Пример #1
0
/**
 * Check if an angel can sign up for given shift.
 *
 * @param Shift $shift          
 * @param AngelType $angeltype          
 * @param array<Shift> $user_shifts          
 */
function Shift_signup_allowed($shift, $angeltype, $user_angeltype = null, $user_shifts = null)
{
    global $user, $privileges;
    if ($user_shifts == null) {
        $user_shifts = Shifts_by_user($user);
        if ($user_shifts === false) {
            engelsystem_error('Unable to load users shifts.');
        }
    }
    $collides = Shift_collides($shift, $user_shifts);
    if ($user_angeltype == null) {
        $user_angeltype = UserAngelType_by_User_and_AngelType($user, $angeltype);
        if ($user_angeltype === false) {
            engelsystem_error('Unable to load user angeltype.');
        }
    }
    $signed_up = false;
    foreach ($user_shifts as $user_shift) {
        if ($user_shift['SID'] == $shift['SID']) {
            $signed_up = true;
            break;
        }
    }
    $needed_angeltypes = NeededAngelTypes_by_shift($shift['SID']);
    if ($needed_angeltypes === false) {
        engelsystem_error('Unable to load needed angel types.');
    }
    // is the shift still running or alternatively is the user shift admin?
    $user_may_join_shift = true;
    // you canot join if shift is full
    foreach ($needed_angeltypes as $needed_angeltype) {
        if ($needed_angeltype['angel_type_id'] == $angeltype['id']) {
            if ($needed_angeltype['taken'] >= $needed_angeltype['count']) {
                $user_may_join_shift = false;
            }
            break;
        }
    }
    // you cannot join if user alread joined a parallel or this shift
    $user_may_join_shift &= !$collides;
    // you cannot join if you already singed up for this shift
    $user_may_join_shift &= !$signed_up;
    // you cannot join if user is not of this angel type
    $user_may_join_shift &= $user_angeltype != null;
    // you cannot join if you are not confirmed
    if ($angeltype['restricted'] == 1 && $user_angeltype != null) {
        $user_may_join_shift &= isset($user_angeltype['confirm_user_id']);
    }
    // you can only join if the shift is in future
    $user_may_join_shift &= time() < $shift['start'];
    // User shift admins may join anybody in every shift
    $user_may_join_shift |= in_array('user_shifts_admin', $privileges);
    return $user_may_join_shift;
}
Пример #2
0
function admin_news()
{
    global $user;
    if (!isset($_GET["action"])) {
        redirect(page_link_to("news"));
    } else {
        $html = '<div class="col-md-12"><h1>' . _("Edit news entry") . '</h1>' . msg();
        if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) {
            $id = $_REQUEST['id'];
        } else {
            return error("Incomplete call, missing News ID.", true);
        }
        $news = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($id) . "' LIMIT 1");
        if (count($news) > 0) {
            switch ($_REQUEST["action"]) {
                default:
                    redirect(page_link_to('news'));
                case 'edit':
                    list($news) = $news;
                    $user_source = User($news['UID']);
                    if ($user_source === false) {
                        engelsystem_error("Unable to load user.");
                    }
                    $html .= form(array(form_info(_("Date"), date("Y-m-d H:i", $news['Datum'])), form_info(_("Author"), User_Nick_render($user_source)), form_text('eBetreff', _("Subject"), $news['Betreff']), form_textarea('eText', _("Message"), $news['Text']), form_checkbox('eTreffen', _("Meeting"), $news['Treffen'] == 1, 1), form_submit('submit', _("Save"))), page_link_to('admin_news&action=save&id=' . $id));
                    $html .= '<a class="btn btn-danger" href="' . page_link_to('admin_news&action=delete&id=' . $id) . '"><span class="glyphicon glyphicon-trash"></span> ' . _("Delete") . '</a>';
                    break;
                case 'save':
                    list($news) = $news;
                    sql_query("UPDATE `News` SET \n              `Datum`='" . sql_escape(time()) . "', \n              `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', \n              `Text`='" . sql_escape($_POST["eText"]) . "', \n              `UID`='" . sql_escape($user['UID']) . "', \n              `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' \n              WHERE `ID`='" . sql_escape($id) . "'");
                    engelsystem_log("News updated: " . $_POST["eBetreff"]);
                    success(_("News entry updated."));
                    redirect(page_link_to("news"));
                    break;
                case 'delete':
                    list($news) = $news;
                    sql_query("DELETE FROM `News` WHERE `ID`='" . sql_escape($id) . "' LIMIT 1");
                    engelsystem_log("News deleted: " . $news['Betreff']);
                    success(_("News entry deleted."));
                    redirect(page_link_to("news"));
                    break;
            }
        } else {
            return error("No News found.", true);
        }
    }
    return $html . '</div>';
}
Пример #3
0
function Shift_signup_button_render($shift, $angeltype, $user_angeltype = null, $user_shifts = null)
{
    global $user;
    if ($user_angeltype == null) {
        $user_angeltype = UserAngelType_by_User_and_AngelType($user, $angeltype);
        if ($user_angeltype === false) {
            engelsystem_error('Unable to load user angeltype.');
        }
    }
    if (Shift_signup_allowed($shift, $angeltype, $user_angeltype, $user_shifts)) {
        return button(page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'], _('Sign up'));
    } elseif ($user_angeltype == null) {
        return button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], sprintf(_('Become %s'), $angeltype['name']));
    } else {
        return '';
    }
}
Пример #4
0
function user_questions()
{
    global $user;
    if (!isset($_REQUEST['action'])) {
        $open_questions = sql_select("SELECT * FROM `Questions` WHERE `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'");
        $answered_questions = sql_select("SELECT * FROM `Questions` WHERE NOT `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'");
        foreach ($answered_questions as &$question) {
            $answer_user_source = User($question['AID']);
            if ($answer_user_source === false) {
                engelsystem_error(_("Unable to load user."));
            }
            $question['answer_user'] = User_Nick_render($answer_user_source);
        }
        return Questions_view($open_questions, $answered_questions, page_link_to("user_questions") . '&action=ask');
    } else {
        switch ($_REQUEST['action']) {
            case 'ask':
                $question = strip_request_item_nl('question');
                if ($question != "") {
                    $result = sql_query("INSERT INTO `Questions` SET `UID`='" . sql_escape($user['UID']) . "', `Question`='" . sql_escape($question) . "'");
                    if ($result === false) {
                        engelsystem_error(_("Unable to save question."));
                    }
                    success(_("You question was saved."));
                    redirect(page_link_to("user_questions"));
                } else {
                    return page_with_title(questions_title(), array(error(_("Please enter a question!"), true)));
                }
                break;
            case 'delete':
                if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) {
                    $id = $_REQUEST['id'];
                } else {
                    return error(_("Incomplete call, missing Question ID."), true);
                }
                $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1");
                if (count($question) > 0 && $question[0]['UID'] == $user['UID']) {
                    sql_query("DELETE FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1");
                    redirect(page_link_to("user_questions"));
                } else {
                    return page_with_title(questions_title(), array(error(_("No question found."), true)));
                }
                break;
        }
    }
}
Пример #5
0
function shift_controller()
{
    global $user, $privileges;
    if (!in_array('user_shifts', $privileges)) {
        redirect(page_link_to('?'));
    }
    if (!isset($_REQUEST['shift_id'])) {
        redirect(page_link_to('user_shifts'));
    }
    $shift = Shift($_REQUEST['shift_id']);
    if ($shift === false) {
        engelsystem_error('Unable to load shift.');
    }
    if ($shift == null) {
        error(_('Shift could not be found.'));
        redirect(page_link_to('user_shifts'));
    }
    $shifttype = ShiftType($shift['shifttype_id']);
    if ($shifttype === false || $shifttype == null) {
        engelsystem_error('Unable to load shift type.');
    }
    $room = Room($shift['RID']);
    if ($room === false || $room == null) {
        engelsystem_error('Unable to load room.');
    }
    $angeltypes = AngelTypes();
    if ($angeltypes === false) {
        engelsystem_error('Unable to load angeltypes.');
    }
    $user_shifts = Shifts_by_user($user);
    if ($user_shifts === false) {
        engelsystem_error('Unable to load users shifts.');
    }
    $signed_up = false;
    foreach ($user_shifts as $user_shift) {
        if ($user_shift['SID'] == $shift['SID']) {
            $signed_up = true;
            break;
        }
    }
    return [$shift['name'], Shift_view($shift, $shifttype, $room, in_array('admin_shifts', $privileges), $angeltypes, in_array('user_shifts_admin', $privileges), in_array('admin_rooms', $privileges), in_array('shifttypes', $privileges), $user_shifts, $signed_up)];
}
/**
 * User joining an Angeltype (Or Coordinator doing this for him).
