/** * Link to user driver license edit page for given user. * * @param User $user */ function user_driver_license_edit_link($user = null) { if ($user == null) { return page_link_to('user_driver_licenses'); } return page_link_to('user_driver_licenses') . '&user_id=' . $user['UID']; }
function ShiftTypes_list_view($shifttypes) { foreach ($shifttypes as &$shifttype) { $shifttype['name'] = '<a href="' . page_link_to('shifttypes') . '&action=view&shifttype_id=' . $shifttype['id'] . '">' . $shifttype['name'] . '</a>'; $shifttype['actions'] = table_buttons([button(page_link_to('shifttypes') . '&action=edit&shifttype_id=' . $shifttype['id'], _('edit'), 'btn-xs'), button(page_link_to('shifttypes') . '&action=delete&shifttype_id=' . $shifttype['id'], _('delete'), 'btn-xs')]); } return page_with_title(shifttypes_title(), [msg(), buttons([button(page_link_to('shifttypes') . '&action=edit', _('New shifttype'), 'add')]), table(['name' => _('Name'), 'actions' => ''], $shifttypes)]); }
function Questions_view($open_questions, $answered_questions, $ask_action) { foreach ($open_questions as &$question) { $question['actions'] = '<a href="' . page_link_to("user_questions") . '&action=delete&id=' . $question['QID'] . '">' . _("delete") . '</a>'; $question['Question'] = str_replace("\n", '<br />', $question['Question']); } foreach ($answered_questions as &$question) { $question['Question'] = str_replace("\n", '<br />', $question['Question']); $question['Answer'] = str_replace("\n", '<br />', $question['Answer']); $question['actions'] = '<a href="' . page_link_to("user_questions") . '&action=delete&id=' . $question['QID'] . '">' . _("delete") . '</a>'; } return page_with_title(questions_title(), array(msg(), '<h2>' . _("Open questions") . '</h2>', table(array('Question' => _("Question"), 'actions' => ""), $open_questions), '<h2>' . _("Answered questions") . '</h2>', table(array('Question' => _("Question"), 'answer_user' => _("Answered by"), 'Answer' => _("Answer"), 'actions' => ""), $answered_questions), '<h2>' . _("Ask an archangel") . '</h2>', form(array(form_textarea('question', _("Your Question:"), ""), form_submit('submit', _("Save"))), $ask_action))); }
function admin_free() { global $privileges; $search = ""; if (isset($_REQUEST['search'])) { $search = strip_request_item('search'); } $angeltypesearch = ""; if (empty($_REQUEST['angeltype'])) { $_REQUEST['angeltype'] = ''; } else { $angeltypesearch = " INNER JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id` = '" . sql_escape($_REQUEST['angeltype']) . "' AND `UserAngelTypes`.`user_id` = `User`.`UID`"; if (isset($_REQUEST['confirmed_only'])) { $angeltypesearch .= " AND `UserAngelTypes`.`confirm_user_id`"; } $angeltypesearch .= ") "; } $angel_types_source = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `name`"); $angel_types = array('' => 'alle Typen'); foreach ($angel_types_source as $angel_type) { $angel_types[$angel_type['id']] = $angel_type['name']; } $users = sql_select("\n SELECT `User`.* \n FROM `User` \n {$angeltypesearch} \n LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` \n LEFT JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID` AND `Shifts`.`start` < '" . sql_escape(time()) . "' AND `Shifts`.`end` > '" . sql_escape(time()) . "') \n WHERE `User`.`Gekommen` = 1 AND `Shifts`.`SID` IS NULL \n GROUP BY `User`.`UID` \n ORDER BY `Nick`"); $free_users_table = array(); if ($search == "") { $tokens = array(); } else { $tokens = explode(" ", $search); } foreach ($users as $usr) { if (count($tokens) > 0) { $match = false; $index = join("", $usr); foreach ($tokens as $t) { if (stristr($index, trim($t))) { $match = true; break; } } if (!$match) { continue; } } $free_users_table[] = array('name' => User_Nick_render($usr), 'shift_state' => User_shift_state_render($usr), 'handy' => $usr['Handy'], 'telefon' => $usr['Telefon'], 'email' => $usr['email'], 'kommentar' => $usr['kommentar'], 'actions' => in_array('admin_user', $privileges) ? button(page_link_to('admin_user') . '&id=' . $usr['UID'], _("edit"), 'btn-xs') : ''); } return page_with_title(admin_free_title(), array(form(array(div('row', array(div('col-md-4', array(form_text('search', _("Search"), $search))), div('col-md-4', array(form_select('angeltype', _("Angeltype"), $angel_types, $_REQUEST['angeltype']))), div('col-md-2', array(form_checkbox('confirmed_only', _("Only confirmed"), isset($_REQUEST['confirmed_only'])))), div('col-md-2', array(form_submit('submit', _("Search")))))))), table(array('name' => _("Nick"), 'shift_state' => '', 'handy' => _("Mobile"), 'telefon' => _("Phone"), 'email' => _("E-Mail"), 'kommentar' => _("add. Info"), 'actions' => ''), $free_users_table))); }
function admin_news() { global $user; if (!isset($_GET["action"])) { redirect(page_link_to("news")); } else { $html = '<div class="col-md-12"><h1>' . _("Edit news entry") . '</h1>' . msg(); if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) { $id = $_REQUEST['id']; } else { return error("Incomplete call, missing News ID.", true); } $news = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($id) . "' LIMIT 1"); if (count($news) > 0) { switch ($_REQUEST["action"]) { default: redirect(page_link_to('news')); case 'edit': list($news) = $news; $user_source = User($news['UID']); if ($user_source === false) { engelsystem_error("Unable to load user."); } $html .= form(array(form_info(_("Date"), date("Y-m-d H:i", $news['Datum'])), form_info(_("Author"), User_Nick_render($user_source)), form_text('eBetreff', _("Subject"), $news['Betreff']), form_textarea('eText', _("Message"), $news['Text']), form_checkbox('eTreffen', _("Meeting"), $news['Treffen'] == 1, 1), form_submit('submit', _("Save"))), page_link_to('admin_news&action=save&id=' . $id)); $html .= '<a class="btn btn-danger" href="' . page_link_to('admin_news&action=delete&id=' . $id) . '"><span class="glyphicon glyphicon-trash"></span> ' . _("Delete") . '</a>'; break; case 'save': list($news) = $news; sql_query("UPDATE `News` SET \n `Datum`='" . sql_escape(time()) . "', \n `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', \n `Text`='" . sql_escape($_POST["eText"]) . "', \n `UID`='" . sql_escape($user['UID']) . "', \n `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' \n WHERE `ID`='" . sql_escape($id) . "'"); engelsystem_log("News updated: " . $_POST["eBetreff"]); success(_("News entry updated.")); redirect(page_link_to("news")); break; case 'delete': list($news) = $news; sql_query("DELETE FROM `News` WHERE `ID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("News deleted: " . $news['Betreff']); success(_("News entry deleted.")); redirect(page_link_to("news")); break; } } else { return error("No News found.", true); } } return $html . '</div>'; }
function user_questions() { global $user; if (!isset($_REQUEST['action'])) { $open_questions = sql_select("SELECT * FROM `Questions` WHERE `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'"); $answered_questions = sql_select("SELECT * FROM `Questions` WHERE NOT `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'"); foreach ($answered_questions as &$question) { $answer_user_source = User($question['AID']); if ($answer_user_source === false) { engelsystem_error(_("Unable to load user.")); } $question['answer_user'] = User_Nick_render($answer_user_source); } return Questions_view($open_questions, $answered_questions, page_link_to("user_questions") . '&action=ask'); } else { switch ($_REQUEST['action']) { case 'ask': $question = strip_request_item_nl('question'); if ($question != "") { $result = sql_query("INSERT INTO `Questions` SET `UID`='" . sql_escape($user['UID']) . "', `Question`='" . sql_escape($question) . "'"); if ($result === false) { engelsystem_error(_("Unable to save question.")); } success(_("You question was saved.")); redirect(page_link_to("user_questions")); } else { return page_with_title(questions_title(), array(error(_("Please enter a question!"), true))); } break; case 'delete': if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) { $id = $_REQUEST['id']; } else { return error(_("Incomplete call, missing Question ID."), true); } $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1"); if (count($question) > 0 && $question[0]['UID'] == $user['UID']) { sql_query("DELETE FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1"); redirect(page_link_to("user_questions")); } else { return page_with_title(questions_title(), array(error(_("No question found."), true))); } break; } } }
function Shift_view($shift, $shifttype, $room, $shift_admin, $angeltypes_source, $user_shift_admin, $admin_rooms, $admin_shifttypes, $user_shifts, $signed_up) { $parsedown = new Parsedown(); $angeltypes = []; foreach ($angeltypes_source as $angeltype) { $angeltypes[$angeltype['id']] = $angeltype; } $needed_angels = ''; foreach ($shift['NeedAngels'] as $needed_angeltype) { $class = 'progress-bar-warning'; if ($needed_angeltype['taken'] == 0) { $class = 'progress-bar-danger'; } if ($needed_angeltype['taken'] >= $needed_angeltype['count']) { $class = 'progress-bar-success'; } $needed_angels .= '<div class="list-group-item">'; $needed_angels .= '<div class="pull-right">' . Shift_signup_button_render($shift, $angeltypes[$needed_angeltype['TID']]) . '</div>'; $needed_angels .= '<h3>' . AngelType_name_render($angeltypes[$needed_angeltype['TID']]) . '</h3>'; $needed_angels .= progress_bar(0, $needed_angeltype['count'], min($needed_angeltype['taken'], $needed_angeltype['count']), $class, $needed_angeltype['taken'] . ' / ' . $needed_angeltype['count']); $angels = []; foreach ($shift['ShiftEntry'] as $shift_entry) { if ($shift_entry['TID'] == $needed_angeltype['TID']) { $entry = User_Nick_render(User($shift_entry['UID'])); if ($shift_entry['freeloaded']) { $entry = '<strike>' . $entry . '</strike>'; } if ($user_shift_admin) { $entry .= ' <div class="btn-group">'; $entry .= button_glyph(page_link_to('user_myshifts') . '&edit=' . $shift_entry['id'] . '&id=' . $shift_entry['UID'], 'pencil', 'btn-xs'); $entry .= button_glyph(page_link_to('user_shifts') . '&entry_id=' . $shift_entry['id'], 'trash', 'btn-xs'); $entry .= '</div>'; } $angels[] = $entry; } } $needed_angels .= join(', ', $angels); $needed_angels .= '</div>'; } $shiftManagers = getShiftManagers($shift['SID']); return page_with_title($shift['name'] . ' <small class="moment-countdown" data-timestamp="' . $shift['start'] . '">%c</small>', [msg(), Shift_collides($shift, $user_shifts) ? info(_('This shift collides with one of your shifts.'), true) : '', $signed_up ? info(_('You are signed up for this shift.'), true) : '', $shift_admin || $admin_shifttypes || $admin_rooms ? buttons([$shift_admin ? button(shift_edit_link($shift), glyph('pencil') . _('edit')) : '', $shift_admin ? button(shift_delete_link($shift), glyph('trash') . _('delete')) : '', $admin_shifttypes ? button(shifttype_link($shifttype), $shifttype['name']) : '', $admin_rooms ? button(room_link($room), glyph('map-marker') . $room['Name']) : '']) : '', div('row', [div('col-sm-3 col-xs-6', ['<h4>' . _('Title') . '</h4>', '<p class="lead">' . ($shift['URL'] != '' ? '<a href="' . $shift['URL'] . '">' . $shift['title'] . '</a>' : $shift['title']) . '</p>']), div('col-sm-3 col-xs-6', ['<h4>' . _('Start') . '</h4>', '<p class="lead' . (time() >= $shift['start'] ? ' text-success' : '') . '">', glyph('calendar') . date('Y-m-d', $shift['start']), '<br />', glyph('time') . date('H:i', $shift['start']), '</p>']), div('col-sm-3 col-xs-6', ['<h4>' . _('End') . '</h4>', '<p class="lead' . (time() >= $shift['end'] ? ' text-success' : '') . '">', glyph('calendar') . date('Y-m-d', $shift['end']), '<br />', glyph('time') . date('H:i', $shift['end']), '</p>']), div('col-sm-3 col-xs-6', ['<h4>' . _('Location') . '</h4>', '<p class="lead">' . glyph('map-marker') . $room['Name'] . '</p>'])]), div('row', [div('col-sm-6', ['<h2>' . _('Needed angels') . '</h2>', '<div class="list-group">' . $needed_angels . '</div>']), div('col-sm-6', [!empty($shiftManagers) ? '<h2>' . _('Shift Manager') . '</h2>' : '', !empty($shiftManagers) ? implode('<br>', array_map(function ($manager) { return $manager['Vorname'] . ' ' . $manager['Name']; }, $shiftManagers)) : '', '<h2>' . _('Description') . '</h2>', $parsedown->parse($shifttype['description'])])]), $shift_admin ? Shift_editor_info_render($shift) : '']); }
