und noch ein bichen

git-svn-id: svn://svn.cccv.de/engel-system@16 29ba0400-6e00-0410-a75a-ca02368028f8
2005-11-06 16:33:22 +00:00 · 2005-11-06 16:33:22 +00:00 · de656d885e
parent fc58547393
commit de656d885e
9 changed files with 168 additions and 139 deletions
--- a/admin/dect.php
+++ b/admin/dect.php
@ -7,6 +7,9 @@ include ("./inc/header.php");
 include ("./inc/funktion_modem.php");
 if( !isset($_GET["dial"])) $_GET["dial"] = "";
 if( !isset($_GET["custum"])) $_GET["custum"] = "";
 if( $_GET["dial"]=="dial")
 {
 	if( $_GET["DECT"]=="")
--- a/admin/schichtplan.php
+++ b/admin/schichtplan.php
@ -5,7 +5,7 @@ $submenus = 1;
 include ("./inc/header.php");
 include ("./inc/funktion_user.php");
-if (!IsSet($action)) {
+if (!IsSet($_GET["action"])) {
 echo "Hallo ".$_SESSION['Nick'].",<br>\n";
 echo "hier kannst du Schichten anlegen, &auml;ndern oder l&ouml;schen.<br><br>";
 echo "<a href=\"./shiftadd.php\">Neue Schicht einplanen</a><br><br>\n\n";
@ -31,10 +31,13 @@ for( $i = 0; $i < $rowcount; $i++)
 	$sql2= "SELECT `Name` FROM `Room` WHERE `RID`=\"".mysql_result($Erg, $i, "RID")."\"";
 	$Erg2 = mysql_query($sql2, $con);
-	echo "\t\t<td>".mysql_result($Erg2, 0, "Name")."</td>\n";
+	if( mysql_num_rows($Erg2) > 0)
-  
+		echo "\t\t<td>".mysql_result($Erg2, 0, "Name")."</td>\n";
 	else
 		echo "\t\t<td>Unbenkannt (RID=". mysql_result($Erg, $i, "RID"). ")</td>\n";
 	echo "\t\t<td>".mysql_result($Erg, $i, "Len")." Std. </td>\n";
-	echo "\t\t<td><a href=\"./schichtplan.php?action=change&SID=".mysql_result($Erg, $i, "SID")."\">####</a></td>\n";
+	echo "\t\t<td><a href=\"./schichtplan.php?action=change&SID=".
 		mysql_result($Erg, $i, "SID")."\">####</a></td>\n";
 	echo "\t</tr>\n";
 }
 echo "</table>";
@ -45,22 +48,22 @@ echo "</table>";
 // aus sicherheitzgründen wegen späterer genuzung
 UnSet($chSQL);
-switch ($action){
+switch ($_GET["action"]){
 case 'change':
-	if ( !IsSet($SID) ){
+	if ( !IsSet($_GET["SID"]) ){
 		echo "Fehlerhafter Aufruf!\n";
 	} 
 	else 
 	{
-	$sql = "SELECT * FROM `Shifts` WHERE (`SID` = \"$SID\" )";
+	$sql = "SELECT * FROM `Shifts` WHERE (`SID` = \"". $_GET["SID"]. "\" )";
 	$Erg = mysql_query($sql, $con);
        echo "Schicht ab&auml;ndern: <br>\n";
 	// Anzeige Allgemeiner schaischt daten
-        echo "<form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"POST\" >";
+        echo "<form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"GET\" >";
        echo "<table>\n";
        echo "  <tr><td>Schichtbeginn</td>".
 		"<td><input value=\"". mysql_result($Erg, 0, "DateS"). 
@ -88,14 +91,14 @@ case 'change':
 		"\" type=\"text\" size=\"40\" name=\"eName\"></td></tr>\n";
        echo "</table>\n";
-        echo "<input type=\"hidden\" name=\"SID\" value=\"$SID\">\n";
+        echo "<input type=\"hidden\" name=\"SID\" value=\"". $_GET["SID"]. "\">\n";
        echo "<input type=\"hidden\" name=\"action\" value=\"changesave\">\n";
        echo "<input type=\"submit\" value=\"sichern...\">\n";
        echo "</form>\n\n";
 	// Löschen
-	echo "<form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"POST\" >\n";
+	echo "<form action=\"". $_SERVER['SCRIPT_NAME']. "\" method=\"GET\" >\n";
-        echo "<input type=\"hidden\" name=\"SID\" value=\"$SID\">\n";
+        echo "<input type=\"hidden\" name=\"SID\" value=\"". $_GET["SID"]. "\">\n";
        echo "<input type=\"hidden\" name=\"action\" value=\"delete\">\n";
        echo "<input type=\"submit\" value=\"L&ouml;schen...\">\n";
        echo "</form>\n\n";
@ -106,7 +109,7 @@ case 'change':
 	echo "<br><hr>\n\n\n\n";
 	//Freie Engelschichten
-	$sql3 = "SELECT TID FROM `ShiftEntry` WHERE SID=$SID AND UID=0";
+	$sql3 = "SELECT TID FROM `ShiftEntry` WHERE SID=". $_GET["SID"]. " AND UID=0";
 	$Erg3 = mysql_query($sql3, $con);
 	$rowcount = mysql_num_rows($Erg3);
@ -115,13 +118,13 @@ case 'change':
 	for ($j=0; $j < $rowcount; $j++)
 	{
 		$TID = mysql_result($Erg3, $j, 0);
-		echo "<a href=\"./schichtplan.php?action=engelshiftdel&SID=$SID&TID=$TID\">". 
