prohibit inline control structures on includes and index
This commit is contained in:
parent
e965f8d041
commit
4c288e957e
|
@ -54,8 +54,9 @@ require_once realpath(__DIR__ . '/../includes/mailer/shifts_mailer.php');
|
|||
require_once realpath(__DIR__ . '/../includes/mailer/users_mailer.php');
|
||||
|
||||
require_once realpath(__DIR__ . '/../config/config.default.php');
|
||||
if (file_exists(realpath(__DIR__ . '/../config/config.php')))
|
||||
if (file_exists(realpath(__DIR__ . '/../config/config.php'))) {
|
||||
require_once realpath(__DIR__ . '/../config/config.php');
|
||||
}
|
||||
|
||||
if ($maintenance_mode) {
|
||||
echo file_get_contents(__DIR__ . '/../public/maintenance.html');
|
||||
|
|
|
@ -22,10 +22,11 @@ function sql_null($value = null) {
|
|||
function sql_transaction_start() {
|
||||
global $sql_nested_transaction_level;
|
||||
|
||||
if ($sql_nested_transaction_level ++ == 0)
|
||||
if ($sql_nested_transaction_level ++ == 0) {
|
||||
return sql_query("BEGIN");
|
||||
else
|
||||
return true;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -34,10 +35,11 @@ function sql_transaction_start() {
|
|||
function sql_transaction_commit() {
|
||||
global $sql_nested_transaction_level;
|
||||
|
||||
if (-- $sql_nested_transaction_level == 0)
|
||||
if (-- $sql_nested_transaction_level == 0) {
|
||||
return sql_query("COMMIT");
|
||||
else
|
||||
return true;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -46,10 +48,11 @@ function sql_transaction_commit() {
|
|||
function sql_transaction_rollback() {
|
||||
global $sql_nested_transaction_level;
|
||||
|
||||
if (-- $sql_nested_transaction_level == 0)
|
||||
if (-- $sql_nested_transaction_level == 0) {
|
||||
return sql_query("ROLLBACK");
|
||||
else
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -92,12 +95,14 @@ function sql_connect($host, $user, $pass, $db) {
|
|||
}
|
||||
|
||||
$result = $sql_connection->query("SET CHARACTER SET utf8;");
|
||||
if (! $result)
|
||||
if (! $result) {
|
||||
return sql_error("Unable to set utf8 character set (" . $sql_connection->errno . ") " . $sql_connection->error);
|
||||
}
|
||||
|
||||
$result = $sql_connection->set_charset('utf8');
|
||||
if (! $result)
|
||||
if (! $result) {
|
||||
return sql_error("Unable to set utf8 names (" . $sql_connection->errno . ") " . $sql_connection->error);
|
||||
}
|
||||
|
||||
return $sql_connection;
|
||||
}
|
||||
|
@ -111,8 +116,9 @@ function sql_connect($host, $user, $pass, $db) {
|
|||
*/
|
||||
function sql_select_db($db_name) {
|
||||
global $sql_connection;
|
||||
if (! $sql_connection->select_db($db_name))
|
||||
if (! $sql_connection->select_db($db_name)) {
|
||||
return sql_error("No database selected.");
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -127,12 +133,14 @@ function sql_select($query) {
|
|||
|
||||
$result = $sql_connection->query($query);
|
||||
if ($result) {
|
||||
$data = array();
|
||||
while ($line = $result->fetch_assoc())
|
||||
$data = [];
|
||||
while ($line = $result->fetch_assoc()) {
|
||||
array_push($data, $line);
|
||||
}
|
||||
return $data;
|
||||
} else
|
||||
return sql_error("MySQL-query error: " . $query . " (" . $sql_connection->errno . ") " . $sql_connection->error);
|
||||
}
|
||||
|
||||
return sql_error("MySQL-query error: " . $query . " (" . $sql_connection->errno . ") " . $sql_connection->error);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -147,8 +155,9 @@ function sql_query($query) {