function admin_import() { global $rooms_import; global $user; $html = ""; $step = "input"; if (isset($_REQUEST['step']) && in_array($step, ['input', 'check', 'import'])) { $step = $_REQUEST['step']; } if ($test_handle = fopen('../import/tmp', 'w')) { fclose($test_handle); unlink('../import/tmp'); } else { error(_('Webserver has no write-permission on import directory.')); } $import_file = '../import/import_' . $user['UID'] . '.xml'; $shifttype_id = null; $shifttypes_source = ShiftTypes(); if ($shifttypes_source === false) { engelsystem_error('Unable to load shifttypes.'); } $shifttypes = []; foreach ($shifttypes_source as $shifttype) { $shifttypes[$shifttype['id']] = $shifttype['name']; } switch ($step) { case 'input': $ok = false; if (isset($_REQUEST['submit'])) { $ok = true; if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) { $shifttype_id = $_REQUEST['shifttype_id']; } else { $ok = false; error(_('Please select a shift type.')); } if (isset($_FILES['xcal_file']) && $_FILES['xcal_file']['error'] == 0) { if (move_uploaded_file($_FILES['xcal_file']['tmp_name'], $import_file)) { libxml_use_internal_errors(true); if (simplexml_load_file($import_file) === false) { $ok = false; error(_('No valid xml/xcal file provided.')); unlink($import_file); } } else { $ok = false; error(_('File upload went wrong.')); } } else { $ok = false; error(_('Please provide some data.')); } } if ($ok) { redirect(page_link_to('admin_import') . "&step=check&shifttype_id=" . $shifttype_id); } else { $html .= div('well well-sm text-center', [_('File Upload') . mute(glyph('arrow-right')) . mute(_('Validation')) . mute(glyph('arrow-right')) . mute(_('Import'))]) . div('row', [div('col-md-offset-3 col-md-6', [form(array(form_info('', _("This import will create/update/delete rooms and shifts by given FRAB-export file. The needed file format is xcal.")), form_select('shifttype_id', _('Shifttype'), $shifttypes, $shifttype_id), form_file('xcal_file', _("xcal-File (.xcal)")), form_submit('submit', _("Import"))))])]); } break; case 'check': if (!file_exists($import_file)) { error(_('Missing import file.')); redirect(page_link_to('admin_import')); } if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) { $shifttype_id = $_REQUEST['shifttype_id']; } else { error(_('Please select a shift type.')); redirect(page_link_to('admin_import')); } list($rooms_new, $rooms_deleted) = prepare_rooms($import_file); list($events_new, $events_updated, $events_deleted) = prepare_events($import_file, $shifttype_id); $html .= div('well well-sm text-center', ['<span class="text-success">' . _('File Upload') . glyph('ok-circle') . '</span>' . mute(glyph('arrow-right')) . _('Validation') . mute(glyph('arrow-right')) . mute(_('Import'))]) . form([div('row', [div('col-sm-6', ['<h3>' . _("Rooms to create") . '</h3>', table(_("Name"), $rooms_new)]), div('col-sm-6', ['<h3>' . _("Rooms to delete") . '</h3>', table(_("Name"), $rooms_deleted)])]), '<h3>' . _("Shifts to create") . '</h3>', table(array('day' => _("Day"), 'start' => _("Start"), 'end' => _("End"), 'shifttype' => _('Shift type'), 'title' => _("Title"), 'room' => _("Room")), shifts_printable($events_new, $shifttypes)), '<h3>' . _("Shifts to update") . '</h3>', table(array('day' => _("Day"), 'start' => _("Start"), 'end' => _("End"), 'shifttype' => _('Shift type'), 'title' => _("Title"), 'room' => _("Room")), shifts_printable($events_updated, $shifttypes)), '<h3>' . _("Shifts to delete") . '</h3>', table(array('day' => _("Day"), 'start' => _("Start"), 'end' => _("End"), 'shifttype' => _('Shift type'), 'title' => _("Title"), 'room' => _("Room")), shifts_printable($events_deleted, $shifttypes)), form_submit('submit', _("Import"))], page_link_to('admin_import') . '&step=import&shifttype_id=' . $shifttype_id); break; case 'import': if (!file_exists($import_file)) { error(_('Missing import file.')); redirect(page_link_to('admin_import')); } if (!file_exists($import_file)) { redirect(page_link_to('admin_import')); } if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) { $shifttype_id = $_REQUEST['shifttype_id']; } else { error(_('Please select a shift type.')); redirect(page_link_to('admin_import')); } list($rooms_new, $rooms_deleted) = prepare_rooms($import_file); foreach ($rooms_new as $room) { $result = Room_create($room, true, true); if ($result === false) { engelsystem_error('Unable to create room.'); } $rooms_import[trim($room)] = sql_id(); } foreach ($rooms_deleted as $room) { sql_query("DELETE FROM `Room` WHERE `Name`='" . sql_escape($room) . "' LIMIT 1"); } list($events_new, $events_updated, $events_deleted) = prepare_events($import_file, $shifttype_id); foreach ($events_new as $event) { $result = Shift_create($event); if ($result === false) { engelsystem_error('Unable to create shift.'); } } foreach ($events_updated as $event) { $result = Shift_update_by_psid($event); if ($result === false) { engelsystem_error('Unable to update shift.'); } } foreach ($events_deleted as $event) { $result = Shift_delete_by_psid($event['PSID']); if ($result === false) { engelsystem_error('Unable to delete shift.'); } } engelsystem_log("Pentabarf import done"); unlink($import_file); $html .= div('well well-sm text-center', ['<span class="text-success">' . _('File Upload') . glyph('ok-circle') . '</span>' . mute(glyph('arrow-right')) . '<span class="text-success">' . _('Validation') . glyph('ok-circle') . '</span>' . mute(glyph('arrow-right')) . '<span class="text-success">' . _('Import') . glyph('ok-circle') . '</span>']) . success(_("It's done!"), true); break; default: redirect(page_link_to('admin_import')); } return page_with_title(admin_import_title(), [msg(), $html]); }
/** * Creates a link or url to a given resource. * * @param $resource */ function api_link($resource) { return page_link_to('api') . '&r=' . $resource; }
function user_settings() { global $enable_tshirt_size, $tshirt_sizes, $themes, $locales; global $user; $msg = ""; $nick = $user['Nick']; $lastname = $user['Name']; $prename = $user['Vorname']; $age = $user['Alter']; $tel = $user['Telefon']; $dect = $user['DECT']; $mobile = $user['Handy']; $mail = $user['email']; $email_shiftinfo = $user['email_shiftinfo']; $jabber = $user['jabber']; $hometown = $user['Hometown']; $tshirt_size = $user['Size']; $password_hash = ""; $selected_theme = $user['color']; $selected_language = $user['Sprache']; $planned_arrival_date = $user['planned_arrival_date']; $planned_departure_date = $user['planned_departure_date']; if (isset($_REQUEST['submit'])) { $ok = true; if (isset($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) { $mail = strip_request_item('mail'); if (!check_email($mail)) { $ok = false; $msg .= error(_("E-mail address is not correct."), true); } } else { $ok = false; $msg .= error(_("Please enter your e-mail."), true); } $email_shiftinfo = isset($_REQUEST['email_shiftinfo']); if (isset($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) { $jabber = strip_request_item('jabber'); if (!check_email($jabber)) { $ok = false; $msg .= error(_("Please check your jabber account information."), true); } } if (isset($_REQUEST['tshirt_size']) && isset($tshirt_sizes[$_REQUEST['tshirt_size']])) { $tshirt_size = $_REQUEST['tshirt_size']; } elseif ($enable_tshirt_size) { $ok = false; } if (isset($_REQUEST['planned_arrival_date']) && DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))) { $planned_arrival_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))->getTimestamp(); } else { $ok = false; $msg .= error(_("Please enter your planned date of arrival."), true); } if (isset($_REQUEST['planned_departure_date']) && $_REQUEST['planned_departure_date'] != '') { if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_departure_date']))) { $planned_departure_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_departure_date']))->getTimestamp(); } else { $ok = false; $msg .= error(_("Please enter your planned date of departure."), true); } } else { $planned_departure_date = null; } // Trivia if (isset($_REQUEST['lastname'])) { $lastname = strip_request_item('lastname'); } if (isset($_REQUEST['prename'])) { $prename = strip_request_item('prename'); } if (isset($_REQUEST['age']) && preg_match("/^[0-9]{0,4}\$/", $_REQUEST['age'])) { $age = strip_request_item('age'); } if (isset($_REQUEST['tel'])) { $tel = strip_request_item('tel'); } if (isset($_REQUEST['dect'])) { $dect = strip_request_item('dect'); } if (isset($_REQUEST['mobile'])) { $mobile = strip_request_item('mobile'); } if (isset($_REQUEST['hometown'])) { $hometown = strip_request_item('hometown'); } if ($ok) { sql_query("\n UPDATE `User` SET\n `Nick`='" . sql_escape($nick) . "',\n `Vorname`='" . sql_escape($prename) . "',\n `Name`='" . sql_escape($lastname) . "',\n `Alter`='" . sql_escape($age) . "',\n `Telefon`='" . sql_escape($tel) . "',\n `DECT`='" . sql_escape($dect) . "',\n `Handy`='" . sql_escape($mobile) . "',\n `email`='" . sql_escape($mail) . "',\n `email_shiftinfo`=" . sql_bool($email_shiftinfo) . ",\n `jabber`='" . sql_escape($jabber) . "',\n `Size`='" . sql_escape($tshirt_size) . "',\n `Hometown`='" . sql_escape($hometown) . "',\n `planned_arrival_date`='" . sql_escape($planned_arrival_date) . "',\n `planned_departure_date`=" . sql_null($planned_departure_date) . "\n WHERE `UID`='" . sql_escape($user['UID']) . "'"); success(_("Settings saved.")); redirect(page_link_to('user_settings')); } } elseif (isset($_REQUEST['submit_password'])) { $ok = true; if (!isset($_REQUEST['password']) || !verify_password($_REQUEST['password'], $user['Passwort'], $user['UID'])) { $msg .= error(_("-> not OK. Please try again."), true); } elseif (strlen($_REQUEST['new_password']) < MIN_PASSWORD_LENGTH) { $msg .= error(_("Your password is to short (please use at least 6 characters)."), true); } elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2']) { $msg .= error(_("Your passwords don't match."), true); } elseif (set_password($user['UID'], $_REQUEST['new_password'])) { success(_("Password saved.")); } else { error(_("Failed setting password.")); } redirect(page_link_to('user_settings')); } elseif (isset($_REQUEST['submit_theme'])) { $ok = true; if (isset($_REQUEST['theme']) && isset($themes[$_REQUEST['theme']])) { $selected_theme = $_REQUEST['theme']; } else { $ok = false; } if ($ok) { sql_query("UPDATE `User` SET `color`='" . sql_escape($selected_theme) . "' WHERE `UID`='" . sql_escape($user['UID']) . "'"); success(_("Theme changed.")); redirect(page_link_to('user_settings')); } } elseif (isset($_REQUEST['submit_language'])) { $ok = true; if (isset($_REQUEST['language']) && isset($locales[$_REQUEST['language']])) { $selected_language = $_REQUEST['language']; } else { $ok = false; } if ($ok) { sql_query("UPDATE `User` SET `Sprache`='" . sql_escape($selected_language) . "' WHERE `UID`='" . sql_escape($user['UID']) . "'"); $_SESSION['locale'] = $selected_language; success("Language changed."); redirect(page_link_to('user_settings')); } } return page_with_title(settings_title(), array($msg, msg(), div('row', array(div('col-md-6', array(form(array(form_info('', _("Here you can change your user details.")), form_info(entry_required() . ' = ' . _("Entry required!")), form_text('nick', _("Nick"), $nick, true), form_text('lastname', _("Last name"), $lastname), form_text('prename', _("First name"), $prename), form_date('planned_arrival_date', _("Planned date of arrival") . ' ' . entry_required(), $planned_arrival_date, time()), form_date('planned_departure_date', _("Planned date of departure"), $planned_departure_date, time()), form_text('age', _("Age"), $age), form_text('tel', _("Phone"), $tel), form_text('dect', _("DECT"), $dect), form_text('mobile', _("Mobile"), $mobile), form_text('mail', _("E-Mail") . ' ' . entry_required(), $mail), form_checkbox('email_shiftinfo', _("Please send me an email if my shifts change"), $email_shiftinfo), form_text('jabber', _("Jabber"), $jabber), form_text('hometown', _("Hometown"), $hometown), $enable_tshirt_size ? form_select('tshirt_size', _("Shirt size"), $tshirt_sizes, $tshirt_size) : '', form_info('', _('Please visit the angeltypes page to manage your angeltypes.')), form_submit('submit', _("Save")))))), div('col-md-6', array(form(array(form_info(_("Here you can change your password.")), form_password('password', _("Old password:"******"New password:"******"Password confirmation:")), form_submit('submit_password', _("Save")))), form(array(form_info(_("Here you can choose your color settings:")), form_select('theme', _("Color settings:"), $themes, $selected_theme), form_submit('submit_theme', _("Save")))), form(array(form_info(_("Here you can choose your language:")), form_select('language', _("Language:"), $locales, $selected_language), form_submit('submit_language', _("Save")))))))))); }
