function admin_new_questions() { global $user, $privileges; if (in_array("admin_questions", $privileges)) { $new_messages = sql_num_query("SELECT * FROM `Questions` WHERE `AID` IS NULL"); if ($new_messages > 0) { return info('<a href="' . page_link_to("admin_questions") . '">' . _('There are unanswered questions!') . '</a>', true); } } return ""; }
function user_unread_messages() { global $user; if (isset($user)) { $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`='" . sql_escape($user['UID']) . "'"); if ($new_messages > 0) { return ' <span class="badge danger">' . $new_messages . '</span>'; } } return ''; }
/** * TODO: use validation functions, return new message id * TODO: global $user con not be used in model! * send message * * @param $id User * ID of Reciever * @param $text Text * of Message */ function Message_send($id, $text) { global $user; $text = preg_replace("/([^\\p{L}\\p{P}\\p{Z}\\p{N}\n]{1,})/ui", '', strip_tags($text)); $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($id)); if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($to) . "' AND NOT `UID`='" . sql_escape($user['UID']) . "' LIMIT 1") > 0) { sql_query("INSERT INTO `Messages` SET `Datum`='" . sql_escape(time()) . "', `SUID`='" . sql_escape($user['UID']) . "', `RUID`='" . sql_escape($to) . "', `Text`='" . sql_escape($text) . "'"); return true; } else { return false; } }
/** * Validates a name for angeltypes. * Returns array containing validation success and validated name. * * @param string $name * @param AngelType $angeltype */ function AngelType_validate_name($name, $angeltype) { $name = strip_item($name); if ($name == "") { return array(false, $name); } if (isset($angeltype) && isset($angeltype['id'])) { return array(sql_num_query("\n SELECT * \n FROM `AngelTypes` \n WHERE `name`='" . sql_escape($name) . "' \n AND NOT `id`='" . sql_escape($angeltype['id']) . "'\n LIMIT 1") == 0, $name); } else { return array(sql_num_query("\n SELECT `id` \n FROM `AngelTypes` \n WHERE `name`='" . sql_escape($name) . "' \n LIMIT 1") == 0, $name); } }
function _add_index($table, $cols, $type = "INDEX") { $table = sql_escape($table); $cols = array_map('sql_escape', $cols); $type = sql_escape($type); if (sql_num_query("SHOW INDEX FROM `" . $table . "` WHERE `Key_name` = '" . $cols[0] . "'") == 0) { sql_query("ALTER TABLE `" . $table . "` ADD " . $type . " (`" . implode($cols, '`,`') . "`)"); global $applied; $applied = true; return true; } else { return false; } }
function guest_register() { global $tshirt_sizes, $enable_tshirt_size, $default_theme; $msg = ""; $nick = ""; $lastname = ""; $prename = ""; $age = ""; $tel = ""; $dect = ""; $mobile = ""; $mail = ""; $email_shiftinfo = false; $jabber = ""; $hometown = ""; $comment = ""; $tshirt_size = ''; $password_hash = ""; $selected_angel_types = array(); $planned_arrival_date = null; $angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); $angel_types = array(); foreach ($angel_types_source as $angel_type) { $angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : ""); if (!$angel_type['restricted']) { $selected_angel_types[] = $angel_type['id']; } } if (isset($_REQUEST['submit'])) { $ok = true; if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 1) { $nick = User_validate_Nick($_REQUEST['nick']); if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' LIMIT 1") > 0) { $ok = false; $msg .= error(sprintf(_("Your nick "%s" already exists."), $nick), true); } } else { $ok = false; $msg .= error(sprintf(_("Your nick "%s" is too short (min. 2 characters)."), User_validate_Nick($_REQUEST['nick'])), true); } if (isset($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) { $mail = strip_request_item('mail'); if (!check_email($mail)) { $ok = false; $msg .= error(_("E-mail address is not correct."), true); } } else { $ok = false; $msg .= error(_("Please enter your e-mail."), true); } if (isset($_REQUEST['email_shiftinfo'])) { $email_shiftinfo = true; } if (isset($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) { $jabber = strip_request_item('jabber'); if (!check_email($jabber)) { $ok = false; $msg .= error(_("Please check your jabber account information."), true); } } if ($enable_tshirt_size) { if (isset($_REQUEST['tshirt_size']) && isset($tshirt_sizes[$_REQUEST['tshirt_size']]) && $_REQUEST['tshirt_size'] != '') { $tshirt_size = $_REQUEST['tshirt_size']; } else { $ok = false; $msg .= error(_("Please select your shirt size."), true); } } if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) { if ($_REQUEST['password'] != $_REQUEST['password2']) { $ok = false; $msg .= error(_("Your passwords don't match."), true); } } else { $ok = false; $msg .= error(sprintf(_("Your password is too short (please use at least %s characters)."), MIN_PASSWORD_LENGTH), true); } if (isset($_REQUEST['planned_arrival_date']) && DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))) { $planned_arrival_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))->getTimestamp(); } else { $ok = false; $msg .= error(_("Please enter your planned date of arrival."), true); } $selected_angel_types = array(); foreach ($angel_types as $angel_type_id => $angel_type_name) { if (isset($_REQUEST['angel_types_' . $angel_type_id])) { $selected_angel_types[] = $angel_type_id; } } // Trivia if (isset($_REQUEST['lastname'])) { $lastname = strip_request_item('lastname'); } if (isset($_REQUEST['prename'])) { $prename = strip_request_item('prename'); } if (isset($_REQUEST['age']) && preg_match("/^[0-9]{0,4}\$/", $_REQUEST['age'])) { $age = strip_request_item('age'); } if (isset($_REQUEST['tel'])) { $tel = strip_request_item('tel'); } if (isset($_REQUEST['dect'])) { $dect = strip_request_item('dect'); } if (isset($_REQUEST['mobile'])) { $mobile = strip_request_item('mobile'); } if (isset($_REQUEST['hometown'])) { $hometown = strip_request_item('hometown'); } if (isset($_REQUEST['comment'])) { $comment = strip_request_item_nl('comment'); } if ($ok) { sql_query("\n INSERT INTO `User` SET \n `color`='" . sql_escape($default_theme) . "', \n `Nick`='" . sql_escape($nick) . "', \n `Vorname`='" . sql_escape($prename) . "', \n `Name`='" . sql_escape($lastname) . "', \n `Alter`='" . sql_escape($age) . "', \n `Telefon`='" . sql_escape($tel) . "', \n `DECT`='" . sql_escape($dect) . "', \n `Handy`='" . sql_escape($mobile) . "', \n `email`='" . sql_escape($mail) . "', \n `email_shiftinfo`=" . sql_bool($email_shiftinfo) . ", \n `jabber`='" . sql_escape($jabber) . "',\n `Size`='" . sql_escape($tshirt_size) . "', \n `Passwort`='" . sql_escape($password_hash) . "', \n `kommentar`='" . sql_escape($comment) . "', \n `Hometown`='" . sql_escape($hometown) . "', \n `CreateDate`=NOW(), \n `Sprache`='" . sql_escape($_SESSION["locale"]) . "',\n `arrival_date`=NULL,\n `planned_arrival_date`='" . sql_escape($planned_arrival_date) . "'"); // Assign user-group and set password $user_id = sql_id(); sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($user_id) . "', `group_id`=-2"); set_password($user_id, $_REQUEST['password']); // Assign angel-types $user_angel_types_info = array(); foreach ($selected_angel_types as $selected_angel_type_id) { sql_query("INSERT INTO `UserAngelTypes` SET `user_id`='" . sql_escape($user_id) . "', `angeltype_id`='" . sql_escape($selected_angel_type_id) . "'"); $user_angel_types_info[] = $angel_types[$selected_angel_type_id]; } engelsystem_log("User " . $nick . " signed up as: " . join(", ", $user_angel_types_info)); success(_("Angel registration successful!")); redirect('?'); } } return page_with_title(register_title(), array(_("By completing this form you're registering as a Chaos-Angel. This script will create you an account in the angel task sheduler."), $msg, msg(), form(array(div('row', array(div('col-md-6', array(div('row', array(div('col-sm-4', array(form_text('nick', _("Nick") . ' ' . entry_required(), $nick))), div('col-sm-8', array(form_email('mail', _("E-Mail") . ' ' . entry_required(), $mail), form_checkbox('email_shiftinfo', _("Please send me an email if my shifts change"), $email_shiftinfo))))), div('row', array(div('col-sm-6', array(form_date('planned_arrival_date', _("Planned date of arrival") . ' ' . entry_required(), $planned_arrival_date, time()))), div('col-sm-6', array($enable_tshirt_size ? form_select('tshirt_size', _("Shirt