function view_user_shifts() { global $user, $privileges; global $ical_shifts; $ical_shifts = array(); $days = sql_select_single_col("\n SELECT DISTINCT DATE(FROM_UNIXTIME(`start`)) AS `id`, DATE(FROM_UNIXTIME(`start`)) AS `name` \n FROM `Shifts` \n ORDER BY `start`"); if (count($days) == 0) { error(_("The administration has not configured any shifts yet.")); redirect('?'); } $rooms = sql_select("SELECT `RID` AS `id`, `Name` AS `name` FROM `Room` WHERE `show`='Y' ORDER BY `Name`"); if (count($rooms) == 0) { error(_("The administration has not configured any rooms yet.")); redirect('?'); } if (in_array('user_shifts_admin', $privileges)) { $types = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `AngelTypes`.`name`"); } else { $types = sql_select("SELECT `AngelTypes`.`id`, `AngelTypes`.`name`, (`AngelTypes`.`restricted`=0 OR (NOT `UserAngelTypes`.`confirm_user_id` IS NULL OR `UserAngelTypes`.`id` IS NULL)) as `enabled` FROM `AngelTypes` LEFT JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id`=`AngelTypes`.`id` AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "') ORDER BY `AngelTypes`.`name`"); } if (empty($types)) { $types = sql_select("SELECT `id`, `name` FROM `AngelTypes` WHERE `restricted` = 0"); } $filled = array(array('id' => '1', 'name' => _('occupied')), array('id' => '0', 'name' => _('free'))); if (count($types) == 0) { error(_("The administration has not configured any angeltypes yet - or you are not subscribed to any angeltype.")); redirect('?'); } if (!isset($_SESSION['user_shifts'])) { $_SESSION['user_shifts'] = array(); } if (!isset($_SESSION['user_shifts']['filled'])) { // User shift admins see free and occupied shifts by default $_SESSION['user_shifts']['filled'] = in_array('user_shifts_admin', $privileges) ? [0, 1] : [0]; } foreach (array('rooms', 'types', 'filled') as $key) { if (isset($_REQUEST[$key])) { $filtered = array_filter($_REQUEST[$key], 'is_numeric'); if (!empty($filtered)) { $_SESSION['user_shifts'][$key] = $filtered; } unset($filtered); } if (!isset($_SESSION['user_shifts'][$key])) { $_SESSION['user_shifts'][$key] = array_map('get_ids_from_array', ${$key}); } } if (isset($_REQUEST['rooms'])) { if (isset($_REQUEST['new_style'])) { $_SESSION['user_shifts']['new_style'] = true; } else { $_SESSION['user_shifts']['new_style'] = false; } } if (!isset($_SESSION['user_shifts']['new_style'])) { $_SESSION['user_shifts']['new_style'] = true; } foreach (array('start', 'end') as $key) { if (isset($_REQUEST[$key . '_day']) && in_array($_REQUEST[$key . '_day'], $days)) { $_SESSION['user_shifts'][$key . '_day'] = $_REQUEST[$key . '_day']; } if (isset($_REQUEST[$key . '_time']) && preg_match('#^\\d{1,2}:\\d\\d$#', $_REQUEST[$key . '_time'])) { $_SESSION['user_shifts'][$key . '_time'] = $_REQUEST[$key . '_time']; } if (!isset($_SESSION['user_shifts'][$key . '_day'])) { $time = date('Y-m-d', time() + ($key == 'end' ? 24 * 60 * 60 : 0)); $_SESSION['user_shifts'][$key . '_day'] = in_array($time, $days) ? $time : ($key == 'end' ? max($days) : min($days)); } if (!isset($_SESSION['user_shifts'][$key . '_time'])) { $_SESSION['user_shifts'][$key . '_time'] = date('H:i'); } } if ($_SESSION['user_shifts']['start_day'] > $_SESSION['user_shifts']['end_day']) { $_SESSION['user_shifts']['end_day'] = $_SESSION['user_shifts']['start_day']; } if ($_SESSION['user_shifts']['start_day'] == $_SESSION['user_shifts']['end_day'] && $_SESSION['user_shifts']['start_time'] >= $_SESSION['user_shifts']['end_time']) { $_SESSION['user_shifts']['end_time'] = '23:59'; } if (isset($_SESSION['user_shifts']['start_day'])) { $starttime = DateTime::createFromFormat("Y-m-d H:i", $_SESSION['user_shifts']['start_day'] . $_SESSION['user_shifts']['start_time']); $starttime = $starttime->getTimestamp(); } else { $starttime = now(); } if (isset($_SESSION['user_shifts']['end_day'])) { $endtime = DateTime::createFromFormat("Y-m-d H:i", $_SESSION['user_shifts']['end_day'] . $_SESSION['user_shifts']['end_time']); $endtime = $endtime->getTimestamp(); } else { $endtime = now() + 24 * 60 * 60; } if (!isset($_SESSION['user_shifts']['rooms']) || count($_SESSION['user_shifts']['rooms']) == 0) { $_SESSION['user_shifts']['rooms'] = array(0); } $SQL = "SELECT DISTINCT `Shifts`.*, `ShiftTypes`.`name`, `Room`.`Name` as `room_name`, nat2.`special_needs` > 0 AS 'has_special_needs'\n FROM `Shifts`\n INNER JOIN `Room` USING (`RID`)\n INNER JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n LEFT JOIN (SELECT COUNT(*) AS special_needs , nat3.`shift_id` FROM `NeededAngelTypes` AS nat3 WHERE `shift_id` IS NOT NULL GROUP BY nat3.`shift_id`) AS nat2 ON nat2.`shift_id` = `Shifts`.`SID`\n INNER JOIN `NeededAngelTypes` AS nat ON nat.`count` != 0 AND nat.`angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") AND ((nat2.`special_needs` > 0 AND nat.`shift_id` = `Shifts`.`SID`) OR ((nat2.`special_needs` = 0 OR nat2.`special_needs` IS NULL) AND nat.`room_id` = `RID`))\n LEFT JOIN (SELECT se.`SID`, se.`TID`, COUNT(*) as count FROM `ShiftEntry` AS se GROUP BY se.`SID`, se.`TID`) AS entries ON entries.`SID` = `Shifts`.`SID` AND entries.`TID` = nat.`angel_type_id`\n WHERE `Shifts`.`RID` IN (" . implode(',', $_SESSION['user_shifts']['rooms']) . ")\n AND `start` BETWEEN " . $starttime . " AND " . $endtime; if (count($_SESSION['user_shifts']['filled']) == 1) { if ($_SESSION['user_shifts']['filled'][0] == 0) { $SQL .= "\n AND (nat.`count` > entries.`count` OR entries.`count` IS NULL OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = '" . sql_escape($user['UID']) . "' AND `ShiftEntry`.`SID` = `Shifts`.`SID`))"; } elseif ($_SESSION['user_shifts']['filled'][0] == 1) { $SQL .