+		echo "<a href=\"./schichtplan.php?action=engelshiftdel&SID=". $_GET["SID"]. "&TID=$TID\">". 
 			"freie ". TID2Type($TID). Get_Text("inc_schicht_Engel"). "schicht loeschen</a><br>\n";
 	}	
 	echo "<br><hr>\n\n\n\n";
 	//Ausgabe eingetragener schischten
-	$sql3 = "SELECT * FROM `ShiftEntry` WHERE SID=$SID AND NOT UID=0";
+	$sql3 = "SELECT * FROM `ShiftEntry` WHERE SID=". $_GET["SID"]. " AND NOT UID=0";
 	$Erg3 = mysql_query($sql3, $con);
 	$rowcount = mysql_num_rows($Erg3);
@ -130,7 +133,7 @@ case 'change':
 	for ($j=0; $j < $rowcount; $j++)
 	{
 		$userUID=mysql_result($Erg3, $j, "UID");
-		echo "<a href=\"./schichtplan.php?action=engeldel&SID=$SID&UIDs=$userUID\">". 
+		echo "<a href=\"./schichtplan.php?action=engeldel&SID=". $_GET["SID"]. "&UIDs=$userUID\">". 
 			UID2Nick($userUID).
 			" (". TID2Type(mysql_result($Erg3, $j, "TID")). Get_Text("inc_schicht_Engel").
 			") austragen</a><br>\n";
@ -140,8 +143,8 @@ case 'change':
 	//Nachtragen von Engeln
 	echo "Hat ein anderer Engel die Schicht &uuml;bernommen, trage ihn bitte ein:";
-	echo "<form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"POST\" >\n";
+	echo "<form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"GET\" >\n";
-	echo "<input type=\"hidden\" name=\"SID\" value=\"$SID\">\n";
+	echo "<input type=\"hidden\" name=\"SID\" value=\"". $_GET["SID"]. "\">\n";
        echo "<input type=\"hidden\" name=\"action\" value=\"engeladd\">\n";
 	// Listet alle Nicks auf
@ -163,7 +166,7 @@ case 'change':
 	// holt eine liste der benötigten Engel zu dieser Schischt
 	$sql3 = "SELECT Count(`TID`) AS `CTID`, `TID` FROM `ShiftEntry` ";
-	$sql3.= "WHERE (`SID`='$SID' AND `UID`='0') ";
+	$sql3.= "WHERE (`SID`='". $_GET["SID"]. "' AND `UID`='0') ";
 	$sql3.= "GROUP BY `SID`, `TID`, `UID` ";
 	$Erg3 = mysql_query($sql3, $con);
 	$i=-1;
@ -181,7 +184,7 @@ case 'change':
 		$EngelTID = mysql_result($Erg2, $l, "TID");
 		echo "<option value=\"$EngelTID\">";
 		echo mysql_result($Erg2, $l, "Name"). Get_Text("inc_schicht_engel");
-		if( $EngelNeed[$EngelTID] == "" )
+		if( !isset($EngelNeed[$EngelTID]) )
 			echo " (0)";
 		else
 			echo " (".$EngelNeed[$EngelTID].")";
@ -196,61 +199,65 @@ case 'change':
 	break;
 case 'engeladd':
-	if( $UIDs>0)
+	if( $_GET["UIDs"]>0)
 	{
-		$SQL = "SELECT * FROM `ShiftEntry` WHERE (`SID`='$SID' AND `TID`='$TID' AND `UID`='0')";
+		$SQL = "SELECT * FROM `ShiftEntry` ".
 			"WHERE (`SID`='". $_GET["SID"]. "' AND `TID`='". $_GET["TID"]. "' AND `UID`='0')";
 		$ERG = mysql_query($SQL, $con);
 		if( mysql_num_rows($ERG) != 0 )
 		{
 			$chSQL  = "UPDATE `ShiftEntry` SET ".
-				 "`UID`='$UIDs', `Comment`='shift added by ".$_SESSION['Nick']."' ";
+				  "`UID`='". $_GET["UIDs"]. "', `Comment`='shift added by ".$_SESSION['Nick']."' ";
-			$chSQL .= "WHERE (`SID`='$SID' AND `TID`='$TID' AND `UID`='0' ) LIMIT 1";
+			$chSQL .= "WHERE (`SID`='". $_GET["SID"]. "' AND ".
 				  "`TID`='". $_GET["TID"]. "' AND `UID`='0' ) LIMIT 1";
 		}
 		else
 		{
 			$chSQL  = "INSERT INTO `ShiftEntry` (`SID`, `TID`, `UID`, `Comment`) VALUES (";
-			$chSQL .= "'$SID', '$TID', '$UIDs', 'shift added by ".$_SESSION['Nick']."')";
+			$chSQL .= "'". $_GET["SID"]. "', '". $_GET["TID"]. "', ".
