function admin_new_questions()
{
global $user, $privileges;
if (in_array("admin_questions", $privileges)) {
$new_messages = sql_num_query("SELECT * FROM `Questions` WHERE `AID` IS NULL");
if ($new_messages > 0) {
return info('<a href="' . page_link_to("admin_questions") . '">' . _('There are unanswered questions!') . '</a>', true);
}
}
return "";
}
function user_unread_messages()
{
global $user;
if (isset($user)) {
$new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`='" . sql_escape($user['UID']) . "'");
if ($new_messages > 0) {
return ' <span class="badge danger">' . $new_messages . '</span>';
}
}
return '';
}
/**
* TODO: use validation functions, return new message id
* TODO: global $user con not be used in model!
* send message
*
* @param $id User
* ID of Reciever
* @param $text Text
* of Message
*/
function Message_send($id, $text)
{
global $user;
$text = preg_replace("/([^\\p{L}\\p{P}\\p{Z}\\p{N}\n]{1,})/ui", '', strip_tags($text));
$to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($id));
if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($to) . "' AND NOT `UID`='" . sql_escape($user['UID']) . "' LIMIT 1") > 0) {
sql_query("INSERT INTO `Messages` SET `Datum`='" . sql_escape(time()) . "', `SUID`='" . sql_escape($user['UID']) . "', `RUID`='" . sql_escape($to) . "', `Text`='" . sql_escape($text) . "'");
return true;
} else {
return false;
}
}
/**
* Validates a name for angeltypes.
* Returns array containing validation success and validated name.
*
* @param string $name
* @param AngelType $angeltype
*/
function AngelType_validate_name($name, $angeltype)
{
$name = strip_item($name);
if ($name == "") {
return array(false, $name);
}
if (isset($angeltype) && isset($angeltype['id'])) {
return array(sql_num_query("\n SELECT * \n FROM `AngelTypes` \n WHERE `name`='" . sql_escape($name) . "' \n AND NOT `id`='" . sql_escape($angeltype['id']) . "'\n LIMIT 1") == 0, $name);
} else {
return array(sql_num_query("\n SELECT `id` \n FROM `AngelTypes` \n WHERE `name`='" . sql_escape($name) . "' \n LIMIT 1") == 0, $name);
}
}
function _add_index($table, $cols, $type = "INDEX")
{
$table = sql_escape($table);
$cols = array_map('sql_escape', $cols);
$type = sql_escape($type);
if (sql_num_query("SHOW INDEX FROM `" . $table . "` WHERE `Key_name` = '" . $cols[0] . "'") == 0) {
sql_query("ALTER TABLE `" . $table . "` ADD " . $type . " (`" . implode($cols, '`,`') . "`)");
global $applied;
$applied = true;
return true;
} else {
return false;
}
}
function guest_register()
{
global $tshirt_sizes, $enable_tshirt_size, $default_theme;
$msg = "";
$nick = "";
$lastname = "";
$prename = "";
$age = "";
$tel = "";
$dect = "";
$mobile = "";
$mail = "";
$email_shiftinfo = false;
$jabber = "";
$hometown = "";
$comment = "";
$tshirt_size = '';
$password_hash = "";
$selected_angel_types = array();
$planned_arrival_date = null;
$angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
$angel_types = array();
foreach ($angel_types_source as $angel_type) {
$angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : "");
if (!$angel_type['restricted']) {
$selected_angel_types[] = $angel_type['id'];
}
}
if (isset($_REQUEST['submit'])) {
$ok = true;
if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 1) {
$nick = User_validate_Nick($_REQUEST['nick']);
if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' LIMIT 1") > 0) {
$ok = false;
$msg .= error(sprintf(_("Your nick "%s" already exists."), $nick), true);
}
} else {
$ok = false;
$msg .= error(sprintf(_("Your nick "%s" is too short (min. 2 characters)."), User_validate_Nick($_REQUEST['nick'])), true);
}
if (isset($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) {
$mail = strip_request_item('mail');
if (!check_email($mail)) {
$ok = false;
$msg .= error(_("E-mail address is not correct."), true);
}
} else {
$ok = false;
$msg .= error(_("Please enter your e-mail."), true);
}
if (isset($_REQUEST['email_shiftinfo'])) {
$email_shiftinfo = true;
}
if (isset($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) {
$jabber = strip_request_item('jabber');
if (!check_email($jabber)) {
$ok = false;
$msg .= error(_("Please check your jabber account information."), true);
}
}
if ($enable_tshirt_size) {
if (isset($_REQUEST['tshirt_size']) && isset($tshirt_sizes[$_REQUEST['tshirt_size']]) && $_REQUEST['tshirt_size'] != '') {
$tshirt_size = $_REQUEST['tshirt_size'];
} else {
$ok = false;
$msg .= error(_("Please select your shirt size."), true);
}
}
if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) {
if ($_REQUEST['password'] != $_REQUEST['password2']) {
$ok = false;
$msg .= error(_("Your passwords don't match."), true);
}
} else {
$ok = false;
$msg .= error(sprintf(_("Your password is too short (please use at least %s characters)."), MIN_PASSWORD_LENGTH), true);
}
if (isset($_REQUEST['planned_arrival_date']) && DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))) {
$planned_arrival_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))->getTimestamp();
} else {
$ok = false;
$msg .= error(_("Please enter your planned date of arrival."), true);
}
$selected_angel_types = array();
foreach ($angel_types as $angel_type_id => $angel_type_name) {
if (isset($_REQUEST['angel_types_' . $angel_type_id])) {
$selected_angel_types[] = $angel_type_id;
}
}
// Trivia
if (isset($_REQUEST['lastname'])) {
$lastname = strip_request_item('lastname');
}
if (isset($_REQUEST['prename'])) {
$prename = strip_request_item('prename');
}
if (isset($_REQUEST['age']) && preg_match("/^[0-9]{0,4}\$/", $_REQUEST['age'])) {
$age = strip_request_item('age');
}
if (isset($_REQUEST['tel'])) {
$tel = strip_request_item('tel');
}
if (isset($_REQUEST['dect'])) {
$dect = strip_request_item('dect');
}
if (isset($_REQUEST['mobile'])) {
$mobile = strip_request_item('mobile');
}
if (isset($_REQUEST['hometown'])) {
$hometown = strip_request_item('hometown');
}
if (isset($_REQUEST['comment'])) {
$comment = strip_request_item_nl('comment');
}
if ($ok) {
sql_query("\n INSERT INTO `User` SET \n `color`='" . sql_escape($default_theme) . "', \n `Nick`='" . sql_escape($nick) . "', \n `Vorname`='" . sql_escape($prename) . "', \n `Name`='" . sql_escape($lastname) . "', \n `Alter`='" . sql_escape($age) . "', \n `Telefon`='" . sql_escape($tel) . "', \n `DECT`='" . sql_escape($dect) . "', \n `Handy`='" . sql_escape($mobile) . "', \n `email`='" . sql_escape($mail) . "', \n `email_shiftinfo`=" . sql_bool($email_shiftinfo) . ", \n `jabber`='" . sql_escape($jabber) . "',\n `Size`='" . sql_escape($tshirt_size) . "', \n `Passwort`='" . sql_escape($password_hash) . "', \n `kommentar`='" . sql_escape($comment) . "', \n `Hometown`='" . sql_escape($hometown) . "', \n `CreateDate`=NOW(), \n `Sprache`='" . sql_escape($_SESSION["locale"]) . "',\n `arrival_date`=NULL,\n `planned_arrival_date`='" . sql_escape($planned_arrival_date) . "'");
// Assign user-group and set password
$user_id = sql_id();
sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($user_id) . "', `group_id`=-2");
set_password($user_id, $_REQUEST['password']);
// Assign angel-types
$user_angel_types_info = array();
foreach ($selected_angel_types as $selected_angel_type_id) {
sql_query("INSERT INTO `UserAngelTypes` SET `user_id`='" . sql_escape($user_id) . "', `angeltype_id`='" . sql_escape($selected_angel_type_id) . "'");
$user_angel_types_info[] = $angel_types[$selected_angel_type_id];
}
engelsystem_log("User " . $nick . " signed up as: " . join(", ", $user_angel_types_info));
success(_("Angel registration successful!"));
redirect('?');
}
}
return page_with_title(register_title(), array(_("By completing this form you're registering as a Chaos-Angel. This script will create you an account in the angel task sheduler."), $msg, msg(), form(array(div('row', array(div('col-md-6', array(div('row', array(div('col-sm-4', array(form_text('nick', _("Nick") . ' ' . entry_required(), $nick))), div('col-sm-8', array(form_email('mail', _("E-Mail") . ' ' . entry_required(), $mail), form_checkbox('email_shiftinfo', _("Please send me an email if my shifts change"), $email_shiftinfo))))), div('row', array(div('col-sm-6', array(form_date('planned_arrival_date', _("Planned date of arrival") . ' ' . entry_required(), $planned_arrival_date, time()))), div('col-sm-6', array($enable_tshirt_size ? form_select('tshirt_size', _("Shirt size") . ' ' . entry_required(), $tshirt_sizes, $tshirt_size) : '')))), div('row', array(div('col-sm-6', array(form_password('password', _("Password") . ' ' . entry_required()))), div('col-sm-6', array(form_password('password2', _("Confirm password") . ' ' . entry_required()))))), form_checkboxes('angel_types', _("What do you want to do?") . sprintf(" (<a href=\"%s\">%s</a>)", page_link_to('angeltypes') . '&action=about', _("Description of job types")), $angel_types, $selected_angel_types), form_info("", _("Restricted angel types need will be confirmed later by an archangel. You can change your selection in the options section.")))), div('col-md-6', array(div('row', array(div('col-sm-4', array(form_text('dect', _("DECT"), $dect))), div('col-sm-4', array(form_text('mobile', _("Mobile"), $mobile))), div('col-sm-4', array(form_text('tel', _("Phone"), $tel))))), form_text('jabber', _("Jabber"), $jabber), div('row', array(div('col-sm-6', array(form_text('prename', _("First name"), $prename))), div('col-sm-6', array(form_text('lastname', _("Last name"), $lastname))))), div('row', array(div('col-sm-3', array(form_text('age', _("Age"), $age))), div('col-sm-9', array(form_text('hometown', _("Hometown"), $hometown))))), form_info(entry_required() . ' = ' . _("Entry required!")))))), form_submit('submit', _("Register"))))));
}
/**
* Returns true if user is angeltype coordinator or has privilege admin_user_angeltypes.
