Merge branch 'master' into spezial_includes

DB/Sprache.sql

@@ -96,8 +96,8 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('33', 'DE', 'Sprache
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('33', 'EN', 'Language is saved. On the next page it will be active.');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('34', 'DE', 'Avatar wurde gesetzt.');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('34', 'EN', 'Avatar is saved.');
-INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'DE', '<b>Neue Anfrage:</b>\r\nIn diesem Formular hast du die Möglichkeit, den Erzengeln eine Frage zu stellen. Wenn diese beantwortet ist, wirst du hier darüber informiert. Sollte die Frage von allgemeinem Interesse sein, wird diese in die Engel-FAQ übernommen.');
+INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'DE', 'Neue Anfrage In diesem Formular hast du die Möglichkeit, den Erzengeln eine Frage zu stellen. Wenn diese beantwortet ist, wirst du hier darüber informiert. Sollte die Frage von allgemeinem Interesse sein, wird diese in die Engel-FAQ übernommen.');
-INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'EN', '<b>New Question</b>\r\nWith this form you may sumbit questions to our Archangels. Topics of common interest may be added to the FAQ. (Section: answered questions).\r\n');
+INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'EN', 'New Question With this form you may sumbit questions to our Archangels. Topics of common interest may be added to the FAQ. (Section: answered questions).\r\n');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('36', 'DE', 'Stelle hier deine Frage');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('36', 'EN', 'Tell us your question');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('37', 'DE', 'Deine Anfrage war:');
@@ -325,8 +325,8 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_aktive_Active',
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_add_TextFor', 'EN', 'text for shift');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_add_WriteOK', 'EN', 'Now, you signed up for this shift. Thank you for your cooperation.');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_add_Text1', 'EN', 'Here you can sign up for a shift. As commend can you write what you want, it is only for you.');
-INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'DE', '&lt;h1&gt;Fehler&lt;/h1&gt;\r\n&Uuml;berschneidung von Schichten:');
+INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'DE', 'Fehler &Uuml;berschneidung von Schichten:');
-INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'EN', '&lt;h1&gt;error&lt;/h1&gt;\r\noverlap on shift:');
+INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'EN', 'error noverlap on shift:');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schicht_EmptyShifts', 'DE', 'Die n&auml;chsten 15 freien Schichten:');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schicht_EmptyShifts', 'EN', 'The next 15 empty shifts:');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('inc_schicht_date', 'DE', 'Datum');

includes/UserCVS.php

@@ -50,4 +50,53 @@ if( $DEBUG )
 	
 }
 
+function funktion_isLinkAllowed( $PageName)
+{
+        global $_SESSION;
+
+	// separate page parameter
+	$ParameterPos = strpos( $PageName, ".php?");
+	if( $ParameterPos === FALSE)
+	{
+		$pName = $PageName;
+	}
+	else
+	{
+		$pName = substr( $PageName, 0, $ParameterPos + 4);
+	}
+	
+	// check rights
+	if( (isset( $_SESSION['CVS'][ $pName ]) === TRUE) &&
+	    ($_SESSION['CVS'][ $pName ] == "Y") )
+	{
+		return TRUE;
+	}
+
+	return FALSE;
+}
+
+function funktion_isLinkAllowed_addLink_OrLinkText( $PageName, $LinkText)
+{
+        global $url, $ENGEL_ROOT;
+
+	if( funktion_isLinkAllowed( $PageName) === TRUE)
+	{
+		return "<a href=\"". $url. $ENGEL_ROOT. $PageName. "\">". $LinkText. "</a>";
+	}
+	
+	return $LinkText;
+}
+
+function funktion_isLinkAllowed_addLink_OrEmpty( $PageName, $LinkText)
+{
+        global $url, $ENGEL_ROOT;
+
+	if( funktion_isLinkAllowed( $PageName) === TRUE)
+	{
+		return "<a href=\"". $url. $ENGEL_ROOT. $PageName. "\">". $LinkText. "</a>";
+	}
+
+	return "";
+}
+
 ?>

includes/funktion_activeUser.php

@@ -39,11 +39,9 @@ for( $i=0; $i<mysql_num_rows($Erg); $i++)
 	if( $_SESSION['UID']>0 )
 		echo DisplayAvatar( mysql_result( $Erg, $i, "UID"));
 	// Schow Admin Page
-	if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" )
+	echo funktion_isLinkAllowed_addLink_OrLinkText(
-		echo " <a href=\"./../admin/userChangeNormal.php?enterUID=". mysql_result( $Erg, $i, "UID"). "&Type=Normal\">". 
+		"admin/userChangeNormal.php?enterUID=". mysql_result( $Erg, $i, "UID"). "&Type=Normal",
-			mysql_result( $Erg, $i, "Nick"). "</a>";
+		mysql_result( $Erg, $i, "Nick"));
-	else
-		echo mysql_result( $Erg, $i, "Nick");
 
