allerta-vvf
/
allerta-vvf
mirror of https://github.com/allerta-vvf/allerta-vvf
1
0
Fork 0
Code Issues Releases Wiki Activity

Another big codebase change

This commit is contained in:
Matteo Gheza 2021-03-24 17:10:44 +01:00
parent 2a39c4ba98
commit bfdbd6dc1a
18 changed files with 228 additions and 202 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
server/api.php
View File

@ -152,8 +152,9 @@ $dispatcher = FastRoute\simpleDispatcher(
if($vars["available"] !== 0 && $vars["available"] !== 1) {
return ["status" => "error", "message" => "Availability code not allowed"];
}
$user->log("Cambiamento disponibilita' a ".$vars["available"], $user_info["id"], $user_info["id"]);
$log_message = $vars["available"] ? "Status changed to 'available'" : "Status changed to 'not available'";
$database->exec("UPDATE `%PREFIX%_profiles` SET `available` = :available WHERE `id` = :id;", true, [":id" => $user_info["id"], ":available" => $vars["available"]]);
$user->log($log_message);
}
);
$r->addRoute(
@ -164,8 +165,9 @@ $dispatcher = FastRoute\simpleDispatcher(
if($vars["available"] !== 0 && $vars["available"] !== 1) {
return ["status" => "error", "message" => "Availability code not allowed"];
}
$user->log("Cambiamento disponibilita' a ".$vars["available"], $vars["id"], $user_info["id"]);
$log_message = $vars["available"] ? "Status changed to 'available'" : "Status changed to 'not available'";
$database->exec("UPDATE `%PREFIX%_profiles` SET `available` = :available WHERE `id` = :id;", true, [":id" => $vars["id"], ":available" => $vars["available"]]);
$user->log($log_message, $vars["id"], $user_info["id"]);
}
);
}

