Location: PHPKode > projects > iLP System > Release 2.2/upload/_backend/events.php
<?php
/**
 * iLP System Offiziere Ereignisse anzeigen
 * 
 * Autor:		Florian "ApoY2k" Peschka
 * Projekt:		iLP System
 * Paket:		apoy2k.ilp.wrynn
 * Lizenz:		CreativeCommons (by-nc-sa)
 * Kontakt:		hide@address.com
 * Version:		2.1.1
 */

// Alle Ereignisse suchen
if (!isset($tpl['url'][1]) || 'show' == $tpl['url'][1])
{
	// Zusätzliche Header laden
	$tpl['headincludes'][] = 'events.list';
	
	$get_events = $db->prepare("SELECT ilp_event_types.name AS type_name, ilp_event_types.icon AS type_icon, ilp_events.id AS event_id, ilp_events.date AS event_date FROM ilp_event_types, ilp_events WHERE ilp_events.type = ilp_event_types.id ORDER BY ilp_events.date DESC, ilp_events.id DESC");

	$get_events->execute();
	
	// Wenn die Ereignisse gefunden wurde, deren Daten speichern.
	if (1 <= $get_events->rowCount())
	{
		// Alle gefundenen Ereignisse speichern.
		while($row = $get_events->fetch(PDO::FETCH_ASSOC))
		{
			$tpl['events'][] = $row;
		}
	}
	else
	{
		$tpl['events']['error'] = true;
	}
}

// Details eines bestimmten Ereignisses anzeigen
elseif ('edit' == $tpl['url'][1])
{
	
	// Ereignisdaten bearbeiten
	if (isset($tpl['url'][2]) && 'do' == $tpl['url'][2])
	{
		
		// Prüfen, ob ein gültiges Datum eingegeben wurde
		if (isset($_POST['editevent_date']) && 1 == preg_match('/[0-9]{4}\-[0-9]{2}\-[0-9]{2}/', $_POST['editevent_date']))
		{
			
			// Wenn die Punktzahl geändert wurde, diese auf die Listen der Teilnehmer anwenden
			$getvalue = $db->query("SELECT value FROM ilp_events WHERE id = ".$_POST['editevent_event_id']);
			$event_value = $getvalue->fetch(PDO::FETCH_ASSOC);
			
			if ($event_value['value'] != $_POST['editevent_value'])
			{
				
				// Differenz berechnen
				$diff = $event_value['value'] - $_POST['editevent_value'];
				
				// Teilnehmer suchen
				$getattends = $db->query("SELECT user_id, value FROM ilp_event_attends WHERE event_id = ".$_POST['editevent_event_id']);
				$attends = $getattends->fetchAll(PDO::FETCH_ASSOC);
				
				foreach ($attends as $row)
				{
					
					// Wenn die Punkte des Teilnehmers dem Standardwert entsprechen, seine Liste anpassen
					if ($event_value['value'] == $row['value'])
					{
						
						// Liste suchen
						$getitems = $db->query("SELECT id, item_id, item_value FROM ilp_items WHERE user_id = ".$row['user_id']);
						$items = $getitems->fetchAll(PDO::FETCH_ASSOC);
						
						foreach ($items as $item)
						{
							
							// Neue Punktzahl berechnen
							$new_value = $item['item_value'] - $diff;	
							
							writeLog($tpl['user']['id'], $row['user_id'], 'officer_change_item_value', array('item_id' => $item['item_id'], 'old_value' => $item['item_value'], 'new_value' => $new_value));
							$setitem = $db->prepare("UPDATE ilp_items SET item_value = ? WHERE id = ?");
							$setitem->execute(array($new_value, $item['id']));
							
							if (1 != $setitem->rowCount())
							{
								$tpl['error']['action'] = 'Punktzahl anpassen';
								$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
								$tpl['error']['location'] = 'events.php:86';
								$tpl['error']['result'] = serialize($setitem->errorInfo());
								$tpl['error']['level']	= '0 (base-php)';
							}
						}
						
						// Teilnahme anpassen
						$db->query("UPDATE ilp_event_attends SET value = ".$_POST['editevent_value']." WHERE user_id = ".$row['user_id']." AND event_id = ".$_POST['editevent_event_id']);
					}
				}
			}
			
