From 9c84558f5fcbfce7cd0321226c01f0f03e7bbee1 Mon Sep 17 00:00:00 2001
From: Paolo <bison@technikum-wien.at>
Date: Tue, 7 Sep 2021 12:13:59 +0200
Subject: [PATCH 01/18] - Added requiredPermissions to the
 application/config/udfmasterschema.json and set them as mandatory - Removed
 the private method _isAllowed from application/controllers/widgets/UDF.php -
 Removed required permissions from views application/views/system/fas_udf.php
 and application/views/system/infocenter/zgvpruefungen.php - Widget views
 application/views/widgets/checkbox, dropdown, textarea and textfield now they
 print the attribute disabled - Added constant DISABLED to
 application/widgets/html/HTMLWidget.php - Removed private property
 _requiredPermissions from application/widgets/udf/UDFWidget.php -
 application/widgets/udf/UDFWidget.php does not check permissions anymore and
 does not store them anymore - Added constants PERMISSION_TYPE_READ and
 PERMISSION_TYPE_WRITE to application/libraries/UDFLib.php - Removed constant
 PERMISSION_TYPE from application/libraries/UDFLib.php - Removed public method
 isAllowed from application/libraries/UDFLib.php - Added private methods
 _readAllowed, _writeAllowed, _setRequiredPermissions and _setReadOnly to
 application/libraries/UDFLib.php - UDFLib->displayUDFWidget now checks if
 permissions are declared in the UDF JSON and if the user is allowed to read
 and write such UDF - UDFLib->saveUDFs now checks if the user has the
 permissions to write such UDF - Now the UDFs are even displayed in read only
 mode

---
 application/config/udfmasterschema.json       |  16 +-
 application/controllers/widgets/UDF.php       |  15 +-
 application/libraries/UDFLib.php              | 267 ++++++++++++------
 application/views/system/fas_udf.php          |   3 +-
 .../views/system/infocenter/zgvpruefungen.php |   2 +-
 application/views/widgets/checkbox.php        |   4 +-
 application/views/widgets/dropdown.php        |   2 +
 application/views/widgets/textarea.php        |   4 +-
 application/views/widgets/textfield.php       |   4 +-
 application/widgets/html/HTMLWidget.php       |  46 +--
 application/widgets/udf/UDFWidget.php         |  34 +--
 11 files changed, 235 insertions(+), 162 deletions(-)

diff --git a/application/config/udfmasterschema.json b/application/config/udfmasterschema.json
index fa06dc80d..ab3faa8c9 100644
--- a/application/config/udfmasterschema.json
+++ b/application/config/udfmasterschema.json
@@ -9,6 +9,13 @@
 		"name": {
 			"type": "string"
 		},
+		"type": {
+			"type": "string",
+			"enum": ["checkbox", "textfield", "textarea", "date", "dropdown", "multipledropdown"]
+		},
+		"requiredPermissions": {
+			"type": "array"
+		},
 		"description": {
 			"type": "array",
 		},
@@ -18,10 +25,6 @@
 		"title": {
 			"type": "array",
 		},
-		"type": {
-			"type": "string",
-			"enum": ["checkbox", "textfield", "textarea", "date", "dropdown", "multipledropdown"]
-		},
 		"sort": {
 			"type": "integer"
 		},
@@ -67,5 +70,6 @@
 			}
 		}
 	},
-	"required": ["type", "name"]
-}
\ No newline at end of file
+	"required": ["type", "name", "requiredPermissions"]
+}
+
diff --git a/application/controllers/widgets/UDF.php b/application/controllers/widgets/UDF.php
index 5b4c45776..3ba745a10 100644
--- a/application/controllers/widgets/UDF.php
+++ b/application/controllers/widgets/UDF.php
@@ -26,9 +26,6 @@ class UDF extends FHC_Controller
 
 		// Loads the UDFLib with HTTP GET/POST parameters
 		$this->_loadUDFLib();
-
-		// Checks if the caller is allow to use this UDF widget
-		$this->_isAllowed();
     }
 
 	//------------------------------------------------------------------------------------------------------------------
@@ -63,17 +60,6 @@ class UDF extends FHC_Controller
 	//------------------------------------------------------------------------------------------------------------------
 	// Private methods
 
-	/**
-	 * Checks if the user is allowed to use this UDFWidget
-	 */
-	private function _isAllowed()
-	{
-		if (!$this->udflib->isAllowed())
-		{
-			$this->terminateWithJsonError('You are not allowed to access to this content');
-		}
-	}
-
 	/**
 	 * Loads the UDFLib with the UDF_UNIQUE_ID parameter
 	 * If the parameter UDF_UNIQUE_ID is not given then the execution of the controller is terminated and
@@ -105,3 +91,4 @@ class UDF extends FHC_Controller
 		}
 	}
 }
+
diff --git a/application/libraries/UDFLib.php b/application/libraries/UDFLib.php
index f9ad7d20d..756c382dd 100644
--- a/application/libraries/UDFLib.php
+++ b/application/libraries/UDFLib.php
@@ -30,13 +30,14 @@ class UDFLib
 	// ...to specify permissions that are needed to use this TableWidget
 	const REQUIRED_PERMISSIONS_PARAMETER = 'requiredPermissions';
 
+	const PERMISSION_TABLE_METHOD = 'UDFWidget'; // Name for fake method to be checked by the PermissionLib
+	const PERMISSION_TYPE_READ = 'r';
+	const PERMISSION_TYPE_WRITE = 'w';
+
 	// ...to specify the primary key name and value
 	const PRIMARY_KEY_NAME = 'primaryKeyName';
 	const PRIMARY_KEY_VALUE = 'primaryKeyValue';
 
-	const PERMISSION_TABLE_METHOD = 'UDFWidget'; // Name for fake method to be checked by the PermissionLib
-	const PERMISSION_TYPE = 'rw';
-
 	// HTML components
 	const LABEL = 'title';
 	const TITLE = 'description';
@@ -76,10 +77,10 @@ class UDFLib
 	// Public methods
 
 	/**
-     * UDFWidget
-     */
-    public function UDFWidget($args, $htmlArgs = array())
-    {
+	 * UDFWidget
+	 */
+	public function UDFWidget($args, $htmlArgs = array())
+	{
 		if ((isset($args[self::SCHEMA_ARG_NAME]) && !isEmptyString($args[self::SCHEMA_ARG_NAME]))
 			&& (isset($args[self::TABLE_ARG_NAME]) && !isEmptyString($args[self::TABLE_ARG_NAME])))
 		{
@@ -112,16 +113,17 @@ class UDFLib
 				show_error(self::TABLE_ARG_NAME.' parameter is missing!');
 			}
 		}
-    }
+	}
 
-    /**
+	/**
 	 * It renders the HTML of the UDF
 	 *
 	 * NOTE: When this method is called $widgetData contains different data from
 	 * parameter $args in the constructor
 	 */
-    public function displayUDFWidget(&$widgetData)
+	public function displayUDFWidget(&$widgetData)
 	{
+		$field = null;
 		$schema = $widgetData[self::SCHEMA_ARG_NAME]; // schema attribute
 		$table = $widgetData[self::TABLE_ARG_NAME]; // table attribute
 
@@ -155,7 +157,7 @@ class UDFLib
 					$found = false; // used to check if the field is found or not in the json schema
 
 					$this->_sortJsonSchemas($jsonSchemasArray); // Sort the list of UDF by sort property
-
+					
 					// Loops through json schemas
 					foreach ($jsonSchemasArray as $jsonSchema)
 					{
@@ -169,21 +171,37 @@ class UDFLib
 						{
 							show_error(sprintf('%s.%s: Attribute "name" not present in the json schema', $schema, $table));
 						}
+						// If the requiredPermissions property is not present then show an error
+						if (!isset($jsonSchema->{self::REQUIRED_PERMISSIONS_PARAMETER}))
+						{
+							show_error(sprintf('%s.%s: Attribute "requiredPermissions" not present in the json schema', $schema, $table));
+						}
+
+						// Set the required permissions for this UDF
+						$this->_setRequiredPermissions($jsonSchema->{self::NAME}, $jsonSchema->{self::REQUIRED_PERMISSIONS_PARAMETER});
 
 						// If a UDF is specified and is present in the json schemas list or no UDF is specified
 						if ((isset($field) && $field == $jsonSchema->{self::NAME}) || !isset($field))
 						{
-							// Set attributes using phrases
-							$this->_setAttributesWithPhrases($jsonSchema, $widgetData[HTMLWidget::HTML_ARG_NAME]);
+							// If the user has the permissions to read this field
+							if ($this->_readAllowed($jsonSchema->{self::REQUIRED_PERMISSIONS_PARAMETER}))
+							{
+								// Set attributes using phrases
+								$this->_setAttributesWithPhrases($jsonSchema, $widgetData[HTMLWidget::HTML_ARG_NAME]);
 
-							// Set validation attributes
-							$this->_setValidationAttributes($jsonSchema, $widgetData[HTMLWidget::HTML_ARG_NAME]);
+								// Set validation attributes
+								$this->_setValidationAttributes($jsonSchema, $widgetData[HTMLWidget::HTML_ARG_NAME]);
 
-							// Set name and id attributes
-							$this->_setNameAndId($jsonSchema, $widgetData[HTMLWidget::HTML_ARG_NAME]);
+								// Set name and id attributes
+								$this->_setNameAndId($jsonSchema, $widgetData[HTMLWidget::HTML_ARG_NAME]);
 
-							// Render the HTML for this UDF
-							$this->_render($jsonSchema, $widgetData);
+								// Set if the field is in read only mode
+								$this->_setReadOnly($jsonSchema, $widgetData[HTMLWidget::HTML_ARG_NAME]);
+
+								// Render the HTML for this UDF
+								$this->_render($jsonSchema, $widgetData);
+							}
+							// otherwise the UDF is not displayed
 
 							// If a UDf is specified and it was found then stop looking through this list
 							if (isset($field) && $field == $jsonSchema->{self::NAME})
@@ -213,7 +231,7 @@ class UDFLib
 				show_error(sprintf('%s.%s: Does not contain "jsons" field', $schema, $table));
 			}
 		}
-    }
+	}
 
 	/**
 	 * Manage UDFs
@@ -249,6 +267,22 @@ class UDFLib
 			{
 				$decodedUDFDefinition = $decodedUDFDefinitions[$i]; // Definition of a single UDF
 
+				// Checks if the requiredPermissions is available and it is a valid array or a valid string
+				if (isset($decodedUDFDefinition->{self::REQUIRED_PERMISSIONS_PARAMETER})
+					&& (!isEmptyArray($decodedUDFDefinition->{self::REQUIRED_PERMISSIONS_PARAMETER})
+					|| !isEmptyString($decodedUDFDefinition->{self::REQUIRED_PERMISSIONS_PARAMETER})))
+				{
+					// Then check if the user has the permissions to write such UDF
+					if (!$this->_writeAllowed($decodedUDFDefinition->{self::REQUIRED_PERMISSIONS_PARAMETER}))
+					{
+						$notValidUDFsArray[] = error('Writing not allowed for UDF: '.$decodedUDFDefinition->{self::NAME});
+					}
+				}
+				else
+				{
+					$notValidUDFsArray[] = error('Writing permissions not defined for UDF: '.$decodedUDFDefinition->{self::NAME});
+				}
+
 				// Loops through the UDFs values that should be stored
 				foreach ($udfsParameters as $key => $val)
 				{
@@ -468,12 +502,32 @@ class UDFLib
 	 */
 	public function saveUDFs($udfUniqueId, $udfs)
 	{
+		$udfToBewritten = array(); // UDFs to be written into database
+
 		// Read the all session for this udf widget
 		$session = $this->getSession();
 
 		// If session is empty then return an error
 		if ($session == null) return error('No UDFWidget loaded');
 
+		// Get the required permission from the session
+		$requiredPermissions = $session[self::REQUIRED_PERMISSIONS_PARAMETER];
+
+		// For each UDF that is trying to save
+		foreach ($udfs as $udfName => $udfValue)
+		{
+			// If the UDFs exists in the requiredPermissions array
+			if (array_key_exists($udfName, $requiredPermissions))
+			{
+				// Then check if the user has the permissions to write such UDF
+				if ($this->_writeAllowed($requiredPermissions[$udfName]))
+				{
+					// If allowed then save the UDF name and value to be stored later into the database
+					$udfToBewritten[$udfName] = $udfValue;
+				}
+			}
+		}
+
 		// Workaround to load CI
 		$this->_ci->load->model('system/UDF_model', 'UDFModel');
 
@@ -490,30 +544,56 @@ class UDFLib
 		// Returns the result of the database update operation to save UDFs
 		return $dbModel->update(
 			array($session[self::PRIMARY_KEY_NAME] => $session[self::PRIMARY_KEY_VALUE]),
-			(array)$udfs
+			$udfToBewritten
 		);
 	}
 
-	/**
-	 * Checks if at least one of the permissions given as parameter (requiredPermissions) belongs
-	 * to the authenticated user, if confirmed then is allowed to use this UDFWidget.
-	 * If the parameter requiredPermissions is NOT given or is not present in the session,
-	 * then NO one is allow to use this UDFWidget
-	 * Wrapper method to permissionlib->hasAtLeastOne
-	 */
-	public function isAllowed($requiredPermissions = null)
-	{
-		$this->_ci->load->library('PermissionLib'); // Load permission library
-
-		// Gets the required permissions from the session if they are not provided as parameter
-		$rq = $requiredPermissions;
-		if ($rq == null) $rq = $this->getSessionElement(self::REQUIRED_PERMISSIONS_PARAMETER);
-
-		return $this->_ci->permissionlib->hasAtLeastOne($rq, self::PERMISSION_TABLE_METHOD, self::PERMISSION_TYPE);
-	}
-
 	// -------------------------------------------------------------------------------------------------
 	// Private methods
+	//
+
+	/**
+	 * Checks if at least one of the permissions given as parameter belongs to the authenticated user in read mode
+	 * Wrapper method to permissionlib->hasAtLeastOne
+	 */
+	private function _readAllowed($requiredPermissions)
+	{
+		$this->_ci->load->library('PermissionLib'); // Load permission library
+
+		return $this->_ci->permissionlib->hasAtLeastOne($requiredPermissions, self::PERMISSION_TABLE_METHOD, self::PERMISSION_TYPE_READ);
+	}
+
+	/**
+	 * Checks if at least one of the permissions given as parameter belongs to the authenticated user in write mode
+	 * Wrapper method to permissionlib->hasAtLeastOne
+	 */
+	private function _writeAllowed($requiredPermissions)
+	{
+		$this->_ci->load->library('PermissionLib'); // Load permission library
+
+		return $this->_ci->permissionlib->hasAtLeastOne($requiredPermissions, self::PERMISSION_TABLE_METHOD, self::PERMISSION_TYPE_WRITE);
+	}
+
+	/**
+	 * Set an array of required permissions for a UDF into the session
+	 */
+	private function _setRequiredPermissions($udfName, $permissions)
+	{
+		// Get the session for this UDFWidget
+		$session = $this->getSession();
+
+		// If does _not_ exist yet in the session
+		if (!isset($session[self::REQUIRED_PERMISSIONS_PARAMETER]))
+		{
+			$session[self::REQUIRED_PERMISSIONS_PARAMETER] = array();
+		}
+
+		// Set the required permission in the session for this UDFWidget
+		$session[self::REQUIRED_PERMISSIONS_PARAMETER][$udfName] = $permissions;
+
+		// Write into the session
+		$this->setSession($session);
+	}
 
 	/**
 	 * Print the block for UDFs
@@ -654,20 +734,36 @@ class UDFLib
 		return $returnArrayValidation;
 	}
 
-    /**
-     * Set the name and id attribute of the HTML element
-     */
-    private function _setNameAndId($jsonSchema, &$htmlParameters)
-    {
+	/**
+	 * Disable the HTML element if in read only mode
+	 */
+	private function _setReadOnly($jsonSchema, &$htmlParameters)
+	{
+		// If write permissions _not_ exist then set the field as disabled
+		if (!$this->_writeAllowed($jsonSchema->{self::REQUIRED_PERMISSIONS_PARAMETER}))
+		{
+			$htmlParameters[HTMLWidget::DISABLED] = HTMLWidget::DISABLED; // any values is fine
+		}
+		else // otherwise restore to default
+		{
+			if (isset($htmlParameters[HTMLWidget::DISABLED])) unset($htmlParameters[HTMLWidget::DISABLED]);
+		}
+	}
+
+	/**
+	 * Set the name and id attribute of the HTML element
+	 */
+	private function _setNameAndId($jsonSchema, &$htmlParameters)
+	{
 		$htmlParameters[HTMLWidget::HTML_ID] = $jsonSchema->{self::NAME};
 		$htmlParameters[HTMLWidget::HTML_NAME] = $jsonSchema->{self::NAME};
-    }
-
-    /**
-     * Sort the list of UDF by sort property
-     */
-    private function _sortJsonSchemas(&$jsonSchemasArray)
-    {
+	}
+	
+	/**
+	 * Sort the list of UDF by sort property
+	 */
+	private function _sortJsonSchemas(&$jsonSchemasArray)
+	{
 		usort($jsonSchemasArray, function ($a, $b) {
 			if (!isset($a->{self::SORT}))
 			{
@@ -684,13 +780,13 @@ class UDFLib
 
 			return ($a->{self::SORT} < $b->{self::SORT}) ? -1 : 1;
 		});
-    }
-
-    /**
-     * Loads the UDF description by the given schema and table
-     */
-    private function _loadUDF($schema, $table)
-    {
+	}
+	
+	/**
+	 * Loads the UDF description by the given schema and table
+	 */
+	private function _loadUDF($schema, $table)
+	{
 		// Loads UDF model
 		$this->_ci->load->model('system/UDF_model', 'UDFModel');
 
@@ -722,13 +818,13 @@ class UDFLib
 		}
 
 		return $udfResults;
-    }
+	}
 
-    /**
-     * Render the HTML for the UDF
-     */
-    private function _render($jsonSchema, &$widgetData)
-    {
+	/**
+	 * Render the HTML for the UDF
+	 */
+	private function _render($jsonSchema, &$widgetData)
+	{
 		// Checkbox
 		if ($jsonSchema->{self::TYPE} == 'checkbox')
 		{
@@ -759,11 +855,11 @@ class UDFLib
 		{
 			$this->_renderDropdown($jsonSchema, $widgetData, true);
 		}
-    }
+	}
 
-    /**
-     * Renders a dropdown element
-     */
+	/**
+	 * Renders a dropdown element
+	 */
 	private function _renderDropdown($jsonSchema, &$widgetData, $multiple = false)
 	{
 		// Selected element/s
@@ -805,8 +901,8 @@ class UDFLib
 	}
 
 	/**
-     * Renders a textarea element
-     */
+	 * Renders a textarea element
+	 */
 	private function _renderTextarea($jsonSchema, &$widgetData)
 	{
 		$text = null; // text value
@@ -823,8 +919,8 @@ class UDFLib
 	}
 
 	/**
-     * Renders an input text element
-     */
+	 * Renders an input text element
+	 */
 	private function _renderTextfield($jsonSchema, &$widgetData)
 	{
 		$text = null; // text value
@@ -841,8 +937,8 @@ class UDFLib
 	}
 
 	/**
-     * Renders a checkbox element
-     */
+	 * Renders a checkbox element
+	 */
 	private function _renderCheckbox($jsonSchema, &$widgetData)
 	{
 		// Set checkbox value if present in the DB
@@ -861,11 +957,11 @@ class UDFLib
 		$checkboxWidgetUDF->render();
 	}
 
-    /**
-     * Sets the attributes of the HTML element using the phrases system
-     */
-    private function _setAttributesWithPhrases($jsonSchema, &$htmlParameters)
-    {
+	/**
+	 * Sets the attributes of the HTML element using the phrases system
+	 */
+	private function _setAttributesWithPhrases($jsonSchema, &$htmlParameters)
+	{
 		// By default set to null all the attributes
 		$htmlParameters[HTMLWidget::LABEL] = null;
 		$htmlParameters[HTMLWidget::TITLE] = null;
@@ -933,13 +1029,13 @@ class UDFLib
 				}
 			}
 		}
-    }
+	}
 