244
server/core.php
View File

@ -4,6 +4,7 @@ use DebugBar\StandardDebugBar;
if(!file_exists("config.php") && !file_exists("../../config.php")) {
header('Location: install/install.php');
exit();
}
require_once 'config.php';
@ -102,7 +103,8 @@ class tools
}
}
public function rickroll(){
public function rickroll()
{
$rickrolls = [
"https://www.youtube.com/watch?v=dQw4w9WgXcQ",
"https://www.youtube.com/watch?v=ub82Xb1C8os",
@ -112,6 +114,7 @@ class tools
];
$this->redirect($rickrolls[array_rand($rickrolls)]); //Dear attacker/bot, have fun!
}
function extract_unique($data)
{
$this->profiler_start("Extract unique");
@ -182,7 +185,8 @@ class tools
}
}
public function ajax_page_response($response){
public function ajax_page_response($response)
{
global $debugbar;
$json_response = json_encode($response);
$response_data = substr(crc32($json_response), 0, 10);
@ -295,8 +299,8 @@ class database
public function exists($table, $id)
{
$risultato = $this->exec("SELECT :table FROM `%PREFIX%_services` WHERE id = :id;", true, [":table" => $table, ":id" => $id]);
return !empty($risultato);
$result = $this->exec("SELECT :table FROM `%PREFIX%_services` WHERE id = :id;", true, [":table" => $table, ":id" => $id]);
return !empty($result);
}
public function get_option($name)
@ -314,104 +318,6 @@ class database
return false;
}
}
public function increment($increment)
{
bdump($increment);
$sql = "UPDATE `%PREFIX%_profiles` SET `services`= services + 1 WHERE id IN ($increment);";
$this->exec($sql, false);
}
public function getIncrement($id)
{
bdump($id);
$sql = "SELECT `increment` FROM `%PREFIX%_services` WHERE `id` = :id";
$increment = $this->exec($sql, true, [":id" => $id])[0]['increment'];
bdump($increment);
return $increment;
}
public function decrease($id)
{
$sql = "UPDATE `%PREFIX%_profiles` SET `services`= services - 1 WHERE id IN ({$this->getIncrement($id)});";
$this->exec($sql, false);
}
public function increment_trainings($increment)
{
bdump($increment);
$sql = "UPDATE `%PREFIX%_profiles` SET `trainings`= trainings + 1 WHERE id IN ($increment);";
$this->exec($sql, false);
}
public function getIncrement_trainings($id)
{
bdump($id);
$sql = "SELECT `increment` FROM `%PREFIX%_trainings` WHERE `id` = :id";
$increment = $this->exec($sql, true, [":id" => $id])[0]['increment'];
bdump($increment);
return $increment;
}
public function decrease_trainings($id)
{
$sql = "UPDATE `%PREFIX%_profiles` SET `trainings`= trainings - 1 WHERE id IN ({$this->getIncrement_trainings($id)});";
$this->exec($sql, false);
}
public function add_service($date, $code, $beginning, $end, $chief, $drivers, $crew, $place, $notes, $type, $increment, $inserted_by)
{
$drivers = implode(",", $drivers);
bdump($drivers);
$crew = implode(",", $crew);
bdump($crew);
$increment = implode(",", $increment);
bdump($increment);
$date = date('Y-m-d H:i:s', strtotime($date));
$sql = "INSERT INTO `%PREFIX%_services` (`id`, `date`, `code`, `beginning`, `end`, `chief`, `drivers`, `crew`, `place`, `notes`, `type`, `increment`, `inserted_by`) VALUES (NULL, :date, :code, :beginning, :end, :chief, :drivers, :crew, :place, :notes, :type, :increment, :inserted_by);";
$this->exec($sql, false, [":date" => $date, ":code" => $code, "beginning" => $beginning, ":end" => $end, ":chief" => $chief, ":drivers" => $drivers, ":crew" => $crew, ":place" => $place, ":notes" => $notes, ":type" => $type, ":increment" => $increment, ":inserted_by" => $inserted_by]);
$this->increment($increment);
}
public function remove_service($id)
{
$this->decrease($id);
$this->exec("DELETE FROM `%PREFIX%_services` WHERE `id` = :id", true, [":id" => $id]);
}
public function change_service($id, $date, $code, $beginning, $end, $chief, $drivers, $crew, $place, $notes, $type, $increment, $inserted_by)
{
$this->remove_service($id); // TODO: update, instead of removing and re-adding (with another id)
$this->add_service($date, $code, $beginning, $end, $chief, $drivers, $crew, $place, $notes, $type, $increment, $inserted_by);
}
public function add_training($date, $name, $start_time, $end_time, $chief, $crew, $place, $notes, $increment, $inserted_by)
{
$crew = implode(",", $crew);
bdump($crew);
$increment = implode(",", $increment);
bdump($increment);
$date = date('Y-m-d H:i:s', strtotime($date));
$sql = "INSERT INTO `%PREFIX%_trainings` (`id`, `date`, `name`, `beginning`, `end`, `chief`, `crew`, `place`, `notes`, `increment`, `inserted_by`) VALUES (NULL, :date, :name, :start_time, :end_time, :chief, :crew, :place, :notes, :increment, :inserted_by);";
$this->exec($sql, false, [":date" => $date, ":name" => $name, "start_time" => $start_time, ":end_time" => $end_time, ":chief" => $chief, ":crew" => $crew, ":place" => $place, ":notes" => $notes, ":increment" => $increment, ":inserted_by" => $inserted_by]);
$this->increment_trainings($increment);
}
public function remove_training($id)
{
$this->decrease_trainings($id);
bdump($id);
$this->exec("DELETE FROM `%PREFIX%_trainings` WHERE `id` = :id", true, [":id" => $id]);
}
public function change_training($id, $date, $name, $start_time, $end_time, $chief, $crew, $place, $notes, $increment, $inserted_by)
{
$this->remove_training($id); // TODO: update, instead of removing and re-adding (with another id)
bdump("removed");
$this->add_training($date, $name, $start_time, $end_time, $chief, $crew, $place, $notes, $increment, $inserted_by);
}
}
final class Role
@ -598,7 +504,7 @@ class user
return ["status" => "error", "code" => 020, "text" => "Too many requests"];
}
if($this->auth->isLoggedIn()) {
$this->log("Login", $this->auth->getUserId(), $this->auth->getUserId());
$this->log("Login", $this->auth->getUserId());
$user = $this->database->exec("SELECT * FROM `%PREFIX%_profiles` WHERE id = :id;", true, [":id" => $this->auth->getUserId()]);
if(!empty($user)) {
if(is_null($user[0]["name"])) {
@ -623,13 +529,19 @@ class user
return ["status" => "error", "code" => 001];
}
}
public function log($action, $changed, $editor, $timestamp=null)
