function user_edit_vouchers_controller() { global $privileges, $user; if (isset($_REQUEST['user_id'])) { $user_source = User($_REQUEST['user_id']); } else { $user_source = $user; } if (!in_array('admin_user', $privileges)) { redirect(page_link_to('')); } if (isset($_REQUEST['submit'])) { $ok = true; if (isset($_REQUEST['vouchers']) && test_request_int('vouchers') && trim($_REQUEST['vouchers']) >= 0) { $vouchers = trim($_REQUEST['vouchers']); } else { $ok = false; error(_("Please enter a valid number of vouchers.")); } if ($ok) { $user_source['got_voucher'] = $vouchers; $result = User_update($user_source); if ($result === false) { engelsystem_error('Unable to update user.'); } success(_("Saved the number of vouchers.")); engelsystem_log(User_Nick_render($user_source) . ': ' . sprintf("Got %s vouchers", $user_source['got_voucher'])); redirect(user_link($user_source)); } } return array(sprintf(_("%s's vouchers"), $user_source['Nick']), User_edit_vouchers_view($user_source)); }
/** * Write a log entry. * This should be used to log user's activity. * * @param * $message */ function engelsystem_log($message) { global $user; if (isset($user)) { $nick = User_Nick_render($user); } else { $nick = "Guest"; } LogEntry_create($nick, $message); }
function User_view($user_source, $admin_user_privilege, $freeloader, $user_angeltypes, $user_groups, $shifts, $its_me) { global $LETZTES_AUSTRAGEN, $privileges; $user_name = htmlspecialchars($user_source['Vorname']) . " " . htmlspecialchars($user_source['Name']); $myshifts_table = array(); $html = ""; $timesum = 0; foreach ($shifts as $shift) { $shift_info = '<a href="' . shift_link($shift) . '">' . $shift['name'] . '</a>'; if ($shift['title']) { $shift_info .= '<br /><a href="' . shift_link($shift) . '">' . $shift['title'] . '</a>'; } foreach ($shift['needed_angeltypes'] as $needed_angel_type) { $shift_info .= '<br><b>' . $needed_angel_type['name'] . ':</b> '; $shift_entries = array(); foreach ($needed_angel_type['users'] as $user_shift) { $member = User_Nick_render($user_shift); if ($user_shift['freeloaded']) { $member = '<strike>' . $member . '</strike>'; } $shift_entries[] = $member; } $shift_info .= join(", ", $shift_entries); } $myshift = array('date' => date("Y-m-d", $shift['start']), 'time' => date("H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']), 'room' => $shift['Name'], 'shift_info' => $shift_info, 'comment' => $shift['Comment']); if ($shift['freeloaded']) { if (in_array("user_shifts_admin", $privileges)) { $myshift['comment'] .= '<br /><p class="error">' . _("Freeloaded") . ': ' . $shift['freeload_comment'] . '</p>'; } else { $myshift['comment'] .= '<br /><p class="error">' . _("Freeloaded") . '</p>'; } } $myshift['actions'] = [button(shift_link($shift), glyph('eye-open') . _('view'), 'btn-xs')]; if ($its_me || in_array('user_shifts_admin', $privileges)) { $myshift['actions'][] = button(page_link_to('user_myshifts') . '&edit=' . $shift['id'] . '&id=' . $user_source['UID'], glyph('edit') . _('edit'), 'btn-xs'); } if ($shift['start'] > time() + $LETZTES_AUSTRAGEN * 3600 || in_array('user_shifts_admin', $privileges)) { $myshift['actions'][] = button(page_link_to('user_myshifts') . (!$its_me ? '&id=' . $user_source['UID'] : '') . '&cancel=' . $shift['id'], glyph('trash') . _('sign off'), 'btn-xs'); } $myshift['actions'] = table_buttons($myshift['actions']); if ($shift['freeloaded']) { $timesum += -2 * ($shift['end'] - $shift['start']); } else { $timesum += $shift['end'] - $shift['start']; } $myshifts_table[] = $myshift; } if (count($myshifts_table) > 0) { $myshifts_table[] = array('date' => '<b>' . _("Sum:") . '</b>', 'time' => "<b>" . round($timesum / 3600, 1) . " h</b>", 'room' => "", 'shift_info' => "", 'comment' => "", 'actions' => ""); } return page_with_title('<span class="icon-icon_angel"></span> ' . htmlspecialchars($user_source['Nick']) . ' <small>' . $user_name . '</small>', array(msg(), div('row', array(div('col-md-3', array('<h1>', '<span class="glyphicon glyphicon-phone"></span>', $user_source['Handy'], '</h1>')), div('col-md-3', array('<h4>' . _("User state") . '</h4>', $admin_user_privilege && $freeloader ? '<span class="text-danger"><span class="glyphicon glyphicon-exclamation-sign"></span> ' . _("Freeloader") . '</span><br />' : '', $user_source['Gekommen'] ? User_shift_state_render($user_source) . '<br />' : '', $admin_user_privilege || $its_me ? $user_source['Gekommen'] ? '<span class="text-success"><span class="glyphicon glyphicon-home"></span> ' . sprintf(_("Arrived at %s"), date('Y-m-d', $user_source['arrival_date'])) . '</span>' : '<span class="text-danger">' . sprintf(_("Not arrived (Planned: %s)"), date('Y-m-d', $user_source['planned_arrival_date'])) . '</span>' : ($user_source['Gekommen'] ? '<span class="text-success"><span class="glyphicon glyphicon-home"></span> ' . _("Arrived") . '</span>' : '<span class="text-danger">' . _("Not arrived") . '</span>'), $admin_user_privilege ? $user_source['got_voucher'] > 0 ? '<br /><span class="text-success">' . glyph('cutlery') . sprintf(ngettext("Got %s voucher", "Got %s vouchers", $user_source['got_voucher']), $user_source['got_voucher']) . '</span><br />' : '<br /><span class="text-danger">' . _("Got no vouchers") . '</span><br />' : '', $user_source['Gekommen'] && $admin_user_privilege && $user_source['Aktiv'] ? ' <span class="text-success">' . _("Active") . '</span>' : '', $user_source['Gekommen'] && $admin_user_privilege && $user_source['Tshirt'] ? ' <span class="text-success">' . _("T-Shirt") . '</span>' : '')), div('col-md-3', array('<h4>' . _("Angeltypes") . '</h4>', User_angeltypes_render($user_angeltypes))), div('col-md-3', array('<h4>' . _("Rights") . '</h4>', User_groups_render($user_groups))))), div('row space-top', array(div('col-md-12', array(buttons(array($admin_user_privilege ? button(page_link_to('admin_user') . '&id=' . $user_source['UID'], glyph("edit") . _("edit")) : '', $admin_user_privilege && !$user_source['Gekommen'] ? button(page_link_to('admin_arrive') . '&arrived=' . $user_source['UID'], _("arrived")) : '', $admin_user_privilege ? button(page_link_to('users') . '&action=edit_vouchers&user_id=' . $user_source['UID'], glyph('cutlery') . _('Edit vouchers')) : '', $its_me ? button(page_link_to('user_settings'), glyph('list-alt') . _("Settings")) : '', $its_me ? button(page_link_to('ical') . '&key=' . $user_source['api_key'], glyph('calendar') . _("iCal Export")) : '', $its_me ? button(page_link_to('shifts_json_export') . '&key=' . $user_source['api_key'], glyph('export') . _("JSON Export")) : '', $its_me ? button(page_link_to('user_myshifts') . '&reset', glyph('repeat') . _('Reset API key')) : '')))))), $its_me || $admin_user_privilege ? '<h2>' . _("Shifts") . '</h2>' : '', $its_me || $admin_user_privilege ? table(array('date' => _("Day"), 'time' => _("Time"), 'room' => _("Location"), 'shift_info' => _("Name & workmates"), 'comment' => _("Comment"), 'actions' => _("Action")), $myshifts_table) : '', $its_me && count($shifts) == 0 ? error(sprintf(_("Go to the <a href=\"%s\">shifts table</a> to sign yourself up for some shifts."), page_link_to('user_shifts')), true) : '')); }
function admin_news() { global $user; if (!isset($_GET["action"])) { redirect(page_link_to("news")); } else { $html = '<div class="col-md-12"><h1>' . _("Edit news entry") . '</h1>' . msg(); if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) { $id = $_REQUEST['id']; } else { return error("Incomplete call, missing News ID.", true); } $news = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($id) . "' LIMIT 1"); if (count($news) > 0) { switch ($_REQUEST["action"]) { default: redirect(page_link_to('news')); case 'edit': list($news) = $news; $user_source = User($news['UID']); if ($user_source === false) { engelsystem_error("Unable to load user."); } $html .= form(array(form_info(_("Date"), date("Y-m-d H:i", $news['Datum'])), form_info(_("Author"), User_Nick_render($user_source)), form_text('eBetreff', _("Subject"), $news['Betreff']), form_textarea('eText', _("Message"), $news['Text']), form_checkbox('eTreffen', _("Meeting"), $news['Treffen'] == 1, 1), form_submit('submit', _("Save"))), page_link_to('admin_news&action=save&id=' . $id)); $html .= '<a class="btn btn-danger" href="' . page_link_to('admin_news&action=delete&id=' . $id) . '"><span class="glyphicon glyphicon-trash"></span> ' . _("Delete") . '</a>'; break; case 'save': list($news) = $news; sql_query("UPDATE `News` SET \n `Datum`='" . sql_escape(time()) . "', \n `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', \n `Text`='" . sql_escape($_POST["eText"]) . "', \n `UID`='" . sql_escape($user['UID']) . "', \n `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' \n WHERE `ID`='" . sql_escape($id) . "'"); engelsystem_log("News updated: " . $_POST["eBetreff"]); success(_("News entry updated.")); redirect(page_link_to("news")); break; case 'delete': list($news) = $news; sql_query("DELETE FROM `News` WHERE `ID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("News deleted: " . $news['Betreff']); success(_("News entry deleted.")); redirect(page_link_to("news")); break; } } else { return error("No News found.", true); } } return $html . '</div>'; }
function admin_free() { global $privileges; $search = ""; if (isset($_REQUEST['search'])) { $search = strip_request_item('search'); } $angeltypesearch = ""; if (empty($_REQUEST['angeltype'])) { $_REQUEST['angeltype'] = ''; } else { $angeltypesearch = " INNER JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id` = '" . sql_escape($_REQUEST['angeltype']) . "' AND `UserAngelTypes`.`user_id` = `User`.`UID`"; if (isset($_REQUEST['confirmed_only'])) { $angeltypesearch .= " AND `UserAngelTypes`.`confirm_user_id`"; } $angeltypesearch .= ") "; } $angel_types_source = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `name`"); $angel_types = array('' => 'alle Typen'); foreach ($angel_types_source as $angel_type) { $angel_types[$angel_type['id']] = $angel_type['name']; } $users = sql_select("\n SELECT `User`.* \n FROM `User` \n {$angeltypesearch} \n LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` \n LEFT JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID` AND `Shifts`.`start` < '" . sql_escape(time()) . "' AND `Shifts`.`end` > '" . sql_escape(time()) . "') \n WHERE `User`.`Gekommen` = 1 AND `Shifts`.`SID` IS NULL \n GROUP BY `User`.`UID` \n ORDER BY `Nick`"); $free_users_table = array(); if ($search == "") { $tokens = array(); } else { $tokens = explode(" ", $search); } foreach ($users as $usr) { if (count($tokens) > 0) { $match = false; $index = join("", $usr); foreach ($tokens as $t) { if (stristr($index, trim($t))) { $match = true; break; } } if (!$match) { continue; } } $free_users_table[] = array('name' => User_Nick_render($usr), 'shift_state' => User_shift_state_render($usr), 'handy' => $usr['Handy'], 'telefon' => $usr['Telefon'], 'email' => $usr['email'], 'kommentar' => $usr['kommentar'], 'actions' => in_array('admin_user', $privileges) ? button(page_link_to('admin_user') . '&id=' . $usr['UID'], _("edit"), 'btn-xs') : ''); } return page_with_title(admin_free_title(), array(form(array(div('row', array(div('col-md-4', array(form_text('search', _("Search"), $search))), div('col-md-4', array(form_select('angeltype', _("Angeltype"), $angel_types, $_REQUEST['angeltype']))), div('col-md-2', array(form_checkbox('confirmed_only', _("Only confirmed"), isset($_REQUEST['confirmed_only'])))), div('col-md-2', array(form_submit('submit', _("Search")))))))), table(array('name' => _("Nick"), 'shift_state' => '', 'handy' => _("Mobile"), 'telefon' => _("Phone"), 'email' => _("E-Mail"), 'kommentar' => _("add. Info"), 'actions' => ''), $free_users_table))); }
function user_questions() { global $user; if (!isset($_REQUEST['action'])) { $open_questions = sql_select("SELECT * FROM `Questions` WHERE `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'"); $answered_questions = sql_select("SELECT * FROM `Questions` WHERE NOT `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'"); foreach ($answered_questions as &$question) { $answer_user_source = User($question['AID']); if ($answer_user_source === false) { engelsystem_error(_("Unable to load user.")); } $question['answer_user'] = User_Nick_render($answer_user_source); } return Questions_view($open_questions, $answered_questions, page_link_to("user_questions") . '&action=ask'); } else { switch ($_REQUEST['action']) { case 'ask': $question = strip_request_item_nl('question'); if ($question != "") { $result = sql_query("INSERT INTO `Questions` SET `UID`='" . sql_escape($user['UID']) . "', `Question`='" . sql_escape($question) . "'"); if ($result === false) { engelsystem_error(_("Unable to save question.")); } success(_("You question was saved.")); redirect(page_link_to("user_questions")); } else { return page_with_title(questions_title(), array(error(_("Please enter a question!"), true))); } break; case 'delete': if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) { $id = $_REQUEST['id']; } else { return error(_("Incomplete call, missing Question ID."), true); } $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1"); if (count($question) > 0 && $question[0]['UID'] == $user['UID']) { sql_query("DELETE FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1"); redirect(page_link_to("user_questions")); } else { return page_with_title(questions_title(), array(error(_("No question found."), true))); } break; } } }