= "\n AND (nat.`count` <= entries.`count` OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = '" . sql_escape($user['UID']) . "' AND `ShiftEntry`.`SID` = `Shifts`.`SID`))"; } } $SQL .= "\n ORDER BY `start`"; $shifts = sql_select($SQL); $ownshifts_source = sql_select("\n SELECT `ShiftTypes`.`name`, `Shifts`.* \n FROM `Shifts` \n INNER JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n INNER JOIN `ShiftEntry` ON (`Shifts`.`SID` = `ShiftEntry`.`SID` AND `ShiftEntry`.`UID` = '" . sql_escape($user['UID']) . "')\n WHERE `Shifts`.`RID` IN (" . implode(',', $_SESSION['user_shifts']['rooms']) . ")\n AND `start` BETWEEN " . $starttime . " AND " . $endtime); $ownshifts = array(); foreach ($ownshifts_source as $ownshift) { $ownshifts[$ownshift['SID']] = $ownshift; } unset($ownshifts_source); $shifts_table = ""; // qqqq /* * [0] => Array ( [SID] => 1 [start] => 1355958000 [end] => 1355961600 [RID] => 1 [name] => [URL] => [PSID] => [room_name] => test1 [has_special_needs] => 1 [is_full] => 0 ) */ if ($_SESSION['user_shifts']['new_style']) { $first = 15 * 60 * floor($starttime / (15 * 60)); $maxshow = ceil(($endtime - $first) / (60 * 15)); $block = array(); $todo = array(); $myrooms = $rooms; // delete un-selected rooms from array foreach ($myrooms as $k => $v) { if (array_search($v["id"], $_SESSION['user_shifts']['rooms']) === FALSE) { unset($myrooms[$k]); } // initialize $block array $block[$v["id"]] = array_fill(0, $maxshow, 0); } // calculate number of parallel shifts in each timeslot for each room foreach ($shifts as $k => $shift) { $rid = $shift["RID"]; $blocks = ($shift["end"] - $shift["start"]) / (15 * 60); $firstblock = floor(($shift["start"] - $first) / (15 * 60)); for ($i = $firstblock; $i < $blocks + $firstblock && $i < $maxshow; $i++) { $block[$rid][$i]++; } $shifts[$k]['own'] = in_array($shift['SID'], array_keys($ownshifts)); } $shifts_table = '<div class="shifts-table"><table id="shifts" class="table scrollable"><thead><tr><th>-</th>'; foreach ($myrooms as $key => $room) { $rid = $room["id"]; if (array_sum($block[$rid]) == 0) { // do not display columns without entries unset($block[$rid]); unset($myrooms[$key]); continue; } $colspan = call_user_func_array('max', $block[$rid]); if ($colspan == 0) { $colspan = 1; } $todo[$rid] = array_fill(0, $maxshow, $colspan); $shifts_table .= "<th" . ($colspan > 1 ? ' colspan="' . $colspan . '"' : '') . ">" . Room_name_render(['RID' => $room['id'], 'Name' => $room['name']]) . "</th>\n"; } unset($block, $blocks, $firstblock, $colspan, $key, $room); $shifts_table .= "</tr></thead><tbody>"; for ($i = 0; $i < $maxshow; $i++) { $thistime = $first + $i * 15 * 60; if ($thistime % (24 * 60 * 60) == 23 * 60 * 60 && $endtime - $starttime > 24 * 60 * 60) { $shifts_table .= "<tr class=\"row-day\"><th class=\"row-header\">"; $shifts_table .= date('y-m-d<b\\r />H:i', $thistime); } elseif ($thistime % (60 * 60) == 0) { $shifts_table .= "<tr class=\"row-hour\"><th>"; $shifts_table .= date("H:i", $thistime); } else { $shifts_table .= "<tr><th>"; } $shifts_table .= "</th>"; foreach ($myrooms as $room) { $rid = $room["id"]; foreach ($shifts as $shift) { if ($shift["RID"] == $rid) { if (floor($shift["start"] / (15 * 60)) == $thistime / (15 * 60)) { $blocks = ($shift["end"] - $shift["start"]) / (15 * 60); if ($blocks < 1) { $blocks = 1; } $collides = in_array($shift['SID'], array_keys($ownshifts)); if (!$collides) { foreach ($ownshifts as $ownshift) { if ($ownshift['start'] >= $shift['start'] && $ownshift['start'] < $shift['end'] || $ownshift['end'] > $shift['start'] && $ownshift['end'] <= $shift['end'] || $ownshift['start'] < $shift['start'] && $ownshift['end'] > $shift['end']) { $collides = true; break; } } } // qqqqqq $is_free = false; $shifts_row = ''; if (in_array('admin_shifts', $privileges)) { $shifts_row .= '<div class="pull-right">' . table_buttons(array(button(page_link_to('user_shifts') . '&edit_shift=' . $shift['SID'], glyph('edit'), 'btn-xs'), button(page_link_to('user_shifts') . '&delete_shift=' . $shift['SID'], glyph('trash'), 'btn-xs'))) . '</div>'; } $shifts_row .= Room_name_render(['RID' => $room['id'], 'Name' => $room['name']]) . '<br />'; $shifts_row .= '<a href="' . shift_link($shift) . '">' . date('d.m. H:i', $shift['start']); $shifts_row .= " – "; $shifts_row .= date('H:i', $shift['end']); $shifts_row .= "<br /><b>"; $shifts_row .= ShiftType($shift['shifttype_id'])['name']; $shifts_row .= "</b><br />"; if ($shift['title'] != '') { $shifts_row .= $shift['title']; $shifts_row .= "<br />"; } $shifts_row .= '</a>'; $shifts_row .= '<br />'; $query = "SELECT `NeededAngelTypes`.`count`, `AngelTypes`.`id`, `AngelTypes`.`restricted`, `UserAngelTypes`.`confirm_user_id`, `AngelTypes`.`name`, `UserAngelTypes`.`user_id`\n FROM `NeededAngelTypes`\n JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id`)\n LEFT JOIN `UserAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `UserAngelTypes`.`angeltype_id`AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "')\n WHERE\n `count` > 0\n AND "; if ($shift['has_special_needs']) { $query .= "`shift_id` = '" . sql_escape($shift['SID']) . "'"; } else { $query .= "`room_id` = '" . sql_escape($shift['RID']) . "'"; } if (!empty($_SESSION['user_shifts']['types'])) { $query .= " AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") "; } $query .= " ORDER BY `AngelTypes`.