iger
/
engelsystem
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

#44 angeltypes recreated

This commit is contained in:
Philip Häusler 2011-12-21 23:18:57 +01:00
parent def9532d6b
commit ce7f071c38
19 changed files with 110 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
includes/pages/admin_active.php
View File

@ -15,7 +15,7 @@ function admin_active() {
$count = strip_request_item('count');
else {
$ok = false;
$msg .= error("Please enter a number of angels to be marked as active.");
$msg .= error("Please enter a number of angels to be marked as active.", true);
}
if ($ok)
@ -27,7 +27,7 @@ function admin_active() {
sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`=" . sql_escape($usr['UID']));
$limit = "";
$msg = success("Marked angels.");
$msg = success("Marked angels.", true);
} else {
$set_active = '<a href="' . page_link_to('admin_active') . '&amp;serach=' . $search . '">&laquo; back</a> | <a href="' . page_link_to('admin_active') . '&amp;search=' . $search . '&amp;count=' . $count . '&amp;set_active&amp;ack">apply</a>';
}
@ -36,22 +36,22 @@ function admin_active() {
if (isset ($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) {
$id = $_REQUEST['active'];
sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$msg = success("Angel has been marked as active.");
$msg = success("Angel has been marked as active.", true);
}
elseif (isset ($_REQUEST['not_active']) && preg_match("/^[0-9]+$/", $_REQUEST['not_active'])) {
$id = $_REQUEST['not_active'];
sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$msg = success("Angel has been marked as not active.");
$msg = success("Angel has been marked as not active.", true);
}
elseif (isset ($_REQUEST['tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['tshirt'])) {
$id = $_REQUEST['tshirt'];
sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$msg = success("Angel has got a t-shirt.");
$msg = success("Angel has got a t-shirt.", true);
}
elseif (isset ($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['not_tshirt'])) {
$id = $_REQUEST['not_tshirt'];
sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$msg = success("Angel has got no t-shirt.");
$msg = success("Angel has got no t-shirt.", true);
}
$users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit);

4
includes/pages/admin_arrive.php
View File

@ -8,12 +8,12 @@ function admin_arrive() {
if (isset ($_REQUEST['reset']) && preg_match("/^[0-9]*$/", $_REQUEST['reset'])) {
$id = $_REQUEST['reset'];
sql_query("UPDATE `User` SET `Gekommen`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$msg = success("Reset done. Angel has not arrived.");
$msg = success("Reset done. Angel has not arrived.", true);
}
elseif (isset ($_REQUEST['arrived']) && preg_match("/^[0-9]*$/", $_REQUEST['arrived'])) {
$id = $_REQUEST['arrived'];
sql_query("UPDATE `User` SET `Gekommen`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$msg = success("Angel has been marked as arrived.");
$msg = success("Angel has been marked as arrived.", true);
}
$users = sql_select("SELECT * FROM `User` ORDER BY `Nick`");

