function shift_controller() { global $user, $privileges; if (!in_array('user_shifts', $privileges)) { redirect(page_link_to('?')); } if (!isset($_REQUEST['shift_id'])) { redirect(page_link_to('user_shifts')); } $shift = Shift($_REQUEST['shift_id']); if ($shift === false) { engelsystem_error('Unable to load shift.'); } if ($shift == null) { error(_('Shift could not be found.')); redirect(page_link_to('user_shifts')); } $shifttype = ShiftType($shift['shifttype_id']); if ($shifttype === false || $shifttype == null) { engelsystem_error('Unable to load shift type.'); } $room = Room($shift['RID']); if ($room === false || $room == null) { engelsystem_error('Unable to load room.'); } $angeltypes = AngelTypes(); if ($angeltypes === false) { engelsystem_error('Unable to load angeltypes.'); } $user_shifts = Shifts_by_user($user); if ($user_shifts === false) { engelsystem_error('Unable to load users shifts.'); } $signed_up = false; foreach ($user_shifts as $user_shift) { if ($user_shift['SID'] == $shift['SID']) { $signed_up = true; break; } } return [$shift['name'], Shift_view($shift, $shifttype, $room, in_array('admin_shifts', $privileges), $angeltypes, in_array('user_shifts_admin', $privileges), in_array('admin_rooms', $privileges), in_array('shifttypes', $privileges), $user_shifts, $signed_up)]; }
function user_shifts() { global $user, $privileges, $max_freeloadable_shifts; if (User_is_freeloader($user)) { redirect(page_link_to('user_myshifts')); } // Locations laden $rooms = sql_select("SELECT * FROM `Room` WHERE `show`='Y' ORDER BY `Name`"); $room_array = array(); foreach ($rooms as $room) { $room_array[$room['RID']] = $room['Name']; } // Löschen einzelner Schicht-Einträge (Also Belegung einer Schicht von Engeln) durch Admins if (isset($_REQUEST['entry_id']) && in_array('user_shifts_admin', $privileges)) { if (isset($_REQUEST['entry_id']) && test_request_int('entry_id')) { $entry_id = $_REQUEST['entry_id']; } else { redirect(page_link_to('user_shifts')); } $shift_entry_source = sql_select("\n SELECT `User`.`Nick`, `ShiftEntry`.`Comment`, `ShiftEntry`.`UID`, `ShiftTypes`.`name`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type` \n FROM `ShiftEntry` \n JOIN `User` ON (`User`.`UID`=`ShiftEntry`.`UID`) \n JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) \n JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) \n JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) \n WHERE `ShiftEntry`.`id`='" . sql_escape($entry_id) . "'"); if (count($shift_entry_source) > 0) { $shift_entry_source = $shift_entry_source[0]; $result = ShiftEntry_delete($entry_id); if ($result === false) { engelsystem_error('Unable to delete shift entry.'); } engelsystem_log("Deleted " . User_Nick_render($shift_entry_source) . "'s shift: " . $shift_entry_source['name'] . " at " . $shift_entry_source['Name'] . " from " . date("y-m-d H:i", $shift_entry_source['start']) . " to " . date("y-m-d H:i", $shift_entry_source['end']) . " as " . $shift_entry_source['angel_type']); success(_("Shift entry deleted.")); } else { error(_("Entry not found.")); } redirect(page_link_to('user_shifts')); } elseif (isset($_REQUEST['edit_shift']) && in_array('admin_shifts', $privileges)) { $msg = ""; $ok = true; if (isset($_REQUEST['edit_shift']) && test_request_int('edit_shift')) { $shift_id = $_REQUEST['edit_shift']; } else { redirect(page_link_to('user_shifts')); } $shift = sql_select("\n SELECT `ShiftTypes`.`name`, `Shifts`.*, `Room`.