summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8>2006-11-30 10:49:24 +0000
committercookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8>2006-11-30 10:49:24 +0000
commitb91450e558455d704cd0d09504b503be9eacd590 (patch)
tree056ee0a7c2e99443b63e0bac5c69ea35aa11708d
parent02a7b492a8f3102e8cbba4607bde906b565b1aee (diff)
newsverwaltung erweitert, add edit bouten und parameter check
git-svn-id: svn://svn.cccv.de/engel-system@187 29ba0400-6e00-0410-a75a-ca02368028f8
-rwxr-xr-xwww-ssl/admin/news.php163
-rwxr-xr-xwww-ssl/nonpublic/engelbesprechung.php19
-rwxr-xr-xwww-ssl/nonpublic/news_output.php16
3 files changed, 112 insertions, 86 deletions
diff --git a/www-ssl/admin/news.php b/www-ssl/admin/news.php
index f37c9a08..137695b3 100755
--- a/www-ssl/admin/news.php
+++ b/www-ssl/admin/news.php
@@ -7,13 +7,13 @@ include ("./inc/funktion_db_list.php");
include ("./inc/funktion_user.php");
-if (!IsSet($_GET["action"])) {
-
-$SQL = "SELECT * from News order by Datum DESC";
-$Erg = mysql_query($SQL, $con);
+if (!IsSet($_GET["action"]))
+{
+ $SQL = "SELECT * from News order by Datum DESC";
+ $Erg = mysql_query($SQL, $con);
-$rowcount = mysql_num_rows($Erg);
-?>
+ $rowcount = mysql_num_rows($Erg);
+ ?>
Hallo <?PHP echo $_SESSION['Nick'] ?>, <br>
hier kannst du die News s&auml;bern... falls jemand auf die Idee kommt,
hier herumzuspamen oder aus Versehen falsche Informationen zu hinterlegen :)<br><br>
@@ -29,82 +29,95 @@ hier herumzuspamen oder aus Versehen falsche Informationen zu hinterlegen :)<br>
</tr>
<?PHP
-for ($i=0; $i < $rowcount; $i++) {
- echo "\t<tr class=\"content\">\n";
- echo "\t <td>".mysql_result($Erg, $i, "Datum")."</td>";
- echo "\t <td>".mysql_result($Erg, $i, "Betreff")."</td>";
- echo "\t <td>".mysql_result($Erg, $i, "Text")."</td>";
- echo "\t <td>".UID2Nick(mysql_result($Erg, $i, "UID"))."</td>";
- echo "\t <td>".mysql_result($Erg, $i, "Treffen")."</td>";
- echo "\t <td><a href=\"./news.php?action=change&date=".mysql_result($Erg, $i, "Datum")."\">XXX</a></td>";
- echo "\t</tr>\n";
-}
-echo "</table>";
-
-
-} else {
-
-switch ($_GET["action"])
-{
-
-case 'change':
- $SQL = "SELECT * from News where (Datum='". $_GET["date"]. "')";
- $Erg = mysql_query($SQL, $con);
-
- echo "<form action=\"./news.php\" method=\"GET\">\n";
-
- echo "<table>\n";
- echo " <tr><td>Datum</td><td><input type=\"text\" size=\"40\" name=\"date\" value=\"".
- mysql_result($Erg, 0, "Datum")."\" disabled></td></tr>\n";
- echo " <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"".
- mysql_result($Erg, 0, "Betreff")."\"></td></tr>\n";
- echo " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">".
- mysql_result($Erg, 0, "Text")."</textarea></td></tr>\n";
- echo " <tr><td>Engel</td><td><input type=\"text\" size=\"40\" name=\"eUser\" value=\"".
- UID2Nick(mysql_result($Erg, 0, "UID"))."\" disabled></td></tr>\n";
- echo " <tr><td>Treffen</td><td><input type=\"text\" size=\"40\" name=\"eTreffen\" value=\"".
