/**
* Gets the html output and handles form inputs.
*
* @return string Html output.
*/
public function getOutput()
{
switch ($this->viewpoint) {
// ######################################################################################################
case "overview":
$tpl = new \template("patients/container");
$query = "";
if ($_SESSION['isAdmin']) {
$query = "SELECT \n patientId,\n firstname, \n lastname,\n room\n FROM :prefix:patient\n ORDER BY lastname ASC";
} else {
$query = "SELECT \n patientId,\n firstname, \n lastname,\n room\n FROM :prefix:patient\n WHERE patientId IN (SELECT patientId FROM :prefix:visit WHERE user = "******")\n ORDER BY lastname ASC";
}
foreach (\dbConn::query($query) as $r) {
$p = new \template("patients/patient");
$p->insert("id", $r['patientId']);
$p->insert("firstname", $r['firstname']);
$p->insert("lastname", $r['lastname']);
$p->insert("room", $r['room']);
$p->insert("visitorcount", \dbConn::querySingle("SELECT COUNT(*) FROM :prefix:visit WHERE patient = :0", $r['patientId']));
$p->insert("destination", ROOT . "patients" . "/" . $r['patientId']);
$tpl->insert("patients", $p);
}
return $tpl->getOutput();
break;
// ######################################################################################################
// ######################################################################################################
case "edit":
$result = null;
$tpl = new \template("patients/edit");
$tpl->insert("id", $_GET['par2']);
if (isset($_POST['save'])) {
$error = "";
if (!$this->saveChanges($error)) {
$result = new \template("alerts/danger");
$result->insert("caption", "Fehler");
$result->insert("text", $error);
$tpl->insert("firstname", $_POST['firstname']);
$tpl->insert("lastname", $_POST['lastname']);
$tpl->insert("room", $_POST['room']);
$tpl->insert("birthday", (new \DateTime($_POST['birthday']))->format("d.m.Y"));
} else {
$result = new \template("alerts/success");
$result->insert("caption", "Erfolgreich");
$result->insert("text", "Änderungen wurden erfolgreich gespeichert.");
}
}
$data = \dbConn::queryRow("SELECT * FROM :prefix:patient WHERE patientId = :0", $_GET['par2']);
if (isset($result)) {
$tpl->insert("result", $result);
if ($error == "") {
$tpl->insert("firstname", $data['firstname']);
$tpl->insert("lastname", $data['lastname']);
$tpl->insert("room", $data['room']);
$tpl->insert("birthday", (new \DateTime($data['birth']))->format("d.m.Y"));
}
} else {
$tpl->insert("firstname", $data['firstname']);
$tpl->insert("lastname", $data['lastname']);
$tpl->insert("room", $data['room']);
$tpl->insert("birthday", (new \DateTime($data['birth']))->format("d.m.Y"));
}
foreach (\dbConn::query("\n SELECT firstname, lastname\n FROM :prefix:visit AS v\n INNER JOIN :prefix:user AS u\n ON v.user = u.userId\n WHERE v.patient = :0\n ", $_GET['par2']) as $r) {
$tpl->insert("visitors", "<option>" . $r['firstname'] . " " . $r['lastname'] . "</option>");
}
return $tpl->getOutput();
break;
// ######################################################################################################
// ######################################################################################################
case "new":
if (!$_SESSION['isAdmin']) {
return "<h1>Zugriff verweigert</h1>";
}
$tpl = new \template("patients/new");
return $tpl->getOutput();
break;
}
}
$pr = new template("production");
$pr->insert("name", $prod);
$pr->insert("nameEscaped", rawurlencode($prod));
$pr->insert("plan", rawurlencode($plan));
$pr->insert("url", rawurlencode(URL . "/"));
$pr->insert("organisation", rawurlencode(ORGANISATION));
$pr->insert("webmaster", WEBMASTER);
$master = dbConn::queryRow("SELECT masterName, masterEmail FROM :prefix:production\n WHERE plan = :0 AND name = :1", $plan, $prod);
$pr->insert("masterName", $master['masterName']);
$pr->insert("masterEmail", $master['masterEmail']);
$planTpl->insert("productions", $pr->getOutput());
}
foreach ($values['shifts'] as $sh) {
$t = new template("shift");
$t->insert("fromToDate", substr(str_replace(":00-", " - ", $sh), 0, 13));
