function user_atom()
{
global $ical_shifts, $user, $DISPLAY_NEWS;
if (isset($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}\$/", $_REQUEST['key'])) {
$key = $_REQUEST['key'];
} else {
die("Missing key.");
}
$user = User_by_api_key($key);
if ($user === false) {
die("Unable to find user.");
}
if ($user == null) {
die("Key invalid.");
}
if (!in_array('atom', privileges_for_user($user['UID']))) {
die("No privilege for atom.");
}
$news = sql_select("SELECT * FROM `News` " . (empty($_REQUEST['meetings']) ? '' : 'WHERE `Treffen` = 1 ') . "ORDER BY `ID` DESC LIMIT " . sql_escape($DISPLAY_NEWS));
header('Content-Type: application/atom+xml; charset=utf-8');
$html = '<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
<title>Engelsystem</title>
<id>' . $_SERVER['HTTP_HOST'] . htmlspecialchars(preg_replace('#[&?]key=[a-f0-9]{32}#', '', $_SERVER['REQUEST_URI'])) . '</id>
<updated>' . date('Y-m-d\\TH:i:sP', $news[0]['Datum']) . "</updated>\n";
foreach ($news as $news_entry) {
$html .= " <entry>\n <title>" . htmlspecialchars($news_entry['Betreff']) . "</title>\n <link href=\"" . page_link_to_absolute("news_comments&nid=") . "{$news_entry['ID']}\"/>\n <id>" . preg_replace('#^https?://#', '', page_link_to_absolute("news")) . "-{$news_entry['ID']}</id>\n <updated>" . date('Y-m-d\\TH:i:sP', $news_entry['Datum']) . "</updated>\n <summary type=\"html\">" . htmlspecialchars($news_entry['Text']) . "</summary>\n </entry>\n";
}
$html .= "</feed>";
header("Content-Length: " . strlen($html));
echo $html;
die;
}
function isGeokretInCache($cacheid)
{
$sql = "SELECT wp_oc, wp_gc, wp_nc,wp_ge,wp_tc FROM caches WHERE cache_id = '" . sql_escape(intval($cacheid)) . "'";
$cache_record = mysql_fetch_array(mysql_query($sql));
// get cache waypoint
$cache_wp = '';
if ($cache_record['wp_oc'] != '') {
$cache_wp = $cache_record['wp_oc'];
} else {
if ($cache_record['wp_gc'] != '') {
$cache_wp = $cache_record['wp_gc'];
} else {
if ($cache_record['wp_nc'] != '') {
$cache_wp = $cache_record['wp_nc'];
} else {
if ($cache_record['wp_ge'] != '') {
$cache_wp = $cache_record['wp_ge'];
} else {
if ($cache_record['wp_tc'] != '') {
$cache_wp = $cache_record['wp_tc'];
}
}
}
}
}
$geokret_sql = "SELECT id FROM gk_item WHERE id IN (SELECT id FROM gk_item_waypoint WHERE wp = '" . sql_escape($cache_wp) . "') AND stateid<>1 AND stateid<>4 AND stateid <>5 AND typeid<>2";
$geokret_query = sql($geokret_sql);
if (mysql_num_rows($geokret_query) == 0) {
// no geokrets in this cache
return 0;
} else {
return 1;
}
}
/**
* url: /?p=api_key
* Returns api_key for user by basic authentication
* {
* api_token: "TOKEN"
* }
*/
function getAPIKey()
{
header("Content-Type: application/json; charset=utf-8");
$user = $_SERVER["PHP_AUTH_USER"];
$password = $_SERVER["PHP_AUTH_PW"];
if ($user == "" || $password == "") {
// user is not authenticated
header("WWW-Authenticate: Basic realm=Authorization Required");
header("HTTP/1.1 401 unauthorized");
echo "{\"error\": \"please send basic auth header\"}";
die;
} else {
// check user
$foundUser = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($user) . "'");
// find user by username
if (count($foundUser) == 1) {
$user = $foundUser[0];
if (verify_password($password, $user['Passwort'], $user['UID'])) {
echo "{\"api_token\": \"" . $user["api_key"] . "\"}";
}
} else {
// TODO: handle wrong auth
header("HTTP/1.1 403 Forbidden");
echo "{\"error\": \"forbidden\"}";
}
die;
}
}
private function match_tag_list($s)
{
global $database, $config;
$max_rows = $config->get_int("ext_tagger_tag_max", 30);
$limit_rows = $config->get_int("ext_tagger_limit", 30);
$values = array();
// Match
$p = strlen($s) == 1 ? " " : "\\_";
$sq = "%" . $p . sql_escape($s) . "%";
$match = "concat(?,tag) LIKE ?";
array_push($values, $p, $sq);
// Exclude
// $exclude = $event->get_arg(1)? "AND NOT IN ".$this->image_tags($event->get_arg(1)) : null;
