check link before show

This commit is contained in:
Angelo Cuccato 2010-11-23 10:28:02 +01:00
parent 3b6e2b24b1
commit 1e47799384
6 changed files with 115 additions and 53 deletions

View File

@ -96,8 +96,8 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('33', 'DE', 'Sprache
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('33', 'EN', 'Language is saved. On the next page it will be active.'); INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('33', 'EN', 'Language is saved. On the next page it will be active.');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('34', 'DE', 'Avatar wurde gesetzt.'); INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('34', 'DE', 'Avatar wurde gesetzt.');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('34', 'EN', 'Avatar is saved.'); INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('34', 'EN', 'Avatar is saved.');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'DE', '<b>Neue Anfrage:</b>\r\nIn diesem Formular hast du die Möglichkeit, den Erzengeln eine Frage zu stellen. Wenn diese beantwortet ist, wirst du hier darüber informiert. Sollte die Frage von allgemeinem Interesse sein, wird diese in die Engel-FAQ übernommen.'); INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'DE', 'Neue Anfrage In diesem Formular hast du die Möglichkeit, den Erzengeln eine Frage zu stellen. Wenn diese beantwortet ist, wirst du hier darüber informiert. Sollte die Frage von allgemeinem Interesse sein, wird diese in die Engel-FAQ übernommen.');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'EN', '<b>New Question</b>\r\nWith this form you may sumbit questions to our Archangels. Topics of common interest may be added to the FAQ. (Section: answered questions).\r\n'); INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'EN', 'New Question With this form you may sumbit questions to our Archangels. Topics of common interest may be added to the FAQ. (Section: answered questions).\r\n');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('36', 'DE', 'Stelle hier deine Frage'); INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('36', 'DE', 'Stelle hier deine Frage');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('36', 'EN', 'Tell us your question'); INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('36', 'EN', 'Tell us your question');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('37', 'DE', 'Deine Anfrage war:'); INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('37', 'DE', 'Deine Anfrage war:');
@ -325,8 +325,8 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_aktive_Active',
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_add_TextFor', 'EN', 'text for shift'); INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_add_TextFor', 'EN', 'text for shift');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_add_WriteOK', 'EN', 'Now, you signed up for this shift. Thank you for your cooperation.'); INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_add_WriteOK', 'EN', 'Now, you signed up for this shift. Thank you for your cooperation.');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_add_Text1', 'EN', 'Here you can sign up for a shift. As commend can you write what you want, it is only for you.'); INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_add_Text1', 'EN', 'Here you can sign up for a shift. As commend can you write what you want, it is only for you.');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'DE', '&lt;h1&gt;Fehler&lt;/h1&gt;\r\n&Uuml;berschneidung von Schichten:'); INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'DE', 'Fehler &Uuml;berschneidung von Schichten:');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'EN', '&lt;h1&gt;error&lt;/h1&gt;\r\noverlap on shift:'); INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'EN', 'error noverlap on shift:');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schicht_EmptyShifts', 'DE', 'Die n&auml;chsten 15 freien Schichten:'); INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schicht_EmptyShifts', 'DE', 'Die n&auml;chsten 15 freien Schichten:');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schicht_EmptyShifts', 'EN', 'The next 15 empty shifts:'); INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schicht_EmptyShifts', 'EN', 'The next 15 empty shifts:');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('inc_schicht_date', 'DE', 'Datum'); INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('inc_schicht_date', 'DE', 'Datum');

