From b91450e558455d704cd0d09504b503be9eacd590 Mon Sep 17 00:00:00 2001
From: cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8>
Date: Thu, 30 Nov 2006 10:49:24 +0000
Subject: newsverwaltung erweitert, add edit bouten und parameter check

git-svn-id: svn://svn.cccv.de/engel-system@187 29ba0400-6e00-0410-a75a-ca02368028f8
---
 www-ssl/admin/news.php                 | 163 ++++++++++++++++++---------------
 www-ssl/nonpublic/engelbesprechung.php |  19 +++-
 www-ssl/nonpublic/news_output.php      |  16 ++--
 3 files changed, 112 insertions(+), 86 deletions(-)

diff --git a/www-ssl/admin/news.php b/www-ssl/admin/news.php
index f37c9a08..137695b3 100755
--- a/www-ssl/admin/news.php
+++ b/www-ssl/admin/news.php
@@ -7,13 +7,13 @@ include ("./inc/funktion_db_list.php");
 include ("./inc/funktion_user.php");
 
 
-if (!IsSet($_GET["action"])) {
-
-$SQL = "SELECT * from News order by Datum DESC";
-$Erg = mysql_query($SQL, $con);
+if (!IsSet($_GET["action"]))
+{
+	$SQL = "SELECT * from News order by Datum DESC";
+	$Erg = mysql_query($SQL, $con);
 
-$rowcount = mysql_num_rows($Erg);
-?>
+	$rowcount = mysql_num_rows($Erg);
+	?>
 Hallo <?PHP echo $_SESSION['Nick'] ?>, <br>
 hier kannst du die News s&auml;bern... falls jemand auf die Idee kommt, 
 hier herumzuspamen oder aus Versehen falsche Informationen zu hinterlegen :)<br><br>
@@ -29,82 +29,95 @@ hier herumzuspamen oder aus Versehen falsche Informationen zu hinterlegen :)<br>
 	</tr>
 <?PHP			  
 
-for ($i=0; $i < $rowcount; $i++) {
-	echo "\t<tr class=\"content\">\n";
-	echo "\t <td>".mysql_result($Erg, $i, "Datum")."</td>";
-	echo "\t <td>".mysql_result($Erg, $i, "Betreff")."</td>";
-	echo "\t <td>".mysql_result($Erg, $i, "Text")."</td>";
-	echo "\t <td>".UID2Nick(mysql_result($Erg, $i, "UID"))."</td>";
-	echo "\t <td>".mysql_result($Erg, $i, "Treffen")."</td>";
-	echo "\t <td><a href=\"./news.php?action=change&date=".mysql_result($Erg, $i, "Datum")."\">XXX</a></td>";
-	echo "\t</tr>\n";
-}
-echo "</table>";
-
-
-} else {
-
-switch ($_GET["action"]) 
-{
-
-case 'change':
-	$SQL = "SELECT * from News where (Datum='". $_GET["date"]. "')";
-	$Erg = mysql_query($SQL, $con);
-
-	echo "<form action=\"./news.php\" method=\"GET\">\n";
-
-	echo "<table>\n";
-	echo "  <tr><td>Datum</td><td><input type=\"text\" size=\"40\" name=\"date\" value=\"".
-		mysql_result($Erg, 0, "Datum")."\" disabled></td></tr>\n";
-	echo "  <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"".
-		mysql_result($Erg, 0, "Betreff")."\"></td></tr>\n";
-	echo "  <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">".
-		mysql_result($Erg, 0, "Text")."</textarea></td></tr>\n";
-	echo "  <tr><td>Engel</td><td><input type=\"text\" size=\"40\" name=\"eUser\" value=\"".
-		UID2Nick(mysql_result($Erg, 0, "UID"))."\" disabled></td></tr>\n";
-	echo "  <tr><td>Treffen</td><td><input type=\"text\" size=\"40\" name=\"eTreffen\" value=\"".
-		mysql_result($Erg, 0, "Treffen")."\"></td></tr>\n";
+	for ($i=0; $i < $rowcount; $i++) 
+	{
+		echo "\t<tr class=\"content\">\n";
+		echo "\t <td>".mysql_result($Erg, $i, "Datum")."</td>";
+		echo "\t <td>".mysql_result($Erg, $i, "Betreff")."</td>";
+		echo "\t <td>".mysql_result($Erg, $i, "Text")."</td>";
+		echo "\t <td>".UID2Nick(mysql_result($Erg, $i, "UID"))."</td>";
+		echo "\t <td>".mysql_result($Erg, $i, "Treffen")."</td>";
+		echo "\t <td><a href=\"./news.php?action=change&date=".mysql_result($Erg, $i, "Datum")."\">XXX</a></td>";
+		echo "\t</tr>\n";
+	}
 	echo "</table>";
+} 
+else 
+{
 
