diff options
author | Daniel Friesel <derf@finalrewind.org> | 2011-06-03 20:24:36 +0200 |
---|---|---|
committer | Daniel Friesel <derf@finalrewind.org> | 2011-06-03 20:24:36 +0200 |
commit | 5d9335fe183a0486c593975c45c2abe6875ab719 (patch) | |
tree | d816682945e3a6121b853202dcf5aac2d4d2837b /includes | |
parent | 200053d720dbec25b2c7f3a8a408b74a4fa66244 (diff) |
admin_questions: More templates + sql fixes
Diffstat (limited to 'includes')
-rw-r--r-- | includes/pages/admin_groups.php | 12 | ||||
-rw-r--r-- | includes/pages/admin_language.php | 18 | ||||
-rw-r--r-- | includes/pages/admin_questions.php | 31 |
3 files changed, 45 insertions, 16 deletions
diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php index 842640d8..770f09b4 100644 --- a/includes/pages/admin_groups.php +++ b/includes/pages/admin_groups.php @@ -44,7 +44,17 @@ function admin_groups() { $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`"); $privileges_html = ""; foreach ($privileges as $priv) - $privileges_html .= '<tr><td><input type="checkbox" name="privileges[]" value="' . $priv['id'] . '"' . ($priv['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $priv['name'] . '</td><td>' . $priv['desc'] . '</td></tr>'; + $privileges_html .= sprintf( + '<tr><td><input type="checkbox" ' + . 'name="privileges[]" value="%s" %s />' + . '</td> <td>%s</td> <td>%s</td></tr>', + $priv['id'], + ($priv['group_id'] != "" + ? 'checked="checked"' + : ''), + $priv['name'], + $priv['desc'] + ); $html .= template_render('../templates/admin_groups_edit_form.html', array ( 'link' => page_link_to("admin_groups"), diff --git a/includes/pages/admin_language.php b/includes/pages/admin_language.php index a866528e..749cd643 100644 --- a/includes/pages/admin_language.php +++ b/includes/pages/admin_language.php @@ -72,19 +72,29 @@ function admin_language() { foreach ($_POST as $k => $v) { if ($k != "TextID") { $sql_test = "SELECT * FROM `Sprache` " . - "WHERE `TextID`='" . $_POST["TextID"] . "' AND `Sprache`='$k'"; + "WHERE `TextID`='" . sql_escape($_POST["TextID"]) + . "' AND `Sprache`='" + . sql_escape($k) . "'"; + $erg_test = sql_query($sql_test); if (mysql_num_rows($erg_test) == 0) { $sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) " . - "VALUES ('" . $_POST["TextID"] . "', '$k', '$v')"; + "VALUES ('" . sql_escape($_POST["TextID"]) . "', '" + . sql_escape($k) . "', '" + . sql_escape($v) . "')"; + $html .= $sql_save . "<br />"; $Erg = sql_query($sql_save); $html .= success("$k Save: OK<br />\n"); } else if (mysql_result($erg_test, 0, "Text") != $v) { - $sql_save = "UPDATE `Sprache` SET `Text`='$v' " . - "WHERE `TextID`='" . $_POST["TextID"] . "' AND `Sprache`='$k' "; + $sql_save = "UPDATE `Sprache` SET `Text`='" + . sql_escape($v) . "' " . + "WHERE `TextID`='" + . sql_escape($_POST["TextID"]) + . "' AND `Sprache`='" . sql_escape($k) . "' "; + $html .= $sql_save . "<br />"; $Erg = sql_query($sql_save); $html .= success(" $k Update: OK<br />\n"); diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php index 5355dd86..0e4469d5 100644 --- a/includes/pages/admin_questions.php +++ b/includes/pages/admin_questions.php @@ -18,19 +18,28 @@ function admin_questions() { if (!isset ($_REQUEST['action'])) { $open_questions = ""; $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0"); - foreach ($questions as $question) { - $open_questions .= '<tr><td>' . UID2Nick($question['UID']) . '</td><td>' . str_replace("\n", '<br />', $question['Question']) . '</td>'; - $open_questions .= '<td><form action="' . page_link_to("admin_questions") . '&action=answer" method="post"><textarea name="answer"></textarea><input type="hidden" name="id" value="' . $question['QID'] . '" /><br /><input type="submit" name="submit" value="Send" /></form></td>'; - $open_questions .= '<td><a href="' . page_link_to("admin_questions") . '&action=delete&id=' . $question['QID'] . '">Delete</a></td><tr>'; - } + foreach ($questions as $question) + $open_questions .= template_render( + '../templates/admin_question_unanswered.html', array ( + 'question_nick' => UID2Nick($question['UID']), + 'question_id' => $question['QID'], + 'link' => page_link_to("admin_questions"), + 'question' => str_replace("\n", '<br />', $question['Question']) + )); $answered_questions = ""; $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0"); - foreach ($questions as $question) { - $answered_questions .= '<tr><td>' . UID2Nick($question['UID']) . '</td><td>' . str_replace("\n", '<br />', $question['Question']) . '</td>'; - $answered_questions .= '<td>' . UID2Nick($question['AID']) . '</td><td>' . str_replace("\n", '<br />', $question['Answer']) . '</td>'; - $answered_questions .= '<td><a href="' . page_link_to("admin_questions") . '&action=delete&id=' . $question['QID'] . '">Delete</a></td><tr>'; - } + + foreach ($questions as $question) + $answered_questions .= template_render( + '../templates/admin_question_answered.html', array ( + 'question_id' => $question['QID'], + 'question_nick' => UID2Nick($question['UID']), + 'question' => str_replace("\n", "<br />", $question['Question']), + 'answer_nick' => UID2Nick($question['AID']), + 'answer' => str_replace("\n", "<br />", $question['Answer']), + 'link' => page_link_to("admin_questions"), + )); return template_render('../templates/admin_questions.html', array ( 'link' => page_link_to("admin_questions"), @@ -73,4 +82,4 @@ function admin_questions() { } } } -?>
\ No newline at end of file +?> |