 	$Tlog =	(substr( mysql_result( $Erg, $i, "lastLogIn"),  8, 2) * 60 * 60 * 24) +	// Tag
 		(substr( mysql_result( $Erg, $i, "lastLogIn"), 11, 2) * 60 * 60) +	// Stunde

includes/funktion_schichtplan.php

@@ -18,11 +18,9 @@ function ausgabe_Feld_Inhalt( $SID, $Man )
 	///////////////////////////////////////////////////////////////////
 	// Schow Admin Page
 	///////////////////////////////////////////////////////////////////
-	if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" )
+	$Spalten.=funktion_isLinkAllowed_addLink_OrEmpty( 
-	{
+		"admin/schichtplan.php?action=change&SID=$SID",
-		$Spalten.= "<a href=\"./../admin/schichtplan.php?action=change&SID=$SID\">edit</a><br>\n\t\t";
+		"edit<br>\n\t\t");
-	}
-	
 
 	///////////////////////////////////////////////////////////////////
   	// Ausgabe des Schischtnamens
@@ -104,28 +102,30 @@ function ausgabe_Feld_Inhalt( $SID, $Man )
 			
 			foreach( $TempValue["Engel"] as $TempEngelEntry=> $TempEngelID )
 			{
-				if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" )
+				if( funktion_isLinkAllowed( "admin/user.php") === TRUE)
-					$Spalten.= " <a href=\"./../admin/userChangeNormal.php?enterUID=$TempEngelID&Type=Normal\">"; 
-
-				if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" )
 				{
-					if( UIDgekommen( $TempEngelID ) == "1")
+					// add color, wenn Engel "Gekommen"
-	      					$Spalten.= "&nbsp;&nbsp;<span style=\"color: blue;\">".
+	      				$TempText= 
-							   UID2Nick( $TempEngelID ).
+						((UIDgekommen( $TempEngelID ) == "1")
-      							   ($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): "").
+							? "<span style=\"color: blue;\">"
-							   "</span><br>\n\t\t";
+							: "<span style=\"color: red;\">").
-					else
+						UID2Nick( $TempEngelID). "</span>";
-      						$Spalten.= "&nbsp;&nbsp;<span style=\"color: red;\">". 
-							   UID2Nick( $TempEngelID ).
-      							   ($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): "").
-							   "</span><br>\n\t\t";
 				}
 				else
-      					$Spalten.= "&nbsp;&nbsp;". UID2Nick( $TempEngelID ).
+				{
-      						   ($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): "").
+					$TempText = UID2Nick( $TempEngelID );
-						   "<br>\n\t\t";
+				}
-				if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" )
+				
-					$Spalten.= " </a>"; 
+				// add link to user
+				$TempText= funktion_isLinkAllowed_addLink_OrLinkText(
+					"admin/userChangeNormal.php?enterUID=$TempEngelID&Type=Normal",
+					$TempText);
+				
+				$Spalten.= "&nbsp;&nbsp;". $TempText.
+						( ($_GET["Icon"]==1) ? DisplayAvatar( $TempEngelID): "").
+						"<br>\n\t\t";
+
+
 			}
 			$Spalten = substr( $Spalten, 0, strlen($Spalten)-7 );
 		  }
@@ -205,13 +205,17 @@ function CreateRoomShifts( $raum )
 	$ErgSonder = mysql_query($SQLSonder, $con);
 	if( (mysql_num_rows( $ErgSonder) > 1) )
 	{
-		if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" )
+		if( funktion_isLinkAllowed( "admin/schichtplan.php") === TRUE )
 		{
 			echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> ";
-			echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". mysql_result($ErgSonder, 0, "SID"). "\">".
+			for( $i=0; $i<mysql_num_rows( $ErgSonder); $i++)
-				mysql_result($ErgSonder, 0, "DateS"). 
+			{
-				" '". mysql_result($ErgSonder, 0, "Man")."' (RID $raum) (00-24)".
+				echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". 
-				"</a><br>\n\t\t";
+					mysql_result($ErgSonder, $i, "SID"). "\">".
+					mysql_result($ErgSonder, $i, "DateS"). 
+					" '". mysql_result($ErgSonder, $i, "Man")."' (RID $raum) (00-24)".
+					"</a><br>\n\t\t";
+			}
 		}
 	}
 	elseif( (mysql_num_rows( $ErgSonder) == 1) )
@@ -236,13 +240,17 @@ function CreateRoomShifts( $raum )
 	$ErgSonder = mysql_query($SQLSonder, $con);
 	if( (mysql_num_rows( $ErgSonder) > 1) )
 	{
-		if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" )
+		if( funktion_isLinkAllowed( "admin/schichtplan.php") === TRUE )
 		{
 			echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> ";
-			echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". mysql_result($ErgSonder, 0, "SID"). "\">".
+			for( $i=0; $i<mysql_num_rows( $ErgSonder); $i++)
-				mysql_result($ErgSonder, 0, "DateS"). 
+			{
-				" '". mysql_result($ErgSonder, 0, "Man")."' (RID $raum) (00-xx)".
+				echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". 
-				"</a><br>\n\t\t";
+					mysql_result($ErgSonder, $i, "SID"). "\">".
+					mysql_result($ErgSonder, $i, "DateS"). 
+					" '". mysql_result($ErgSonder, $i, "Man")."' (RID $raum) (00-xx)".
+					"</a><br>\n\t\t";
+			}
 		}
 	}
 	elseif( (mysql_num_rows( $ErgSonder) == 1) )
@@ -297,10 +305,12 @@ function CreateRoomShifts( $raum )
 		}
 		else
 		{
-			echo Get_Text("pub_schichtplan_colision"). " ".
+			echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> ";
+			echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". 
+				mysql_result($Erg, $i, "SID"). "\">".
 				mysql_result($Erg, $i, "DateS"). 
 				" '". mysql_result($Erg, $i, "Man"). "' ".
-				" (".  mysql_result($Erg, $i, "SID"). " R$raum) (xx-xx)<br><br>";
+				" (".  mysql_result($Erg, $i, "SID"). " R$raum) (xx-xx)</a><br><br>";
 		}
 	}
 	if( $ZeitZeiger < 24 )

