diff --git a/inc/UserCVS.php b/inc/UserCVS.php index ee1cb0a0..807c8f52 100755 --- a/inc/UserCVS.php +++ b/inc/UserCVS.php @@ -1,8 +1,10 @@

".Get_Text(11)." "; + echo "".Get_Text(11)." "; ?>

@@ -48,12 +48,19 @@ $MenueTableEnd=" include("./inc/funktion_menu.php"); include("./menu.php"); -ShowMenu( $Menu ); -echo "
"; -ShowMenu( $MenuAdmin ); +if( isset( $Menu)) +{ + ShowMenu( $Menu ); + echo "
"; +} +if( isset( $MenuAdmin)) + ShowMenu( $MenuAdmin ); echo "
"; +if( !isset($submenus)) + $submenus = 0; + if ($submenus >= 1 ) { $inc_name=$_SERVER['PHP_SELF']; $filenamepos=strrpos($inc_name, '/'); diff --git a/inc/funktion_lang.php b/inc/funktion_lang.php index d3a4832f..9a6dc220 100755 --- a/inc/funktion_lang.php +++ b/inc/funktion_lang.php @@ -2,7 +2,8 @@ function Get_Text ($TextID) { -if ($_SESSION['Sprache']=="") $_SESSION['Sprache']="EN"; +if( !isset($_SESSION['Sprache'])) $_SESSION['Sprache'] = "EN"; +if( $_SESSION['Sprache']=="") $_SESSION['Sprache']="EN"; GLOBAL $con; $SQL = "SELECT * FROM `Sprache` WHERE TextID=\"$TextID\" AND Sprache ='".$_SESSION['Sprache']."'"; diff --git a/inc/funktion_menu.php b/inc/funktion_menu.php index e90e99b6..d66700e8 100755 --- a/inc/funktion_menu.php +++ b/inc/funktion_menu.php @@ -19,8 +19,8 @@ function ShowMenu( $Menu ) if( $_SESSION['CVS'][$MenuFile] == "Y") echo "\t\t\t
  • ". $Entry["Name"]. "
    • \n"; - - echo $Entry["Line"]; + if( isset($Entry["Line"])) + echo $Entry["Line"]; //DEBUG diff --git a/inc/funktion_schichtplan.php b/inc/funktion_schichtplan.php index fc67c813..5d32b42c 100755 --- a/inc/funktion_schichtplan.php +++ b/inc/funktion_schichtplan.php @@ -45,6 +45,7 @@ function ausgabe_Feld_Inhalt( $SID, $Man ) //form Config global $CCC_Start, $CCC_End, $DEBUG; + $Spalten = ""; /////////////////////////////////////////////////////////////////// // Schow Admin Page @@ -72,10 +73,13 @@ function ausgabe_Feld_Inhalt( $SID, $Man ) $Anzahl = mysql_num_rows($Erg); $Feld=0; + $Temp_TID_old=-1; for( $i = 0; $i < $Anzahl; $i++ ) { - $Temp_TID_old = $Temp[$Feld]["TID"]; - $Temp_UID_old = $Temp[$Feld]["UID"]; + if( isset($Temp[$Feld]["TID"])) + $Temp_TID_old = $Temp[$Feld]["TID"]; + if( isset($Temp[$Feld]["UID"])) + $Temp_UID_old = $Temp[$Feld]["UID"]; $Temp_TID = mysql_result($Erg, $i, "TID"); @@ -95,7 +99,12 @@ function ausgabe_Feld_Inhalt( $SID, $Man ) // ist es eine zu vergeben schicht? if( $Temp[$Feld]["UID"] == 0 ) - $Temp[$Feld]["free"]++; + { + if( isset($Temp[$Feld]["free"])) + $Temp[$Feld]["free"]++; + else + $Temp[$Feld]["free"]=1; + } else $Temp[$Feld]["Engel"][] = $Temp[$Feld]["UID"]; } // FOR @@ -111,8 +120,9 @@ function ausgabe_Feld_Inhalt( $SID, $Man ) $Spalten.= $EngelTypeID[ $TempValue["TID"] ]. " "; // ausgabe Eingetragener Engel - if( count($TempValue["Engel"]) > 0 ) - { + if( isset($TempValue["Engel"])) + if( count($TempValue["Engel"]) > 0 ) + { if( count($TempValue["Engel"]) == 1 ) $Spalten.= Get_Text("inc_schicht_ist"). ":
    \n\t\t"; else @@ -123,7 +133,7 @@ function ausgabe_Feld_Inhalt( $SID, $Man ) DisplayAvatar( $TempEngelID ). "
    \n\t\t"; $Spalten = substr( $Spalten, 0, strlen($Spalten)-7 ); - } + } // ausgabe benötigter Engel //////////////////////////// @@ -137,10 +147,12 @@ function ausgabe_Feld_Inhalt( $SID, $Man ) $SQLerlaubnis = "SELECT Name FROM `EngelType` WHERE TID = '". $TempValue["TID"]. "'"; $Ergerlaubnis = mysql_query( $SQLerlaubnis, $con); if( mysql_num_rows( $Ergerlaubnis)) - if( $_SESSION['CVS'][mysql_result( $Ergerlaubnis, 0, "Name")] == "Y" || - $_SESSION['CVS'][mysql_result( $Ergerlaubnis, 0, "Name")] == "") - if( $TempValue["free"] > 0 ) - { + //setzen wenn nicht definiert + if( !isset($_SESSION['CVS'][mysql_result( $Ergerlaubnis, 0, "Name")])) + $_SESSION['CVS'][mysql_result( $Ergerlaubnis, 0, "Name")] = "Y"; + if( $_SESSION['CVS'][mysql_result( $Ergerlaubnis, 0, "Name")] == "Y") + if( $TempValue["free"] > 0 ) + { $Spalten.= "
    \n\t\t  "; $Spalten.= $TempValue["free"]; @@ -154,12 +166,14 @@ function ausgabe_Feld_Inhalt( $SID, $Man ) Get_Text("inc_schicht_werden"); $Spalten.= Get_Text("inc_schicht_noch_gesucht"); $Spalten.= ""; - } + } } else { - if( $TempValue["free"] > 0 ) - $Spalten.= "
    \n\t\t  