// Hidden Tags
$hidden = $config->get_string('ext-tagger_show-hidden', 'N') == 'N' ? "AND substring(tag,1,1) != '.'" : null;
$q_where = "WHERE {$match} {$hidden} AND count > 0";
// FROM based on return count
$count = $this->count($q_where, $values);
if ($count > $max_rows) {
$q_from = "FROM (SELECT * FROM `tags` {$q_where} " . "ORDER BY count DESC LIMIT 0, {$limit_rows}) AS `c_tags`";
$q_where = null;
$count = array("max" => $count);
} else {
$q_from = "FROM `tags`";
$count = null;
}
$tags = $database->Execute("\n\t\t\tSELECT *\n\t\t\t{$q_from}\n\t\t\t{$q_where}\n\t\t\tORDER BY tag", $values);
return $this->list_to_xml($tags, "search", $s, $count);
}
function privileges_for_group($group_id)
{
$privileges = array();
$groups_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`='" . sql_escape($group_id) . "'");
foreach ($groups_privs as $guest_priv) {
$privileges[] = $guest_priv['name'];
}
return $privileges;
}
function getUsername($userid)
{
$sql = "SELECT username FROM user WHERE user_id='" . sql_escape(intval($userid)) . "'";
$query = mysql_query($sql) or die;
if (mysql_num_rows($query) > 0) {
return mysql_result($query, 0);
}
return null;
}
function articles_delete($id_article)
{
$sql1 = "DELETE FROM `articles` WHERE `id_article`='%s'";
$query = sprintf($sql1, sql_escape($id_article));
$result = mysqli_query(getDbConnect(), $query);
if (!$result) {
die(mysqli_error());
}
return true;
}
function processSubscribePageEdit($id)
{
if (!empty($_POST['disposable_mailblocker_enable'])) {
$enabled = 1;
} else {
$enabled = 1;
}
Sql_Query(sprintf('replace into %s (id,name,data) values(%d,"disposable_mailblocker_enable","%s")', $GLOBALS['tables']["subscribepage_data"], $id, sql_escape($enabled)));
Sql_Query(sprintf('replace into %s (id,name,data) values(%d,"disposable_mailblocker_text","%s")', $GLOBALS['tables']["subscribepage_data"], $id, sql_escape($_POST['disposable_mailblocker_text'])));
}
/**
* Returns room by id.
*
* @param $id RID
*/
function Room($id)
{
$room_source = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($id) . "' AND `show` = 'Y'");
if ($room_source === false) {
return false;
}
if (count($room_source) > 0) {
return $room_source[0];
}
return null;
}
function articles_edit($id_article, $name, $content)
{
//Безопасность данных от иньекций
$id_article = (int) $id_article;
$name = sql_escape($name);
$content = sql_escape($content);
//Запрос в бд
$request = "UPDATE `lesson2` SET `name`='{$name}', `content`='{$content}' WHERE `id`='{$id_article}'";
//Выполняем запрос
mysqli_query(getDbConnect(), $request);
}
/** This function sets a usersetting
* Only the values of the admin user are taken into account for this
*/
function change_usersetting($sn, $value, $is, $uid)
{
global $kfm;
$s = db_fetch_row('SELECT id FROM ' . KFM_DB_PREFIX . 'settings WHERE name="' . sql_escape($sn) . '" and user_id=' . $uid);
if ($s && count($s)) {
$kfm->db->query('UPDATE ' . KFM_DB_PREFIX . 'settings SET value="' . sql_escape($value) . '", usersetting=' . $is . ' WHERE name="' . sql_escape($sn) . '" AND user_id=' . $uid);
} else {
$sql = 'INSERT INTO ' . KFM_DB_PREFIX . 'settings (name, value, user_id, usersetting) VALUES ("' . sql_escape($sn) . '","' . sql_escape($value) . '", ' . $uid . ',' . sql_escape($is) . ')';
$kfm->db->query($sql);
}
}
function remove_watch($cache_id, $user_id)
{
//remove watch
sql('DELETE FROM cache_watches WHERE cache_id=\'' . sql_escape($cache_id) . '\' AND user_id=\'' . sql_escape($user_id) . '\'');
//remove from caches
$rs = sql('SELECT watcher FROM caches WHERE cache_id=\'' . sql_escape($cache_id) . '\'');
if (mysql_num_rows($rs) > 0) {
$record = mysql_fetch_array($rs);
sql('UPDATE caches SET watcher=\'' . ($record['watcher'] - 1) . '\' WHERE cache_id=\'' . sql_escape($cache_id) . '\'');
}
}
/**
* Get a shift type by id.