			// Daten bearbeiten
			writeLog($tpl['user']['id'], $tpl['user']['id'], 'officer_change_event', array('event_id' => $_POST['editevent_event_id'], 'type' => $_POST['editevent_type'], 'date' => $_POST['editevent_date'], 'comment' => $_POST['editevent_comment'], 'value' => $_POST['editevent_value']));
			$editevent = $db->prepare("UPDATE ilp_events SET type = ?, date = ?, comment = ?, value = ? WHERE id = ?");
			$editevent->execute(array($_POST['editevent_type'], $_POST['editevent_date'], $_POST['editevent_comment'], $_POST['editevent_value'], $_POST['editevent_event_id']));
			
			if (1 == $editevent->rowCount() || '00000' == $editevent->errorCode())
			{
				header('Location: index.php?ilp='.ilpUrlEncode('events;edit;'.$_POST['editevent_event_id']));
			}
			else
			{
				$tpl['error']['action'] = 'Ereignis bearbeiten';
				$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
				$tpl['error']['location'] = 'events.php:106';
				$tpl['error']['result'] = serialize($editevent->errorInfo());
				$tpl['error']['level']	= '0 (base-php)';
			}
			
		}
		else
		{
			$tpl['error']['message'] = $lang['events']['details']['dateerror'];
			$tpl['error']['ref'] = 'events;edit;'.$_POST['editevent_event_id'];
		}
		
	}
	
	elseif ('do' != $tpl['url'][2])
	{
		
		// Zusätzliche Header laden
		$tpl['headincludes'][] = 'events.detail';
		
		$get_event = $db->prepare("SELECT ilp_events.id AS event_id, ilp_events.value, ilp_event_types.name AS type_name, ilp_event_types.icon AS type_icon, ilp_event_types.id AS type_id, ilp_events.date AS event_date, ilp_events.comment FROM ilp_event_types, ilp_events WHERE ilp_events.type = ilp_event_types.id AND ilp_events.id = ?");
		
		$get_attends = $db->prepare("SELECT ilp_event_attends.value, ilp_event_attends.user_id, ilp_users.char FROM ilp_event_attends, ilp_users WHERE ilp_event_attends.user_id = ilp_users.id AND ilp_event_attends.event_id = ?");
		
		$get_loots = $db->prepare("SELECT ilp_loots.id, ilp_loots.item_id, ilp_loots.looter_id, ilp_loots.value, ilp_users.char FROM ilp_loots, ilp_users, ilp_events WHERE ilp_loots.event_id = ilp_events.id AND ilp_loots.looter_id = ilp_users.id AND ilp_events.id = ? ORDER BY ilp_loots.id DESC");
		
		// Ereignisarten suchen
		$get_types = $db->prepare("SELECT id, `name` FROM ilp_event_types");
		
		// Ereignis suchen
		$get_event->execute(array($tpl['url'][2]));
		
		// Wenn das Ereignis gefunden wurde, die Daten suchen und speichern.
		if (1 == $get_event->rowCount())
		{
			$get_types->execute();
			
			$tpl['event'] = $get_event->fetch(PDO::FETCH_ASSOC);
			$tpl['event']['types'] = $get_types->fetchAll(PDO::FETCH_ASSOC);
			$tpl['event']['comment'] = $tpl['event']['comment'];
			
			// Alle Teilnehmer des Raids suchen
			$get_attends->execute(array($tpl['url'][2]));
			$tpl['event']['attends'] = array();
			
			while ($row = $get_attends->fetch(PDO::FETCH_ASSOC))
			{
				// Charakterdaten auslesen und entschlüsselt übergeben.
				$row['char'] = unserialize($row['char']);
				
				$tpl['event']['attends'][] = $row;
			}
			
			$tpl['event']['attends'] = sortUsers($tpl['event']['attends']);
			
			// Beute suchen
			$get_loots->execute(array($tpl['url'][2]));
			$tpl['event']['loots'] = array();
			
			while ($row = $get_loots->fetch(PDO::FETCH_ASSOC))
			{
				// Charakterdaten auslesen und entschlüsselt übergeben.
				$row['char'] = unserialize($row['char']);
				