*
* @param User $user
* @param AngelType $angeltype
*/
function User_is_AngelType_coordinator($user, $angeltype)
{
return sql_num_query("\n SELECT `id` \n FROM `UserAngelTypes` \n WHERE `user_id`='" . sql_escape($user['UID']) . "'\n AND `angeltype_id`='" . sql_escape($angeltype['id']) . "'\n AND `coordinator`=TRUE\n LIMIT 1") > 0 || in_array('admin_user_angeltypes', privileges_for_user($user['UID']));
}
<?php
// Most complex update yet. Let's go...
_rename_table("UserGroups", "Groups");
if (sql_num_query("SHOW TABLES LIKE 'UserCVS'") === 1 && sql_num_query("SHOW TABLES LIKE 'UserGroups'") === 0) {
// First of all, create a separate table for group assignments of users
sql_query("CREATE TABLE `UserGroups` (\n `id` int(11) NOT NULL AUTO_INCREMENT,\n `uid` int(11) NOT NULL,\n `group_id` int(11) NOT NULL,\n PRIMARY KEY (`id`),\n KEY `uid` (`uid`,`group_id`),\n KEY `group_id` (`group_id`)\n )");
// ...and fill it with the old data
sql_query("INSERT INTO UserGroups (`uid`, `group_id`) SELECT `UID`, `GroupID` FROM `UserCVS` WHERE `UID` > 0");
if (sql_num_query("SHOW TABLES LIKE 'Privileges'") == 0) {
// Then create a separate table that stores the available privileges...
sql_query("CREATE TABLE IF NOT EXISTS `Privileges` (\n `id` int(11) NOT NULL AUTO_INCREMENT,\n `name` varchar(128) NOT NULL,\n `desc` varchar(1024) NOT NULL,\n PRIMARY KEY (`id`),\n UNIQUE KEY `name` (`name`)\n )");
// ...and fill it with genuine data. We cannot determine these from the old data!
sql_query("INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES\n (1, 'start', 'Startseite für Gäste/Nicht eingeloggte User'),\n (2, 'login', 'Logindialog'),\n (3, 'news', 'Anzeigen der News-Seite'),\n (4, 'logout', 'User darf sich ausloggen'),\n (5, 'register', 'Einen neuen Engel registerieren'),\n (6, 'admin_rooms', 'Orte administrieren'),\n (7, 'admin_angel_types', 'Engel Typen administrieren'),\n (8, 'user_settings', 'User profile settings'),\n (9, 'user_messages', 'Writing and reading messages from user to user'),\n (10, 'admin_groups', 'Manage usergroups and their rights'),\n (11, 'user_questions', 'Let users ask questions'),\n (12, 'admin_questions', 'Answer user''s questions'),\n (13, 'admin_faq', 'Edit FAQs'),\n (14, 'admin_news', 'Administrate the news section'),\n (15, 'news_comments', 'User can comment news'),\n (16, 'admin_user', 'Administrate the angels'),\n (17, 'user_meetings', 'Lists meetings (news)'),\n (18, 'admin_language', 'Translate the system'),\n (19, 'admin_log', 'Display recent changes'),\n (20, 'user_wakeup', 'User wakeup-service organization'),\n (21, 'admin_import', 'Import locations and shifts from pentabarf'),\n (22, 'credits', 'View credits'),\n (23, 'faq', 'View FAQ'),\n (24, 'user_shifts', 'Signup for shifts'),\n (25, 'user_shifts_admin', 'Signup other angels for shifts.'),\n (26, 'user_myshifts', 'Allow angels to view their own shifts and cancel them.'),\n (27, 'admin_arrive', 'Mark angels when they are available.'),\n (28, 'admin_shifts', 'Create shifts'),\n (30, 'ical', 'iCal shift export'),\n (31, 'admin_active', 'Mark angels as active and if they got a t-shirt.'),\n (32, 'admin_free', 'Show a list of free/unemployed angels.'),\n (39, 'faq2', 'View FAQ'),\n (40, 'imprint', 'View imprint'),\n (41, 'privacy', 'View privacy statement')\n ");
}
if (sql_num_query("SHOW TABLES LIKE 'GroupPrivileges'") == 0) {
// Last, we create the table for the privileges a group can have
sql_query("CREATE TABLE `GroupPrivileges` (\n `id` int(11) NOT NULL AUTO_INCREMENT,\n `group_id` int(11) NOT NULL,\n `privilege_id` int(11) NOT NULL,\n PRIMARY KEY (`id`),\n KEY `group_id` (`group_id`,`privilege_id`)\n )");
// ...and fill it with data.
/// XXX: We could determine this from the old UserCVS table, at lease partially!
sqL_query("INSERT INTO `GroupPrivileges` (`id`, `group_id`, `privilege_id`) VALUES\n (107, -2, 24),\n (24, -1, 5),\n (106, -2, 8),\n (105, -2, 11),\n (23, -1, 2),\n (142, -5, 16),\n (141, -5, 28),\n (104, -2, 26),\n (103, -2, 9),\n (86, -6, 21),\n (140, -5, 6),\n (139, -5, 12),\n (102, -2, 17),\n (138, -5, 14),\n (137, -5, 13),\n (136, -5, 7),\n (101, -2, 15),\n (87, -6, 18),\n (100, -2, 3),\n (85, -6, 10),\n (99, -2, 4),\n (88, -1, 1),\n (133, -3, 32),\n (108, -2, 20),\n (109, -4, 27),\n (135, -5, 31),\n (134, -3, 25),\n (143, -5, 5),\n (260, -1, 39),\n (261, -1, 40),\n (262, -1, 41);");
}
/* Hardest things last: We need to transform the old column-based system
* with filename-based permissions to the new privileges system.
*
* For that to work, we need a manual mapping filename -> privilege, so we
* can use the old data. So here we go:
*/
#$files_to_privileges = array(
# "index.php" => "start",
# "logout.php" => "logout",
function user_myshifts()
{
global $LETZTES_AUSTRAGEN;
global $user, $privileges;
$msg = "";
if (isset($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}\$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($_REQUEST['id']) . "'") > 0) {
$id = $_REQUEST['id'];
} else {
$id = $user['UID'];
}
list($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
if (isset($_REQUEST['reset'])) {
if ($_REQUEST['reset'] == "ack") {
User_reset_api_key($user);
success(_("Key changed."));
redirect(page_link_to('user_myshifts'));
}
return page_with_title(_("Reset API key"), array(error(_("If you reset the key, the url to your iCal- and JSON-export and your atom feed changes! You have to update it in every application using one of these exports."), true), button(page_link_to('user_myshifts') . '&reset=ack', _("Continue"), 'btn-danger')));
} elseif (isset($_REQUEST['edit']) && preg_match("/^[0-9]*\$/", $_REQUEST['edit'])) {
$id = $_REQUEST['edit'];
$shift = sql_select("SELECT\n `ShiftEntry`.`freeloaded`,\n `ShiftEntry`.`freeload_comment`,\n `ShiftEntry`.`Comment`,\n `ShiftEntry`.`UID`,\n `ShiftTypes`.`name`,\n `Shifts`.*,\n `Room`.`Name`,\n `AngelTypes`.`name` as `angel_type`\n FROM `ShiftEntry`\n JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`)\n JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`)\n JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`)\n WHERE `ShiftEntry`.`id`='" . sql_escape($id) . "'\n AND `UID`='" . sql_escape($shifts_user['UID']) . "' LIMIT 1");
if (count($shift) > 0) {
$shift = $shift[0];
if (isset($_REQUEST['submit'])) {
$freeloaded = $shift['freeloaded'];
$freeload_comment = $shift['freeload_comment'];
if (in_array("user_shifts_admin", $privileges)) {
$freeloaded = isset($_REQUEST['freeloaded']);
$freeload_comment = strip_request_item_nl('freeload_comment');
}
$comment = strip_request_item_nl('comment');
$user_source = User($shift['UID']);
$result = ShiftEntry_update(array('id' => $id, 'Comment' => $comment, 'freeloaded' => $freeloaded, 'freeload_comment' => $freeload_comment));
if ($result === false) {
engelsystem_error('Unable to update shift entr.');
}
engelsystem_log("Updated " . User_Nick_render($user_source) . "'s shift " . $shift['name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']) . " with comment " . $comment . ". Freeloaded: " . ($freeloaded ? "YES Comment: " . $freeload_comment : "NO"));
success(_("Shift saved."));
redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']);
}
return ShiftEntry_edit_view(User_Nick_render($shifts_user), date("Y-m-d H:i", $shift['start']) . ', ' . shift_length($shift), $shift['Name'], $shift['name'], $shift['angel_type'], $shift['Comment'], $shift['freeloaded'], $shift['freeload_comment'], in_array("user_shifts_admin", $privileges));
} else {
redirect(page_link_to('user_myshifts'));
}
} elseif (isset($_REQUEST['cancel']) && preg_match("/^[0-9]*\$/", $_REQUEST['cancel'])) {
$id = $_REQUEST['cancel'];