function view_user_shifts() { global $user, $privileges; global $ical_shifts; $ical_shifts = array(); $days = sql_select_single_col("\n SELECT DISTINCT DATE(FROM_UNIXTIME(`start`)) AS `id`, DATE(FROM_UNIXTIME(`start`)) AS `name` \n FROM `Shifts` \n ORDER BY `start`"); if (count($days) == 0) { error(_("The administration has not configured any shifts yet.")); redirect('?'); } $rooms = sql_select("SELECT `RID` AS `id`, `Name` AS `name` FROM `Room` WHERE `show`='Y' ORDER BY `Name`"); if (count($rooms) == 0) { error(_("The administration has not configured any rooms yet.")); redirect('?'); } if (in_array('user_shifts_admin', $privileges)) { $types = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `AngelTypes`.`name`"); } else { $types = sql_select("SELECT `AngelTypes`.`id`, `AngelTypes`.`name`, (`AngelTypes`.`restricted`=0 OR (NOT `UserAngelTypes`.`confirm_user_id` IS NULL OR `UserAngelTypes`.`id` IS NULL)) as `enabled` FROM `AngelTypes` LEFT JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id`=`AngelTypes`.`id` AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "') ORDER BY `AngelTypes`.`name`"); } if (empty($types)) { $types = sql_select("SELECT `id`, `name` FROM `AngelTypes` WHERE `restricted` = 0"); } $filled = array(array('id' => '1', 'name' => _('occupied')), array('id' => '0', 'name' => _('free'))); if (count($types) == 0) { error(_("The administration has not configured any angeltypes yet - or you are not subscribed to any angeltype.")); redirect('?'); } if (!isset($_SESSION['user_shifts'])) { $_SESSION['user_shifts'] = array(); } if (!isset($_SESSION['user_shifts']['filled'])) { // User shift admins see free and occupied shifts by default $_SESSION['user_shifts']['filled'] = in_array('user_shifts_admin', $privileges) ? [0, 1] : [0]; } foreach (array('rooms', 'types', 'filled') as $key) { if (isset($_REQUEST[$key])) { $filtered = array_filter($_REQUEST[$key], 'is_numeric'); if (!empty($filtered)) { $_SESSION['user_shifts'][$key] = $filtered; } unset($filtered); } if (!isset($_SESSION['user_shifts'][$key])) { $_SESSION['user_shifts'][$key] = array_map('get_ids_from_array', ${$key}); } } if (isset($_REQUEST['rooms'])) { if (isset($_REQUEST['new_style'])) { $_SESSION['user_shifts']['new_style'] = true; } else { $_SESSION['user_shifts']['new_style'] = false; } } if (!isset($_SESSION['user_shifts']['new_style'])) { $_SESSION['user_shifts']['new_style'] = true; } foreach (array('start', 'end') as $key) { if (isset($_REQUEST[$key . '_day']) && in_array($_REQUEST[$key . '_day'], $days)) { $_SESSION['user_shifts'][$key . '_day'] = $_REQUEST[$key . '_day']; } if (isset($_REQUEST[$key . '_time']) && preg_match('#^\\d{1,2}:\\d\\d$#', $_REQUEST[$key . '_time'])) { $_SESSION['user_shifts'][$key . '_time'] = $_REQUEST[$key . '_time']; } if (!isset($_SESSION['user_shifts'][$key . '_day'])) { $time = date('Y-m-d', time() + ($key == 'end' ? 24 * 60 * 60 : 0)); $_SESSION['user_shifts'][$key . '_day'] = in_array($time, $days) ? $time : ($key == 'end' ? max($days) : min($days)); } if (!isset($_SESSION['user_shifts'][$key . '_time'])) { $_SESSION['user_shifts'][$key . '_time'] = date('H:i'); } } if ($_SESSION['user_shifts']['start_day'] > $_SESSION['user_shifts']['end_day']) { $_SESSION['user_shifts']['end_day'] = $_SESSION['user_shifts']['start_day']; } if ($_SESSION['user_shifts']['start_day'] == $_SESSION['user_shifts']['end_day'] && $_SESSION['user_shifts']['start_time'] >= $_SESSION['user_shifts']['end_time']) { $_SESSION['user_shifts']['end_time'] = '23:59'; } if (isset($_SESSION['user_shifts']['start_day'])) { $starttime = DateTime::createFromFormat("Y-m-d H:i", $_SESSION['user_shifts']['start_day'] . $_SESSION['user_shifts']['start_time']); $starttime = $starttime->getTimestamp(); } else { $starttime = now(); } if (isset($_SESSION['user_shifts']['end_day'])) { $endtime = DateTime::createFromFormat("Y-m-d H:i", $_SESSION['user_shifts']['end_day'] . $_SESSION['user_shifts']['end_time']); $endtime = $endtime->getTimestamp(); } else { $endtime = now() + 24 * 60 * 60; } if (!isset($_SESSION['user_shifts']['rooms']) || count($_SESSION['user_shifts']['rooms']) == 0) { $_SESSION['user_shifts']['rooms'] = array(0); } $SQL = "SELECT DISTINCT `Shifts`.*, `ShiftTypes`.`name`, `Room`.`Name` as `room_name`, nat2.`special_needs` > 0 AS 'has_special_needs'\n FROM `Shifts`\n INNER JOIN `Room` USING (`RID`)\n INNER JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n LEFT JOIN (SELECT COUNT(*) AS special_needs , nat3.`shift_id` FROM `NeededAngelTypes` AS nat3 WHERE `shift_id` IS NOT NULL GROUP BY nat3.`shift_id`) AS nat2 ON nat2.`shift_id` = `Shifts`.`SID`\n INNER JOIN `NeededAngelTypes` AS nat ON nat.`count` != 0 AND nat.`angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") AND ((nat2.`special_needs` > 0 AND nat.`shift_id` = `Shifts`.`SID`) OR ((nat2.`special_needs` = 0 OR nat2.`special_needs` IS NULL) AND nat.`room_id` = `RID`))\n LEFT JOIN (SELECT se.`SID`, se.`TID`, COUNT(*) as count FROM `ShiftEntry` AS se GROUP BY se.`SID`, se.`TID`) AS entries ON entries.`SID` = `Shifts`.`SID` AND entries.`TID` = nat.`angel_type_id`\n WHERE `Shifts`.`RID` IN (" . implode(',', $_SESSION['user_shifts']['rooms']) . ")\n AND `start` BETWEEN " . $starttime . " AND " . $endtime; if (count($_SESSION['user_shifts']['filled']) == 1) { if ($_SESSION['user_shifts']['filled'][0] == 0) { $SQL .= "\n AND (nat.`count` > entries.`count` OR entries.`count` IS NULL OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = '" . sql_escape($user['UID']) . "' AND `ShiftEntry`.`SID` = `Shifts`.`SID`))"; } elseif ($_SESSION['user_shifts']['filled'][0] == 1) { $SQL .= "\n AND (nat.`count` <= entries.`count` OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = '" . sql_escape($user['UID']) . "' AND `ShiftEntry`.`SID` = `Shifts`.`SID`))"; } } $SQL .= "\n ORDER BY `start`"; $shifts = sql_select($SQL); $ownshifts_source = sql_select("\n SELECT `ShiftTypes`.`name`, `Shifts`.* \n FROM `Shifts` \n INNER JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n INNER JOIN `ShiftEntry` ON (`Shifts`.`SID` = `ShiftEntry`.`SID` AND `ShiftEntry`.`UID` = '" . sql_escape($user['UID']) . "')\n WHERE `Shifts`.`RID` IN (" . implode(',', $_SESSION['user_shifts']['rooms']) . ")\n AND `start` BETWEEN " . $starttime . " AND " . $endtime); $ownshifts = array(); foreach ($ownshifts_source as $ownshift) { $ownshifts[$ownshift['SID']] = $ownshift; } unset($ownshifts_source); $shifts_table = ""; // qqqq /* * [0] => Array ( [SID] => 1 [start] => 1355958000 [end] => 1355961600 [RID] => 1 [name] => [URL] => [PSID] => [room_name] => test1 [has_special_needs] => 1 [is_full] => 0 ) */ if ($_SESSION['user_shifts']['new_style']) { $first = 15 * 60 * floor($starttime / (15 * 60)); $maxshow = ceil(($endtime - $first) / (60 * 15)); $block = array(); $todo = array(); $myrooms = $rooms; // delete un-selected rooms from array foreach ($myrooms as $k => $v) { if (array_search($v["id"], $_SESSION['user_shifts']['rooms']) === FALSE) { unset($myrooms[$k]); } // initialize $block array $block[$v["id"]] = array_fill(0, $maxshow, 0); } // calculate number of parallel shifts in each timeslot for each room foreach ($shifts as $k => $shift) { $rid = $shift["RID"]; $blocks = ($shift["end"] - $shift["start"]) / (15 * 60); $firstblock = floor(($shift["start"] - $first) / (15 * 60)); for ($i = $firstblock; $i < $blocks + $firstblock && $i < $maxshow; $i++) { $block[$rid][$i]++; } $shifts[$k]['own'] = in_array($shift['SID'], array_keys($ownshifts)); } $shifts_table = '<div class="shifts-table"><table id="shifts" class="table scrollable"><thead><tr><th>-</th>'; foreach ($myrooms as $key => $room) { $rid = $room["id"]; if (array_sum($block[$rid]) == 0) { // do not display columns without entries unset($block[$rid]); unset($myrooms[$key]); continue; } $colspan = call_user_func_array('max', $block[$rid]); if ($colspan == 0) { $colspan = 1; } $todo[$rid] = array_fill(0, $maxshow, $colspan); $shifts_table .= "<th" . ($colspan > 1 ? ' colspan="' . $colspan . '"' : '') . ">" . Room_name_render(['RID' => $room['id'], 'Name' => $room['name']]) . "</th>\n"; } unset($block, $blocks, $firstblock, $colspan, $key, $room); $shifts_table .= "</tr></thead><tbody>"; for ($i = 0; $i < $maxshow; $i++) { $thistime = $first + $i * 15 * 60; if ($thistime % (24 * 60 * 60) == 23 * 60 * 60 && $endtime - $starttime > 24 * 60 * 60) { $shifts_table .= "<tr class=\"row-day\"><th class=\"row-header\">"; $shifts_table .= date('y-m-d<b\\r />H:i', $thistime); } elseif ($thistime % (60 * 60) == 0) { $shifts_table .= "<tr class=\"row-hour\"><th>"; $shifts_table .= date("H:i", $thistime); } else { $shifts_table .= "<tr><th>"; } $shifts_table .= "</th>"; foreach ($myrooms as $room) { $rid = $room["id"]; foreach ($shifts as $shift) { if ($shift["RID"] == $rid) { if (floor($shift["start"] / (15 * 60)) == $thistime / (15 * 60)) { $blocks = ($shift["end"] - $shift["start"]) / (15 * 60); if ($blocks < 1) { $blocks = 1; } $collides = in_array($shift['SID'], array_keys($ownshifts)); if (!$collides) { foreach ($ownshifts as $ownshift) { if ($ownshift['start'] >= $shift['start'] && $ownshift['start'] < $shift['end'] || $ownshift['end'] > $shift['start'] && $ownshift['end'] <= $shift['end'] || $ownshift['start'] < $shift['start'] && $ownshift['end'] > $shift['end']) { $collides = true; break; } } } // qqqqqq $is_free = false; $shifts_row = ''; if (in_array('admin_shifts', $privileges)) { $shifts_row .= '<div class="pull-right">' . table_buttons(array(button(page_link_to('user_shifts') . '&edit_shift=' . $shift['SID'], glyph('edit'), 'btn-xs'), button(page_link_to('user_shifts') . '&delete_shift=' . $shift['SID'], glyph('trash'), 'btn-xs'))) . '</div>'; } $shifts_row .= Room_name_render(['RID' => $room['id'], 'Name' => $room['name']]) . '<br />'; $shifts_row .= '<a href="' . shift_link($shift) . '">' . date('d.m. H:i', $shift['start']); $shifts_row .= " – "; $shifts_row .= date('H:i', $shift['end']); $shifts_row .= "<br /><b>"; $shifts_row .= ShiftType($shift['shifttype_id'])['name']; $shifts_row .= "</b><br />"; if ($shift['title'] != '') { $shifts_row .= $shift['title']; $shifts_row .= "<br />"; } $shifts_row .= '</a>'; $shifts_row .= '<br />'; $query = "SELECT `NeededAngelTypes`.`count`, `AngelTypes`.`id`, `AngelTypes`.`restricted`, `UserAngelTypes`.`confirm_user_id`, `AngelTypes`.`name`, `UserAngelTypes`.`user_id`\n FROM `NeededAngelTypes`\n JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id`)\n LEFT JOIN `UserAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `UserAngelTypes`.`angeltype_id`AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "')\n WHERE\n `count` > 0\n AND "; if ($shift['has_special_needs']) { $query .= "`shift_id` = '" . sql_escape($shift['SID']) . "'"; } else { $query .= "`room_id` = '" . sql_escape($shift['RID']) . "'"; } if (!empty($_SESSION['user_shifts']['types'])) { $query .= " AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") "; } $query .= " ORDER BY `AngelTypes`.`name`"; $angeltypes = sql_select($query); if (count($angeltypes) > 0) { foreach ($angeltypes as $angeltype) { $entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `TID`='" . sql_escape($angeltype['id']) . "' ORDER BY `Nick`"); $entry_list = array(); $freeloader = 0; foreach ($entries as $entry) { $style = ''; if ($entry['freeloaded']) { $freeloader++; $style = " text-decoration: line-through;"; } if (in_array('user_shifts_admin', $privileges)) { $entry_list[] = "<span style=\"{$style}\">" . User_Nick_render($entry) . ' ' . table_buttons(array(button(page_link_to('user_shifts') . '&entry_id=' . $entry['id'], glyph('trash'), 'btn-xs'))) . '</span>'; } else { $entry_list[] = "<span style=\"{$style}\">" . User_Nick_render($entry) . "</span>"; } } if ($angeltype['count'] - count($entries) - $freeloader > 0) { $inner_text = sprintf(ngettext("%d helper needed", "%d helpers needed", $angeltype['count'] - count($entries)), $angeltype['count'] - count($entries)); // is the shift still running or alternatively is the user shift admin? $user_may_join_shift = true; // you cannot join if user alread joined a parallel or this shift $user_may_join_shift &= !$collides; // you cannot join if user is not of this angel type $user_may_join_shift &= isset($angeltype['user_id']); // you cannot join if you are not confirmed if ($angeltype['restricted'] == 1 && isset($angeltype['user_id'])) { $user_may_join_shift &= isset($angeltype['confirm_user_id']); } // you can only join if the shift is in future or running $user_may_join_shift &= time() < $shift['start']; // User shift admins may join anybody in every shift $user_may_join_shift |= in_array('user_shifts_admin', $privileges); if ($user_may_join_shift) { $entry_list[] = '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . $inner_text . '</a> ' . button(page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'], _('Sign up'), 'btn-xs'); } else { if (time() > $shift['start']) { $entry_list[] = $inner_text . ' (' . _('ended') . ')'; } elseif ($angeltype['restricted'] == 1 && isset($angeltype['user_id']) && !isset($angeltype['confirm_user_id'])) { $entry_list[] = $inner_text . glyph('lock'); } elseif ($angeltype['restricted'] == 1) { $entry_list[] = $inner_text; } elseif ($collides) { $entry_list[] = $inner_text; } else { $entry_list[] = $inner_text . '<br />' . button(page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], sprintf(_('Become %s'), $angeltype['name']), 'btn-xs'); } } unset($inner_text); $is_free = true; } $shifts_row .= '<strong>' . AngelType_name_render($angeltype) . ':</strong> '; $shifts_row .= join(", ", $entry_list); $shifts_row .= '<br />'; } if (in_array('user_shifts_admin', $privileges)) { $shifts_row .