size") . ' ' . entry_required(), $tshirt_sizes, $tshirt_size) : '')))), div('row', array(div('col-sm-6', array(form_password('password', _("Password") . ' ' . entry_required()))), div('col-sm-6', array(form_password('password2', _("Confirm password") . ' ' . entry_required()))))), form_checkboxes('angel_types', _("What do you want to do?") . sprintf(" (<a href=\"%s\">%s</a>)", page_link_to('angeltypes') . '&action=about', _("Description of job types")), $angel_types, $selected_angel_types), form_info("", _("Restricted angel types need will be confirmed later by an archangel. You can change your selection in the options section.")))), div('col-md-6', array(div('row', array(div('col-sm-4', array(form_text('dect', _("DECT"), $dect))), div('col-sm-4', array(form_text('mobile', _("Mobile"), $mobile))), div('col-sm-4', array(form_text('tel', _("Phone"), $tel))))), form_text('jabber', _("Jabber"), $jabber), div('row', array(div('col-sm-6', array(form_text('prename', _("First name"), $prename))), div('col-sm-6', array(form_text('lastname', _("Last name"), $lastname))))), div('row', array(div('col-sm-3', array(form_text('age', _("Age"), $age))), div('col-sm-9', array(form_text('hometown', _("Hometown"), $hometown))))), form_info(entry_required() . ' = ' . _("Entry required!")))))), form_submit('submit', _("Register")))))); }
/** * Returns true if user is angeltype coordinator or has privilege admin_user_angeltypes. * * @param User $user * @param AngelType $angeltype */ function User_is_AngelType_coordinator($user, $angeltype) { return sql_num_query("\n SELECT `id` \n FROM `UserAngelTypes` \n WHERE `user_id`='" . sql_escape($user['UID']) . "'\n AND `angeltype_id`='" . sql_escape($angeltype['id']) . "'\n AND `coordinator`=TRUE\n LIMIT 1") > 0 || in_array('admin_user_angeltypes', privileges_for_user($user['UID'])); }
<?php // Most complex update yet. Let's go... _rename_table("UserGroups", "Groups"); if (sql_num_query("SHOW TABLES LIKE 'UserCVS'") === 1 && sql_num_query("SHOW TABLES LIKE 'UserGroups'") === 0) { // First of all, create a separate table for group assignments of users sql_query("CREATE TABLE `UserGroups` (\n `id` int(11) NOT NULL AUTO_INCREMENT,\n `uid` int(11) NOT NULL,\n `group_id` int(11) NOT NULL,\n PRIMARY KEY (`id`),\n KEY `uid` (`uid`,`group_id`),\n KEY `group_id` (`group_id`)\n )"); // ...and fill it with the old data sql_query("INSERT INTO UserGroups (`uid`, `group_id`) SELECT `UID`, `GroupID` FROM `UserCVS` WHERE `UID` > 0"); if (sql_num_query("SHOW TABLES LIKE 'Privileges'") == 0) { // Then create a separate table that stores the available privileges... sql_query("CREATE TABLE IF NOT EXISTS `Privileges` (\n `id` int(11) NOT NULL AUTO_INCREMENT,\n `name` varchar(128) NOT NULL,\n `desc` varchar(1024) NOT NULL,\n PRIMARY KEY (`id`),\n UNIQUE KEY `name` (`name`)\n )"); // ...and fill it with genuine data. We cannot determine these from the old data! sql_query("INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES\n (1, 'start', 'Startseite für Gäste/Nicht eingeloggte User'),\n (2, 'login', 'Logindialog'),\n (3, 'news', 'Anzeigen der News-Seite'),\n (4, 'logout', 'User darf sich ausloggen'),\n (5, 'register', 'Einen neuen Engel registerieren'),\n (6, 'admin_rooms', 'Orte administrieren'),\n (7, 'admin_angel_types', 'Engel Typen administrieren'),\n (8, 'user_settings', 'User profile settings'),\n (9, 'user_messages', 'Writing and reading messages from user to user'),\n (10, 'admin_groups', 'Manage usergroups and their rights'),\n (11, 'user_questions', 'Let users ask questions'),\n (12, 'admin_questions', 'Answer user''s questions'),\n (13, 'admin_faq', 'Edit FAQs'),\n (14, 'admin_news', 'Administrate the news section'),\n (15, 'news_comments', 'User can comment news'),\n (16, 'admin_user', 'Administrate the angels'),\n (17, 'user_meetings', 'Lists meetings (news)'),\n (18, 'admin_language', 'Translate the system'),\n (19, 'admin_log', 'Display recent changes'),\n (20, 'user_wakeup', 'User wakeup-service organization'),\n (21, 'admin_import', 'Import locations and shifts from pentabarf'),\n (22, 'credits', 'View credits'),\n (23, 'faq', 'View FAQ'),\n (24, 'user_shifts', 'Signup for shifts'),\n (25, 'user_shifts_admin', 'Signup other angels for shifts.'),\n (26, 'user_myshifts', 'Allow angels to view their own shifts and cancel them.'),\n (27, 'admin_arrive', 'Mark angels when they are available.'),\n (28, 'admin_shifts', 'Create shifts'),\n (30, 'ical', 'iCal shift export'),\n (31, 'admin_active', 'Mark angels as active and if they got a t-shirt.'),\n (32, 'admin_free', 'Show a list of free/unemployed angels.'),\n (39, 'faq2', 'View FAQ'),\n (40, 'imprint', 'View imprint'),\n (41, 'privacy', 'View privacy statement')\n "); } if (sql_num_query("SHOW TABLES LIKE 'GroupPrivileges'") == 0) { // Last, we create the table for the privileges a group can have sql_query("CREATE TABLE `GroupPrivileges` (\n `id` int(11) NOT NULL AUTO_INCREMENT,\n `group_id` int(11) NOT NULL,\n `privilege_id` int(11) NOT NULL,\n PRIMARY KEY (`id`),\n KEY `group_id` (`group_id`,`privilege_id`)\n )"); // ...and fill it with data. /// XXX: We could determine this from the old UserCVS table, at lease partially! sqL_query("INSERT INTO `GroupPrivileges` (`id`, `group_id`, `privilege_id`) VALUES\n (107, -2, 24),\n (24, -1, 5),\n (106, -2, 8),\n (105, -2, 11),\n (23, -1, 2),\n (142, -5, 16),\n (141, -5, 28),\n (104, -2, 26),\n (103, -2, 9),\n (86, -6, 21),\n (140, -5, 6),\n (139, -5, 12),\n (102, -2, 17),\n (138, -5, 14),\n (137, -5, 13),\n (136, -5, 7),\n (101, -2, 15),\n (87, -6, 18),\n (100, -2, 3),\n (85, -6, 10),\n (99, -2, 4),\n (88, -1, 1),\n (133, -3, 32),\n (108, -2, 20),\n (109, -4, 27),\n (135, -5, 31),\n (134, -3, 25),\n (143, -5, 5),\n (260, -1, 39),\n (261, -1, 40),\n (262, -1, 41);"); } /* Hardest things last: We need to transform the old column-based system * with filename-based permissions to the new privileges system. * * For that to work, we need a manual mapping filename -> privilege, so we * can use the old data. So here we go: */ #$files_to_privileges = array( # "index.php" => "start", # "logout.php" => "logout",
function user_myshifts() { global $LETZTES_AUSTRAGEN; global $user, $privileges; $msg = ""; if (isset($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}\$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($_REQUEST['id']) . "'") > 0) { $id = $_REQUEST['id']; } else { $id = $user['UID']; } list($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); if (isset($_REQUEST['reset'])) { if ($_REQUEST['reset'] == "ack") { User_reset_api_key($user); success(_("Key changed.")); redirect(page_link_to('user_myshifts')); } return page_with_title(_("Reset API key"), array(error(_("If you reset the key, the url to your iCal- and JSON-export and your atom feed changes! You have to update it in every application using one of these exports."), true), button(page_link_to('user_myshifts') . '&reset=ack', _("Continue"), 'btn-danger'))); } elseif (isset($_REQUEST['edit']) && preg_match("/^[0-9]*\$/", $_REQUEST['edit'])) { $id = $_REQUEST['edit']; $shift = sql_select("SELECT\n `ShiftEntry`.`freeloaded`,\n `ShiftEntry`.`freeload_comment`,\n `ShiftEntry`.`Comment`,\n `ShiftEntry`.`UID`,\n `ShiftTypes`.`name`,\n `Shifts`.*,\n `Room`.`Name`,\n `AngelTypes`.`name` as `angel_type`\n FROM `ShiftEntry`\n JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`)\n JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`)\n JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`)\n WHERE `ShiftEntry`.`id`='" . sql_escape($id) . "'\n AND `UID`='" . sql_escape($shifts_user['UID']) . "' LIMIT 1"); if (count($shift) > 0) { $shift = $shift[0]; if (isset($_REQUEST['submit'])) { $freeloaded = $shift['freeloaded']; $freeload_comment = $shift['freeload_comment']; if (in_array("user_shifts_admin", $privileges)) { $freeloaded = isset($_REQUEST['freeloaded']); $freeload_comment = strip_request_item_nl('freeload_comment'); } $comment = strip_request_item_nl('comment'); $user_source = User($shift['UID']); $result = ShiftEntry_update(array('id' => $id, 'Comment' => $comment, 'freeloaded' => $freeloaded, 'freeload_comment' => $freeload_comment)); if ($result === false) { engelsystem_error('Unable to update shift entr.'); } engelsystem_log("Updated " . User_Nick_render($user_source) . "'s shift " . $shift['name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']) . " with comment " . $comment . ". Freeloaded: " . ($freeloaded ? "YES Comment: " . $freeload_comment : "NO")); success(_("Shift saved.")); redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']); } return ShiftEntry_edit_view(User_Nick_render($shifts_user), date("Y-m-d H:i", $shift['start']) . ', ' . shift_length($shift), $shift['Name'], $shift['name'], $shift['angel_type'], $shift['Comment'], $shift['freeloaded'], $shift['freeload_comment'], in_array("user_shifts_admin", $privileges)); } else { redirect(page_link_to('user_myshifts')); } } elseif (isset($_REQUEST['cancel']) && preg_match("/^[0-9]*\$/", $_REQUEST['cancel'])) { $id = $_REQUEST['cancel']; $shift = sql_select("\n SELECT *\n FROM `Shifts` \n INNER JOIN `ShiftEntry` USING (`SID`) \n WHERE `ShiftEntry`.