diff options
Diffstat (limited to 'includes')
-rw-r--r-- | includes/controller/shift_entries_controller.php | 4 | ||||
-rw-r--r-- | includes/pages/admin_user.php | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/includes/controller/shift_entries_controller.php b/includes/controller/shift_entries_controller.php index 04983637..32c94a6b 100644 --- a/includes/controller/shift_entries_controller.php +++ b/includes/controller/shift_entries_controller.php @@ -34,7 +34,7 @@ function shift_entry_add_controller() { if (in_array('user_shifts_admin', $privileges) || in_array('shiftentry_edit_angeltype_supporter', $privileges)) { $type = AngelType($type_id); } else { - $type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1"); + $type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL))"); $type = $type[0]; } @@ -91,7 +91,7 @@ function shift_entry_add_controller() { engelsystem_error('Unable to create shift entry.'); } - if ($type['restricted'] == 0 && sql_num_query("SELECT * FROM `UserAngelTypes` INNER JOIN `AngelTypes` ON `AngelTypes`.`id` = `UserAngelTypes`.`angeltype_id` WHERE `angeltype_id` = '" . sql_escape($selected_type_id) . "' AND `user_id` = '" . sql_escape($user_id) . "' ") == 0) { + if ($type['restricted'] == 0 && sql_num_query("SELECT * FROM `UserAngelTypes` INNER JOIN `AngelTypes` ON `AngelTypes`.`id` = `UserAngelTypes`.`angeltype_id` WHERE `angeltype_id` = '" . sql_escape($selected_type_id) . "' AND `user_id` = '" . sql_escape($user_id) . "'") == 0) { sql_query("INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`) VALUES ('" . sql_escape($user_id) . "', '" . sql_escape($selected_type_id) . "')"); } diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index 9b1bc0df..60ed340f 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -173,7 +173,7 @@ function admin_user() { `Handy` = '" . sql_escape($_POST["eHandy"]) . "', `Alter` = '" . sql_escape($_POST["eAlter"]) . "', `DECT` = '" . sql_escape($_POST["eDECT"]) . "', - `email` = '" . sql_escape($_POST["eemail"]) . "', + `email` = '" . sql_escape(isset($_POST["eemail"]) ? $_POST["eemail"] : $user_source['email']) . "', `jabber` = '" . sql_escape($_POST["ejabber"]) . "', `Size` = '" . sql_escape($_POST["eSize"]) . "', `Gekommen`= '" . sql_escape($_POST["eGekommen"]) . "', |