-    /**
-     * Sets the validation attributes of the HTML element using the configuration inside the json schema
-     */
-    private function _setValidationAttributes($jsonSchema, &$htmlParameters)
-    {
+	/**
+	 * Sets the validation attributes of the HTML element using the configuration inside the json schema
+	 */
+	private function _setValidationAttributes($jsonSchema, &$htmlParameters)
+	{
 		// Validation attributes set by default to null
 		$htmlParameters[HTMLWidget::REGEX] = null;
 		$htmlParameters[HTMLWidget::REQUIRED] = null;
@@ -998,3 +1094,4 @@ class UDFLib
 		}
 	}
 }
+
diff --git a/application/views/system/fas_udf.php b/application/views/system/fas_udf.php
index 8a1200b6a..e6fa396cf 100644
--- a/application/views/system/fas_udf.php
+++ b/application/views/system/fas_udf.php
@@ -45,7 +45,6 @@
 							echo $this->udflib->UDFWidget(
 								array(
 									UDFLib::UDF_UNIQUE_ID => 'fasPersonUDFs',
-									UDFLib::REQUIRED_PERMISSIONS_PARAMETER => 'basis/person',
 									UDFLib::SCHEMA_ARG_NAME => 'public',
 									UDFLib::TABLE_ARG_NAME => 'tbl_person',
 									UDFLib::PRIMARY_KEY_NAME => 'person_id',
@@ -70,7 +69,6 @@
 							echo $this->udflib->UDFWidget(
 								array(
 									UDFLib::UDF_UNIQUE_ID => 'fasPrestudentUDFs',
-									UDFLib::REQUIRED_PERMISSIONS_PARAMETER => 'basis/person',
 									UDFLib::SCHEMA_ARG_NAME => 'public',
 									UDFLib::TABLE_ARG_NAME => 'tbl_prestudent',
 									UDFLib::PRIMARY_KEY_NAME => 'prestudent_id',
@@ -109,3 +107,4 @@
 	</body>
 
 <?php $this->load->view("templates/footer"); ?>
+
diff --git a/application/views/system/infocenter/zgvpruefungen.php b/application/views/system/infocenter/zgvpruefungen.php
index 05c94c384..2b08dada3 100644
--- a/application/views/system/infocenter/zgvpruefungen.php
+++ b/application/views/system/infocenter/zgvpruefungen.php
@@ -341,7 +341,6 @@
 						echo $this->udflib->UDFWidget(
 							array(
 								UDFLib::UDF_UNIQUE_ID => 'infocenterPrestudentUDFs_'.$zgvpruefung->prestudent_id,
-								UDFLib::REQUIRED_PERMISSIONS_PARAMETER => 'infocenter',
 								UDFLib::SCHEMA_ARG_NAME => 'public',
 								UDFLib::TABLE_ARG_NAME => 'tbl_prestudent',
 								UDFLib::PRIMARY_KEY_NAME => 'prestudent_id',
@@ -553,3 +552,4 @@
 		endforeach; // end foreach zgvpruefungen
 	?>
 </div><!-- /.panel-group -->
+
diff --git a/application/views/widgets/checkbox.php b/application/views/widgets/checkbox.php
index 6debb2afd..811e3c682 100644
--- a/application/views/widgets/checkbox.php
+++ b/application/views/widgets/checkbox.php
@@ -24,6 +24,7 @@
 					<?php HTMLWidget::printAttribute(${HTMLWidget::HTML_ARG_NAME}, HTMLWidget::HTML_NAME); ?>
 					<?php HTMLWidget::printAttribute(${HTMLWidget::HTML_ARG_NAME}, HTMLWidget::REQUIRED); ?>
 					<?php HTMLWidget::printAttribute(${HTMLWidget::HTML_ARG_NAME}, HTMLWidget::TITLE); ?>
+					<?php HTMLWidget::printAttribute(${HTMLWidget::HTML_ARG_NAME}, HTMLWidget::DISABLED, false); ?>
 					<?php
 						$checked = '';
 						if (${CheckboxWidget::VALUE_FIELD} === true)
@@ -38,4 +39,5 @@
 		</div>
 	</div>
 
-<?php HTMLWidget::printEndBlock(${HTMLWidget::HTML_ARG_NAME}); ?>
\ No newline at end of file
+<?php HTMLWidget::printEndBlock(${HTMLWidget::HTML_ARG_NAME}); ?>
+
diff --git a/application/views/widgets/dropdown.php b/application/views/widgets/dropdown.php
index d9faf1978..51db6d536 100644
--- a/application/views/widgets/dropdown.php
+++ b/application/views/widgets/dropdown.php
@@ -33,6 +33,7 @@
 					<?php HTMLWidget::printAttribute(${HTMLWidget::HTML_ARG_NAME}, HTMLWidget::MAX_VALUE); ?>
 					<?php HTMLWidget::printAttribute(${HTMLWidget::HTML_ARG_NAME}, HTMLWidget::REGEX); ?>
 					<?php HTMLWidget::printAttribute(${HTMLWidget::HTML_ARG_NAME}, HTMLWidget::TITLE); ?>
+					<?php HTMLWidget::printAttribute(${HTMLWidget::HTML_ARG_NAME}, HTMLWidget::DISABLED, false); ?>
 				>
 					<?php
 						$elements = ${DropdownWidget::WIDGET_DATA_ELEMENTS_ARRAY_NAME};
@@ -72,3 +73,4 @@
 	</div>
 
 <?php HTMLWidget::printEndBlock(${HTMLWidget::HTML_ARG_NAME}); ?>
+
diff --git a/application/views/widgets/textarea.php b/application/views/widgets/textarea.php
index c72b52658..5346fefa8 100644
--- a/application/views/widgets/textarea.php
+++ b/application/views/widgets/textarea.php
@@ -29,9 +29,11 @@
 					<?php HTMLWidget::printAttribute(${HTMLWidget::HTML_ARG_NAME}, HTMLWidget::MAX_LENGTH); ?>
 					<?php HTMLWidget::printAttribute(${HTMLWidget::HTML_ARG_NAME}, HTMLWidget::REGEX); ?>
 					<?php HTMLWidget::printAttribute(${HTMLWidget::HTML_ARG_NAME}, HTMLWidget::TITLE); ?>
+					<?php HTMLWidget::printAttribute(${HTMLWidget::HTML_ARG_NAME}, HTMLWidget::DISABLED, false); ?>
 				><?php echo ${TextareaWidget::TEXT}; ?></textarea>
 			</div>
 		</div>
 	</div>
 
-<?php HTMLWidget::printEndBlock(${HTMLWidget::HTML_ARG_NAME}); ?>
\ No newline at end of file
+<?php HTMLWidget::printEndBlock(${HTMLWidget::HTML_ARG_NAME}); ?>
+
diff --git a/application/views/widgets/textfield.php b/application/views/widgets/textfield.php
index 73b1daa1b..c5ba81710 100644
--- a/application/views/widgets/textfield.php
+++ b/application/views/widgets/textfield.php
@@ -31,10 +31,12 @@
 					<?php HTMLWidget::printAttribute(${HTMLWidget::HTML_ARG_NAME}, HTMLWidget::MAX_LENGTH); ?>
 					<?php HTMLWidget::printAttribute(${HTMLWidget::HTML_ARG_NAME}, HTMLWidget::REGEX); ?>
 					<?php HTMLWidget::printAttribute(${HTMLWidget::HTML_ARG_NAME}, HTMLWidget::TITLE); ?>
+					<?php HTMLWidget::printAttribute(${HTMLWidget::HTML_ARG_NAME}, HTMLWidget::DISABLED, false); ?>
 					value="<?php echo ${TextfieldWidget::VALUE}; ?>"
 				>
 			</div>
 		</div>
 	</div>
 
-<?php HTMLWidget::printEndBlock(${HTMLWidget::HTML_ARG_NAME}); ?>
\ No newline at end of file
+<?php HTMLWidget::printEndBlock(${HTMLWidget::HTML_ARG_NAME}); ?>
+
diff --git a/application/widgets/html/HTMLWidget.php b/application/widgets/html/HTMLWidget.php
index 9639890ea..0034edfd9 100644
--- a/application/widgets/html/HTMLWidget.php
+++ b/application/widgets/html/HTMLWidget.php
@@ -6,18 +6,18 @@
 class HTMLWidget extends Widget
 {
 	// The name of the array present in the data array given to the view that will render this widget
-    const HTML_ARG_NAME = 'HTML';
+	const HTML_ARG_NAME = 'HTML';
 	const HTML_DEFAULT_VALUE = ''; // Default value of the html element
-    const HTML_NAME = 'name'; // HTML name attribute
-    const HTML_ID = 'id'; // HTML id attribute
-
-    // External block definition
-    const EXTERNAL_BLOCK = 'externalBlock'; // External block name
-    const EXTERNAL_START_BLOCK_HTML_TAG = '<div>'; // External block start tag
-    const EXTERNAL_END_BLOCK_HTML_TAG = '</div>'; // External block end tag
-
-    // HTML attributes
-    const LABEL = 'title';
+	const HTML_NAME = 'name'; // HTML name attribute
+	const HTML_ID = 'id'; // HTML id attribute
+	
+	// External block definition
+	const EXTERNAL_BLOCK = 'externalBlock'; // External block name
+	const EXTERNAL_START_BLOCK_HTML_TAG = '<div>'; // External block start tag
+	const EXTERNAL_END_BLOCK_HTML_TAG = '</div>'; // External block end tag
+	
+	// HTML attributes
+	const LABEL = 'title';
 	const REGEX = 'regex';
 	const TITLE = 'description';
 	const REQUIRED = 'required-field';
@@ -26,11 +26,12 @@ class HTMLWidget extends Widget
 	const MAX_LENGTH = 'max-length';
 	const MIN_LENGTH = 'min-length';
 	const PLACEHOLDER = 'placeholder';
+	const DISABLED = 'disabled';
 
-    /**
-     * It gets also the htmlArgs array as parameter, it will be used to set the HTML properties
-     */
-    public function __construct($name, $args = array(), $htmlArgs = array())
+	/**
+	 * It gets also the htmlArgs array as parameter, it will be used to set the HTML properties
+	 */
+	public function __construct($name, $args = array(), $htmlArgs = array())
 	{
 		parent::__construct($name, $args);
 
@@ -38,11 +39,11 @@ class HTMLWidget extends Widget
 		$this->_setHtmlProperties($htmlArgs);
 	}
 
-    /**
-     * Initialising html properties, such as the id and name attributes of the HTML element
-     */
-    private function _setHtmlProperties($htmlArgs)
-    {
+	/**
+	 * Initialising html properties, such as the id and name attributes of the HTML element
+	 */
+	private function _setHtmlProperties($htmlArgs)
+	{
 		// If $htmlArgs wasn't already stored in $this->_args
 		if (!isset($this->_args[HTMLWidget::HTML_ARG_NAME]))
 		{
@@ -58,9 +59,9 @@ class HTMLWidget extends Widget
 				$this->_args[HTMLWidget::HTML_ARG_NAME][$argName] = $argValue;
 			}
 		}
-    }
+	}
 
-    /**
+	/**
 	 * Prints an attribute name and eventually also the value extracted from $htmlArgs
 	 * Set $isValuePresent to false the value should not be displayed
 	 */
@@ -113,3 +114,4 @@ class HTMLWidget extends Widget
 		}
 	}
 }
+
diff --git a/application/widgets/udf/UDFWidget.php b/application/widgets/udf/UDFWidget.php
index 7af3dd926..abbbab022 100644
--- a/application/widgets/udf/UDFWidget.php
+++ b/application/widgets/udf/UDFWidget.php
@@ -6,8 +6,6 @@
  */
 class UDFWidget extends HTMLWidget
 {
-	private $_requiredPermissions; // The required permissions to use this UDF widget
-
 	private $_schema; // Schema name
 	private $_table; // Table name
 	private $_primaryKeyName; // Primary key name
@@ -26,26 +24,16 @@ class UDFWidget extends HTMLWidget
 
 		$this->_initUDFWidget($args); // checks parameters and initialize properties
 
-		// Let's start if it's allowed
-		// NOTE: If it is NOT allowed then no data are loaded
-		if ($this->udflib->isAllowed($this->_requiredPermissions))
-		{
-			$this->_startUDFWidget($args[UDFLib::UDF_UNIQUE_ID]);
-		}
+		$this->_startUDFWidget($args[UDFLib::UDF_UNIQUE_ID]);
 	}
 
 	/**
 	 * Called by the WidgetLib, it renders the HTML of the UDF
 	 */
-    public function display($widgetData)
+	public function display($widgetData)
 	{
-		// Let's start if it's allowed
-		// NOTE: If it is NOT allowed then no data are loaded
-		if ($this->_ci->udflib->isAllowed($this->_requiredPermissions))
-		{
-			$this->_ci->udflib->displayUDFWidget($widgetData);
-		}
-    }
+		$this->_ci->udflib->displayUDFWidget($widgetData);
+	}
 
 	//------------------------------------------------------------------------------------------------------------------
 	// Private methods
@@ -60,18 +48,11 @@ class UDFWidget extends HTMLWidget
 		// If here then everything is ok
 
 		// Initialize class properties
-		$this->_requiredPermissions = null;
 		$this->_schema = null;
 		$this->_table = null;
 		$this->_primaryKeyName = null;
 		$this->_primaryKeyValue = null;
 
-		// Retrieved the required permissions parameter if present
-		if (isset($args[UDFLib::REQUIRED_PERMISSIONS_PARAMETER]))
-		{
-			$this->_requiredPermissions = $args[UDFLib::REQUIRED_PERMISSIONS_PARAMETER];
-		}
-
 		// Retrieved the
 		if (isset($args[UDFLib::SCHEMA_ARG_NAME]))
 		{
@@ -113,11 +94,6 @@ class UDFWidget extends HTMLWidget
 				show_error('The parameter "'.UDFLib::UDF_UNIQUE_ID.'" must be specified');
 			}
 
-			if (!isset($args[UDFLib::REQUIRED_PERMISSIONS_PARAMETER]))
-			{
-				show_error('The parameter "'.UDFLib::REQUIRED_PERMISSIONS_PARAMETER.'" must be specified');
-			}
-
 			if (!isset($args[UDFLib::SCHEMA_ARG_NAME]))
 			{
 				show_error('The parameter "'.UDFLib::SCHEMA_ARG_NAME.'" must be specified');
@@ -149,7 +125,6 @@ class UDFWidget extends HTMLWidget
 		$this->udflib->setSession(
 			array(
 				UDFLib::UDF_UNIQUE_ID => $udfUniqueId, // table unique id
-				UDFLib::REQUIRED_PERMISSIONS_PARAMETER => $this->_requiredPermissions, //
 				UDFLib::SCHEMA_ARG_NAME => $this->_schema, //
 				UDFLib::TABLE_ARG_NAME => $this->_table, //
 				UDFLib::PRIMARY_KEY_NAME => $this->_primaryKeyName, //
@@ -158,3 +133,4 @@ class UDFWidget extends HTMLWidget
 		);
 	}
 }
+

From e1961df70f2c59a94554e9c0d190a49cc1ee2dfb Mon Sep 17 00:00:00 2001
From: Manfred Kindl <kindlm@technikum-wien.at>
Date: Tue, 28 Sep 2021 01:14:29 +0200
Subject: [PATCH 02/18] =?UTF-8?q?Attribute=20erg=C3=A4nzt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Attribute ects_gesamt_studienplan und ects_pro_semester_studienplan ergänzt, da die ects der Studienordnungen nicht mehr relevant sind
---
 rdf/studienblatt.xml.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/rdf/studienblatt.xml.php b/rdf/studienblatt.xml.php
index 0aa752637..790f351e5 100644
--- a/rdf/studienblatt.xml.php
+++ b/rdf/studienblatt.xml.php
@@ -154,6 +154,8 @@ foreach($uid_arr as $uid)
 			echo "\t\t<studiengangSpracheEnglisch><![CDATA[".$studienplan_sprache_englisch."]]></studiengangSpracheEnglisch>";
 			echo "\t\t<ects_gesamt><![CDATA[".$studienordnung->ects."]]></ects_gesamt>";
 			echo "\t\t<ects_pro_semester><![CDATA[".($studienplan->regelstudiendauer!=0?$studienordnung->ects/$studienplan->regelstudiendauer:0)."]]></ects_pro_semester>";
+			echo "\t\t<ects_gesamt_studienplan><![CDATA[".$studienplan->ects_stpl."]]></ects_gesamt_studienplan>";
+			echo "\t\t<ects_pro_semester_studienplan><![CDATA[".($studienplan->regelstudiendauer!=0?$studienplan->ects_stpl/$studienplan->regelstudiendauer:0)."]]></ects_pro_semester_studienplan>";
 
 			echo "\t\t<aktuellesJahr><![CDATA[".date('Y')."]]></aktuellesJahr>";
 			$status_aktuell = ($prestudent->getLastStatus($student->prestudent_id,null,null))?$prestudent->status_kurzbz:'';

From 97862472221faf82cf67cd51c336e121d935716b Mon Sep 17 00:00:00 2001
From: Manfred <kindlm@technikum-wien.at>
Date: Wed, 29 Sep 2021 18:33:10 +0200
Subject: [PATCH 03/18] Projekttitel statt Projektkurzbz in Projektexport
 anzeigen

---
 cis/private/tools/zeitaufzeichnung.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cis/private/tools/zeitaufzeichnung.php b/cis/private/tools/zeitaufzeichnung.php
index 2a7939e17..cca4d3bfa 100644
--- a/cis/private/tools/zeitaufzeichnung.php
+++ b/cis/private/tools/zeitaufzeichnung.php
@@ -2014,7 +2014,7 @@ function getDataForProjectOverviewCSV($user)
 	{
 		if (true)
 		{
-			$titel = $prjp->projekt_kurzbz;
+			$titel = $prjp->projekttitel;
 			$projekt_kurzbz = $prjp->projekt_kurzbz;
 			$projekt_phase = $prjp->bezeichnung;
 			$projekt_phase_id = $prjp->projektphase_id;

From 3b5936239e754b4d1ee956b85f7c92bb061d09b2 Mon Sep 17 00:00:00 2001
From: Manfred <kindlm@technikum-wien.at>
Date: Wed, 29 Sep 2021 18:33:55 +0200
Subject: [PATCH 04/18] Projekttiel in Funktion getProjectphaseForMitarbeiter

---
 include/projektphase.class.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/projektphase.class.php b/include/projektphase.class.php
index 1b0818ca0..d029ba080 100644
--- a/include/projektphase.class.php
+++ b/include/projektphase.class.php
@@ -688,7 +688,7 @@ public function getFortschritt($projektphase_id)
 
 		$qry = "
 		SELECT
-			DISTINCT tbl_projektphase.*
+			DISTINCT tbl_projektphase.*,tbl_projekt.titel
 		FROM
 			fue.tbl_projektphase
 			JOIN fue.tbl_projekt USING (projekt_kurzbz)
@@ -718,6 +718,7 @@ public function getFortschritt($projektphase_id)
 				$obj->bezeichnung = $row->bezeichnung;
 				$obj->typ = $row->typ;
 				$obj->beschreibung = $row->beschreibung;
+				$obj->projekttitel = $row->titel;
 				$obj->start = $row->start;
 				$obj->ende = $row->ende;
 				$obj->personentage = $row->personentage;

From 0ead8b4c3f0eee31fbed4d6b620688d87a8e654e Mon Sep 17 00:00:00 2001
From: Manfred <kindlm@technikum-wien.at>
Date: Wed, 29 Sep 2021 18:36:16 +0200
Subject: [PATCH 05/18] Button um Personendaten zu laden

---
 soap/datenverbund_client.php | 71 ++++++++++++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)

diff --git a/soap/datenverbund_client.php b/soap/datenverbund_client.php
index a3b0982f8..01cdddaa2 100644
--- a/soap/datenverbund_client.php
+++ b/soap/datenverbund_client.php
@@ -26,6 +26,8 @@ require_once('../include/basis_db.class.php');
 require_once('../include/benutzerberechtigung.class.php');
 require_once('../include/dvb.class.php');
 require_once('../include/errorhandler.class.php');
+require_once('../include/person.class.php');
+require_once('../include/adresse.class.php');
 
 $uid = get_uid();
 $rechte = new benutzerberechtigung();
@@ -63,12 +65,80 @@ $ausstellbehoerde = filter_input(INPUT_POST, 'ausstellbehoerde');
 $ausstellland = filter_input(INPUT_POST, 'ausstellland');
 $dokumentnr = filter_input(INPUT_POST, 'dokumentnr');
 