function Shift_view($shift, $shifttype, $room, $shift_admin, $angeltypes_source, $user_shift_admin, $admin_rooms, $admin_shifttypes, $user_shifts, $signed_up) { $parsedown = new Parsedown(); $angeltypes = []; foreach ($angeltypes_source as $angeltype) { $angeltypes[$angeltype['id']] = $angeltype; } $needed_angels = ''; foreach ($shift['NeedAngels'] as $needed_angeltype) { $class = 'progress-bar-warning'; if ($needed_angeltype['taken'] == 0) { $class = 'progress-bar-danger'; } if ($needed_angeltype['taken'] >= $needed_angeltype['count']) { $class = 'progress-bar-success'; } $needed_angels .= '<div class="list-group-item">'; $needed_angels .= '<div class="pull-right">' . Shift_signup_button_render($shift, $angeltypes[$needed_angeltype['TID']]) . '</div>'; $needed_angels .= '<h3>' . AngelType_name_render($angeltypes[$needed_angeltype['TID']]) . '</h3>'; $needed_angels .= progress_bar(0, $needed_angeltype['count'], min($needed_angeltype['taken'], $needed_angeltype['count']), $class, $needed_angeltype['taken'] . ' / ' . $needed_angeltype['count']); $angels = []; foreach ($shift['ShiftEntry'] as $shift_entry) { if ($shift_entry['TID'] == $needed_angeltype['TID']) { $entry = User_Nick_render(User($shift_entry['UID'])); if ($shift_entry['freeloaded']) { $entry = '<strike>' . $entry . '</strike>'; } if ($user_shift_admin) { $entry .= ' <div class="btn-group">'; $entry .= button_glyph(page_link_to('user_myshifts') . '&edit=' . $shift_entry['id'] . '&id=' . $shift_entry['UID'], 'pencil', 'btn-xs'); $entry .= button_glyph(page_link_to('user_shifts') . '&entry_id=' . $shift_entry['id'], 'trash', 'btn-xs'); $entry .= '</div>'; } $angels[] = $entry; } } $needed_angels .= join(', ', $angels); $needed_angels .= '</div>'; } $shiftManagers = getShiftManagers($shift['SID']); return page_with_title($shift['name'] . ' <small class="moment-countdown" data-timestamp="' . $shift['start'] . '">%c</small>', [msg(), Shift_collides($shift, $user_shifts) ? info(_('This shift collides with one of your shifts.'), true) : '', $signed_up ? info(_('You are signed up for this shift.'), true) : '', $shift_admin || $admin_shifttypes || $admin_rooms ? buttons([$shift_admin ? button(shift_edit_link($shift), glyph('pencil') . _('edit')) : '', $shift_admin ? button(shift_delete_link($shift), glyph('trash') . _('delete')) : '', $admin_shifttypes ? button(shifttype_link($shifttype), $shifttype['name']) : '', $admin_rooms ? button(room_link($room), glyph('map-marker') . $room['Name']) : '']) : '', div('row', [div('col-sm-3 col-xs-6', ['<h4>' . _('Title') . '</h4>', '<p class="lead">' . ($shift['URL'] != '' ? '<a href="' . $shift['URL'] . '">' . $shift['title'] . '</a>' : $shift['title']) . '</p>']), div('col-sm-3 col-xs-6', ['<h4>' . _('Start') . '</h4>', '<p class="lead' . (time() >= $shift['start'] ? ' text-success' : '') . '">', glyph('calendar') . date('Y-m-d', $shift['start']), '<br />', glyph('time') . date('H:i', $shift['start']), '</p>']), div('col-sm-3 col-xs-6', ['<h4>' . _('End') . '</h4>', '<p class="lead' . (time() >= $shift['end'] ? ' text-success' : '') . '">', glyph('calendar') . date('Y-m-d', $shift['end']), '<br />', glyph('time') . date('H:i', $shift['end']), '</p>']), div('col-sm-3 col-xs-6', ['<h4>' . _('Location') . '</h4>', '<p class="lead">' . glyph('map-marker') . $room['Name'] . '</p>'])]), div('row', [div('col-sm-6', ['<h2>' . _('Needed angels') . '</h2>', '<div class="list-group">' . $needed_angels . '</div>']), div('col-sm-6', [!empty($shiftManagers) ? '<h2>' . _('Shift Manager') . '</h2>' : '', !empty($shiftManagers) ? implode('<br>', array_map(function ($manager) { return $manager['Vorname'] . ' ' . $manager['Name']; }, $shiftManagers)) : '', '<h2>' . _('Description') . '</h2>', $parsedown->parse($shifttype['description'])])]), $shift_admin ? Shift_editor_info_render($shift) : '']); }
/** * Edit a user's driving license information. * @param User $user_source * @param bool $wants_to_drive * @param bool $has_car * @param bool $has_license_car * @param bool $has_license_3_5t_transporter * @param bool $has_license_7_5t_truck * @param bool $has_license_12_5t_truck * @param bool $has_license_forklift */ function UserDriverLicense_edit_view($user_source, $wants_to_drive, $has_car, $has_license_car, $has_license_3_5t_transporter, $has_license_7_5t_truck, $has_license_12_5t_truck, $has_license_forklift) { return page_with_title(sprintf(_("Edit %s driving license information"), User_Nick_render($user_source)), [buttons([button(user_link($user_source), _("Back to profile"), 'back')]), msg(), form([form_info(_("Privacy"), _("Your driving license information is only visible for coordinators and admins.")), form_checkbox('wants_to_drive', _("I am willing to operate cars for the PL"), $wants_to_drive), div('panel panel-default', [div('panel-body', [form_checkbox('has_car', _("I have my own car with me and am willing to use it for the PL (You'll get reimbursed for fuel)"), $has_car), heading(_("Driver license"), 3), form_checkbox('has_license_car', _("Car"), $has_license_car), form_checkbox('has_license_3_5t_transporter', _("Transporter 3,5t"), $has_license_3_5t_transporter), form_checkbox('has_license_7_5t_truck', _("Truck 7,5t"), $has_license_7_5t_truck), form_checkbox('has_license_12_5t_truck', _("Truck 12,5t"), $has_license_12_5t_truck), form_checkbox('has_license_forklift', _("Forklift"), $has_license_forklift)])], 'driving_license'), form_submit('submit', _("Save"))]), '<script type="text/javascript"> $(function() { if($("#wants_to_drive").is(":checked")) $("#driving_license").show(); else $("#driving_license").hide(); $("#wants_to_drive").click( function(e) { if($("#wants_to_drive").is(":checked")) $("#driving_license").show(); else $("#driving_license").hide(); } ); }); </script>']); }
function user_got_voucher_controller() { global $privileges, $user; if (isset($_REQUEST['user_id'])) { $user_source = User($_REQUEST['user_id']); } else { $user_source = $user; } $admin_user_privilege = in_array('admin_user', $privileges); if (!in_array('admin_user', $privileges)) { redirect(page_link_to('')); } if (!isset($_REQUEST['got_voucher'])) { redirect(page_link_to('')); } $user_source['got_voucher'] = $_REQUEST['got_voucher'] == 'true'; $result = User_update($user_source); if ($result === false) { engelsystem_error('Unable to update user.'); } success($user_source['got_voucher'] ? _('User got vouchers.') : _('User didnt got vouchers.')); engelsystem_log(User_Nick_render($user_source) . ($user_source['got_voucher'] ? ' got vouchers' : ' didnt got vouchers')); redirect(user_link($user_source)); }
function admin_active() { global $tshirt_sizes, $shift_sum_formula; $msg = ""; $search = ""; $forced_count = sql_num_query("SELECT * FROM `User` WHERE `force_active`=1"); $count = $forced_count; $limit = ""; $set_active = ""; if (isset($_REQUEST['search'])) { $search = strip_request_item('search'); } if (isset($_REQUEST['set_active'])) { $ok = true; if (isset($_REQUEST['count']) && preg_match("/^[0-9]+\$/", $_REQUEST['count'])) { $count = strip_request_item('count'); if ($count < $forced_count) { error(sprintf(_("At least %s angels are forced to be active. The number has to be greater."), $forced_count)); redirect(page_link_to('admin_active')); } } else { $ok = false; $msg .= error(_("Please enter a number of angels to be marked as active."), true); } if ($ok) { $limit = " LIMIT " . $count; } if (isset($_REQUEST['ack'])) { sql_query("UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0"); $users = sql_select("\n SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, {$shift_sum_formula} as `shift_length` \n FROM `User` \n LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` \n LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` \n WHERE `User`.`Gekommen` = 1 AND `User`.`force_active`=0 \n GROUP BY `User`.`UID` \n ORDER BY `force_active` DESC, `shift_length` DESC" . $limit); $user_nicks = array(); foreach ($users as $usr) { sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`='" . sql_escape($usr['UID']) . "'"); $user_nicks[] = User_Nick_render($usr); } sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `force_active`=TRUE"); engelsystem_log("These angels are active now: " . join(", ", $user_nicks)); $limit = ""; $msg = success(_("Marked angels."), true); } else { $set_active = '<a href="' . page_link_to('admin_active') . '&serach=' . $search . '">« ' . _("back") . '</a> | <a href="' . page_link_to('admin_active') . '&search=' . $search . '&count=' . $count . '&set_active&ack">' . _("apply") . '</a>'; } } if (isset($_REQUEST['active']) && preg_match("/^[0-9]+\$/", $_REQUEST['active'])) { $id = $_REQUEST['active']; $user_source = User($id); if ($user_source != null) { sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User " . User_Nick_render($user_source) . " is active now."); $msg = success(_("Angel has been marked as active."), true); } else { $msg = error(_("Angel not found."), true); } } elseif (isset($_REQUEST['not_active']) && preg_match("/^[0-9]+\$/", $_REQUEST['not_active'])) { $id = $_REQUEST['not_active']; $user_source = User($id); if ($user_source != null) { sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User " . User_Nick_render($user_source) . " is NOT active now."); $msg = success(_("Angel has been marked as not active."), true); } else { $msg = error(_("Angel not found."), true); } } elseif (isset($_REQUEST['tshirt']) && preg_match("/^[0-9]+\$/", $_REQUEST['tshirt'])) { $id = $_REQUEST['tshirt']; $user_source = User($id); if ($user_source != null) { sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User " . User_Nick_render($user_source) . " has tshirt now."); $msg = success(_("Angel has got a t-shirt."), true); } else { $msg = error("Angel not found.", true); } } elseif (isset($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+\$/", $_REQUEST['not_tshirt'])) { $id = $_REQUEST['not_tshirt']; $user_source = User($id); if ($user_source != null) { sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User " . User_Nick_render($user_source) . " has NO tshirt."); $msg = success(_("Angel has got no t-shirt."), true); } else { $msg = error(_("Angel not found."), true); } } $users = sql_select("\n SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, {$shift_sum_formula} as `shift_length` \n FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` \n LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` \n WHERE `User`.`Gekommen` = 1 \n GROUP BY `User`.`UID` \n ORDER BY `force_active` DESC, `shift_length` DESC" . $limit); $matched_users = array(); if ($search == "") { $tokens = array(); } else { $tokens = explode(" ", $search); } foreach ($users as &$usr) { if (count($tokens) > 0) { $match = false; $index = join("", $usr); foreach ($tokens as $t) { if (stristr($index, trim($t))) { $match = true; break; } } if (!$match) { continue; } } $usr['nick'] = User_Nick_render($usr); $usr['shirt_size'] = $tshirt_sizes[$usr['Size']]; $usr['work_time'] = round($usr['shift_length'] / 60) . ' min (' . round($usr['shift_length'] / 3600) . ' h)'; $usr['active'] = glyph_bool($usr['Aktiv'] == 1); $usr['force_active'] = glyph_bool($usr['force_active'] == 1); $usr['tshirt'] = glyph_bool($usr['Tshirt'] == 1); $actions = array(); if ($usr['Aktiv'] == 0) { $actions[] = '<a href="' . page_link_to('admin_active') . '&active=' . $usr['UID'] . '&search=' . $search . '">' . _("set active") . '</a>'; } if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) { $actions[] = '<a href="' . page_link_to('admin_active') . '&not_active=' . $usr['UID'] . '&search=' . $search . '">' . _("remove active") . '</a>'; $actions[] = '<a href="' . page_link_to('admin_active') . '&tshirt=' . $usr['UID'] . '&search=' . $search . '">' . _("got t-shirt") . '</a>'; } if ($usr['Tshirt'] == 1) { $actions[] = '<a href="' . page_link_to('admin_active') . '&not_tshirt=' . $usr['UID'] . '&search=' . $search . '">' . _("remove t-shirt") . '</a>'; } $usr['actions'] = join(' ', $actions); $matched_users[] = $usr; } $shirt_statistics = sql_select("\n SELECT `Size`, count(`Size`) AS `count`\n FROM `User`\n WHERE `Tshirt`=1\n GROUP BY `Size`\n ORDER BY `count` DESC"); $shirt_statistics[] = array('Size' => '<b>' . _("Sum") . '</b>', 'count' => '<b>' . sql_select_single_cell("SELECT count(*) FROM `User` WHERE `Tshirt`=1") . '</b>'); return page_with_title(admin_active_title(), array(form(array(form_text('search', _("Search angel:"), $search), form_submit('submit', _("Search")))), $set_active == "" ? form(array(form_text('count', _("How much angels should be active?"), $count), form_submit('set_active', _("Preview")))) : $set_active, msg(), table(array('nick' => _("Nickname"), 'shirt_size' => _("Size"), 'shift_count' => _("Shifts"), 'work_time' => _("Length"), 'active' => _("Active?"), 'force_active' => _("Forced"), 'tshirt' => _("T-shirt?"), 'actions' => ""), $matched_users), '<h2>' . _("Given shirts") . '</h2>', table(array('Size' => _("Size"), 'count' => _("Count")), $shirt_statistics))); }