View File

@ -50,4 +50,53 @@ if( $DEBUG )
} }
function funktion_isLinkAllowed( $PageName)
{
global $_SESSION;
// separate page parameter
$ParameterPos = strpos( $PageName, ".php?");
if( $ParameterPos === FALSE)
{
$pName = $PageName;
}
else
{
$pName = substr( $PageName, 0, $ParameterPos + 4);
}
// check rights
if( (isset( $_SESSION['CVS'][ $pName ]) === TRUE) &&
($_SESSION['CVS'][ $pName ] == "Y") )
{
return TRUE;
}
return FALSE;
}
function funktion_isLinkAllowed_addLink_OrLinkText( $PageName, $LinkText)
{
global $url, $ENGEL_ROOT;
if( funktion_isLinkAllowed( $PageName) === TRUE)
{
return "<a href=\"". $url. $ENGEL_ROOT. $PageName. "\">". $LinkText. "</a>";
}
return $LinkText;
}
function funktion_isLinkAllowed_addLink_OrEmpty( $PageName, $LinkText)
{
global $url, $ENGEL_ROOT;
if( funktion_isLinkAllowed( $PageName) === TRUE)
{
return "<a href=\"". $url. $ENGEL_ROOT. $PageName. "\">". $LinkText. "</a>";
}
return "";
}
?> ?>

View File

@ -39,11 +39,9 @@ for( $i=0; $i<mysql_num_rows($Erg); $i++)
if( $_SESSION['UID']>0 ) if( $_SESSION['UID']>0 )
echo DisplayAvatar( mysql_result( $Erg, $i, "UID")); echo DisplayAvatar( mysql_result( $Erg, $i, "UID"));
// Schow Admin Page // Schow Admin Page
if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" ) echo funktion_isLinkAllowed_addLink_OrLinkText(
echo " <a href=\"./../admin/userChangeNormal.php?enterUID=". mysql_result( $Erg, $i, "UID"). "&Type=Normal\">". "admin/userChangeNormal.php?enterUID=". mysql_result( $Erg, $i, "UID"). "&Type=Normal",
mysql_result( $Erg, $i, "Nick"). "</a>"; mysql_result( $Erg, $i, "Nick"));
else
echo mysql_result( $Erg, $i, "Nick");
$Tlog = (substr( mysql_result( $Erg, $i, "lastLogIn"), 8, 2) * 60 * 60 * 24) + // Tag $Tlog = (substr( mysql_result( $Erg, $i, "lastLogIn"), 8, 2) * 60 * 60 * 24) + // Tag
(substr( mysql_result( $Erg, $i, "lastLogIn"), 11, 2) * 60 * 60) + // Stunde (substr( mysql_result( $Erg, $i, "lastLogIn"), 11, 2) * 60 * 60) + // Stunde