 				  "'". $_GET["UIDs"]. "', 'shift added by ".$_SESSION['Nick']."')";
 		}
 		echo "Es wird folgende Schicht zus&auml;tzlich eingetragen:<br>\n";
-		echo "Engel: ".UID2Nick($UIDs)."<br>\n";
+		echo "Engel: ".UID2Nick($_GET["UIDs"])."<br>\n";
 		echo "Bemerkung: Schicht eingetragen durch Erzengel ".$_SESSION['Nick']."<br>\n<br>\n";
 	}
 	else
 	{
 		$chSQL  = "INSERT INTO `ShiftEntry` (`SID`, `TID`, `UID`, `Comment`) VALUES (";
-		$chSQL .= "'$SID', '$TID', '0', NULL)";
+		$chSQL .= "'". $_GET["SID"]. "', '". $_GET["TID"]. "', '0', NULL)";
 		echo "Es wird eine weitere Schicht eingetragen:<br>\n";
 	}
 	break;
 case 'engeldel':
-	$chSQL = "UPDATE `ShiftEntry` SET `UID`='0', `Comment`= 'NULL' WHERE (`SID`='$SID' AND `UID`='$UIDs') LIMIT 1"; 
+	$chSQL = "UPDATE `ShiftEntry` SET `UID`='0', `Comment`= 'NULL' WHERE (`SID`='". $_GET["SID"]. 
 		 "' AND `UID`='". $_GET["UIDs"]. "') LIMIT 1"; 
 	break;
 case 'engelshiftdel':
-	$chSQL = "DELETE FROM `ShiftEntry` WHERE `SID`='$SID' AND `TID`='$TID' AND `UID`='0' LIMIT 1"; 
+	$chSQL = "DELETE FROM `ShiftEntry` WHERE `SID`='". $_GET["SID"]. "' AND `TID`='". 
 			$_GET["TID"]. "' AND `UID`='0' LIMIT 1"; 
 	break;
 case 'changesave':
-	$query = mysql_query("SELECT DATE_ADD('".$eDate."', INTERVAL '+0 ".$eDauer."' DAY_HOUR)", $con);
+	$query = mysql_query("SELECT DATE_ADD('". $_GET["eDate"]. "', INTERVAL '+0 ". $_GET["eDauer"]. "' DAY_HOUR)", $con);
 	$enddate = mysql_fetch_row($query);
-	$chSQL = "UPDATE `Shifts` SET `DateS`='$eDate', `DateE`='".$enddate[0]."', `RID`='$eRID', `Len`='$eDauer', ".
+	$chSQL = "UPDATE `Shifts` SET `DateS`='". $_GET["eDate"]. "', `DateE`='".$enddate[0].
-	         "`Man`='$eName' WHERE `SID`=$SID";
+		 "', `RID`='". $_GET["eRID"]. "', `Len`='". $_GET["eDauer"]. "', ".
 	         "`Man`='". $_GET["eName"]. "' WHERE `SID`=". $_GET["SID"];
 	SetHeaderGo2Back();
 	break;
 case 'delete':
-	$chSQL = "DELETE FROM `Shifts` WHERE `SID`=$SID LIMIT 1";
+	$chSQL = "DELETE FROM `Shifts` WHERE `SID`=". $_GET["SID"]. " LIMIT 1";
-	$ch2SQL = "DELETE FROM `ShiftEntry` WHERE `SID`=$SID";
+	$ch2SQL = "DELETE FROM `ShiftEntry` WHERE `SID`=". $_GET["SID"];
 	SetHeaderGo2Back();
 	break;
 } // end switch
 // Update ???
 if (IsSet($chSQL)){
 //     echo $chSQL;
 	// hier muesste das SQL ausgefuehrt werden...
