summaryrefslogtreecommitdiff
path: root/www-ssl/admin
diff options
context:
space:
mode:
Diffstat (limited to 'www-ssl/admin')
-rwxr-xr-xwww-ssl/admin/news.php163
1 files changed, 88 insertions, 75 deletions
diff --git a/www-ssl/admin/news.php b/www-ssl/admin/news.php
index f37c9a08..137695b3 100755
--- a/www-ssl/admin/news.php
+++ b/www-ssl/admin/news.php
@@ -7,13 +7,13 @@ include ("./inc/funktion_db_list.php");
include ("./inc/funktion_user.php");
-if (!IsSet($_GET["action"])) {
-
-$SQL = "SELECT * from News order by Datum DESC";
-$Erg = mysql_query($SQL, $con);
+if (!IsSet($_GET["action"]))
+{
+ $SQL = "SELECT * from News order by Datum DESC";
+ $Erg = mysql_query($SQL, $con);
-$rowcount = mysql_num_rows($Erg);
-?>
+ $rowcount = mysql_num_rows($Erg);
+ ?>
Hallo <?PHP echo $_SESSION['Nick'] ?>, <br>
hier kannst du die News s&auml;bern... falls jemand auf die Idee kommt,
hier herumzuspamen oder aus Versehen falsche Informationen zu hinterlegen :)<br><br>
@@ -29,82 +29,95 @@ hier herumzuspamen oder aus Versehen falsche Informationen zu hinterlegen :)<br>
</tr>
<?PHP
-for ($i=0; $i < $rowcount; $i++) {
- echo "\t<tr class=\"content\">\n";
- echo "\t <td>".mysql_result($Erg, $i, "Datum")."</td>";
- echo "\t <td>".mysql_result($Erg, $i, "Betreff")."</td>";
- echo "\t <td>".mysql_result($Erg, $i, "Text")."</td>";
- echo "\t <td>".UID2Nick(mysql_result($Erg, $i, "UID"))."</td>";
- echo "\t <td>".mysql_result($Erg, $i, "Treffen")."</td>";
- echo "\t <td><a href=\"./news.php?action=change&date=".mysql_result($Erg, $i, "Datum")."\">XXX</a></td>";
- echo "\t</tr>\n";
-}
-echo "</table>";
-
-
-} else {
-
-switch ($_GET["action"])
-{
-
-case 'change':
- $SQL = "SELECT * from News where (Datum='". $_GET["date"]. "')";
- $Erg = mysql_query($SQL, $con);
-
- echo "<form action=\"./news.php\" method=\"GET\">\n";
-
- echo "<table>\n";
- echo " <tr><td>Datum</td><td><input type=\"text\" size=\"40\" name=\"date\" value=\"".
- mysql_result($Erg, 0, "Datum")."\" disabled></td></tr>\n";
- echo " <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"".
- mysql_result($Erg, 0, "Betreff")."\"></td></tr>\n";
- echo " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">".
- mysql_result($Erg, 0, "Text")."</textarea></td></tr>\n";
- echo " <tr><td>Engel</td><td><input type=\"text\" size=\"40\" name=\"eUser\" value=\"".
- UID2Nick(mysql_result($Erg, 0, "UID"))."\" disabled></td></tr>\n";
- echo " <tr><td>Treffen</td><td><input type=\"text\" size=\"40\" name=\"eTreffen\" value=\"".
- mysql_result($Erg, 0, "Treffen")."\"></td></tr>\n";
+ for ($i=0; $i < $rowcount; $i++)
+ {
+ echo "\t<tr class=\"content\">\n";
+ echo "\t <td>".mysql_result($Erg, $i, "Datum")."</td>";
+ echo "\t <td>".mysql_result($Erg, $i, "Betreff")."</td>";
+ echo "\t <td>".mysql_result($Erg, $i, "Text")."</td>";
+ echo "\t <td>".UID2Nick(mysql_result($Erg, $i, "UID"))."</td>";
+ echo "\t <td>".mysql_result($Erg, $i, "Treffen")."</td>";
+ echo "\t <td><a href=\"./news.php?action=change&date=".mysql_result($Erg, $i, "Datum")."\">XXX</a></td>";
+ echo "\t</tr>\n";
+ }
echo "</table>";
+}
+else
+{
- echo "<input type=\"hidden\" name=\"date\" value=\"". $_GET["date"]. "\">\n";
- echo "<input type=\"hidden\" name=\"action\" value=\"change_save\">\n";
- echo "<input type=\"submit\" value=\"Abschicken...\">\n";
- echo "</form>";
-
- echo "<form action=\"./news.php?action=delete\" method=\"POST\">\n";
- echo "<input type=\"hidden\" name=\"date\" value=\"". $_GET["date"]. "\">\n";
- echo "<input type=\"submit\" value=\"l&ouml;schen...\">\n";
- echo "</form>";
-
- break;
-
-case 'change_save':
- $chsql="UPDATE News set Betreff = \"". $_GET["eBetreff"]. "\", Text = \"". $_GET["eText"].