public function log($action, $changed=null, $editor=null, $timestamp=null)
{
$this->tools->profiler_start("Log");
if(is_null($timestamp)){
$date = new Datetime('now');
$timestamp = $date->format('Y-m-d H:i:s');
}
if(is_null($changed)){
$changed = $this->auth->getUserId();
}
if(is_null($editor)){
$editor = $changed;
}
if($this->database->get_option("log_save_ip")){
$ip = $this->tools->get_ip();
} else {
@ -646,7 +558,7 @@ class user
public function logout()
{
try {
$this->log("Logout", $this->auth->getUserId(), $this->auth->getUserId());
$this->log("Logout");
$this->auth->logOut();
$this->auth->destroySession();
setcookie("authenticated", false, time() - 3600);
@ -670,7 +582,7 @@ class user
if($chief == 1) {
$this->auth->admin()->addRoleForUserById($userId, Role::FULL_VIEWER);
}
$this->log("User created", $userId, $inserted_by);
$this->log("User added", $userId, $inserted_by);
$this->tools->profiler_stop();
return $userId;
} else {
@ -698,6 +610,123 @@ class user
}
}
class crud
{
public $tools = null;
public $database = null;
public $user = null;
public function __construct($tools, $database, $user)
{
$this->tools = $tools;
$this->database = $database;
$this->user = $user;
}
public function increment($increment)
{
bdump($increment);
$sql = "UPDATE `%PREFIX%_profiles` SET `services`= services + 1 WHERE id IN ($increment);";
$this->database->exec($sql, false);
}
public function getIncrement($id)
{
bdump($id);
$sql = "SELECT `increment` FROM `%PREFIX%_services` WHERE `id` = :id";
$increment = $this->database->exec($sql, true, [":id" => $id])[0]['increment'];
bdump($increment);
return $increment;
}
public function decrease($id)
{
$sql = "UPDATE `%PREFIX%_profiles` SET `services`= services - 1 WHERE id IN ({$this->getIncrement($id)});";
$this->database->exec($sql, false);
}
public function increment_trainings($increment)
{
bdump($increment);
$sql = "UPDATE `%PREFIX%_profiles` SET `trainings`= trainings + 1 WHERE id IN ($increment);";
$this->database->exec($sql, false);
}
public function getIncrement_trainings($id)
{
bdump($id);
$sql = "SELECT `increment` FROM `%PREFIX%_trainings` WHERE `id` = :id";
$increment = $this->database->exec($sql, true, [":id" => $id])[0]['increment'];
bdump($increment);
return $increment;
}
public function decrease_trainings($id)
{
$sql = "UPDATE `%PREFIX%_profiles` SET `trainings`= trainings - 1 WHERE id IN ({$this->getIncrement_trainings($id)});";
$this->database->exec($sql, false);
}
public function add_service($date, $code, $beginning, $end, $chief, $drivers, $crew, $place, $notes, $type, $increment, $inserted_by)
{
$drivers = implode(",", $drivers);
bdump($drivers);
$crew = implode(",", $crew);
bdump($crew);
$increment = implode(",", $increment);
bdump($increment);
$date = date('Y-m-d H:i:s', strtotime($date));
$sql = "INSERT INTO `%PREFIX%_services` (`id`, `date`, `code`, `beginning`, `end`, `chief`, `drivers`, `crew`, `place`, `notes`, `type`, `increment`, `inserted_by`) VALUES (NULL, :date, :code, :beginning, :end, :chief, :drivers, :crew, :place, :notes, :type, :increment, :inserted_by);";
$this->database->exec($sql, false, [":date" => $date, ":code" => $code, "beginning" => $beginning, ":end" => $end, ":chief" => $chief, ":drivers" => $drivers, ":crew" => $crew, ":place" => $place, ":notes" => $notes, ":type" => $type, ":increment" => $increment, ":inserted_by" => $inserted_by]);
$this->increment($increment);
$this->user->log("Service added");
}
public function remove_service($id)
{
$this->decrease($id);
$this->database->exec("DELETE FROM `%PREFIX%_services` WHERE `id` = :id", true, [":id" => $id]);
$this->user->log("Service removed");
}
public function edit_service($id, $date, $code, $beginning, $end, $chief, $drivers, $crew, $place, $notes, $type, $increment, $inserted_by)
{
$this->remove_service($id);
$this->add_service($date, $code, $beginning, $end, $chief, $drivers, $crew, $place, $notes, $type, $increment, $inserted_by);
$this->user->log("Service edited");
}
public function add_training($date, $name, $start_time, $end_time, $chief, $crew, $place, $notes, $increment, $inserted_by)
{
$crew = implode(",", $crew);
bdump($crew);
$increment = implode(",", $increment);
bdump($increment);
$date = date('Y-m-d H:i:s', strtotime($date));
$sql = "INSERT INTO `%PREFIX%_trainings` (`id`, `date`, `name`, `beginning`, `end`, `chief`, `crew`, `place`, `notes`, `increment`, `inserted_by`) VALUES (NULL, :date, :name, :start_time, :end_time, :chief, :crew, :place, :notes, :increment, :inserted_by);";
$this->database->exec($sql, false, [":date" => $date, ":name" => $name, "start_time" => $start_time, ":end_time" => $end_time, ":chief" => $chief, ":crew" => $crew, ":place" => $place, ":notes" => $notes, ":increment" => $increment, ":inserted_by" => $inserted_by]);
$this->increment_trainings($increment);
$this->user->log("Training added");
}
public function remove_training($id)
{
$this->decrease_trainings($id);
bdump($id);
$this->database->exec("DELETE FROM `%PREFIX%_trainings` WHERE `id` = :id", true, [":id" => $id]);
$this->user->log("Training removed");
}
public function edit_training($id, $date, $name, $start_time, $end_time, $chief, $crew, $place, $notes, $increment, $inserted_by)
{
$this->remove_training($id);
$this->add_training($date, $name, $start_time, $end_time, $chief, $crew, $place, $notes, $increment, $inserted_by);
$this->user->log("Training edited");
}
}
class translations
{
public $loaded_languages = ["en", "it"];
@ -787,11 +816,12 @@ class translations
function init_class($enableDebugger=true, $headers=true)
{
global $tools, $database, $user, $translations, $debugbar;
global $tools, $database, $user, $crud, $translations, $debugbar;
if(!isset($tools) && !isset($database) && !isset($translations)) {
$database = new database();
$tools = new tools($database->get_option("check_cf_ip"), $enableDebugger);
$user = new user($database, $tools);
$crud = new crud($tools, $database, $user);
$translations = new translations($database->get_option("force_language"));
}
if($headers) {

