Merge branch 'master' of https://vcs.wybt.net/engelsystem/git
This commit is contained in:
commit
518f8d0d58
|
@ -0,0 +1,59 @@
|
||||||
|
<?php
|
||||||
|
// there have been some new translations added.
|
||||||
|
// For each of them, check if we already got it and create it if not
|
||||||
|
// We can conviniently do this with "INSERT IGNORE" and a UNIQUE key:
|
||||||
|
|
||||||
|
$res = sql_select("SHOW INDEX FROM `Sprache` WHERE `Key_name` = 'TextID'");
|
||||||
|
if($res[0]['Non_unique'] != 0) {
|
||||||
|
sql_query("ALTER TABLE `Sprache` DROP INDEX `TextID`, ADD UNIQUE (`TextID`, `Sprache`)");
|
||||||
|
$applied = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
$res = mysql_query("INSERT IGNORE INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES
|
||||||
|
('no_access_text', 'DE', 'Du hast keinen Zugriff auf diese Seite. Vermutlich muss du dich erst anmelden/registrieren!'),
|
||||||
|
('no_access_text', 'EN', 'You don't have permission to view this page. You probably have to sign in or register in order to gain access!'),
|
||||||
|
('no_access_title', 'DE', 'Kein Zugriff'),
|
||||||
|
('no_access_title', 'EN', 'No Access'),
|
||||||
|
('rooms', 'DE', 'Räume'),
|
||||||
|
('rooms', 'EN', 'rooms'),
|
||||||
|
('days', 'DE', 'Tage'),
|
||||||
|
('days', 'EN', 'days'),
|
||||||
|
('tasks', 'DE', 'Aufgaben'),
|
||||||
|
('tasks', 'EN', 'tasks'),
|
||||||
|
('occupancy', 'DE', 'Belegung'),
|
||||||
|
('occupancy' ,'EN', 'occupancy'),
|
||||||
|
('all', 'DE', 'alle'),
|
||||||
|
('all', 'EN', 'all'),
|
||||||
|
('none', 'DE', 'keine'),
|
||||||
|
('none', 'EN', 'none'),
|
||||||
|
('entries', 'DE', 'Einträge'),
|
||||||
|
('entries', 'EN', 'entries'),
|
||||||
|
('time', 'DE', 'Zeit'),
|
||||||
|
('time', 'EN', 'time'),
|
||||||
|
('room', 'DE', 'Raum'),
|
||||||
|
('room' ,'EN', 'room'),
|
||||||
|
('to_filter', 'DE', 'filtern'),
|
||||||
|
('to_filter', 'EN', 'filter'),
|
||||||
|
('pub_schichtplan_tasks_notice', 'DE', 'Die hier angezeigten Aufgaben werden durch die Präferenzen in deinen Einstellungen beeinflusst!'),
|
||||||
|
('pub_schichtplan_tasks_notice', 'EN', 'The tasks shown here are influenced by the preferences you defined in your settings!'),
|
||||||
|
('inc_schicht_ical_text', 'DE', 'Zum Abonnieren der angezeigten Schichten in deiner Kalender-Software benutze <a href=\"%s\">diesen Link</a> (bitte geheimhalten, im Notfall Deinen <a href=\"%s\">iCal-Key zurücksetzen</a>):'),
|
||||||
|
('inc_schicht_ical_text', 'EN', 'To subscribe the shifts shown in your calendar software, use <a href=\"%s\">this link</a> (please keep secret, otherwise <a href=\"%s\">reset the ical key</a>):'),
|
||||||
|
('helpers', 'DE', 'Helfer'),
|
||||||
|
('helpers', 'EN', 'helpers'),
|
||||||
|
('helper', 'DE', 'Helfer'),
|
||||||
|
('helper', 'EN', 'helper'),
|
||||||
|
('needed', 'DE', 'gebraucht'),
|
||||||
|
('needed', 'EN', 'needed'),
|
||||||
|
('pub_myshifts_intro', 'DE', 'Hier sind Deine Schichten.<br/>Versuche bitte <b>15 Minuten</b> vor Schichtbeginn anwesend zu sein!<br/>Du kannst Dich %d Stunden vor Schichtbeginn noch aus Schichten wieder austragen.'),
|
||||||
|
('pub_myshifts_intro', 'EN', 'These are your shifts.<br/>Please try to appear <b>15 minutes</b> before your shift begins!<br/>You can remove yourself from a shift up to %d hours before it starts.'),
|
||||||
|
('pub_myshifts_goto_shifts', 'DE', 'Gehe zum <a href=\"%s\">Schichtplan</a> um Dich für Schichten einzutragen.'),