 */
function user_angeltype_add_controller()
{
    global $user, $privileges;
    if (!isset($_REQUEST['angeltype_id'])) {
        error(_("Angeltype doesn't exist."));
        redirect(page_link_to('angeltypes'));
    }
    $angeltype = AngelType($_REQUEST['angeltype_id']);
    if ($angeltype === false) {
        engelsystem_error("Unable to load angeltype.");
    }
    if ($angeltype == null) {
        error(_("Angeltype doesn't exist."));
        redirect(page_link_to('angeltypes'));
    }
    if (User_is_AngelType_coordinator($user, $angeltype)) {
        // Allow to add any user
        $user_id = $user['UID'];
        $users_source = Users_by_angeltype_inverted($angeltype);
        if ($users_source === false) {
            engelsystem_error("Unable to load users.");
        }
        if (isset($_REQUEST['submit'])) {
            $ok = true;
            if (isset($_REQUEST['user_id']) && in_array($_REQUEST['user_id'], array_map(function ($user) {
                return $user['UID'];
            }, $users_source))) {
                $user_id = $_REQUEST['user_id'];
            } else {
                $ok = false;
                error(_("Please select a user."));
            }
            if ($ok) {
                foreach ($users_source as $user_source) {
                    if ($user_source['UID'] == $user_id) {
                        $user_angeltype_id = UserAngelType_create($user_source, $angeltype);
                        if ($user_angeltype_id === false) {
                            engelsystem_error("Unable to create user angeltype.");
                        }
                        engelsystem_log(sprintf("User %s added to %s.", User_Nick_render($user_source), AngelType_name_render($angeltype)));
                        success(sprintf(_("User %s added to %s."), User_Nick_render($user_source), AngelType_name_render($angeltype)));
                        $result = UserAngelType_confirm($user_angeltype_id, $user_source);
                        if ($result === false) {
                            engelsystem_error("Unable to confirm user angeltype.");
                        }
                        engelsystem_log(sprintf("User %s confirmed as %s.", User_Nick_render($user), AngelType_name_render($angeltype)));
                        redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']);
                    }
                }
            }
        }
        return array(_("Add user to angeltype"), UserAngelType_add_view($angeltype, $users_source, $user_id));
    } else {
        // Allow only me
        $user_angeltype = UserAngelType_by_User_and_AngelType($user, $angeltype);
        if ($user_angeltype === false) {
            engelsystem_error("Unable to load user angeltype.");
        }
        if ($user_angeltype != null) {
            error(sprintf(_("You are already a %s."), $angeltype['name']));
            redirect(page_link_to('angeltypes'));
        }
        if (isset($_REQUEST['confirmed'])) {
            $user_angeltype_id = UserAngelType_create($user, $angeltype);
            if ($user_angeltype_id === false) {
                engelsystem_error("Unable to create user angeltype.");
            }
            $success_message = sprintf(_("You joined %s."), $angeltype['name']);
            engelsystem_log(sprintf("User %s joined %s.", User_Nick_render($user), AngelType_name_render($angeltype)));
            success($success_message);
            if (in_array('admin_user_angeltypes', $privileges)) {
                $result = UserAngelType_confirm($user_angeltype_id, $user);
                if ($result === false) {
                    engelsystem_error("Unable to confirm user angeltype.");
                }
                engelsystem_log(sprintf("User %s confirmed as %s.", User_Nick_render($user), AngelType_name_render($angeltype)));
            }
            redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']);
        }
        return array(sprintf(_("Become a %s"), $angeltype['name']), UserAngelType_join_view($user, $angeltype));
    }
}
Пример #7
0
function admin_shifts()
{
    $ok = true;
    $rid = 0;
    $start = DateTime::createFromFormat("Y-m-d H:i", date("Y-m-d") . " 00:00")->getTimestamp();
    $end = $start + 24 * 60 * 60;
    $mode = 'single';
    $angelmode = 'manually';
    $length = '';
    $change_hours = array();
    $title = "";
    $shifttype_id = null;
    // Locations laden (auch unsichtbare - fuer Erzengel ist das ok)
    $rooms = sql_select("SELECT * FROM `Room` ORDER BY `Name`");
    $room_array = array();
    foreach ($rooms as $room) {
        $room_array[$room['RID']] = $room['Name'];
    }
    // Engeltypen laden
    $types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
    $needed_angel_types = array();
    foreach ($types as $type) {
        $needed_angel_types[$type['id']] = 0;
    }
    // Load shift types
    $shifttypes_source = ShiftTypes();
    if ($shifttypes_source === false) {
        engelsystem_error('Unable to load shift types.');
    }
    $shifttypes = [];
    foreach ($shifttypes_source as $shifttype) {
        $shifttypes[$shifttype['id']] = $shifttype['name'];
    }
    if (isset($_REQUEST['preview']) || isset($_REQUEST['back'])) {
        if (isset($_REQUEST['shifttype_id'])) {
            $shifttype = ShiftType($_REQUEST['shifttype_id']);
            if ($shifttype === false) {
                engelsystem_error('Unable to load shift type.');
            }
            if ($shifttype == null) {
                $ok = false;
                error(_('Please select a shift type.'));
            } else {
                $shifttype_id = $_REQUEST['shifttype_id'];
            }
        } else {
            $ok = false;
            error(_('Please select a shift type.'));
        }
        // Name/Bezeichnung der Schicht, darf leer sein
        $title = strip_request_item('title');
        // Auswahl der sichtbaren Locations für die Schichten
        if (isset($_REQUEST['rid']) && preg_match("/^[0-9]+\$/", $_REQUEST['rid']) && isset($room_array[$_REQUEST['rid']])) {
            $rid = $_REQUEST['rid'];
        } else {
            $ok = false;
            $rid = $rooms[0]['RID'];
            error(_('Please select a location.'));
        }
        if (isset($_REQUEST['start']) && ($tmp = DateTime::createFromFormat("Y-m-d H:i", trim($_REQUEST['start'])))) {
            $start = $tmp->getTimestamp();
        } else {
            $ok = false;
            error(_('Please select a start time.'));
        }
        if (isset($_REQUEST['end']) && ($tmp = DateTime::createFromFormat("Y-m-d H:i", trim($_REQUEST['end'])))) {
            $end = $tmp->getTimestamp();
        } else {
            $ok = false;
            error(_('Please select an end time.'));
        }
        if ($start >= $end) {
            $ok = false;
            error(_('The shifts end has to be after its start.'));
        }
        if (isset($_REQUEST['mode'])) {
            if ($_REQUEST['mode'] == 'single') {
                $mode = 'single';
            } elseif ($_REQUEST['mode'] == 'multi') {
                if (isset($_REQUEST['length']) && preg_match("/^[0-9]+\$/", trim($_REQUEST['length']))) {
                    $mode = 'multi';
                    $length = trim($_REQUEST['length']);
                } else {
                    $ok = false;
                    error(_('Please enter a shift duration in minutes.'));
                }
            } elseif ($_REQUEST['mode'] == 'variable') {
                if (isset($_REQUEST['change_hours']) && preg_match("/^([0-9]{2}(,|\$))/", trim(str_replace(" ", "", $_REQUEST['change_hours'])))) {
                    $mode = 'variable';
                    $change_hours = array_map('trim', explode(",", $_REQUEST['change_hours']));
                } else {
                    $ok = false;
                    error(_('Please split the shift-change hours by colons.'));
                }
            }
        } else {
            $ok = false;
            error(_('Please select a mode.'));
        }
        if (isset($_REQUEST['angelmode'])) {
            if ($_REQUEST['angelmode'] == 'location') {
                $angelmode = 'location';
            } elseif ($_REQUEST['angelmode'] == 'manually') {
                $angelmode = 'manually';
                foreach ($types as $type) {
                    if (isset($_REQUEST['type_' . $type['id']]) && preg_match("/^[0-9]+\$/", trim($_REQUEST['type_' . $type['id']]))) {
                        $needed_angel_types[$type['id']] = trim($_REQUEST['type_' . $type['id']]);
                    } else {
                        $ok = false;
                        error(sprintf(_('Please check the needed angels for team %s.'), $type['name']));
                    }
                }
                if (array_sum($needed_angel_types) == 0) {
                    $ok = false;
                    error(_('There are 0 angels needed. Please enter the amounts of needed angels.'));
                }
            } else {
                $ok = false;
                error(_('Please select a mode for needed angels.'));
            }
        } else {
            $ok = false;
            error(_('Please select needed angels.'));
        }
        // Beim Zurück-Knopf das Formular zeigen
        if (isset($_REQUEST['back'])) {
            $ok = false;
        }
        // Alle Eingaben in Ordnung
        if ($ok) {
            if ($angelmode == 'location') {
                $needed_angel_types = array();
                $needed_angel_types_location = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($rid) . "'");
                foreach ($needed_angel_types_location as $type) {
                    $needed_angel_types[$type['angel_type_id']] = $type['count'];
                }
            }
            $shifts = array();
            if ($mode == 'single') {
                $shifts[] = array('start' => $start, 'end' => $end, 'RID' => $rid, 'title' => $title, 'shifttype_id' => $shifttype_id);
            } elseif ($mode == 'multi') {
                $shift_start = $start;
                do {
                    $shift_end = $shift_start + $length * 60;
                    if ($shift_end > $end) {
                        $shift_end = $end;
                    }
                    if ($shift_start >= $shift_end) {
                        break;
                    }
                    $shifts[] = array('start' => $shift_start, 'end' => $shift_end, 'RID' => $rid, 'title' => $title, 'shifttype_id' => $shifttype_id);
                    $shift_start = $shift_end;
                } while ($shift_end < $end);
            } elseif ($mode == 'variable') {
                rsort($change_hours);
                $day = DateTime::createFromFormat("Y-m-d H:i", date("Y-m-d", $start) . " 00:00")->getTimestamp();
                $change_index = 0;
                // Ersten/nächsten passenden Schichtwechsel suchen
                foreach ($change_hours as $i => $change_hour) {
                    if ($start < $day + $change_hour * 60 * 60) {
                        $change_index = $i;
                    } elseif ($start == $day + $change_hour * 60 * 60) {
                        // Start trifft Schichtwechsel
                        $change_index = ($i + count($change_hours) - 1) % count($change_hours);
                        break;
                    } else {
                        break;
                    }
                }
                $shift_start = $start;
                do {
                    $day = DateTime::createFromFormat("Y-m-d H:i", date("Y-m-d", $shift_start) . " 00:00")->getTimestamp();
                    $shift_end = $day + $change_hours[$change_index] * 60 * 60;
                    if ($shift_end > $end) {
                        $shift_end = $end;
                    }
                    if ($shift_start >= $shift_end) {
                        $shift_end += 24 * 60 * 60;
                    }
                    $shifts[] = array('start' => $shift_start, 'end' => $shift_end, 'RID' => $rid, 'title' => $title, 'shifttype_id' => $shifttype_id);
                    $shift_start = $shift_end;
                    $change_index = ($change_index + count($change_hours) - 1) % count($change_hours);
                } while ($shift_end < $end);
            }
            $shifts_table = array();
            foreach ($shifts as $shift) {
                $shifts_table_entry = ['timeslot' => '<span class="glyphicon glyphicon-time"></span> ' . date("Y-m-d H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']) . '<br />' . Room_name_render(Room($shift['RID'])), 'title' => ShiftType_name_render(ShiftType($shifttype_id)) . ($shift['title'] ? '<br />' . $shift['title'] : ''), 'needed_angels' => ''];
                foreach ($types as $type) {
                    if (isset($needed_angel_types[$type['id']]) && $needed_angel_types[$type['id']] > 0) {
                        $shifts_table_entry['needed_angels'] .= '<b>' . AngelType_name_render($type) . ':</b> ' . $needed_angel_types[$type['id']] . '<br />';
                    }
                }
                $shifts_table[] = $shifts_table_entry;
            }
            // Fürs Anlegen zwischenspeichern:
            $_SESSION['admin_shifts_shifts'] = $shifts;
            $_SESSION['admin_shifts_types'] = $needed_angel_types;
            $hidden_types = "";
            foreach ($needed_angel_types as $type_id => $count) {
                $hidden_types .= form_hidden('type_' . $type_id, $count);
            }
            return page_with_title(_("Preview"), array(form(array($hidden_types, form_hidden('shifttype_id', $shifttype_id), form_hidden('title', $title), form_hidden('rid', $rid), form_hidden('start', date("Y-m-d H:i", $start)), form_hidden('end', date("Y-m-d H:i", $end)), form_hidden('mode', $mode), form_hidden('length', $length), form_hidden('change_hours', implode(', ', $change_hours)), form_hidden('angelmode', $angelmode), form_submit('back', _("back")), table(array('timeslot' => _('Time and location'), 'title' => _('Type and title'), 'needed_angels' => _('Needed angels')), $shifts_table), form_submit('submit', _("Save"))))));
        }
    } elseif (isset($_REQUEST['submit'])) {
        if (!is_array($_SESSION['admin_shifts_shifts']) || !is_array($_SESSION['admin_shifts_types'])) {
            redirect(page_link_to('admin_shifts'));
        }
        foreach ($_SESSION['admin_shifts_shifts'] as $shift) {
            $shift['URL'] = null;
            $shift['PSID'] = null;
            $shift_id = Shift_create($shift);
            if ($shift_id === false) {
                engelsystem_error('Unable to create shift.');
            }