4
server/cypress/integration/c_availability.spec.js
View File

@ -10,7 +10,7 @@ describe("Availability", () => {
cy.get(".fa-check").should('be.visible')
cy.visit("/log.php")
cy.wait("@ajax_log")
cy.contains("Attivazione disponibilita'")
cy.contains("Status changed to 'available'")
cy.visit("/")
})
@ -22,7 +22,7 @@ describe("Availability", () => {
cy.get(".fa-times").should('be.visible')
cy.visit("/log.php")
cy.wait("@ajax_log")
cy.contains("Rimozione disponibilita'")
cy.contains("Status changed to 'not available'")
cy.visit("/")
})
});

4
server/cypress/integration/d_users.spec.js
View File

@ -55,7 +55,7 @@ describe("User management", () => {
cy.contains(user.name)
cy.visit("/log.php")
cy.wait('@ajax_log')
cy.contains("User created")
cy.contains("User added")
cy.contains(user.name)
cy.visit("/")
} else {
@ -80,7 +80,7 @@ describe("User management", () => {
expect(response.body).to.have.property('userId')
cy.visit("/log.php")
cy.wait('@ajax_log')
cy.contains("User created")
cy.contains("User added")
cy.contains(user.name)
})
}

6
server/cypress/integration/e_services.spec.js
View File

@ -44,7 +44,7 @@ describe("Service management", () => {
cy.contains("1234/5");
cy.visit("/log.php");
cy.wait('@ajax_log');
cy.contains("Aggiunto intervento");
cy.contains("Service added");
cy.visit("/list.php");
cy.wait('@ajax_list');
cy.get('tr:has(> td:has(> a[id="username-11"])) > :nth-child(6)').should('contain', '1');
@ -78,7 +78,7 @@ describe("Service management", () => {
cy.contains("4321/5");
cy.visit("/log.php");
cy.wait('@ajax_log');
cy.contains("Modificato intervento");
cy.contains("Service edited");
cy.visit("/list.php");
cy.wait('@ajax_list');
cy.get('tr:has(> td:has(> a[id="username-11"])) > :nth-child(6)').should('contain', '0');
@ -98,7 +98,7 @@ describe("Service management", () => {
cy.wait('@ajax_services');
cy.visit("/log.php");
cy.wait('@ajax_log');
cy.contains("Rimosso intervento");
cy.contains("Service removed");
cy.visit("/list.php");
cy.wait('@ajax_list');
cy.get('tr:has(> td:has(> a[id="username-8"])) > :nth-child(6)').should('contain', '0');

6
server/cypress/integration/f_trainings.spec.js
View File

@ -34,7 +34,7 @@ describe("Training management", () => {
cy.contains("Test Training");
cy.visit("/log.php");
cy.wait('@ajax_log');
cy.contains("Aggiunta esercitazione");
cy.contains("Training added");
cy.visit("/list.php");
cy.wait('@ajax_list');
});
@ -62,7 +62,7 @@ describe("Training management", () => {
cy.contains("Training 1 test");
cy.visit("/log.php");
cy.wait('@ajax_log');
cy.contains("Modificata esercitazione");
cy.contains("Training edited");
});
it('Delete Training', function() {
@ -74,7 +74,7 @@ describe("Training management", () => {
cy.wait('@ajax_trainings');
cy.visit("/log.php");
cy.wait('@ajax_log');
cy.contains("Rimossa esercitazione");
cy.contains("Training removed");
});
})