*
* @param int $shifttype_id
*/
function ShiftType($shifttype_id)
{
$shifttype = sql_select("SELECT * FROM `ShiftTypes` WHERE `id`='" . sql_escape($shifttype_id) . "'");
if ($shifttype === false) {
return false;
}
if ($shifttype == null) {
return null;
}
return $shifttype[0];
}
function sql_validate_value($var, $conn)
{
if (is_null($var)) {
return 'NULL';
} else {
if (is_string($var)) {
return "'" . sql_escape($var, $conn) . "'";
} else {
return is_bool($var) ? intval($var) : $var;
}
}
}
/**
* TODO: use validation functions, return new message id
* TODO: global $user con not be used in model!
* send message
*
* @param $id User
* ID of Reciever
* @param $text Text
* of Message
*/
function Message_send($id, $text)
{
global $user;
$text = preg_replace("/([^\\p{L}\\p{P}\\p{Z}\\p{N}\n]{1,})/ui", '', strip_tags($text));
$to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($id));
if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($to) . "' AND NOT `UID`='" . sql_escape($user['UID']) . "' LIMIT 1") > 0) {
sql_query("INSERT INTO `Messages` SET `Datum`='" . sql_escape(time()) . "', `SUID`='" . sql_escape($user['UID']) . "', `RUID`='" . sql_escape($to) . "', `Text`='" . sql_escape($text) . "'");
return true;
} else {
return false;
}
}
function flushToDB($table, $pks, $val)
{
$cb = new coordinate_batch();
$cb->openGK();
for ($n = 0; $n < count($val); $n++) {
$cb->writeGK($val[$n]['X1'], $val[$n]['Y1']);
$cb->writeGK($val[$n]['X2'], $val[$n]['Y2']);
}
$coords = $cb->analyseOutput();
for ($n = 0; $n < count($pks); $n++) {
sql("UPDATE `bfn_wgs84`.`" . sql_escape($table) . "` SET `x1`='&1', `x2`='&2', `y1`='&3', `y2`='&4' \r\n\t\t WHERE `GID`='&5' AND `ESEQ`='&6' AND `SEQ`='&7'", $coords[$n * 2]['lon'], $coords[$n * 2 + 1]['lon'], $coords[$n * 2]['lat'], $coords[$n * 2 + 1]['lat'], $pks[$n]['GID'], $pks[$n]['ESEQ'], $pks[$n]['SEQ']);
}
}
function admin_getpaypaltransactions($currency = false, $from = false, $to = false)
{
$qu = sql_exec("select xid,min(time) as time," . "subtract_money('',sum_money(change)) as change " . "from transaction_log where " . "xid in (select xid from transaction_log where " . "(account like 'anon-deposits:%' or " . "account like 'deposits:%' or " . "account like 'subscription-payments:%' or " . "account like 'withdrawals:%')" . ($currency === false ? "" : " and change like '%" . sql_escape($currency) . "'") . ($from === false ? "" : " and time >= " . intval($from)) . ($to === false ? "" : " and time < " . intval($to)) . ") and (account like 'anon-deposits:%' or " . "account like 'deposits:%' or " . "account='paypal-fee' or " . "account like 'subscription-payments:%' or " . "account like 'withdrawals:%') " . "group by xid order by xid");
if ($qu === false) {
return private_dberr();
}
$transactions = array();
for ($i = 0; $i < sql_numrows($qu); $i++) {
$row = sql_fetch_array($qu, $i);
$transactions[intval($row["xid"])] = array("xid" => intval($row["xid"]), "time" => intval($row["time"]), "change" => "{$row['change']}");
}
return array(0, $transactions);
}
function sql_filter()
{
if (!($args = func_get_args())) {
return false;
}
$sql = array_shift($args);
$count_args = count($args);
$sql = str_replace('%', '[!]', $sql);
if (!$count_args || $count_args < 1) {
return str_replace('[!]', '%', $sql);
}
if ($count_args == 1 && is_array($args[0])) {
$args = $args[0];
}
$_args = array();
foreach ($args as $i => $arg) {
if (strpos($arg, '/***/') !== false) {
$_args[$i] = $arg;
} else {
$_args[$i] = sql_escape($arg);
