel-Bereich. Hier kannst du die Engel-Verwaltung vornehmen.<br /><br />
-
-Bitte melde dich <a href="../logout.php">hier</a> nach getaner Arbeit immer ab, damit kein anderer hier &Auml;nderungen vornehmen kann.
-
-<?php
-
-
-include ("includes/footer.php");
-?>
-
diff --git a/www-ssl/index.php b/www-ssl/index.php
index 9524459a..c62b03e0 100644
--- a/www-ssl/index.php
+++ b/www-ssl/index.php
@@ -66,6 +66,10 @@ if (in_array($p, $privileges)) {
 	elseif ($p == "admin_questions") {
 		$content = admin_questions();
 	}
+	elseif ($p == "admin_news") {
+		require_once ('includes/pages/admin_news.php');
+		$content = admin_news();
+	}
 	elseif ($p == "admin_angel_types") {
 		require_once ('includes/pages/admin_angel_types.php');
 		$content = admin_angel_types();
-- 
cgit v1.2.3-54-g00ecf


From 6b155db36c30718ccbe25200d640c177d5d78589 Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Fri, 3 Jun 2011 07:44:50 +0200
Subject: user management

---
 DB/db_rewrite.sql                    |  14 +-
 includes/pages/admin_user.php        | 363 +++++++++++++++++++++++++----------
 includes/sys_template.php            |   2 +-
 includes/sys_user.php                |  11 +-
 txt/TODO                             |   1 -
 www-ssl/admin/userChangeNormal.php   | 133 -------------
 www-ssl/admin/userDefaultSetting.php | 138 -------------
 www-ssl/admin/userSaveNormal.php     | 119 ------------
 8 files changed, 277 insertions(+), 504 deletions(-)
 delete mode 100644 www-ssl/admin/userChangeNormal.php
 delete mode 100644 www-ssl/admin/userDefaultSetting.php
 delete mode 100644 www-ssl/admin/userSaveNormal.php

(limited to 'txt/TODO')

diff --git a/DB/db_rewrite.sql b/DB/db_rewrite.sql
index 20a23f1e..18a75dee 100644
--- a/DB/db_rewrite.sql
+++ b/DB/db_rewrite.sql
@@ -3,7 +3,7 @@
 -- http://www.phpmyadmin.net
 --
 -- Host: localhost
--- Erstellungszeit: 03. Juni 2011 um 04:47
+-- Erstellungszeit: 03. Juni 2011 um 05:44
 -- Server Version: 5.1.44
 -- PHP-Version: 5.3.1
 
@@ -80,15 +80,15 @@ INSERT INTO `Counter` (`URL`, `Anz`) VALUES
 ('register', 8),
 ('admin_rooms', 89),
 ('admin_angel_types', 71),
-('user_settings', 126),
+('user_settings', 131),
 ('user_messages', 113),
 ('admin_groups', 129),
 ('user_questions', 55),
-('admin_questions', 42),
+('admin_questions', 43),
 ('admin_faq', 55),
 ('admin_news', 33),
 ('news_comments', 151),
-('admin_user', 59),
+('admin_user', 157),
 ('user_meetings', 5);
 
 -- --------------------------------------------------------
@@ -1083,8 +1083,7 @@ CREATE TABLE IF NOT EXISTS `User` (
 --
 
 INSERT INTO `User` (`UID`, `Nick`, `Name`, `Vorname`, `Alter`, `Telefon`, `DECT`, `Handy`, `email`, `ICQ`, `jabber`, `Size`, `Passwort`, `Gekommen`, `Aktiv`, `Tshirt`, `color`, `Sprache`, `Avatar`, `Menu`, `lastLogIn`, `CreateDate`, `Art`, `kommentar`, `Hometown`) VALUES
-(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307076377, '0000-00-00 00:00:00', '', '', ''),
-(147, 'msquare', '', '', 23, '', '', '', 'msquare@notrademark.de', '', '', 'L', 'e10adc3949ba59abbe56e057f20f883e', 0, 0, 0, 6, 'EN', 0, 'L', 1307042703, '2011-06-02 00:55:09', '', '', '');
+(1, 'admin', 'Gates', 'Bill', 42, '', '', '', '', '', '', '', '4297f44b13955235245b2497399d7a93', 0, 0, 0, 10, 'DE', 115, 'L', 1307079838, '0000-00-00 00:00:00', '', '', '');
 
 -- --------------------------------------------------------
 
@@ -1184,8 +1183,7 @@ INSERT INTO `UserGroups` (`id`, `uid`, `group_id`) VALUES
 (1, 1, -2),
 (2, 1, -3),
 (3, 1, -5),
-(4, 1, -4),
-(5, 147, -2);
+(4, 1, -4);
 
 -- --------------------------------------------------------
 
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index b64c9678..497f5fdb 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -1,111 +1,280 @@
 <?php
 function admin_user() {
+	global $user;
+
 	include ("includes/funktion_db_list.php");
 