|
||||||
|
('pub_myshifts_goto_shifts', 'EN', 'Go to the <a href=\"%s\">shifts table</a> to sign yourself up for some shifts.'),
|
||||||
|
('pub_myshifts_signed_off', 'DE', 'Du wurdest aus der Schicht ausgetragen.'),
|
||||||
|
('pub_myshifts_signed_off', 'EN', 'You have been signed off from the shift.'),
|
||||||
|
('pub_myshifts_too_late', 'DE', 'Es ist zu spät um sich aus der Schicht auszutragen. Frage ggf. den Schichtkoordinator, ob er dich austragen kann.'),
|
||||||
|
('pub_myshifts_too_late', 'EN', 'It\'s too late to sign yourself off the shift. If neccessary, as the dispatcher to do so.'),
|
||||||
|
('sign_off', 'DE', 'austragen'),
|
||||||
|
('sign_off', 'EN', 'sign off');");
|
||||||
|
|
||||||
|
if(mysql_affected_rows() > 0)
|
||||||
|
$applied = true;
|
|
@ -0,0 +1,17 @@
|
||||||
|
<?php
|
||||||
|
// one translation pair added last commit was faulty (contained a closing :
|
||||||
|
// even though it should have been a .), we fix it now
|
||||||
|
mysql_query("UPDATE `Sprache`
|
||||||
|
SET `Text` = CONCAT(SUBSTR(`Text`, 1, CHAR_LENGTH(`Text`)-1), '.')
|
||||||
|
WHERE `TextID` = 'inc_schicht_ical_text' AND `Text` LIKE '%:';");
|
||||||
|
|
||||||
|
$applied = mysql_affected_rows() > 0;
|
||||||
|
|
||||||
|
// more translations
|
||||||
|
$res = mysql_query("INSERT IGNORE INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES
|
||||||
|
('occupied', 'DE', 'belegt'),
|
||||||
|
('occupied', 'EN', 'occupied'),
|
||||||
|
('free', 'DE', 'frei'),
|
||||||
|
('free', 'EN', 'free');");
|
||||||
|
|
||||||
|
$applied |= mysql_affected_rows() > 0;
|
|
@ -0,0 +1,7 @@
|
||||||
|
<?php
|
||||||
|
// make the Passwort column in the User table longer to store more advanced hashes with salts
|
||||||
|
$res = sql_select("DESCRIBE `User` `Passwort`");
|
||||||
|
if ($res[0]['Type'] == 'varchar(40)') {
|
||||||
|
sql_query("ALTER TABLE `User` CHANGE `Passwort` `Passwort` VARCHAR(128) NULL");
|
||||||
|
$applied = true;
|
||||||
|
}
|
|
@ -240,7 +240,7 @@ function admin_user() {
|
||||||
|
|
||||||
case 'change_pw' :
|
case 'change_pw' :
|
||||||
if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) {
|
if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) {
|
||||||
sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
|
set_password($id, $_REQUEST['new_pw']);
|
||||||
$html .= success("Passwort neu gesetzt.", true);
|
$html .= success("Passwort neu gesetzt.", true);
|
||||||
} else {
|
} else {
|
||||||
$html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true);
|
$html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true);
|
||||||
|
|
|
@ -71,10 +71,8 @@ function guest_register() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset ($_REQUEST['password']) && strlen($_REQUEST['password']) >= 6) {
|
if (isset ($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) {
|
||||||
if ($_REQUEST['password'] == $_REQUEST['password2']) {
|
if ($_REQUEST['password'] != $_REQUEST['password2']) {
|
||||||
$password_hash = PassCrypt($_REQUEST['password']);
|
|
||||||
} else {
|
|
||||||
$ok = false;
|
$ok = false;
|
||||||
$msg .= error(Get_Text("makeuser_error_password1"), true);
|
$msg .= error(Get_Text("makeuser_error_password1"), true);
|
||||||
}
|
}
|
||||||
|
@ -112,9 +110,10 @@ function guest_register() {
|
||||||
"', `email`='" . sql_escape($mail) . "', `ICQ`='" . sql_escape($icq) . "', `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) .