            engelsystem_log("Shift created: " . $shifttypes[$shift['shifttype_id']] . " with title " . $shift['title'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']));
            $needed_angel_types_info = array();
            foreach ($_SESSION['admin_shifts_types'] as $type_id => $count) {
                $angel_type_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($type_id) . "' LIMIT 1");
                if (count($angel_type_source) > 0) {
                    sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`='" . sql_escape($shift_id) . "', `angel_type_id`='" . sql_escape($type_id) . "', `count`='" . sql_escape($count) . "'");
                    $needed_angel_types_info[] = $angel_type_source[0]['name'] . ": " . $count;
                }
            }
        }
        engelsystem_log("Shift needs following angel types: " . join(", ", $needed_angel_types_info));
        success("Schichten angelegt.");
        redirect(page_link_to('admin_shifts'));
    } else {
        unset($_SESSION['admin_shifts_shifts']);
        unset($_SESSION['admin_shifts_types']);
    }
    if (!isset($_REQUEST['rid'])) {
        $_REQUEST['rid'] = null;
    }
    $room_select = html_select_key('rid', 'rid', $room_array, $_REQUEST['rid']);
    $angel_types = "";
    foreach ($types as $type) {
        $angel_types .= form_spinner('type_' . $type['id'], $type['name'], $needed_angel_types[$type['id']]);
    }
    return page_with_title(admin_shifts_title(), array(msg(), form(array(form_select('shifttype_id', _('Shifttype'), $shifttypes, $shifttype_id), form_text('title', _("Title"), $title), form_select('rid', _("Room"), $room_array, $_REQUEST['rid']), '<div class="row">', '<div class="col-md-6">', form_text('start', _("Start"), date("Y-m-d H:i", $start)), form_text('end', _("End"), date("Y-m-d H:i", $end)), form_info(_("Mode"), ''), form_radio('mode', _("Create one shift"), $mode == 'single', 'single'), form_radio('mode', _("Create multiple shifts"), $mode == 'multi', 'multi'), form_text('length', _("Length"), !empty($_REQUEST['length']) ? $_REQUEST['length'] : '120'), form_radio('mode', _("Create multiple shifts with variable length"), $mode == 'variable', 'variable'), form_text('change_hours', _("Shift change hours"), !empty($_REQUEST['change_hours']) ? $_REQUEST['change_hours'] : '00, 04, 08, 10, 12, 14, 16, 18, 20, 22'), '</div>', '<div class="col-md-6">', form_info(_("Needed angels"), ''), form_radio('angelmode', _("Take needed angels from room settings"), $angelmode == 'location', 'location'), form_radio('angelmode', _("The following angels are needed"), $angelmode == 'manually', 'manually'), $angel_types, '</div>', '</div>', form_submit('preview', _("Preview"))))));
}
Пример #8
0
function admin_user()
{
    global $user, $privileges, $tshirt_sizes, $privileges;
    $html = '';
    if (!isset($_REQUEST['id'])) {
        redirect(users_link());
    }
    $id = $_REQUEST['id'];
    if (!isset($_REQUEST['action'])) {
        $user_source = User($id);
        if ($user_source === false) {
            engelsystem_error('Unable to load user.');
        }
        if ($user_source == null) {
            error(_('This user does not exist.'));
            redirect(users_link());
        }
        $html .= "Hallo,<br />" . "hier kannst du den Eintrag &auml;ndern. Unter dem Punkt 'Gekommen' " . "wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " . "dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " . "Wenn T-Shirt ein 'Ja' enth&auml;lt, bedeutet dies, dass der Engel " . "bereits sein T-Shirt erhalten hat.<br /><br />\n";
        $html .= "<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=save&id={$id}\" method=\"post\">\n";
        $html .= "<table border=\"0\">\n";
        $html .= "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n";
        $SQL = "SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "'";
        list($user_source) = sql_select($SQL);
        $html .= "<tr><td>\n";
        $html .= "<table>\n";
        $html .= "  <tr><td>Nick</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eNick\" value=\"" . $user_source['Nick'] . "\"></td></tr>\n";
        $html .= "  <tr><td>lastLogIn</td><td>" . date("Y-m-d H:i", $user_source['lastLogIn']) . "</td></tr>\n";
        $html .= "  <tr><td>Name</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eName\" value=\"" . $user_source['Name'] . "\"></td></tr>\n";
        $html .= "  <tr><td>Vorname</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eVorname\" value=\"" . $user_source['Vorname'] . "\"></td></tr>\n";
        $html .= "  <tr><td>Alter</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"5\" name=\"eAlter\" value=\"" . $user_source['Alter'] . "\"></td></tr>\n";
        $html .= "  <tr><td>Telefon</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" . $user_source['Telefon'] . "\"></td></tr>\n";
        $html .= "  <tr><td>Handy</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eHandy\" value=\"" . $user_source['Handy'] . "\"></td></tr>\n";
        $html .= "  <tr><td>DECT</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"4\" name=\"eDECT\" value=\"" . $user_source['DECT'] . "\"></td></tr>\n";
        $html .= "  <tr><td>email</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eemail\" value=\"" . $user_source['email'] . "\"></td></tr>\n";
        $html .= "  <tr><td>" . form_checkbox('email_shiftinfo', _("Please send me an email if my shifts change"), $user_source['email_shiftinfo']) . "</td></tr>\n";
        $html .= "  <tr><td>jabber</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"ejabber\" value=\"" . $user_source['jabber'] . "\"></td></tr>\n";
        $html .= "  <tr><td>Size</td><td>" . html_select_key('size', 'eSize', $tshirt_sizes, $user_source['Size']) . "</td></tr>\n";
        $options = array('1' => "Yes", '0' => "No");
        // Gekommen?
        $html .= "  <tr><td>Gekommen</td><td>\n";
        $html .= html_options('eGekommen', $options, $user_source['Gekommen']) . "</td></tr>\n";
        // Aktiv?
        $html .= "  <tr><td>Aktiv</td><td>\n";
        $html .= html_options('eAktiv', $options, $user_source['Aktiv']) . "</td></tr>\n";
        // Aktiv erzwingen
        if (in_array('admin_active', $privileges)) {
            $html .= "  <tr><td>" . _("Force active") . "</td><td>\n";
            $html .= html_options('force_active', $options, $user_source['force_active']) . "</td></tr>\n";
        }
        // T-Shirt bekommen?
        $html .= "  <tr><td>T-Shirt</td><td>\n";
        $html .= html_options('eTshirt', $options, $user_source['Tshirt']) . "</td></tr>\n";
        $html .= "  <tr><td>Hometown</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"Hometown\" value=\"" . $user_source['Hometown'] . "\"></td></tr>\n";
        $html .= "</table>\n</td><td valign=\"top\"></td></tr>";
        $html .= "</td></tr>\n";
        $html .= "</table>\n<br />\n";
        $html .= "<input class=\"btn btn-primary\" type=\"submit\" value=\"Speichern\">\n";
        $html .= "</form>";
        $html .= "<hr />";
        $html .= form_info('', _('Please visit the angeltypes page or the users profile to manage users angeltypes.'));
        $html .= "Hier kannst Du das Passwort dieses Engels neu setzen:<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=change_pw&id={$id}\" method=\"post\">\n";
        $html .= "<br /><table>\n";
        $html .= "  <tr><td width=\"30%\">Passwort </td><td>" . "<input class=\"form-control\" type=\"password\" size=\"40\" name=\"new_pw\" value=\"\"></td></tr>\n";
        $html .= "  <tr><td width=\"30%\">Wiederholung </td><td>" . "<input class=\"form-control\" type=\"password\" size=\"40\" name=\"new_pw2\" value=\"\"></td></tr>\n";
        $html .= "</table>";
        $html .= "<div class=\"form-group\"><input class=\"btn btn-primary\" type=\"submit\" value=\"Speichern\"></div>\n";
        $html .= "</form>";
        $html .= "<hr />";
        $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user['UID']) . "' ORDER BY `group_id` LIMIT 1");
        if (count($my_highest_group) > 0) {
            $my_highest_group = $my_highest_group[0]['group_id'];
        }
        $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "' ORDER BY `group_id` LIMIT 1");
        if (count($his_highest_group) > 0) {
            $his_highest_group = $his_highest_group[0]['group_id'];
        }
        if ($id != $user['UID'] && $my_highest_group <= $his_highest_group) {
            $html .= "Hier kannst Du die Benutzergruppen des Engels festlegen:<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=save_groups&id=" . $id . "\" method=\"post\">\n";
            $html .= '<table>';
            $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group) . "' ORDER BY `Groups`.`Name`");
            foreach ($groups as $group) {
                $html .= '<tr><td><input type="checkbox" name="groups[]" value="' . $group['UID'] . '"' . ($group['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $group['Name'] . '</td></tr>';
            }
            $html .= '</table>';
            $html .= "<input class=\"btn btn-primary\" type=\"submit\" value=\"Speichern\">\n";
            $html .= "</form>";
            $html .= "<hr />";
        }
        $html .= "<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=delete&id=" . $id . "\" method=\"post\">\n";
        $html .= "<tr><td><input class=\"btn btn-primary\" type=\"submit\" value=\"Löschen\"></td></tr>\n";
        $html .= "</form>";
        $html .= "<hr />";
    } else {
        switch ($_REQUEST['action']) {
            case 'save_groups':
                if ($id != $user['UID']) {
                    $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user['UID']) . "' ORDER BY `group_id`");
                    $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "' ORDER BY `group_id`");
                    if (count($my_highest_group) > 0 && (count($his_highest_group) == 0 || $my_highest_group[0]['group_id'] <= $his_highest_group[0]['group_id'])) {
                        $groups_source = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group[0]['group_id']) . "' ORDER BY `Groups`.`Name`");
                        $groups = array();
                        $grouplist = array();
                        foreach ($groups_source as $group) {
                            $groups[$group['UID']] = $group;
                            $grouplist[] = $group['UID'];
                        }
                        if (!is_array($_REQUEST['groups'])) {
                            $_REQUEST['groups'] = array();
                        }
                        sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'");
                        $user_groups_info = array();
                        foreach ($_REQUEST['groups'] as $group) {
                            if (in_array($group, $grouplist)) {
                                sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($id) . "', `group_id`='" . sql_escape($group) . "'");
                                $user_groups_info[] = $groups[$group]['Name'];
                            }
                        }
                        $user_source = User($id);
                        engelsystem_log("Set groups of " . User_Nick_render($user_source) . " to: " . join(", ", $user_groups_info));
                        $html .= success("Benutzergruppen gespeichert.", true);
                    } else {
                        $html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.", true);
                    }
                } else {
                    $html .= error("Du kannst Deine eigenen Rechte nicht bearbeiten.", true);
                }
                break;
            case 'delete':
                if ($user['UID'] != $id) {
                    $user_source = sql_select("SELECT `Nick`, `UID` FROM `User` WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1");
                    sql_query("DELETE FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
                    sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'");
                    engelsystem_log("Deleted user " . User_Nick_render($user_source));
                    $html .= success("Benutzer gelöscht!", true);
                } else {
                    $html .= error("Du kannst Dich nicht selber löschen!", true);
                }
                break;
            case 'save':
                $force_active = $user['force_active'];
                if (in_array('admin_active', $privileges)) {
                    $force_active = $_REQUEST['force_active'];
                }
                $SQL = "UPDATE `User` SET \n              `Nick` = '" . sql_escape($_POST["eNick"]) . "', \n              `Name` = '" . sql_escape($_POST["eName"]) . "', \n              `Vorname` = '" . sql_escape($_POST["eVorname"]) . "', \n              `Telefon` = '" . sql_escape($_POST["eTelefon"]) . "', \n              `Handy` = '" . sql_escape($_POST["eHandy"]) . "', \n              `Alter` = '" . sql_escape($_POST["eAlter"]) . "', \n              `DECT` = '" . sql_escape($_POST["eDECT"]) . "', \n              `email` = '" . sql_escape($_POST["eemail"]) . "', \n              `email_shiftinfo` = " . sql_bool(isset($_REQUEST['email_shiftinfo'])) . ", \n              `jabber` = '" . sql_escape($_POST["ejabber"]) . "', \n              `Size` = '" . sql_escape($_POST["eSize"]) . "', \n              `Gekommen`= '" . sql_escape($_POST["eGekommen"]) . "', \n              `Aktiv`= '" . sql_escape($_POST["eAktiv"]) . "', \n              `force_active`= " . sql_escape($force_active) . ", \n              `Tshirt` = '" . sql_escape($_POST["eTshirt"]) . "', \n              `Hometown` = '" . sql_escape($_POST["Hometown"]) . "' \n              WHERE `UID` = '" . sql_escape($id) . "' \n              LIMIT 1";
                sql_query($SQL);
                engelsystem_log("Updated user: "******"eNick"] . ", " . $_POST["eSize"] . ", available: " . $_POST["eGekommen"] . ", active: " . $_POST["eAktiv"] . ", tshirt: " . $_POST["eTshirt"]);
                $html .= success("Änderung wurde gespeichert...\n", true);
                break;
            case 'change_pw':
                if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) {
                    set_password($id, $_REQUEST['new_pw']);
                    $user_source = User($id);
                    engelsystem_log("Set new password for " . User_Nick_render($user_source));
                    $html .= success("Passwort neu gesetzt.", true);
                } else {
                    $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true);
                }
                break;
        }
    }
    return page_with_title(_('Edit user'), array($html));
}
/**
 * View a list of all angeltypes.
