iger
/
engelsystem
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #344 from MyIgel/master 

Prepared routing, added symfony http Closes #336 and closes #337
This commit is contained in:
msquare 2017-09-11 17:52:55 +02:00 committed by GitHub
parent 581b81f1b2 0a20883aa8
commit 3591606130
62 changed files with 1132 additions and 708 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -8,7 +8,7 @@ Please visit https://engelsystem.de for a feature list.
## Installation
### Requirements:
* PHP >= 5.6.4, PHP >= 7.0.0 recommended
* PHP >= 7.0.0
* MySQL-Server >= 5.5.x
* Webserver, i.e. lighttpd, nginx, or Apache

7
composer.json
View File

@ -14,12 +14,13 @@
}
],
"require": {
"php": ">=5.6.4",
"php": ">=7.0.0",
"erusev/parsedown": "1.6.*",
"twbs/bootstrap": "^3.3"
"twbs/bootstrap": "^3.3",
"symfony/http-foundation": "^3.3"
},
"require-dev": {
"phpunit/phpunit": "^6.2"
"phpunit/phpunit": "^6.3"
},
"autoload": {
"psr-4": {

5
config/config.default.php
View File

@ -44,6 +44,9 @@ return [
// Number of News shown on one site
'display_news' => 6,
// Only arrived angels can sign up for shifts
'signup_requires_arrival' => false,
// Anzahl Stunden bis zum Austragen eigener Schichten
'last_unsubscribe' => 3,
@ -55,7 +58,7 @@ return [
// Blowfish '$2y$13'
// SHA-256 '$5$rounds=5000'
// SHA-512 '$6$rounds=5000'
'crypt_alg' => '$6$rounds=5000', // SHA-512
'crypt_alg' => '$6$rounds=5000',
'min_password_length' => 8,

8
db/update.sql
View File

@ -17,10 +17,14 @@ ALTER TABLE `AngelTypes`
ALTER TABLE `AngelTypes`
ADD FOREIGN KEY (`contact_user_id`) REFERENCES `User`(`UID`) ON DELETE SET NULL ON UPDATE CASCADE;
INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES (NULL, 'shiftentry_edit_angeltype_supporter', 'If user with this privilege is angeltype supporter, he can put users in shifts for their angeltype');
-- DB Performance
ALTER TABLE `Shifts` ADD INDEX(`start`);
ALTER TABLE `NeededAngelTypes` ADD INDEX(`count`);
-- Security
UPDATE `Groups` SET UID = UID * 10;
INSERT INTO `Groups` (Name, UID) VALUES ('News Admin', -65);
INSERT INTO `Privileges` (id, name, `desc`) VALUES (42, 'admin_news_html', 'Use HTML in news');
INSERT INTO `GroupPrivileges` (group_id, privilege_id) VALUES (-65, 14), (-65, 42);

9
includes/autoload.php Normal file
View File

@ -0,0 +1,9 @@
<?php
// Check for autoloader
if (!is_readable(__DIR__ . '/../vendor/autoload.php')) {
die('Please run composer.phar install');
}
// Include composer autoloader
require_once __DIR__ . '/../vendor/autoload.php';

26
includes/controller/angeltypes_controller.php
View File

@ -42,7 +42,7 @@ function angeltypes_controller()
*/
function angeltype_link($angeltype_id)
{
return page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype_id;
return page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype_id]);
}
/**
@ -127,7 +127,7 @@ function angeltype_edit_controller()
if (!$supporter_mode) {
if ($request->has('name')) {
$result = AngelType_validate_name($request->input('name'), $angeltype);
$result = AngelType_validate_name($request->postData('name'), $angeltype);
$angeltype['name'] = $result->getValue();
if (!$result->isValid()) {
$valid = false;
@ -211,17 +211,21 @@ function angeltypes_list_controller()
foreach ($angeltypes as &$angeltype) {
$actions = [
button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('view'), 'btn-xs')
button(
page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
_('view'),
'btn-xs'
)
];
if (in_array('admin_angel_types', $privileges)) {
$actions[] = button(
page_link_to('angeltypes') . '&action=edit&angeltype_id=' . $angeltype['id'],
page_link_to('angeltypes', ['action' => 'edit', 'angeltype_id' => $angeltype['id']]),
_('edit'),
'btn-xs'
);
$actions[] = button(
page_link_to('angeltypes') . '&action=delete&angeltype_id=' . $angeltype['id'],
page_link_to('angeltypes', ['action' => 'delete', 'angeltype_id' => $angeltype['id']]),
_('delete'),
'btn-xs'
);
@ -230,13 +234,15 @@ function angeltypes_list_controller()
$angeltype['membership'] = AngelType_render_membership($angeltype);
if ($angeltype['user_angeltype_id'] != null) {
$actions[] = button(
page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $angeltype['user_angeltype_id'],
page_link_to('user_angeltypes',
['action' => 'delete', 'user_angeltype_id' => $angeltype['user_angeltype_id']]
),
_('leave'),
'btn-xs'
);
} else {
$actions[] = button(
page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'],
page_link_to('user_angeltypes', ['action' => 'add', 'angeltype_id' => $angeltype['id']]),
_('join'),
'btn-xs'
);
@ -245,7 +251,11 @@ function angeltypes_list_controller()
$angeltype['restricted'] = $angeltype['restricted'] ? glyph('lock') : '';
$angeltype['no_self_signup'] = $angeltype['no_self_signup'] ? '' : glyph('share');
$angeltype['name'] = '<a href="' . page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'] . '">' . $angeltype['name'] . '</a>';
$angeltype['name'] = '<a href="'
. page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']])
. '">'
. $angeltype['name']
. '</a>';
$angeltype['actions'] = table_buttons($actions);
}

5
includes/controller/rooms_controller.php
View File

@ -1,4 +1,5 @@
<?php
use Engelsystem\ShiftsFilter;
use Engelsystem\ShiftsFilterRenderer;
@ -88,7 +89,7 @@ function rooms_controller()
*/
function room_link($room)
{
return page_link_to('rooms') . '&action=view&room_id=' . $room['RID'];
return page_link_to('rooms', ['action' => 'view', 'room_id' => $room['RID']]);
}
/**
@ -97,7 +98,7 @@ function room_link($room)
*/
function room_edit_link($room)
{
return page_link_to('admin_rooms') . '&show=edit&id=' . $room['RID'];
return page_link_to('admin_rooms', ['show' => 'edit', 'id' => $room['RID']]);
}
/**

8
includes/controller/shift_entries_controller.php
View File

@ -13,7 +13,7 @@ function shift_entry_add_controller()
$request = request();
$shift_id = 0;
if ($request->has('shift_id') && preg_match('/^\d*$/', $request->input('shift_id'))) {
if ($request->has('shift_id') && preg_match('/^\d+$/', $request->input('shift_id'))) {
$shift_id = $request->input('shift_id');
} else {
redirect(page_link_to('user_shifts'));
@ -27,13 +27,13 @@ function shift_entry_add_controller()
}
$shift = Shift($shift_id);
$shift['Name'] = $room_array[$shift['RID']];
if ($shift == null) {
redirect(page_link_to('user_shifts'));
}
$shift['Name'] = $room_array[$shift['RID']];
$type_id = 0;
if ($request->has('type_id') && preg_match('/^\d*$/', $request->input('type_id'))) {
if ($request->has('type_id') && preg_match('/^\d+$/', $request->input('type_id'))) {
$type_id = $request->input('type_id');
} else {
redirect(page_link_to('user_shifts'));
@ -64,7 +64,7 @@ function shift_entry_add_controller()
if (
$request->has('user_id')
&& preg_match('/^\d*$/', $request->input('user_id'))
&& preg_match('/^\d+$/', $request->input('user_id'))
&& (
in_array('user_shifts_admin', $privileges)
|| in_array('shiftentry_edit_angeltype_supporter', $privileges)

35
includes/controller/shifts_controller.php
View File

@ -1,4 +1,5 @@
<?php
use Engelsystem\ShiftSignupState;
/**
@ -7,10 +8,13 @@ use Engelsystem\ShiftSignupState;
*/
function shift_link($shift)
{
$link = page_link_to('shifts') . '&action=view';
$parameters = ['action' => 'view'];
if (isset($shift['SID'])) {
$link .= '&shift_id=' . $shift['SID'];
$parameters['shift_id'] = $shift['SID'];
}
$link = page_link_to('shifts', $parameters);
return $link;
}
@ -20,7 +24,7 @@ function shift_link($shift)
*/
function shift_delete_link($shift)
{
return page_link_to('user_shifts') . '&delete_shift=' . $shift['SID'];
return page_link_to('user_shifts', ['delete_shift' => $shift['SID']]);
}
/**
@ -29,7 +33,7 @@ function shift_delete_link($shift)
*/
function shift_edit_link($shift)
{
return page_link_to('user_shifts') . '&edit_shift=' . $shift['SID'];
return page_link_to('user_shifts', ['edit_shift' => $shift['SID']]);
}
/**
@ -61,7 +65,7 @@ function shift_edit_controller()
$angeltypes = select_array(AngelTypes(), 'id', 'name');
$shifttypes = select_array(ShiftTypes(), 'id', 'name');
$needed_angel_types = select_array(NeededAngelTypes_by_shift($shift_id), 'id', 'count');
$needed_angel_types = select_array(NeededAngelTypes_by_shift($shift_id), 'angel_type_id', 'count');
foreach (array_keys($angeltypes) as $angeltype_id) {
if (!isset($needed_angel_types[$angeltype_id])) {
$needed_angel_types[$angeltype_id] = 0;
@ -116,17 +120,22 @@ function shift_edit_controller()
$msg .= error(_('The ending time has to be after the starting time.'), true);
}
foreach ($needed_angel_types as $needed_angeltype_id => $needed_angeltype_name) {
if ($request->has('type_' . $needed_angeltype_id) && test_request_int('type_' . $needed_angeltype_id)) {
$needed_angel_types[$needed_angeltype_id] = trim($request->input('type_' . $needed_angeltype_id));
foreach ($needed_angel_types as $needed_angeltype_id => $count) {
$needed_angel_types[$needed_angeltype_id] = 0;
$queryKey = 'type_' . $needed_angeltype_id;
if ($request->has($queryKey)) {
if (test_request_int($queryKey)) {
$needed_angel_types[$needed_angeltype_id] = trim($request->input($queryKey));
} else {
$valid = false;
$msg .= error(sprintf(
_('Please check your input for needed angels of type %s.'),
$needed_angeltype_name
$angeltypes[$needed_angeltype_id]
), true);
}
}
}
if ($valid) {
$shift['shifttype_id'] = $shifttype_id;
@ -195,7 +204,7 @@ function shift_delete_controller()
}
// Schicht komplett löschen (nur für admins/user mit user_shifts_admin privileg)
if (!$request->has('delete_shift') || !preg_match('/^\d*$/', $request->input('delete_shift'))) {
if (!$request->has('delete_shift') || !preg_match('/^\d+$/', $request->input('delete_shift'))) {
redirect(page_link_to('user_shifts'));
}
$shift_id = $request->input('delete_shift');
@ -225,7 +234,9 @@ function shift_delete_controller()
date('Y-m-d H:i', $shift['start']),
date('H:i', $shift['end'])
), true),
'<a class="button" href="?p=user_shifts&delete_shift=' . $shift_id . '&delete">' . _('delete') . '</a>'
'<a class="button" href="'
. page_link_to('user_shifts', ['delete_shift' => $shift_id, 'delete' => 1]) .
'">' . _('delete') . '</a>'
]);
}
@ -308,8 +319,6 @@ function shifts_controller()
/**
* Redirects the user to his next shift.
*
* @return false
*/
function shift_next_controller()
{

4
includes/controller/shifttypes_controller.php
View File

@ -6,7 +6,7 @@
*/
function shifttype_link($shifttype)
{
return page_link_to('shifttypes') . '&action=view&shifttype_id=' . $shifttype['id'];
return page_link_to('shifttypes', ['action' => 'view', 'shifttype_id' => $shifttype['id']]);
}
/**
@ -100,7 +100,7 @@ function shifttype_edit_controller()
engelsystem_log('Created shifttype ' . $name);
success(_('Created shifttype.'));
}
redirect(page_link_to('shifttypes') . '&action=view&shifttype_id=' . $shifttype_id);
redirect(page_link_to('shifttypes', ['action' => 'view', 'shifttype_id' => $shifttype_id]));
}
}

17
includes/controller/user_angeltypes_controller.php
View File

@ -17,8 +17,7 @@ function user_angeltypes_unconfirmed_hint()
$unconfirmed_links = [];
foreach ($unconfirmed_user_angeltypes as $user_angeltype) {
$unconfirmed_links[] = '<a href="'
. page_link_to('angeltypes')
. '&action=view&angeltype_id=' . $user_angeltype['angeltype_id']
. page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $user_angeltype['angeltype_id']])
. '">' . $user_angeltype['name']
. ' (+' . $user_angeltype['count'] . ')'
. '</a>';
@ -61,7 +60,7 @@ function user_angeltypes_delete_all_controller()
engelsystem_log(sprintf('Denied all users for angeltype %s', AngelType_name_render($angeltype)));
success(sprintf(_('Denied all users for angeltype %s.'), AngelType_name_render($angeltype)));
redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']);
redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]));
}
return [
@ -107,7 +106,7 @@ function user_angeltypes_confirm_all_controller()
engelsystem_log(sprintf('Confirmed all users for angeltype %s', AngelType_name_render($angeltype)));
success(sprintf(_('Confirmed all users for angeltype %s.'), AngelType_name_render($angeltype)));
redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']);
redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]));
}
return [
@ -167,7 +166,7 @@ function user_angeltype_confirm_controller()
User_Nick_render($user_source),
AngelType_name_render($angeltype)
));
redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']);
redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]));
}
return [
@ -221,7 +220,7 @@ function user_angeltype_delete_controller()
engelsystem_log($success_message);
success($success_message);
redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']);
redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]));
}
return [
@ -287,7 +286,7 @@ function user_angeltype_update_controller()
engelsystem_log($success_message);
success($success_message);
redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']);
redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]));
}
return [
@ -341,7 +340,7 @@ function user_angeltype_add_controller()
AngelType_name_render($angeltype)
));
redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']);
redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]));
}
}
@ -383,7 +382,7 @@ function user_angeltype_join_controller($angeltype)
));
}
redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']);
redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]));
}
return [

2
includes/controller/user_driver_licenses_controller.php
View File

@ -63,7 +63,7 @@ function user_driver_license_edit_link($user = null)
if ($user == null) {
return page_link_to('user_driver_licenses');
}
return page_link_to('user_driver_licenses') . '&user_id=' . $user['UID'];
return page_link_to('user_driver_licenses', ['user_id' => $user['UID']]);
}
/**

18
includes/controller/users_controller.php
View File

@ -47,7 +47,7 @@ function user_delete_controller()
$request = request();
if ($request->has('user_id')) {
$user_source = User($request->get('user_id'));
$user_source = User($request->query->get('user_id'));
} else {
$user_source = $user;
}
@ -68,7 +68,7 @@ function user_delete_controller()
if (
!(
$request->has('password')
&& verify_password($request->post('password'), $user['Passwort'], $user['UID'])
&& verify_password($request->postData('password'), $user['Passwort'], $user['UID'])
)
) {
$valid = false;
@ -106,7 +106,7 @@ function users_link()
*/
function user_edit_link($user)
{
return page_link_to('admin_user') . '&user_id=' . $user['UID'];
return page_link_to('admin_user', ['user_id' => $user['UID']]);
}
/**
@ -115,7 +115,7 @@ function user_edit_link($user)
*/
function user_delete_link($user)
{
return page_link_to('users') . '&action=delete&user_id=' . $user['UID'];
return page_link_to('users', ['action' => 'delete', 'user_id' => $user['UID']]);
}
/**
@ -124,7 +124,7 @@ function user_delete_link($user)
*/
function user_link($user)
{
return page_link_to('users') . '&action=view&user_id=' . $user['UID'];
return page_link_to('users', ['action' => 'view', 'user_id' => $user['UID']]);
}
/**
@ -297,9 +297,9 @@ function user_password_recovery_set_new_controller()
if (
$request->has('password')
&& strlen($request->post('password')) >= config('min_password_length')
&& strlen($request->postData('password')) >= config('min_password_length')
) {
if ($request->post('password') != $request->post('password2')) {
if ($request->postData('password') != $request->postData('password2')) {
$valid = false;
error(_('Your passwords don\'t match.'));
}
@ -309,7 +309,7 @@ function user_password_recovery_set_new_controller()
}
if ($valid) {
set_password($user_source['UID'], $request->post('password'));
set_password($user_source['UID'], $request->postData('password'));
success(_('Password saved.'));
redirect(page_link_to('login'));
}
@ -353,7 +353,7 @@ function user_password_recovery_start_controller()
_('Password recovery'),
sprintf(
_('Please visit %s to recover your password.'),
page_link_to_absolute('user_password_recovery') . '&token=' . $token
page_link_to('user_password_recovery', ['token' => $token])
)
);
success(_('We sent an email containing your password recovery link.'));