|
"', `email`='" . sql_escape($mail) . "', `ICQ`='" . sql_escape($icq) . "', `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) .
|
||||||
"', `Passwort`='" . sql_escape($password_hash) . "', `kommentar`='" . sql_escape($comment) . "', `Hometown`='" . sql_escape($hometown) . "', `CreateDate`=NOW(), `Sprache`='" . sql_escape($_SESSION["Sprache"]) . "'");
|
"', `Passwort`='" . sql_escape($password_hash) . "', `kommentar`='" . sql_escape($comment) . "', `Hometown`='" . sql_escape($hometown) . "', `CreateDate`=NOW(), `Sprache`='" . sql_escape($_SESSION["Sprache"]) . "'");
|
||||||
|
|
||||||
// Assign user-group
|
// Assign user-group and set password
|
||||||
$user_id = sql_id();
|
$user_id = sql_id();
|
||||||
sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape($user_id) . ", `group_id`=-2");
|
sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape($user_id) . ", `group_id`=-2");
|
||||||
|
set_password($user_id, $_REQUEST['password']);
|
||||||
|
|
||||||
// Assign angel-types
|
// Assign angel-types
|
||||||
foreach ($selected_angel_types as $selected_angel_type_id)
|
foreach ($selected_angel_types as $selected_angel_type_id)
|
||||||
|
@ -176,7 +175,7 @@ function guest_login() {
|
||||||
if (count($login_user) > 0) {
|
if (count($login_user) > 0) {
|
||||||
$login_user = $login_user[0];
|
$login_user = $login_user[0];
|
||||||
if (isset ($_REQUEST['password'])) {
|
if (isset ($_REQUEST['password'])) {
|
||||||
if ($login_user['Passwort'] != PassCrypt($_REQUEST['password'])) {
|
if (!verify_password($_REQUEST['password'], $login_user['Passwort'], $login_user['UID'])) {
|
||||||
$ok = false;
|
$ok = false;
|
||||||
$msg .= error(Get_Text("pub_index_pass_no_ok"), true);
|
$msg .= error(Get_Text("pub_index_pass_no_ok"), true);
|
||||||
}
|
}
|
||||||
|
|
|
@ -58,9 +58,9 @@ function user_myshifts() {
|
||||||
$shift = $shift[0];
|
$shift = $shift[0];
|
||||||
if (($shift['start'] - time() < $LETZTES_AUSTRAGEN * 60) || in_array('user_shifts_admin', $privileges)) {
|
if (($shift['start'] - time() < $LETZTES_AUSTRAGEN * 60) || in_array('user_shifts_admin', $privileges)) {
|
||||||
sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
|
sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
|
||||||
$msg .= success("Du wurdest aus der Schicht ausgetragen.", true);
|
$msg .= success(Get_Text("pub_myshifts_signed_off"), true);
|
||||||
} else
|
} else
|
||||||
$msg .= error("Es ist zu spät um sich aus der Schicht auszutragen. Frage ggf. einen Orga.", true);
|
$msg .= error(Get_Text("pub_myshifts_too_late"), true);
|
||||||
} else
|
} else
|
||||||
redirect(page_link_to('user_myshifts'));
|
redirect(page_link_to('user_myshifts'));
|
||||||
}
|
}
|
||||||
|
@ -78,24 +78,25 @@ function user_myshifts() {
|
||||||
$html .= '<td>' . $shift['name'] . '</td>';
|
$html .= '<td>' . $shift['name'] . '</td>';
|
||||||
$html .= '<td>' . $shift['Comment'] . '</td>';
|
$html .= '<td>' . $shift['Comment'] . '</td>';
|
||||||
$html .= '<td>';
|
$html .= '<td>';
|
||||||
$html .= '<a href="' . page_link_to('user_myshifts') . '&edit=' . $shift['id'] . '">bearbeiten</a>';
|
$html .= '<a href="' . page_link_to('user_myshifts') . '&edit=' . $shift['id'] . '">' . Get_Text('edit') . '</a>';
|
||||||
if ($shift['start'] - time() > $LETZTES_AUSTRAGEN * 60)
|
