/**
* Create an Angeltype.
*
* @param string $name
* @param boolean $restricted
* @param string $description
* @return New Angeltype id
*/
function AngelType_create($name, $restricted, $description, $requires_driver_license)
{
$result = sql_query("\n INSERT INTO `AngelTypes` SET \n `name`='" . sql_escape($name) . "', \n `restricted`=" . sql_bool($restricted) . ",\n `description`='" . sql_escape($description) . "',\n `requires_driver_license`=" . sql_bool($requires_driver_license));
if ($result === false) {
return false;
}
return sql_id();
}
function user_settings()
{
global $enable_tshirt_size, $tshirt_sizes, $themes, $locales;
global $user;
$msg = "";
$nick = $user['Nick'];
$lastname = $user['Name'];
$prename = $user['Vorname'];
$age = $user['Alter'];
$tel = $user['Telefon'];
$dect = $user['DECT'];
$mobile = $user['Handy'];
$mail = $user['email'];
$email_shiftinfo = $user['email_shiftinfo'];
$jabber = $user['jabber'];
$hometown = $user['Hometown'];
$tshirt_size = $user['Size'];
$password_hash = "";
$selected_theme = $user['color'];
$selected_language = $user['Sprache'];
$planned_arrival_date = $user['planned_arrival_date'];
$planned_departure_date = $user['planned_departure_date'];
if (isset($_REQUEST['submit'])) {
$ok = true;
if (isset($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) {
$mail = strip_request_item('mail');
if (!check_email($mail)) {
$ok = false;
$msg .= error(_("E-mail address is not correct."), true);
}
} else {
$ok = false;
$msg .= error(_("Please enter your e-mail."), true);
}
$email_shiftinfo = isset($_REQUEST['email_shiftinfo']);
if (isset($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) {
$jabber = strip_request_item('jabber');
if (!check_email($jabber)) {
$ok = false;
$msg .= error(_("Please check your jabber account information."), true);
}
}
if (isset($_REQUEST['tshirt_size']) && isset($tshirt_sizes[$_REQUEST['tshirt_size']])) {
$tshirt_size = $_REQUEST['tshirt_size'];
} elseif ($enable_tshirt_size) {
$ok = false;
}
if (isset($_REQUEST['planned_arrival_date']) && DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))) {
$planned_arrival_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))->getTimestamp();
} else {
$ok = false;
$msg .= error(_("Please enter your planned date of arrival."), true);
}
if (isset($_REQUEST['planned_departure_date']) && $_REQUEST['planned_departure_date'] != '') {
if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_departure_date']))) {
$planned_departure_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_departure_date']))->getTimestamp();
} else {
$ok = false;
$msg .= error(_("Please enter your planned date of departure."), true);
}
} else {
$planned_departure_date = null;
}
// Trivia
if (isset($_REQUEST['lastname'])) {
$lastname = strip_request_item('lastname');
}
if (isset($_REQUEST['prename'])) {
$prename = strip_request_item('prename');
}
if (isset($_REQUEST['age']) && preg_match("/^[0-9]{0,4}\$/", $_REQUEST['age'])) {
$age = strip_request_item('age');
}
if (isset($_REQUEST['tel'])) {
$tel = strip_request_item('tel');
}
if (isset($_REQUEST['dect'])) {
$dect = strip_request_item('dect');
}
if (isset($_REQUEST['mobile'])) {
$mobile = strip_request_item('mobile');
}
if (isset($_REQUEST['hometown'])) {
$hometown = strip_request_item('hometown');
}
if ($ok) {
sql_query("\n UPDATE `User` SET\n `Nick`='" . sql_escape($nick) . "',\n `Vorname`='" . sql_escape($prename) . "',\n `Name`='" . sql_escape($lastname) . "',\n `Alter`='" . sql_escape($age) . "',\n `Telefon`='" . sql_escape($tel) . "',\n `DECT`='" . sql_escape($dect) . "',\n `Handy`='" . sql_escape($mobile) . "',\n `email`='" . sql_escape($mail) . "',\n `email_shiftinfo`=" . sql_bool($email_shiftinfo) . ",\n `jabber`='" . sql_escape($jabber) . "',\n `Size`='" . sql_escape($tshirt_size) . "',\n `Hometown`='" . sql_escape($hometown) . "',\n `planned_arrival_date`='" . sql_escape($planned_arrival_date) . "',\n `planned_departure_date`=" . sql_null($planned_departure_date) . "\n WHERE `UID`='" . sql_escape($user['UID']) . "'");
success(_("Settings saved."));
redirect(page_link_to('user_settings'));
}
} elseif (isset($_REQUEST['submit_password'])) {
$ok = true;
if (!isset($_REQUEST['password']) || !verify_password($_REQUEST['password'], $user['Passwort'], $user['UID'])) {
$msg .= error(_("-> not OK. Please try again."), true);
