$shift['name'], 'start' => date("Y-m-d H:i", $shift['start']), 'end' => date("H:i", $shift['end']), 'id' => $shift_id )); } elseif (isset ($_REQUEST['shift_id'])) { if (isset ($_REQUEST['shift_id']) && preg_match("/^[0-9]*$/", $_REQUEST['shift_id'])) $shift_id = $_REQUEST['shift_id']; else header("Location: " . page_link_to('user_shifts')); $shift = sql_select("SELECT * FROM `Shifts` JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1"); if (count($shift) == 0) header("Location: " . page_link_to('user_shifts')); $shift = $shift[0]; if (isset ($_REQUEST['type_id']) && preg_match("/^[0-9]*$/", $_REQUEST['type_id'])) $type_id = $_REQUEST['type_id']; else header("Location: " . page_link_to('user_shifts')); $type = sql_select("SELECT * FROM `AngelTypes` WHERE `TID`=" . sql_escape($type_id) . " LIMIT 1"); if (count($type) == 0) header("Location: " . page_link_to('user_shifts')); $type = $type[0]; if (isset ($_REQUEST['submit'])) { if (in_array('user_shifts_admin', $privileges)) { if (isset ($_REQUEST['user_id']) && preg_match("/^[0-9]*$/", $_REQUEST['user_id'])) $user_id = $_REQUEST['user_id']; else $user_id = $user['UID']; $user_test = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($user_id) . " LIMIT 1"); if (count($user_test) == 0) header("Location: " . page_link_to('user_shifts')); } else $user_id = $user['UID']; // TODO: Kollisionserkennung, andere Schichten zur gleichen Uhrzeit darf der Engel auch nicht belegt haben... $entries = sql_select("SELECT * FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift['SID'])); foreach ($entries as $entry) if ($entry['UID'] == $user_id) return error("This angel does already have an entry for this shift."); $comment = strip_request_item_nl('comment'); sql_query("INSERT INTO `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "', `UID`=" . sql_escape($user_id) . ", `TID`=" . sql_escape($type_id) . ", `SID`=" . sql_escape($shift_id)); return success("Now it's your shift. Thank you!") . 'View my shifts »'; } if (in_array('user_shifts_admin', $privileges)) { $users = sql_select("SELECT * FROM `User` ORDER BY `Nick`"); $users_select = array (); foreach ($users as $usr) $users_select[$usr['UID']] = $usr['Nick']; $user_text = html_select_key('user_id', $users_select, $user['UID']); } else $user_text = $user['Nick']; return template_render('../templates/user_shifts_add.html', array ( 'date' => date("Y-m-d H:i", $shift['start']) . ', ' . date("H:i", $shift['end'] - $shift['start']) . 'h', 'title' => $shift['name'], 'location' => $shift['Name'], 'angel' => $user_text, 'type' => $type['Name'], 'comment' => "" )); } else { $shifts = sql_select("SELECT * FROM `Shifts` ORDER BY `start`"); $days = array (); foreach ($shifts as $shift) $days[] = date("Y-m-d", $shift['start']); $days = array_unique($days); $day = $days[0]; if (isset ($_REQUEST['day'])) $day = $_REQUEST['day']; $rooms = sql_select("SELECT * FROM `Room` WHERE `show`='Y' ORDER BY `Name`"); $id = 0; if (isset ($_REQUEST['room_id']) && preg_match("/^[0-9]*$/", $_REQUEST['room_id'])) $id = $_REQUEST['room_id']; $day_timestamp = DateTime :: createFromFormat("Y-m-d-Hi", $day . "-0000")->getTimestamp(); if ($id == 0) $shifts = sql_select("SELECT * FROM `Shifts` JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `start` > " . sql_escape(time()) . " ORDER BY `start`"); else $shifts = sql_select("SELECT * FROM `Shifts` WHERE `RID`=" . sql_escape($id) . " AND `start` >= " . sql_escape($day_timestamp) . " AND `start` < " . sql_escape($day_timestamp +24 * 60 * 60) . " ORDER BY `start`"); $shifts_table = ""; $row_count = 0; foreach ($shifts as $shift) { $shift_row = '