From 4303b05d08ba3754bb82dfa728cae31317a6aeb8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philip=20H=C3=A4usler?= Date: Wed, 7 Sep 2011 23:30:05 +0200 Subject: [PATCH] form validation for creating shifts (admin_shifts) and changed database layout --- db/db_rewrite.sql | 129 ++++++++++++++------------- includes/pages/admin_angel_types.php | 2 +- includes/pages/admin_rooms.php | 10 +-- includes/pages/admin_shifts.php | 95 +++++++++++++++++--- includes/pages/user_shifts.php | 2 +- templates/admin_shifts.html | 10 +-- 6 files changed, 166 insertions(+), 82 deletions(-) diff --git a/db/db_rewrite.sql b/db/db_rewrite.sql index e9af1d38..7ef914ee 100644 --- a/db/db_rewrite.sql +++ b/db/db_rewrite.sql @@ -3,7 +3,7 @@ -- http://www.phpmyadmin.net -- -- Host: localhost --- Erstellungszeit: 19. Juli 2011 um 19:07 +-- Erstellungszeit: 07. September 2011 um 21:23 -- Server Version: 5.1.44 -- PHP-Version: 5.3.1 @@ -70,32 +70,33 @@ CREATE TABLE IF NOT EXISTS `Counter` ( -- INSERT INTO `Counter` (`URL`, `Anz`) VALUES -('news', 243), -('login', 85), +('news', 248), +('login', 89), ('logout', 22), -('start', 59), -('faq', 35), -('credits', 12), +('start', 65), +('faq', 36), +('credits', 13), ('register', 24), -('admin_rooms', 117), -('admin_angel_types', 84), +('admin_rooms', 123), +('admin_angel_types', 85), ('user_settings', 163), ('user_messages', 124), -('admin_groups', 188), +('admin_groups', 196), ('user_questions', 63), ('admin_questions', 51), -('admin_faq', 60), +('admin_faq', 61), ('admin_news', 35), ('news_comments', 158), -('admin_user', 219), +('admin_user', 225), ('user_meetings', 15), -('admin_language', 37), +('admin_language', 38), ('admin_log', 19), ('user_wakeup', 70), -('admin_import', 241), -('user_shifts', 371), -('user_myshifts', 94), -('admin_arrive', 44); +('admin_import', 245), +('user_shifts', 414), +('user_myshifts', 101), +('admin_arrive', 89), +('admin_shifts', 145); -- -------------------------------------------------------- @@ -141,7 +142,7 @@ CREATE TABLE IF NOT EXISTS `GroupPrivileges` ( `privilege_id` int(11) NOT NULL, PRIMARY KEY (`id`), KEY `group_id` (`group_id`,`privilege_id`) -) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=110 ; +) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=118 ; -- -- Daten für Tabelle `GroupPrivileges` @@ -153,17 +154,17 @@ INSERT INTO `GroupPrivileges` (`id`, `group_id`, `privilege_id`) VALUES (106, -2, 8), (105, -2, 11), (23, -1, 2), -(62, -5, 16), -(61, -5, 6), +(116, -5, 16), +(115, -5, 28), (104, -2, 26), (103, -2, 9), (86, -6, 21), -(60, -5, 12), -(59, -5, 14), +(114, -5, 6), +(113, -5, 12), (102, -2, 17), -(58, -5, 13), -(57, -5, 7), -(63, -5, 5), +(112, -5, 14), +(111, -5, 13), +(110, -5, 7), (101, -2, 15), (87, -6, 18), (100, -2, 3), @@ -172,7 +173,8 @@ INSERT INTO `GroupPrivileges` (`id`, `group_id`, `privilege_id`) VALUES (88, -1, 1), (98, -3, 25), (108, -2, 20), -(109, -4, 27); +(109, -4, 27), +(117, -5, 5); -- -------------------------------------------------------- @@ -227,6 +229,37 @@ INSERT INTO `Messages` (`id`, `Datum`, `SUID`, `RUID`, `isRead`, `Text`) VALUES -- -------------------------------------------------------- +-- +-- Tabellenstruktur für Tabelle `NeededAngelTypes` +-- + +CREATE TABLE IF NOT EXISTS `NeededAngelTypes` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `room_id` int(11) DEFAULT NULL, + `shift_id` int(11) DEFAULT NULL, + `angel_type_id` int(11) NOT NULL, + `count` int(11) NOT NULL, + PRIMARY KEY (`id`), + KEY `room_id` (`room_id`,`angel_type_id`), + KEY `shift_id` (`shift_id`) +) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=13 ; + +-- +-- Daten für Tabelle `NeededAngelTypes` +-- + +INSERT INTO `NeededAngelTypes` (`id`, `room_id`, `shift_id`, `angel_type_id`, `count`) VALUES +(4, 3, NULL, 5, 2), +(3, 3, NULL, 4, 2), +(5, 2, NULL, 4, 0), +(6, 2, NULL, 5, 2), +(10, 11, NULL, 5, 0), +(9, 11, NULL, 4, 2), +(11, 10, NULL, 4, 2), +(12, 10, NULL, 5, 0); + +-- -------------------------------------------------------- + -- -- Tabellenstruktur für Tabelle `News` -- @@ -287,7 +320,7 @@ CREATE TABLE IF NOT EXISTS `Privileges` ( `desc` varchar(1024) NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`) -) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=28 ; +) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=29 ; -- -- Daten für Tabelle `Privileges` @@ -320,7 +353,8 @@ INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES (24, 'user_shifts', 'Signup for shifts'), (25, 'user_shifts_admin', 'Signup other angels for shifts.'), (26, 'user_myshifts', 'Allow angels to view their own shifts and cancel them.'), -(27, 'admin_arrive', 'Mark angels when they arrive.'); +(27, 'admin_arrive', 'Mark angels when they arrive.'), +(28, 'admin_shifts', 'Create shifts'); -- -------------------------------------------------------- @@ -370,35 +404,6 @@ INSERT INTO `Room` (`RID`, `Name`, `Man`, `FromPentabarf`, `show`, `Number`) VAL -- -------------------------------------------------------- --- --- Tabellenstruktur für Tabelle `RoomAngelTypes` --- - -CREATE TABLE IF NOT EXISTS `RoomAngelTypes` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `room_id` int(11) NOT NULL, - `angel_type_id` int(11) NOT NULL, - `count` int(11) NOT NULL, - PRIMARY KEY (`id`), - KEY `room_id` (`room_id`,`angel_type_id`) -) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=13 ; - --- --- Daten für Tabelle `RoomAngelTypes` --- - -INSERT INTO `RoomAngelTypes` (`id`, `room_id`, `angel_type_id`, `count`) VALUES -(4, 3, 5, 2), -(3, 3, 4, 2), -(5, 2, 4, 0), -(6, 2, 5, 2), -(10, 11, 5, 0), -(9, 11, 4, 2), -(11, 10, 4, 2), -(12, 10, 5, 0); - --- -------------------------------------------------------- - -- -- Tabellenstruktur für Tabelle `ShiftEntry` -- @@ -410,12 +415,14 @@ CREATE TABLE IF NOT EXISTS `ShiftEntry` ( `UID` int(11) NOT NULL DEFAULT '0', `Comment` text, PRIMARY KEY (`id`) -) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=14 ; +) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=15 ; -- -- Daten für Tabelle `ShiftEntry` -- +INSERT INTO `ShiftEntry` (`id`, `SID`, `TID`, `UID`, `Comment`) VALUES +(14, 131, 4, 1, 'asdfasdfasdf'); -- -------------------------------------------------------- @@ -1149,7 +1156,9 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('user_myshifts', 'DE', 'Meine Schichten'), ('user_myshifts', 'EN', 'My shifts'), ('admin_arrive', 'DE', 'Engel Ankunft'), -('admin_arrive', 'EN', 'Arrived angels'); +('admin_arrive', 'EN', 'Arrived angels'), +('admin_shifts', 'DE', 'Schichten erstellen'), +('admin_shifts', 'EN', 'Create shifts'); -- -------------------------------------------------------- @@ -1192,8 +1201,8 @@ CREATE TABLE IF NOT EXISTS `User` ( -- INSERT INTO `User` (`UID`, `Nick`, `Name`, `Vorname`, `Alter`, `Telefon`, `DECT`, `Handy`, `email`, `ICQ`, `jabber`, `Size`, `Passwort`, `Gekommen`, `Aktiv`, `Tshirt`, `color`, `Sprache`, `Avatar`, `Menu`, `lastLogIn`, `CreateDate`, `Art`, `kommentar`, `Hometown`) VALUES -(1, 'admin', 'Gates', 'Bill', 42, '', '', '', '', '', '', '', '21232f297a57a5a743894a0e4a801fc3', 0, 1, 0, 10, 'DE', 115, 'L', 1311102448, '0000-00-00 00:00:00', '', '', ''), -(148, 'msquare', '', '', 23, '', '', '', 