} elseif (strlen($_REQUEST['new_password']) < MIN_PASSWORD_LENGTH) {
$msg .= error(_("Your password is to short (please use at least 6 characters)."), true);
} elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2']) {
$msg .= error(_("Your passwords don't match."), true);
} elseif (set_password($user['UID'], $_REQUEST['new_password'])) {
success(_("Password saved."));
} else {
error(_("Failed setting password."));
}
redirect(page_link_to('user_settings'));
} elseif (isset($_REQUEST['submit_theme'])) {
$ok = true;
if (isset($_REQUEST['theme']) && isset($themes[$_REQUEST['theme']])) {
$selected_theme = $_REQUEST['theme'];
} else {
$ok = false;
}
if ($ok) {
sql_query("UPDATE `User` SET `color`='" . sql_escape($selected_theme) . "' WHERE `UID`='" . sql_escape($user['UID']) . "'");
success(_("Theme changed."));
redirect(page_link_to('user_settings'));
}
} elseif (isset($_REQUEST['submit_language'])) {
$ok = true;
if (isset($_REQUEST['language']) && isset($locales[$_REQUEST['language']])) {
$selected_language = $_REQUEST['language'];
} else {
$ok = false;
}
if ($ok) {
sql_query("UPDATE `User` SET `Sprache`='" . sql_escape($selected_language) . "' WHERE `UID`='" . sql_escape($user['UID']) . "'");
$_SESSION['locale'] = $selected_language;
success("Language changed.");
redirect(page_link_to('user_settings'));
}
}
return page_with_title(settings_title(), array($msg, msg(), div('row', array(div('col-md-6', array(form(array(form_info('', _("Here you can change your user details.")), form_info(entry_required() . ' = ' . _("Entry required!")), form_text('nick', _("Nick"), $nick, true), form_text('lastname', _("Last name"), $lastname), form_text('prename', _("First name"), $prename), form_date('planned_arrival_date', _("Planned date of arrival") . ' ' . entry_required(), $planned_arrival_date, time()), form_date('planned_departure_date', _("Planned date of departure"), $planned_departure_date, time()), form_text('age', _("Age"), $age), form_text('tel', _("Phone"), $tel), form_text('dect', _("DECT"), $dect), form_text('mobile', _("Mobile"), $mobile), form_text('mail', _("E-Mail") . ' ' . entry_required(), $mail), form_checkbox('email_shiftinfo', _("Please send me an email if my shifts change"), $email_shiftinfo), form_text('jabber', _("Jabber"), $jabber), form_text('hometown', _("Hometown"), $hometown), $enable_tshirt_size ? form_select('tshirt_size', _("Shirt size"), $tshirt_sizes, $tshirt_size) : '', form_info('', _('Please visit the angeltypes page to manage your angeltypes.')), form_submit('submit', _("Save")))))), div('col-md-6', array(form(array(form_info(_("Here you can change your password.")), form_password('password', _("Old password:"******"New password:"******"Password confirmation:")), form_submit('submit_password', _("Save")))), form(array(form_info(_("Here you can choose your color settings:")), form_select('theme', _("Color settings:"), $themes, $selected_theme), form_submit('submit_theme', _("Save")))), form(array(form_info(_("Here you can choose your language:")), form_select('language', _("Language:"), $locales, $selected_language), form_submit('submit_language', _("Save"))))))))));
}
function guest_register()
{
global $tshirt_sizes, $enable_tshirt_size, $default_theme;
$msg = "";
$nick = "";
$lastname = "";
$prename = "";
$age = "";
$tel = "";
$dect = "";
$mobile = "";
$mail = "";
$email_shiftinfo = false;
$jabber = "";
$hometown = "";
$comment = "";
$tshirt_size = '';
$password_hash = "";
$selected_angel_types = array();
$planned_arrival_date = null;
$angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
$angel_types = array();
foreach ($angel_types_source as $angel_type) {
$angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : "");
if (!$angel_type['restricted']) {
$selected_angel_types[] = $angel_type['id'];
}
}
if (isset($_REQUEST['submit'])) {
$ok = true;
if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 1) {
$nick = User_validate_Nick($_REQUEST['nick']);
if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' LIMIT 1") > 0) {
$ok = false;
$msg .= error(sprintf(_("Your nick "%s" already exists."), $nick), true);
}
} else {
$ok = false;
$msg .= error(sprintf(_("Your nick "%s" is too short (min. 2 characters)."), User_validate_Nick($_REQUEST['nick'])), true);
}
if (isset($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) {
$mail = strip_request_item('mail');
if (!check_email($mail)) {
