#28 begin log

2012-12-26 14:02:27 +01:00 · 2012-12-26 14:02:27 +01:00 · 0dabaa505e
parent 213b6261c8
commit 0dabaa505e
15 changed files with 751 additions and 607 deletions
--- a/db/update.d/20_LogEntriesTable.php
+++ b/db/update.d/20_LogEntriesTable.php
@ -0,0 +1,19 @@
 <?php
 if(sql_num_query("SHOW TABLES LIKE 'LogEntries'") == 0) {
  sql_query("CREATE TABLE `LogEntries` (
      `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
      `timestamp` INT NOT NULL ,
      `nick` VARCHAR( 23 ) NOT NULL ,
      `message` TEXT NOT NULL ,
      INDEX ( `timestamp` )
  ) ENGINE = InnoDB;");
  $applied = true;
 }
 if(sql_num_query("SHOW TABLES LIKE 'ChangeLog'") == 0) {
  sql_query("DROP TABLE `ChangeLog`");
  $applied = true;
 }
 ?>
--- a/includes/model/LogEntries_model.php
+++ b/includes/model/LogEntries_model.php
@ -0,0 +1,15 @@
 <?php
 /**
 * Creates a log entry.
 * @param $nick Username
 * @param $message Log Message
 */
 function LogEntry_create($nick, $message) {
  $timestamp = date();
  sql_query("INSERT INTO `LogEntries` SET `timestamp`=" . sql_escape($timestamp) . ", `nick`='" . sql_escape($nick) . "', `message`='" . sql_escape($message) . "'");
 }
 ?>
--- a/includes/model/User_model.php
+++ b/includes/model/User_model.php
@ -0,0 +1,14 @@
 <?php
 /**
 * Returns user by id.
 * @param $id UID
 */
 function User($id) {
  $user_source = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
  if(count($user_source) > 0)
    return $user_source[0];
  return null;
 }
 ?>
--- a/includes/pages/admin_active.php
+++ b/includes/pages/admin_active.php
@ -25,8 +25,12 @@ function admin_active() {
    if (isset ($_REQUEST['ack'])) {
      sql_query("UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0");
      $users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit);
-			foreach ($users as $usr)
+      $user_nicks = array();
      foreach ($users as $usr) {
        sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`=" . sql_escape($usr['UID']));
        $user_nicks[] = $usr['Nick'];
      }
      engelsystem_log("These angels are active now: " . join(", ", $user_nicks));
      $limit = "";
      $msg = success("Marked angels.", true);
@ -37,24 +41,44 @@ function admin_active() {
  if (isset ($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) {
    $id = $_REQUEST['active'];
    $user_source = User($id);
    if($user_source != null) {
      sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
      engelsystem_log("User " . $user_source['Nick'] . " is active now.");
      $msg = success("Angel has been marked as active.", true);
    }
    else $msg = error("Angel not found.", true);
  }
  elseif (isset ($_REQUEST['not_active']) && preg_match("/^[0-9]+$/", $_REQUEST['not_active'])) {
    $id = $_REQUEST['not_active'];
    $user_source = User($id);
    if($user_source != null) {
      sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
      engelsystem_log("User " . $user_source['Nick'] . " is NOT active now.");
      $msg = success("Angel has been marked as not active.", true);
    }
    else $msg = error("Angel not found.", true);
  }
  elseif (isset ($_REQUEST['tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['tshirt'])) {
    $id = $_REQUEST['tshirt'];
    $user_source = User($id);
    if($user_source != null) {
      sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
      engelsystem_log("User " . $user_source['Nick'] . " has tshirt now.");
      $msg = success("Angel has got a t-shirt.", true);
    }
    else $msg = error("Angel not found.", true);
  }
  elseif (isset ($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['not_tshirt'])) {
    $id = $_REQUEST['not_tshirt'];
    $user_source = User($id);
    if($user_source != null) {
      sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
      engelsystem_log("User " . $user_source['Nick'] . " NO tshirt.");
      $msg = success("Angel has got no t-shirt.", true);
    }
    else $msg = error("Angel not found.", true);
  }
  $users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit);
--- a/includes/pages/admin_angel_types.php
+++ b/includes/pages/admin_angel_types.php
@ -47,10 +47,13 @@ function admin_angel_types() {
          $restricted = 0;
        if ($ok) {
-          if (isset ($id))
+          if (isset ($id)) {
            sql_query("UPDATE `AngelTypes` SET `name`='" . sql_escape($name) . "', `restricted`=" . sql_escape($restricted) . " WHERE `id`=" . sql_escape($id) . " LIMIT 1");
-          else
+            engelsystem_log("Updated angeltype: " . $name . ", restricted: " . $restricted);
          } else {
            sql_query("INSERT INTO `AngelTypes` SET `name`='" . sql_escape($name) . "', `restricted`=" . sql_escape($restricted));
            engelsystem_log("Created angeltype: " . $name . ", restricted: " . $restricted);
          }
          success("Angel type saved.");
          redirect(page_link_to('admin_angel_types'));
@ -76,6 +79,7 @@ function admin_angel_types() {
        sql_query("DELETE FROM `ShiftEntry` WHERE `TID`=" . sql_escape($id) . " LIMIT 1");
        sql_query("DELETE FROM `AngelTypes` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
        sql_query("DELETE FROM `UserAngelTypes` WHERE `angeltype_id`=" . sql_escape($id) . " LIMIT 1");