9
server/edit_service.php
View File

@ -7,8 +7,7 @@ if($tools->validate_form("mod", "add")) {
if($tools->validate_form(['date', 'code', 'beginning', 'end', 'place', 'notes', 'type', 'token'])) {
if($_POST["token"] == $_SESSION['token']) {
bdump("adding service");
$database->add_service($_POST["date"], $_POST["code"], $_POST["beginning"], $_POST["end"], $_POST["chief"][0], $tools->extract_unique($_POST["drivers"]), $tools->extract_unique($_POST["crew"]), $_POST["place"], $_POST["notes"], $_POST["type"], $tools->extract_unique([$_POST["chief"],$_POST["drivers"],$_POST["crew"]]), $user->name());
$user->log("Aggiunto intervento", $user->auth->getUserId(), $user->auth->getUserId());
$crud->add_service($_POST["date"], $_POST["code"], $_POST["beginning"], $_POST["end"], $_POST["chief"][0], $tools->extract_unique($_POST["drivers"]), $tools->extract_unique($_POST["crew"]), $_POST["place"], $_POST["notes"], $_POST["type"], $tools->extract_unique([$_POST["chief"],$_POST["drivers"],$_POST["crew"]]), $user->name());
$tools->redirect("services.php");
} else {
debug(); //TODO: remove debug info
@ -21,8 +20,7 @@ if($tools->validate_form("mod", "add")) {
if($_POST["token"] == $_SESSION['token']) {
bdump($_POST);
bdump("editing service");
$database->change_service($_POST["id"], $_POST["date"], $_POST["code"], $_POST["beginning"], $_POST["end"], $_POST["chief"][0], $tools->extract_unique($_POST["drivers"]), $tools->extract_unique($_POST["crew"]), $_POST["place"], $_POST["notes"], $_POST["type"], $tools->extract_unique([$_POST["chief"],$_POST["drivers"],$_POST["crew"]]), $user->name());
$user->log("Modificato intervento", $user->auth->getUserId(), $user->auth->getUserId());
$crud->edit_service($_POST["id"], $_POST["date"], $_POST["code"], $_POST["beginning"], $_POST["end"], $_POST["chief"][0], $tools->extract_unique($_POST["drivers"]), $tools->extract_unique($_POST["crew"]), $_POST["place"], $_POST["notes"], $_POST["type"], $tools->extract_unique([$_POST["chief"],$_POST["drivers"],$_POST["crew"]]), $user->name());
$tools->redirect("services.php");
} else {
debug();
@ -35,8 +33,7 @@ if($tools->validate_form("mod", "add")) {
if($tools->validate_form(['id', 'increment', 'token'])) {
if($_POST["token"] == $_SESSION['token']) {
bdump("removing service");
$database->remove_service($_POST["id"], $_POST["increment"]);
$user->log("Rimosso intervento", $user->auth->getUserId(), $user->auth->getUserId());
$crud->remove_service($_POST["id"], $_POST["increment"]);
$tools->redirect("services.php");
} else {
echo("1");

9
server/edit_training.php
View File

@ -7,8 +7,7 @@ if($tools->validate_form("mod", "add")) {
if($tools->validate_form(['date', 'name', 'start_time', 'end_time', 'place', 'notes', 'token'])) {
if($_POST["token"] == $_SESSION['token']) {
bdump("adding training");
$database->add_training($_POST["date"], $_POST["name"], $_POST["start_time"], $_POST["end_time"], $_POST["chief"][0], $tools->extract_unique($_POST["crew"]), $_POST["place"], $_POST["notes"], $tools->extract_unique([$_POST["chief"],$_POST["crew"]]), $user->name());
$user->log("Aggiunta esercitazione", $user->auth->getUserId(), $user->auth->getUserId());
$crud->add_training($_POST["date"], $_POST["name"], $_POST["start_time"], $_POST["end_time"], $_POST["chief"][0], $tools->extract_unique($_POST["crew"]), $_POST["place"], $_POST["notes"], $tools->extract_unique([$_POST["chief"],$_POST["crew"]]), $user->name());
$tools->redirect("trainings.php");
} else {
debug(); //TODO: remove debug info
@ -21,8 +20,7 @@ if($tools->validate_form("mod", "add")) {
if($_POST["token"] == $_SESSION['token']) {
bdump($_POST);
bdump("editing training");
$database->change_training($_POST["id"], $_POST["date"], $_POST["name"], $_POST["start_time"], $_POST["end_time"], $_POST["chief"][0], $tools->extract_unique($_POST["crew"]), $_POST["place"], $_POST["notes"], $tools->extract_unique([$_POST["chief"],$_POST["crew"]]), $user->name());
$user->log("Modificata esercitazione", $user->auth->getUserId(), $user->auth->getUserId());
$crud->edit_training($_POST["id"], $_POST["date"], $_POST["name"], $_POST["start_time"], $_POST["end_time"], $_POST["chief"][0], $tools->extract_unique($_POST["crew"]), $_POST["place"], $_POST["notes"], $tools->extract_unique([$_POST["chief"],$_POST["crew"]]), $user->name());
$tools->redirect("trainings.php");
} else {
debug();
@ -35,8 +33,7 @@ if($tools->validate_form("mod", "add")) {
if($tools->validate_form(['id', 'increment', 'token'])) {
if($_POST["token"] == $_SESSION['token']) {
bdump("removing training");
$database->remove_training($_POST["id"], $_POST["increment"]);
$user->log("Rimossa esercitazione", $user->auth->getUserId(), $user->auth->getUserId());
$crud->remove_training($_POST["id"], $_POST["increment"]);
$tools->redirect("trainings.php");
} else {
debug();