function admin_user() { global $user, $privileges, $tshirt_sizes, $privileges; $html = ''; if (!isset($_REQUEST['id'])) { redirect(users_link()); } $id = $_REQUEST['id']; if (!isset($_REQUEST['action'])) { $user_source = User($id); if ($user_source === false) { engelsystem_error('Unable to load user.'); } if ($user_source == null) { error(_('This user does not exist.')); redirect(users_link()); } $html .= "Hallo,<br />" . "hier kannst du den Eintrag ändern. Unter dem Punkt 'Gekommen' " . "wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " . "dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " . "Wenn T-Shirt ein 'Ja' enthält, bedeutet dies, dass der Engel " . "bereits sein T-Shirt erhalten hat.<br /><br />\n"; $html .= "<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=save&id={$id}\" method=\"post\">\n"; $html .= "<table border=\"0\">\n"; $html .= "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n"; $SQL = "SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "'"; list($user_source) = sql_select($SQL); $html .= "<tr><td>\n"; $html .= "<table>\n"; $html .= " <tr><td>Nick</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eNick\" value=\"" . $user_source['Nick'] . "\"></td></tr>\n"; $html .= " <tr><td>lastLogIn</td><td>" . date("Y-m-d H:i", $user_source['lastLogIn']) . "</td></tr>\n"; $html .= " <tr><td>Name</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eName\" value=\"" . $user_source['Name'] . "\"></td></tr>\n"; $html .= " <tr><td>Vorname</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eVorname\" value=\"" . $user_source['Vorname'] . "\"></td></tr>\n"; $html .= " <tr><td>Alter</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"5\" name=\"eAlter\" value=\"" . $user_source['Alter'] . "\"></td></tr>\n"; $html .= " <tr><td>Telefon</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" . $user_source['Telefon'] . "\"></td></tr>\n"; $html .= " <tr><td>Handy</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eHandy\" value=\"" . $user_source['Handy'] . "\"></td></tr>\n"; $html .= " <tr><td>DECT</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"4\" name=\"eDECT\" value=\"" . $user_source['DECT'] . "\"></td></tr>\n"; $html .= " <tr><td>email</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eemail\" value=\"" . $user_source['email'] . "\"></td></tr>\n"; $html .= " <tr><td>" . form_checkbox('email_shiftinfo', _("Please send me an email if my shifts change"), $user_source['email_shiftinfo']) . "</td></tr>\n"; $html .= " <tr><td>jabber</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"ejabber\" value=\"" . $user_source['jabber'] . "\"></td></tr>\n"; $html .= " <tr><td>Size</td><td>" . html_select_key('size', 'eSize', $tshirt_sizes, $user_source['Size']) . "</td></tr>\n"; $options = array('1' => "Yes", '0' => "No"); // Gekommen? $html .= " <tr><td>Gekommen</td><td>\n"; $html .= html_options('eGekommen', $options, $user_source['Gekommen']) . "</td></tr>\n"; // Aktiv? $html .= " <tr><td>Aktiv</td><td>\n"; $html .= html_options('eAktiv', $options, $user_source['Aktiv']) . "</td></tr>\n"; // Aktiv erzwingen if (in_array('admin_active', $privileges)) { $html .= " <tr><td>" . _("Force active") . "</td><td>\n"; $html .= html_options('force_active', $options, $user_source['force_active']) . "</td></tr>\n"; } // T-Shirt bekommen? $html .= " <tr><td>T-Shirt</td><td>\n"; $html .= html_options('eTshirt', $options, $user_source['Tshirt']) . "</td></tr>\n"; $html .= " <tr><td>Hometown</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"Hometown\" value=\"" . $user_source['Hometown'] . "\"></td></tr>\n"; $html .= "</table>\n</td><td valign=\"top\"></td></tr>"; $html .= "</td></tr>\n"; $html .= "</table>\n<br />\n"; $html .= "<input class=\"btn btn-primary\" type=\"submit\" value=\"Speichern\">\n"; $html .= "</form>"; $html .= "<hr />"; $html .= form_info('', _('Please visit the angeltypes page or the users profile to manage users angeltypes.')); $html .= "Hier kannst Du das Passwort dieses Engels neu setzen:<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=change_pw&id={$id}\" method=\"post\">\n"; $html .= "<br /><table>\n"; $html .= " <tr><td width=\"30%\">Passwort </td><td>" . "<input class=\"form-control\" type=\"password\" size=\"40\" name=\"new_pw\" value=\"\"></td></tr>\n"; $html .= " <tr><td width=\"30%\">Wiederholung </td><td>" . "<input class=\"form-control\" type=\"password\" size=\"40\" name=\"new_pw2\" value=\"\"></td></tr>\n"; $html .= "</table>"; $html .= "<div class=\"form-group\"><input class=\"btn btn-primary\" type=\"submit\" value=\"Speichern\"></div>\n"; $html .= "</form>"; $html .= "<hr />"; $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user['UID']) . "' ORDER BY `group_id` LIMIT 1"); if (count($my_highest_group) > 0) { $my_highest_group = $my_highest_group[0]['group_id']; } $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "' ORDER BY `group_id` LIMIT 1"); if (count($his_highest_group) > 0) { $his_highest_group = $his_highest_group[0]['group_id']; } if ($id != $user['UID'] && $my_highest_group <= $his_highest_group) { $html .= "Hier kannst Du die Benutzergruppen des Engels festlegen:<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=save_groups&id=" . $id . "\" method=\"post\">\n"; $html .= '<table>'; $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group) . "' ORDER BY `Groups`.`Name`"); foreach ($groups as $group) { $html .= '<tr><td><input type="checkbox" name="groups[]" value="' . $group['UID'] . '"' . ($group['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $group['Name'] . '</td></tr>'; } $html .= '</table>'; $html .= "<input class=\"btn btn-primary\" type=\"submit\" value=\"Speichern\">\n"; $html .= "</form>"; $html .= "<hr />"; } $html .= "<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=delete&id=" . $id . "\" method=\"post\">\n"; $html .= "<tr><td><input class=\"btn btn-primary\" type=\"submit\" value=\"Löschen\"></td></tr>\n"; $html .= "</form>"; $html .= "<hr />"; } else { switch ($_REQUEST['action']) { case 'save_groups': if ($id != $user['UID']) { $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user['UID']) . "' ORDER BY `group_id`"); $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "' ORDER BY `group_id`"); if (count($my_highest_group) > 0 && (count($his_highest_group) == 0 || $my_highest_group[0]['group_id'] <= $his_highest_group[0]['group_id'])) { $groups_source = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group[0]['group_id']) . "' ORDER BY `Groups`.`Name`"); $groups = array(); $grouplist = array(); foreach ($groups_source as $group) { $groups[$group['UID']] = $group; $grouplist[] = $group['UID']; } if (!is_array($_REQUEST['groups'])) { $_REQUEST['groups'] = array(); } sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'"); $user_groups_info = array(); foreach ($_REQUEST['groups'] as $group) { if (in_array($group, $grouplist)) { sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($id) . "', `group_id`='" . sql_escape($group) . "'"); $user_groups_info[] = $groups[$group]['Name']; } } $user_source = User($id); engelsystem_log("Set groups of " . User_Nick_render($user_source) . " to: " . join(", ", $user_groups_info)); $html .= success("Benutzergruppen gespeichert.", true); } else { $html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.", true); } } else { $html .= error("Du kannst Deine eigenen Rechte nicht bearbeiten.", true); } break; case 'delete': if ($user['UID'] != $id) { $user_source = sql_select("SELECT `Nick`, `UID` FROM `User` WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1"); sql_query("DELETE FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'"); engelsystem_log("Deleted user " . User_Nick_render($user_source)); $html .= success("Benutzer gelöscht!", true); } else { $html .= error("Du kannst Dich nicht selber löschen!", true); } break; case 'save': $force_active = $user['force_active']; if (in_array('admin_active', $privileges)) { $force_active = $_REQUEST['force_active']; } $SQL = "UPDATE `User` SET \n `Nick` = '" . sql_escape($_POST["eNick"]) . "', \n `Name` = '" . sql_escape($_POST["eName"]) . "', \n `Vorname` = '" . sql_escape($_POST["eVorname"]) . "', \n `Telefon` = '" . sql_escape($_POST["eTelefon"]) . "', \n `Handy` = '" . sql_escape($_POST["eHandy"]) . "', \n `Alter` = '" . sql_escape($_POST["eAlter"]) . "', \n `DECT` = '" . sql_escape($_POST["eDECT"]) . "', \n `email` = '" . sql_escape($_POST["eemail"]) . "', \n `email_shiftinfo` = " . sql_bool(isset($_REQUEST['email_shiftinfo'])) . ", \n `jabber` = '" . sql_escape($_POST["ejabber"]) . "', \n `Size` = '" . sql_escape($_POST["eSize"]) . "', \n `Gekommen`= '" . sql_escape($_POST["eGekommen"]) . "', \n `Aktiv`= '" . sql_escape($_POST["eAktiv"]) . "', \n `force_active`= " . sql_escape($force_active) . ", \n `Tshirt` = '" . sql_escape($_POST["eTshirt"]) . "', \n `Hometown` = '" . sql_escape($_POST["Hometown"]) . "' \n WHERE `UID` = '" . sql_escape($id) . "' \n LIMIT 1"; sql_query($SQL); engelsystem_log("Updated user: "******"eNick"] . ", " . $_POST["eSize"] . ", available: " . $_POST["eGekommen"] . ", active: " . $_POST["eAktiv"] . ", tshirt: " . $_POST["eTshirt"]); $html .= success("Änderung wurde gespeichert...\n", true); break; case 'change_pw': if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) { set_password($id, $_REQUEST['new_pw']); $user_source = User($id); engelsystem_log("Set new password for " . User_Nick_render($user_source)); $html .= success("Passwort neu gesetzt.", true); } else { $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true); } break; } } return page_with_title(_('Edit user'), array($html)); }
function UserAngelType_join_view($user, $angeltype) { return page_with_title(sprintf(_("Become a %s"), $angeltype['name']), array(msg(), info(sprintf(_("Do you really want to add %s to %s?"), User_Nick_render($user), $angeltype['name']), true), buttons(array(button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _("cancel"), 'cancel'), button(page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'] . '&user_id=' . $user['UID'] . '&confirmed', _("save"), 'ok'))))); }