if ($shift['start'] - time() > $LETZTES_AUSTRAGEN * 60)
|
||||||
$html .= ' | <a href="' . page_link_to('user_myshifts') . '&cancel=' . $shift['id'] . '">austragen</a>';
|
$html .= ' | <a href="' . page_link_to('user_myshifts') . '&cancel=' . $shift['id'] . '">' . Get_Text('sign_off') . '</a>';
|
||||||
$html .= '</td>';
|
$html .= '</td>';
|
||||||
$html .= '</tr>';
|
$html .= '</tr>';
|
||||||
}
|
}
|
||||||
if ($html == "")
|
if ($html == "")
|
||||||
$html = '<tr><td>Keine...</td><td></td><td></td><td></td><td></td><td>Gehe zum <a href="' . page_link_to('user_shifts') . '">Schichtplan</a> um Dich für Schichten einzutragen.</td></tr>';
|
$html = '<tr><td>' . ucfirst(Get_Text('none')) . '...</td><td></td><td></td><td></td><td></td><td>' . sprintf(Get_Text('pub_myshifts_goto_shifts'), page_link_to('user_shifts')) . '</td></tr>';
|
||||||
|
|
||||||
if ($shifts_user['ical_key'] == "")
|
if ($shifts_user['ical_key'] == "")
|
||||||
user_reset_ical_key($shifts_user);
|
user_reset_ical_key($shifts_user);
|
||||||
|
|
||||||
return msg().template_render('../templates/user_myshifts.html', array (
|
return msg().template_render('../templates/user_myshifts.html', array (
|
||||||
'h' => $LETZTES_AUSTRAGEN,
|
'intro' => sprintf(Get_Text('pub_myshifts_intro'), $LETZTES_AUSTRAGEN),
|
||||||
'shifts' => $html,
|
'shifts' => $html,
|
||||||
'msg' => $msg,
|
'msg' => $msg,
|
||||||
'ical_link' => page_link_to_absolute('ical') . '&key=' . $shifts_user['ical_key'],
|
'ical_text' => sprintf(Get_Text('inc_schicht_ical_text'),
|
||||||
'reset_link' => page_link_to('user_myshifts') . '&reset'
|
page_link_to_absolute('ical') . '&key=' . $shifts_user['ical_key'],
|
||||||
));
|
page_link_to('user_myshifts') . '&reset'),
|
||||||
|
));
|
||||||
}
|
}
|
||||||
?>
|
?>
|
|
@ -114,29 +114,17 @@ function user_settings() {
|
||||||
elseif (isset ($_REQUEST['submit_password'])) {
|
elseif (isset ($_REQUEST['submit_password'])) {
|
||||||
$ok = true;
|
$ok = true;
|
||||||
|
|
||||||
if (!isset ($_REQUEST['password']) || $user['Passwort'] != PassCrypt($_REQUEST['password'])) {
|
if (!isset ($_REQUEST['password']) || !verify_password($_REQUEST['password'], $user['Passwort'], $user['UID']))
|
||||||
$ok = false;
|
|
||||||
$msg .= error(Get_Text(30), true);
|
$msg .= error(Get_Text(30), true);
|
||||||
}
|
elseif (strlen($_REQUEST['new_password']) <= MIN_PASSWORD_LENGTH)
|
||||||
|
$msg .= error(Get_Text("makeuser_error_password2"));
|
||||||
if (isset ($_REQUEST['new_password']) && strlen($_REQUEST['new_password']) >= 6) {
|
elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2'])
|
||||||
if ($_REQUEST['new_password'] == $_REQUEST['new_password2']) {
|
$msg .= error(Get_Text("makeuser_error_password1"), true);
|
||||||
$password_hash = PassCrypt($_REQUEST['new_password']);
|
elseif(set_password($user['UID'], $_REQUEST['new_password']))
|
||||||
} else {
|
|
||||||
$ok = false;
|
|
||||||
$msg .= error(Get_Text("makeuser_error_password1"), true);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$ok = false;
|
|
||||||
$msg .= error(Get_Text("makeuser_error_password2"), true);
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($ok) {
|
|
||||||
sql_query("UPDATE `User` SET `Passwort`='" . sql_escape($password_hash) . "' WHERE `UID`=" . sql_escape($user['UID']));
|
|
||||||