= ' ' . button(page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'], _("Add more angels"), 'btn-xs'); } } if ($shift['own'] && !in_array('user_shifts_admin', $privileges)) { $class = 'own'; } elseif ($collides && !in_array('user_shifts_admin', $privileges)) { $class = 'collides'; } elseif ($is_free) { $class = 'free'; } else { $class = 'occupied'; } $shifts_table .= '<td rowspan="' . $blocks . '" class="' . $class . '">'; $shifts_table .= $shifts_row; $shifts_table .= "</td>"; for ($j = 0; $j < $blocks && $i + $j < $maxshow; $j++) { $todo[$rid][$i + $j]--; } } } } // fill up row with empty <td> while ($todo[$rid][$i]-- > 0) { $shifts_table .= '<td class="empty"></td>'; } } $shifts_table .= "</tr>\n"; } $shifts_table .= '</tbody></table></div>'; // qqq } else { $shifts_table = array(); foreach ($shifts as $shift) { $info = array(); if ($_SESSION['user_shifts']['start_day'] != $_SESSION['user_shifts']['end_day']) { $info[] = date("Y-m-d", $shift['start']); } $info[] = date("H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']); if (count($_SESSION['user_shifts']['rooms']) > 1) { $info[] = Room_name_render(['Name' => $shift['room_name'], 'RID' => $shift['RID']]); } $shift_row = array('info' => join('<br />', $info), 'entries' => '<a href="' . shift_link($shift) . '">' . $shift['name'] . '</a>' . ($shift['title'] ? '<br />' . $shift['title'] : '')); if (in_array('admin_shifts', $privileges)) { $shift_row['info'] .= ' ' . table_buttons(array(button(page_link_to('user_shifts') . '&edit_shift=' . $shift['SID'], glyph('edit'), 'btn-xs'), button(page_link_to('user_shifts') . '&delete_shift=' . $shift['SID'], glyph('trash'), 'btn-xs'))); } $shift_row['entries'] .= '<br />'; $is_free = false; $shift_has_special_needs = 0 < sql_num_query("SELECT `id` FROM `NeededAngelTypes` WHERE `shift_id` = " . $shift['SID']); $query = "SELECT `NeededAngelTypes`.`count`, `AngelTypes`.`id`, `AngelTypes`.`restricted`, `UserAngelTypes`.`confirm_user_id`, `AngelTypes`.`name`, `UserAngelTypes`.`user_id`\n FROM `NeededAngelTypes`\n JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id`)\n LEFT JOIN `UserAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `UserAngelTypes`.`angeltype_id`AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "')\n WHERE "; if ($shift_has_special_needs) { $query .= "`shift_id` = '" . sql_escape($shift['SID']) . "'"; } else { $query .= "`room_id` = '" . sql_escape($shift['RID']) . "'"; } $query .= " AND `count` > 0 "; if (!empty($_SESSION['user_shifts']['types'])) { $query .= "AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") "; } $query .= "ORDER BY `AngelTypes`.`name`"; $angeltypes = sql_select($query); if (count($angeltypes) > 0) { $my_shift = sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `UID`='" . sql_escape($user['UID']) . "' LIMIT 1") > 0; foreach ($angeltypes as &$angeltype) { $entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `TID`='" . sql_escape($angeltype['id']) . "' ORDER BY `Nick`"); $entry_list = array(); $entry_nicks = []; $freeloader = 0; foreach ($entries as $entry) { if (in_array('user_shifts_admin', $privileges)) { $member = User_Nick_render($entry) . ' ' . table_buttons(array(button(page_link_to('user_shifts') . '&entry_id=' . $entry['id'], glyph('trash'), 'btn-xs'))); } else { $member = User_Nick_render($entry); } if ($entry['freeloaded']) { $member = '<strike>' . $member . '</strike>'; $freeloader++; } $entry_list[] = $member; $entry_nicks[] = $entry['Nick']; } $angeltype['taken'] = count($entries) - $freeloader; $angeltype['angels'] = $entry_nicks; // do we need more angles of this type? if ($angeltype['count'] - count($entries) + $freeloader > 0) { $inner_text = sprintf(ngettext("%d helper needed", "%d helpers needed", $angeltype['count'] - count($entries) + $freeloader), $angeltype['count'] - count($entries) + $freeloader); // is the shift still running or alternatively is the user shift admin? $user_may_join_shift = true; /* you cannot join if user already joined this shift */ $user_may_join_shift &= !$my_shift; // you cannot join if user is not of this angel type $user_may_join_shift &= isset($angeltype['user_id']); // you cannot join if you are not confirmed if ($angeltype['restricted'] == 1 && isset($angeltype['user_id'])) { $user_may_join_shift &= isset($angeltype['confirm_user_id']); } // you can only join if the shift is in future or running $user_may_join_shift &= time() < $shift['start']; // User shift admins may join anybody in every shift $user_may_join_shift |= in_array('user_shifts_admin', $privileges); if ($user_may_join_shift) { $entry_list[] = '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . $inner_text . ' »</a>'; } else { if (time() > $shift['end']) { $entry_list[] = $inner_text . ' (vorbei)'; } elseif ($angeltype['restricted'] == 1 && isset($angeltype['user_id']) && !isset($angeltype['confirm_user_id'])) { $entry_list[] = $inner_text . glyph("lock"); } else { $entry_list[] = $inner_text . ' <a href="' . page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'] . '">' . sprintf(_('Become %s'), $angeltype['name']) . '</a>'; } } unset($inner_text); $is_free = true; } $shift_row['entries'] .= '<b>' . $angeltype['name'] . ':</b> '; $shift_row['entries'] .= join(", ", $entry_list); $shift_row['entries'] .= '<br />'; } if (in_array('user_shifts_admin', $privileges)) { $shift_row['entries'] .= '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . _('Add more angels') . ' »</a>'; } $shifts_table[] = $shift_row; $shift['angeltypes'] = $angeltypes; $ical_shifts[] = $shift; } } $shifts_table = table(array('info' => _("Time") . "/" . _("Room"), 'entries' => _("Entries")), $shifts_table); } if ($user['api_key'] == "") { User_reset_api_key($user, false); } return page(array('<div class="col-md-12">', msg(), template_render('../templates/user_shifts.html', array('title' => shifts_title(), 'room_select' => make_select($rooms, $_SESSION['user_shifts']['rooms'], "rooms", _("Rooms")), 'start_select' => html_select_key("start_day", "start_day", array_combine($days, $days), $_SESSION['user_shifts']['start_day']), 'start_time' => $_SESSION['user_shifts']['start_time'], 'end_select' => html_select_key("end_day", "end_day", array_combine($days, $days), $_SESSION['user_shifts']['end_day']), 'end_time' => $_SESSION['user_shifts']['end_time'], 'type_select' => make_select($types, $_SESSION['user_shifts']['types'], "types", _("Angeltypes") . '<sup>1</sup>'), 'filled_select' => make_select($filled, $_SESSION['user_shifts']['filled'], "filled", _("Occupancy")), 'task_notice' => '<sup>1</sup>' . _("The tasks shown here are influenced by the preferences you defined in your settings!") . " <a href=\"" . page_link_to('angeltypes') . '&action=about' . "\">" . _("Description of the jobs.") . "</a>", 'new_style_checkbox' => '<label><input type="checkbox" name="new_style" value="1" ' . ($_SESSION['user_shifts']['new_style'] ? ' checked' : '') . '> ' . _("Use new style if possible") . '</label>', 'shifts_table' => msg() . $shifts_table, 'ical_text' => '<h2>' . _("iCal export") . '</h2><p>' . sprintf(_("Export of shown shifts. <a href=\"%s\">iCal format</a> or <a href=\"%s\">JSON format</a> available (please keep secret, otherwise <a href=\"%s\">reset the api key</a>)."), page_link_to_absolute('ical') . '&key=' . $user['api_key'], page_link_to_absolute('shifts_json_export') . '&key=' . $user['api_key'], page_link_to('user_myshifts') . '&reset') . '</p>', 'filter' => _("Filter"))), '</div>')); }
} elseif ($p == "admin_export_users") { require_once realpath(__DIR__ . '/../includes/controller/export_users_controller.php'); if (isset($_REQUEST['type'])) { $type = $_REQUEST['type']; } else { $ype = 'csv'; } users_export_controller($type); } elseif ($p == "admin_log") { $title = admin_log_title(); $content = admin_log(); } elseif ($p == "credits") { require_once realpath(__DIR__ . '/../includes/pages/guest_credits.php'); $title = credits_title(); $content = guest_credits(); } else { require_once realpath(__DIR__ . '/../includes/pages/guest_start.php'); $content = guest_start(); } } else { // Wenn schon eingeloggt, keine-Berechtigung-Seite anzeigen if (isset($user)) { $title = _("No Access"); $content = _("You don't have permission to view this page. You probably have to sign in or register in order to gain access!"); } else { // Sonst zur Loginseite leiten redirect(page_link_to("login")); } } echo template_render('../templates/layout.html', array('theme' => isset($user) ? $user['color'] : $default_theme, 'title' => $title, 'atom_link' => $p == 'news' || $p == 'user_meetings' ? '<link href="' . page_link_to('atom') . ($p == 'user_meetings' ? '&meetings=1' : '') . '&key=' . $user['api_key'] . '" type="application/atom+xml" rel="alternate" title="Atom Feed">' : '', 'menu' => make_menu(), 'content' => msg() . $content, 'header_toolbar' => header_toolbar(), 'faq_url' => $faq_url, 'contact_email' => $contact_email, 'locale' => locale()));
function admin_active() { global $tshirt_sizes, $shift_sum_formula; $msg = ""; $search = ""; $forced_count = sql_num_query("SELECT * FROM `User` WHERE `force_active`=1"); $count = $forced_count; $limit = ""; $set_active = ""; if (isset($_REQUEST['search'])) { $search = strip_request_item('search'); } if (isset($_REQUEST['set_active'])) { $ok = true; if (isset($_REQUEST['count']) && preg_match("/^[0-9]+\$/", $_REQUEST['count'])) { $count = strip_request_item('count'); if ($count < $forced_count) { error(sprintf(_("At least %s angels are forced to be active. The number has to be greater."), $forced_count)); redirect(page_link_to('admin_active')); } } else { $ok = false; $msg .= error(_("Please enter a number of angels to be marked as active."), true); } if ($ok) { $limit = " LIMIT " . $count; } if (isset($_REQUEST['ack'])) { sql_query("UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0"); $users = sql_select("\n SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, {$shift_sum_formula} as `shift_length` \n FROM `User` \n LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` \n LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` \n WHERE `User`.`Gekommen` = 1 AND `User`.`force_active`=0 \n GROUP BY `User`.`UID` \n ORDER BY `force_active` DESC, `shift_length` DESC" . $limit); $user_nicks = array(); foreach ($users as $usr) { sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`='" . sql_escape($usr['UID']) . "'"); $user_nicks[] = User_Nick_render($usr); } sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `force_active`=TRUE"); engelsystem_log("These angels are active now: " . join(", ", $user_nicks)); $limit = ""; $msg = success(_("Marked angels."), true); } else { $set_active = '<a href="' . page_link_to('admin_active') . '&serach=' . $search . '">« ' . _("back") . '</a> | <a href="' . page_link_to('admin_active') . '&search=' . $search . '&count=' . $count . '&set_active&ack">' . _("apply") . '</a>'; } } if (isset($_REQUEST['active']) && preg_match("/^[0-9]+\$/", $_REQUEST['active'])) { $id = $_REQUEST['active']; $user_source = User($id); if ($user_source != null) { sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User " . User_Nick_render($user_source) . " is active now."); $msg = success(_("Angel has been marked as active."), true); } else { $msg = error(_("Angel not found."), true); } } elseif (isset($_REQUEST['not_active']) && preg_match("/^[0-9]+\$/", $_REQUEST['not_active'])) { $id = $_REQUEST['not_active']; $user_source = User($id); if ($user_source != null) { sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User " . User_Nick_render($user_source) . " is NOT active now."); $msg = success(_("Angel has been marked as not active."), true); } else { $msg = error(_("Angel not found."), true); } } elseif (isset($_REQUEST['tshirt']) && preg_match("/^[0-9]+\$/", $_REQUEST['tshirt'])) { $id = $_REQUEST['tshirt']; $user_source = User($id); if ($user_source != null) { sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User " . User_Nick_render($user_source) . " has tshirt now."); $msg = success(_("Angel has got a t-shirt."), true); } else { $msg = error("Angel not found.", true); } } elseif (isset($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+\$/", $_REQUEST['not_tshirt'])) { $id = $_REQUEST['not_tshirt']; $user_source = User($id); if ($user_source != null) { sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User " . User_Nick_render($user_source) . " has NO tshirt."); $msg = success(_("Angel has got no t-shirt."), true); } else { $msg = error(_("Angel not found."), true); } } $users = sql_select("\n SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, {$shift_sum_formula} as `shift_length` \n FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` \n LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` \n WHERE `User`.`Gekommen` = 1 \n GROUP BY `User`.`UID` \n ORDER BY `force_active` DESC, `shift_length` DESC" . $limit); $matched_users = array(); if ($search == "") { $tokens = array(); } else { $tokens = explode(" ", $search); } foreach ($users as &$usr) { if (count($tokens) > 0) { $match = false; $index = join("", $usr); foreach ($tokens as $t) { if (stristr($index, trim($t))) { $match = true; break; } } if (!