+$getPersonData = filter_input(INPUT_POST, 'getPersonData', FILTER_VALIDATE_BOOLEAN);
+$data_person_id = filter_input(INPUT_POST, 'data_person_id');
+if ($getPersonData)
+{
+	$person = new person($data_person_id);
+	$adresse = new adresse();
+	$adresse->loadZustellAdresse($person->person_id);
+	$svnr = $person->svnr;
+	if ($svnr == '' && $person->ersatzkennzeichen != '')
+	{
+		$svnr = $person->ersatzkennzeichen;
+	}
+
+	echo json_encode(array(
+		'status'=>'ok',
+		'matrikelnummer'=>$person->matr_nr,
+		'nachname'=>$person->nachname,
+		'vorname'=>$person->vorname,
+		'geburtsdatum'=>str_replace('-','',$person->gebdatum),
+		'geschlecht'=>strtoupper($person->geschlecht),
+		'postleitzahl'=>$adresse->plz,
+		'staat'=>$adresse->nation,
+		'sozialversicherungsnummer'=>$svnr
+	));
+
+	exit();
+}
+
 ?><!DOCTYPE html>
 <html>
 <head>
 	<meta charset="utf-8"/>
 	<title>Datenverbund-Client</title>
+	<script type="text/javascript" src="../vendor/jquery/jqueryV1/jquery-1.12.4.min.js"></script>
 </head>
+<script type="text/javascript">
+	$(function () {
+		$('#getPersonDataButton').on('click', function ()
+		{
+			data = {
+				data_person_id: $('#getPersonDataInput').val(),
+				getPersonData: true
+			};
+
+			$.ajax({
+				url: 'datenverbund_client.php',
+				data: data,
+				type: 'POST',
+				dataType: "json",
+				success: function (data) {
+					if (data.status != 'ok') {
+						alert(JSON.stringify(data));
+						console.log(JSON.stringify(data));
+					}
+					else
+					{
+						$('input[name="matrikelnummer"]').val(data.matrikelnummer);
+						$('input[name="nachname"]').val(data.nachname);
+						$('input[name="vorname"]').val(data.vorname);
+						$('input[name="geburtsdatum"]').val(data.geburtsdatum);
+						$('input[name="geschlecht"]').val(data.geschlecht);
+						$('input[name="postleitzahl"]').val(data.postleitzahl);
+						$('input[name="staat"]').val(data.staat);
+						$('input[name="svnr"]').val(data.sozialversicherungsnummer);
+					}
+				},
+				error: function (data) {
+					alert(JSON.stringify(data));
+					console.log(JSON.stringify(data));
+				}
+			});
+		});
+	});
+</script>
 <body>
 	<h1>Testclient für Datenverbund-Webservice</h1>
 	<ul>
@@ -195,6 +265,7 @@ $dokumentnr = filter_input(INPUT_POST, 'dokumentnr');
 			break;
 
 		case 'setMatrikelnummer':
+			echo '<p><input id="getPersonDataInput" type="text" maxlength="10" size="10" placeholder="person_id"><button type="button" id="getPersonDataButton">Personendaten laden</button></p>';
             printSetMatrikelnrRows();
 			printrow('staat', 'Staat', $staat, '1-3 Stellen Codex (zb A für Österreich)', 3);
 			printrow('svnr', 'SVNR', $svnr);

From bfa85f9caf0c34bce10ba5916bdb54f11174ba2f Mon Sep 17 00:00:00 2001
From: Manfred <kindlm@technikum-wien.at>
Date: Wed, 29 Sep 2021 18:55:46 +0200
Subject: [PATCH 06/18] Wenn Stg nicht gesetzt, wird der Ablauf ignoriert

---
 cis/testtool/admin/auswertung_detail.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/cis/testtool/admin/auswertung_detail.php b/cis/testtool/admin/auswertung_detail.php
index 05a6143ee..775234670 100644
--- a/cis/testtool/admin/auswertung_detail.php
+++ b/cis/testtool/admin/auswertung_detail.php
@@ -104,9 +104,11 @@ if(isset($_GET['show']))
 			SELECT 
 				distinct on(tbl_frage.frage_id) *, tbl_gebiet.kurzbz as gebiet
 			FROM 
-				testtool.tbl_frage 
-				JOIN testtool.tbl_ablauf USING(gebiet_id)
-				JOIN testtool.tbl_frage_sprache USING(frage_id)
+				testtool.tbl_frage ";
+	if($stg_kz!='')
+		$qry.="	JOIN testtool.tbl_ablauf USING(gebiet_id) ";
+
+		$qry.="	JOIN testtool.tbl_frage_sprache USING(frage_id)
 				JOIN testtool.tbl_gebiet USING(gebiet_id)
 			WHERE 
 				demo=false";

From ae357be5388f55658c9647dd1e19616e76fc2141 Mon Sep 17 00:00:00 2001
From: Manfred <kindlm@technikum-wien.at>
Date: Wed, 29 Sep 2021 18:56:44 +0200
Subject: [PATCH 07/18] Minor BugFix variables not defined

---
 cis/testtool/login.php | 1470 ++++++++++++++++++++--------------------
 1 file changed, 736 insertions(+), 734 deletions(-)