`name`"; $angeltypes = sql_select($query); if (count($angeltypes) > 0) { foreach ($angeltypes as $angeltype) { $entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `TID`='" . sql_escape($angeltype['id']) . "' ORDER BY `Nick`"); $entry_list = array(); $freeloader = 0; foreach ($entries as $entry) { $style = ''; if ($entry['freeloaded']) { $freeloader++; $style = " text-decoration: line-through;"; } if (in_array('user_shifts_admin', $privileges)) { $entry_list[] = "<span style=\"{$style}\">" . User_Nick_render($entry) . ' ' . table_buttons(array(button(page_link_to('user_shifts') . '&entry_id=' . $entry['id'], glyph('trash'), 'btn-xs'))) . '</span>'; } else { $entry_list[] = "<span style=\"{$style}\">" . User_Nick_render($entry) . "</span>"; } } if ($angeltype['count'] - count($entries) - $freeloader > 0) { $inner_text = sprintf(ngettext("%d helper needed", "%d helpers needed", $angeltype['count'] - count($entries)), $angeltype['count'] - count($entries)); // is the shift still running or alternatively is the user shift admin? $user_may_join_shift = true; // you cannot join if user alread joined a parallel or this shift $user_may_join_shift &= !$collides; // you cannot join if user is not of this angel type $user_may_join_shift &= isset($angeltype['user_id']); // you cannot join if you are not confirmed if ($angeltype['restricted'] == 1 && isset($angeltype['user_id'])) { $user_may_join_shift &= isset($angeltype['confirm_user_id']); } // you can only join if the shift is in future or running $user_may_join_shift &= time() < $shift['start']; // User shift admins may join anybody in every shift $user_may_join_shift |= in_array('user_shifts_admin', $privileges); if ($user_may_join_shift) { $entry_list[] = '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . $inner_text . '</a> ' . button(page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'], _('Sign up'), 'btn-xs'); } else { if (time() > $shift['start']) { $entry_list[] = $inner_text . ' (' . _('ended') . ')'; } elseif ($angeltype['restricted'] == 1 && isset($angeltype['user_id']) && !isset($angeltype['confirm_user_id'])) { $entry_list[] = $inner_text . glyph('lock'); } elseif ($angeltype['restricted'] == 1) { $entry_list[] = $inner_text; } elseif ($collides) { $entry_list[] = $inner_text; } else { $entry_list[] = $inner_text . '<br />' . button(page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], sprintf(_('Become %s'), $angeltype['name']), 'btn-xs'); } } unset($inner_text); $is_free = true; } $shifts_row .= '<strong>' . AngelType_name_render($angeltype) . ':</strong> '; $shifts_row .= join(", ", $entry_list); $shifts_row .= '<br />'; } if (in_array('user_shifts_admin', $privileges)) { $shifts_row .= ' ' . button(page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'], _("Add more angels"), 'btn-xs'); } } if ($shift['own'] && !in_array('user_shifts_admin', $privileges)) { $class = 'own'; } elseif ($collides && !in_array('user_shifts_admin', $privileges)) { $class = 'collides'; } elseif ($is_free) { $class = 'free'; } else { $class = 'occupied'; } $shifts_table .= '<td rowspan="' . $blocks . '" class="' . $class . '">'; $shifts_table .= $shifts_row; $shifts_table .= "</td>"; for ($j = 0; $j < $blocks && $i + $j < $maxshow; $j++) { $todo[$rid][$i + $j]--; } } } } // fill up row with empty <td> while ($todo[$rid][$i]-- > 0) { $shifts_table .= '<td class="empty"></td>'; } } $shifts_table .= "</tr>\n"; } $shifts_table .= '</tbody></table></div>'; // qqq } else { $shifts_table = array(); foreach ($shifts as $shift) { $info = array(); if ($_SESSION['user_shifts']['start_day'] != $_SESSION['user_shifts']['end_day']) { $info[] = date("Y-m-d", $shift['start']); } $info[] = date("H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']); if (count($_SESSION['user_shifts']['rooms']) > 1) { $info[] = Room_name_render(['Name' => $shift['room_name'], 'RID' => $shift['RID']]); } $shift_row = array('info' => join('<br />', $info), 'entries' => '<a href="' . shift_link($shift) . '">' . $shift['name'] . '</a>' . ($shift['title'] ? '<br />' . $shift['title'] : '')); if (in_array('admin_shifts', $privileges)) { $shift_row['info'] .= ' ' . table_buttons(array(button(page_link_to('user_shifts') . '&edit_shift=' . $shift['SID'], glyph('edit'), 'btn-xs'), button(page_link_to('user_shifts') . '&delete_shift=' . $shift['SID'], glyph('trash'), 'btn-xs'))); } $shift_row['entries'] .= '<br />'; $is_free = false; $shift_has_special_needs = 0 < sql_num_query("SELECT `id` FROM `NeededAngelTypes` WHERE `shift_id` = " . $shift['SID']); $query = "SELECT `NeededAngelTypes`.`count`, `AngelTypes`.`id`, `AngelTypes`.`restricted`, `UserAngelTypes`.`confirm_user_id`, `AngelTypes`.`name`, `UserAngelTypes`.`user_id`\n FROM `NeededAngelTypes`\n JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id`)\n LEFT JOIN `UserAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `UserAngelTypes`.`angeltype_id`AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "')\n WHERE "; if ($shift_has_special_needs) { $query .= "`shift_id` = '" . sql_escape($shift['SID']) . "'"; } else { $query .= "`room_id` = '" . sql_escape($shift['RID']) . "'"; } $query .= " AND `count` > 0 "; if (!empty($_SESSION['user_shifts']['types'])) { $query .= "AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") "; } $query .= "ORDER BY `AngelTypes`.