$shift = sql_select("\n SELECT *\n FROM `Shifts` \n INNER JOIN `ShiftEntry` USING (`SID`) \n WHERE `ShiftEntry`.`id`='" . sql_escape($id) . "' AND `UID`='" . sql_escape($shifts_user['UID']) . "'");
if (count($shift) > 0) {
$shift = $shift[0];
if ($shift['start'] > time() + $LETZTES_AUSTRAGEN * 3600 || in_array('user_shifts_admin', $privileges)) {
$result = ShiftEntry_delete($id);
if ($result === false) {
engelsystem_error('Unable to delete shift entry.');
}
$room = Room($shift['RID']);
$angeltype = AngelType($shift['TID']);
$shifttype = ShiftType($shift['shifttype_id']);
engelsystem_log("Deleted own shift: " . $shifttype['name'] . " at " . $room['Name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']) . " as " . $angeltype['name']);
success(_("You have been signed off from the shift."));
} else {
error(_("It's too late to sign yourself off the shift. If neccessary, ask the dispatcher to do so."));
}
} else {
redirect(user_link($shifts_user));
}
}
redirect(page_link_to('users') . '&action=view');
}
function user_news()
{
global $DISPLAY_NEWS, $privileges, $user;
$html = '<div class="col-md-12"><h1>' . news_title() . '</h1>' . msg();
if (isset($_POST["text"]) && isset($_POST["betreff"]) && in_array("admin_news", $privileges)) {
if (!isset($_POST["treffen"]) || !in_array("admin_news", $privileges)) {
$_POST["treffen"] = 0;
}
sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " . "VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) . "', '" . sql_escape($_POST["treffen"]) . "');");
engelsystem_log("Created news: " . $_POST["betreff"] . ", treffen: " . $_POST["treffen"]);
success(_("Entry saved."));
redirect(page_link_to('news'));
}
if (isset($_REQUEST['page']) && preg_match("/^[0-9]{1,}\$/", $_REQUEST['page'])) {
$page = $_REQUEST['page'];
} else {
$page = 0;
}
$news = sql_select("SELECT * FROM `News` ORDER BY `Datum` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS));
foreach ($news as $entry) {
$html .= display_news($entry);
}
$dis_rows = ceil(sql_num_query("SELECT * FROM `News`") / $DISPLAY_NEWS);
$html .= '<div class="text-center">' . '<ul class="pagination">';
for ($i = 0; $i < $dis_rows; $i++) {
if (isset($_REQUEST['page']) && $i == $_REQUEST['page']) {
$html .= '<li class="active">';
} elseif (!isset($_REQUEST['page']) && $i == 0) {
$html .= '<li class="active">';
} else {
$html .= '<li>';
}
$html .= '<a href="' . page_link_to("news") . '&page=' . $i . '">' . ($i + 1) . '</a></li>';
}
$html .= '</ul></div>';
if (in_array("admin_news", $privileges)) {
$html .= '<hr />';
$html .= '<h2>' . _("Create news:") . '</h2>';
$html .= form(array(form_text('betreff', _("Subject"), ''), form_textarea('text', _("Message"), ''), form_checkbox('treffen', _("Meeting"), false, 1), form_submit('submit', _("Save"))));
}
return $html . '</div>';
}
<?php
// create admin_user_angeltypes permission/privilege and assign it to the archangel usergroup.
if (sql_num_query("SELECT * FROM `Privileges` WHERE `name`='admin_user_angeltypes'") == 0) {
sql_query("INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES ( NULL , 'admin_user_angeltypes', 'Confirm restricted angel types' );");
$id = sql_id();
sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=-5, `privilege_id`='" . sql_escape($id) . "'");
sql_query("INSERT INTO `Sprache` (\n\t\t`TextID` ,\n\t\t`Sprache` ,\n\t\t`Text`\n\t\t)\n\t\tVALUES (\n\t\t'admin_user_angeltypes', 'DE', 'Engeltypen freischalten'\n\t\t), (\n\t\t'admin_user_angeltypes', 'EN', 'Confirm angeltypes'\n\t\t);");
$applied = true;
}
function view_user_shifts()
{
global $user, $privileges;
global $ical_shifts;
$ical_shifts = array();
$days = sql_select_single_col("\n SELECT DISTINCT DATE(FROM_UNIXTIME(`start`)) AS `id`, DATE(FROM_UNIXTIME(`start`)) AS `name` \n FROM `Shifts` \n ORDER BY `start`");
if (count($days) == 0) {
error(_("The administration has not configured any shifts yet."));
redirect('?');
}
$rooms = sql_select("SELECT `RID` AS `id`, `Name` AS `name` FROM `Room` WHERE `show`='Y' ORDER BY `Name`");
if (count($rooms) == 0) {
error(_("The administration has not configured any rooms yet."));
redirect('?');
}
if (in_array('user_shifts_admin', $privileges)) {
$types = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `AngelTypes`.`name`");
} else {
$types = sql_select("SELECT `AngelTypes`.`id`, `AngelTypes`.`name`, (`AngelTypes`.`restricted`=0 OR (NOT `UserAngelTypes`.`confirm_user_id` IS NULL OR `UserAngelTypes`.`id` IS NULL)) as `enabled` FROM `AngelTypes` LEFT JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id`=`AngelTypes`.`id` AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "') ORDER BY `AngelTypes`.`name`");
}
if (empty($types)) {
$types = sql_select("SELECT `id`, `name` FROM `AngelTypes` WHERE `restricted` = 0");
}
$filled = array(array('id' => '1', 'name' => _('occupied')), array('id' => '0', 'name' => _('free')));
if (count($types) == 0) {
error(_("The administration has not configured any angeltypes yet - or you are not subscribed to any angeltype."));
redirect('?');
}
if (!isset($_SESSION['user_shifts'])) {
$_SESSION['user_shifts'] = array();
}
if (!isset($_SESSION['user_shifts']['filled'])) {
// User shift admins see free and occupied shifts by default
$_SESSION['user_shifts']['filled'] = in_array('user_shifts_admin', $privileges) ? [0, 1] : [0];
}
foreach (array('rooms', 'types', 'filled') as $key) {
if (isset($_REQUEST[$key])) {
$filtered = array_filter($_REQUEST[$key], 'is_numeric');
if (!empty($filtered)) {
$_SESSION['user_shifts'][$key] = $filtered;
}
unset($filtered);
}
if (!isset($_SESSION['user_shifts'][$key])) {
$_SESSION['user_shifts'][$key] = array_map('get_ids_from_array', ${$key});
}
}
if (isset($_REQUEST['rooms'])) {
if (isset($_REQUEST['new_style'])) {
$_SESSION['user_shifts']['new_style'] = true;
} else {
$_SESSION['user_shifts']['new_style'] = false;
}
}
if (!isset($_SESSION['user_shifts']['new_style'])) {
$_SESSION['user_shifts']['new_style'] = true;
}
foreach (array('start', 'end') as $key) {
if (isset($_REQUEST[$key . '_day']) && in_array($_REQUEST[$key . '_day'], $days)) {
$_SESSION['user_shifts'][$key . '_day'] = $_REQUEST[$key . '_day'];
}
if (isset($_REQUEST[$key . '_time']) && preg_match('#^\\d{1,2}:\\d\\d$#', $_REQUEST[$key . '_time'])) {
$_SESSION['user_shifts'][$key . '_time'] = $_REQUEST[$key . '_time'];
}
if (!isset($_SESSION['user_shifts'][$key . '_day'])) {
$time = date('Y-m-d', time() + ($key == 'end' ? 24 * 60 * 60 : 0));
$_SESSION['user_shifts'][$key . '_day'] = in_array($time, $days) ? $time : ($key == 'end' ? max($days) : min($days));
}
if (!isset($_SESSION['user_shifts'][$key . '_time'])) {
$_SESSION['user_shifts'][$key . '_time'] = date('H:i');
}
}
if ($_SESSION['user_shifts']['start_day'] > $_SESSION['user_shifts']['end_day']) {
$_SESSION['user_shifts']['end_day'] = $_SESSION['user_shifts']['start_day'];
}
if ($_SESSION['user_shifts']['start_day'] == $_SESSION['user_shifts']['end_day'] && $_SESSION['user_shifts']['start_time'] >= $_SESSION['user_shifts']['end_time']) {
$_SESSION['user_shifts']['end_time'] = '23:59';
}
if (isset($_SESSION['user_shifts']['start_day'])) {
$starttime = DateTime::createFromFormat("Y-m-d H:i", $_SESSION['user_shifts']['start_day'] . $_SESSION['user_shifts']['start_time']);
$starttime = $starttime->getTimestamp();
} else {
$starttime = now();
}
if (isset($_SESSION['user_shifts']['end_day'])) {
$endtime = DateTime::createFromFormat("Y-m-d H:i", $_SESSION['user_shifts']['end_day'] . $_SESSION['user_shifts']['end_time']);
$endtime = $endtime->getTimestamp();
} else {
$endtime = now() + 24 * 60 * 60;
}
if (!isset($_SESSION['user_shifts']['rooms']) || count($_SESSION['user_shifts']['rooms']) == 0) {
$_SESSION['user_shifts']['rooms'] = array(0);
}