diff --git a/cis/testtool/login.php b/cis/testtool/login.php
index b7cbc02b5..a738c0a88 100644
--- a/cis/testtool/login.php
+++ b/cis/testtool/login.php
@@ -1,734 +1,736 @@
-<?php
-/* Copyright (C) 2006 Technikum-Wien
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
- *
- * Authors: Christian Paminger <christian.paminger@technikum-wien.at>,
- *          Andreas Oesterreicher <andreas.oesterreicher@technikum-wien.at>,
- *          Rudolf Hangl <rudolf.hangl@technikum-wien.at>,
- *          Manfred Kindl <manfred.kindl@technikum-wien.at>
- *          Cristina Hainberger <hainberg@technikum-wien.at>
- */
-
-require_once('../../config/cis.config.inc.php');
-require_once('../../config/global.config.inc.php');
-require_once('../../include/person.class.php');
-require_once('../../include/prestudent.class.php');
-require_once('../../include/pruefling.class.php');
-require_once('../../include/studiengang.class.php');
-require_once('../../include/studienplan.class.php');
-require_once('../../include/ablauf.class.php');
-require_once('../../include/reihungstest.class.php');
-require_once('../../include/sprache.class.php');
-require_once '../../include/phrasen.class.php';
-require_once '../../include/datum.class.php';
-
-if (!$db = new basis_db())
-	die('Fehler beim Oeffnen der Datenbankverbindung');
-
-// Start session
-session_start();
-
-// Logout (triggered by logout button in menu.php)
-if (isset($_GET['logout']) && $_GET['logout'] == true)
-{
-	// Unset global vars
-	unset($_GET['logout']);
-	unset($_GET['sprache_user']);
-	$_POST = [];
-	$_SESSION = [];
-
-	// Destroy session
-	session_destroy();
-
-	echo '
-		<script language="Javascript">
-			location = location.pathname;       // clean the login.php-url from querystring
-			parent.menu.location = parent.menu.location.pathname;   // clean the menu.php-url from querystring
-			parent.topbar.location = parent.topbar.location.pathname;   // clean the topbar.php-url from querystring
-		</script>
-	';
-}
-
-$gebdatum='';
-$date = new datum();
-
-$reload_menu=false;
-$alertmsg = '';
-
-$sg_var = new studiengang();
-
-if (isset($_POST['gebdatum']) && $_POST['gebdatum']!='')
-{
-	$gebdatum = $date->formatDatum($_POST['gebdatum'],'Y-m-d');
-}
-else
-	$gebdatum='';
-
-if (isset($_REQUEST['prestudent']))
-{
-	$ps = new prestudent($_REQUEST['prestudent']);
-
-	$login_ok = false;
-	if (defined('TESTTOOL_LOGIN_BEWERBUNGSTOOL') && TESTTOOL_LOGIN_BEWERBUNGSTOOL && isset($_GET['confirmation']))
-	{
-		if (isset($_SESSION['bewerbung/personId']) && $ps->person_id == $_SESSION['bewerbung/personId'])
-		{
-			$login_ok = true;
-		}
-		else
-		{
-			$alertmsg .= '<div class="alert alert-danger">Login ist nicht korrekt.
-				Bitte schließen Sie ihren Browser und versuchen es erneut
-			</div>';
-		}
-	}
-	elseif(!defined('TESTTOOL_LOGIN_BEWERBUNGSTOOL') || TESTTOOL_LOGIN_BEWERBUNGSTOOL == false)
-	{
-		//Geburtsdatum Pruefen
-		if (isset($gebdatum) && $gebdatum == $ps->gebdatum)
-		{
-			$login_ok = true;
-		}
-		else
-		{
-			$alertmsg .= '<div class="alert alert-danger">'.$p->t('testtool/geburtsdatumStimmtNichtUeberein').'</div>';
-		}
-	}
-
-	if ($login_ok)
-	{
-		$reihungstest_id='';
-		//Freischaltung fuer zugeteilten Reihungstest pruefen
-		$rt = new reihungstest();
-
-		// Wenns der Dummy ist dann extra laden
-		// An der FHTW gibt es 3 Testuser für den Camus International
-		$prestudent_id_dummy_student = (defined('PRESTUDENT_ID_DUMMY_STUDENT')?PRESTUDENT_ID_DUMMY_STUDENT:'');
-		if ($prestudent_id_dummy_student==$ps->prestudent_id ||
-			(CAMPUS_NAME == 'FH Technikum Wien' && $ps->prestudent_id == 30891) ||
-			(CAMPUS_NAME == 'FH Technikum Wien' && $ps->prestudent_id == 30890) ||
-			(CAMPUS_NAME == 'FH Technikum Wien' && $ps->prestudent_id == 30889))
-		{
-			$rt->getReihungstestPerson($ps->person_id);
-			if (isset($rt->result[0]))
-				$reihungstest_id = $rt->result[0]->reihungstest_id;
-			else
-			{
-				$alertmsg .= '<div class="alert alert-danger">'.$p->t('testtool/reihungstestKannNichtGeladenWerden').'</div>';
-			}
-		}
-		else
-		{
-			if ($rt->getReihungstestPersonDatum($ps->prestudent_id, date('Y-m-d')))
-			{
-				// TODO Was ist wenn da mehrere Zurueckkommen?!
-				if (isset($rt->result[0]))
-					$reihungstest_id = $rt->result[0]->reihungstest_id;
-				else
-				{
-					$alertmsg .= '<div class="alert alert-danger">'.$p->t('testtool/reihungstestKannNichtGeladenWerden').'</div>';
-				}
-			}
-			else
-			{
-				echo 'Failed:'.$rt->errormsg;
-			}
-		}
-		if ($reihungstest_id != '' && $rt->load($reihungstest_id))
-		{
-			if ($rt->freigeschaltet)
-			{
-				// regenerate Session ID after Login
-				session_regenerate_id();
-
-				$pruefling = new pruefling();
-				if ($pruefling->getPruefling($ps->prestudent_id))
-				{
-					$studiengang = $pruefling->studiengang_kz;
-					$semester = $pruefling->semester;
-				}
-				else
-				{
-					$studiengang = $ps->studiengang_kz;
-					$ps->getLastStatus($ps->prestudent_id);
-					$semester = $ps->ausbildungssemester;
-				}
-				if ($semester=='')
-					$semester=1;
-
-				$_SESSION['prestudent_id']=$_REQUEST['prestudent'];
-				$_SESSION['studiengang_kz']=$studiengang;
-				$_SESSION['nachname']=$ps->nachname;
-				$_SESSION['vorname']=$ps->vorname;
-				$_SESSION['gebdatum']=$ps->gebdatum;
-				$stg_obj = new studiengang($studiengang);
-
-				$_SESSION['semester']=$semester;
-				$_SESSION['reihungstestID'] = $reihungstest_id;
-				$stg_obj->getStudiengangTyp($stg_obj->typ);
-
-				// STG und Studienplan mit der höchsten Prio ermitteln
-				$firstPrio_studienplan_id = '';
-				$firstPrio_studiengang_kz = '';
-
-				//  * wenn STG des eingeloggten Prestudenten vom Typ Bachelor ist, dann höchste Prio aller
-				//  Bachelor-STG ermitteln, an denen die Person noch interessiert ist
-				//  Wenn STG vom Typ Master, dann wird als firstPrio der STPL bzw. der STG des MasterSTG gesetzt.
-				if ($stg_obj->typ == 'b')
-				{
-					$ps->getActualInteressenten($_REQUEST['prestudent'], true);
-				}
-				elseif ($stg_obj->typ == 'm')
-				{
-					$ps->getActualInteressenten($_REQUEST['prestudent'], false, 'm', $studiengang);
-				}
-
-				foreach($ps->result as $row)
-				{
-					if (isset($row->studiengang_kz))
-					{
-						$firstPrio_studienplan_id = $row->studienplan_id;
-						break;
-					}
-				}
-				foreach($ps->result as $row)
-				{
-					if (isset($row->studiengang_kz))
-					{
-						$firstPrio_studiengang_kz = $row->studiengang_kz;
-						break;
-					}
-				}
-				// Sprachvorgaben zu STG mit höchster Prio ermitteln
-
-				// * 1. Sprache über Ablauf Vorgaben ermitteln
-				$ablauf = new Ablauf();
-				$ablauf->getAblaufGebiete($firstPrio_studiengang_kz, $firstPrio_studienplan_id);
-				$rt_sprache = '';
-
-				if (empty($ablauf->result[0]))
-				{
-                    $ablauf->getAblaufGebiete($firstPrio_studiengang_kz);
-                }
-
-				if (!empty($ablauf->result[0]))
-				{
-					$rt_sprache = $ablauf->result[0]->sprache;
-				}
-
-				// * 2. falls keine Sprache vorhanden -> Sprache über Studienplan ermitteln
-				if (empty($rt_sprache))
-				{
-					$stpl = new Studienplan();
-					$stpl->loadStudienplan($firstPrio_studienplan_id);
-					$rt_sprache = $stpl->sprache;
-				}
-
-				// * 3. falls keine Sprache vorhanden -> Sprache über Studiengang ermitteln
-				if (empty($rt_sprache))
-				{
-					$stg = new Studiengang($firstPrio_studiengang_kz);
-					$rt_sprache = $stg->sprache;
-				}
-
-				// * 4. Sprache setzen. Falls keine Sprache vorhanden -> DEFAULT language verwenden
-				if (empty($rt_sprache))
-				{
-					$_SESSION['sprache_user'] = DEFAULT_LANGUAGE;
-				}
-				else
-				{
-					$_SESSION['sprache_user'] = $rt_sprache;
-				}
-			}
-			else
-			{
-				$alertmsg .= '<div class="alert alert-danger">'.$p->t('testtool/reihungstestNichtFreigeschalten').'</div>';
-			}
-		}
-		else
-		{
-			$alertmsg .= '<div class="alert alert-danger">'.$p->t('testtool/reihungstestKannNichtGeladenWerden').'</div>';
-		}
-	}
-}
-
-// Set language of user.
-// NOTE: don't move the code in order to check first the right studies' reihungstest language
-// (in case it was overruled by other STG with higher priority)
-
-// Start with default language on first login (before any prestudent has been selected)
-$sprache_user = DEFAULT_LANGUAGE;
-if (isset($_SESSION['sprache_user']) && !empty($_SESSION['sprache_user']))
-{
-	// If session var already exists, overwrite language var
-	// (session var changes e.g. when user selects other language with language-select-menu)
-	$sprache_user = $_SESSION['sprache_user'];
-}
-elseif (isset($_SESSION['prestudent_id']))
-{
-	// If session var does not exist but prestudent is known, set the session var
-	$_SESSION['sprache_user'] = DEFAULT_LANGUAGE;
-}
-
-// If language is changed by language select menu, reset language variables
-if (isset($_GET['sprache_user']) && !empty($_GET['sprache_user']))
-{
-	$sprache_user = $_GET['sprache_user'];
-	$_SESSION['sprache_user'] = $_GET['sprache_user'];
-}
-
-// NOTE: leave phrasen here, as the final users language is not defined until here
-$p = new phrasen($sprache_user);
-
-if (isset($_SESSION['prestudent_id']))
-{
-	$prestudent_id=$_SESSION['prestudent_id'];
-}
-else
-{
-	//$prestudent_id=null;
-	$ps=new prestudent();
-	$datum=date('Y-m-d');
-	// An der FHTW wird ein Bewerber nur einmal ausgegeben (1. Prio) falls es mehrere Bewerbungen gibt
-	/*if (CAMPUS_NAME == 'FH Technikum Wien')
-	{
-		$ps->getFirstPrioPrestudentRT($datum);
-	}
-	else*/
-	{
-		$ps->getPrestudentRT($datum);
-	}
-}
-
-
-if (isset($_SESSION['prestudent_id']) && !isset($_SESSION['pruefling_id']))
-{
-	$pruefling = new pruefling();
-
-		//wenn kein Prüfling geladen werden kann
-	if (!$pruefling->getPruefling($_SESSION['prestudent_id']))
-		$pruefling->new = true;
-		else
-			$pruefling->new = false;
-
-		$pruefling->studiengang_kz = $_SESSION['studiengang_kz'];
-		$pruefling->semester = $_SESSION['semester'];
-
-		$pruefling->idnachweis = '';
-		$pruefling->registriert = date('Y-m-d H:i:s');
-		$pruefling->prestudent_id = $_SESSION['prestudent_id'];
-		if ($pruefling->save())
-		{
-			$_SESSION['pruefling_id']=$pruefling->pruefling_id;
-			$reload_menu=true;
-		}
-}
-
-if (isset($_POST['save']) && isset($_SESSION['prestudent_id']))
-{
-	$pruefling = new pruefling();
-	if ($_POST['pruefling_id']!='')
-		if (!$pruefling->load($_POST['pruefling_id']))
-			die('Pruefling wurde nicht gefunden');
-		else
-			$pruefling->new=false;
-	else
-		$pruefling->new=true;
-
-	$pruefling->studiengang_kz = $_SESSION['studiengang_kz'];
-	$pruefling->idnachweis = isset($_POST['idnachweis'])?$_POST['idnachweis']:'';
-	$pruefling->registriert = date('Y-m-d H:i:s');
-	$pruefling->prestudent_id = $_SESSION['prestudent_id'];
-	$pruefling->semester = $_POST['semester'];
-	if ($pruefling->save())
-	{
-		$_SESSION['pruefling_id']=$pruefling->pruefling_id;
-		$_SESSION['semester']=$pruefling->semester;
-		$reload_menu=true;
-	}
-}
-?><!DOCTYPE HTML>
-<html>
-<head>
-	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-	<link rel="stylesheet" href="../../vendor/twbs/bootstrap/dist/css/bootstrap.min.css" type="text/css"/>
-	<link href="../../skin/style.css.php" rel="stylesheet" type="text/css">
-	<link rel="stylesheet" href="../../vendor/components/jqueryui/themes/base/jquery-ui.min.css" type="text/css"/>
-	<script type="text/javascript" src="../../vendor/components/jquery/jquery.min.js"></script>
-	<script type="text/javascript" src="../../vendor/components/jqueryui/jquery-ui.min.js"></script>
-	<script type="text/javascript" src="../../vendor/components/jqueryui/ui/i18n/datepicker-de.js"></script>
-	<script type="text/javascript" src="../../vendor/twbs/bootstrap/dist/js/bootstrap.min.js"></script>
-	<script type="text/javascript">
-
-	$(document).ready(function()
-	{
-		$.datepicker.setDefaults( $.datepicker.regional[ "" ] );
-		<?php //Wenn Deutsch ausgewaehlt, dann Datepicker auch in Deutsch
-		if ($sprache_user=="German")
-			echo '$.datepicker.setDefaults( $.datepicker.regional[ "de" ] );
-			$( "#datepicker" ).datepicker(
-				{
-					changeMonth: true,
-					changeYear: true,
-					defaultDate: "-6570",
-					maxDate: -5110,
-					yearRange: "-60:+00",
-				}
-				);';
-		else
-			echo '$( "#datepicker" ).datepicker({
-				dateFormat: "dd.mm.yy",
-				changeMonth: true,
-				changeYear: true,
-				defaultDate: "-6570",
-				maxDate: -5110,
-				yearRange: "-60:+00",
-				});';
-		?>
-
-		// If Browser is any other than Mozilla Firefox and the test includes any MathML,
-		// show message to use Mozilla Firefox
-		var ua = navigator.userAgent;
-		if ((ua.indexOf("Firefox") > -1) == false)
-		{
-			$("#alertmsgdiv").html("<div class='alert alert-danger'>BITTE VERWENDEN SIE DEN MOZILLA FIREFOX BROWSER!<br>(Manche Prüfungsfragen werden sonst nicht korrekt dargestellt.<br><br>PLEASE USE MOZILLA FIREFOX BROWSER!<br>(Otherwise some exam items will not be displayed correctly</div>");
-			//alert('BITTE VERWENDEN SIE DEN MOZILLA FIREFOX BROWSER!\n(Manche Prüfungsfragen werden sonst nicht korrekt dargestellt.\n\nPLEASE USE MOZILLA FIREFOX BROWSER!\n(Ohterwise some exam items will not be displayed correctly.)');
-		}
-	});
-	</script>
-<?php
-	if ($reload_menu)
-		echo '<script language="Javascript">parent.menu.location.reload();</script>';
-?>
-</head>
-
-<body scroll="no">
-	<div class="row">
-
-<?php
-
-//REIHUNGSTEST STARTSEITE (nach Login)
-if (isset($prestudent_id))
-{
-	$prestudent = new prestudent($prestudent_id);
-	$stg_obj = new studiengang($prestudent->studiengang_kz);
-	$pruefling = new pruefling();
-	$typ = new studiengang($prestudent->studiengang_kz);
-	$typ->getStudiengangTyp($stg_obj->typ);
-
-	// STG mit der höchsten Prio ermitteln
-	$ps = new Prestudent();
-
-	//  * prinzipiell STG der session übernehmem
-	$firstPrio_studiengang_kz = $prestudent->studiengang_kz;
-
-	//  * wenn STG des eingeloggten Prestudenten vom Typ Bachelor ist, dann höchste Prio aller
-	//  Bachelor-STG ermitteln, an denen die Person noch interessiert ist
-	if ($typ->typ == 'b')
-	{
-		$ps->getActualInteressenten($prestudent_id, true, 'b');
-		foreach($ps->result as $row_prio)
-		{
-			if (isset($row_prio->studiengang_kz))
-			{
-				$firstPrio_studiengang_kz = $row_prio->studiengang_kz;
-                $firstPrio_studienplan_id = $row_prio->studienplan_id;
-				break;
-			}
-		}
-	}
-
-	// Sprachwahl zu STG mit höchster Prio ermitteln
-	$ablauf = new Ablauf();
-	$sprachwahl = false;
-
-    $ablauf->getAblaufGebiete($firstPrio_studiengang_kz, $firstPrio_studienplan_id);
-
-    if (empty($ablauf->result[0]))
-    {
-        $ablauf->getAblaufGebiete($firstPrio_studiengang_kz);
-    }
-
-    if (isset($ablauf->result[0])
-        && is_bool($ablauf->result[0]->sprachwahl))
-	{
-	   $sprachwahl = $ablauf->result[0]->sprachwahl;
-	}
-
-	// If language can be switched, display language select menu on the top
-	if ($sprachwahl)
-	{
-		$_SESSION['sprache_auswahl'] = true;
-	?>
-		<script type="text/javascript">
-			parent.topbar.location.reload();
-		</script>
-	<?php
-	}
-	//Prestudent Informationen
-	echo '<div class="col-xs-10 col-sm-9 col-lg-6">';
-	echo '
-		<h1 style="margin-top: -20px;">'. $p->t('testtool/begruessungstext'). '</h1><br/>
-		<p>'. $p->t('testtool/anmeldedaten'). '</p><br/>
-	';
-
-	echo '
-	  <table class="table table-bordered">
-			<tr>
-				<td style="width: 50%;"><strong>'.$p->t('zeitaufzeichnung/id').'</strong></td>
-				<td>'.$_SESSION['prestudent_id'].'</td>
-			</tr>
-			<tr>
-				<td><strong>'.$p->t('global/name').'</strong></td>
-				<td>'.$_SESSION['vorname'].' '.$_SESSION['nachname'].'</td>
-			</tr>
-			<tr>
-				<td><strong>'.$p->t('global/geburtsdatum').'</strong></td>
-				<td>'.$date->formatDatum($_SESSION["gebdatum"],"d.m.Y").'</td>
-			</tr>
-	  </table>
-	';
-	echo '<br>';
-	echo '
-		 <p>'. $p->t('testtool/fuerFolgendeStgAngemeldet'). '</p><br>
-
-		 <table class="table table-bordered">
-			<thead>
-				<tr>
-					<th style="width: 50%;">'. $p->t('global/studiengang'). '</th>
-					<th>Status</th>
-				 </tr>
-			</thead>
-			<tbody>
-		 ';
-
-	//  * wenn Prestudent an 1 - n Bachelor-Studiengängen interessiert ist, dann STG anführen
-	if ($typ->typ == 'b')
-	{
-		$ps_arr = new Prestudent();
-		$ps_arr->getActualInteressenten($prestudent_id, false, 'b');
-
-		if (count($ps_arr->result) > 0)
-		{
-			// Jeweils letzten Status ermitteln (ob Interessent oder Abgewiesener)
-			foreach ($ps_arr->result as $ps_obj)
-			{
-				$ps_tmp = new Prestudent();
-				$ps_tmp->getLastStatus($ps_obj->prestudent_id);
-
-				$ps_obj->lastStatus = $ps_tmp->status_kurzbz; // letzten Status dem result array hinzufügen
-				$ps_obj->status_mehrsprachig = $ps_tmp->status_mehrsprachig;
-			}
-
-			// Falls Status 'Abgewiesene' vorhanden, nach hinten reihen
-			usort($ps_arr->result, function($a, $b){
-				return strcmp($b->lastStatus, $a->lastStatus); // Order by DESC
-			});
-			foreach ($ps_arr->result as $ps_obj)
-			{
-				echo '<tr>';
-				$stg = new Studiengang($ps_obj->studiengang_kz);
-
-				if ($ps_obj->lastStatus == "Interessent"
-					|| $ps_obj->lastStatus == "Bewerber"
-					|| $ps_obj->lastStatus == "Wartender"
-					|| $ps_obj->lastStatus == "Aufgenommener")
-				{
-					echo '<td style="width: 50%;">'. $ps_obj->typ_bz .' '. ($sprache_user == 'English' ? $stg->english : $stg->bezeichnung). ' ('.$ps_obj->orgform_bezeichnung[$sprache_user].')</td>';
-					if ($ps_obj->ausbildungssemester == '1')
-					{
-						echo '<td>'. $p->t('testtool/regulaererEinstieg'). ' (1. Semester)</td>';
-					}
-					elseif ($ps_obj->ausbildungssemester == '3')
-					{
-						echo '<td>'. $p->t('testtool/quereinstieg'). ' (3. Semester)</td>';
-					}
-				}
-				// wenn letzter Status \'Abgewiesener\' ist, dann als solchen kennzeichnen
-				elseif ($ps_obj->lastStatus == "Abgewiesener")
-				{
-					echo '
-						<td class="text-muted">'. $ps_obj->typ_bz .' '. ($sprache_user == 'English' ? $stg->english : $stg->bezeichnung). '</td>
-						<td class="text-muted">'. $ps_obj->status_mehrsprachig[$sprache_user]. '</td>
-					';
-				}
-				echo '</tr>';
-			}
-		}
-	}
-	//  * wenn Prestudent an einem Master-Studiengang interessiert ist, dann nur den einen STG anführen
-	else
-	{
-		// Letzten Status für des Prestudenten einholen
-		$ps_master = new Prestudent();
-		$ps_master->getLastStatus($prestudent_id);
-		echo '<td>'. $typ->bezeichnung.' '.($sprache_user=='English'?$stg_obj->english:$stg_obj->bezeichnung).'</td>';
-		echo '<td>'. $ps_master->status_mehrsprachig[$sprache_user]. '</td>';
-	}
-
-	echo '
-		</tbody>
-	 </table>
-	';
-
-	echo '<br>';
-
-	if ($pruefling->getPruefling($prestudent_id))
-	{
-		echo '<FORM accept-charset="UTF-8"   action="'. $_SERVER['PHP_SELF'].'"  method="post" enctype="multipart/form-data">';
-		echo '<input type="hidden" name="pruefling_id" value="'.$pruefling->pruefling_id.'">';
-		echo '<table>';
-		//echo '<tr><td>'.$p->t('global/semester').':</td><td><input type="text" name="semester" size="1" maxlength="1" value="'.$pruefling->semester.'">&nbsp;<input type="submit" name="save" value="Semester ändern"></td></tr>';
-		//echo '<tr><td>ID Nachweis:</td><td><INPUT type="text" maxsize="50" name="idnachweis" value="'.$pruefling->idnachweis.'"></td></tr>';
-		//echo '<tr><td></td><td><input type="submit" name="save" value="Semester ändern"></td>';
-		echo '</table>';
-		echo '</FORM>';
-		echo '<br><br>';
-		echo '
-			<div class="well well-lg text-center">
-				<strong>'.$p->t('testtool/klickenSieAufEinTeilgebiet').'</strong>
-			</div>
-	   ';
-		if ($pruefling->pruefling_id!='')
-		{
-			$_SESSION['pruefling_id']=$pruefling->pruefling_id;
-		}
-	}
-	else
-	{
-		echo '<span class="error">'.$p->t('testtool/keinPrueflingseintragVorhanden').'</span>';
-	}
-	echo '	</div><!--/.col-->';
-}
-else // LOGIN Site (vor Login)
-{
-	if (defined('TESTTOOL_LOGIN_BEWERBUNGSTOOL') && TESTTOOL_LOGIN_BEWERBUNGSTOOL)
-	{
-		echo '<div class="col-xs-11">';
-		echo '<div id="alertmsgdiv">'.$alertmsg.'</div>';
-		echo $p->t('testtool/einfuehrungsText');
-
-		if (isset($_SESSION['bewerbung/personId']))
-		{
-			echo '<script>
-				function changeconfirmation()
-				{
-					document.getElementById("confirmationSubmit").disabled = !document.getElementById("confirmationCheckbox").checked;
-				}
-				</script>';
-			echo '<div class="row text-center">
-			'.$p->t('testtool/loginNoetig').'<br /><br />
-			<form action="login.php">
-			<input type="hidden" name="prestudent" value="'.$_REQUEST['prestudent'].'" />
-			<input id="confirmationCheckbox" type="checkbox" name="confirmation" onclick="changeconfirmation()" />
-			'.$p->t('testtool/confirmationText').'
-			<br><br>
-			<button id="confirmationSubmit" type="submit" class="btn btn-primary" disabled/>
-				'.$p->t('testtool/start').'
-			</button>
-			</form>';
-		}
-		else
-		{
-			echo '<div class="row text-center">
-			'.$p->t('testtool/loginNoetig').'<br /><br />
-			<form action="'.APP_ROOT.'/addons/bewerbung/cis/." target="_top">
-			<button type="submit" class="btn btn-primary" />
-				'.$p->t('testtool/login').'
-			</button>
-			</form>';
-		}
-		echo '
-		</div>';
-		echo '</div>';
-	}
-	else
-	{
-		$prestudent_id_dummy_student = (defined('PRESTUDENT_ID_DUMMY_STUDENT')?PRESTUDENT_ID_DUMMY_STUDENT:'');
-		echo '<div class="col-xs-11">';
-
-		//	Welcome text
-		echo '<div id="alertmsgdiv">'.$alertmsg.'</div>';
-		echo '
-			<div class="row" style="margin-bottom: 10%; margin-top: 3%;">
-				<div class="col-xs-6 text-center" style="border-right: 1px solid lightgrey;">
-					<h1 style="white-space: normal">Herzlich Willkommen zum Reihungstest</h1><br><br>
-					Bitte warten Sie mit dem Login auf die Anweisung der Aufsichtsperson.<br><br>
-					Wir wünschen Ihnen einen erfolgreichen Start ins Studium.
-				</div>
-				<div class="col-xs-6 text-center">
-					<h1 style="white-space: normal">Welcome to the placement test</h1> <br><br>
-					Please wait for the tutor\'s instructions before you log in.<br><br>
-					We wish you a good start to your studies.
-				</div>
-			</div>
-		';
-
-		// Begin form
-		echo '<div class="row text-center">';
-		echo '<form method="post" class="form-inline">';
-
-		// Name select menu
-		echo '<div class="form-group">';
-		echo '<label for="select-prestudent" class="col-sm-2 control-label">Name</label>';
-		echo '<div class="col-sm-10">';
-		echo '<SELECT name="prestudent" id="select-prestudent" class="form-control">';
-		echo '<OPTION value="'.$prestudent_id_dummy_student.'">Bitte wählen / Please select...</OPTION>\n';
-		foreach($ps->result as $prestd)
-		{
-			$stg = new studiengang();
-			$stg->load($prestd->studiengang_kz);
-			if (isset($_REQUEST['prestudent']) && $prestd->prestudent_id==$_REQUEST['prestudent'])
-				$selected = 'selected';
-			else
-				$selected='';
-			echo '
-					<OPTION value="'.$prestd->prestudent_id.'" '.$selected.'>'.$prestd->nachname.' '.$prestd->vorname.' ('.(strtoupper($stg->typ.$stg->kurzbz)).')</OPTION>\n';
-		}
-		// An der FHTW gibt es 3 Testuser für den Camus International
-		if (CAMPUS_NAME == 'FH Technikum Wien')
-		{
-			echo '<OPTION value="30891">Testuser Campus International 01</OPTION>\n';
-			echo '<OPTION value="30890">Testuser Campus International 02</OPTION>\n';
-			echo '<OPTION value="30889">Testuser Campus International 03</OPTION>\n';
-		}
-		echo '</SELECT>';
-		echo '</div>'; // end col-xs
-		echo '</div>'; // end form-group
-
-		// Datepicker input
-		echo '<div class="form-group"> ';
-		echo '<label for="datepicker" class="col-sm-offset-1 col-sm-4 control-label">Geburtsdatum | Date of Birth</label>';
-		echo '<div class="col-sm-3">';
-		echo '<input type="text" id="datepicker" class="form-control" name="gebdatum" value="'.$date->formatDatum($gebdatum,'d.m.Y').'" placeholder="DD.MM.YYYY">';
-		echo '</div>'; // end col-xs
-		echo '</div>'; // end form-group
-
-		// Login button
-		echo '<button type="submit" class="btn btn-default" value="'.$p->t('testtool/login').'" />'.$p->t('testtool/login').'</button>';
-
-		echo '</form>'; // end form
-
-		echo '</div>';  // end row
-		echo '</div>';  // end col-xs-11
