summaryrefslogtreecommitdiff
path: root/admin
diff options
context:
space:
mode:
Diffstat (limited to 'admin')
-rwxr-xr-xadmin/faq.php57
-rwxr-xr-xadmin/sprache.php10
2 files changed, 39 insertions, 28 deletions
diff --git a/admin/faq.php b/admin/faq.php
index e8ed4ddd..e4123841 100755
--- a/admin/faq.php
+++ b/admin/faq.php
@@ -1,13 +1,17 @@
<?php
$title = "Himmel";
$header = "FAQ / Fragen an die Erzengel";
+$submenus = 1;
include ("./inc/header.php");
include ("./inc/funktion_user.php");
-$submenus = 1;
-if (IsSet($quest)) {
+//var init
+$quest_bearb=0;
+
+if (IsSet($_GET["quest"])) {
-switch ($quest) {
+switch ($_GET["quest"])
+{
// *---------------------------------------------------------------------------
// * Anfragen - Bearbeitung
@@ -63,15 +67,15 @@ case "open":
break;
case "edit":
$quest_bearb=0; // keine Fragenliste anzeigen, Frage editieren...
- if (!IsSet($QID)){
+ if (!IsSet($_GET["QID"])){
?>
Fehlerhafter Aufruf...<br>Bitte die Bearbeitung nochmals beginnen :)
<?php
} else {
- $SQL = "SELECT * FROM Questions where QID=$QID";
+ $SQL = "SELECT * FROM Questions where QID=". $_GET["QID"];
$Erg = mysql_query($SQL, $con);
?>
- <form action="./faq.php" method="post">
+ <form action="./faq.php" method="GET">
Anfrage von <b><?php echo UID2NICK(mysql_result($Erg, 0, "UID")); ?></b>:<br>
<textarea name="Question" rows="3" cols="80"><?php echo mysql_result($Erg, 0, "Question"); ?></textarea>
<br><br>
@@ -89,7 +93,7 @@ case "edit":
<?php
}
?>
- <input type="hidden" name="QID" value="<? echo $QID ?>">
+ <input type="hidden" name="QID" value="<? echo $_GET["QID"]; ?>">
<input type="hidden" name="quest" value="save">
<input type="submit" value="Sichern...">
</form>
@@ -106,12 +110,14 @@ case "edit":
break;
case "save":
- if (!IsSet($QID)){
+ if (!IsSet($_GET["QID"])){
?>
Fehlerhafter Aufruf... Bitte die Bearbeitung nochmal starten...
<?php
} else {
- $SQL = "UPDATE Questions SET Question=\"$Question\", AID=\"".$_SESSION['UID']."\" , Answer=\"$Answer\" where QID = \"".$QID."\" LIMIT 1";
+ $SQL = "UPDATE Questions SET Question=\"". $_GET["Question"].
+ "\", AID=\"". $_SESSION['UID']. "\" , Answer=\"". $_GET["Answer"]. "\" ".
+ "where QID = \"". $_GET["QID"]. "\" LIMIT 1";
$Erg = mysql_query($SQL, $con);
if ($Erg == 1) {
?>
@@ -126,15 +132,16 @@ case "save":
break;
case "transfer":
- if (!IsSet($QID)){
+ if (!IsSet($_GET["QID"])){
?>
Fehlerhafter Aufruf... Bitte die Bearbeitung nochmal starten...
<?php
} else {
- $SQL1="Select * from Questions where QID=$QID";
+ $SQL1="Select * from Questions where QID=". $_GET["QID"];
$Erg = mysql_query($SQL1, $con);
- $SQL2="Insert into FAQ Values (\"\", \"".mysql_result($Erg, 0, "Question")."\", \"".mysql_result($Erg, 0, "Answer")."\")";
+ $SQL2="Insert into FAQ Values (\"\", \"".
+ mysql_result($Erg, 0, "Question")."\", \"".mysql_result($Erg, 0, "Answer")."\")";
$Erg = mysql_query($SQL2, $con);
if ($Erg == 1) {
?>
@@ -182,30 +189,31 @@ case "faq":
break;
case "faqedit":
- if (!IsSet($FAQID)){
+ if (!IsSet($_GET["FAQID"]))
+ {
?>
Fehlerhafter Aufruf...<br>Bitte die Bearbeitung nochmals beginnen :)
<?php
} else {
- $SQL = "SELECT * FROM FAQ where FID=$FAQID";
+ $SQL = "SELECT * FROM FAQ where FID=". $_GET["FAQID"];
$Erg = mysql_query($SQL, $con);
// anzahl zeilen
$Zeilen = mysql_num_rows($Erg);
?>
- <form action="./faq.php" method="post">
+ <form action="./faq.php" method="GET">
Frage:<br>
<textarea name="Frage" rows="3" cols="80"><?php echo mysql_result($Erg, 0, "Frage"); ?></textarea>
<br><br>
Antwort:<br>
<textarea name="Antwort" rows="5" cols="80"><?php echo mysql_result($Erg, 0, "Antwort"); ?></textarea><br>
- <input type="hidden" name="FAQID" value="<? echo $FAQID; ?>">
+ <input type="hidden" name="FAQID" value="<? echo $_GET["FAQID"]; ?>">
<input type="hidden" name="quest" value="faqsave">
<input type="submit" value="Sichern...">
</form>
<form action="./faq.php">
- <input type="hidden" name="FAQID" value="<? echo $FAQID; ?>">
+ <input type="hidden" name="FAQID" value="<? echo $_GET["FAQID"]; ?>">
<input type="hidden" name="quest" value="faqdelete">
<input type="submit" value="L&ouml;schen...">
</form>
@@ -214,12 +222,13 @@ case "faqedit":
break;
case "faqdelete";
- if (!IsSet($FAQID)){
+ if (!IsSet($_GET["FAQID"]))
+ {
?>
Fehlerhafter Aufruf... Bitte die Bearbeitung nochmal starten...