* FROM `Shifts` \n JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) \n JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n WHERE `SID`='" . sql_escape($shift_id) . "'"); if (count($shift) == 0) { redirect(page_link_to('user_shifts')); } $shift = $shift[0]; // Engeltypen laden $types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); $angel_types = array(); $needed_angel_types = array(); foreach ($types as $type) { $angel_types[$type['id']] = $type; $needed_angel_types[$type['id']] = 0; } $shifttypes_source = ShiftTypes(); $shifttypes = []; foreach ($shifttypes_source as $shifttype) { $shifttypes[$shifttype['id']] = $shifttype['name']; } // Benötigte Engeltypen vom Raum $needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`room_id`='" . sql_escape($shift['RID']) . "') ORDER BY `AngelTypes`.`name`"); foreach ($needed_angel_types_source as $type) { if ($type['count'] != "") { $needed_angel_types[$type['id']] = $type['count']; } } // Benötigte Engeltypen von der Schicht $needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`shift_id`='" . sql_escape($shift_id) . "') ORDER BY `AngelTypes`.`name`"); foreach ($needed_angel_types_source as $type) { if ($type['count'] != "") { $needed_angel_types[$type['id']] = $type['count']; } } $shifttype_id = $shift['shifttype_id']; $title = $shift['title']; $rid = $shift['RID']; $start = $shift['start']; $end = $shift['end']; if (isset($_REQUEST['submit'])) { // Name/Bezeichnung der Schicht, darf leer sein $title = strip_request_item('title'); // Auswahl der sichtbaren Locations für die Schichten if (isset($_REQUEST['rid']) && preg_match("/^[0-9]+\$/", $_REQUEST['rid']) && isset($room_array[$_REQUEST['rid']])) { $rid = $_REQUEST['rid']; } else { $ok = false; $rid = $rooms[0]['RID']; $msg .= error(_("Please select a room."), true); } if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) { $shifttype_id = $_REQUEST['shifttype_id']; } else { $ok = false; $msg .= error(_('Please select a shifttype.'), true); } if (isset($_REQUEST['start']) && ($tmp = DateTime::createFromFormat("Y-m-d H:i", trim($_REQUEST['start'])))) { $start = $tmp->getTimestamp(); } else { $ok = false; $msg .= error(_("Please enter a valid starting time for the shifts."), true); } if (isset($_REQUEST['end']) && ($tmp = DateTime::createFromFormat("Y-m-d H:i", trim($_REQUEST['end'])))) { $end = $tmp->getTimestamp(); } else { $ok = false; $msg .= error(_("Please enter a valid ending time for the shifts."), true); } if ($start >= $end) { $ok = false; $msg .= error(_("The ending time has to be after the starting time."), true); } foreach ($needed_angel_types_source as $type) { if (isset($_REQUEST['type_' . $type['id']]) && preg_match("/^[0-9]+\$/", trim($_REQUEST['type_' . $type['id']]))) { $needed_angel_types[$type['id']] = trim($_REQUEST['type_' . $type['id']]); } else { $ok = false; $msg .= error(sprintf(_("Please check your input for needed angels of type %s."), $type['name']), true); } } if ($ok) { $shift['shifttype_id'] = $shifttype_id; $shift['title'] = $title; $shift['RID'] = $rid; $shift['start'] = $start; $shift['end'] = $end; $result = Shift_update($shift); if ($result === false) { engelsystem_error('Unable to update shift.'); } sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`='" . sql_escape($shift_id) . "'"); $needed_angel_types_info = array(); foreach ($needed_angel_types as $type_id => $count) { sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`='" . sql_escape($shift_id) . "', `angel_type_id`='" . sql_escape($type_id) . "', `count`='" . sql_escape($count) . "'"); $needed_angel_types_info[] = $angel_types[$type_id]['name'] . ": " . $count; } engelsystem_log("Updated shift '" . $name . "' from " . date("y-m-d H:i", $start) . " to " . date("y-m-d H:i", $end) . " with angel types " . join(", ", $needed_angel_types_info)); success(_("Shift updated.")); redirect(shift_link(['SID' => $shift_id])); } } $room_select = html_select_key('rid', 'rid', $room_array, $rid); $angel_types = ""; foreach ($types as $type) { $angel_types .