- "\", Treffen=". $_GET["eTreffen"]. " where (Datum = '". $_GET["date"]. "') limit 1";
- break;
-
-case 'delete':
- $chsql="DELETE from News where Datum = '". $_POST["date"]. "' limit 1";
- break;
-}
+ unSet($chsql);
-if (IsSet($chsql)) {
-// SQL-Statement ausführen...
- $Erg = mysql_query($chsql, $con);
- If ($Erg == 1)
+ switch ($_GET["action"])
{
- echo "&Auml;nderung erfolgreich gesichert...";
- }
- else
+ case 'change':
+ if (isset($_GET["date"]))
+ {
+ $SQL = "SELECT * from News where (Datum='". $_GET["date"]. "')";
+ $Erg = mysql_query($SQL, $con);
+
+ if( mysql_num_rows( $Erg)==1)
+ {
+ echo "<form action=\"./news.php\" method=\"GET\">\n";
+
+ echo "<table>\n";
+ echo " <tr><td>Datum</td><td><input type=\"text\" size=\"40\" name=\"date\" value=\"".
+ mysql_result($Erg, 0, "Datum")."\" disabled></td></tr>\n";
+ echo " <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"".
+ mysql_result($Erg, 0, "Betreff")."\"></td></tr>\n";
+ echo " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">".
+ mysql_result($Erg, 0, "Text")."</textarea></td></tr>\n";
+ echo " <tr><td>Engel</td><td><input type=\"text\" size=\"40\" name=\"eUser\" value=\"".
+ UID2Nick(mysql_result($Erg, 0, "UID"))."\" disabled></td></tr>\n";
+ echo " <tr><td>Treffen</td><td><input type=\"text\" size=\"40\" name=\"eTreffen\" value=\"".
+ mysql_result($Erg, 0, "Treffen")."\"></td></tr>\n";
+ echo "</table>";
+
+ echo "<input type=\"hidden\" name=\"date\" value=\"". $_GET["date"]. "\">\n";
+ echo "<input type=\"hidden\" name=\"action\" value=\"change_save\">\n";
+ echo "<input type=\"submit\" value=\"Abschicken...\">\n";
+ echo "</form>";
+
+ echo "<form action=\"./news.php?action=delete\" method=\"POST\">\n";
+ echo "<input type=\"hidden\" name=\"date\" value=\"". $_GET["date"]. "\">\n";
+ echo "<input type=\"submit\" value=\"l&ouml;schen...\">\n";
+ echo "</form>";
+ }
+ else
+ echo "FEHLER: Eintrag \"". $_GET["date"]. "\" nicht gefunden";
+ }
+ else
+ echo "Fehler: \"date\" nicht übergeben";
+ break;
+
+ case 'change_save':
+ if( isset($_GET["date"]) && isset($_GET["eBetreff"]) && isset($_GET["eText"]) )
+ $chsql="UPDATE News set Betreff = \"". $_GET["eBetreff"]. "\", Text = \"". $_GET["eText"].
+ "\", Treffen=". $_GET["eTreffen"]. " where (Datum = '". $_GET["date"]. "') limit 1";
+ else
+ echo "Fehler: nicht genügend parameter übergeben";
+ break;
+
+ case 'delete':
+ if (isset($_POST["date"]))
+ $chsql="DELETE from News where Datum = '". $_POST["date"]. "' limit 1";
+ else
+ echo "Fehler: \"date\" nicht übergeben";
+ break;
+ } //SWITCH
+
+ if (IsSet($chsql))
{
- echo "Ein Fehler ist aufgetreten... probiere es am besten nocheinmal... :)<br><br>\n";
- echo mysql_error($con);
- echo "<br><br>\n[$chsql]";
+ // SQL-Statement ausführen...
+ $Erg = mysql_query($chsql, $con);
+ If ($Erg == 1)
+ echo "&Auml;nderung erfolgreich gesichert...";
+ else
+ echo "Ein Fehler ist aufgetreten... probiere es am besten nocheinmal... :)<br><br>\n".
+ mysql_error($con). "<br><br>\n[$chsql]";
+ SetHeaderGo2Back();
}
- SetHeaderGo2Back();
-}
+}// IF-ELSE
-}
include ("./inc/footer.php");
?>