|
|
||||||
success("Password saved.");
|
success("Password saved.");
|
||||||
redirect(page_link_to('user_settings'));
|
else
|
||||||
}
|
error("Failed setting password.");
|
||||||
|
redirect(page_link_to('user_settings'));
|
||||||
}
|
}
|
||||||
elseif (isset ($_REQUEST['submit_theme'])) {
|
elseif (isset ($_REQUEST['submit_theme'])) {
|
||||||
$ok = true;
|
$ok = true;
|
||||||
|
|
|
@ -268,14 +268,16 @@ function view_user_shifts() {
|
||||||
$types = sql_select("SELECT `id`, `name` FROM `AngelTypes`");
|
$types = sql_select("SELECT `id`, `name` FROM `AngelTypes`");
|
||||||
else
|
else
|
||||||
$types = sql_select("SELECT `AngelTypes`.`id`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `UserAngelTypes`.`user_id` = " . sql_escape($user['UID']) . " AND (`AngelTypes`.`restricted` = 0 OR NOT `UserAngelTypes`.`confirm_user_id` IS NULL)");
|
$types = sql_select("SELECT `AngelTypes`.`id`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `UserAngelTypes`.`user_id` = " . sql_escape($user['UID']) . " AND (`AngelTypes`.`restricted` = 0 OR NOT `UserAngelTypes`.`confirm_user_id` IS NULL)");
|
||||||
|
if (empty($types))
|
||||||
|
$types = sql_select("SELECT `id`, `name` FROM `AngelTypes` WHERE `restricted` = 0");
|
||||||
$filled = array (
|
$filled = array (
|
||||||
array (
|
array (
|
||||||
'id' => '1',
|
'id' => '1',
|
||||||
'name' => 'Volle'
|
'name' => Get_Text('occupied')
|
||||||
),
|
),
|
||||||
array (
|
array (
|
||||||
'id' => '0',
|
'id' => '0',
|
||||||
'name' => 'Freie'
|
'name' => Get_Text('free')
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -347,9 +349,10 @@ function view_user_shifts() {
|
||||||
$query .= "`shift_id` = " . sql_escape($shift['SID']);
|
$query .= "`shift_id` = " . sql_escape($shift['SID']);
|
||||||
else
|
else
|
||||||
$query .= "`room_id` = " . sql_escape($shift['RID']);
|
$query .= "`room_id` = " . sql_escape($shift['RID']);
|
||||||
$query .= " AND `count` > 0
|
$query .= " AND `count` > 0 ";
|
||||||
AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ")
|
if (!empty($_SESSION['user_shifts']['types']))
|
||||||
ORDER BY `AngelTypes`.`name`";
|
$query .= "AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") ";
|
||||||
|
$query .= "ORDER BY `AngelTypes`.`name`";
|
||||||
$angeltypes = sql_select($query);
|
$angeltypes = sql_select($query);
|
||||||
|
|
||||||
if (count($angeltypes) > 0) {
|
if (count($angeltypes) > 0) {
|
||||||
|
@ -363,12 +366,15 @@ function view_user_shifts() {
|
||||||
else
|
else
|
||||||
$entry_list[] = $entry['Nick'];
|
$entry_list[] = $entry['Nick'];
|
||||||
}
|
}
|
||||||
|
// do we need more angles of this type?
|
||||||
if ($angeltype['count'] - count($entries) > 0) {
|
if ($angeltype['count'] - count($entries) > 0) {
|
||||||
if ((time() < $shift['end'] && !$my_shift) || in_array('user_shifts_admin', $privileges)) {
|
$inner_text = ($angeltype['count'] - count($entries)) . ' ' . Get_Text($angeltype['count'] - count($entries) == 1 ? 'helper' : 'helpers') . ' ' . Get_Text('needed');
|
||||||
$entry_list[] = '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . ($angeltype['count'] - count($entries)) . ' Helfer' . ($angeltype['count'] - count($entries) != 1 ? '' : '') . ' gebraucht »</a>';
|
// is the shift still running or alternatively is the user shift admin?