161
includes/engelsystem_provider.php
View File

@ -6,16 +6,13 @@ use Engelsystem\Exceptions\Handler as ExceptionHandler;
use Engelsystem\Http\Request;
use Engelsystem\Renderer\HtmlEngine;
use Engelsystem\Renderer\Renderer;
use Symfony\Component\HttpFoundation\Session\Session;
/**
* This file includes all needed functions, connects to the db etc.
*/
if (!is_readable(__DIR__ . '/../vendor/autoload.php')) {
die('Please run composer.phar install');
}
require __DIR__ . '/../vendor/autoload.php';
require_once __DIR__ . '/autoload.php';
/**
* Load configuration
@ -36,9 +33,10 @@ date_default_timezone_set($config->get('timezone'));
/**
* Initialize Request
*
* @var Request $request
*/
$request = new Request();
$request->create();
$request = Request::createFromGlobals();
$request::setInstance($request);
/**
@ -86,88 +84,95 @@ Db::getPdo()->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
/**
* Include legacy code
*/
require_once realpath(__DIR__ . '/../includes/sys_auth.php');
require_once realpath(__DIR__ . '/../includes/sys_form.php');
require_once realpath(__DIR__ . '/../includes/sys_log.php');
require_once realpath(__DIR__ . '/../includes/sys_menu.php');
require_once realpath(__DIR__ . '/../includes/sys_page.php');
require_once realpath(__DIR__ . '/../includes/sys_template.php');
$includeFiles = [
__DIR__ . '/../includes/sys_auth.php',
__DIR__ . '/../includes/sys_form.php',
__DIR__ . '/../includes/sys_log.php',
__DIR__ . '/../includes/sys_menu.php',
__DIR__ . '/../includes/sys_page.php',
__DIR__ . '/../includes/sys_template.php',
require_once realpath(__DIR__ . '/../includes/model/AngelType_model.php');
require_once realpath(__DIR__ . '/../includes/model/EventConfig_model.php');
require_once realpath(__DIR__ . '/../includes/model/LogEntries_model.php');
require_once realpath(__DIR__ . '/../includes/model/Message_model.php');
require_once realpath(__DIR__ . '/../includes/model/NeededAngelTypes_model.php');
require_once realpath(__DIR__ . '/../includes/model/Room_model.php');
require_once realpath(__DIR__ . '/../includes/model/ShiftEntry_model.php');
require_once realpath(__DIR__ . '/../includes/model/Shifts_model.php');
require_once realpath(__DIR__ . '/../includes/model/ShiftsFilter.php');
require_once realpath(__DIR__ . '/../includes/model/ShiftSignupState.php');
require_once realpath(__DIR__ . '/../includes/model/ShiftTypes_model.php');
require_once realpath(__DIR__ . '/../includes/model/UserAngelTypes_model.php');
require_once realpath(__DIR__ . '/../includes/model/UserDriverLicenses_model.php');
require_once realpath(__DIR__ . '/../includes/model/UserGroups_model.php');
require_once realpath(__DIR__ . '/../includes/model/User_model.php');
require_once realpath(__DIR__ . '/../includes/model/ValidationResult.php');
__DIR__ . '/../includes/model/AngelType_model.php',
__DIR__ . '/../includes/model/EventConfig_model.php',
__DIR__ . '/../includes/model/LogEntries_model.php',
__DIR__ . '/../includes/model/Message_model.php',
__DIR__ . '/../includes/model/NeededAngelTypes_model.php',
__DIR__ . '/../includes/model/Room_model.php',
__DIR__ . '/../includes/model/ShiftEntry_model.php',
__DIR__ . '/../includes/model/Shifts_model.php',
__DIR__ . '/../includes/model/ShiftsFilter.php',
__DIR__ . '/../includes/model/ShiftSignupState.php',
__DIR__ . '/../includes/model/ShiftTypes_model.php',
__DIR__ . '/../includes/model/UserAngelTypes_model.php',
__DIR__ . '/../includes/model/UserDriverLicenses_model.php',
__DIR__ . '/../includes/model/UserGroups_model.php',
__DIR__ . '/../includes/model/User_model.php',
__DIR__ . '/../includes/model/ValidationResult.php',
require_once realpath(__DIR__ . '/../includes/view/AngelTypes_view.php');
require_once realpath(__DIR__ . '/../includes/view/EventConfig_view.php');
require_once realpath(__DIR__ . '/../includes/view/Questions_view.php');
require_once realpath(__DIR__ . '/../includes/view/Rooms_view.php');
require_once realpath(__DIR__ . '/../includes/view/ShiftCalendarLane.php');
require_once realpath(__DIR__ . '/../includes/view/ShiftCalendarRenderer.php');
require_once realpath(__DIR__ . '/../includes/view/ShiftCalendarShiftRenderer.php');
require_once realpath(__DIR__ . '/../includes/view/ShiftsFilterRenderer.php');
require_once realpath(__DIR__ . '/../includes/view/Shifts_view.php');
require_once realpath(__DIR__ . '/../includes/view/ShiftEntry_view.php');
require_once realpath(__DIR__ . '/../includes/view/ShiftTypes_view.php');
require_once realpath(__DIR__ . '/../includes/view/UserAngelTypes_view.php');
require_once realpath(__DIR__ . '/../includes/view/UserDriverLicenses_view.php');
require_once realpath(__DIR__ . '/../includes/view/UserHintsRenderer.php');
require_once realpath(__DIR__ . '/../includes/view/User_view.php');
__DIR__ . '/../includes/view/AngelTypes_view.php',
__DIR__ . '/../includes/view/EventConfig_view.php',
__DIR__ . '/../includes/view/Questions_view.php',
__DIR__ . '/../includes/view/Rooms_view.php',
__DIR__ . '/../includes/view/ShiftCalendarLane.php',
__DIR__ . '/../includes/view/ShiftCalendarRenderer.php',
__DIR__ . '/../includes/view/ShiftCalendarShiftRenderer.php',
__DIR__ . '/../includes/view/ShiftsFilterRenderer.php',
__DIR__ . '/../includes/view/Shifts_view.php',
__DIR__ . '/../includes/view/ShiftEntry_view.php',
__DIR__ . '/../includes/view/ShiftTypes_view.php',
__DIR__ . '/../includes/view/UserAngelTypes_view.php',
__DIR__ . '/../includes/view/UserDriverLicenses_view.php',
__DIR__ . '/../includes/view/UserHintsRenderer.php',
__DIR__ . '/../includes/view/User_view.php',
require_once realpath(__DIR__ . '/../includes/controller/angeltypes_controller.php');
require_once realpath(__DIR__ . '/../includes/controller/event_config_controller.php');
require_once realpath(__DIR__ . '/../includes/controller/rooms_controller.php');
require_once realpath(__DIR__ . '/../includes/controller/shift_entries_controller.php');
require_once realpath(__DIR__ . '/../includes/controller/shifts_controller.php');
require_once realpath(__DIR__ . '/../includes/controller/shifttypes_controller.php');
require_once realpath(__DIR__ . '/../includes/controller/users_controller.php');
require_once realpath(__DIR__ . '/../includes/controller/user_angeltypes_controller.php');
require_once realpath(__DIR__ . '/../includes/controller/user_driver_licenses_controller.php');
__DIR__ . '/../includes/controller/angeltypes_controller.php',
__DIR__ . '/../includes/controller/event_config_controller.php',
__DIR__ . '/../includes/controller/rooms_controller.php',
__DIR__ . '/../includes/controller/shift_entries_controller.php',
__DIR__ . '/../includes/controller/shifts_controller.php',
__DIR__ . '/../includes/controller/shifttypes_controller.php',
__DIR__ . '/../includes/controller/users_controller.php',
__DIR__ . '/../includes/controller/user_angeltypes_controller.php',
__DIR__ . '/../includes/controller/user_driver_licenses_controller.php',
require_once realpath(__DIR__ . '/../includes/helper/graph_helper.php');
require_once realpath(__DIR__ . '/../includes/helper/internationalization_helper.php');
require_once realpath(__DIR__ . '/../includes/helper/message_helper.php');
require_once realpath(__DIR__ . '/../includes/helper/error_helper.php');
require_once realpath(__DIR__ . '/../includes/helper/email_helper.php');
__DIR__ . '/../includes/helper/graph_helper.php',
__DIR__ . '/../includes/helper/internationalization_helper.php',
__DIR__ . '/../includes/helper/message_helper.php',
__DIR__ . '/../includes/helper/error_helper.php',
__DIR__ . '/../includes/helper/email_helper.php',
require_once realpath(__DIR__ . '/../includes/mailer/shifts_mailer.php');
require_once realpath(__DIR__ . '/../includes/mailer/users_mailer.php');
__DIR__ . '/../includes/mailer/shifts_mailer.php',
__DIR__ . '/../includes/mailer/users_mailer.php',
require_once realpath(__DIR__ . '/../includes/pages/admin_active.php');
require_once realpath(__DIR__ . '/../includes/pages/admin_arrive.php');
require_once realpath(__DIR__ . '/../includes/pages/admin_free.php');
require_once realpath(__DIR__ . '/../includes/pages/admin_groups.php');
require_once realpath(__DIR__ . '/../includes/pages/admin_import.php');
require_once realpath(__DIR__ . '/../includes/pages/admin_log.php');
require_once realpath(__DIR__ . '/../includes/pages/admin_questions.php');
require_once realpath(__DIR__ . '/../includes/pages/admin_rooms.php');
require_once realpath(__DIR__ . '/../includes/pages/admin_shifts.php');
require_once realpath(__DIR__ . '/../includes/pages/admin_user.php');
require_once realpath(__DIR__ . '/../includes/pages/guest_login.php');
require_once realpath(__DIR__ . '/../includes/pages/user_messages.php');
require_once realpath(__DIR__ . '/../includes/pages/user_myshifts.php');
require_once realpath(__DIR__ . '/../includes/pages/user_news.php');
require_once realpath(__DIR__ . '/../includes/pages/user_questions.php');
require_once realpath(__DIR__ . '/../includes/pages/user_settings.php');
require_once realpath(__DIR__ . '/../includes/pages/user_shifts.php');
__DIR__ . '/../includes/pages/admin_active.php',
__DIR__ . '/../includes/pages/admin_arrive.php',
__DIR__ . '/../includes/pages/admin_free.php',
__DIR__ . '/../includes/pages/admin_groups.php',
__DIR__ . '/../includes/pages/admin_import.php',
__DIR__ . '/../includes/pages/admin_log.php',
__DIR__ . '/../includes/pages/admin_questions.php',
__DIR__ . '/../includes/pages/admin_rooms.php',
__DIR__ . '/../includes/pages/admin_shifts.php',
__DIR__ . '/../includes/pages/admin_user.php',
__DIR__ . '/../includes/pages/guest_login.php',
__DIR__ . '/../includes/pages/user_messages.php',
__DIR__ . '/../includes/pages/user_myshifts.php',
__DIR__ . '/../includes/pages/user_news.php',
__DIR__ . '/../includes/pages/user_questions.php',
__DIR__ . '/../includes/pages/user_settings.php',
__DIR__ . '/../includes/pages/user_shifts.php',
];
foreach ($includeFiles as $file) {
require_once realpath($file);
}
/**
* Init application
*/
session_start();
$session = new Session();
$session->start();
$request->setSession($session);
gettext_init();

25
includes/helper/internationalization_helper.php
View File

@ -1,5 +1,7 @@
<?php
use Engelsystem\Http\Request;
/**
* Return currently active locale
*
@ -7,7 +9,7 @@
*/
function locale()
{
return $_SESSION['locale'];
return session()->get('locale');
}
/**
@ -27,11 +29,12 @@ function gettext_init()
{
$locales = config('locales');
$request = request();
$session = session();
if ($request->has('set_locale') && isset($locales[$request->input('set_locale')])) {
$_SESSION['locale'] = $request->input('set_locale');
} elseif (!isset($_SESSION['locale'])) {
$_SESSION['locale'] = config('default_locale');
$session->set('locale', $request->input('set_locale'));
} elseif (!$session->has('locale')) {
$session->set('locale', config('default_locale'));
}
gettext_locale();
@ -48,7 +51,7 @@ function gettext_init()
function gettext_locale($locale = null)
{
if ($locale == null) {
$locale = $_SESSION['locale'];
$locale = session()->get('locale');
}
putenv('LC_ALL=' . $locale);
@ -62,14 +65,20 @@ function gettext_locale($locale = null)
*/
function make_langselect()
{
$url = $_SERVER['REQUEST_URI'] . (strpos($_SERVER['REQUEST_URI'], '?') > 0 ? '&' : '?') . 'set_locale=';
$request = Request::getInstance();
$items = [];
foreach (config('locales') as $locale => $name) {
$url = url($request->getPathInfo(), ['set_locale' => $locale]);
$items[] = toolbar_item_link(
htmlspecialchars($url) . $locale,
htmlspecialchars($url),
'',
'<img src="pic/flag/' . $locale . '.png" alt="' . $name . '" title="' . $name . '"> ' . $name
sprintf(
'<img src="%s" alt="%s" title="%2$s"> %2$s',
url('pic/flag/' . $locale . '.png'),
$name
)
);
}
return $items;

30
includes/helper/message_helper.php
View File

@ -7,12 +7,12 @@
*/
function msg()
{
if (!isset($_SESSION['msg'])) {
return '';
}
$msg = $_SESSION['msg'];
$_SESSION['msg'] = '';
return $msg;
$session = session();
$message = $session->get('msg', '');
$session->set('msg', '');
return $message;
}
/**
@ -57,21 +57,23 @@ function success($msg, $immediately = false)
* @param string $class
* @param string $msg
* @param bool $immediately
* @return string|null
* @return string
*/
function alert($class, $msg, $immediately = false)
{
if ($immediately) {
if ($msg == '') {
$session = session();
if (empty($msg)) {
return '';
}
if ($immediately) {
return '<div class="alert alert-' . $class . '">' . $msg . '</div>';
}
if (!isset($_SESSION['msg'])) {
$_SESSION['msg'] = '';
}
$_SESSION['msg'] .= alert($class, $msg, true);
$message = $session->get('msg', '');
$message .= alert($class, $msg, true);
$session->set('msg', $message);
return null;
return '';
}

5
includes/model/Shifts_model.php
View File

@ -245,6 +245,10 @@ function Shift_signup_allowed_angel(
) {
$free_entries = Shift_free_entries($needed_angeltype, $shift_entries);
if (config('signup_requires_arrival') && !$user['Gekommen']) {
return new ShiftSignupState(ShiftSignupState::SHIFT_ENDED, $free_entries);
}
if ($user_shifts == null) {
$user_shifts = Shifts_by_user($user);
}
@ -444,6 +448,7 @@ function Shift_update($shift)
*
* @param array $shift
* @return bool|null
* @throws Exception
*/
function Shift_update_by_psid($shift)
{

2
includes/model/User_model.php
View File

@ -241,7 +241,7 @@ function Users_by_angeltype($angeltype)
`UserAngelTypes`.`id` AS `user_angeltype_id`,
`UserAngelTypes`.`confirm_user_id`,
`UserAngelTypes`.`supporter`,
(`UserDriverLicenses`.`user_id` IS NOT NULL) as `wants_to_drive`,
(`UserDriverLicenses`.`user_id` IS NOT NULL) AS `wants_to_drive`,
`UserDriverLicenses`.*
FROM `User`
JOIN `UserAngelTypes` ON `User`.`UID`=`UserAngelTypes`.`user_id`

