Commit Graph

51 Commits

Author SHA1 Message Date
Igor Scheller c33940f64a Moved permission checks to Authenticator class 2018-12-02 12:53:31 +01:00
Igor Scheller 944c29b964 Require POST for sending forms
* Ensure that the form is submitted with a post request
* Replaced several links with forms

Closes #494 (Security Vulnerability)
2018-11-21 19:24:36 +01:00
Igor Scheller 88f3bafa5e Replaced `Auth()` with `auth()` 2018-10-31 13:43:23 +01:00
Igor Scheller a2aaba9cab User: Bugfixes & code cleanup 2018-10-31 13:43:23 +01:00
Igor Scheller 4e09ee3eb2 Replaced more user related stuff
(Contains some buggy stuff too...)
2018-10-31 13:43:23 +01:00
Igor Scheller 7c6afc2bfe Removed `User($id)` function 🎉 2018-10-31 13:43:23 +01:00
Igor Scheller 89e62c95a7 Changed more functions 🎉 2018-10-31 13:43:23 +01:00
Igor Scheller b069a938c6 Changed user_link and some other user functions to use the user id 2018-10-31 13:43:23 +01:00
Igor Scheller 2dcb7cc2de Replaced some global `$user` variables 2018-10-31 13:43:23 +01:00
Bot e8f8fc7f5f Replaced gettext translation `_()` with `__()` that uses the Translator class 2018-08-29 23:46:32 +02:00
Igor Scheller fe58e4f422 database: updated checks for selectOne 2018-01-14 17:47:26 +01:00
Bot b00743d6d3 Formatting 2017-12-27 13:50:53 +01:00
msquare abf4b1da30 check if logged in before sign up 2017-12-27 11:35:26 +01:00
Igor Scheller f8d0a7c5b0 Updated translation / Formatting / Test 2017-12-26 00:21:44 +01:00
Igor Scheller 75eea1681e Removed dead function call 2017-12-25 23:51:15 +01:00
Bot 952c7892f3 Formatting & Docstrings 2017-12-25 23:51:15 +01:00
klemens a6cf4c9ce9 spelling fixes 2017-12-25 21:29:00 +01:00
msquare 2c04e35bed introduce new shift signup state for not arrived angels 2017-12-20 23:05:46 +01:00
msquare 7a3bdda483 rewrite controller for creating shift entries 2017-12-20 00:54:57 +01:00
msquare 1289101f6e rewrite controller for creating shift entries 2017-12-20 00:42:58 +01:00
msquare afd7c59d1d fix shift entry delete 2017-12-19 22:24:06 +01:00
msquare fd85034e7f redo shift signoff and icons for delete/confirm/acknowledgment questions 2017-12-19 20:58:01 +01:00
msquare 567ed9ebd2 remove flags since they do not belong to language selection 2017-12-19 19:17:50 +01:00
MichiK 32d14f493b Fix sign-up to shifts by supporter
Any user with the `shiftentry_edit_angeltype_supporter` privilege was
able to sign up any users of the correct angeltype to any shift that
they could sign up themselves because the shift entry controller only
checks for the global privilege an not the fact that the user is indeed
supporter for the angeltype in question.
2017-12-07 18:52:07 +01:00
msquare deae2a1721 fix removing users from shift, fixes #359 2017-11-19 14:52:55 +01:00
msquare db8b6b2520 change shift renderer global add user link 2017-09-16 17:14:45 +02:00
Igor Scheller 96f1d9fd54 Bugfixes 2017-08-30 15:35:12 +02:00
Igor Scheller d0074cf006 Merge remote-tracking branch 'engelsystem/feature-igel-rewrite'
# Conflicts:
#	includes/controller/angeltypes_controller.php
#	includes/pages/admin_groups.php
#	includes/pages/user_settings.php
#	includes/sys_page.php
#	src/Exceptions/Handler.php
#	src/Http/Request.php
2017-08-29 23:16:41 +02:00
Igor Scheller cc01c906ba #336: Integration of symfony/http-foundation request 2017-08-29 21:52:07 +02:00
msquare f82e5456d2 dried code by introducing selectOne for select queries with only one result line expected 2017-07-28 20:11:09 +02:00
msquare 5794c4cab8 clear delete queries from false resuls 2017-07-28 18:50:00 +02:00
msquare a157004f4a handle failed db queries in Db class 2017-07-23 11:46:54 +02:00
Igor Scheller 3a1e460249 Changed $_GET, $_POST and $_REQUEST to use the Request object 2017-07-19 11:44:16 +02:00
Bot 740026a9de Replaced [0-9] with \d 2017-01-21 20:12:48 +01:00
Bot 915ce28fee Replaced " with ' 2017-01-21 20:12:35 +01:00
Igor Scheller 9a3ad88834 Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00
Bot 55141154c0 Replaced " with ' 2017-01-03 15:32:59 +01:00
Bot 356b2582f3 PPHDoc, formatting, fixes, cleanup 2017-01-03 03:22:48 +01:00
Bot d71e7bbfad Formatting 2017-01-02 15:49:53 +01:00
Bot 7313e15ce8 PSR-2 formatting 2017-01-02 03:57:23 +01:00
msquare 46528fe1d8 shift view performance improvements 2016-12-27 23:02:05 +01:00
msquare 2f2d08c574 fix edit user bug deleting emails 2016-12-27 13:05:30 +01:00
msquare 99c7e8ce1a fixes #298 allow a shift supporter to remove a user from shift 2016-12-24 17:29:12 +01:00
msquare 0c15964e6b #298 hide freeload form from angeltype supporters 2016-12-24 17:02:34 +01:00
msquare e86d75b4d9 begin #298 add privilege and add users to shifts by angeltype supporter 2016-12-24 17:00:03 +01:00
jwacalex 1324260e0f forgot to remove if-statement -.- 2016-11-30 16:17:52 +01:00
jwacalex f4f6dfefcb fixed broken logic in controller (cf. to mail to @msquare) 2016-11-30 15:53:47 +01:00
msquare 1a3b4e2a33 redone shift coloring and shift signup state 2016-11-12 23:00:46 +01:00
msquare 27c9650dc4 reduce complexity of shifts controller 2016-10-04 21:20:38 +02:00
msquare 09c931dcf5 fix missing variables 2016-10-03 17:55:49 +02:00