diff options
author | Philip Häusler <msquare@notrademark.de> | 2011-06-03 13:53:55 +0200 |
---|---|---|
committer | Philip Häusler <msquare@notrademark.de> | 2011-06-03 13:53:55 +0200 |
commit | 28ac46aa4e9c45aad35aab0fb2f28a0677fee453 (patch) | |
tree | 92b6dca8effcde6ee5ff8ba22917a5dff908490e /includes | |
parent | 170f8d2342e87f91f3ee3c4ad8ef161095666349 (diff) | |
parent | 75a7755041c4e4b9c5c31bccabc917e188982e80 (diff) |
Merge branch 'spezial_includes_camp' of ssh://git.planetcyborg.de/home/git/projects/engelsystem into spezial_includes_camp
Diffstat (limited to 'includes')
-rw-r--r-- | includes/pages/admin_faq.php | 46 | ||||
-rw-r--r-- | includes/pages/admin_groups.php | 18 | ||||
-rw-r--r-- | includes/pages/guest_faq.php | 14 | ||||
-rw-r--r-- | includes/pages/guest_login.php | 56 | ||||
-rw-r--r-- | includes/pages/user_messages.php | 41 | ||||
-rw-r--r-- | includes/sys_auth.php | 7 | ||||
-rw-r--r-- | includes/sys_page.php | 8 |
7 files changed, 140 insertions, 50 deletions
diff --git a/includes/pages/admin_faq.php b/includes/pages/admin_faq.php index 5b9a338f..b8ba1a64 100644 --- a/includes/pages/admin_faq.php +++ b/includes/pages/admin_faq.php @@ -4,8 +4,14 @@ function admin_faq() { $faqs_html = ""; $faqs = sql_select("SELECT * FROM `FAQ`"); foreach ($faqs as $faq) { - $faqs_html .= '<tr><td><dl><dt>' . $faq['Frage_de'] . '</dt><dd>' . $faq['Antwort_de'] . '</dd></dl></td><td><dl><dt>' . $faq['Frage_en'] . '</dt><dd>' . $faq['Antwort_en'] . '</dd></dl></td>'; - $faqs_html .= '<td><a href="' . page_link_to("admin_faq") . '&action=edit&id=' . $faq['FID'] . '">Edit</a></td></tr>'; + $faqs_html .= sprintf( + '<tr><td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>' + . '<td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>' + . '<td><a href="%s&action=edit&id=%s">Edit</a></td></tr>', + $faq['Frage_de'], $faq['Antwort_de'], + $faq['Frage_en'], $faq['Antwort_en'], + page_link_to('admin_faq'), $faq['FID'] + ); } return template_render('../templates/admin_faq.html', array ( 'link' => page_link_to("admin_faq"), @@ -14,11 +20,18 @@ function admin_faq() { } else { switch ($_REQUEST['action']) { case 'create' : - $frage = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['frage'])); - $antwort = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['antwort'])); - $question = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question'])); - $answer = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer'])); - sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "'"); + $frage = strip_request_item_nl('frage'); + $antwort = strip_request_item_nl('antwort'); + $question = strip_request_item_nl('question'); + $answer = strip_request_item_nl('answer'); + + sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage) + . "', `Frage_en`='" . sql_escape($question) + . "', `Antwort_de`='" . sql_escape($antwort) + . "', `Antwort_en`='" . sql_escape($answer) + . "'" + ); + header("Location: " . page_link_to("admin_faq")); break; @@ -32,11 +45,18 @@ function admin_faq() { if (count($faq) > 0) { list ($faq) = $faq; - $frage = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['frage'])); - $antwort = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['antwort'])); - $question = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question'])); - $answer = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer'])); - sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); + $frage = strip_request_item_nl('frage'); + $antwort = strip_request_item_nl('antwort'); + $question = strip_request_item_nl('question'); + $answer = strip_request_item_nl('answer'); + + sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage) + . "', `Frage_en`='" . sql_escape($question) + . "', `Antwort_de`='" . sql_escape($antwort) + . "', `Antwort_en`='" . sql_escape($answer) + . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1" + ); + header("Location: " . page_link_to("admin_faq")); } else return error("No FAQ found."); @@ -82,4 +102,4 @@ function admin_faq() { } } } -?>