52
includes/pages/admin_active.php
View File

@ -82,9 +82,13 @@ function admin_active()
$limit = '';
$msg = success(_('Marked angels.'), true);
} else {
$set_active = '<a href="' . page_link_to('admin_active') . '&amp;serach=' . $search . '">&laquo; '
. _('back') . '</a> | <a href="'
. page_link_to('admin_active') . '&amp;search=' . $search . '&amp;count=' . $count . '&amp;set_active&amp;ack">'
$set_active = '<a href="' . page_link_to('admin_active', ['search' => $search]) . '">&laquo; '
. _('back')
. '</a> | <a href="'
. page_link_to(
'admin_active',
['search' => $search, 'count' => $count, 'set_active' => 1, 'ack' => 1]
) . '">'
. _('apply')
. '</a>';
}
@ -176,28 +180,46 @@ function admin_active()
$actions = [];
if ($usr['Aktiv'] == 0) {
$actions[] = '<a href="'
. page_link_to('admin_active') . '&amp;active=' . $usr['UID']
. ($show_all_shifts ? '&amp;show_all_shifts=' : '') . '&amp;search=' . $search . '">'
$parameters = [
'active' => $usr['UID'],
'search' => $search,
];
if ($show_all_shifts) {
$parameters['show_all_shifts'] = 1;
}
$actions[] = '<a href="' . page_link_to('admin_active', $parameters) . '">'
. _('set active')
. '</a>';
}
if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) {
$actions[] = '<a href="'
. page_link_to('admin_active') . '&amp;not_active=' . $usr['UID']
. ($show_all_shifts ? '&amp;show_all_shifts=' : '') . '&amp;search=' . $search . '">'
$parametersRemove = [
'not_active' => $usr['UID'],
'search' => $search,
];
$parametersShirt = [
'tshirt' => $usr['UID'],
'search' => $search,
];
if ($show_all_shifts) {
$parametersRemove['show_all_shifts'] = 1;
$parametersShirt['show_all_shifts'] = 1;
}
$actions[] = '<a href="' . page_link_to('admin_active', $parametersRemove) . '">'
. _('remove active')
. '</a>';
$actions[] = '<a href="'
. page_link_to('admin_active') . '&amp;tshirt=' . $usr['UID']
. ($show_all_shifts ? '&amp;show_all_shifts=' : '') . '&amp;search=' . $search . '">'
$actions[] = '<a href="' . page_link_to('admin_active', $parametersShirt) . '">'
. _('got t-shirt')
. '</a>';
}
if ($usr['Tshirt'] == 1) {
$actions[] = '<a href="'
. page_link_to('admin_active') . '&amp;not_tshirt=' . $usr['UID']
. ($show_all_shifts ? '&amp;show_all_shifts=' : '') . '&amp;search=' . $search . '">'
$parameters = [
'not_tshirt' => $usr['UID'],
'search' => $search,
];
if ($show_all_shifts) {
$parameters['show_all_shifts'] = 1;
}
$actions[] = '<a href="' . page_link_to('admin_active', $parameters) . '">'
. _('remove t-shirt')
. '</a>';
}

14
includes/pages/admin_arrive.php
View File

@ -23,7 +23,7 @@ function admin_arrive()
$search = strip_request_item('search');
}
if ($request->has('reset') && preg_match('/^\d*$/', $request->input('reset'))) {
if ($request->has('reset') && preg_match('/^\d+$/', $request->input('reset'))) {
$user_id = $request->input('reset');
$user_source = User($user_id);
if ($user_source != null) {
@ -39,7 +39,7 @@ function admin_arrive()
} else {
$msg = error(_('Angel not found.'), true);
}
} elseif ($request->has('arrived') && preg_match('/^\d*$/', $request->input('arrived'))) {
} elseif ($request->has('arrived') && preg_match('/^\d+$/', $request->input('arrived'))) {
$user_id = $request->input('arrived');
$user_source = User($user_id);
if ($user_source != null) {
@ -92,8 +92,14 @@ function admin_arrive()
$usr['rendered_arrival_date'] = $usr['arrival_date'] > 0 ? date('Y-m-d', $usr['arrival_date']) : '-';
$usr['arrived'] = $usr['Gekommen'] == 1 ? _('yes') : '';
$usr['actions'] = $usr['Gekommen'] == 1
? '<a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">' . _('reset') . '</a>'
: '<a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">' . _('arrived') . '</a>';
? '<a href="' . page_link_to(
'admin_arrive',
['reset' => $usr['UID'], 'search' => $search]
) . '">' . _('reset') . '</a>'
: '<a href="' . page_link_to(
'admin_arrive',
['arrived' => $usr['UID'], 'search' => $search]
) . '">' . _('arrived') . '</a>';
if ($usr['arrival_date'] > 0) {
$day = date('Y-m-d', $usr['arrival_date']);

2
includes/pages/admin_free.php
View File

@ -94,7 +94,7 @@ function admin_free()
'email' => $usr['email_by_human_allowed'] ? $usr['email'] : glyph('eye-close'),
'actions' =>
in_array('admin_user', $privileges)
? button(page_link_to('admin_user') . '&amp;id=' . $usr['UID'], _('edit'), 'btn-xs')
? button(page_link_to('admin_user', ['id' => $usr['UID']]), _('edit'), 'btn-xs')
: ''
];
}

13
includes/pages/admin_groups.php
View File

@ -38,7 +38,8 @@ function admin_groups()
'name' => $group['Name'],
'privileges' => join(', ', $privileges_html),
'actions' => button(
page_link_to('admin_groups') . '&action=edit&id=' . $group['UID'],
page_link_to('admin_groups',
['action' => 'edit', 'id' => $group['UID']]),
_('edit'),
'btn-xs'
)
@ -80,7 +81,8 @@ function admin_groups()
'privileges[]',
$privilege['desc'] . ' (' . $privilege['name'] . ')',
$privilege['group_id'] != '',
$privilege['id']
$privilege['id'],
'privilege-' . $privilege['name']
);
$privileges_html .= sprintf(
'<tr><td><input type="checkbox" name="privileges[]" value="%s" %s /></td> <td>%s</td> <td>%s</td></tr>',
@ -93,7 +95,10 @@ function admin_groups()
$privileges_form[] = form_submit('submit', _('Save'));
$html .= page_with_title(_('Edit group'), [
form($privileges_form, page_link_to('admin_groups') . '&action=save&id=' . $group_id)
form(
$privileges_form,
page_link_to('admin_groups', ['action' => 'save', 'id' => $group_id])
)
]);
} else {
return error('No Group found.', true);
@ -108,7 +113,7 @@ function admin_groups()
}
$group = DB::selectOne('SELECT * FROM `Groups` WHERE `UID`=? LIMIT 1', [$group_id]);
$privileges = $request->get('privileges');
$privileges = $request->postData('privileges');
if (!is_array($privileges)) {
$privileges = [];
}

20
includes/pages/admin_import.php
View File

@ -98,10 +98,12 @@ function admin_import()
if ($valid) {
redirect(
page_link_to('admin_import')
. '&step=check&shifttype_id=' . $shifttype_id
. '&add_minutes_end=' . $add_minutes_end
. '&add_minutes_start=' . $add_minutes_start
page_link_to('admin_import', [
'step' => 'check',
'shifttype_id' => $shifttype_id,
'add_minutes_end' => $add_minutes_end,
'add_minutes_start' => $add_minutes_start,
])
);
} else {
$html .= div('well well-sm text-center', [
@ -207,10 +209,12 @@ function admin_import()
], shifts_printable($events_deleted, $shifttypes)),
form_submit('submit', _('Import'))
],
page_link_to('admin_import')
. '&step=import&shifttype_id=' . $shifttype_id
. '&add_minutes_end=' . $add_minutes_end
. '&add_minutes_start=' . $add_minutes_start
page_link_to('admin_import', [
'step' => 'import',
'shifttype_id' => $shifttype_id,
'add_minutes_end' => $add_minutes_end,
'add_minutes_start' => $add_minutes_start,
])
);
break;

25
includes/pages/admin_news.php
View File

@ -7,7 +7,7 @@ use Engelsystem\Database\DB;
*/
function admin_news()
{
global $user;
global $user, $privileges;
$request = request();
if (!$request->has('action')) {
@ -30,21 +30,31 @@ function admin_news()
case 'edit':
$user_source = User($news['UID']);
$html .= form([
$html .= form(
[
form_info(_('Date'), date('Y-m-d H:i', $news['Datum'])),
form_info(_('Author'), User_Nick_render($user_source)),
form_text('eBetreff', _('Subject'), $news['Betreff']),
form_textarea('eText', _('Message'), $news['Text']),
form_checkbox('eTreffen', _('Meeting'), $news['Treffen'] == 1, 1),
form_submit('submit', _('Save'))
], page_link_to('admin_news&action=save&id=' . $news_id));
],
page_link_to('admin_news', ['action' => 'save', 'id' => $news_id])
);
$html .= '<a class="btn btn-danger" href="' . page_link_to('admin_news&action=delete&id=' . $news_id) . '">'
$html .= '<a class="btn btn-danger" href="'
. page_link_to('admin_news', ['action' => 'delete', 'id' => $news_id])
. '">'
. '<span class="glyphicon glyphicon-trash"></span> ' . _('Delete')
. '</a>';
break;
case 'save':
$text = $request->postData('eText');
if (!in_array('admin_news_html', $privileges)) {
$text = strip_tags($text);
}
DB::update('
UPDATE `News` SET
`Datum`=?,
@ -56,14 +66,15 @@ function admin_news()
',
[
time(),
$request->post('eBetreff'),
$request->post('eText'),
strip_tags($request->postData('eBetreff')),
$text,
$user['UID'],
$request->has('eTreffen') ? 1 : 0,
$news_id
]
);
engelsystem_log('News updated: ' . $request->post('eBetreff'));
engelsystem_log('News updated: ' . $request->postData('eBetreff'));
success(_('News entry updated.'));
redirect(page_link_to('news'));
break;

6
includes/pages/admin_questions.php
View File

@ -52,9 +52,9 @@ function admin_questions()
'answer' => form([
form_textarea('answer', '', ''),
form_submit('submit', _('Save'))
], page_link_to('admin_questions') . '&action=answer&id=' . $question['QID']),
], page_link_to('admin_questions', ['action' => 'answer', 'id' => $question['QID']])),
'actions' => button(
page_link_to('admin_questions') . '&action=delete&id=' . $question['QID'],
page_link_to('admin_questions', ['action' => 'delete', 'id' => $question['QID']]),
_('delete'),
'btn-xs'
)
@ -72,7 +72,7 @@ function admin_questions()
'answered_by' => User_Nick_render($answer_user_source),
'answer' => str_replace("\n", '<br />', $question['Answer']),
'actions' => button(
page_link_to('admin_questions') . '&action=delete&id=' . $question['QID'],
page_link_to('admin_questions', ['action' => 'delete', 'id' => $question['QID']]),
_('delete'),
'btn-xs'
)

21
includes/pages/admin_rooms.php
View File

@ -25,8 +25,8 @@ function admin_rooms()
'from_pentabarf' => glyph_bool($room['FromPentabarf'] == 'Y'),
'public' => glyph_bool($room['show'] == 'Y'),
'actions' => table_buttons([
button(page_link_to('admin_rooms') . '&show=edit&id=' . $room['RID'], _('edit'), 'btn-xs'),
button(page_link_to('admin_rooms') . '&show=delete&id=' . $room['RID'], _('delete'), 'btn-xs')
button(page_link_to('admin_rooms', ['show' => 'edit', 'id' => $room['RID']]), _('edit'), 'btn-xs'),
button(page_link_to('admin_rooms', ['show' => 'delete', 'id' => $room['RID']]), _('delete'), 'btn-xs')
])
];
}
@ -107,11 +107,14 @@ function admin_rooms()
}
foreach ($angeltypes as $angeltype_id => $angeltype) {
if (
$request->has('angeltype_count_' . $angeltype_id)
&& preg_match('/^\d{1,4}$/', $request->input('angeltype_count_' . $angeltype_id))
) {
$angeltypes_count[$angeltype_id] = $request->input('angeltype_count_' . $angeltype_id);
$angeltypes_count[$angeltype_id] = 0;
$queryKey = 'angeltype_count_' . $angeltype_id;
if (!$request->has($queryKey)) {
continue;
}
if (preg_match('/^\d{1,4}$/', $request->input($queryKey))) {
$angeltypes_count[$angeltype_id] = $request->input($queryKey);
} else {
$valid = false;
$msg .= error(sprintf(_('Please enter needed angels for type %s.'), $angeltype), true);
@ -220,7 +223,7 @@ function admin_rooms()
sprintf(_('Do you want to delete room %s?'), $name),
buttons([
button(
page_link_to('admin_rooms') . '&show=delete&id=' . $room_id . '&ack',
page_link_to('admin_rooms', ['show' => 'delete', 'id' => $room_id, 'ack' => 1]),
_('Delete'),
'delete btn-danger'
)
@ -231,7 +234,7 @@ function admin_rooms()
return page_with_title(admin_rooms_title(), [
buttons([
button(page_link_to('admin_rooms') . '&show=edit', _('add'))
button(page_link_to('admin_rooms', ['show' => 'edit']), _('add'))
]),
msg(),
table([

27
includes/pages/admin_shifts.php
View File

@ -19,6 +19,7 @@ function admin_shifts()
{
$valid = true;
$request = request();
$session = session();
$start = parse_date('Y-m-d H:i', date('Y-m-d') . ' 00:00');
$end = $start;
$mode = 'single';
@ -132,16 +133,14 @@ function admin_shifts()
} elseif ($request->input('angelmode') == 'manually') {
$angelmode = 'manually';
foreach ($types as $type) {
if (
$request->has('type_' . $type['id'])
&& preg_match('/^\d+$/', trim($request->input('type_' . $type['id'])))
) {
$needed_angel_types[$type['id']] = trim($request->input('type_' . $type['id']));
if (preg_match('/^\d+$/', trim($request->input('type_' . $type['id'], 0)))) {
$needed_angel_types[$type['id']] = trim($request->input('type_' . $type['id'], 0));
} else {
$valid = false;
error(sprintf(_('Please check the needed angels for team %s.'), $type['name']));
}
}
if (array_sum($needed_angel_types) == 0) {
$valid = false;
error(_('There are 0 angels needed. Please enter the amounts of needed angels.'));
@ -272,8 +271,8 @@ function admin_shifts()
}
// Fürs Anlegen zwischenspeichern:
$_SESSION['admin_shifts_shifts'] = $shifts;
$_SESSION['admin_shifts_types'] = $needed_angel_types;
$session->set('admin_shifts_shifts', $shifts);
$session->set('admin_shifts_types', $needed_angel_types);
$hidden_types = '';
foreach ($needed_angel_types as $type_id => $count) {
@ -303,16 +302,14 @@ function admin_shifts()
}
} elseif ($request->has('submit')) {
if (
!$request->has('admin_shifts_shifts')
|| !isset($_SESSION['admin_shifts_types'])
|| !is_array($_SESSION['admin_shifts_shifts'])
|| !is_array($_SESSION['admin_shifts_types'])
!is_array($session->get('admin_shifts_shifts'))
|| !is_array($session->get('admin_shifts_types'))
) {
redirect(page_link_to('admin_shifts'));
}
$needed_angel_types_info = [];
foreach ($_SESSION['admin_shifts_shifts'] as $shift) {
foreach ($session->get('admin_shifts_shifts', []) as $shift) {
$shift['URL'] = null;
$shift['PSID'] = null;
$shift_id = Shift_create($shift);
@ -324,7 +321,7 @@ function admin_shifts()
. ' to ' . date('Y-m-d H:i', $shift['end'])
);
foreach ($_SESSION['admin_shifts_types'] as $type_id => $count) {
foreach ($session->get('admin_shifts_types', []) as $type_id => $count) {
$angel_type_source = DB::selectOne('
SELECT *
FROM `AngelTypes`
@ -350,8 +347,8 @@ function admin_shifts()
success('Schichten angelegt.');
redirect(page_link_to('admin_shifts'));
} else {
unset($_SESSION['admin_shifts_shifts']);
unset($_SESSION['admin_shifts_types']);
$session->remove('admin_shifts_shifts');
$session->remove('admin_shifts_types');
}
$rid = null;