47
includes/pages/admin_faq.php
View File

@ -4,14 +4,7 @@ function admin_faq() {
$faqs_html = "";
$faqs = sql_select("SELECT * FROM `FAQ`");
foreach ($faqs as $faq) {
$faqs_html .= sprintf(
'<tr><td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>'
. '<td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>'
. '<td><a href="%s&action=edit&id=%s">Edit</a></td></tr>',
$faq['Frage_de'], $faq['Antwort_de'],
$faq['Frage_en'], $faq['Antwort_en'],
page_link_to('admin_faq'), $faq['FID']
);
$faqs_html .= sprintf('<tr><td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>' . '<td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>' . '<td><a href="%s&action=edit&id=%s">Edit</a></td></tr>', $faq['Frage_de'], $faq['Antwort_de'], $faq['Frage_en'], $faq['Antwort_en'], page_link_to('admin_faq'), $faq['FID']);
}
return template_render('../templates/admin_faq.html', array (
'link' => page_link_to("admin_faq"),
@ -20,17 +13,12 @@ function admin_faq() {
} else {
switch ($_REQUEST['action']) {
case 'create' :
$frage = strip_request_item_nl('frage');
$antwort = strip_request_item_nl('antwort');
$frage = strip_request_item_nl('frage');
$antwort = strip_request_item_nl('antwort');
$question = strip_request_item_nl('question');
$answer = strip_request_item_nl('answer');
$answer = strip_request_item_nl('answer');
sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage)
. "', `Frage_en`='" . sql_escape($question)
. "', `Antwort_de`='" . sql_escape($antwort)
. "', `Antwort_en`='" . sql_escape($answer)
. "'"
);
sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "'");
header("Location: " . page_link_to("admin_faq"));
break;
@ -39,34 +27,29 @@ function admin_faq() {
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing FAQ ID.");
return error("Incomplete call, missing FAQ ID.", true);
$faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
if (count($faq) > 0) {
list ($faq) = $faq;
$frage = strip_request_item_nl('frage');
$antwort = strip_request_item_nl('antwort');
$frage = strip_request_item_nl('frage');
$antwort = strip_request_item_nl('antwort');
$question = strip_request_item_nl('question');
$answer = strip_request_item_nl('answer');
$answer = strip_request_item_nl('answer');
sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage)
. "', `Frage_en`='" . sql_escape($question)
. "', `Antwort_de`='" . sql_escape($antwort)
. "', `Antwort_en`='" . sql_escape($answer)
. "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1"
);
sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("admin_faq"));
} else
return error("No FAQ found.");
return error("No FAQ found.", true);
break;
case 'edit' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing FAQ ID.");
return error("Incomplete call, missing FAQ ID.", true);
$faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
if (count($faq) > 0) {
@ -81,14 +64,14 @@ function admin_faq() {
'answer' => $faq['Antwort_en']
));
} else
return error("No FAQ found.");
return error("No FAQ found.", true);
break;
case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing FAQ ID.");
return error("Incomplete call, missing FAQ ID.", true);
$faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
if (count($faq) > 0) {
@ -97,7 +80,7 @@ function admin_faq() {
sql_query("DELETE FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("admin_faq"));
} else
return error("No FAQ found.");
return error("No FAQ found.", true);
break;
}
}

8
includes/pages/admin_groups.php
View File

@ -36,7 +36,7 @@ function admin_groups() {
if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Groups ID.");
return error("Incomplete call, missing Groups ID.", true);
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
if (count($room) > 0) {
@ -62,14 +62,14 @@ function admin_groups() {
'privileges' => $privileges_html
));
} else
return error("No Group found.");
return error("No Group found.", true);
break;
case 'save' :
if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Groups ID.");
return error("Incomplete call, missing Groups ID.", true);
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
if (!is_array($_REQUEST['privileges']))
@ -82,7 +82,7 @@ function admin_groups() {
sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
header("Location: " . page_link_to("admin_groups"));
} else
return error("No Group found.");
return error("No Group found.", true);
break;
}
}

12
includes/pages/admin_import.php
View File

@ -26,7 +26,7 @@ function admin_import() {
fclose($test_handle);
unlink('../import/tmp');
} else {
$msg = error("Webserver has no write-permission on import directory.");
$msg = error("Webserver has no write-permission on import directory.", true);
}
if (isset ($_REQUEST['submit'])) {
@ -36,7 +36,7 @@ function admin_import() {
if (!$fp) {
$ok = false;
$msg = error("File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_REQUEST["url"] . "' not readable!" . "[$errstr ($errno)]");
$msg = error("File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_REQUEST["url"] . "' not readable!" . "[$errstr ($errno)]", true);
} else {
$fileOut = fopen($import_file, "w");
$head = 'GET /' . $PentabarfXMLpath . $_REQUEST["url"] . ' HTTP/1.1' . "\r\n" .
@ -75,7 +75,7 @@ function admin_import() {
}
fclose($fileOut);
fclose($fp);
$msg .= success("Es wurden $Zeilen Zeilen eingelesen.");
$msg .= success("Es wurden $Zeilen Zeilen eingelesen.", true);
}
}
elseif (isset ($_FILES['xcal_file']) && ($_FILES['xcal_file']['error'] == 0)) {
@ -83,16 +83,16 @@ function admin_import() {
libxml_use_internal_errors(true);
if (simplexml_load_file($import_file) === false) {
$ok = false;
$msg = error("No valid xml/xcal file provided.");
$msg = error("No valid xml/xcal file provided.", true);
unlink($import_file);
}
} else {
$ok = false;
$msg = error("File upload went wrong.");
$msg = error("File upload went wrong.", true);
}
} else {
$ok = false;
$msg = error("Please provide some data.");
$msg = error("Please provide some data.", true);
}
}