|
||||||
} else {
|
if ((time() < $shift['end'] && !$my_shift) || in_array('user_shifts_admin', $privileges))
|
||||||
$entry_list[] = ($angeltype['count'] - count($entries)) . ' Helfer gebraucht';
|
$entry_list[] = '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . $inner_text . ' »</a>';
|
||||||
}
|
else
|
||||||
|
$entry_list[] = $inner_text;
|
||||||
|
unset($inner_text);
|
||||||
$is_free = true;
|
$is_free = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -391,13 +397,16 @@ function view_user_shifts() {
|
||||||
user_reset_ical_key($user);
|
user_reset_ical_key($user);
|
||||||
|
|
||||||
return msg() . template_render('../templates/user_shifts.html', array (
|
return msg() . template_render('../templates/user_shifts.html', array (
|
||||||
'room_select' => make_select($rooms, $_SESSION['user_shifts']['rooms'], "rooms", "Räume"),
|
'room_select' => make_select($rooms, $_SESSION['user_shifts']['rooms'], "rooms", ucfirst(Get_Text("rooms"))),
|
||||||
'day_select' => make_select($days, $_SESSION['user_shifts']['days'], "days", "Tage"),
|
'day_select' => make_select($days, $_SESSION['user_shifts']['days'], "days", ucfirst(Get_Text("days"))),
|
||||||
'type_select' => make_select($types, $_SESSION['user_shifts']['types'], "types", "Aufgaben"),
|
'type_select' => make_select($types, $_SESSION['user_shifts']['types'], "types", ucfirst(Get_Text("tasks")) . '<sup>1</sup>'),
|
||||||
'filled_select' => make_select($filled, $_SESSION['user_shifts']['filled'], "filled", "Besetzung"),
|
'filled_select' => make_select($filled, $_SESSION['user_shifts']['filled'], "filled", ucfirst(Get_Text("occupancy"))),
|
||||||
|
'task_notice' => '<sup>1</sup>' . Get_Text("pub_schichtplan_tasks_notice"),
|
||||||
'shifts_table' => $shifts_table,
|
'shifts_table' => $shifts_table,
|
||||||
'ical_link' => make_user_shifts_ical_link($user['ical_key']),
|
'ical_text' => sprintf(Get_Text('inc_schicht_ical_text'), make_user_shifts_ical_link($user['ical_key']), page_link_to('user_myshifts') . '&reset'),
|
||||||
'reset_link' => page_link_to('user_myshifts') . '&reset'
|
'header1' => ucfirst(Get_Text("time")) . "/" . ucfirst(Get_Text("room")),
|
||||||
|
'header2' => ucfirst(Get_Text("entries")),
|
||||||
|
'filter' => ucfirst(Get_Text("to_filter")),
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -430,8 +439,8 @@ function make_select($items, $selected, $name, $title = null) {
|
||||||
$html .= implode("\n", $html_items);
|
$html .= implode("\n", $html_items);
|
||||||
$html .= '</ul>' . "\n";
|
$html .= '</ul>' . "\n";
|
||||||
$html .= buttons(array (
|
$html .= buttons(array (
|
||||||
button("javascript: check_all('selection_" . $name . "')", "Alle", ""),
|
button("javascript: check_all('selection_" . $name . "')", Get_Text("all"), ""),
|
||||||
button("javascript: uncheck_all('selection_" . $name . "')", "Keine", "")
|
button("javascript: uncheck_all('selection_" . $name . "')", Get_Text("none"), "")
|
||||||
));
|
));
|
||||||
$html .= '</div>' . "\n";
|
$html .= '</div>' . "\n";
|
||||||
return $html;
|
return $html;
|
||||||
|
|
|
@ -28,15 +28,40 @@ function load_auth() {
|
||||||
$privileges = isset ($user) ? privileges_for_user($user['UID']) : privileges_for_group(-1);
|
$privileges = isset ($user) ? privileges_for_user($user['UID']) : privileges_for_group(-1);
|
||||||
}
|
}
|
||||||
|
|
||||||
function PassCrypt($passwort) {
|
// generate a salt (random string) of arbitrary length suitable for the use with crypt()
|
||||||
global $crypt_system;
|
function generate_salt($length = 16) {
|
||||||
|
$alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
|
||||||
switch ($crypt_system) {
|
$salt = "";
|
||||||
case "crypt" :
|
for ($i = 0; $i < $length; $i++) {
|
||||||
return "{crypt}" . crypt($passwort, "77");
|
$salt .= $alphabet[rand(0, strlen($alphabet)-1)];
|
||||||
case "md5" :
|
|
||||||
return md5($passwort);
|
|
||||||
}
|
}
|
||||||
|
return $salt;
|
||||||
|
}
|
||||||
|
|
||||||
|
// set the password of a user
|
||||||
|
function set_password($uid, $password) {
|
||||||
|
$res = sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "' WHERE `UID` = " . intval($uid) . " LIMIT 1");
|
||||||
|
return $res && (mysql_affected_rows() > 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
// verify a password given a precomputed salt.