includes/funktion_xml_schudle.php

@@ -259,7 +259,7 @@ foreach($XMLmain->sub as $EventKey => $Event)
 		}
 		else
 		{
-			echo "\t<td><a href=\"./schichtplan.php?action=change&SID=$SIDDB\">edit</a></td>\n";
+			echo "\t<td>". funktion_isLinkAllowed_addLink_OrLinkText("admin/schichtplan.php?action=change&SID=".$SIDDB, "edit"). "</td>\n";
 			$DS_OK++;
 		}
 		echo "\t</tr>\n";
@@ -299,7 +299,8 @@ if(mysql_num_rows($Erg2)>0 && $EnableSchudleDB )
 			   "<input name=\"LenDB\" type=\"text\" value=\"$Len\" size=\"1\"readonly></td>\n";
 		echo "\t<td><input name=\"ManXML\" type=\"text\" value=\"\" size=\"40\"readonly>\n\t\t".
 			   "<input name=\"ManDB\" type=\"text\" value=\"$Man\" size=\"40\"readonly></td>\n";
-		echo "\t<td><a href=\"./schichtplan.php?action=change&SID=$SID\">edit</a></td>\n";
+		echo "\t<td>". funktion_isLinkAllowed_addLink_OrLinkText( "admin/schichtplan.php?action=change&SID=".$SID, "edit"). 
+				"</td>\n";
 		echo "\t<tr>\n";
 	}
 echo "</table>";

www-ssl/admin/user.php

@@ -88,12 +88,16 @@ if (!IsSet($_GET["enterUID"]))
 		echo "\t<td>".mysql_result($Erg, $n, "Aktiv")."</td>\n";
 		$Tshirt += mysql_result($Erg, $n, "Tshirt");
 		echo "\t<td>".mysql_result($Erg, $n, "Tshirt")."</td>\n";
-		echo "\t<td><a href=\"./userChangeNormal.php?enterUID=".
+		echo "\t<td>". funktion_isLinkAllowed_addLink_OrEmpty( 
-			mysql_result($Erg, $n, "UID")."&Type=Normal\">&Auml;nd.</a></td>\n";
+				"admin/userChangeNormal.php?enterUID=". 
-		echo "\t<td>";
+					mysql_result($Erg, $n, "UID")."&Type=Normal",
-		
+				"&Auml;nd.").
-		echo "<a href=\"./userChangeSecure.php?enterUID=".
+			"</td>\n";
-			mysql_result($Erg, $n, "UID")."&Type=Secure\">Secure</a></td>\n";
+		echo "\t<td>". funktion_isLinkAllowed_addLink_OrEmpty( 
+				"admin/userChangeSecure.php?enterUID=". 
+					mysql_result($Erg, $n, "UID")."&Type=Secure",
+				"Secure").
+			"</td>\n";
 		echo "</tr>\n";
 	}
 	echo "<tr>".