 	$html = "";
-	// Userliste, keine UID uebergeben...
-
-	$html .= "<a href=\"" . page_link_to("register") . "\">Neuen Engel eintragen &raquo;</a><br /><br />\n";
-
-	if (!isset ($_GET["OrderBy"]))
-		$_GET["OrderBy"] = "Nick";
-	$SQL = "SELECT * FROM `User` ORDER BY `" . $_GET["OrderBy"] . "` ASC";
-	$Erg = sql_query($SQL);
-
-	// anzahl zeilen
-	$Zeilen = mysql_num_rows($Erg);
-
-	$html .= "Anzahl Engel: $Zeilen<br /><br />\n";
-	$html .= '
-	<table width="100%" class="border" cellpadding="2" cellspacing="1"> <thead>
-	  <tr class="contenttopic">
-	    <th>
-	      <a href="' . page_link_to("admin_user") . '&OrderBy=Nick">Nick</a>
-	    </th>
-	    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Vorname">Vorname</a> <a href="' . page_link_to("admin_user") . '&OrderBy=Name">Name</a></th>
-	    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Alter">Alter</a></th>
-	    <th>
-	      <a href="' . page_link_to("admin_user") . '&OrderBy=email">E-Mail</a>
-	    </th>
-	    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Size">Gr&ouml;&szlig;e</a></th>
-	    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Gekommen">Gekommen</a></th>
-	    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Aktiv">Aktiv</a></th>
-	    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Tshirt">T-Shirt</a></th>
-	    <th><a href="' . page_link_to("admin_user") . '&OrderBy=CreateDate">Registrier</a></th>
-	    <th>&Auml;nd.</th>
-	  </tr></thead>';
-	$Gekommen = 0;
-	$Active = 0;
-	$Tshirt = 0;
-
-	for ($n = 0; $n < $Zeilen; $n++) {
-		$title = "";
-		$user_groups = sql_select("SELECT * FROM `UserGroups` JOIN `Groups` ON (`Groups`.`UID` = `UserGroups`.`group_id`) WHERE `UserGroups`.`uid`=" . sql_escape(mysql_result($Erg, $n, "UID")) . " ORDER BY `Groups`.`Name`");
-		$groups = array ();
-		foreach ($user_groups as $user_group) {
-			$groups[] = $user_group['Name'];
+
+	if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) {
+		$id = $_REQUEST['id'];
+		if (!isset ($_REQUEST['action'])) {
+			$html .= "Hallo,<br />" .
+			"hier kannst du den Eintrag &auml;ndern. Unter dem Punkt 'Gekommen' " .
+			"wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " .
+			"dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " .
+			"Wenn T-Shirt ein 'Ja' enth&auml;lt, bedeutet dies, dass der Engel " .
+			"bereits sein T-Shirt erhalten hat.<br /><br />\n";
+
+			$html .= "<form action=\"" . page_link_to("admin_user") . "&action=save&id=$id\" method=\"post\">\n";
+			$html .= "<table border=\"0\">\n";
+			$html .= "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n";
+
+			$SQL = "SELECT * FROM `User` WHERE `UID`='" . $id . "'";
+			$Erg = sql_query($SQL);
+
+			$html .= "<tr><td>\n";
+			$html .= "<table>\n";
+			$html .= "  <tr><td>Nick</td><td>" .
+			"<input type=\"text\" size=\"40\" name=\"eNick\" value=\"" .
+			mysql_result($Erg, 0, "Nick") . "\"></td></tr>\n";
+			$html .= "  <tr><td>lastLogIn</td><td>" .
+			date("Y-m-d H:i", mysql_result($Erg, 0, "lastLogIn")) . "</td></tr>\n";
+			$html .= "  <tr><td>Name</td><td>" .
+			"<input type=\"text\" size=\"40\" name=\"eName\" value=\"" .
+			mysql_result($Erg, 0, "Name") . "\"></td></tr>\n";
+			$html .= "  <tr><td>Vorname</td><td>" .
+			"<input type=\"text\" size=\"40\" name=\"eVorname\" value=\"" .
+			mysql_result($Erg, 0, "Vorname") . "\"></td></tr>\n";
+			$html .= "  <tr><td>Alter</td><td>" .
+			"<input type=\"text\" size=\"5\" name=\"eAlter\" value=\"" .
+			mysql_result($Erg, 0, "Alter") . "\"></td></tr>\n";
+			$html .= "  <tr><td>Telefon</td><td>" .
+			"<input type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" .
+			mysql_result($Erg, 0, "Telefon") . "\"></td></tr>\n";
+			$html .= "  <tr><td>Handy</td><td>" .
+			"<input type=\"text\" size=\"40\" name=\"eHandy\" value=\"" .
+			mysql_result($Erg, 0, "Handy") . "\"></td></tr>\n";
+			$html .= "  <tr><td>DECT</td><td>" .
+			"<input type=\"text\" size=\"4\" name=\"eDECT\" value=\"" .
+			mysql_result($Erg, 0, "DECT") . "\"></td></tr>\n";
+			$html .= "  <tr><td>email</td><td>" .
+			"<input type=\"text\" size=\"40\" name=\"eemail\" value=\"" .
+			mysql_result($Erg, 0, "email") . "\"></td></tr>\n";
+			$html .= "  <tr><td>ICQ</td><td>" .
+			"<input type=\"text\" size=\"40\" name=\"eICQ\" value=\"" .
+			mysql_result($Erg, 0, "ICQ") . "\"></td></tr>\n";
+			$html .= "  <tr><td>jabber</td><td>" .
+			"<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"" .
+			mysql_result($Erg, 0, "jabber") . "\"></td></tr>\n";
+			$html .= "  <tr><td>Size</td><td>" .
+			html_select_key('size', array (
+				'S' => "S",
+				'M' => "M",
+				'L' => "L",
+				'XL' => "XL",
+				'2XL' => "2XL",
+				'3XL' => "3XL",
+				'4XL' => "4XL",
+				'5XL' => "5XL",
+				'S-G' => "S Girl",
+				'M-G' => "M Girl",
+				'L-G' => "L Girl",
+				'XL-G' => "XL Girl"
+			), mysql_result($Erg, 0, "Size")) . "</td></tr>\n";
+
+			$options = array (
+				'1' => "Yes",
+				'0' => "No"
+			);
+
+			// Gekommen? 
+			$html .= "  <tr><td>Gekommen</td><td>\n";
+			$html .= html_options('eGekommen', $options, mysql_result($Erg, 0, "Gekommen")) . "</td></tr>\n";
+
+			// Aktiv?
+			$html .= "  <tr><td>Aktiv</td><td>\n";
+			$html .= html_options('eAktiv', $options, mysql_result($Erg, 0, "Aktiv")) . "</td></tr>\n";
+
+			// T-Shirt bekommen? 
+			$html .= "  <tr><td>T-Shirt</td><td>\n";
+			$html .= html_options('eTshirt', $options, mysql_result($Erg, 0, "Tshirt")) . "</td></tr>\n";
+
+			$html .= "  <tr><td>Hometown</td><td>" .
+			"<input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" .
+			mysql_result($Erg, 0, "Hometown") . "\"></td></tr>\n";
+
+			$html .= "</table>\n</td><td valign=\"top\">" . displayavatar($id, false) . "</td></tr>";
+
+			$html .= "</td></tr>\n";
+			$html .= "</table>\n<br />\n";
+			$html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
+			$html .= "<input type=\"submit\" value=\"Speichern\">\n";
+			$html .= "</form>";
+
+			$html .= "<hr />";
+
+			$html .= "Hier kannst Du das Passwort dieses Engels neu setzen:<form action=\"" . page_link_to("admin_user") . "&action=change_pw&id=$id\" method=\"post\">\n";
+			$html .= "<table>\n";
+			$html .= "  <tr><td>Passwort</td><td>" .
+			"<input type=\"password\" size=\"40\" name=\"new_pw\" value=\"\"></td></tr>\n";
+			$html .= "  <tr><td>Wiederholung</td><td>" .
+			"<input type=\"password\" size=\"40\" name=\"new_pw2\" value=\"\"></td></tr>\n";
+
+			$html .= "</table>";
+			$html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
+			$html .= "<input type=\"submit\" value=\"Speichern\">\n";
+			$html .= "</form>";
+
+			$html .= "<hr />";
+
+			$html .= "<form action=\"" . page_link_to("admin_user") . "&action=delete&id=" . $id . "\" method=\"post\">\n";
+			$html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
+			$html .= "<input type=\"submit\" value=\"Löschen\">\n";
+			$html .= "</form>";
+
+			$html .= "<hr />";
+			$html .= funktion_db_element_list_2row("Freeloader Shifts", "SELECT `Remove_Time`, `Length`, `Comment` FROM `ShiftFreeloader` WHERE UID=" . $_REQUEST['id']);
+		} else {
+			switch ($_REQUEST['action']) {
+				case 'delete' :
+					if ($user['UID'] != $id) {
+						sql_query("DELETE FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+						sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id));
+						sql_query("UPDATE `ShiftEntry` SET `UID`=0, `Comment`=NULL WHERE `UID`=" . sql_escape($id));
+						$html .= success("Benutzer gelöscht!");
+					} else {
+						$html .= error("Du kannst Dich nicht selber löschen!");
+					}
+					break;
+
+				case 'save' :
+					$SQL = "UPDATE `User` SET ";
+					$SQL .= " `Nick` = '" . $_POST["eNick"] . "', `Name` = '" . $_POST["eName"] . "', " .
+					"`Vorname` = '" . $_POST["eVorname"] . "', " .
+					"`Telefon` = '" . $_POST["eTelefon"] . "', " .
+					"`Handy` = '" . $_POST["eHandy"] . "', " .
+					"`Alter` = '" . $_POST["eAlter"] . "', " .
+					"`DECT` = '" . $_POST["eDECT"] . "', " .
+					"`email` = '" . $_POST["eemail"] . "', " .
+					"`ICQ` = '" . $_POST["eICQ"] . "', " .
+					"`jabber` = '" . $_POST["ejabber"] . "', " .
+					"`Size` = '" . $_POST["eSize"] . "', " .
+					"`Gekommen`= '" . $_POST["eGekommen"] . "', " .
+					"`Aktiv`= '" . $_POST["eAktiv"] . "', " .
+					"`Tshirt` = '" . $_POST["eTshirt"] . "', " .
+					"`Hometown` = '" . $_POST["Hometown"] . "' " .
+					"WHERE `UID` = '" . $id .
+					"' LIMIT 1;";
+					sql_query($SQL);
+					$html .= success("Änderung wurde gespeichert...\n");
+					break;
+
+				case 'change_pw' :
+					if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) {
+						sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+						$html .= success("Passwort neu gesetzt.");
+					} else {
+						$html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!");
+					}
+					break;
+			}
 		}
-		$title .= 'Groups: ' . join(", ", $groups) . "<br />";
-		if (strlen(mysql_result($Erg, $n, "Telefon")) > 0)
-			$title .= "Tel: " . mysql_result($Erg, $n, "Telefon") . "<br />";
-		if (strlen(mysql_result($Erg, $n, "Handy")) > 0)
-			$title .= "Handy: " . mysql_result($Erg, $n, "Handy") . "<br />";
-		if (strlen(mysql_result($Erg, $n, "DECT")) > 0)
-			$title .= "DECT: <a href=\"./dect.php?custum=" . mysql_result($Erg, $n, "DECT") . "\">" .
-			mysql_result($Erg, $n, "DECT") . "</a><br />";
-		if (strlen(mysql_result($Erg, $n, "Hometown")) > 0)
-			$title .= "Hometown: " . mysql_result($Erg, $n, "Hometown") . "<br />";
-		if (strlen(mysql_result($Erg, $n, "lastLogIn")) > 0)
-			$title .= "Last login: " . date("Y-m-d H:i", mysql_result($Erg, $n, "lastLogIn")) . "<br />";
-		if (strlen(mysql_result($Erg, $n, "Art")) > 0)
-			$title .= "Type: " . mysql_result($Erg, $n, "Art") . "<br />";
-		if (strlen(mysql_result($Erg, $n, "ICQ")) > 0)
-			$title .= "ICQ: " . mysql_result($Erg, $n, "ICQ") . "<br />";
-		if (strlen(mysql_result($Erg, $n, "jabber")) > 0)
-			$title .= "jabber: " . mysql_result($Erg, $n, "jabber") . "<br />";
-
-		$html .= "<tr class=\"content\">\n";
-		$html .= "\t<td>" . mysql_result($Erg, $n, "Nick") . "</td>\n";
-		$html .= "\t<td>" . mysql_result($Erg, $n, "Vorname") . " " . mysql_result($Erg, $n, "Name") . "</td>\n";
-		$html .= "\t<td>" . mysql_result($Erg, $n, "Alter") . "</td>\n";
-		$html .= "\t<td>";
-		if (strlen(mysql_result($Erg, $n, "email")) > 0)
-			$html .= "<a href=\"mailto:" . mysql_result($Erg, $n, "email") . "\">" .
-			mysql_result($Erg, $n, "email") . "</a>";
-		$html .= '<div class="hidden">' . $title . '</div>';
-		$html .= "</td>\n";
-		$html .= "\t<td>" . mysql_result($Erg, $n, "Size") . "</td>\n";
-		$Gekommen += mysql_result($Erg, $n, "Gekommen");
-		$html .= "\t<td>" . mysql_result($Erg, $n, "Gekommen") . "</td>\n";
-		$Active += mysql_result($Erg, $n, "Aktiv");
-		$html .= "\t<td>" . mysql_result($Erg, $n, "Aktiv") . "</td>\n";
-		$Tshirt += mysql_result($Erg, $n, "Tshirt");
-		$html .= "\t<td>" . mysql_result($Erg, $n, "Tshirt") . "</td>\n";
-		$html .= "<td>" . mysql_result($Erg, $n, "CreateDate") . "</td>";
-		$html .= "\t<td>" . '<a href="">Edit</a>' .
-		"</td>\n";
-		$html .= "</tr>\n";
-	}
-	$html .= "<tr>" .
-	"<td></td><td></td><td></td><td></td><td></td>" .
-	"<td>$Gekommen</td><td>$Active</td><td>$Tshirt</td><td></td><td></td></tr>\n";
-	$html .= "\t</table>\n";
-	// Ende Userliste
+	} else {
+		// Userliste, keine UID uebergeben...
+
+		$html .= "<a href=\"" . page_link_to("register") . "\">Neuen Engel eintragen &raquo;</a><br /><br />\n";
 
-	$html .= "<hr /><h2>Statistics</h2>";
-	$html .= funktion_db_element_list_2row("Hometown", "SELECT COUNT(`Hometown`), `Hometown` FROM `User` GROUP BY `Hometown`");
+		if (!isset ($_GET["OrderBy"]))
+			$_GET["OrderBy"] = "Nick";
+		$SQL = "SELECT * FROM `User` ORDER BY `" . sql_escape($_GET["OrderBy"]) . "` ASC";
+		$Erg = sql_query($SQL);
 