`name`"; $angeltypes = sql_select($query); if (count($angeltypes) > 0) { $my_shift = sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `UID`='" . sql_escape($user['UID']) . "' LIMIT 1") > 0; foreach ($angeltypes as &$angeltype) { $entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `TID`='" . sql_escape($angeltype['id']) . "' ORDER BY `Nick`"); $entry_list = array(); $entry_nicks = []; $freeloader = 0; foreach ($entries as $entry) { if (in_array('user_shifts_admin', $privileges)) { $member = User_Nick_render($entry) . ' ' . table_buttons(array(button(page_link_to('user_shifts') . '&entry_id=' . $entry['id'], glyph('trash'), 'btn-xs'))); } else { $member = User_Nick_render($entry); } if ($entry['freeloaded']) { $member = '<strike>' . $member . '</strike>'; $freeloader++; } $entry_list[] = $member; $entry_nicks[] = $entry['Nick']; } $angeltype['taken'] = count($entries) - $freeloader; $angeltype['angels'] = $entry_nicks; // do we need more angles of this type? if ($angeltype['count'] - count($entries) + $freeloader > 0) { $inner_text = sprintf(ngettext("%d helper needed", "%d helpers needed", $angeltype['count'] - count($entries) + $freeloader), $angeltype['count'] - count($entries) + $freeloader); // is the shift still running or alternatively is the user shift admin? $user_may_join_shift = true; /* you cannot join if user already joined this shift */ $user_may_join_shift &= !$my_shift; // you cannot join if user is not of this angel type $user_may_join_shift &= isset($angeltype['user_id']); // you cannot join if you are not confirmed if ($angeltype['restricted'] == 1 && isset($angeltype['user_id'])) { $user_may_join_shift &= isset($angeltype['confirm_user_id']); } // you can only join if the shift is in future or running $user_may_join_shift &= time() < $shift['start']; // User shift admins may join anybody in every shift $user_may_join_shift |= in_array('user_shifts_admin', $privileges); if ($user_may_join_shift) { $entry_list[] = '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . $inner_text . ' »</a>'; } else { if (time() > $shift['end']) { $entry_list[] = $inner_text . ' (vorbei)'; } elseif ($angeltype['restricted'] == 1 && isset($angeltype['user_id']) && !isset($angeltype['confirm_user_id'])) { $entry_list[] = $inner_text . glyph("lock"); } else { $entry_list[] = $inner_text . ' <a href="' . page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'] . '">' . sprintf(_('Become %s'), $angeltype['name']) . '</a>'; } } unset($inner_text); $is_free = true; } $shift_row['entries'] .= '<b>' . $angeltype['name'] . ':</b> '; $shift_row['entries'] .= join(", ", $entry_list); $shift_row['entries'] .= '<br />'; } if (in_array('user_shifts_admin', $privileges)) { $shift_row['entries'] .= '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . _('Add more angels') . ' »</a>'; } $shifts_table[] = $shift_row; $shift['angeltypes'] = $angeltypes; $ical_shifts[] = $shift; } } $shifts_table = table(array('info' => _("Time") . "/" . _("Room"), 'entries' => _("Entries")), $shifts_table); } if ($user['api_key'] == "") { User_reset_api_key($user, false); } return page(array('<div class="col-md-12">', msg(), template_render('../templates/user_shifts.html', array('title' => shifts_title(), 'room_select' => make_select($rooms, $_SESSION['user_shifts']['rooms'], "rooms", _("Rooms")), 'start_select' => html_select_key("start_day", "start_day", array_combine($days, $days), $_SESSION['user_shifts']['start_day']), 'start_time' => $_SESSION['user_shifts']['start_time'], 'end_select' => html_select_key("end_day", "end_day", array_combine($days, $days), $_SESSION['user_shifts']['end_day']), 'end_time' => $_SESSION['user_shifts']['end_time'], 'type_select' => make_select($types, $_SESSION['user_shifts']['types'], "types", _("Angeltypes") . '<sup>1</sup>'), 'filled_select' => make_select($filled, $_SESSION['user_shifts']['filled'], "filled", _("Occupancy")), 'task_notice' => '<sup>1</sup>' . _("The tasks shown here are influenced by the preferences you defined in your settings!") . " <a href=\"" . page_link_to('angeltypes') . '&action=about' . "\">" . _("Description of the jobs.") . "</a>", 'new_style_checkbox' => '<label><input type="checkbox" name="new_style" value="1" ' . ($_SESSION['user_shifts']['new_style'] ? ' checked' : '') . '> ' . _("Use new style if possible") . '</label>', 'shifts_table' => msg() . $shifts_table, 'ical_text' => '<h2>' . _("iCal export") . '</h2><p>' . sprintf(_("Export of shown shifts. <a href=\"%s\">iCal format</a> or <a href=\"%s\">JSON format</a> available (please keep secret, otherwise <a href=\"%s\">reset the api key</a>)."), page_link_to_absolute('ical') . '&key=' . $user['api_key'], page_link_to_absolute('shifts_json_export') . '&key=' . $user['api_key'], page_link_to('user_myshifts') . '&reset') . '</p>', 'filter' => _("Filter"))), '</div>')); }
function admin_shifts() { $ok = true; $rid = 0; $start = DateTime::createFromFormat("Y-m-d H:i", date("Y-m-d") . " 00:00")->getTimestamp(); $end = $start + 24 * 60 * 60; $mode = 'single'; $angelmode = 'manually'; $length = ''; $change_hours = array(); $title = ""; $shifttype_id = null; // Locations laden (auch unsichtbare - fuer Erzengel ist das ok) $rooms = sql_select("SELECT * FROM `Room` ORDER BY `Name`"); $room_array = array(); foreach ($rooms as $room) { $room_array[$room['RID']] = $room['Name']; } // Engeltypen laden $types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); $needed_angel_types = array(); foreach ($types as $type) { $needed_angel_types[$type['id']] = 0; } // Load shift types $shifttypes_source = ShiftTypes(); if ($shifttypes_source === false) { engelsystem_error('Unable to load shift types.'); } $shifttypes = []; foreach ($shifttypes_source as $shifttype) { $shifttypes[$shifttype['id']] = $shifttype['name']; } if (isset($_REQUEST['preview']) || isset($_REQUEST['back'])) { if (isset($_REQUEST['shifttype_id'])) { $shifttype = ShiftType($_REQUEST['shifttype_id']); if ($shifttype === false) { engelsystem_error('Unable to load shift type.'); } if ($shifttype == null) { $ok = false; error(_('Please select a shift type.')); } else { $shifttype_id = $_REQUEST['shifttype_id']; } } else { $ok = false; error(_('Please select a shift type.')); } // Name/Bezeichnung der Schicht, darf leer sein $title = strip_request_item('title'); // Auswahl der sichtbaren Locations für die Schichten if (isset($_REQUEST['rid']) && preg_match("/^[0-9]+\$/", $_REQUEST['rid']) && isset($room_array[$_REQUEST['rid']])) { $rid = $_REQUEST['rid']; } else { $ok = false; $rid = $rooms[0]['RID']; error(_('Please select a location.')); } if (isset($_REQUEST['start']) && ($tmp = DateTime::createFromFormat("Y-m-d H:i", trim($_REQUEST['start'])))) { $start = $tmp->getTimestamp(); } else { $ok = false; error(_('Please select a start time.')); } if (isset($_REQUEST['end']) && ($tmp = DateTime::createFromFormat("Y-m-d H:i", trim($_REQUEST['end'])))) { $end = $tmp->getTimestamp(); } else { $ok = false; error(_('Please select an end time.')); } if ($start >= $end) { $ok = false; error(_('The shifts end has to be after its start.')); } if (isset($_REQUEST['mode'])) { if ($_REQUEST['mode'] == 'single') { $mode = 'single'; } elseif ($_REQUEST['mode'] == 'multi') { if (isset($_REQUEST['length']) && preg_match("/^[0-9]+\$/", trim($_REQUEST['length']))) { $mode = 'multi'; $length = trim($_REQUEST['length']); } else { $ok = false; error(_('Please enter a shift duration in minutes.')); } } elseif ($_REQUEST['mode'] == 'variable') { if (isset($_REQUEST['change_hours']) && preg_match("/^([0-9]{2}(,|\$))/", trim(str_replace(" ", "", $_REQUEST['change_hours'])))) { $mode = 'variable'; $change_hours = array_map('trim', explode(",", $_REQUEST['change_hours'])); } else { $ok = false; error(_('Please split the shift-change hours by colons.')); } } } else { $ok = false; error(_('Please select a mode.')); } if (isset($_REQUEST['angelmode'])) { if ($_REQUEST['angelmode'] == 'location') { $angelmode = 'location'; } elseif ($_REQUEST['angelmode'] == 'manually') { $angelmode = 'manually'; foreach ($types as $type) { if (isset($_REQUEST['type_' . $type['id']]) && preg_match("/^[0-9]+\$/", trim($_REQUEST['type_' . $type['id']]))) { $needed_angel_types[$type['id']] = trim($_REQUEST['type_' . $type['id']]); } else { $ok = false; error(sprintf(_('Please check the needed angels for team %s.'), $type['name'])); } } if (array_sum($needed_angel_types) == 0) { $ok = false; error(_('There are 0 angels needed. Please enter the amounts of needed angels.')); } } else { $ok = false; error(_('Please select a mode for needed angels.')); } } else { $ok = false; error(_('Please select needed angels.')); } // Beim Zurück-Knopf das Formular zeigen if (isset($_REQUEST['back'])) { $ok = false; } // Alle Eingaben in Ordnung if ($ok) { if ($angelmode == 'location') { $needed_angel_types = array(); $needed_angel_types_location = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($rid) . "'"); foreach ($needed_angel_types_location as $type) { $needed_angel_types[$type['angel_type_id']] = $type['count']; } } $shifts = array(); if ($mode == 'single') { $shifts[] = array('start' => $start, 'end' => $end, 'RID' => $rid, 'title' => $title, 'shifttype_id' => $shifttype_id); } elseif ($mode == 'multi') { $shift_start = $start; do { $shift_end = $shift_start + $length * 60; if ($shift_end > $end) { $shift_end = $end; } if ($shift_start >= $shift_end) { break; } $shifts[] = array('start' => $shift_start, 'end' => $shift_end, 'RID' => $rid, 'title' => $title, 'shifttype_id' => $shifttype_id); $shift_start = $shift_end; } while ($shift_end < $end); } elseif ($mode == 'variable') { rsort($change_hours); $day = DateTime::createFromFormat("Y-m-d H:i", date("Y-m-d", $start) . " 00:00")->getTimestamp(); $change_index = 0; // Ersten/nächsten passenden Schichtwechsel suchen foreach ($change_hours as $i => $change_hour) { if ($start < $day + $change_hour * 60 * 60) { $change_index = $i; } elseif ($start == $day + $change_hour * 60 * 60) { // Start trifft Schichtwechsel $change_index = ($i + count($change_hours) - 1) % count($change_hours); break; } else { break; } } $shift_start = $start; do { $day = DateTime::createFromFormat("Y-m-d H:i", date("Y-m-d", $shift_start) . " 00:00")->getTimestamp(); $shift_end = $day + $change_hours[$change_index] * 60 * 60; if ($shift_end > $end) { $shift_end = $end; } if ($shift_start >= $shift_end) { $shift_end += 24 * 60 * 60; } $shifts[] = array('start' => $shift_start, 'end' => $shift_end, 'RID' => $rid, 'title' => $title, 'shifttype_id' => $shifttype_id); $shift_start = $shift_end; $change_index = ($change_index + count($change_hours) - 1) % count($change_hours); } while ($shift_end < $end); } $shifts_table = array(); foreach ($shifts as $shift) { $shifts_table_entry = ['timeslot' => '<span class="glyphicon glyphicon-time"></span> ' . date("Y-m-d H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']) . '<br />' . Room_name_render(Room($shift['RID'])), 'title' => ShiftType_name_render(ShiftType($shifttype_id)) . ($shift['title'] ? '<br />' . $shift['title'] : ''), 'needed_angels' => '']; foreach ($types as $type) { if (isset($needed_angel_types[$type['id']]) && $needed_angel_types[$type['id']] > 0) { $shifts_table_entry['needed_angels'] .= '<b>' . AngelType_name_render($type) . ':</b> ' . $needed_angel_types[$type['id']] . '<br />'; } } $shifts_table[] = $shifts_table_entry; } // Fürs Anlegen zwischenspeichern: $_SESSION['admin_shifts_shifts'] = $shifts; $_SESSION['admin_shifts_types'] = $needed_angel_types; $hidden_types = ""; foreach ($needed_angel_types as $type_id => $count) { $hidden_types .