--- a/admin/shiftadd.php
+++ b/admin/shiftadd.php
@ -15,7 +15,7 @@ echo "Hallo ".$_SESSION['Nick'].",<br>\n";
 	for ($i=0; $i<$rowcount; $i++) 
 	{
 		$Room[$i]["RID"]  = mysql_result($Erg, $i, "RID");
-		$Room[$i]["Name"]	= mysql_result($Erg, $i, "Name");
+		$Room[$i]["Name"] = mysql_result($Erg, $i, "Name");
 	}
 // erstellt ein Aray der Engeltypen
@ -26,16 +26,17 @@ echo "Hallo ".$_SESSION['Nick'].",<br>\n";
 	for ($i=0; $i<$rowcount; $i++) 
 	{
 		$EngelType[$i]["TID"]  = mysql_result($Erg, $i, "TID");
-		$EngelType[$i]["Name"]	= mysql_result($Erg, $i, "Name").Get_Text("inc_schicht_engel");
+		$EngelType[$i]["Name"] = mysql_result($Erg, $i, "Name").Get_Text("inc_schicht_engel");
 	}
-if (!IsSet($action)) 
+if (!IsSet($_GET["action"])) 
-	$action = "new";
+	$_GET["action"] = "new";
 $Time = time()+3600+3600;
-switch ($action){
+switch( $_GET["action"])
 {
 case 'new':
 ?>
@ -110,11 +111,14 @@ mehrere Schichten auf einmal erfasst werden:
 	break; // Ende new
 case 'newsave':
-    if (isset($SDatum) && ($len > 0)) {
+    if (isset($_GET["SDatum"]) && ($_GET["len"] > 0))
-	$lenOrg = $len;
+    {
-	if( $NachtON == "ON" )
+	$lenOrg = $_GET["len"];
 	if( !isset($_GET["NachtON"])) 
 		$_GET["NachtON"] = "OFF";
 	if( $_GET["NachtON"] == "ON" )
 	{	
-		$lenArrayDummy = explode( ";", $len_night);
+		$lenArrayDummy = explode( ";", $_GET["len_night"]);
                foreach ( $lenArrayDummy as $Temp )
                {
 			if( isset($Temp2) )
@ -138,20 +142,22 @@ case 'newsave':
 	echo "\t<td valign=\"top\" align=\"center\">Entrys</td>\n";
 	echo "</tr>\n";
-	$DateEnd = $SDatum;
+	$DateEnd = $_GET["SDatum"];
- 	$TimeEnd = $STime;
+ 	$TimeEnd = $_GET["STime"];
-	do {	
+	$len=0;
 	do
 	{	
 		// define Start time
 		$Date = $DateEnd;
 		$Time = $TimeEnd;
-		$_DateS = $MonthJahr. "-". $Date. " ". $Time. ":00:00";
+		$_DateS = $_GET["MonthJahr"]. "-". $Date. " ". $Time. ":00:00";
 		// define End time
-	 	if( $NachtON == "ON" )
+	 	if( $_GET["NachtON"] == "ON" )
 		{
-			$len = $lenArray[$Time];
+			$_GET["len"] = $lenArray[$Time];
 		}
-		$TimeEnd = $Time+ $len;
+		$TimeEnd = $Time+ $_GET["len"];
 		//Tagesüberschreitung
 		while( $TimeEnd >= 24 )
@ -159,43 +165,43 @@ case 'newsave':
 			$TimeEnd -= 24;
 			$DateEnd += 1;
 		}
-		//ist schischt zu lang dan verkürzen	
+		//ist schischt zu lang dan verkürzen
-		if( $DateEnd > $EDatum || ($DateEnd == $EDatum && $TimeEnd >= $ETime) ) 
+		if( $DateEnd > $_GET["EDatum"] || ($DateEnd == $_GET["EDatum"] && $TimeEnd >= $_GET["ETime"]) ) 
 		{
-			$len -= ($DateEnd- $EDatum)*24; 
+			$_GET["len"] -= ($DateEnd- $_GET["EDatum"])*24; 
-			$len -= ($TimeEnd- $ETime);		// -(-) ->> +
+			$_GET["len"] -= ($TimeEnd- $_GET["ETime"]);		// -(-) ->> +
-			$DateEnd = $EDatum;
+			$DateEnd = $_GET["EDatum"];
-			$TimeEnd = $ETime;
+			$TimeEnd = $_GET["ETime"];
 		}
-		$_DateE = $MonthJahr. "-". $DateEnd. " ". $TimeEnd. ":00:00";
+		$_DateE = $_GET["MonthJahr"]. "-". $DateEnd. " ". $TimeEnd. ":00:00";
 		if( $_DateS != $_DateE )
 			CreateNewEntry();
-		if( $MoreThenOne!="ON" ) break;
+		if( $_GET["MoreThenOne"]!="ON" ) break;
-		if( $DateEnd == $EDatum && $TimeEnd >= $ETime ) break;
+		if( $DateEnd == $_GET["EDatum"] && $TimeEnd >= $_GET["ETime"] ) break;
 	} while( true );
 	echo "</table>";
-	if( $OnlyShow!="" ) 
+	if( $_GET["OnlyShow"]=="ON" ) 
 	{
 		echo "<form action=\"". $_SERVER['SCRIPT_NAME']. "\">";
-		echo "\n\t<Input type=\"hidden\" name=\"SchichtName\" value=\"$SchichtName\">";
+		echo "\n\t<Input type=\"hidden\" name=\"SchichtName\" value=\"". $_GET["SchichtName"]. "\">";
-		echo "\n\t<input type=\"hidden\" name=\"MonthJahr\" value=\"$MonthJahr\">";
+		echo "\n\t<input type=\"hidden\" name=\"MonthJahr\" value=\"". $_GET["MonthJahr"]. "\">";