4
includes/pages/admin_language.php
View File

@ -86,7 +86,7 @@ function admin_language() {
$html .= $sql_save . "<br />";
$Erg = sql_query($sql_save);
$html .= success("$k Save: OK<br />\n");
$html .= success("$k Save: OK<br />\n", true);
} else
if (mysql_result($erg_test, 0, "Text") != $v) {
$sql_save = "UPDATE `Sprache` SET `Text`='"
@ -97,7 +97,7 @@ function admin_language() {
$html .= $sql_save . "<br />";
$Erg = sql_query($sql_save);
$html .= success(" $k Update: OK<br />\n");
$html .= success(" $k Update: OK<br />\n", true);
} else
$html .= "\t $k no changes<br />\n";
}

12
includes/pages/admin_news.php
View File

@ -11,7 +11,7 @@ function admin_news() {
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing News ID.");
return error("Incomplete call, missing News ID.", true);
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($news) > 0) {
@ -45,14 +45,14 @@ function admin_news() {
$html .= "<input type=\"submit\" name=\"submit\" value=\"Löschen\">\n";
$html .= "</form>";
} else
return error("No News found.");
return error("No News found.", true);
break;
case 'save' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing News ID.");
return error("Incomplete call, missing News ID.", true);
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($news) > 0) {
@ -62,14 +62,14 @@ function admin_news() {
"', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1");
header("Location: " . page_link_to("news"));
} else
return error("No News found.");
return error("No News found.", true);
break;
case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing News ID.");
return error("Incomplete call, missing News ID.", true);
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($news) > 0) {
@ -78,7 +78,7 @@ function admin_news() {
sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("news"));
} else
return error("No News found.");
return error("No News found.", true);
break;
}
}

10
includes/pages/admin_questions.php
View File

@ -52,7 +52,7 @@ function admin_questions() {
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Question ID.");
return error("Incomplete call, missing Question ID.", true);
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
if (count($question) > 0 && $question[0]['AID'] == "0") {
@ -62,22 +62,22 @@ function admin_questions() {
sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("admin_questions"));
} else
return error("Gib eine Antwort ein!");
return error("Gib eine Antwort ein!", true);
} else
return error("No question found.");
return error("No question found.", true);
break;
case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Question ID.");
return error("Incomplete call, missing Question ID.", true);
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
if (count($question) > 0) {
sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("admin_questions"));
} else
return error("No question found.");
return error("No question found.", true);
break;
}
}