$ok = false;
$msg .= error(_("E-mail address is not correct."), true);
}
} else {
$ok = false;
$msg .= error(_("Please enter your e-mail."), true);
}
if (isset($_REQUEST['email_shiftinfo'])) {
$email_shiftinfo = true;
}
if (isset($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) {
$jabber = strip_request_item('jabber');
if (!check_email($jabber)) {
$ok = false;
$msg .= error(_("Please check your jabber account information."), true);
}
}
if ($enable_tshirt_size) {
if (isset($_REQUEST['tshirt_size']) && isset($tshirt_sizes[$_REQUEST['tshirt_size']]) && $_REQUEST['tshirt_size'] != '') {
$tshirt_size = $_REQUEST['tshirt_size'];
} else {
$ok = false;
$msg .= error(_("Please select your shirt size."), true);
}
}
if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) {
if ($_REQUEST['password'] != $_REQUEST['password2']) {
$ok = false;
$msg .= error(_("Your passwords don't match."), true);
}
} else {
$ok = false;
$msg .= error(sprintf(_("Your password is too short (please use at least %s characters)."), MIN_PASSWORD_LENGTH), true);
}
if (isset($_REQUEST['planned_arrival_date']) && DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))) {
$planned_arrival_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))->getTimestamp();
} else {
$ok = false;
$msg .= error(_("Please enter your planned date of arrival."), true);
}
$selected_angel_types = array();
foreach ($angel_types as $angel_type_id => $angel_type_name) {
if (isset($_REQUEST['angel_types_' . $angel_type_id])) {
$selected_angel_types[] = $angel_type_id;
}
}
// Trivia
if (isset($_REQUEST['lastname'])) {
$lastname = strip_request_item('lastname');
}
if (isset($_REQUEST['prename'])) {
$prename = strip_request_item('prename');
}
if (isset($_REQUEST['age']) && preg_match("/^[0-9]{0,4}\$/", $_REQUEST['age'])) {
$age = strip_request_item('age');
}
if (isset($_REQUEST['tel'])) {
$tel = strip_request_item('tel');
}
if (isset($_REQUEST['dect'])) {
$dect = strip_request_item('dect');
}
if (isset($_REQUEST['mobile'])) {
$mobile = strip_request_item('mobile');
}
if (isset($_REQUEST['hometown'])) {
$hometown = strip_request_item('hometown');
}
if (isset($_REQUEST['comment'])) {
$comment = strip_request_item_nl('comment');
}
if ($ok) {
sql_query("\n INSERT INTO `User` SET \n `color`='" . sql_escape($default_theme) . "', \n `Nick`='" . sql_escape($nick) . "', \n `Vorname`='" . sql_escape($prename) . "', \n `Name`='" . sql_escape($lastname) . "', \n `Alter`='" . sql_escape($age) . "', \n `Telefon`='" . sql_escape($tel) . "', \n `DECT`='" . sql_escape($dect) . "', \n `Handy`='" . sql_escape($mobile) . "', \n `email`='" . sql_escape($mail) . "', \n `email_shiftinfo`=" . sql_bool($email_shiftinfo) . ", \n `jabber`='" . sql_escape($jabber) . "',\n `Size`='" . sql_escape($tshirt_size) . "', \n `Passwort`='" . sql_escape($password_hash) . "', \n `kommentar`='" . sql_escape($comment) . "', \n `Hometown`='" . sql_escape($hometown) . "', \n `CreateDate`=NOW(), \n `Sprache`='" . sql_escape($_SESSION["locale"]) . "',\n `arrival_date`=NULL,\n `planned_arrival_date`='" . sql_escape($planned_arrival_date) . "'");
// Assign user-group and set password
$user_id = sql_id();
sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($user_id) . "', `group_id`=-2");
set_password($user_id, $_REQUEST['password']);
// Assign angel-types
$user_angel_types_info = array();
foreach ($selected_angel_types as $selected_angel_type_id) {
sql_query("INSERT INTO `UserAngelTypes` SET `user_id`='" . sql_escape($user_id) . "', `angeltype_id`='" . sql_escape($selected_angel_type_id) . "'");
$user_angel_types_info[] = $angel_types[$selected_angel_type_id];
}
engelsystem_log("User " . $nick . " signed up as: " . join(", ", $user_angel_types_info));
success(_("Angel registration successful!"));
redirect('?');
}
}