-	$html .= "<br />\n";
+		// anzahl zeilen
+		$Zeilen = mysql_num_rows($Erg);
 
-	$html .= funktion_db_element_list_2row("Engeltypen", "SELECT COUNT(`Art`), `Art` FROM `User` GROUP BY `Art`");
+		$html .= "Anzahl Engel: $Zeilen<br /><br />\n";
+		$html .= '
+									<table width="100%" class="border" cellpadding="2" cellspacing="1"> <thead>
+									  <tr class="contenttopic">
+									    <th>
+									      <a href="' . page_link_to("admin_user") . '&OrderBy=Nick">Nick</a>
+									    </th>
+									    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Vorname">Vorname</a> <a href="' . page_link_to("admin_user") . '&OrderBy=Name">Name</a></th>
+									    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Alter">Alter</a></th>
+									    <th>
+									      <a href="' . page_link_to("admin_user") . '&OrderBy=email">E-Mail</a>
+									    </th>
+									    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Size">Gr&ouml;&szlig;e</a></th>
+									    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Gekommen">Gekommen</a></th>
+									    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Aktiv">Aktiv</a></th>
+									    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Tshirt">T-Shirt</a></th>
+									    <th><a href="' . page_link_to("admin_user") . '&OrderBy=CreateDate">Registrier</a></th>
+									    <th>&Auml;nd.</th>
+									  </tr></thead>';
+		$Gekommen = 0;
+		$Active = 0;
+		$Tshirt = 0;
 
-	$html .= "<br />\n";
+		for ($n = 0; $n < $Zeilen; $n++) {
+			$title = "";
+			$user_groups = sql_select("SELECT * FROM `UserGroups` JOIN `Groups` ON (`Groups`.`UID` = `UserGroups`.`group_id`) WHERE `UserGroups`.`uid`=" . sql_escape(mysql_result($Erg, $n, "UID")) . " ORDER BY `Groups`.`Name`");
+			$groups = array ();
+			foreach ($user_groups as $user_group) {
+				$groups[] = $user_group['Name'];
+			}
+			$title .= 'Groups: ' . join(", ", $groups) . "<br />";
+			if (strlen(mysql_result($Erg, $n, "Telefon")) > 0)
+				$title .= "Tel: " . mysql_result($Erg, $n, "Telefon") . "<br />";
+			if (strlen(mysql_result($Erg, $n, "Handy")) > 0)
+				$title .= "Handy: " . mysql_result($Erg, $n, "Handy") . "<br />";
+			if (strlen(mysql_result($Erg, $n, "DECT")) > 0)
+				$title .= "DECT: <a href=\"./dect.php?custum=" . mysql_result($Erg, $n, "DECT") . "\">" .
+				mysql_result($Erg, $n, "DECT") . "</a><br />";
+			if (strlen(mysql_result($Erg, $n, "Hometown")) > 0)
+				$title .= "Hometown: " . mysql_result($Erg, $n, "Hometown") . "<br />";
+			if (strlen(mysql_result($Erg, $n, "lastLogIn")) > 0)
+				$title .= "Last login: " . date("Y-m-d H:i", mysql_result($Erg, $n, "lastLogIn")) . "<br />";
+			if (strlen(mysql_result($Erg, $n, "Art")) > 0)
+				$title .= "Type: " . mysql_result($Erg, $n, "Art") . "<br />";
+			if (strlen(mysql_result($Erg, $n, "ICQ")) > 0)
+				$title .= "ICQ: " . mysql_result($Erg, $n, "ICQ") . "<br />";
+			if (strlen(mysql_result($Erg, $n, "jabber")) > 0)
+				$title .= "jabber: " . mysql_result($Erg, $n, "jabber") . "<br />";
 
-	$html .= funktion_db_element_list_2row("Used Groups", "SELECT Groups.Name AS 'GroupName', COUNT(Groups.Name) AS Count FROM `UserGroups` " .
-	"LEFT JOIN `Groups` ON Groups.UID = UserGroups.group_id " .
-	"WHERE (UserGroups.group_id!='NULL') " .
-	"GROUP BY `GroupName` " .
-	"");
+			$html .= "<tr class=\"content\">\n";
+			$html .= "\t<td>" . mysql_result($Erg, $n, "Nick") . "</td>\n";
+			$html .= "\t<td>" . mysql_result($Erg, $n, "Vorname") . " " . mysql_result($Erg, $n, "Name") . "</td>\n";
+			$html .= "\t<td>" . mysql_result($Erg, $n, "Alter") . "</td>\n";
+			$html .= "\t<td>";
+			if (strlen(mysql_result($Erg, $n, "email")) > 0)
+				$html .= "<a href=\"mailto:" . mysql_result($Erg, $n, "email") . "\">" .
+				mysql_result($Erg, $n, "email") . "</a>";
+			$html .= '<div class="hidden">' . $title . '</div>';
+			$html .= "</td>\n";
+			$html .= "\t<td>" . mysql_result($Erg, $n, "Size") . "</td>\n";
+			$Gekommen += mysql_result($Erg, $n, "Gekommen");
+			$html .= "\t<td>" . mysql_result($Erg, $n, "Gekommen") . "</td>\n";
+			$Active += mysql_result($Erg, $n, "Aktiv");
+			$html .= "\t<td>" . mysql_result($Erg, $n, "Aktiv") . "</td>\n";
+			$Tshirt += mysql_result($Erg, $n, "Tshirt");
+			$html .= "\t<td>" . mysql_result($Erg, $n, "Tshirt") . "</td>\n";
+			$html .= "<td>" . mysql_result($Erg, $n, "CreateDate") . "</td>";
+			$html .= "\t<td>" . '<a href="' . page_link_to("admin_user") . '&id=' . mysql_result($Erg, $n, "UID") . '">Edit</a>' .
+			"</td>\n";
+			$html .= "</tr>\n";
+		}
+		$html .= "<tr>" .
+		"<td></td><td></td><td></td><td></td><td></td>" .
+		"<td>$Gekommen</td><td>$Active</td><td>$Tshirt</td><td></td><td></td></tr>\n";
+		$html .= "\t</table>\n";
+		// Ende Userliste
+
+		$html .= "<hr /><h2>Statistics</h2>";
+		$html .= funktion_db_element_list_2row("Hometown", "SELECT COUNT(`Hometown`), `Hometown` FROM `User` GROUP BY `Hometown`");
+
+		$html .= "<br />\n";
+
+		$html .= funktion_db_element_list_2row("Engeltypen", "SELECT COUNT(`Art`), `Art` FROM `User` GROUP BY `Art`");
+
+		$html .= "<br />\n";
+
+		$html .= funktion_db_element_list_2row("Used Groups", "SELECT Groups.Name AS 'GroupName', COUNT(Groups.Name) AS Count FROM `UserGroups` " .
+		"LEFT JOIN `Groups` ON Groups.UID = UserGroups.group_id " .
+		"WHERE (UserGroups.group_id!='NULL') " .
+		"GROUP BY `GroupName` " .
+		"");
+	}
 	return $html;
 }
 ?>
\ No newline at end of file
diff --git a/includes/sys_template.php b/includes/sys_template.php
index 893d2d7e..7524b0cb 100644
--- a/includes/sys_template.php
+++ b/includes/sys_template.php
@@ -18,7 +18,7 @@ function template_render($file, $data) {
 function html_options($name, $options, $selected = "") {
 	$html = "";
 	foreach ($options as $value => $label)
-		$html .= '<input type="radio"' . ($value == $selected ? ' selected="selected"' : '') . ' name="' . $name . '" value="' . $value . '"> ' . $label;
+		$html .= '<input type="radio"' . ($value == $selected ? ' checked="checked"' : '') . ' name="' . $name . '" value="' . $value . '"> ' . $label;
 
 	return $html;
 }
diff --git a/includes/sys_user.php b/includes/sys_user.php
index 5dcf3f1f..4f55da38 100644
--- a/includes/sys_user.php
+++ b/includes/sys_user.php
@@ -86,13 +86,10 @@ function displayavatar($UID, $height = "30") {
 	if (GetPicturShow($UID) == 'Y')
 		return "&nbsp;" . displayPictur($UID, $height);
 
-	// show avator
-	$asql = "select * from User where UID = $UID";
-	$aerg = mysql_query($asql, $con);
-
-	if (mysql_num_rows($aerg))
-		if (mysql_result($aerg, 0, "Avatar") > 0)
-			return'<div class="avatar">'. ("&nbsp;<img src=\"" . $url . $ENGEL_ROOT . "pic/avatar/avatar" . mysql_result($aerg, 0, "Avatar") . ".gif\">").'</div>';
+	$user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($UID) . " LIMIT 1");
+	if (count($user) > 0)
+		if ($user[0]['Avatar'] > 0)
+			return '<div class="avatar">' . ("&nbsp;<img src=\"pic/avatar/avatar" . $user[0]['Avatar'] . ".gif\">") . '</div>';
 }
 
 function UIDgekommen($UID) {
diff --git a/txt/TODO b/txt/TODO
index 02dd8626..9d29b09c 100644
--- a/txt/TODO
+++ b/txt/TODO
@@ -4,7 +4,6 @@ jetzt:
  * schichtadministration
  * meine schichten
  * schichten
- * meetings
  * weckservice?
 