 */
function angeltypes_list_controller()
{
    global $privileges, $user;
    if (!in_array('angeltypes', $privileges)) {
        redirect('?');
    }
    $angeltypes = AngelTypes_with_user($user);
    if ($angeltypes === false) {
        engelsystem_error("Unable to load angeltypes.");
    }
    foreach ($angeltypes as &$angeltype) {
        $actions = array(button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _("view"), "btn-xs"));
        if (in_array('admin_angel_types', $privileges)) {
            $actions[] = button(page_link_to('angeltypes') . '&action=edit&angeltype_id=' . $angeltype['id'], _("edit"), "btn-xs");
            $actions[] = button(page_link_to('angeltypes') . '&action=delete&angeltype_id=' . $angeltype['id'], _("delete"), "btn-xs");
            //$actions[] = '<a class="edit" href="' . page_link_to('angeltypes') . '&action=edit&angeltype_id=' . $angeltype['id'] . '">' . _("edit") . '</a>';
            //$actions[] = '<a class="delete" href="' . page_link_to('angeltypes') . '&action=delete&angeltype_id=' . $angeltype['id'] . '">' . _("delete") . '</a>';
        }
        $angeltype['membership'] = AngelType_render_membership($angeltype);
        if ($angeltype['user_angeltype_id'] != null) {
            //$actions[] = '<a class="cancel" href="' . page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $angeltype['user_angeltype_id'] . '">' . _("leave") . '</a>';
            $actions[] = button(page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $angeltype['user_angeltype_id'], _("leave"), "btn-xs");
        } else {
            $actions[] = button(page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], _("join"), "btn-xs");
            //$actions[] = '<a class="add" href="' . page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'] . '">' . _("join") . '</a>';
        }
        $angeltype['restricted'] = $angeltype['restricted'] ? glyph('lock') : '';
        $angeltype['name'] = '<a href="' . page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'] . '">' . $angeltype['name'] . '</a>';
        $angeltype['actions'] = table_buttons($actions);
    }
    return array(angeltypes_title(), AngelTypes_list_view($angeltypes, in_array('admin_angel_types', $privileges)));
}
Пример #10
0
/**
 * User password recovery.
 * (By email)
 */
function user_password_recovery_controller()
{
    if (isset($_REQUEST['token'])) {
        $user_source = User_by_password_recovery_token($_REQUEST['token']);
        if ($user_source === false) {
            engelsystem_error("Unable to load user.");
        }
        if ($user_source == null) {
            error(_("Token is not correct."));
            redirect(page_link_to('login'));
        }
        if (isset($_REQUEST['submit'])) {
            $ok = true;
            if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) {
                if ($_REQUEST['password'] != $_REQUEST['password2']) {
                    $ok = false;
                    error(_("Your passwords don't match."));
                }
            } else {
                $ok = false;
                error(_("Your password is to short (please use at least 6 characters)."));
            }
            if ($ok) {
                $result = set_password($user_source['UID'], $_REQUEST['password']);
                if ($result === false) {
                    engelsystem_error(_("Password could not be updated."));
                }
                success(_("Password saved."));
                redirect(page_link_to('login'));
            }
        }
        return User_password_set_view();
    } else {
        if (isset($_REQUEST['submit'])) {
            $ok = true;
            if (isset($_REQUEST['email']) && strlen(strip_request_item('email')) > 0) {
                $email = strip_request_item('email');
                if (check_email($email)) {
                    $user_source = User_by_email($email);
                    if ($user_source === false) {
                        engelsystem_error("Unable to load user.");
                    }
                    if ($user_source == null) {
                        $ok = false;
                        error(_("E-mail address is not correct."));
                    }
                } else {
                    $ok = false;
                    error(_("E-mail address is not correct."));
                }
            } else {
                $ok = false;
                error(_("Please enter your e-mail."));
            }
            if ($ok) {
                $token = User_generate_password_recovery_token($user_source);
                if ($token === false) {
                    engelsystem_error("Unable to generate password recovery token.");
                }
                $result = engelsystem_email_to_user($user_source, _("Password recovery"), sprintf(_("Please visit %s to recover your password."), page_link_to_absolute('user_password_recovery') . '&token=' . $token));
                if ($result === false) {
                    engelsystem_error("Unable to send password recovery email.");
                }
                success(_("We sent an email containing your password recovery link."));
                redirect(page_link_to('login'));
            }
        }
        return User_password_recovery_view();
    }
}
/**
 * Edit a users driver license information.
 */
function user_driver_license_edit_controller()
{
    global $privileges, $user;
    if (isset($_REQUEST['user_id'])) {
        $user_source = User($_REQUEST['user_id']);
        if ($user_source === false) {
            engelsystem_error('Unable to load angeltype.');
        }
        if ($user_source == null) {
            redirect(user_driver_license_edit_link());
        }
        // only privilege admin_user can edit other users driver license information
        if ($user['UID'] != $user_source['UID'] && !in_array('admin_user', $privileges)) {
            redirect(user_driver_license_edit_link());
        }
    } else {
        $user_source = $user;
    }
    $wants_to_drive = false;
    $has_car = false;
    $has_license_car = false;
    $has_license_3_5t_transporter = false;
    $has_license_7_5t_truck = false;
    $has_license_12_5t_truck = false;
    $has_license_forklift = false;
    $user_driver_license = UserDriverLicense($user_source['UID']);
    if ($user_driver_license === false) {
        engelsystem_error('Unable to load user driver license.');
    }
    if ($user_driver_license != null) {
        $wants_to_drive = true;
        $has_car = $user_driver_license['has_car'];
        $has_license_car = $user_driver_license['has_license_car'];
        $has_license_3_5t_transporter = $user_driver_license['has_license_3_5t_transporter'];
        $has_license_7_5t_truck = $user_driver_license['has_license_7_5t_truck'];
        $has_license_12_5t_truck = $user_driver_license['has_license_12_5t_truck'];
        $has_license_forklift = $user_driver_license['has_license_forklift'];
    }
    if (isset($_REQUEST['submit'])) {
        $ok = true;
        $wants_to_drive = isset($_REQUEST['wants_to_drive']);
        $has_car = isset($_REQUEST['has_car']);
        $has_license_car = isset($_REQUEST['has_license_car']);
        $has_license_3_5t_transporter = isset($_REQUEST['has_license_3_5t_transporter']);
        $has_license_7_5t_truck = isset($_REQUEST['has_license_7_5t_truck']);
        $has_license_12_5t_truck = isset($_REQUEST['has_license_12_5t_truck']);
        $has_license_forklift = isset($_REQUEST['has_license_forklift']);
        if ($wants_to_drive && !$has_license_car && !$has_license_3_5t_transporter && !$has_license_7_5t_truck && !$has_license_12_5t_truck && !$has_license_forklift) {
            $ok = false;
            error(_("Please select at least one driving license."));
        }
        if ($ok) {
            if (!$wants_to_drive && $user_driver_license != null) {
                $result = UserDriverLicenses_delete($user_source['UID']);
                if ($result === false) {
                    engelsystem_error("Unable to remove user driver license information");
                }
                engelsystem_log("Driver license information removed.");
                success(_("Your driver license information has been removed."));
            } else {
                if ($wants_to_drive) {
                    if ($user_driver_license == null) {
                        $result = UserDriverLicenses_create($user_source['UID'], $has_car, $has_license_car, $has_license_3_5t_transporter, $has_license_7_5t_truck, $has_license_12_5t_truck, $has_license_forklift);
                    } else {
                        $result = UserDriverLicenses_update($user_source['UID'], $has_car, $has_license_car, $has_license_3_5t_transporter, $has_license_7_5t_truck, $has_license_12_5t_truck, $has_license_forklift);
                    }
                    if ($result === false) {
                        engelsystem_error("Unable to save user driver license information.");
                    }
                    engelsystem_log("Driver license information updated.");
                }
                success(_("Your driver license information has been saved."));
            }
            redirect(user_link($user_source));
        }
    }
    return [sprintf(_("Edit %s driving license information"), $user_source['Nick']), UserDriverLicense_edit_view($user_source, $wants_to_drive, $has_car, $has_license_car, $has_license_3_5t_transporter, $has_license_7_5t_truck, $has_license_12_5t_truck, $has_license_forklift)];
}
Пример #12
0
function admin_rooms()
{
    global $user;
    $rooms_source = sql_select("SELECT * FROM `Room` ORDER BY `Name`");
    $rooms = array();
    foreach ($rooms_source as $room) {
        $rooms[] = array('name' => $room['Name'], 'from_pentabarf' => $room['FromPentabarf'] == 'Y' ? '&#10003;' : '', 'public' => $room['show'] == 'Y' ? '&#10003;' : '', 'actions' => buttons(array(button(page_link_to('admin_rooms') . '&show=edit&id=' . $room['RID'], _("edit"), 'btn-xs'), button(page_link_to('admin_rooms') . '&show=delete&id=' . $room['RID'], _("delete"), 'btn-xs'))));
    }
    $room = null;
    if (isset($_REQUEST['show'])) {
        $msg = "";
        $name = "";
        $from_pentabarf = "";
        $public = 'Y';
        $number = "";
        $angeltypes_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
        $angeltypes = array();
        $angeltypes_count = array();
        foreach ($angeltypes_source as $angeltype) {
            $angeltypes[$angeltype['id']] = $angeltype['name'];
            $angeltypes_count[$angeltype['id']] = 0;
        }
        if (test_request_int('id')) {
            $room = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($_REQUEST['id']) . "'");
            if (count($room) > 0) {
                $id = $_REQUEST['id'];
                $name = $room[0]['Name'];
                $from_pentabarf = $room[0]['FromPentabarf'];
                $public = $room[0]['show'];
                $number = $room[0]['Number'];
                $needed_angeltypes = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($id) . "'");
                foreach ($needed_angeltypes as $needed_angeltype) {
                    $angeltypes_count[$needed_angeltype['angel_type_id']] = $needed_angeltype['count'];
                }
            } else {
                redirect(page_link_to('admin_rooms'));
            }
        }
        if ($_REQUEST['show'] == 'edit') {
            if (isset($_REQUEST['submit'])) {
                $ok = true;
                if (isset($_REQUEST['name']) && strlen(strip_request_item('name')) > 0) {
                    $name = strip_request_item('name');
                    if (isset($room) && sql_num_query("SELECT * FROM `Room` WHERE `Name`='" . sql_escape($name) . "' AND NOT `RID`=" . sql_escape($id)) > 0) {
                        $ok = false;
                        $msg .= error(_("This name is already in use."), true);
                    }
                } else {
                    $ok = false;
                    $msg .= error(_("Please enter a name."), true);
                }
                if (isset($_REQUEST['from_pentabarf'])) {
                    $from_pentabarf = 'Y';
                } else {
                    $from_pentabarf = '';
                }
                if (isset($_REQUEST['public'])) {
                    $public = 'Y';
                } else {
                    $public = '';
                }
                if (isset($_REQUEST['number'])) {
                    $number = strip_request_item('number');
                } else {
                    $ok = false;
                }
                foreach ($angeltypes as $angeltype_id => $angeltype) {
                    if (isset($_REQUEST['angeltype_count_' . $angeltype_id]) && preg_match("/^[0-9]{1,4}\$/", $_REQUEST['angeltype_count_' . $angeltype_id])) {
                        $angeltypes_count[$angeltype_id] = $_REQUEST['angeltype_count_' . $angeltype_id];
                    } else {
                        $ok = false;
                        $msg .= error(sprintf(_("Please enter needed angels for type %s.", $angeltype)), true);
                    }
                }
                if ($ok) {
                    if (isset($id)) {
                        sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`='" . sql_escape($id) . "' LIMIT 1");