5
server/edit_user.php
View File

@ -28,8 +28,6 @@ if($tools->validate_form("mod", "add")) {
exit();
}
$user->add_user($_POST["mail"], $_POST["name"], $_POST["username"], $_POST["password"], $phone_number, $_POST["birthday"], $chief, $driver, $hidden, $disabled, $user->name());
//TODO: move and translate logs
//$user->log("Aggiunto utente", $user->auth->getUserId(), $user->auth->getUserId());
$tools->redirect("list.php");
} else {
debug();
@ -42,7 +40,7 @@ if($tools->validate_form("mod", "add")) {
if($_POST["token"] == $_SESSION['token']){
bdump($_POST);
bdump("editing service");
$database->change_service($_POST["id"], $_POST["date"], $_POST["code"], $_POST["beginning"], $_POST["end"], $_POST["chief"], $tools->extract_unique($_POST["drivers"]), $tools->extract_unique($_POST["crew"]), $_POST["place"], $_POST["notes"], $_POST["type"], $tools->extract_unique([$_POST["chief"],$_POST["drivers"],$_POST["crew"]]), $user->name());
$crud->edit_service($_POST["id"], $_POST["date"], $_POST["code"], $_POST["beginning"], $_POST["end"], $_POST["chief"], $tools->extract_unique($_POST["drivers"]), $tools->extract_unique($_POST["crew"]), $_POST["place"], $_POST["notes"], $_POST["type"], $tools->extract_unique([$_POST["chief"],$_POST["drivers"],$_POST["crew"]]), $user->name());
$tools->redirect("services.php");
} else {
$tools->redirect("accessdenied.php");
@ -55,7 +53,6 @@ if($tools->validate_form("mod", "add")) {
if($_POST["token"] == $_SESSION['token']) {
bdump("removing user");
$user->remove_user($_POST["id"]);
$user->log("Rimosso utente", $user->auth->getUserId(), $user->auth->getUserId());
$tools->redirect("list.php");
} else {
debug();

2
server/online_check.php
View File

@ -8,7 +8,7 @@ $time = time();
if(!is_null($id)) {
$sql = "UPDATE `%PREFIX%_profiles` SET online_time = '$time' WHERE id = '" . $id ."'";
$risultato = $database->exec($sql, true);
$database->exec($sql, true);
echo(json_encode(["id" => $id, "time" => $time, "sql" => $sql]));
}
?>

4
server/resources/ajax/ajax_add_type.php
View File

@ -5,6 +5,6 @@ $user->requirelogin(false);
if(isset($_POST["type"])){
$type = $_POST["type"];
$risultato = $database->exec("INSERT INTO `%PREFIX%_type` (`name`) VALUES (:name);", false, [":name" => $type]);
$user->log("Aggiunta tipologia intervento", $user->auth->getUserId(), $user->auth->getUserId());
$database->exec("INSERT INTO `%PREFIX%_type` (`name`) VALUES (:name);", false, [":name" => $type]);
$user->log("Added service type");
}

8
server/resources/ajax/ajax_change_availability.php
View File

@ -5,10 +5,10 @@ $user->requirelogin(false);
$user->online_time_update();
if(isset($_POST["change_id"]) && $_POST["dispo"] == 1 /* && $_POST["token_list"] == $_SESSION['token_list'] */){
$risultato = $database->exec("UPDATE `%PREFIX%_profiles` SET `available` = '1' WHERE `%PREFIX%_profiles`.`id` = :id;", false, [":id" => $_POST["change_id"]]);
$user->log("Attivazione disponibilita'", $_POST["change_id"], $user->auth->getUserId());
$database->exec("UPDATE `%PREFIX%_profiles` SET `available` = '1' WHERE `%PREFIX%_profiles`.`id` = :id;", false, [":id" => $_POST["change_id"]]);
$user->log("Status changed to 'available'", $_POST["change_id"], $user->auth->getUserId());
} else if(isset($_POST["change_id"]) && $_POST["dispo"] == 0 /* && $_POST["token_list"] == $_SESSION['token_list'] */){
$risultato = $database->exec("UPDATE `%PREFIX%_profiles` SET `available` = '0' WHERE `%PREFIX%_profiles`.`id` = :id;", false, [":id" => $_POST["change_id"]]);
$user->log("Rimozione disponibilita'", $_POST["change_id"], $user->auth->getUserId());
$database->exec("UPDATE `%PREFIX%_profiles` SET `available` = '0' WHERE `%PREFIX%_profiles`.`id` = :id;", false, [":id" => $_POST["change_id"]]);
$user->log("Status changed to 'not available'", $_POST["change_id"], $user->auth->getUserId());
}
?>