74
includes/pages/admin_user.php
View File

@ -46,25 +46,27 @@ function admin_user()
. 'Wenn T-Shirt ein \'Ja\' enth&auml;lt, bedeutet dies, dass der Engel '
. 'bereits sein T-Shirt erhalten hat.<br /><br />' . "\n";
$html .= '<form action="' . page_link_to('admin_user') . '&action=save&id=' . $user_id . '" method="post">' . "\n";
$html .= '<form action="'
. page_link_to('admin_user', ['action' => 'save', 'id' => $user_id])
. '" method="post">' . "\n";
$html .= '<table border="0">' . "\n";
$html .= '<input type="hidden" name="Type" value="Normal">' . "\n";
$html .= '<tr><td>' . "\n";
$html .= '<table>' . "\n";
$html .= ' <tr><td>Nick</td><td>' . '<input type="text" size="40" name="eNick" value="' . $user_source['Nick'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Nick</td><td>' . '<input size="40" name="eNick" value="' . $user_source['Nick'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Last login</td><td><p class="help-block">'
. date('Y-m-d H:i', $user_source['lastLogIn'])
. '</p></td></tr>' . "\n";
$html .= ' <tr><td>Name</td><td>' . '<input type="text" size="40" name="eName" value="' . $user_source['Name'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Vorname</td><td>' . '<input type="text" size="40" name="eVorname" value="' . $user_source['Vorname'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Alter</td><td>' . '<input type="text" size="5" name="eAlter" value="' . $user_source['Alter'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Telefon</td><td>' . '<input type="text" size="40" name="eTelefon" value="' . $user_source['Telefon'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Handy</td><td>' . '<input type="text" size="40" name="eHandy" value="' . $user_source['Handy'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>DECT</td><td>' . '<input type="text" size="4" name="eDECT" value="' . $user_source['DECT'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Name</td><td>' . '<input size="40" name="eName" value="' . $user_source['Name'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Vorname</td><td>' . '<input size="40" name="eVorname" value="' . $user_source['Vorname'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Alter</td><td>' . '<input size="5" name="eAlter" value="' . $user_source['Alter'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Telefon</td><td>' . '<input size="40" name="eTelefon" value="' . $user_source['Telefon'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Handy</td><td>' . '<input size="40" name="eHandy" value="' . $user_source['Handy'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>DECT</td><td>' . '<input size="4" name="eDECT" value="' . $user_source['DECT'] . '" class="form-control"></td></tr>' . "\n";
if ($user_source['email_by_human_allowed']) {
$html .= " <tr><td>email</td><td>" . '<input type="text" size="40" name="eemail" value="' . $user_source['email'] . '" class="form-control"></td></tr>' . "\n";
$html .= " <tr><td>email</td><td>" . '<input size="40" name="eemail" value="' . $user_source['email'] . '" class="form-control"></td></tr>' . "\n";
}
$html .= " <tr><td>jabber</td><td>" . '<input type="text" size="40" name="ejabber" value="' . $user_source['jabber'] . '" class="form-control"></td></tr>' . "\n";
$html .= " <tr><td>jabber</td><td>" . '<input size="40" name="ejabber" value="' . $user_source['jabber'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Size</td><td>'
. html_select_key('size', 'eSize', $tshirt_sizes, $user_source['Size']) . '</td></tr>' . "\n";
@ -91,7 +93,7 @@ function admin_user()
$html .= ' <tr><td>T-Shirt</td><td>' . "\n";
$html .= html_options('eTshirt', $options, $user_source['Tshirt']) . '</td></tr>' . "\n";
$html .= ' <tr><td>Hometown</td><td>' . '<input type="text" size="40" name="Hometown" value="' . $user_source['Hometown'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Hometown</td><td>' . '<input size="40" name="Hometown" value="' . $user_source['Hometown'] . '" class="form-control"></td></tr>' . "\n";
$html .= '</table>' . "\n" . '</td><td valign="top"></td></tr>';
@ -105,7 +107,8 @@ function admin_user()
$html .= form_info('', _('Please visit the angeltypes page or the users profile to manage users angeltypes.'));
$html .= 'Hier kannst Du das Passwort dieses Engels neu setzen:<form action="'
. page_link_to('admin_user') . '&action=change_pw&id=' . $user_id . '" method="post">' . "\n";
. page_link_to('admin_user', ['action' => 'change_pw', 'id' => $user_id])
. '" method="post">' . "\n";
$html .= '<table>' . "\n";
$html .= ' <tr><td>Passwort</td><td>' . '<input type="password" size="40" name="new_pw" value="" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Wiederholung</td><td>' . '<input type="password" size="40" name="new_pw2" value="" class="form-control"></td></tr>' . "\n";
@ -134,7 +137,8 @@ function admin_user()
if ($user_id != $user['UID'] && $my_highest_group <= $his_highest_group) {
$html .= 'Hier kannst Du die Benutzergruppen des Engels festlegen:<form action="'
. page_link_to('admin_user') . '&action=save_groups&id=' . $user_id . '" method="post">' . "\n";
. page_link_to('admin_user', ['action' => 'save_groups', 'id' => $user_id])
. '" method="post">' . "\n";
$html .= '<table>';
$groups = DB::select('
@ -175,11 +179,11 @@ function admin_user()
switch ($request->input('action')) {
case 'save_groups':
if ($user_id != $user['UID']) {
$my_highest_group = DB::select(
$my_highest_group = DB::selectOne(
'SELECT * FROM `UserGroups` WHERE `uid`=? ORDER BY `group_id`',
[$user['UID']]
);
$his_highest_group = DB::select(
$his_highest_group = DB::selectOne(
'SELECT * FROM `UserGroups` WHERE `uid`=? ORDER BY `group_id`',
[$user_id]
);
@ -257,7 +261,7 @@ function admin_user()
`Handy` = ?,
`Alter` =?,
`DECT` = ?,
' . ($user_source['email_by_human_allowed'] ? '`email` = ' . DB::getPdo()->quote($request->post('eemail')) . ',' : '') . '
' . ($user_source['email_by_human_allowed'] ? '`email` = ' . DB::getPdo()->quote($request->postData('eemail')) . ',' : '') . '
`jabber` = ?,
`Size` = ?,
`Gekommen`= ?,
@ -268,34 +272,34 @@ function admin_user()
WHERE `UID` = ?
LIMIT 1';
DB::update($sql, [
$request->post('eNick'),
$request->post('eName'),
$request->post('eVorname'),
$request->post('eTelefon'),
$request->post('eHandy'),
$request->post('eAlter'),
$request->post('eDECT'),
$request->post('ejabber'),
$request->post('eSize'),
$request->post('eGekommen'),
$request->post('eAktiv'),
User_validate_Nick($request->postData('eNick')),
$request->postData('eName'),
$request->postData('eVorname'),
$request->postData('eTelefon'),
$request->postData('eHandy'),
$request->postData('eAlter'),
$request->postData('eDECT'),
$request->postData('ejabber'),
$request->postData('eSize'),
$request->postData('eGekommen'),
$request->postData('eAktiv'),
$force_active,
$request->post('eTshirt'),
$request->post('Hometown'),
$request->postData('eTshirt'),
$request->postData('Hometown'),
$user_id,
]);
engelsystem_log(
'Updated user: ' . $request->post('eNick') . ', ' . $request->post('eSize')
. ', arrived: ' . $request->post('eVorname')
. ', active: ' . $request->post('eAktiv')
. ', tshirt: ' . $request->post('eTshirt')
'Updated user: ' . $request->postData('eNick') . ', ' . $request->postData('eSize')
. ', arrived: ' . $request->postData('eVorname')
. ', active: ' . $request->postData('eAktiv')
. ', tshirt: ' . $request->postData('eTshirt')
);
$html .= success('Änderung wurde gespeichert...' . "\n", true);
break;
case 'change_pw':
if ($request->post('new_pw') != '' && $request->post('new_pw') == $request->post('new_pw2')) {
set_password($user_id, $request->post('new_pw'));
if ($request->postData('new_pw') != '' && $request->postData('new_pw') == $request->postData('new_pw2')) {
set_password($user_id, $request->postData('new_pw'));
$user_source = User($user_id);
engelsystem_log('Set new password for ' . User_Nick_render($user_source));
$html .= success('Passwort neu gesetzt.', true);

42
includes/pages/guest_login.php
View File

@ -39,6 +39,7 @@ function guest_register()
$min_password_length = config('min_password_length');
$event_config = EventConfig();
$request = request();
$session = session();
$msg = '';
$nick = '';
@ -127,8 +128,8 @@ function guest_register()
}
}
if ($request->has('password') && strlen($request->post('password')) >= $min_password_length) {
if ($request->post('password') != $request->post('password2')) {
if ($request->has('password') && strlen($request->postData('password')) >= $min_password_length) {
if ($request->postData('password') != $request->postData('password2')) {
$valid = false;
$msg .= error(_('Your passwords don\'t match.'), true);
}
@ -226,15 +227,15 @@ function guest_register()
$password_hash,
$comment,
$hometown,
$_SESSION['locale'],
$session->get('locale'),
$planned_arrival_date,
]
);
// Assign user-group and set password
$user_id = DB::getPdo()->lastInsertId();
DB::insert('INSERT INTO `UserGroups` (`uid`, `group_id`) VALUES (?, -2)', [$user_id]);
set_password($user_id, $request->post('password'));
DB::insert('INSERT INTO `UserGroups` (`uid`, `group_id`) VALUES (?, -20)', [$user_id]);
set_password($user_id, $request->postData('password'));
// Assign angel-types
$user_angel_types_info = [];
@ -328,7 +329,7 @@ function guest_register()
'angel_types',
_('What do you want to do?') . sprintf(
' (<a href="%s">%s</a>)',
page_link_to('angeltypes') . '&action=about',
page_link_to('angeltypes', ['action' => 'about']),
_('Description of job types')
),
$angel_types,
@ -377,32 +378,43 @@ function guest_register()
]);
}
/**
* @return string
*/
function entry_required()
{
return '<span class="text-info glyphicon glyphicon-warning-sign"></span>';
}
/**
* @return bool
*/
function guest_logout()
{
session_destroy();
session()->invalidate();
redirect(page_link_to('start'));
return true;
}
/**
* @return string
*/
function guest_login()
{
$nick = '';
$request = request();
unset($_SESSION['uid']);
$session = session();
$valid = true;
$session->remove('uid');
if ($request->has('submit')) {
if ($request->has('nick') && strlen(User_validate_Nick($request->input('nick'))) > 0) {
$nick = User_validate_Nick($request->input('nick'));
$login_user = DB::selectOne('SELECT * FROM `User` WHERE `Nick`=?', [$nick]);
if (!empty($login_user)) {
if ($request->has('password')) {
if (!verify_password($request->post('password'), $login_user['Passwort'], $login_user['UID'])) {
if (!verify_password($request->postData('password'), $login_user['Passwort'], $login_user['UID'])) {
$valid = false;
error(_('Your password is incorrect. Please try it again.'));
}
@ -420,8 +432,8 @@ function guest_login()
}
if ($valid && !empty($login_user)) {
$_SESSION['uid'] = $login_user['UID'];
$_SESSION['locale'] = $login_user['Sprache'];
$session->set('uid', $login_user['UID']);
$session->set('locale', $login_user['Sprache']);
redirect(page_link_to('news'));
}
@ -466,7 +478,10 @@ function guest_login()
heading(_('What can I do?'), 2),
'<p>' . _('Please read about the jobs you can do to help us.') . '</p>',
buttons([
button(page_link_to('angeltypes') . '&action=about', _('Teams/Job description') . ' &raquo;')
button(
page_link_to('angeltypes', ['action' => 'about']),
_('Teams/Job description') . ' &raquo;'
)
])
])
])
@ -474,6 +489,9 @@ function guest_login()
]);
}
/**
* @return string
*/
function get_register_hint()
{
global $privileges;

15
includes/pages/user_atom.php
View File

@ -1,6 +1,7 @@
<?php
use Engelsystem\Database\DB;
use Engelsystem\Http\Request;
/**
* Publically available page to feed the news to feed readers
@ -44,14 +45,15 @@ function user_atom()
*/
function make_atom_entries_from_news($news_entries)
{
$request = Request::getInstance();
$html = '<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
<title>Engelsystem</title>
<id>' . $_SERVER['HTTP_HOST']
<id>' . $request->getHttpHost()
. htmlspecialchars(preg_replace(
'#[&?]key=[a-f\d]{32}#',
'',
$_SERVER['REQUEST_URI']
$request->getRequestUri()
))
. '</id>
<updated>' . date('Y-m-d\TH:i:sP', $news_entries[0]['Datum']) . '</updated>' . "\n";
@ -64,11 +66,12 @@ function make_atom_entries_from_news($news_entries)
function make_atom_entry_from_news($news_entry)
{
return ' <entry>
return '
<entry>
<title>' . htmlspecialchars($news_entry['Betreff']) . '</title>
<link href="' . page_link_to_absolute('news_comments&amp;nid=') . $news_entry['ID'] . '"/>
<id>' . preg_replace('#^https?://#', '', page_link_to_absolute('news')) . '-' . $news_entry['ID'] . '</id>
<link href="' . page_link_to('news_comments', ['nid' => $news_entry['ID']]) . '"/>
<id>' . preg_replace('#^https?://#', '', page_link_to('news_comments', ['nid' => $news_entry['ID']])) . '</id>
<updated>' . date('Y-m-d\TH:i:sP', $news_entry['Datum']) . '</updated>
<summary type="html">' . htmlspecialchars($news_entry['Text']) . '</summary>
<summary>' . htmlspecialchars($news_entry['Text']) . '</summary>
</entry>' . "\n";
}

6
includes/pages/user_messages.php
View File

@ -92,14 +92,14 @@ function user_messages()
if ($message['RUID'] == $user['UID']) {
if ($message['isRead'] == 'N') {
$messages_table_entry['actions'] = button(
page_link_to('user_messages') . '&action=read&id=' . $message['id'],
page_link_to('user_messages', ['action' => 'read', 'id' => $message['id']]),
_('mark as read'),
'btn-xs'
);
}
} else {
$messages_table_entry['actions'] = button(
page_link_to('user_messages') . '&action=delete&id=' . $message['id'],
page_link_to('user_messages', ['action' => 'delete', 'id' => $message['id']]),
_('delete message'),
'btn-xs'
);
@ -119,7 +119,7 @@ function user_messages()
'text' => _('Message'),
'actions' => ''
], $messages_table)
], page_link_to('user_messages') . '&action=send')
], page_link_to('user_messages', ['action' => 'send']))
]);
} else {
switch ($request->input('action')) {

12
includes/pages/user_myshifts.php
View File

@ -37,16 +37,16 @@ function user_myshifts()
if ($request->input('reset') == 'ack') {
User_reset_api_key($user);
success(_('Key changed.'));
redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']);
redirect(page_link_to('users', ['action' => 'view', 'user_id' => $shifts_user['UID']]));
}
return page_with_title(_('Reset API key'), [
error(
_('If you reset the key, the url to your iCal- and JSON-export and your atom feed changes! You have to update it in every application using one of these exports.'),
true
),
button(page_link_to('user_myshifts') . '&reset=ack', _('Continue'), 'btn-danger')
button(page_link_to('user_myshifts', ['reset' => 'ack']), _('Continue'), 'btn-danger')
]);
} elseif ($request->has('edit') && preg_match('/^\d*$/', $request->input('edit'))) {
} elseif ($request->has('edit') && preg_match('/^\d+$/', $request->input('edit'))) {
$user_id = $request->input('edit');
$shift = DB::selectOne('
SELECT
@ -106,7 +106,7 @@ function user_myshifts()
. '. Freeloaded: ' . ($freeloaded ? 'YES Comment: ' . $freeload_comment : 'NO')
);
success(_('Shift saved.'));
redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']);
redirect(page_link_to('users', ['action' => 'view', 'user_id' => $shifts_user['UID']]));
}
}
@ -124,7 +124,7 @@ function user_myshifts()
} else {
redirect(page_link_to('user_myshifts'));
}
} elseif ($request->has('cancel') && preg_match('/^\d*$/', $request->input('cancel'))) {
} elseif ($request->has('cancel') && preg_match('/^\d+$/', $request->input('cancel'))) {
$user_id = $request->input('cancel');
$shift = DB::selectOne('
SELECT *
@ -164,6 +164,6 @@ function user_myshifts()
}
}
redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']);
redirect(page_link_to('users', ['action' => 'view', 'user_id' => $shifts_user['UID']]));
return '';
}