`id`='" . sql_escape($id) . "' AND `UID`='" . sql_escape($shifts_user['UID']) . "'"); if (count($shift) > 0) { $shift = $shift[0]; if ($shift['start'] > time() + $LETZTES_AUSTRAGEN * 3600 || in_array('user_shifts_admin', $privileges)) { $result = ShiftEntry_delete($id); if ($result === false) { engelsystem_error('Unable to delete shift entry.'); } $room = Room($shift['RID']); $angeltype = AngelType($shift['TID']); $shifttype = ShiftType($shift['shifttype_id']); engelsystem_log("Deleted own shift: " . $shifttype['name'] . " at " . $room['Name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']) . " as " . $angeltype['name']); success(_("You have been signed off from the shift.")); } else { error(_("It's too late to sign yourself off the shift. If neccessary, ask the dispatcher to do so.")); } } else { redirect(user_link($shifts_user)); } } redirect(page_link_to('users') . '&action=view'); }
function user_news() { global $DISPLAY_NEWS, $privileges, $user; $html = '<div class="col-md-12"><h1>' . news_title() . '</h1>' . msg(); if (isset($_POST["text"]) && isset($_POST["betreff"]) && in_array("admin_news", $privileges)) { if (!isset($_POST["treffen"]) || !in_array("admin_news", $privileges)) { $_POST["treffen"] = 0; } sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " . "VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) . "', '" . sql_escape($_POST["treffen"]) . "');"); engelsystem_log("Created news: " . $_POST["betreff"] . ", treffen: " . $_POST["treffen"]); success(_("Entry saved.")); redirect(page_link_to('news')); } if (isset($_REQUEST['page']) && preg_match("/^[0-9]{1,}\$/", $_REQUEST['page'])) { $page = $_REQUEST['page']; } else { $page = 0; } $news = sql_select("SELECT * FROM `News` ORDER BY `Datum` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS)); foreach ($news as $entry) { $html .= display_news($entry); } $dis_rows = ceil(sql_num_query("SELECT * FROM `News`") / $DISPLAY_NEWS); $html .= '<div class="text-center">' . '<ul class="pagination">'; for ($i = 0; $i < $dis_rows; $i++) { if (isset($_REQUEST['page']) && $i == $_REQUEST['page']) { $html .= '<li class="active">'; } elseif (!isset($_REQUEST['page']) && $i == 0) { $html .= '<li class="active">'; } else { $html .= '<li>'; } $html .= '<a href="' . page_link_to("news") . '&page=' . $i . '">' . ($i + 1) . '</a></li>'; } $html .= '</ul></div>'; if (in_array("admin_news", $privileges)) { $html .= '<hr />'; $html .= '<h2>' . _("Create news:") . '</h2>'; $html .= form(array(form_text('betreff', _("Subject"), ''), form_textarea('text', _("Message"), ''), form_checkbox('treffen', _("Meeting"), false, 1), form_submit('submit', _("Save")))); } return $html . '</div>'; }
<?php // create admin_user_angeltypes permission/privilege and assign it to the archangel usergroup. if (sql_num_query("SELECT * FROM `Privileges` WHERE `name`='admin_user_angeltypes'") == 0) { sql_query("INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES ( NULL , 'admin_user_angeltypes', 'Confirm restricted angel types' );"); $id = sql_id(); sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=-5, `privilege_id`='" . sql_escape($id) . "'"); sql_query("INSERT INTO `Sprache` (\n\t\t`TextID` ,\n\t\t`Sprache` ,\n\t\t`Text`\n\t\t)\n\t\tVALUES (\n\t\t'admin_user_angeltypes', 'DE', 'Engeltypen freischalten'\n\t\t), (\n\t\t'admin_user_angeltypes', 'EN', 'Confirm angeltypes'\n\t\t);"); $applied = true; }
function view_user_shifts() { global $user, $privileges; global $ical_shifts; $ical_shifts = array(); $days = sql_select_single_col("\n SELECT DISTINCT DATE(FROM_UNIXTIME(`start`)) AS `id`, DATE(FROM_UNIXTIME(`start`)) AS `name` \n FROM `Shifts` \n ORDER BY `start`"); if (count($days) == 0) { error(_("The administration has not configured any shifts yet.")); redirect('?'); } $rooms = sql_select("SELECT `RID` AS `id`, `Name` AS `name` FROM `Room` WHERE `show`='Y' ORDER BY `Name`"); if (count($rooms) == 0) { error(_("The administration has not configured any rooms yet.")); redirect('?'); } if (in_array('user_shifts_admin', $privileges)) { $types = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `AngelTypes`.`name`"); } else { $types = sql_select("SELECT `AngelTypes`.`id`, `AngelTypes`.`name`, (`AngelTypes`.`restricted`=0 OR (NOT `UserAngelTypes`.`confirm_user_id` IS NULL OR `UserAngelTypes`.`id` IS NULL)) as `enabled` FROM `AngelTypes` LEFT JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id`=`AngelTypes`.`id` AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "') ORDER BY `AngelTypes`.`name`"); } if (empty($types)) { $types = sql_select("SELECT `id`, `name` FROM `AngelTypes` WHERE `restricted` = 0"); } $filled = array(array('id' => '1', 'name' => _('occupied')), array('id' => '0', 'name' => _('free'))); if (count($types) == 0) { error(_("The administration has not configured any angeltypes yet - or you are not subscribed to any angeltype.")); redirect('?'); } if (!isset($_SESSION['user_shifts'])) { $_SESSION['user_shifts'] = array(); } if (!isset($_SESSION['user_shifts']['filled'])) { // User shift admins see free and occupied shifts by default $_SESSION['user_shifts']['filled'] = in_array('user_shifts_admin', $privileges) ? [0, 1] : [0]; } foreach (array('rooms', 'types', 'filled') as $key) { if (isset($_REQUEST[$key])) { $filtered = array_filter($_REQUEST[$key], 'is_numeric'); if (!empty($filtered)) { $_SESSION['user_shifts'][$key] = $filtered; } unset($filtered); } if (!isset($_SESSION['user_shifts'][$key])) { $_SESSION['user_shifts'][$key] = array_map('get_ids_from_array', ${$key}); } } if (isset($_REQUEST['rooms'])) { if (isset($_REQUEST['new_style'])) { $_SESSION['user_shifts']['new_style'] = true; } else { $_SESSION['user_shifts']['new_style'] = false; } } if (!isset($_SESSION['user_shifts']['new_style'])) { $_SESSION['user_shifts']['new_style'] = true; } foreach (array('start', 'end') as $key) { if (isset($_REQUEST[$key . '_day']) && in_array($_REQUEST[$key . '_day'], $days)) { $_SESSION['user_shifts'][$key . '_day'] = $_REQUEST[$key . '_day']; } if (isset($_REQUEST[$key . '_time']) && preg_match('#^\\d{1,2}:\\d\\d$#', $_REQUEST[$key . '_time'])) { $_SESSION['user_shifts'][$key . '_time'] = $_REQUEST[$key . '_time']; } if (!isset($_SESSION['user_shifts'][$key . '_day'])) { $time = date('Y-m-d', time() + ($key == 'end' ? 24 * 60 * 60 : 0)); $_SESSION['user_shifts'][$key . '_day'] = in_array($time, $days) ? $time : ($key == 'end' ? max($days) : min($days)); } if (!isset($_SESSION['user_shifts'][$key . '_time'])) { $_SESSION['user_shifts'][$key . '_time'] = date('H:i'); } } if ($_SESSION['user_shifts']['start_day'] > $_SESSION['user_shifts']['end_day']) { $_SESSION['user_shifts']['end_day'] = $_SESSION['user_shifts']['start_day']; } if ($_SESSION['user_shifts']['start_day'] == $_SESSION['user_shifts']['end_day'] && $_SESSION['user_shifts']['start_time'] >= $_SESSION['user_shifts']['end_time']) { $_SESSION['user_shifts']['end_time'] = '23:59'; } if (isset($_SESSION['user_shifts']['start_day'])) { $starttime = DateTime::createFromFormat("Y-m-d H:i", $_SESSION['user_shifts']['start_day'] . $_SESSION['user_shifts']['start_time']); $starttime = $starttime->getTimestamp(); } else { $starttime = now(); } if (isset($_SESSION['user_shifts']['end_day'])) { $endtime = DateTime::createFromFormat("Y-m-d H:i", $_SESSION['user_shifts']['end_day'] . $_SESSION['user_shifts']['end_time']); $endtime = $endtime->getTimestamp(); } else { $endtime = now() + 24 * 60 * 60; } if (!isset($_SESSION['user_shifts']['rooms']) || count($_SESSION['user_shifts']['rooms']) == 0) { $_SESSION['user_shifts']['rooms'] = array(0); } $SQL = "SELECT DISTINCT `Shifts`.