75
server/resources/ajax/ajax_list.php
View File

@ -4,60 +4,39 @@ init_class();
$user->requirelogin(false);
$user->online_time_update();
$risultato = $database->exec("SELECT * FROM `%PREFIX%_profiles` ORDER BY available DESC, chief DESC, services ASC, availability_minutes ASC, name ASC;", true);
$result = $database->exec("SELECT * FROM `%PREFIX%_profiles` ORDER BY available DESC, chief DESC, services ASC, availability_minutes ASC, name ASC;", true);
$hidden = $user->hidden();
$response = [];
foreach($risultato as $row){
foreach($result as $row){
if(!in_array($row['name'], $hidden) && ($row['hidden'] == 0 && $row['disabled'] == 0)){
if(isset($_GET["only_data"])){
if($user->requireRole(Role::FULL_VIEWER)){
$response[] = [
"id" => $row["id"],
"available" => $row["available"],
"chief" => $row['chief'],
"online" => (time()-$row["online_time"])<=30 ? 1 : 0,
"driver" => $row['driver'],
"phone" => $row['phone_number'],
"services" => $row['services'],
"availability_minutes" => $row['availability_minutes']
];
} else {
$response[] = [
"id" => $row["id"],
"available" => $row["available"],
"online" => (time()-$row["online_time"])<=30 ? 1 : 0
];
}
if($user->requireRole(Role::FULL_VIEWER)){
$name = $user->nameById($row["id"]);
$name_encoded = urlencode($user->name());
$functionName = $row["available"] ? "deactivate" : "activate";
$helmet_colour = $row["chief"] ? "red" : "black";
$firstCell = "<a id='username-{$row['id']}' style='text-align: left;' onclick='$functionName(".$row["id"].");'><img alt='{$helmet_colour} helmet' src='./resources/images/{$helmet_colour}_helmet.png' width='20px'>$name</a>";
$secondCell = $row["available"] ? "<a onclick='$functionName(".$row["id"].");'><i class='fa fa-check' style='color:green'></i></a>" : "<a onclick='$functionName(".$row["id"].");'><i class='fa fa-times' style='color:red'></i></a>";
$response[] = [
(time()-$row["online_time"])<=30 ? "<u>".$firstCell."</u>" : $firstCell,
$secondCell,
$row['driver'] ? "<img alt='driver' src='./resources/images/wheel.png' width='20px'>" : "",
!empty($row['phone_number']) ? "<a href='tel:".$row['phone_number']."'><i class='fa fa-phone'></i></a>" : "",
!empty($row['phone_number']) ? "<a href='https://api.whatsapp.com/send?phone=".$row['phone_number']."&text=ALLERTA IN CORSO.%20Mettiti%20in%20contatto%20con%20$name_encoded'><i class='fa fa-whatsapp' style='color:green'></i></a>" : "",
$row['services'],
$row['availability_minutes'],
//"<a href='user_details.php?user=".$row['id']."'><p>".t("Altri dettagli", false)."</p></a>" TODO: fix "Other" page
];
} else {
if($user->requireRole(Role::FULL_VIEWER)){
$name = $user->nameById($row["id"]);
$name_encoded = urlencode($user->name());
$functionName = $row["available"] ? "deactivate" : "activate";
$helmet_colour = $row["chief"] ? "red" : "black";
$firstCell = "<a id='username-{$row['id']}' style='text-align: left;' onclick='$functionName(".$row["id"].");'><img alt='{$helmet_colour} helmet' src='./resources/images/{$helmet_colour}_helmet.png' width='20px'>$name</a>";
$secondCell = $row["available"] ? "<a onclick='$functionName(".$row["id"].");'><i class='fa fa-check' style='color:green'></i></a>" : "<a onclick='$functionName(".$row["id"].");'><i class='fa fa-times' style='color:red'></i></a>";
$response[] = [
(time()-$row["online_time"])<=30 ? "<u>".$firstCell."</u>" : $firstCell,
$secondCell,
$row['driver'] ? "<img alt='driver' src='./resources/images/wheel.png' width='20px'>" : "",
!empty($row['phone_number']) ? "<a href='tel:".$row['phone_number']."'><i class='fa fa-phone'></i></a>" : "",
!empty($row['phone_number']) ? "<a href='https://api.whatsapp.com/send?phone=".$row['phone_number']."&text=ALLERTA IN CORSO.%20Mettiti%20in%20contatto%20con%20$name_encoded'><i class='fa fa-whatsapp' style='color:green'></i></a>" : "",
$row['services'],
$row['availability_minutes'],
//"<a href='user_details.php?user=".$row['id']."'><p>".t("Altri dettagli", false)."</p></a>" TODO: fix "Other" page
];
} else {
$name = $user->nameById($row["id"]);
$helmet_colour = $row["chief"] ? "red" : "black";
$firstCell = "<a id='username-{$row['id']}' style='text-align: left;'><img alt='{$helmet_colour} helmet' src='./resources/images/{$helmet_colour}_helmet.png' width='20px'>$name</a>";
$secondCell = $row["available"] ? "<a><i class='fa fa-check' style='color:green'></i></a>" : "<a><i class='fa fa-times' style='color:red'></i></a>";
$response[] = [
(time()-$row["online_time"])<=30 ? "<u>".$firstCell."</u>" : $firstCell,
$secondCell
];
}
$name = $user->nameById($row["id"]);
$helmet_colour = $row["chief"] ? "red" : "black";
$firstCell = "<a id='username-{$row['id']}' style='text-align: left;'><img alt='{$helmet_colour} helmet' src='./resources/images/{$helmet_colour}_helmet.png' width='20px'>$name</a>";
$secondCell = $row["available"] ? "<a><i class='fa fa-check' style='color:green'></i></a>" : "<a><i class='fa fa-times' style='color:red'></i></a>";
$response[] = [
(time()-$row["online_time"])<=30 ? "<u>".$firstCell."</u>" : $firstCell,
$secondCell
];
}
}
}