View File

@ -18,11 +18,9 @@ function ausgabe_Feld_Inhalt( $SID, $Man )
/////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////
// Schow Admin Page // Schow Admin Page
/////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////
if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" ) $Spalten.=funktion_isLinkAllowed_addLink_OrEmpty(
{ "admin/schichtplan.php?action=change&SID=$SID",
$Spalten.= "<a href=\"./../admin/schichtplan.php?action=change&SID=$SID\">edit</a><br>\n\t\t"; "edit<br>\n\t\t");
}
/////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////
// Ausgabe des Schischtnamens // Ausgabe des Schischtnamens
@ -104,28 +102,30 @@ function ausgabe_Feld_Inhalt( $SID, $Man )
foreach( $TempValue["Engel"] as $TempEngelEntry=> $TempEngelID ) foreach( $TempValue["Engel"] as $TempEngelEntry=> $TempEngelID )
{ {
if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" ) if( funktion_isLinkAllowed( "admin/user.php") === TRUE)
$Spalten.= " <a href=\"./../admin/userChangeNormal.php?enterUID=$TempEngelID&Type=Normal\">";
if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" )
{ {
if( UIDgekommen( $TempEngelID ) == "1") // add color, wenn Engel "Gekommen"
$Spalten.= "&nbsp;&nbsp;<span style=\"color: blue;\">". $TempText=
UID2Nick( $TempEngelID ). ((UIDgekommen( $TempEngelID ) == "1")
($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): ""). ? "<span style=\"color: blue;\">"
"</span><br>\n\t\t"; : "<span style=\"color: red;\">").
else UID2Nick( $TempEngelID). "</span>";
$Spalten.= "&nbsp;&nbsp;<span style=\"color: red;\">".
UID2Nick( $TempEngelID ).
($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): "").
"</span><br>\n\t\t";
} }
else else
$Spalten.= "&nbsp;&nbsp;". UID2Nick( $TempEngelID ). {
($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): ""). $TempText = UID2Nick( $TempEngelID );
"<br>\n\t\t"; }
if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" )
$Spalten.= " </a>"; // add link to user
$TempText= funktion_isLinkAllowed_addLink_OrLinkText(
"admin/userChangeNormal.php?enterUID=$TempEngelID&Type=Normal",
$TempText);
$Spalten.= "&nbsp;&nbsp;". $TempText.
( ($_GET["Icon"]==1) ? DisplayAvatar( $TempEngelID): "").
"<br>\n\t\t";
} }
$Spalten = substr( $Spalten, 0, strlen($Spalten)-7 ); $Spalten = substr( $Spalten, 0, strlen($Spalten)-7 );
} }
@ -205,13 +205,17 @@ function CreateRoomShifts( $raum )
$ErgSonder = mysql_query($SQLSonder, $con); $ErgSonder = mysql_query($SQLSonder, $con);
if( (mysql_num_rows( $ErgSonder) > 1) ) if( (mysql_num_rows( $ErgSonder) > 1) )
{ {
if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" ) if( funktion_isLinkAllowed( "admin/schichtplan.php") === TRUE )
{ {
echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> "; echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> ";
echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". mysql_result($ErgSonder, 0, "SID"). "\">". for( $i=0; $i<mysql_num_rows( $ErgSonder); $i++)
mysql_result($ErgSonder, 0, "DateS"). {
" '". mysql_result($ErgSonder, 0, "Man")."' (RID $raum) (00-24)". echo "<a href=\"./../admin/schichtplan.php?action=change&SID=".
"</a><br>\n\t\t"; mysql_result($ErgSonder, $i, "SID"). "\">".
mysql_result($ErgSonder, $i, "DateS").
" '". mysql_result($ErgSonder, $i, "Man")."' (RID $raum) (00-24)".
"</a><br>\n\t\t";
}
} }
} }
elseif( (mysql_num_rows( $ErgSonder) == 1) ) elseif( (mysql_num_rows( $ErgSonder) == 1) )
@ -236,13 +240,17 @@ function CreateRoomShifts( $raum )
$ErgSonder = mysql_query($SQLSonder, $con); $ErgSonder = mysql_query($SQLSonder, $con);
if( (mysql_num_rows( $ErgSonder) > 1) ) if( (mysql_num_rows( $ErgSonder) > 1) )
{ {
if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" ) if( funktion_isLinkAllowed( "admin/schichtplan.php") === TRUE )
{ {
echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> "; echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> ";
echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". mysql_result($ErgSonder, 0, "SID"). "\">". for( $i=0; $i<mysql_num_rows( $ErgSonder); $i++)
mysql_result($ErgSonder, 0, "DateS"). {
" '". mysql_result($ErgSonder, 0, "Man")."' (RID $raum) (00-xx)". echo "<a href=\"./../admin/schichtplan.php?action=change&SID=".
"</a><br>\n\t\t"; mysql_result($ErgSonder, $i, "SID"). "\">".
mysql_result($ErgSonder, $i, "DateS").
" '". mysql_result($ErgSonder, $i, "Man")."' (RID $raum) (00-xx)".
"</a><br>\n\t\t";
}
} }
} }
elseif( (mysql_num_rows( $ErgSonder) == 1) ) elseif( (mysql_num_rows( $ErgSonder) == 1) )
@ -297,10 +305,12 @@ function CreateRoomShifts( $raum )
} }
else else
{ {
echo Get_Text("pub_schichtplan_colision"). " ". echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> ";
echo "<a href=\"./../admin/schichtplan.php?action=change&SID=".
mysql_result($Erg, $i, "SID"). "\">".
mysql_result($Erg, $i, "DateS"). mysql_result($Erg, $i, "DateS").
" '". mysql_result($Erg, $i, "Man"). "' ". " '". mysql_result($Erg, $i, "Man"). "' ".
" (". mysql_result($Erg, $i, "SID"). " R$raum) (xx-xx)<br><br>"; " (". mysql_result($Erg, $i, "SID"). " R$raum) (xx-xx)</a><br><br>";
} }
} }
if( $ZeitZeiger < 24 ) if( $ZeitZeiger < 24 )