-		echo "\n\t<input type=\"hidden\" name=\"SDatum\" value=\"$SDatum\">";
+		echo "\n\t<input type=\"hidden\" name=\"SDatum\" value=\"". $_GET["SDatum"]. "\">";
-		echo "\n\t<input type=\"hidden\" name=\"STime\" value=\"$STime\">";
+		echo "\n\t<input type=\"hidden\" name=\"STime\" value=\"". $_GET["STime"]. "\">";
-		echo "\n\t<input type=\"hidden\" name=\"MoreThenOne\" value=\"$MoreThenOne\">";
+		echo "\n\t<input type=\"hidden\" name=\"MoreThenOne\" value=\"". $_GET["MoreThenOne"]. "\">";
-		echo "\n\t<input type=\"hidden\" name=\"EDatum\" value=\"$EDatum\">";
+		echo "\n\t<input type=\"hidden\" name=\"EDatum\" value=\"". $_GET["EDatum"]. "\">";
-		echo "\n\t<input type=\"hidden\" name=\"ETime\" value=\"$ETime\">";
+		echo "\n\t<input type=\"hidden\" name=\"ETime\" value=\"". $_GET["ETime"]. "\">";
-		echo "\n\t<input type=\"hidden\" name=\"len\" value=\"$lenOrg\">";
+		echo "\n\t<input type=\"hidden\" name=\"len\" value=\"". $lenOrg. "\">";
-		echo "\n\t<input type=\"hidden\" name=\"RID\" value=\"$RID\">";
+		echo "\n\t<input type=\"hidden\" name=\"RID\" value=\"". $_GET["RID"]. "\">";
-		echo "\n\t<input type=\"hidden\" name=\"NachtON\" value=\"$NachtON\">";
+		echo "\n\t<input type=\"hidden\" name=\"NachtON\" value=\"". $_GET["NachtON"]. "\">";
-		echo "\n\t<input type=\"hidden\" name=\"len_night\" value=\"$len_night\">";
+		echo "\n\t<input type=\"hidden\" name=\"len_night\" value=\"". $_GET["len_night"]. "\">";
-		echo "\n\t<input type=\"hidden\" name=\"OnlyShow\" value=\"\">";
+		echo "\n\t<input type=\"hidden\" name=\"OnlyShow\" value=\"OFF\">";
 		foreach ($EngelType As $TTemp)
 		{
 			$Temp = "EngelType".$TTemp["TID"];
-			echo "\n\t<input type=\"hidden\" name=\"". $Temp. "\" value=\"".$$Temp."\">";
+			echo "\n\t<input type=\"hidden\" name=\"". $Temp. "\" value=\"". $_GET[$Temp]. "\">";
 		}	
 		echo "\n\t<input type=\"hidden\" name=\"action\" value=\"newsave\">";
 		echo "\n\t<input type=\"submit\" value=\"mach mal Gabriel!\">";
@ -213,7 +219,7 @@ case 'engeldel':
 function CreateNewEntry() 
 {
-	global $con, $_DateS, $_DateE, $len, $RID, $SchichtName, $OnlyShow, $EngelType, $DEBUG;
+	global $con, $_DateS, $_DateE, $EngelType, $DEBUG;
 	foreach ($EngelType As $TTemp)
 	{
 		$Temp = "EngelType".$TTemp["TID"];
@ -224,9 +230,9 @@ function CreateNewEntry()
 	echo "\t<td>$_DateS</td>\n";
 	echo "\t<td>$_DateE</td>\n";
-	echo "\t<td>$len</td\n>";
+	echo "\t<td>". $_GET["len"]. "</td>\n";
-	echo "\t<td>$RID</td>\n";
+	echo "\t<td>". $_GET["RID"]. "</td>\n";
-	echo "\t<td>$SchichtName</td>\n";
+	echo "\t<td>". $_GET["SchichtName"]. "</td>\n";
 	// Ist eintarg schon vorhanden?	
@ -234,12 +240,12 @@ function CreateNewEntry()
 	$SQL .=	"WHERE (".
 		"`DateS` = '". $_DateS. "' AND ".
 		"`DateE` = '". $_DateE. "' AND ".
-		"`RID` = '". $RID. "');";
+		"`RID` = '". $_GET["RID"]. "');";
 	$Erg = mysql_query($SQL, $con);
 	if( mysql_num_rows($Erg) != 0 )
 		echo "\t<td>exists</td>";
-	elseif( $OnlyShow == "" )   
+	elseif( $_GET["OnlyShow"] == "OFF" )   
 	{
 		//Suchet nach letzter SID
 		$SQLin = "SELECT `SID` FROM `Shifts` ".
@ -254,8 +260,8 @@ function CreateNewEntry()
 		// erstellt Eintrag in Shifts für die algemeine schicht
 		$SQL  = "INSERT INTO `Shifts` (`SID`, `DateS`, `DateE`, `Len`, `RID`, `Man`) VALUES ('$newSID', ";
 		$SQL .= "'". $_DateS. "', '". $_DateE. "', ";
-		$SQL .= "'". $len. "', '". $RID. "', ";
+		$SQL .= "'". $_GET["len"]. "', '". $_GET["RID"]. "', ";
-		$SQL .= "'". $SchichtName. "');";
+		$SQL .= "'". $_GET["SchichtName"]. "');";
 		$Erg = mysql_query($SQL, $con);
 		$SQLFail = "\n\t<br>[".$SQL. "]";
@ -271,15 +277,15 @@ function CreateNewEntry()
 	$SQL .=	"WHERE (".
 		"`DateS` = '". $_DateS. "' AND ".
 		"`DateE` = '". $_DateE. "' AND ".
-		"`Len` = '". $len. "' AND ".
+		"`Len` = '". $_GET["len"]. "' AND ".