    Fehlen noch: ". $TempValue["free"]. "

    "; + if( isset($TempValue["free"])) + if( $TempValue["free"] > 0 ) + $Spalten.= "
    \n\t\t  

    Fehlen noch: ". + $TempValue["free"]. "

    "; } $Spalten.= "
    \n\t\t"; @@ -287,8 +301,8 @@ function CreateRoomShifts( $raum ) " (". mysql_result($Erg, $i, "SID"). " R$raum) (xx-xx)

    "; } } - if( $ZeitZeiger <= 24 ) - $Spalten[$ZeitZeiger * $GlobalZeileProStunde].= + if( $ZeitZeiger < 24 ) + $Spalten[($ZeitZeiger * $GlobalZeileProStunde)].= "\t\t \n"; diff --git a/inc/funktion_schichtplan_beamer.php b/inc/funktion_schichtplan_beamer.php index 5d41ad01..5a9e78c3 100755 --- a/inc/funktion_schichtplan_beamer.php +++ b/inc/funktion_schichtplan_beamer.php @@ -157,7 +157,7 @@ function ausgabe_Zeile( $RID, $Time, &$AnzahlEintraege ) " (`DateS` like '". gmdate("Y-m-d H", $Time). "%')) ) ORDER BY `DateS`;"; $ErgRoom = mysql_query($SQL, $con); - $Out.= "\t"; + $Out= "\t"; if( mysql_num_rows( $ErgRoom)>0 ) for( $i=1; $i<=mysql_num_rows( $ErgRoom); $i++ ) { diff --git a/inc/header.php b/inc/header.php index 16904ee9..64e831fd 100755 --- a/inc/header.php +++ b/inc/header.php @@ -89,9 +89,11 @@ if( $Page["ShowTabel"]=="Y" ) echo "\n\n\n"; if (IsSet($_SESSION['UID'])) { - $BACKUP_SESSION_OLDURL = $_SESSION['oldurl']; - $_SESSION['oldurl'] = $_SESSION['newurl']; - $_SESSION['newurl'] = $REQUEST_URI; + if( isset($_SESSION['oldurl'])) + $BACKUP_SESSION_OLDURL = $_SESSION['oldurl']; + if( isset($_SESSION['newurl'])) + $_SESSION['oldurl'] = $_SESSION['newurl']; + $_SESSION['newurl'] = $_SERVER["REQUEST_URI"]; } diff --git a/inc/secure.php b/inc/secure.php index 32c8f864..786c18a6 100755 --- a/inc/secure.php +++ b/inc/secure.php @@ -1,7 +1,7 @@ $v) { $v = htmlspecialchars($v); @@ -13,6 +13,7 @@ foreach ($_GET as $k => $v) exit; } $_GET[$k] = $v; + echo "GET $k=\"$v\"
    "; } foreach ($_POST as $k => $v) @@ -25,6 +26,7 @@ foreach ($_POST as $k => $v) exit; } $_POST[$k] = $v; + echo "POST $k=\"$v\"
    "; } ?> diff --git a/nonpublic/einstellungen.php b/nonpublic/einstellungen.php index 36fa76a7..214593ae 100755 --- a/nonpublic/einstellungen.php +++ b/nonpublic/einstellungen.php @@ -4,12 +4,10 @@ $header = "Deine persönlichen Einstellungen"; include ("./inc/header.php"); include ("./inc/crypt.php"); -if (!IsSet($action)) { - -echo Get_Text(1).$_SESSION['Nick'].",
    \n\n"; - -Print_Text(13); - +if (!IsSet($_POST["action"])) +{ + echo Get_Text(1).$_SESSION['Nick'].",
    \n\n"; + Print_Text(13); ?>
    @@ -115,17 +113,16 @@ Print_Text(13); //$ANZ_AVATAR= shell_exec("ls ".$_SERVER["DOCUMENT_ROOT"].$ENGEL_ROOT."inc/avatar/ | wc -l"); $ANZ_AVATAR= shell_exec("ls inc/avatar/ | wc -l"); - ?>