-	}
-}
-
-?>
-</div><!--/.row-->
-</body>
-</html>
+<?php
+/* Copyright (C) 2006 Technikum-Wien
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Authors: Christian Paminger <christian.paminger@technikum-wien.at>,
+ *          Andreas Oesterreicher <andreas.oesterreicher@technikum-wien.at>,
+ *          Rudolf Hangl <rudolf.hangl@technikum-wien.at>,
+ *          Manfred Kindl <manfred.kindl@technikum-wien.at>
+ *          Cristina Hainberger <hainberg@technikum-wien.at>
+ */
+
+require_once('../../config/cis.config.inc.php');
+require_once('../../config/global.config.inc.php');
+require_once('../../include/person.class.php');
+require_once('../../include/prestudent.class.php');
+require_once('../../include/pruefling.class.php');
+require_once('../../include/studiengang.class.php');
+require_once('../../include/studienplan.class.php');
+require_once('../../include/ablauf.class.php');
+require_once('../../include/reihungstest.class.php');
+require_once('../../include/sprache.class.php');
+require_once '../../include/phrasen.class.php';
+require_once '../../include/datum.class.php';
+
+if (!$db = new basis_db())
+	die('Fehler beim Oeffnen der Datenbankverbindung');
+
+// Start session
+session_start();
+
+// Logout (triggered by logout button in menu.php)
+if (isset($_GET['logout']) && $_GET['logout'] == true)
+{
+	// Unset global vars
+	unset($_GET['logout']);
+	unset($_GET['sprache_user']);
+	$_POST = [];
+	$_SESSION = [];
+
+	// Destroy session
+	session_destroy();
+
+	echo '
+		<script language="Javascript">
+			location = location.pathname;       // clean the login.php-url from querystring
+			parent.menu.location = parent.menu.location.pathname;   // clean the menu.php-url from querystring
+			parent.topbar.location = parent.topbar.location.pathname;   // clean the topbar.php-url from querystring
+		</script>
+	';
+}
+
+$gebdatum='';
+$date = new datum();
+
+$reload_menu=false;
+$alertmsg = '';
+
+$sg_var = new studiengang();
+
+if (isset($_POST['gebdatum']) && $_POST['gebdatum']!='')
+{
+	$gebdatum = $date->formatDatum($_POST['gebdatum'],'Y-m-d');
+}
+else
+	$gebdatum='';
+
+if (isset($_REQUEST['prestudent']))
+{
+	$ps = new prestudent($_REQUEST['prestudent']);
+
+	$login_ok = false;
+	if (defined('TESTTOOL_LOGIN_BEWERBUNGSTOOL') && TESTTOOL_LOGIN_BEWERBUNGSTOOL && isset($_GET['confirmation']))
+	{
+		if (isset($_SESSION['bewerbung/personId']) && $ps->person_id == $_SESSION['bewerbung/personId'])
+		{
+			$login_ok = true;
+		}
+		else
+		{
+			$alertmsg .= '<div class="alert alert-danger">Login ist nicht korrekt.
+				Bitte schließen Sie ihren Browser und versuchen es erneut
+			</div>';
+		}
+	}
+	elseif(!defined('TESTTOOL_LOGIN_BEWERBUNGSTOOL') || TESTTOOL_LOGIN_BEWERBUNGSTOOL == false)
+	{
+		//Geburtsdatum Pruefen
+		if (isset($gebdatum) && $gebdatum == $ps->gebdatum)
+		{
+			$login_ok = true;
+		}
+		else
+		{
+			$alertmsg .= '<div class="alert alert-danger">'.$p->t('testtool/geburtsdatumStimmtNichtUeberein').'</div>';
+		}
+	}
+
+	if ($login_ok)
+	{
+		$reihungstest_id='';
+		//Freischaltung fuer zugeteilten Reihungstest pruefen
+		$rt = new reihungstest();
+
+		// Wenns der Dummy ist dann extra laden
+		// An der FHTW gibt es 3 Testuser für den Camus International
+		$prestudent_id_dummy_student = (defined('PRESTUDENT_ID_DUMMY_STUDENT')?PRESTUDENT_ID_DUMMY_STUDENT:'');
+		if ($prestudent_id_dummy_student==$ps->prestudent_id ||
+			(CAMPUS_NAME == 'FH Technikum Wien' && $ps->prestudent_id == 30891) ||
+			(CAMPUS_NAME == 'FH Technikum Wien' && $ps->prestudent_id == 30890) ||
+			(CAMPUS_NAME == 'FH Technikum Wien' && $ps->prestudent_id == 30889))
+		{
+			$rt->getReihungstestPerson($ps->person_id);
+			if (isset($rt->result[0]))
+				$reihungstest_id = $rt->result[0]->reihungstest_id;
+			else
+			{
+				$alertmsg .= '<div class="alert alert-danger">'.$p->t('testtool/reihungstestKannNichtGeladenWerden').'</div>';
+			}
+		}
+		else
+		{
+			if ($rt->getReihungstestPersonDatum($ps->prestudent_id, date('Y-m-d')))
+			{
+				// TODO Was ist wenn da mehrere Zurueckkommen?!
+				if (isset($rt->result[0]))
+					$reihungstest_id = $rt->result[0]->reihungstest_id;
+				else
+				{
+					$alertmsg .= '<div class="alert alert-danger">'.$p->t('testtool/reihungstestKannNichtGeladenWerden').'</div>';
+				}
+			}
+			else
+			{
+				echo 'Failed:'.$rt->errormsg;
+			}
+		}
+		if ($reihungstest_id != '' && $rt->load($reihungstest_id))
+		{
+			if ($rt->freigeschaltet)
+			{
+				// regenerate Session ID after Login
+				session_regenerate_id();
+
+				$pruefling = new pruefling();
+				if ($pruefling->getPruefling($ps->prestudent_id))
+				{
+					$studiengang = $pruefling->studiengang_kz;
+					$semester = $pruefling->semester;
+				}
+				else
+				{
+					$studiengang = $ps->studiengang_kz;
+					$ps->getLastStatus($ps->prestudent_id);
+					$semester = $ps->ausbildungssemester;
+				}
+				if ($semester=='')
+					$semester=1;
+
+				$_SESSION['prestudent_id']=$_REQUEST['prestudent'];
+				$_SESSION['studiengang_kz']=$studiengang;
+				$_SESSION['nachname']=$ps->nachname;
+				$_SESSION['vorname']=$ps->vorname;
+				$_SESSION['gebdatum']=$ps->gebdatum;
+				$stg_obj = new studiengang($studiengang);
+
+				$_SESSION['semester']=$semester;
+				$_SESSION['reihungstestID'] = $reihungstest_id;
+				$stg_obj->getStudiengangTyp($stg_obj->typ);
+
+				// STG und Studienplan mit der höchsten Prio ermitteln
+				$firstPrio_studienplan_id = '';
+				$firstPrio_studiengang_kz = '';
+
+				//  * wenn STG des eingeloggten Prestudenten vom Typ Bachelor ist, dann höchste Prio aller
+				//  Bachelor-STG ermitteln, an denen die Person noch interessiert ist
+				//  Wenn STG vom Typ Master, dann wird als firstPrio der STPL bzw. der STG des MasterSTG gesetzt.
+				if ($stg_obj->typ == 'b')
+				{
+					$ps->getActualInteressenten($_REQUEST['prestudent'], true);
+				}
+				elseif ($stg_obj->typ == 'm')
+				{
+					$ps->getActualInteressenten($_REQUEST['prestudent'], false, 'm', $studiengang);
+				}
+
+				foreach($ps->result as $row)
+				{
+					if (isset($row->studiengang_kz))
+					{
+						$firstPrio_studienplan_id = $row->studienplan_id;
+						break;
+					}
+				}
+				foreach($ps->result as $row)
+				{
+					if (isset($row->studiengang_kz))
+					{
+						$firstPrio_studiengang_kz = $row->studiengang_kz;
+						break;
+					}
+				}
+				// Sprachvorgaben zu STG mit höchster Prio ermitteln
+
+				// * 1. Sprache über Ablauf Vorgaben ermitteln
+				$ablauf = new Ablauf();
+				$ablauf->getAblaufGebiete($firstPrio_studiengang_kz, $firstPrio_studienplan_id);
+				$rt_sprache = '';
+
+				if (empty($ablauf->result[0]))
+				{
+                    $ablauf->getAblaufGebiete($firstPrio_studiengang_kz);
+                }
+
+				if (!empty($ablauf->result[0]))
+				{
+					$rt_sprache = $ablauf->result[0]->sprache;
+				}
+
+				// * 2. falls keine Sprache vorhanden -> Sprache über Studienplan ermitteln
+				if (empty($rt_sprache))
+				{
+					$stpl = new Studienplan();
+					$stpl->loadStudienplan($firstPrio_studienplan_id);
+					$rt_sprache = $stpl->sprache;
+				}
+
+				// * 3. falls keine Sprache vorhanden -> Sprache über Studiengang ermitteln
+				if (empty($rt_sprache))
+				{
+					$stg = new Studiengang($firstPrio_studiengang_kz);
+					$rt_sprache = $stg->sprache;
+				}
+
+				// * 4. Sprache setzen. Falls keine Sprache vorhanden -> DEFAULT language verwenden
+				if (empty($rt_sprache))
+				{
+					$_SESSION['sprache_user'] = DEFAULT_LANGUAGE;
+				}
+				else
+				{
+					$_SESSION['sprache_user'] = $rt_sprache;
+				}
+			}
+			else
+			{
+				$alertmsg .= '<div class="alert alert-danger">'.$p->t('testtool/reihungstestNichtFreigeschalten').'</div>';
+			}
+		}
+		else
+		{
+			$alertmsg .= '<div class="alert alert-danger">'.$p->t('testtool/reihungstestKannNichtGeladenWerden').'</div>';
+		}
+	}
+}
+
+// Set language of user.
+// NOTE: don't move the code in order to check first the right studies' reihungstest language
+// (in case it was overruled by other STG with higher priority)
+
+// Start with default language on first login (before any prestudent has been selected)
+$sprache_user = DEFAULT_LANGUAGE;
+if (isset($_SESSION['sprache_user']) && !empty($_SESSION['sprache_user']))
+{
+	// If session var already exists, overwrite language var
+	// (session var changes e.g. when user selects other language with language-select-menu)
+	$sprache_user = $_SESSION['sprache_user'];
+}
+elseif (isset($_SESSION['prestudent_id']))
+{
+	// If session var does not exist but prestudent is known, set the session var
+	$_SESSION['sprache_user'] = DEFAULT_LANGUAGE;
+}
+
+// If language is changed by language select menu, reset language variables
+if (isset($_GET['sprache_user']) && !empty($_GET['sprache_user']))
+{
+	$sprache_user = $_GET['sprache_user'];
+	$_SESSION['sprache_user'] = $_GET['sprache_user'];
+}
+
+// NOTE: leave phrasen here, as the final users language is not defined until here
+$p = new phrasen($sprache_user);
+
+if (isset($_SESSION['prestudent_id']))
+{
+	$prestudent_id=$_SESSION['prestudent_id'];
+}
+else
+{
+	//$prestudent_id=null;
+	$ps=new prestudent();
+	$datum=date('Y-m-d');
+	// An der FHTW wird ein Bewerber nur einmal ausgegeben (1. Prio) falls es mehrere Bewerbungen gibt
+	/*if (CAMPUS_NAME == 'FH Technikum Wien')
+	{
+		$ps->getFirstPrioPrestudentRT($datum);
+	}
+	else*/
+	{
+		$ps->getPrestudentRT($datum);
+	}
+}
+
+
+if (isset($_SESSION['prestudent_id']) && !isset($_SESSION['pruefling_id']))
+{
+	$pruefling = new pruefling();
+
+		//wenn kein Prüfling geladen werden kann
+	if (!$pruefling->getPruefling($_SESSION['prestudent_id']))
+		$pruefling->new = true;
+		else
+			$pruefling->new = false;
+
+		$pruefling->studiengang_kz = $_SESSION['studiengang_kz'];
+		$pruefling->semester = $_SESSION['semester'];
+
+		$pruefling->idnachweis = '';
+		$pruefling->registriert = date('Y-m-d H:i:s');
+		$pruefling->prestudent_id = $_SESSION['prestudent_id'];
+		if ($pruefling->save())
+		{
+			$_SESSION['pruefling_id']=$pruefling->pruefling_id;
+			$reload_menu=true;
+		}
+}
+
+if (isset($_POST['save']) && isset($_SESSION['prestudent_id']))
+{
+	$pruefling = new pruefling();
+	if ($_POST['pruefling_id']!='')
+		if (!$pruefling->load($_POST['pruefling_id']))
+			die('Pruefling wurde nicht gefunden');
+		else
+			$pruefling->new=false;
+	else
+		$pruefling->new=true;
+
+	$pruefling->studiengang_kz = $_SESSION['studiengang_kz'];
+	$pruefling->idnachweis = isset($_POST['idnachweis'])?$_POST['idnachweis']:'';
+	$pruefling->registriert = date('Y-m-d H:i:s');
+	$pruefling->prestudent_id = $_SESSION['prestudent_id'];
+	$pruefling->semester = $_POST['semester'];
+	if ($pruefling->save())
+	{
+		$_SESSION['pruefling_id']=$pruefling->pruefling_id;
+		$_SESSION['semester']=$pruefling->semester;
+		$reload_menu=true;
+	}
+}
+?><!DOCTYPE HTML>
+<html>
+<head>
+	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+	<link rel="stylesheet" href="../../vendor/twbs/bootstrap/dist/css/bootstrap.min.css" type="text/css"/>
+	<link href="../../skin/style.css.php" rel="stylesheet" type="text/css">
+	<link rel="stylesheet" href="../../vendor/components/jqueryui/themes/base/jquery-ui.min.css" type="text/css"/>
+	<script type="text/javascript" src="../../vendor/components/jquery/jquery.min.js"></script>
+	<script type="text/javascript" src="../../vendor/components/jqueryui/jquery-ui.min.js"></script>
+	<script type="text/javascript" src="../../vendor/components/jqueryui/ui/i18n/datepicker-de.js"></script>
+	<script type="text/javascript" src="../../vendor/twbs/bootstrap/dist/js/bootstrap.min.js"></script>
+	<script type="text/javascript">
+
+	$(document).ready(function()
+	{
+		$.datepicker.setDefaults( $.datepicker.regional[ "" ] );
+		<?php //Wenn Deutsch ausgewaehlt, dann Datepicker auch in Deutsch
+		if ($sprache_user=="German")
+			echo '$.datepicker.setDefaults( $.datepicker.regional[ "de" ] );
+			$( "#datepicker" ).datepicker(
+				{
+					changeMonth: true,
+					changeYear: true,
+					defaultDate: "-6570",
+					maxDate: -5110,
+					yearRange: "-60:+00",
+				}
+				);';
+		else
+			echo '$( "#datepicker" ).datepicker({
+				dateFormat: "dd.mm.yy",
+				changeMonth: true,
+				changeYear: true,
+				defaultDate: "-6570",
+				maxDate: -5110,
+				yearRange: "-60:+00",
+				});';
+		?>
+
+		// If Browser is any other than Mozilla Firefox and the test includes any MathML,
+		// show message to use Mozilla Firefox
+		var ua = navigator.userAgent;
+		if ((ua.indexOf("Firefox") > -1) == false)
+		{
+			$("#alertmsgdiv").html("<div class='alert alert-danger'>BITTE VERWENDEN SIE DEN MOZILLA FIREFOX BROWSER!<br>(Manche Prüfungsfragen werden sonst nicht korrekt dargestellt.<br><br>PLEASE USE MOZILLA FIREFOX BROWSER!<br>(Otherwise some exam items will not be displayed correctly</div>");
+			//alert('BITTE VERWENDEN SIE DEN MOZILLA FIREFOX BROWSER!\n(Manche Prüfungsfragen werden sonst nicht korrekt dargestellt.\n\nPLEASE USE MOZILLA FIREFOX BROWSER!\n(Ohterwise some exam items will not be displayed correctly.)');
+		}
+	});
+	</script>
+<?php
+	if ($reload_menu)
+		echo '<script language="Javascript">parent.menu.location.reload();</script>';
+?>
+</head>
+
+<body scroll="no">
+	<div class="row">
+
+<?php
+
+//REIHUNGSTEST STARTSEITE (nach Login)
+if (isset($prestudent_id))
+{
+	$prestudent = new prestudent($prestudent_id);
+	$stg_obj = new studiengang($prestudent->studiengang_kz);
+	$pruefling = new pruefling();
+	$typ = new studiengang($prestudent->studiengang_kz);
+	$typ->getStudiengangTyp($stg_obj->typ);
+
+	// STG mit der höchsten Prio ermitteln
+	$ps = new Prestudent();
+
+	//  * prinzipiell STG der session übernehmem
+	$firstPrio_studiengang_kz = $prestudent->studiengang_kz;
+
+	//  * wenn STG des eingeloggten Prestudenten vom Typ Bachelor ist, dann höchste Prio aller
+	//  Bachelor-STG ermitteln, an denen die Person noch interessiert ist
+	$firstPrio_studienplan_id = '';
+	$firstPrio_studiengang_kz = '';
+	if ($typ->typ == 'b')
+	{
+		$ps->getActualInteressenten($prestudent_id, true, 'b');
+		foreach($ps->result as $row_prio)
+		{
+			if (isset($row_prio->studiengang_kz))
+			{
+				$firstPrio_studiengang_kz = $row_prio->studiengang_kz;
+                $firstPrio_studienplan_id = $row_prio->studienplan_id;
+				break;
+			}
+		}
+	}
+
+	// Sprachwahl zu STG mit höchster Prio ermitteln
+	$ablauf = new Ablauf();
+	$sprachwahl = false;
+
+    $ablauf->getAblaufGebiete($firstPrio_studiengang_kz, $firstPrio_studienplan_id);
+
+    if (empty($ablauf->result[0]))
+    {
+        $ablauf->getAblaufGebiete($firstPrio_studiengang_kz);
+    }
+
+    if (isset($ablauf->result[0])
+        && is_bool($ablauf->result[0]->sprachwahl))
+	{
+	   $sprachwahl = $ablauf->result[0]->sprachwahl;
+	}
+
+	// If language can be switched, display language select menu on the top
+	if ($sprachwahl)
+	{
+		$_SESSION['sprache_auswahl'] = true;
+	?>
+		<script type="text/javascript">
+			parent.topbar.location.reload();
+		</script>
+	<?php
+	}
+	//Prestudent Informationen
+	echo '<div class="col-xs-10 col-sm-9 col-lg-6">';
+	echo '
+		<h1 style="margin-top: -20px;">'. $p->t('testtool/begruessungstext'). '</h1><br/>
+		<p>'. $p->t('testtool/anmeldedaten'). '</p><br/>
+	';
+
+	echo '
+	  <table class="table table-bordered">
+			<tr>
+				<td style="width: 50%;"><strong>'.$p->t('zeitaufzeichnung/id').'</strong></td>
+				<td>'.$_SESSION['prestudent_id'].'</td>
+			</tr>
+			<tr>
+				<td><strong>'.$p->t('global/name').'</strong></td>
+				<td>'.$_SESSION['vorname'].' '.$_SESSION['nachname'].'</td>
+			</tr>
+			<tr>
+				<td><strong>'.$p->t('global/geburtsdatum').'</strong></td>
+				<td>'.$date->formatDatum($_SESSION["gebdatum"],"d.m.Y").'</td>
+			</tr>
+	  </table>
+	';
+	echo '<br>';
+	echo '
+		 <p>'. $p->t('testtool/fuerFolgendeStgAngemeldet'). '</p><br>
+
+		 <table class="table table-bordered">
+			<thead>
+				<tr>
+					<th style="width: 50%;">'. $p->t('global/studiengang'). '</th>
+					<th>Status</th>
+				 </tr>
+			</thead>
+			<tbody>
+		 ';
+
+	//  * wenn Prestudent an 1 - n Bachelor-Studiengängen interessiert ist, dann STG anführen
+	if ($typ->typ == 'b')
+	{
+		$ps_arr = new Prestudent();
+		$ps_arr->getActualInteressenten($prestudent_id, false, 'b');
+
+		if (count($ps_arr->result) > 0)
+		{
+			// Jeweils letzten Status ermitteln (ob Interessent oder Abgewiesener)
+			foreach ($ps_arr->result as $ps_obj)
+			{
+				$ps_tmp = new Prestudent();
+				$ps_tmp->getLastStatus($ps_obj->prestudent_id);
+
+				$ps_obj->lastStatus = $ps_tmp->status_kurzbz; // letzten Status dem result array hinzufügen
+				$ps_obj->status_mehrsprachig = $ps_tmp->status_mehrsprachig;
+			}
+
+			// Falls Status 'Abgewiesene' vorhanden, nach hinten reihen
+			usort($ps_arr->result, function($a, $b){
+				return strcmp($b->lastStatus, $a->lastStatus); // Order by DESC
+			});
+			foreach ($ps_arr->result as $ps_obj)
+			{
+				echo '<tr>';
+				$stg = new Studiengang($ps_obj->studiengang_kz);
+
+				if ($ps_obj->lastStatus == "Interessent"
+					|| $ps_obj->lastStatus == "Bewerber"
+					|| $ps_obj->lastStatus == "Wartender"
+					|| $ps_obj->lastStatus == "Aufgenommener")
+				{
+					echo '<td style="width: 50%;">'. $ps_obj->typ_bz .' '. ($sprache_user == 'English' ? $stg->english : $stg->bezeichnung). ' ('.$ps_obj->orgform_bezeichnung[$sprache_user].')</td>';
+					if ($ps_obj->ausbildungssemester == '1')
+					{
+						echo '<td>'. $p->t('testtool/regulaererEinstieg'). ' (1. Semester)</td>';
+					}
+					elseif ($ps_obj->ausbildungssemester == '3')
+					{
+						echo '<td>'. $p->t('testtool/quereinstieg'). ' (3. Semester)</td>';
+					}
+				}
+				// wenn letzter Status \'Abgewiesener\' ist, dann als solchen kennzeichnen
+				elseif ($ps_obj->lastStatus == "Abgewiesener")
+				{
+					echo '
+						<td class="text-muted">'. $ps_obj->typ_bz .' '. ($sprache_user == 'English' ? $stg->english : $stg->bezeichnung). '</td>
+						<td class="text-muted">'. $ps_obj->status_mehrsprachig[$sprache_user]. '</td>
+					';
+				}
+				echo '</tr>';
+			}
+		}
+	}
+	//  * wenn Prestudent an einem Master-Studiengang interessiert ist, dann nur den einen STG anführen
+	else
+	{
+		// Letzten Status für des Prestudenten einholen
+		$ps_master = new Prestudent();
+		$ps_master->getLastStatus($prestudent_id);
+		echo '<td>'. $typ->bezeichnung.' '.($sprache_user=='English'?$stg_obj->english:$stg_obj->bezeichnung).'</td>';
+		echo '<td>'. $ps_master->status_mehrsprachig[$sprache_user]. '</td>';
+	}
+
+	echo '
+		</tbody>
+	 </table>
+	';
+
+	echo '<br>';
+
+	if ($pruefling->getPruefling($prestudent_id))
+	{
+		echo '<FORM accept-charset="UTF-8"   action="'. $_SERVER['PHP_SELF'].'"  method="post" enctype="multipart/form-data">';
+		echo '<input type="hidden" name="pruefling_id" value="'.$pruefling->pruefling_id.'">';
+		echo '<table>';
+		//echo '<tr><td>'.$p->t('global/semester').':</td><td><input type="text" name="semester" size="1" maxlength="1" value="'.$pruefling->semester.'">&nbsp;<input type="submit" name="save" value="Semester ändern"></td></tr>';
+		//echo '<tr><td>ID Nachweis:</td><td><INPUT type="text" maxsize="50" name="idnachweis" value="'.$pruefling->idnachweis.'"></td></tr>';
+		//echo '<tr><td></td><td><input type="submit" name="save" value="Semester ändern"></td>';
+		echo '</table>';
+		echo '</FORM>';
+		echo '<br><br>';
+		echo '
+			<div class="well well-lg text-center">
+				<strong>'.$p->t('testtool/klickenSieAufEinTeilgebiet').'</strong>
+			</div>
+	   ';
+		if ($pruefling->pruefling_id!='')
+		{
+			$_SESSION['pruefling_id']=$pruefling->pruefling_id;
+		}
+	}
+	else
+	{
+		echo '<span class="error">'.$p->t('testtool/keinPrueflingseintragVorhanden').'</span>';
+	}
+	echo '	</div><!--/.col-->';
+}
+else // LOGIN Site (vor Login)
+{
+	if (defined('TESTTOOL_LOGIN_BEWERBUNGSTOOL') && TESTTOOL_LOGIN_BEWERBUNGSTOOL)
+	{
+		echo '<div class="col-xs-11">';
+		echo '<div id="alertmsgdiv">'.$alertmsg.'</div>';
+		echo $p->t('testtool/einfuehrungsText');
+
+		if (isset($_SESSION['bewerbung/personId']))
+		{
+			echo '<script>
+				function changeconfirmation()
+				{
+					document.getElementById("confirmationSubmit").disabled = !document.getElementById("confirmationCheckbox").checked;
+				}
+				</script>';
+			echo '<div class="row text-center">
+			'.$p->t('testtool/loginNoetig').'<br /><br />
+			<form action="login.php">
+			<input type="hidden" name="prestudent" value="'.$_REQUEST['prestudent'].'" />
+			<input id="confirmationCheckbox" type="checkbox" name="confirmation" onclick="changeconfirmation()" />
+			'.$p->t('testtool/confirmationText').'
+			<br><br>
+			<button id="confirmationSubmit" type="submit" class="btn btn-primary" disabled/>
+				'.$p->t('testtool/start').'
+			</button>
+			</form>';
+		}
+		else
+		{
+			echo '<div class="row text-center">
+			'.$p->t('testtool/loginNoetig').'<br /><br />
+			<form action="'.APP_ROOT.'/addons/bewerbung/cis/." target="_top">
+			<button type="submit" class="btn btn-primary" />
+				'.$p->t('testtool/login').'
+			</button>
+			</form>';
+		}
+		echo '
+		</div>';
+		echo '</div>';
+	}
+	else
+	{
+		$prestudent_id_dummy_student = (defined('PRESTUDENT_ID_DUMMY_STUDENT')?PRESTUDENT_ID_DUMMY_STUDENT:'');
+		echo '<div class="col-xs-11">';
+
+		//	Welcome text
+		echo '<div id="alertmsgdiv">'.$alertmsg.'</div>';
+		echo '
+			<div class="row" style="margin-bottom: 10%; margin-top: 3%;">
+				<div class="col-xs-6 text-center" style="border-right: 1px solid lightgrey;">
+					<h1 style="white-space: normal">Herzlich Willkommen zum Reihungstest</h1><br><br>
+					Bitte warten Sie mit dem Login auf die Anweisung der Aufsichtsperson.<br><br>
+					Wir wünschen Ihnen einen erfolgreichen Start ins Studium.
+				</div>
+				<div class="col-xs-6 text-center">
+					<h1 style="white-space: normal">Welcome to the placement test</h1> <br><br>
+					Please wait for the tutor\'s instructions before you log in.<br><br>
+					We wish you a good start to your studies.
+				</div>
+			</div>
+		';
+
+		// Begin form
+		echo '<div class="row text-center">';
+		echo '<form method="post" class="form-inline">';
+
+		// Name select menu
+		echo '<div class="form-group">';
+		echo '<label for="select-prestudent" class="col-sm-2 control-label">Name</label>';
+		echo '<div class="col-sm-10">';
+		echo '<SELECT name="prestudent" id="select-prestudent" class="form-control">';
+		echo '<OPTION value="'.$prestudent_id_dummy_student.'">Bitte wählen / Please select...</OPTION>\n';
+		foreach($ps->result as $prestd)
+		{
+			$stg = new studiengang();
+			$stg->load($prestd->studiengang_kz);
+			if (isset($_REQUEST['prestudent']) && $prestd->prestudent_id==$_REQUEST['prestudent'])
+				$selected = 'selected';
+			else
+				$selected='';
+			echo '
+					<OPTION value="'.$prestd->prestudent_id.'" '.$selected.'>'.$prestd->nachname.' '.$prestd->vorname.' ('.(strtoupper($stg->typ.$stg->kurzbz)).')</OPTION>\n';
+		}
+		// An der FHTW gibt es 3 Testuser für den Camus International
+		if (CAMPUS_NAME == 'FH Technikum Wien')
+		{
+			echo '<OPTION value="30891">Testuser Campus International 01</OPTION>\n';
+			echo '<OPTION value="30890">Testuser Campus International 02</OPTION>\n';
+			echo '<OPTION value="30889">Testuser Campus International 03</OPTION>\n';
+		}
+		echo '</SELECT>';
+		echo '</div>'; // end col-xs
+		echo '</div>'; // end form-group
+
+		// Datepicker input
+		echo '<div class="form-group"> ';
+		echo '<label for="datepicker" class="col-sm-offset-1 col-sm-4 control-label">Geburtsdatum | Date of Birth</label>';
+		echo '<div class="col-sm-3">';
+		echo '<input type="text" id="datepicker" class="form-control" name="gebdatum" value="'.$date->formatDatum($gebdatum,'d.m.Y').'" placeholder="DD.MM.YYYY">';
+		echo '</div>'; // end col-xs
+		echo '</div>'; // end form-group
+
+		// Login button
+		echo '<button type="submit" class="btn btn-default" value="'.$p->t('testtool/login').'" />'.$p->t('testtool/login').'</button>';
+
+		echo '</form>'; // end form
+
+		echo '</div>';  // end row
+		echo '</div>';  // end col-xs-11
+	}
+}
+
+?>
+</div><!--/.row-->
+</body>
+</html>