function user_myshifts() { global $LETZTES_AUSTRAGEN; global $user, $privileges; $msg = ""; if (isset($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}\$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($_REQUEST['id']) . "'") > 0) { $id = $_REQUEST['id']; } else { $id = $user['UID']; } list($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); if (isset($_REQUEST['reset'])) { if ($_REQUEST['reset'] == "ack") { User_reset_api_key($user); success(_("Key changed.")); redirect(page_link_to('user_myshifts')); } return page_with_title(_("Reset API key"), array(error(_("If you reset the key, the url to your iCal- and JSON-export and your atom feed changes! You have to update it in every application using one of these exports."), true), button(page_link_to('user_myshifts') . '&reset=ack', _("Continue"), 'btn-danger'))); } elseif (isset($_REQUEST['edit']) && preg_match("/^[0-9]*\$/", $_REQUEST['edit'])) { $id = $_REQUEST['edit']; $shift = sql_select("SELECT\n `ShiftEntry`.`freeloaded`,\n `ShiftEntry`.`freeload_comment`,\n `ShiftEntry`.`Comment`,\n `ShiftEntry`.`UID`,\n `ShiftTypes`.`name`,\n `Shifts`.*,\n `Room`.`Name`,\n `AngelTypes`.`name` as `angel_type`\n FROM `ShiftEntry`\n JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`)\n JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`)\n JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`)\n WHERE `ShiftEntry`.`id`='" . sql_escape($id) . "'\n AND `UID`='" . sql_escape($shifts_user['UID']) . "' LIMIT 1"); if (count($shift) > 0) { $shift = $shift[0]; if (isset($_REQUEST['submit'])) { $freeloaded = $shift['freeloaded']; $freeload_comment = $shift['freeload_comment']; if (in_array("user_shifts_admin", $privileges)) { $freeloaded = isset($_REQUEST['freeloaded']); $freeload_comment = strip_request_item_nl('freeload_comment'); } $comment = strip_request_item_nl('comment'); $user_source = User($shift['UID']); $result = ShiftEntry_update(array('id' => $id, 'Comment' => $comment, 'freeloaded' => $freeloaded, 'freeload_comment' => $freeload_comment)); if ($result === false) { engelsystem_error('Unable to update shift entr.'); } engelsystem_log("Updated " . User_Nick_render($user_source) . "'s shift " . $shift['name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']) . " with comment " . $comment . ". Freeloaded: " . ($freeloaded ? "YES Comment: " . $freeload_comment : "NO")); success(_("Shift saved.")); redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']); } return ShiftEntry_edit_view(User_Nick_render($shifts_user), date("Y-m-d H:i", $shift['start']) . ', ' . shift_length($shift), $shift['Name'], $shift['name'], $shift['angel_type'], $shift['Comment'], $shift['freeloaded'], $shift['freeload_comment'], in_array("user_shifts_admin", $privileges)); } else { redirect(page_link_to('user_myshifts')); } } elseif (isset($_REQUEST['cancel']) && preg_match("/^[0-9]*\$/", $_REQUEST['cancel'])) { $id = $_REQUEST['cancel']; $shift = sql_select("\n SELECT *\n FROM `Shifts` \n INNER JOIN `ShiftEntry` USING (`SID`) \n WHERE `ShiftEntry`.`id`='" . sql_escape($id) . "' AND `UID`='" . sql_escape($shifts_user['UID']) . "'"); if (count($shift) > 0) { $shift = $shift[0]; if ($shift['start'] > time() + $LETZTES_AUSTRAGEN * 3600 || in_array('user_shifts_admin', $privileges)) { $result = ShiftEntry_delete($id); if ($result === false) { engelsystem_error('Unable to delete shift entry.'); } $room = Room($shift['RID']); $angeltype = AngelType($shift['TID']); $shifttype = ShiftType($shift['shifttype_id']); engelsystem_log("Deleted own shift: " . $shifttype['name'] . " at " . $room['Name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']) . " as " . $angeltype['name']); success(_("You have been signed off from the shift.")); } else { error(_("It's too late to sign yourself off the shift. If neccessary, ask the dispatcher to do so.")); } } else { redirect(user_link($shifts_user)); } } redirect(page_link_to('users') . '&action=view'); }
function user_news_comments() { global $user; $html = '<div class="col-md-12"><h1>' . user_news_comments_title() . '</h1>'; if (isset($_REQUEST["nid"]) && preg_match("/^[0-9]{1,}\$/", $_REQUEST['nid']) && sql_num_query("SELECT * FROM `News` WHERE `ID`='" . sql_escape($_REQUEST['nid']) . "' LIMIT 1") > 0) { $nid = $_REQUEST["nid"]; list($news) = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($nid) . "' LIMIT 1"); if (isset($_REQUEST["text"])) { $text = preg_replace("/([^\\p{L}\\p{P}\\p{Z}\\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); sql_query("INSERT INTO `NewsComments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')"); engelsystem_log("Created news_comment: " . $text); $html .= success(_("Entry saved."), true); } $html .= display_news($news); $comments = sql_select("SELECT * FROM `NewsComments` WHERE `Refid`='" . sql_escape($nid) . "' ORDER BY 'ID'"); foreach ($comments as $comment) { $user_source = User($comment['UID']); if ($user_source === false) { engelsystem_error(_("Unable to load user.")); } $html .= '<div class="panel panel-default">'; $html .= '<div class="panel-body">' . nl2br($comment['Text']) . '</div>'; $html .= '<div class="panel-footer text-muted">'; $html .= '<span class="glyphicon glyphicon-time"></span> ' . $comment['Datum'] . ' '; $html .= User_Nick_render($user_source); $html .= '</div>'; $html .= '</div>'; } $html .= '<hr /><h2>' . _("New Comment:") . '</h2>'; $html .= form(array(form_textarea('text', _("Message"), ''), form_submit('submit', _("Save"))), page_link_to('news_comments') . '&nid=' . $news['ID']); } else { $html .= _("Invalid request."); } return $html . '</div>'; }
function guest_register() { global $tshirt_sizes, $enable_tshirt_size, $default_theme; $msg = ""; $nick = ""; $lastname = ""; $prename = ""; $age = ""; $tel = ""; $dect = ""; $mobile = ""; $mail = ""; $email_shiftinfo = false; $jabber = ""; $hometown = ""; $comment = ""; $tshirt_size = ''; $password_hash = ""; $selected_angel_types = array(); $planned_arrival_date = null; $angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); $angel_types = array(); foreach ($angel_types_source as $angel_type) { $angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : ""); if (!$angel_type['restricted']) { $selected_angel_types[] = $angel_type['id']; } } if (isset($_REQUEST['submit'])) { $ok = true; if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 1) { $nick = User_validate_Nick($_REQUEST['nick']); if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' LIMIT 1") > 0) { $ok = false; $msg .= error(sprintf(_("Your nick "%s" already exists."), $nick), true); } } else { $ok = false; $msg .= error(sprintf(_("Your nick "%s" is too short (min. 2 characters)."), User_validate_Nick($_REQUEST['nick'])), true); } if (isset($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) { $mail = strip_request_item('mail'); if (!check_email($mail)) { $ok = false; $msg .= error(_("E-mail address is not correct."), true); } } else { $ok = false; $msg .= error(_("Please enter your e-mail."), true); } if (isset($_REQUEST['email_shiftinfo'])) { $email_shiftinfo = true; } if (isset($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) { $jabber = strip_request_item('jabber'); if (!check_email($jabber)) { $ok = false; $msg .= error(_("Please check your jabber account information."), true); } } if ($enable_tshirt_size) { if (isset($_REQUEST['tshirt_size']) && isset($tshirt_sizes[$_REQUEST['tshirt_size']]) && $_REQUEST['tshirt_size'] != '') { $tshirt_size = $_REQUEST['tshirt_size']; } else { $ok = false; $msg .= error(_("Please select your shirt size."), true); } } if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) { if ($_REQUEST['password'] != $_REQUEST['password2']) { $ok = false; $msg .= error(_("Your passwords don't match."), true); } } else { $ok = false; $msg .= error(sprintf(_("Your password is too short (please use at least %s characters)."), MIN_PASSWORD_LENGTH), true); } if (isset($_REQUEST['planned_arrival_date']) && DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))) { $planned_arrival_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))->getTimestamp(); } else { $ok = false; $msg .= error(_("Please enter your planned date of arrival."), true); } $selected_angel_types = array(); foreach ($angel_types as $angel_type_id => $angel_type_name) { if (isset($_REQUEST['angel_types_' . $angel_type_id])) { $selected_angel_types[] = $angel_type_id; } } // Trivia if (isset($_REQUEST['lastname'])) { $lastname = strip_request_item('lastname'); } if (isset($_REQUEST['prename'])) { $prename = strip_request_item('prename'); } if (isset($_REQUEST['age']) && preg_match("/^[0-9]{0,4}\$/", $_REQUEST['age'])) { $age = strip_request_item('age'); } if (isset($_REQUEST['tel'])) { $tel = strip_request_item('tel'); } if (isset($_REQUEST['dect'])) { $dect = strip_request_item('dect'); } if (isset($_REQUEST['mobile'])) { $mobile = strip_request_item('mobile'); } if (isset($_REQUEST['hometown'])) { $hometown = strip_request_item('hometown'); } if (isset($_REQUEST['comment'])) { $comment = strip_request_item_nl('comment'); } if ($ok) { sql_query("\n INSERT INTO `User` SET \n `color`='" . sql_escape($default_theme) . "', \n `Nick`='" . sql_escape($nick) . "', \n `Vorname`='" . sql_escape($prename) . "', \n `Name`='" . sql_escape($lastname) . "', \n `Alter`='" . sql_escape($age) . "', \n `Telefon`='" . sql_escape($tel) . "', \n `DECT`='" . sql_escape($dect) . "', \n `Handy`='" . sql_escape($mobile) . "', \n `email`='" . sql_escape($mail) . "', \n `email_shiftinfo`=" . sql_bool($email_shiftinfo) . ", \n `jabber`='" . sql_escape($jabber) . "',\n `Size`='" . sql_escape($tshirt_size) . "', \n `Passwort`='" . sql_escape($password_hash) . "', \n `kommentar`='" . sql_escape($comment) . "', \n `Hometown`='" . sql_escape($hometown) . "', \n `CreateDate`=NOW(), \n `Sprache`='" . sql_escape($_SESSION["locale"]) . "',\n `arrival_date`=NULL,\n `planned_arrival_date`='" . sql_escape($planned_arrival_date) . "'"); // Assign user-group and set password $user_id = sql_id(); sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($user_id) . "', `group_id`=-2"); set_password($user_id, $_REQUEST['password']); // Assign angel-types $user_angel_types_info = array(); foreach ($selected_angel_types as $selected_angel_type_id) { sql_query("INSERT INTO `UserAngelTypes` SET `user_id`='" . sql_escape($user_id) . "', `angeltype_id`='" . sql_escape($selected_angel_type_id) . "'"); $user_angel_types_info[] = $angel_types[$selected_angel_type_id]; } engelsystem_log("User " . User_Nick_render(User($user_id)) . " signed up as: " . join(", ", $user_angel_types_info)); success(_("Angel registration successful!")); redirect('?'); } } return page_with_title(register_title(), array(_("By completing this form you're registering as a Chaos-Angel. This script will create you an account in the angel task sheduler."), $msg, msg(), form(array(div('row', array(div('col-md-6', array(div('row', array(div('col-sm-4', array(form_text('nick', _("Nick") . ' ' . entry_required(), $nick))), div('col-sm-8', array(form_email('mail', _("E-Mail") . ' ' . entry_required(), $mail), form_checkbox('email_shiftinfo', _("Please send me an email if my shifts change"), $email_shiftinfo))))), div('row', array(div('col-sm-6', array(form_date('planned_arrival_date', _("Planned date of arrival") . ' ' . entry_required(), $planned_arrival_date, time()))), div('col-sm-6', array($enable_tshirt_size ? form_select('tshirt_size', _("Shirt size") . ' ' . entry_required(), $tshirt_sizes, $tshirt_size) : '')))), div('row', array(div('col-sm-6', array(form_password('password', _("Password") . ' ' . entry_required()))), div('col-sm-6', array(form_password('password2', _("Confirm password") . ' ' . entry_required()))))), form_checkboxes('angel_types', _("What do you want to do?") . sprintf(" (<a href=\"%s\">%s</a>)", page_link_to('angeltypes') . '&action=about', _("Description of job types")), $angel_types, $selected_angel_types), form_info("", _("Restricted angel types need will be confirmed later by an archangel. You can change your selection in the options section.")))), div('col-md-6', array(div('row', array(div('col-sm-6', array(form_text('mobile', _("Mobile"), $mobile))), div('col-sm-6', array(form_text('tel', _("Phone"), $tel))))), form_text('jabber', _("Jabber"), $jabber), div('row', array(div('col-sm-6', array(form_text('prename', _("First name"), $prename))), div('col-sm-6', array(form_text('lastname', _("Last name"), $lastname))))), div('row', array(div('col-sm-3', array(form_text('age', _("Age"), $age))), div('col-sm-9', array(form_text('hometown', _("Hometown"), $hometown))))), form_info(entry_required() . ' = ' . _("Entry required!")))))), form_submit('submit', _("Register")))))); }
/** * Generates a new password recovery token for given user. * * @param User $user */ function User_generate_password_recovery_token(&$user) { $user['password_recovery_token'] = md5($user['Nick'] . time() . rand()); $result = sql_query("UPDATE `User` SET `password_recovery_token`='" . sql_escape($user['password_recovery_token']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1"); if ($result === false) { return false; } engelsystem_log("Password recovery for " . User_Nick_render($user) . " started."); return $user['password_recovery_token']; }