*, `ShiftTypes`.`name`, `Room`.`Name` as `room_name`, nat2.`special_needs` > 0 AS 'has_special_needs'\n FROM `Shifts`\n INNER JOIN `Room` USING (`RID`)\n INNER JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n LEFT JOIN (SELECT COUNT(*) AS special_needs , nat3.`shift_id` FROM `NeededAngelTypes` AS nat3 WHERE `shift_id` IS NOT NULL GROUP BY nat3.`shift_id`) AS nat2 ON nat2.`shift_id` = `Shifts`.`SID`\n INNER JOIN `NeededAngelTypes` AS nat ON nat.`count` != 0 AND nat.`angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") AND ((nat2.`special_needs` > 0 AND nat.`shift_id` = `Shifts`.`SID`) OR ((nat2.`special_needs` = 0 OR nat2.`special_needs` IS NULL) AND nat.`room_id` = `RID`))\n LEFT JOIN (SELECT se.`SID`, se.`TID`, COUNT(*) as count FROM `ShiftEntry` AS se GROUP BY se.`SID`, se.`TID`) AS entries ON entries.`SID` = `Shifts`.`SID` AND entries.`TID` = nat.`angel_type_id`\n WHERE `Shifts`.`RID` IN (" . implode(',', $_SESSION['user_shifts']['rooms']) . ")\n AND `start` BETWEEN " . $starttime . " AND " . $endtime; if (count($_SESSION['user_shifts']['filled']) == 1) { if ($_SESSION['user_shifts']['filled'][0] == 0) { $SQL .= "\n AND (nat.`count` > entries.`count` OR entries.`count` IS NULL OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = '" . sql_escape($user['UID']) . "' AND `ShiftEntry`.`SID` = `Shifts`.`SID`))"; } elseif ($_SESSION['user_shifts']['filled'][0] == 1) { $SQL .= "\n AND (nat.`count` <= entries.`count` OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = '" . sql_escape($user['UID']) . "' AND `ShiftEntry`.`SID` = `Shifts`.`SID`))"; } } $SQL .= "\n ORDER BY `start`"; $shifts = sql_select($SQL); $ownshifts_source = sql_select("\n SELECT `ShiftTypes`.`name`, `Shifts`.* \n FROM `Shifts` \n INNER JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n INNER JOIN `ShiftEntry` ON (`Shifts`.`SID` = `ShiftEntry`.`SID` AND `ShiftEntry`.`UID` = '" . sql_escape($user['UID']) . "')\n WHERE `Shifts`.`RID` IN (" . implode(',', $_SESSION['user_shifts']['rooms']) . ")\n AND `start` BETWEEN " . $starttime . " AND " . $endtime); $ownshifts = array(); foreach ($ownshifts_source as $ownshift) { $ownshifts[$ownshift['SID']] = $ownshift; } unset($ownshifts_source); $shifts_table = ""; // qqqq /* * [0] => Array ( [SID] => 1 [start] => 1355958000 [end] => 1355961600 [RID] => 1 [name] => [URL] => [PSID] => [room_name] => test1 [has_special_needs] => 1 [is_full] => 0 ) */ if ($_SESSION['user_shifts']['new_style']) { $first = 15 * 60 * floor($starttime / (15 * 60)); $maxshow = ceil(($endtime - $first) / (60 * 15)); $block = array(); $todo = array(); $myrooms = $rooms; // delete un-selected rooms from array foreach ($myrooms as $k => $v) { if (array_search($v["id"], $_SESSION['user_shifts']['rooms']) === FALSE) { unset($myrooms[$k]); } // initialize $block array $block[$v["id"]] = array_fill(0, $maxshow, 0); } // calculate number of parallel shifts in each timeslot for each room foreach ($shifts as $k => $shift) { $rid = $shift["RID"]; $blocks = ($shift["end"] - $shift["start"]) / (15 * 60); $firstblock = floor(($shift["start"] - $first) / (15 * 60)); for ($i = $firstblock; $i < $blocks + $firstblock && $i < $maxshow; $i++) { $block[$rid][$i]++; } $shifts[$k]['own'] = in_array($shift['SID'], array_keys($ownshifts)); } $shifts_table = '<div class="shifts-table"><table id="shifts" class="table scrollable"><thead><tr><th>-</th>'; foreach ($myrooms as $key => $room) { $rid = $room["id"]; if (array_sum($block[$rid]) == 0) { // do not display columns without entries unset($block[$rid]); unset($myrooms[$key]); continue; } $colspan = call_user_func_array('max', $block[$rid]); if ($colspan == 0) { $colspan = 1; } $todo[$rid] = array_fill(0, $maxshow, $colspan); $shifts_table .= "<th" . ($colspan > 1 ? ' colspan="' . $colspan . '"' : '') . ">" . Room_name_render(['RID' => $room['id'], 'Name' => $room['name']]) . "</th>\n"; } unset($block, $blocks, $firstblock, $colspan, $key, $room); $shifts_table .= "</tr></thead><tbody>"; for ($i = 0; $i < $maxshow; $i++) { $thistime = $first + $i * 15 * 60; if ($thistime % (24 * 60 * 60) == 23 * 60 * 60 && $endtime - $starttime > 24 * 60 * 60) { $shifts_table .= "<tr class=\"row-day\"><th class=\"row-header\">"; $shifts_table .= date('y-m-d<b\\r />H:i', $thistime); } elseif ($thistime % (60 * 60) == 0) { $shifts_table .= "<tr class=\"row-hour\"><th>"; $shifts_table .= date("H:i", $thistime); } else { $shifts_table .= "<tr><th>"; } $shifts_table .= "</th>"; foreach ($myrooms as $room) { $rid = $room["id"]; foreach ($shifts as $shift) { if ($shift["RID"] == $rid) { if (floor($shift["start"] / (15 * 60)) == $thistime / (15 * 60)) { $blocks = ($shift["end"] - $shift["start"]) / (15 * 60); if ($blocks < 1) { $blocks = 1; } $collides = in_array($shift['SID'], array_keys($ownshifts)); if (!$collides) { foreach ($ownshifts as $ownshift) { if ($ownshift['start'] >= $shift['start'] && $ownshift['start'] < $shift['end'] || $ownshift['end'] > $shift['start'] && $ownshift['end'] <= $shift['end'] || $ownshift['start'] < $shift['start'] && $ownshift['end'] > $shift['end']) { $collides = true; break; } } } // qqqqqq $is_free = false; $shifts_row = ''; if (in_array('admin_shifts', $privileges)) { $shifts_row .= '<div class="pull-right">' . table_buttons(array(button(page_link_to('user_shifts') . '&edit_shift=' . $shift['SID'], glyph('edit'), 'btn-xs'), button(page_link_to('user_shifts') . '&delete_shift=' . $shift['SID'], glyph('trash'), 'btn-xs'))) . '</div>'; } $shifts_row .= Room_name_render(['RID' => $room['id'], 'Name' => $room['name']]) . '<br />'; $shifts_row .= '<a href="' . shift_link($shift) . '">' . date('d.m. H:i', $shift['start']); $shifts_row .= " – "; $shifts_row .= date('H:i', $shift['end']); $shifts_row .= "<br /><b>"; $shifts_row .= ShiftType($shift['shifttype_id'])['name']; $shifts_row .= "</b><br />"; if ($shift['title'] != '') { $shifts_row .= $shift['title']; $shifts_row .= "<br />"; } $shifts_row .= '</a>'; $shifts_row .= '<br />'; $query = "SELECT `NeededAngelTypes`.`count`, `AngelTypes`.`id`, `AngelTypes`.`restricted`, `UserAngelTypes`.`confirm_user_id`, `AngelTypes`.`name`, `UserAngelTypes`.`user_id`\n FROM `NeededAngelTypes`\n JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id`)\n LEFT JOIN `UserAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `UserAngelTypes`.`angeltype_id`AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "')\n WHERE\n `count` > 0\n AND "; if ($shift['has_special_needs']) { $query .= "`shift_id` = '" . sql_escape($shift['SID']) . "'"; } else { $query .= "`room_id` = '" . sql_escape($shift['RID']) . "'"; } if (!empty($_SESSION['user_shifts']['types'])) { $query .= " AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") "; } $query .= " ORDER BY `AngelTypes`.`name`"; $angeltypes = sql_select($query); if (count($angeltypes) > 0) { foreach ($angeltypes as $angeltype) { $entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `TID`='" . sql_escape($angeltype['id']) . "' ORDER BY `Nick`"); $entry_list = array(); $freeloader = 0; foreach ($entries as $entry) { $style = ''; if ($entry['freeloaded']) { $freeloader++; $style = " text-decoration: line-through;"; } if (in_array('user_shifts_admin', $privileges)) { $entry_list[] = "<span style=\"{$style}\">" . User_Nick_render($entry) . ' ' . table_buttons(array(button(page_link_to('user_shifts') . '&entry_id=' . $entry['id'], glyph('trash'), 'btn-xs'))) . '</span>'; } else { $entry_list[] = "<span style=\"{$style}\">" . User_Nick_render($entry) . "</span>"; } } if ($angeltype['count'] - count($entries) - $freeloader > 0) { $inner_text = sprintf(ngettext("%d helper needed", "%d helpers needed", $angeltype['count'] - count($entries)), $angeltype['count'] - count($entries)); // is the shift still running or alternatively is the user shift admin? $user_may_join_shift = true; // you cannot join if user alread joined a parallel or this shift $user_may_join_shift &= !