				$tpl['event']['loots'][] = $row;
			}
		}
		else
		{
			$tpl['error']['action'] = 'Ereignis anzeigen';
			$tpl['error']['actor'] = $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
			$tpl['error']['location'] = 'events.php:147';
			$tpl['error']['result'] = var_dump($get_event->errorInfo());
			$tpl['error']['level'] = '0 (base-php)';
		}
	}
}

// Beute löschen
elseif ('deleteloot' == $tpl['url'][1])
{
	if (isset($tpl['url'][2]) && 'do' == $tpl['url'][2])
	{
		
		// Prüfen, ob die Bestätigung richtig eingegeben wurde
		if ($lang['page']['delete'] == $_POST['deleteloot_confirm'])
		{
			
			// Beute löschen
			$deleteloot = $db->prepare("DELETE FROM ilp_loots WHERE id = ?");
			$deleteloot->execute(array($_POST['deleteloot_loot_id']));
			
			if (1 == $deleteloot->rowCount())
			{
				writeLog($tpl['user']['id'], $_POST['deleteloot_looter_id'], 'officer_delete_loot', array('event_id' => $_POST['deleteloot_event_id'], 'looter_id' => $_POST['deleteloot_looter_id'], 'item_id' => $_POST['deleteloot_item_id']));
				header('Location: index.php?ilp='.ilpUrlEncode('events;edit;'.$_POST['deleteloot_event_id']));
			}
			else
			{
				$tpl['error']['action'] = 'Beute löschen';
				$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
				$tpl['error']['location'] = 'events.php:206';
				$tpl['error']['result'] = serialize($deleteloot->errorInfo());
				$tpl['error']['level']	= '0 (base-php)';
			}
		}
		else
		{
			$tpl['error']['message'] = $lang['events']['deleteloot']['confirm']['note'];
			$tpl['error']['ref'] = 'events;deleteloot;'.$_POST['deleteloot_loot_id'].';'.$_POST['deleteloot_event_id'].';'.$_POST['deleteloot_looter_id'].';'.$_POST['deleteloot_item_id'];
		}
	}
	else
	{
		
		// Zusätzliche Header laden
		$tpl['headincludes'][] = 'events.deleteloot.form';
	}
}

// Beute hinzufügen
elseif ('addloot' == $tpl['url'][1])
{
		
	if (isset($tpl['url'][2]) && 'do' == $tpl['url'][2])
	{

		// Ermittlung der Kosten für den Gegenstand
		$getvalue = $db->prepare("SELECT item_value FROM ilp_items WHERE user_id = ? AND item_id = ?");
		$getvalue->execute(array($_POST['addloot_user'], $_POST['addloot_item_id']));
		
		if (1 != $getvalue->rowcount())
		{
			$tpl['error']['message'] = $lang['events']['addloot']['itemerror'];
			$tpl['error']['ref'] = 'events;addloot;'.$_POST['addloot_event'].';'.$_POST['addloot_user'].';'.$_POST['addloot_item_id'];
		}
		else
		{
			$value = $getvalue->fetch(PDO::FETCH_ASSOC);
			
			$addloot_event = $db->prepare("INSERT INTO ilp_loots (event_id, looter_id, item_id, value) VALUES (?, ?, ?, ?)");
			$addloot_list = $db->prepare("DELETE FROM ilp_items WHERE user_id = ? AND item_id = ?");
			
			$addloot_event->execute(array($_POST['addloot_event'], $_POST['addloot_user'], $_POST['addloot_item_id'], $value['item_value']));
			$addloot_list->execute(array($_POST['addloot_user'], $_POST['addloot_item_id']));
			
			if (1 == $addloot_event->rowCount() && 1 == $addloot_list->rowCount())
			{
				writeLog($tpl['user']['id'], $_POST['addloot_user'], 'officer_add_loot', array('event_id' => $_POST['addloot_event'], 'item_id' => $_POST['addloot_item_id'], 'value' => $value['item_value']));
				header('Location: index.php?ilp='.ilpUrlEncode('events;edit;'.$_POST['addloot_event']));
			}
			else
			{
				$tpl['error']['action'] = 'Beute hinzufügen';
				$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
				$tpl['error']['location'] = 'events.php:260';
				$tpl['error']['result'] = serialize($addloot_event->errorInfo()).serialize($addloot_list->errorInfo());
				$tpl['error']['level']	= '0 (base-php)';
			}
		}
	}
	else
	{
		