$SQL = "SELECT DISTINCT `Shifts`.*, `ShiftTypes`.`name`, `Room`.`Name` as `room_name`, nat2.`special_needs` > 0 AS 'has_special_needs'\n FROM `Shifts`\n INNER JOIN `Room` USING (`RID`)\n INNER JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n LEFT JOIN (SELECT COUNT(*) AS special_needs , nat3.`shift_id` FROM `NeededAngelTypes` AS nat3 WHERE `shift_id` IS NOT NULL GROUP BY nat3.`shift_id`) AS nat2 ON nat2.`shift_id` = `Shifts`.`SID`\n INNER JOIN `NeededAngelTypes` AS nat ON nat.`count` != 0 AND nat.`angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") AND ((nat2.`special_needs` > 0 AND nat.`shift_id` = `Shifts`.`SID`) OR ((nat2.`special_needs` = 0 OR nat2.`special_needs` IS NULL) AND nat.`room_id` = `RID`))\n LEFT JOIN (SELECT se.`SID`, se.`TID`, COUNT(*) as count FROM `ShiftEntry` AS se GROUP BY se.`SID`, se.`TID`) AS entries ON entries.`SID` = `Shifts`.`SID` AND entries.`TID` = nat.`angel_type_id`\n WHERE `Shifts`.`RID` IN (" . implode(',', $_SESSION['user_shifts']['rooms']) . ")\n AND `start` BETWEEN " . $starttime . " AND " . $endtime;
if (count($_SESSION['user_shifts']['filled']) == 1) {
if ($_SESSION['user_shifts']['filled'][0] == 0) {
$SQL .= "\n AND (nat.`count` > entries.`count` OR entries.`count` IS NULL OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = '" . sql_escape($user['UID']) . "' AND `ShiftEntry`.`SID` = `Shifts`.`SID`))";
} elseif ($_SESSION['user_shifts']['filled'][0] == 1) {
$SQL .= "\n AND (nat.`count` <= entries.`count` OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = '" . sql_escape($user['UID']) . "' AND `ShiftEntry`.`SID` = `Shifts`.`SID`))";
}
}
$SQL .= "\n ORDER BY `start`";
$shifts = sql_select($SQL);
$ownshifts_source = sql_select("\n SELECT `ShiftTypes`.`name`, `Shifts`.* \n FROM `Shifts` \n INNER JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n INNER JOIN `ShiftEntry` ON (`Shifts`.`SID` = `ShiftEntry`.`SID` AND `ShiftEntry`.`UID` = '" . sql_escape($user['UID']) . "')\n WHERE `Shifts`.`RID` IN (" . implode(',', $_SESSION['user_shifts']['rooms']) . ")\n AND `start` BETWEEN " . $starttime . " AND " . $endtime);
$ownshifts = array();
foreach ($ownshifts_source as $ownshift) {
$ownshifts[$ownshift['SID']] = $ownshift;
}
unset($ownshifts_source);
$shifts_table = "";
// qqqq
/*
* [0] => Array ( [SID] => 1 [start] => 1355958000 [end] => 1355961600 [RID] => 1 [name] => [URL] => [PSID] => [room_name] => test1 [has_special_needs] => 1 [is_full] => 0 )
*/
if ($_SESSION['user_shifts']['new_style']) {
$first = 15 * 60 * floor($starttime / (15 * 60));
$maxshow = ceil(($endtime - $first) / (60 * 15));
$block = array();
$todo = array();
$myrooms = $rooms;
// delete un-selected rooms from array
foreach ($myrooms as $k => $v) {
if (array_search($v["id"], $_SESSION['user_shifts']['rooms']) === FALSE) {
unset($myrooms[$k]);
}
// initialize $block array
$block[$v["id"]] = array_fill(0, $maxshow, 0);
}
// calculate number of parallel shifts in each timeslot for each room
foreach ($shifts as $k => $shift) {
$rid = $shift["RID"];
$blocks = ($shift["end"] - $shift["start"]) / (15 * 60);
$firstblock = floor(($shift["start"] - $first) / (15 * 60));
for ($i = $firstblock; $i < $blocks + $firstblock && $i < $maxshow; $i++) {
$block[$rid][$i]++;
}
$shifts[$k]['own'] = in_array($shift['SID'], array_keys($ownshifts));
}
$shifts_table = '<div class="shifts-table"><table id="shifts" class="table scrollable"><thead><tr><th>-</th>';
foreach ($myrooms as $key => $room) {
$rid = $room["id"];
if (array_sum($block[$rid]) == 0) {
// do not display columns without entries
unset($block[$rid]);
unset($myrooms[$key]);
continue;
}
$colspan = call_user_func_array('max', $block[$rid]);
if ($colspan == 0) {
$colspan = 1;
}
$todo[$rid] = array_fill(0, $maxshow, $colspan);
$shifts_table .= "<th" . ($colspan > 1 ? ' colspan="' . $colspan . '"' : '') . ">" . Room_name_render(['RID' => $room['id'], 'Name' => $room['name']]) . "</th>\n";
}
unset($block, $blocks, $firstblock, $colspan, $key, $room);
$shifts_table .= "</tr></thead><tbody>";
for ($i = 0; $i < $maxshow; $i++) {
$thistime = $first + $i * 15 * 60;
if ($thistime % (24 * 60 * 60) == 23 * 60 * 60 && $endtime - $starttime > 24 * 60 * 60) {
$shifts_table .= "<tr class=\"row-day\"><th class=\"row-header\">";
$shifts_table .= date('y-m-d<b\\r />H:i', $thistime);
} elseif ($thistime % (60 * 60) == 0) {
$shifts_table .= "<tr class=\"row-hour\"><th>";
$shifts_table .= date("H:i", $thistime);
} else {
$shifts_table .= "<tr><th>";
}
$shifts_table .= "</th>";
foreach ($myrooms as $room) {
$rid = $room["id"];
foreach ($shifts as $shift) {
if ($shift["RID"] == $rid) {
if (floor($shift["start"] / (15 * 60)) == $thistime / (15 * 60)) {
$blocks = ($shift["end"] - $shift["start"]) / (15 * 60);
if ($blocks < 1) {
$blocks = 1;
}
$collides = in_array($shift['SID'], array_keys($ownshifts));
if (!$collides) {
foreach ($ownshifts as $ownshift) {
if ($ownshift['start'] >= $shift['start'] && $ownshift['start'] < $shift['end'] || $ownshift['end'] > $shift['start'] && $ownshift['end'] <= $shift['end'] || $ownshift['start'] < $shift['start'] && $ownshift['end'] > $shift['end']) {
$collides = true;
break;
}
}
}
// qqqqqq
$is_free = false;
$shifts_row = '';
if (in_array('admin_shifts', $privileges)) {
$shifts_row .= '<div class="pull-right">' . table_buttons(array(button(page_link_to('user_shifts') . '&edit_shift=' . $shift['SID'], glyph('edit'), 'btn-xs'), button(page_link_to('user_shifts') . '&delete_shift=' . $shift['SID'], glyph('trash'), 'btn-xs'))) . '</div>';
}
$shifts_row .= Room_name_render(['RID' => $room['id'], 'Name' => $room['name']]) . '<br />';
$shifts_row .= '<a href="' . shift_link($shift) . '">' . date('d.m. H:i', $shift['start']);
$shifts_row .= " – ";
$shifts_row .= date('H:i', $shift['end']);
$shifts_row .= "<br /><b>";
$shifts_row .= ShiftType($shift['shifttype_id'])['name'];
$shifts_row .= "</b><br />";
if ($shift['title'] != '') {
$shifts_row .= $shift['title'];
$shifts_row .= "<br />";
}
$shifts_row .= '</a>';
$shifts_row .= '<br />';
$query = "SELECT `NeededAngelTypes`.`count`, `AngelTypes`.`id`, `AngelTypes`.`restricted`, `UserAngelTypes`.`confirm_user_id`, `AngelTypes`.`name`, `UserAngelTypes`.`user_id`\n FROM `NeededAngelTypes`\n JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id`)\n LEFT JOIN `UserAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `UserAngelTypes`.`angeltype_id`AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "')\n WHERE\n `count` > 0\n AND ";
if ($shift['has_special_needs']) {
$query .= "`shift_id` = '" . sql_escape($shift['SID']) . "'";
} else {
$query .= "`room_id` = '" . sql_escape($shift['RID']) . "'";
}
if (!empty($_SESSION['user_shifts']['types'])) {
$query .= " AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") ";
}
$query .= " ORDER BY `AngelTypes`.`name`";
$angeltypes = sql_select($query);
if (count($angeltypes) > 0) {
foreach ($angeltypes as $angeltype) {
$entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `TID`='" . sql_escape($angeltype['id']) . "' ORDER BY `Nick`");
$entry_list = array();
$freeloader = 0;
foreach ($entries as $entry) {
$style = '';
if ($entry['freeloaded']) {
$freeloader++;
$style = " text-decoration: line-through;";
}
if (in_array('user_shifts_admin', $privileges)) {
$entry_list[] = "<span style=\"{$style}\">" . User_Nick_render($entry) . ' ' . table_buttons(array(button(page_link_to('user_shifts') . '&entry_id=' . $entry['id'], glyph('trash'), 'btn-xs'))) . '</span>';
} else {
$entry_list[] = "<span style=\"{$style}\">" . User_Nick_render($entry) . "</span>";
}
}
if ($angeltype['count'] - count($entries) - $freeloader > 0) {
$inner_text = sprintf(ngettext("%d helper needed", "%d helpers needed", $angeltype['count'] - count($entries)), $angeltype['count'] - count($entries));
// is the shift still running or alternatively is the user shift admin?