$match) { continue; } } $usr['nick'] = User_Nick_render($usr); $usr['shirt_size'] = $tshirt_sizes[$usr['Size']]; $usr['work_time'] = round($usr['shift_length'] / 60) . ' min (' . round($usr['shift_length'] / 3600) . ' h)'; $usr['active'] = glyph_bool($usr['Aktiv'] == 1); $usr['force_active'] = glyph_bool($usr['force_active'] == 1); $usr['tshirt'] = glyph_bool($usr['Tshirt'] == 1); $actions = array(); if ($usr['Aktiv'] == 0) { $actions[] = '<a href="' . page_link_to('admin_active') . '&active=' . $usr['UID'] . '&search=' . $search . '">' . _("set active") . '</a>'; } if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) { $actions[] = '<a href="' . page_link_to('admin_active') . '&not_active=' . $usr['UID'] . '&search=' . $search . '">' . _("remove active") . '</a>'; $actions[] = '<a href="' . page_link_to('admin_active') . '&tshirt=' . $usr['UID'] . '&search=' . $search . '">' . _("got t-shirt") . '</a>'; } if ($usr['Tshirt'] == 1) { $actions[] = '<a href="' . page_link_to('admin_active') . '&not_tshirt=' . $usr['UID'] . '&search=' . $search . '">' . _("remove t-shirt") . '</a>'; } $usr['actions'] = join(' ', $actions); $matched_users[] = $usr; } $shirt_statistics = sql_select("\n SELECT `Size`, count(`Size`) AS `count`\n FROM `User`\n WHERE `Tshirt`=1\n GROUP BY `Size`\n ORDER BY `count` DESC"); $shirt_statistics[] = array('Size' => '<b>' . _("Sum") . '</b>', 'count' => '<b>' . sql_select_single_cell("SELECT count(*) FROM `User` WHERE `Tshirt`=1") . '</b>'); return page_with_title(admin_active_title(), array(form(array(form_text('search', _("Search angel:"), $search), form_submit('submit', _("Search")))), $set_active == "" ? form(array(form_text('count', _("How much angels should be active?"), $count), form_submit('set_active', _("Preview")))) : $set_active, msg(), table(array('nick' => _("Nickname"), 'shirt_size' => _("Size"), 'shift_count' => _("Shifts"), 'work_time' => _("Length"), 'active' => _("Active?"), 'force_active' => _("Forced"), 'tshirt' => _("T-shirt?"), 'actions' => ""), $matched_users), '<h2>' . _("Given shirts") . '</h2>', table(array('Size' => _("Size"), 'count' => _("Count")), $shirt_statistics))); }
function user_myshifts() { global $LETZTES_AUSTRAGEN; global $user, $privileges; $msg = ""; if (isset($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}\$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($_REQUEST['id']) . "'") > 0) { $id = $_REQUEST['id']; } else { $id = $user['UID']; } list($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); if (isset($_REQUEST['reset'])) { if ($_REQUEST['reset'] == "ack") { User_reset_api_key($user); success(_("Key changed.")); redirect(page_link_to('user_myshifts')); } return page_with_title(_("Reset API key"), array(error(_("If you reset the key, the url to your iCal- and JSON-export and your atom feed changes! You have to update it in every application using one of these exports."), true), button(page_link_to('user_myshifts') . '&reset=ack', _("Continue"), 'btn-danger'))); } elseif (isset($_REQUEST['edit']) && preg_match("/^[0-9]*\$/", $_REQUEST['edit'])) { $id = $_REQUEST['edit']; $shift = sql_select("SELECT\n `ShiftEntry`.`freeloaded`,\n `ShiftEntry`.`freeload_comment`,\n `ShiftEntry`.`Comment`,\n `ShiftEntry`.`UID`,\n `ShiftTypes`.`name`,\n `Shifts`.*,\n `Room`.`Name`,\n `AngelTypes`.`name` as `angel_type`\n FROM `ShiftEntry`\n JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`)\n JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`)\n JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`)\n WHERE `ShiftEntry`.`id`='" . sql_escape($id) . "'\n AND `UID`='" . sql_escape($shifts_user['UID']) . "' LIMIT 1"); if (count($shift) > 0) { $shift = $shift[0]; if (isset($_REQUEST['submit'])) { $freeloaded = $shift['freeloaded']; $freeload_comment = $shift['freeload_comment']; if (in_array("user_shifts_admin", $privileges)) { $freeloaded = isset($_REQUEST['freeloaded']); $freeload_comment = strip_request_item_nl('freeload_comment'); } $comment = strip_request_item_nl('comment'); $user_source = User($shift['UID']); $result = ShiftEntry_update(array('id' => $id, 'Comment' => $comment, 'freeloaded' => $freeloaded, 'freeload_comment' => $freeload_comment)); if ($result === false) { engelsystem_error('Unable to update shift entr.'); } engelsystem_log("Updated " . User_Nick_render($user_source) . "'s shift " . $shift['name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']) . " with comment " . $comment . ". Freeloaded: " . ($freeloaded ? "YES Comment: " . $freeload_comment : "NO")); success(_("Shift saved.")); redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']); } return ShiftEntry_edit_view(User_Nick_render($shifts_user), date("Y-m-d H:i", $shift['start']) . ', ' . shift_length($shift), $shift['Name'], $shift['name'], $shift['angel_type'], $shift['Comment'], $shift['freeloaded'], $shift['freeload_comment'], in_array("user_shifts_admin", $privileges)); } else { redirect(page_link_to('user_myshifts')); } } elseif (isset($_REQUEST['cancel']) && preg_match("/^[0-9]*\$/", $_REQUEST['cancel'])) { $id = $_REQUEST['cancel']; $shift = sql_select("\n SELECT *\n FROM `Shifts` \n INNER JOIN `ShiftEntry` USING (`SID`) \n WHERE `ShiftEntry`.`id`='" . sql_escape($id) . "' AND `UID`='" . sql_escape($shifts_user['UID']) . "'"); if (count($shift) > 0) { $shift = $shift[0]; if ($shift['start'] > time() + $LETZTES_AUSTRAGEN * 3600 || in_array('user_shifts_admin', $privileges)) { $result = ShiftEntry_delete($id); if ($result === false) { engelsystem_error('Unable to delete shift entry.'); } $room = Room($shift['RID']); $angeltype = AngelType($shift['TID']); $shifttype = ShiftType($shift['shifttype_id']); engelsystem_log("Deleted own shift: " . $shifttype['name'] . " at " . $room['Name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']) . " as " . $angeltype['name']); success(_("You have been signed off from the shift.")); } else { error(_("It's too late to sign yourself off the shift. If neccessary, ask the dispatcher to do so.")); } } else { redirect(user_link($shifts_user)); } } redirect(page_link_to('users') . '&action=view'); }
function user_news() { global $DISPLAY_NEWS, $privileges, $user; $html = '<div class="col-md-12"><h1>' . news_title() . '</h1>' . msg(); if (isset($_POST["text"]) && isset($_POST["betreff"]) && in_array("admin_news", $privileges)) { if (!isset($_POST["treffen"]) || !in_array("admin_news", $privileges)) { $_POST["treffen"] = 0; } sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " . "VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) . "', '" . sql_escape($_POST["treffen"]) . "');"); engelsystem_log("Created news: " . $_POST["betreff"] . ", treffen: " . $_POST["treffen"]); success(_("Entry saved.")); redirect(page_link_to('news')); } if (isset($_REQUEST['page']) && preg_match("/^[0-9]{1,}\$/", $_REQUEST['page'])) { $page = $_REQUEST['page']; } else { $page = 0; } $news = sql_select("SELECT * FROM `News` ORDER BY `Datum` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS)); foreach ($news as $entry) { $html .= display_news($entry); } $dis_rows = ceil(sql_num_query("SELECT * FROM `News`") / $DISPLAY_NEWS); $html .= '<div class="text-center">' . '<ul class="pagination">'; for ($i = 0; $i < $dis_rows; $i++) { if (isset($_REQUEST['page']) && $i == $_REQUEST['page']) { $html .= '<li class="active">'; } elseif (!isset($_REQUEST['page']) && $i == 0) { $html .= '<li class="active">'; } else { $html .= '<li>'; } $html .= '<a href="' . page_link_to("news") . '&page=' . $i . '">' . ($i + 1) . '</a></li>'; } $html .= '</ul></div>'; if (in_array("admin_news", $privileges)) { $html .= '<hr />'; $html .= '<h2>' . _("Create news:") . '</h2>'; $html .= form(array(form_text('betreff', _("Subject"), ''), form_textarea('text', _("Message"), ''), form_checkbox('treffen', _("Meeting"), false, 1), form_submit('submit', _("Save")))); } return $html . '</div>'; }
function room_link($room) { return page_link_to('admin_rooms') . '&show=edit&id=' . $room['RID']; }
function make_navigation_for($name, $pages) { global $privileges, $p; $menu = ""; foreach ($pages as $page) { if (in_array($page, $privileges)) { $menu .= '<li' . ($page == $p ? ' class="selected"' : '') . '><a href="' . page_link_to($page) . '">' . $title . '</a></li>'; } } if ($menu != "") { $menu = '<nav class="container"><h4>' . $name . '</h4><ul class="content">' . $menu . '</ul></nav>'; } return $menu; }
function shifttype_controller() { if (!isset($_REQUEST['shifttype_id'])) { redirect(page_link_to('shifttypes')); } $shifttype = ShiftType($_REQUEST['shifttype_id']); if ($shifttype === false) { engelsystem_error('Unable to load shifttype.'); } if ($shifttype == null) { redirect(page_link_to('shifttypes')); } $angeltype = null; if ($shifttype['angeltype_id'] != null) { $angeltype = AngelType($shifttype['angeltype_id']); if ($angeltype === false) { engelsystem_error('Unable to load angeltype.'); } } return [$shifttype['name'], ShiftType_view($shifttype, $angeltype)]; }
/** * Route UserAngelType actions. */ function user_angeltypes_controller() { if (!isset($_REQUEST['action'])) { redirect(page_link_to('angeltypes')); } switch ($_REQUEST['action']) { case 'delete_all': return user_angeltypes_delete_all_controller(); case 'confirm_all': return user_angeltypes_confirm_all_controller(); case 'confirm': return user_angeltype_confirm_controller(); case 'delete': return user_angeltype_delete_controller(); case 'update': return user_angeltype_update_controller(); case 'add': return user_angeltype_add_controller(); default: redirect(page_link_to('angeltypes')); } }
/** * User password recovery. * (By email) */ function user_password_recovery_controller() { if (isset($_REQUEST['token'])) { $user_source = User_by_password_recovery_token($_REQUEST['token']); if ($user_source === false) { engelsystem_error("Unable to load user."); } if ($user_source == null) { error(_("Token is not correct.")); redirect(page_link_to('login')); } if (isset($_REQUEST['submit'])) { $ok = true; if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) { if ($_REQUEST['password'] != $_REQUEST['password2']) { $ok = false; error(_("Your passwords don't match.")); } } else { $ok = false; error(_("Your password is to short (please use at least 6 characters).")); } if ($ok) { $result = set_password($user_source['UID'], $_REQUEST['password']); if ($result === false) { engelsystem_error(_("Password could not be updated.")); } success(_("Password saved.")); redirect(page_link_to('login')); } } return User_password_set_view(); } else { if (isset($_REQUEST['submit'])) { $ok = true; if (isset($_REQUEST['email']) && strlen(strip_request_item('email')) > 0) { $email = strip_request_item('email'); if (check_email($email)) { $user_source = User_by_email($email); if ($user_source === false) { engelsystem_error("Unable to load user."); } if ($user_source == null) { $ok = false; error(_("E-mail address is not correct.")); } } else { $ok = false; error(_("E-mail address is not correct.")); } } else { $ok = false; error(_("Please enter your e-mail.")); } if ($ok) { $token = User_generate_password_recovery_token($user_source); if ($token === false) { engelsystem_error("Unable to generate password recovery token."); } $result = engelsystem_email_to_user($user_source, _("Password recovery"), sprintf(_("Please visit %s to recover your password."), page_link_to_absolute('user_password_recovery') . '&token=' . $token)); if ($result === false) { engelsystem_error("Unable to send password recovery email."); } success(_("We sent an email containing your password recovery link.")); redirect(page_link_to('login')); } } return User_password_recovery_view(); } }
