diff options
Diffstat (limited to 'www-ssl/admin')
-rwxr-xr-x | www-ssl/admin/news.php | 163 |
1 files changed, 88 insertions, 75 deletions
diff --git a/www-ssl/admin/news.php b/www-ssl/admin/news.php index f37c9a08..137695b3 100755 --- a/www-ssl/admin/news.php +++ b/www-ssl/admin/news.php @@ -7,13 +7,13 @@ include ("./inc/funktion_db_list.php"); include ("./inc/funktion_user.php"); -if (!IsSet($_GET["action"])) { - -$SQL = "SELECT * from News order by Datum DESC"; -$Erg = mysql_query($SQL, $con); +if (!IsSet($_GET["action"])) +{ + $SQL = "SELECT * from News order by Datum DESC"; + $Erg = mysql_query($SQL, $con); -$rowcount = mysql_num_rows($Erg); -?> + $rowcount = mysql_num_rows($Erg); + ?> Hallo <?PHP echo $_SESSION['Nick'] ?>, <br> hier kannst du die News säbern... falls jemand auf die Idee kommt, hier herumzuspamen oder aus Versehen falsche Informationen zu hinterlegen :)<br><br> @@ -29,82 +29,95 @@ hier herumzuspamen oder aus Versehen falsche Informationen zu hinterlegen :)<br> </tr> <?PHP -for ($i=0; $i < $rowcount; $i++) { - echo "\t<tr class=\"content\">\n"; - echo "\t <td>".mysql_result($Erg, $i, "Datum")."</td>"; - echo "\t <td>".mysql_result($Erg, $i, "Betreff")."</td>"; - echo "\t <td>".mysql_result($Erg, $i, "Text")."</td>"; - echo "\t <td>".UID2Nick(mysql_result($Erg, $i, "UID"))."</td>"; - echo "\t <td>".mysql_result($Erg, $i, "Treffen")."</td>"; - echo "\t <td><a href=\"./news.php?action=change&date=".mysql_result($Erg, $i, "Datum")."\">XXX</a></td>"; - echo "\t</tr>\n"; -} -echo "</table>"; - - -} else { - -switch ($_GET["action"]) -{ - -case 'change': - $SQL = "SELECT * from News where (Datum='". $_GET["date"]. "')"; - $Erg = mysql_query($SQL, $con); - - echo "<form action=\"./news.php\" method=\"GET\">\n"; - - echo "<table>\n"; - echo " <tr><td>Datum</td><td><input type=\"text\" size=\"40\" name=\"date\" value=\"". - mysql_result($Erg, 0, "Datum")."\" disabled></td></tr>\n"; - echo " <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"". - mysql_result($Erg, 0, "Betreff")."\"></td></tr>\n"; - echo " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">". - mysql_result($Erg, 0, "Text")."</textarea></td></tr>\n"; - echo " <tr><td>Engel</td><td><input type=\"text\" size=\"40\" name=\"eUser\" value=\"". - UID2Nick(mysql_result($Erg, 0, "UID"))."\" disabled></td></tr>\n"; - echo " <tr><td>Treffen</td><td><input type=\"text\" size=\"40\" name=\"eTreffen\" value=\"". - mysql_result($Erg, 0, "Treffen")."\"></td></tr>\n"; + for ($i=0; $i < $rowcount; $i++) + { + echo "\t<tr class=\"content\">\n"; + echo "\t <td>".mysql_result($Erg, $i, "Datum")."</td>"; + echo "\t <td>".mysql_result($Erg, $i, "Betreff")."</td>"; + echo "\t <td>".mysql_result($Erg, $i, "Text")."</td>"; + echo "\t <td>".UID2Nick(mysql_result($Erg, $i, "UID"))."</td>"; + echo "\t <td>".mysql_result($Erg, $i, "Treffen")."</td>"; + echo "\t <td><a href=\"./news.php?action=change&date=".mysql_result($Erg, $i, "Datum")."\">XXX</a></td>"; + echo "\t</tr>\n"; + } echo "</table>"; +} +else +{ - echo "<input type=\"hidden\" name=\"date\" value=\"". $_GET["date"]. "\">\n"; - echo "<input type=\"hidden\" name=\"action\" value=\"change_save\">\n"; - echo "<input type=\"submit\" value=\"Abschicken...\">\n"; - echo "</form>"; - - echo "<form action=\"./news.php?action=delete\" method=\"POST\">\n"; - echo "<input type=\"hidden\" name=\"date\" value=\"". $_GET["date"]. "\">\n"; - echo "<input type=\"submit\" value=\"löschen...