View File

@ -259,7 +259,7 @@ foreach($XMLmain->sub as $EventKey => $Event)
} }
else else
{ {
echo "\t<td><a href=\"./schichtplan.php?action=change&SID=$SIDDB\">edit</a></td>\n"; echo "\t<td>". funktion_isLinkAllowed_addLink_OrLinkText("admin/schichtplan.php?action=change&SID=".$SIDDB, "edit"). "</td>\n";
$DS_OK++; $DS_OK++;
} }
echo "\t</tr>\n"; echo "\t</tr>\n";
@ -299,7 +299,8 @@ if(mysql_num_rows($Erg2)>0 && $EnableSchudleDB )
"<input name=\"LenDB\" type=\"text\" value=\"$Len\" size=\"1\"readonly></td>\n"; "<input name=\"LenDB\" type=\"text\" value=\"$Len\" size=\"1\"readonly></td>\n";
echo "\t<td><input name=\"ManXML\" type=\"text\" value=\"\" size=\"40\"readonly>\n\t\t". echo "\t<td><input name=\"ManXML\" type=\"text\" value=\"\" size=\"40\"readonly>\n\t\t".
"<input name=\"ManDB\" type=\"text\" value=\"$Man\" size=\"40\"readonly></td>\n"; "<input name=\"ManDB\" type=\"text\" value=\"$Man\" size=\"40\"readonly></td>\n";
echo "\t<td><a href=\"./schichtplan.php?action=change&SID=$SID\">edit</a></td>\n"; echo "\t<td>". funktion_isLinkAllowed_addLink_OrLinkText( "admin/schichtplan.php?action=change&SID=".$SID, "edit").
"</td>\n";
echo "\t<tr>\n"; echo "\t<tr>\n";
} }
echo "</table>"; echo "</table>";

View File

@ -88,12 +88,16 @@ if (!IsSet($_GET["enterUID"]))
echo "\t<td>".mysql_result($Erg, $n, "Aktiv")."</td>\n"; echo "\t<td>".mysql_result($Erg, $n, "Aktiv")."</td>\n";
$Tshirt += mysql_result($Erg, $n, "Tshirt"); $Tshirt += mysql_result($Erg, $n, "Tshirt");
echo "\t<td>".mysql_result($Erg, $n, "Tshirt")."</td>\n"; echo "\t<td>".mysql_result($Erg, $n, "Tshirt")."</td>\n";
echo "\t<td><a href=\"./userChangeNormal.php?enterUID=". echo "\t<td>". funktion_isLinkAllowed_addLink_OrEmpty(
mysql_result($Erg, $n, "UID")."&Type=Normal\">&Auml;nd.</a></td>\n"; "admin/userChangeNormal.php?enterUID=".
echo "\t<td>"; mysql_result($Erg, $n, "UID")."&Type=Normal",
"&Auml;nd.").
echo "<a href=\"./userChangeSecure.php?enterUID=". "</td>\n";
mysql_result($Erg, $n, "UID")."&Type=Secure\">Secure</a></td>\n"; echo "\t<td>". funktion_isLinkAllowed_addLink_OrEmpty(
"admin/userChangeSecure.php?enterUID=".
mysql_result($Erg, $n, "UID")."&Type=Secure",
"Secure").
"</td>\n";
echo "</tr>\n"; echo "</tr>\n";
} }
echo "<tr>". echo "<tr>".