function admin_groups() { global $user; $html = ""; $groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`"); if (!isset($_REQUEST["action"])) { $groups_table = array(); foreach ($groups as $group) { $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`='" . sql_escape($group['UID']) . "'"); $privileges_html = array(); foreach ($privileges as $priv) { $privileges_html[] = $priv['name']; } $groups_table[] = array('name' => $group['Name'], 'privileges' => join(', ', $privileges_html), 'actions' => button(page_link_to('admin_groups') . '&action=edit&id=' . $group['UID'], _("edit"), 'btn-xs')); } return page_with_title(admin_groups_title(), array(table(array('name' => _("Name"), 'privileges' => _("Privileges"), 'actions' => ''), $groups_table))); } else { switch ($_REQUEST["action"]) { case 'edit': if (isset($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}\$/", $_REQUEST['id'])) { $id = $_REQUEST['id']; } else { return error("Incomplete call, missing Groups ID.", true); } $room = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); if (count($room) > 0) { list($room) = $room; $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`='" . sql_escape($id) . "') ORDER BY `Privileges`.`name`"); $privileges_html = ""; $privileges_form = array(); foreach ($privileges as $priv) { $privileges_form[] = form_checkbox('privileges[]', $priv['desc'] . ' (' . $priv['name'] . ')', $priv['group_id'] != "", $priv['id']); $privileges_html .= sprintf('<tr><td><input type="checkbox" ' . 'name="privileges[]" value="%s" %s />' . '</td> <td>%s</td> <td>%s</td></tr>', $priv['id'], $priv['group_id'] != "" ? 'checked="checked"' : '', $priv['name'], $priv['desc']); } $privileges_form[] = form_submit('submit', _("Save")); $html .= page_with_title(_("Edit group"), array(form($privileges_form, page_link_to('admin_groups') . '&action=save&id=' . $id))); } else { return error("No Group found.", true); } break; case 'save': if (isset($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}\$/", $_REQUEST['id'])) { $id = $_REQUEST['id']; } else { return error("Incomplete call, missing Groups ID.", true); } $room = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); if (!is_array($_REQUEST['privileges'])) { $_REQUEST['privileges'] = array(); } if (count($room) > 0) { list($room) = $room; sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`='" . sql_escape($id) . "'"); $privilege_names = array(); foreach ($_REQUEST['privileges'] as $priv) { if (preg_match("/^[0-9]{1,}\$/", $priv)) { $group_privileges_source = sql_select("SELECT * FROM `Privileges` WHERE `id`='" . sql_escape($priv) . "' LIMIT 1"); if (count($group_privileges_source) > 0) { sql_query("INSERT INTO `GroupPrivileges` SET `group_id`='" . sql_escape($id) . "', `privilege_id`='" . sql_escape($priv) . "'"); $privilege_names[] = $group_privileges_source[0]['name']; } } } engelsystem_log("Group privileges of group " . $room['Name'] . " edited: " . join(", ", $privilege_names)); redirect(page_link_to("admin_groups")); } else { return error("No Group found.", true); } break; } } return $html; }
/** * View a list of all angeltypes. */ function angeltypes_list_controller() { global $privileges, $user; if (!in_array('angeltypes', $privileges)) { redirect('?'); } $angeltypes = AngelTypes_with_user($user); if ($angeltypes === false) { engelsystem_error("Unable to load angeltypes."); } foreach ($angeltypes as &$angeltype) { $actions = array(button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _("view"), "btn-xs")); if (in_array('admin_angel_types', $privileges)) { $actions[] = button(page_link_to('angeltypes') . '&action=edit&angeltype_id=' . $angeltype['id'], _("edit"), "btn-xs"); $actions[] = button(page_link_to('angeltypes') . '&action=delete&angeltype_id=' . $angeltype['id'], _("delete"), "btn-xs"); //$actions[] = '<a class="edit" href="' . page_link_to('angeltypes') . '&action=edit&angeltype_id=' . $angeltype['id'] . '">' . _("edit") . '</a>'; //$actions[] = '<a class="delete" href="' . page_link_to('angeltypes') . '&action=delete&angeltype_id=' . $angeltype['id'] . '">' . _("delete") . '</a>'; } $angeltype['membership'] = AngelType_render_membership($angeltype); if ($angeltype['user_angeltype_id'] != null) { //$actions[] = '<a class="cancel" href="' . page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $angeltype['user_angeltype_id'] . '">' . _("leave") . '</a>'; $actions[] = button(page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $angeltype['user_angeltype_id'], _("leave"), "btn-xs"); } else { $actions[] = button(page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], _("join"), "btn-xs"); //$actions[] = '<a class="add" href="' . page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'] . '">' . _("join") . '</a>'; } $angeltype['restricted'] = $angeltype['restricted'] ? glyph('lock') : ''; $angeltype['name'] = '<a href="' . page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'] . '">' . $angeltype['name'] . '</a>'; $angeltype['actions'] = table_buttons($actions); } return array(angeltypes_title(), AngelTypes_list_view($angeltypes, in_array('admin_angel_types', $privileges))); }
/** * Redirects the user to his next shift. */ function shift_next_controller() { global $user, $privileges; if (!in_array('user_shifts', $privileges)) { redirect(page_link_to('?')); } $upcoming_shifts = ShiftEntries_upcoming_for_user($user); if ($upcoming_shifts === false) { return false; } if (count($upcoming_shifts) > 0) { redirect(shift_link($upcoming_shifts[0])); } redirect(page_link_to('user_shifts')); }
function admin_user() { global $user, $privileges, $tshirt_sizes, $privileges; $html = ''; if (!isset($_REQUEST['id'])) { redirect(users_link()); } $id = $_REQUEST['id']; if (!isset($_REQUEST['action'])) { $user_source = User($id); if ($user_source === false) { engelsystem_error('Unable to load user.'); } if ($user_source == null) { error(_('This user does not exist.')); redirect(users_link()); } $html .= "Hallo,<br />" . "hier kannst du den Eintrag ändern. Unter dem Punkt 'Gekommen' " . "wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " . "dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " . "Wenn T-Shirt ein 'Ja' enthält, bedeutet dies, dass der Engel " . "bereits sein T-Shirt erhalten hat.<br /><br />\n"; $html .= "<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=save&id={$id}\" method=\"post\">\n"; $html .= "<table border=\"0\">\n"; $html .= "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n"; $SQL = "SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "'"; list($user_source) = sql_select($SQL); $html .= "<tr><td>\n"; $html .= "<table>\n"; $html .= " <tr><td>Nick</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eNick\" value=\"" . $user_source['Nick'] . "\"></td></tr>\n"; $html .= " <tr><td>lastLogIn</td><td>" . date("Y-m-d H:i", $user_source['lastLogIn']) . "</td></tr>\n"; $html .= " <tr><td>Name</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eName\" value=\"" . $user_source['Name'] . "\"></td></tr>\n"; $html .= " <tr><td>Vorname</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eVorname\" value=\"" . $user_source['Vorname'] . "\"></td></tr>\n"; $html .= " <tr><td>Alter</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"5\" name=\"eAlter\" value=\"" . $user_source['Alter'] . "\"></td></tr>\n"; $html .= " <tr><td>Telefon</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" . $user_source['Telefon'] . "\"></td></tr>\n"; $html .= " <tr><td>Handy</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eHandy\" value=\"" . $user_source['Handy'] . "\"></td></tr>\n"; $html .= " <tr><td>DECT</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"4\" name=\"eDECT\" value=\"" . $user_source['DECT'] . "\"></td></tr>\n"; $html .= " <tr><td>email</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eemail\" value=\"" . $user_source['email'] . "\"></td></tr>\n"; $html .= " <tr><td>" . form_checkbox('email_shiftinfo', _("Please send me an email if my shifts change"), $user_source['email_shiftinfo']) . "</td></tr>\n"; $html .= " <tr><td>jabber</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"ejabber\" value=\"" . $user_source['jabber'] . "\"></td></tr>\n"; $html .= " <tr><td>Size</td><td>" . html_select_key('size', 'eSize', $tshirt_sizes, $user_source['Size']) . "</td></tr>\n"; $options = array('1' => "Yes", '0' => "No"); // Gekommen? $html .= " <tr><td>Gekommen</td><td>\n"; $html .= html_options('eGekommen', $options, $user_source['Gekommen']) . "</td></tr>\n"; // Aktiv? $html .= " <tr><td>Aktiv</td><td>\n"; $html .= html_options('eAktiv', $options, $user_source['Aktiv']) . "</td></tr>\n"; // Aktiv erzwingen if (in_array('admin_active', $privileges)) { $html .= " <tr><td>" . _("Force active") . "</td><td>\n"; $html .= html_options('force_active', $options, $user_source['force_active']) . "</td></tr>\n"; } // T-Shirt bekommen? $html .= " <tr><td>T-Shirt</td><td>\n"; $html .= html_options('eTshirt', $options, $user_source['Tshirt']) . "</td></tr>\n"; $html .= " <tr><td>Hometown</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"Hometown\" value=\"" . $user_source['Hometown'] . "\"></td></tr>\n"; $html .= "</table>\n</td><td valign=\"top\"></td></tr>"; $html .= "</td></tr>\n"; $html .= "</table>\n<br />\n"; $html .= "<input class=\"btn btn-primary\" type=\"submit\" value=\"Speichern\">\n"; $html .= "</form>"; $html .= "<hr />"; $html .= form_info('', _('Please visit the angeltypes page or the users profile to manage users angeltypes.')); $html .= "Hier kannst Du das Passwort dieses Engels neu setzen:<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=change_pw&id={$id}\" method=\"post\">\n"; $html .= "<br /><table>\n"; $html .= " <tr><td width=\"30%\">Passwort </td><td>" . "<input class=\"form-control\" type=\"password\" size=\"40\" name=\"new_pw\" value=\"\"></td></tr>\n"; $html .= " <tr><td width=\"30%\">Wiederholung </td><td>" . "<input class=\"form-control\" type=\"password\" size=\"40\" name=\"new_pw2\" value=\"\"></td></tr>\n"; $html .= "</table>"; $html .= "<div class=\"form-group\"><input class=\"btn btn-primary\" type=\"submit\" value=\"Speichern\"></div>\n"; $html .= "</form>"; $html .= "<hr />"; $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user['UID']) . "' ORDER BY `group_id` LIMIT 1"); if (count($my_highest_group) > 0) { $my_highest_group = $my_highest_group[0]['group_id']; } $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "' ORDER BY `group_id` LIMIT 1"); if (count($his_highest_group) > 0) { $his_highest_group = $his_highest_group[0]['group_id']; } if ($id != $user['UID'] && $my_highest_group <= $his_highest_group) { $html .= "Hier kannst Du die Benutzergruppen des Engels festlegen:<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=save_groups&id=" . $id . "\" method=\"post\">\n"; $html .= '<table>'; $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group) . "' ORDER BY `Groups`.`Name`"); foreach ($groups as $group) { $html .= '<tr><td><input type="checkbox" name="groups[]" value="' . $group['UID'] . '"' . ($group['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $group['Name'] . '</td></tr>'; } $html .= '</table>'; $html .= "<input class=\"btn btn-primary\" type=\"submit\" value=\"Speichern\">\n"; $html .= "</form>"; $html .= "<hr />"; } $html .= "<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=delete&id=" . $id . "\" method=\"post\">\n"; $html .= "<tr><td><input class=\"btn btn-primary\" type=\"submit\" value=\"Löschen\"></td></tr>\n"; $html .= "</form>"; $html .= "<hr />"; } else { switch ($_REQUEST['action']) { case 'save_groups': if ($id != $user['UID']) { $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user['UID']) . "' ORDER BY `group_id`"); $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "' ORDER BY `group_id`"); if (count($my_highest_group) > 0 && (count($his_highest_group) == 0 || $my_highest_group[0]['group_id'] <= $his_highest_group[0]['group_id'])) { $groups_source = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group[0]['group_id']) . "' ORDER BY `Groups`.`Name`"); $groups = array(); $grouplist = array(); foreach ($groups_source as $group) { $groups[$group['UID']] = $group; $grouplist[] = $group['UID']; } if (!is_array($_REQUEST['groups'])) { $_REQUEST['groups'] = array(); } sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'"); $user_groups_info = array(); foreach ($_REQUEST['groups'] as $group) { if (in_array($group, $grouplist)) { sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($id) . "', `group_id`='" . sql_escape($group) . "'"); $user_groups_info[] = $groups[$group]['Name']; } } $user_source = User($id); engelsystem_log("Set groups of " . User_Nick_render($user_source) . " to: " . join(", ", $user_groups_info)); $html .= success("Benutzergruppen gespeichert.", true); } else { $html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.", true); } } else { $html .= error("Du kannst Deine eigenen Rechte nicht bearbeiten.", true); } break; case 'delete': if ($user['UID'] != $id) { $user_source = sql_select("SELECT `Nick`, `UID` FROM `User` WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1"); sql_query("DELETE FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'"); engelsystem_log("Deleted user " . User_Nick_render($user_source)); $html .= success("Benutzer gelöscht!", true); } else { $html .= error("Du kannst Dich nicht selber löschen!", true); } break; case 'save': $force_active = $user['force_active']; if (in_array('admin_active', $privileges)) { $force_active = $_REQUEST['force_active']; } $SQL = "UPDATE `User` SET \n `Nick` = '" . sql_escape($_POST["eNick"]) . "', \n `Name` = '" . sql_escape($_POST["eName"]) . "', \n `Vorname` = '" . sql_escape($_POST["eVorname"]) . "', \n `Telefon` = '" . sql_escape($_POST["eTelefon"]) . "', \n `Handy` = '" . sql_escape($_POST["eHandy"]) . "', \n `Alter` = '" . sql_escape($_POST["eAlter"]) . "', \n `DECT` = '" . sql_escape($_POST["eDECT"]) . "', \n `email` = '" . sql_escape($_POST["eemail"]) . "', \n `email_shiftinfo` = " . sql_bool(isset($_REQUEST['email_shiftinfo'])) . ", \n `jabber` = '" . sql_escape($_POST["ejabber"]) . "', \n `Size` = '" . sql_escape($_POST["eSize"]) . "', \n `Gekommen`= '" . sql_escape($_POST["eGekommen"]) . "', \n `Aktiv`= '" . sql_escape($_POST["eAktiv"]) . "', \n `force_active`= " . sql_escape($force_active) . ", \n `Tshirt` = '" . sql_escape($_POST["eTshirt"]) . "', \n `Hometown` = '" . sql_escape($_POST["Hometown"]) . "' \n WHERE `UID` = '" . sql_escape($id) . "' \n LIMIT 1"; sql_query($SQL); engelsystem_log("Updated user: "******"eNick"] . ", " . $_POST["eSize"] . ", available: " . $_POST["eGekommen"] . ", active: " . $_POST["eAktiv"] . ", tshirt: " . $_POST["eTshirt"]); $html .= success("Änderung wurde gespeichert...\n", true); break; case 'change_pw': if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) { set_password($id, $_REQUEST['new_pw']); $user_source = User($id); engelsystem_log("Set new password for " . User_Nick_render($user_source)); $html .= success("Passwort neu gesetzt.", true); } else { $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true); } break; } } return page_with_title(_('Edit user'), array($html)); }