|
||||||
|
// if $uid is given and $salt is an old-style salt (plain md5), we convert it automatically
|
||||||
|
function verify_password($password, $salt, $uid = false) {
|
||||||
|
$correct = false;
|
||||||
|
if (substr($salt, 0, 1) == '$') // new-style crypt()
|
||||||
|
$correct = crypt($password, $salt) == $salt;
|
||||||
|
elseif (substr($salt, 0, 7) == '{crypt}') // old-style crypt() with DES and static salt - not used anymore
|
||||||
|
$correct = crypt($password, '77') == $salt;
|
||||||
|
elseif (strlen($salt) == 32) // old-style md5 without salt - not used anymore
|
||||||
|
$correct = md5($password) == $salt;
|
||||||
|
|
||||||
|
if($correct && substr($salt, 0, strlen(CRYPT_ALG)) != CRYPT_ALG && $uid) {
|
||||||
|
// this password is stored in another format than we want it to be.
|
||||||
|
// let's update it!
|
||||||
|
// we duplicate the query from the above set_password() function to have the extra safety of checking the old hash
|
||||||
|
sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt() . '$')) . "' WHERE `UID` = " . intval($uid) . " AND `Passwort` = '" . sql_escape($salt) . "' LIMIT 1");
|
||||||
|
}
|
||||||
|
return $correct;
|
||||||
}
|
}
|
||||||
|
|
||||||
// JSON Authorisierungs-Schnittstelle
|
// JSON Authorisierungs-Schnittstelle
|
||||||
|
@ -50,11 +75,12 @@ function json_auth_service() {
|
||||||
$SourceOuth = $_REQUEST['so'];
|
$SourceOuth = $_REQUEST['so'];
|
||||||
|
|
||||||
if (isset ($CurrentExternAuthPass) && $SourceOuth == $CurrentExternAuthPass) {
|
if (isset ($CurrentExternAuthPass) && $SourceOuth == $CurrentExternAuthPass) {
|
||||||
$sql = "SELECT * FROM `User` WHERE `Nick`='" . sql_escape($User) . "'";
|
$sql = "SELECT `UID`, `Passwort` FROM `User` WHERE `Nick`='" . sql_escape($User) . "'";
|
||||||
$Erg = sql_query($sql);
|
$Erg = sql_select($sql);
|
||||||
|
|
||||||
if (mysql_num_rows($Erg) == 1) {
|
if (count($Erg) == 1) {
|
||||||
if (mysql_result($Erg, 0, "Passwort") == PassCrypt($Pass)) {
|
$Erg = $Erg[0];
|
||||||
|
if (verify_password($Pass, $Erg["Passwort"], $Erg["UID"])) {
|
||||||
$UID = mysql_result($Erg, 0, "UID");
|
$UID = mysql_result($Erg, 0, "UID");
|
||||||
|
|
||||||
$user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($UID) . ";");
|
$user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($UID) . ";");
|
||||||
|
|
|
@ -17,11 +17,16 @@ $DISPLAY_NEWS = 6;
|
||||||
// Anzahl Stunden bis zum Austragen eigener Schichten
|
// Anzahl Stunden bis zum Austragen eigener Schichten
|
||||||
$LETZTES_AUSTRAGEN=3;
|
$LETZTES_AUSTRAGEN=3;
|
||||||
|
|
||||||
//Setzt den zu verwendenden Crypto algorismis
|
// Setzt den zu verwendenden Crypto-Algorismus (entsprechend der Dokumentation von crypt()).