}
}
$args = $_args;
foreach ($args as $i => $row) {
if (strpos($row, 'addquotes') !== false) {
$e_row = explode(',', $row);
array_shift($e_row);
foreach ($e_row as $j => $jr) {
$e_row[$j] = "'" . $jr . "'";
}
$args[$i] = implode(',', $e_row);
}
}
array_unshift($args, str_replace(w('?? ?'), w("%s '%s'"), $sql));
// Conditional deletion of lines if input is zero
if (strpos($args[0], '-- ') !== false) {
$e_sql = explode("\n", $args[0]);
$matches = 0;
foreach ($e_sql as $i => $row) {
$e_sql[$i] = str_replace('-- ', '', $row);
if (strpos($row, '%s')) {
$matches++;
}
if (strpos($row, '-- ') !== false && !$args[$matches]) {
unset($e_sql[$i], $args[$matches]);
}
}
$args[0] = implode($e_sql);
}
return str_replace('[!]', '%', hook('sprintf', $args));
}
function auth_user()
{
global $usr, $login;
$login->verify();
if ($login->userid != 0) {
//set up $usr array
$usr['userid'] = $login->userid;
$usr['email'] = sqlValue("SELECT `email` FROM `user` WHERE `user_id`='" . sql_escape($login->userid) . "'", '');
$usr['username'] = $login->username;
} else {
$usr = false;
}
return;
}
/**
* Get Cookie Value
* Get the value from cookie
*
* @param string Cookie name
* @return mixed
*/
public static function GetCookie($name)
{
self::checkValues();
if (isset($_COOKIE[self::$prefix . str_replace(".", "_", $name)])) {
$value = $_COOKIE[self::$prefix . str_replace(".", "_", $name)];
if (substr($value, 0, 2) == "a:") {
return sql_escape(unserialize(stripslashes(urldecode($value))));
} else {
return sql_escape(stripslashes(urldecode($value)));
}
} else {
return FALSE;
}
}
function _add_index($table, $cols, $type = "INDEX")
{
$table = sql_escape($table);
$cols = array_map('sql_escape', $cols);
$type = sql_escape($type);
if (sql_num_query("SHOW INDEX FROM `" . $table . "` WHERE `Key_name` = '" . $cols[0] . "'") == 0) {
sql_query("ALTER TABLE `" . $table . "` ADD " . $type . " (`" . implode($cols, '`,`') . "`)");
global $applied;
$applied = true;
return true;
} else {
return false;
}
}
function get_logtype_names()
{
global $locale, $opt;
if (!isset($locale)) {
$locale = $opt['template']['locale'];
}
$log_types = array();
$rs = sql("SELECT `log_types`.`id`,\n\t\t IFNULL(`sys_trans_text`.`text`,`log_types`.`en`) AS `type_name`\n\t\t FROM `log_types`\n LEFT JOIN `sys_trans_text` ON `sys_trans_text`.`trans_id` = `log_types`.`trans_id` AND `sys_trans_text`.`lang`='" . sql_escape($locale) . "'");
while ($r = sql_fetch_array($rs)) {
$log_types[$r['id']] = $r['type_name'];
}
sql_free_result($rs);
return $log_types;
}
public function run()
{
global $opt;
$known_ids = [];
foreach ($opt['db']['slaves'] as $k => $v) {
$this->check_slave($k);
$known_ids[] = "'" . sql_escape($k) . "'";
}
if (count($known_ids) > 0) {
sql("DELETE FROM `sys_repl_slaves` WHERE `id` NOT IN (" . implode(',', $known_ids) . ")");
} else {
sql("DELETE FROM `sys_repl_slaves`");
}
// now, clean up sys_repl_exclude
sql("DELETE FROM `sys_repl_exclude` WHERE `datExclude`<DATE_SUB(NOW(), INTERVAL '&1' SECOND)", $opt['db']['slave']['max_behind']);
}
function admin_news()
{
global $user;
if (!isset($_GET["action"])) {
redirect(page_link_to("news"));
} else {
$html = '<div class="col-md-12"><h1>' . _("Edit news entry") . '</h1>' . msg();
if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) {
$id = $_REQUEST['id'];
} else {
return error("Incomplete call, missing News ID.", true);
}
$news = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($id) . "' LIMIT 1");
if (count($news) > 0) {