40
includes/pages/user_news.php
View File

@ -35,8 +35,8 @@ function user_meetings()
$html = '<div class="col-md-12"><h1>' . meetings_title() . '</h1>' . msg();
$request = request();
if ($request->has('page') && preg_match('/^\d{1,}$/', $request->input('page'))) {
$page = $request->input('page');
if (preg_match('/^\d{1,}$/', $request->input('page', 0))) {
$page = $request->input('page', 0);
} else {
$page = 0;
}
@ -57,14 +57,14 @@ function user_meetings()
$dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news);
$html .= '<div class="text-center">' . '<ul class="pagination">';
for ($i = 0; $i < $dis_rows; $i++) {
if ($request->has('page') && $i == $request->input('page')) {
if ($request->has('page') && $i == $request->input('page', 0)) {
$html .= '<li class="active">';
} elseif (!$request->has('page') && $i == 0) {
$html .= '<li class="active">';
} else {
$html .= '<li>';
}
$html .= '<a href="' . page_link_to('user_meetings') . '&page=' . $i . '">' . ($i + 1) . '</a></li>';
$html .= '<a href="' . page_link_to('user_meetings', ['page' => $i]) . '">' . ($i + 1) . '</a></li>';
}
$html .= '</ul></div></div>';
@ -89,7 +89,7 @@ function display_news($news)
$html .= '<div class="panel-footer text-muted">';
if (in_array('admin_news', $privileges)) {
$html .= '<div class="pull-right">'
. button_glyph(page_link_to('admin_news') . '&action=edit&id=' . $news['ID'], 'edit', 'btn-xs')
. button_glyph(page_link_to('admin_news', ['action' => 'edit', 'id' => $news['ID']]), 'edit', 'btn-xs')
. '</div>';
}
$html .= '<span class="glyphicon glyphicon-time"></span> ' . date('Y-m-d H:i', $news['Datum']) . '&emsp;';
@ -98,7 +98,7 @@ function display_news($news)
$html .= User_Nick_render($user_source);
if ($page != 'news_comments') {
$html .= '&emsp;<a href="' . page_link_to('news_comments') . '&nid=' . $news['ID'] . '">'
$html .= '&emsp;<a href="' . page_link_to('news_comments', ['nid' => $news['ID']]) . '">'
. '<span class="glyphicon glyphicon-comment"></span> '
. _('Comments') . ' &raquo;</a> '
. '<span class="badge">'
@ -154,7 +154,7 @@ function user_news_comments()
$user_source = User($comment['UID']);
$html .= '<div class="panel panel-default">';
$html .= '<div class="panel-body">' . nl2br($comment['Text']) . '</div>';
$html .= '<div class="panel-body">' . nl2br(htmlspecialchars($comment['Text'])) . '</div>';
$html .= '<div class="panel-footer text-muted">';
$html .= '<span class="glyphicon glyphicon-time"></span> ' . $comment['Datum'] . '&emsp;';
$html .= User_Nick_render($user_source);
@ -166,7 +166,7 @@ function user_news_comments()
$html .= form([
form_textarea('text', _('Message'), ''),
form_submit('submit', _('Save'))
], page_link_to('news_comments') . '&nid=' . $news['ID']);
], page_link_to('news_comments', ['nid' => $news['ID']]));
} else {
$html .= _('Invalid request.');
}
@ -185,30 +185,36 @@ function user_news()
$html = '<div class="col-md-12"><h1>' . news_title() . '</h1>' . msg();
$isMeeting = $request->post('treffen');
$isMeeting = $request->postData('treffen');
if ($request->has('text') && $request->has('betreff') && in_array('admin_news', $privileges)) {
if (!$request->has('treffen') || !in_array('admin_news', $privileges)) {
if (!$request->has('treffen')) {
$isMeeting = 0;
}
$text = $request->postData('text');
if (!in_array('admin_news_html', $privileges)) {
$text = strip_tags($text);
}
DB::insert('
INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`)
VALUES (?, ?, ?, ?, ?)
',
[
time(),
$request->post('betreff'),
$request->post('text'),
strip_tags($request->postData('betreff')),
$text,
$user['UID'],
$isMeeting,
]
);
engelsystem_log('Created news: ' . $_POST['betreff'] . ', treffen: ' . $isMeeting);
engelsystem_log('Created news: ' . $request->postData('betreff') . ', treffen: ' . $isMeeting);
success(_('Entry saved.'));
redirect(page_link_to('news'));
}
if ($request->has('page') && preg_match('/^\d{1,}$/', $request->input('page'))) {
$page = $request->input('page');
if (preg_match('/^\d{1,}$/', $request->input('page', 0))) {
$page = $request->input('page', 0);
} else {
$page = 0;
}
@ -229,14 +235,14 @@ function user_news()
$dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news);
$html .= '<div class="text-center">' . '<ul class="pagination">';
for ($i = 0; $i < $dis_rows; $i++) {
if ($request->has('page') && $i == $request->input('page')) {
if ($request->has('page') && $i == $request->input('page', 0)) {
$html .= '<li class="active">';
} elseif (!$request->has('page') && $i == 0) {
$html .= '<li class="active">';
} else {
$html .= '<li>';
}
$html .= '<a href="' . page_link_to('news') . '&page=' . $i . '">' . ($i + 1) . '</a></li>';
$html .= '<a href="' . page_link_to('news', ['page' => $i]) . '">' . ($i + 1) . '</a></li>';
}
$html .= '</ul></div>';

6
includes/pages/user_questions.php
View File

@ -33,7 +33,11 @@ function user_questions()
$question['answer_user'] = User_Nick_render($answer_user_source);
}
return Questions_view($open_questions, $answered_questions, page_link_to('user_questions') . '&action=ask');
return Questions_view(
$open_questions,
$answered_questions,
page_link_to('user_questions', ['action' => 'ask'])
);
} else {
switch ($request->input('action')) {
case 'ask':

11
includes/pages/user_settings.php
View File

@ -102,15 +102,15 @@ function user_settings_password($user_source)
$request = request();
if (
!$request->has('password')
|| !verify_password($request->post('password'), $user_source['Passwort'], $user_source['UID'])
|| !verify_password($request->postData('password'), $user_source['Passwort'], $user_source['UID'])
) {
error(_('-> not OK. Please try again.'));
} elseif (strlen($request->post('new_password')) < config('min_password_length')) {
} elseif (strlen($request->postData('new_password')) < config('min_password_length')) {
error(_('Your password is to short (please use at least 6 characters).'));
} elseif ($request->post('new_password') != $request->post('new_password2')) {
} elseif ($request->postData('new_password') != $request->postData('new_password2')) {
error(_('Your passwords don\'t match.'));
} else {
set_password($user_source['UID'], $request->post('new_password'));
set_password($user_source['UID'], $request->postData('new_password'));
success(_('Password saved.'));
}
redirect(page_link_to('user_settings'));
@ -164,6 +164,7 @@ function user_settings_locale($user_source, $locales)
{
$valid = true;
$request = request();
$session = session();
if ($request->has('language') && isset($locales[$request->input('language')])) {
$user_source['Sprache'] = $request->input('language');
@ -182,7 +183,7 @@ function user_settings_locale($user_source, $locales)
$user_source['UID'],
]
);
$_SESSION['locale'] = $user_source['Sprache'];
$session->set('locale', $user_source['Sprache']);
success('Language changed.');
redirect(page_link_to('user_settings'));

25
includes/pages/user_shifts.php
View File

@ -167,20 +167,23 @@ function view_user_shifts()
{
global $user, $privileges, $ical_shifts;
$session = session();
$ical_shifts = [];
$days = load_days();
$rooms = load_rooms();
$types = load_types();
if (!isset($_SESSION['ShiftsFilter'])) {
if (!$session->has('ShiftsFilter')) {
$room_ids = [
$rooms[0]['id']
];
$type_ids = array_map('get_ids_from_array', $types);
$_SESSION['ShiftsFilter'] = new ShiftsFilter(in_array('user_shifts_admin', $privileges), $room_ids, $type_ids);
$shiftsFilter = new ShiftsFilter(in_array('user_shifts_admin', $privileges), $room_ids, $type_ids);
$session->set('ShiftsFilter', $shiftsFilter);
}
update_ShiftsFilter($_SESSION['ShiftsFilter'], in_array('user_shifts_admin', $privileges), $days);
$shiftsFilter = $_SESSION['ShiftsFilter'];
$shiftsFilter = $session->get('ShiftsFilter');
update_ShiftsFilter($shiftsFilter, in_array('user_shifts_admin', $privileges), $days);
$shiftCalendarRenderer = shiftCalendarRendererByShiftFilter($shiftsFilter);
@ -203,6 +206,11 @@ function view_user_shifts()
$end_day = date('Y-m-d', $shiftsFilter->getEndTime());
$end_time = date('H:i', $shiftsFilter->getEndTime());
$assignNotice = '';
if (config('signup_requires_arrival') && !$user['Gekommen']) {
$assignNotice = info(render_user_arrived_hint(), true);
}
return page([
div('col-md-12', [
msg(),
@ -223,15 +231,16 @@ function view_user_shifts()
'task_notice' =>
'<sup>1</sup>'
. _('The tasks shown here are influenced by the angeltypes you joined already!')
. ' <a href="' . page_link_to('angeltypes') . '&action=about' . '">'
. ' <a href="' . page_link_to('angeltypes', ['action' => 'about']) . '">'
. _('Description of the jobs.')
. '</a>',
'assign_notice' => $assignNotice,
'shifts_table' => msg() . $shiftCalendarRenderer->render(),
'ical_text' => '<h2>' . _('iCal export') . '</h2><p>' . sprintf(
_('Export of shown shifts. <a href="%s">iCal format</a> or <a href="%s">JSON format</a> available (please keep secret, otherwise <a href="%s">reset the api key</a>).'),
page_link_to_absolute('ical') . '&key=' . $user['api_key'],
page_link_to_absolute('shifts_json_export') . '&key=' . $user['api_key'],
page_link_to('user_myshifts') . '&reset'
page_link_to('ical', ['key' => $user['api_key']]),
page_link_to('shifts_json_export', ['key' => $user['api_key']]),
page_link_to('user_myshifts', ['reset' => 1])
) . '</p>',
'filter' => _('Filter')
])

13
includes/sys_auth.php
View File

@ -10,8 +10,10 @@ function load_auth()
global $user, $privileges;
$user = null;
if (isset($_SESSION['uid'])) {
$user = DB::selectOne('SELECT * FROM `User` WHERE `UID`=? LIMIT 1', [$_SESSION['uid']]);
$session = session();
if ($session->has('uid')) {
$user = DB::selectOne('SELECT * FROM `User` WHERE `UID`=? LIMIT 1', [$session->get('uid')]);
if (!empty($user)) {
// User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten
DB::update('
@ -21,16 +23,17 @@ function load_auth()
LIMIT 1
', [
time(),
$_SESSION['uid'],
$session->get('uid'),
]);
$privileges = privileges_for_user($user['UID']);
return;
}
unset($_SESSION['uid']);
$session->remove('uid');
}
// guest privileges
$privileges = privileges_for_group(-1);
$privileges = privileges_for_group(-10);
}
/**

24
includes/sys_form.php
View File

@ -10,7 +10,7 @@
*/
function form_hidden($name, $value)
{
return '<input type="hidden" name="' . $name . '" value="' . $value . '" />';
return '<input type="hidden" name="' . $name . '" value="' . htmlspecialchars($value) . '" />';
}
/**
@ -25,7 +25,7 @@ function form_spinner($name, $label, $value)
{
return form_element($label, '
<div class="input-group">
<input id="spinner-' . $name . '" class="form-control" type="text" name="' . $name . '" value="' . $value . '" />
<input id="spinner-' . $name . '" class="form-control" name="' . $name . '" value="' . htmlspecialchars($value) . '" />
<div class="input-group-btn">
<button id="spinner-' . $name . '-down" class="btn btn-default" type="button">
<span class="glyphicon glyphicon-minus"></span>
@ -66,7 +66,8 @@ function form_date($name, $label, $value, $start_date = '', $end_date = '')
$end_date = is_numeric($end_date) ? date('Y-m-d', $end_date) : '';
return form_element($label, '
<div class="input-group date" id="' . $dom_id . '">
<input type="text" name="' . $name . '" class="form-control" value="' . $value . '"><span class="input-group-addon">' . glyph('th') . '</span>
<input name="' . $name . '" class="form-control" value="' . htmlspecialchars($value) . '">'
. '<span class="input-group-addon">' . glyph('th') . '</span>
</div>
<script type="text/javascript">
$(function(){
@ -144,12 +145,17 @@ function form_multi_checkboxes($names, $label, $items, $selected, $disabled = []
* @param string $label
* @param string $selected
* @param string $value
* @param string $id
* @return string
*/
function form_checkbox($name, $label, $selected, $value = 'checked')
function form_checkbox($name, $label, $selected, $value = 'checked', $id = null)
{
if (is_null($id)) {
$id = $name;
}
return '<div class="checkbox"><label>'
. '<input type="checkbox" id="' . $name . '" name="' . $name . '" value="' . $value . '" '
. '<input type="checkbox" id="' . $id . '" name="' . $name . '" value="' . htmlspecialchars($value) . '" '
. ($selected ? ' checked="checked"' : '') . ' /> '
. $label
. '</label></div>';
@ -167,7 +173,7 @@ function form_checkbox($name, $label, $selected, $value = 'checked')
function form_radio($name, $label, $selected, $value)
{
return '<div class="radio">'
. '<label><input type="radio" id="' . $name . '" name="' . $name . '" value="' . $value . '" '
. '<label><input type="radio" id="' . $name . '" name="' . $name . '" value="' . htmlspecialchars($value) . '" '
. ($selected ? ' checked="checked"' : '') . ' /> '
. $label
. '</label></div>';
@ -328,8 +334,8 @@ function form_textarea($name, $label, $value, $disabled = false)
$disabled = $disabled ? ' disabled="disabled"' : '';
return form_element(
$label,
'<textarea rows="5" class="form-control" id="form_' . $name . '" type="text" name="'
. $name . '" ' . $disabled . '>' . $value . '</textarea>',
'<textarea rows="5" class="form-control" id="form_' . $name . '" name="'
. $name . '" ' . $disabled . '>' . htmlspecialchars($value) . '</textarea>',
'form_' . $name
);
}
@ -374,7 +380,7 @@ function form_element($label, $input, $for = '')
*/
function form($elements, $action = '')
{
return '<form role="form" action="' . $action . '" enctype="multipart/form-data" method="post">' . join($elements) . '</form>';
return '<form action="' . $action . '" enctype="multipart/form-data" method="post">' . join($elements) . '</form>';
}
/**

26
includes/sys_menu.php
View File

@ -1,28 +1,16 @@
<?php
use Engelsystem\UserHintsRenderer;
/**
* @param string $page
* @param array $parameters get parameters
* @return string
*/
function page_link_to($page = '')
function page_link_to($page = '', $parameters = [])
{
if ($page == '') {
return '?';
}
return '?p=' . $page;
}
/**
* @param string $page
* @return string
*/
function page_link_to_absolute($page)
{
return (isset($_SERVER['HTTPS']) ? 'https' : 'http') . '://'
. $_SERVER['HTTP_HOST']
. preg_replace("/\?.*$/", '', $_SERVER['REQUEST_URI'])
. page_link_to($page);
$page = str_replace('_', '-', $page);
return url($page, $parameters);
}
/**
@ -65,7 +53,7 @@ function header_toolbar()
if (isset($user)) {
$toolbar_items[] = toolbar_item_link(
page_link_to('shifts') . '&amp;action=next',
page_link_to('shifts', ['action' => 'next']),
'time',
User_shift_state_render($user)
);
@ -86,7 +74,7 @@ function header_toolbar()
$toolbar_items[] = header_render_hints();
if (in_array('user_myshifts', $privileges)) {
$toolbar_items[] = toolbar_item_link(
page_link_to('users') . '&amp;action=view',
page_link_to('users', ['action' => 'view']),
' icon-icon_angel',
$user['Nick'],
$page == 'users'

