Merge pull request #284 from jwacalex/unset_user_id_in_shift_entries_controller
fixed broken logic in controller (cf. to mail to @msquare)
This commit is contained in:
commit
39f9c2e34c
|
@ -37,11 +37,19 @@ function shift_entry_add_controller() {
|
|||
$type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1");
|
||||
}
|
||||
|
||||
|
||||
if (count($type) == 0) {
|
||||
redirect(page_link_to('user_shifts'));
|
||||
}
|
||||
$type = $type[0];
|
||||
|
||||
if (isset($_REQUEST['user_id']) && preg_match("/^[0-9]*$/", $_REQUEST['user_id']) &&
|
||||
in_array('user_shifts_admin', $privileges)) {
|
||||
$user_id = $_REQUEST['user_id'];
|
||||
} else {
|
||||
$user_id = $user['UID'];
|
||||
}
|
||||
|
||||
$shift_signup_allowed = Shift_signup_allowed(User($user_id), $shift, $type);
|
||||
if (! $shift_signup_allowed->isSignupAllowed()) {
|
||||
error(_("You are not allowed to sign up for this shift. Maybe shift is full or already running."));
|
||||
|
@ -51,11 +59,6 @@ function shift_entry_add_controller() {
|
|||
if (isset($_REQUEST['submit'])) {
|
||||
$selected_type_id = $type_id;
|
||||
if (in_array('user_shifts_admin', $privileges)) {
|
||||
if (isset($_REQUEST['user_id']) && preg_match("/^[0-9]*$/", $_REQUEST['user_id'])) {
|
||||
$user_id = $_REQUEST['user_id'];
|
||||
} else {
|
||||
$user_id = $user['UID'];
|
||||
}
|
||||
|
||||
if (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1") == 0) {
|
||||
redirect(page_link_to('user_shifts'));
|
||||
|
@ -64,8 +67,6 @@ function shift_entry_add_controller() {
|
|||
if (isset($_REQUEST['angeltype_id']) && test_request_int('angeltype_id') && sql_num_query("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($_REQUEST['angeltype_id']) . "' LIMIT 1") > 0) {
|
||||
$selected_type_id = $_REQUEST['angeltype_id'];
|
||||
}
|
||||
} else {
|
||||
$user_id = $user['UID'];
|
||||
}
|
||||
|
||||
if (sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `UID` = '" . sql_escape($user_id) . "'")) {
|
||||
|
|
Loading…
Reference in New Issue