|
|||
$result = $sql_connection->query($query);
|
||||
if ($result) {
|
||||
return $result;
|
||||
} else
|
||||
return sql_error("MySQL-query error: " . $query . " (" . $sql_connection->errno . ") " . $sql_connection->error);
|
||||
}
|
||||
|
||||
return sql_error("MySQL-query error: " . $query . " (" . $sql_connection->errno . ") " . $sql_connection->error);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
<?php
|
||||
|
||||
// Testet ob ein User eingeloggt ist und lädt die entsprechenden Privilegien
|
||||
/**
|
||||
* Testet ob ein User eingeloggt ist und lädt die entsprechenden Privilegien
|
||||
*/
|
||||
function load_auth() {
|
||||
global $user, $privileges;
|
||||
|
||||
|
@ -9,40 +11,48 @@ function load_auth() {
|
|||
$user = sql_select("SELECT * FROM `User` WHERE `UID`='" . sql_escape($_SESSION['uid']) . "' LIMIT 1");
|
||||
if (count($user) > 0) {
|
||||
// User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten
|
||||
list ($user) = $user;
|
||||
list($user) = $user;
|
||||
sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;");
|
||||
} else
|
||||
} else {
|
||||
unset($_SESSION['uid']);
|
||||
}
|
||||
}
|
||||
|
||||
$privileges = isset($user) ? privileges_for_user($user['UID']) : privileges_for_group(- 1);
|
||||
}
|
||||
|
||||
// generate a salt (random string) of arbitrary length suitable for the use with crypt()
|
||||
/**
|
||||
* generate a salt (random string) of arbitrary length suitable for the use with crypt()
|
||||
*/
|
||||
function generate_salt($length = 16) {
|
||||
$alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
|
||||
$salt = "";
|
||||
for($i = 0; $i < $length; $i ++) {
|
||||
for ($i = 0; $i < $length; $i ++) {
|
||||
$salt .= $alphabet[rand(0, strlen($alphabet) - 1)];
|
||||
}
|
||||
return $salt;
|
||||
}
|
||||
|
||||
// set the password of a user
|
||||
/**
|
||||
* set the password of a user
|
||||
*/
|
||||
function set_password($uid, $password) {
|
||||
return sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "', `password_recovery_token`=NULL WHERE `UID` = " . intval($uid) . " LIMIT 1");
|
||||
}
|
||||
|
||||
// verify a password given a precomputed salt.
|
||||
// if $uid is given and $salt is an old-style salt (plain md5), we convert it automatically
|
||||
/**
|
||||
* verify a password given a precomputed salt.
|
||||
* if $uid is given and $salt is an old-style salt (plain md5), we convert it automatically
|
||||
*/
|
||||
function verify_password($password, $salt, $uid = false) {
|
||||
$correct = false;
|
||||
if (substr($salt, 0, 1) == '$') // new-style crypt()
|
||||
if (substr($salt, 0, 1) == '$') { // new-style crypt()
|
||||
$correct = crypt($password, $salt) == $salt;
|
||||
elseif (substr($salt, 0, 7) == '{crypt}') // old-style crypt() with DES and static salt - not used anymore
|
||||
} elseif (substr($salt, 0, 7) == '{crypt}') { // old-style crypt() with DES and static salt - not used anymore
|
||||
$correct = crypt($password, '77') == $salt;
|
||||
elseif (strlen($salt) == 32) // old-style md5 without salt - not used anymore
|
||||
} elseif (strlen($salt) == 32) { // old-style md5 without salt - not used anymore
|
||||
$correct = md5($password) == $salt;
|
||||
}
|
||||
|
||||
if ($correct && substr($salt, 0, strlen(CRYPT_ALG)) != CRYPT_ALG && $uid) {
|
||||
// this password is stored in another format than we want it to be.