16
includes/sys_page.php
View File

@ -1,4 +1,5 @@
<?php
use Engelsystem\ValidationResult;
/**
@ -168,13 +169,14 @@ function strip_request_item($name, $default_value = null)
*/
function test_request_int($name)
{
$request = request();
if ($request->has($name)) {
return preg_match('/^\d*$/', $request->input($name));
}
$input = request()->input($name);
if (is_null($input)) {
return false;
}
return preg_match('/^\d+$/', $input);
}
/**
* Gibt den gefilterten REQUEST Wert mit Zeilenumbrüchen zurück
*
@ -186,7 +188,11 @@ function strip_request_item_nl($name, $default_value = null)
{
$request = request();
if ($request->has($name)) {
return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+\n]{1,})/ui", '', strip_tags($request->input($name)));
return preg_replace(
"/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+\n]{1,})/ui",
'',
strip_tags($request->input($name))
);
}
return $default_value;
}

71
includes/view/AngelTypes_view.php
View File

@ -50,7 +50,10 @@ function AngelType_delete_view($angeltype)
buttons([
button(page_link_to('angeltypes'), _('cancel'), 'cancel'),
button(
page_link_to('angeltypes') . '&action=delete&angeltype_id=' . $angeltype['id'] . '&confirmed',
page_link_to(
'angeltypes',
['action' => 'delete', 'angeltype_id' => $angeltype['id'], 'confirmed' => 1]
),
_('delete'),
'ok'
)
@ -67,7 +70,6 @@ function AngelType_delete_view($angeltype)
*/
function AngelType_edit_view($angeltype, $supporter_mode)
{
$contact_info = AngelType_contact_info($angeltype);
return page_with_title(sprintf(_('Edit %s'), $angeltype['name']), [
buttons([
button(page_link_to('angeltypes'), _('Angeltypes'), 'back')
@ -127,7 +129,7 @@ function AngelType_view_buttons($angeltype, $user_angeltype, $admin_angeltypes,
if ($user_angeltype == null) {
$buttons[] = button(
page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'],
page_link_to('user_angeltypes', ['action' => 'add', 'angeltype_id' => $angeltype['id']]),
_('join'),
'add'
);
@ -142,20 +144,22 @@ function AngelType_view_buttons($angeltype, $user_angeltype, $admin_angeltypes,
$angeltype['name']
));
}
$buttons[] = button(page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $user_angeltype['id'],
_('leave'), 'cancel');
$buttons[] = button(
page_link_to('user_angeltypes', ['action' => 'delete', 'user_angeltype_id' => $user_angeltype['id']]),
_('leave'), 'cancel'
);
}
if ($admin_angeltypes || $supporter) {
$buttons[] = button(
page_link_to('angeltypes') . '&action=edit&angeltype_id=' . $angeltype['id'],
page_link_to('angeltypes', ['action' => 'edit', 'angeltype_id' => $angeltype['id']]),
_('edit'),
'edit'
);
}
if ($admin_angeltypes) {
$buttons[] = button(
page_link_to('angeltypes') . '&action=delete&angeltype_id=' . $angeltype['id'],
page_link_to('angeltypes', ['action' => 'delete', 'angeltype_id' => $angeltype['id']]),
_('delete'),
'delete'
);
@ -193,12 +197,18 @@ function AngelType_view_members($angeltype, $members, $admin_user_angeltypes, $a
if ($angeltype['restricted'] && $member['confirm_user_id'] == null) {
$member['actions'] = table_buttons([
button(
page_link_to('user_angeltypes') . '&action=confirm&user_angeltype_id=' . $member['user_angeltype_id'],
page_link_to(
'user_angeltypes',
['action' => 'confirm', 'user_angeltype_id' => $member['user_angeltype_id']]
),
_('confirm'),
'btn-xs'
),
button(
page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $member['user_angeltype_id'],
page_link_to(
'user_angeltypes',
['action' => 'delete', 'user_angeltype_id' => $member['user_angeltype_id']]
),
_('deny'),
'btn-xs'
)
@ -208,7 +218,11 @@ function AngelType_view_members($angeltype, $members, $admin_user_angeltypes, $a
if ($admin_angeltypes) {
$member['actions'] = table_buttons([
button(
page_link_to('user_angeltypes') . '&action=update&user_angeltype_id=' . $member['user_angeltype_id'] . '&supporter=0',
page_link_to('user_angeltypes', [
'action' => 'update',
'user_angeltype_id' => $member['user_angeltype_id'],
'supporter' => 0
]),
_('Remove supporter rights'),
'btn-xs'
)
@ -221,11 +235,18 @@ function AngelType_view_members($angeltype, $members, $admin_user_angeltypes, $a
if ($admin_user_angeltypes) {
$member['actions'] = table_buttons([
$admin_angeltypes
? button(page_link_to('user_angeltypes') . '&action=update&user_angeltype_id=' . $member['user_angeltype_id'] . '&supporter=1',
? button(page_link_to('user_angeltypes', [
'action' => 'update',
'user_angeltype_id' => $member['user_angeltype_id'],
'supporter' => 1
]),
_('Add supporter rights'), 'btn-xs')
: '',
button(
page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $member['user_angeltype_id'],
page_link_to('user_angeltypes', [
'action' => 'delete',
'user_angeltype_id' => $member['user_angeltype_id']
]),
_('remove'),
'btn-xs'
)
@ -339,7 +360,14 @@ function AngelType_view(
$page[] = '<h3>' . _('Members') . '</h3>';
if ($admin_user_angeltypes) {
$page[] = buttons([
button(page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], _('Add'), 'add')
button(
page_link_to(
'user_angeltypes',
['action' => 'add', 'angeltype_id' => $angeltype['id']]
),
_('Add'),
'add'
)
]);
}
$page[] = table($table_headers, $members_confirmed);
@ -348,12 +376,12 @@ function AngelType_view(
$page[] = '<h3>' . _('Unconfirmed') . '</h3>';
$page[] = buttons([
button(
page_link_to('user_angeltypes') . '&action=confirm_all&angeltype_id=' . $angeltype['id'],
page_link_to('user_angeltypes', ['action' => 'confirm_all', 'angeltype_id' => $angeltype['id']]),
_('confirm all'),
'ok'
),
button(
page_link_to('user_angeltypes') . '&action=delete_all&angeltype_id=' . $angeltype['id'],
page_link_to('user_angeltypes', ['action' => 'delete_all', 'angeltype_id' => $angeltype['id']]),
_('deny all'),
'cancel'
)
@ -376,8 +404,10 @@ function AngelTypes_list_view($angeltypes, $admin_angeltypes)
return page_with_title(angeltypes_title(), [
msg(),
buttons([
$admin_angeltypes ? button(page_link_to('angeltypes') . '&action=edit', _('New angeltype'), 'add') : '',
button(page_link_to('angeltypes') . '&action=about', _('Teams/Job description'))
$admin_angeltypes
? button(page_link_to('angeltypes', ['action' => 'edit']), _('New angeltype'), 'add')
: '',
button(page_link_to('angeltypes', ['action' => 'about']), _('Teams/Job description'))
]),
table([
'name' => _('Name'),
@ -405,13 +435,16 @@ function AngelTypes_about_view_angeltype($angeltype)
$buttons = [];
if ($angeltype['user_angeltype_id'] != null) {
$buttons[] = button(
page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $angeltype['user_angeltype_id'],
page_link_to(
'user_angeltypes',
['action' => 'delete', 'user_angeltype_id' => $angeltype['user_angeltype_id']]
),
_('leave'),
'cancel'
);
} else {
$buttons[] = button(
page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'],
page_link_to('user_angeltypes', ['action' => 'add', 'angeltype_id' => $angeltype['id']]),
_('join'),
'add'
);

12
includes/view/Questions_view.php
View File

@ -9,14 +9,22 @@
function Questions_view($open_questions, $answered_questions, $ask_action)
{
foreach ($open_questions as &$question) {
$question['actions'] = '<a href="' . page_link_to('user_questions') . '&action=delete&id=' . $question['QID'] . '">' . _('delete') . '</a>';
$question['actions'] = '<a href="'
. page_link_to('user_questions', ['action' => 'delete', 'id' => $question['QID']])
. '">'
. _('delete')
. '</a>';
$question['Question'] = str_replace("\n", '<br />', $question['Question']);
}
foreach ($answered_questions as &$question) {
$question['Question'] = str_replace("\n", '<br />', $question['Question']);
$question['Answer'] = str_replace("\n", '<br />', $question['Answer']);
$question['actions'] = '<a href="' . page_link_to('user_questions') . '&action=delete&id=' . $question['QID'] . '">' . _('delete') . '</a>';
$question['actions'] = '<a href="'
. page_link_to('user_questions', ['action' => 'delete', 'id' => $question['QID']])
. '">'
. _('delete')
. '</a>';
}
return page_with_title(questions_title(), [

11
includes/view/Rooms_view.php
View File

@ -1,4 +1,5 @@
<?php
use Engelsystem\ShiftCalendarRenderer;
use Engelsystem\ShiftsFilterRenderer;
@ -10,8 +11,16 @@ use Engelsystem\ShiftsFilterRenderer;
*/
function Room_view($room, ShiftsFilterRenderer $shiftsFilterRenderer, ShiftCalendarRenderer $shiftCalendarRenderer)
{
global $user;
$assignNotice = '';
if (config('signup_requires_arrival') && !$user['Gekommen']) {
$assignNotice = info(render_user_arrived_hint(), true);
}
return page_with_title(glyph('map-marker') . $room['Name'], [
$shiftsFilterRenderer->render(room_link($room)),
$shiftsFilterRenderer->render($room),
$assignNotice,
$shiftCalendarRenderer->render()
]);
}

30
includes/view/ShiftCalendarRenderer.php
View File

@ -1,11 +1,9 @@
<?php
namespace Engelsystem;
use Exception;
namespace Engelsystem;
class ShiftCalendarRenderer
{
/**
* 15m * 60s/m = 900s
*/
@ -69,9 +67,7 @@ class ShiftCalendarRenderer
/**
* Assigns the shifts to different lanes per room if they collide
*
* @param array[] $shifts
* The shifts to assign
*
* @param array[] $shifts The shifts to assign
* @return array Returns an array that assigns a room_id to an array of ShiftCalendarLane containing the shifts
*/
private function assignShiftsToLanes($shifts)
@ -113,7 +109,6 @@ class ShiftCalendarRenderer
}
/**
*
* @return int
*/
public function getFirstBlockStartTime()
@ -122,7 +117,6 @@ class ShiftCalendarRenderer
}
/**
*
* @return int
*/
public function getLastBlockEndTime()
@ -131,7 +125,6 @@ class ShiftCalendarRenderer
}
/**
*
* @return float
*/
public function getBlocksPerSlot()
@ -178,8 +171,7 @@ class ShiftCalendarRenderer
/**
* Renders a single lane
*
* @param ShiftCalendarLane $lane
* The lane to render
* @param ShiftCalendarLane $lane The lane to render
* @return string
*/
private function renderLane(ShiftCalendarLane $lane)
@ -196,7 +188,12 @@ class ShiftCalendarRenderer
$rendered_until += ShiftCalendarRenderer::SECONDS_PER_ROW;
}
list ($shift_height, $shift_html) = $shift_renderer->render($shift, $this->needed_angeltypes[$shift['SID']], $this->shift_entries[$shift['SID']], $user);
list ($shift_height, $shift_html) = $shift_renderer->render(
$shift,
$this->needed_angeltypes[$shift['SID']],
$this->shift_entries[$shift['SID']],
$user
);
$html .= $shift_html;
$rendered_until += $shift_height * ShiftCalendarRenderer::SECONDS_PER_ROW;
}
@ -215,10 +212,8 @@ class ShiftCalendarRenderer
/**
* Renders a tick/block for given time
*
* @param int $time
* unix timestamp
* @param boolean $label
* Should time labels be generated?
* @param int $time unix timestamp
* @param boolean $label Should time labels be generated?
* @return string rendered tick html
*/
private function renderTick($time, $label = false)
@ -261,7 +256,6 @@ class ShiftCalendarRenderer
}
/**
*
* @param array[] $shifts
* @return int
*/
@ -277,7 +271,6 @@ class ShiftCalendarRenderer
}
/**
*
* @param array[] $shifts
* @return int
*/
@ -293,7 +286,6 @@ class ShiftCalendarRenderer
}
/**
*
* @return int
*/
private function calcBlocksPerSlot()

24
includes/view/ShiftCalendarShiftRenderer.php
View File

@ -124,11 +124,15 @@ class ShiftCalendarShiftRenderer
}
if (in_array('user_shifts_admin', $privileges)) {
$html .= '<li class="list-group-item">' . button(
page_link_to('user_shifts') . '&amp;shift_id=' . $shift['SID'],
_('Add more angels'),
$html .= '<li class="list-group-item">' . _('Add more angels') . ':';
foreach ($needed_angeltypes as $angeltype) {
$html .= ' ' . button(
page_link_to('user_shifts', ['shift_id' => $shift['SID'], 'type_id' => $angeltype['id']]),
$angeltype['name'],
'btn-xs'
) . '</li>';
);
}
$html .= '</li>';
}
if ($html != '') {
return [
@ -169,11 +173,13 @@ class ShiftCalendarShiftRenderer
case ShiftSignupState::ADMIN:
case ShiftSignupState::FREE:
// When admin or free display a link + button for sign up
$entry_list[] = '<a href="' . page_link_to('user_shifts') . '&amp;shift_id=' . $shift['SID'] . '&amp;type_id=' . $angeltype['id'] . '">'
$entry_list[] = '<a href="'
. page_link_to('user_shifts', ['shift_id' => $shift['SID'], 'type_id' => $angeltype['id']])
. '">'
. $inner_text
. '</a> '
. button(
page_link_to('user_shifts') . '&amp;shift_id=' . $shift['SID'] . '&amp;type_id=' . $angeltype['id'],
page_link_to('user_shifts', ['shift_id' => $shift['SID'], 'type_id' => $angeltype['id']]),
_('Sign up'), 'btn-xs btn-primary'
);
break;
@ -191,7 +197,7 @@ class ShiftCalendarShiftRenderer
// Add link to join the angeltype first
$entry_list[] = $inner_text . '<br />'
. button(
page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'],
page_link_to('user_angeltypes', ['action' => 'add', 'angeltype_id' => $angeltype['id']]),
sprintf(_('Become %s'), $angeltype['name']),
'btn-xs'
);
@ -232,8 +238,8 @@ class ShiftCalendarShiftRenderer
$header_buttons = '';
if (in_array('admin_shifts', $privileges)) {
$header_buttons = '<div class="pull-right">' . table_buttons([
button(page_link_to('user_shifts') . '&edit_shift=' . $shift['SID'], glyph('edit'), 'btn-xs'),
button(page_link_to('user_shifts') . '&delete_shift=' . $shift['SID'], glyph('trash'), 'btn-xs')
button(page_link_to('user_shifts', ['edit_shift' => $shift['SID']]), glyph('edit'), 'btn-xs'),
button(page_link_to('user_shifts', ['delete_shift' => $shift['SID']]), glyph('trash'), 'btn-xs')
]) . '</div>';
}
$shift_heading = date('H:i', $shift['start']) . ' &dash; '