= form_hidden('type_' . $type_id, $count); } return page_with_title(_("Preview"), array(form(array($hidden_types, form_hidden('shifttype_id', $shifttype_id), form_hidden('title', $title), form_hidden('rid', $rid), form_hidden('start', date("Y-m-d H:i", $start)), form_hidden('end', date("Y-m-d H:i", $end)), form_hidden('mode', $mode), form_hidden('length', $length), form_hidden('change_hours', implode(', ', $change_hours)), form_hidden('angelmode', $angelmode), form_submit('back', _("back")), table(array('timeslot' => _('Time and location'), 'title' => _('Type and title'), 'needed_angels' => _('Needed angels')), $shifts_table), form_submit('submit', _("Save")))))); } } elseif (isset($_REQUEST['submit'])) { if (!is_array($_SESSION['admin_shifts_shifts']) || !is_array($_SESSION['admin_shifts_types'])) { redirect(page_link_to('admin_shifts')); } foreach ($_SESSION['admin_shifts_shifts'] as $shift) { $shift['URL'] = null; $shift['PSID'] = null; $shift_id = Shift_create($shift); if ($shift_id === false) { engelsystem_error('Unable to create shift.'); } engelsystem_log("Shift created: " . $shifttypes[$shift['shifttype_id']] . " with title " . $shift['title'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end'])); $needed_angel_types_info = array(); foreach ($_SESSION['admin_shifts_types'] as $type_id => $count) { $angel_type_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($type_id) . "' LIMIT 1"); if (count($angel_type_source) > 0) { sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`='" . sql_escape($shift_id) . "', `angel_type_id`='" . sql_escape($type_id) . "', `count`='" . sql_escape($count) . "'"); $needed_angel_types_info[] = $angel_type_source[0]['name'] . ": " . $count; } } } engelsystem_log("Shift needs following angel types: " . join(", ", $needed_angel_types_info)); success("Schichten angelegt."); redirect(page_link_to('admin_shifts')); } else { unset($_SESSION['admin_shifts_shifts']); unset($_SESSION['admin_shifts_types']); } if (!isset($_REQUEST['rid'])) { $_REQUEST['rid'] = null; } $room_select = html_select_key('rid', 'rid', $room_array, $_REQUEST['rid']); $angel_types = ""; foreach ($types as $type) { $angel_types .= form_spinner('type_' . $type['id'], $type['name'], $needed_angel_types[$type['id']]); } return page_with_title(admin_shifts_title(), array(msg(), form(array(form_select('shifttype_id', _('Shifttype'), $shifttypes, $shifttype_id), form_text('title', _("Title"), $title), form_select('rid', _("Room"), $room_array, $_REQUEST['rid']), '<div class="row">', '<div class="col-md-6">', form_text('start', _("Start"), date("Y-m-d H:i", $start)), form_text('end', _("End"), date("Y-m-d H:i", $end)), form_info(_("Mode"), ''), form_radio('mode', _("Create one shift"), $mode == 'single', 'single'), form_radio('mode', _("Create multiple shifts"), $mode == 'multi', 'multi'), form_text('length', _("Length"), !empty($_REQUEST['length']) ? $_REQUEST['length'] : '120'), form_radio('mode', _("Create multiple shifts with variable length"), $mode == 'variable', 'variable'), form_text('change_hours', _("Shift change hours"), !empty($_REQUEST['change_hours']) ? $_REQUEST['change_hours'] : '00, 04, 08, 10, 12, 14, 16, 18, 20, 22'), '</div>', '<div class="col-md-6">', form_info(_("Needed angels"), ''), form_radio('angelmode', _("Take needed angels from room settings"), $angelmode == 'location', 'location'), form_radio('angelmode', _("The following angels are needed"), $angelmode == 'manually', 'manually'), $angel_types, '</div>', '</div>', form_submit('preview', _("Preview")))))); }
/** * Rendert ein Formular-Auswahlfeld */ function form_select($name, $label, $values, $selected) { return form_element($label, html_select_key('form_' . $name, $name, $values, $selected), 'form_' . $name); }
function admin_user() { global $user, $privileges, $tshirt_sizes, $privileges; $html = ''; if (!isset($_REQUEST['id'])) { redirect(users_link()); } $id = $_REQUEST['id']; if (!isset($_REQUEST['action'])) { $user_source = User($id); if ($user_source === false) { engelsystem_error('Unable to load user.'); } if ($user_source == null) { error(_('This user does not exist.')); redirect(users_link()); } $html .= "Hallo,<br />" . "hier kannst du den Eintrag ändern. Unter dem Punkt 'Gekommen' " . "wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " . "dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " . "Wenn T-Shirt ein 'Ja' enthält, bedeutet dies, dass der Engel " . "bereits sein T-Shirt erhalten hat.<br /><br />\n"; $html .= "<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=save&id={$id}\" method=\"post\">\n"; $html .= "<table border=\"0\">\n"; $html .= "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n"; $SQL = "SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "'"; list($user_source) = sql_select($SQL); $html .= "<tr><td>\n"; $html .= "<table>\n"; $html .= " <tr><td>Nick</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eNick\" value=\"" . $user_source['Nick'] . "\"></td></tr>\n"; $html .= " <tr><td>lastLogIn</td><td>" . date("Y-m-d H:i", $user_source['lastLogIn']) . "</td></tr>\n"; $html .= " <tr><td>Name</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eName\" value=\"" . $user_source['Name'] . "\"></td></tr>\n"; $html .= " <tr><td>Vorname</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eVorname\" value=\"" . $user_source['Vorname'] . "\"></td></tr>\n"; $html .= " <tr><td>Alter</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"5\" name=\"eAlter\" value=\"" . $user_source['Alter'] . "\"></td></tr>\n"; $html .= " <tr><td>Telefon</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" . $user_source['Telefon'] . "\"></td></tr>\n"; $html .