return page_with_title(register_title(), array(_("By completing this form you're registering as a Chaos-Angel. This script will create you an account in the angel task sheduler."), $msg, msg(), form(array(div('row', array(div('col-md-6', array(div('row', array(div('col-sm-4', array(form_text('nick', _("Nick") . ' ' . entry_required(), $nick))), div('col-sm-8', array(form_email('mail', _("E-Mail") . ' ' . entry_required(), $mail), form_checkbox('email_shiftinfo', _("Please send me an email if my shifts change"), $email_shiftinfo))))), div('row', array(div('col-sm-6', array(form_date('planned_arrival_date', _("Planned date of arrival") . ' ' . entry_required(), $planned_arrival_date, time()))), div('col-sm-6', array($enable_tshirt_size ? form_select('tshirt_size', _("Shirt size") . ' ' . entry_required(), $tshirt_sizes, $tshirt_size) : '')))), div('row', array(div('col-sm-6', array(form_password('password', _("Password") . ' ' . entry_required()))), div('col-sm-6', array(form_password('password2', _("Confirm password") . ' ' . entry_required()))))), form_checkboxes('angel_types', _("What do you want to do?") . sprintf(" (<a href=\"%s\">%s</a>)", page_link_to('angeltypes') . '&action=about', _("Description of job types")), $angel_types, $selected_angel_types), form_info("", _("Restricted angel types need will be confirmed later by an archangel. You can change your selection in the options section.")))), div('col-md-6', array(div('row', array(div('col-sm-4', array(form_text('dect', _("DECT"), $dect))), div('col-sm-4', array(form_text('mobile', _("Mobile"), $mobile))), div('col-sm-4', array(form_text('tel', _("Phone"), $tel))))), form_text('jabber', _("Jabber"), $jabber), div('row', array(div('col-sm-6', array(form_text('prename', _("First name"), $prename))), div('col-sm-6', array(form_text('lastname', _("Last name"), $lastname))))), div('row', array(div('col-sm-3', array(form_text('age', _("Age"), $age))), div('col-sm-9', array(form_text('hometown', _("Hometown"), $hometown))))), form_info(entry_required() . ' = ' . _("Entry required!")))))), form_submit('submit', _("Register"))))));
}
function admin_user()
{
global $user, $privileges, $tshirt_sizes, $privileges;
$html = '';
if (!isset($_REQUEST['id'])) {
redirect(users_link());
}
$id = $_REQUEST['id'];
if (!isset($_REQUEST['action'])) {
$user_source = User($id);
if ($user_source === false) {
engelsystem_error('Unable to load user.');
}
if ($user_source == null) {
error(_('This user does not exist.'));
redirect(users_link());
}
$html .= "Hallo,<br />" . "hier kannst du den Eintrag ändern. Unter dem Punkt 'Gekommen' " . "wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " . "dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " . "Wenn T-Shirt ein 'Ja' enthält, bedeutet dies, dass der Engel " . "bereits sein T-Shirt erhalten hat.<br /><br />\n";
$html .= "<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=save&id={$id}\" method=\"post\">\n";
$html .= "<table border=\"0\">\n";
$html .= "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n";
$SQL = "SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "'";
list($user_source) = sql_select($SQL);
$html .= "<tr><td>\n";
$html .= "<table>\n";
$html .= " <tr><td>Nick</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eNick\" value=\"" . $user_source['Nick'] . "\"></td></tr>\n";
$html .= " <tr><td>lastLogIn</td><td>" . date("Y-m-d H:i", $user_source['lastLogIn']) . "</td></tr>\n";
$html .= " <tr><td>Name</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eName\" value=\"" . $user_source['Name'] . "\"></td></tr>\n";
$html .= " <tr><td>Vorname</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eVorname\" value=\"" . $user_source['Vorname'] . "\"></td></tr>\n";
$html .= " <tr><td>Alter</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"5\" name=\"eAlter\" value=\"" . $user_source['Alter'] . "\"></td></tr>\n";
$html .= " <tr><td>Telefon</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" . $user_source['Telefon'] . "\"></td></tr>\n";
$html .= " <tr><td>Handy</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eHandy\" value=\"" . $user_source['Handy'] . "\"></td></tr>\n";
$html .= " <tr><td>DECT</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"4\" name=\"eDECT\" value=\"" . $user_source['DECT'] . "\"></td></tr>\n";
$html .= " <tr><td>email</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eemail\" value=\"" . $user_source['email'] . "\"></td></tr>\n";
$html .= " <tr><td>" . form_checkbox('email_shiftinfo', _("Please send me an email if my shifts change"), $user_source['email_shiftinfo']) . "</td></tr>\n";
$html .= " <tr><td>jabber</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"ejabber\" value=\"" . $user_source['jabber'] . "\"></td></tr>\n";
$html .= " <tr><td>Size</td><td>" . html_select_key('size', 'eSize', $tshirt_sizes, $user_source['Size']) . "</td></tr>\n";
$options = array('1' => "Yes", '0' => "No");
// Gekommen?