12
includes/pages/admin_rooms.php
View File

@ -58,7 +58,7 @@ function admin_rooms() {
if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
$rid = $_REQUEST['RID'];
else
return error("Incomplete call, missing Room ID.");
return error("Incomplete call, missing Room ID.", true);
$room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
if (count($room) > 0) {
@ -89,14 +89,14 @@ function admin_rooms() {
'angel_types' => $angel_types
));
} else
return error("No Room found.");
return error("No Room found.", true);
break;
case 'changesave' :
if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
$rid = $_REQUEST['RID'];
else
return error("Incomplete call, missing Room ID.");
return error("Incomplete call, missing Room ID.", true);
$room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
if (count($room) > 0) {
@ -119,21 +119,21 @@ function admin_rooms() {
}
header("Location: " . page_link_to("admin_rooms"));
} else
return error("No Room found.");
return error("No Room found.", true);
break;
case 'delete' :
if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
$rid = $_REQUEST['RID'];
else
return error("Incomplete call, missing Room ID.");
return error("Incomplete call, missing Room ID.", true);
if (sql_num_query("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1") > 0) {
sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($rid) . " LIMIT 1");
header("Location: " . page_link_to("admin_rooms"));
} else
return error("No Room found.");
return error("No Room found.", true);
break;
}

24
includes/pages/admin_shifts.php
View File

@ -36,26 +36,26 @@ function admin_shifts() {
else {
$ok = false;
$rid = $rooms[0]['RID'];
$msg .= error("Wähle bitte einen Raum aus.");
$msg .= error("Wähle bitte einen Raum aus.", true);
}
if (isset ($_REQUEST['start']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['start'])))
$start = $tmp->getTimestamp();
else {
$ok = false;
$msg .= error("Bitte gib einen Startzeitpunkt für die Schichten an.");
$msg .= error("Bitte gib einen Startzeitpunkt für die Schichten an.", true);
}
if (isset ($_REQUEST['end']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['end'])))
$end = $tmp->getTimestamp();
else {
$ok = false;
$msg .= error("Bitte gib einen Endzeitpunkt für die Schichten an.");
$msg .= error("Bitte gib einen Endzeitpunkt für die Schichten an.", true);
}
if ($start >= $end) {
$ok = false;
$msg .= error("Das Ende muss nach dem Startzeitpunkt liegen!");
$msg .= error("Das Ende muss nach dem Startzeitpunkt liegen!", true);
}
if (isset ($_REQUEST['mode'])) {
@ -68,7 +68,7 @@ function admin_shifts() {
$length = trim($_REQUEST['length']);
} else {
$ok = false;
$msg .= error("Bitte gib eine Schichtlänge in Minuten an.");
$msg .= error("Bitte gib eine Schichtlänge in Minuten an.", true);
}
}
elseif ($_REQUEST['mode'] == 'variable') {
@ -77,12 +77,12 @@ function admin_shifts() {
$change_hours = explode(",", $_REQUEST['change_hours']);
} else {
$ok = false;
$msg .= error("Bitte gib die Schichtwechsel-Stunden kommagetrennt ein.");
$msg .= error("Bitte gib die Schichtwechsel-Stunden kommagetrennt ein.", true);
}
}
} else {
$ok = false;
$msg .= error("Bitte wähle einen Modus.");
$msg .= error("Bitte wähle einen Modus.", true);
}
if (isset ($_REQUEST['angelmode'])) {
@ -96,20 +96,20 @@ function admin_shifts() {
$needed_angel_types[$type['id']] = trim($_REQUEST['type_' . $type['id']]);
} else {
$ok = false;
$msg .= error("Bitte überprüfe die Eingaben für die benötigten Engel des Typs " . $type['name'] . ".");
$msg .= error("Bitte überprüfe die Eingaben für die benötigten Engel des Typs " . $type['name'] . ".", true);
}
}
if (array_sum($needed_angel_types) == 0) {
$ok = false;
$msg .= error("Es werden 0 Engel benötigt. Bitte wähle benötigte Engel.");
$msg .= error("Es werden 0 Engel benötigt. Bitte wähle benötigte Engel.", true);
}
} else {
$ok = false;
$msg .= error("Bitte Wähle einen Modus für die benötigten Engel.");
$msg .= error("Bitte Wähle einen Modus für die benötigten Engel.", true);
}
} else {
$ok = false;
$msg .= error("Bitte wähle benötigte Engel.");
$msg .= error("Bitte wähle benötigte Engel.", true);
}
// Beim Zurück-Knopf das Formular zeigen
@ -238,7 +238,7 @@ function admin_shifts() {
}
}
$msg = success("Schichten angelegt.");
$msg = success("Schichten angelegt.", true);
} else {
unset ($_SESSION['admin_shifts_shifts']);
unset ($_SESSION['admin_shifts_types']);

