diff options
| -rw-r--r-- | includes/pages/admin_rooms.php | 4 | ||||
| -rw-r--r-- | includes/pages/admin_user.php | 13 |
2 files changed, 10 insertions, 7 deletions
diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php index 113be54a..38a8c302 100644 --- a/includes/pages/admin_rooms.php +++ b/includes/pages/admin_rooms.php @@ -146,8 +146,8 @@ function admin_rooms() { )); } elseif ($_REQUEST['show'] == 'delete') { if (isset($_REQUEST['ack'])) { - sql_query("DELETE FROM `Room` WHERE `RID`='" . sql_escape($id) . "' LIMIT 1"); - sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($id) . "' LIMIT 1"); + if (! Room_delete($id)) + engelsystem_error("Unable to delete room."); engelsystem_log("Room deleted: " . $name); success(sprintf(_("Room %s deleted."), $name)); diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index ee244925..6d327d7f 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -27,10 +27,6 @@ function admin_user() { $html .= "<form action=\"" . page_link_to("admin_user") . "&action=save&id=$id\" method=\"post\">\n"; $html .= "<table border=\"0\">\n"; $html .= "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n"; - - $SQL = "SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "'"; - list($user_source) = sql_select($SQL); - $html .= "<tr><td>\n"; $html .= "<table>\n"; $html .= " <tr><td>Nick</td><td>" . "<input type=\"text\" size=\"40\" name=\"eNick\" value=\"" . $user_source['Nick'] . "\"></td></tr>\n"; @@ -162,7 +158,14 @@ function admin_user() { case 'delete': if ($user['UID'] != $id) { - $user_source = sql_select("SELECT `Nick`, `UID` FROM `User` WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1"); + $user_source = User($id); + if ($user_source === false) + engelsystem_error("Unable to load user."); + if ($user_source == null) { + error(_('This user does not exist.')); + redirect(users_link()); + } + sql_query("DELETE FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'"); engelsystem_log("Deleted user " . User_Nick_render($user_source)); |