$html .= " <tr><td>Gekommen</td><td>\n";
$html .= html_options('eGekommen', $options, $user_source['Gekommen']) . "</td></tr>\n";
// Aktiv?
$html .= " <tr><td>Aktiv</td><td>\n";
$html .= html_options('eAktiv', $options, $user_source['Aktiv']) . "</td></tr>\n";
// Aktiv erzwingen
if (in_array('admin_active', $privileges)) {
$html .= " <tr><td>" . _("Force active") . "</td><td>\n";
$html .= html_options('force_active', $options, $user_source['force_active']) . "</td></tr>\n";
}
// T-Shirt bekommen?
$html .= " <tr><td>T-Shirt</td><td>\n";
$html .= html_options('eTshirt', $options, $user_source['Tshirt']) . "</td></tr>\n";
$html .= " <tr><td>Hometown</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"Hometown\" value=\"" . $user_source['Hometown'] . "\"></td></tr>\n";
$html .= "</table>\n</td><td valign=\"top\"></td></tr>";
$html .= "</td></tr>\n";
$html .= "</table>\n<br />\n";
$html .= "<input class=\"btn btn-primary\" type=\"submit\" value=\"Speichern\">\n";
$html .= "</form>";
$html .= "<hr />";
$html .= form_info('', _('Please visit the angeltypes page or the users profile to manage users angeltypes.'));
$html .= "Hier kannst Du das Passwort dieses Engels neu setzen:<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=change_pw&id={$id}\" method=\"post\">\n";
$html .= "<br /><table>\n";
$html .= " <tr><td width=\"30%\">Passwort </td><td>" . "<input class=\"form-control\" type=\"password\" size=\"40\" name=\"new_pw\" value=\"\"></td></tr>\n";
$html .= " <tr><td width=\"30%\">Wiederholung </td><td>" . "<input class=\"form-control\" type=\"password\" size=\"40\" name=\"new_pw2\" value=\"\"></td></tr>\n";
$html .= "</table>";
$html .= "<div class=\"form-group\"><input class=\"btn btn-primary\" type=\"submit\" value=\"Speichern\"></div>\n";
$html .= "</form>";
$html .= "<hr />";
$my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user['UID']) . "' ORDER BY `group_id` LIMIT 1");
if (count($my_highest_group) > 0) {
$my_highest_group = $my_highest_group[0]['group_id'];
}
$his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "' ORDER BY `group_id` LIMIT 1");
if (count($his_highest_group) > 0) {
$his_highest_group = $his_highest_group[0]['group_id'];
}
if ($id != $user['UID'] && $my_highest_group <= $his_highest_group) {
$html .= "Hier kannst Du die Benutzergruppen des Engels festlegen:<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=save_groups&id=" . $id . "\" method=\"post\">\n";
$html .= '<table>';
$groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group) . "' ORDER BY `Groups`.`Name`");
foreach ($groups as $group) {
$html .= '<tr><td><input type="checkbox" name="groups[]" value="' . $group['UID'] . '"' . ($group['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $group['Name'] . '</td></tr>';
}
$html .= '</table>';
$html .= "<input class=\"btn btn-primary\" type=\"submit\" value=\"Speichern\">\n";
$html .= "</form>";
$html .= "<hr />";
}
$html .= "<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=delete&id=" . $id . "\" method=\"post\">\n";
$html .= "<tr><td><input class=\"btn btn-primary\" type=\"submit\" value=\"Löschen\"></td></tr>\n";
$html .= "</form>";
$html .= "<hr />";
} else {
switch ($_REQUEST['action']) {
case 'save_groups':
if ($id != $user['UID']) {
$my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user['UID']) . "' ORDER BY `group_id`");
$his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "' ORDER BY `group_id`");
if (count($my_highest_group) > 0 && (count($his_highest_group) == 0 || $my_highest_group[0]['group_id'] <= $his_highest_group[0]['group_id'])) {