 später:
diff --git a/www-ssl/admin/userChangeNormal.php b/www-ssl/admin/userChangeNormal.php
deleted file mode 100644
index 36eb4b6d..00000000
--- a/www-ssl/admin/userChangeNormal.php
+++ /dev/null
@@ -1,133 +0,0 @@
-<?php
-require_once ('../bootstrap.php');
-
-$title = "User-Liste";
-$header = "Editieren der Engelliste";
-include ("includes/header.php");
-include ("includes/funktion_db_list.php");
-
-if (IsSet ($_GET["enterUID"])) {
-	// UserID wurde mit uebergeben --> Aendern...
-
-	echo "Hallo,<br />" .
-	"hier kannst du den Eintrag &auml;ndern. Unter dem Punkt 'Gekommen' " .
-	"wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " .
-	"dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " .
-	"Wenn T-Shirt ein 'Ja' enth&auml;lt, bedeutet dies, dass der Engel " .
-	"bereits sein T-Shirt erhalten hat.<br /><br />\n";
-
-	echo "<form action=\"./userSaveNormal.php?action=change\" method=\"POST\">\n";
-	echo "<table border=\"0\">\n";
-	echo "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n";
-
-	$SQL = "SELECT * FROM `User` WHERE `UID`='" . $_GET["enterUID"] . "'";
-	$Erg = mysql_query($SQL, $con);
-
-	if (mysql_num_rows($Erg) != 1)
-		echo "<tr><td>Sorry, der Engel (UID=" . $_GET["enterUID"] .
-		") wurde in der Liste nicht gefunden.</td></tr>";
-	else {
-		echo "<tr><td>\n";
-		echo "<table>\n";
-		echo "  <tr><td>Nick</td><td>" .
-		"<input type=\"text\" size=\"40\" name=\"eNick\" value=\"" .
-		mysql_result($Erg, 0, "Nick") . "\"></td></tr>\n";
-		echo "  <tr><td>lastLogIn</td><td>" .
-		"<input type=\"text\" size=\"20\" name=\"elastLogIn\" value=\"" .
-		mysql_result($Erg, 0, "lastLogIn") . "\" disabled></td></tr>\n";
-		echo "  <tr><td>Name</td><td>" .
-		"<input type=\"text\" size=\"40\" name=\"eName\" value=\"" .
-		mysql_result($Erg, 0, "Name") . "\"></td></tr>\n";
-		echo "  <tr><td>Vorname</td><td>" .
-		"<input type=\"text\" size=\"40\" name=\"eVorname\" value=\"" .
-		mysql_result($Erg, 0, "Vorname") . "\"></td></tr>\n";
-		echo "  <tr><td>Alter</td><td>" .
-		"<input type=\"text\" size=\"5\" name=\"eAlter\" value=\"" .
-		mysql_result($Erg, 0, "Alter") . "\"></td></tr>\n";
-		echo "  <tr><td>Telefon</td><td>" .
-		"<input type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" .
-		mysql_result($Erg, 0, "Telefon") . "\"></td></tr>\n";
-		echo "  <tr><td>Handy</td><td>" .
-		"<input type=\"text\" size=\"40\" name=\"eHandy\" value=\"" .
-		mysql_result($Erg, 0, "Handy") . "\"></td></tr>\n";
-		echo "  <tr><td>DECT</td><td>" .
-		"<input type=\"text\" size=\"4\" name=\"eDECT\" value=\"" .
-		mysql_result($Erg, 0, "DECT") . "\"></td></tr>\n";
-		echo "  <tr><td>email</td><td>" .
-		"<input type=\"text\" size=\"40\" name=\"eemail\" value=\"" .
-		mysql_result($Erg, 0, "email") . "\"></td></tr>\n";
-		echo "  <tr><td>ICQ</td><td>" .
-		"<input type=\"text\" size=\"40\" name=\"eICQ\" value=\"" .
-		mysql_result($Erg, 0, "ICQ") . "\"></td></tr>\n";
-		echo "  <tr><td>jabber</td><td>" .
-		"<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"" .
-		mysql_result($Erg, 0, "jabber") . "\"></td></tr>\n";
-		echo "  <tr><td>Size</td><td>" .
-		"<input type=\"text\" size=\"5\" name=\"eSize\" value=\"" .
-		mysql_result($Erg, 0, "Size") . "\"></td></tr>\n";
-		echo "  <tr><td>Passwort</td><td>" .
-		"<a href=\"./userSaveNormal.php?action=newpw&eUID=" .
-		mysql_result($Erg, 0, "UID") . "\">neues Kennwort setzen</a></td></tr>\n";
-
-		// Gekommen? 
-		echo "  <tr><td>Gekommen</td><td>\n";
-		echo "      <input type=\"radio\" name=\"eGekommen\" value=\"0\"";
-		if (mysql_result($Erg, 0, "Gekommen") == '0')
-			echo " checked";
-		echo ">No \n";
-		echo "      <input type=\"radio\" name=\"eGekommen\" value=\"1\"";
-		if (mysql_result($Erg, 0, "Gekommen") == '1')
-			echo " checked";
-		echo ">Yes \n";
-		echo "</td></tr>\n";
-
-		// Aktiv?
-		echo "  <tr><td>Aktiv</td><td>\n";
-		echo "      <input type=\"radio\" name=\"eAktiv\" value=\"0\"";
-		if (mysql_result($Erg, 0, "Aktiv") == '0')
-			echo " checked";
-		echo ">No \n";
-		echo "      <input type=\"radio\" name=\"eAktiv\" value=\"1\"";
-		if (mysql_result($Erg, 0, "Aktiv") == '1')
-			echo " checked";
-		echo ">Yes \n";
-		echo "</td></tr>\n";
-
-		// T-Shirt bekommen? 
-		echo "  <tr><td>T-Shirt</td><td>\n";
-		echo "      <input type=\"radio\" name=\"eTshirt\" value=\"0\"";
-		if (mysql_result($Erg, 0, "Tshirt") == '0')
-			echo " checked";
-		echo ">No \n";
-		echo "      <input type=\"radio\" name=\"eTshirt\" value=\"1\"";
-		if (mysql_result($Erg, 0, "Tshirt") == '1')
-			echo " checked";
-		echo ">Yes \n";
-		echo "</td></tr>\n";
-
-		echo "  <tr><td>Hometown</td><td>" .
-		"<input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" .
-		mysql_result($Erg, 0, "Hometown") . "\"></td></tr>\n";
-
-		echo "</table>\n</td><td valign=\"top\">" . displayavatar($_GET["enterUID"], FALSE) . "</td></tr>";
-	}
-
-	echo "</td></tr>\n";
-	echo "</table>\n<br />\n";
-	echo "<input type=\"hidden\" name=\"enterUID\" value=\"" . $_GET["enterUID"] . "\">\n";
-	echo "<input type=\"submit\" value=\"sichern...\">\n";
-	echo "</form>";
-
-	echo "<form action=\"./userSaveNormal.php?action=delete\" method=\"POST\">\n";
-	echo "<input type=\"hidden\" name=\"enterUID\" value=\"" . $_GET["enterUID"] . "\">\n";
-	echo "<input type=\"submit\" value=\"l&ouml;schen...\">\n";
-	echo "</form>";
-
-	echo "<hr>";
-	funktion_db_element_list_2row("Freeloader Shifts", "SELECT `Remove_Time`, `Length`, `Comment` FROM `ShiftFreeloader` WHERE UID=" . $_GET["enterUID"]);
-}
-
-include ("includes/footer.php");
-?>
-
-
diff --git a/www-ssl/admin/userDefaultSetting.php b/www-ssl/admin/userDefaultSetting.php
deleted file mode 100644
index e7a69925..00000000
--- a/www-ssl/admin/userDefaultSetting.php
+++ /dev/null
@@ -1,138 +0,0 @@
-<?php
-require_once ('../bootstrap.php');
-
-$title = "Defalut User Setting";
-$header = "Defalut User Setting";
-include ("includes/header.php");
-include ("includes/funktion_db_list.php");
-
-echo "Hallo " . $_SESSION['Nick'] .
-",<br />\nhier hast du die M&ouml;glichkeit, die Defaulteinstellungen f&uuml;r neue User einzustellen:<br /><br />\n";
-
-echo "<table border=\"0\" class=\"border\">\n";
-echo "\t<tr class=\"contenttopic\">\n";
-echo "\t\t<th>Page</th>\n\t\t<th>Show</th>\n\t\t<th></th>\n";
-echo "\t</tr>\n";
-
-if (isset ($_GET["Field"]) && isset ($_GET["Default"]) && isset ($_GET["Send"])) {
-	switch ($_GET["Send"]) {
-		case "New" :
-			$SQL = "ALTER TABLE `UserCVS` ADD `" . $_GET["Field"] . "` " .
-			"CHAR( 1 ) DEFAULT '" . $_GET["Default"] . "' NOT NULL";
-			$Erg = db_query($SQL, "New user default setting");
-			if ($Erg == 1)
-				echo "<H2>Create " . $_GET["Field"] . " = " . $_GET["Default"] . " succesfull</h2>\n";
-			else
-				echo "<H2>Create " . $_GET["Field"] . " = " . $_GET["Default"] . " error...</h2>\n" .
-				"[" . mysql_error() . "]<br /><br />";
-			break;
-		case "Del" :
-			echo "\t<tr class=\"content\">\n";
-			echo "\t\t<form action=\"userDefaultSetting.php\">\n";
-			echo "\t\t\t<td><input name=\"Field\" type=\"text\" value=\"" . $_GET["Field"] . "\" readonly></td>\n";
-			echo "\t\t\t<td><input name=\"Default\" type=\"text\" value=\"" . $_GET["Default"] . "\" readonly></td>\n";
-			echo "\t\t\t<td><input type=\"submit\" name=\"Send\" value=\"Del sure\"></td>\n";
-			echo "\t\t</form>\n";
-			echo "\t</tr>\n";
-			break;
-		case "Del sure" :
-			$SQL = "ALTER TABLE `UserCVS` DROP `" . $_GET["Field"] . "` ";
-			$Erg = db_query($SQL, "del user default setting");
-			if ($Erg == 1)
-				echo "<H2>Delete " . $_GET["Field"] . " succesfull</h2>\n";
-			else
-				echo "<H2>Delete " . $_GET["Field"] . " error...</h2>\n" .
-				"[" . mysql_error() . "]<br /><br />";
-			break;
-		case "SetForAllUser" :
-			$SQL = "UPDATE `UserCVS` SET `" . $_GET["Field"] . "`='" . $_GET["Default"] . "' WHERE UID>0";
-			$Erg = db_query($SQL, "Set new user default setting for all user");
-			if ($Erg == 1)