\ No newline at end of file +?> diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php index 5d9d8180..842640d8 100644 --- a/includes/pages/admin_groups.php +++ b/includes/pages/admin_groups.php @@ -7,15 +7,23 @@ function admin_groups() { if (!isset ($_REQUEST["action"])) { $groups_html = ""; foreach ($groups as $group) { - $groups_html .= '<tr>'; - $groups_html .= '<td>' . $group['Name'] . '</td>'; + $groups_html .= sprintf( + '<tr><td>%s</td>', + $group['Name'] + ); $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID'])); $privileges_html = array (); + foreach ($privileges as $priv) $privileges_html[] = $priv['name']; - $groups_html .= '<td>' . join(", ", $privileges_html) . '</td>'; - $groups_html .= '<td><a href="' . page_link_to("admin_groups") . '&action=edit&id=' . $group['UID'] . '">Ändern</a></td>'; - $groups_html .= '</tr>'; + + $groups_html .= sprintf( + '<td>%s</td>' + . '<td><a href="%s&action=edit&id=%s">Ändern</a></td>', + join(', ', $privileges_html), + page_link_to("admin_groups"), + $group['UID'] + ); } return template_render('../templates/admin_groups.html', array ( diff --git a/includes/pages/guest_faq.php b/includes/pages/guest_faq.php index c4bcd0bb..2799cbaf 100644 --- a/includes/pages/guest_faq.php +++ b/includes/pages/guest_faq.php @@ -5,11 +5,17 @@ function guest_faq() { foreach ($faqs as $faq) { $html .= "<dl>"; if ($_SESSION['Sprache'] == "DE") { - $html .= "<dt>" . $faq['Frage_de'] . "</dt>"; - $html .= "<dd>" . $faq['Antwort_de'] . "</dd>"; + $html .= sprintf( + '<dt>%s</dt> <dd>%s</dd>', + $faq['frage_de'], + $faq['antwort_de'] + ); } else { - $html .= "<dt>" . $faq['Frage_en'] . "</dt>"; - $html .= "<dd>" . $faq['Antwort_en'] . "</dd>"; + $html .= sprintf( + '<dt>%s</dt> <dd>%s</dd>', + $faq['frage_en'], + $faq['antwort_en'] + ); } $html .= "</dl>"; } diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index bbf36b6d..db20a207 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -16,12 +16,25 @@ function guest_register() { $Ergans = sql_select("SELECT UID FROM `User` WHERE `Nick`='" . sql_escape($_POST["Nick"]) . "'"); if (strlen($_POST["Nick"]) < 2) - $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick2"); - elseif (count($Ergans) > 0) $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick3"); - elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false) $error = Get_Text("makeuser_error_mail"); - elseif (!is_numeric($_POST["Alter"])) $error = Get_Text("makeuser_error_Alter"); - elseif ($_POST["Passwort"] != $_POST["Passwort2"]) $error = Get_Text("makeuser_error_password1"); - elseif (strlen($_POST["Passwort"]) < 6) $error = Get_Text("makeuser_error_password2"); + $error = Get_Text("makeuser_error_nick1") + . $_POST["Nick"] . Get_Text("makeuser_error_nick2"); + + elseif (count($Ergans) > 0) + $error = Get_Text("makeuser_error_nick1") + . $_POST["Nick"] . Get_Text("makeuser_error_nick3"); + + elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false) + $error = Get_Text("makeuser_error_mail"); + + elseif (!is_numeric($_POST["Alter"])) + $error = Get_Text("makeuser_error_Alter"); + + elseif ($_POST["Passwort"] != $_POST["Passwort2"]) + $error = Get_Text("makeuser_error_password1"); + + elseif (strlen($_POST["Passwort"]) < 6) + $error = Get_Text("makeuser_error_password2"); + else { $_POST["Passwort"] = PassCrypt($_POST["Passwort"]); unset ($_POST["Passwort2"]); @@ -35,15 +48,26 @@ function guest_register() { "`Size`, " . "`Passwort`, " . "`Art` , " . "`kommentar`, " . "`Hometown`," . "`CreateDate`, `Sprache` ) " . - "VALUES ( " . - "'" . $_POST["Nick"] . "', " . "'" . $_POST["Name"] . "', " . - "'" . $_POST["Vorname"] . "', " . "'" . $_POST["Alter"] . "', " . - "'" . $_POST["Telefon"] . "', " . "'" . $_POST["DECT"] . "', " . - "'" . $_POST["Handy"] . "', " . "'" . $_POST["email"] . "', " . - "'" . $_POST["ICQ"] . "', " . "'" . $_POST["jabber"] . "', " . - "'" . $_POST["Size"] . "', " . "'" . $_POST["Passwort"] . "', " . - "'" . $_POST["Art"] . "', " . "'" . $_POST["kommentar"] . "', " . - "'" . $_POST["Hometown"] . "'," . "NOW(), '" . $_SESSION['Sprache'] . "')"); + "VALUES ( '" + . sql_escape($_POST["Nick"]) . "', " . "'" + . sql_escape($_POST["Name"]) . "', " . "'" + . sql_escape($_POST["Vorname"]) . "', " . "'" + . sql_escape($_POST["Alter"]) . "', " . "'" + . sql_escape($_POST["Telefon"]) . "', " . "'" + . sql_escape($_POST["DECT"]) . "', " . "'" + . sql_escape($_POST["Handy"]) . "', " . "'" + . sql_escape($_POST["email"]) . "', " . "'" + . sql_escape($_POST["ICQ"]) . "', " . "'" + . sql_escape($_POST["jabber"]) . "', " . "'" + . sql_escape($_POST["Size"]) . "', " . "'" + . sql_escape($_POST["Passwort"]) . "', " . "'" + . sql_escape($_POST["Art"]) . "', " . "'" + . sql_escape($_POST["kommentar"]) . "', " . "'" + . sql_escape($_POST["Hometown"]) . "'," + . "NOW(), '" + . sql_escape($_SESSION["Sprache"]) + . "')" + ); if ($Erg != 1) { $html .= Get_Text("makeuser_error_write1") . "<br />\n"; @@ -242,4 +266,4 @@ function guest_login_form() { 'send' => Get_Text("index_lang_send") )); } -?>