		// Zusätzliche Header laden
		$tpl['headincludes'][] = 'events.addloot.form';
		
		// Ereignisse suchen
		$get_events = $db->prepare("SELECT ilp_events.id, ilp_events.date, ilp_event_types.name FROM ilp_events, ilp_event_types WHERE ilp_events.type = ilp_event_types.id ORDER BY ilp_events.date DESC");
		$get_events->execute();
		$tpl['events'] = $get_events->fetchAll(PDO::FETCH_ASSOC);
		
		// Spieler suchen
		$get_users = $db->prepare("SELECT id AS user_id, `char` FROM ilp_users WHERE id != 0");
		$get_users->execute();
		
		while($row = $get_users->fetch(PDO::FETCH_ASSOC))
		{
			
			// Charakterstring umwandeln
			$row['char'] = unserialize($row['char']);
			$tpl['users'][] = $row;
		}
		
		$tpl['users'] = sortUsers($tpl['users']);
	}
}

// Teilnehmer löschen
elseif ('deleteuser' == $tpl['url'][1])
{
	if (isset($tpl['url'][2]) && 'do' == $tpl['url'][2])
	{
		
		// Prüfen, ob die Bestätigung richtig eingegeben wurde
		if ($lang['page']['delete'] == $_POST['deleteuser_confirm'])
		{
			
			// Ermittlung der aktuellen Liste
			$getitems = $db->prepare("SELECT id, item_id, item_value FROM ilp_items WHERE user_id = ?");
			$getitems->execute(array($_POST['deleteuser_user_id']));
			
			// Ermittlung der Punkte für dieses Ereignis
			$getvalue = $db->prepare("SELECT value FROM ilp_event_attends WHERE user_id = ? AND event_id = ?");
			$getvalue->execute(array($_POST['deleteuser_user_id'], $_POST['deleteuser_event_id']));
			$value = $getvalue->fetch(PDO::FETCH_ASSOC);
			
			// Punkte anpassen
			$setvalue = $db->prepare("UPDATE ilp_items SET item_value = ? WHERE id = ?");
			while ($row = $getitems->fetch(PDO::FETCH_ASSOC))
			{
				$new_value = $row['item_value'] - $value['value'];
				
				writeLog($tpl['user']['id'], $_POST['deleteuser_user_id'], 'officer_change_item_value', array('item_id' => $row['item_id'], 'old_value' => $row['item_value'], 'new_value' => $new_value));
				$setvalue->execute(array($new_value, $row['id']));
			}
			
			// Teilnahme löschen
			$deleteuser = $db->prepare("DELETE FROM ilp_event_attends WHERE user_id = ? AND event_id = ?");
			$deleteuser->execute(array($_POST['deleteuser_user_id'], $_POST['deleteuser_event_id']));
			
			if (1 == $deleteuser->rowcount() || '00000' == $deleteuser->errorCode())
			{
				writeLog($tpl['user']['id'], $_POST['deleteuser_user_id'], 'officer_delete_attend', array('event_id' => $_POST['deleteuser_event_id'], 'user_id' => $_POST['deleteuser_user_id']));
				header('Location: index.php?ilp='.ilpUrlEncode('events;edit;'.$_POST['deleteuser_event_id']));
			}
			else
			{
				$tpl['error']['action'] = 'Teilnehmer löschen';
				$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
				$tpl['error']['location'] = 'events.php:335';
				$tpl['error']['result'] = serialize($deleteuser->errorInfo());
				$tpl['error']['level']	= '0 (base-php)';
			}
		}
		else
		{
			$tpl['error']['message'] = $lang['events']['deleteuser']['confirm'];
			$tpl['error']['ref'] = 'events;deleteuser;'.$_POST['deleteuser_user_id'].';'.$_POST['deleteuser_event_id'];
		}
		
	}
	else
	{
		
		// Zusätzliche Header laden
		$tpl['headincludes'][] = 'events.deleteuser.form';
	}
}

// Punkte bearbeiten
elseif ('edituser' == $tpl['url'][1])
{
	if (isset($tpl['url'][2]) && 'do' == $tpl['url'][2])
	{
		if (isset($_POST['edituser_value']))
		{
			$new_value = intval($_POST['edituser_value']);
			