function admin_questions() { global $user; if (!isset($_REQUEST['action'])) { $unanswered_questions_table = array(); $questions = sql_select("SELECT * FROM `Questions` WHERE `AID` IS NULL"); foreach ($questions as $question) { $user_source = User($question['UID']); if ($user_source === false) { engelsystem_error("Unable to load user."); } $unanswered_questions_table[] = array('from' => User_Nick_render($user_source), 'question' => str_replace("\n", "<br />", $question['Question']), 'answer' => form(array(form_textarea('answer', '', ''), form_submit('submit', _("Save"))), page_link_to('admin_questions') . '&action=answer&id=' . $question['QID']), 'actions' => button(page_link_to("admin_questions") . '&action=delete&id=' . $question['QID'], _("delete"), 'btn-xs')); } $answered_questions_table = array(); $questions = sql_select("SELECT * FROM `Questions` WHERE NOT `AID` IS NULL"); foreach ($questions as $question) { $user_source = User($question['UID']); if ($user_source === false) { engelsystem_error("Unable to load user."); } $answer_user_source = User($question['AID']); if ($answer_user_source === false) { engelsystem_error("Unable to load user."); } $answered_questions_table[] = array('from' => User_Nick_render($user_source), 'question' => str_replace("\n", "<br />", $question['Question']), 'answered_by' => User_Nick_render($answer_user_source), 'answer' => str_replace("\n", "<br />", $question['Answer']), 'actions' => button(page_link_to("admin_questions") . '&action=delete&id=' . $question['QID'], _("delete"), 'btn-xs')); } return page_with_title(admin_questions_title(), array('<h2>' . _("Unanswered questions") . '</h2>', table(array('from' => _("From"), 'question' => _("Question"), 'answer' => _("Answer"), 'actions' => ''), $unanswered_questions_table), '<h2>' . _("Answered questions") . '</h2>', table(array('from' => _("From"), 'question' => _("Question"), 'answered_by' => _("Answered by"), 'answer' => _("Answer"), 'actions' => ''), $answered_questions_table))); } else { switch ($_REQUEST['action']) { case 'answer': if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) { $id = $_REQUEST['id']; } else { return error("Incomplete call, missing Question ID.", true); } $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1"); if (count($question) > 0 && $question[0]['AID'] == null) { $answer = trim(preg_replace("/([^\\p{L}\\p{P}\\p{Z}\\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer']))); if ($answer != "") { sql_query("UPDATE `Questions` SET `AID`='" . sql_escape($user['UID']) . "', `Answer`='" . sql_escape($answer) . "' WHERE `QID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("Question " . $question[0]['Question'] . " answered: " . $answer); redirect(page_link_to("admin_questions")); } else { return error("Gib eine Antwort ein!", true); } } else { return error("No question found.", true); } break; case 'delete': if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) { $id = $_REQUEST['id']; } else { return error("Incomplete call, missing Question ID.", true); } $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1"); if (count($question) > 0) { sql_query("DELETE FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("Question deleted: " . $question[0]['Question']); redirect(page_link_to("admin_questions")); } else { return error("No question found.", true); } break; } } }
function admin_arrive() { $msg = ""; $search = ""; if (isset($_REQUEST['search'])) { $search = strip_request_item('search'); } if (isset($_REQUEST['reset']) && preg_match("/^[0-9]*\$/", $_REQUEST['reset'])) { $id = $_REQUEST['reset']; $user_source = User($id); if ($user_source != null) { sql_query("UPDATE `User` SET `Gekommen`=0, `arrival_date` = NULL WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User set to not available: " . User_Nick_render($user_source)); $msg = success(_("Reset done. Angel is not available."), true); } else { $msg = error(_("Angel not found."), true); } } elseif (isset($_REQUEST['arrived']) && preg_match("/^[0-9]*\$/", $_REQUEST['arrived'])) { $id = $_REQUEST['arrived']; $user_source = User($id); if ($user_source != null) { sql_query("UPDATE `User` SET `Gekommen`=1, `arrival_date`='" . time() . "' WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User is available: " . User_Nick_render($user_source)); $msg = success(_("Angel has been marked as available."), true); } else { $msg = error(_("Angel not found."), true); } } $users = sql_select("SELECT * FROM `User` ORDER BY `Nick`"); $arrival_count_at_day = []; $planned_arrival_count_at_day = []; $planned_departure_count_at_day = []; $table = ""; $users_matched = []; if ($search == "") { $tokens = []; } else { $tokens = explode(" ", $search); } foreach ($users as $usr) { if (count($tokens) > 0) { $match = false; $index = join(" ", $usr); foreach ($tokens as $t) { if (stristr($index, trim($t))) { $match = true; break; } } if (!$match) { continue; } } $usr['nick'] = User_Nick_render($usr); if ($usr['planned_departure_date'] != null) { $usr['rendered_planned_departure_date'] = date('Y-m-d', $usr['planned_departure_date']); } else { $usr['rendered_planned_departure_date'] = '-'; } $usr['rendered_planned_arrival_date'] = date('Y-m-d', $usr['planned_arrival_date']); $usr['rendered_arrival_date'] = $usr['arrival_date'] > 0 ? date('Y-m-d', $usr['arrival_date']) : "-"; $usr['arrived'] = $usr['Gekommen'] == 1 ? _("yes") : ""; $usr['actions'] = $usr['Gekommen'] == 1 ? '<a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">' . _("reset") . '</a>' : '<a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">' . _("available") . '</a>'; if ($usr['arrival_date'] > 0) { $day = date('Y-m-d', $usr['arrival_date']); if (!isset($arrival_count_at_day[$day])) { $arrival_count_at_day[$day] = 0; } $arrival_count_at_day[$day]++; } if ($usr['planned_arrival_date'] != null) { $day = date('Y-m-d', $usr['planned_arrival_date']); if (!isset($planned_arrival_count_at_day[$day])) { $planned_arrival_count_at_day[$day] = 0; } $planned_arrival_count_at_day[$day]++; } if ($usr['planned_departure_date'] != null && $usr['Gekommen'] == 1) { $day = date('Y-m-d', $usr['planned_departure_date']); if (!isset($planned_departure_count_at_day[$day])) { $planned_departure_count_at_day[$day] = 0; } $planned_departure_count_at_day[$day]++; } $users_matched[] = $usr; } ksort($arrival_count_at_day); ksort($planned_arrival_count_at_day); ksort($planned_departure_count_at_day); $arrival_at_day = []; $arrival_sum = 0; foreach ($arrival_count_at_day as $day => $count) { $arrival_sum += $count; $arrival_at_day[$day] = ['day' => $day, 'count' => $count, 'sum' => $arrival_sum]; } $planned_arrival_sum_at_day = []; $planned_arrival_sum = 0; foreach ($planned_arrival_count_at_day as $day => $count) { $planned_arrival_sum += $count; $planned_arrival_at_day[$day] = ['day' => $day, 'count' => $count, 'sum' => $planned_arrival_sum]; } $planned_departure_at_day = []; $planned_departure_sum = 0; foreach ($planned_departure_count_at_day as $day => $count) { $planned_departure_sum += $count; $planned_departure_at_day[$day] = ['day' => $day, 'count' => $count, 'sum' => $planned_departure_sum]; } return page_with_title(admin_arrive_title(), array(msg(), form(array(form_text('search', _("Search"), $search), form_submit('submit', _("Search")))), table(array('nick' => _("Nickname"), 'rendered_planned_arrival_date' => _("Planned start of availability"), 'arrived' => _("Available?"), 'rendered_arrival_date' => _("Start of availability"), 'rendered_planned_departure_date' => _("Planned end of availability"), 'actions' => ""), $users_matched), div('row', [div('col-md-4', [heading(_("Planned start of availability statistics"), 2), bargraph('planned_arrives', 'day', ['count' => _("available"), 'sum' => _("available sum")], ['count' => '#090', 'sum' => '#888'], $planned_arrival_at_day), table(['day' => _("Date"), 'count' => _("Count"), 'sum' => _("Sum")], $planned_arrival_at_day)]), div('col-md-4', [heading(_("Availability statistics"), 2), bargraph('arrives', 'day', ['count' => _("available"), 'sum' => _("available sum")], ['count' => '#090', 'sum' => '#888'], $arrival_at_day), table(['day' => _("Date"), 'count' => _("Count"), 'sum' => _("Sum")], $arrival_at_day)]), div('col-md-4', [heading(_("Planned end of availability statistics"), 2), bargraph('planned_departures', 'day', ['count' => _("available"), 'sum' => _("available sum")], ['count' => '#090', 'sum' => '#888'], $planned_departure_at_day), table(['day' => _("Date"), 'count' => _("Count"), 'sum' => _("Sum")], $planned_departure_at_day)])]))); }
/** * User joining an Angeltype (Or Coordinator doing this for him). */ function user_angeltype_add_controller() { global $user, $privileges; if (!isset($_REQUEST['angeltype_id'])) { error(_("Angeltype doesn't exist.")); redirect(page_link_to('angeltypes')); } $angeltype = AngelType($_REQUEST['angeltype_id']); if ($angeltype === false) { engelsystem_error("Unable to load angeltype."); } if ($angeltype == null) { error(_("Angeltype doesn't exist.")); redirect(page_link_to('angeltypes')); } if (User_is_AngelType_coordinator($user, $angeltype)) { // Allow to add any user $user_id = $user['UID']; $users_source = Users_by_angeltype_inverted($angeltype); if ($users_source === false) { engelsystem_error("Unable to load users."); } if (isset($_REQUEST['submit'])) { $ok = true; if (isset($_REQUEST['user_id']) && in_array($_REQUEST['user_id'], array_map(function ($user) { return $user['UID']; }, $users_source))) { $user_id = $_REQUEST['user_id']; } else { $ok = false; error(_("Please select a user.")); } if ($ok) { foreach ($users_source as $user_source) { if ($user_source['UID'] == $user_id) { $user_angeltype_id = UserAngelType_create($user_source, $angeltype); if ($user_angeltype_id === false) { engelsystem_error("Unable to create user angeltype."); } engelsystem_log(sprintf("User %s added to %s.", User_Nick_render($user_source), AngelType_name_render($angeltype))); success(sprintf(_("User %s added to %s."), User_Nick_render($user_source), AngelType_name_render($angeltype))); $result = UserAngelType_confirm($user_angeltype_id, $user_source); if ($result === false) { engelsystem_error("Unable to confirm user angeltype."); } engelsystem_log(sprintf("User %s confirmed as %s.", User_Nick_render($user), AngelType_name_render($angeltype))); redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']); } } } } return array(_("Add user to angeltype"), UserAngelType_add_view($angeltype, $users_source, $user_id)); } else { // Allow only me $user_angeltype = UserAngelType_by_User_and_AngelType($user, $angeltype); if ($user_angeltype === false) { engelsystem_error("Unable to load user angeltype."); } if ($user_angeltype != null) { error(sprintf(_("You are already a %s."), $angeltype['name'])); redirect(page_link_to('angeltypes')); } if (isset($_REQUEST['confirmed'])) { $user_angeltype_id = UserAngelType_create($user, $angeltype); if ($user_angeltype_id === false) { engelsystem_error("Unable to create user angeltype."); } $success_message = sprintf(_("You joined %s."), $angeltype['name']); engelsystem_log(sprintf("User %s joined %s.", User_Nick_render($user), AngelType_name_render($angeltype))); success($success_message); if (in_array('admin_user_angeltypes', $privileges)) { $result = UserAngelType_confirm($user_angeltype_id, $user); if ($result === false) { engelsystem_error("Unable to confirm user angeltype."); } engelsystem_log(sprintf("User %s confirmed as %s.", User_Nick_render($user), AngelType_name_render($angeltype))); } redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']); } return array(sprintf(_("Become a %s"), $angeltype['name']), UserAngelType_join_view($user, $angeltype)); } }
function admin_arrive() { $msg = ""; $search = ""; if (isset($_REQUEST['search'])) { $search = strip_request_item('search'); } if (isset($_REQUEST['reset']) && preg_match("/^[0-9]*\$/", $_REQUEST['reset'])) { $id = $_REQUEST['reset']; $user_source = User($id); if ($user_source != null) { sql_query("UPDATE `User` SET `Gekommen`=0, `arrival_date` = NULL WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User set to not arrived: " . User_Nick_render($user_source)); $msg = success(_("Reset done. Angel has not arrived."), true); } else { $msg = error(_("Angel not found."), true); } } elseif (isset($_REQUEST['arrived']) && preg_match("/^[0-9]*\$/", $_REQUEST['arrived'])) { $id = $_REQUEST['arrived']; $user_source = User($id); if ($user_source != null) { sql_query("UPDATE `User` SET `Gekommen`=1, `arrival_date`='" . time() . "' WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User set has arrived: " . User_Nick_render($user_source)); $msg = success(_("Angel has been marked as arrived."), true); } else { $msg = error(_("Angel not found."), true); } } $users = sql_select("SELECT * FROM `User` ORDER BY `Nick`"); $table = ""; $users_matched = array(); if ($search == "") { $tokens = array(); } else { $tokens = explode(" ", $search); } foreach ($users as $usr) { if (count($tokens) > 0) { $match = false; $index = join(" ", $usr); foreach ($tokens as $t) { if (stristr($index, trim($t))) { $match = true; break; } } if (!$match) { continue; } } $table .= '<tr>'; $table .= '<td>' . User_Nick_render($usr) . '</td>'; $usr['nick'] = User_Nick_render($usr); $usr['planned_arrival_date'] = date('Y-m-d', $usr['planned_arrival_date']); $usr['arrival_date'] = $usr['arrival_date'] > 0 ? date('Y-m-d', $usr['arrival_date']) : "-"; $usr['arrived'] = $usr['Gekommen'] == 1 ? _("yes") : ""; $usr['actions'] = $usr['Gekommen'] == 1 ? '<a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">' . _("reset") . '</a>' : '<a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">' . _("arrived") . '</a>'; if ($usr['Gekommen'] == 1) { $table .= '<td>yes</td><td><a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">reset</a></td>'; } else { $table .= '<td></td><td><a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">arrived</a></td>'; } $table .= '</tr>'; $users_matched[] = $usr; } return page_with_title(admin_arrive_title(), array(msg(), form(array(form_text('search', _("Search"), $search), form_submit('submit', _("Search")))), table(array('nick' => _("Nickname"), 'planned_arrival_date' => _("Planned date"), 'arrived' => _("Arrived?"), 'arrival_date' => _("Arrival date"), 'actions' => ""), $users_matched))); }
