Exemple #1
0
function user_shifts()
{
    global $user, $privileges, $max_freeloadable_shifts;
    if (User_is_freeloader($user)) {
        redirect(page_link_to('user_myshifts'));
    }
    // Locations laden
    $rooms = sql_select("SELECT * FROM `Room` WHERE `show`='Y' ORDER BY `Name`");
    $room_array = array();
    foreach ($rooms as $room) {
        $room_array[$room['RID']] = $room['Name'];
    }
    // Löschen einzelner Schicht-Einträge (Also Belegung einer Schicht von Engeln) durch Admins
    if (isset($_REQUEST['entry_id']) && in_array('user_shifts_admin', $privileges)) {
        if (isset($_REQUEST['entry_id']) && test_request_int('entry_id')) {
            $entry_id = $_REQUEST['entry_id'];
        } else {
            redirect(page_link_to('user_shifts'));
        }
        $shift_entry_source = sql_select("\n        SELECT `User`.`Nick`, `ShiftEntry`.`Comment`, `ShiftEntry`.`UID`, `ShiftTypes`.`name`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type` \n        FROM `ShiftEntry` \n        JOIN `User` ON (`User`.`UID`=`ShiftEntry`.`UID`) \n        JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) \n        JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) \n        JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n        JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) \n        WHERE `ShiftEntry`.`id`='" . sql_escape($entry_id) . "'");
        if (count($shift_entry_source) > 0) {
            $shift_entry_source = $shift_entry_source[0];
            $result = ShiftEntry_delete($entry_id);
            if ($result === false) {
                engelsystem_error('Unable to delete shift entry.');
            }
            engelsystem_log("Deleted " . User_Nick_render($shift_entry_source) . "'s shift: " . $shift_entry_source['name'] . " at " . $shift_entry_source['Name'] . " from " . date("y-m-d H:i", $shift_entry_source['start']) . " to " . date("y-m-d H:i", $shift_entry_source['end']) . " as " . $shift_entry_source['angel_type']);
            success(_("Shift entry deleted."));
        } else {
            error(_("Entry not found."));
        }
        redirect(page_link_to('user_shifts'));
    } elseif (isset($_REQUEST['edit_shift']) && in_array('admin_shifts', $privileges)) {
        $msg = "";
        $ok = true;
        if (isset($_REQUEST['edit_shift']) && test_request_int('edit_shift')) {
            $shift_id = $_REQUEST['edit_shift'];
        } else {
            redirect(page_link_to('user_shifts'));
        }
        $shift = sql_select("\n        SELECT `ShiftTypes`.`name`, `Shifts`.*, `Room`.* FROM `Shifts` \n        JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) \n        JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n        WHERE `SID`='" . sql_escape($shift_id) . "'");
        if (count($shift) == 0) {
            redirect(page_link_to('user_shifts'));
        }
        $shift = $shift[0];
        // Engeltypen laden
        $types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
        $angel_types = array();
        $needed_angel_types = array();
        foreach ($types as $type) {
            $angel_types[$type['id']] = $type;
            $needed_angel_types[$type['id']] = 0;
        }
        $shifttypes_source = ShiftTypes();
        $shifttypes = [];
        foreach ($shifttypes_source as $shifttype) {
            $shifttypes[$shifttype['id']] = $shifttype['name'];
        }
        // Benötigte Engeltypen vom Raum
        $needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`room_id`='" . sql_escape($shift['RID']) . "') ORDER BY `AngelTypes`.`name`");
        foreach ($needed_angel_types_source as $type) {
            if ($type['count'] != "") {
                $needed_angel_types[$type['id']] = $type['count'];
            }
        }
        // Benötigte Engeltypen von der Schicht
        $needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`shift_id`='" . sql_escape($shift_id) . "') ORDER BY `AngelTypes`.`name`");
        foreach ($needed_angel_types_source as $type) {
            if ($type['count'] != "") {
                $needed_angel_types[$type['id']] = $type['count'];
            }
        }
        $shifttype_id = $shift['shifttype_id'];
        $title = $shift['title'];
        $rid = $shift['RID'];
        $start = $shift['start'];
        $end = $shift['end'];
        if (isset($_REQUEST['submit'])) {
            // Name/Bezeichnung der Schicht, darf leer sein
            $title = strip_request_item('title');
            // Auswahl der sichtbaren Locations für die Schichten
            if (isset($_REQUEST['rid']) && preg_match("/^[0-9]+\$/", $_REQUEST['rid']) && isset($room_array[$_REQUEST['rid']])) {
                $rid = $_REQUEST['rid'];
            } else {
                $ok = false;
                $rid = $rooms[0]['RID'];
                $msg .= error(_("Please select a room."), true);
            }
            if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) {
                $shifttype_id = $_REQUEST['shifttype_id'];
            } else {