$collides; // you cannot join if user is not of this angel type $user_may_join_shift &= isset($angeltype['user_id']); // you cannot join if you are not confirmed if ($angeltype['restricted'] == 1 && isset($angeltype['user_id'])) { $user_may_join_shift &= isset($angeltype['confirm_user_id']); } // you can only join if the shift is in future or running $user_may_join_shift &= time() < $shift['start']; // User shift admins may join anybody in every shift $user_may_join_shift |= in_array('user_shifts_admin', $privileges); if ($user_may_join_shift) { $entry_list[] = '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . $inner_text . '</a> ' . button(page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'], _('Sign up'), 'btn-xs'); } else { if (time() > $shift['start']) { $entry_list[] = $inner_text . ' (' . _('ended') . ')'; } elseif ($angeltype['restricted'] == 1 && isset($angeltype['user_id']) && !isset($angeltype['confirm_user_id'])) { $entry_list[] = $inner_text . glyph('lock'); } elseif ($angeltype['restricted'] == 1) { $entry_list[] = $inner_text; } elseif ($collides) { $entry_list[] = $inner_text; } else { $entry_list[] = $inner_text . '<br />' . button(page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], sprintf(_('Become %s'), $angeltype['name']), 'btn-xs'); } } unset($inner_text); $is_free = true; } $shifts_row .= '<strong>' . AngelType_name_render($angeltype) . ':</strong> '; $shifts_row .= join(", ", $entry_list); $shifts_row .= '<br />'; } if (in_array('user_shifts_admin', $privileges)) { $shifts_row .= ' ' . button(page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'], _("Add more angels"), 'btn-xs'); } } if ($shift['own'] && !in_array('user_shifts_admin', $privileges)) { $class = 'own'; } elseif ($collides && !in_array('user_shifts_admin', $privileges)) { $class = 'collides'; } elseif ($is_free) { $class = 'free'; } else { $class = 'occupied'; } $shifts_table .= '<td rowspan="' . $blocks . '" class="' . $class . '">'; $shifts_table .= $shifts_row; $shifts_table .= "</td>"; for ($j = 0; $j < $blocks && $i + $j < $maxshow; $j++) { $todo[$rid][$i + $j]--; } } } } // fill up row with empty <td> while ($todo[$rid][$i]-- > 0) { $shifts_table .= '<td class="empty"></td>'; } } $shifts_table .= "</tr>\n"; } $shifts_table .= '</tbody></table></div>'; // qqq } else { $shifts_table = array(); foreach ($shifts as $shift) { $info = array(); if ($_SESSION['user_shifts']['start_day'] != $_SESSION['user_shifts']['end_day']) { $info[] = date("Y-m-d", $shift['start']); } $info[] = date("H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']); if (count($_SESSION['user_shifts']['rooms']) > 1) { $info[] = Room_name_render(['Name' => $shift['room_name'], 'RID' => $shift['RID']]); } $shift_row = array('info' => join('<br />', $info), 'entries' => '<a href="' . shift_link($shift) . '">' . $shift['name'] . '</a>' . ($shift['title'] ? '<br />' . $shift['title'] : '')); if (in_array('admin_shifts', $privileges)) { $shift_row['info'] .= ' ' . table_buttons(array(button(page_link_to('user_shifts') . '&edit_shift=' . $shift['SID'], glyph('edit'), 'btn-xs'), button(page_link_to('user_shifts') . '&delete_shift=' . $shift['SID'], glyph('trash'), 'btn-xs'))); } $shift_row['entries'] .= '<br />'; $is_free = false; $shift_has_special_needs = 0 < sql_num_query("SELECT `id` FROM `NeededAngelTypes` WHERE `shift_id` = " . $shift['SID']); $query = "SELECT `NeededAngelTypes`.`count`, `AngelTypes`.`id`, `AngelTypes`.`restricted`, `UserAngelTypes`.`confirm_user_id`, `AngelTypes`.`name`, `UserAngelTypes`.`user_id`\n FROM `NeededAngelTypes`\n JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id`)\n LEFT JOIN `UserAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `UserAngelTypes`.`angeltype_id`AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "')\n WHERE "; if ($shift_has_special_needs) { $query .= "`shift_id` = '" . sql_escape($shift['SID']) . "'"; } else { $query .= "`room_id` = '" . sql_escape($shift['RID']) . "'"; } $query .= " AND `count` > 0 "; if (!empty($_SESSION['user_shifts']['types'])) { $query .= "AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") "; } $query .= "ORDER BY `AngelTypes`.`name`"; $angeltypes = sql_select($query); if (count($angeltypes) > 0) { $my_shift = sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `UID`='" . sql_escape($user['UID']) . "' LIMIT 1") > 0; foreach ($angeltypes as &$angeltype) { $entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `TID`='" . sql_escape($angeltype['id']) . "' ORDER BY `Nick`"); $entry_list = array(); $entry_nicks = []; $freeloader = 0; foreach ($entries as $entry) { if (in_array('user_shifts_admin', $privileges)) { $member = User_Nick_render($entry) . ' ' . table_buttons(array(button(page_link_to('user_shifts') . '&entry_id=' . $entry['id'], glyph('trash'), 'btn-xs'))); } else { $member = User_Nick_render($entry); } if ($entry['freeloaded']) { $member = '<strike>' . $member . '</strike>'; $freeloader++; } $entry_list[] = $member; $entry_nicks[] = $entry['Nick']; } $angeltype['taken'] = count($entries) - $freeloader; $angeltype['angels'] = $entry_nicks; // do we need more angles of this type? if ($angeltype['count'] - count($entries) + $freeloader > 0) { $inner_text = sprintf(ngettext("%d helper needed", "%d helpers needed", $angeltype['count'] - count($entries) + $freeloader), $angeltype['count'] - count($entries) + $freeloader); // is the shift still running or alternatively is the user shift admin? $user_may_join_shift = true; /* you cannot join if user already joined this shift */ $user_may_join_shift &= !$my_shift; // you cannot join if user is not of this angel type $user_may_join_shift &= isset($angeltype['user_id']); // you cannot join if you are not confirmed if ($angeltype['restricted'] == 1 && isset($angeltype['user_id'])) { $user_may_join_shift &= isset($angeltype['confirm_user_id']); } // you can only join if the shift is in future or running $user_may_join_shift &= time() < $shift['start']; // User shift admins may join anybody in every shift $user_may_join_shift |= in_array('user_shifts_admin', $privileges); if ($user_may_join_shift) { $entry_list[] = '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . $inner_text . ' »</a>'; } else { if (time() > $shift['end']) { $entry_list[] = $inner_text . ' (vorbei)'; } elseif ($angeltype['restricted'] == 1 && isset($angeltype['user_id']) && !isset($angeltype['confirm_user_id'])) { $entry_list[] = $inner_text . glyph("lock"); } else { $entry_list[] = $inner_text . ' <a href="' . page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'] . '">' . sprintf(_('Become %s'), $angeltype['name']) . '</a>'; } } unset($inner_text); $is_free = true; } $shift_row['entries'] .= '<b>' . $angeltype['name'] . ':</b> '; $shift_row['entries'] .= join(", ", $entry_list); $shift_row['entries'] .= '<br />'; } if (in_array('user_shifts_admin', $privileges)) { $shift_row['entries'] .= '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . _('Add more angels') . ' »</a>'; } $shifts_table[] = $shift_row; $shift['angeltypes'] = $angeltypes; $ical_shifts[] = $shift; } } $shifts_table = table(array('info' => _("Time") . "/" . _("Room"), 'entries' => _("Entries")), $shifts_table); } if ($user['api_key'] == "") { User_reset_api_key($user, false); } return page(array('<div class="col-md-12">', msg(), template_render('../templates/user_shifts.html', array('title' => shifts_title(), 'room_select' => make_select($rooms, $_SESSION['user_shifts']['rooms'], "rooms", _("Rooms")), 'start_select' => html_select_key("start_day", "start_day", array_combine($days, $days), $_SESSION['user_shifts']['start_day']), 'start_time' => $_SESSION['user_shifts']['start_time'], 'end_select' => html_select_key("end_day", "end_day", array_combine($days, $days), $_SESSION['user_shifts']['end_day']), 'end_time' => $_SESSION['user_shifts']['end_time'], 'type_select' => make_select($types, $_SESSION['user_shifts']['types'], "types", _("Angeltypes") . '<sup>1</sup>'), 'filled_select' => make_select($filled, $_SESSION['user_shifts']['filled'], "filled", _("Occupancy")), 'task_notice' => '<sup>1</sup>' . _("The tasks shown here are influenced by the preferences you defined in your settings!") . " <a href=\"" . page_link_to('angeltypes') . '&action=about' . "\">" . _("Description of the jobs.") . "</a>", 'new_style_checkbox' => '<label><input type="checkbox" name="new_style" value="1" ' . ($_SESSION['user_shifts']['new_style'] ? ' checked' : '') . '> ' . _("Use new style if possible") . '</label>', 'shifts_table' => msg() . $shifts_table, 'ical_text' => '<h2>' . _("iCal export") . '</h2><p>' . sprintf(_("Export of shown shifts. <a href=\"%s\">iCal format</a> or <a href=\"%s\">JSON format</a> available (please keep secret, otherwise <a href=\"%s\">reset the api key</a>)."), page_link_to_absolute('ical') . '&key=' . $user['api_key'], page_link_to_absolute('shifts_json_export') . '&key=' . $user['api_key'], page_link_to('user_myshifts') . '&reset') . '</p>', 'filter' => _("Filter"))), '</div>')); }