function admin_arrive() { $msg = ""; $search = ""; if (isset($_REQUEST['search'])) { $search = strip_request_item('search'); } if (isset($_REQUEST['reset']) && preg_match("/^[0-9]*\$/", $_REQUEST['reset'])) { $id = $_REQUEST['reset']; $user_source = User($id); if ($user_source != null) { sql_query("UPDATE `User` SET `Gekommen`=0, `arrival_date` = NULL WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User set to not arrived: " . User_Nick_render($user_source)); $msg = success(_("Reset done. Angel has not arrived."), true); } else { $msg = error(_("Angel not found."), true); } } elseif (isset($_REQUEST['arrived']) && preg_match("/^[0-9]*\$/", $_REQUEST['arrived'])) { $id = $_REQUEST['arrived']; $user_source = User($id); if ($user_source != null) { sql_query("UPDATE `User` SET `Gekommen`=1, `arrival_date`='" . time() . "' WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); engelsystem_log("User set has arrived: " . User_Nick_render($user_source)); $msg = success(_("Angel has been marked as arrived."), true); } else { $msg = error(_("Angel not found."), true); } } $users = sql_select("SELECT * FROM `User` ORDER BY `Nick`"); $arrival_count_at_day = array(); $table = ""; $users_matched = array(); if ($search == "") { $tokens = array(); } else { $tokens = explode(" ", $search); } foreach ($users as $usr) { if (count($tokens) > 0) { $match = false; $index = join(" ", $usr); foreach ($tokens as $t) { if (stristr($index, trim($t))) { $match = true; break; } } if (!$match) { continue; } } $usr['nick'] = User_Nick_render($usr); $usr['rendered_planned_arrival_date'] = date('Y-m-d', $usr['planned_arrival_date']); $usr['rendered_arrival_date'] = $usr['arrival_date'] > 0 ? date('Y-m-d', $usr['arrival_date']) : "-"; $usr['arrived'] = $usr['Gekommen'] == 1 ? _("yes") : ""; $usr['actions'] = $usr['Gekommen'] == 1 ? '<a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">' . _("reset") . '</a>' : '<a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">' . _("arrived") . '</a>'; $day = $usr['arrival_date'] > 0 ? date('Y-m-d', $usr['arrival_date']) : date('Y-m-d', $usr['planned_arrival_date']); if (!isset($arrival_count_at_day[$day])) { $arrival_count_at_day[$day] = 0; } $arrival_count_at_day[$day]++; $users_matched[] = $usr; } ksort($arrival_count_at_day); $arrival_count = array(); $arrival_sums = array(); $arrival_sum = 0; foreach ($arrival_count_at_day as $day => $count) { $arrival_sum += $count; $arrival_sums[$day] = $arrival_sum; $arrival_count[] = array('day' => $day, 'count' => $count, 'sum' => $arrival_sum); } return page_with_title(admin_arrive_title(), array(msg(), form(array(form_text('search', _("Search"), $search), form_submit('submit', _("Search")))), table(array('nick' => _("Nickname"), 'rendered_planned_arrival_date' => _("Planned date"), 'arrived' => _("Arrived?"), 'rendered_arrival_date' => _("Arrival date"), 'actions' => ""), $users_matched), heading(_("Arrival statistics"), 2), '<canvas id="daily_arrives" style="width: 100%; height: 300px;"></canvas> <script type="text/javascript"> $(function(){ var ctx = $("#daily_arrives").get(0).getContext("2d"); var chart = new Chart(ctx).Bar(' . json_encode(array('labels' => array_keys($arrival_count_at_day), 'datasets' => array(array('label' => _("arrived"), 'fillColor' => "#444", 'data' => array_values($arrival_count_at_day)), array('label' => _("arrived sum"), 'fillColor' => "#888", 'data' => array_values($arrival_sums))))) . '); }); </script>', table(array('day' => _("Date"), 'count' => _("arrived"), 'sum' => _("arrived sum")), $arrival_count))); }
function view_user_shifts() { global $user, $privileges; global $ical_shifts; $ical_shifts = array(); $days = sql_select_single_col("\n SELECT DISTINCT DATE(FROM_UNIXTIME(`start`)) AS `id`, DATE(FROM_UNIXTIME(`start`)) AS `name` \n FROM `Shifts` \n ORDER BY `start`"); if (count($days) == 0) { error(_("The administration has not configured any shifts yet.")); redirect('?'); } $rooms = sql_select("SELECT `RID` AS `id`, `Name` AS `name` FROM `Room` WHERE `show`='Y' ORDER BY `Name`"); if (count($rooms) == 0) { error(_("The administration has not configured any rooms yet.")); redirect('?'); } if (in_array('user_shifts_admin', $privileges)) { $types = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `AngelTypes`.`name`"); } else { $types = sql_select("SELECT `AngelTypes`.`id`, `AngelTypes`.`name`, (`AngelTypes`.`restricted`=0 OR (NOT `UserAngelTypes`.`confirm_user_id` IS NULL OR `UserAngelTypes`.`id` IS NULL)) as `enabled` FROM `AngelTypes` LEFT JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id`=`AngelTypes`.`id` AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "') ORDER BY `AngelTypes`.`name`"); } if (empty($types)) { $types = sql_select("SELECT `id`, `name` FROM `AngelTypes` WHERE `restricted` = 0"); } $filled = array(array('id' => '1', 'name' => _('occupied')), array('id' => '0', 'name' => _('free'))); if (count($types) == 0) { error(_("The administration has not configured any angeltypes yet - or you are not subscribed to any angeltype.")); redirect('?'); } if (!isset($_SESSION['user_shifts'])) { $_SESSION['user_shifts'] = array(); } if (!isset($_SESSION['user_shifts']['filled'])) { // User shift admins see free and occupied shifts by default $_SESSION['user_shifts']['filled'] = in_array('user_shifts_admin', $privileges) ? [0, 1] : [0]; } foreach (array('rooms', 'types', 'filled') as $key) { if (isset($_REQUEST[$key])) { $filtered = array_filter($_REQUEST[$key], 'is_numeric'); if (!empty($filtered)) { $_SESSION['user_shifts'][$key] = $filtered; } unset($filtered); } if (!isset($_SESSION['user_shifts'][$key])) { $_SESSION['user_shifts'][$key] = array_map('get_ids_from_array', ${$key}); } } if (isset($_REQUEST['rooms'])) { if (isset($_REQUEST['new_style'])) { $_SESSION['user_shifts']['new_style'] = true; } else { $_SESSION['user_shifts']['new_style'] = false; } } if (!isset($_SESSION['user_shifts']['new_style'])) { $_SESSION['user_shifts']['new_style'] = true; } foreach (array('start', 'end') as $key) { if (isset($_REQUEST[$key . '_day']) && in_array($_REQUEST[$key . '_day'], $days)) { $_SESSION['user_shifts'][$key . '_day'] = $_REQUEST[$key . '_day']; } if (isset($_REQUEST[$key . '_time']) && preg_match('#^\\d{1,2}:\\d\\d$#', $_REQUEST[$key . '_time'])) { $_SESSION['user_shifts'][$key . '_time'] = $_REQUEST[$key . '_time']; } if (!isset($_SESSION['user_shifts'][$key . '_day'])) { $time = date('Y-m-d', time() + ($key == 'end' ? 24 * 60 * 60 : 0)); $_SESSION['user_shifts'][$key . '_day'] = in_array($time, $days) ? $time : ($key == 'end' ? max($days) : min($days)); } if (!isset($_SESSION['user_shifts'][$key . '_time'])) { $_SESSION['user_shifts'][$key . '_time'] = date('H:i'); } } if ($_SESSION['user_shifts']['start_day'] > $_SESSION['user_shifts']['end_day']) { $_SESSION['user_shifts']['end_day'] = $_SESSION['user_shifts']['start_day']; } if ($_SESSION['user_shifts']['start_day'] == $_SESSION['user_shifts']['end_day'] && $_SESSION['user_shifts']['start_time'] >= $_SESSION['user_shifts']['end_time']) { $_SESSION['user_shifts']['end_time'] = '23:59'; } if (isset($_SESSION['user_shifts']['start_day'])) { $starttime = DateTime::createFromFormat("Y-m-d H:i", $_SESSION['user_shifts']['start_day'] . $_SESSION['user_shifts']['start_time']); $starttime = $starttime->getTimestamp(); } else { $starttime = now(); } if (isset($_SESSION['user_shifts']['end_day'])) { $endtime = DateTime::createFromFormat("Y-m-d H:i", $_SESSION['user_shifts']['end_day'] . $_SESSION['user_shifts']['end_time']); $endtime = $endtime->getTimestamp(); } else { $endtime = now() + 24 * 60 * 60; } if (!isset($_SESSION['user_shifts']['rooms']) || count($_SESSION['user_shifts']['rooms']) == 0) { $_SESSION['user_shifts']['rooms'] = array(0); } $SQL = "SELECT DISTINCT `Shifts`.*, `ShiftTypes`.`name`, `Room`.`Name` as `room_name`, nat2.`special_needs` > 0 AS 'has_special_needs'\n FROM `Shifts`\n INNER JOIN `Room` USING (`RID`)\n INNER JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n LEFT JOIN (SELECT COUNT(*) AS special_needs , nat3.`shift_id` FROM `NeededAngelTypes` AS nat3 WHERE `shift_id` IS NOT NULL GROUP BY nat3.`shift_id`) AS nat2 ON nat2.`shift_id` = `Shifts`.`SID`\n INNER JOIN `NeededAngelTypes` AS nat ON nat.`count` != 0 AND nat.`angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") AND ((nat2.`special_needs` > 0 AND nat.`shift_id` = `Shifts`.`SID`) OR ((nat2.`special_needs` = 0 OR nat2.`special_needs` IS NULL) AND nat.`room_id` = `RID`))\n LEFT JOIN (SELECT se.`SID`, se.`TID`, COUNT(*) as count FROM `ShiftEntry` AS se GROUP BY se.`SID`, se.`TID`) AS entries ON entries.`SID` = `Shifts`.`SID` AND entries.`TID` = nat.`angel_type_id`\n WHERE `Shifts`.`RID` IN (" . implode(',', $_SESSION['user_shifts']['rooms']) . ")\n AND `start` BETWEEN " . $starttime . " AND " . $endtime; if (count($_SESSION['user_shifts']['filled']) == 1) { if ($_SESSION['user_shifts']['filled'][0] == 0) { $SQL .= "\n AND (nat.`count` > entries.`count` OR entries.`count` IS NULL OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = '" . sql_escape($user['UID']) . "' AND `ShiftEntry`.`SID` = `Shifts`.`SID`))"; } elseif ($_SESSION['user_shifts']['filled'][0] == 1) { $SQL .= "\n AND (nat.`count` <= entries.`count` OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = '" . sql_escape($user['UID']) . "' AND `ShiftEntry`.`SID` = `Shifts`.`SID`))"; } } $SQL .= "\n ORDER BY `start`"; $shifts = sql_select($SQL); $ownshifts_source = sql_select("\n SELECT `ShiftTypes`.`name`, `Shifts`.* \n FROM `Shifts` \n INNER JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)\n INNER JOIN `ShiftEntry` ON (`Shifts`.`SID` = `ShiftEntry`.`SID` AND `ShiftEntry`.`UID` = '" . sql_escape($user['UID']) . "')\n WHERE `Shifts`.`RID` IN (" . implode(',', $_SESSION['user_shifts']['rooms']) . ")\n AND `start` BETWEEN " . $starttime . " AND " . $endtime); $ownshifts = array(); foreach ($ownshifts_source as $ownshift) { $ownshifts[$ownshift['SID']] = $ownshift; } unset($ownshifts_source); $shifts_table = ""; // qqqq /* * [0] => Array ( [SID] => 1 [start] => 1355958000 [end] => 1355961600 [RID] => 1 [name] => [URL] => [PSID] => [room_name] => test1 [has_special_needs] => 1 [is_full] => 0 ) */ if ($_SESSION['user_shifts']['new_style']) { $first = 15 * 60 * floor($starttime / (15 * 60)); $maxshow = ceil(($endtime - $first) / (60 * 15)); $block = array(); $todo = array(); $myrooms = $rooms; // delete un-selected rooms from array foreach ($myrooms as $k => $v) { if (array_search($v["id"], $_SESSION['user_shifts']['rooms']) === FALSE) { unset($myrooms[$k]); } // initialize $block array $block[$v["id"]] = array_fill(0, $maxshow, 0); } // calculate number of parallel shifts in each timeslot for each room foreach ($shifts as $k => $shift) { $rid = $shift["RID"]; $blocks = ($shift["end"] - $shift["start"]) / (15 * 60); $firstblock = floor(($shift["start"] - $first) / (15 * 60)); for ($i = $firstblock; $i < $blocks + $firstblock && $i < $maxshow; $i++) { $block[$rid][$i]++; } $shifts[$k]['own'] = in_array($shift['SID'], array_keys($ownshifts)); } $shifts_table = '<div class="shifts-table"><table id="shifts" class="table scrollable"><thead><tr><th>-</th>'; foreach ($myrooms as $key => $room) { $rid = $room["id"]; if (array_sum($block[$rid]) == 0) { // do not display columns without entries unset($block[$rid]); unset($myrooms[$key]); continue; } $colspan = call_user_func_array('max', $block[$rid]); if ($colspan == 0) { $colspan = 1; } $todo[$rid] = array_fill(0, $maxshow, $colspan); $shifts_table .= "<th" . ($colspan > 1 ? ' colspan="' . $colspan . '"' : '') . ">" . Room_name_render(['RID' => $room['id'], 'Name' => $room['name']]) . "</th>\n"; } unset($block, $blocks, $firstblock, $colspan, $key, $room); $shifts_table .= "</tr></thead><tbody>"; for ($i = 0; $i < $maxshow; $i++) { $thistime = $first + $i * 15 * 60; if ($thistime % (24 * 60 * 60) == 23 * 60 * 60 && $endtime - $starttime > 24 * 60 * 60) { $shifts_table .= "<tr class=\"row-day\"><th class=\"row-header\">"; $shifts_table .