			// Ermittlung der aktuellen Liste
			$getitems = $db->prepare("SELECT id, item_id, item_value FROM ilp_items WHERE user_id = ?");
			$getitems->execute(array($_POST['edituser_user_id']));
			
			// Ermittlung der Punkte für dieses Ereignis
			$getvalue = $db->prepare("SELECT value FROM ilp_event_attends WHERE user_id = ? AND event_id = ?");
			$getvalue->execute(array($_POST['edituser_user_id'], $_POST['edituser_event_id']));
			$value = $getvalue->fetch(PDO::FETCH_ASSOC);
			
			// Punkte anpassen
			$setvalue = $db->prepare("UPDATE ilp_items SET item_value = ? WHERE id = ?");
			while ($row = $getitems->fetch(PDO::FETCH_ASSOC))
			{
				$diff = $value['value'] - $new_value;
				$new_item_value = $row['item_value'] - $diff;
				
				// Wenn die Punktzahl verändert wird, diese anpassen
				if ($new_item_value != $row['item_value'])
				{
					writeLog($tpl['user']['id'], $_POST['edituser_user_id'], 'officer_change_item_value', array('item_id' => $row['item_id'], 'old_value' => $row['item_value'], 'new_value' => $new_item_value));
					$setvalue->execute(array($new_item_value, $row['id']));
					
					if (1 != $setvalue->rowCount())
					{
						$tpl['error']['action'] = 'Punkte bearbeiten';
						$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
						$tpl['error']['location'] = 'events.php:395';
						$tpl['error']['result'] = serialize($setvalue->errorInfo());
						$tpl['error']['level']	= '0 (base-php)';
					}
				}
			}
			
			// Teilnahme anpassen
			writeLog($tpl['user']['id'], $_POST['edituser_user_id'], 'officer_edit_attend', array('event_id' => $_POST['edituser_event_id'], 'old_value' => $value['value'], 'new_value' => $new_value));
			$setattend = $db->prepare("UPDATE ilp_event_attends SET value = ? WHERE user_id = ? AND event_id = ?");
			$setattend->execute(array($new_value, $_POST['edituser_user_id'], $_POST['edituser_event_id']));
			
			if (1 != $setattend->rowCount())
			{
				$tpl['error']['action'] = 'Teilnahme bearbeiten';
				$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
				$tpl['error']['location'] = 'events.php:411';
				$tpl['error']['result'] = serialize($setvalue->errorInfo());
				$tpl['error']['level']	= '0 (base-php)';
			}
			
			if (!isset($tpl['error']))
			{
				header('Location: index.php?ilp='.ilpUrlEncode('events;edit;'.$_POST['edituser_event_id']));
			}
		}
		else
		{
			$tpl['error']['message'] = $lang['error']['incomplete'];
			$tpl['error']['ref'] = 'events;edituser;'.$_POST['edituser_user_id'].';'.$_POST['edituser_event_id'].';'.$_POST['edituser_old_value'];
		}
	}
	else
	{
		
		// Zusätzliche Header laden
		$tpl['headincludes'][] = 'events.edituser.form';
	}
}

// Mehrere Teilnehmer hinzufügen
elseif ('users' == $tpl['url'][1])
{
	if (isset($tpl['url'][2]) && 'do' == $tpl['url'][2])
	{
		if (isset($_POST['users']) && is_array($_POST['users']))
		{
			$users = $_POST['users'];
			
			// Punktzahl des Ereignisses ermitteln
			$getvalue = $db->prepare("SELECT value FROM ilp_events WHERE id = ?");
			$getvalue->execute(array($_POST['event_id']));
			$event_value = $getvalue->fetch(PDO::FETCH_ASSOC);
			
			$set_value = $db->prepare("UPDATE ilp_items SET item_value = ? WHERE id = ?");
			$set_attend = $db->prepare("INSERT INTO ilp_event_attends (event_id, user_id, value) VALUES (?, ?, ?)");
			