From 80491e4f55c3ce6e209c5fcabeb6eca00eba0460 Mon Sep 17 00:00:00 2001
From: Manfred <kindlm@technikum-wien.at>
Date: Wed, 29 Sep 2021 19:05:10 +0200
Subject: [PATCH 08/18] =?UTF-8?q?Export=20f=C3=BCr=20mehrere=20Studieng?=
 =?UTF-8?q?=C3=A4nge=20m=C3=B6glich?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 content/statistik/lvplanung.xls.php | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/content/statistik/lvplanung.xls.php b/content/statistik/lvplanung.xls.php
index 6eec62f49..3b74992fa 100644
--- a/content/statistik/lvplanung.xls.php
+++ b/content/statistik/lvplanung.xls.php
@@ -73,8 +73,16 @@ $rechte->getBerechtigungen($user);
 
 if($studiengang_kz != '')
 {
-	if(!$rechte->isBerechtigt('assistenz', $studiengang_kz, 's'))
-		die($rechte->errormsg);
+	$studiengang_kz_arr = explode(',',$studiengang_kz);
+	foreach ($studiengang_kz_arr AS $kennzahl)
+	{
+		if (!is_numeric($kennzahl))
+		{
+			die($kennzahl.' is not an iteger value');
+		}
+		if(!$rechte->isBerechtigt('assistenz', $kennzahl, 's'))
+			die($rechte->errormsg);
+	}
 }
 elseif($oe_kurzbz!='')
 {
@@ -162,7 +170,7 @@ JOIN lehre.tbl_lehreinheitmitarbeiter USING (lehreinheit_id)
 WHERE tbl_lehreinheit.studiensemester_kurzbz = ".$db->db_add_param($studiensemester_kurzbz);
 
 if($studiengang_kz!='')
-	$qry.=" AND tbl_lehrveranstaltung.studiengang_kz=".$db->db_add_param($studiengang_kz, FHC_INTEGER);
+	$qry.=" AND tbl_lehrveranstaltung.studiengang_kz IN (".$studiengang_kz.")";
 
 if($oe_kurzbz!='')
 	$qry.=" AND tbl_lehrveranstaltung.oe_kurzbz=".$db->db_add_param($oe_kurzbz);
@@ -421,7 +429,7 @@ if($result = $db->db_query($qry))
 		$qry.=" AND tbl_lehrveranstaltung.oe_kurzbz=".$db->db_add_param($oe_kurzbz);
 
 	if($studiengang_kz!='')
-		$qry.=" AND tbl_lehrveranstaltung.studiengang_kz=".$db->db_add_param($studiengang_kz, FHC_INTEGER);
+		$qry.=" AND tbl_lehrveranstaltung.studiengang_kz IN(".$studiengang_kz.")";
 
 	if($semester!='')
 		$qry.=" AND tbl_lehrveranstaltung.semester=".$db->db_add_param($semester, FHC_INTEGER);

From 1b07cbde72b2a01ef5e36af765e841b063356da9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=96sterreicher?= <oesi@technikum-wien.at>
Date: Fri, 1 Oct 2021 09:42:59 +0200
Subject: [PATCH 09/18] Fixed generation of Diplomasupplement if Outgoing
 University includes Special chars

---
 rdf/diplomasupplement.xml.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rdf/diplomasupplement.xml.php b/rdf/diplomasupplement.xml.php
index 14352a3c3..d55187c6c 100644
--- a/rdf/diplomasupplement.xml.php
+++ b/rdf/diplomasupplement.xml.php
@@ -389,7 +389,7 @@ if (isset($_REQUEST["xmlformat"]) && $_REQUEST["xmlformat"] == "xml")
 					echo "<bis>".$datum->convertISODate($row1->bis)."</bis>";
 					echo "<zweck>$row1->zweck</zweck>";
 					echo "<ort>$row1->ort</ort>";
-					echo "<universitaet>$row1->universitaet</universitaet>";
+					echo "<universitaet><![CDATA[$row1->universitaet]]></universitaet>";
 					echo "</auslandssemesters>";
 				}
 				echo "</auslandssemester>";

From dfc55a8f95ad83a6713cf84fe460fa3fab375ea2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=96sterreicher?= <oesi@technikum-wien.at>
Date: Fri, 1 Oct 2021 14:20:15 +0200
Subject: [PATCH 10/18] =?UTF-8?q?Time=20Limit=20f=C3=BCr=20Statistiken=20e?=
 =?UTF-8?q?rh=C3=B6ht?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 include/statistik.class.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/statistik.class.php b/include/statistik.class.php
index 12ab530fb..7d34a04a0 100644
--- a/include/statistik.class.php
+++ b/include/statistik.class.php
@@ -510,6 +510,7 @@ class statistik extends basis_db
 		$this->html='';
 		$this->csv='';
 		$this->json=array();
+		set_time_limit(60);
 
 		if($this->sql!='')
 		{

From 226a674e7b4ae0e9247f202bff443740d5a8769f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=96sterreicher?= <oesi@technikum-wien.at>
Date: Fri, 1 Oct 2021 15:43:40 +0200
Subject: [PATCH 11/18] Projektzeitenexport ohne Projekte im Zeitraum zeigt nun
 eine entsprechende Fehlermeldung statt PHP Error

---
 cis/private/tools/zeitaufzeichnung_projektliste.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/cis/private/tools/zeitaufzeichnung_projektliste.php b/cis/private/tools/zeitaufzeichnung_projektliste.php
index 4621c4a66..177f1f8aa 100644
--- a/cis/private/tools/zeitaufzeichnung_projektliste.php
+++ b/cis/private/tools/zeitaufzeichnung_projektliste.php
@@ -559,9 +559,11 @@ $totalworktimewidth = 13;
 $worktimewidth = 14;
 $timecolumnswidth = 2 * $daywidth + $totalworktimewidth + $worktimewidth;
 
-if ($nrProjects < 1)//no projekts - merge all cells and write notice
+if ($nrProjects < 1) //no projekts - write notice
 {
-	$projektnames[] = "Keine Projekte vorhanden";
+	$worksheet =& $workbook->addWorksheet('Tabelle');
+	$worksheet->setInputEncoding('utf-8');
+	$worksheet->write(0,0,'Für diesen Zeitraum sind keine Projekte zugeordnet');
 }
 
 foreach ($projektnames as $projektname)

From 97818781b12990eba2ae4b8593ec2289a49f4291 Mon Sep 17 00:00:00 2001
From: Manfred Kindl <kindlm@technikum-wien.at>
Date: Fri, 1 Oct 2021 23:26:25 +0200
Subject: [PATCH 12/18] =?UTF-8?q?Admins=20k=C3=B6nnen=20Maximalstunden=20?=
 =?UTF-8?q?=C3=BCberschreiben?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Phrasenkorrektur Lektoren auf Lehrende
---
 content/lvplanung/lehrveranstaltungDBDML.php       | 4 ++--
 content/lvplanung/lehrveranstaltungoverlay.xul.php | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/content/lvplanung/lehrveranstaltungDBDML.php b/content/lvplanung/lehrveranstaltungDBDML.php
index f764545a6..438844071 100644
--- a/content/lvplanung/lehrveranstaltungDBDML.php
+++ b/content/lvplanung/lehrveranstaltungDBDML.php
@@ -365,7 +365,7 @@ if(!$error)
 								{
 									if($row->summe>$max_stunden)
 									{
-										if(!$fixangestellt)
+										if(!$fixangestellt && !$rechte->isBerechtigt('admin'))
 										{
 											if(!LehrauftragAufFirma($lem->mitarbeiter_uid))
 											{
@@ -624,7 +624,7 @@ if(!$error)
 						if($row_std = $db->db_fetch_object($result_std))
 						{
 							//Grenze ueberschritten
-							if($row_std->summe>=$max_stunden)
+							if($row_std->summe>=$max_stunden && !$rechte->isBerechtigt('admin'))
 							{
 								$return = false;
 								$error = true;
diff --git a/content/lvplanung/lehrveranstaltungoverlay.xul.php b/content/lvplanung/lehrveranstaltungoverlay.xul.php
index cbe9b89ec..f2cc27b2d 100644
--- a/content/lvplanung/lehrveranstaltungoverlay.xul.php
+++ b/content/lvplanung/lehrveranstaltungoverlay.xul.php
@@ -159,7 +159,7 @@ echo '<?xul-overlay href="'.APP_ROOT.'content/lvplanung/lehrveranstaltungnotenov
 					class="sortDirectionIndicator"
 					sort="rdf:http://www.technikum-wien.at/lehrveranstaltung_einheiten/rdf#gruppen"/>
 				<splitter class="tree-splitter"/>
-				<treecol id="lehrveranstaltung-treecol-lektoren" label="Lektoren" flex="5" hidden="false" persist="hidden, width, ordinal"
+				<treecol id="lehrveranstaltung-treecol-lektoren" label="Lehrende" flex="5" hidden="false" persist="hidden, width, ordinal"
 					class="sortDirectionIndicator"
 					sort="rdf:http://www.technikum-wien.at/lehrveranstaltung_einheiten/rdf#lektoren"/>
 				<splitter class="tree-splitter"/>

From 4c156f7f393671706658fbe094d4eafc560a0614 Mon Sep 17 00:00:00 2001
From: Manfred Kindl <kindlm@technikum-wien.at>
Date: Sat, 2 Oct 2021 00:18:39 +0200
Subject: [PATCH 13/18] Beginn- und Enddatum bei der Funktion Rektor
 beruecksichtigen

Wenn bei Studierendensuche kein Ergebnis gefunden wird, Zeile mit "Keine Resultate" ausgeben
---
 rdf/student.rdf.php | 164 +++++++++++++++++++++++++++++++++++++-------
 1 file changed, 138 insertions(+), 26 deletions(-)

diff --git a/rdf/student.rdf.php b/rdf/student.rdf.php
index 008289d94..b8db89176 100644
--- a/rdf/student.rdf.php
+++ b/rdf/student.rdf.php
@@ -395,6 +395,94 @@ function draw_prestudent($row)
 	}
 }
 
+function draw_empty_content()
+{
+	echo '<RDF:li>
+		<RDF:Description  id=""  about="" >
+			<STUDENT:person_id><![CDATA[]]></STUDENT:person_id>
+			<STUDENT:titelpre><![CDATA[]]></STUDENT:titelpre>
+			<STUDENT:titelpost><![CDATA[]]></STUDENT:titelpost>
+			<STUDENT:vornamen><![CDATA[]]></STUDENT:vornamen>
+			<STUDENT:vorname><![CDATA[]]></STUDENT:vorname>
+			<STUDENT:nachname><![CDATA[KEINE RESULTATE]]></STUDENT:nachname>
+			<STUDENT:geburtsdatum><![CDATA[]]></STUDENT:geburtsdatum>
+			<STUDENT:geburtsdatum_iso><![CDATA[]]></STUDENT:geburtsdatum_iso>
+			<STUDENT:homepage><![CDATA[]]></STUDENT:homepage>
+			<STUDENT:gebort><![CDATA[]]></STUDENT:gebort>
+			<STUDENT:gebzeit><![CDATA[]]></STUDENT:gebzeit>
+			<STUDENT:anmerkungen><![CDATA[]]></STUDENT:anmerkungen>
+			<STUDENT:anrede><![CDATA[]]></STUDENT:anrede>
+			<STUDENT:svnr><![CDATA[]]></STUDENT:svnr>
+			<STUDENT:ersatzkennzeichen><![CDATA[]]></STUDENT:ersatzkennzeichen>
+			<STUDENT:familienstand><![CDATA[]]></STUDENT:familienstand>
+			<STUDENT:geschlecht><![CDATA[]]></STUDENT:geschlecht>
+			<STUDENT:anzahlkinder><![CDATA[]]></STUDENT:anzahlkinder>
+			<STUDENT:staatsbuergerschaft><![CDATA[]]></STUDENT:staatsbuergerschaft>
+			<STUDENT:geburtsnation><![CDATA[]]></STUDENT:geburtsnation>
+			<STUDENT:sprache><![CDATA[]]></STUDENT:sprache>
+			<STUDENT:status><![CDATA[]]></STUDENT:status>
+			<STUDENT:status_datum><![CDATA[]]></STUDENT:status_datum>
+			<STUDENT:status_datum_iso><![CDATA[]]></STUDENT:status_datum_iso>
+			<STUDENT:status_bestaetigung><![CDATA[]]></STUDENT:status_bestaetigung>
+			<STUDENT:status_bestaetigung_iso><![CDATA[]]></STUDENT:status_bestaetigung_iso>
+			<STUDENT:orgform><![CDATA[]]></STUDENT:orgform>
+			<STUDENT:studienplan_bezeichnung><![CDATA[]]></STUDENT:studienplan_bezeichnung>
+			<STUDENT:studienplan_id><![CDATA[]]></STUDENT:studienplan_id>
+			<STUDENT:mail_privat><![CDATA[]]></STUDENT:mail_privat>
+			<STUDENT:mail_intern><![CDATA[]]></STUDENT:mail_intern>
+			<STUDENT:zugangscode><![CDATA[]]></STUDENT:zugangscode>
+			<STUDENT:link_bewerbungstool><![CDATA[]]></STUDENT:link_bewerbungstool>
+
+			<STUDENT:aktiv><![CDATA[]]></STUDENT:aktiv>
+			<STUDENT:uid><![CDATA[]]></STUDENT:uid>
+			<STUDENT:matrikelnummer><![CDATA[]]></STUDENT:matrikelnummer>
+			<STUDENT:alias><![CDATA[]]></STUDENT:alias>
+			<STUDENT:semester><![CDATA[]]></STUDENT:semester>
+			<STUDENT:verband><![CDATA[]]></STUDENT:verband>
+			<STUDENT:gruppe><![CDATA[]]></STUDENT:gruppe>
+			<STUDENT:studiengang_kz_student><![CDATA[]]></STUDENT:studiengang_kz_student>
+			<STUDENT:matr_nr><![CDATA[]]></STUDENT:matr_nr>
+			<STUDENT:studiengang_studiengangsleitung><![CDATA[]]></STUDENT:studiengang_studiengangsleitung>
+			<STUDENT:anzahl_notizen><![CDATA[]]></STUDENT:anzahl_notizen>
+			
+			<STUDENT:prestudent_id><![CDATA[]]></STUDENT:prestudent_id>
+			<STUDENT:studiengang_kz_prestudent><![CDATA[]]></STUDENT:studiengang_kz_prestudent>
+			<STUDENT:studiengang_kz><![CDATA[]]></STUDENT:studiengang_kz>
+			<STUDENT:aufmerksamdurch_kurzbz><![CDATA[]]></STUDENT:aufmerksamdurch_kurzbz>
+			<STUDENT:studiengang><![CDATA[]]></STUDENT:studiengang>
+			<STUDENT:berufstaetigkeit_code><![CDATA[]]></STUDENT:berufstaetigkeit_code>
+			<STUDENT:ausbildungcode><![CDATA[]]></STUDENT:ausbildungcode>
+			<STUDENT:zgv_code><![CDATA[]]></STUDENT:zgv_code>
+			<STUDENT:zgvort><![CDATA[]]></STUDENT:zgvort>
+			<STUDENT:zgvdatum><![CDATA[]]></STUDENT:zgvdatum>
+			<STUDENT:zgvdatum_iso><![CDATA[]]></STUDENT:zgvdatum_iso>
+			<STUDENT:zgvnation><![CDATA[]]></STUDENT:zgvnation>
+			<STUDENT:zgvmas_code><![CDATA[]]></STUDENT:zgvmas_code>
+			<STUDENT:zgvmaort><![CDATA[]]></STUDENT:zgvmaort>
+			<STUDENT:zgvmadatum><![CDATA[]]></STUDENT:zgvmadatum>
+			<STUDENT:zgvmadatum_iso><![CDATA[]]></STUDENT:zgvmadatum_iso>
+			<STUDENT:zgvmanation><![CDATA[]]></STUDENT:zgvmanation>
+			<STUDENT:ausstellungsstaat><![CDATA[]]></STUDENT:ausstellungsstaat>
+			<STUDENT:aufnahmeschluessel><![CDATA[]]></STUDENT:aufnahmeschluessel>
+			<STUDENT:facheinschlberuf><![CDATA[]]></STUDENT:facheinschlberuf>
+			<STUDENT:reihungstest_id><![CDATA[]]></STUDENT:reihungstest_id>
+			<STUDENT:anmeldungreihungstest><![CDATA[]]></STUDENT:anmeldungreihungstest>
+			<STUDENT:anmeldungreihungstest_iso><![CDATA[]]></STUDENT:anmeldungreihungstest_iso>
+			<STUDENT:reihungstestangetreten><![CDATA[]]></STUDENT:reihungstestangetreten>
+			<STUDENT:punkte><![CDATA[]]></STUDENT:punkte>
+			<STUDENT:bismelden><![CDATA[]]></STUDENT:bismelden>
+			<STUDENT:dual><![CDATA[]]></STUDENT:dual>
+			<STUDENT:dual_bezeichnung><![CDATA[]]></STUDENT:dual_bezeichnung>
+			<STUDENT:anmerkungpre><![CDATA[]]></STUDENT:anmerkungpre>
+			<STUDENT:mentor><![CDATA[]]></STUDENT:mentor>
+			<STUDENT:gsstudientyp_kurzbz><![CDATA[]]></STUDENT:gsstudientyp_kurzbz>
+			<STUDENT:aufnahmegruppe_kurzbz><![CDATA[]]></STUDENT:aufnahmegruppe_kurzbz>
+			<STUDENT:priorisierung><![CDATA[]]></STUDENT:priorisierung>
+			<STUDENT:priorisierung_realtiv><![CDATA[]]></STUDENT:priorisierung_realtiv>
+		</RDF:Description>
+	</RDF:li>';
+}
+
 // ******* Init **************************
 
 
@@ -766,19 +854,22 @@ if($xmlformat=='rdf')
 
 				if($db->db_query($qry))
 				{
-					while($row = $db->db_fetch_object())
+					while ($row = $db->db_fetch_object())
 					{
-						$student=new student();
-						if($uid = $student->getUid($row->prestudent_id))
+						$student = new student();
+						if ($uid = $student->getUid($row->prestudent_id))
 						{
 							//Wenn kein Eintrag fuers aktuelle Studiensemester da ist, dann
 							//nochmal laden aber ohne studiensemester
-							if(!$student->load($uid, $studiensemester_kurzbz))
+							if (!$student->load($uid, $studiensemester_kurzbz))
+							{
 								$student->load($uid);
+							}
 						}
 						$prestd = new prestudent();
 						$prestd->load($row->prestudent_id);
-						if($uid!='')
+
+						if ($uid != '')
 						{
 							draw_content($student);
 							draw_prestudent($prestd);
@@ -823,29 +914,38 @@ if($xmlformat=='rdf')
 									matr_nr = ".$db->db_add_param($searchItems_string_orig)." OR
 									svnr = ".$db->db_add_param($searchItems_string_orig).";";
 				}
-				if($db->db_query($qry))
+				if($result = $db->db_query($qry))
 				{
-					while($row = $db->db_fetch_object())
+					if ($db->db_num_rows($result) == 0)
 					{
-						$student=new student();
-						if($uid = $student->getUid($row->prestudent_id))
+						draw_empty_content();
+					}
+					else
+					{
+						while ($row = $db->db_fetch_object())
 						{
-							//Wenn kein Eintrag fuers aktuelle Studiensemester da ist, dann
-							//nochmal laden aber ohne studiensemester
-							if(!$student->load($uid, $studiensemester_kurzbz))
-								$student->load($uid);
-						}
-						$prestd = new prestudent();
-						$prestd->load($row->prestudent_id);
-						if($uid!='')
-						{
-							draw_content($student);
-							draw_prestudent($prestd);
-						}
-						else
-						{
-							draw_content($prestd);
-							draw_prestudent($prestd);
+							$student = new student();
+							if ($uid = $student->getUid($row->prestudent_id))
+							{
+								//Wenn kein Eintrag fuers aktuelle Studiensemester da ist, dann
+								//nochmal laden aber ohne studiensemester
+								if (!$student->load($uid, $studiensemester_kurzbz))
+								{
+									$student->load($uid);
+								}
+							}
+							$prestd = new prestudent();
+							$prestd->load($row->prestudent_id);
+							if ($uid != '')
+							{
+								draw_content($student);
+								draw_prestudent($prestd);
+							}
+							else
+							{
+								draw_content($prestd);
+								draw_prestudent($prestd);
+							}
 						}
 					}
 				}
@@ -917,7 +1017,19 @@ else
 				default:	$typ = 'FH-Studiengang';
 			}
 
