From 40be14ad7565f1032801918f00c829f0b1ba9098 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=BCrgen=20Meyer?= <juergen.meyer@dtfb.de>
Date: Fri, 6 Mar 2026 15:10:01 +0100
Subject: [PATCH] Heimrechttausch: Sicherheitsabfrage und speichern in Historie

---
 .../components/com_sportsmanager/admin.php    | 25 ++++++++++++++++++-
 .../views/sportsmanager/view_admin.php        |  6 ++++-
 .../de-DE/de-DE.com_sportsmanager.ini         |  4 ++-
 .../en-GB/en-GB.com_sportsmanager.ini         |  4 ++-
 4 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/src/structure/components/com_sportsmanager/admin.php b/src/structure/components/com_sportsmanager/admin.php
index 3a7fc16..f3fba06 100644
--- a/src/structure/components/com_sportsmanager/admin.php
+++ b/src/structure/components/com_sportsmanager/admin.php
@@ -10340,6 +10340,7 @@ function adminRemoveBegegnung(): void
     $db = getDatabase();
     $jInput = Factory::getContainer()->get(SiteApplication::class)->input;
 
+	$user_id = isExternalDatabase() ? 0 : (isJson() ? getUserID() : Factory::getContainer()->get(SiteApplication::class)->getIdentity()->id);
     $id = $jInput->get('id', 0, 'INT');
     $veranstaltungId = $jInput->get('veranstaltungid', 0, 'INT');
     if ($veranstaltungId == 0) die("Missing id!");
@@ -10388,6 +10389,14 @@ function adminRemoveBegegnung(): void
         die($db->stderr(true));
     }
 
+	$query = "INSERT INTO #__sportsmanager_begegnung_historie"
+		. "\n (begegnung_historie_id,begegnung_id,aktion,user_id,eingetragen)"
+		. "\n VALUES (NULL,$id,11,$user_id,NOW());";
+    $db->setQuery($query);
+    if (!$db->execute()) {
+        die($db->stderr(true));
+    }
+	
     termin_aktualisieren($id);
 
     redirectSportsManagerURL('&task=admin_begegnungen&veranstaltungid=' . $veranstaltungId . '#id' . $id);
@@ -10525,7 +10534,6 @@ function adminEditBegegnungSpielplan($bestaetigen): void
             : $begegnung->spielort_id) . "\"";
     $begegnung->spielort_name = loadResult($db, $spielortQuery);
 
-
     if (isJson()) {
         $response = JSON_sportsmanager::adminEditBegegnungSpielplan($bestaetigen, $veranstaltung, $begegnung, $heim_team, $gast_team, $spiele, $heim_spieler, $gast_spieler, $teamspiel_modus);
         JSON_sportsmanager::JSON($response);
@@ -11122,6 +11130,21 @@ function adminSaveBegegnungSpielplan(): void
         if (!$db->execute()) {
             die($db->stderr(true));
         }
+		
+        $encrypted_pin = $db->escape($jInput->get('pin', '', 'RAW'));
+        $pin = decrypt($encrypted_pin, "a9cZ" . $veranstaltungId . "oDS7" . $id . "2eA");
+		
+		$query = "SELECT team_id FROM #__sportsmanager_team"
+			. "\n WHERE pin = '$pin' AND veranstaltung_id = $veranstaltungId;";
+		$team_id = loadResult($db, $query);
+		
+		$query = "INSERT INTO #__sportsmanager_begegnung_historie"
+			. "\n (begegnung_historie_id,begegnung_id,aktion,team_id,eingetragen)"
+			. "\n VALUES (NULL,$id,11,$team_id,NOW());";
+		$db->setQuery($query);
+		if (!$db->execute()) {
+			die($db->stderr(true));
+		}
     }
 