                        engelsystem_log("Room updated: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number);
                    } else {
                        $id = Room_create($name, $from_pentabarf, $public, $number);
                        if ($id === false) {
                            engelsystem_error("Unable to create room.");
                        }
                        engelsystem_log("Room created: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number);
                    }
                    sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($id) . "'");
                    $needed_angeltype_info = array();
                    foreach ($angeltypes_count as $angeltype_id => $angeltype_count) {
                        $angeltype = AngelType($angeltype_id);
                        if ($angeltype === false) {
                            engelsystem_error("Unable to load angeltype.");
                        }
                        if ($angeltype != null) {
                            sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`='" . sql_escape($id) . "', `angel_type_id`='" . sql_escape($angeltype_id) . "', `count`='" . sql_escape($angeltype_count) . "'");
                            $needed_angeltype_info[] = $angeltype['name'] . ": " . $angeltype_count;
                        }
                    }
                    engelsystem_log("Set needed angeltypes of room " . $name . " to: " . join(", ", $needed_angeltype_info));
                    success(_("Room saved."));
                    redirect(page_link_to("admin_rooms"));
                }
            }
            $angeltypes_count_form = array();
            foreach ($angeltypes as $angeltype_id => $angeltype) {
                $angeltypes_count_form[] = div('col-lg-4 col-md-6 col-xs-6', array(form_spinner('angeltype_count_' . $angeltype_id, $angeltype, $angeltypes_count[$angeltype_id])));
            }
            return page_with_title(admin_rooms_title(), array(buttons(array(button(page_link_to('admin_rooms'), _("back"), 'back'))), $msg, form(array(div('row', array(div('col-md-6', array(form_text('name', _("Name"), $name), form_checkbox('from_pentabarf', _("Frab import"), $from_pentabarf), form_checkbox('public', _("Public"), $public), form_text('number', _("Room number"), $number))), div('col-md-6', array(div('row', array(div('col-md-12', array(form_info(_("Needed angels:")))), join($angeltypes_count_form))))))), form_submit('submit', _("Save"))))));
        } elseif ($_REQUEST['show'] == 'delete') {
            if (isset($_REQUEST['ack'])) {
                if (!Room_delete($id)) {
                    engelsystem_error("Unable to delete room.");
                }
                engelsystem_log("Room deleted: " . $name);
                success(sprintf(_("Room %s deleted."), $name));
                redirect(page_link_to('admin_rooms'));
            }
            return page_with_title(admin_rooms_title(), array(buttons(array(button(page_link_to('admin_rooms'), _("back"), 'back'))), sprintf(_("Do you want to delete room %s?"), $name), buttons(array(button(page_link_to('admin_rooms') . '&show=delete&id=' . $id . '&ack', _("Delete"), 'delete')))));
        }
    }
    return page_with_title(admin_rooms_title(), array(buttons(array(button(page_link_to('admin_rooms') . '&show=edit', _("add")))), msg(), table(array('name' => _("Name"), 'from_pentabarf' => _("Frab import"), 'public' => _("Public"), 'actions' => ""), $rooms)));
}
Пример #13
0
function user_news_comments()
{
    global $user;
    $html = '<div class="col-md-12"><h1>' . user_news_comments_title() . '</h1>';
    if (isset($_REQUEST["nid"]) && preg_match("/^[0-9]{1,}\$/", $_REQUEST['nid']) && sql_num_query("SELECT * FROM `News` WHERE `ID`='" . sql_escape($_REQUEST['nid']) . "' LIMIT 1") > 0) {
        $nid = $_REQUEST["nid"];
        list($news) = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($nid) . "' LIMIT 1");
        if (isset($_REQUEST["text"])) {
            $text = preg_replace("/([^\\p{L}\\p{P}\\p{Z}\\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
            sql_query("INSERT INTO `NewsComments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')");
            engelsystem_log("Created news_comment: " . $text);
            $html .= success(_("Entry saved."), true);
        }
        $html .= display_news($news);
        $comments = sql_select("SELECT * FROM `NewsComments` WHERE `Refid`='" . sql_escape($nid) . "' ORDER BY 'ID'");
        foreach ($comments as $comment) {
            $user_source = User($comment['UID']);
            if ($user_source === false) {
                engelsystem_error(_("Unable to load user."));
            }
            $html .= '<div class="panel panel-default">';
            $html .= '<div class="panel-body">' . nl2br($comment['Text']) . '</div>';
            $html .= '<div class="panel-footer text-muted">';
            $html .= '<span class="glyphicon glyphicon-time"></span> ' . $comment['Datum'] . '&emsp;';
            $html .= User_Nick_render($user_source);
            $html .= '</div>';
            $html .= '</div>';
        }
        $html .= '<hr /><h2>' . _("New Comment:") . '</h2>';
        $html .= form(array(form_textarea('text', _("Message"), ''), form_submit('submit', _("Save"))), page_link_to('news_comments') . '&nid=' . $news['ID']);
    } else {
        $html .= _("Invalid request.");
    }
    return $html . '</div>';
}
Пример #14
0
function admin_rooms()
{
    global $user;
    global $user, $enable_frab_import;
    $rooms_source = sql_select("SELECT * FROM `Room` ORDER BY `Name`");
    $rooms = array();
    foreach ($rooms_source as $room) {
        $rooms[] = array('name' => $room['Name'], 'from_pentabarf' => $room['FromPentabarf'] == 'Y' ? '&#10003;' : '', 'public' => $room['show'] == 'Y' ? '&#10003;' : '', 'actions' => buttons(array(button(page_link_to('admin_rooms') . '&show=edit&id=' . $room['RID'], _("edit"), 'btn-xs'), button(page_link_to('admin_rooms') . '&show=delete&id=' . $room['RID'], _("delete"), 'btn-xs'))));
    }
    if (isset($_REQUEST['show'])) {
        $msg = "";
        $name = "";
        $location = "";
        $lat = "";
        $long = "";
        $from_pentabarf = "";
        $public = 'Y';
        $number = "";
        $angeltypes_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
        $angeltypes = array();
        $angeltypes_count = array();
        foreach ($angeltypes_source as $angeltype) {
            $angeltypes[$angeltype['id']] = $angeltype['name'];
            $angeltypes_count[$angeltype['id']] = 0;
        }
        if (test_request_int('id')) {
            $room = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($_REQUEST['id']) . "'");
            if (count($room) > 0) {
                $id = $_REQUEST['id'];
                $name = $room[0]['Name'];
                $location = $room[0]['Location'];
                $lat = $room[0]['Lat'];
                $long = $room[0]['Long'];
                $from_pentabarf = $room[0]['FromPentabarf'];
                $public = $room[0]['show'];
                $needed_angeltypes = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($id) . "'");
                foreach ($needed_angeltypes as $needed_angeltype) {
                    $angeltypes_count[$needed_angeltype['angel_type_id']] = $needed_angeltype['count'];
                }
            } else {
                redirect(page_link_to('admin_rooms'));
            }
        }
        if ($_REQUEST['show'] == 'edit') {
            if (isset($_REQUEST['submit'])) {
                $ok = true;
                if (isset($_REQUEST['name']) && strlen(strip_request_item('name')) > 0) {
                    $name = strip_request_item('name');
                } else {
                    $ok = false;
                    $msg .= error(_("Please enter a name."), true);
                }
                if (isset($_REQUEST['location']) && strlen(strip_request_item('location')) > 0) {
                    $location = strip_request_item('location');
                } else {
                    $ok = false;
                    $msg .= error(_("Please enter a location."));
                }
                if (isset($_REQUEST['Lat']) && isset($_REQUEST['Long'])) {
                    $lat = $_REQUEST['Lat'];
                    $long = $_REQUEST['Long'];
                } else {
                    $ok = false;
                    $msg .= error(_("Please enter a location - no lat long values found."));
                }
                $from_pentabarf = isset($_REQUEST['from_pentabarf']) ? 'Y' : '';
                $public = isset($_REQUEST['public']) ? 'Y' : '';
                if (isset($_REQUEST['number'])) {
                    $number = strip_request_item('number');
                } else {
                    $ok = false;
                }
                foreach ($angeltypes as $angeltype_id => $angeltype) {
                    if (isset($_REQUEST['angeltype_count_' . $angeltype_id]) && preg_match("/^[0-9]{1,4}\$/", $_REQUEST['angeltype_count_' . $angeltype_id])) {
                        $angeltypes_count[$angeltype_id] = $_REQUEST['angeltype_count_' . $angeltype_id];
                    } else {
                        $ok = false;
                        $msg .= error(sprintf(_("Please enter needed angels for type %s.", $angeltype)), true);
                    }
                }
                if ($ok) {
                    if (isset($id)) {
                        sql_query(sprintf("UPDATE `Room` SET `Name`='%s', `FromPentabarf`='%s', `show`='%s', `Number`='%s', `location` = '%s', `lat` = '%s', `long` = '%s' WHERE `RID`='%s' LIMIT 1", sql_escape($name), sql_escape($from_pentabarf), sql_escape($public), sql_escape($number), sql_escape($location), sql_escape($lat), sql_escape($long), sql_escape($id)));
                        engelsystem_log("Location updated: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number);
                    } else {
                        $id = Room_create($name, $from_pentabarf, $public, $location, $lat, $long);
                        if ($id === false) {
                            engelsystem_error("Unable to create location.");
                        }
                        engelsystem_log("Location created: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number);
                    }
                    sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($id) . "'");
                    $needed_angeltype_info = array();
                    foreach ($angeltypes_count as $angeltype_id => $angeltype_count) {
                        $angeltype = AngelType($angeltype_id);
                        if ($angeltype === false) {
                            engelsystem_error("Unable to load angeltype.");
                        }
                        if ($angeltype != null) {
                            sql_query(sprintf("INSERT INTO `NeededAngelTypes` SET `room_id`='%s', `angel_type_id`='%s', `count`='%s'", sql_escape($id), sql_escape($angeltype_id), sql_escape($angeltype_count)));
                            $needed_angeltype_info[] = $angeltype['name'] . ": " . $angeltype_count;
                        }
                    }
                    engelsystem_log("Set needed angeltypes of location " . $name . " to: " . join(", ", $needed_angeltype_info));
                    success(_("Location saved."));
                    redirect(page_link_to("admin_rooms"));
                }
            }
            $angeltypes_count_form = array();
            foreach ($angeltypes as $angeltype_id => $angeltype) {
                $angeltypes_count_form[] = div('col-lg-4 col-md-6 col-xs-6', array(form_spinner('angeltype_count_' . $angeltype_id, $angeltype, $angeltypes_count[$angeltype_id])));
            }
            $form_elements = [];
            $form_elements[] = form_text('name', _("Name"), $name);
            $form_elements[] = form_text('location', _("Location"), $location);
            $form_elements[] = form_text('Lat', _("Latitude"), $lat, false, false);
            $form_elements[] = form_text('Long', _("Longitude"), $long, false, false);
            if ($enable_frab_import) {
                $form_elements[] = form_checkbox('from_pentabarf', _("Frab import"), $from_pentabarf);
            }
            $form_elements[] = form_checkbox('public', _("Public"), $public);
            $form_elements[] = form_text('number', _("Room number"), $number);