-			$qry = "SELECT * FROM campus.vw_benutzer JOIN public.tbl_benutzerfunktion USING(uid) WHERE funktion_kurzbz='rek'";
+			$qry = "SELECT *
+					FROM PUBLIC.tbl_benutzerfunktion
+					JOIN campus.vw_mitarbeiter USING (uid)
+					WHERE funktion_kurzbz = 'rek'
+						AND (
+							tbl_benutzerfunktion.datum_von <= now()
+							OR tbl_benutzerfunktion.datum_von IS NULL
+							)
+						AND (
+							tbl_benutzerfunktion.datum_bis >= now()
+							OR tbl_benutzerfunktion.datum_bis IS NULL
+							)
+					ORDER BY tbl_benutzerfunktion.insertamum DESC LIMIT 1";
 			$rektor = '';
 			if($db->db_query($qry))
 			{

From d7a33df898f1a791c02f17c673cfb73495e3d5e2 Mon Sep 17 00:00:00 2001
From: Paolo <bison@technikum-wien.at>
Date: Wed, 6 Oct 2021 10:58:58 +0200
Subject: [PATCH 14/18] When exporting in MS Excel format from FAS it is
 checked that the logged user has the permissions to export UDFs. If the
 logged user has no permissions on a UDF then the UDF is discarted and it will
 not present into the MS Excel file

---
 include/mitarbeiter.class.php |  2 +-
 include/udf.class.php         | 68 +++++++++++++++++++++++++----------
 2 files changed, 51 insertions(+), 19 deletions(-)

diff --git a/include/mitarbeiter.class.php b/include/mitarbeiter.class.php
index ad99cd2c7..5c728ecbb 100644
--- a/include/mitarbeiter.class.php
+++ b/include/mitarbeiter.class.php
@@ -22,7 +22,7 @@
 require_once(dirname(__FILE__).'/person.class.php');
 require_once(dirname(__FILE__).'/benutzer.class.php');
 require_once(dirname(__FILE__).'/functions.inc.php');
-require_once(dirname(__FILE__).'/udf.class.php');
+require_once(dirname(__FILE__).'/udf.class.php'); // required only to check if UDFs are defined
 
 class mitarbeiter extends benutzer
 {
diff --git a/include/udf.class.php b/include/udf.class.php
index eda139227..220665bfd 100644
--- a/include/udf.class.php
+++ b/include/udf.class.php
@@ -1,5 +1,5 @@
 <?php
-/* Copyright (C) 2009 Technikum-Wien
+/* Copyright (C) 2009-2021 fhcomplete.net
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as
@@ -15,11 +15,11 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
  *
- * Authors: Bison Paolo <bison@technikum-wien.at>
  */
 
 require_once(dirname(__FILE__).'/basis_db.class.php');
 require_once(dirname(__FILE__).'/../config/global.config.inc.php');
+require_once(dirname(__FILE__).'/benutzerberechtigung.class.php');
 
 /**
  * Used to export UDF in MS Excel format
@@ -286,14 +286,21 @@ class UDF extends basis_db
 		});
     }
 
-    /**
-     * Returns an array of associative arrays that contains the couple name and title related to an UDF
-     * These data are retrived from the UDF definitions given as parameter
-     */
-    private function _getUDFDefinition($jsons)
-    {
+	/**
+	 * Returns an array of associative arrays that contains the couple name and title related to an UDF
+	 * These data are retrived from the UDF definitions given as parameter
+	 */
+	private function _getUDFDefinition($jsons)
+	{
 		$names = array();
+		$uid = get_uid(); // get the UID of the logged person
 
+		if ($uid == null) return names(); // if no logged then it is not possible to loads UDFs
+
+		// Gets the permissions for the logged user
+		$berechtigung = new benutzerberechtigung();
+		$berechtigung->getBerechtigungen($uid);
+ 
 		if ($jsons != null && ($jsonsDecoded = json_decode($jsons)) != null)
 		{
 			if (is_object($jsonsDecoded) || is_array($jsonsDecoded))
@@ -305,27 +312,51 @@ class UDF extends basis_db
 
 				$this->_sortJsonSchemas($jsonsDecoded);
 
-				foreach($jsonsDecoded as $udfJsonShema)
+				foreach ($jsonsDecoded as $udfJsonShema)
 				{
-					if (isset($udfJsonShema->name) && isset($udfJsonShema->title))
+					// Checks if the requiredPermissions property exists
+					if (isset($udfJsonShema->requiredPermissions))
 					{
-						$tmpArray = array('name' => $udfJsonShema->name, 'title' => $udfJsonShema->title);
+						$isAllowed = false;
 
-						if (isset($udfJsonShema->type)
-							&& ($udfJsonShema->type == 'dropdown' || $udfJsonShema->type == 'multipledropdown')
-							&& isset($udfJsonShema->listValues) && isset($udfJsonShema->listValues->enum))
+						// If requiredPermissions is an array check if at least one of the permissions belongs to the logged user
+						if (is_array($udfJsonShema->requiredPermissions))
 						{
-							$tmpArray['enum'] = $udfJsonShema->listValues->enum;
+							foreach ($udfJsonShema->requiredPermissions as $permission)
+							{
+								$isAllowed = $berechtigung->isBerechtigt($permission);
+								if ($isAllowed === true) break;
+							}
+						}
+						else // otherwise check it directly
+						{
+							$isAllowed = $berechtigung->isBerechtigt($udfJsonShema->requiredPermissions);
 						}
 
-						$names[] = $tmpArray;
-					}
+						// If the logged user has at least one of the required permissions
+						if ($isAllowed === true)
+						{
+							if (isset($udfJsonShema->name) && isset($udfJsonShema->title))
+							{
+								$tmpArray = array('name' => $udfJsonShema->name, 'title' => $udfJsonShema->title);
+
+								if (isset($udfJsonShema->type)
+									&& ($udfJsonShema->type == 'dropdown' || $udfJsonShema->type == 'multipledropdown')
+									&& isset($udfJsonShema->listValues) && isset($udfJsonShema->listValues->enum))
+								{
+									$tmpArray['enum'] = $udfJsonShema->listValues->enum;
+								}
+
+								$names[] = $tmpArray;
+							}
+						} // otherwise this UDF is discarted because the requiredPermissions is mandatory
+					} // otherwise this UDF is discarted because the requiredPermissions is mandatory
 				}
 			}
 		}
 
 		return $names;
-    }
+	}
 
     /**
      * Loads UDf titles from phrases
@@ -374,3 +405,4 @@ class UDF extends basis_db
 		return $titles;
 	}
 }
+

From 45fab928ada601db8ee8a8130bc825b39f0bfa05 Mon Sep 17 00:00:00 2001
From: Paolo <bison@technikum-wien.at>
Date: Thu, 7 Oct 2021 17:32:49 +0200
Subject: [PATCH 15/18] - Renamed private method _manageUDFs to
 _prepareUDFsWrite in application/core/DB_Model.php - Changed private method
 _toPhp in application/core/DB_Model.php to check permissions on UDFs -
 Adapted code to fit the changes in application/libraries/UDFLib.php - Renamed
 public method manageUDFs to prepareUDFsWrite in
 application/libraries/UDFLib.php - Added new public method prepareUDFsRead to
 application/libraries/UDFLib.php - Fixed bugs, comments & code style

---
 application/core/DB_Model.php    | 105 +++++++++----------
 application/libraries/UDFLib.php | 175 ++++++++++++++++++++++++-------
 2 files changed, 183 insertions(+), 97 deletions(-)

diff --git a/application/core/DB_Model.php b/application/core/DB_Model.php
index 4b89ae5bf..0c43a9baf 100644
--- a/application/core/DB_Model.php
+++ b/application/core/DB_Model.php
@@ -86,7 +86,7 @@ class DB_Model extends CI_Model
 		if (is_null($this->dbTable)) return error('The given database table name is not valid', EXIT_MODEL);
 
 		// If this table has UDF and the validation of them is ok
-		if (isError($validate = $this->_manageUDFs($data, $this->dbTable))) return $validate;
+		if (isError($validate = $this->_prepareUDFsWrite($data, $this->dbTable))) return $validate;
 
 		// DB-INSERT
 		$insert = $this->db->insert($this->dbTable, $data);
@@ -137,7 +137,7 @@ class DB_Model extends CI_Model
 		if (is_null($this->dbTable)) return error('The given database table name is not valid', EXIT_MODEL);
 
 		// If this table has UDF and the validation of them is ok
-		if (isError($validate = $this->_manageUDFs($data, $this->dbTable, $id))) return $validate;
+		if (isError($validate = $this->_prepareUDFsWrite($data, $this->dbTable, $id))) return $validate;
 
 		$tmpId = $id;
 
@@ -844,25 +844,25 @@ class DB_Model extends CI_Model
 	}
 
 	/**
-	 * Wrapper method for UDFLib->manageUDFs
+	 * Wrapper method for UDFLib->prepareUDFsWrite
 	 */
-	private function _manageUDFs(&$data, $schemaAndTable, $id = null)
+	private function _prepareUDFsWrite(&$data, $schemaAndTable, $id = null)
 	{
-		$manageUDFs = success();
+		$prepareUDFsWrite = success();
 
 		if ($this->hasUDF())
 		{
 			if ($id != null)
 			{
-				$manageUDFs = $this->udflib->manageUDFs($data, $this->dbTable, $this->getUDFs($id));
+				$prepareUDFsWrite = $this->udflib->prepareUDFsWrite($data, $this->dbTable, $this->getUDFs($id));
 			}
 			else
 			{
-				$manageUDFs = $this->udflib->manageUDFs($data, $this->dbTable);
+				$prepareUDFsWrite = $this->udflib->prepareUDFsWrite($data, $this->dbTable);
 			}
 		}
 
-		return $manageUDFs;
+		return $prepareUDFsWrite;
 	}
 
 	/**
@@ -874,9 +874,10 @@ class DB_Model extends CI_Model
 	 */
 	private function _toPhp($result)
 	{
+		$udfs = false; // if UDFs are inside the given result set
 		$toPhp = $result; // if there is nothing to convert then return the result from DB
 
-		// If it's an object its fields will be parsed to find booleans and arrays types
+		// If it's an object its fields will be parsed to find booleans, arrays and UDFs types
 		if (is_object($result))
 		{
 			$toBeConverterdArray = array(); // Fields to be converted
@@ -884,40 +885,48 @@ class DB_Model extends CI_Model
 			$this->executedQueryMetaData = $result->field_data(); // Fields information
 			$this->executedQueryListFields = $result->list_fields(); // List of the retrieved fields
 
-			for ($i = 0; $i < count($this->executedQueryMetaData); $i++) // Looking for booleans and arrays
+			// Looking for booleans, arrays and UDFs
+			foreach ($this->executedQueryMetaData as $eqmd)
 			{
 				// If array type, boolean type OR a UDF
-				if (strpos($this->executedQueryMetaData[$i]->type, DB_Model::PGSQL_ARRAY_TYPE) !== false
-					|| $this->executedQueryMetaData[$i]->type == DB_Model::PGSQL_BOOLEAN_TYPE
-					|| $this->udflib->isUDFColumn($this->executedQueryMetaData[$i]->name, $this->executedQueryMetaData[$i]->type))
+				if (strpos($eqmd->type, DB_Model::PGSQL_ARRAY_TYPE) !== false
+					|| $eqmd->type == DB_Model::PGSQL_BOOLEAN_TYPE
+					|| $this->udflib->isUDFColumn($eqmd->name, $eqmd->type))
 				{
-					// Name and type of the field to be converted
-					$toBeConverted = new stdClass();
-					// Set the type of the field to be converted
-					$toBeConverted->type = $this->executedQueryMetaData[$i]->type;
-					// Set the name of the field to be converted
-					$toBeConverted->name = $this->executedQueryMetaData[$i]->name;
-					// Add the field to be converted to $toBeConverterdArray
-					array_push($toBeConverterdArray, $toBeConverted);
+					// If UDFs are inside this result set
+					if ($this->udflib->isUDFColumn($eqmd->name, $eqmd->type))
+					{
+						$udfs = true;
+					}
+					else // all the other cases
+					{
+						// Name and type of the field to be converted
+						$toBeConverted = new stdClass();
+						// Set the type of the field to be converted
+						$toBeConverted->type = $eqmd->type;
+						// Set the name of the field to be converted
+						$toBeConverted->name = $eqmd->name;
+						// Add the field to be converted to $toBeConverterdArray
+						array_push($toBeConverterdArray, $toBeConverted);
+					}
 				}
 			}
 
-			// If there is something to convert, otherwhise don't lose time
-			if (count($toBeConverterdArray) > 0)
-			{
-				// Returns the array of objects, each of them represents a DB record
-				$resultsArray = $result->result();
-				// Looping on results
-				for ($i = 0; $i < count($resultsArray); $i++)
-				{
-					// Single element
-					$resultElement = $resultsArray[$i];
-					// Looping on fields to be converted
-					for ($j = 0; $j < count($toBeConverterdArray); $j++)
-					{
-						// Single element
-						$toBeConverted = $toBeConverterdArray[$j];
+			// Returns the array of objects, each of them represents a DB record
+			$resultsArray = $result->result();
 
+			// If in this result set there are UDFs then prepare them
+			if ($udfs) $this->udflib->prepareUDFsRead($resultsArray, $this->dbTable);
+
+			// If there is something to convert, otherwhise don't waste time
+			if (!isEmptyArray($toBeConverterdArray))
+			{
+				// Looping on results
+				foreach ($resultsArray as $resultElement)
+				{
+					// Looping on fields to be converted
+					foreach ($toBeConverterdArray as $toBeConverted)
+					{
 						// Array type
 						if (strpos($toBeConverted->type, DB_Model::PGSQL_ARRAY_TYPE) !== false)
 						{
@@ -931,30 +940,12 @@ class DB_Model extends CI_Model
 						{
 							$resultElement->{$toBeConverted->name} = $this->pgBoolPhp($resultElement->{$toBeConverted->name});
 						}
-						// UDF
-						elseif ($this->udflib->isUDFColumn($toBeConverted->name, $toBeConverted->type))
-						{
-							$jsonValues = json_decode($resultElement->{$toBeConverted->name}); // decode UDFs values
-							if ($jsonValues != null) // if decode is ok
-							{
-								// For every UDF
-								foreach ($jsonValues as $key => $value)
-								{
-									$resultElement->{$key} = $value; // create a new element called like the UDF
-								}
-							}
-							unset($resultElement->{UDFLib::COLUMN_NAME}); // remove udf_values from the response
-						}
 					}
 				}
-				// Returns DB data as an array
-				$toPhp = $resultsArray;
-			}
-			// And returns DB data as an array
-			else
-			{
-				$toPhp = $result->result();
 			}
+
+			// Returns DB data as an array
+			$toPhp = $resultsArray;
 		}
 
 		return $toPhp;
diff --git a/application/libraries/UDFLib.php b/application/libraries/UDFLib.php
index 756c382dd..26ae1ec78 100644
--- a/application/libraries/UDFLib.php
+++ b/application/libraries/UDFLib.php
@@ -135,7 +135,7 @@ class UDFLib
 		$udfResults = $this->_loadUDF($schema, $table); // loads UDF definition
 		if (hasData($udfResults))
 		{
-			$udf = $udfResults->retval[0]; // only one record is loaded
+			$udf = getData($udfResults)[0]; // only one record is loaded
 			if (isset($udf->jsons))
 			{
 				$jsonSchemas = json_decode($udf->jsons); // decode the json schema
@@ -234,9 +234,94 @@ class UDFLib
 	}
 
 	/**
-	 * Manage UDFs
+	 * UDFs permissions check and convertion to read them from database
 	 */
-	public function manageUDFs(&$data, $schemaAndTable, $udfValues = null)
+	public function prepareUDFsRead(&$data, $schemaAndTable, $udfValues = null)
+	{
+		$this->_ci->load->model('system/UDF_model', 'UDFModel');
+
+		// Retrieves UDFs definitions for this table
+		$resultUDFsDefinitions = $this->_ci->UDFModel->getUDFsDefinitions($schemaAndTable);
+
+		// If an error occurred while reading from database
+		if (isError($resultUDFsDefinitions))
+		{
+			$data = array(); // then set data as an empty array
+			return; // and exit from this method
+		}
+
+		// If there are no UDFs defined for this table the return
+		if (!hasData($resultUDFsDefinitions)) return;
+
+		// If not an error and has data, decodes json that define the UDFs for this table
+		$decodedUDFDefinitions = json_decode(
+			getData($resultUDFsDefinitions)[0]->{self::COLUMN_JSON_DESCRIPTION}
+		);
+
+		// Looping on results, resultElement is an object that represent a database record
+		foreach ($data as $resultElement)
+		{
+			// Decode the JSON column udf_values
+			$udfColumn = json_decode($resultElement->{self::COLUMN_NAME});
+
+			// If this is not a valid JSON then skip to the next database record
+			if ($udfColumn == null) continue;
+
+			// For each UDF column of this database record
+			foreach (get_object_vars($udfColumn) as $columnName => $columnValue)
+			{
+				$udfColumnToBeRemoved = $columnName; // let's try to remove it
+
+				// Loops through the UDFs definitions
+				foreach ($decodedUDFDefinitions as $decodedUDFDefinition)
+				{
+					// If the column exists in the UDF definition
+					if ($columnName == $decodedUDFDefinition->{self::NAME})
+					{
+						$udfColumnToBeRemoved = null; // then keep it
+					}
+				}
+
+				// If in this record have been found a _not_ defined UDF then remove it
+				if (!isEmptyString($udfColumnToBeRemoved)) unset($udfColumn->{$udfColumnToBeRemoved});
+			}
+
+			// Loops through the UDFs definitions
+			foreach ($decodedUDFDefinitions as $decodedUDFDefinition)
+			{
+				// Checks if the requiredPermissions is available and it is a valid array or a valid string
+				if (isset($decodedUDFDefinition->{self::REQUIRED_PERMISSIONS_PARAMETER})
+					&& (!isEmptyArray($decodedUDFDefinition->{self::REQUIRED_PERMISSIONS_PARAMETER})
+					|| !isEmptyString($decodedUDFDefinition->{self::REQUIRED_PERMISSIONS_PARAMETER})))
+				{
+					// Then check if the user has the permissions to read such UDF
+					if (!$this->_readAllowed($decodedUDFDefinition->{self::REQUIRED_PERMISSIONS_PARAMETER}))
+					{
+						// If not then remove the UDF from the result set
+						unset($udfColumn->{$decodedUDFDefinition->{self::NAME}});
+					}
+				}
+				else // If not then remove the UDF from the result set
+				{
+					unset($udfColumn->{$decodedUDFDefinition->{self::NAME}});
+				}
+			}
+
+			// Add the defined and permitted UDF columns to the record set
+			foreach (get_object_vars($udfColumn) as $columnName => $columnValue)
+			{
+				$resultElement->{$columnName} = $columnValue;
+			}
+		}
+
+		// And finally remove the UDFs column
+		unset($resultElement->{self::COLUMN_NAME});
+	}
+
+	/**
+	 * UDFs validation and permissions check to write them into database
+	 */
+	public function prepareUDFsWrite(&$data, $schemaAndTable, $udfValues = null)
 	{
 		$validate = success(true); // returned value
 		// Contains a list of validation errors for the UDFs that have not passed the validation
@@ -259,14 +344,12 @@ class UDFLib
 
 			// Decodes json that define the UDFs for this table
 			$decodedUDFDefinitions = json_decode(
-				$resultUDFsDefinitions->retval[0]->{self::COLUMN_JSON_DESCRIPTION}
+				getData($resultUDFsDefinitions)[0]->{self::COLUMN_JSON_DESCRIPTION}
 			);
 
 			// Loops through the UDFs definitions
-			for ($i = 0; $i < count($decodedUDFDefinitions); $i++)
+			foreach ($decodedUDFDefinitions as $decodedUDFDefinition)
 			{
-				$decodedUDFDefinition = $decodedUDFDefinitions[$i]; // Definition of a single UDF
-
 				// Checks if the requiredPermissions is available and it is a valid array or a valid string
 				if (isset($decodedUDFDefinition->{self::REQUIRED_PERMISSIONS_PARAMETER})
 					&& (!isEmptyArray($decodedUDFDefinition->{self::REQUIRED_PERMISSIONS_PARAMETER})
@@ -275,12 +358,14 @@ class UDFLib
 					// Then check if the user has the permissions to write such UDF
 					if (!$this->_writeAllowed($decodedUDFDefinition->{self::REQUIRED_PERMISSIONS_PARAMETER}))
 					{
-						$notValidUDFsArray[] = error('Writing not allowed for UDF: '.$decodedUDFDefinition->{self::NAME});
+						// If the logged user has no permissions then remove the UDF
+						unset($udfsParameters[$decodedUDFDefinition->{self::NAME}]);
 					}
 				}
 				else
 				{
-					$notValidUDFsArray[] = error('Writing permissions not defined for UDF: '.$decodedUDFDefinition->{self::NAME});
+					// If no permissions have been defined for this UDF then remove it
+					unset($udfsParameters[$decodedUDFDefinition->{self::NAME}]);
 				}
 
