diff options
| author | Philip Häusler <msquare@notrademark.de> | 2013-12-28 03:13:48 +0100 |
|---|---|---|
| committer | Philip Häusler <msquare@notrademark.de> | 2013-12-28 03:13:48 +0100 |
| commit | 400dc093c63afbcb80700bdec93ae063ae300876 (patch) | |
| tree | acbf8d6e30558c5cb64c0dafb1c7b40690c63a7b /includes | |
| parent | a9fb05b128581b492ff14379e233f026cc618e08 (diff) | |
force active function fix
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/pages/admin_user.php | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index a748a580..7b1fd22d 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -223,11 +223,28 @@ function admin_user() { break; case 'save': - $forced_active = $user['force_active']; + $force_active = $user['force_active']; if (in_array('admin_active', $privileges)) - $forced_active = $_REQUEST['force_active']; - $SQL = "UPDATE `User` SET "; - $SQL .= " `Nick` = '" . sql_escape($_POST["eNick"]) . "', `Name` = '" . sql_escape($_POST["eName"]) . "', " . "`Vorname` = '" . sql_escape($_POST["eVorname"]) . "', " . "`Telefon` = '" . sql_escape($_POST["eTelefon"]) . "', " . "`Handy` = '" . sql_escape($_POST["eHandy"]) . "', " . "`Alter` = '" . sql_escape($_POST["eAlter"]) . "', " . "`DECT` = '" . sql_escape($_POST["eDECT"]) . "', " . "`email` = '" . sql_escape($_POST["eemail"]) . "', " . "`ICQ` = '" . sql_escape($_POST["eICQ"]) . "', " . "`jabber` = '" . sql_escape($_POST["ejabber"]) . "', " . "`Size` = '" . sql_escape($_POST["eSize"]) . "', " . "`Gekommen`= '" . sql_escape($_POST["eGekommen"]) . "', " . "`Aktiv`= '" . sql_escape($_POST["eAktiv"]) . "', " . "`force_active`= " . sql_escape($force_active) . ", " . "`Tshirt` = '" . sql_escape($_POST["eTshirt"]) . "', " . "`Hometown` = '" . sql_escape($_POST["Hometown"]) . "' " . "WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1;"; + $force_active = $_REQUEST['force_active']; + $SQL = "UPDATE `User` SET + `Nick` = '" . sql_escape($_POST["eNick"]) . "', + `Name` = '" . sql_escape($_POST["eName"]) . "', + `Vorname` = '" . sql_escape($_POST["eVorname"]) . "', + `Telefon` = '" . sql_escape($_POST["eTelefon"]) . "', + `Handy` = '" . sql_escape($_POST["eHandy"]) . "', + `Alter` = '" . sql_escape($_POST["eAlter"]) . "', + `DECT` = '" . sql_escape($_POST["eDECT"]) . "', + `email` = '" . sql_escape($_POST["eemail"]) . "', + `ICQ` = '" . sql_escape($_POST["eICQ"]) . "', + `jabber` = '" . sql_escape($_POST["ejabber"]) . "', + `Size` = '" . sql_escape($_POST["eSize"]) . "', + `Gekommen`= '" . sql_escape($_POST["eGekommen"]) . "', + `Aktiv`= '" . sql_escape($_POST["eAktiv"]) . "', + `force_active`= " . sql_escape($force_active) . ", + `Tshirt` = '" . sql_escape($_POST["eTshirt"]) . "', + `Hometown` = '" . sql_escape($_POST["Hometown"]) . "' + WHERE `UID` = '" . sql_escape($id) . "' + LIMIT 1;"; sql_query($SQL); engelsystem_log("Updated user: " . $_POST["eNick"] . ", " . $_POST["eSize"] . ", arrived: " . $_POST["eGekommen"] . ", active: " . $_POST["eAktiv"] . ", tshirt: " . $_POST["eTshirt"]); $html .= success("Änderung wurde gespeichert...\n", true); |