$shiftId = dbConn::querySingle("SELECT shiftId FROM :prefix:shift WHERE \n plan = :0 AND fromDate = :1 AND toDate = :2 ", $plan, explode("-", str_replace(":", "", $sh))[0], explode("-", str_replace(":", "", $sh))[1]);
foreach ($values['productions'] as $prod) {
// separate tables
if (!in_array($prod, $values['productions'])) {
continue;
}
$has = false;
$required = 0;
foreach (dbConn::query("SELECT * FROM :prefix:production_shift WHERE production = :0 AND shift = :1", $prod, $shiftId) as $r) {
$required = $r['required'];
$has = true;
}
$prodShift = new template("production_shift");
$prodShift->insert("shiftId", $shiftId);
$prodShift->insert("disabled", $has ? "" : "shift-disabled");
$prodShift->insert("unique", seoUrl("{$plan}-{$prod}-" . substr(str_replace(":00-", " - ", $sh), 0, 13)));
<?php
require "../config.php";
function validateDate($date)
{
$d = DateTime::createFromFormat('d.m.Y', $date);
return $d && $d->format('d.m.Y') == $date;
}
if (!isset($_POST['name']) || strlen($_POST['name']) < 1) {
die("Bitte geben Sie einen gültigen Namen ein.");
}
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:plan WHERE name = :0", $_POST['name']) > 0) {
die("Der eingegebene Name ist schon vergeben.");
}
if (!isset($_POST['public']) || !validateDate($_POST['public']) || !isset($_POST['editable']) || !validateDate($_POST['editable'])) {
die("Bitte geben Sie ein gültiges Datum ein.");
}
dbConn::execute("INSERT INTO :prefix:plan (name, public, editable) VALUES (:0, :1, :2);", htmlspecialchars($_POST['name']), $_POST['public'], $_POST['editable']);
$tpl = new template("admin/nav.plan");
$tpl->insert("active", "");
$tpl->insert("name", htmlspecialchars($_POST['name']));
echo "SUCCESS" . $tpl->getOutput();
public function getOutput()
{
switch ($this->viewpoint) {
case "overview":
$tpl = new \template("visitors/container");
foreach (\dbConn::query("SELECT * FROM :prefix:user ORDER BY lastname ASC") as $r) {
$v = new \template("visitors/visitor");
$v->insert("firstname", $r['firstname']);
$v->insert("id", $r['userId']);
$v->insert("lastname", $r['lastname']);
$v->insert("rfid", $r['rfid']);
$v->insert("patients", \dbConn::querySingle("SELECT COUNT(*) FROM :prefix:visit WHERE user = :0", $r['userId']));
$v->insert("lastvisit", \dbConn::querySingle("\n SELECT DATE_FORMAT(MAX(h.created), '%d.%m.%y %H:%i')\n FROM :prefix:visit AS v\n INNER JOIN :prefix:visit_history AS h\n ON v.visitId = h.visitId\n WHERE v.user = :0\n ", $r['userId']));
$v->insert("destination", ROOT . "visitors/" . $r['userId']);
$tpl->insert("visitors", $v);
}
return $tpl->getOutput();
break;
// ######################################################################################################
// ######################################################################################################
case "new":
$tpl = new \template("visitors/new");
return $tpl;
break;
// ######################################################################################################
// ######################################################################################################
case "edit":
$hasPatients = false;
$visit = null;
$tpl = new \template("visitors/edit.container");
// user data
$user = \dbConn::queryRow("SELECT userid, firstname, lastname, rfid, email, state \n FROM :prefix:user WHERE userId = :0", $_GET['par2']);
$tpl->insert("firstname", $user['firstname']);
$tpl->insert("lastname", $user['lastname']);
$tpl->insert("userid", $user['userid']);
$tpl->insert("rfid", $user['rfid']);
$tpl->insert("email", $user['email']);
foreach (\dbConn::query("SELECT * FROM :prefix:user_state") as $r) {
$tpl->insert("states", $r['name'] == $user['state'] ? "<option value=\"{$r['name']}\" selected>{$r['display']}</option>" : "<option value=\"{$r['name']}\">{$r['display']}</option>");
}
// insert patients
foreach (\dbConn::query("\n SELECT firstname, lastname, patientId\n FROM :prefix:visit AS v\n INNER JOIN :prefix:patient AS p\n ON v.patient = p.patientId\n WHERE user = :0\n ORDER BY firstname", $_GET['par2']) as $r) {
$tpl->insert("patients", "<option value=\"{$r['patientId']}\">{$r['firstname']} {$r['lastname']}</option>");
if (!$hasPatients) {