$user_may_join_shift = true;
// you cannot join if user alread joined a parallel or this shift
$user_may_join_shift &= !$collides;
// you cannot join if user is not of this angel type
$user_may_join_shift &= isset($angeltype['user_id']);
// you cannot join if you are not confirmed
if ($angeltype['restricted'] == 1 && isset($angeltype['user_id'])) {
$user_may_join_shift &= isset($angeltype['confirm_user_id']);
}
// you can only join if the shift is in future or running
$user_may_join_shift &= time() < $shift['start'];
// User shift admins may join anybody in every shift
$user_may_join_shift |= in_array('user_shifts_admin', $privileges);
if ($user_may_join_shift) {
$entry_list[] = '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . $inner_text . '</a> ' . button(page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'], _('Sign up'), 'btn-xs');
} else {
if (time() > $shift['start']) {
$entry_list[] = $inner_text . ' (' . _('ended') . ')';
} elseif ($angeltype['restricted'] == 1 && isset($angeltype['user_id']) && !isset($angeltype['confirm_user_id'])) {
$entry_list[] = $inner_text . glyph('lock');
} elseif ($angeltype['restricted'] == 1) {
$entry_list[] = $inner_text;
} elseif ($collides) {
$entry_list[] = $inner_text;
} else {
$entry_list[] = $inner_text . '<br />' . button(page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], sprintf(_('Become %s'), $angeltype['name']), 'btn-xs');
}
}
unset($inner_text);
$is_free = true;
}
$shifts_row .= '<strong>' . AngelType_name_render($angeltype) . ':</strong> ';
$shifts_row .= join(", ", $entry_list);
$shifts_row .= '<br />';
}
if (in_array('user_shifts_admin', $privileges)) {
$shifts_row .= ' ' . button(page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'], _("Add more angels"), 'btn-xs');
}
}
if ($shift['own'] && !in_array('user_shifts_admin', $privileges)) {
$class = 'own';
} elseif ($collides && !in_array('user_shifts_admin', $privileges)) {
$class = 'collides';
} elseif ($is_free) {
$class = 'free';
} else {
$class = 'occupied';
}
$shifts_table .= '<td rowspan="' . $blocks . '" class="' . $class . '">';
$shifts_table .= $shifts_row;
$shifts_table .= "</td>";
for ($j = 0; $j < $blocks && $i + $j < $maxshow; $j++) {
$todo[$rid][$i + $j]--;
}
}
}
}
// fill up row with empty <td>
while ($todo[$rid][$i]-- > 0) {
$shifts_table .= '<td class="empty"></td>';
}
}
$shifts_table .= "</tr>\n";
}
$shifts_table .= '</tbody></table></div>';
// qqq
} else {
$shifts_table = array();
foreach ($shifts as $shift) {
$info = array();
if ($_SESSION['user_shifts']['start_day'] != $_SESSION['user_shifts']['end_day']) {
$info[] = date("Y-m-d", $shift['start']);
}
$info[] = date("H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']);
if (count($_SESSION['user_shifts']['rooms']) > 1) {
$info[] = Room_name_render(['Name' => $shift['room_name'], 'RID' => $shift['RID']]);
}
$shift_row = array('info' => join('<br />', $info), 'entries' => '<a href="' . shift_link($shift) . '">' . $shift['name'] . '</a>' . ($shift['title'] ? '<br />' . $shift['title'] : ''));
if (in_array('admin_shifts', $privileges)) {
$shift_row['info'] .= ' ' . table_buttons(array(button(page_link_to('user_shifts') . '&edit_shift=' . $shift['SID'], glyph('edit'), 'btn-xs'), button(page_link_to('user_shifts') . '&delete_shift=' . $shift['SID'], glyph('trash'), 'btn-xs')));
}
$shift_row['entries'] .= '<br />';
$is_free = false;
$shift_has_special_needs = 0 < sql_num_query("SELECT `id` FROM `NeededAngelTypes` WHERE `shift_id` = " . $shift['SID']);
$query = "SELECT `NeededAngelTypes`.`count`, `AngelTypes`.`id`, `AngelTypes`.`restricted`, `UserAngelTypes`.`confirm_user_id`, `AngelTypes`.`name`, `UserAngelTypes`.`user_id`\n FROM `NeededAngelTypes`\n JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id`)\n LEFT JOIN `UserAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `UserAngelTypes`.`angeltype_id`AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "')\n WHERE ";
if ($shift_has_special_needs) {
$query .= "`shift_id` = '" . sql_escape($shift['SID']) . "'";
} else {
$query .= "`room_id` = '" . sql_escape($shift['RID']) . "'";
}
$query .= " AND `count` > 0 ";
if (!empty($_SESSION['user_shifts']['types'])) {
$query .= "AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") ";
}
$query .= "ORDER BY `AngelTypes`.`name`";
$angeltypes = sql_select($query);
if (count($angeltypes) > 0) {
$my_shift = sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `UID`='" . sql_escape($user['UID']) . "' LIMIT 1") > 0;
foreach ($angeltypes as &$angeltype) {
$entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `TID`='" . sql_escape($angeltype['id']) . "' ORDER BY `Nick`");
$entry_list = array();
$entry_nicks = [];
$freeloader = 0;
foreach ($entries as $entry) {
if (in_array('user_shifts_admin', $privileges)) {
$member = User_Nick_render($entry) . ' ' . table_buttons(array(button(page_link_to('user_shifts') . '&entry_id=' . $entry['id'], glyph('trash'), 'btn-xs')));
} else {
$member = User_Nick_render($entry);
}
if ($entry['freeloaded']) {
$member = '<strike>' . $member . '</strike>';
$freeloader++;
}
$entry_list[] = $member;
$entry_nicks[] = $entry['Nick'];
}
$angeltype['taken'] = count($entries) - $freeloader;
$angeltype['angels'] = $entry_nicks;
// do we need more angles of this type?
if ($angeltype['count'] - count($entries) + $freeloader > 0) {
$inner_text = sprintf(ngettext("%d helper needed", "%d helpers needed", $angeltype['count'] - count($entries) + $freeloader), $angeltype['count'] - count($entries) + $freeloader);
// is the shift still running or alternatively is the user shift admin?
$user_may_join_shift = true;
/* you cannot join if user already joined this shift */
$user_may_join_shift &= !$my_shift;
// you cannot join if user is not of this angel type
$user_may_join_shift &= isset($angeltype['user_id']);
// you cannot join if you are not confirmed
if ($angeltype['restricted'] == 1 && isset($angeltype['user_id'])) {
$user_may_join_shift &= isset($angeltype['confirm_user_id']);
}
// you can only join if the shift is in future or running
$user_may_join_shift &= time() < $shift['start'];
// User shift admins may join anybody in every shift
$user_may_join_shift |= in_array('user_shifts_admin', $privileges);
if ($user_may_join_shift) {
$entry_list[] = '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . $inner_text . ' »</a>';
} else {
if (time() > $shift['end']) {
$entry_list[] = $inner_text . ' (vorbei)';
} elseif ($angeltype['restricted'] == 1 && isset($angeltype['user_id']) && !isset($angeltype['confirm_user_id'])) {
$entry_list[] = $inner_text . glyph("lock");
} else {
$entry_list[] = $inner_text . ' <a href="' . page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'] . '">' . sprintf(_('Become %s'), $angeltype['name']) . '</a>';
}
}
unset($inner_text);
$is_free = true;
}
$shift_row['entries'] .= '<b>' . $angeltype['name'] . ':</b> ';
$shift_row['entries'] .= join(", ", $entry_list);
$shift_row['entries'] .= '<br />';
}
if (in_array('user_shifts_admin', $privileges)) {
$shift_row['entries'] .= '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . _('Add more angels') . ' »</a>';
}
$shifts_table[] = $shift_row;
$shift['angeltypes'] = $angeltypes;
$ical_shifts[] = $shift;
}
}
$shifts_table = table(array('info' => _("Time") . "/" . _("Room"), 'entries' => _("Entries")), $shifts_table);
}
if ($user['api_key'] == "") {
User_reset_api_key($user, false);
}
return page(array('<div class="col-md-12">', msg(), template_render('../templates/user_shifts.html', array('title' => shifts_title(), 'room_select' => make_select($rooms, $_SESSION['user_shifts']['rooms'], "rooms", _("Rooms")), 'start_select' => html_select_key("start_day", "start_day", array_combine($days, $days), $_SESSION['user_shifts']['start_day']), 'start_time' => $_SESSION['user_shifts']['start_time'], 'end_select' => html_select_key("end_day", "end_day", array_combine($days, $days), $_SESSION['user_shifts']['end_day']), 'end_time' => $_SESSION['user_shifts']['end_time'], 'type_select' => make_select($types, $_SESSION['user_shifts']['types'], "types", _("Angeltypes") . '<sup>1</sup>'), 'filled_select' => make_select($filled, $_SESSION['user_shifts']['filled'], "filled", _("Occupancy")), 'task_notice' => '<sup>1</sup>' . _("The tasks shown here are influenced by the preferences you defined in your settings!") . " <a href=\"" . page_link_to('angeltypes') . '&action=about' . "\">" . _("Description of the jobs.") . "</a>", 'new_style_checkbox' => '<label><input type="checkbox" name="new_style" value="1" ' . ($_SESSION['user_shifts']['new_style'] ? ' checked' : '') . '> ' . _("Use new style if possible") . '</label>', 'shifts_table' => msg() . $shifts_table, 'ical_text' => '<h2>' . _("iCal export") . '</h2><p>' . sprintf(_("Export of shown shifts. <a href=\"%s\">iCal format</a> or <a href=\"%s\">JSON format</a> available (please keep secret, otherwise <a href=\"%s\">reset the api key</a>)."), page_link_to_absolute('ical') . '&key=' . $user['api_key'], page_link_to_absolute('shifts_json_export') . '&key=' . $user['api_key'], page_link_to('user_myshifts') . '&reset') . '</p>', 'filter' => _("Filter"))), '</div>'));