|
||||
|
@ -54,18 +64,20 @@ function verify_password($password, $salt, $uid = false) {
|
|||
}
|
||||
|
||||
function privileges_for_user($user_id) {
|
||||
$privileges = array ();
|
||||
$privileges = [];
|
||||
$user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`='" . sql_escape($user_id) . "'");
|
||||
foreach ($user_privs as $user_priv)
|
||||
foreach ($user_privs as $user_priv) {
|
||||
$privileges[] = $user_priv['name'];
|
||||
}
|
||||
return $privileges;
|
||||
}
|
||||
|
||||
function privileges_for_group($group_id) {
|
||||
$privileges = array ();
|
||||
$privileges = [];
|
||||
$groups_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`='" . sql_escape($group_id) . "'");
|
||||
foreach ($groups_privs as $guest_priv)
|
||||
foreach ($groups_privs as $guest_priv) {
|
||||
$privileges[] = $guest_priv['name'];
|
||||
}
|
||||
return $privileges;
|
||||
}
|
||||
?>
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
<?php
|
||||
|
||||
function page_link_to($page) {
|
||||
if ($page == "")
|
||||
if ($page == "") {
|
||||
return '?';
|
||||
}
|
||||
return '?p=' . $page;
|
||||
}
|
||||
|
||||
|
@ -18,17 +19,21 @@ function header_toolbar() {
|
|||
|
||||
$toolbar_items = array();
|
||||
|
||||
if (isset($user))
|
||||
if (isset($user)) {
|
||||
$toolbar_items[] = toolbar_item_link(page_link_to('shifts') . '&action=next', 'time', User_shift_state_render($user));
|
||||
}
|
||||
|
||||
if (! isset($user) && in_array('register', $privileges))
|
||||
if (! isset($user) && in_array('register', $privileges)) {
|
||||
$toolbar_items[] = toolbar_item_link(page_link_to('register'), 'plus', register_title(), $p == 'register');
|
||||
}
|
||||
|
||||
if (in_array('login', $privileges))
|
||||
if (in_array('login', $privileges)) {
|
||||
$toolbar_items[] = toolbar_item_link(page_link_to('login'), 'log-in', login_title(), $p == 'login');
|
||||
}
|
||||
|
||||
if (isset($user) && in_array('user_messages', $privileges))
|
||||
if (isset($user) && in_array('user_messages', $privileges)) {
|
||||
$toolbar_items[] = toolbar_item_link(page_link_to('user_messages'), 'envelope', user_unread_messages());
|
||||
}
|
||||
|
||||
$hints = [];
|
||||
if (isset($user)) {
|
||||
|
@ -37,20 +42,24 @@ function header_toolbar() {
|
|||
// Erzengel Hinweis für unbeantwortete Fragen
|
||||
if ($p != "admin_questions") {
|
||||
$new_questions = admin_new_questions();
|
||||
if ($new_questions != "")
|
||||
if ($new_questions != "") {
|
||||
$hints[] = $new_questions;
|
||||
}
|
||||
}
|
||||
|
||||
$unconfirmed_hint = user_angeltypes_unconfirmed_hint();
|
||||
if ($unconfirmed_hint != '')
|
||||
if ($unconfirmed_hint != '') {
|
||||
$hints[] = $unconfirmed_hint;
|
||||
}
|
||||
|
||||
if (! isset($user['planned_departure_date']) || $user['planned_departure_date'] == null)
|
||||
if (! isset($user['planned_departure_date']) || $user['planned_departure_date'] == null) {
|
||||
$hints[] = info(_("Please enter your planned date of departure on your settings page to give us a feeling for teardown capacities."), true);
|
||||
}
|
||||
|
||||
$driver_license_required = user_driver_license_required_hint();
|
||||
if ($driver_license_required != '')
|
||||
if ($driver_license_required != '') {
|
||||
$hints[] = $driver_license_required;
|
||||
}
|
||||
|
||||
if (User_is_freeloader($user)) {
|
||||
$hints[] = error(sprintf(_("You freeloaded at least %s shifts. Shift signup is locked. Please go to heavens desk to be unlocked again."), $max_freeloadable_shifts), true);
|
||||
|
@ -77,22 +86,27 @@ function header_toolbar() {
|
|||
$glyphicon = 'warning-sign';
|
||||
}
|
||||
}
|
||||
if (count($hints) > 0)
|
||||
if (count($hints) > 0) {
|
||||
$toolbar_items[] = toolbar_popover($glyphicon . ' text-' . $hint_class, '', $hints, 'bg-' . $hint_class);
|
||||
}
|
||||
|
||||