- mysql_result($Erg, 0, "Treffen")."\"></td></tr>\n";
+ for ($i=0; $i < $rowcount; $i++)
+ {
+ echo "\t<tr class=\"content\">\n";
+ echo "\t <td>".mysql_result($Erg, $i, "Datum")."</td>";
+ echo "\t <td>".mysql_result($Erg, $i, "Betreff")."</td>";
+ echo "\t <td>".mysql_result($Erg, $i, "Text")."</td>";
+ echo "\t <td>".UID2Nick(mysql_result($Erg, $i, "UID"))."</td>";
+ echo "\t <td>".mysql_result($Erg, $i, "Treffen")."</td>";
+ echo "\t <td><a href=\"./news.php?action=change&date=".mysql_result($Erg, $i, "Datum")."\">XXX</a></td>";
+ echo "\t</tr>\n";
+ }
echo "</table>";
+}
+else
+{
- echo "<input type=\"hidden\" name=\"date\" value=\"". $_GET["date"]. "\">\n";
- echo "<input type=\"hidden\" name=\"action\" value=\"change_save\">\n";
- echo "<input type=\"submit\" value=\"Abschicken...\">\n";
- echo "</form>";
-
- echo "<form action=\"./news.php?action=delete\" method=\"POST\">\n";
- echo "<input type=\"hidden\" name=\"date\" value=\"". $_GET["date"]. "\">\n";
- echo "<input type=\"submit\" value=\"l&ouml;schen...\">\n";
- echo "</form>";
-
- break;
-
-case 'change_save':
- $chsql="UPDATE News set Betreff = \"". $_GET["eBetreff"]. "\", Text = \"". $_GET["eText"].
- "\", Treffen=". $_GET["eTreffen"]. " where (Datum = '". $_GET["date"]. "') limit 1";
- break;
-
-case 'delete':
- $chsql="DELETE from News where Datum = '". $_POST["date"]. "' limit 1";
- break;
-}
+ unSet($chsql);
-if (IsSet($chsql)) {
-// SQL-Statement ausführen...
- $Erg = mysql_query($chsql, $con);
- If ($Erg == 1)
+ switch ($_GET["action"])
{
- echo "&Auml;nderung erfolgreich gesichert...";
- }
- else
+ case 'change':
+ if (isset($_GET["date"]))
+ {
+ $SQL = "SELECT * from News where (Datum='". $_GET["date"]. "')";
+ $Erg = mysql_query($SQL, $con);
+
+ if( mysql_num_rows( $Erg)==1)
+ {
+ echo "<form action=\"./news.php\" method=\"GET\">\n";
+
+ echo "<table>\n";
+ echo " <tr><td>Datum</td><td><input type=\"text\" size=\"40\" name=\"date\" value=\"".
+ mysql_result($Erg, 0, "Datum")."\" disabled></td></tr>\n";
+ echo " <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"".
+ mysql_result($Erg, 0, "Betreff")."\"></td></tr>\n";
+ echo " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">".
+ mysql_result($Erg, 0, "Text")."</textarea></td></tr>\n";
+ echo " <tr><td>Engel</td><td><input type=\"text\" size=\"40\" name=\"eUser\" value=\"".
+ UID2Nick(mysql_result($Erg, 0, "UID"))."\" disabled></td></tr>\n";
+ echo " <tr><td>Treffen</td><td><input type=\"text\" size=\"40\" name=\"eTreffen\" value=\"".
+ mysql_result($Erg, 0, "Treffen")."\"></td></tr>\n";
+ echo "</table>";
+
+ echo "<input type=\"hidden\" name=\"date\" value=\"". $_GET["date"]. "\">\n";
+ echo "<input type=\"hidden\" name=\"action\" value=\"change_save\">\n";
+ echo "<input type=\"submit\" value=\"Abschicken...\">\n";
+ echo "</form>";
+
+ echo "<form action=\"./news.php?action=delete\" method=\"POST\">\n";
+ echo "<input type=\"hidden\" name=\"date\" value=\"". $_GET["date"]. "\">\n";
+ echo "<input type=\"submit\" value=\"l&ouml;schen...\">\n";
+ echo "</form>";
+ }
+ else
+ echo "FEHLER: Eintrag \"". $_GET["date"]. "\" nicht gefunden";
+ }
+ else
+ echo "Fehler: \"date\" nicht übergeben";
+ break;
+
+ case 'change_save':
+ if( isset($_GET["date"]) && isset($_GET["eBetreff"]) && isset($_GET["eText"]) )
+ $chsql="UPDATE News set Betreff = \"". $_GET["eBetreff"]. "\", Text = \"". $_GET["eText"].