16
includes/pages/admin_user.php
View File

@ -165,12 +165,12 @@ function admin_user() {
if (in_array($group, $grouplist))
sql_query("INSERT INTO `UserGroups` SET `uid`=" .
sql_escape($id) . ", `group_id`=" . sql_escape($group));
$html .= success("Benutzergruppen gespeichert.");
$html .= success("Benutzergruppen gespeichert.", true);
} else {
$html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.");
$html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.", true);
}
} else {
$html .= error("Du kannst Deine eigenen Rechte nicht bearbeiten.");
$html .= error("Du kannst Deine eigenen Rechte nicht bearbeiten.", true);
}
break;
@ -179,9 +179,9 @@ function admin_user() {
sql_query("DELETE FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id));
sql_query("UPDATE `ShiftEntry` SET `UID`=0, `Comment`=NULL WHERE `UID`=" . sql_escape($id));
$html .= success("Benutzer gelöscht!");
$html .= success("Benutzer gelöscht!", true);
} else {
$html .= error("Du kannst Dich nicht selber löschen!");
$html .= error("Du kannst Dich nicht selber löschen!", true);
}
break;
@ -204,15 +204,15 @@ function admin_user() {
"WHERE `UID` = '" . sql_escape($id) .
"' LIMIT 1;";
sql_query($SQL);
$html .= success("Änderung wurde gespeichert...\n");
$html .= success("Änderung wurde gespeichert...\n", true);
break;
case 'change_pw' :
if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) {
sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$html .= success("Passwort neu gesetzt.");
$html .= success("Passwort neu gesetzt.", true);
} else {
$html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!");
$html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true);
}
break;
}

7
includes/pages/guest_login.php
View File

@ -3,6 +3,7 @@
// Engel registrieren
function guest_register() {
/*
$nick = "";
$lastname = "";
$prename = "";
@ -27,7 +28,7 @@ function guest_register() {
form_submit('submit', Get_Text("makeuser_Anmelden"))
))
));
*/
global $SubscribeMailinglist, $enable_tshirt_size;
$html = "";
@ -96,7 +97,7 @@ function guest_register() {
}
if (isset ($error))
$html .= error($error);
$html .= error($error, true);
} else {
// init vars
$_POST["Nick"] = "";
@ -252,7 +253,7 @@ function guest_login() {
} // Ende Check, ob User angemeldet wurde}
}
if (isset ($ErrorText))
$html .= error(Get_Text($ErrorText));
$html .= error(Get_Text($ErrorText), true);
$html .= guest_login_form();
return $html;
}

12
includes/pages/user_messages.php
View File

@ -64,28 +64,28 @@ function user_messages() {
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Message ID.");
return error("Incomplete call, missing Message ID.", true);
$message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) {
sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("user_messages"));
} else
return error("No Message found.");
return error("No Message found.", true);
break;
case "delete" :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Message ID.");
return error("Incomplete call, missing Message ID.", true);
$message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) {
sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("user_messages"));
} else
return error("No Message found.");
return error("No Message found.", true);
break;
case "send" :
@ -95,12 +95,12 @@ function user_messages() {
sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'");
header("Location: " . page_link_to("user_messages"));
} else {
return error(Get_Text("pub_messages_Send_Error"));
return error(Get_Text("pub_messages_Send_Error"), true);
}
break;
default :
return error("Wrong action.");
return error("Wrong action.", true);
}
}
}