-				echo "<H2>UPDATE " . $_GET["Field"] . " = " . $_GET["Default"] . " for all Users succesfull</h2>\n";
-			else
-				echo "<H2>UPDATE " . $_GET["Field"] . " = " . $_GET["Default"] . " for all Users error...</h2>\n" .
-				"[" . mysql_error() . "]<br /><br />";
-		case "Save" :
-			$SQL = "ALTER TABLE `UserCVS` CHANGE `" . $_GET["Field"] . "` " .
-			"`" . $_GET["Field"] . "` CHAR( 1 ) NOT NULL DEFAULT '" . $_GET["Default"] . "'";
-			$Erg = db_query($SQL, "Save user default setting");
-			if ($Erg == 1)
-				echo "<H2>Write " . $_GET["Field"] . " = " . $_GET["Default"] . " succesfull</h2>\n";
-			else
-				echo "<H2>Write " . $_GET["Field"] . " = " . $_GET["Default"] . " error...</h2>\n" .
-				"[" . mysql_error() . "]<br /><br />";
-			break;
-	} //SWITCH
-} //IF(
-
-$erg = mysql_query("SHOW COLUMNS FROM `UserCVS`");
-echo mysql_error();
-echo "\t<tr class=\"content\">\n";
-echo "\t\t<form action=\"userDefaultSetting.php\">\n";
-echo "\t\t\t<input name=\"Field\" type=\"hidden\" value=\GroupID\">\n";
-echo "\t\t\t<td>Group</td>\n";
-echo "\t\t\t<td><select name=\"GroupID\">";
-
-$SQL_Group = "SELECT * FROM `UserGroups`";
-$Erg_Group = mysql_query($SQL_Group, $con);
-for ($n = 0; $n < mysql_num_rows($Erg_Group); $n++) {
-	$UID = mysql_result($Erg_Group, $n, "UID");
-	echo "\t<option value=\"$UID\"";
-	if (mysql_result($erg, 1, "Default") == $UID)
-		echo " selected";
-	echo ">" . mysql_result($Erg_Group, $n, "Name") . "</option>\n";
-}
-echo "</select></td>\n";
-echo "\t\t\t<td><input type=\"submit\" name=\"Send\" value=\"Save\">\n";
-echo "\t\t\t    <input type=\"submit\" name=\"Send\" value=\"SetForAllUser\"></td>\n";
-echo "\t\t</form>\n";
-echo "\t</tr>\n";
-
-for ($i = 2; $i < mysql_num_rows($erg); $i++) {
-	echo "\t<tr class=\"content\">\n";
-	echo "\t\t<form action=\"userDefaultSetting.php\">\n";
-	echo "\t\t\t<input name=\"Field\" type=\"hidden\" value=\"" . mysql_result($erg, $i, "Field") . "\">\n";
-	echo "\t\t\t<td>" . mysql_result($erg, $i, "Field") . "</td>\n";
-	echo "\t\t\t<td>\n";
-
-	echo "\t\t\t\t<input type=\"radio\" name=\"Default\" value=\"Y\"";
-	if (mysql_result($erg, $i, "Default") == "Y")
-		echo " checked";
-	echo ">allow\n";
-
-	echo "\t\t\t\t<input type=\"radio\" name=\"Default\" value=\"N\"";
-	if (mysql_result($erg, $i, "Default") == "N")
-		echo " checked";
-	echo ">denied\n";
-
-	echo "\t\t\t\t<input type=\"radio\" name=\"Default\" value=\"G\"";
-	if (mysql_result($erg, $i, "Default") == "G")
-		echo " checked";
-	echo ">group-setting\n";
-
-	echo "\t\t\t</td>\n";
-	echo "\t\t\t<td><input type=\"submit\" name=\"Send\" value=\"Save\">\n";
-	echo "\t\t\t    <input type=\"submit\" name=\"Send\" value=\"Del\">\n";
-	echo "\t\t\t    <input type=\"submit\" name=\"Send\" value=\"SetForAllUser\"></td>\n";
-	echo "\t\t</form>\n";
-	echo "\t</tr>\n";
-}
-
-echo "\t<tr class=\"content\">\n";
-echo "\t\t<form action=\"userDefaultSetting.php\">\n";
-echo "\t\t\t<input name=\"New\" type=\"hidden\" value=\"New\">\n";
-echo "\t\t\t<td><input name=\"Field\" type=\"text\" value=\"new\"></td>\n";
-echo "\t\t\t<td>\n";
-echo "\t\t\t\t<input type=\"radio\" name=\"Default\" value=\"Y\">allow\n";
-echo "\t\t\t\t<input type=\"radio\" name=\"Default\" value=\"N\">denied\n";
-echo "\t\t\t\t<input type=\"radio\" name=\"Default\" value=\"G\" checked>group-setting\n";
-echo "\t\t\t</td>\n";
-echo "\t\t\t<td><input type=\"submit\" name=\"Send\" value=\"New\"></td>\n";
-echo "\t\t</form>\n";
-echo "\t</tr>\n";
-
-echo "</table>\n";
-
-include ("includes/footer.php");
-?>
-
diff --git a/www-ssl/admin/userSaveNormal.php b/www-ssl/admin/userSaveNormal.php
deleted file mode 100644
index deaf96d9..00000000
--- a/www-ssl/admin/userSaveNormal.php
+++ /dev/null
@@ -1,119 +0,0 @@
-<?php
-require_once ('../bootstrap.php');
-
-$title = "User-Liste";
-$header = "Index";
-include ("includes/header.php");
-include ("includes/funktion_db_list.php");
-include ("includes/crypt.php");
-include ("includes/funktion_db.php");
-
-if (IsSet ($_GET["action"])) {
-	SetHeaderGo2Back();
-	echo "Gesendeter Befehl: " . $_GET["action"] . "<br />";
-
-	switch ($_GET["action"]) {
-		case "change" :
-			if (IsSet ($_POST["enterUID"])) {
-				if ($_POST["Type"] == "Normal") {
-					$SQL = "UPDATE `User` SET ";
-					$SQL .= " `Nick` = '" . $_POST["eNick"] . "', `Name` = '" . $_POST["eName"] . "', " .
-					"`Vorname` = '" . $_POST["eVorname"] . "', " .
-					"`Telefon` = '" . $_POST["eTelefon"] . "', " .
-					"`Handy` = '" . $_POST["eHandy"] . "', " .
-					"`DECT` = '" . $_POST["eDECT"] . "', " .
-					"`email` = '" . $_POST["eemail"] . "', " .
-					"`ICQ` = '" . $_POST["eICQ"] . "', " .
-					"`jabber` = '" . $_POST["ejabber"] . "', " .
-					"`Size` = '" . $_POST["eSize"] . "', " .
-					"`Gekommen`= '" . $_POST["eGekommen"] . "', " .
-					"`Aktiv`= '" . $_POST["eAktiv"] . "', " .
-					"`Tshirt` = '" . $_POST["eTshirt"] . "', " .
-					"`Hometown` = '" . $_POST["Hometown"] . "' " .
-					"WHERE `UID` = '" . $_POST["enterUID"] .
-					"' LIMIT 1;";
-					echo "User-";
-					$Erg = db_query($SQL, "change user details");
-					if ($Erg == 1) {
-						echo "&Auml;nderung wurde gesichert...\n";
-					} else {
-						echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
-					}
-				} else
-					echo "<h1>Fehler: Unbekanter Type (" . $_POST["Type"] . ") �bergeben\n</h1>\n";
-			} else
-				echo "<h1>Fehler: UserID (enterUID) wurde nicht per POST �bergeben</h1>\n";
-			break;
-
-		case "delete" :
-			if (IsSet ($_POST["enterUID"])) {
-				echo "delate User...";
-				$SQL = "DELETE FROM `User` WHERE `UID`='" . $_POST["enterUID"] . "' LIMIT 1;";
-				$Erg = db_query($SQL, "User delete");
-				if ($Erg == 1) {
-					echo "&Auml;nderung wurde gesichert...\n";
-				} else {
-					echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
-				}
-
-				echo "<br />\ndelate UserCVS...";
-				$SQL2 = "DELETE FROM `UserCVS` WHERE `UID`='" . $_POST["enterUID"] . "' LIMIT 1;";
-				$Erg = db_query($SQL2, "User CVS delete");
-				if ($Erg == 1) {
-					echo "&Auml;nderung wurde gesichert...\n";
-				} else {
-					echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
-				}
-
-				echo "<br />\ndelate UserEntry...";
-				$SQL3 = "UPDATE `ShiftEntry` SET `UID`='0', `Comment`=NULL " .
-				"WHERE `UID`='" . $_POST["enterUID"] . "';";
-				$Erg = db_query($SQL3, "delate UserEntry");
-				if ($Erg == 1) {
-					echo "&Auml;nderung wurde gesichert...\n";
-				} else {
-					echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
-				}
-			}
-			break;
-
-		case "newpw" :
-			echo "Bitte neues Kennwort f&uuml;r <b>";
-			// Get Nick
-			$USQL = "SELECT * FROM `User` WHERE `UID`='" . $_GET["eUID"] . "'";
-			$Erg = mysql_query($USQL, $con);
-			echo mysql_result($Erg, 0, "Nick");
-			echo "</b> eingeben:<br />";
-			echo "<form action=\"./userSaveNormal.php?action=newpwsave\" method=\"POST\">\n";
-			echo "<input type=\"Password\" name=\"ePasswort\">";
-			echo "<input type=\"Password\" name=\"ePasswort2\">";
-			echo "<input type=\"hidden\" name=\"eUID\" value=\"" . $_GET["eUID"] . "\">";
-			echo "<input type=\"submit\" value=\"sichern...\">\n";
-			echo "</form>";
-			break;
-
-		case "newpwsave" :
-			if ($_POST["ePasswort"] == $_POST["ePasswort2"]) { // beide Passwoerter passen... 
-				$_POST["ePasswort"] = PassCrypt($_POST["ePasswort"]);
-				$SQL = "UPDATE `User` SET `Passwort`='" . $_POST["ePasswort"] . "' " .
-				"WHERE `UID`='" . $_POST["eUID"] . "'";
-				$Erg = db_query($SQL, "User new passwort");
-				if ($Erg == 1) {
-					echo "&Auml;nderung wurde gesichert...\n";
-				} else {
-					echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
-				}
-			} else
-				echo "Das Passwort wurde nicht &uuml;bereinstimmend eingegeben!";
-			break;
-	} // end switch
-
-	// ende - Action ist gesetzt 
-} else {
-	// kein Action gesetzt -> abbruch
-	echo "Unzul&auml;ssiger Aufruf.<br />Bitte neu editieren...";
-}
-
-include ("includes/footer.php");
-?>
-
-- 
cgit v1.2.3-54-g00ecf