$groups_source = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group[0]['group_id']) . "' ORDER BY `Groups`.`Name`");
$groups = array();
$grouplist = array();
foreach ($groups_source as $group) {
$groups[$group['UID']] = $group;
$grouplist[] = $group['UID'];
}
if (!is_array($_REQUEST['groups'])) {
$_REQUEST['groups'] = array();
}
sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'");
$user_groups_info = array();
foreach ($_REQUEST['groups'] as $group) {
if (in_array($group, $grouplist)) {
sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($id) . "', `group_id`='" . sql_escape($group) . "'");
$user_groups_info[] = $groups[$group]['Name'];
}
}
$user_source = User($id);
engelsystem_log("Set groups of " . User_Nick_render($user_source) . " to: " . join(", ", $user_groups_info));
$html .= success("Benutzergruppen gespeichert.", true);
} else {
$html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.", true);
}
} else {
$html .= error("Du kannst Deine eigenen Rechte nicht bearbeiten.", true);
}
break;
case 'delete':
if ($user['UID'] != $id) {
$user_source = sql_select("SELECT `Nick`, `UID` FROM `User` WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1");
sql_query("DELETE FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'");
engelsystem_log("Deleted user " . User_Nick_render($user_source));
$html .= success("Benutzer gelöscht!", true);
} else {
$html .= error("Du kannst Dich nicht selber löschen!", true);
}
break;
case 'save':
$force_active = $user['force_active'];
if (in_array('admin_active', $privileges)) {
$force_active = $_REQUEST['force_active'];
}
$SQL = "UPDATE `User` SET \n `Nick` = '" . sql_escape($_POST["eNick"]) . "', \n `Name` = '" . sql_escape($_POST["eName"]) . "', \n `Vorname` = '" . sql_escape($_POST["eVorname"]) . "', \n `Telefon` = '" . sql_escape($_POST["eTelefon"]) . "', \n `Handy` = '" . sql_escape($_POST["eHandy"]) . "', \n `Alter` = '" . sql_escape($_POST["eAlter"]) . "', \n `DECT` = '" . sql_escape($_POST["eDECT"]) . "', \n `email` = '" . sql_escape($_POST["eemail"]) . "', \n `email_shiftinfo` = " . sql_bool(isset($_REQUEST['email_shiftinfo'])) . ", \n `jabber` = '" . sql_escape($_POST["ejabber"]) . "', \n `Size` = '" . sql_escape($_POST["eSize"]) . "', \n `Gekommen`= '" . sql_escape($_POST["eGekommen"]) . "', \n `Aktiv`= '" . sql_escape($_POST["eAktiv"]) . "', \n `force_active`= " . sql_escape($force_active) . ", \n `Tshirt` = '" . sql_escape($_POST["eTshirt"]) . "', \n `Hometown` = '" . sql_escape($_POST["Hometown"]) . "' \n WHERE `UID` = '" . sql_escape($id) . "' \n LIMIT 1";
sql_query($SQL);
engelsystem_log("Updated user: "******"eNick"] . ", " . $_POST["eSize"] . ", available: " . $_POST["eGekommen"] . ", active: " . $_POST["eAktiv"] . ", tshirt: " . $_POST["eTshirt"]);
$html .= success("Änderung wurde gespeichert...\n", true);
break;
case 'change_pw':
if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) {
set_password($id, $_REQUEST['new_pw']);
$user_source = User($id);
engelsystem_log("Set new password for " . User_Nick_render($user_source));
$html .= success("Passwort neu gesetzt.", true);
} else {
$html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true);
}
break;
}
}
return page_with_title(_('Edit user'), array($html));
}
/**
* Add or remove coordinator rights.
*
* @param int $user_angeltype_id
* @param bool $coordinator
*/
function UserAngelType_update($user_angeltype_id, $coordinator)
{
return sql_query("\n UPDATE `UserAngelTypes`\n SET `coordinator`=" . sql_bool($coordinator) . "\n WHERE `id`='" . sql_escape($user_angeltype_id) . "'\n LIMIT 1");
}
/**
* Update a shift entry.