8
includes/pages/user_myshifts.php
View File

@ -16,12 +16,12 @@ function user_myshifts() {
list ($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
if ($id != $user['UID'])
$msg .= error("Du betrachtest die Schichten von " . $shifts_user['Nick'] . ".");
$msg .= info(sprintf("You are viewing %s's shifts.", $shifts_user['Nick']), true);
if (isset ($_REQUEST['reset'])) {
if ($_REQUEST['reset'] == "ack") {
user_reset_ical_key();
return success("Key geändert.");
return success("Key geändert.", true);
}
return template_render('../templates/user_myshifts_reset.html', array ());
}
@ -55,9 +55,9 @@ function user_myshifts() {
$shift = $shift[0];
if (($shift['start'] - time() < $LETZTES_AUSTRAGEN * 60) || in_array('user_shifts_admin', $privileges)) {
sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
$msg .= success("Du wurdest aus der Schicht ausgetragen.");
$msg .= success("Du wurdest aus der Schicht ausgetragen.", true);
} else
$msg .= error("Es ist zu spät um sich aus der Schicht auszutragen. Frage ggf. einen Orga.'");
$msg .= error("Es ist zu spät um sich aus der Schicht auszutragen. Frage ggf. einen Orga.", true);
} else
header("Location: " . page_link_to('user_myshifts'));
}

4
includes/pages/user_news.php
View File

@ -58,7 +58,7 @@ function user_news_comments() {
if (isset ($_REQUEST["text"])) {
$text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
sql_query("INSERT INTO `news_comments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')");
$html .= success("Eintrag wurde gespeichert");
$html .= success("Eintrag wurde gespeichert", true);
}
$html .= '<a href="' . page_link_to("news") . '">&laquo; Back</a>';
@ -114,7 +114,7 @@ function user_news() {
sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " .
"VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) .
"', '" . sql_escape($_POST["treffen"]) . "');");
$html .= success(Get_Text(4));
$html .= success(Get_Text(4), true);
}
if (isset ($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page']))

6
includes/pages/user_questions.php
View File

@ -29,20 +29,20 @@ function user_questions() {
sql_query("INSERT INTO `Questions` SET `UID`=" . sql_escape($user['UID']) . ", `Question`='" . sql_escape($question) . "'");
header("Location: " . page_link_to("user_questions"));
} else
return error("Gib eine Frage ein!");
return error("Gib eine Frage ein!", true);
break;
case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Question ID.");
return error("Incomplete call, missing Question ID.", true);
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
if (count($question) > 0 && $question[0]['UID'] == $user['UID']) {
sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("user_questions"));
} else
return error("No question found.");
return error("No question found.", true);
break;
}
}

4
includes/pages/user_settings.php
View File

@ -101,10 +101,10 @@ function user_settings() {
sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1");
header("Location: " . page_link_to("user_settings"));
} else {
$html .= error(Get_Text(30));
$html .= error(Get_Text(30), true);
}
} else {
$html .= error(Get_Text(31));
$html .= error(Get_Text(31), true);
}
return $html;
break;