$visit = \dbConn::queryRow("SELECT * FROM :prefix:visit WHERE user = :0 AND patient = :1", $_GET['par2'], $r['patientId']);
}
$hasPatients = true;
}
$visitTpl = new \template("visitors/edit.visit");
// relation
foreach (\dbConn::query("SELECT * FROM :prefix:relation ORDER BY name ASC") as $r) {
$visitTpl->insert("relations", "<option value=\"{$r['name']}\"" . ($r['name'] == $visit['relation'] ? " selected" : "") . ">{$r['name']}</option>");
}
// description
$visitTpl->insert("description", $visit['description']);
// scent
foreach (\dbConn::query("SELECT * FROM :prefix:scent ORDER BY name ASC") as $r) {
$visitTpl->insert("scents", "<option value=\"{$r['name']}\"" . ($r['name'] == $visit['scent'] ? " selected" : "") . ">{$r['name']}</option>");
}
// images
$imgCount = 0;
foreach (\dbConn::query("SELECT * FROM :prefix:visit_media WHERE visitId = :0 AND type = :1", $visit['visitId'], 'Image') as $img) {
$visitTpl->insert("image" . ($imgCount + 1), ROOT . "media/image/" . $img['path']);
$imgCount++;
}
for ($i = $imgCount + 1; $i <= 3; $i++) {
$visitTpl->insert("image" . $i, ROOT . "images/icons/image.png");
}
// audios
$audioCount = 0;
foreach (\dbConn::query("SELECT * FROM :prefix:visit_media WHERE visitId = :0 AND type = :1", $visit['visitId'], 'Audio') as $audio) {
$visitTpl->insert("audio" . ($audioCount + 1), ROOT . "images/icons/audio.png");
$audioCount++;
}
for ($i = $audioCount + 1; $i <= 3; $i++) {
$visitTpl->insert("audio" . $i, ROOT . "images/icons/plus.png");
}
$tpl->insert("visit", $visitTpl->getOutput());
return $tpl->getOutput();
break;
}
}
/**
* Checks if a link is represented as a destination link in navigation bar.
*
* @param string $destination The href to check.
* @return bool Value if the navigation contains the given href.
* @static
* @since Version 1.0
*/
public static function isInNavigation($destination)
{
$result = dbConn::querySingle("SELECT COUNT(*) FROM :prefix:navigation WHERE destination = :0", $destination) > 0;
frontend::getLogger()->debug("check if link ist as destination in navigation for '" . destination . "' with result: " . $result);
return $result;
}
$temp = str_replace("Ä", "Ae", $temp);
$temp = str_replace("ü", "ue", $temp);
$temp = str_replace("Ü", "Ue", $temp);
if (!filter_var($temp, FILTER_VALIDATE_EMAIL)) {
$errors[] = "Die E-Mail Adresse <strong>{$worker['email']}</strong> ist ungültig.";
}
}
}
if (count($errors) > 0) {
echo "<ul>";
foreach ($errors as $err) {
echo "<li>{$err}</li>";
}
die;
}
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:plan WHERE \n name = :0\n public < CURRENT_TIMESTAMP OR \n editable < CURRENT_TIMESTAMP", $_POST['plan']) > 1) {
die("REFRESH");
}
try {
$t = new transaction();
// delete removed workers from database
if (isset($d['deleted'])) {
foreach ($d['deleted'] as $key => $val) {
$t->addStatement("DELETE FROM :prefix:worker WHERE production = :0 \n AND shift = :1\n AND name = :2\n AND email = :3", $d['production'], $d['shiftId'], $val['name'], $val['email']);
}
}
// update existing or insert the added workers
if (isset($d['workers'])) {
foreach ($d['workers'] as $key => $val) {
if ($val['action'] == "create") {
$t->addStatement("INSERT INTO :prefix:worker (name, email, production, plan, shift) VALUES (:0, :1, :2, :3, :4);", htmlspecialchars($val['name']), htmlspecialchars($val['email']), $d['production'], $_POST['plan'], (int) $d['shiftId']);
foreach ($_POST['visits'] as $v) {
if ($v['patientId'] == $r['patient']) {
$contains = true;
break;
}
}
}
if (!$contains) {
$t->addStatement("DELETE FROM :prefix:visit WHERE user = :0 AND patient = :1", $_POST['userid'], $r['patient']);
}
}
if (isset($_POST['visits']) && is_array($_POST['visits'])) {
foreach ($_POST['visits'] as $p) {
$visitId = dbConn::querySingle("SELECT visitId\n FROM :prefix:visit AS v\n INNER JOIN :prefix:patient AS p\n ON p.patientId = v.patient\n INNER JOIN :prefix:user AS u\n ON u.userId = v.user\n WHERE userId = :0 AND patientId = :1", $_POST['userid'], $p['patientId']);
// check if visit relation already exists
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:visit WHERE user = :0 AND patient = :1", $_POST['userid'], $p['patientId']) < 1) {