= form_spinner('type_' . $type['id'], $type['name'], $needed_angel_types[$type['id']]); } return page_with_title(shifts_title(), array(msg(), '<noscript>' . info(_("This page is much more comfortable with javascript."), true) . '</noscript>', form(array(form_select('shifttype_id', _('Shifttype'), $shifttypes, $shifttype_id), form_text('title', _("Title"), $title), form_select('rid', _("Room:"), $room_array, $rid), form_text('start', _("Start:"), date("Y-m-d H:i", $start)), form_text('end', _("End:"), date("Y-m-d H:i", $end)), '<h2>' . _("Needed angels") . '</h2>', $angel_types, form_submit('submit', _("Save")))))); } elseif (isset($_REQUEST['delete_shift']) && in_array('user_shifts_admin', $privileges)) { if (isset($_REQUEST['delete_shift']) && preg_match("/^[0-9]*\$/", $_REQUEST['delete_shift'])) { $shift_id = $_REQUEST['delete_shift']; } else { redirect(page_link_to('user_shifts')); } $shift = Shift($shift_id); if ($shift === false) { engelsystem_error('Unable to load shift.'); } if ($shift == null) { redirect(page_link_to('user_shifts')); } // Schicht löschen bestätigt if (isset($_REQUEST['delete'])) { $result = Shift_delete($shift_id); if ($result === false) { engelsystem_error('Unable to delete shift.'); } engelsystem_log("Deleted shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end'])); success(_("Shift deleted.")); redirect(page_link_to('user_shifts')); } return page_with_title(shifts_title(), array(error(sprintf(_("Do you want to delete the shift %s from %s to %s?"), $shift['name'], date("Y-m-d H:i", $shift['start']), date("H:i", $shift['end'])), true), '<a class="button" href="?p=user_shifts&delete_shift=' . $shift_id . '&delete">' . _("delete") . '</a>')); } elseif (isset($_REQUEST['shift_id'])) { if (isset($_REQUEST['shift_id']) && preg_match("/^[0-9]*\$/", $_REQUEST['shift_id'])) { $shift_id = $_REQUEST['shift_id']; } else { redirect(page_link_to('user_shifts')); } $shift = Shift($shift_id); $room; $shift['Name'] = $room_array[$shift['RID']]; if ($shift === false) { engelsystem_error('Unable to load shift.'); } if ($shift == null) { redirect(page_link_to('user_shifts')); } if (isset($_REQUEST['type_id']) && preg_match("/^[0-9]*\$/", $_REQUEST['type_id'])) { $type_id = $_REQUEST['type_id']; } else { redirect(page_link_to('user_shifts')); } if (in_array('user_shifts_admin', $privileges)) { $type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($type_id) . "' LIMIT 1"); } else { $type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1"); } if (count($type) == 0) { redirect(page_link_to('user_shifts')); } $type = $type[0]; if (!Shift_signup_allowed($shift, $type)) { error(_('You are not allowed to sign up for this shift. Maybe shift is full or already running.')); redirect(shift_link($shift)); } if (isset($_REQUEST['submit'])) { $selected_type_id = $type_id; if (in_array('user_shifts_admin', $privileges)) { if (isset($_REQUEST['user_id']) && preg_match("/^[0-9]*\$/", $_REQUEST['user_id'])) { $user_id = $_REQUEST['user_id']; } else { $user_id = $user['UID']; } if (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1") == 0) { redirect(page_link_to('user_shifts')); } if (isset($_REQUEST['angeltype_id']) && test_request_int('angeltype_id') && sql_num_query("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($_REQUEST['angeltype_id']) . "' LIMIT 1") > 0) { $selected_type_id = $_REQUEST['angeltype_id']; } } else { $user_id = $user['UID']; } if (sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `UID` = '" . sql_escape($user_id) . "'")) { return error("This angel does already have an entry for this shift.", true); } $freeloaded = $shift['freeloaded']; $freeload_comment = $shift['freeload_comment']; if (in_array("user_shifts_admin", $privileges)) { $freeloaded = isset($_REQUEST['freeloaded']); $freeload_comment = strip_request_item_nl('freeload_comment'); } $comment = strip_request_item_nl('comment'); $result = ShiftEntry_create(array('SID' => $shift_id, 'TID' => $selected_type_id, 'UID' => $user_id, 'Comment' => $comment, 'freeloaded' => $freeloaded, 'freeload_comment' => $freeload_comment)); if ($result === false) { engelsystem_error('Unable to create shift entry.'); } if ($type['restricted'] == 0 && sql_num_query("SELECT * FROM `UserAngelTypes` INNER JOIN `AngelTypes` ON `AngelTypes`.