34
includes/view/ShiftTypes_view.php
View File

@ -24,7 +24,10 @@ function ShiftType_delete_view($shifttype)
buttons([
button(page_link_to('shifttypes'), _('cancel'), 'cancel'),
button(
page_link_to('shifttypes') . '&action=delete&shifttype_id=' . $shifttype['id'] . '&confirmed',
page_link_to(
'shifttypes',
['action' => 'delete', 'shifttype_id' => $shifttype['id'], 'confirmed' => 1]
),
_('delete'),
'ok btn-danger'
)
@ -81,12 +84,16 @@ function ShiftType_view($shifttype, $angeltype)
buttons([
button(page_link_to('shifttypes'), shifttypes_title(), 'back'),
$angeltype ? button(
page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'],
page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
$angeltype['name']
) : '',
button(page_link_to('shifttypes') . '&action=edit&shifttype_id=' . $shifttype['id'], _('edit'), 'edit'),
button(
page_link_to('shifttypes') . '&action=delete&shifttype_id=' . $shifttype['id'],
page_link_to('shifttypes', ['action' => 'edit', 'shifttype_id' => $shifttype['id']]),
_('edit'),
'edit'
),
button(
page_link_to('shifttypes', ['action' => 'delete', 'shifttype_id' => $shifttype['id']]),
_('delete'),
'delete'
)
@ -103,11 +110,22 @@ function ShiftType_view($shifttype, $angeltype)
function ShiftTypes_list_view($shifttypes)
{
foreach ($shifttypes as &$shifttype) {
$shifttype['name'] = '<a href="' . page_link_to('shifttypes') . '&action=view&shifttype_id=' . $shifttype['id'] . '">' . $shifttype['name'] . '</a>';
$shifttype['name'] = '<a href="'
. page_link_to('shifttypes', ['action' => 'view', 'shifttype_id' => $shifttype['id']])
. '">'
. $shifttype['name']
. '</a>';
$shifttype['actions'] = table_buttons([
button(page_link_to('shifttypes') . '&action=edit&shifttype_id=' . $shifttype['id'], _('edit'), 'btn-xs'),
button(
page_link_to('shifttypes') . '&action=delete&shifttype_id=' . $shifttype['id'],
page_link_to(
'shifttypes',
['action' => 'edit', 'shifttype_id' => $shifttype['id']]
),
_('edit'),
'btn-xs'
),
button(
page_link_to('shifttypes', ['action' => 'delete', 'shifttype_id' => $shifttype['id']]),
_('delete'),
'btn-xs'
)
@ -117,7 +135,7 @@ function ShiftTypes_list_view($shifttypes)
return page_with_title(shifttypes_title(), [
msg(),
buttons([
button(page_link_to('shifttypes') . '&action=edit', _('New shifttype'), 'add')
button(page_link_to('shifttypes', ['action' => 'edit']), _('New shifttype'), 'add')
]),
table([
'name' => _('Name'),

11
includes/view/ShiftsFilterRenderer.php
View File

@ -39,17 +39,22 @@ class ShiftsFilterRenderer
/**
* Renders the filter.
*
* @param string $link_base
* @param array $room
* @return string Generated HTML
*/
public function render($link_base)
public function render($room)
{
$toolbar = [];
if ($this->daySelectionEnabled && !empty($this->days)) {
$selected_day = date('Y-m-d', $this->shiftsFilter->getStartTime());
$day_dropdown_items = [];
foreach ($this->days as $day) {
$day_dropdown_items[] = toolbar_item_link($link_base . '&shifts_filter_day=' . $day, '', $day);
$link = page_link_to('rooms', [
'action' => 'view',
'room_id' => $room['RID'],
'shifts_filter_day' => $day,
]);
$day_dropdown_items[] = toolbar_item_link($link, '', $day);
}
$toolbar[] = toolbar_dropdown('', $selected_day, $day_dropdown_items, 'active');
}

9
includes/view/Shifts_view.php
View File

@ -1,4 +1,5 @@
<?php
use Engelsystem\ShiftSignupState;
/**
@ -41,12 +42,12 @@ function Shift_signup_button_render($shift, $angeltype, $user_angeltype = null)
if ($angeltype['shift_signup_state']->isSignupAllowed()) {
return button(
page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'],
page_link_to('user_shifts', ['shift_id' => $shift['SID'], 'type_id' => $angeltype['id']]),
_('Sign up')
);
} elseif ($user_angeltype == null) {
return button(
page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'],
page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
sprintf(_('Become %s'),
$angeltype['name'])
);
@ -207,12 +208,12 @@ function Shift_view_render_shift_entry($shift_entry, $user_shift_admin, $angelty
$entry .= ' <div class="btn-group">';
if ($user_shift_admin) {
$entry .= button_glyph(
page_link_to('user_myshifts') . '&edit=' . $shift_entry['id'] . '&id=' . $shift_entry['UID'],
page_link_to('user_myshifts', ['edit' => $shift_entry['id'], 'id' => $shift_entry['UID']]),
'pencil',
'btn-xs'
);
}
$entry .= button_glyph(page_link_to('user_shifts') . '&entry_id=' . $shift_entry['id'], 'trash', 'btn-xs');
$entry .= button_glyph(page_link_to('user_shifts', ['entry_id' => $shift_entry['id']]), 'trash', 'btn-xs');
$entry .= '</div>';
}
return $entry;

73
includes/view/UserAngelTypes_view.php
View File

@ -19,12 +19,18 @@ function UserAngelType_update_view($user_angeltype, $user, $angeltype, $supporte
User_Nick_render($user)
), true),
buttons([
button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'),
button(
page_link_to('user_angeltypes')
. '&action=update&user_angeltype_id=' . $user_angeltype['id']
. '&supporter=' . ($supporter ? '1' : '0')
. '&confirmed',
page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
_('cancel'),
'cancel'
),
button(
page_link_to('user_angeltypes', [
'action' => 'update',
'user_angeltype_id' => $user_angeltype['id'],
'supporter' => ($supporter ? '1' : '0'),
'confirmed' => 1,
]),
_('yes'),
'ok'
)
@ -42,9 +48,19 @@ function UserAngelTypes_delete_all_view($angeltype)
msg(),
info(sprintf(_('Do you really want to deny all users for %s?'), $angeltype['name']), true),
buttons([
button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'),
button(
page_link_to('user_angeltypes') . '&action=delete_all&angeltype_id=' . $angeltype['id'] . '&confirmed',
page_link_to(
'angeltypes',
['action' => 'view', 'angeltype_id' => $angeltype['id']]
),
_('cancel'),
'cancel'
),
button(
page_link_to(
'user_angeltypes',
['action' => 'delete_all', 'angeltype_id' => $angeltype['id'], 'confirmed' => 1]
),
_('yes'),
'ok'
)
@ -62,9 +78,11 @@ function UserAngelTypes_confirm_all_view($angeltype)
msg(),
info(sprintf(_('Do you really want to confirm all users for %s?'), $angeltype['name']), true),
buttons([
button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'),
button(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]), _('cancel'),
'cancel'),
button(
page_link_to('user_angeltypes') . '&action=confirm_all&angeltype_id=' . $angeltype['id'] . '&confirmed',
page_link_to('user_angeltypes',
['action' => 'confirm_all', 'angeltype_id' => $angeltype['id'], 'confirmed' => 1]),
_('yes'),
'ok'
)
@ -84,9 +102,16 @@ function UserAngelType_confirm_view($user_angeltype, $user, $angeltype)
msg(),
info(sprintf(_('Do you really want to confirm %s for %s?'), User_Nick_render($user), $angeltype['name']), true),
buttons([
button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'),
button(
page_link_to('user_angeltypes') . '&action=confirm&user_angeltype_id=' . $user_angeltype['id'] . '&confirmed',
page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
_('cancel'),
'cancel'
),
button(
page_link_to(
'user_angeltypes',
['action' => 'confirm', 'user_angeltype_id' => $user_angeltype['id'], 'confirmed' => 1]
),
_('yes'),
'ok'
)
@ -106,9 +131,14 @@ function UserAngelType_delete_view($user_angeltype, $user, $angeltype)
msg(),
info(sprintf(_('Do you really want to delete %s from %s?'), User_Nick_render($user), $angeltype['name']), true),
buttons([
button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'),
button(
page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $user_angeltype['id'] . '&confirmed',
page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
_('cancel'),
'cancel'
),
button(
page_link_to('user_angeltypes',
['action' => 'delete', 'user_angeltype_id' => $user_angeltype['id'], 'confirmed' => 1]),
_('yes'),
'ok'
)
@ -132,7 +162,11 @@ function UserAngelType_add_view($angeltype, $users_source, $user_id)
return page_with_title(_('Add user to angeltype'), [
msg(),
buttons([
button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('back'), 'back')
button(
page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
_('back'),
'back'
)
]),
form([
form_info(_('Angeltype'), $angeltype['name']),
@ -153,9 +187,16 @@ function UserAngelType_join_view($user, $angeltype)
msg(),
info(sprintf(_('Do you really want to add %s to %s?'), User_Nick_render($user), $angeltype['name']), true),
buttons([
button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'),
button(
page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'] . '&user_id=' . $user['UID'] . '&confirmed',
page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
_('cancel'),
'cancel'
),
button(
page_link_to(
'user_angeltypes',
['action' => 'add', 'angeltype_id' => $angeltype['id'], 'user_id' => $user['UID'], 'confirmed' => 1]
),
_('save'),
'ok'
)

42
includes/view/User_view.php
View File

@ -127,7 +127,7 @@ function User_registration_success_view($event_welcome_message)
'<h2>' . _('What can I do?') . '</h2>',
'<p>' . _('Please read about the jobs you can do to help us.') . '</p>',
buttons([
button(page_link_to('angeltypes') . '&action=about', _('Teams/Job description') . ' &raquo;')
button(page_link_to('angeltypes', ['action' => 'about']), _('Teams/Job description') . ' &raquo;')
])
])
])
@ -172,10 +172,13 @@ function User_edit_vouchers_view($user)
button(user_link($user), glyph('chevron-left') . _('back'))
]),
info(sprintf(_('Angel should receive at least %d vouchers.'), User_get_eligable_voucher_count($user)), true),
form([
form(
[
form_spinner('vouchers', _('Number of vouchers given out'), $user['got_voucher']),
form_submit('submit', _('Save'))
], page_link_to('users') . '&action=edit_vouchers&user_id=' . $user['UID'])
],
page_link_to('users', ['action' => 'edit_vouchers', 'user_id' => $user['UID']])
)
]);
}
@ -208,7 +211,7 @@ function Users_view(
$user['Tshirt'] = glyph_bool($user['Tshirt']);
$user['lastLogIn'] = date(_('m/d/Y h:i a'), $user['lastLogIn']);
$user['actions'] = table_buttons([
button_glyph(page_link_to('admin_user') . '&id=' . $user['UID'], 'edit', 'btn-xs')
button_glyph(page_link_to('admin_user', ['id' => $user['UID']]), 'edit', 'btn-xs')
]);
}
$users[] = [
@ -253,7 +256,11 @@ function Users_view(
*/
function Users_table_header_link($column, $label, $order_by)
{
return '<a href="' . page_link_to('users') . '&OrderBy=' . $column . '">' . $label . ($order_by == $column ? ' <span class="caret"></span>' : '') . '</a>';
return '<a href="'
. page_link_to('users', ['OrderBy' => $column])
. '">'
. $label . ($order_by == $column ? ' <span class="caret"></span>' : '')
. '</a>';
}
/**
@ -347,7 +354,7 @@ function User_view_myshift($shift, $user_source, $its_me)
];
if ($its_me || in_array('user_shifts_admin', $privileges)) {
$myshift['actions'][] = button(
page_link_to('user_myshifts') . '&edit=' . $shift['id'] . '&id=' . $user_source['UID'],
page_link_to('user_myshifts', ['edit' => $shift['id'], 'id' => $user_source['UID']]),
glyph('edit') . _('edit'),
'btn-xs'
);
@ -356,8 +363,15 @@ function User_view_myshift($shift, $user_source, $its_me)
($shift['start'] > time() + config('last_unsubscribe') * 3600)
|| in_array('user_shifts_admin', $privileges)
) {
$parameters = [
'cancel' => $shift['id'],
'id' => $user_source['UID'],
];
if ($its_me) {
$parameters['id'] = '';
}
$myshift['actions'][] = button(
page_link_to('user_myshifts') . ((!$its_me) ? '&id=' . $user_source['UID'] : '') . '&cancel=' . $shift['id'],
page_link_to('user_myshifts', $parameters),
glyph('trash') . _('sign off'),
'btn-xs'
);
@ -427,7 +441,7 @@ function User_view($user_source, $admin_user_privilege, $freeloader, $user_angel
div('col-md-12', [
buttons([
$admin_user_privilege ? button(
page_link_to('admin_user') . '&id=' . $user_source['UID'],
page_link_to('admin_user', ['id' => $user_source['UID']]),
glyph('edit') . _('edit')
) : '',
$admin_user_privilege ? button(
@ -435,24 +449,24 @@ function User_view($user_source, $admin_user_privilege, $freeloader, $user_angel
glyph('road') . _('driving license')
) : '',
($admin_user_privilege && !$user_source['Gekommen']) ? button(
page_link_to('admin_arrive') . '&arrived=' . $user_source['UID'],
page_link_to('admin_arrive', ['arrived' => $user_source['UID']]),
_('arrived')
) : '',
$admin_user_privilege ? button(
page_link_to('users') . '&action=edit_vouchers&user_id=' . $user_source['UID'],
page_link_to('users', ['action' => 'edit_vouchers', 'user_id' => $user_source['UID']]),
glyph('cutlery') . _('Edit vouchers')
) : '',
$its_me ? button(page_link_to('user_settings'), glyph('list-alt') . _('Settings')) : '',
$its_me ? button(
page_link_to('ical') . '&key=' . $user_source['api_key'],
page_link_to('ical', ['key' => $user_source['api_key']]),
glyph('calendar') . _('iCal Export')
) : '',
$its_me ? button(
page_link_to('shifts_json_export') . '&key=' . $user_source['api_key'],
page_link_to('shifts_json_export', ['key' => $user_source['api_key']]),
glyph('export') . _('JSON Export')
) : '',
$its_me ? button(
page_link_to('user_myshifts') . '&reset',
page_link_to('user_myshifts', ['reset' => 1]),
glyph('repeat') . _('Reset API key')
) : ''
])
@ -607,7 +621,7 @@ function User_groups_render($user_groups)
function User_Nick_render($user_source)
{
return '<a class="' . ($user_source['Gekommen'] ? '' : 'text-muted') . '" href="'
. page_link_to('users') . '&amp;action=view&amp;user_id=' . $user_source['UID']
. page_link_to('users', ['action' => 'view', 'user_id' => $user_source['UID']])
. '"><span class="icon-icon_angel"></span> ' . htmlspecialchars($user_source['Nick']) . '</a>';
}

11
phpunit.xml
View File

@ -1,12 +1,8 @@
<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/4.5/phpunit.xsd"
backupGlobals="false"
bootstrap="./includes/engelsystem_provider.php"
xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/6.3/phpunit.xsd"
colors="true"
convertErrorsToExceptions="true"
convertNoticesToExceptions="true"
convertWarningsToExceptions="true"
processIsolation="false">
>
<testsuites>
<testsuite name="Models">
<directory>./test/model/</directory>
@ -19,7 +15,4 @@
<directory>./src/</directory>
</whitelist>
</filter>
<php>
<const name="PHPUNIT_TESTSUITE" value="true"/>
</php>
</phpunit>