// if not, insert new row into database table
$t->addStatement("INSERT INTO :prefix:visit (user, patient, relation, description, scent) VALUES (:0, :1, :2, :3, :4)", $_POST['userid'], $p['patientId'], $p['relation'], htmlspecialchars($p['description']), $p['scent']);
} else {
// if exists, update row
$t->addStatement("UPDATE :prefix:visit SET\n relation = :0,\n description = :1,\n scent = :2 \n WHERE visitId = :3", $p['relation'], htmlspecialchars($p['description']), $p['scent'], $visitId);
}
$t->commit();
$t = new transaction();
// commit those changes right now
/*
* Update images
*/
$t->addStatement("DELETE FROM :prefix:visit_media WHERE visitId = :0 AND type = :1", $visitId, 'Image');
if (isset($p['images']) && is_array($p['images'])) {
foreach ($p['images'] as $img) {
/**
* Loads all children of the current page.
*
* @return Array All children of the current page.
* @since Version 1.2
*/
private function getUrlChildren($parentId)
{
$children = array();
$query = $parentId == null ? "SELECT * FROM :prefix:content WHERE parentId IS NULL" : "SELECT * FROM :prefix:content WHERE parentId = :0";
foreach (\dbConn::query($query, $parentId) as $r) {
$children[] = array("url" => $r['url'], "identifier" => $r['contentId']);
if (\dbConn::querySingle("SELECT COUNT(*) FROM :prefix:content WHERE parentId = :0", $r['contentId']) > 0) {
$children[] = $this->getUrlChildren($r['contentId']);
}
}
return $children;
}
/**
* Checks if there were several failed logins during the last n minutes, where
* n is a number stored in the database config table. If the threshold is
* reached, a captcha is recommended.
*
* @return bool Value if captcha should be used for login.
* @since Version 1.0
*/
public static function isCaptchaRequired()
{
return dbConn::querySingle("SELECT COUNT(*) FROM :prefix:admin_login\n WHERE sessionId IS NULL\n AND created > (CURRENT_TIMESTAMP - INTERVAL (SELECT value FROM :prefix:config WHERE property = 'login_captcha_timespan') MINUTE)") > dbConn::querySingle("SELECT value FROM :prefix:config WHERE property = 'login_captcha_threshold'");
}
<?php
require "../config.php";
if ($_POST['name'] == "") {
die("Bitte geben Sie einen Namen ein.");
}
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:production WHERE plan = :0 AND name = :1", htmlspecialchars($_POST['plan']), htmlspecialchars($_POST['name'])) > 0) {
die("Der Name ist bereits vergeben.");
}
dbConn::execute("INSERT INTO :prefix:production (plan, name) VALUES (:0, :1);", htmlspecialchars($_POST['plan']), htmlspecialchars($_POST['name']));
echo "SUCCESS";
// no user logged on
if (!isset($_SESSION['user'])) {
header("location: " . ROOT . "admin/");
die;
} else {
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:admin WHERE adminId = :0", $_SESSION['user']) < 1) {
unset($_SESSION['user']);
header("location: " . ROOT . "admin/");
die;
} else {
if (isset($_GET['filename'])) {
$name = BASEDIR . "../files/backups/" . $_GET['filename'];
if (!file_exists($name) || $_GET['filename'] == "backup.php") {
header("location: " . ROOT);
die;
}
actionLogger::write(dbConn::querySingle("SELECT moduleId FROM :prefix:module WHERE class = 'backup'"), actionType::DOWNLOAD, dbConn::queryRow("SELECT * FROM :prefix:backup WHERE filename = :0", $_GET['filename']));
$fp = fopen($name, 'rb');
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-type: application/octet-stream");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . filesize($name));
ob_end_flush();
@readfile($name);
}
}
}
// redirect to https
//
// TEMPLATE SETTINGS
//
require_once "core/template.php";
template::setDoIndent(true);
//
// DATABASE SETTINGS
//
require_once "core/dbConn.php";
dbConn::setHost("localhost");
dbConn::setDatabase("smartdoorbell");
dbConn::setUsername("root");
dbConn::setPassword("root");
dbConn::setTablePrefix("sdb_");
//
// EMAIL SETTINGS
//
require_once "core/emailSettings.php";
emailSettings::setHost(dbConn::querySingle("SELECT value FROM :prefix:config WHERE property = 'contact_smtp_host';"));
emailSettings::setUsername(dbConn::querySingle("SELECT value FROM :prefix:config WHERE property = 'contact_smtp_username';"));