switch ($_REQUEST["action"]) {
default:
redirect(page_link_to('news'));
case 'edit':
list($news) = $news;
$user_source = User($news['UID']);
if ($user_source === false) {
engelsystem_error("Unable to load user.");
}
$html .= form(array(form_info(_("Date"), date("Y-m-d H:i", $news['Datum'])), form_info(_("Author"), User_Nick_render($user_source)), form_text('eBetreff', _("Subject"), $news['Betreff']), form_textarea('eText', _("Message"), $news['Text']), form_checkbox('eTreffen', _("Meeting"), $news['Treffen'] == 1, 1), form_submit('submit', _("Save"))), page_link_to('admin_news&action=save&id=' . $id));
$html .= '<a class="btn btn-danger" href="' . page_link_to('admin_news&action=delete&id=' . $id) . '"><span class="glyphicon glyphicon-trash"></span> ' . _("Delete") . '</a>';
break;
case 'save':
list($news) = $news;
sql_query("UPDATE `News` SET \n `Datum`='" . sql_escape(time()) . "', \n `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', \n `Text`='" . sql_escape($_POST["eText"]) . "', \n `UID`='" . sql_escape($user['UID']) . "', \n `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' \n WHERE `ID`='" . sql_escape($id) . "'");
engelsystem_log("News updated: " . $_POST["eBetreff"]);
success(_("News entry updated."));
redirect(page_link_to("news"));
break;
case 'delete':
list($news) = $news;
sql_query("DELETE FROM `News` WHERE `ID`='" . sql_escape($id) . "' LIMIT 1");
engelsystem_log("News deleted: " . $news['Betreff']);
success(_("News entry deleted."));
redirect(page_link_to("news"));
break;
}
} else {
return error("No News found.", true);
}
}
return $html . '</div>';
}
function admin_free()
{
global $privileges;
$search = "";
if (isset($_REQUEST['search'])) {
$search = strip_request_item('search');
}
$angeltypesearch = "";
if (empty($_REQUEST['angeltype'])) {
$_REQUEST['angeltype'] = '';
} else {
$angeltypesearch = " INNER JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id` = '" . sql_escape($_REQUEST['angeltype']) . "' AND `UserAngelTypes`.`user_id` = `User`.`UID`";
if (isset($_REQUEST['confirmed_only'])) {
$angeltypesearch .= " AND `UserAngelTypes`.`confirm_user_id`";
}
$angeltypesearch .= ") ";
}
$angel_types_source = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `name`");
$angel_types = array('' => 'alle Typen');
foreach ($angel_types_source as $angel_type) {
$angel_types[$angel_type['id']] = $angel_type['name'];
}
$users = sql_select("\n SELECT `User`.* \n FROM `User` \n {$angeltypesearch} \n LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` \n LEFT JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID` AND `Shifts`.`start` < '" . sql_escape(time()) . "' AND `Shifts`.`end` > '" . sql_escape(time()) . "') \n WHERE `User`.`Gekommen` = 1 AND `Shifts`.`SID` IS NULL \n GROUP BY `User`.`UID` \n ORDER BY `Nick`");
$free_users_table = array();
if ($search == "") {
$tokens = array();
} else {
$tokens = explode(" ", $search);
}
foreach ($users as $usr) {
if (count($tokens) > 0) {
$match = false;
$index = join("", $usr);
foreach ($tokens as $t) {
if (stristr($index, trim($t))) {
$match = true;
break;
}
}
if (!$match) {
continue;
}
}
$free_users_table[] = array('name' => User_Nick_render($usr), 'shift_state' => User_shift_state_render($usr), 'handy' => $usr['Handy'], 'telefon' => $usr['Telefon'], 'email' => $usr['email'], 'kommentar' => $usr['kommentar'], 'actions' => in_array('admin_user', $privileges) ? button(page_link_to('admin_user') . '&id=' . $usr['UID'], _("edit"), 'btn-xs') : '');
}