\ No newline at end of file +?> diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php index 30871d9d..a13b28f0 100644 --- a/includes/pages/user_messages.php +++ b/includes/pages/user_messages.php @@ -6,7 +6,13 @@ function user_unread_messages() { $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID'])); if ($new_messages > 0) - return '<p class="notice"><a href="' . page_link_to("user_messages") . '">' . Get_Text("pub_messages_new1") . " " . $new_messages . " " . Get_Text("pub_messages_new2") . '</a></p><hr />'; + return sprintf( + '<p class="notice"><a href="%s">%s %s %s</a></p><hr />', + page_link_to("user_messages"), + Get_Text("pub_messages_new1"), + $new_messages, + Get_Text("pub_messages_new2") + ); } return ""; @@ -16,23 +22,37 @@ function user_messages() { global $user; if (!isset ($_REQUEST['action'])) { - $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`"); + $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" + . sql_escape($user['UID']) . " ORDER BY `Nick`"); + $to_select_data = array ( "" => "Select receiver..." ); + foreach ($users as $u) $to_select_data[$u['UID']] = $u['Nick']; + $to_select = html_select_key('to', $to_select_data, ''); $messages_html = ""; - $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC"); + $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" + . sql_escape($user['UID']) + . " OR `RUID`=" . sql_escape($user['UID']) + . " ORDER BY `isRead`,`Datum` DESC" + ); foreach ($messages as $message) { - $messages_html .= '<tr' . ($message['isRead'] == 'N' ? ' class="new_message"' : '') . '>'; - $messages_html .= '<td>' . ($message['isRead'] == 'N' ? '•' : '') . '</td>'; - $messages_html .= '<td>' . date("Y-m-d H:i", $message['Datum']) . '</td>'; - $messages_html .= '<td>' . UID2Nick($message['SUID']) . '</td>'; - $messages_html .= '<td>' . UID2Nick($message['RUID']) . '</td>'; - $messages_html .= '<td>' . str_replace("\n", '<br />', $message['Text']) . '</td>'; + + $messages_html .= sprintf( + '<tr %s> <td>%s</td> <td>%s</td> <td>%s</td> <td>%s</td>' + .'<td>%s</td>', + ($message['isRead'] == 'N' ? ' class="new_message"' : ''), + ($message['isRead'] == 'N' ? '•' : ''), + date("Y-m-d H:i", $message['Datum']), + UID2Nick($message['SUID']), + UID2Nick($message['RUID']), + str_replace("\n", '<br />', $message['Text']) + ); + $messages_html .= '<td>'; if ($message['RUID'] == $user['UID']) { if ($message['isRead'] == 'N') @@ -45,7 +65,8 @@ function user_messages() { return template_render('../templates/user_messages.html', array ( 'link' => page_link_to("user_messages"), - 'greeting' => Get_Text("Hello") . $user['Nick'] . ", <br />\n" . Get_Text("pub_messages_text1") . "<br /><br />\n", + 'greeting' => Get_Text("Hello") . $user['Nick'] . ", <br />\n" + . Get_Text("pub_messages_text1") . "<br /><br />\n", 'messages' => $messages_html, 'new_label' => Get_Text("pub_messages_Neu"), 'date_label' => Get_Text("pub_messages_Datum"), diff --git a/includes/sys_auth.php b/includes/sys_auth.php index 68e336b0..009be2d8 100644 --- a/includes/sys_auth.php +++ b/includes/sys_auth.php @@ -19,7 +19,10 @@ function load_auth() { if (count($user) > 0) { // User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten list ($user) = $user; - sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . $_SESSION['uid'] . "' LIMIT 1;"); + sql_query("UPDATE `User` SET " + . "`lastLogIn` = '" . time() . "'" + . " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;" + ); } else unset ($_SESSION['uid']); } @@ -52,4 +55,4 @@ function PassCrypt($passwort) { return md5($passwort); } } -?>
\ No newline at end of file +?> diff --git a/includes/sys_page.php b/includes/sys_page.php index 2af5f729..e499cd57 100644 --- a/includes/sys_page.php +++ b/includes/sys_page.php @@ -8,6 +8,14 @@ function strip_request_item($name) { ); } +function strip_request_item_nl($name) { + return preg_replace( + "/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", + '', + strip_tags($_REQUEST[$name]) + ); +} + function error($msg) { return '<p class="error">' . $msg . '</p>'; } |