From 170f8d2342e87f91f3ee3c4ad8ef161095666349 Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Fri, 3 Jun 2011 08:17:16 +0200
Subject: user management

---
 txt/TODO                           |   1 -
 www-ssl/admin/userChangeSecure.php | 104 -----------------------
 www-ssl/admin/userSaveSecure.php   | 167 -------------------------------------
 3 files changed, 272 deletions(-)
 delete mode 100644 www-ssl/admin/userChangeSecure.php
 delete mode 100644 www-ssl/admin/userSaveSecure.php

(limited to 'txt/TODO')

diff --git a/txt/TODO b/txt/TODO
index 9d29b09c..d78d3198 100644
--- a/txt/TODO
+++ b/txt/TODO
@@ -1,5 +1,4 @@
 jetzt:
- * user administrieren
  * schichtimport
  * schichtadministration
  * meine schichten
diff --git a/www-ssl/admin/userChangeSecure.php b/www-ssl/admin/userChangeSecure.php
deleted file mode 100644
index 69c4601d..00000000
--- a/www-ssl/admin/userChangeSecure.php
+++ /dev/null
@@ -1,104 +0,0 @@
-<?php
-require_once ('../bootstrap.php');
-
-$title = "User-Liste";
-$header = "Editieren der Engelliste";
-include ("includes/header.php");
-include ("includes/funktion_db_list.php");
-
-if (IsSet ($_GET["enterUID"])) {
-	// UserID wurde mit uebergeben --> Aendern...
-
-	echo "Hallo,<br />" .
-	"hier kannst du den Eintrag &auml;ndern. Unter dem Punkt 'Gekommen' " .
-	"wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " .
-	"dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " .
-	"Wenn T-Shirt ein 'Ja' enth&auml;lt, bedeutet dies, dass der Engel " .
-	"bereits sein T-Shirt erhalten hat.<br /><br />\n";
-
-	$SQL_CVS = "SELECT * FROM `UserCVS` WHERE `UID`='" . $_GET["enterUID"] . "'";
-	$Erg_CVS = mysql_query($SQL_CVS, $con);
-
-	if (mysql_num_rows($Erg_CVS) != 1)
-		echo "Sorry, der Engel (UID=" . $_GET["enterUID"] . ") wurde in der Liste nicht gefunden.";
-	else {
-		// Rename if is an group
-		if ($_GET["enterUID"] < 0) {
-			$SQLname = "SELECT `Name` FROM `UserGroups` WHERE `UID`='" . $_GET["enterUID"] . "'";
-			$ErgName = mysql_query($SQLname, $con);
-			echo mysql_error($con);
-
-			echo "<form action=\"./userSaveSecure.php?action=changeGroupName\" method=\"POST\">\n";
-			echo "<input type=\"hidden\" name=\"enterUID\" value=\"" . $_GET["enterUID"] . "\">\n";
-			echo "<input type=\"text\" name=\"GroupName\" value=\"" . mysql_result($ErgName, 0, "Name") . "\">\n";
-			echo "<input type=\"submit\" value=\"rename\">\n";
-			echo "</form>";
-		}
-
-		echo "<form action=\"./userSaveSecure.php?action=change\" method=\"POST\">\n";
-		echo "<table border=\"0\">\n";
-		echo "<input type=\"hidden\" name=\"Type\" value=\"Secure\">\n";
-		echo "  <tr><td><br /><u>Rights of \"" . UID2Nick($_GET["enterUID"]) . "\":</u></td></tr>\n";
-
-		$CVS_Data = mysql_fetch_array($Erg_CVS);
-		$CVS_Data_i = 1;
-		foreach ($CVS_Data as $CVS_Data_Name => $CVS_Data_Value) {
-			$CVS_Data_i++;
-			//nur jeder zweiter sonst wird f�r jeden text noch die position (Zahl) ausgegeben
-			if ($CVS_Data_i % 2 && $CVS_Data_Name != "UID") {
-				if ($CVS_Data_Name == "GroupID") {
-					if ($_GET["enterUID"] > 0) {
-						echo "<tr><td><b>Group</b></td>\n" .
-						"<td><select name=\"GroupID\">";
-
-						$SQL_Group = "SELECT * FROM `UserGroups`";
-						$Erg_Group = mysql_query($SQL_Group, $con);
-						for ($n = 0; $n < mysql_num_rows($Erg_Group); $n++) {
-							$UID = mysql_result($Erg_Group, $n, "UID");
-							echo "\t<option value=\"$UID\"";
-							if ($CVS_Data_Value == $UID)
-								echo " selected";
-							echo ">" . mysql_result($Erg_Group, $n, "Name") . "</option>\n";
-						}
-						echo "</select></td></tr>";
-					}
-				} else {
-					echo "<tr><td>$CVS_Data_Name</td>\n<td>";
-					echo "<input type=\"radio\" name=\"" . ($CVS_Data_i -1) . "\" value=\"Y\" ";
-					if ($CVS_Data_Value == "Y")
-						echo " checked";
-					echo ">allow \n";
-					echo "<input type=\"radio\" name=\"" . ($CVS_Data_i -1) . "\" value=\"N\" ";
-					if ($CVS_Data_Value == "N")
-						echo " checked";
-					echo ">denied \n";
-					if ($_GET["enterUID"] > 0) {
-						echo "<input type=\"radio\" name=\"" . ($CVS_Data_i -1) . "\" value=\"G\" ";
-						if ($CVS_Data_Value == "G")
-							echo " checked";
-						echo ">group-setting \n";
-						echo "</td></tr>";
-					}
-				}
-			} //IF
-		} //Foreach      
-		echo "</td></tr>\n";
-
-		// Ende Formular
-		echo "</td></tr>\n";
-		echo "</table>\n<br />\n";
-		echo "<input type=\"hidden\" name=\"enterUID\" value=\"" . $_GET["enterUID"] . "\">\n";
-		echo "<input type=\"submit\" value=\"sichern...\">\n";
-		echo "</form>";
-
-		echo "<br /><form action=\"./userSaveSecure.php?action=delete\" method=\"POST\">\n";
-		echo "<input type=\"hidden\" name=\"enterUID\" value=\"" . $_GET["enterUID"] . "\">\n";
-		echo "<input type=\"submit\" value=\"l&ouml;schen...\">\n";
-		echo "</form>";
-	}
-}
-
-include ("includes/footer.php");
-?>
-
-
diff --git a/www-ssl/admin/userSaveSecure.php b/www-ssl/admin/userSaveSecure.php
deleted file mode 100644
index de4b47ff..00000000
--- a/www-ssl/admin/userSaveSecure.php
+++ /dev/null
@@ -1,167 +0,0 @@
-<?php
-require_once ('../bootstrap.php');
-
-$title = "User-Liste";
-$header = "Index";
-include ("includes/header.php");
-include ("includes/funktion_db_list.php");
-include ("includes/crypt.php");
-include ("includes/funktion_db.php");
-
-if (!IsSet ($_POST["enterUID"])) {
-	$Right = "N";
-}
-elseif ($_POST["enterUID"] > 0) {
-	$Right = $_SESSION['CVS']["admin/user.php"];
-} else {
-	$Right = $_SESSION['CVS']["admin/group.php"];
-}
-
-if (($Right == "Y") && IsSet ($_GET["action"])) {
-	SetHeaderGo2Back();
-	echo "Gesendeter Befehl: " . $_GET["action"] . "<br />";
-
-	switch ($_GET["action"]) {
-		case "change" :
-			if (IsSet ($_POST["enterUID"])) {
-				if ($_POST["Type"] == "Secure") {
-					$SQL2 = "UPDATE `UserCVS` SET ";
-					$SQL_CVS = "SELECT * FROM `UserCVS` WHERE `UID`='" . $_POST["enterUID"] . "'";
-					$Erg_CVS = mysql_query($SQL_CVS, $con);
-					$CVS_Data = mysql_fetch_array($Erg_CVS);
-					$CVS_Data_i = 1;
-					foreach ($CVS_Data as $CVS_Data_Name => $CVS_Data_Value) {
-						if (($CVS_Data_i +1) % 2 && $CVS_Data_Name != "UID") {
-							if ($CVS_Data_Name == "GroupID") {
-								if ($_POST["enterUID"] > 0)
-									$SQL2 .= "`$CVS_Data_Name` = '" . $_POST["GroupID"] . "', ";
-								else
-									$SQL2 .= "`$CVS_Data_Name` = NULL, ";
-							} else {
-								$SQL2 .= "`$CVS_Data_Name` = '" . $_POST[$CVS_Data_i] . "', ";
-							}
-						}
-						$CVS_Data_i++;
-					}
-					$SQL2 = substr($SQL2, 0, strlen($SQL2) - 2);
-					$SQL2 .= "  WHERE `UID`='" . $_POST["enterUID"] . "' LIMIT 1;";
-					echo "<br />Secure-";
-					$Erg = db_query($SQL2, "change user CVS");
-					if ($Erg == 1) {
-						echo "&Auml;nderung wurde gesichert...\n";
-					} else {
-						echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
-					}
-				} else
-					echo "<h1>Fehler: Unbekanter Type (" . $_POST["Type"] . ") �bergeben\n</h1>\n";
-			} else
-				echo "<h1>Fehler: UserID (enterUID) wurde nicht per POST �bergeben</h1>\n";
-			break;
-
-		case "changeGroupName" :
-			if (IsSet ($_POST["enterUID"]) && ($_POST["enterUID"] < 0)) {
-				$SQL = "UPDATE `UserGroups` SET `Name`='" . $_POST["GroupName"] . "' WHERE `UID`='" . $_POST["enterUID"] . "' LIMIT 1 ;";
-				$Erg = db_query($SQL, "Update Group Name");
-				if ($Erg == 1) {
-					echo "&Auml;nderung wurde gesichert...\n";
-				} else {
-					echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
-				}
-			} else
-				echo "<h1>Fehler: UserID (enterUID) wurde nicht per POST �bergeben</h1>\n";
-			break;
-
-		case "delete" :
-			if (IsSet ($_POST["enterUID"]) && ($_POST["enterUID"] > 0)) {
-				echo "delate User...";
-				$SQL = "DELETE FROM `User` WHERE `UID`='" . $_POST["enterUID"] . "' LIMIT 1;";
-				$Erg = db_query($SQL, "User delete");
-				if ($Erg == 1) {
-					echo "&Auml;nderung wurde gesichert...\n";
-				} else {
-					echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
-				}
-
-				echo "<br />\ndelate UserCVS...";
-				$SQL2 = "DELETE FROM `UserCVS` WHERE `UID`='" . $_POST["enterUID"] . "' LIMIT 1;";
-				$Erg = db_query($SQL2, "User CVS delete");
-				if ($Erg == 1) {
-					echo "&Auml;nderung wurde gesichert...\n";
-				} else {
-					echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
-				}
-
-				echo "<br />\ndelate UserEntry...";
-				$SQL3 = "UPDATE `ShiftEntry` SET `UID`='0', `Comment`=NULL " .
-				"WHERE `UID`='" . $_POST["enterUID"] . "';";
-				$Erg = db_query($SQL3, "delate UserEntry");
-				if ($Erg == 1) {
-					echo "&Auml;nderung wurde gesichert...\n";
-				} else {
-					echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
-				}
-			}
-			elseif (IsSet ($_POST["enterUID"]) && ($_POST["enterUID"] < 0)) {
-				echo "delate Group...";
-				$SQL = "DELETE FROM `UserGroups` WHERE `UID`='" . $_POST["enterUID"] . "' LIMIT 1;";
-				$Erg = db_query($SQL, "Group delete");
-				if ($Erg == 1) {
-					echo "&Auml;nderung wurde gesichert...\n";
-				} else {
-					echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
-				}
-
-				echo "<br />\ndelate UserCVS...";
-				$SQL2 = "DELETE FROM `UserCVS` WHERE `UID`='" . $_POST["enterUID"] . "' LIMIT 1;";
-				$Erg = db_query($SQL2, "User CVS delete");
-				if ($Erg == 1) {
-					echo "&Auml;nderung wurde gesichert...\n";
-				} else {
-					echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
-				}
-
-			}
-			break;
-	} // end switch
-
-	// ende - Action ist gesetzt 
-}
-elseif (IsSet ($_GET["new"]) && ($_SESSION['CVS']["admin/group.php"] == "Y")) {
-	echo "Gesendeter Befehl: " . $_GET["new"] . "<br />";
-
-	switch ($_GET["new"]) {
-		case "newGroup" :
-			echo "\tGenerate new Group ID...\n";
-			$SQLid = "SELECT MIN(`UID`) FROM `UserCVS`;";
-			$Erg = mysql_query($SQLid);
-
-			if (mysql_num_rows($Erg) == 1) {
-				$NewId = mysql_result($Erg, 0, 0) - 1;
-				$SQLnew1 = "INSERT INTO `UserGroups` (`UID`, `Name`) VALUES ('$NewId', '" . $_POST["GroupName"] . "' );";
-				$SQLnew2 = "INSERT INTO `UserCVS` (`UID`, `GroupID`) VALUES ('$NewId', NULL );";
-				echo "\t<br />Generate new UserGroup ...\n";
-				$ErgNew1 = db_query($SQLnew1, "create UserGroups Entry");
-				if ($ErgNew1 == 1) {
-					echo "\t<br />Generate new User rights...\n";
-					$ErgNew2 = db_query($SQLnew2, "UserCVS Entry");
-					if ($ErgNew1 == 1) {
-						echo "\t<br />New group was created.\n";
-					} else {
-						echo "Error on creation\n(" . mysql_error($con) . ")";
-					}
-				} else {
-					echo "Error on creation\n(" . mysql_error($con) . ")";
-				}
-
-			}
-
-			break;
-	}
-} else {
-	// kein Action gesetzt -> abbruch
-	echo "Unzul&auml;ssiger Aufruf.<br />Bitte neu editieren...";
-}
-
-include ("includes/footer.php");
-?>
-
-- 
cgit v1.2.3-54-g00ecf