function admin_rooms() { global $user; $rooms_source = sql_select("SELECT * FROM `Room` ORDER BY `Name`"); $rooms = array(); foreach ($rooms_source as $room) { $rooms[] = array('name' => $room['Name'], 'from_pentabarf' => $room['FromPentabarf'] == 'Y' ? '✓' : '', 'public' => $room['show'] == 'Y' ? '✓' : '', 'actions' => buttons(array(button(page_link_to('admin_rooms') . '&show=edit&id=' . $room['RID'], _("edit"), 'btn-xs'), button(page_link_to('admin_rooms') . '&show=delete&id=' . $room['RID'], _("delete"), 'btn-xs')))); } $room = null; if (isset($_REQUEST['show'])) { $msg = ""; $name = ""; $from_pentabarf = ""; $public = 'Y'; $number = ""; $angeltypes_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); $angeltypes = array(); $angeltypes_count = array(); foreach ($angeltypes_source as $angeltype) { $angeltypes[$angeltype['id']] = $angeltype['name']; $angeltypes_count[$angeltype['id']] = 0; } if (test_request_int('id')) { $room = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($_REQUEST['id']) . "'"); if (count($room) > 0) { $id = $_REQUEST['id']; $name = $room[0]['Name']; $from_pentabarf = $room[0]['FromPentabarf']; $public = $room[0]['show']; $number = $room[0]['Number']; $needed_angeltypes = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($id) . "'"); foreach ($needed_angeltypes as $needed_angeltype) { $angeltypes_count[$needed_angeltype['angel_type_id']] = $needed_angeltype['count']; } } else { redirect(page_link_to('admin_rooms')); } } if ($_REQUEST['show'] == 'edit') { if (isset($_REQUEST['submit'])) { $ok = true; if (isset($_REQUEST['name']) && strlen(strip_request_item('name')) > 0) { $name = strip_request_item('name'); if (isset($room) && sql_num_query("SELECT * FROM `Room` WHERE `Name`='" . sql_escape($name) . "' AND NOT `RID`=" . sql_escape($id)) > 0) { $ok = false; $msg .= error(_("This name is already in use."), true); } } else { $ok = false; $msg .= error(_("Please enter a name."), true); } if (isset($_REQUEST['from_pentabarf'])) { $from_pentabarf = 'Y'; } else { $from_pentabarf = ''; } if (isset($_REQUEST['public'])) { $public = 'Y'; } else { $public = ''; } if (isset($_REQUEST['number'])) { $number = strip_request_item('number'); } else { $ok = false; } foreach ($angeltypes as $angeltype_id => $angeltype) { if (isset($_REQUEST['angeltype_count_' . $angeltype_id]) && preg_match("/^[0-9]{1,4}\$/", $_REQUEST['angeltype_count_' . $angeltype_id])) { $angeltypes_count[$angeltype_id] = $_REQUEST['angeltype_count_' . $angeltype_id]; } else { $ok = false; $msg .= error(sprintf(_("Please enter needed angels for type %s.", $angeltype)), true); } } if ($ok) { if (isset($id)) { sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("Room updated: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number); } else { $id = Room_create($name, $from_pentabarf, $public, $number); if ($id === false) { engelsystem_error("Unable to create room."); } engelsystem_log("Room created: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number); } sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($id) . "'"); $needed_angeltype_info = array(); foreach ($angeltypes_count as $angeltype_id => $angeltype_count) { $angeltype = AngelType($angeltype_id); if ($angeltype === false) { engelsystem_error("Unable to load angeltype."); } if ($angeltype != null) { sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`='" . sql_escape($id) . "', `angel_type_id`='" . sql_escape($angeltype_id) . "', `count`='" . sql_escape($angeltype_count) . "'"); $needed_angeltype_info[] = $angeltype['name'] . ": " . $angeltype_count; } } engelsystem_log("Set needed angeltypes of room " . $name . " to: " . join(", ", $needed_angeltype_info)); success(_("Room saved.")); redirect(page_link_to("admin_rooms")); } } $angeltypes_count_form = array(); foreach ($angeltypes as $angeltype_id => $angeltype) { $angeltypes_count_form[] = div('col-lg-4 col-md-6 col-xs-6', array(form_spinner('angeltype_count_' . $angeltype_id, $angeltype, $angeltypes_count[$angeltype_id]))); } return page_with_title(admin_rooms_title(), array(buttons(array(button(page_link_to('admin_rooms'), _("back"), 'back'))), $msg, form(array(div('row', array(div('col-md-6', array(form_text('name', _("Name"), $name), form_checkbox('from_pentabarf', _("Frab import"), $from_pentabarf), form_checkbox('public', _("Public"), $public), form_text('number', _("Room number"), $number))), div('col-md-6', array(div('row', array(div('col-md-12', array(form_info(_("Needed angels:")))), join($angeltypes_count_form))))))), form_submit('submit', _("Save")))))); } elseif ($_REQUEST['show'] == 'delete') { if (isset($_REQUEST['ack'])) { if (!Room_delete($id)) { engelsystem_error("Unable to delete room."); } engelsystem_log("Room deleted: " . $name); success(sprintf(_("Room %s deleted."), $name)); redirect(page_link_to('admin_rooms')); } return page_with_title(admin_rooms_title(), array(buttons(array(button(page_link_to('admin_rooms'), _("back"), 'back'))), sprintf(_("Do you want to delete room %s?"), $name), buttons(array(button(page_link_to('admin_rooms') . '&show=delete&id=' . $id . '&ack', _("Delete"), 'delete'))))); } } return page_with_title(admin_rooms_title(), array(buttons(array(button(page_link_to('admin_rooms') . '&show=edit', _("add")))), msg(), table(array('name' => _("Name"), 'from_pentabarf' => _("Frab import"), 'public' => _("Public"), 'actions' => ""), $rooms))); }
function guest_login() { global $user, $privileges; $nick = ""; unset($_SESSION['uid']); if (isset($_REQUEST['submit'])) { $ok = true; if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 0) { $nick = User_validate_Nick($_REQUEST['nick']); $login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "'"); if (count($login_user) > 0) { $login_user = $login_user[0]; if (isset($_REQUEST['password'])) { if (!verify_password($_REQUEST['password'], $login_user['Passwort'], $login_user['UID'])) { $ok = false; error(_("Your password is incorrect. Please try it again.")); } } else { $ok = false; error(_("Please enter a password.")); } } else { $ok = false; error(_("No user was found with that Nickname. Please try again. If you are still having problems, ask an Dispatcher.")); } } else { $ok = false; error(_("Please enter a nickname.")); } if ($ok) { $_SESSION['uid'] = $login_user['UID']; $_SESSION['locale'] = $login_user['Sprache']; redirect(page_link_to('news')); } } if (in_array('register', $privileges)) { $register_hint = join('', array('<p>' . _("Please sign up, if you want to help us!") . '</p>', buttons(array(button(page_link_to('register'), register_title() . ' »'))))); } else { $register_hint = join('', array(error(_('Registration is disabled.'), true))); } return page_with_title(login_title(), array(msg(), '<div class="row"><div class="col-md-6">', form(array(form_text('nick', _("Nick"), $nick), form_password('password', _("Password")), form_submit('submit', _("Login")), buttons(array(button(page_link_to('user_password_recovery'), _("I forgot my password")))), info(_("Please note: You have to activate cookies!"), true))), '</div>', '<div class="col-md-6">', '<h2>' . register_title() . '</h2>', $register_hint, '<h2>' . _("What can I do?") . '</h2>', '<p>' . _("Please read about the jobs you can do to help us.") . '</p>', buttons(array(button(page_link_to('angeltypes') . '&action=about', _("Teams/Job description") . ' »'))), '</div></div>')); }
function admin_arrive() { $msg = ""; $search = ""; if (isset($_REQUEST['search'])) { $search = strip_request_item('search'); } if (isset($_REQUEST['reset']) && preg_match("/^[0-9]*\$/", $_REQUEST['reset'])) { $id = $_REQUEST['reset']; $user_source = User($id); if ($user_source != null) { sql_query("UPDATE `User` SET `Gekommen`=0, `arrival_date` = NULL WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User set to not available: " . User_Nick_render($user_source)); $msg = success(_("Reset done. Angel is not available."), true); } else { $msg = error(_("Angel not found."), true); } } elseif (isset($_REQUEST['arrived']) && preg_match("/^[0-9]*\$/", $_REQUEST['arrived'])) { $id = $_REQUEST['arrived']; $user_source = User($id); if ($user_source != null) { sql_query("UPDATE `User` SET `Gekommen`=1, `arrival_date`='" . time() . "' WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User is available: " . User_Nick_render($user_source)); $msg = success(_("Angel has been marked as available."), true); } else { $msg = error(_("Angel not found."), true); } } $users = sql_select("SELECT * FROM `User` ORDER BY `Nick`"); $arrival_count_at_day = []; $planned_arrival_count_at_day = []; $planned_departure_count_at_day = []; $table = ""; $users_matched = []; if ($search == "") { $tokens = []; } else { $tokens = explode(" ", $search); } foreach ($users as $usr) { if (count($tokens) > 0) { $match = false; $index = join(" ", $usr); foreach ($tokens as $t) { if (stristr($index, trim($t))) { $match = true; break; } } if (!$match) { continue; } } $usr['nick'] = User_Nick_render($usr); if ($usr['planned_departure_date'] != null) { $usr['rendered_planned_departure_date'] = date('Y-m-d', $usr['planned_departure_date']); } else { $usr['rendered_planned_departure_date'] = '-'; } $usr['rendered_planned_arrival_date'] = date('Y-m-d', $usr['planned_arrival_date']); $usr['rendered_arrival_date'] = $usr['arrival_date'] > 0 ? date('Y-m-d', $usr['arrival_date']) : "-"; $usr['arrived'] = $usr['Gekommen'] == 1 ? _("yes") : ""; $usr['actions'] = $usr['Gekommen'] == 1 ? '<a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">' . _("reset") . '</a>' : '<a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">' . _("available") . '</a>'; if ($usr['arrival_date'] > 0) { $day = date('Y-m-d', $usr['arrival_date']); if (!isset($arrival_count_at_day[$day])) { $arrival_count_at_day[$day] = 0; } $arrival_count_at_day[$day]++; } if ($usr['planned_arrival_date'] != null) { $day = date('Y-m-d', $usr['planned_arrival_date']); if (!isset($planned_arrival_count_at_day[$day])) { $planned_arrival_count_at_day[$day] = 0; } $planned_arrival_count_at_day[$day]++; } if ($usr['planned_departure_date'] != null && $usr['Gekommen'] == 1) { $day = date('Y-m-d', $usr['planned_departure_date']); if (!isset($planned_departure_count_at_day[$day])) { $planned_departure_count_at_day[$day] = 0; } $planned_departure_count_at_day[$day]++; } $users_matched[] = $usr; } ksort($arrival_count_at_day); ksort($planned_arrival_count_at_day); ksort($planned_departure_count_at_day); $arrival_at_day = []; $arrival_sum = 0; foreach ($arrival_count_at_day as $day => $count) { $arrival_sum += $count; $arrival_at_day[$day] = ['day' => $day, 'count' => $count, 'sum' => $arrival_sum]; } $planned_arrival_sum_at_day = []; $planned_arrival_sum = 0; foreach ($planned_arrival_count_at_day as $day => $count) { $planned_arrival_sum += $count; $planned_arrival_at_day[$day] = ['day' => $day, 'count' => $count, 'sum' => $planned_arrival_sum]; } $planned_departure_at_day = []; $planned_departure_sum = 0; foreach ($planned_departure_count_at_day as $day => $count) { $planned_departure_sum += $count; $planned_departure_at_day[$day] = ['day' => $day, 'count' => $count, 'sum' => $planned_departure_sum]; } return page_with_title(admin_arrive_title(), array(msg(), form(array(form_text('search', _("Search"), $search), form_submit('submit', _("Search")))), table(array('nick' => _("Nickname"), 'rendered_planned_arrival_date' => _("Planned start of availability"), 'arrived' => _("Available?"), 'rendered_arrival_date' => _("Start of availability"), 'rendered_planned_departure_date' => _("Planned end of availability"), 'actions' => ""), $users_matched), div('row', [div('col-md-4', [heading(_("Planned start of availability statistics"), 2), bargraph('planned_arrives', 'day', ['count' => _("available"), 'sum' => _("available sum")], ['count' => '#090', 'sum' => '#888'], $planned_arrival_at_day), table(['day' => _("Date"), 'count' => _("Count"), 'sum' => _("Sum")], $planned_arrival_at_day)]), div('col-md-4', [heading(_("Availability statistics"), 2), bargraph('arrives', 'day', ['count' => _("available"), 'sum' => _("available sum")], ['count' => '#090', 'sum' => '#888'], $arrival_at_day), table(['day' => _("Date"), 'count' => _("Count"), 'sum' => _("Sum")], $arrival_at_day)]), div('col-md-4', [heading(_("Planned end of availability statistics"), 2), bargraph('planned_departures', 'day', ['count' => _("available"), 'sum' => _("available sum")], ['count' => '#090', 'sum' => '#888'], $planned_departure_at_day), table(['day' => _("Date"), 'count' => _("Count"), 'sum' => _("Sum")], $planned_departure_at_day)])]))); }