			// Punktzahlen der Benutzer ermitteln
			foreach ($users as $user)
			{
				// Teilnahme eintragen
				writeLog($tpl['user']['id'], $user, 'officer_add_attend', array('event_id' => $_POST['event_id'], 'value' => $event_value['value']));
				$set_attend->execute(array($_POST['event_id'], $user, $event_value['value']));
				
				if (1 != $set_attend->rowCount() || '00000' != $set_attend->errorCode())
				{
					$tpl['error']['action'] = 'Teilnahme eitragen';
					$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
					$tpl['error']['location'] = 'events.php:464';
					$tpl['error']['result'] = serialize($set_attend->errorInfo());
					$tpl['error']['level']	= '0 (base-php)';
				}
				else
				{
					$getitems = $db->query("SELECT id, item_id, item_value FROM ilp_items WHERE user_id = ".$user);
					
					while ($items = $getitems->fetch(PDO::FETCH_ASSOC))
					{
						// Neue Punktzahl berechnen
						$new_value = $items['item_value'] + $event_value['value'];
						
						// Punktzahl speichern
						writeLog($tpl['user']['id'], $user, 'officer_change_item_value', array('item_id' => $items['item_id'], 'old_value' => $items['item_value'], 'new_value' => $new_value));
						
						// Wenn die Punktzahl verändert wird, diese anpassen
						if ($new_value != $items['item_value'])
						{
							$set_value->execute(array($new_value, $items['id']));
							
							if (1 != $set_value->rowCount() || '00000' != $set_value->errorCode())
							{
								$tpl['error']['action'] = 'Punktzahl erhöhen – User-ID: '.$user.', Item-ID: '.$items['item_id'];
								$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
								$tpl['error']['location'] = 'events.php:489';
								$tpl['error']['result'] = serialize($set_value->errorInfo());
								$tpl['error']['level']	= '0 (base-php)';
							}
						}
					}
				}
			}
			
			if (!isset($tpl['error']))
			{
				header('Location: index.php?ilp='.ilpUrlEncode('events;edit;'.$_POST['event_id']));
			}
		}
		else
		{
			$tpl['error']['message'] = $lang['events']['users']['error'];
			$tpl['error']['ref'] = 'events;users;'.$_POST['event_id'];
		}
	}
	else
	{
		
		// Alle Spieler suchen und speichern
		$getusers = $db->prepare("SELECT id AS user_id, `char` FROM ilp_users WHERE id != 0");
		$getusers->execute();
	
		// Charakterarray umwandeln
		while ($row = $getusers->fetch(PDO::FETCH_ASSOC))
		{
			$row['char'] = unserialize($row['char']);
			$tpl['users'][] = $row;
		}
		
		$tpl['users'] = sortUsers($tpl['users']);
	}
}

// Ereignis erstellen
elseif ('create' == $tpl['url'][1])
{
	if (isset($tpl['url'][2]) && 'do' == $tpl['url'][2])
	{
		if (isset($_POST['createevent_date']) && 1 == preg_match('/[0-9]{4}\-[0-9]{2}\-[0-9]{2}/', $_POST['createevent_date']))
		{
			if (isset($_POST['createevent_type']) && '' != $_POST['createevent_type'])
			{
				
				// Listen sperren
				writeLog($tpl['user']['id'], $tpl['user']['id'], 'officer_lock_all_lists');
				$db->query("UPDATE ilp_users SET locked = 1");
				$db->query("UPDATE ilp_config SET config_value = 1 WHERE config_type = 'locked'");
				
				// Ereignis erstellen
				$createevent = $db->prepare("INSERT INTO ilp_events (type, date, created_id, comment) VALUES (?, ?, ?, ?)");
				$createevent->execute(array($_POST['createevent_type'], $_POST['createevent_date'], $tpl['user']['id'], $_POST['createevent_comment']));
				
				if (1 == $createevent->rowCount())
				{
					writeLog($tpl['user']['id'], $tpl['user']['id'], 'officer_create_event', array('type' => $_POST['createevent_type'], 'date' => $_POST['createevent_date'], 'comment' => $_POST['createevent_comment']));
					header('Location: index.php?ilp='.ilpUrlEncode('events'));
				}
				else
				{
					$tpl['error']['action'] = 'Ereignis erstellen';
					$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
					$tpl['error']['location'] = 'events.php:550';
					$tpl['error']['result'] = serialize($createevent->errorInfo());
					$tpl['error']['level']	= '0 (base-php)';
				}
			}
			else
			{
				$tpl['error']['message'] = $lang['events']['create']['typeerror'];
				$tpl['error']['ref'] = 'events;create';
			}
			