            return page_with_title(admin_rooms_title(), array(buttons(array(button(page_link_to('admin_rooms'), _("back"), 'back'))), $msg, form(array(div('row', array(div('col-md-6', $form_elements), div('col-md-6', array(div('row', array(div('col-md-12', array(form_info(_("Needed angels:")))), join($angeltypes_count_form))))), script("\n                            jQuery(function (\$) {\n                                var input = \$(\"input[id='form_location']\");\n                                var inputElement = document.getElementById(input.attr('id'));\n                                var searchBox = new google.maps.places.SearchBox(inputElement);\n                                searchBox.addListener('places_changed', function() {\n                                    var places = searchBox.getPlaces();\n                                    if (places.length == 0) {\n                                      return;\n                                    }\n\n                                    var place = places.pop();\n                                    var lat = place.geometry.location.lat();\n                                    var long = place.geometry.location.lng();\n\n                                    \$(\"input[id='form_lat']\").val(lat);\n                                    \$(\"input[id='form_long']\").val(long);\n                                });\n\n                                // suppress form submit on enter\n                                input.keypress(function (event) {\n                                    if (event.keyCode === 13) {\n                                        return false;\n                                    }\n                                });\n                            });\n                        "))), form_submit('submit', _("Save"))))));
        } elseif ($_REQUEST['show'] == 'delete') {
            if (isset($_REQUEST['ack'])) {
                sql_query("DELETE FROM `Room` WHERE `RID`='" . sql_escape($id) . "' LIMIT 1");
                sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($id) . "' LIMIT 1");
                engelsystem_log("Location deleted: " . $name);
                success(sprintf(_("Location %s deleted."), $name));
                redirect(page_link_to('admin_rooms'));
            }
            return page_with_title(admin_rooms_title(), array(buttons(array(button(page_link_to('admin_rooms'), _("back"), 'back'))), sprintf(_("Do you want to delete location %s?"), $name), buttons(array(button(page_link_to('admin_rooms') . '&show=delete&id=' . $id . '&ack', _("Delete"), 'delete')))));
        }
    }
    $table_columns = array('name' => _("Name"), 'from_pentabarf' => _("Frab import"), 'public' => _("Public"), 'actions' => "");
    if (!$enable_frab_import) {
        unset($table_columns['from_pentabarf']);
    }
    return page_with_title(admin_rooms_title(), array(buttons(array(button(page_link_to('admin_rooms') . '&show=edit', _("add")))), msg(), table($table_columns, $rooms)));
}
Пример #15
0
function admin_questions()
{
    global $user;
    if (!isset($_REQUEST['action'])) {
        $unanswered_questions_table = array();
        $questions = sql_select("SELECT * FROM `Questions` WHERE `AID` IS NULL");
        foreach ($questions as $question) {
            $user_source = User($question['UID']);
            if ($user_source === false) {
                engelsystem_error("Unable to load user.");
            }
            $unanswered_questions_table[] = array('from' => User_Nick_render($user_source), 'question' => str_replace("\n", "<br />", $question['Question']), 'answer' => form(array(form_textarea('answer', '', ''), form_submit('submit', _("Save"))), page_link_to('admin_questions') . '&action=answer&id=' . $question['QID']), 'actions' => button(page_link_to("admin_questions") . '&action=delete&id=' . $question['QID'], _("delete"), 'btn-xs'));
        }
        $answered_questions_table = array();
        $questions = sql_select("SELECT * FROM `Questions` WHERE NOT `AID` IS NULL");
        foreach ($questions as $question) {
            $user_source = User($question['UID']);
            if ($user_source === false) {
                engelsystem_error("Unable to load user.");
            }
            $answer_user_source = User($question['AID']);
            if ($answer_user_source === false) {
                engelsystem_error("Unable to load user.");
            }
            $answered_questions_table[] = array('from' => User_Nick_render($user_source), 'question' => str_replace("\n", "<br />", $question['Question']), 'answered_by' => User_Nick_render($answer_user_source), 'answer' => str_replace("\n", "<br />", $question['Answer']), 'actions' => button(page_link_to("admin_questions") . '&action=delete&id=' . $question['QID'], _("delete"), 'btn-xs'));
        }
        return page_with_title(admin_questions_title(), array('<h2>' . _("Unanswered questions") . '</h2>', table(array('from' => _("From"), 'question' => _("Question"), 'answer' => _("Answer"), 'actions' => ''), $unanswered_questions_table), '<h2>' . _("Answered questions") . '</h2>', table(array('from' => _("From"), 'question' => _("Question"), 'answered_by' => _("Answered by"), 'answer' => _("Answer"), 'actions' => ''), $answered_questions_table)));
    } else {
        switch ($_REQUEST['action']) {
            case 'answer':
                if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) {
                    $id = $_REQUEST['id'];
                } else {
                    return error("Incomplete call, missing Question ID.", true);
                }
                $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1");
                if (count($question) > 0 && $question[0]['AID'] == null) {
                    $answer = trim(preg_replace("/([^\\p{L}\\p{P}\\p{Z}\\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer'])));
                    if ($answer != "") {
                        sql_query("UPDATE `Questions` SET `AID`='" . sql_escape($user['UID']) . "', `Answer`='" . sql_escape($answer) . "' WHERE `QID`='" . sql_escape($id) . "' LIMIT 1");
                        engelsystem_log("Question " . $question[0]['Question'] . " answered: " . $answer);
                        redirect(page_link_to("admin_questions"));
                    } else {
                        return error("Gib eine Antwort ein!", true);
                    }
                } else {
                    return error("No question found.", true);
                }
                break;
            case 'delete':
                if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) {
                    $id = $_REQUEST['id'];
                } else {
                    return error("Incomplete call, missing Question ID.", true);
                }
                $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1");
                if (count($question) > 0) {
                    sql_query("DELETE FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1");
                    engelsystem_log("Question deleted: " . $question[0]['Question']);
                    redirect(page_link_to("admin_questions"));
                } else {
                    return error("No question found.", true);
                }
                break;
        }
    }
}
Пример #16
0
function user_shifts()
{
    global $user, $privileges, $max_freeloadable_shifts;
    if (User_is_freeloader($user)) {
        redirect(page_link_to('user_myshifts'));
    }
    // Locations laden
    $rooms = sql_select("SELECT * FROM `Room` WHERE `show`='Y' ORDER BY `Name`");
    $room_array = array();
    foreach ($rooms as $room) {
        $room_array[$room['RID']] = $room['Name'];
    }
    // Löschen einzelner Schicht-Einträge (Also Belegung einer Schicht von Engeln) durch Admins
    if (isset($_REQUEST['entry_id']) && in_array('user_shifts_admin', $privileges)) {
        if (isset($_REQUEST['entry_id']) && test_request_int('entry_id')) {
            $entry_id = $_REQUEST['entry_id'];
        } else {
            redirect(page_link_to('user_shifts'));
        }
        $shift_entry_source = sql_select("\n        SELECT `User`.`Nick`, `ShiftEntry`.`Comment`, `ShiftEntry`.`UID`, `ShiftTypes`.`name`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type` \n        FROM `ShiftEntry` \n        JOIN `User` ON (`User`.`UID`=`ShiftEntry`.`UID`) \n        JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) \n        JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) \n        JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n        JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) \n        WHERE `ShiftEntry`.`id`='" . sql_escape($entry_id) . "'");
        if (count($shift_entry_source) > 0) {
            $shift_entry_source = $shift_entry_source[0];
            $result = ShiftEntry_delete($entry_id);
            if ($result === false) {
                engelsystem_error('Unable to delete shift entry.');
            }
            engelsystem_log("Deleted " . User_Nick_render($shift_entry_source) . "'s shift: " . $shift_entry_source['name'] . " at " . $shift_entry_source['Name'] . " from " . date("y-m-d H:i", $shift_entry_source['start']) . " to " . date("y-m-d H:i", $shift_entry_source['end']) . " as " . $shift_entry_source['angel_type']);
            success(_("Shift entry deleted."));
        } else {
            error(_("Entry not found."));
        }
        redirect(page_link_to('user_shifts'));
    } elseif (isset($_REQUEST['edit_shift']) && in_array('admin_shifts', $privileges)) {
        $msg = "";
        $ok = true;
        if (isset($_REQUEST['edit_shift']) && test_request_int('edit_shift')) {
            $shift_id = $_REQUEST['edit_shift'];
        } else {
            redirect(page_link_to('user_shifts'));
        }
        $shift = sql_select("\n        SELECT `ShiftTypes`.`name`, `Shifts`.*, `Room`.* FROM `Shifts` \n        JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) \n        JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n        WHERE `SID`='" . sql_escape($shift_id) . "'");
        if (count($shift) == 0) {
            redirect(page_link_to('user_shifts'));
        }
        $shift = $shift[0];
        // Engeltypen laden
        $types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
        $angel_types = array();
        $needed_angel_types = array();
        foreach ($types as $type) {
            $angel_types[$type['id']] = $type;
            $needed_angel_types[$type['id']] = 0;
        }
        $shifttypes_source = ShiftTypes();
        $shifttypes = [];
        foreach ($shifttypes_source as $shifttype) {
            $shifttypes[$shifttype['id']] = $shifttype['name'];
        }
        // Benötigte Engeltypen vom Raum
        $needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`room_id`='" . sql_escape($shift['RID']) . "') ORDER BY `AngelTypes`.`name`");
        foreach ($needed_angel_types_source as $type) {
            if ($type['count'] != "") {
                $needed_angel_types[$type['id']] = $type['count'];
            }
        }
        // Benötigte Engeltypen von der Schicht
        $needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`shift_id`='" . sql_escape($shift_id) . "') ORDER BY `AngelTypes`.`name`");
        foreach ($needed_angel_types_source as $type) {
            if ($type['count'] != "") {
                $needed_angel_types[$type['id']] = $type['count'];
            }
        }
        $shifttype_id = $shift['shifttype_id'];
        $title = $shift['title'];
        $rid = $shift['RID'];
        $start = $shift['start'];
        $end = $shift['end'];
        if (isset($_REQUEST['submit'])) {
            // Name/Bezeichnung der Schicht, darf leer sein
            $title = strip_request_item('title');
            // Auswahl der sichtbaren Locations für die Schichten
            if (isset($_REQUEST['rid']) && preg_match("/^[0-9]+\$/", $_REQUEST['rid']) && isset($room_array[$_REQUEST['rid']])) {
                $rid = $_REQUEST['rid'];
            } else {
                $ok = false;
                $rid = $rooms[0]['RID'];
                $msg .= error(_("Please select a room."), true);
            }
            if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) {
                $shifttype_id = $_REQUEST['shifttype_id'];
            } else {
                $ok = false;
                $msg .= error(_('Please select a shifttype.'), true);
            }
            if (isset($_REQUEST['start']) && ($tmp = DateTime::createFromFormat("Y-m-d H:i", trim($_REQUEST['start'])))) {
                $start = $tmp->getTimestamp();
            } else {
                $ok = false;
                $msg .= error(_("Please enter a valid starting time for the shifts."), true);
            }
            if (isset($_REQUEST['end']) && ($tmp = DateTime::createFromFormat("Y-m-d H:i", trim($_REQUEST['end'])))) {
                $end = $tmp->getTimestamp();
            } else {
                $ok = false;
                $msg .= error(_("Please enter a valid ending time for the shifts."), true);
            }
            if ($start >= $end) {
                $ok = false;
                $msg .= error(_("The ending time has to be after the starting time."), true);
            }
            foreach ($needed_angel_types_source as $type) {
                if (isset($_REQUEST['type_' . $type['id']]) && preg_match("/^[0-9]+\$/", trim($_REQUEST['type_' . $type['id']]))) {
                    $needed_angel_types[$type['id']] = trim($_REQUEST['type_' . $type['id']]);
                } else {
                    $ok = false;
                    $msg .= error(sprintf(_("Please check your input for needed angels of type %s."), $type['name']), true);
                }
            }
            if ($ok) {
                $shift['shifttype_id'] = $shifttype_id;
                $shift['title'] = $title;
                $shift['RID'] = $rid;
                $shift['start'] = $start;
                $shift['end'] = $end;
                $result = Shift_update($shift);
                if ($result === false) {
                    engelsystem_error('Unable to update shift.');