24
includes/pages/user_shifts.php
View File

@ -9,7 +9,7 @@ function user_shifts() {
header("Location: " . page_link_to('user_shifts'));
sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($entry_id) . " LIMIT 1");
return success("Der Schicht-Eintrag wurde gelöscht..");
return success("Der Schicht-Eintrag wurde gelöscht..", true);
}
// Schicht bearbeiten
elseif (isset ($_REQUEST['edit_shift']) && in_array('admin_shifts', $privileges)) {
@ -22,7 +22,7 @@ function user_shifts() {
header("Location: " . page_link_to('user_shifts'));
if (sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1") > 0)
return error("Du kannst nur Schichten bearbeiten, bei denen niemand eingetragen ist.");
return error("Du kannst nur Schichten bearbeiten, bei denen niemand eingetragen ist.", true);
$shift = sql_select("SELECT * FROM `Shifts` JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1");
if (count($shift) == 0)
@ -56,26 +56,26 @@ function user_shifts() {
else {
$ok = false;
$rid = $rooms[0]['RID'];
$msg .= error("Wähle bitte einen Raum aus.");
$msg .= error("Wähle bitte einen Raum aus.", true);
}
if (isset ($_REQUEST['start']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['start'])))
$start = $tmp->getTimestamp();
else {
$ok = false;
$msg .= error("Bitte gib einen Startzeitpunkt für die Schichten an.");
$msg .= error("Bitte gib einen Startzeitpunkt für die Schichten an.", true);
}
if (isset ($_REQUEST['end']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['end'])))
$end = $tmp->getTimestamp();
else {
$ok = false;
$msg .= error("Bitte gib einen Endzeitpunkt für die Schichten an.");
$msg .= error("Bitte gib einen Endzeitpunkt für die Schichten an.", true);
}
if ($start >= $end) {
$ok = false;
$msg .= error("Das Ende muss nach dem Startzeitpunkt liegen!");
$msg .= error("Das Ende muss nach dem Startzeitpunkt liegen!", true);
}
foreach ($types as $type) {
@ -83,12 +83,12 @@ function user_shifts() {
$needed_angel_types[$type['id']] = trim($_REQUEST['type_' . $type['id']]);
} else {
$ok = false;
$msg .= error("Bitte überprüfe die Eingaben für die benötigten Engel des Typs " . $type['name'] . ".");
$msg .= error("Bitte überprüfe die Eingaben für die benötigten Engel des Typs " . $type['name'] . ".", true);
}
}
if (array_sum($needed_angel_types) == 0) {
$ok = false;
$msg .= error("Es werden 0 Engel benötigt. Bitte wähle benötigte Engel.");
$msg .= error("Es werden 0 Engel benötigt. Bitte wähle benötigte Engel.", true);
}
if ($ok) {
@ -96,7 +96,7 @@ function user_shifts() {
sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id));
foreach ($needed_angel_types as $type_id => $count)
sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count));
return success("Schicht gespeichert.");
return success("Schicht gespeichert.", true);
}
}
@ -136,7 +136,7 @@ function user_shifts() {
sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id));
sql_query("DELETE FROM `Shifts` WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1");
return success("Die Schicht wurde gelöscht.");
return success("Die Schicht wurde gelöscht.", true);
}
return template_render('../templates/user_shifts_admin_delete.html', array (
@ -184,11 +184,11 @@ function user_shifts() {
$entries = sql_select("SELECT * FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift['SID']));
foreach ($entries as $entry)
if ($entry['UID'] == $user_id)
return error("This angel does already have an entry for this shift.");
return error("This angel does already have an entry for this shift.", true);
$comment = strip_request_item_nl('comment');
sql_query("INSERT INTO `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "', `UID`=" . sql_escape($user_id) . ", `TID`=" . sql_escape($type_id) . ", `SID`=" . sql_escape($shift_id));
return success("Du bist eingetragen. Danke!") . '<a href="' . page_link_to('user_myshifts') . '">Meine Schichten &raquo;</a>';
return success("Du bist eingetragen. Danke!", true) . '<a href="' . page_link_to('user_myshifts') . '">Meine Schichten &raquo;</a>';
}
if (in_array('user_shifts_admin', $privileges)) {

10
includes/pages/user_wakeup.php
View File

@ -17,23 +17,23 @@ function user_wakeup() {
. sql_escape($date) . "', '" . sql_escape($ort) . "', " . "'"
. sql_escape($bemerkung) . "')";
sql_query($SQL);
$html .= success(Get_Text(4));
$html .= success(Get_Text(4), true);
} else
$html .= error("Broken date!");
$html .= error("Broken date!", true);
break;
case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing wake-up ID.");
return error("Incomplete call, missing wake-up ID.", true);
$wakeup = sql_select("SELECT * FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($wakeup) > 0 && $wakeup[0]['UID'] == $user['UID']) {
sql_query("DELETE FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
$html .= success("Wake-up call deleted.");
$html .= success("Wake-up call deleted.", true);
} else
return error("No wake-up found.");
return error("No wake-up found.", true);
break;
}
}