$user_submenu = make_langselect();
|
||||
$user_submenu[] = toolbar_item_divider();
|
||||
if (in_array('user_myshifts', $privileges))
|
||||
if (in_array('user_myshifts', $privileges)) {
|
||||
$toolbar_items[] = toolbar_item_link(page_link_to('users') . '&action=view', ' icon-icon_angel', $user['Nick'], $p == 'users');
|
||||
}
|
||||
|
||||
if (in_array('user_settings', $privileges))
|
||||
if (in_array('user_settings', $privileges)) {
|
||||
$user_submenu[] = toolbar_item_link(page_link_to('user_settings'), 'list-alt', settings_title(), $p == 'user_settings');
|
||||
}
|
||||
|
||||
if (in_array('logout', $privileges))
|
||||
if (in_array('logout', $privileges)) {
|
||||
$user_submenu[] = toolbar_item_link(page_link_to('logout'), 'log-out', logout_title(), $p == 'logout');
|
||||
}
|
||||
|
||||
if (count($user_submenu) > 0)
|
||||
if (count($user_submenu) > 0) {
|
||||
$toolbar_items[] = toolbar_dropdown('', '', $user_submenu);
|
||||
}
|
||||
|
||||
return toolbar($toolbar_items, true);
|
||||
}
|
||||
|
@ -100,21 +114,23 @@ function header_toolbar() {
|
|||
function make_navigation() {
|
||||
global $p, $privileges;
|
||||
|
||||
$menu = array();
|
||||
$pages = array(
|
||||
$menu = [];
|
||||
$pages = [
|
||||
"news" => news_title(),
|
||||
"user_meetings" => meetings_title(),
|
||||
"user_shifts" => shifts_title(),
|
||||
"angeltypes" => angeltypes_title(),
|
||||
"user_questions" => questions_title()
|
||||
);
|
||||
];
|
||||
|
||||
foreach ($pages as $page => $title)
|
||||
if (in_array($page, $privileges))
|
||||
foreach ($pages as $page => $title) {
|
||||
if (in_array($page, $privileges)) {
|
||||
$menu[] = toolbar_item_link(page_link_to($page), '', $title, $page == $p);
|
||||
}
|
||||
}
|
||||
|
||||
$admin_menu = array();
|
||||
$admin_pages = array(
|
||||
$admin_menu = [];
|
||||
$admin_pages = [
|
||||
"admin_arrive" => admin_arrive_title(),
|
||||
"admin_active" => admin_active_title(),
|
||||
"admin_user" => admin_user_title(),
|
||||
|
@ -127,14 +143,17 @@ function make_navigation() {
|
|||
"admin_import" => admin_import_title(),
|
||||
"admin_log" => admin_log_title(),
|
||||
"admin_event_config" => event_config_title()
|
||||
);
|
||||
];
|
||||
|
||||
foreach ($admin_pages as $page => $title)
|
||||
if (in_array($page, $privileges))
|
||||
foreach ($admin_pages as $page => $title) {
|
||||
if (in_array($page, $privileges)) {
|
||||
$admin_menu[] = toolbar_item_link(page_link_to($page), '', $title, $page == $p);
|
||||
}
|
||||
}
|
||||
|
||||
if (count($admin_menu) > 0)
|
||||
if (count($admin_menu) > 0) {
|
||||
$menu[] = toolbar_dropdown('', _("Admin"), $admin_menu);
|
||||
}
|
||||
|
||||
return toolbar($menu);
|
||||
}
|
||||
|
|
|
@ -31,8 +31,9 @@ function raw_output($output) {
|
|||
* @return ValidationResult containing the parsed date
|
||||
*/
|
||||
function check_request_date($name, $error_message = null, $null_allowed = false) {
|
||||
if (! isset($_REQUEST[$name]))
|
||||
if (! isset($_REQUEST[$name])) {
|
||||
return new ValidationResult($null_allowed, null);
|
||||
}
|
||||
return check_date($_REQUEST[$name], $error_message, $null_allowed);
|
||||
}
|
||||
|
||||
|
@ -49,10 +50,12 @@ function check_request_date($name, $error_message = null, $null_allowed = false)
|
|||
* @return ValidationResult containing the parsed date
|
||||
*/
|
||||
function check_date($input, $error_message = null, $null_allowed = false) {
|
||||
if (DateTime::createFromFormat("Y-m-d", trim($input)))
|
||||
if (DateTime::createFromFormat("Y-m-d", trim($input))) {
|
||||
return new ValidationResult(true, DateTime::createFromFormat("Y-m-d", trim($input))->getTimestamp());
|
||||
if ($null_allowed)
|
||||
}
|
||||
if ($null_allowed) {
|
||||
return new ValidationResult(true, null);
|
||||
}
|
||||
|
||||
error($error_message);
|
||||
return new ValidationResult(false, null);