-		"`RID` = '". $RID. "');";
+		"`RID` = '". $_GET["RID"]. "');";
 	$Erg = mysql_query($SQL, $con);
 	if( mysql_num_rows($Erg) == 0 )
 		echo "\t<td>?</td>";
 	else	
 	{
 		$SID = mysql_result($Erg, 0, "SID");
-		echo "\t<td>$SID</td>";
+		echo "\t<td>". $SID. "</td>";
 	}
 	// erstellt für jeden Engeltypen die eintrage in 'ShiftEntry'
@ -288,18 +294,18 @@ function CreateNewEntry()
 	{
 		$Temp = "EngelType".$TTemp["TID"];
-		if( $$Temp > 0 )
+		if( $_GET[$Temp] > 0 )
 		{
 			$i = 0;
-			echo $$Temp. " ".$TTemp["Name"]. "<br>\t";
+			echo $_GET[$Temp]. " ".$TTemp["Name"]. "<br>\t";
-			while( $i++ < $$Temp )
+			while( $i++ < $_GET[$Temp] )
 			{
-				$SQL  = "INSERT INTO `ShiftEntry` (`SID`, `TID`) VALUES (";
+				if( $_GET["OnlyShow"] == "OFF" )
 				$SQL .= "'$SID', ";
 				$SQL .= "'". $TTemp["TID"]. "');";
 				if( $OnlyShow == "" )
 				{
 					$SQL  = "INSERT INTO `ShiftEntry` (`SID`, `TID`) VALUES (";
 					$SQL .= "'". $SID. "', ";
 					$SQL .= "'". $TTemp["TID"]. "');";
 					$Erg = mysql_query($SQL, $con);
 					if( $DEBUG ) $SQLFail = "\n\t<br>[".$SQL. "]";
@ -309,13 +315,12 @@ function CreateNewEntry()
 				}
 				else
-					echo "'only show' ";
+					echo "+";
 			}
 			echo "<br>";
 		} // IF $$TEMP
 	} // FOREACH
 	echo "</td>";
 	echo "</tr>\n";
 }
--- a/admin/user.php
+++ b/admin/user.php
@ -5,14 +5,14 @@ $header = "Editieren der Engelliste";
 include ("./inc/header.php");
 include ("./inc/funktion_db_list.php");
-if (!IsSet($enterUID)){
+if (!IsSet($_GET["enterUID"]))
-
+{
 	// Userliste, keine UID uebergeben...
 	echo "<a href=\"../makeuser.php\">Neuen Engel eintragen</a><br><br>\n";
-	if( !isset($OrderBy) ) $OrderBy = "Nick";
+	if( !isset($_GET["OrderBy"]) ) $_GET["OrderBy"] = "Nick";
-	$SQL = "SELECT * FROM User ORDER BY ". $OrderBy. " ASC";
+	$SQL = "SELECT * FROM User ORDER BY ". $_GET["OrderBy"]. " ASC";
 	$Erg = mysql_query($SQL, $con);
 	echo mysql_error($con);
@ -98,13 +98,13 @@ else
 { 
 	// UserID wurde mit uebergeben --> Aendern...
-	$SQL = "SELECT * FROM User where UID=$enterUID";
+	$SQL = "SELECT * FROM User where UID=". $_GET["enterUID"];
 	$Erg = mysql_query($SQL, $con);
 	$anzahl  = mysql_num_rows($Erg);
 	if ($anzahl != 1) 
-		echo "Sorry, der Engel (UID=$enterUID) wurde in der Liste nicht gefunden.";
+		echo "Sorry, der Engel (UID=". $_GET["enterUID"]. ") wurde in der Liste nicht gefunden.";
 	else
 	{
 		echo "Hallo,<br>".
@ -116,9 +116,9 @@ else
 		echo "<form action=\"./user2.php?action=change\" method=\"POST\">\n";
 		echo "<table>\n";
-		echo "<input type=\"hidden\" name=\"Type\" value=\"$Type\">\n";
+		echo "<input type=\"hidden\" name=\"Type\" value=\"". $_GET["Type"]. "\">\n";
-		if( $Type == "Normal" )
+		if( $_GET["Type"] == "Normal" )
 		{
 			echo "  <tr><td>Nick</td><td>".
 				"<input type=\"text\" size=\"40\" name=\"eNick\" value=\"".