+ "\", Treffen=". $_GET["eTreffen"]. " where (Datum = '". $_GET["date"]. "') limit 1";
+ else
+ echo "Fehler: nicht genügend parameter übergeben";
+ break;
+
+ case 'delete':
+ if (isset($_POST["date"]))
+ $chsql="DELETE from News where Datum = '". $_POST["date"]. "' limit 1";
+ else
+ echo "Fehler: \"date\" nicht übergeben";
+ break;
+ } //SWITCH
+
+ if (IsSet($chsql))
{
- echo "Ein Fehler ist aufgetreten... probiere es am besten nocheinmal... :)<br><br>\n";
- echo mysql_error($con);
- echo "<br><br>\n[$chsql]";
+ // SQL-Statement ausführen...
+ $Erg = mysql_query($chsql, $con);
+ If ($Erg == 1)
+ echo "&Auml;nderung erfolgreich gesichert...";
+ else
+ echo "Ein Fehler ist aufgetreten... probiere es am besten nocheinmal... :)<br><br>\n".
+ mysql_error($con). "<br><br>\n[$chsql]";
+ SetHeaderGo2Back();
}
- SetHeaderGo2Back();
-}
+}// IF-ELSE
-}
include ("./inc/footer.php");
?>
diff --git a/www-ssl/nonpublic/engelbesprechung.php b/www-ssl/nonpublic/engelbesprechung.php
index 436a5271..84bd92b5 100755
--- a/www-ssl/nonpublic/engelbesprechung.php
+++ b/www-ssl/nonpublic/engelbesprechung.php
@@ -15,12 +15,21 @@ $Erg = mysql_query($SQL, $con);
// anzahl zeilen
$Zeilen = mysql_num_rows($Erg);
-for ($n = 0 ; $n < $Zeilen ; $n++) {
- if (mysql_result($Erg, $n, "Treffen")=="1") {
- echo "<p class='question'><u>".mysql_result($Erg, $n, "Betreff")."</u><br>".
- "&nbsp; &nbsp;<font size=1>".mysql_result($Erg, $n, "Datum").", ";
+for ($n = 0 ; $n < $Zeilen ; $n++)
+{
+ if (mysql_result($Erg, $n, "Treffen")=="1")
+ {
+ echo "<p class='question'><u>".mysql_result($Erg, $n, "Betreff")."</u>";
+
+ // Schow Admin Page
+ if( $_SESSION['CVS'][ "admin/news.php" ] == "Y" )
+ echo " <a href=\"./../admin/news.php?action=change&date=". mysql_result($Erg, $n, "Datum"). "\">[edit]</a>";
+
+ echo "<br>&nbsp; &nbsp;<font size=1>".mysql_result($Erg, $n, "Datum").", ";
echo UID2Nick(mysql_result($Erg, $n, "UID"))."</font></p>\n";
- echo "<p class='answetion'>".nl2br(mysql_result($Erg, $n, "Text"))."</p>\n";
+
+
+ echo "<p class='answetion'>".nl2br(mysql_result($Erg, $n, "Text"))."</p>\n";
}
}
diff --git a/www-ssl/nonpublic/news_output.php b/www-ssl/nonpublic/news_output.php
index 1e4a349d..6c6fb8ff 100755
--- a/www-ssl/nonpublic/news_output.php
+++ b/www-ssl/nonpublic/news_output.php
@@ -27,17 +27,21 @@ $Erg = mysql_query($SQL, $con);
// anzahl zeilen
$news_rows = mysql_num_rows($Erg);
-for ($n = 0 ; $n < $news_rows ; $n++) {
+for ($n = 0 ; $n < $news_rows ; $n++)
+{
- if (mysql_result($Erg, $n, "Treffen") == 0) {
+ if (mysql_result($Erg, $n, "Treffen") == 0)
echo "<p class='question'>";
- } else {
+ else
echo "<p class='engeltreffen'>";
- }
- echo "<u>".mysql_result($Erg, $n, "Betreff")."</u><br>\n";
+
+ echo "<u>".mysql_result($Erg, $n, "Betreff")."</u>\n";
+ // Schow Admin Page
+ if( $_SESSION['CVS'][ "admin/news.php" ] == "Y" )
+ echo " <a href=\"./../admin/news.php?action=change&date=". mysql_result($Erg, $n, "Datum"). "\">[edit]</a><br>\n\t\t";
- echo "&nbsp; &nbsp;<font size=1>".mysql_result($Erg, $n, "Datum").", ";
+ echo "<br>&nbsp; &nbsp;<font size=1>".mysql_result($Erg, $n, "Datum").", ";
echo UID2Nick(mysql_result($Erg, $n, "UID"))."</font>";
// avatar anzeigen?
echo DisplayAvatar (mysql_result($Erg, $n, "UID"));