emailSettings::setPassword(dbConn::querySingle("SELECT value FROM :prefix:config WHERE property = 'contact_smtp_password';"));
emailSettings::setSender(dbConn::querySingle("SELECT value FROM :prefix:config WHERE property = 'contact_from';"));
emailSettings::setMethod(emailSendMethod::PHPMAILER);
//
// OTHER STATIC RESOURCES
//
abstract class controller
{
public static $reference = null;
}
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:user WHERE rfid = :0", $_GET['rfid']) < 1) {
array_push($errors, array(110 => "invalid rfid code. code not in use"));
}
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:patient WHERE room = :0", $_GET['room']) < 1) {
array_push($errors, array(111 => "invalid room id. room not in use"));
}
dieOnErrors($errors);
// check if user account is in active state
if (dbConn::querySingle("SELECT state FROM :prefix:user WHERE rfid = :0", $_GET['rfid']) != "activated") {
array_push($errors, array(116 => "user disabled"));
dieOnErrors($errors);
}
// check if user is allowed to visit given room
if (dbConn::querySingle("\n SELECT COUNT(*)\n FROM :prefix:visit AS v\n INNER JOIN :prefix:patient AS p\n ON v.patient = p.patientId\n INNER JOIN :prefix:user AS u\n ON v.user = u.userId\n WHERE p.room = :0 AND u.rfid = :1\n ", $_GET['room'], $_GET['rfid']) < 1) {
array_push($errors, array(115 => "permission denied"));
}
dieOnErrors($errors);
// all data is valid and user has access
// now create the response
// collect required data
$user = dbConn::queryRow("SELECT * FROM :prefix:user WHERE rfid = :0", $_GET['rfid']);
$visit = dbConn::queryRow("\n SELECT * \n FROM :prefix:visit AS v\n INNER JOIN :prefix:patient AS p\n ON v.patient = p.patientId\n WHERE p.room = :0 AND user = :1\n ", $_GET['room'], $user['userId']);
$media = array();
foreach (dbConn::query("SELECT type, path FROM :prefix:visit_media WHERE visitId = :0", $visit['visitId']) as $r) {
$r['path'] = URL . "/media/" . strtolower($r['type']) . "/" . $r['path'];
array_push($media, $r);
}
$response = array("success" => array("firstname" => $user['firstname'], "lastname" => $user['lastname'], "email" => $user['email'], "relation" => $visit['relation'], "scent" => $visit['scent'], "description" => $visit['description'], "media" => $media, "lastvisit" => dbConn::querySingle("SELECT MAX(created) FROM :prefix:visit_history WHERE visitId = :0", $visit['visitId'])));
dbConn::execute("INSERT INTO :prefix:visit_history (visitId) VALUES (:0);", $visit['visitId']);
header('Content-type: application/json');
echo json_encode($response, JSON_PRETTY_PRINT);
$t->addStatement("INSERT INTO :prefix:visit (user, patient, relation, description, scent) VALUES (:0, :1, :2, :3, :4)", $_POST['userid'], $p['patientId'], $p['relation'], htmlspecialchars($p['description']), $p['scent']);
} else {
// if exists, update row
$t->addStatement("UPDATE :prefix:visit SET\n relation = :0,\n description = :1,\n scent = :2 WHERE visitId = :3", $p['relation'], htmlspecialchars($p['description']), $p['scent'], $visitId);
}
$t->commit();
$t = new transaction();
// commit those changes right now
/*
* Update images
*/
$t->addStatement("DELETE FROM :prefix:visit_media WHERE visitId = :0 AND type = :1", $visitId, 'Image');
if (isset($p['images']) && is_array($p['images'])) {
foreach ($p['images'] as $img) {
if ($visitId == null) {
$visitId = dbConn::querySingle("SELECT visitId\n FROM :prefix:visit AS v\n INNER JOIN :prefix:patient AS p\n ON p.patientId = v.patient\n INNER JOIN :prefix:user AS u\n ON u.userId = v.user\n WHERE userId = :0 AND patientId = :1", $_POST['userid'], $p['patientId']);
}
$t->addStatement("INSERT INTO :prefix:visit_media (visitId, path, type) VALUES (:0, :1, :2);", $visitId, basename($img), "Image");
}
}
/*
* Update audios
*/
$t->addStatement("DELETE FROM :prefix:visit_media WHERE visitId = :0 AND type = :1", $visitId, 'Audio');
if (isset($p['audios']) && is_array($p['audios'])) {
foreach ($p['audios'] as $aud) {
$t->addStatement("INSERT INTO :prefix:visit_media (visitId, path, type) VALUES (:0, :1, :2);", $visitId, basename($aud), "Audio");
}
}
}
}
/**
* Checks if the user is an admin.