    \n"; echo "\n"; - echo "\n"; + echo "\n"; echo "\n"; echo ""; } - elseif( $action == "editSave" ) + elseif( $_GET["action"] == "editSave" ) { echo Get_Text("pub_myshift_EditSave_Text1"). "
    \n"; $sql = "UPDATE `ShiftEntry` ". - "SET `Comment` = \"". $newtext. "\" ". - "WHERE `SID`='$SID' AND `UID`='". $_SESSION['UID']. "' LIMIT 1;"; + "SET `Comment` = \"". $_GET["newtext"]. "\" ". + "WHERE `SID`='". $_GET["SID"]. "' AND `UID`='". $_SESSION['UID']. "' LIMIT 1;"; $Erg = mysql_query($sql, $con); if ($Erg == 1) echo "\t ...". Get_Text("pub_myshift_EditSave_OK"). "\n"; diff --git a/nonpublic/schichtplan.php b/nonpublic/schichtplan.php index 1dc9af87..b784be0c 100755 --- a/nonpublic/schichtplan.php +++ b/nonpublic/schichtplan.php @@ -2,6 +2,12 @@ $title = "Himmel"; $header = "Schichtpläne"; $submenus = 2; + +if( isset($_GET["ausdatum"])) + $ausdatum = $_GET["ausdatum"]; +if( isset($_GET["raum"])) + $raum = $_GET["raum"]; + include ("./inc/header.php"); include ("./inc/funktion_user.php"); include ("./inc/funktionen.php"); diff --git a/nonpublic/schichtplan_add.php b/nonpublic/schichtplan_add.php index 33b25d2c..21a0b508 100755 --- a/nonpublic/schichtplan_add.php +++ b/nonpublic/schichtplan_add.php @@ -6,11 +6,11 @@ include ("./inc/funktion_user.php"); include ("./inc/funktion_schichtplan.php"); include ("./inc/funktionen.php"); -if (isset($newtext) && isset($SID) && isset($TID)) { +if (isset($_POST["newtext"]) && isset($_POST["SID"]) && isset($_POST["TID"])) { SetHeaderGo2Back(); // datum der einzutragenden schicht heraussuhen... - $ShiftSQL = "SELECT `DateS`, `DateE` FROM `Shifts` WHERE `SID`='$SID'"; + $ShiftSQL = "SELECT `DateS`, `DateE` FROM `Shifts` WHERE `SID`='". $_POST["SID"]. ".'"; $ShiftErg = mysql_query ($ShiftSQL, $con); $beginSchicht = mysql_result($ShiftErg, 0, "DateS"); $endSchicht = mysql_result($ShiftErg, 0, "DateE"); @@ -34,7 +34,7 @@ if (isset($newtext) && isset($SID) && isset($TID)) { { //ermitteln der noch gesuchten $SQL3 = "SELECT * FROM `ShiftEntry`". - " WHERE ((`SID` = '$SID') and (`TID` = '$TID') and (`UID` = '0'));"; + " WHERE ((`SID` = '". $_POST["SID"]. "') and (`TID` = '". $_POST["TID"]. "') and (`UID` = '0'));"; $Erg3 = mysql_query($SQL3, $con); if( mysql_num_rows($Erg3) <= 0 ) @@ -44,8 +44,10 @@ if (isset($newtext) && isset($SID) && isset($TID)) { //write shift $SQL = "UPDATE `ShiftEntry` SET ". "`UID` = '". $_SESSION['UID']. "', ". - "`Comment` = '$newtext' ". - "WHERE ((`SID` = '$SID') and (`TID` = '$TID') and (`UID` = '0')) LIMIT 1;"; + "`Comment` = '". $_POST["newtext"]. "' ". + "WHERE ( (`SID` = '". $_POST["SID"]. "') and ". + "(`TID` = '". $_POST["TID"]. "') and ". + "(`UID` = '0')) LIMIT 1;"; $Erg = mysql_query($SQL, $con); if ($Erg != 1) @@ -56,13 +58,13 @@ if (isset($newtext) && isset($SID) && isset($TID)) { }//TO Many USERS }//Allready in Shift } -elseif (isset($SID) && isset($TID)) { +elseif (isset($_GET["SID"]) && isset($_GET["TID"])) { echo Get_Text("pub_schichtplan_add_Text1"). "

