summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
Diffstat (limited to 'includes')
-rw-r--r--includes/pages/admin_rooms.php4
-rw-r--r--includes/pages/admin_user.php13
2 files changed, 10 insertions, 7 deletions
diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php
index 113be54a..38a8c302 100644
--- a/includes/pages/admin_rooms.php
+++ b/includes/pages/admin_rooms.php
@@ -146,8 +146,8 @@ function admin_rooms() {
));
} elseif ($_REQUEST['show'] == 'delete') {
if (isset($_REQUEST['ack'])) {
- sql_query("DELETE FROM `Room` WHERE `RID`='" . sql_escape($id) . "' LIMIT 1");
- sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($id) . "' LIMIT 1");
+ if (! Room_delete($id))
+ engelsystem_error("Unable to delete room.");
engelsystem_log("Room deleted: " . $name);
success(sprintf(_("Room %s deleted."), $name));
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index ee244925..6d327d7f 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -27,10 +27,6 @@ function admin_user() {
$html .= "<form action=\"" . page_link_to("admin_user") . "&action=save&id=$id\" method=\"post\">\n";
$html .= "<table border=\"0\">\n";
$html .= "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n";
-
- $SQL = "SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "'";
- list($user_source) = sql_select($SQL);
-
$html .= "<tr><td>\n";
$html .= "<table>\n";
$html .= " <tr><td>Nick</td><td>" . "<input type=\"text\" size=\"40\" name=\"eNick\" value=\"" . $user_source['Nick'] . "\"></td></tr>\n";
@@ -162,7 +158,14 @@ function admin_user() {
case 'delete':
if ($user['UID'] != $id) {
- $user_source = sql_select("SELECT `Nick`, `UID` FROM `User` WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1");
+ $user_source = User($id);
+ if ($user_source === false)
+ engelsystem_error("Unable to load user.");
+ if ($user_source == null) {
+ error(_('This user does not exist.'));
+ redirect(users_link());
+ }
+
sql_query("DELETE FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'");
engelsystem_log("Deleted user " . User_Nick_render($user_source));