                }
                sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`='" . sql_escape($shift_id) . "'");
                $needed_angel_types_info = array();
                foreach ($needed_angel_types as $type_id => $count) {
                    sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`='" . sql_escape($shift_id) . "', `angel_type_id`='" . sql_escape($type_id) . "', `count`='" . sql_escape($count) . "'");
                    $needed_angel_types_info[] = $angel_types[$type_id]['name'] . ": " . $count;
                }
                engelsystem_log("Updated shift '" . $name . "' from " . date("y-m-d H:i", $start) . " to " . date("y-m-d H:i", $end) . " with angel types " . join(", ", $needed_angel_types_info));
                success(_("Shift updated."));
                redirect(shift_link(['SID' => $shift_id]));
            }
        }
        $room_select = html_select_key('rid', 'rid', $room_array, $rid);
        $angel_types = "";
        foreach ($types as $type) {
            $angel_types .= form_spinner('type_' . $type['id'], $type['name'], $needed_angel_types[$type['id']]);
        }
        return page_with_title(shifts_title(), array(msg(), '<noscript>' . info(_("This page is much more comfortable with javascript."), true) . '</noscript>', form(array(form_select('shifttype_id', _('Shifttype'), $shifttypes, $shifttype_id), form_text('title', _("Title"), $title), form_select('rid', _("Room:"), $room_array, $rid), form_text('start', _("Start:"), date("Y-m-d H:i", $start)), form_text('end', _("End:"), date("Y-m-d H:i", $end)), '<h2>' . _("Needed angels") . '</h2>', $angel_types, form_submit('submit', _("Save"))))));
    } elseif (isset($_REQUEST['delete_shift']) && in_array('user_shifts_admin', $privileges)) {
        if (isset($_REQUEST['delete_shift']) && preg_match("/^[0-9]*\$/", $_REQUEST['delete_shift'])) {
            $shift_id = $_REQUEST['delete_shift'];
        } else {
            redirect(page_link_to('user_shifts'));
        }
        $shift = Shift($shift_id);
        if ($shift === false) {
            engelsystem_error('Unable to load shift.');
        }
        if ($shift == null) {
            redirect(page_link_to('user_shifts'));
        }
        // Schicht löschen bestätigt
        if (isset($_REQUEST['delete'])) {
            $result = Shift_delete($shift_id);
            if ($result === false) {
                engelsystem_error('Unable to delete shift.');
            }
            engelsystem_log("Deleted shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end']));
            success(_("Shift deleted."));
            redirect(page_link_to('user_shifts'));
        }
        return page_with_title(shifts_title(), array(error(sprintf(_("Do you want to delete the shift %s from %s to %s?"), $shift['name'], date("Y-m-d H:i", $shift['start']), date("H:i", $shift['end'])), true), '<a class="button" href="?p=user_shifts&delete_shift=' . $shift_id . '&delete">' . _("delete") . '</a>'));
    } elseif (isset($_REQUEST['shift_id'])) {
        if (isset($_REQUEST['shift_id']) && preg_match("/^[0-9]*\$/", $_REQUEST['shift_id'])) {
            $shift_id = $_REQUEST['shift_id'];
        } else {
            redirect(page_link_to('user_shifts'));
        }
        $shift = Shift($shift_id);
        $room;
        $shift['Name'] = $room_array[$shift['RID']];
        if ($shift === false) {
            engelsystem_error('Unable to load shift.');
        }
        if ($shift == null) {
            redirect(page_link_to('user_shifts'));
        }
        if (isset($_REQUEST['type_id']) && preg_match("/^[0-9]*\$/", $_REQUEST['type_id'])) {
            $type_id = $_REQUEST['type_id'];
        } else {
            redirect(page_link_to('user_shifts'));
        }
        if (in_array('user_shifts_admin', $privileges)) {
            $type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($type_id) . "' LIMIT 1");
        } else {
            $type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1");
        }
        if (count($type) == 0) {
            redirect(page_link_to('user_shifts'));
        }
        $type = $type[0];
        if (!Shift_signup_allowed($shift, $type)) {
            error(_('You are not allowed to sign up for this shift. Maybe shift is full or already running.'));
            redirect(shift_link($shift));
        }
        if (isset($_REQUEST['submit'])) {
            $selected_type_id = $type_id;
            if (in_array('user_shifts_admin', $privileges)) {
                if (isset($_REQUEST['user_id']) && preg_match("/^[0-9]*\$/", $_REQUEST['user_id'])) {
                    $user_id = $_REQUEST['user_id'];
                } else {
                    $user_id = $user['UID'];
                }
                if (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1") == 0) {
                    redirect(page_link_to('user_shifts'));
                }
                if (isset($_REQUEST['angeltype_id']) && test_request_int('angeltype_id') && sql_num_query("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($_REQUEST['angeltype_id']) . "' LIMIT 1") > 0) {
                    $selected_type_id = $_REQUEST['angeltype_id'];
                }
            } else {
                $user_id = $user['UID'];
            }
            if (sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `UID` = '" . sql_escape($user_id) . "'")) {
                return error("This angel does already have an entry for this shift.", true);
            }
            $freeloaded = $shift['freeloaded'];
            $freeload_comment = $shift['freeload_comment'];
            if (in_array("user_shifts_admin", $privileges)) {
                $freeloaded = isset($_REQUEST['freeloaded']);
                $freeload_comment = strip_request_item_nl('freeload_comment');
            }
            $comment = strip_request_item_nl('comment');
            $result = ShiftEntry_create(array('SID' => $shift_id, 'TID' => $selected_type_id, 'UID' => $user_id, 'Comment' => $comment, 'freeloaded' => $freeloaded, 'freeload_comment' => $freeload_comment));
            if ($result === false) {
                engelsystem_error('Unable to create shift entry.');
            }
            if ($type['restricted'] == 0 && sql_num_query("SELECT * FROM `UserAngelTypes` INNER JOIN `AngelTypes` ON `AngelTypes`.`id` = `UserAngelTypes`.`angeltype_id` WHERE `angeltype_id` = '" . sql_escape($selected_type_id) . "' AND `user_id` = '" . sql_escape($user_id) . "' ") == 0) {
                sql_query("INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`) VALUES ('" . sql_escape($user_id) . "', '" . sql_escape($selected_type_id) . "')");
            }
            $user_source = User($user_id);
            engelsystem_log("User " . User_Nick_render($user_source) . " signed up for shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end']));
            success(_("You are subscribed. Thank you!") . ' <a href="' . page_link_to('user_myshifts') . '">' . _("My shifts") . ' &raquo;</a>');
            redirect(shift_link($shift));
        }
        if (in_array('user_shifts_admin', $privileges)) {
            $users = sql_select("SELECT *, (SELECT count(*) FROM `ShiftEntry` WHERE `freeloaded`=1 AND `ShiftEntry`.`UID`=`User`.`UID`) AS `freeloaded` FROM `User` ORDER BY `Nick`");
            $users_select = array();
            foreach ($users as $usr) {
                $users_select[$usr['UID']] = $usr['Nick'] . ($usr['freeloaded'] == 0 ? "" : " (" . _("Freeloader") . ")");
            }
            $user_text = html_select_key('user_id', 'user_id', $users_select, $user['UID']);
            $angeltypes_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
            $angeltypes = array();
            foreach ($angeltypes_source as $angeltype) {
                $angeltypes[$angeltype['id']] = $angeltype['name'];
            }
            $angeltyppe_select = html_select_key('angeltype_id', 'angeltype_id', $angeltypes, $type['id']);
        } else {
            $user_text = User_Nick_render($user);
            $angeltyppe_select = $type['name'];
        }
        return ShiftEntry_edit_view($user_text, date("Y-m-d H:i", $shift['start']) . ' &ndash; ' . date('Y-m-d H:i', $shift['end']) . ' (' . shift_length($shift) . ')', $shift['Name'], $shift['name'], $angeltyppe_select, "", false, null, in_array('user_shifts_admin', $privileges));
    } else {
        return view_user_shifts();
    }
}
Пример #17
0
function user_myshifts()
{
    global $LETZTES_AUSTRAGEN;
    global $user, $privileges;
    $msg = "";
    if (isset($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}\$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($_REQUEST['id']) . "'") > 0) {
        $id = $_REQUEST['id'];
    } else {
        $id = $user['UID'];
    }
    list($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
    if (isset($_REQUEST['reset'])) {
        if ($_REQUEST['reset'] == "ack") {
            User_reset_api_key($user);
            success(_("Key changed."));
            redirect(page_link_to('user_myshifts'));
        }
        return page_with_title(_("Reset API key"), array(error(_("If you reset the key, the url to your iCal- and JSON-export and your atom feed changes! You have to update it in every application using one of these exports."), true), button(page_link_to('user_myshifts') . '&reset=ack', _("Continue"), 'btn-danger')));
    } elseif (isset($_REQUEST['edit']) && preg_match("/^[0-9]*\$/", $_REQUEST['edit'])) {
        $id = $_REQUEST['edit'];
        $shift = sql_select("SELECT\n        `ShiftEntry`.`freeloaded`,\n        `ShiftEntry`.`freeload_comment`,\n        `ShiftEntry`.`Comment`,\n        `ShiftEntry`.`UID`,\n        `ShiftTypes`.`name`,\n        `Shifts`.*,\n        `Room`.`Name`,\n        `AngelTypes`.`name` as `angel_type`\n        FROM `ShiftEntry`\n        JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`)\n        JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`)\n        JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n        JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`)\n        WHERE `ShiftEntry`.`id`='" . sql_escape($id) . "'\n        AND `UID`='" . sql_escape($shifts_user['UID']) . "' LIMIT 1");
        if (count($shift) > 0) {
            $shift = $shift[0];
            if (isset($_REQUEST['submit'])) {
                $freeloaded = $shift['freeloaded'];
                $freeload_comment = $shift['freeload_comment'];
                if (in_array("user_shifts_admin", $privileges)) {
                    $freeloaded = isset($_REQUEST['freeloaded']);
                    $freeload_comment = strip_request_item_nl('freeload_comment');
                }
                $comment = strip_request_item_nl('comment');
                $user_source = User($shift['UID']);
                $result = ShiftEntry_update(array('id' => $id, 'Comment' => $comment, 'freeloaded' => $freeloaded, 'freeload_comment' => $freeload_comment));
                if ($result === false) {
                    engelsystem_error('Unable to update shift entr.');
                }
                engelsystem_log("Updated " . User_Nick_render($user_source) . "'s shift " . $shift['name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']) . " with comment " . $comment . ". Freeloaded: " . ($freeloaded ? "YES Comment: " . $freeload_comment : "NO"));
                success(_("Shift saved."));
                redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']);
            }
            return ShiftEntry_edit_view(User_Nick_render($shifts_user), date("Y-m-d H:i", $shift['start']) . ', ' . shift_length($shift), $shift['Name'], $shift['name'], $shift['angel_type'], $shift['Comment'], $shift['freeloaded'], $shift['freeload_comment'], in_array("user_shifts_admin", $privileges));
        } else {
            redirect(page_link_to('user_myshifts'));
        }
    } elseif (isset($_REQUEST['cancel']) && preg_match("/^[0-9]*\$/", $_REQUEST['cancel'])) {
        $id = $_REQUEST['cancel'];
        $shift = sql_select("\n        SELECT *\n        FROM `Shifts` \n        INNER JOIN `ShiftEntry` USING (`SID`) \n        WHERE `ShiftEntry`.`id`='" . sql_escape($id) . "' AND `UID`='" . sql_escape($shifts_user['UID']) . "'");
        if (count($shift) > 0) {
            $shift = $shift[0];
            if ($shift['start'] > time() + $LETZTES_AUSTRAGEN * 3600 || in_array('user_shifts_admin', $privileges)) {
                $result = ShiftEntry_delete($id);
                if ($result === false) {
                    engelsystem_error('Unable to delete shift entry.');
                }
                $room = Room($shift['RID']);
                $angeltype = AngelType($shift['TID']);
                $shifttype = ShiftType($shift['shifttype_id']);
                engelsystem_log("Deleted own shift: " . $shifttype['name'] . " at " . $room['Name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']) . " as " . $angeltype['name']);
                success(_("You have been signed off from the shift."));
            } else {
                error(_("It's too late to sign yourself off the shift. If neccessary, ask the dispatcher to do so."));
            }
        } else {
            redirect(user_link($shifts_user));
        }
    }
    redirect(page_link_to('users') . '&action=view');
}
/**
 * List all shift types.