return page_with_title(admin_free_title(), array(form(array(div('row', array(div('col-md-4', array(form_text('search', _("Search"), $search))), div('col-md-4', array(form_select('angeltype', _("Angeltype"), $angel_types, $_REQUEST['angeltype']))), div('col-md-2', array(form_checkbox('confirmed_only', _("Only confirmed"), isset($_REQUEST['confirmed_only'])))), div('col-md-2', array(form_submit('submit', _("Search")))))))), table(array('name' => _("Nick"), 'shift_state' => '', 'handy' => _("Mobile"), 'telefon' => _("Phone"), 'email' => _("E-Mail"), 'kommentar' => _("add. Info"), 'actions' => ''), $free_users_table)));
}
function user_questions()
{
global $user;
if (!isset($_REQUEST['action'])) {
$open_questions = sql_select("SELECT * FROM `Questions` WHERE `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'");
$answered_questions = sql_select("SELECT * FROM `Questions` WHERE NOT `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'");
foreach ($answered_questions as &$question) {
$answer_user_source = User($question['AID']);
if ($answer_user_source === false) {
engelsystem_error(_("Unable to load user."));
}
$question['answer_user'] = User_Nick_render($answer_user_source);
}
return Questions_view($open_questions, $answered_questions, page_link_to("user_questions") . '&action=ask');
} else {
switch ($_REQUEST['action']) {
case 'ask':
$question = strip_request_item_nl('question');
if ($question != "") {
$result = sql_query("INSERT INTO `Questions` SET `UID`='" . sql_escape($user['UID']) . "', `Question`='" . sql_escape($question) . "'");
if ($result === false) {
engelsystem_error(_("Unable to save question."));
}
success(_("You question was saved."));
redirect(page_link_to("user_questions"));
} else {
return page_with_title(questions_title(), array(error(_("Please enter a question!"), true)));
}
break;
case 'delete':
if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) {
$id = $_REQUEST['id'];
} else {
return error(_("Incomplete call, missing Question ID."), true);
}
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1");
if (count($question) > 0 && $question[0]['UID'] == $user['UID']) {
sql_query("DELETE FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1");
redirect(page_link_to("user_questions"));
} else {
return page_with_title(questions_title(), array(error(_("No question found."), true)));
}
break;
}
}
}
function kfm_api_getDirectoryId($address)
{
global $kfmdb;
$arr = explode('/', $address);
$curdir = 1;
if ($arr[count($arr) - 1] == '' && count($arr) > 1) {
array_pop($arr);
}
foreach ($arr as $n) {
$r = db_fetch_row("select id from " . KFM_DB_PREFIX . "directories where parent=" . $curdir . " and name='" . sql_escape($n) . "'");
if ($r === false || !count($r)) {
return 0;
}
$curdir = $r['id'];
}
return $curdir;
}
function get($name)
{
if (isset($this->vars[$name])) {
return $this->vars[$name];
}
$res = db_fetch_row("SELECT varvalue FROM " . KFM_DB_PREFIX . "session_vars WHERE session_id=" . $this->id . " and varname='" . sql_escape($name) . "'");
if (count($res)) {
$ret = json_decode('[' . stripslashes($res['varvalue']) . ']', true);
if (count($ret)) {
$ret = $ret[0];
} else {
$ret = '';
}
$this->vars[$name] = $ret;
return $ret;
}
return null;
}
function user_ical()
{
global $ical_shifts, $user;
if (isset($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}\$/", $_REQUEST['key'])) {
$key = $_REQUEST['key'];
} else {
die("Missing key.");
}
$user = User_by_api_key($key);
if ($user === false) {
die("Unable to find user.");