}
<?php
if (sql_num_query("SHOW COLUMNS FROM `Shifts` LIKE 'Date_'") == 2) {
if (sql_num_query("DESCRIBE `Shifts` `Len`") != 0) {
if (sql_num_query("SELECT * FROM `Shifts` WHERE DATE_SUB(`DateE`, INTERVAL (`Len`*60) MINUTE) != `DateS`") != 0) {
die("Inconsistent data in Shifts table, won't do update " . __FILE__);
} else {
sql_query("ALTER TABLE `Shifts` DROP `Len`");
}
}
_datetime_to_int("Shifts", "DateS");
_datetime_to_int("Shifts", "DateE");
sql_query("ALTER TABLE `Shifts` CHANGE `DateS` `start` INT NOT NULL, CHANGE `DateE` `end` INT NOT NULL");
$applied = true;
}
if (sql_num_query("DESCRIBE `Shifts` `Man`") === 1 && sql_num_query("DESCRIBE `Shifts` `name`") === 0) {
sql_query("ALTER TABLE `Shifts` CHANGE `Man` `name` VARCHAR(1024) NULL");
$applied = true;
}
$res = sql_select("DESCRIBE `Shifts` `PSID`");
if ($res[0]['Type'] == 'text') {
sql_query("ALTER TABLE `Shifts` CHANGE `PSID` `PSID` INT NULL");
$applied = true;
}
_add_index("Shifts", array("PSID"), "UNIQUE");
_add_index("Shifts", array("RID"));
<?php
if (sql_num_query("SHOW TABLES LIKE 'LogEntries'") == 0) {
sql_query("CREATE TABLE `LogEntries` (\n `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,\n `timestamp` INT NOT NULL ,\n `nick` VARCHAR( 23 ) NOT NULL ,\n `message` TEXT NOT NULL ,\n INDEX ( `timestamp` )\n ) ENGINE = InnoDB;");
$applied = true;
}
if (sql_num_query("SHOW TABLES LIKE 'ChangeLog'") == 0) {
sql_query("DROP TABLE `ChangeLog`");
$applied = true;
}
<?php
if (sql_num_query("DESCRIBE `Messages` `id`") === 0) {
sql_query("ALTER TABLE `Messages`\n DROP PRIMARY KEY,\n ADD `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY FIRST\n ");
$applied = true;
}
_add_index("Messages", array("SUID"));
_add_index("Messages", array("RUID"));
_datetime_to_int("Messages", "Datum");
_add_index("Messages", array("Datum"));
<?php
if (sql_num_query("SHOW TABLES LIKE 'UserAngelTypes'") === 0) {
sql_query("CREATE TABLE `UserAngelTypes` (\n `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,\n `user_id` INT NOT NULL ,\n `angeltype_id` INT NOT NULL ,\n `confirm_user_id` INT NULL ,\n INDEX ( `user_id` , `angeltype_id` , `confirm_user_id` )\n )");
sql_query("INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`)\n SELECT `User`.`UID`, `AngelTypes`.`id`\n FROM `User`\n INNER JOIN `AngelTypes`\n ON TRIM(TRAILING 'Engel' FROM TRIM(TRAILING 'Angel' FROM `User`.`Art`)) = `AngelTypes`.`name`");
$applied = true;
}
<?php
if (sql_num_query("DESCRIBE `ShiftEntry` `id`") === 0) {
sql_query("ALTER TABLE `ShiftEntry` ADD `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY FIRST");
$applied = true;
}
_add_index("ShiftEntry", array("SID"));
_add_index("ShiftEntry", array("TID"));
_add_index("ShiftEntry", array("UID"));
<?php
if (sql_num_query("SHOW INDEX FROM `Room` WHERE `Column_name` = 'location'") == 0) {
sql_query("ALTER TABLE `Room` ADD `location` TEXT NOT NULL");
$applied = true;
}
if (sql_num_query("SHOW INDEX FROM `Room` WHERE `Column_name` = 'lat'") == 0) {
sql_query("ALTER TABLE `Room` ADD `lat` VARCHAR(20) NOT NULL");
$applied = true;
}
if (sql_num_query("SHOW INDEX FROM `Room` WHERE `Column_name` = 'long'") == 0) {
sql_query("ALTER TABLE `Room` ADD `long` VARCHAR(20) NOT NULL");
$applied = true;
}
function admin_active()
{
global $tshirt_sizes, $shift_sum_formula;
$msg = "";
$search = "";
$forced_count = sql_num_query("SELECT * FROM `User` WHERE `force_active`=1");
$count = $forced_count;
$limit = "";
$set_active = "";
if (isset($_REQUEST['search'])) {
$search = strip_request_item('search');
}
if (isset($_REQUEST['set_active'])) {
$ok = true;
if (isset($_REQUEST['count']) && preg_match("/^[0-9]+\$/", $_REQUEST['count'])) {
$count = strip_request_item('count');
if ($count < $forced_count) {
error(sprintf(_("At least %s angels are forced to be active. The number has to be greater."), $forced_count));
redirect(page_link_to('admin_active'));
}
} else {
$ok = false;
$msg .= error(_("Please enter a number of angels to be marked as active."), true);
}
if ($ok) {
$limit = " LIMIT " . $count;
}
if (isset($_REQUEST['ack'])) {
sql_query("UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0");
$users = sql_select("\n SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, {$shift_sum_formula} as `shift_length` \n FROM `User` \n LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` \n LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` \n WHERE `User`.`Gekommen` = 1 AND `User`.`force_active`=0 \n GROUP BY `User`.`UID` \n ORDER BY `force_active` DESC, `shift_length` DESC" . $limit);
$user_nicks = array();
foreach ($users as $usr) {
sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`='" . sql_escape($usr['UID']) . "'");
$user_nicks[] = User_Nick_render($usr);
}
sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `force_active`=TRUE");
engelsystem_log("These angels are active now: " . join(", ", $user_nicks));
$limit = "";
$msg = success(_("Marked angels."), true);
} else {
$set_active = '<a href="' . page_link_to('admin_active') . '&serach=' . $search . '">« ' . _("back") . '</a> | <a href="' . page_link_to('admin_active') . '&search=' . $search . '&count=' . $count . '&set_active&ack">' . _("apply") . '</a>';
}
}
if (isset($_REQUEST['active']) && preg_match("/^[0-9]+\$/", $_REQUEST['active'])) {
$id = $_REQUEST['active'];
$user_source = User($id);
if ($user_source != null) {
sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
engelsystem_log("User " . User_Nick_render($user_source) . " is active now.");
$msg = success(_("Angel has been marked as active."), true);
} else {
$msg = error(_("Angel not found."), true);
}
} elseif (isset($_REQUEST['not_active']) && preg_match("/^[0-9]+\$/", $_REQUEST['not_active'])) {
$id = $_REQUEST['not_active'];
$user_source = User($id);
if ($user_source != null) {
sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
engelsystem_log("User " . User_Nick_render($user_source) . " is NOT active now.");
$msg = success(_("Angel has been marked as not active."), true);
} else {
$msg = error(_("Angel not found."), true);
}
} elseif (isset($_REQUEST['tshirt']) && preg_match("/^[0-9]+\$/", $_REQUEST['tshirt'])) {
$id = $_REQUEST['tshirt'];
$user_source = User($id);
if ($user_source != null) {
sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
engelsystem_log("User " . User_Nick_render($user_source) . " has tshirt now.");
$msg = success(_("Angel has got a t-shirt."), true);
} else {
$msg = error("Angel not found.", true);
}
} elseif (isset($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+\$/", $_REQUEST['not_tshirt'])) {
$id = $_REQUEST['not_tshirt'];
$user_source = User($id);
if ($user_source != null) {
sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
engelsystem_log("User " . User_Nick_render($user_source) . " has NO tshirt.");
$msg = success(_("Angel has got no t-shirt."), true);
} else {
$msg = error(_("Angel not found."), true);
}
}
$users = sql_select("\n SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, {$shift_sum_formula} as `shift_length` \n FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` \n LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` \n WHERE `User`.`Gekommen` = 1 \n GROUP BY `User`.`UID` \n ORDER BY `force_active` DESC, `shift_length` DESC" . $limit);
$matched_users = array();
if ($search == "") {
$tokens = array();
} else {
$tokens = explode(" ", $search);
}
foreach ($users as &$usr) {
if (count($tokens) > 0) {
$match = false;
$index = join("", $usr);
foreach ($tokens as $t) {
if (stristr($index, trim($t))) {
$match = true;
break;
}
}
if (!$match) {
continue;
}
}
$usr['nick'] = User_Nick_render($usr);
$usr['shirt_size'] = $tshirt_sizes[$usr['Size']];
$usr['work_time'] = round($usr['shift_length'] / 60) . ' min (' . round($usr['shift_length'] / 3600) . ' h)';