*/
function ShiftEntry_update($shift_entry)
{
return sql_query("UPDATE `ShiftEntry` SET\n `Comment`='" . sql_escape($shift_entry['Comment']) . "',\n `freeload_comment`='" . sql_escape($shift_entry['freeload_comment']) . "',\n `freeloaded`=" . sql_bool($shift_entry['freeloaded']) . "\n WHERE `id`='" . sql_escape($shift_entry['id']) . "'");
}
function guest_register()
{
global $default_theme, $genders;
$msg = "";
$nick = "";
$lastname = "";
$prename = "";
$age = "";
$tel = "";
$mobile = "";
$mail = "";
$email_shiftinfo = false;
$hometown = "";
$comment = "";
$password_hash = "";
$selected_angel_types = array();
$gender = "none";
$angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
$angel_types = array();
foreach ($angel_types_source as $angel_type) {
$angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : "");
if (!$angel_type['restricted']) {
$selected_angel_types[] = $angel_type['id'];
}
}
if (isset($_REQUEST['submit'])) {
$ok = true;
if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 1) {
$nick = User_validate_Nick($_REQUEST['nick']);
if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' LIMIT 1") > 0) {
$ok = false;
$msg .= error(sprintf(_("Your nick "%s" already exists."), $nick), true);
}
} else {
$ok = false;
$msg .= error(sprintf(_("Your nick "%s" is too short (min. 2 characters)."), User_validate_Nick($_REQUEST['nick'])), true);
}
if (isset($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) {
$mail = strip_request_item('mail');
if (!check_email($mail)) {
$ok = false;
$msg .= error(_("E-mail address is not correct."), true);
}
} else {
$ok = false;
$msg .= error(_("Please enter your e-mail."), true);
}
if (isset($_REQUEST['email_shiftinfo'])) {
$email_shiftinfo = true;
}
if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) {
if ($_REQUEST['password'] != $_REQUEST['password2']) {
$ok = false;
$msg .= error(_("Your passwords don't match."), true);
}
} else {
$ok = false;
$msg .= error(sprintf(_("Your password is too short (please use at least %s characters)."), MIN_PASSWORD_LENGTH), true);
}
$selected_angel_types = array();
foreach ($angel_types as $angel_type_id => $angel_type_name) {
if (isset($_REQUEST['angel_types_' . $angel_type_id])) {
$selected_angel_types[] = $angel_type_id;
}
}
// Trivia
if (isset($_REQUEST['lastname'])) {
$lastname = strip_request_item('lastname');
}
if (isset($_REQUEST['prename'])) {
$prename = strip_request_item('prename');
}
if (isset($_REQUEST['age']) && preg_match("/^[0-9]{0,4}\$/", $_REQUEST['age'])) {
$age = strip_request_item('age');
}
if (isset($_REQUEST['tel'])) {
$tel = strip_request_item('tel');
}
if (isset($_REQUEST['mobile'])) {
$mobile = strip_request_item('mobile');
}
if (isset($_REQUEST['hometown'])) {
$hometown = strip_request_item('hometown');
}
if (isset($_REQUEST['comment'])) {
$comment = strip_request_item_nl('comment');
}
if (isset($_REQUEST['gender']) && array_key_exists($_REQUEST['gender'], $genders)) {
$gender = $_REQUEST['gender'];
}
if ($ok) {
$confirmationToken = bin2hex(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM));
$confirmationTokenUrl = page_link_to_absolute('user_activate_account') . '&token=' . $confirmationToken;
sql_query("\n INSERT INTO `User` SET \n `color`='" . sql_escape($default_theme) . "', \n `Nick`='" . sql_escape($nick) . "', \n `Vorname`='" . sql_escape($prename) . "', \n `Name`='" . sql_escape($lastname) . "', \n `Alter`='" . sql_escape($age) . "', \n `gender`='" . sql_escape($gender) . "',\n `Telefon`='" . sql_escape($tel) . "', \n `Handy`='" . sql_escape($mobile) . "', \n `email`='" . sql_escape($mail) . "', \n `email_shiftinfo`=" . sql_bool($email_shiftinfo) . ", \n `Passwort`='" . sql_escape($password_hash) . "', \n `kommentar`='" . sql_escape($comment) . "', \n `Hometown`='" . sql_escape($hometown) . "', \n `CreateDate`=NOW(), \n `Sprache`='" . sql_escape($_SESSION["locale"]) . "',\n `arrival_date`=NULL,\n `planned_arrival_date`= 0,\n `mailaddress_verification_token` = '" . sql_escape($confirmationToken) . "',\n `user_account_approved` = 0");
// Assign user-group and set password
$user_id = sql_id();
sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($user_id) . "', `group_id`=-2");
set_password($user_id, $_REQUEST['password']);
// Assign angel-types
$user_angel_types_info = array();
foreach ($selected_angel_types as $selected_angel_type_id) {
sql_query("INSERT INTO `UserAngelTypes` SET `user_id`='" . sql_escape($user_id) . "', `angeltype_id`='" . sql_escape($selected_angel_type_id) . "'");