}
if ($user == null) {
die("Key invalid.");
}
if (!in_array('ical', privileges_for_user($user['UID']))) {
die("No privilege for ical.");
}
if (isset($_REQUEST['export']) && $_REQUEST['export'] == 'user_shifts') {
require_once realpath(__DIR__ . '/user_shifts.php');
view_user_shifts();
} else {
$ical_shifts = sql_select("\n SELECT `ShiftTypes`.`name`, `Shifts`.*, `Room`.`Name` as `room_name`\n FROM `ShiftEntry`\n INNER JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`)\n JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n INNER JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`)\n WHERE `UID`='" . sql_escape($user['UID']) . "'\n ORDER BY `start`");
}
header("Content-Type: text/calendar; charset=utf-8");
$html = "BEGIN:VCALENDAR\r\nVERSION:2.0\r\nPRODID:-//-//Engelsystem//DE\r\nCALSCALE:GREGORIAN\r\n";
foreach ($ical_shifts as $shift) {
$html .= "BEGIN:VEVENT\r\n";
$html .= "UID:" . md5($shift['start'] . $shift['end'] . $shift['name']) . "\r\n";
$html .= "SUMMARY:" . str_replace("\n", "\\n", $shift['name']) . " (" . str_replace("\n", "\\n", $shift['title']) . ")\r\n";
if (isset($shift['Comment'])) {
$html .= "DESCRIPTION:" . str_replace("\n", "\\n", $shift['Comment']) . "\r\n";
}
$html .= "DTSTART;TZID=Europe/Berlin:" . date("Ymd\\THis", $shift['start']) . "\r\n";
$html .= "DTEND;TZID=Europe/Berlin:" . date("Ymd\\THis", $shift['end']) . "\r\n";
$html .= "LOCATION:" . $shift['room_name'] . "\r\n";
$html .= "END:VEVENT\r\n";
}
$html .= "END:VCALENDAR\r\n";
$html = trim($html, "\n");
header("Content-Length: " . strlen($html));
echo $html;
die;
}
function importGns($filename, $dblink)
{
echo "Importing '{$filename}'...\n";
$file = fopen($filename, "r");
$cnt = 0;
while ($line = fgets($file, 4096)) {
if ($cnt++ == 0) {
// skip first line
continue;
}
$gns = mb_split("\t", $line);
sql("INSERT IGNORE INTO gns_locations SET\n\t\t\t\t\trc = '" . sql_escape($gns[0]) . "',\n\t\t\t\t\tufi = '" . sql_escape($gns[1]) . "',\n\t\t\t\t\tuni = '" . sql_escape($gns[2]) . "',\n\t\t\t\t\tlat = '" . sql_escape($gns[3]) . "',\n\t\t\t\t\tlon = '" . sql_escape($gns[4]) . "',\n\t\t\t\t\tdms_lat = '" . sql_escape($gns[5]) . "',\n\t\t\t\t\tdms_lon = '" . sql_escape($gns[6]) . "',\n\t\t\t\t\tutm = '" . sql_escape($gns[7]) . "',\n\t\t\t\t\tjog = '" . sql_escape($gns[8]) . "',\n\t\t\t\t\tfc = '" . sql_escape($gns[9]) . "',\n\t\t\t\t\tdsg = '" . sql_escape($gns[10]) . "',\n\t\t\t\t\tpc = '" . sql_escape($gns[11]) . "',\n\t\t\t\t\tcc1 = '" . sql_escape($gns[12]) . "',\n\t\t\t\t\tadm1 = '" . sql_escape($gns[13]) . "',\n\t\t\t\t\tadm2 = _utf8'" . sql_escape($gns[14]) . "',\n\t\t\t\t\tdim = '" . sql_escape($gns[15]) . "',\n\t\t\t\t\tcc2 = '" . sql_escape($gns[16]) . "',\n\t\t\t\t\tnt = '" . sql_escape($gns[17]) . "',\n\t\t\t\t\tlc = '" . sql_escape($gns[18]) . "',\n\t\t\t\t\tSHORT_FORM = _utf8'" . sql_escape($gns[19]) . "',\n\t\t\t\t\tGENERIC = _utf8'" . sql_escape($gns[20]) . "',\n\t\t\t\t\tSORT_NAME = _utf8'" . sql_escape($gns[21]) . "',\n\t\t\t\t\tFULL_NAME = _utf8'" . sql_escape($gns[22]) . "',\n\t\t\t\t\tFULL_NAME_ND = _utf8'" . sql_escape($gns[23]) . "',\n\t\t\t\t\tMOD_DATE = '" . sql_escape($gns[24]) . "'");
}
fclose($file);
echo "{$cnt} Records imported\n";
// ein paar Querschläger gleich korrigieren ...
sql("UPDATE gns_locations SET full_name='Zeluce' WHERE uni=100528 LIMIT 1");
sql("UPDATE gns_locations SET full_name='Zitaraves' WHERE uni=-2780984 LIMIT 1");
sql("UPDATE gns_locations SET full_name='Zvabek' WHERE uni=105075 LIMIT 1");
}