= date('y-m-d<b\\r />H:i', $thistime); } elseif ($thistime % (60 * 60) == 0) { $shifts_table .= "<tr class=\"row-hour\"><th>"; $shifts_table .= date("H:i", $thistime); } else { $shifts_table .= "<tr><th>"; } $shifts_table .= "</th>"; foreach ($myrooms as $room) { $rid = $room["id"]; foreach ($shifts as $shift) { if ($shift["RID"] == $rid) { if (floor($shift["start"] / (15 * 60)) == $thistime / (15 * 60)) { $blocks = ($shift["end"] - $shift["start"]) / (15 * 60); if ($blocks < 1) { $blocks = 1; } $collides = in_array($shift['SID'], array_keys($ownshifts)); if (!$collides) { foreach ($ownshifts as $ownshift) { if ($ownshift['start'] >= $shift['start'] && $ownshift['start'] < $shift['end'] || $ownshift['end'] > $shift['start'] && $ownshift['end'] <= $shift['end'] || $ownshift['start'] < $shift['start'] && $ownshift['end'] > $shift['end']) { $collides = true; break; } } } // qqqqqq $is_free = false; $shifts_row = ''; if (in_array('admin_shifts', $privileges)) { $shifts_row .= '<div class="pull-right">' . table_buttons(array(button(page_link_to('user_shifts') . '&edit_shift=' . $shift['SID'], glyph('edit'), 'btn-xs'), button(page_link_to('user_shifts') . '&delete_shift=' . $shift['SID'], glyph('trash'), 'btn-xs'))) . '</div>'; } $shifts_row .= Room_name_render(['RID' => $room['id'], 'Name' => $room['name']]) . '<br />'; $shifts_row .= '<a href="' . shift_link($shift) . '">' . date('d.m. H:i', $shift['start']); $shifts_row .= " – "; $shifts_row .= date('H:i', $shift['end']); $shifts_row .= "<br /><b>"; $shifts_row .= ShiftType($shift['shifttype_id'])['name']; $shifts_row .= "</b><br />"; if ($shift['title'] != '') { $shifts_row .= $shift['title']; $shifts_row .= "<br />"; } $shifts_row .= '</a>'; $shifts_row .= '<br />'; $query = "SELECT `NeededAngelTypes`.`count`, `AngelTypes`.`id`, `AngelTypes`.`restricted`, `UserAngelTypes`.`confirm_user_id`, `AngelTypes`.`name`, `UserAngelTypes`.`user_id`\n FROM `NeededAngelTypes`\n JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id`)\n LEFT JOIN `UserAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `UserAngelTypes`.`angeltype_id`AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "')\n WHERE\n `count` > 0\n AND "; if ($shift['has_special_needs']) { $query .= "`shift_id` = '" . sql_escape($shift['SID']) . "'"; } else { $query .= "`room_id` = '" . sql_escape($shift['RID']) . "'"; } if (!empty($_SESSION['user_shifts']['types'])) { $query .= " AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") "; } $query .= " ORDER BY `AngelTypes`.`name`"; $angeltypes = sql_select($query); if (count($angeltypes) > 0) { foreach ($angeltypes as $angeltype) { $entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `TID`='" . sql_escape($angeltype['id']) . "' ORDER BY `Nick`"); $entry_list = array(); $freeloader = 0; foreach ($entries as $entry) { $style = ''; if ($entry['freeloaded']) { $freeloader++; $style = " text-decoration: line-through;"; } if (in_array('user_shifts_admin', $privileges)) { $entry_list[] = "<span style=\"{$style}\">" . User_Nick_render($entry) . ' ' . table_buttons(array(button(page_link_to('user_shifts') . '&entry_id=' . $entry['id'], glyph('trash'), 'btn-xs'))) . '</span>'; } else { $entry_list[] = "<span style=\"{$style}\">" . User_Nick_render($entry) . "</span>"; } } if ($angeltype['count'] - count($entries) - $freeloader > 0) { $inner_text = sprintf(ngettext("%d helper needed", "%d helpers needed", $angeltype['count'] - count($entries)), $angeltype['count'] - count($entries)); // is the shift still running or alternatively is the user shift admin? $user_may_join_shift = true; // you cannot join if user alread joined a parallel or this shift $user_may_join_shift &= !$collides; // you cannot join if user is not of this angel type $user_may_join_shift &= isset($angeltype['user_id']); // you cannot join if you are not confirmed if ($angeltype['restricted'] == 1 && isset($angeltype['user_id'])) { $user_may_join_shift &= isset($angeltype['confirm_user_id']); } // you can only join if the shift is in future or running $user_may_join_shift &= time() < $shift['start']; // User shift admins may join anybody in every shift $user_may_join_shift |= in_array('user_shifts_admin', $privileges); if ($user_may_join_shift) { $entry_list[] = '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . $inner_text . '</a> ' . button(page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'], _('Sign up'), 'btn-xs'); } else { if (time() > $shift['start']) { $entry_list[] = $inner_text . ' (' . _('ended') . ')'; } elseif ($angeltype['restricted'] == 1 && isset($angeltype['user_id']) && !isset($angeltype['confirm_user_id'])) { $entry_list[] = $inner_text . glyph('lock'); } elseif ($angeltype['restricted'] == 1) { $entry_list[] = $inner_text; } elseif ($collides) { $entry_list[] = $inner_text; } else { $entry_list[] = $inner_text . '<br />' . button(page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], sprintf(_('Become %s'), $angeltype['name']), 'btn-xs'); } } unset($inner_text); $is_free = true; } $shifts_row .= '<strong>' . AngelType_name_render($angeltype) . ':</strong> '; $shifts_row .= join(", ", $entry_list); $shifts_row .= '<br />'; } if (in_array('user_shifts_admin', $privileges)) { $shifts_row .= ' ' . button(page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'], _("Add more angels"), 'btn-xs'); } } if ($shift['own'] && !in_array('user_shifts_admin', $privileges)) { $class = 'own'; } elseif ($collides && !in_array('user_shifts_admin', $privileges)) { $class = 'collides'; } elseif ($is_free) { $class = 'free'; } else { $class = 'occupied'; } $shifts_table .= '<td rowspan="' . $blocks . '" class="' . $class . '">'; $shifts_table .= $shifts_row; $shifts_table .= "</td>"; for ($j = 0; $j < $blocks && $i + $j < $maxshow; $j++) { $todo[$rid][$i + $j]--; } } } } // fill up row with empty <td> while ($todo[$rid][$i]-- > 0) { $shifts_table .= '<td class="empty"></td>'; } } $shifts_table .= "</tr>\n"; } $shifts_table .= '</tbody></table></div>'; // qqq } else { $shifts_table = array(); foreach ($shifts as $shift) { $info = array(); if ($_SESSION['user_shifts']['start_day'] != $_SESSION['user_shifts']['end_day']) { $info[] = date("Y-m-d", $shift['start']); } $info[] = date("H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']); if (count($_SESSION['user_shifts']['rooms']) > 1) { $info[] = Room_name_render(['Name' => $shift['room_name'], 'RID' => $shift['RID']]); } $shift_row = array('info' => join('<br />', $info), 'entries' => '<a href="' . shift_link($shift) . '">' . $shift['name'] . '</a>' . ($shift['title'] ? '<br />' . $shift['title'] : '')); if (in_array('admin_shifts', $privileges)) { $shift_row['info'] .= ' ' . table_buttons(array(button(page_link_to('user_shifts') . '&edit_shift=' . $shift['SID'], glyph('edit'), 'btn-xs'), button(page_link_to('user_shifts') . '&delete_shift=' . $shift['SID'], glyph('trash'), 'btn-xs'))); } $shift_row['entries'] .= '<br />'; $is_free = false; $shift_has_special_needs = 0 < sql_num_query("SELECT `id` FROM `NeededAngelTypes` WHERE `shift_id` = " . $shift['SID']); $query = "SELECT `NeededAngelTypes`.`count`, `AngelTypes`.`id`, `AngelTypes`.`restricted`, `UserAngelTypes`.`confirm_user_id`, `AngelTypes`.`name`, `UserAngelTypes`.`user_id`\n FROM `NeededAngelTypes`\n JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id`)\n LEFT JOIN `UserAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `UserAngelTypes`.`angeltype_id`AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "')\n WHERE "; if ($shift_has_special_needs) { $query .= "`shift_id` = '" . sql_escape($shift['SID']) . "'"; } else { $query .= "`room_id` = '" . sql_escape($shift['RID']) . "'"; } $query .= " AND `count` > 0 "; if (!empty($_SESSION['user_shifts']['types'])) { $query .= "AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") "; } $query .= "ORDER BY `AngelTypes`.`name`"; $angeltypes = sql_select($query); if (count($angeltypes) > 0) { $my_shift = sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `UID`='" . sql_escape($user['UID']) . "' LIMIT 1") > 0; foreach ($angeltypes as &$angeltype) { $entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `TID`='" . sql_escape($angeltype['id']) . "' ORDER BY `Nick`"); $entry_list = array(); $entry_nicks = []; $freeloader = 0; foreach ($entries as $entry) { if (in_array('user_shifts_admin', $privileges)) { $member = User_Nick_render($entry) . ' ' . table_buttons(array(button(page_link_to('user_shifts') . '&entry_id=' . $entry['id'], glyph('trash'), 'btn-xs'))); } else { $member = User_Nick_render($entry); } if ($entry['freeloaded']) { $member = '<strike>' . $member . '</strike>'; $freeloader++; } $entry_list[] = $member; $entry_nicks[] = $entry['Nick']; } $angeltype['taken'] = count($entries) - $freeloader; $angeltype['angels'] = $entry_nicks; // do we need more angles of this type? if ($angeltype['count'] - count($entries) + $freeloader > 0) { $inner_text = sprintf(ngettext("%d helper needed", "%d helpers needed", $angeltype['count'] - count($entries) + $freeloader), $angeltype['count'] - count($entries) + $freeloader); // is the shift still running or alternatively is the user shift admin? $user_may_join_shift = true; /* you cannot join if user already joined this shift */ $user_may_join_shift &= !$my_shift; // you cannot join if user is not of this angel type $user_may_join_shift &= isset($angeltype['user_id']); // you cannot join if you are not confirmed if ($angeltype['restricted'] == 1 && isset($angeltype['user_id'])) { $user_may_join_shift &= isset($angeltype['confirm_user_id']); } // you can only join if the shift is in future or running $user_may_join_shift &= time() < $shift['start']; // User shift admins may join anybody in every shift $user_may_join_shift |= in_array('user_shifts_admin', $privileges); if ($user_may_join_shift) { $entry_list[] = '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . $inner_text . ' »</a>'; } else { if (time() > $shift['end']) { $entry_list[] = $inner_text . ' (vorbei)'; } elseif ($angeltype['restricted'] == 1 && isset($angeltype['user_id']) && !isset($angeltype['confirm_user_id'])) { $entry_list[] = $inner_text . glyph("lock"); } else { $entry_list[] = $inner_text . ' <a href="' . page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'] . '">' . sprintf(_('Become %s'), $angeltype['name']) . '</a>'; } } unset($inner_text); $is_free = true; } $shift_row['entries'] .= '<b>' . $angeltype['name'] . ':</b> '; $shift_row['entries'] .= join(", ", $entry_list); $shift_row['entries'] .= '<br />'; } if (in_array('user_shifts_admin', $privileges)) { $shift_row['entries'] .= '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . _('Add more angels') . ' »</a>'; } $shifts_table[] = $shift_row; $shift['angeltypes'] = $angeltypes; $ical_shifts[] = $shift; } } $shifts_table = table(array('info' => _("Time") . "/" . _("Room"), 'entries' => _("Entries")), $shifts_table); } if ($user['api_key'] == "") { User_reset_api_key($user, false); } return page(array('<div class="col-md-12">', msg(), template_render('../templates/user_shifts.html', array('title' => shifts_title(), 'room_select' => make_select($rooms, $_SESSION['user_shifts']['rooms'], "rooms", _("Rooms")), 'start_select' => html_select_key("start_day", "start_day", array_combine($days, $days), $_SESSION['user_shifts']['start_day']), 'start_time' => $_SESSION['user_shifts']['start_time'], 'end_select' => html_select_key("end_day", "end_day", array_combine($days, $days), $_SESSION['user_shifts']['end_day']), 'end_time' => $_SESSION['user_shifts']['end_time'], 'type_select' => make_select($types, $_SESSION['user_shifts']['types'], "types", _("Angeltypes") . '<sup>1</sup>'), 'filled_select' => make_select($filled, $_SESSION['user_shifts']['filled'], "filled", _("Occupancy")), 'task_notice' => '<sup>1</sup>' . _("The tasks shown here are influenced by the preferences you defined in your settings!") . " <a href=\"" . page_link_to('angeltypes') . '&action=about' . "\">" . _("Description of the jobs.") . "</a>", 'new_style_checkbox' => '<label><input type="checkbox" name="new_style" value="1" ' . ($_SESSION['user_shifts']['new_style'] ? ' checked' : '') . '> ' . _("Use new style if possible") . '</label>', 'shifts_table' => msg() . $shifts_table, 'ical_text' => '<h2>' . _("iCal export") . '</h2><p>' . sprintf(_("Export of shown shifts. <a href=\"%s\">iCal format</a> or <a href=\"%s\">JSON format</a> available (please keep secret, otherwise <a href=\"%s\">reset the api key</a>)."), page_link_to_absolute('ical') . '&key=' . $user['api_key'], page_link_to_absolute('shifts_json_export') . '&key=' . $user['api_key'], page_link_to('user_myshifts') . '&reset') . '</p>', 'filter' => _("Filter"))), '</div>')); }