<?php if (sql_num_query("SHOW COLUMNS FROM `Shifts` LIKE 'Date_'") == 2) { if (sql_num_query("DESCRIBE `Shifts` `Len`") != 0) { if (sql_num_query("SELECT * FROM `Shifts` WHERE DATE_SUB(`DateE`, INTERVAL (`Len`*60) MINUTE) != `DateS`") != 0) { die("Inconsistent data in Shifts table, won't do update " . __FILE__); } else { sql_query("ALTER TABLE `Shifts` DROP `Len`"); } } _datetime_to_int("Shifts", "DateS"); _datetime_to_int("Shifts", "DateE"); sql_query("ALTER TABLE `Shifts` CHANGE `DateS` `start` INT NOT NULL, CHANGE `DateE` `end` INT NOT NULL"); $applied = true; } if (sql_num_query("DESCRIBE `Shifts` `Man`") === 1 && sql_num_query("DESCRIBE `Shifts` `name`") === 0) { sql_query("ALTER TABLE `Shifts` CHANGE `Man` `name` VARCHAR(1024) NULL"); $applied = true; } $res = sql_select("DESCRIBE `Shifts` `PSID`"); if ($res[0]['Type'] == 'text') { sql_query("ALTER TABLE `Shifts` CHANGE `PSID` `PSID` INT NULL"); $applied = true; } _add_index("Shifts", array("PSID"), "UNIQUE"); _add_index("Shifts", array("RID"));
<?php if (sql_num_query("SHOW TABLES LIKE 'LogEntries'") == 0) { sql_query("CREATE TABLE `LogEntries` (\n `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,\n `timestamp` INT NOT NULL ,\n `nick` VARCHAR( 23 ) NOT NULL ,\n `message` TEXT NOT NULL ,\n INDEX ( `timestamp` )\n ) ENGINE = InnoDB;"); $applied = true; } if (sql_num_query("SHOW TABLES LIKE 'ChangeLog'") == 0) { sql_query("DROP TABLE `ChangeLog`"); $applied = true; }
<?php if (sql_num_query("DESCRIBE `Messages` `id`") === 0) { sql_query("ALTER TABLE `Messages`\n DROP PRIMARY KEY,\n ADD `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY FIRST\n "); $applied = true; } _add_index("Messages", array("SUID")); _add_index("Messages", array("RUID")); _datetime_to_int("Messages", "Datum"); _add_index("Messages", array("Datum"));
<?php if (sql_num_query("SHOW TABLES LIKE 'UserAngelTypes'") === 0) { sql_query("CREATE TABLE `UserAngelTypes` (\n `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,\n `user_id` INT NOT NULL ,\n `angeltype_id` INT NOT NULL ,\n `confirm_user_id` INT NULL ,\n INDEX ( `user_id` , `angeltype_id` , `confirm_user_id` )\n )"); sql_query("INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`)\n SELECT `User`.`UID`, `AngelTypes`.`id`\n FROM `User`\n INNER JOIN `AngelTypes`\n ON TRIM(TRAILING 'Engel' FROM TRIM(TRAILING 'Angel' FROM `User`.`Art`)) = `AngelTypes`.`name`"); $applied = true; }
<?php if (sql_num_query("DESCRIBE `ShiftEntry` `id`") === 0) { sql_query("ALTER TABLE `ShiftEntry` ADD `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY FIRST"); $applied = true; } _add_index("ShiftEntry", array("SID")); _add_index("ShiftEntry", array("TID")); _add_index("ShiftEntry", array("UID"));
<?php if (sql_num_query("SHOW INDEX FROM `Room` WHERE `Column_name` = 'location'") == 0) { sql_query("ALTER TABLE `Room` ADD `location` TEXT NOT NULL"); $applied = true; } if (sql_num_query("SHOW INDEX FROM `Room` WHERE `Column_name` = 'lat'") == 0) { sql_query("ALTER TABLE `Room` ADD `lat` VARCHAR(20) NOT NULL"); $applied = true; } if (sql_num_query("SHOW INDEX FROM `Room` WHERE `Column_name` = 'long'") == 0) { sql_query("ALTER TABLE `Room` ADD `long` VARCHAR(20) NOT NULL"); $applied = true; }
function admin_active() { global $tshirt_sizes, $shift_sum_formula; $msg = ""; $search = ""; $forced_count = sql_num_query("SELECT * FROM `User` WHERE `force_active`=1"); $count = $forced_count; $limit = ""; $set_active = ""; if (isset($_REQUEST['search'])) { $search = strip_request_item('search'); } if (isset($_REQUEST['set_active'])) { $ok = true; if (isset($_REQUEST['count']) && preg_match("/^[0-9]+\$/", $_REQUEST['count'])) { $count = strip_request_item('count'); if ($count < $forced_count) { error(sprintf(_("At least %s angels are forced to be active. The number has to be greater."), $forced_count)); redirect(page_link_to('admin_active')); } } else { $ok = false; $msg .= error(_("Please enter a number of angels to be marked as active."), true); } if ($ok) { $limit = " LIMIT " . $count; } if (isset($_REQUEST['ack'])) { sql_query("UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0"); $users = sql_select("\n SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, {$shift_sum_formula} as `shift_length` \n FROM `User` \n LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` \n LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` \n WHERE `User`.`Gekommen` = 1 AND `User`.`force_active`=0 \n GROUP BY `User`.`UID` \n ORDER BY `force_active` DESC, `shift_length` DESC" . $limit); $user_nicks = array(); foreach ($users as $usr) { sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`='" . sql_escape($usr['UID']) . "'"); $user_nicks[] = User_Nick_render($usr); } sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `force_active`=TRUE"); engelsystem_log("These angels are active now: " . join(", ", $user_nicks)); $limit = ""; $msg = success(_("Marked angels."), true); } else { $set_active = '<a href="' . page_link_to('admin_active') . '&serach=' . $search . '">« ' . _("back") . '</a> | <a href="' . page_link_to('admin_active') . '&search=' . $search . '&count=' . $count . '&set_active&ack">' . _("apply") . '</a>'; } } if (isset($_REQUEST['active']) && preg_match("/^[0-9]+\$/", $_REQUEST['active'])) { $id = $_REQUEST['active']; $user_source = User($id); if ($user_source != null) { sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User " . User_Nick_render($user_source) . " is active now."); $msg = success(_("Angel has been marked as active."), true); } else { $msg = error(_("Angel not found."), true); } } elseif (isset($_REQUEST['not_active']) && preg_match("/^[0-9]+\$/", $_REQUEST['not_active'])) { $id = $_REQUEST['not_active']; $user_source = User($id); if ($user_source != null) { sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User " . User_Nick_render($user_source) . " is NOT active now."); $msg = success(_("Angel has been marked as not active."), true); } else { $msg = error(_("Angel not found."), true); } } elseif (isset($_REQUEST['tshirt']) && preg_match("/^[0-9]+\$/", $_REQUEST['tshirt'])) { $id = $_REQUEST['tshirt']; $user_source = User($id); if ($user_source != null) { sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User " . User_Nick_render($user_source) . " has tshirt now."); $msg = success(_("Angel has got a t-shirt."), true); } else { $msg = error("Angel not found.", true); } } elseif (isset($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+\$/", $_REQUEST['not_tshirt'])) { $id = $_REQUEST['not_tshirt']; $user_source = User($id); if ($user_source != null) { sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User " . User_Nick_render($user_source) . " has NO tshirt."); $msg = success(_("Angel has got no t-shirt."), true); } else { $msg = error(_("Angel not found."), true); } } $users = sql_select("\n SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, {$shift_sum_formula} as `shift_length` \n FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` \n LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` \n WHERE `User`.`Gekommen` = 1 \n GROUP BY `User`.`UID` \n ORDER BY `force_active` DESC, `shift_length` DESC" . $limit); $matched_users = array(); if ($search == "") { $tokens = array(); } else { $tokens = explode(" ", $search); } foreach ($users as &$usr) { if (count($tokens) > 0) { $match = false; $index = join("", $usr); foreach ($tokens as $t) { if (stristr($index, trim($t))) { $match = true; break; } } if (!