@ -193,12 +193,12 @@ else
 			echo "</td></tr>\n";
 		} //IF TYPE
-		if( $Type == "Secure" )
+		if( $_GET["Type"] == "Secure" )
 		{
 			// CVS-Rechte
 			echo "  <tr><td><br><u>Rights of \"". mysql_result($Erg, 0, "Nick"). "\":</u></td></tr>\n";
-			$SQL_CVS = "SELECT * FROM `UserCVS` WHERE UID=$enterUID";
+			$SQL_CVS = "SELECT * FROM `UserCVS` WHERE UID=". $_GET["enterUID"];
 			$Erg_CVS =  mysql_query($SQL_CVS, $con);
 			$CVS_Data = mysql_fetch_array($Erg_CVS);
 			$CVS_Data_i = 1;
@ -227,14 +227,14 @@ else
 		// Ende Formular
 		echo "</td></tr>\n";
 		echo "</table>\n";
-		echo "<input type=\"hidden\" name=\"enterUID\" value=\"$enterUID\">\n";
+		echo "<input type=\"hidden\" name=\"enterUID\" value=\"". $_GET["enterUID"]. "\">\n";
 		echo "<input type=\"submit\" value=\"sichern...\">\n";
 		echo "</form>";
-		if( $Type == "Normal" )
+		if( $_GET["Type"] == "Normal" )
 		{
 			echo "<form action=\"./user2.php?action=delete\" method=\"POST\">\n";
-			echo "<input type=\"hidden\" name=\"enterUID\" value=\"$enterUID\">\n";
+			echo "<input type=\"hidden\" name=\"enterUID\" value=\"". $_GET["enterUID"]. "\">\n";
 			echo "<input type=\"submit\" value=\"l&ouml;schen...\">\n";
 			echo "</form>";
 		}
--- a/admin/user2.php
+++ b/admin/user2.php
@ -6,7 +6,7 @@ include ("./inc/header.php");
 include ("./inc/funktion_db_list.php");
 include ("./inc/crypt.php");
-if (IsSet($action)) 
+if (IsSet($_GET["action"])) 
 {
 	function SQLExec( $SQL )
@ -23,40 +23,46 @@ if (IsSet($action))
 	}
 	SetHeaderGo2Back();
-	echo "Gesendeter Befehl: $action<br>";
+	echo "Gesendeter Befehl: ". $_GET["action"]. "<br>";
 	switch ($action) {
 	switch ($_GET["action"]) 
 	{
 	case "change":
-		if (IsSet($enterUID))
+		if (IsSet($_POST["enterUID"]))
 		{
-			if ($Type == "Normal")
+			if ($_POST["Type"] == "Normal")
 			{
 				$SQL = "UPDATE `User` SET ";
-				$SQL.= " `Nick` = '$eNick', `Name` = '$eName', `Vorname` = '$eVorname', ".
+				$SQL.= " `Nick` = '". $_POST["eNick"]. "', `Name` = '". $_POST["eName"]. "', ".
-					"`Telefon` = '$eTelefon', `Handy` = '$eHandy', `DECT` = '$eDECT', ".
+					"`Vorname` = '". $_POST["eVorname"]. "', ".
-					"`email` = '$eemail', `Size` = '$eSize', ".
+					"`Telefon` = '". $_POST["eTelefon"]. "', ".
-					"`Gekommen`= '$eGekommen', `Aktiv`= '$eAktiv', ".
+					"`Handy` = '". $_POST["eHandy"]. "', ".
-					"`Tshirt` = '$eTshirt' ";
+					"`DECT` = '". $_POST["eDECT"]. "', ".
-				$SQL.= "WHERE `UID` = '$enterUID' LIMIT 1;";
+					"`email` = '". $_POST["eemail"]. "', ".
 					"`Size` = '". $_POST["eSize"]. "', ".
 					"`Gekommen`= '". $_POST["eGekommen"]. "', ".
 					"`Aktiv`= '". $_POST["eAktiv"]. "', ".
 					"`Tshirt` = '". $_POST["eTshirt"]. "' ".
 					"WHERE `UID` = '". $_POST["enterUID"]. 
 					"' LIMIT 1;";
 				echo "User-";
 				SQLExec( $SQL );
 			}
-			if ($Type == "Secure")
+			if ($_POST["Type"] == "Secure")
 			{
 				$SQL2 = "UPDATE `UserCVS` SET ";
-			  	$SQL_CVS = "SELECT * FROM `UserCVS` WHERE UID=$enterUID";
+			  	$SQL_CVS = "SELECT * FROM `UserCVS` WHERE UID=". $_POST["enterUID"];
 				$Erg_CVS =  mysql_query($SQL_CVS, $con);
 				$CVS_Data = mysql_fetch_array($Erg_CVS);
 				$CVS_Data_i = 1;
 				foreach ($CVS_Data as $CVS_Data_Name => $CVS_Data_Value) 
 				{
 					if( ($CVS_Data_i+1)%2 && $CVS_Data_Name!="UID")
-						$SQL2.= "`$CVS_Data_Name` = '".$$CVS_Data_i."', ";
+						$SQL2.= "`$CVS_Data_Name` = '". $_POST[$CVS_Data_i]."', ";
 			    		$CVS_Data_i++;
 					}
 				$SQL2 = substr( $SQL2, 0, strlen($SQL2)-2 );
-				$SQL2.= "  WHERE `UID` = '$enterUID' LIMIT 1;";
+				$SQL2.= "  WHERE `UID` = '". $_POST["enterUID"]. "' LIMIT 1;";
 				echo "<br>Secure-";
 				SQLExec( $SQL2 );
 			}
@ -64,14 +70,17 @@ if (IsSet($action))
 		break;
 	case "delete":
-		if (IsSet($enterUID))
+		if (IsSet($_POST["enterUID"]))
 		{
-			$SQL="delete from `User` WHERE `UID` = '$enterUID' LIMIT 1;";
+			echo "delate User...";
 			$SQL="delete from `User` WHERE `UID` = '". $_POST["enterUID"]. "' LIMIT 1;";
 			SQLExec( $SQL );
-			$SQL2="delete from `UserCVS` WHERE `UID` = '$enterUID' LIMIT 1;";
+			echo "<br>\ndelate UserCVS...";
 			$SQL2="delete from `UserCVS` WHERE `UID` = '". $_POST["enterUID"]. "' LIMIT 1;";
 			SQLExec( $SQL2 );
 			echo "<br>\ndelate UserEntry...";
 			$SQL3="UPDATE `ShiftEntry` SET `UID` = '0', `Comment` = NULL ".