*
* @return boolean True if the user is administrator.
*/
private function isAdmin()
{
return \dbConn::querySingle("SELECT isAdmin FROM :prefix:user WHERE email = :0", $_POST['username']);
}
$tpl->removeVariables();
echo $tpl->getOutput();
break;
case "history":
echo getHistory(0);
break;
case "newplan":
$tpl = new template("admin/plan.create");
echo $tpl->getOutput();
break;
case "email":
$tpl = new template("admin/mail.container");
foreach (dbConn::query("SELECT * FROM :prefix:plan ORDER BY created DESC") as $r) {
$tpl->insert("plans", template::create("admin/mail.plan", array("name" => $r['name'])));
}
foreach (dbConn::query("SELECT DISTINCT name, email FROM :prefix:worker ORDER BY name ASC") as $r) {
$rec = new template("admin/mail.recipient");
$rec->insert("name", $r['name']);
$rec->insert("address", $r['email']);
foreach (dbConn::query("SELECT DISTINCT name FROM :prefix:plan", $r['name'], $r['email']) as $s) {
$rec->insert("plans", template::create("admin/mail.recipient.plan", array("name" => $s['name'], "checked" => dbConn::querySingle("SELECT COUNT(*) FROM :prefix:worker \n WHERE name = :0 AND email = :1 AND plan = :2", $r['name'], $r['email'], $s['name']) > 0 ? "checked" : "")));
}
$tpl->insert("recipients", $rec);
}
$tpl->removeVariables();
echo $tpl->getOutput();
break;
default:
echo "\n <div class='alert alert-danger' role='alert'>\n <span class='sr-only'>Fehler:</span>\n Funktion nicht implementiert\n </div>";
break;
}
/**
* Checks if a link is represented as a destination link in navigation bar.
*
* @param string $destination The href to check.
* @return bool Value if the navigation contains the given href.
* @static
* @since Version 1.0
*/
public static function isInNavigation($destination)
{
return dbConn::querySingle("SELECT COUNT(*) FROM :prefix:navigation WHERE destination = :0", $destination) > 0;
}
<?php
require "../config.php";
function validateDate($date)
{
$d = DateTime::createFromFormat('H:i', $date);
return $d && $d->format('H:i') == $date;
}
$plan = $_POST['plan'];
$_POST = $_POST['data'];
if (!validateDate($_POST['from']) || !validateDate($_POST['to'])) {
die("Bitte geben Sie ein gültiges Zeitformat ein.");
}
if ($_POST['to'] == $_POST['from']) {
die("Anfang und Ende dürfen nicht identisch sein.");
}
if (strtotime($_POST['to']) < strtotime($_POST['from'])) {
die("Der Anfang muss vor dem Ende liegen.");
}
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:shift WHERE plan = :0 AND fromDate = :1 AND toDate = :2", $plan, $_POST['from'], $_POST['to']) > 0) {
die("Eine Schicht mit den eingegebenen Zeiten existiert bereits für diesen Plan.");
}
dbConn::execute("INSERT INTO :prefix:shift (plan, fromDate, toDate) VALUES (:0, :1, :2)", $plan, $_POST['from'], $_POST['to']);
echo "SUCCESS";