$match) { continue; } } $usr['nick'] = User_Nick_render($usr); $usr['shirt_size'] = $tshirt_sizes[$usr['Size']]; $usr['work_time'] = round($usr['shift_length'] / 60) . ' min (' . round($usr['shift_length'] / 3600) . ' h)'; $usr['active'] = glyph_bool($usr['Aktiv'] == 1); $usr['force_active'] = glyph_bool($usr['force_active'] == 1); $usr['tshirt'] = glyph_bool($usr['Tshirt'] == 1); $actions = array(); if ($usr['Aktiv'] == 0) { $actions[] = '<a href="' . page_link_to('admin_active') . '&active=' . $usr['UID'] . '&search=' . $search . '">' . _("set active") . '</a>'; } if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) { $actions[] = '<a href="' . page_link_to('admin_active') . '&not_active=' . $usr['UID'] . '&search=' . $search . '">' . _("remove active") . '</a>'; $actions[] = '<a href="' . page_link_to('admin_active') . '&tshirt=' . $usr['UID'] . '&search=' . $search . '">' . _("got t-shirt") . '</a>'; } if ($usr['Tshirt'] == 1) { $actions[] = '<a href="' . page_link_to('admin_active') . '&not_tshirt=' . $usr['UID'] . '&search=' . $search . '">' . _("remove t-shirt") . '</a>'; } $usr['actions'] = join(' ', $actions); $matched_users[] = $usr; } $shirt_statistics = sql_select("\n SELECT `Size`, count(`Size`) AS `count`\n FROM `User`\n WHERE `Tshirt`=1\n GROUP BY `Size`\n ORDER BY `count` DESC"); $shirt_statistics[] = array('Size' => '<b>' . _("Sum") . '</b>', 'count' => '<b>' . sql_select_single_cell("SELECT count(*) FROM `User` WHERE `Tshirt`=1") . '</b>'); return page_with_title(admin_active_title(), array(form(array(form_text('search', _("Search angel:"), $search), form_submit('submit', _("Search")))), $set_active == "" ? form(array(form_text('count', _("How much angels should be active?"), $count), form_submit('set_active', _("Preview")))) : $set_active, msg(), table(array('nick' => _("Nickname"), 'shirt_size' => _("Size"), 'shift_count' => _("Shifts"), 'work_time' => _("Length"), 'active' => _("Active?"), 'force_active' => _("Forced"), 'tshirt' => _("T-shirt?"), 'actions' => ""), $matched_users), '<h2>' . _("Given shirts") . '</h2>', table(array('Size' => _("Size"), 'count' => _("Count")), $shirt_statistics))); }
function guest_register() { global $default_theme, $genders; $msg = ""; $nick = ""; $lastname = ""; $prename = ""; $age = ""; $tel = ""; $mobile = ""; $mail = ""; $email_shiftinfo = false; $hometown = ""; $comment = ""; $password_hash = ""; $selected_angel_types = array(); $gender = "none"; $angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); $angel_types = array(); foreach ($angel_types_source as $angel_type) { $angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : ""); if (!$angel_type['restricted']) { $selected_angel_types[] = $angel_type['id']; } } if (isset($_REQUEST['submit'])) { $ok = true; if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 1) { $nick = User_validate_Nick($_REQUEST['nick']); if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' LIMIT 1") > 0) { $ok = false; $msg .= error(sprintf(_("Your nick "%s" already exists."), $nick), true); } } else { $ok = false; $msg .= error(sprintf(_("Your nick "%s" is too short (min. 2 characters)."), User_validate_Nick($_REQUEST['nick'])), true); } if (isset($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) { $mail = strip_request_item('mail'); if (!check_email($mail)) { $ok = false; $msg .= error(_("E-mail address is not correct."), true); } } else { $ok = false; $msg .= error(_("Please enter your e-mail."), true); } if (isset($_REQUEST['email_shiftinfo'])) { $email_shiftinfo = true; } if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) { if ($_REQUEST['password'] != $_REQUEST['password2']) { $ok = false; $msg .= error(_("Your passwords don't match."), true); } } else { $ok = false; $msg .= error(sprintf(_("Your password is too short (please use at least %s characters)."), MIN_PASSWORD_LENGTH), true); } $selected_angel_types = array(); foreach ($angel_types as $angel_type_id => $angel_type_name) { if (isset($_REQUEST['angel_types_' . $angel_type_id])) { $selected_angel_types[] = $angel_type_id; } } // Trivia if (isset($_REQUEST['lastname'])) { $lastname = strip_request_item('lastname'); } if (isset($_REQUEST['prename'])) { $prename = strip_request_item('prename'); } if (isset($_REQUEST['age']) && preg_match("/^[0-9]{0,4}\$/", $_REQUEST['age'])) { $age = strip_request_item('age'); } if (isset($_REQUEST['tel'])) { $tel = strip_request_item('tel'); } if (isset($_REQUEST['mobile'])) { $mobile = strip_request_item('mobile'); } if (isset($_REQUEST['hometown'])) { $hometown = strip_request_item('hometown'); } if (isset($_REQUEST['comment'])) { $comment = strip_request_item_nl('comment'); } if (isset($_REQUEST['gender']) && array_key_exists($_REQUEST['gender'], $genders)) { $gender = $_REQUEST['gender']; } if ($ok) { $confirmationToken = bin2hex(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)); $confirmationTokenUrl = page_link_to_absolute('user_activate_account') . '&token=' . $confirmationToken; sql_query("\n INSERT INTO `User` SET \n `color`='" . sql_escape($default_theme) . "', \n `Nick`='" . sql_escape($nick) . "', \n `Vorname`='" . sql_escape($prename) . "', \n `Name`='" . sql_escape($lastname) . "', \n `Alter`='" . sql_escape($age) . "', \n `gender`='" . sql_escape($gender) . "',\n `Telefon`='" . sql_escape($tel) . "', \n `Handy`='" . sql_escape($mobile) . "', \n `email`='" . sql_escape($mail) . "', \n `email_shiftinfo`=" . sql_bool($email_shiftinfo) . ", \n `Passwort`='" . sql_escape($password_hash) . "', \n `kommentar`='" . sql_escape($comment) . "', \n `Hometown`='" . sql_escape($hometown) . "', \n `CreateDate`=NOW(), \n `Sprache`='" . sql_escape($_SESSION["locale"]) . "',\n `arrival_date`=NULL,\n `planned_arrival_date`= 0,\n `mailaddress_verification_token` = '" . sql_escape($confirmationToken) . "',\n `user_account_approved` = 0"); // Assign user-group and set password $user_id = sql_id(); sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($user_id) . "', `group_id`=-2"); set_password($user_id, $_REQUEST['password']); // Assign angel-types $user_angel_types_info = array(); foreach ($selected_angel_types as $selected_angel_type_id) { sql_query("INSERT INTO `UserAngelTypes` SET `user_id`='" . sql_escape($user_id) . "', `angeltype_id`='" . sql_escape($selected_angel_type_id) . "'"); $user_angel_types_info[] = $angel_types[$selected_angel_type_id]; } engelsystem_log("User " . $nick . " signed up as: " . join(", ", $user_angel_types_info)); engelsystem_email($mail, _('Please confirm your eMail-address'), sprintf(_('Hello %1$s! Thanks for signing up at Engelsystem. Please confirm your eMail-address by clicking the following link: %2$s'), $mail, $confirmationTokenUrl)); success(_("Angel registration successful! Please click the confirmation link in the eMail we sent you to activate your account.")); redirect('?'); } } return page_with_title(register_title(), array(_("By completing this form you're registering as an helper. Please enter a username/nick of your choice, your e-mail adress and your full name. Only your nick will be shown to other users."), $msg, msg(), form(array(div('row', array(div('col-md-6', array(div('row', array(div('col-sm-4', array(form_text('nick', _("Nick") . ' ' . entry_required(), $nick))), div('col-sm-8', array(form_email('mail', _("E-Mail") . ' ' . entry_required(), $mail), form_checkbox('email_shiftinfo', _("Please keep me informed by e-mail, e.g. if my shifts change"), $email_shiftinfo))), div('col-sm-4', array(form_text('prename', _("First name") . ' ' . entry_required(), $prename))), div('col-sm-4', array(form_text('lastname', _("Last name") . ' ' . entry_required(), $lastname))))), div('row', array(div('col-sm-6', array()), div('col-sm-6', array()))), div('row', array(div('col-sm-6', array(form_password('password', _("Password") . ' ' . entry_required()))), div('col-sm-6', array(form_password('password2', _("Confirm password") . ' ' . entry_required()))))))), div('col-md-6', array(div('row', array(div('col-sm-4', array(form_text('mobile', _("Mobile"), $mobile))), div('col-sm-4', array(form_text('tel', _("Phone"), $tel))))), div('row', array(div('col-sm-3', array(form_text('age', _("Age"), $age))), div('col-sm-6', array(form_text('comment', _("Additional Information(Language / Profession)"), $comment))))), form_info(entry_required() . ' = ' . _("Entry required!")))))), form_submit('submit', _("Register")))))); }