= " <tr><td>Handy</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eHandy\" value=\"" . $user_source['Handy'] . "\"></td></tr>\n"; $html .= " <tr><td>DECT</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"4\" name=\"eDECT\" value=\"" . $user_source['DECT'] . "\"></td></tr>\n"; $html .= " <tr><td>email</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eemail\" value=\"" . $user_source['email'] . "\"></td></tr>\n"; $html .= " <tr><td>" . form_checkbox('email_shiftinfo', _("Please send me an email if my shifts change"), $user_source['email_shiftinfo']) . "</td></tr>\n"; $html .= " <tr><td>jabber</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"ejabber\" value=\"" . $user_source['jabber'] . "\"></td></tr>\n"; $html .= " <tr><td>Size</td><td>" . html_select_key('size', 'eSize', $tshirt_sizes, $user_source['Size']) . "</td></tr>\n"; $options = array('1' => "Yes", '0' => "No"); // Gekommen? $html .= " <tr><td>Gekommen</td><td>\n"; $html .= html_options('eGekommen', $options, $user_source['Gekommen']) . "</td></tr>\n"; // Aktiv? $html .= " <tr><td>Aktiv</td><td>\n"; $html .= html_options('eAktiv', $options, $user_source['Aktiv']) . "</td></tr>\n"; // Aktiv erzwingen if (in_array('admin_active', $privileges)) { $html .= " <tr><td>" . _("Force active") . "</td><td>\n"; $html .= html_options('force_active', $options, $user_source['force_active']) . "</td></tr>\n"; } // T-Shirt bekommen? $html .= " <tr><td>T-Shirt</td><td>\n"; $html .= html_options('eTshirt', $options, $user_source['Tshirt']) . "</td></tr>\n"; $html .= " <tr><td>Hometown</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"Hometown\" value=\"" . $user_source['Hometown'] . "\"></td></tr>\n"; $html .= "</table>\n</td><td valign=\"top\"></td></tr>"; $html .= "</td></tr>\n"; $html .= "</table>\n<br />\n"; $html .= "<input class=\"btn btn-primary\" type=\"submit\" value=\"Speichern\">\n"; $html .= "</form>"; $html .= "<hr />"; $html .= form_info('', _('Please visit the angeltypes page or the users profile to manage users angeltypes.')); $html .= "Hier kannst Du das Passwort dieses Engels neu setzen:<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=change_pw&id={$id}\" method=\"post\">\n"; $html .= "<br /><table>\n"; $html .= " <tr><td width=\"30%\">Passwort </td><td>" . "<input class=\"form-control\" type=\"password\" size=\"40\" name=\"new_pw\" value=\"\"></td></tr>\n"; $html .= " <tr><td width=\"30%\">Wiederholung </td><td>" . "<input class=\"form-control\" type=\"password\" size=\"40\" name=\"new_pw2\" value=\"\"></td></tr>\n"; $html .= "</table>"; $html .= "<div class=\"form-group\"><input class=\"btn btn-primary\" type=\"submit\" value=\"Speichern\"></div>\n"; $html .= "</form>"; $html .= "<hr />"; $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user['UID']) . "' ORDER BY `group_id` LIMIT 1"); if (count($my_highest_group) > 0) { $my_highest_group = $my_highest_group[0]['group_id']; } $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "' ORDER BY `group_id` LIMIT 1"); if (count($his_highest_group) > 0) { $his_highest_group = $his_highest_group[0]['group_id']; } if ($id != $user['UID'] && $my_highest_group <= $his_highest_group) { $html .= "Hier kannst Du die Benutzergruppen des Engels festlegen:<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=save_groups&id=" . $id . "\" method=\"post\">\n"; $html .= '<table>'; $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group) . "' ORDER BY `Groups`.`Name`"); foreach ($groups as $group) { $html .= '<tr><td><input type="checkbox" name="groups[]" value="' . $group['UID'] . '"' . ($group['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $group['Name'] . '</td></tr>'; } $html .= '</table>'; $html .= "<input class=\"btn btn-primary\" type=\"submit\" value=\"Speichern\">\n"; $html .= "</form>"; $html .= "<hr />"; } $html .= "<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=delete&id=" . $id . "\" method=\"post\">\n"; $html .= "<tr><td><input class=\"btn btn-primary\" type=\"submit\" value=\"Löschen\"></td></tr>\n"; $html .= "</form>"; $html .= "<hr />"; } else { switch ($_REQUEST['action']) { case 'save_groups': if ($id != $user['UID']) { $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user['UID']) . "' ORDER BY `group_id`"); $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "' ORDER BY `group_id`"); if (count($my_highest_group) > 0 && (count($his_highest_group) == 0 || $my_highest_group[0]['group_id'] <= $his_highest_group[0]['group_id'])) { $groups_source = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group[0]['group_id']) . "' ORDER BY `Groups`.`Name`"); $groups = array(); $grouplist = array(); foreach ($groups_source as $group) { $groups[$group['UID']] = $group; $grouplist[] = $group['UID']; } if (!is_array($_REQUEST['groups'])) { $_REQUEST['groups'] = array(); } sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'"); $user_groups_info = array(); foreach ($_REQUEST['groups'] as $group) { if (in_array($group, $grouplist)) { sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($id) . "', `group_id`='" . sql_escape($group) . "'"); $user_groups_info[] = $groups[$group]['Name']; } } $user_source = User($id); engelsystem_log("Set groups of " . User_Nick_render($user_source) . " to: " . join(", ", $user_groups_info)); $html .= success("Benutzergruppen gespeichert.", true); } else { $html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.", true); } } else { $html .