                $ok = false;
                $msg .= error(_('Please select a shifttype.'), true);
            }
            if (isset($_REQUEST['start']) && ($tmp = DateTime::createFromFormat("Y-m-d H:i", trim($_REQUEST['start'])))) {
                $start = $tmp->getTimestamp();
            } else {
                $ok = false;
                $msg .= error(_("Please enter a valid starting time for the shifts."), true);
            }
            if (isset($_REQUEST['end']) && ($tmp = DateTime::createFromFormat("Y-m-d H:i", trim($_REQUEST['end'])))) {
                $end = $tmp->getTimestamp();
            } else {
                $ok = false;
                $msg .= error(_("Please enter a valid ending time for the shifts."), true);
            }
            if ($start >= $end) {
                $ok = false;
                $msg .= error(_("The ending time has to be after the starting time."), true);
            }
            foreach ($needed_angel_types_source as $type) {
                if (isset($_REQUEST['type_' . $type['id']]) && preg_match("/^[0-9]+\$/", trim($_REQUEST['type_' . $type['id']]))) {
                    $needed_angel_types[$type['id']] = trim($_REQUEST['type_' . $type['id']]);
                } else {
                    $ok = false;
                    $msg .= error(sprintf(_("Please check your input for needed angels of type %s."), $type['name']), true);
                }
            }
            if ($ok) {
                $shift['shifttype_id'] = $shifttype_id;
                $shift['title'] = $title;
                $shift['RID'] = $rid;
                $shift['start'] = $start;
                $shift['end'] = $end;
                $result = Shift_update($shift);
                if ($result === false) {
                    engelsystem_error('Unable to update shift.');
                }
                sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`='" . sql_escape($shift_id) . "'");
                $needed_angel_types_info = array();
                foreach ($needed_angel_types as $type_id => $count) {
                    sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`='" . sql_escape($shift_id) . "', `angel_type_id`='" . sql_escape($type_id) . "', `count`='" . sql_escape($count) . "'");
                    $needed_angel_types_info[] = $angel_types[$type_id]['name'] . ": " . $count;
                }
                engelsystem_log("Updated shift '" . $name . "' from " . date("y-m-d H:i", $start) . " to " . date("y-m-d H:i", $end) . " with angel types " . join(", ", $needed_angel_types_info));
                success(_("Shift updated."));
                redirect(shift_link(['SID' => $shift_id]));
            }
        }
        $room_select = html_select_key('rid', 'rid', $room_array, $rid);
        $angel_types = "";
        foreach ($types as $type) {
            $angel_types .= form_spinner('type_' . $type['id'], $type['name'], $needed_angel_types[$type['id']]);
        }
        return page_with_title(shifts_title(), array(msg(), '<noscript>' . info(_("This page is much more comfortable with javascript."), true) . '</noscript>', form(array(form_select('shifttype_id', _('Shifttype'), $shifttypes, $shifttype_id), form_text('title', _("Title"), $title), form_select('rid', _("Room:"), $room_array, $rid), form_text('start', _("Start:"), date("Y-m-d H:i", $start)), form_text('end', _("End:"), date("Y-m-d H:i", $end)), '<h2>' . _("Needed angels") . '</h2>', $angel_types, form_submit('submit', _("Save"))))));
    } elseif (isset($_REQUEST['delete_shift']) && in_array('user_shifts_admin', $privileges)) {
        if (isset($_REQUEST['delete_shift']) && preg_match("/^[0-9]*\$/", $_REQUEST['delete_shift'])) {
            $shift_id = $_REQUEST['delete_shift'];
        } else {
            redirect(page_link_to('user_shifts'));
        }
        $shift = Shift($shift_id);
        if ($shift === false) {
            engelsystem_error('Unable to load shift.');
        }
        if ($shift == null) {
            redirect(page_link_to('user_shifts'));
        }
        // Schicht löschen bestätigt
        if (isset($_REQUEST['delete'])) {
            $result = Shift_delete($shift_id);
            if ($result === false) {
                engelsystem_error('Unable to delete shift.');
            }
            engelsystem_log("Deleted shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end']));
            success(_("Shift deleted."));
            redirect(page_link_to('user_shifts'));
        }
        return page_with_title(shifts_title(), array(error(sprintf(_("Do you want to delete the shift %s from %s to %s?"), $shift['name'], date("Y-m-d H:i", $shift['start']), date("H:i", $shift['end'])), true), '<a class="button" href="?p=user_shifts&delete_shift=' . $shift_id . '&delete">' . _("delete") . '</a>'));
    } elseif (isset($_REQUEST['shift_id'])) {
        if (isset($_REQUEST['shift_id']) && preg_match("/^[0-9]*\$/", $_REQUEST['shift_id'])) {
            $shift_id = $_REQUEST['shift_id'];
        } else {