$usr['active'] = glyph_bool($usr['Aktiv'] == 1);
$usr['force_active'] = glyph_bool($usr['force_active'] == 1);
$usr['tshirt'] = glyph_bool($usr['Tshirt'] == 1);
$actions = array();
if ($usr['Aktiv'] == 0) {
$actions[] = '<a href="' . page_link_to('admin_active') . '&active=' . $usr['UID'] . '&search=' . $search . '">' . _("set active") . '</a>';
}
if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) {
$actions[] = '<a href="' . page_link_to('admin_active') . '&not_active=' . $usr['UID'] . '&search=' . $search . '">' . _("remove active") . '</a>';
$actions[] = '<a href="' . page_link_to('admin_active') . '&tshirt=' . $usr['UID'] . '&search=' . $search . '">' . _("got t-shirt") . '</a>';
}
if ($usr['Tshirt'] == 1) {
$actions[] = '<a href="' . page_link_to('admin_active') . '&not_tshirt=' . $usr['UID'] . '&search=' . $search . '">' . _("remove t-shirt") . '</a>';
}
$usr['actions'] = join(' ', $actions);
$matched_users[] = $usr;
}
$shirt_statistics = sql_select("\n SELECT `Size`, count(`Size`) AS `count`\n FROM `User`\n WHERE `Tshirt`=1\n GROUP BY `Size`\n ORDER BY `count` DESC");
$shirt_statistics[] = array('Size' => '<b>' . _("Sum") . '</b>', 'count' => '<b>' . sql_select_single_cell("SELECT count(*) FROM `User` WHERE `Tshirt`=1") . '</b>');
return page_with_title(admin_active_title(), array(form(array(form_text('search', _("Search angel:"), $search), form_submit('submit', _("Search")))), $set_active == "" ? form(array(form_text('count', _("How much angels should be active?"), $count), form_submit('set_active', _("Preview")))) : $set_active, msg(), table(array('nick' => _("Nickname"), 'shirt_size' => _("Size"), 'shift_count' => _("Shifts"), 'work_time' => _("Length"), 'active' => _("Active?"), 'force_active' => _("Forced"), 'tshirt' => _("T-shirt?"), 'actions' => ""), $matched_users), '<h2>' . _("Given shirts") . '</h2>', table(array('Size' => _("Size"), 'count' => _("Count")), $shirt_statistics)));
}
function guest_register()
{
global $default_theme, $genders;
$msg = "";
$nick = "";
$lastname = "";
$prename = "";
$age = "";
$tel = "";
$mobile = "";
$mail = "";
$email_shiftinfo = false;
$hometown = "";
$comment = "";
$password_hash = "";
$selected_angel_types = array();
$gender = "none";
$angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
$angel_types = array();
foreach ($angel_types_source as $angel_type) {
$angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : "");
if (!$angel_type['restricted']) {
$selected_angel_types[] = $angel_type['id'];
}
}
if (isset($_REQUEST['submit'])) {
$ok = true;
if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 1) {
$nick = User_validate_Nick($_REQUEST['nick']);
if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' LIMIT 1") > 0) {
$ok = false;
$msg .= error(sprintf(_("Your nick "%s" already exists."), $nick), true);
}
} else {
$ok = false;
$msg .= error(sprintf(_("Your nick "%s" is too short (min. 2 characters)."), User_validate_Nick($_REQUEST['nick'])), true);
}
if (isset($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) {
$mail = strip_request_item('mail');
if (!check_email($mail)) {
$ok = false;
$msg .= error(_("E-mail address is not correct."), true);
}
} else {
$ok = false;
$msg .= error(_("Please enter your e-mail."), true);
}
if (isset($_REQUEST['email_shiftinfo'])) {
$email_shiftinfo = true;
}
if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) {
if ($_REQUEST['password'] != $_REQUEST['password2']) {
$ok = false;
$msg .= error(_("Your passwords don't match."), true);
}
} else {
$ok = false;
$msg .= error(sprintf(_("Your password is too short (please use at least %s characters)."), MIN_PASSWORD_LENGTH), true);
}
$selected_angel_types = array();
foreach ($angel_types as $angel_type_id => $angel_type_name) {
if (isset($_REQUEST['angel_types_' . $angel_type_id])) {
$selected_angel_types[] = $angel_type_id;
}
}
// Trivia
if (isset($_REQUEST['lastname'])) {
$lastname = strip_request_item('lastname');
}
if (isset($_REQUEST['prename'])) {
$prename = strip_request_item('prename');
}
if (isset($_REQUEST['age']) && preg_match("/^[0-9]{0,4}\$/", $_REQUEST['age'])) {
$age = strip_request_item('age');
}
if (isset($_REQUEST['tel'])) {
$tel = strip_request_item('tel');
}
if (isset($_REQUEST['mobile'])) {
$mobile = strip_request_item('mobile');
}
if (isset($_REQUEST['hometown'])) {
$hometown = strip_request_item('hometown');
}
if (isset($_REQUEST['comment'])) {
$comment = strip_request_item_nl('comment');
}
if (isset($_REQUEST['gender']) && array_key_exists($_REQUEST['gender'], $genders)) {
$gender = $_REQUEST['gender'];
}
if ($ok) {
$confirmationToken = bin2hex(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM));
$confirmationTokenUrl = page_link_to_absolute('user_activate_account') . '&token=' . $confirmationToken;
sql_query("\n INSERT INTO `User` SET \n `color`='" . sql_escape($default_theme) . "', \n `Nick`='" . sql_escape($nick) . "', \n `Vorname`='" . sql_escape($prename) . "', \n `Name`='" . sql_escape($lastname) . "', \n `Alter`='" . sql_escape($age) . "', \n `gender`='" . sql_escape($gender) . "',\n `Telefon`='" . sql_escape($tel) . "', \n `Handy`='" . sql_escape($mobile) . "', \n `email`='" . sql_escape($mail) . "', \n `email_shiftinfo`=" . sql_bool($email_shiftinfo) . ", \n `Passwort`='" . sql_escape($password_hash) . "', \n `kommentar`='" . sql_escape($comment) . "', \n `Hometown`='" . sql_escape($hometown) . "', \n `CreateDate`=NOW(), \n `Sprache`='" . sql_escape($_SESSION["locale"]) . "',\n `arrival_date`=NULL,\n `planned_arrival_date`= 0,\n `mailaddress_verification_token` = '" . sql_escape($confirmationToken) . "',\n `user_account_approved` = 0");
// Assign user-group and set password
$user_id = sql_id();
sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($user_id) . "', `group_id`=-2");
set_password($user_id, $_REQUEST['password']);
// Assign angel-types
$user_angel_types_info = array();
foreach ($selected_angel_types as $selected_angel_type_id) {
sql_query("INSERT INTO `UserAngelTypes` SET `user_id`='" . sql_escape($user_id) . "', `angeltype_id`='" . sql_escape($selected_angel_type_id) . "'");
$user_angel_types_info[] = $angel_types[$selected_angel_type_id];
}
engelsystem_log("User " . $nick . " signed up as: " . join(", ", $user_angel_types_info));
engelsystem_email($mail, _('Please confirm your eMail-address'), sprintf(_('Hello %1$s! Thanks for signing up at Engelsystem. Please confirm your eMail-address by clicking the following link: %2$s'), $mail, $confirmationTokenUrl));
success(_("Angel registration successful! Please click the confirmation link in the eMail we sent you to activate your account."));
redirect('?');
}
}
return page_with_title(register_title(), array(_("By completing this form you're registering as an helper. Please enter a username/nick of your choice, your e-mail adress and your full name. Only your nick will be shown to other users."), $msg, msg(), form(array(div('row', array(div('col-md-6', array(div('row', array(div('col-sm-4', array(form_text('nick', _("Nick") . ' ' . entry_required(), $nick))), div('col-sm-8', array(form_email('mail', _("E-Mail") . ' ' . entry_required(), $mail), form_checkbox('email_shiftinfo', _("Please keep me informed by e-mail, e.g. if my shifts change"), $email_shiftinfo))), div('col-sm-4', array(form_text('prename', _("First name") . ' ' . entry_required(), $prename))), div('col-sm-4', array(form_text('lastname', _("Last name") . ' ' . entry_required(), $lastname))))), div('row', array(div('col-sm-6', array()), div('col-sm-6', array()))), div('row', array(div('col-sm-6', array(form_password('password', _("Password") . ' ' . entry_required()))), div('col-sm-6', array(form_password('password2', _("Confirm password") . ' ' . entry_required()))))))), div('col-md-6', array(div('row', array(div('col-sm-4', array(form_text('mobile', _("Mobile"), $mobile))), div('col-sm-4', array(form_text('tel', _("Phone"), $tel))))), div('row', array(div('col-sm-3', array(form_text('age', _("Age"), $age))), div('col-sm-6', array(form_text('comment', _("Additional Information(Language / Profession)"), $comment))))), form_info(entry_required() . ' = ' . _("Entry required!")))))), form_submit('submit', _("Register"))))));
}
<?php
if (sql_num_query("SHOW TABLES LIKE 'NeededAngelTypes'") === 0) {
sql_query("CREATE TABLE `NeededAngelTypes` (\n `id` int(11) NOT NULL AUTO_INCREMENT,\n `room_id` int(11) DEFAULT NULL,\n `shift_id` int(11) DEFAULT NULL,\n `angel_type_id` int(11) NOT NULL,\n `count` int(11) NOT NULL,\n PRIMARY KEY (`id`),\n KEY `room_id` (`room_id`,`angel_type_id`),\n KEY `shift_id` (`shift_id`),\n KEY `angel_type_id` (`angel_type_id`)\n )\n ");