= error("Du kannst Deine eigenen Rechte nicht bearbeiten.", true); } break; case 'delete': if ($user['UID'] != $id) { $user_source = sql_select("SELECT `Nick`, `UID` FROM `User` WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1"); sql_query("DELETE FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'"); engelsystem_log("Deleted user " . User_Nick_render($user_source)); $html .= success("Benutzer gelöscht!", true); } else { $html .= error("Du kannst Dich nicht selber löschen!", true); } break; case 'save': $force_active = $user['force_active']; if (in_array('admin_active', $privileges)) { $force_active = $_REQUEST['force_active']; } $SQL = "UPDATE `User` SET \n `Nick` = '" . sql_escape($_POST["eNick"]) . "', \n `Name` = '" . sql_escape($_POST["eName"]) . "', \n `Vorname` = '" . sql_escape($_POST["eVorname"]) . "', \n `Telefon` = '" . sql_escape($_POST["eTelefon"]) . "', \n `Handy` = '" . sql_escape($_POST["eHandy"]) . "', \n `Alter` = '" . sql_escape($_POST["eAlter"]) . "', \n `DECT` = '" . sql_escape($_POST["eDECT"]) . "', \n `email` = '" . sql_escape($_POST["eemail"]) . "', \n `email_shiftinfo` = " . sql_bool(isset($_REQUEST['email_shiftinfo'])) . ", \n `jabber` = '" . sql_escape($_POST["ejabber"]) . "', \n `Size` = '" . sql_escape($_POST["eSize"]) . "', \n `Gekommen`= '" . sql_escape($_POST["eGekommen"]) . "', \n `Aktiv`= '" . sql_escape($_POST["eAktiv"]) . "', \n `force_active`= " . sql_escape($force_active) . ", \n `Tshirt` = '" . sql_escape($_POST["eTshirt"]) . "', \n `Hometown` = '" . sql_escape($_POST["Hometown"]) . "' \n WHERE `UID` = '" . sql_escape($id) . "' \n LIMIT 1"; sql_query($SQL); engelsystem_log("Updated user: "******"eNick"] . ", " . $_POST["eSize"] . ", available: " . $_POST["eGekommen"] . ", active: " . $_POST["eAktiv"] . ", tshirt: " . $_POST["eTshirt"]); $html .= success("Änderung wurde gespeichert...\n", true); break; case 'change_pw': if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) { set_password($id, $_REQUEST['new_pw']); $user_source = User($id); engelsystem_log("Set new password for " . User_Nick_render($user_source)); $html .= success("Passwort neu gesetzt.", true); } else { $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true); } break; } } return page_with_title(_('Edit user'), array($html)); }
function user_messages() { global $user; if (!isset($_REQUEST['action'])) { $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`='" . sql_escape($user['UID']) . "' ORDER BY `Nick`"); $to_select_data = array("" => _("Select recipient...")); foreach ($users as $u) { $to_select_data[$u['UID']] = $u['Nick']; } $to_select = html_select_key('to', 'to', $to_select_data, ''); $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`='" . sql_escape($user['UID']) . "' OR `RUID`='" . sql_escape($user['UID']) . "' ORDER BY `isRead`,`Datum` DESC"); $messages_table = [['news' => '', 'timestamp' => date("Y-m-d H:i"), 'from' => User_Nick_render($user), 'to' => $to_select, 'text' => form_textarea('text', '', ''), 'actions' => form_submit('submit', _("Save"))]]; foreach ($messages as $message) { $sender_user_source = User($message['SUID']); if ($sender_user_source === false) { engelsystem_error(_("Unable to load user.")); } $receiver_user_source = User($message['RUID']); if ($receiver_user_source === false) { engelsystem_error(_("Unable to load user.")); } $messages_table_entry = array('new' => $message['isRead'] == 'N' ? '<span class="glyphicon glyphicon-envelope"></span>' : '', 'timestamp' => date("Y-m-d H:i", $message['Datum']), 'from' => User_Nick_render($sender_user_source), 'to' => User_Nick_render($receiver_user_source), 'text' => str_replace("\n", '<br />', $message['Text'])); if ($message['RUID'] == $user['UID']) { if ($message['isRead'] == 'N') { $messages_table_entry['actions'] = button(page_link_to("user_messages") . '&action=read&id=' . $message['id'], _("mark as read"), 'btn-xs'); } } else { $messages_table_entry['actions'] = button(page_link_to("user_messages") . '&action=delete&id=' . $message['id'], _("delete message"), 'btn-xs'); } $messages_table[] = $messages_table_entry; } return page_with_title(messages_title(), array(msg(), sprintf(_("Hello %s, here can you leave messages for other angels"), User_Nick_render($user)), form(array(table(array('new' => _("New"), 'timestamp' => _("Date"), 'from' => _("Transmitted"), 'to' => _("Recipient"), 'text' => _("Message"), 'actions' => ''), $messages_table)), page_link_to('user_messages') . '&action=send'))); } else { switch ($_REQUEST['action']) { case "read": if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) { $id = $_REQUEST['id']; } else { return error(_("Incomplete call, missing Message ID."), true); } $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1"); if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) { sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`='" . sql_escape($id) . "' LIMIT 1"); redirect(page_link_to("user_messages")); } else { return error(_("No Message found."), true); } break; case "delete": if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) { $id = $_REQUEST['id']; } else { return error(_("Incomplete call, missing Message ID."), true); } $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1"); if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) { sql_query("DELETE FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1"); redirect(page_link_to("user_messages")); } else { return error(_("No Message found."), true); } break; case "send": if (Message_send($_REQUEST['to'], $_REQUEST['text']) === true) { redirect(page_link_to("user_messages")); } else { return error(_("Transmitting was terminated with an Error."), true); } break; default: return error(_("Wrong action."), true); } } }