`id` = `UserAngelTypes`.`angeltype_id` WHERE `angeltype_id` = '" . sql_escape($selected_type_id) . "' AND `user_id` = '" . sql_escape($user_id) . "' ") == 0) { sql_query("INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`) VALUES ('" . sql_escape($user_id) . "', '" . sql_escape($selected_type_id) . "')"); } $user_source = User($user_id); engelsystem_log("User " . User_Nick_render($user_source) . " signed up for shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end'])); success(_("You are subscribed. Thank you!") . ' <a href="' . page_link_to('user_myshifts') . '">' . _("My shifts") . ' »</a>'); redirect(shift_link($shift)); } if (in_array('user_shifts_admin', $privileges)) { $users = sql_select("SELECT *, (SELECT count(*) FROM `ShiftEntry` WHERE `freeloaded`=1 AND `ShiftEntry`.`UID`=`User`.`UID`) AS `freeloaded` FROM `User` ORDER BY `Nick`"); $users_select = array(); foreach ($users as $usr) { $users_select[$usr['UID']] = $usr['Nick'] . ($usr['freeloaded'] == 0 ? "" : " (" . _("Freeloader") . ")"); } $user_text = html_select_key('user_id', 'user_id', $users_select, $user['UID']); $angeltypes_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); $angeltypes = array(); foreach ($angeltypes_source as $angeltype) { $angeltypes[$angeltype['id']] = $angeltype['name']; } $angeltyppe_select = html_select_key('angeltype_id', 'angeltype_id', $angeltypes, $type['id']); } else { $user_text = User_Nick_render($user); $angeltyppe_select = $type['name']; } return ShiftEntry_edit_view($user_text, date("Y-m-d H:i", $shift['start']) . ' – ' . date('Y-m-d H:i', $shift['end']) . ' (' . shift_length($shift) . ')', $shift['Name'], $shift['name'], $angeltyppe_select, "", false, null, in_array('user_shifts_admin', $privileges)); } else { return view_user_shifts(); } }
/** * Update a shift. */ function Shift_update($shift) { global $user; $shift['name'] = ShiftType($shift['shifttype_id'])['name']; mail_shift_change(Shift($shift['SID']), $shift); return sql_query("UPDATE `Shifts` SET\n `shifttype_id`='" . sql_escape($shift['shifttype_id']) . "',\n `start`='" . sql_escape($shift['start']) . "',\n `end`='" . sql_escape($shift['end']) . "',\n `RID`='" . sql_escape($shift['RID']) . "',\n `title`=" . sql_null($shift['title']) . ",\n `URL`=" . sql_null($shift['URL']) . ",\n `PSID`=" . sql_null($shift['PSID']) . ",\n `edited_by_user_id`='" . sql_escape($user['UID']) . "',\n `edited_at_timestamp`=" . time() . "\n WHERE `SID`='" . sql_escape($shift['SID']) . "'"); }
/** * Delete a shift entry. */ function ShiftEntry_delete($shift_entry_id) { $shift_entry = ShiftEntry($shift_entry_id); mail_shift_removed(User($shift_entry['UID']), Shift($shift_entry['SID'])); return sql_query("DELETE FROM `ShiftEntry` WHERE `id`='" . sql_escape($shift_entry_id) . "'"); }
/** * Update a shift. */ function Shift_update($shift) { $shift['name'] = ShiftType($shift['shifttype_id'])['name']; mail_shift_change(Shift($shift['SID']), $shift); return sql_query("UPDATE `Shifts` SET\n `shifttype_id`='" . sql_escape($shift['shifttype_id']) . "',\n `start`='" . sql_escape($shift['start']) . "',\n `end`='" . sql_escape($shift['end']) . "',\n `RID`='" . sql_escape($shift['RID']) . "',\n `title`=" . sql_null($shift['title']) . ",\n `URL`=" . sql_null($shift['URL']) . ",\n `PSID`=" . sql_null($shift['PSID']) . "\n WHERE `SID`='" . sql_escape($shift['SID']) . "'"); }