            redirect(page_link_to('user_shifts'));
        }
        $shift = Shift($shift_id);
        $room;
        $shift['Name'] = $room_array[$shift['RID']];
        if ($shift === false) {
            engelsystem_error('Unable to load shift.');
        }
        if ($shift == null) {
            redirect(page_link_to('user_shifts'));
        }
        if (isset($_REQUEST['type_id']) && preg_match("/^[0-9]*\$/", $_REQUEST['type_id'])) {
            $type_id = $_REQUEST['type_id'];
        } else {
            redirect(page_link_to('user_shifts'));
        }
        if (in_array('user_shifts_admin', $privileges)) {
            $type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($type_id) . "' LIMIT 1");
        } else {
            $type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1");
        }
        if (count($type) == 0) {
            redirect(page_link_to('user_shifts'));
        }
        $type = $type[0];
        if (!Shift_signup_allowed($shift, $type)) {
            error(_('You are not allowed to sign up for this shift. Maybe shift is full or already running.'));
            redirect(shift_link($shift));
        }
        if (isset($_REQUEST['submit'])) {
            $selected_type_id = $type_id;
            if (in_array('user_shifts_admin', $privileges)) {
                if (isset($_REQUEST['user_id']) && preg_match("/^[0-9]*\$/", $_REQUEST['user_id'])) {
                    $user_id = $_REQUEST['user_id'];
                } else {
                    $user_id = $user['UID'];
                }
                if (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1") == 0) {
                    redirect(page_link_to('user_shifts'));
                }
                if (isset($_REQUEST['angeltype_id']) && test_request_int('angeltype_id') && sql_num_query("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($_REQUEST['angeltype_id']) . "' LIMIT 1") > 0) {
                    $selected_type_id = $_REQUEST['angeltype_id'];
                }
            } else {
                $user_id = $user['UID'];
            }
            if (sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `UID` = '" . sql_escape($user_id) . "'")) {
                return error("This angel does already have an entry for this shift.", true);
            }
            $freeloaded = $shift['freeloaded'];
            $freeload_comment = $shift['freeload_comment'];
            if (in_array("user_shifts_admin", $privileges)) {
                $freeloaded = isset($_REQUEST['freeloaded']);
                $freeload_comment = strip_request_item_nl('freeload_comment');
            }
            $comment = strip_request_item_nl('comment');
            $result = ShiftEntry_create(array('SID' => $shift_id, 'TID' => $selected_type_id, 'UID' => $user_id, 'Comment' => $comment, 'freeloaded' => $freeloaded, 'freeload_comment' => $freeload_comment));
            if ($result === false) {
                engelsystem_error('Unable to create shift entry.');
            }
            if ($type['restricted'] == 0 && sql_num_query("SELECT * FROM `UserAngelTypes` INNER JOIN `AngelTypes` ON `AngelTypes`.`id` = `UserAngelTypes`.`angeltype_id` WHERE `angeltype_id` = '" . sql_escape($selected_type_id) . "' AND `user_id` = '" . sql_escape($user_id) . "' ") == 0) {
                sql_query("INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`) VALUES ('" . sql_escape($user_id) . "', '" . sql_escape($selected_type_id) . "')");
            }
            $user_source = User($user_id);
            engelsystem_log("User " . User_Nick_render($user_source) . " signed up for shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end']));
            success(_("You are subscribed. Thank you!") . ' <a href="' . page_link_to('user_myshifts') . '">' . _("My shifts") . ' &raquo;</a>');
            redirect(shift_link($shift));
        }
        if (in_array('user_shifts_admin', $privileges)) {
            $users = sql_select("SELECT *, (SELECT count(*) FROM `ShiftEntry` WHERE `freeloaded`=1 AND `ShiftEntry`.`UID`=`User`.`UID`) AS `freeloaded` FROM `User` ORDER BY `Nick`");
            $users_select = array();
            foreach ($users as $usr) {
                $users_select[$usr['UID']] = $usr['Nick'] . ($usr['freeloaded'] == 0 ? "" : " (" . _("Freeloader") . ")");
            }
            $user_text = html_select_key('user_id', 'user_id', $users_select, $user['UID']);
            $angeltypes_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
            $angeltypes = array();
            foreach ($angeltypes_source as $angeltype) {
                $angeltypes[$angeltype['id']] = $angeltype['name'];
            }
            $angeltyppe_select = html_select_key('angeltype_id', 'angeltype_id', $angeltypes, $type['id']);
        } else {
            $user_text = User_Nick_render($user);
            $angeltyppe_select = $type['name'];
        }
        return ShiftEntry_edit_view($user_text, date("Y-m-d H:i", $shift['start']) . ' &ndash; ' . date('Y-m-d H:i', $shift['end']) . ' (' . shift_length($shift) . ')', $shift['Name'], $shift['name'], $angeltyppe_select, "", false, null, in_array('user_shifts_admin', $privileges));