-				"WHERE `UID` = '$enterUID' LIMIT 1;";
+				"WHERE `UID` = '". $_POST["enterUID"]. "' LIMIT 1;";
 			SQLExec( $SQL3 );
 		}
 		break;
@ -80,24 +89,25 @@ if (IsSet($action))
 	case "newpw":
 		echo "Bitte neues Kennwort f&uuml;r <b>";
 		// Get Nick
-		$USQL = "SELECT * FROM User where UID=$eUID";
+		$USQL = "SELECT * FROM User where UID=". $_POST["eUID"];
 		$Erg = mysql_query($USQL, $con);
 		echo mysql_result($Erg, 0, "Nick");
 		echo "</b> eingeben:<br>";
 		echo "<form action=\"./user2.php\" method=\"POST\">\n";	
 		echo "<input type=\"Password\" name=\"ePasswort\">";
 		echo "<input type=\"Password\" name=\"ePasswort2\">";
-		echo "<input type=\"hidden\" name=\"eUID\" value=\"$eUID\">";
+		echo "<input type=\"hidden\" name=\"eUID\" value=\"". $_POST["eUID"]. "\">";
 		echo "<input type=\"hidden\" name=\"action\" value=\"newpwsave\">\n";
 	        echo "<input type=\"submit\" value=\"sichern...\">\n";
 	        echo "</form>";
 		break;
 	case "newpwsave":
-		if ($ePasswort == $ePasswort2) 
+		if ($_POST["ePasswort"] == $_POST["ePasswort2"]) 
 		{	// beide Passwoerter passen... 
-			$ePasswort = PassCrypt($ePasswort);
+			$_POST["ePasswort"] = PassCrypt($_POST["ePasswort"]);
-			$SQL="UPDATE `User` SET `Passwort`='$ePasswort' where `UID` = '$eUID'";
+			$SQL =	"UPDATE `User` SET `Passwort`='". $_POST["ePasswort"]. "' ".
 				"where `UID` = '". $_POST["eUID"]. "'";
 			SQLExec( $SQL );
 		} 
 		else 
@ -110,7 +120,7 @@ if (IsSet($action))
 else 
 {
 	// kein Action gesetzt -> abbruch
-	echo "Unzul&auml;ssiger Aufruf. Bitte neu editieren...";
+	echo "Unzul&auml;ssiger Aufruf.<br>Bitte neu editieren...";
 }
 include ("./inc/footer.php");
--- a/inc/UserCVS.php
+++ b/inc/UserCVS.php
@ -5,6 +5,8 @@ if( !isset($Page["Public"])) $Page["Public"]="N";
 $Page["Name"] = substr( $_SERVER['PHP_SELF'], strlen($ENGEL_ROOT) );
 if( isset( $_SESSION['CVS'][ $Page["Name"] ]))
 	$Page["CVS"] = $_SESSION['CVS'][ $Page["Name"] ];
 else
 	$Page["CVS"] = "";
 if( $DEBUG ) 
 {
--- a/inc/funktion_modem.php
+++ b/inc/funktion_modem.php
@ -3,7 +3,7 @@
 $Dev="/dev/ttyS0";	// COM port
 $WackupNumber="**3";
-ob_end_flush();		//ausgabe obwohl skript nich in arbeit
+//ob_end_flush();		//ausgabe obwohl skript nich in arbeit
 set_time_limit(50000);	//Timeout erhöhen;
 function DialNumber( $Number )
--- a/inc/funktion_schichtplan.php
+++ b/inc/funktion_schichtplan.php
@ -113,9 +113,10 @@ function ausgabe_Feld_Inhalt( $SID, $Man )
 	///////////////////////////////////////////////////////////////////
 	// Aus gabe der Schicht
 	///////////////////////////////////////////////////////////////////
-	if( count($Temp) )
+	if( isset($Temp))
-	  foreach( $Temp as $TempEntry => $TempValue )
+	  if( count($Temp) )
-	  {
+	    foreach( $Temp as $TempEntry => $TempValue )
 	    {
 		// ausgabe EngelType
 		$Spalten.= $EngelTypeID[ $TempValue["TID"] ]. " ";
@ -331,6 +332,7 @@ function showEmptyShifts( )
 	$angezeigt = 0;
 	for ($i=0; ($i<mysql_num_rows($Erg)) && ($angezeigt< 15); $i++)
 	  if( isset($RoomID[mysql_result( $Erg, $i, "RID")]))
 	   if( $RoomID[mysql_result( $Erg, $i, "RID")]!="" )
 	   {
 		$Sql2 = "SELECT `UID` FROM `ShiftEntry` ".
--- a/makeuser.php
+++ b/makeuser.php
@ -2,7 +2,7 @@
 $title = "MakeNewUser";
 $header = "Make New User";
-$Page["Public"]="Y";
+$Page["Public"]="N^";
 include ("./inc/header.php");
 include ("./inc/db.php");
 include ("./inc/crypt.php");