8
public/.htaccess Normal file
View File

@ -0,0 +1,8 @@
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>

145
public/index.php
View File

@ -1,4 +1,7 @@
<?php
use Engelsystem\Http\Request;
require_once realpath(__DIR__ . '/../includes/engelsystem_provider.php');
$free_pages = [
@ -16,7 +19,7 @@ $free_pages = [
'stats',
'users',
'user_driver_licenses',
'user_password_recovery'
'user_password_recovery',
];
// Gewünschte Seite/Funktion
@ -24,8 +27,13 @@ $page = '';
$title = '';
$content = '';
$page = $request->input('p');
/** @var Request $request */
$page = $request->query->get('p');
if (empty($page)) {
$page = $request->path();
$page = str_replace('-', '_', $page);
}
if ($page == '/') {
$page = isset($user) ? 'news' : 'login';
}
@ -38,120 +46,158 @@ if (
) {
$title = $page;
if ($page == 'api') {
switch ($page) {
case 'api':
error('Api disabled temporarily.');
redirect(page_link_to());
require_once realpath(__DIR__ . '/../includes/controller/api.php');
api_controller();
} elseif ($page == 'ical') {
break;
case 'ical':
require_once realpath(__DIR__ . '/../includes/pages/user_ical.php');
user_ical();
} elseif ($page == 'atom') {
break;
case 'atom':
require_once realpath(__DIR__ . '/../includes/pages/user_atom.php');
user_atom();
} elseif ($page == 'shifts_json_export') {
break;
case 'shifts_json_export':
require_once realpath(__DIR__ . '/../includes/controller/shifts_controller.php');
shifts_json_export_controller();
} elseif ($page == 'shifts_json_export_all') {
break;
case 'shifts_json_export_all':
require_once realpath(__DIR__ . '/../includes/controller/shifts_controller.php');
shifts_json_export_all_controller();
} elseif ($page == 'stats') {
break;
case 'stats':
require_once realpath(__DIR__ . '/../includes/pages/guest_stats.php');
guest_stats();
} elseif ($page == 'user_password_recovery') {
break;
case 'user_password_recovery':
require_once realpath(__DIR__ . '/../includes/controller/users_controller.php');
$title = user_password_recovery_title();
$content = user_password_recovery_controller();
} elseif ($page == 'angeltypes') {
break;
case 'angeltypes':
list($title, $content) = angeltypes_controller();
} elseif ($page == 'shifts') {
break;
case 'shifts':
list($title, $content) = shifts_controller();
} elseif ($page == 'users') {
break;
case 'users':
list($title, $content) = users_controller();
} elseif ($page == 'user_angeltypes') {
break;
case 'user_angeltypes':
list($title, $content) = user_angeltypes_controller();
} elseif ($page == 'user_driver_licenses') {
break;
case 'user_driver_licenses':
list($title, $content) = user_driver_licenses_controller();
} elseif ($page == 'shifttypes') {
break;
case 'shifttypes':
list($title, $content) = shifttypes_controller();
} elseif ($page == 'admin_event_config') {
break;
case 'admin_event_config':
list($title, $content) = event_config_edit_controller();
} elseif ($page == 'rooms') {
break;
case 'rooms':
list($title, $content) = rooms_controller();
} elseif ($page == 'news') {
break;
case 'news':
$title = news_title();
$content = user_news();
} elseif ($page == 'news_comments') {
break;
case 'news_comments':
require_once realpath(__DIR__ . '/../includes/pages/user_news.php');
$title = user_news_comments_title();
$content = user_news_comments();
} elseif ($page == 'user_meetings') {
break;
case 'user_meetings':
$title = meetings_title();
$content = user_meetings();
} elseif ($page == 'user_myshifts') {
break;
case 'user_myshifts':
$title = myshifts_title();
$content = user_myshifts();
} elseif ($page == 'user_shifts') {
break;
case 'user_shifts':
$title = shifts_title();
$content = user_shifts();
} elseif ($page == 'user_messages') {
break;
case 'user_messages':
$title = messages_title();
$content = user_messages();
} elseif ($page == 'user_questions') {
break;
case 'user_questions':
$title = questions_title();
$content = user_questions();
} elseif ($page == 'user_settings') {
break;
case 'user_settings':
$title = settings_title();
$content = user_settings();
} elseif ($page == 'login') {
break;
case 'login':
$title = login_title();
$content = guest_login();
} elseif ($page == 'register') {
break;
case 'register':
$title = register_title();
$content = guest_register();
} elseif ($page == 'logout') {
break;
case 'logout':
$title = logout_title();
$content = guest_logout();
} elseif ($page == 'admin_questions') {
break;
case 'admin_questions':
$title = admin_questions_title();
$content = admin_questions();
} elseif ($page == 'admin_user') {
break;
case 'admin_user':
$title = admin_user_title();
$content = admin_user();
} elseif ($page == 'admin_arrive') {
break;
case 'admin_arrive':
$title = admin_arrive_title();
$content = admin_arrive();
} elseif ($page == 'admin_active') {
break;
case 'admin_active':
$title = admin_active_title();
$content = admin_active();
} elseif ($page == 'admin_free') {
break;
case 'admin_free':
$title = admin_free_title();
$content = admin_free();
} elseif ($page == 'admin_news') {
break;
case 'admin_news':
require_once realpath(__DIR__ . '/../includes/pages/admin_news.php');
$content = admin_news();
} elseif ($page == 'admin_rooms') {
break;
case 'admin_rooms':
$title = admin_rooms_title();
$content = admin_rooms();
} elseif ($page == 'admin_groups') {
break;
case 'admin_groups':
$title = admin_groups_title();
$content = admin_groups();
} elseif ($page == 'admin_import') {
break;
case 'admin_import':
$title = admin_import_title();
$content = admin_import();
} elseif ($page == 'admin_shifts') {
break;
case 'admin_shifts':
$title = admin_shifts_title();
$content = admin_shifts();
} elseif ($page == 'admin_log') {
break;
case 'admin_log':
$title = admin_log_title();
$content = admin_log();
} elseif ($page == 'credits') {
break;
case 'credits':
require_once realpath(__DIR__ . '/../includes/pages/guest_credits.php');
$title = credits_title();
$content = guest_credits();
} else {
break;
default:
require_once realpath(__DIR__ . '/../includes/pages/guest_start.php');
$content = guest_start();
break;
}
} else {
// Wenn schon eingeloggt, keine-Berechtigung-Seite anzeigen
@ -166,14 +212,23 @@ if (
$event_config = EventConfig();
$parameters = [
'key' => (isset($user) ? $user['api_key'] : ''),
];
if ($page == 'user_meetings') {
$parameters['meetings'] = 1;
}
echo view(__DIR__ . '/../templates/layout.html', [
'theme' => isset($user) ? $user['color'] : config('theme'),
'title' => $title,
'atom_link' => ($page == 'news' || $page == 'user_meetings')
? ' <link href="' . page_link_to('atom') . (($page == 'user_meetings') ? '&meetings=1' : '')
. '&amp;key=' . (isset($user) ? $user['api_key'] : '')
? ' <link href="'
. page_link_to('atom', $parameters)
. '" type = "application/atom+xml" rel = "alternate" title = "Atom Feed">'
: '',
'start_page_url' => page_link_to('/'),
'credits_url' => page_link_to('credits'),
'menu' => make_menu(),
'content' => msg() . $content,
'header_toolbar' => header_toolbar(),

1
src/Database/Db.php
View File

@ -82,6 +82,7 @@ class Db
/**
* Run a select query and return only the first result or null if no result is found.
*
* @param string $query
* @param array $bindings
* @return array|null

52
src/Exceptions/Handler.php
View File

@ -34,7 +34,9 @@ class Handler
*/
public function errorHandler($number, $string, $file, $line, $context)
{
$this->handle('error', $number, $string, $file, $line, $context);
$trace = array_reverse(debug_backtrace());
$this->handle('error', $number, $string, $file, $line, $context, $trace);
}
/**
@ -59,8 +61,9 @@ class Handler
* @param string $file
* @param int $line
* @param array $context
* @param array $trace
*/
protected function handle($type, $number, $string, $file, $line, $context = [])
protected function handle($type, $number, $string, $file, $line, $context = [], $trace = [])
{
error_log(sprintf('%s: Number: %s, String: %s, File: %s:%u, Context: %s',
$type,
@ -71,13 +74,16 @@ class Handler
json_encode($context)
));
$file = $this->stripBasePath($file);
if ($this->environment == self::ENV_DEVELOPMENT) {
echo '<pre style="background-color:#333;color:#ccc;z-index:1000;position:absolute;top:1em;padding:1em;width:97%;overflow-y:auto;">';
echo '<pre style="background-color:#333;color:#ccc;z-index:1000;position:fixed;bottom:1em;padding:1em;width:97%;max-height: 90%;overflow-y:auto;">';
echo sprintf('%s: (%s)' . PHP_EOL, ucfirst($type), $number);
var_export([
'string' => $string,
'file' => $file . ':' . $line,
'context' => ($this->environment == self::ENV_DEVELOPMENT ? $context : null),
'context' => $context,
'stacktrace' => $this->formatStackTrace($trace),
]);
echo '</pre>';
die();
@ -87,6 +93,44 @@ class Handler
die();
}
/**
* @param array $stackTrace
* @return array
*/
protected function formatStackTrace($stackTrace)
{
$return = [];
foreach ($stackTrace as $trace) {
$path = '';
$line = '';
if (isset($trace['file']) && isset($trace['line'])) {
$path = $this->stripBasePath($trace['file']);
$line = $trace['line'];
}
$functionName = $trace['function'];
$return[] = [
'file' => $path . ':' . $line,
$functionName => $trace['args'],
];
}
return $return;
}
/**
* @param string $path
* @return string
*/
protected function stripBasePath($path)
{
$basePath = realpath(__DIR__ . '/../..') . '/';
return str_replace($basePath, '', $path);
}
/**
* @param string $environment
*/

76
src/Http/Request.php
View File

@ -3,43 +3,13 @@
namespace Engelsystem\Http;
use ErrorException;
use Symfony\Component\HttpFoundation\Request as SymfonyRequest;
class Request
class Request extends SymfonyRequest
{
/** @var self */
protected static $instance;
/** @var array of POST data */
protected $request;
/** @var array of GET data */
protected $query;
/**
* Initialize request
*/
public function create()
{
$this->request = $_POST;
$this->query = $_GET;
}
/**
* Get GET input
*
* @param string $key
* @param mixed $default
* @return mixed
*/
public function get($key, $default = null)
{
if (!empty($this->query[$key])) {
return $this->query[$key];
}
return $default;
}
/**
* Get POST input
*
@ -47,13 +17,9 @@ class Request
* @param mixed $default
* @return mixed
*/
public function post($key, $default = null)
public function postData($key, $default = null)
{
if (!empty($this->request[$key])) {
return $this->request[$key];
}
return $default;
return $this->request->get($key, $default);
}
/**
@ -65,13 +31,7 @@ class Request
*/
public function input($key, $default = null)
{
$data = $this->request + $this->query;
if (isset($data[$key])) {
return $data[$key];
}
return $default;
return $this->get($key, $default);
}
/**
@ -82,9 +42,31 @@ class Request
*/
public function has($key)
{
$data = $this->request + $this->query;
$value = $this->input($key);
return isset($data[$key]);
return !empty($value);
}
/**
* Get the requested path
*
* @return string
*/
public function path()
{
$pattern = trim($this->getPathInfo(), '/');
return $pattern == '' ? '/' : $pattern;
}
/**
* Return the current URL
*
* @return string
*/
public function url()
{
return rtrim(preg_replace('/\?.*/', '', $this->getUri()), '/');
}
/**

27
src/Routing/UrlGenerator.php Normal file
View File

@ -0,0 +1,27 @@
<?php
namespace Engelsystem\Routing;
use Engelsystem\Http\Request;
class UrlGenerator
{
/**
* @param string $path
* @param array $parameters
* @return string
*/
public static function to($path, $parameters = [])
{
$path = '/' . ltrim($path, '/');
$request = Request::getInstance();
$uri = $request->getUriForPath($path);
if (!empty($parameters) && is_array($parameters)) {
$parameters = http_build_query($parameters);
$uri .= '?' . $parameters;
}
return $uri;
}
}

28
src/helpers.php
View File

@ -4,6 +4,8 @@
use Engelsystem\Config\Config;
use Engelsystem\Http\Request;
use Engelsystem\Renderer\Renderer;
use Engelsystem\Routing\UrlGenerator;
use Symfony\Component\HttpFoundation\Session\SessionInterface;
/**
* Get or set config values
@ -41,6 +43,22 @@ function request($key = null, $default = null)
return $request->input($key, $default);
}
/**
* @param string $key
* @param mixed $default
* @return SessionInterface|mixed
*/
function session($key = null, $default = null)
{
$session = request()->getSession();
if (is_null($key)) {
return $session;
}
return $session->get($key, $default);
}
/**
* @param string $template
* @param mixed[] $data
@ -56,3 +74,13 @@ function view($template = null, $data = null)
return $renderer->render($template, $data);
}
/**
* @param string $path
* @param array $parameters
* @return string
*/
function url($path, $parameters = [])
{
return UrlGenerator::to($path, $parameters);
}

7
templates/guest_credits.html
View File

@ -20,11 +20,10 @@
<div class="col-md-4">
<h2>Hosting</h2>
<p>
Webspace, development platform and domain on <a href="https://engelsystem.de">engelsystem.de</a> is currently provided by
<a href="https://www.wybt.net/">would you buy this?</a> (ichdasich)
Webspace, development platform and domain on <a href="https://engelsystem.de">engelsystem.de</a>
is currently provided by <a href="https://www.wybt.net/">would you buy this?</a> (ichdasich)
and adminstrated by <a href="http://mortzu.de/">mortzu</a>,
<a href="http://derf.homelinux.org/">derf</a>
and ichdasich.
<a href="http://derf.homelinux.org/">derf</a> and ichdasich.
</p>
</div>
<div class="col-md-4">

6
templates/layout.html
View File

@ -22,7 +22,9 @@
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="?"><span class="icon-icon_angel"></span> <strong class="visible-lg-inline">ENGELSYSTEM</strong></a>
<a class="navbar-brand" href="%start_page_url%">
<span class="icon-icon_angel"></span> <strong class="visible-lg-inline">ENGELSYSTEM</strong>
</a>
</div>
<div class="collapse navbar-collapse" id="navbar-collapse-1">%menu% %header_toolbar%</div>
</div>
@ -38,7 +40,7 @@
· <a href="%contact_email%"><span class="glyphicon glyphicon-envelope"></span> Contact</a>
· <a href="https://github.com/engelsystem/engelsystem/issues">Bugs / Features</a>
· <a href="https://github.com/engelsystem/engelsystem/">Development Platform</a>
· <a href="?p=credits">Credits</a>
· <a href="%credits_url%">Credits</a>
</div>
</div>
</div>

2
templates/maintenance.html
View File

@ -21,7 +21,7 @@
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="?">
<a class="navbar-brand" href="#">
<span class="icon-icon_angel"></span> <strong class="visible-lg-inline">ENGELSYSTEM</strong>
</a>
</div>

15
templates/user_shifts.html
View File

@ -4,12 +4,14 @@
var days = document.getElementById(id + '_day').getElementsByTagName(
'option');
for (var i = 0; i < days.length; i++) {
if (days[i].value == moment().format('YYYY-MM-DD'))
if (days[i].value === moment().format('YYYY-MM-DD')) {
days[i].selected = true;
}
}
}
</script>
<form class="form-inline" action="" method="get">
<form class="form-inline" action="">
<input type="hidden" name="p" value="user_shifts">
<div class="row">
<div class="col-md-6">
@ -17,7 +19,7 @@
<div class="form-group">%start_select%</div>
<div class="form-group">
<div class="input-group">
<input class="form-control" type="text" id="start_time" name="start_time" size="5"
<input class="form-control" id="start_time" name="start_time" size="5"
pattern="^\d{1,2}:\d{2}$" placeholder="HH:MM" maxlength="5" value="%start_time%">
<div class="input-group-btn">
<button class="btn btn-default" title="Now" type="button" onclick="set_to_now('start');">
@ -30,7 +32,7 @@
<div class="form-group">%end_select%</div>
<div class="form-group">
<div class="input-group">
<input class="form-control" type="text" id="end_time" name="end_time" size="5"
<input class="form-control" id="end_time" name="end_time" size="5"
pattern="^\d{1,2}:\d{2}$" placeholder="HH:MM" maxlength="5" value="%end_time%">
<div class="input-group-btn">
<button class="btn btn-default" title="Now" type="button" onclick="set_to_now('end');">
@ -46,7 +48,10 @@
</div>
<div class="row">
<div class="col-md-6">
<div>%task_notice%</div>
<div>%assign_notice%</div>
</div>
<div class="col-md-6">
<div><p>%task_notice%</p></div>
<input class="btn btn-primary" type="submit" style="width:75%; margin-bottom: 20px" value="%filter%">
</div>
</div>