'msquare@notrademark.de', '', '', '', '4297f44b13955235245b2497399d7a93', 1, 1, 1, 10, 'DE', 0, 'L', 1307110798, '2011-06-03 07:55:24', 'AudioEngel', '', ''); +(1, 'admin', 'Gates', 'Bill', 42, '', '', '', '', '', '', '', '21232f297a57a5a743894a0e4a801fc3', 1, 1, 0, 10, 'DE', 115, 'L', 1315430361, '0000-00-00 00:00:00', '', '', ''), +(148, 'msquare', '', '', 23, '', '', '', 'msquare@notrademark.de', '', '', '', '4297f44b13955235245b2497399d7a93', 0, 1, 1, 10, 'DE', 0, 'L', 1307110798, '2011-06-03 07:55:24', 'AudioEngel', '', ''); -- -------------------------------------------------------- diff --git a/includes/pages/admin_angel_types.php b/includes/pages/admin_angel_types.php index c5283899..0a7a721c 100644 --- a/includes/pages/admin_angel_types.php +++ b/includes/pages/admin_angel_types.php @@ -83,7 +83,7 @@ function admin_angel_types() { $angel_type = sql_select("SELECT * FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); if (count($angel_type) > 0) { sql_query("DELETE FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); - sql_query("DELETE FROM `RoomAngelTypes` WHERE `angel_type_id`=" . sql_escape($id) . " LIMIT 1"); + sql_query("DELETE FROM `NeededAngelTypes` WHERE `angel_type_id`=" . sql_escape($id) . " LIMIT 1"); header("Location: " . page_link_to("admin_angel_types")); } else return error("No Angel Type found."); diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php index be54b8ea..c4e8ba46 100644 --- a/includes/pages/admin_rooms.php +++ b/includes/pages/admin_rooms.php @@ -63,7 +63,7 @@ function admin_rooms() { $room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1"); if (count($room) > 0) { list ($room) = $room; - $room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `RoomAngelTypes` ON (`AngelTypes`.`TID` = `RoomAngelTypes`.`angel_type_id` AND `RoomAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`"); + $room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `NeededAngelTypes` ON (`AngelTypes`.`TID` = `NeededAngelTypes`.`angel_type_id` AND `NeededAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`"); $angel_types = ""; foreach ($room_angel_types as $room_angel_type) { @@ -101,7 +101,7 @@ function admin_rooms() { $room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1"); if (count($room) > 0) { list ($room) = $room; - $room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `RoomAngelTypes` ON (`AngelTypes`.`TID` = `RoomAngelTypes`.`angel_type_id` AND `RoomAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`"); + $room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `NeededAngelTypes` ON (`AngelTypes`.`TID` = `NeededAngelTypes`.`angel_type_id` AND `NeededAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`"); $name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Name'])); $man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Man'])); @@ -109,13 +109,13 @@ function admin_rooms() { $show = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['Show'])); $number = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['Number'])); sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($show) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`=" . sql_escape($rid) . " LIMIT 1"); - sql_query("DELETE FROM `RoomAngelTypes` WHERE `room_id`=" . sql_escape($rid)); + sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($rid)); foreach ($room_angel_types as $room_angel_type) { if (isset ($_REQUEST['angel_type_' . $room_angel_type['TID']]) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['angel_type_' . $room_angel_type['TID']])) $count = $_REQUEST['angel_type_' . $room_angel_type['TID']]; else $count = "0"; - sql_query("INSERT INTO `RoomAngelTypes` SET `room_id`=" . sql_escape($rid) . ", `angel_type_id`=" . sql_escape($room_angel_type['TID']) . ", `count`=" . sql_escape($count)); + sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`=" . sql_escape($rid) . ", `angel_type_id`=" . sql_escape($room_angel_type['TID']) . ", `count`=" . sql_escape($count)); } header("Location: " . page_link_to("admin_rooms")); } else @@ -130,7 +130,7 @@ function admin_rooms() { if (sql_num_query("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1") > 0) { sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1"); - sql_query("DELETE FROM `RoomAngelTypes` WHERE `room_id`=" . sql_escape($rid) . " LIMIT 1"); + sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($rid) . " LIMIT 1"); header("Location: " . page_link_to("admin_rooms")); } else return error("No Room found."); diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php index 45c17591..d1981b5c 100644 --- a/includes/pages/admin_shifts.php +++ b/includes/pages/admin_shifts.php @@ -8,8 +8,10 @@ function admin_shifts() { $name = ""; $rid = 0; - $start = date('Y-m-d 00:00'); - $end = date('Y-m-d 00:00', time() + 24 * 60 * 60); + $start = DateTime :: createFromFormat("Y-m-d H:i", date("Y-m-d") . " 00:00")->getTimestamp(); + $end = $start +24 * 60 * 60; + $mode = 'single'; + $angelmode = 'location'; // Locations laden $rooms = sql_select("SELECT * FROM `Room` WHERE `show`='Y' ORDER BY `Name`"); @@ -17,18 +19,22 @@ function admin_shifts() { foreach ($rooms as $room) $room_array[$room['RID']] = $room['Name']; + // Engeltypen laden + $types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `Name`"); + $needed_angel_types = array (); + foreach ($types as $type) + $needed_angel_types[$type['TID']] = 0; + if (isset ($_REQUEST['preview'])) { // Name/Bezeichnung der Schicht, darf nicht leer sein if (isset ($_REQUEST['name']) && strlen($_REQUEST['name']) > 0) $name = strip_request_item('name'); else { $ok = false; - $name = ""; $msg .= error("Gib bitte einen Namen für die Schicht(en) an."); } // Auswahl der sichtbaren Locations für die Schichten - if (isset ($_REQUEST['rid']) && preg_match("/^[0-9]+$/", $_REQUEST['rid']) && isset ($room_array[$_REQUEST['rid']])) $rid = $_REQUEST['rid']; else { @@ -36,16 +42,80 @@ function admin_shifts() { $rid = $rooms[0]['RID']; $msg .= error("Wähle bitte einen Raum aus."); } - } - $room_select = html_select_key('rid', $room_array, ''); - $types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `Name`"); + if (isset ($_REQUEST['start']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['start']))) + $start = $tmp->getTimestamp(); + else { + $ok = false; + $msg .= error("Bitte gib einen Startzeitpunkt für die Schichten an."); + } + + if (isset ($_REQUEST['end']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['end']))) + $end = $tmp->getTimestamp(); + else { + $ok = false; + $msg .= error("Bitte gib einen Endzeitpunkt für die Schichten an."); + } + + if ($start >= $end) { + $ok = false; + $msg .= error("Das Ende muss nach dem Startzeitpunkt liegen!"); + } + + if (isset ($_REQUEST['mode'])) { + if ($_REQUEST['mode'] == 'single') { + $mode = 'single'; + } + elseif ($_REQUEST['mode'] == 'multi') { + if (isset ($_REQUEST['length']) && preg_match("/^[0-9]+$/", trim($_REQUEST['length']))) { + $mode = 'multi'; + $length = trim($_REQUEST['length']); + } else { + $ok = false; + $msg .