summaryrefslogtreecommitdiff
path: root/includes/pages/admin_user.php
diff options
context:
space:
mode:
authorPhilip Häusler <msquare@notrademark.de>2013-12-28 03:13:48 +0100
committerPhilip Häusler <msquare@notrademark.de>2013-12-28 03:13:48 +0100
commit400dc093c63afbcb80700bdec93ae063ae300876 (patch)
treeacbf8d6e30558c5cb64c0dafb1c7b40690c63a7b /includes/pages/admin_user.php
parenta9fb05b128581b492ff14379e233f026cc618e08 (diff)
force active function fix
Diffstat (limited to 'includes/pages/admin_user.php')
-rw-r--r--includes/pages/admin_user.php25
1 files changed, 21 insertions, 4 deletions
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index a748a580..7b1fd22d 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -223,11 +223,28 @@ function admin_user() {
break;
case 'save':
- $forced_active = $user['force_active'];
+ $force_active = $user['force_active'];
if (in_array('admin_active', $privileges))
- $forced_active = $_REQUEST['force_active'];
- $SQL = "UPDATE `User` SET ";
- $SQL .= " `Nick` = '" . sql_escape($_POST["eNick"]) . "', `Name` = '" . sql_escape($_POST["eName"]) . "', " . "`Vorname` = '" . sql_escape($_POST["eVorname"]) . "', " . "`Telefon` = '" . sql_escape($_POST["eTelefon"]) . "', " . "`Handy` = '" . sql_escape($_POST["eHandy"]) . "', " . "`Alter` = '" . sql_escape($_POST["eAlter"]) . "', " . "`DECT` = '" . sql_escape($_POST["eDECT"]) . "', " . "`email` = '" . sql_escape($_POST["eemail"]) . "', " . "`ICQ` = '" . sql_escape($_POST["eICQ"]) . "', " . "`jabber` = '" . sql_escape($_POST["ejabber"]) . "', " . "`Size` = '" . sql_escape($_POST["eSize"]) . "', " . "`Gekommen`= '" . sql_escape($_POST["eGekommen"]) . "', " . "`Aktiv`= '" . sql_escape($_POST["eAktiv"]) . "', " . "`force_active`= " . sql_escape($force_active) . ", " . "`Tshirt` = '" . sql_escape($_POST["eTshirt"]) . "', " . "`Hometown` = '" . sql_escape($_POST["Hometown"]) . "' " . "WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1;";
+ $force_active = $_REQUEST['force_active'];
+ $SQL = "UPDATE `User` SET
+ `Nick` = '" . sql_escape($_POST["eNick"]) . "',
+ `Name` = '" . sql_escape($_POST["eName"]) . "',
+ `Vorname` = '" . sql_escape($_POST["eVorname"]) . "',
+ `Telefon` = '" . sql_escape($_POST["eTelefon"]) . "',
+ `Handy` = '" . sql_escape($_POST["eHandy"]) . "',
+ `Alter` = '" . sql_escape($_POST["eAlter"]) . "',
+ `DECT` = '" . sql_escape($_POST["eDECT"]) . "',
+ `email` = '" . sql_escape($_POST["eemail"]) . "',
+ `ICQ` = '" . sql_escape($_POST["eICQ"]) . "',
+ `jabber` = '" . sql_escape($_POST["ejabber"]) . "',
+ `Size` = '" . sql_escape($_POST["eSize"]) . "',
+ `Gekommen`= '" . sql_escape($_POST["eGekommen"]) . "',
+ `Aktiv`= '" . sql_escape($_POST["eAktiv"]) . "',
+ `force_active`= " . sql_escape($force_active) . ",
+ `Tshirt` = '" . sql_escape($_POST["eTshirt"]) . "',
+ `Hometown` = '" . sql_escape($_POST["Hometown"]) . "'
+ WHERE `UID` = '" . sql_escape($id) . "'
+ LIMIT 1;";
sql_query($SQL);
engelsystem_log("Updated user: " . $_POST["eNick"] . ", " . $_POST["eSize"] . ", arrived: " . $_POST["eGekommen"] . ", active: " . $_POST["eAktiv"] . ", tshirt: " . $_POST["eTshirt"]);
$html .= success("Änderung wurde gespeichert...\n", true);