summaryrefslogtreecommitdiff
path: root/includes/pages/admin_rooms.php
blob: be54b8ea88c4e34aaa3c15c1d2d7ed201d6b708e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
<?php
function admin_rooms() {
	global $user;

	$html = "";
	$rooms = sql_select("SELECT * FROM `Room` ORDER BY `Number`, `Name`");
	if (!isset ($_REQUEST["action"])) {
		$html .= "Hallo " . $user['Nick'] .
		",<br />\nhier hast du die M&ouml;glichkeit, neue R&auml;ume f&uuml;r die Schichtpl&auml;ne einzutragen " .
		"oder vorhandene abzu&auml;ndern:<br /><br />\n";

		// Räume auflisten
		if (count($rooms) > 0) {
			$html .= '<table><thead><tr>';

			$html .= "<table width=\"100%\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n";
			$html .= "<tr class=\"contenttopic\">\n";

			// Tabellenüberschriften generieren
			foreach ($rooms[0] as $attr => $tmp)
				if ($attr != 'RID')
					$html .= '<th>' . $attr . '</th>';
			$html .= '<th>&nbsp;</th>';
			$html .= '</tr></thead><tbody>';

			foreach ($rooms as $i => $room) {
				$html .= '<tr>';
				foreach ($room as $attr => $value)
					if ($attr != 'RID')
						$html .= '<td>' . $value . '</td>';
				$html .= '<td><a href="' . page_link_to("admin_rooms") . '&action=change&RID=' . $room['RID'] . '">Edit</a></td>';
				$html .= '</tr>';
			}

			$html .= '</tbody></table>';
		}
		$html .= "<hr /><a href=\"" . page_link_to("admin_rooms") . "&action=new\">Neuen Raum/Ort eintragen</a><br />\n";
	} else {
		switch ($_REQUEST["action"]) {

			case 'new' :
				$html .= template_render('../templates/admin_rooms_new_form.html', array (
					'link' => page_link_to("admin_rooms")
				));
				break;

			case 'newsave' :
				$name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Name']));
				$man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Man']));
				$from_pentabarf = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['FromPentabarf']));
				$show = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['Show']));
				$number = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['Number']));
				sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($show) . "', `Number`='" . sql_escape($number) . "'");
				header("Location: " . page_link_to("admin_rooms"));
				break;

			case 'change' :
				if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
					$rid = $_REQUEST['RID'];
				else
					return error("Incomplete call, missing Room ID.");

				$room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
				if (count($room) > 0) {
					list ($room) = $room;
					$room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `RoomAngelTypes` ON (`AngelTypes`.`TID` = `RoomAngelTypes`.`angel_type_id` AND `RoomAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`");

					$angel_types = "";
					foreach ($room_angel_types as $room_angel_type) {
						if ($room_angel_type['count'] == "")
							$room_angel_type['count'] = "0";
						$angel_types .= '<tr><td>' . $room_angel_type['Name'] . '</td><td><input type="text" name="angel_type_' . $room_angel_type['TID'] . '" value="' . $room_angel_type['count'] . '" /></td></tr>';
					}

					$html .= template_render('../templates/admin_rooms_edit_form.html', array (
						'link' => page_link_to("admin_rooms"),
						'room_id' => $rid,
						'name' => $room['Name'],
						'man' => $room['Man'],
						'number' => $room['Number'],
						'from_pentabarf_options' => html_options('FromPentabarf', array (
							'Y' => 'Yes',
							'N' => 'No'
						), $room['FromPentabarf']),
						'show_options' => html_options('Show', array (
							'Y' => 'Yes',
							'N' => 'No'
						), $room['show']),
						'angel_types' => $angel_types
					));
				} else
					return error("No Room found.");
				break;

			case 'changesave' :
				if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
					$rid = $_REQUEST['RID'];
				else
					return error("Incomplete call, missing Room ID.");

				$room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
				if (count($room) > 0) {
					list ($room) = $room;
					$room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `RoomAngelTypes` ON (`AngelTypes`.`TID` = `RoomAngelTypes`.`angel_type_id` AND `RoomAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`");

					$name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Name']));
					$man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Man']));
					$from_pentabarf = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['FromPentabarf']));
					$show = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['Show']));
					$number = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['Number']));
					sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($show) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
					sql_query("DELETE FROM `RoomAngelTypes` WHERE `room_id`=" . sql_escape($rid));
					foreach ($room_angel_types as $room_angel_type) {
						if (isset ($_REQUEST['angel_type_' . $room_angel_type['TID']]) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['angel_type_' . $room_angel_type['TID']]))
							$count = $_REQUEST['angel_type_' . $room_angel_type['TID']];
						else
							$count = "0";
						sql_query("INSERT INTO `RoomAngelTypes` SET `room_id`=" . sql_escape($rid) . ", `angel_type_id`=" . sql_escape($room_angel_type['TID']) . ", `count`=" . sql_escape($count));
					}
					header("Location: " . page_link_to("admin_rooms"));
				} else
					return error("No Room found.");
				break;

			case 'delete' :
				if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
					$rid = $_REQUEST['RID'];
				else
					return error("Incomplete call, missing Room ID.");

				if (sql_num_query("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1") > 0) {
					sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
					sql_query("DELETE FROM `RoomAngelTypes` WHERE `room_id`=" . sql_escape($rid) . " LIMIT 1");
					header("Location: " . page_link_to("admin_rooms"));
				} else
					return error("No Room found.");
				break;

		}
	}
	return $html;
}
?>