        engelsystem_log("Deleted angel type: " . $name);
        success(sprintf("Angel type %s deleted.", $name));
        redirect(page_link_to('admin_angel_types'));
      }
--- a/includes/pages/admin_arrive.php
+++ b/includes/pages/admin_arrive.php
@ -7,13 +7,21 @@ function admin_arrive() {
  if (isset ($_REQUEST['reset']) && preg_match("/^[0-9]*$/", $_REQUEST['reset'])) {
    $id = $_REQUEST['reset'];
    $user_source = User($id);
    if($user_source != null) {
      sql_query("UPDATE `User` SET `Gekommen`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
      engelsystem_log("User set to not arrived: " . $user_source['Nick']);
      $msg = success("Reset done. Angel has not arrived.", true);
    } else $msg = error("Angel not found.", true);
  }
  elseif (isset ($_REQUEST['arrived']) && preg_match("/^[0-9]*$/", $_REQUEST['arrived'])) {
    $id = $_REQUEST['arrived'];
    $user_source = User($id);
    if($user_source != null) {
      sql_query("UPDATE `User` SET `Gekommen`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
      engelsystem_log("User set has arrived: " . $user_source['Nick']);
      $msg = success("Angel has been marked as arrived.", true);
    } else $msg = error("Angel not found.", true);
  }
  $users = sql_select("SELECT * FROM `User` ORDER BY `Nick`");
--- a/includes/pages/admin_groups.php
+++ b/includes/pages/admin_groups.php
@ -77,9 +77,17 @@ function admin_groups() {
        if (count($room) > 0) {
          list ($room) = $room;
          sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
-					foreach ($_REQUEST['privileges'] as $priv)
+          $privilege_names = array();
-						if (preg_match("/^[0-9]{1,}$/", $priv) && sql_num_query("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv)) > 0)
+          foreach ($_REQUEST['privileges'] as $priv) {
            if (preg_match("/^[0-9]{1,}$/", $priv)) {
              $group_privileges_source = sql_select("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv) . " LIMIT 1");
              if(count($group_privileges_source) > 0) {
                sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
                $privilege_names[] = $group_privileges_source[0]['name'];
              }
            }
          }
          engelsystem_log("Group privileges of group " . $room['Name'] . " edited: " . join(", ", $privilege_names));
          header("Location: " . page_link_to("admin_groups"));
        } else
          return error("No Group found.", true);
--- a/includes/pages/admin_import.php
+++ b/includes/pages/admin_import.php
@ -155,6 +155,8 @@ function admin_import() {
        sql_query("DELETE FROM `Shifts` WHERE `PSID`=" .
            sql_escape($event['PSID']) . " LIMIT 1");
      engelsystem_log("Pentabarf import done");
      unlink($import_file);
      $html .= template_render('../templates/admin_import_import.html', array ());
--- a/includes/pages/admin_news.php
+++ b/includes/pages/admin_news.php
@ -60,6 +60,7 @@ function admin_news() {
          sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) .
              "', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1");
          engelsystem_log("News updated: " . $_POST["eBetreff"]);
          header("Location: " . page_link_to("news"));
        } else
          return error("No News found.", true);
@ -76,6 +77,7 @@ function admin_news() {
          list ($news) = $news;
          sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
          engelsystem_log("News deleted: " . $news['Betreff']);
          header("Location: " . page_link_to("news"));
        } else
          return error("No News found.", true);
--- a/includes/pages/admin_questions.php
+++ b/includes/pages/admin_questions.php
@ -60,6 +60,7 @@ function admin_questions() {
          if ($answer != "") {
            sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
            engelsystem_log("Question " . $question[0]['Question'] . " answered: " . $answer);
            header("Location: " . page_link_to("admin_questions"));
          } else
            return error("Gib eine Antwort ein!", true);
@ -75,6 +76,7 @@ function admin_questions() {
        $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
        if (count($question) > 0) {
          sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
          engelsystem_log("Question deleted: " . $question[0]['Question']);
          header("Location: " . page_link_to("admin_questions"));
        } else
          return error("No question found.", true);
--- a/includes/pages/admin_rooms.php
+++ b/includes/pages/admin_rooms.php
@ -77,17 +77,26 @@ function admin_rooms() {
        }
        if ($ok) {
-          if(isset($id))
+          if(isset($id)) {
            sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`=" . sql_escape($id) . " LIMIT 1");
-          else {
+            engelsystem_log("Room updated: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number);
          } else {
            sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "'");
            $id = sql_id();
            engelsystem_log("Room created: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number);
          }
          sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($id));
-          foreach ($angeltypes_count as $angeltype_id => $angeltype_count)
+          $needed_angeltype_info = array();
          foreach ($angeltypes_count as $angeltype_id => $angeltype_count) {
            $angeltype_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($angeltype_id) . " LIMIT 1");
            if(count($angeltype_source) > 0) {
              sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`=" . sql_escape($id) . ", `angel_type_id`=" . sql_escape($angeltype_id) . ", `count`=" . sql_escape($angeltype_count));
              $needed_angeltype_info[] = $angeltypes_source[0]['name'] . ": " . $angeltype_count;
            }
          }
          engelsystem_log("Set needed angeltypes of room " . $name . " to: " . join(", ", $needed_angeltype_info));
          success("Room saved.");
          redirect(page_link_to("admin_rooms"));
        }
@ -116,6 +125,8 @@ function admin_rooms() {
      if (isset ($_REQUEST['ack'])) {
        sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($id) . " LIMIT 1");
        sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($id) . " LIMIT 1");
        engelsystem_log("Room deleted: " . $name);
        success(sprintf("Room %s deleted.", $name));
        redirect(page_link_to('admin_rooms'));
      }
--- a/includes/pages/admin_shifts.php
+++ b/includes/pages/admin_shifts.php
@ -233,11 +233,18 @@ function admin_shifts() {
    foreach ($_SESSION['admin_shifts_shifts'] as $shift) {
      sql_query("INSERT INTO `Shifts` SET `start`=" . sql_escape($shift['start']) . ",  `end`=" . sql_escape($shift['end']) . ", `RID`=" . sql_escape($shift['RID']) . ", `name`='" . sql_escape($shift['name']) . "'");
      $shift_id = sql_id();
      engelsystem_log("Shift created: " . $shift['name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']));
      $needed_angel_types_info = array();
      foreach ($_SESSION['admin_shifts_types'] as $type_id => $count) {
        $angel_type_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($type_id) . " LIMIT 1");
        if(count($angel_type_source) > 0) {
          sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count));
          $needed_angel_types_info[] = $angel_type_source[0]['name'] . ": " . $count;
        }
      }
    }
    engelsystem_log("Shift needs following angel types: " . join(", ", $needed_angel_types_info));
    $msg = success("Schichten angelegt.", true);
  } else {
    unset ($_SESSION['admin_shifts_shifts']);
--- a/includes/pages/admin_user_angeltypes.php
+++ b/includes/pages/admin_user_angeltypes.php
@ -8,16 +8,24 @@ function admin_user_angeltypes() {
  global $privileges;
  if (isset ($_REQUEST['confirm']) && test_request_int('confirm') && sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " AND `confirm_user_id` IS NULL") > 0) {
    $user_angel_type_source = sql_select("SELECT `UserAngelTypes`.*, `User`.`Nick`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `User` ON `User`.`UID`=`UserAngelTypes`.`user_id` JOIN `AngelTypes` ON `AngelTypes`.`id`=`UserAngelTypes`.`angeltype_id` WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1");
    if(count($user_angel_type_source) > 0) {
      sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($_SESSION['uid']) . " WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1");
-
+      engelsystem_log("Confirmed " . $user_angel_type_source[0]['Nick'] . " as " . $user_angel_type_source[0]['name']);
      success("Confirmed.");
    }
    else error("Entry not found.");
    redirect(page_link_to('admin_user_angeltypes'));
  }
  if (isset ($_REQUEST['discard']) && test_request_int('discard') && sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " AND `confirm_user_id` IS NULL") > 0) {
    $user_angel_type_source = sql_select("SELECT `UserAngelTypes`.*, `User`.`Nick`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `User` ON `User`.`UID`=`UserAngelTypes`.`user_id` JOIN `AngelTypes` ON `AngelTypes`.`id`=`UserAngelTypes`.`angeltype_id` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1");
    if(count($user_angel_type_source) > 0) {
      sql_query("DELETE FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1");
-
+      engelsystem_log("Discarded " . $user_angel_type_source[0]['Nick'] . " as " . $user_angel_type_source[0]['name']);
      success("Discarded.");
    }
    else error("Entry not found.");
    redirect(page_link_to('admin_user_angeltypes'));
  }
--- a/includes/sys_log.php
+++ b/includes/sys_log.php
@ -0,0 +1,19 @@
 <?php
 /**
 * Write a log entry. This should be used to log user's activity.
 * @param $message
 */
 function engelsystem_log($message) {
  global $user;
  if(isset($user)) {
    $nick = $user['Nick'];
  } else {
    $nick = "Guest";
  }
  LogEntry_create($nick, $message);
 }
 ?>
--- a/public/index.php
+++ b/public/index.php
@ -3,6 +3,7 @@ require_once ('bootstrap.php');
 require_once ('includes/sys_auth.php');
 require_once ('includes/sys_counter.php');
 require_once ('includes/sys_lang.php');
 require_once ('includes/sys_log.php');
 require_once ('includes/sys_menu.php');
 require_once ('includes/sys_mysql.php');
 require_once ('includes/sys_page.php');