\">\n"; - echo "</form>"; - - break; - -case 'change_save': - $chsql="UPDATE News set Betreff = \"". $_GET["eBetreff"]. "\", Text = \"". $_GET["eText"]. - "\", Treffen=". $_GET["eTreffen"]. " where (Datum = '". $_GET["date"]. "') limit 1"; - break; - -case 'delete': - $chsql="DELETE from News where Datum = '". $_POST["date"]. "' limit 1"; - break; -} + unSet($chsql); -if (IsSet($chsql)) { -// SQL-Statement ausführen... - $Erg = mysql_query($chsql, $con); - If ($Erg == 1) + switch ($_GET["action"]) { - echo "Änderung erfolgreich gesichert..."; - } - else + case 'change': + if (isset($_GET["date"])) + { + $SQL = "SELECT * from News where (Datum='". $_GET["date"]. "')"; + $Erg = mysql_query($SQL, $con); + + if( mysql_num_rows( $Erg)==1) + { + echo "<form action=\"./news.php\" method=\"GET\">\n"; + + echo "<table>\n"; + echo " <tr><td>Datum</td><td><input type=\"text\" size=\"40\" name=\"date\" value=\"". + mysql_result($Erg, 0, "Datum")."\" disabled></td></tr>\n"; + echo " <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"". + mysql_result($Erg, 0, "Betreff")."\"></td></tr>\n"; + echo " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">". + mysql_result($Erg, 0, "Text")."</textarea></td></tr>\n"; + echo " <tr><td>Engel</td><td><input type=\"text\" size=\"40\" name=\"eUser\" value=\"". + UID2Nick(mysql_result($Erg, 0, "UID"))."\" disabled></td></tr>\n"; + echo " <tr><td>Treffen</td><td><input type=\"text\" size=\"40\" name=\"eTreffen\" value=\"". + mysql_result($Erg, 0, "Treffen")."\"></td></tr>\n"; + echo "</table>"; + + echo "<input type=\"hidden\" name=\"date\" value=\"". $_GET["date"]. "\">\n"; + echo "<input type=\"hidden\" name=\"action\" value=\"change_save\">\n"; + echo "<input type=\"submit\" value=\"Abschicken...\">\n"; + echo "</form>"; + + echo "<form action=\"./news.php?action=delete\" method=\"POST\">\n"; + echo "<input type=\"hidden\" name=\"date\" value=\"". $_GET["date"]. "\">\n"; + echo "<input type=\"submit\" value=\"löschen...\">\n"; + echo "</form>"; + } + else + echo "FEHLER: Eintrag \"". $_GET["date"]. "\" nicht gefunden"; + } + else + echo "Fehler: \"date\" nicht übergeben"; + break; + + case 'change_save': + if( isset($_GET["date"]) && isset($_GET["eBetreff"]) && isset($_GET["eText"]) ) + $chsql="UPDATE News set Betreff = \"". $_GET["eBetreff"]. "\", Text = \"". $_GET["eText"]. + "\", Treffen=". $_GET["eTreffen"]. " where (Datum = '". $_GET["date"]. "') limit 1"; + else + echo "Fehler: nicht genügend parameter übergeben"; + break; + + case 'delete': + if (isset($_POST["date"])) + $chsql="DELETE from News where Datum = '". $_POST["date"]. "' limit 1"; + else + echo "Fehler: \"date\" nicht übergeben"; + break; + } //SWITCH + + if (IsSet($chsql)) { - echo "Ein Fehler ist aufgetreten... probiere es am besten nocheinmal... :)<br><br>\n"; - echo mysql_error($con); - echo "<br><br>\n[$chsql]"; + // SQL-Statement ausführen... + $Erg = mysql_query($chsql, $con); + If ($Erg == 1) + echo "Änderung erfolgreich gesichert..."; + else + echo "Ein Fehler ist aufgetreten... probiere es am besten nocheinmal... :)<br><br>\n". + mysql_error($con). "<br><br>\n[$chsql]"; + SetHeaderGo2Back(); } - SetHeaderGo2Back(); -} +}// IF-ELSE -} include ("./inc/footer.php"); ?> |