|
||||
|
|
|
@ -179,19 +179,10 @@ function form_date($name, $label, $value, $start_date = '') {
|
|||
*/
|
||||
function form_checkboxes($name, $label, $items, $selected) {
|
||||
$html = form_element($label, '');
|
||||
foreach ($items as $key => $item)
|
||||
$html .= form_checkbox($name . '_' . $key, $item, array_search($key, $selected) !== false);
|
||||
|
||||
return $html;
|
||||
|
||||
$html = "<ul>";
|
||||
foreach ($items as $key => $item) {
|
||||
$id = $name . '_' . $key;
|
||||
$sel = array_search($key, $selected) !== false ? ' checked="checked"' : "";
|
||||
$html .= '<li><input type="checkbox" id="' . $id . '" name="' . $id . '" value="checked"' . $sel . ' /><label for="' . $id . '">' . $item . '</label></li>';
|
||||
$html .= form_checkbox($name . '_' . $key, $item, array_search($key, $selected) !== false);
|
||||
}
|
||||
$html .= "</ul>";
|
||||
return form_element($label, $html);
|
||||
return $html;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -210,16 +201,18 @@ function form_checkboxes($name, $label, $items, $selected) {
|
|||
*/
|
||||
function form_multi_checkboxes($names, $label, $items, $selected, $disabled = array()) {
|
||||
$html = "<table><thead><tr>";
|
||||
foreach ($names as $title)
|
||||
foreach ($names as $title) {
|
||||
$html .= "<th>$title</th>";
|
||||
}
|
||||
$html .= "</tr></thead><tbody>";
|
||||
foreach ($items as $key => $item) {
|
||||
$html .= "<tr>";
|
||||
foreach ($names as $name => $title) {
|
||||
$id = $name . '_' . $key;
|
||||
$sel = array_search($key, $selected[$name]) !== false ? ' checked="checked"' : "";
|
||||
if (! empty($disabled) && ! empty($disabled[$name]) && array_search($key, $disabled[$name]) !== false)
|
||||
if (! empty($disabled) && ! empty($disabled[$name]) && array_search($key, $disabled[$name]) !== false) {
|
||||
$sel .= ' disabled="disabled"';
|
||||
}
|
||||
$html .= '<td style="text-align: center;"><input type="checkbox" id="' . $id . '" name="' . $name . '[]" value="' . $key . '"' . $sel . ' /></td>';
|
||||
}
|
||||
$html .= '<td><label for="' . $id . '">' . $item . '</label></td></tr>';
|
||||
|
@ -246,10 +239,12 @@ function form_radio($name, $label, $selected, $value) {
|
|||
* Rendert einen Infotext in das Formular
|
||||
*/
|
||||
function form_info($label, $text = "") {
|
||||
if ($label == "")
|
||||
if ($label == "") {
|
||||
return '<span class="help-block">' . glyph('info-sign') . $text . '</span>';
|
||||
if ($text == "")
|
||||
}
|
||||
if ($text == "") {
|
||||
return '<h4>' . $label . '</h4>';
|
||||
}
|
||||
return form_element($label, '<p class="form-control-static">' . $text . '</p>', '');
|
||||
}
|
||||
|
||||
|
@ -312,9 +307,9 @@ function form_select($name, $label, $values, $selected) {
|
|||
function form_element($label, $input, $for = "") {
|
||||
if ($label == '') {
|
||||
return '<div class="form-group">' . $input . '</div>';
|
||||
} else {
|
||||
return '<div class="form-group">' . '<label for="' . $for . '">' . $label . '</label>' . $input . '</div>';
|
||||
}
|
||||
|
||||
return '<div class="form-group">' . '<label for="' . $for . '">' . $label . '</label>' . $input . '</div>';
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -346,34 +341,40 @@ function page_with_title($title, $elements) {
|
|||
function table($columns, $rows_raw, $data = true) {
|
||||
// If only one column is given
|
||||
if (! is_array($columns)) {
|
||||
$columns = array(
|
||||
$columns = [
|
||||
'col' => $columns
|
||||
);
|
||||
];
|
||||
|
||||
$rows = array();
|
||||
$rows = [];
|
||||
foreach ($rows_raw as $row)
|
||||
$rows[] = array(
|
||||
$rows[] = [
|
||||
'col' => $row
|
||||
);
|
||||
} else
|
||||
];
|
||||
} else {
|
||||
$rows = $rows_raw;
|
||||
}
|
||||
|
||||
if (count($rows) == 0)
|
||||
if (count($rows) == 0) {
|
||||