		}
		else
		{
			$tpl['error']['message'] = $lang['events']['details']['dateerror'];
			$tpl['error']['ref'] = 'events;create';
		}
	}
	else
	{
		
		// Ereignisarten suchen
		$get_types = $db->prepare("SELECT id, `name` FROM ilp_event_types");
		$get_types->execute();
		
		$tpl['event']['types'] = $get_types->fetchAll(PDO::FETCH_ASSOC);
		
		// Zusätzliche Header laden
		$tpl['headincludes'][] = 'events.create.form';
	}
}

// Ereignis löschen
elseif ('delete' == $tpl['url'][1] && isset($tpl['url'][2]) && 'do' == $tpl['url'][2])
{
	
	// Prüfung, ob die Bestätigung richtig eingegeben wurde
	if ($lang['page']['delete'] == $_POST['deleteevent_confirm'])
	{
		
		// Teilnehmer ermitteln
		$getusers = $db->query("SELECT user_id, value FROM ilp_event_attends WHERE event_id = ".$_POST['deleteevent_event_id']);
		$users = $getusers->fetchAll(PDO::FETCH_ASSOC);
		
		$set_value = $db->prepare("UPDATE ilp_items SET item_value = ? WHERE id = ?");
		
		// Punktzahlen der Benutzer ermitteln
		foreach ($users as $user)
		{
			$getitems = $db->query("SELECT id, item_id, item_value FROM ilp_items WHERE user_id = ".$user['user_id']);
			
			while ($items = $getitems->fetch(PDO::FETCH_ASSOC))
			{
				// Neue Punktzahl berechnen
				$new_value = $items['item_value'] - $user['value'];
				
				// Punktzahl speichern
				writeLog($tpl['user']['id'], $user['user_id'], 'officer_change_item_value', array('item_id' => $items['item_id'], 'old_value' => $items['item_value'], 'new_value' => $new_value));
				$set_value->execute(array($new_value, $items['id']));
				
				if (1 != $set_value->rowCount())
				{
					$tpl['error']['action'] = 'Punktzahl verringern – User-ID: '.$user['user_id'].', Item-ID: '.$items['id'];
					$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
					$tpl['error']['location'] = 'events.php:619';
					$tpl['error']['result'] = serialize($set_value->errorInfo());
					$tpl['error']['level']	= '0 (base-php)';
				}
			}
		}
		
		// Beute löschen
		$getloots = $db->query("SELECT id, looter_id, event_id, item_id FROM ilp_loots WHERE event_id = ".$_POST['deleteevent_event_id']);
		
		while ($loot = $getloots->fetch(PDO::FETCH_ASSOC))
		{
			writeLog($tpl['user']['id'], $loot['looter_id'], 'officer_delete_loot', array('event_id' => $loot['event_id'], 'looter_id' => $loot['looter_id'], 'item_id' => $loot['item_id']));
			$db->query("DELETE FROM ilp_loots WHERE id = ".$loot['id']);
		}
		
		// Ereignis löschen
		writeLog($tpl['user']['id'], $tpl['user']['id'], 'officer_delete_event', array('event_id' => $_POST['deleteevent_event_id']));
		$db->query("DELETE FROM ilp_events WHERE id = ".$_POST['deleteevent_event_id']);
		
		if (!isset($tpl['error']))
		{
			header('Location: index.php?ilp='.ilpUrlEncode('events'));
		}
	}
	else
	{
		$tpl['error']['message'] = $lang['events']['delete']['confirm'];
		$tpl['error']['ref'] = 'events;edit;'.$_POST['deleteevent_event_id'];
	}
	
}

// Alle Liste entsperren
elseif ('unlock' == $tpl['url'][1])
{
	$db->query("UPDATE ilp_users SET locked = 0");
	$db->query("UPDATE ilp_config SET config_value = 0 WHERE config_type = 'locked'");
	$_SESSION['config']['locked'] = 0;
	writeLog($tpl['user']['id'], $tpl['user']['id'], 'officer_unlock_all_lists');
	header('Location: index.php?ilp='.$_GET['ref']);
}
?>
Return current item: iLP System