 */
function shifttypes_list_controller()
{
    $shifttypes = ShiftTypes();
    if ($shifttypes === false) {
        engelsystem_error("Unable to load shifttypes.");
    }
    return [shifttypes_title(), ShiftTypes_list_view($shifttypes)];
}
Пример #19
0
function admin_import()
{
    global $rooms_import;
    global $user;
    $html = "";
    $step = "input";
    if (isset($_REQUEST['step']) && in_array($step, ['input', 'check', 'import'])) {
        $step = $_REQUEST['step'];
    }
    if ($test_handle = fopen('../import/tmp', 'w')) {
        fclose($test_handle);
        unlink('../import/tmp');
    } else {
        error(_('Webserver has no write-permission on import directory.'));
    }
    $import_file = '../import/import_' . $user['UID'] . '.xml';
    $shifttype_id = null;
    $shifttypes_source = ShiftTypes();
    if ($shifttypes_source === false) {
        engelsystem_error('Unable to load shifttypes.');
    }
    $shifttypes = [];
    foreach ($shifttypes_source as $shifttype) {
        $shifttypes[$shifttype['id']] = $shifttype['name'];
    }
    switch ($step) {
        case 'input':
            $ok = false;
            if (isset($_REQUEST['submit'])) {
                $ok = true;
                if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) {
                    $shifttype_id = $_REQUEST['shifttype_id'];
                } else {
                    $ok = false;
                    error(_('Please select a shift type.'));
                }
                if (isset($_FILES['xcal_file']) && $_FILES['xcal_file']['error'] == 0) {
                    if (move_uploaded_file($_FILES['xcal_file']['tmp_name'], $import_file)) {
                        libxml_use_internal_errors(true);
                        if (simplexml_load_file($import_file) === false) {
                            $ok = false;
                            error(_('No valid xml/xcal file provided.'));
                            unlink($import_file);
                        }
                    } else {
                        $ok = false;
                        error(_('File upload went wrong.'));
                    }
                } else {
                    $ok = false;
                    error(_('Please provide some data.'));
                }
            }
            if ($ok) {
                redirect(page_link_to('admin_import') . "&step=check&shifttype_id=" . $shifttype_id);
            } else {
                $html .= div('well well-sm text-center', [_('File Upload') . mute(glyph('arrow-right')) . mute(_('Validation')) . mute(glyph('arrow-right')) . mute(_('Import'))]) . div('row', [div('col-md-offset-3 col-md-6', [form(array(form_info('', _("This import will create/update/delete rooms and shifts by given FRAB-export file. The needed file format is xcal.")), form_select('shifttype_id', _('Shifttype'), $shifttypes, $shifttype_id), form_file('xcal_file', _("xcal-File (.xcal)")), form_submit('submit', _("Import"))))])]);
            }
            break;
        case 'check':
            if (!file_exists($import_file)) {
                error(_('Missing import file.'));
                redirect(page_link_to('admin_import'));
            }
            if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) {
                $shifttype_id = $_REQUEST['shifttype_id'];
            } else {
                error(_('Please select a shift type.'));
                redirect(page_link_to('admin_import'));
            }
            list($rooms_new, $rooms_deleted) = prepare_rooms($import_file);
            list($events_new, $events_updated, $events_deleted) = prepare_events($import_file, $shifttype_id);
            $html .= div('well well-sm text-center', ['<span class="text-success">' . _('File Upload') . glyph('ok-circle') . '</span>' . mute(glyph('arrow-right')) . _('Validation') . mute(glyph('arrow-right')) . mute(_('Import'))]) . form([div('row', [div('col-sm-6', ['<h3>' . _("Rooms to create") . '</h3>', table(_("Name"), $rooms_new)]), div('col-sm-6', ['<h3>' . _("Rooms to delete") . '</h3>', table(_("Name"), $rooms_deleted)])]), '<h3>' . _("Shifts to create") . '</h3>', table(array('day' => _("Day"), 'start' => _("Start"), 'end' => _("End"), 'shifttype' => _('Shift type'), 'title' => _("Title"), 'room' => _("Room")), shifts_printable($events_new, $shifttypes)), '<h3>' . _("Shifts to update") . '</h3>', table(array('day' => _("Day"), 'start' => _("Start"), 'end' => _("End"), 'shifttype' => _('Shift type'), 'title' => _("Title"), 'room' => _("Room")), shifts_printable($events_updated, $shifttypes)), '<h3>' . _("Shifts to delete") . '</h3>', table(array('day' => _("Day"), 'start' => _("Start"), 'end' => _("End"), 'shifttype' => _('Shift type'), 'title' => _("Title"), 'room' => _("Room")), shifts_printable($events_deleted, $shifttypes)), form_submit('submit', _("Import"))], page_link_to('admin_import') . '&step=import&shifttype_id=' . $shifttype_id);
            break;
        case 'import':
            if (!file_exists($import_file)) {
                error(_('Missing import file.'));
                redirect(page_link_to('admin_import'));
            }
            if (!file_exists($import_file)) {
                redirect(page_link_to('admin_import'));
            }
            if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) {
                $shifttype_id = $_REQUEST['shifttype_id'];
            } else {
                error(_('Please select a shift type.'));
                redirect(page_link_to('admin_import'));
            }
            list($rooms_new, $rooms_deleted) = prepare_rooms($import_file);
            foreach ($rooms_new as $room) {
                $result = Room_create($room, true, true);
                if ($result === false) {
                    engelsystem_error('Unable to create room.');
                }
                $rooms_import[trim($room)] = sql_id();
            }
            foreach ($rooms_deleted as $room) {
                sql_query("DELETE FROM `Room` WHERE `Name`='" . sql_escape($room) . "' LIMIT 1");
            }
            list($events_new, $events_updated, $events_deleted) = prepare_events($import_file, $shifttype_id);
            foreach ($events_new as $event) {
                $result = Shift_create($event);
                if ($result === false) {
                    engelsystem_error('Unable to create shift.');
                }
            }
            foreach ($events_updated as $event) {
                $result = Shift_update_by_psid($event);
                if ($result === false) {
                    engelsystem_error('Unable to update shift.');
                }
            }
            foreach ($events_deleted as $event) {
                $result = Shift_delete_by_psid($event['PSID']);
                if ($result === false) {
                    engelsystem_error('Unable to delete shift.');
                }
            }
            engelsystem_log("Pentabarf import done");
            unlink($import_file);
            $html .= div('well well-sm text-center', ['<span class="text-success">' . _('File Upload') . glyph('ok-circle') . '</span>' . mute(glyph('arrow-right')) . '<span class="text-success">' . _('Validation') . glyph('ok-circle') . '</span>' . mute(glyph('arrow-right')) . '<span class="text-success">' . _('Import') . glyph('ok-circle') . '</span>']) . success(_("It's done!"), true);
            break;
        default:
            redirect(page_link_to('admin_import'));
    }
    return page_with_title(admin_import_title(), [msg(), $html]);
}
Пример #20
0
function user_messages()
{
    global $user;
    if (!isset($_REQUEST['action'])) {
        $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`='" . sql_escape($user['UID']) . "' ORDER BY `Nick`");
        $to_select_data = array("" => _("Select recipient..."));
        foreach ($users as $u) {
            $to_select_data[$u['UID']] = $u['Nick'];
        }
        $to_select = html_select_key('to', 'to', $to_select_data, '');
        $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`='" . sql_escape($user['UID']) . "' OR `RUID`='" . sql_escape($user['UID']) . "' ORDER BY `isRead`,`Datum` DESC");
        $messages_table = [['news' => '', 'timestamp' => date("Y-m-d H:i"), 'from' => User_Nick_render($user), 'to' => $to_select, 'text' => form_textarea('text', '', ''), 'actions' => form_submit('submit', _("Save"))]];
        foreach ($messages as $message) {
            $sender_user_source = User($message['SUID']);
            if ($sender_user_source === false) {
                engelsystem_error(_("Unable to load user."));
            }
            $receiver_user_source = User($message['RUID']);
            if ($receiver_user_source === false) {
                engelsystem_error(_("Unable to load user."));
            }
            $messages_table_entry = array('new' => $message['isRead'] == 'N' ? '<span class="glyphicon glyphicon-envelope"></span>' : '', 'timestamp' => date("Y-m-d H:i", $message['Datum']), 'from' => User_Nick_render($sender_user_source), 'to' => User_Nick_render($receiver_user_source), 'text' => str_replace("\n", '<br />', $message['Text']));
            if ($message['RUID'] == $user['UID']) {
                if ($message['isRead'] == 'N') {
                    $messages_table_entry['actions'] = button(page_link_to("user_messages") . '&action=read&id=' . $message['id'], _("mark as read"), 'btn-xs');
                }
            } else {
                $messages_table_entry['actions'] = button(page_link_to("user_messages") . '&action=delete&id=' . $message['id'], _("delete message"), 'btn-xs');
            }
            $messages_table[] = $messages_table_entry;
        }
        return page_with_title(messages_title(), array(msg(), sprintf(_("Hello %s, here can you leave messages for other angels"), User_Nick_render($user)), form(array(table(array('new' => _("New"), 'timestamp' => _("Date"), 'from' => _("Transmitted"), 'to' => _("Recipient"), 'text' => _("Message"), 'actions' => ''), $messages_table)), page_link_to('user_messages') . '&action=send')));
    } else {
        switch ($_REQUEST['action']) {
            case "read":
                if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) {
                    $id = $_REQUEST['id'];
                } else {
                    return error(_("Incomplete call, missing Message ID."), true);
                }
                $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1");
                if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) {
                    sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`='" . sql_escape($id) . "' LIMIT 1");
                    redirect(page_link_to("user_messages"));
                } else {
                    return error(_("No Message found."), true);
                }
                break;
            case "delete":
                if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) {
                    $id = $_REQUEST['id'];
                } else {
                    return error(_("Incomplete call, missing Message ID."), true);
                }
                $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1");
                if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) {
                    sql_query("DELETE FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1");
                    redirect(page_link_to("user_messages"));
                } else {
                    return error(_("No Message found."), true);
                }
                break;
            case "send":
                if (Message_send($_REQUEST['to'], $_REQUEST['text']) === true) {
                    redirect(page_link_to("user_messages"));
                } else {
                    return error(_("Transmitting was terminated with an Error."), true);
                }
                break;
            default:
                return error(_("Wrong action."), true);
        }
    }
}