$data = sql_select("SELECT * FROM `Room`");
$res = sql_query("SHOW COLUMNS FROM `Room` LIKE 'DEFAULT_EID_%'");
while ($col = mysql_fetch_assoc($res)) {
$tid = explode('_', $col['Field']);
$tid = intval(array_pop($tid));
if ($col['Default'] != '0') {
sql_query("INSERT INTO `NeededAngelTypes` (`angel_type_id`, `count`) VALUES (" . $tid . ", " . intval($col['Default']) . ")");
}
foreach ($data as $row) {
if ($row[$col['Field']] > 0) {
sql_query("INSERT INTO `NeededAngelTypes` (`angel_type_id`, `room_id`, `count`) VALUES (" . $tid . ", " . $row['RID'] . ", " . $row[$col['Field']] . ")");
}
}
sql_query("ALTER TABLE `Room` DROP `" . $col['Field'] . "`");
}
$applied = true;
}
if (sql_num_query("SELECT * FROM `ShiftEntry` WHERE `UID` = 0")) {
$data = sql_query("\n INSERT INTO `NeededAngelTypes` (`shift_id`, `angel_type_id`, `count`)\n SELECT se.`SID`, se.`TID`, se.`count` FROM (\n SELECT `SID`, `TID`, COUNT(`TID`) AS `count`\n FROM `ShiftEntry`\n GROUP BY `SID`, `TID`\n ) AS se\n INNER JOIN `Shifts` AS s ON s.`SID` = se.`SID`\n INNER JOIN `Room` AS r ON s.`RID` = r.`RID`\n LEFT JOIN `NeededAngelTypes` AS nat ON (nat.`room_id` = r.`RID` AND nat.`angel_type_id` = se.`TID`)\n WHERE nat.`count` IS NULL OR nat.`count` != se.`count`\n ");
sql_query("DELETE FROM `ShiftEntry` WHERE `UID` = 0 AND `Comment` IS NULL");
$applied = true;
}
_add_index("Room", array("Name"));
<?php
if (sql_num_query("DESCRIBE `FAQ` `Sprache`") === 0 && sql_num_query("DESCRIBE `FAQ` `QID`") == 0) {
sql_query("ALTER TABLE `FAQ`\n ADD `Sprache` SET('de', 'en') NOT NULL,\n ADD `QID` INT NOT NULL,\n ADD INDEX(`Sprache`)");
$res = sql_query("SELECT * FROM `FAQ` WHERE `Sprache` = ''");
$i = 0;
while ($row = mysql_fetch_assoc($res)) {
$question = preg_split('#(?:<|<)br(?:>|>)#i', $row['Frage'], 2, PREG_SPLIT_NO_EMPTY);
$answer = preg_split('#(?:<|<)br(?:>|>)#i', $row['Antwort'], 2, PREG_SPLIT_NO_EMPTY);
if (count($question) == 2 && count($answer) == 2) {
sql_query("INSERT INTO `FAQ` (`Frage`, `Antwort`, `Sprache`, `QID`) VALUES ('" . sql_escape(trim($question[1])) . "', '" . sql_escape(trim($answer[1])) . "', 'en', {$i})");
}
sql_query("UPDATE `FAQ` SET `Frage` = '" . sql_escape(trim($question[0])) . "', `Antwort` = '" . sql_escape(trim($answer[0])) . "', `Sprache` = 'de', `QID` = {$i} WHERE `FID` = " . $row['FID']);
$i++;
}
_add_index('FAQ', array('QID', 'Sprache'), 'UNIQUE');
$applied = true;
}
function admin_rooms()
{
global $user;
$rooms_source = sql_select("SELECT * FROM `Room` ORDER BY `Name`");
$rooms = array();
foreach ($rooms_source as $room) {
$rooms[] = array('name' => $room['Name'], 'from_pentabarf' => $room['FromPentabarf'] == 'Y' ? '✓' : '', 'public' => $room['show'] == 'Y' ? '✓' : '', 'actions' => buttons(array(button(page_link_to('admin_rooms') . '&show=edit&id=' . $room['RID'], _("edit"), 'btn-xs'), button(page_link_to('admin_rooms') . '&show=delete&id=' . $room['RID'], _("delete"), 'btn-xs'))));
}
$room = null;
if (isset($_REQUEST['show'])) {
$msg = "";
$name = "";
$from_pentabarf = "";
$public = 'Y';
$number = "";
$angeltypes_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
$angeltypes = array();
$angeltypes_count = array();
foreach ($angeltypes_source as $angeltype) {
$angeltypes[$angeltype['id']] = $angeltype['name'];
$angeltypes_count[$angeltype['id']] = 0;
}
if (test_request_int('id')) {
$room = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($_REQUEST['id']) . "'");
if (count($room) > 0) {
$id = $_REQUEST['id'];
$name = $room[0]['Name'];
$from_pentabarf = $room[0]['FromPentabarf'];
$public = $room[0]['show'];
$number = $room[0]['Number'];
$needed_angeltypes = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($id) . "'");
foreach ($needed_angeltypes as $needed_angeltype) {
$angeltypes_count[$needed_angeltype['angel_type_id']] = $needed_angeltype['count'];
}
} else {
redirect(page_link_to('admin_rooms'));
}
}
if ($_REQUEST['show'] == 'edit') {
if (isset($_REQUEST['submit'])) {
$ok = true;
if (isset($_REQUEST['name']) && strlen(strip_request_item('name')) > 0) {
$name = strip_request_item('name');
if (isset($room) && sql_num_query("SELECT * FROM `Room` WHERE `Name`='" . sql_escape($name) . "' AND NOT `RID`=" . sql_escape($id)) > 0) {
$ok = false;
$msg .= error(_("This name is already in use."), true);
}
} else {
$ok = false;
$msg .= error(_("Please enter a name."), true);
}
if (isset($_REQUEST['from_pentabarf'])) {
$from_pentabarf = 'Y';
} else {
$from_pentabarf = '';
}
if (isset($_REQUEST['public'])) {
$public = 'Y';
} else {
$public = '';
}
if (isset($_REQUEST['number'])) {
$number = strip_request_item('number');
} else {
$ok = false;
}
foreach ($angeltypes as $angeltype_id => $angeltype) {
if (isset($_REQUEST['angeltype_count_' . $angeltype_id]) && preg_match("/^[0-9]{1,4}\$/", $_REQUEST['angeltype_count_' . $angeltype_id])) {
$angeltypes_count[$angeltype_id] = $_REQUEST['angeltype_count_' . $angeltype_id];
} else {
$ok = false;
$msg .= error(sprintf(_("Please enter needed angels for type %s.", $angeltype)), true);
}
}
if ($ok) {
if (isset($id)) {
sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`='" . sql_escape($id) . "' LIMIT 1");
engelsystem_log("Room updated: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number);
} else {
$id = Room_create($name, $from_pentabarf, $public, $number);
if ($id === false) {
engelsystem_error("Unable to create room.");
}
engelsystem_log("Room created: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number);
}
sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($id) . "'");
$needed_angeltype_info = array();
foreach ($angeltypes_count as $angeltype_id => $angeltype_count) {
$angeltype = AngelType($angeltype_id);
if ($angeltype === false) {
engelsystem_error("Unable to load angeltype.");
}
if ($angeltype != null) {
sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`='" . sql_escape($id) . "', `angel_type_id`='" . sql_escape($angeltype_id) . "', `count`='" . sql_escape($angeltype_count) . "'");
$needed_angeltype_info[] = $angeltype['name'] . ": " . $angeltype_count;
}
}
engelsystem_log("Set needed angeltypes of room " . $name . " to: " . join(", ", $needed_angeltype_info));
success(_("Room saved."));
redirect(page_link_to("admin_rooms"));
}
}
$angeltypes_count_form = array();
foreach ($angeltypes as $angeltype_id => $angeltype) {
$angeltypes_count_form[] = div('col-lg-4 col-md-6 col-xs-6', array(form_spinner('angeltype_count_' . $angeltype_id, $angeltype, $angeltypes_count[$angeltype_id])));
}
return page_with_title(admin_rooms_title(), array(buttons(array(button(page_link_to('admin_rooms'), _("back"), 'back'))), $msg, form(array(div('row', array(div('col-md-6', array(form_text('name', _("Name"), $name), form_checkbox('from_pentabarf', _("Frab import"), $from_pentabarf), form_checkbox('public', _("Public"), $public), form_text('number', _("Room number"), $number))), div('col-md-6', array(div('row', array(div('col-md-12', array(form_info(_("Needed angels:")))), join($angeltypes_count_form))))))), form_submit('submit', _("Save"))))));
} elseif ($_REQUEST['show'] == 'delete') {
if (isset($_REQUEST['ack'])) {
if (!Room_delete($id)) {
engelsystem_error("Unable to delete room.");
}
engelsystem_log("Room deleted: " . $name);
success(sprintf(_("Room %s deleted."), $name));
redirect(page_link_to('admin_rooms'));
}
return page_with_title(admin_rooms_title(), array(buttons(array(button(page_link_to('admin_rooms'), _("back"), 'back'))), sprintf(_("Do you want to delete room %s?"), $name), buttons(array(button(page_link_to('admin_rooms') . '&show=delete&id=' . $id . '&ack', _("Delete"), 'delete')))));
}
}
return page_with_title(admin_rooms_title(), array(buttons(array(button(page_link_to('admin_rooms') . '&show=edit', _("add")))), msg(), table(array('name' => _("Name"), 'from_pentabarf' => _("Frab import"), 'public' => _("Public"), 'actions' => ""), $rooms)));
}
<?php
_datetime_to_int("User", "lastLogin");
if (sql_num_query("DESCRIBE `User` `ical_key`") === 0) {
sql_query("ALTER TABLE `User` ADD `ical_key` VARCHAR( 32 ) NOT NULL");
# _add_index("User", array("ical_key"), "UNIQUE");
# XXX: not everybody has an ical_key, why?
$applied = true;
}
$res = sql_select("DESCRIBE `User` `DECT`");
if ($res[0]['Type'] == 'varchar(4)') {
sql_query("ALTER TABLE `User` CHANGE `DECT` `DECT` VARCHAR(5) NULL");
$applied = true;
}