<?php
} else {
- $SQL = "delete from FAQ where FID = \"$FAQID\" LIMIT 1";
+ $SQL = "delete from FAQ where FID = \"". $_GET["FAQID"]. "\" LIMIT 1";
$Erg = mysql_query($SQL, $con);
if ($Erg == 1) {
?>
@@ -234,12 +243,14 @@ case "faqdelete";
break;
case "faqsave";
- if (!IsSet($FAQID)){
+ if (!IsSet($_GET["FAQID"]))
+ {
?>
Fehlerhafter Aufruf... Bitte die Bearbeitung nochmal starten...
<?php
} else {
- $SQL = "UPDATE FAQ SET Frage=\"$Frage\", Antwort=\"$Antwort\" where FID = \"$FAQID\" LIMIT 1";
+ $SQL = "UPDATE FAQ SET Frage=\"". $_GET["Frage"]. "\", Antwort=\"". $_GET["Antwort"].
+ "\" where FID = \"". $_GET["FAQID"]. "\" LIMIT 1";
$Erg = mysql_query($SQL, $con);
if ($Erg == 1) {
?>
@@ -255,7 +266,7 @@ case "faqsave";
case "faqnew":
?>
- <form action="./faq.php" method="post">
+ <form action="./faq.php" method="GET">
Frage:<br>
<textarea name="Frage" rows="3" cols="80">Frage...</textarea><br><br>
Antwort:<br>
@@ -266,7 +277,7 @@ case "faqnew":
<?php
break;
case "faqnewsave";
- $SQL = "INSERT INTO FAQ VALUES (\"\", \"$Frage\", \"$Antwort\")";
+ $SQL = "INSERT INTO FAQ VALUES (\"\", \"". $_GET["Frage"]. "\", \"". $_GET["Antwort"]. "\")";
$Erg = mysql_query($SQL, $con);
if ($Erg == 1) {
?>
diff --git a/admin/sprache.php b/admin/sprache.php
index c3071f7d..af5db2ba 100755
--- a/admin/sprache.php
+++ b/admin/sprache.php
@@ -5,7 +5,7 @@ $header = "Liste der existierenden Sprcheintr&auml;ge";
include ("./inc/header.php");
-if( !isset( $TextID ) )
+if( !isset( $_GET["TextID"] ) )
{
echo Get_Text("Hello").$_SESSION['Nick'].", <br>\n";
echo Get_Text("pub_sprache_text1")."<br><br>\n";
@@ -75,18 +75,18 @@ if( !isset( $TextID ) )
} /*if( !isset( $TextID ) )*/
else
{
- echo "edit: ". $TextID. "<br><br>";
+ echo "edit: ". $_GET["TextID"]. "<br><br>";
foreach ($_GET as $k => $v) {
if( $k != "TextID" )
{
$sql_test = "SELECT * FROM `Sprache` ".
- "WHERE `TextID`='$TextID' AND `Sprache`='$k'";
+ "WHERE `TextID`='". $_GET["TextID"]. "' AND `Sprache`='$k'";
$erg_test = mysql_query($sql_test, $con);
if( mysql_num_rows($erg_test)==0 )
{
$sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) ".
- "VALUES ('$TextID', '$k', '$v')";
+ "VALUES ('". $_GET["TextID"]. "', '$k', '$v')";
$Erg = mysql_query($sql_save, $con);
if ($Erg == 1)
echo "\t $k Save: OK<br>\n";
@@ -96,7 +96,7 @@ else
else if( mysql_result($erg_test, 0, "Text")!=$v )
{
$sql_save = "UPDATE `Sprache` SET `Text`='$v' ".
- "WHERE `TextID`='$TextID' AND `Sprache`='$k' ";
+ "WHERE `TextID`='". $_GET["TextID"]. "' AND `Sprache`='$k' ";
echo $sql_save."<br>";
$Erg = mysql_query($sql_save, $con);
if ($Erg == 1)