    \n\n". - "
    ". - ""; + "\n". + "
    \n"; $SQL = "SELECT * FROM `Shifts` WHERE "; - $SQL .="(SID = '".$SID."')"; + $SQL .="(SID = '". $_GET["SID"]. "')"; $Erg = mysql_query($SQL, $con); echo "\n"; echo "\n"; + $EngelTypeID[$_GET["TID"]]. "\n"; echo "\n"; @@ -86,8 +88,8 @@ elseif (isset($SID) && isset($TID)) { echo "\n". "\n". "
    ". Get_Text("pub_schichtplan_add_Date"). ": ". @@ -72,7 +74,7 @@ elseif (isset($SID) && isset($TID)) { $RoomID[ mysql_result($Erg, 0, "RID") ]. "
    ". Get_Text("pub_schichtplan_add_Job"). ": ". - $EngelTypeID[$TID]. "
    ". Get_Text("pub_schichtplan_add_Len"). ": ". mysql_result($Erg, 0, "Len"). "h
     
    \n". - "\n". - "\n". + "\n". + "\n". "
    "; } diff --git a/nonpublic/schichtplan_beamer.php b/nonpublic/schichtplan_beamer.php index 6274b289..bcaca64c 100755 --- a/nonpublic/schichtplan_beamer.php +++ b/nonpublic/schichtplan_beamer.php @@ -15,7 +15,7 @@ $Time = time()+3600+3600; Schichtpläne für Beamer -"> + \n". diff --git a/nonpublic/wecken.php b/nonpublic/wecken.php index 91c64d93..f7145336 100755 --- a/nonpublic/wecken.php +++ b/nonpublic/wecken.php @@ -5,19 +5,24 @@ $header = "Weckdienst"; include ("./inc/header.php"); include ("./inc/funktion_user.php"); -if ($eintragen == Get_Text("pub_wake_bouton") ) { - $SQL = "INSERT INTO Wecken (`UID`, `Date`, `Ort`, `Bemerkung`) VALUES (".$_SESSION['UID'].", \"$Date\", \"$Ort\", \"$Bemerkung\") "; - $Erg = mysql_query($SQL, $con); - if ($Erg == 1) { Print_Text(4); } -} - -if ($eintragen == "loeschen") { - $SQL = "Delete from Wecken where UID = ".$_SESSION['UID']." and ID = $weckID limit 1"; - $Erg = mysql_query($SQL, $con); - if ($Erg == 1) { - Print_Text(4); - } -} +if( isset($_POST["eintragen"])) + if( $_POST["eintragen"] == Get_Text("pub_wake_bouton") ) + { + $SQL = "INSERT INTO Wecken (`UID`, `Date`, `Ort`, `Bemerkung`) ". + "VALUES (".$_SESSION['UID'].", \"". $_POST["Date"]. "\", \"". $_POST["Ort"]. + "\", \"". $_POST["Bemerkung"]. "\") "; + $Erg = mysql_query($SQL, $con); + if ($Erg == 1) + Print_Text(4); + } +if( isset($_GET["eintragen"])) + if ($_GET["eintragen"] == "loeschen") + { + $SQL = "Delete from Wecken where UID = ".$_SESSION['UID']." and ID = ". $_GET["weckID"]." limit 1"; + $Erg = mysql_query($SQL, $con); + if ($Erg == 1) + Print_Text(4); + } ?> ".Get_Text("pub_wake_beschreibung")?>