12
server/resources/ajax/ajax_log.php
View File

@ -4,20 +4,20 @@ init_class();
$user->requirelogin(false);
$user->online_time_update();
$risultato = $database->exec("SELECT * FROM `%PREFIX%_log` ORDER BY `timestamp` DESC", true);
$result = $database->exec("SELECT * FROM `%PREFIX%_log` ORDER BY `timestamp` DESC", true);
$hidden = $user->hidden();
//https://stackoverflow.com/a/2524761
function isValidTimeStamp($timestamp)
{
return ((string) (int) $timestamp === $timestamp)
&& ($timestamp <= PHP_INT_MAX)
&& ($timestamp >= ~PHP_INT_MAX);
return ((string) (int) $timestamp === $timestamp)
&& ($timestamp <= PHP_INT_MAX)
&& ($timestamp >= ~PHP_INT_MAX);
}
$response = [];
foreach($risultato as $row){
foreach($result as $row){
if(!in_array($row['changed'], $hidden) OR in_array($user->name(), $hidden)){
if(isValidTimeStamp($row["timestamp"])){
$date = new DateTime();
@ -37,7 +37,7 @@ foreach($risultato as $row){
$editorName = "N/A";
}
$response[] = [
$row["action"],
t($row["action"], false),
$changedName,
$editorName,
$date

4
server/resources/ajax/ajax_services.php
View File

@ -4,10 +4,10 @@ init_class();
$user->requirelogin(false);
$user->online_time_update();
$risultato = $database->exec("SELECT * FROM `%PREFIX%_services` ORDER BY date DESC, beginning DESC", true);
$result = $database->exec("SELECT * FROM `%PREFIX%_services` ORDER BY date DESC, beginning DESC", true);
$response = [];
foreach($risultato as $row){
foreach($result as $row){
$chief = $user->nameById($row["chief"]);
$drivers_array = explode(",", $row['drivers']);

4
server/resources/ajax/ajax_trainings.php
View File

@ -4,10 +4,10 @@ init_class();
$user->requirelogin(false);
$user->online_time_update();
$risultato = $database->exec("SELECT * FROM `%PREFIX%_trainings` ORDER BY date DESC, beginning desc", true);
$result = $database->exec("SELECT * FROM `%PREFIX%_trainings` ORDER BY date DESC, beginning desc", true);
$response = [];
foreach($risultato as $row){
foreach($result as $row){
$chief = $user->nameById($row["chief"]);
$others_crew_array = explode(",", $row['crew']);

14
server/translations/en/base.php
View File

@ -88,6 +88,18 @@ return [
"Too many requests" => "Too many requests",
"Add type..." => "Add type...",
"Insert type name:" => "Insert type name:",
"Added service type" => "Added service type",
"Type '%s' added successfully." => "Type '%s' added successfully.",
"You must select a valid service type!" => "You must select a valid service type!"
"You must select a valid service type!" => "You must select a valid service type!",
"Status changed to 'available'" => "Status changed to 'available'",
"Status changed to 'not available'" => "Status changed to 'not available'",
"Service added" => "Service added",
"Service edited" => "Service edited",
"Service removed" => "Service removed",
"Training added" => "Training added",
"Training edited" => "Training edited",
"Training removed" => "Training removed",
"User added" => "User added",
"User edited" => "User edited",
"User removed" => "User removed"
];

14
server/translations/it/base.php
View File

@ -88,6 +88,18 @@ return [
"Too many requests" => "Troppi tentativi effettuati",
"Add type..." => "Aggiungi tipologia...",
"Insert type name:" => "Inserisci nome della tipologia:",
"Added service type" => "Aggiunta tipologia intervento",
"Type '%s' added successfully." => "Tipologia '%s' aggiunta con successo.",
"You must select a valid service type!" => "Devi selezionare una tipologia di intervento valida!"
"You must select a valid service type!" => "Devi selezionare una tipologia di intervento valida!",
"Status changed to 'available'" => "Attivazione disponibilita'",
"Status changed to 'not available'" => "Rimozione disponibilita'",
"Service added" => "Intervento aggiunto",
"Service edited" => "Intervento modificato",
"Service removed" => "Intervento rimosso",
"Training added" => "Esercitazione aggiunta",
"Training edited" => "Esercitazione modificata",
"Training removed" => "Esercitazione rimossa",
"User added" => "Utente aggiunto",
"User edited" => "Utente modificato",
"User removed" => "Utente rimosso"
];