 				// Loops through the UDFs values that should be stored
@@ -378,11 +463,11 @@ class UDFLib
 			}
 
 			// If the validation of all the supplied UDFs is ok
-			if (count($notValidUDFsArray) == 0)
+			if (isEmptyArray($notValidUDFsArray))
 			{
 				// An update is performed, then in this case it preserves the values
 				// of the UDF that are not updated
-				if (is_array($udfValues) && count($udfValues) > 0)
+				if (!isEmptyArray($udfValues))
 				{
 					foreach ($udfValues as $fieldName => $fieldValue)
 					{
@@ -413,7 +498,7 @@ class UDFLib
 	/**
 	 * isUDFColumn
 	 */
-	public function isUDFColumn($columnName, $columnType)
+	public function isUDFColumn($columnName, $columnType = self::COLUMN_TYPE)
 	{
 		$isUDFColumn = false;
 
@@ -558,9 +643,21 @@ class UDFLib
 	 */
 	private function _readAllowed($requiredPermissions)
 	{
-		$this->_ci->load->library('PermissionLib'); // Load permission library
+		$readAllowed = false;
 
-		return $this->_ci->permissionlib->hasAtLeastOne($requiredPermissions, self::PERMISSION_TABLE_METHOD, self::PERMISSION_TYPE_READ);
+		// If the user is logged then it is possible to check the permissions
+		if (isLogged())
+		{
+			$this->_ci->load->library('PermissionLib'); // Load permission library
+
+			$readAllowed = $this->_ci->permissionlib->hasAtLeastOne(
+				$requiredPermissions,
+				self::PERMISSION_TABLE_METHOD,
+				self::PERMISSION_TYPE_READ
+			);
+		} // otherwise it is not possible to check the permissions
+
+		return $readAllowed;
 	}
 
 	/**
@@ -569,9 +666,21 @@ class UDFLib
 	 */
 	private function _writeAllowed($requiredPermissions)
 	{
-		$this->_ci->load->library('PermissionLib'); // Load permission library
+		$writeAllowed = false;
 
-		return $this->_ci->permissionlib->hasAtLeastOne($requiredPermissions, self::PERMISSION_TABLE_METHOD, self::PERMISSION_TYPE_WRITE);
+		// If the user is logged then it is possible to check the permissions
+		if (isLogged())
+		{
+			$this->_ci->load->library('PermissionLib'); // Load permission library
+
+			$writeAllowed = $this->_ci->permissionlib->hasAtLeastOne(
+				$requiredPermissions,
+				self::PERMISSION_TABLE_METHOD,
+				self::PERMISSION_TYPE_WRITE
+			);
+		} // otherwise it is not possible to check the permissions
+
+		return $writeAllowed;
 	}
 
 	/**
@@ -624,12 +733,12 @@ class UDFLib
 	{
 		$udfsParameters = array();
 
-		foreach ($data as $key => $val)
+		foreach ($data as $columnName => $columnValue)
 		{
-			if (substr($key, 0, 4) == self::COLUMN_PREFIX)
+			if ($this->isUDFColumn($columnName))
 			{
-				$udfsParameters[$key] = $val; // stores UDF value into property UDFs
-				unset($data[$key]); // remove from data
+				$udfsParameters[$columnName] = $columnValue; // stores UDF value into property UDFs
+				unset($data[$columnName]); // remove from data
 			}
 		}
 
@@ -726,10 +835,7 @@ class UDFLib
 		}
 
 		// If no UDF validation errors were raised, it's a success!!
-		if (count($returnArrayValidation) == 0)
-		{
-			$returnArrayValidation = success(true);
-		}
+		if (isEmptyArray($returnArrayValidation)) $returnArrayValidation = success(true);
 
 		return $returnArrayValidation;
 	}
@@ -799,18 +905,7 @@ class UDFLib
 
 		if (isError($udfResults))
 		{
-			if (is_object($udfResults) && isset($udfResults->retval))
-			{
-				show_error(getError($udfResults));
-			}
-			elseif (is_string($udfResults))
-			{
-				show_error($udfResults);
-			}
-			else
-			{
-				show_error('UDFWidget: generic error occurred');
-			}
+			show_error(getError($udfResults));
 		}
 		elseif (!hasData($udfResults))
 		{
@@ -888,7 +983,7 @@ class UDFLib
 			$queryResult = $this->_ci->UDFModel->execReadOnlyQuery($jsonSchema->{self::LIST_VALUES}->sql);
 			if (hasData($queryResult))
 			{
-				$parameters = $queryResult->retval;
+				$parameters = getData($queryResult);
 			}
 		}
 
@@ -989,7 +1084,7 @@ class UDFLib
 				);
 				if (hasData($tmpResult))
 				{
-					$htmlParameters[HTMLWidget::LABEL] = $tmpResult->retval[0]->text;
+					$htmlParameters[HTMLWidget::LABEL] = getData($tmpResult)[0]->text;
 				}
 			}
 
@@ -1007,7 +1102,7 @@ class UDFLib
 				);
 				if (hasData($tmpResult))
 				{
-					$htmlParameters[HTMLWidget::TITLE] = $tmpResult->retval[0]->text;
+					$htmlParameters[HTMLWidget::TITLE] = getData($tmpResult)[0]->text;
 				}
 			}
 
@@ -1025,7 +1120,7 @@ class UDFLib
 				);
 				if (hasData($tmpResult))
 				{
-					$htmlParameters[HTMLWidget::PLACEHOLDER] = $tmpResult->retval[0]->text;
+					$htmlParameters[HTMLWidget::PLACEHOLDER] = getData($tmpResult)[0]->text;
 				}
 			}
 		}

From 524a3dfd95bdfbd1a16ce5d1e5c4c202c6bcc5bb Mon Sep 17 00:00:00 2001
From: Harald Bamberger <harald.bamberger@technikum-wien.at>
Date: Fri, 8 Oct 2021 11:25:55 +0200
Subject: [PATCH 16/18] phrases for eucovidqr

---
 system/phrasesupdate.php | 240 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 240 insertions(+)

diff --git a/system/phrasesupdate.php b/system/phrasesupdate.php
index f2be0b9e4..fd2b7cdb6 100644
--- a/system/phrasesupdate.php
+++ b/system/phrasesupdate.php
@@ -12492,6 +12492,246 @@ array(
 			)
 		)
 	),
+	array(
+		'app' => 'core',
+		'category' => 'eucovidqr',
+		'phrase' => '3gNachweis',
+		'insertvon' => 'system',
+		'phrases' => array(
+			array(
+				'sprache' => 'German',
+				'text' => "3G Nachweis",
+				'description' => '',
+				'insertvon' => 'system'
+			),
+			array(
+				'sprache' => 'English',
+				'text' => "3G evidence",
+				'description' => '',
+				'insertvon' => 'system'
+			)
+		)
+	),
+	array(
+		'app' => 'core',
+		'category' => 'eucovidqr',
+		'phrase' => 'QrViaWebcam',
+		'insertvon' => 'system',
+		'phrases' => array(
+			array(
+				'sprache' => 'German',
+				'text' => "QR-Code via Webcam scannen",
+				'description' => '',
+				'insertvon' => 'system'
+			),
+			array(
+				'sprache' => 'English',
+				'text' => "scan qr code via webcam",
+				'description' => '',
+				'insertvon' => 'system'
+			)
+		)
+	),
+	array(
+		'app' => 'core',
+		'category' => 'eucovidqr',
+		'phrase' => 'oder',
+		'insertvon' => 'system',
+		'phrases' => array(
+			array(
+				'sprache' => 'German',
+				'text' => "oder",
+				'description' => '',
+				'insertvon' => 'system'
+			),
+			array(
+				'sprache' => 'English',
+				'text' => "or",
+				'description' => '',
+				'insertvon' => 'system'
+			)
+		)
+	),
+	array(
+		'app' => 'core',
+		'category' => 'eucovidqr',
+		'phrase' => 'ZertifikatAlsPdfHochladen',
+		'insertvon' => 'system',
+		'phrases' => array(
+			array(
+				'sprache' => 'German',
+				'text' => "Zertifikat als PDF hochladen",
+				'description' => '',
+				'insertvon' => 'system'
+			),
+			array(
+				'sprache' => 'English',
+				'text' => "upload certificate pdf",
+				'description' => '',
+				'insertvon' => 'system'
+			)
+		)
+	),
+	array(
+		'app' => 'core',
+		'category' => 'eucovidqr',
+		'phrase' => 'ZertifikatAlsPdfHochladen',
+		'insertvon' => 'system',
+		'phrases' => array(
+			array(
+				'sprache' => 'German',
+				'text' => "Zertifikat als PDF hochladen",
+				'description' => '',
+				'insertvon' => 'system'
+			),
+			array(
+				'sprache' => 'English',
+				'text' => "upload certificate pdf",
+				'description' => '',
+				'insertvon' => 'system'
+			)
+		)
+	),	
+	array(
+		'app' => 'core',
+		'category' => 'eucovidqr',
+		'phrase' => 'DateiZiehenUndAblegen',
+		'insertvon' => 'system',
+		'phrases' => array(
+			array(
+				'sprache' => 'German',
+				'text' => "Datei hier hinziehen und ablegen",
+				'description' => '',
+				'insertvon' => 'system'
+			),
+			array(
+				'sprache' => 'English',
+				'text' => "drag & drop file here",
+				'description' => '',
+				'insertvon' => 'system'
+			)
+		)
+	),
+	array(
+		'app' => 'core',
+		'category' => 'eucovidqr',
+		'phrase' => 'KeinZugriffWebcam',
+		'insertvon' => 'system',
+		'phrases' => array(
+			array(
+				'sprache' => 'German',
+				'text' => "Zugriff auf die Webcam nicht möglich!",
+				'description' => '',
+				'insertvon' => 'system'
+			),
+			array(
+				'sprache' => 'English',
+				'text' => "webcam access denied",
+				'description' => '',
+				'insertvon' => 'system'
+			)
+		)
+	),	
+	array(
+		'app' => 'core',
+		'category' => 'eucovidqr',
+		'phrase' => 'gueltigBis',
+		'insertvon' => 'system',
+		'phrases' => array(
+			array(
+				'sprache' => 'German',
+				'text' => "gültig bis",
+				'description' => '',
+				'insertvon' => 'system'
+			),
+			array(
+				'sprache' => 'English',
+				'text' => "valid to",
+				'description' => '',
+				'insertvon' => 'system'
+			)
+		)
+	),
+	array(
+		'app' => 'core',
+		'category' => 'eucovidqr',
+		'phrase' => 'ZertifikatUngueltig',
+		'insertvon' => 'system',
+		'phrases' => array(
+			array(
+				'sprache' => 'German',
+				'text' => "Zertifikat ungültig",
+				'description' => '',
+				'insertvon' => 'system'
+			),
+			array(
+				'sprache' => 'English',
+				'text' => "certificate invalid",
+				'description' => '',
+				'insertvon' => 'system'
+			)
+		)
+	),		
+	array(
+		'app' => 'core',
+		'category' => 'eucovidqr',
+		'phrase' => 'ZertifikatKonnteNichtGeprueftWerden',
+		'insertvon' => 'system',
+		'phrases' => array(
+			array(
+				'sprache' => 'German',
+				'text' => "Das Zertifikat konnte nicht verifiziert werden.",
+				'description' => '',
+				'insertvon' => 'system'
+			),
+			array(
+				'sprache' => 'English',
+				'text' => "certificate could not be verified.",
+				'description' => '',
+				'insertvon' => 'system'
+			)
+		)
+	),
+	array(
+		'app' => 'core',
+		'category' => 'eucovidqr',
+		'phrase' => 'Laedt',
+		'insertvon' => 'system',
+		'phrases' => array(
+			array(
+				'sprache' => 'German',
+				'text' => "Lädt",
+				'description' => '',
+				'insertvon' => 'system'
+			),
+			array(
+				'sprache' => 'English',
+				'text' => "loading",
+				'description' => '',
+				'insertvon' => 'system'
+			)
+		)
+	),
+	array(
+		'app' => 'core',
+		'category' => 'eucovidqr',
+		'phrase' => '3G',
+		'insertvon' => 'system',
+		'phrases' => array(
+			array(
+				'sprache' => 'German',
+				'text' => "Covid19 Gültigkeitsdatum",
+				'description' => '',
+				'insertvon' => 'system'
+			),
+			array(
+				'sprache' => 'English',
+				'text' => "covid19 valid date",
+				'description' => '',
+				'insertvon' => 'system'
+			)
+		)
+	),
 );
 
 

From 4ef7f49bdb0878ae20fc690efd9c39673f722f26 Mon Sep 17 00:00:00 2001
From: Harald Bamberger <harald.bamberger@technikum-wien.at>
Date: Fri, 8 Oct 2021 15:12:06 +0200
Subject: [PATCH 17/18] add missing phrase

---
 system/phrasesupdate.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/system/phrasesupdate.php b/system/phrasesupdate.php
index fd2b7cdb6..6e24987c1 100644
--- a/system/phrasesupdate.php
+++ b/system/phrasesupdate.php
@@ -12575,23 +12575,23 @@ array(
 	array(
 		'app' => 'core',
 		'category' => 'eucovidqr',
-		'phrase' => 'ZertifikatAlsPdfHochladen',
+		'phrase' => 'ValidierungsergebnisAktuellesGueltigkeitsdatum',
 		'insertvon' => 'system',
 		'phrases' => array(
 			array(
 				'sprache' => 'German',
-				'text' => "Zertifikat als PDF hochladen",
+				'text' => "Validierungsergebnis / aktuelles Gültigkeitsdatum",
 				'description' => '',
 				'insertvon' => 'system'
 			),
 			array(
 				'sprache' => 'English',
-				'text' => "upload certificate pdf",
+				'text' => "validation result / current valid date",
 				'description' => '',
 				'insertvon' => 'system'
 			)
 		)
-	),	
+	),        
 	array(
 		'app' => 'core',
 		'category' => 'eucovidqr',

From 269f3542d7b28bd4f485ef877c8b69a43d751fd8 Mon Sep 17 00:00:00 2001
From: ma0068 <ma0068@technikum-wien.at>
Date: Thu, 14 Oct 2021 15:39:17 +0200
Subject: [PATCH 18/18] Zeiterfassung: keine Bis-Buchungen 00:00:00 bzw.
 24:00:00 erlaubt

---
 cis/private/tools/zeitaufzeichnung.php | 27 +++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/cis/private/tools/zeitaufzeichnung.php b/cis/private/tools/zeitaufzeichnung.php
index fcf3dd811..92f32d114 100644
--- a/cis/private/tools/zeitaufzeichnung.php
+++ b/cis/private/tools/zeitaufzeichnung.php
@@ -861,10 +861,11 @@ if(isset($_POST['save']) || isset($_POST['edit']) || isset($_POST['import']))
 							}
 							else
 							{
-								$vonCSV = $datum->formatDatum($data[2], $format='Y-m-d');
-								$bisCSV = $datum->formatDatum($data[3], $format='Y-m-d');
+								$vonCSV = $datum->formatDatum($data[2], $format = 'Y-m-d');
+								$bisCSV = $datum->formatDatum($data[3], $format = 'Y-m-d');
 								$dateVonCSV = new DateTime($vonCSV);
 								$dateBisCSV = new DateTime($bisCSV);
+								$extractHourBis = $datum->formatDatum($data[3], $format = 'H:i:s');
 
 								if (!isset($data[5]))
 									$data[5] = NULL;
@@ -882,6 +883,10 @@ if(isset($_POST['save']) || isset($_POST['edit']) || isset($_POST['import']))
 								{
 									echo '<span style="color:red"><b>'.$p->t("global/fehlerBeimSpeichernDerDaten").': Eingabe nicht möglich, da keine Zeitaufzeichnung über mehrere Tage erlaubt ist (ausgenommen Dienstreisen).</b></span><br>';
 								}
+								elseif ($extractHourBis == '00:00:00')
+								{
+									echo '<span style="color:red"><b>'.$p->t("global/fehlerBeimSpeichernDerDaten").': Bitte Arbeitszeiten gemäß Arbeitsaufzeichnung Leitfaden tagesgenau abgrenzen: Nur Eingaben von 00:00 bis 23:59 erlaubt!</b></span><br>';
+								}
 								elseif (empty($data[7]) && !empty($data[6]) && !$projects_of_user->checkProjectInCorrectTime($data[6], $data[2], $data[3]))
 								{
 									echo '<span style="color:red"><b>'.$p->t("global/fehlerBeimSpeichernDerDaten").': Eingabe nicht möglich, da angegebenes Anfangs und Enddatum nicht in den Projektzeitrahmen fällt: ('.$data[2].') ('.$data[3].')</b></span><br>';
@@ -932,18 +937,13 @@ if(isset($_POST['save']) || isset($_POST['edit']) || isset($_POST['import']))
 											$verwendung->getVerwendungDatum($data[0],$vonCSV);
 
 											foreach ($verwendung->result as $v)
-											// echo "homeoffice für Tag " . $vonCSV . " ".  $v->homeoffice . " " . $v->bisverwendung_id . "<br>";
-
 											if ($v->homeoffice)
 											{
-
-												// echo "homeoffice erlaubt <br>";
 												$zeit->homeoffice = true;
 											}
 											else
 											{
 												echo '<span style="color:orange"><b>'.$p->t("zeitaufzeichnung/homeofficeNichtErlaubt", ($vonCSV)) .'</b></span><br>';
-
 												$zeit->homeoffice = false;
 											}
 										}
@@ -1050,8 +1050,8 @@ if(isset($_POST['save']) || isset($_POST['edit']) || isset($_POST['import']))
 
 		$zeit->uid = $user;
 		$zeit->aktivitaet_kurzbz = $aktivitaet_kurzbz;
-		$zeit->start = $datum->formatDatum($von, $format='Y-m-d H:i:s');
-		$zeit->ende = $datum->formatDatum($bis, $format='Y-m-d H:i:s');
+		$zeit->start = $datum->formatDatum($von, $format = 'Y-m-d H:i:s');
+		$zeit->ende = $datum->formatDatum($bis, $format = 'Y-m-d H:i:s');
 		$zeit->beschreibung = $beschreibung;
 		$zeit->oe_kurzbz_1 = $oe_kurzbz_1;
 		$zeit->oe_kurzbz_2 = $oe_kurzbz_2;
@@ -1063,6 +1063,7 @@ if(isset($_POST['save']) || isset($_POST['edit']) || isset($_POST['import']))
 		$zeit->service_id = $service_id;
 		$zeit->kunde_uid = $kunde_uid;
 		$saveerror = 0;
+		$extractTimeBis = $datum->formatDatum($bis, $format = 'H:i:s');
 
 		if (!$projects_of_user->checkProjectInCorrectTime($projekt_kurzbz, $datum->formatDatum($von, $format='Y-m-d'), $datum->formatDatum($bis, $format='Y-m-d')))
 		{
@@ -1081,11 +1082,16 @@ if(isset($_POST['save']) || isset($_POST['edit']) || isset($_POST['import']))
 			$saveerror = 1;
 
 		}
-		elseif (abs($von-$bis)>0 && $aktivitaet_kurzbz!="DienstreiseMT")
+		elseif (abs($von-$bis)>0 && $aktivitaet_kurzbz!="DienstreiseMT" && $extractTimeBis != '00:00:00')
 		{
 			echo '<span style="color:red"><b>'.$p->t("global/fehlerBeimSpeichernDerDaten").': Eingabe nicht möglich, da keine Zeitaufzeichnung über mehrere Tage erlaubt ist (ausgenommen Dienstreisen).</b></span><br>';
 			$saveerror = 1;
 		}
+		elseif ($extractTimeBis == '00:00:00')
+		{
+			echo '<span style="color:red"><b>'.$p->t("global/fehlerBeimSpeichernDerDaten").': Bitte Arbeitszeiten gemäß Arbeitsaufzeichnung Leitfaden tagesgenau abgrenzen: Nur Eingaben von 00:00 bis 23:59 erlaubt!</b></span><br>';
+			$saveerror = 1;
+		}
 		elseif (isset($_POST['genPause']) && (isset($_POST['save']) || isset($_POST['edit'])))
 		{
 
@@ -1765,7 +1771,6 @@ if ($projekt->getProjekteMitarbeiter($user, true))
 						}
 						else
 							$zeitsperre_text = '';
-						//var_dump($zs->result);
 						if (isset($_GET["von_datum"]) && $datum->formatDatum($tag, 'd.m.Y') == $_GET["von_datum"])
 							$style = 'style="border-top: 3px solid #8DBDD8; border-bottom: 3px solid #8DBDD8"';