return info(_("No data found."), true);
|
||||
}
|
||||
|
||||
$html = "";
|
||||
$html .= '<table class="table table-striped' . ($data ? ' data' : '') . '">';
|
||||
$html .= '<thead><tr>';
|
||||
foreach ($columns as $key => $column)
|
||||
foreach ($columns as $key => $column) {
|
||||
$html .= '<th class="column_' . $key . '">' . $column . '</th>';
|
||||
}
|
||||
$html .= '</tr></thead>';
|
||||
$html .= '<tbody>';
|
||||
foreach ($rows as $row) {
|
||||
$html .= '<tr>';
|
||||
foreach ($columns as $key => $column)
|
||||
if (isset($row[$key]))
|
||||
foreach ($columns as $key => $column) {
|
||||
if (isset($row[$key])) {
|
||||
$html .= '<td class="column_' . $key . '">' . $row[$key] . '</td>';
|
||||
else
|
||||
} else {
|
||||
$html .= '<td class="column_' . $key . '"> </td>';
|
||||
}
|
||||
}
|
||||
$html .= '</tr>';
|
||||
}
|
||||
$html .= '</tbody>';
|
||||
|
@ -410,10 +411,11 @@ function table_buttons($buttons = array()) {
|
|||
function template_render($file, $data) {
|
||||
if (file_exists($file)) {
|
||||
$template = file_get_contents($file);
|
||||
if (is_array($data))
|
||||
if (is_array($data)) {
|
||||
foreach ($data as $name => $content) {
|
||||
$template = str_replace("%" . $name . "%", $content, $template);
|
||||
}
|
||||
}
|
||||
return $template;
|
||||
}
|
||||
engelsystem_error("Cannot find template file «" . $file . "».");
|
||||
|
@ -430,8 +432,9 @@ function table_body($array) {
|
|||
foreach ($array as $line) {
|
||||
$html .= "<tr>";
|
||||
if (is_array($line)) {
|
||||
foreach ($line as $td)
|
||||
foreach ($line as $td) {
|
||||
$html .= "<td>" . $td . "</td>";
|
||||
}
|
||||
} else {
|
||||
$html .= "<td>" . $line . "</td>";
|
||||
}
|
||||
|
@ -442,8 +445,9 @@ function table_body($array) {
|
|||
|
||||
function html_options($name, $options, $selected = "") {
|
||||
$html = "";
|
||||
foreach ($options as $value => $label)
|
||||
foreach ($options as $value => $label) {
|
||||
$html .= '<input type="radio"' . ($value == $selected ? ' checked="checked"' : '') . ' name="' . $name . '" value="' . $value . '"> ' . $label;
|
||||
}
|
||||
|
||||
return $html;
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
require_once realpath(__DIR__ . '/../includes/engelsystem_provider.php');
|
||||
|
||||
$free_pages = array(
|
||||
$free_pages = [
|
||||
'admin_event_config',
|
||||
'angeltypes',
|
||||
'api',
|
||||
|
@ -16,12 +16,14 @@ $free_pages = array(
|
|||
'users',
|
||||
'user_driver_licenses',
|
||||
'user_password_recovery'
|
||||
);
|
||||
];
|
||||
|
||||
// Gewünschte Seite/Funktion
|
||||
$p = "";
|
||||
if (! isset($_REQUEST['p']))
|
||||
if (! isset($_REQUEST['p'])) {
|
||||
$_REQUEST['p'] = isset($user) ? "news" : "login";
|
||||
}
|
||||
|
||||
if (isset($_REQUEST['p']) && preg_match("/^[a-z0-9_]*$/i", $_REQUEST['p']) && (in_array($_REQUEST['p'], $free_pages) || in_array($_REQUEST['p'], $privileges))) {
|
||||
$p = $_REQUEST['p'];
|
||||
|
||||
|
@ -160,7 +162,7 @@ if ($event_config === false) {
|
|||
engelsystem_error("Unable to load event config.");
|
||||
}
|
||||
|
||||
echo template_render('../templates/layout.html', array(
|
||||
echo template_render('../templates/layout.html', [
|
||||
'theme' => isset($user) ? $user['color'] : $default_theme,
|
||||
'title' => $title,
|
||||
'atom_link' => ($p == 'news' || $p == 'user_meetings') ? '<link href="' . page_link_to('atom') . (($p == 'user_meetings') ? '&meetings=1' : '') . '&key=' . $user['api_key'] . '" type="application/atom+xml" rel="alternate" title="Atom Feed">' : '',
|
||||
|
@ -171,6 +173,6 @@ echo template_render('../templates/layout.html', array(
|
|||
'contact_email' => $contact_email,
|
||||
'locale' => locale(),
|
||||
'event_info' => EventConfig_info($event_config) . '<br />'
|
||||
));
|
||||
]);
|
||||
|
||||
?>
|
||||
|
|
Loading…
Reference in New Issue