From e7a25448f2e922cdcb38f3745cf88fa744a3f20b Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Fri, 3 Jun 2011 14:38:12 +0200
Subject: admin language / translation

---
 DB/db_rewrite.sql                 |  47 +++++++++---------
 includes/pages/admin_language.php | 100 ++++++++++++++++++++++++++++++++++++++
 includes/pages/admin_user.php     |   2 +-
 includes/sys_menu.php             |   3 +-
 txt/TODO                          |   5 ++
 www-ssl/index.php                 |   4 ++
 6 files changed, 137 insertions(+), 24 deletions(-)
 create mode 100644 includes/pages/admin_language.php

(limited to 'txt/TODO')

diff --git a/DB/db_rewrite.sql b/DB/db_rewrite.sql
index 19a82c05..8758c191 100644
--- a/DB/db_rewrite.sql
+++ b/DB/db_rewrite.sql
@@ -3,7 +3,7 @@
 -- http://www.phpmyadmin.net
 --
 -- Host: localhost
--- Erstellungszeit: 03. Juni 2011 um 06:12
+-- Erstellungszeit: 03. Juni 2011 um 12:37
 -- Server Version: 5.1.44
 -- PHP-Version: 5.3.1
 
@@ -71,25 +71,26 @@ CREATE TABLE IF NOT EXISTS `Counter` (
 --
 
 INSERT INTO `Counter` (`URL`, `Anz`) VALUES
-('news', 193),
-('login', 28),
-('logout', 14),
-('start', 27),
+('news', 198),
+('login', 34),
+('logout', 15),
+('start', 28),
 ('faq', 19),
-('credits', 3),
+('credits', 7),
 ('register', 10),
-('admin_rooms', 89),
+('admin_rooms', 90),
 ('admin_angel_types', 71),
 ('user_settings', 134),
 ('user_messages', 113),
-('admin_groups', 130),
+('admin_groups', 135),
 ('user_questions', 55),
 ('admin_questions', 43),
 ('admin_faq', 55),
 ('admin_news', 33),
 ('news_comments', 151),
-('admin_user', 196),
-('user_meetings', 5);
+('admin_user', 206),
+('user_meetings', 5),
+('admin_language', 22);
 
 -- --------------------------------------------------------
 
@@ -135,7 +136,7 @@ CREATE TABLE IF NOT EXISTS `GroupPrivileges` (
   `privilege_id` int(11) NOT NULL,
   PRIMARY KEY (`id`),
   KEY `group_id` (`group_id`,`privilege_id`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=71 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=73 ;
 
 --
 -- Daten für Tabelle `GroupPrivileges`
@@ -151,14 +152,15 @@ INSERT INTO `GroupPrivileges` (`id`, `group_id`, `privilege_id`) VALUES
 (61, -4, 6),
 (66, -2, 15),
 (65, -2, 3),
-(12, -5, 10),
+(71, -5, 10),
 (60, -4, 12),
 (59, -4, 14),
 (64, -2, 4),
 (58, -4, 13),
 (57, -4, 7),
 (63, -4, 5),
-(70, -2, 8);
+(70, -2, 8),
+(72, -5, 18);
 
 -- --------------------------------------------------------
 
@@ -272,7 +274,7 @@ CREATE TABLE IF NOT EXISTS `Privileges` (
   `desc` varchar(1024) NOT NULL,
   PRIMARY KEY (`id`),
   UNIQUE KEY `name` (`name`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=18 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=19 ;
 
 --
 -- Daten für Tabelle `Privileges`
@@ -295,7 +297,8 @@ INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES
 (14, 'admin_news', 'Administrate the news section'),
 (15, 'news_comments', 'User can comment news'),
 (16, 'admin_user', 'Administrate the angels'),
-(17, 'user_meetings', 'Lists meetings (news)');
+(17, 'user_meetings', 'Lists meetings (news)'),
+(18, 'admin_language', 'Translate the system');
 
 -- --------------------------------------------------------
 
@@ -1040,7 +1043,9 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES
 ('admin_news', 'DE', 'News verwalten'),
 ('admin_news', 'EN', 'Manage news'),
 ('user_meetings', 'DE', 'Treffen'),
-('user_meetings', 'EN', 'Meetings');
+('user_meetings', 'EN', 'Meetings'),
+('admin_language', 'DE', 'Übersetzung'),
+('admin_language', 'EN', 'Translation');
 
 -- --------------------------------------------------------
 
@@ -1083,8 +1088,8 @@ CREATE TABLE IF NOT EXISTS `User` (
 --
 
 INSERT INTO `User` (`UID`, `Nick`, `Name`, `Vorname`, `Alter`, `Telefon`, `DECT`, `Handy`, `email`, `ICQ`, `jabber`, `Size`, `Passwort`, `Gekommen`, `Aktiv`, `Tshirt`, `color`, `Sprache`, `Avatar`, `Menu`, `lastLogIn`, `CreateDate`, `Art`, `kommentar`, `Hometown`) VALUES
-(1, 'admin', 'Gates', 'Bill', 42, '', '', '', '', '', '', '', '4297f44b13955235245b2497399d7a93', 1, 1, 0, 10, 'DE', 115, 'L', 1307081238, '0000-00-00 00:00:00', '', '', ''),
-(148, 'msquare', '', '', 23, '', '', '', 'msquare@notrademark.de', '', '', '', '4297f44b13955235245b2497399d7a93', 0, 1, 1, 10, 'DE', 0, 'L', 1307081543, '2011-06-03 07:55:24', 'AudioEngel', '', '');
+(1, 'admin', 'Gates', 'Bill', 42, '', '', '', '', '', '', '', '4297f44b13955235245b2497399d7a93', 1, 1, 0, 10, 'DE', 115, 'L', 1307104634, '0000-00-00 00:00:00', '', '', ''),
+(148, 'msquare', '', '', 23, '', '', '', 'msquare@notrademark.de', '', '', '', '4297f44b13955235245b2497399d7a93', 0, 1, 1, 10, 'DE', 0, 'L', 1307082872, '2011-06-03 07:55:24', 'AudioEngel', '', '');
 