$user_angel_types_info[] = $angel_types[$selected_angel_type_id];
}
engelsystem_log("User " . $nick . " signed up as: " . join(", ", $user_angel_types_info));
engelsystem_email($mail, _('Please confirm your eMail-address'), sprintf(_('Hello %1$s! Thanks for signing up at Engelsystem. Please confirm your eMail-address by clicking the following link: %2$s'), $mail, $confirmationTokenUrl));
success(_("Angel registration successful! Please click the confirmation link in the eMail we sent you to activate your account."));
redirect('?');
}
}
return page_with_title(register_title(), array(_("By completing this form you're registering as an helper. Please enter a username/nick of your choice, your e-mail adress and your full name. Only your nick will be shown to other users."), $msg, msg(), form(array(div('row', array(div('col-md-6', array(div('row', array(div('col-sm-4', array(form_text('nick', _("Nick") . ' ' . entry_required(), $nick))), div('col-sm-8', array(form_email('mail', _("E-Mail") . ' ' . entry_required(), $mail), form_checkbox('email_shiftinfo', _("Please keep me informed by e-mail, e.g. if my shifts change"), $email_shiftinfo))), div('col-sm-4', array(form_text('prename', _("First name") . ' ' . entry_required(), $prename))), div('col-sm-4', array(form_text('lastname', _("Last name") . ' ' . entry_required(), $lastname))))), div('row', array(div('col-sm-6', array()), div('col-sm-6', array()))), div('row', array(div('col-sm-6', array(form_password('password', _("Password") . ' ' . entry_required()))), div('col-sm-6', array(form_password('password2', _("Confirm password") . ' ' . entry_required()))))))), div('col-md-6', array(div('row', array(div('col-sm-4', array(form_text('mobile', _("Mobile"), $mobile))), div('col-sm-4', array(form_text('tel', _("Phone"), $tel))))), div('row', array(div('col-sm-3', array(form_text('age', _("Age"), $age))), div('col-sm-6', array(form_text('comment', _("Additional Information(Language / Profession)"), $comment))))), form_info(entry_required() . ' = ' . _("Entry required!")))))), form_submit('submit', _("Register"))))));
}
/**
* Update user.
*
* @param User $user
*/
function User_update($user)
{
return sql_query("UPDATE `User` SET\n `Nick`='" . sql_escape($user['Nick']) . "',\n `Name`='" . sql_escape($user['Name']) . "',\n `Vorname`='" . sql_escape($user['Vorname']) . "',\n `Alter`='" . sql_escape($user['Alter']) . "',\n `Telefon`='" . sql_escape($user['Telefon']) . "',\n `DECT`='" . sql_escape($user['DECT']) . "',\n `Handy`='" . sql_escape($user['Handy']) . "',\n `email`='" . sql_escape($user['email']) . "',\n `email_shiftinfo`=" . sql_bool($user['email_shiftinfo']) . ",\n `jabber`='" . sql_escape($user['jabber']) . "',\n `Size`='" . sql_escape($user['Size']) . "',\n `Gekommen`='" . sql_escape($user['Gekommen']) . "',\n `Aktiv`='" . sql_escape($user['Aktiv']) . "',\n `force_active`=" . sql_bool($user['force_active']) . ",\n `Tshirt`='" . sql_escape($user['Tshirt']) . "',\n `color`='" . sql_escape($user['color']) . "',\n `Sprache`='" . sql_escape($user['Sprache']) . "',\n `Hometown`='" . sql_escape($user['Hometown']) . "',\n `got_voucher`='" . sql_escape($user['got_voucher']) . "',\n `arrival_date`='" . sql_escape($user['arrival_date']) . "',\n `planned_arrival_date`='" . sql_escape($user['planned_arrival_date']) . "',\n `kiffel` ='" . sql_escape($user['kiffel']) . "'\n WHERE `UID`='" . sql_escape($user['UID']) . "'");
}
/**
* Update a user's driver license entry
*
* @param bool $user_id
* @param bool $has_car
* @param bool $has_license_car
* @param bool $has_license_3_5t_transporter
* @param bool $has_license_7_5t_truck
* @param bool $has_license_12_5t_truck
* @param bool $has_license_forklift
*/
function UserDriverLicenses_update($user_id, $has_car, $has_license_car, $has_license_3_5t_transporter, $has_license_7_5t_truck, $has_license_12_5t_truck, $has_license_forklift)
{
return sql_query("UPDATE `UserDriverLicenses` SET\n `has_car`=" . sql_bool($has_car) . ",\n `has_license_car`=" . sql_bool($has_license_car) . ",\n `has_license_3_5t_transporter`=" . sql_bool($has_license_3_5t_transporter) . ",\n `has_license_7_5t_truck`=" . sql_bool($has_license_7_5t_truck) . ",\n `has_license_12_5t_truck`=" . sql_bool($has_license_12_5t_truck) . ",\n `has_license_forklift`=" . sql_bool($has_license_forklift) . "\n WHERE `user_id`='" . sql_escape($user_id) . "'");
}