     redirectSportsManagerURL('&task=' . ($bestaetigen != 0 ? ($bestaetigen == 1 ? 'admin_begegnung_spielplan_edit_bestaetigen' : 'pineingabe') : 'admin_begegnung_spielplan_edit') . '&id=' . $id . '&veranstaltungid=' . $veranstaltungId . ($bestaetigen != 0 ? '_bestaetigen' : '') . '&veranstaltungid=' . $veranstaltungId . '&id=' . $id . '&erneut_oeffnen=1' . (!empty($encrypted_pin) ? ('&epin=' . $encrypted_pin) : "") . ($aus_uebersicht ? '&aus_uebersicht=1' : ''));
diff --git a/src/structure/components/com_sportsmanager/views/sportsmanager/view_admin.php b/src/structure/components/com_sportsmanager/views/sportsmanager/view_admin.php
index 777e55e..64cf33d 100644
--- a/src/structure/components/com_sportsmanager/views/sportsmanager/view_admin.php
+++ b/src/structure/components/com_sportsmanager/views/sportsmanager/view_admin.php
@@ -11103,7 +11103,9 @@ static function adminVerbandsorganMitglieder($rows,$verbandsorgan): void
                             ?>
                         </td>
                         <td nowrap><small><a
-                                    href="<?php echo SportsManagerURL('&task=admin_begegnung_heimtausch&veranstaltungid=' . $veranstaltung->veranstaltung_id . '&id=' . $row->begegnung_id); ?>"><?php echo Text::_('COM_SPORTSMANAGER_HOME_EXCHANGE'); ?></a></small>
+                                    href="<?php echo SportsManagerURL('&task=admin_begegnung_heimtausch&veranstaltungid=' . $veranstaltung->veranstaltung_id . '&id=' . $row->begegnung_id); ?>"
+									onclick="return confirm('<?php echo Text::_('COM_SPORTSMANAGER_REALLY_SWAP_MATCH'); ?>');">
+									<?php echo Text::_('COM_SPORTSMANAGER_HOME_EXCHANGE'); ?></a></small>
                         </td>
                         <td nowrap><small><a
                                     href="<?php echo SportsManagerURL('&task=admin_begegnung_remove&veranstaltungid=' . $veranstaltung->veranstaltung_id . '&id=' . $row->begegnung_id); ?>"
@@ -11472,6 +11474,7 @@ static function adminVerbandsorganMitglieder($rows,$verbandsorgan): void
                                 8 => Text::_('COM_SPORTSMANAGER_MODIFIED_RESULTS'),
                                 9 => Text::_('COM_SPORTSMANAGER_LIVE_RESULTS'),
                                 10 => Text::_('COM_SPORTSMANAGER_REJECTED_SHIFT'),
+								11 => Text::_('COM_SPORTSMANAGER_SWAP_MATCH'),
                                 default => Text::_('COM_SPORTSMANAGER_PROPOSED_APPOINTMENT'),
                             };
                             ?>
@@ -11572,6 +11575,7 @@ static function adminVerbandsorganMitglieder($rows,$verbandsorgan): void
                                                 ?>
                                                 <input type="submit" name="heimrecht_tauschen"
                                                        value="<?php echo Text::_('COM_SPORTSMANAGER_ADVANTAGE_HOME'); ?>"
+													   onclick="return confirm('<?php echo Text::_('COM_SPORTSMANAGER_REALLY_SWAP_MATCH'); ?>');"
                                                        class="button"/>
                                                 <?php
                                             }
diff --git a/src/structure/language/de-DE/de-DE.com_sportsmanager.ini b/src/structure/language/de-DE/de-DE.com_sportsmanager.ini
index eb72b6a..c859f17 100644
--- a/src/structure/language/de-DE/de-DE.com_sportsmanager.ini
+++ b/src/structure/language/de-DE/de-DE.com_sportsmanager.ini
@@ -1092,4 +1092,6 @@ COM_SPORTSMANAGER_MATCH_TYPE="Spielform"
 COM_SPORTSMANAGER_REALLY_REMOVE_HALL_OF_FAME_YEAR="Willst Du wirklich dieses Hall of Fame Jahr l&ouml;schen?"
 COM_SPORTSMANAGER_YEARS="Jahre"
 COM_SPORTSMANAGER_ADD_HALL_OF_FAME_YEAR="Hall of Fame Jahr hinzuf&uuml;gen"
-COM_SPORTSMANAGER_NO_ENTRY="kein Eintrag"
\ No newline at end of file
+COM_SPORTSMANAGER_NO_ENTRY="kein Eintrag"
+COM_SPORTSMANAGER_REALLY_SWAP_MATCH="Willst Du wirklich das Heimrecht tauschen?"
+COM_SPORTSMANAGER_SWAP_MATCH="Heimrechttausch"
\ No newline at end of file
diff --git a/src/structure/language/en-GB/en-GB.com_sportsmanager.ini b/src/structure/language/en-GB/en-GB.com_sportsmanager.ini
index ff6434f..429dae9 100644
--- a/src/structure/language/en-GB/en-GB.com_sportsmanager.ini
+++ b/src/structure/language/en-GB/en-GB.com_sportsmanager.ini
@@ -1092,4 +1092,6 @@ COM_SPORTSMANAGER_MATCH_TYPE="Game Type"
 COM_SPORTSMANAGER_REALLY_REMOVE_HALL_OF_FAME_YEAR="Are you sure you want to delete this Hall of Fame year?"
 COM_SPORTSMANAGER_YEARS="Years"
 COM_SPORTSMANAGER_ADD_HALL_OF_FAME_YEAR="Add Hall of Fame Year"
-COM_SPORTSMANAGER_NO_ENTRY="no entry"
\ No newline at end of file
+COM_SPORTSMANAGER_NO_ENTRY="no entry"
+COM_SPORTSMANAGER_REALLY_SWAP_MATCH="Do you really want to swap the home advantage?"
+COM_SPORTSMANAGER_SWAP_MATCH="Swap home advantage"
\ No newline at end of file