<?php if (sql_num_query("SHOW TABLES LIKE 'NeededAngelTypes'") === 0) { sql_query("CREATE TABLE `NeededAngelTypes` (\n `id` int(11) NOT NULL AUTO_INCREMENT,\n `room_id` int(11) DEFAULT NULL,\n `shift_id` int(11) DEFAULT NULL,\n `angel_type_id` int(11) NOT NULL,\n `count` int(11) NOT NULL,\n PRIMARY KEY (`id`),\n KEY `room_id` (`room_id`,`angel_type_id`),\n KEY `shift_id` (`shift_id`),\n KEY `angel_type_id` (`angel_type_id`)\n )\n "); $data = sql_select("SELECT * FROM `Room`"); $res = sql_query("SHOW COLUMNS FROM `Room` LIKE 'DEFAULT_EID_%'"); while ($col = mysql_fetch_assoc($res)) { $tid = explode('_', $col['Field']); $tid = intval(array_pop($tid)); if ($col['Default'] != '0') { sql_query("INSERT INTO `NeededAngelTypes` (`angel_type_id`, `count`) VALUES (" . $tid . ", " . intval($col['Default']) . ")"); } foreach ($data as $row) { if ($row[$col['Field']] > 0) { sql_query("INSERT INTO `NeededAngelTypes` (`angel_type_id`, `room_id`, `count`) VALUES (" . $tid . ", " . $row['RID'] . ", " . $row[$col['Field']] . ")"); } } sql_query("ALTER TABLE `Room` DROP `" . $col['Field'] . "`"); } $applied = true; } if (sql_num_query("SELECT * FROM `ShiftEntry` WHERE `UID` = 0")) { $data = sql_query("\n INSERT INTO `NeededAngelTypes` (`shift_id`, `angel_type_id`, `count`)\n SELECT se.`SID`, se.`TID`, se.`count` FROM (\n SELECT `SID`, `TID`, COUNT(`TID`) AS `count`\n FROM `ShiftEntry`\n GROUP BY `SID`, `TID`\n ) AS se\n INNER JOIN `Shifts` AS s ON s.`SID` = se.`SID`\n INNER JOIN `Room` AS r ON s.`RID` = r.`RID`\n LEFT JOIN `NeededAngelTypes` AS nat ON (nat.`room_id` = r.`RID` AND nat.`angel_type_id` = se.`TID`)\n WHERE nat.`count` IS NULL OR nat.`count` != se.`count`\n "); sql_query("DELETE FROM `ShiftEntry` WHERE `UID` = 0 AND `Comment` IS NULL"); $applied = true; } _add_index("Room", array("Name"));
<?php if (sql_num_query("DESCRIBE `FAQ` `Sprache`") === 0 && sql_num_query("DESCRIBE `FAQ` `QID`") == 0) { sql_query("ALTER TABLE `FAQ`\n ADD `Sprache` SET('de', 'en') NOT NULL,\n ADD `QID` INT NOT NULL,\n ADD INDEX(`Sprache`)"); $res = sql_query("SELECT * FROM `FAQ` WHERE `Sprache` = ''"); $i = 0; while ($row = mysql_fetch_assoc($res)) { $question = preg_split('#(?:<|<)br(?:>|>)#i', $row['Frage'], 2, PREG_SPLIT_NO_EMPTY); $answer = preg_split('#(?:<|<)br(?:>|>)#i', $row['Antwort'], 2, PREG_SPLIT_NO_EMPTY); if (count($question) == 2 && count($answer) == 2) { sql_query("INSERT INTO `FAQ` (`Frage`, `Antwort`, `Sprache`, `QID`) VALUES ('" . sql_escape(trim($question[1])) . "', '" . sql_escape(trim($answer[1])) . "', 'en', {$i})"); } sql_query("UPDATE `FAQ` SET `Frage` = '" . sql_escape(trim($question[0])) . "', `Antwort` = '" . sql_escape(trim($answer[0])) . "', `Sprache` = 'de', `QID` = {$i} WHERE `FID` = " . $row['FID']); $i++; } _add_index('FAQ', array('QID', 'Sprache'), 'UNIQUE'); $applied = true; }
function admin_rooms() { global $user; $rooms_source = sql_select("SELECT * FROM `Room` ORDER BY `Name`"); $rooms = array(); foreach ($rooms_source as $room) { $rooms[] = array('name' => $room['Name'], 'from_pentabarf' => $room['FromPentabarf'] == 'Y' ? '✓' : '', 'public' => $room['show'] == 'Y' ? '✓' : '', 'actions' => buttons(array(button(page_link_to('admin_rooms') . '&show=edit&id=' . $room['RID'], _("edit"), 'btn-xs'), button(page_link_to('admin_rooms') . '&show=delete&id=' . $room['RID'], _("delete"), 'btn-xs')))); } $room = null; if (isset($_REQUEST['show'])) { $msg = ""; $name = ""; $from_pentabarf = ""; $public = 'Y'; $number = ""; $angeltypes_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); $angeltypes = array(); $angeltypes_count = array(); foreach ($angeltypes_source as $angeltype) { $angeltypes[$angeltype['id']] = $angeltype['name']; $angeltypes_count[$angeltype['id']] = 0; } if (test_request_int('id')) { $room = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($_REQUEST['id']) . "'"); if (count($room) > 0) { $id = $_REQUEST['id']; $name = $room[0]['Name']; $from_pentabarf = $room[0]['FromPentabarf']; $public = $room[0]['show']; $number = $room[0]['Number']; $needed_angeltypes = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($id) . "'"); foreach ($needed_angeltypes as $needed_angeltype) { $angeltypes_count[$needed_angeltype['angel_type_id']] = $needed_angeltype['count']; } } else { redirect(page_link_to('admin_rooms')); } } if ($_REQUEST['show'] == 'edit') { if (isset($_REQUEST['submit'])) { $ok = true; if (isset($_REQUEST['name']) && strlen(strip_request_item('name')) > 0) { $name = strip_request_item('name'); if (isset($room) && sql_num_query("SELECT * FROM `Room` WHERE `Name`='" . sql_escape($name) . "' AND NOT `RID`=" . sql_escape($id)) > 0) { $ok = false; $msg .= error(_("This name is already in use."), true); } } else { $ok = false; $msg .= error(_("Please enter a name."), true); } if (isset($_REQUEST['from_pentabarf'])) { $from_pentabarf = 'Y'; } else { $from_pentabarf = ''; } if (isset($_REQUEST['public'])) { $public = 'Y'; } else { $public = ''; } if (isset($_REQUEST['number'])) { $number = strip_request_item('number'); } else { $ok = false; } foreach ($angeltypes as $angeltype_id => $angeltype) { if (isset($_REQUEST['angeltype_count_' . $angeltype_id]) && preg_match("/^[0-9]{1,4}\$/", $_REQUEST['angeltype_count_' . $angeltype_id])) { $angeltypes_count[$angeltype_id] = $_REQUEST['angeltype_count_' . $angeltype_id]; } else { $ok = false; $msg .= error(sprintf(_("Please enter needed angels for type %s.", $angeltype)), true); } } if ($ok) { if (isset($id)) { sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("Room updated: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number); } else { $id = Room_create($name, $from_pentabarf, $public, $number); if ($id === false) { engelsystem_error("Unable to create room."); } engelsystem_log("Room created: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number); } sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($id) . "'"); $needed_angeltype_info = array(); foreach ($angeltypes_count as $angeltype_id => $angeltype_count) { $angeltype = AngelType($angeltype_id); if ($angeltype === false) { engelsystem_error("Unable to load angeltype."); } if ($angeltype != null) { sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`='" . sql_escape($id) . "', `angel_type_id`='" . sql_escape($angeltype_id) . "', `count`='" . sql_escape($angeltype_count) . "'"); $needed_angeltype_info[] = $angeltype['name'] . ": " . $angeltype_count; } } engelsystem_log("Set needed angeltypes of room " . $name . " to: " . join(", ", $needed_angeltype_info)); success(_("Room saved.")); redirect(page_link_to("admin_rooms")); } } $angeltypes_count_form = array(); foreach ($angeltypes as $angeltype_id => $angeltype) { $angeltypes_count_form[] = div('col-lg-4 col-md-6 col-xs-6', array(form_spinner('angeltype_count_' . $angeltype_id, $angeltype, $angeltypes_count[$angeltype_id]))); } return page_with_title(admin_rooms_title(), array(buttons(array(button(page_link_to('admin_rooms'), _("back"), 'back'))), $msg, form(array(div('row', array(div('col-md-6', array(form_text('name', _("Name"), $name), form_checkbox('from_pentabarf', _("Frab import"), $from_pentabarf), form_checkbox('public', _("Public"), $public), form_text('number', _("Room number"), $number))), div('col-md-6', array(div('row', array(div('col-md-12', array(form_info(_("Needed angels:")))), join($angeltypes_count_form))))))), form_submit('submit', _("Save")))))); } elseif ($_REQUEST['show'] == 'delete') { if (isset($_REQUEST['ack'])) { if (!Room_delete($id)) { engelsystem_error("Unable to delete room."); } engelsystem_log("Room deleted: " . $name); success(sprintf(_("Room %s deleted."), $name)); redirect(page_link_to('admin_rooms')); } return page_with_title(admin_rooms_title(), array(buttons(array(button(page_link_to('admin_rooms'), _("back"), 'back'))), sprintf(_("Do you want to delete room %s?"), $name), buttons(array(button(page_link_to('admin_rooms') . '&show=delete&id=' . $id . '&ack', _("Delete"), 'delete'))))); } } return page_with_title(admin_rooms_title(), array(buttons(array(button(page_link_to('admin_rooms') . '&show=edit', _("add")))), msg(), table(array('name' => _("Name"), 'from_pentabarf' => _("Frab import"), 'public' => _("Public"), 'actions' => ""), $rooms))); }
<?php _datetime_to_int("User", "lastLogin"); if (sql_num_query("DESCRIBE `User` `ical_key`") === 0) { sql_query("ALTER TABLE `User` ADD `ical_key` VARCHAR( 32 ) NOT NULL"); # _add_index("User", array("ical_key"), "UNIQUE"); # XXX: not everybody has an ical_key, why? $applied = true; } $res = sql_select("DESCRIBE `User` `DECT`"); if ($res[0]['Type'] == 'varchar(4)') { sql_query("ALTER TABLE `User` CHANGE `DECT` `DECT` VARCHAR(5) NULL"); $applied = true; }