    } else {
        return view_user_shifts();
    }
}
function user_myshifts()
{
    global $LETZTES_AUSTRAGEN;
    global $user, $privileges;
    $msg = "";
    if (isset($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}\$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($_REQUEST['id']) . "'") > 0) {
        $id = $_REQUEST['id'];
    } else {
        $id = $user['UID'];
    }
    list($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
    if (isset($_REQUEST['reset'])) {
        if ($_REQUEST['reset'] == "ack") {
            User_reset_api_key($user);
            success(_("Key changed."));
            redirect(page_link_to('user_myshifts'));
        }
        return page_with_title(_("Reset API key"), array(error(_("If you reset the key, the url to your iCal- and JSON-export and your atom feed changes! You have to update it in every application using one of these exports."), true), button(page_link_to('user_myshifts') . '&reset=ack', _("Continue"), 'btn-danger')));
    } elseif (isset($_REQUEST['edit']) && preg_match("/^[0-9]*\$/", $_REQUEST['edit'])) {
        $id = $_REQUEST['edit'];
        $shift = sql_select("SELECT\n        `ShiftEntry`.`freeloaded`,\n        `ShiftEntry`.`freeload_comment`,\n        `ShiftEntry`.`Comment`,\n        `ShiftEntry`.`UID`,\n        `ShiftTypes`.`name`,\n        `Shifts`.*,\n        `Room`.`Name`,\n        `AngelTypes`.`name` as `angel_type`\n        FROM `ShiftEntry`\n        JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`)\n        JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`)\n        JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n        JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`)\n        WHERE `ShiftEntry`.`id`='" . sql_escape($id) . "'\n        AND `UID`='" . sql_escape($shifts_user['UID']) . "' LIMIT 1");
        if (count($shift) > 0) {
            $shift = $shift[0];
            if (isset($_REQUEST['submit'])) {
                $freeloaded = $shift['freeloaded'];
                $freeload_comment = $shift['freeload_comment'];
                if (in_array("user_shifts_admin", $privileges)) {
                    $freeloaded = isset($_REQUEST['freeloaded']);
                    $freeload_comment = strip_request_item_nl('freeload_comment');
                }
                $comment = strip_request_item_nl('comment');
                $user_source = User($shift['UID']);
                $result = ShiftEntry_update(array('id' => $id, 'Comment' => $comment, 'freeloaded' => $freeloaded, 'freeload_comment' => $freeload_comment));
                if ($result === false) {
                    engelsystem_error('Unable to update shift entr.');
                }
                engelsystem_log("Updated " . User_Nick_render($user_source) . "'s shift " . $shift['name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']) . " with comment " . $comment . ". Freeloaded: " . ($freeloaded ? "YES Comment: " . $freeload_comment : "NO"));
                success(_("Shift saved."));
                redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']);
            }
            return ShiftEntry_edit_view(User_Nick_render($shifts_user), date("Y-m-d H:i", $shift['start']) . ', ' . shift_length($shift), $shift['Name'], $shift['name'], $shift['angel_type'], $shift['Comment'], $shift['freeloaded'], $shift['freeload_comment'], in_array("user_shifts_admin", $privileges));
        } else {
            redirect(page_link_to('user_myshifts'));
        }
    } elseif (isset($_REQUEST['cancel']) && preg_match("/^[0-9]*\$/", $_REQUEST['cancel'])) {
        $id = $_REQUEST['cancel'];
        $shift = sql_select("\n        SELECT *\n        FROM `Shifts` \n        INNER JOIN `ShiftEntry` USING (`SID`) \n        WHERE `ShiftEntry`.`id`='" . sql_escape($id) . "' AND `UID`='" . sql_escape($shifts_user['UID']) . "'");
        if (count($shift) > 0) {
            $shift = $shift[0];
            if ($shift['start'] > time() + $LETZTES_AUSTRAGEN * 3600 || in_array('user_shifts_admin', $privileges)) {
                $result = ShiftEntry_delete($id);
                if ($result === false) {
                    engelsystem_error('Unable to delete shift entry.');
                }
                $room = Room($shift['RID']);
                $angeltype = AngelType($shift['TID']);
                $shifttype = ShiftType($shift['shifttype_id']);
                engelsystem_log("Deleted own shift: " . $shifttype['name'] . " at " . $room['Name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']) . " as " . $angeltype['name']);
                success(_("You have been signed off from the shift."));
            } else {
                error(_("It's too late to sign yourself off the shift. If neccessary, ask the dispatcher to do so."));
            }
        } else {
            redirect(user_link($shifts_user));
        }
    }
    redirect(page_link_to('users') . '&action=view');
}