 -- --------------------------------------------------------
 
@@ -1174,7 +1179,7 @@ CREATE TABLE IF NOT EXISTS `UserGroups` (
   `group_id` int(11) NOT NULL,
   PRIMARY KEY (`id`),
   KEY `uid` (`uid`,`group_id`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=11 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=12 ;
 
 --
 -- Daten für Tabelle `UserGroups`
@@ -1185,9 +1190,7 @@ INSERT INTO `UserGroups` (`id`, `uid`, `group_id`) VALUES
 (2, 1, -3),
 (3, 1, -5),
 (4, 1, -4),
-(8, 148, -2),
-(9, 148, -3),
-(10, 148, -4);
+(11, 148, -2);
 
 -- --------------------------------------------------------
 
diff --git a/includes/pages/admin_language.php b/includes/pages/admin_language.php
new file mode 100644
index 00000000..a866528e
--- /dev/null
+++ b/includes/pages/admin_language.php
@@ -0,0 +1,100 @@
+<?php
+function admin_language() {
+	global $user;
+
+	$html = "";
+	if (!isset ($_POST["TextID"])) {
+		$html .= Get_Text("Hello") . $user['Nick'] . ", <br />\n";
+		$html .= Get_Text("pub_sprache_text1") . "<br /><br />\n";
+
+		$html .= "<a href=\"" . page_link_to("admin_language") . "&ShowEntry=y\">" . Get_Text("pub_sprache_ShowEntry") . "</a>";
+		// ausgabe Tabellenueberschift
+		$SQL_Sprachen = "SELECT `Sprache` FROM `Sprache` GROUP BY `Sprache`;";
+		$erg_Sprachen = sql_query($SQL_Sprachen);
+
+		for ($i = 0; $i < mysql_num_rows($erg_Sprachen); $i++)
+			$Sprachen[mysql_result($erg_Sprachen, $i, "Sprache")] = $i;
+
+		$html .= "\t<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n\t\t<tr>";
+		$html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_TextID") . "</b></td>";
+		foreach ($Sprachen as $Name => $Value)
+			$html .= "<td class=\"contenttopic\"><b>" .
+			Get_Text("pub_sprache_Sprache") . " " . $Name .
+			"</b></td>";
+		$html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_Edit") . "</b></td>";
+		$html .= "\t\t</tr>";
+
+		if (isset ($_GET["ShowEntry"])) {
+			// ausgabe eintraege
+			$SQL = "SELECT * FROM `Sprache` ORDER BY `TextID`;";
+			$erg = sql_query($SQL);
+
+			$TextID_Old = mysql_result($erg, 0, "TextID");
+			for ($i = 0; $i < mysql_num_rows($erg); $i++) {
+				$TextID_New = mysql_result($erg, $i, "TextID");
+				if ($TextID_Old != $TextID_New) {
+					$html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">";
+					$html .= "<tr class=\"content\">\n";
+					$html .= "\t\t<td>$TextID_Old " .
+					"<input name=\"TextID\" type=\"hidden\" value=\"$TextID_Old\"> </td>\n";
+
+					foreach ($Sprachen as $Name => $Value) {
+						$Value = html_entity_decode($Value, ENT_QUOTES);
+						$html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Value</textarea></td>\n";
+						$Sprachen[$Name] = "";
+					}
+
+					$html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n";
+					$html .= "</tr>";
+					$html .= "</form>\n";
+					$TextID_Old = $TextID_New;
+				}
+				$Sprachen[mysql_result($erg, $i, "Sprache")] = mysql_result($erg, $i, "Text");
+			} /*FOR*/
+		}
+
+		//fuer neu eintraege
+		$html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">";
+		$html .= "<tr class=\"content\">\n";
+		$html .= "\t\t<td><input name=\"TextID\" type=\"text\" size=\"40\" value=\"new\"> </td>\n";
+
+		foreach ($Sprachen as $Name => $Value)
+			$html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Name Text</textarea></td>\n";
+
+		$html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n";
+		$html .= "</tr>";
+		$html .= "</form>\n";
+
+		$html .= "</table>\n";
+	} /*if( !isset( $TextID )  )*/
+	else {
+		$html .= "edit: " . $_POST["TextID"] . "<br /><br />";
+		foreach ($_POST as $k => $v) {
+			if ($k != "TextID") {
+				$sql_test = "SELECT * FROM `Sprache` " .
+				"WHERE `TextID`='" . $_POST["TextID"] . "' AND `Sprache`='$k'";
+				$erg_test = sql_query($sql_test);
+
+				if (mysql_num_rows($erg_test) == 0) {
+					$sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) " .
+					"VALUES ('" . $_POST["TextID"] . "', '$k', '$v')";
+					$html .= $sql_save . "<br />";
+					$Erg = sql_query($sql_save);
+					$html .= success("$k Save: OK<br />\n");
+				} else
+					if (mysql_result($erg_test, 0, "Text") != $v) {
+						$sql_save = "UPDATE `Sprache` SET `Text`='$v' " .
+						"WHERE `TextID`='" . $_POST["TextID"] . "' AND `Sprache`='$k' ";
+						$html .= $sql_save . "<br />";
+						$Erg = sql_query($sql_save);
+						$html .= success(" $k Update: OK<br />\n");
+					} else
+						$html .= "\t $k no changes<br />\n";
+			}
+		}
+
+	}
+	return $html;
+}
+?>
+
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index 630ca772..0399dda8 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -243,7 +243,7 @@ function admin_user() {
 																																					    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Gekommen">Gekommen</a></th>
 																																					    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Aktiv">Aktiv</a></th>
 																																					    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Tshirt">T-Shirt</a></th>
-																																					    <th><a href="' . page_link_to("admin_user") . '&OrderBy=CreateDate">Registrier</a></th>
+																																					    <th><a href="' . page_link_to("admin_user") . '&OrderBy=CreateDate">Registriert</a></th>
 																																					    <th>&Auml;nd.</th>
 																																					  </tr></thead>';
 		$Gekommen = 0;
diff --git a/includes/sys_menu.php b/includes/sys_menu.php
index d5543f97..744d28d5 100644
--- a/includes/sys_menu.php
+++ b/includes/sys_menu.php
@@ -39,7 +39,8 @@ function make_navigation() {
 		"admin_shifts",
 		"admin_rooms",
 		"admin_groups",
-		"admin_faq"
+		"admin_faq",
+		"admin_language"
 	));
 	return $menu;
 }
diff --git a/txt/TODO b/txt/TODO
index d78d3198..62bbe106 100644
--- a/txt/TODO
+++ b/txt/TODO
@@ -1,8 +1,13 @@
 jetzt:
+ * aktiv
+ * gekommen
+ * tshirt
  * schichtimport
  * schichtadministration
  * meine schichten
  * schichten
+ * Services?
+ * DECT-kram?
  * weckservice?
 
 später:
diff --git a/www-ssl/index.php b/www-ssl/index.php
index ded6c110..fe8c4795 100644
--- a/www-ssl/index.php
+++ b/www-ssl/index.php
@@ -93,6 +93,10 @@ if (in_array($p, $privileges)) {
 	elseif ($p == "admin_faq") {
 		require_once ('includes/pages/admin_faq.php');
 		$content = admin_faq();
+	} 
+	elseif ($p == "admin_language") {
+		require_once ('includes/pages/admin_language.php');
+		$content = admin_language();
 	} else {
 		require_once ('includes/pages/guest_start.php');
 		$content = guest_start();
-- 
cgit v1.2.3-54-g00ecf


From 72f547e65a9ea779c043056a8c87526b4c345b9f Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Fri, 3 Jun 2011 17:54:33 +0200
Subject: todo...

---
 txt/TODO | 1 +
 1 file changed, 1 insertion(+)

(limited to 'txt/TODO')

diff --git a/txt/TODO b/txt/TODO
index 62bbe106..5bb347bd 100644
--- a/txt/TODO
+++ b/txt/TODO
@@ -12,6 +12,7 @@ jetzt:
 
 später:
  * Zurück-/Backlinks setzen
+ * Pagination
  * MD5-Passwörter mit Salt speichern
  * Passwort-Mindestanforderungen stellen
  * User-Avatare (code liegt auskommentiert in user_settings.php)
-- 
cgit v1.2.3-54-g00ecf


From f7b335f8aec23b47327f1fce3999d873f78b3f7f Mon Sep 17 00:00:00 2001
From: Daniel Friesel <derf@finalrewind.org>
Date: Sat, 4 Jun 2011 23:53:58 +0200
Subject: todo

---
 txt/TODO | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'txt/TODO')

diff --git a/txt/TODO b/txt/TODO
index 5bb347bd..a3f3e045 100644
--- a/txt/TODO
+++ b/txt/TODO
@@ -24,6 +24,8 @@ später:
  * FAQ ordentlich mehrsprachig machen
  * Fertig übersetzen/Sprachwirrwarr beseitigen
  * Übersetzung
+ * Infotresen-Support (Engel angekommen/Badge gekriegt ohne Adminrechte
+   setzen)
 
 * schichten ueber monatsgrenzen einbaue im moment werden die tage nur 
   hochgezaehlt und die monatzgrenzen werden ignoriert
-- 
cgit v1.2.3-54-g00ecf