function AngelType_view($angeltype, $members, $user_angeltype, $admin_user_angeltypes, $admin_angeltypes, $coordinator, $user_driver_license, $user) { $buttons = [button(page_link_to('angeltypes'), _("Angeltypes"), 'back')]; if ($angeltype['requires_driver_license']) { $buttons[] = button(user_driver_license_edit_link($user), glyph("road") . _("my driving license")); } if ($user_angeltype == null) { $buttons[] = button(page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], _("join"), 'add'); } else { if ($angeltype['requires_driver_license'] && $user_driver_license == null) { error(_("This angeltype requires a driver license. Please enter your driver license information!")); } if ($angeltype['restricted'] && $user_angeltype['confirm_user_id'] == null) { error(sprintf(_("You are unconfirmed for this angeltype. Please go to the introduction for %s to get confirmed."), $angeltype['name'])); } $buttons[] = button(page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $user_angeltype['id'], _("leave"), 'cancel'); } if ($admin_angeltypes || $coordinator) { $buttons[] = button(page_link_to('angeltypes') . '&action=edit&angeltype_id=' . $angeltype['id'], _("edit"), 'edit'); } if ($admin_angeltypes) { $buttons[] = button(page_link_to('angeltypes') . '&action=delete&angeltype_id=' . $angeltype['id'], _("delete"), 'delete'); } $page = array(msg(), buttons($buttons)); $page[] = '<h3>' . _("Description") . '</h3>'; $parsedown = new Parsedown(); if ($angeltype['description'] != "") { $page[] = '<div class="well">' . $parsedown->parse($angeltype['description']) . '</div>'; } $coordinators = array(); $members_confirmed = array(); $members_unconfirmed = array(); foreach ($members as $member) { $member['Nick'] = User_Nick_render($member); if ($angeltype['requires_driver_license']) { $member['wants_to_drive'] = glyph_bool($member['user_id']); $member['has_car'] = glyph_bool($member['has_car']); $member['has_license_car'] = glyph_bool($member['has_license_car']); $member['has_license_3_5t_transporter'] = glyph_bool($member['has_license_3_5t_transporter']); $member['has_license_7_5t_truck'] = glyph_bool($member['has_license_7_5t_truck']); $member['has_license_12_5t_truck'] = glyph_bool($member['has_license_12_5t_truck']); $member['has_license_forklift'] = glyph_bool($member['has_license_forklift']); } if ($angeltype['restricted'] && $member['confirm_user_id'] == null) { $member['actions'] = table_buttons([button(page_link_to('user_angeltypes') . '&action=confirm&user_angeltype_id=' . $member['user_angeltype_id'], _("confirm"), 'btn-xs'), button(page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $member['user_angeltype_id'], _("deny"), 'btn-xs')]); $members_unconfirmed[] = $member; } elseif ($member['coordinator']) { if ($admin_angeltypes) { $member['actions'] = table_buttons([button(page_link_to('user_angeltypes') . '&action=update&user_angeltype_id=' . $member['user_angeltype_id'] . '&coordinator=0', _("Remove coordinator rights"), 'btn-xs')]); } else { $member['actions'] = ''; } $coordinators[] = $member; } else { if ($admin_user_angeltypes) { $member['actions'] = table_buttons([$admin_angeltypes ? button(page_link_to('user_angeltypes') . '&action=update&user_angeltype_id=' . $member['user_angeltype_id'] . '&coordinator=1', _("Add coordinator rights"), 'btn-xs') : '', button(page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $member['user_angeltype_id'], _("remove"), 'btn-xs')]); } $members_confirmed[] = $member; } } $table_headers = ['Nick' => _("Nick"), 'DECT' => _("DECT"), 'actions' => '']; if ($angeltype['requires_driver_license'] && ($coordinator || $admin_angeltypes)) { $table_headers = ['Nick' => _("Nick"), 'DECT' => _("DECT"), 'wants_to_drive' => _("Driver"), 'has_car' => _("Has car"), 'has_license_car' => _("Car"), 'has_license_3_5t_transporter' => _("3,5t Transporter"), 'has_license_7_5t_truck' => _("7,5t Truck"), 'has_license_12_5t_truck' => _("12,5t Truck"), 'has_license_forklift' => _("Forklift"), 'actions' => '']; } if (count($coordinators) > 0) { $page[] = '<h3>' . _("Coordinators") . '</h3>'; $page[] = table($table_headers, $coordinators); } if (count($members_confirmed) > 0) { $members_confirmed[] = ['Nick' => _('Sum'), 'DECT' => count($members_confirmed), 'actions' => '']; } if (count($members_unconfirmed) > 0) { $members_unconfirmed[] = ['Nick' => _('Sum'), 'DECT' => count($members_unconfirmed), 'actions' => '']; } $page[] = '<h3>' . _("Members") . '</h3>'; if ($admin_user_angeltypes) { $page[] = buttons([button(page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], _("Add"), 'add')]); } $page[] = table($table_headers, $members_confirmed); if ($admin_user_angeltypes && $angeltype['restricted'] && count($members_unconfirmed) > 0) { $page[] = '<h3>' . _("Unconfirmed") . '</h3>'; $page[] = buttons([button(page_link_to('user_angeltypes') . '&action=confirm_all&angeltype_id=' . $angeltype['id'], _("confirm all"), 'ok'), button(page_link_to('user_angeltypes') . '&action=delete_all&angeltype_id=' . $angeltype['id'], _("deny all"), 'cancel')]); $page[] = table($table_headers, $members_unconfirmed); } return page_with_title(sprintf(_("Team %s"), $angeltype['name']), $page); }
function AngelType_view($angeltype, $members, $user_angeltype, $admin_user_angeltypes, $admin_angeltypes, $coordinator) { $buttons = array(button(page_link_to('angeltypes'), _("Angeltypes"), 'back')); if ($user_angeltype == null) { $buttons[] = button(page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], _("join"), 'add'); } else { if ($angeltype['restricted'] && $user_angeltype['confirm_user_id'] == null) { error(sprintf(_("You are unconfirmed for this angeltype. Please go to the introduction for %s to get confirmed."), $angeltype['name'])); } $buttons[] = button(page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $user_angeltype['id'], _("leave"), 'cancel'); } if ($admin_angeltypes || $coordinator) { $buttons[] = button(page_link_to('angeltypes') . '&action=edit&angeltype_id=' . $angeltype['id'], _("edit"), 'edit'); } if ($admin_angeltypes) { $buttons[] = button(page_link_to('angeltypes') . '&action=delete&angeltype_id=' . $angeltype['id'], _("delete"), 'delete'); } $page = array(msg(), buttons($buttons)); $page[] = '<h3>' . _("Description") . '</h3>'; $parsedown = new Parsedown(); if ($angeltype['description'] != "") { $page[] = '<div class="well">' . $parsedown->parse($angeltype['description']) . '</div>'; } // Team-Coordinators list missing $coordinators = array(); $members_confirmed = array(); $members_unconfirmed = array(); foreach ($members as $member) { $member['Nick'] = User_Nick_render($member); if ($angeltype['restricted'] && $member['confirm_user_id'] == null) { $member['actions'] = join(" ", array('<a href="' . page_link_to('user_angeltypes') . '&action=confirm&user_angeltype_id=' . $member['user_angeltype_id'] . '" class="ok">' . _("confirm") . '</a>', '<a href="' . page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $member['user_angeltype_id'] . '" class="cancel">' . _("deny") . '</a>')); $members_unconfirmed[] = $member; } elseif ($member['coordinator']) { if ($admin_angeltypes) { $member['actions'] = '<a href="' . page_link_to('user_angeltypes') . '&action=update&user_angeltype_id=' . $member['user_angeltype_id'] . '&coordinator=0" class="cancel">' . _("Remove coordinator rights") . '</a>'; } else { $member['actions'] = ''; } $coordinators[] = $member; } else { if ($admin_user_angeltypes) { $member['actions'] = join(" ", array($admin_angeltypes ? '<a href="' . page_link_to('user_angeltypes') . '&action=update&user_angeltype_id=' . $member['user_angeltype_id'] . '&coordinator=1" class="add">' . _("Add coordinator rights") . '</a>' : '', '<a href="' . page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $member['user_angeltype_id'] . '" class="cancel">' . _("remove") . '</a>')); } $members_confirmed[] = $member; } } if (count($coordinators) > 0) { $page[] = '<h3>' . _("Coordinators") . '</h3>'; $page[] = table(array('Nick' => _("Nick"), 'DECT' => _("DECT"), 'actions' => ""), $coordinators); } if (count($members_confirmed) > 0) { $members_confirmed[] = ['Nick' => _('Sum'), 'DECT' => count($members_confirmed), 'actions' => '']; } if (count($members_unconfirmed) > 0) { $members_unconfirmed[] = ['Nick' => _('Sum'), 'DECT' => count($members_unconfirmed), 'actions' => '']; } $page[] = '<h3>' . _("Members") . '</h3>'; if ($admin_user_angeltypes) { $page[] = buttons(array(button(page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], _("Add"), 'add'))); } $page[] = table(array('Nick' => _("Nick"), 'DECT' => _("DECT"), 'actions' => ""), $members_confirmed); if ($admin_user_angeltypes && $angeltype['restricted'] && count($members_unconfirmed) > 0) { $page[] = '<h3>' . _("Unconfirmed") . '</h3>'; $page[] = buttons(array(button(page_link_to('user_angeltypes') . '&action=confirm_all&angeltype_id=' . $angeltype['id'], _("confirm all"), 'ok'), button(page_link_to('user_angeltypes') . '&action=delete_all&angeltype_id=' . $angeltype['id'], _("deny all"), 'cancel'))); $page[] = table(array('Nick' => _("Nick"), 'DECT' => _("DECT"), 'actions' => ""), $members_unconfirmed); } return page_with_title(sprintf(_("Team %s"), $angeltype['name']), $page); }
function user_messages() { global $user; if (!isset($_REQUEST['action'])) { $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`='" . sql_escape($user['UID']) . "' ORDER BY `Nick`"); $to_select_data = array("" => _("Select recipient...")); foreach ($users as $u) { $to_select_data[$u['UID']] = $u['Nick']; } $to_select = html_select_key('to', 'to', $to_select_data, ''); $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`='" . sql_escape($user['UID']) . "' OR `RUID`='" . sql_escape($user['UID']) . "' ORDER BY `isRead`,`Datum` DESC"); $messages_table = [['news' => '', 'timestamp' => date("Y-m-d H:i"), 'from' => User_Nick_render($user), 'to' => $to_select, 'text' => form_textarea('text', '', ''), 'actions' => form_submit('submit', _("Save"))]]; foreach ($messages as $message) { $sender_user_source = User($message['SUID']); if ($sender_user_source === false) { engelsystem_error(_("Unable to load user.")); } $receiver_user_source = User($message['RUID']); if ($receiver_user_source === false) { engelsystem_error(_("Unable to load user.")); } $messages_table_entry = array('new' => $message['isRead'] == 'N' ? '<span class="glyphicon glyphicon-envelope"></span>' : '', 'timestamp' => date("Y-m-d H:i", $message['Datum']), 'from' => User_Nick_render($sender_user_source), 'to' => User_Nick_render($receiver_user_source), 'text' => str_replace("\n", '<br />', $message['Text'])); if ($message['RUID'] == $user['UID']) { if ($message['isRead'] == 'N') { $messages_table_entry['actions'] = button(page_link_to("user_messages") . '&action=read&id=' . $message['id'], _("mark as read"), 'btn-xs'); } } else { $messages_table_entry['actions'] = button(page_link_to("user_messages") . '&action=delete&id=' . $message['id'], _("delete message"), 'btn-xs'); } $messages_table[] = $messages_table_entry; } return page_with_title(messages_title(), array(msg(), sprintf(_("Hello %s, here can you leave messages for other angels"), User_Nick_render($user)), form(array(table(array('new' => _("New"), 'timestamp' => _("Date"), 'from' => _("Transmitted"), 'to' => _("Recipient"), 'text' => _("Message"), 'actions' => ''), $messages_table)), page_link_to('user_messages') . '&action=send'))); } else { switch ($_REQUEST['action']) { case "read": if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) { $id = $_REQUEST['id']; } else { return error(_("Incomplete call, missing Message ID."), true); } $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1"); if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) { sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`='" . sql_escape($id) . "' LIMIT 1"); redirect(page_link_to("user_messages")); } else { return error(_("No Message found."), true); } break; case "delete": if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) { $id = $_REQUEST['id']; } else { return error(_("Incomplete call, missing Message ID."), true); } $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1"); if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) { sql_query("DELETE FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1"); redirect(page_link_to("user_messages")); } else { return error(_("No Message found."), true); } break; case "send": if (Message_send($_REQUEST['to'], $_REQUEST['text']) === true) { redirect(page_link_to("user_messages")); } else { return error(_("Transmitting was terminated with an Error."), true); } break; default: return error(_("Wrong action."), true); } } }