= error("Bitte gib eine Schichtlänge in Minuten an."); + } + } + elseif ($_REQUEST['mode'] == 'variable') { + if (isset ($_REQUEST['change_hours']) && preg_match("/^([0-9]+(,|$))/", trim(str_replace(" ", "", $_REQUEST['change_hours'])))) { + $mode = 'variable'; + $change_hours = explode(",", $_REQUEST['change_hours']); + } else { + $ok = false; + $msg .= error("Bitte gib die Schichtwechsel-Stunden kommagetrennt ein."); + } + } + } else { + $ok = false; + $msg .= error("Bitte wähle einen Modus."); + } + + if (isset ($_REQUEST['angelmode'])) { + if ($_REQUEST['angelmode'] == 'location') { + $angelmode = 'location'; + } + elseif ($_REQUEST['angelmode'] == 'manually') { + foreach ($types as $type) { + if (isset ($_REQUEST['type_' . $type['TID']]) && preg_match("/^[0-9]+$/", trim($_REQUEST['type_' . $type['TID']]))) { + $needed_angel_types[$type['TID']] = trim($_REQUEST['type_' . $type['TID']]); + } else { + $ok = false; + $msg .= error("Bitte überprüfe die Eingaben für die benötigten Engel des Typs " . $type['Name'] . "."); + } + } + } else { + $ok = false; + $msg .= error("Bitte Wähle einen Modus für die benötigten Engel."); + } + } + } + + $room_select = html_select_key('rid', $room_array, ''); $angel_types = ""; foreach ($types as $type) { $angel_types .= template_render('../templates/admin_shifts_angel_types.html', array ( 'id' => $type['TID'], 'type' => $type['Name'], - 'value' => "0" + 'value' => $needed_angel_types[$type['TID']] )); } return template_render('../templates/admin_shifts.html', array ( @@ -53,8 +123,13 @@ function admin_shifts() { 'room_select' => $room_select, 'msg' => $msg, 'name' => $name, - 'start' => $start, - 'end' => $end + 'start' => date("Y-m-d H:i", $start), + 'end' => date("Y-m-d H:i", $end), + 'mode_single_selected' => $_REQUEST['mode'] == 'single' ? 'checked="checked"' : '', + 'mode_multi_selected' => $_REQUEST['mode'] == 'multi' ? 'checked="checked"' : '', + 'mode_variable_selected' => $_REQUEST['mode'] == 'variable' ? 'checked="checked"' : '', + 'angelmode_location_selected' => $_REQUEST['angelmode'] == 'location' ? 'checked="checked"' : '', + 'angelmode_manually_selected' => $_REQUEST['angelmode'] == 'manually' ? 'checked="checked"' : '' )); } ?> \ No newline at end of file diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index 3c05725e..d5367073 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -98,7 +98,7 @@ function user_shifts() { foreach ($shifts as $shift) { $shift_row = '' . date(($id == 0 ? "Y-m-d " : "") . "H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']) . ($id == 0 ? "
" . $shift['Name'] : "") . '' . $shift['name'] . '
'; $show_shift = false; - $angeltypes = sql_select("SELECT * FROM `RoomAngelTypes` JOIN `AngelTypes` ON (`RoomAngelTypes`.`angel_type_id` = `AngelTypes`.`TID`) WHERE `room_id`=" . sql_escape($shift['RID']) . " AND `count` > 0 ORDER BY `AngelTypes`.`Name`"); + $angeltypes = sql_select("SELECT * FROM `NeededAngelTypes` JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`TID`) WHERE `room_id`=" . sql_escape($shift['RID']) . " AND `count` > 0 ORDER BY `AngelTypes`.`Name`"); if (count($angeltypes) > 0) { $my_shift = sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift['SID']) . " AND `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0; diff --git a/templates/admin_shifts.html b/templates/admin_shifts.html index 45663956..a79bd571 100644 --- a/templates/admin_shifts.html +++ b/templates/admin_shifts.html @@ -29,12 +29,12 @@

Modus:

Eine Schicht erstellen.

Mehrere Schichten erstellen:

@@ -45,7 +45,7 @@

Mehrere Schichten mit variabler Länge erstellen:

@@ -56,12 +56,12 @@

Benötigte Engel:

Benötigte Engel vom Ort übernehmen.

Es werden folgende Engel benötigt:

%angel_types%