} elseif ($p == "imprint") { require_once realpath(__DIR__ . '/../includes/pages/guest_imprint.php'); $title = credits_title(); $content = guest_credits(); } elseif ($p == "privacy") { require_once realpath(__DIR__ . '/../includes/pages/guest_privacy.php'); $title = credits_title(); $content = guest_credits(); } elseif ($p === "dashboard") { require_once realpath(__DIR__ . '/../includes/pages/dashboard.php'); $title = getDashboardTitle(); $content = get_dashboard(); } elseif ($p == "api_key") { require_once realpath(__DIR__ . '/../includes/controller/api_key.php'); $content = getAPIKey(); } else { require_once realpath(__DIR__ . '/../includes/pages/guest_start.php'); $content = guest_start(); } } else { // Wenn schon eingeloggt, keine-Berechtigung-Seite anzeigen if (isset($user)) { $title = _("No Access"); $content = _("You don't have permission to view this page. You probably have to sign in or register in order to gain access!"); } else { // Sonst zur Loginseite leiten redirect(page_link_to("login")); } } echo template_render('../templates/layout.html', array('theme' => isset($user) ? $user['color'] : $default_theme, 'title' => $title, 'atom_link' => $p == 'news' || $p == 'user_meetings' ? '<link href="' . page_link_to('atom') . ($p == 'user_meetings' ? '&meetings=1' : '') . '&key=' . $user['api_key'] . '" type="application/atom+xml" rel="alternate" title="Atom Feed">' : '', 'menu' => make_menu(), 'content' => msg() . $content, 'privacy_note' => PN_ShowNotice(), 'header_toolbar' => header_toolbar(), 'faq_url' => $faq_url, 'locale' => locale(), 'selectAllText' => _('Select all'), 'filterPlaceholder' => _("Search"), 'allSelectedText' => _("All selected"), 'nSelectedText' => _("selected"), 'nonSelectedText' => _("None selected")));
/** * Render a user nickname. * * @param User $user_source * @return string */ function User_Nick_render($user_source) { return '<a class="' . ($user_source['Gekommen'] ? '' : 'text-muted') . '" href="' . page_link_to('users') . '&action=view&user_id=' . $user_source['UID'] . '"><span class="icon-icon_angel"></span> ' . htmlspecialchars($user_source['Nick']) . '</a>'; }
function admin_shifts() { $ok = true; $rid = 0; $start = DateTime::createFromFormat("Y-m-d H:i", date("Y-m-d") . " 00:00")->getTimestamp(); $end = $start + 24 * 60 * 60; $mode = 'single'; $angelmode = 'manually'; $length = ''; $change_hours = array(); $title = ""; $shifttype_id = null; // Locations laden (auch unsichtbare - fuer Erzengel ist das ok) $rooms = sql_select("SELECT * FROM `Room` ORDER BY `Name`"); $room_array = array(); foreach ($rooms as $room) { $room_array[$room['RID']] = $room['Name']; } // Engeltypen laden $types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); $needed_angel_types = array(); foreach ($types as $type) { $needed_angel_types[$type['id']] = 0; } // Load shift types $shifttypes_source = ShiftTypes(); if ($shifttypes_source === false) { engelsystem_error('Unable to load shift types.'); } $shifttypes = []; foreach ($shifttypes_source as $shifttype) { $shifttypes[$shifttype['id']] = $shifttype['name']; } if (isset($_REQUEST['preview']) || isset($_REQUEST['back'])) { if (isset($_REQUEST['shifttype_id'])) { $shifttype = ShiftType($_REQUEST['shifttype_id']); if ($shifttype === false) { engelsystem_error('Unable to load shift type.'); } if ($shifttype == null) { $ok = false; error(_('Please select a shift type.')); } else { $shifttype_id = $_REQUEST['shifttype_id']; } } else { $ok = false; error(_('Please select a shift type.')); } // Name/Bezeichnung der Schicht, darf leer sein $title = strip_request_item('title'); // Auswahl der sichtbaren Locations für die Schichten if (isset($_REQUEST['rid']) && preg_match("/^[0-9]+\$/", $_REQUEST['rid']) && isset($room_array[$_REQUEST['rid']])) { $rid = $_REQUEST['rid']; } else { $ok = false; $rid = $rooms[0]['RID']; error(_('Please select a location.')); } if (isset($_REQUEST['start']) && ($tmp = DateTime::createFromFormat("Y-m-d H:i", trim($_REQUEST['start'])))) { $start = $tmp->getTimestamp(); } else { $ok = false; error(_('Please select a start time.')); } if (isset($_REQUEST['end']) && ($tmp = DateTime::createFromFormat("Y-m-d H:i", trim($_REQUEST['end'])))) { $end = $tmp->getTimestamp(); } else { $ok = false; error(_('Please select an end time.')); } if ($start >= $end) { $ok = false; error(_('The shifts end has to be after its start.')); } if (isset($_REQUEST['mode'])) { if ($_REQUEST['mode'] == 'single') { $mode = 'single'; } elseif ($_REQUEST['mode'] == 'multi') { if (isset($_REQUEST['length']) && preg_match("/^[0-9]+\$/", trim($_REQUEST['length']))) { $mode = 'multi'; $length = trim($_REQUEST['length']); } else { $ok = false; error(_('Please enter a shift duration in minutes.')); } } elseif ($_REQUEST['mode'] == 'variable') { if (isset($_REQUEST['change_hours']) && preg_match("/^([0-9]{2}(,|\$))/", trim(str_replace(" ", "", $_REQUEST['change_hours'])))) { $mode = 'variable'; $change_hours = array_map('trim', explode(",", $_REQUEST['change_hours'])); } else { $ok = false; error(_('Please split the shift-change hours by colons.')); } } } else { $ok = false; error(_('Please select a mode.')); } if (isset($_REQUEST['angelmode'])) { if ($_REQUEST['angelmode'] == 'location') { $angelmode = 'location'; } elseif ($_REQUEST['angelmode'] == 'manually') { $angelmode = 'manually'; foreach ($types as $type) { if (isset($_REQUEST['type_' . $type['id']]) && preg_match("/^[0-9]+\$/", trim($_REQUEST['type_' . $type['id']]))) { $needed_angel_types[$type['id']] = trim($_REQUEST['type_' . $type['id']]); } else { $ok = false; error(sprintf(_('Please check the needed angels for team %s.'), $type['name'])); } } if (array_sum($needed_angel_types) == 0) { $ok = false; error(_('There are 0 angels needed. Please enter the amounts of needed angels.')); } } else { $ok = false; error(_('Please select a mode for needed angels.')); } } else { $ok = false; error(_('Please select needed angels.')); } // Beim Zurück-Knopf das Formular zeigen if (isset($_REQUEST['back'])) { $ok = false; } // Alle Eingaben in Ordnung if ($ok) { if ($angelmode == 'location') { $needed_angel_types = array(); $needed_angel_types_location = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($rid) . "'"); foreach ($needed_angel_types_location as $type) { $needed_angel_types[$type['angel_type_id']] = $type['count']; } } $shifts = array(); if ($mode == 'single') { $shifts[] = array('start' => $start, 'end' => $end, 'RID' => $rid, 'title' => $title, 'shifttype_id' => $shifttype_id); } elseif ($mode == 'multi') { $shift_start = $start; do { $shift_end = $shift_start + $length * 60; if ($shift_end > $end) { $shift_end = $end; } if ($shift_start >= $shift_end) { break; } $shifts[] = array('start' => $shift_start, 'end' => $shift_end, 'RID' => $rid, 'title' => $title, 'shifttype_id' => $shifttype_id); $shift_start = $shift_end; } while ($shift_end < $end); } elseif ($mode == 'variable') { rsort($change_hours); $day = DateTime::createFromFormat("Y-m-d H:i", date("Y-m-d", $start) . " 00:00")->getTimestamp(); $change_index = 0; // Ersten/nächsten passenden Schichtwechsel suchen foreach ($change_hours as $i => $change_hour) { if ($start < $day + $change_hour * 60 * 60) { $change_index = $i; } elseif ($start == $day + $change_hour * 60 * 60) { // Start trifft Schichtwechsel $change_index = ($i + count($change_hours) - 1) % count($change_hours); break; } else { break; } } $shift_start = $start; do { $day = DateTime::createFromFormat("Y-m-d H:i", date("Y-m-d", $shift_start) . " 00:00")->getTimestamp(); $shift_end = $day + $change_hours[$change_index] * 60 * 60; if ($shift_end > $end) { $shift_end = $end; } if ($shift_start >= $shift_end) { $shift_end += 24 * 60 * 60; } $shifts[] = array('start' => $shift_start, 'end' => $shift_end, 'RID' => $rid, 'title' => $title, 'shifttype_id' => $shifttype_id); $shift_start = $shift_end; $change_index = ($change_index + count($change_hours) - 1) % count($change_hours); } while ($shift_end < $end); } $shifts_table = array(); foreach ($shifts as $shift) { $shifts_table_entry = ['timeslot' => '<span class="glyphicon glyphicon-time"></span> ' . date("Y-m-d H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']) . '<br />' . Room_name_render(Room($shift['RID'])), 'title' => ShiftType_name_render(ShiftType($shifttype_id)) . ($shift['title'] ? '<br />' . $shift['title'] : ''), 'needed_angels' => '']; foreach ($types as $type) { if (isset($needed_angel_types[$type['id']]) && $needed_angel_types[$type['id']] > 0) { $shifts_table_entry['needed_angels'] .= '<b>' . AngelType_name_render($type) . ':</b> ' . $needed_angel_types[$type['id']] . '<br />'; } } $shifts_table[] = $shifts_table_entry; } // Fürs Anlegen zwischenspeichern: $_SESSION['admin_shifts_shifts'] = $shifts; $_SESSION['admin_shifts_types'] = $needed_angel_types; $hidden_types = ""; foreach ($needed_angel_types as $type_id => $count) { $hidden_types .= form_hidden('type_' . $type_id, $count); } return page_with_title(_("Preview"), array(form(array($hidden_types, form_hidden('shifttype_id', $shifttype_id), form_hidden('title', $title), form_hidden('rid', $rid), form_hidden('start', date("Y-m-d H:i", $start)), form_hidden('end', date("Y-m-d H:i", $end)), form_hidden('mode', $mode), form_hidden('length', $length), form_hidden('change_hours', implode(', ', $change_hours)), form_hidden('angelmode', $angelmode), form_submit('back', _("back")), table(array('timeslot' => _('Time and location'), 'title' => _('Type and title'), 'needed_angels' => _('Needed angels')), $shifts_table), form_submit('submit', _("Save")))))); } } elseif (isset($_REQUEST['submit'])) { if (!is_array($_SESSION['admin_shifts_shifts']) || !is_array($_SESSION['admin_shifts_types'])) { redirect(page_link_to('admin_shifts')); } foreach ($_SESSION['admin_shifts_shifts'] as $shift) { $shift['URL'] = null; $shift['PSID'] = null; $shift_id = Shift_create($shift); if ($shift_id === false) { engelsystem_error('Unable to create shift.'); } engelsystem_log("Shift created: " . $shifttypes[$shift['shifttype_id']] . " with title " . $shift['title'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end'])); $needed_angel_types_info = array(); foreach ($_SESSION['admin_shifts_types'] as $type_id => $count) { $angel_type_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($type_id) . "' LIMIT 1"); if (count($angel_type_source) > 0) { sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`='" . sql_escape($shift_id) . "', `angel_type_id`='" . sql_escape($type_id) . "', `count`='" . sql_escape($count) . "'"); $needed_angel_types_info[] = $angel_type_source[0]['name'] . ": " . $count; } } } engelsystem_log("Shift needs following angel types: " . join(", ", $needed_angel_types_info)); success("Schichten angelegt."); redirect(page_link_to('admin_shifts')); } else { unset($_SESSION['admin_shifts_shifts']); unset($_SESSION['admin_shifts_types']); } if (!isset($_REQUEST['rid'])) { $_REQUEST['rid'] = null; } $room_select = html_select_key('rid', 'rid', $room_array, $_REQUEST['rid']); $angel_types = ""; foreach ($types as $type) { $angel_types .= form_spinner('type_' . $type['id'], $type['name'], $needed_angel_types[$type['id']]); } return page_with_title(admin_shifts_title(), array(msg(), form(array(form_select('shifttype_id', _('Shifttype'), $shifttypes, $shifttype_id), form_text('title', _("Title"), $title), form_select('rid', _("Room"), $room_array, $_REQUEST['rid']), '<div class="row">', '<div class="col-md-6">', form_text('start', _("Start"), date("Y-m-d H:i", $start)), form_text('end', _("End"), date("Y-m-d H:i", $end)), form_info(_("Mode"), ''), form_radio('mode', _("Create one shift"), $mode == 'single', 'single'), form_radio('mode', _("Create multiple shifts"), $mode == 'multi', 'multi'), form_text('length', _("Length"), !empty($_REQUEST['length']) ? $_REQUEST['length'] : '120'), form_radio('mode', _("Create multiple shifts with variable length"), $mode == 'variable', 'variable'), form_text('change_hours', _("Shift change hours"), !empty($_REQUEST['change_hours']) ? $_REQUEST['change_hours'] : '00, 04, 08, 10, 12, 14, 16, 18, 20, 22'), '</div>', '<div class="col-md-6">', form_info(_("Needed angels"), ''), form_radio('angelmode', _("Take needed angels from room settings"), $angelmode == 'location', 'location'), form_radio('angelmode', _("The following angels are needed"), $angelmode == 'manually', 'manually'), $angel_types, '</div>', '</div>', form_submit('preview', _("Preview")))))); }