|
||||||
// mp5 oder crypt
|
// Falls ein Benutzerpasswort in einem anderen Format gespeichert ist,
|
||||||
// achtung crypt schaltet password ändern ab
|
// wird es bei der ersten Benutzung des Klartext-Passworts in das neue Format
|
||||||
$crypt_system="md5";
|
// konvertiert.
|
||||||
//$crypt_system="crypt";
|
//define('CRYPT_ALG', '$1'); // MD5
|
||||||
|
//define('CRYPT_ALG', '$2y$13'); // Blowfish
|
||||||
|
//define('CRYPT_ALG', '$5$rounds=5000'); // SHA-256
|
||||||
|
define('CRYPT_ALG', '$6$rounds=5000'); // SHA-512
|
||||||
|
|
||||||
|
define('MIN_PASSWORD_LENGTH', 8);
|
||||||
|
|
||||||
// Wenn Engel beim Registrieren oder in ihrem Profil eine T-Shirt Größe angeben sollen, auf true setzen:
|
// Wenn Engel beim Registrieren oder in ihrem Profil eine T-Shirt Größe angeben sollen, auf true setzen:
|
||||||
$enable_tshirt_size = false;
|
$enable_tshirt_size = false;
|
||||||
|
|
|
@ -1,10 +1,5 @@
|
||||||
<p>
|
<p>
|
||||||
Hier sind Deine Schichten.
|
%intro%
|
||||||
<br/>
|
|
||||||
Versuche bitte <b>15 Minuten</b>
|
|
||||||
vor Schichtbeginn anwesend zu sein!
|
|
||||||
<br/>
|
|
||||||
Du kannst Dich %h% Stunden vor Schichtbeginn noch aus Schichten wieder austragen.
|
|
||||||
</p>
|
</p>
|
||||||
%msg%
|
%msg%
|
||||||
<table>
|
<table>
|
||||||
|
@ -37,7 +32,5 @@
|
||||||
<hr />
|
<hr />
|
||||||
<h2>iCal Export</h2>
|
<h2>iCal Export</h2>
|
||||||
<p>
|
<p>
|
||||||
Zum abonnieren in Deiner Kalender-Software benutze folgenden öffentlichen Link (daher bitte geheimhalten, im Notfall Deinen <a href="%reset_link%">Key zurücksetzen</a>):
|
%ical_text%
|
||||||
<br/>
|
|
||||||
<a href="%ical_link%">%ical_link%</a>
|
|
||||||
</p>
|
</p>
|
||||||
|
|
|
@ -5,7 +5,8 @@
|
||||||
%type_select%
|
%type_select%
|
||||||
%day_select%
|
%day_select%
|
||||||
%filled_select%
|
%filled_select%
|
||||||
<input class="button" type="submit" style="width: 100%;" value="Filtern">
|
<div>%task_notice%</div>
|
||||||
|
<input class="button" type="submit" style="width: 100%;" value="%filter%">
|
||||||
</fieldset>
|
</fieldset>
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
|
@ -13,10 +14,10 @@
|
||||||
<thead>
|
<thead>
|
||||||
<tr>
|
<tr>
|
||||||
<th>
|
<th>
|
||||||
Zeit/Raum
|
%header1%
|
||||||
</th>
|
</th>
|
||||||
<th>
|
<th>
|
||||||
Einträge
|
%header2%
|
||||||
</th>
|
</th>
|
||||||
</tr>
|
</tr>
|
||||||
</thead>
|
</thead>
|
||||||
|
@ -26,7 +27,5 @@
|
||||||
</table>
|
</table>
|
||||||
<h2>iCal Export</h2>
|
<h2>iCal Export</h2>
|
||||||
<p>
|
<p>
|
||||||
Zum abonnieren in Deiner Kalender-Software benutze folgenden öffentlichen Link (daher bitte geheimhalten, im Notfall Deinen <a href="%reset_link%">Key zurücksetzen</a>):
|
%ical_text%
|
||||||
<br/>
|
|
||||||
<a href="%ical_link%">%ical_link%</a>
|
|
||||||
</p>
|
</p>
|
||||||
|
|
Loading…
Reference in New Issue