-        echo "<input type=\"hidden\" name=\"date\" value=\"". $_GET["date"]. "\">\n";
-	echo "<input type=\"hidden\" name=\"action\" value=\"change_save\">\n";
-	echo "<input type=\"submit\" value=\"Abschicken...\">\n";
-	echo "</form>";
-
-	echo "<form action=\"./news.php?action=delete\" method=\"POST\">\n";
-	echo "<input type=\"hidden\" name=\"date\" value=\"". $_GET["date"]. "\">\n";
-	echo "<input type=\"submit\" value=\"l&ouml;schen...\">\n";
-	echo "</form>";
-
-	break;
-
-case 'change_save':
-	$chsql="UPDATE News set Betreff = \"". $_GET["eBetreff"]. "\", Text = \"". $_GET["eText"]. 
-		"\", Treffen=". $_GET["eTreffen"]. " where (Datum = '". $_GET["date"]. "') limit 1";
-	break;
-
-case 'delete':
-        $chsql="DELETE from News where Datum = '". $_POST["date"]. "' limit 1";
-	break;
-}
+	unSet($chsql);
 
-if (IsSet($chsql)) {
-// SQL-Statement ausführen...
-	$Erg = mysql_query($chsql, $con);
-	If ($Erg == 1)
+	switch ($_GET["action"]) 
 	{
-		echo "&Auml;nderung erfolgreich gesichert...";
-	} 
-	else 
+	case 'change':
+		if (isset($_GET["date"]))
+		{
+			$SQL = "SELECT * from News where (Datum='". $_GET["date"]. "')";
+			$Erg = mysql_query($SQL, $con);
+
+			if( mysql_num_rows( $Erg)==1)
+			{
+				echo "<form action=\"./news.php\" method=\"GET\">\n";
+
+				echo "<table>\n";
+				echo "  <tr><td>Datum</td><td><input type=\"text\" size=\"40\" name=\"date\" value=\"".
+					mysql_result($Erg, 0, "Datum")."\" disabled></td></tr>\n";
+				echo "  <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"".
+					mysql_result($Erg, 0, "Betreff")."\"></td></tr>\n";
+				echo "  <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">".
+					mysql_result($Erg, 0, "Text")."</textarea></td></tr>\n";
+				echo "  <tr><td>Engel</td><td><input type=\"text\" size=\"40\" name=\"eUser\" value=\"".
+					UID2Nick(mysql_result($Erg, 0, "UID"))."\" disabled></td></tr>\n";
+				echo "  <tr><td>Treffen</td><td><input type=\"text\" size=\"40\" name=\"eTreffen\" value=\"".
+					mysql_result($Erg, 0, "Treffen")."\"></td></tr>\n";
+				echo "</table>";
+
+			        echo "<input type=\"hidden\" name=\"date\" value=\"". $_GET["date"]. "\">\n";
+				echo "<input type=\"hidden\" name=\"action\" value=\"change_save\">\n";
+				echo "<input type=\"submit\" value=\"Abschicken...\">\n";
+				echo "</form>";
+
+				echo "<form action=\"./news.php?action=delete\" method=\"POST\">\n";
+				echo "<input type=\"hidden\" name=\"date\" value=\"". $_GET["date"]. "\">\n";
+				echo "<input type=\"submit\" value=\"l&ouml;schen...\">\n";
+				echo "</form>";
+			}
+			else
+				echo "FEHLER: Eintrag \"". $_GET["date"]. "\" nicht gefunden";
+		}
+		else
+			echo "Fehler: \"date\" nicht übergeben";
+		break;
+
+	case 'change_save':
+		if( isset($_GET["date"]) && isset($_GET["eBetreff"]) && isset($_GET["eText"]) )
+			$chsql="UPDATE News set Betreff = \"". $_GET["eBetreff"]. "\", Text = \"". $_GET["eText"]. 
+				"\", Treffen=". $_GET["eTreffen"]. " where (Datum = '". $_GET["date"]. "') limit 1";
+		else
+			echo "Fehler: nicht genügend parameter übergeben";
+		break;
+
+	case 'delete':
+		if (isset($_POST["date"]))
+		        $chsql="DELETE from News where Datum = '". $_POST["date"]. "' limit 1";
+		else
+			echo "Fehler: \"date\" nicht übergeben";
+		break;
+	} //SWITCH
+
+	if (IsSet($chsql)) 
 	{
-		echo "Ein Fehler ist aufgetreten... probiere es am besten nocheinmal... :)<br><br>\n";
-		echo mysql_error($con);
-		echo "<br><br>\n[$chsql]";
+		// SQL-Statement ausführen...
+		$Erg = mysql_query($chsql, $con);
+		If ($Erg == 1)
+			echo "&Auml;nderung erfolgreich gesichert...";
+		else 
+			echo "Ein Fehler ist aufgetreten... probiere es am besten nocheinmal... :)<br><br>\n".
+				mysql_error($con). "<br><br>\n[$chsql]";
+		SetHeaderGo2Back();
 	}
-	SetHeaderGo2Back();
-}
+}// IF-ELSE
 
-}
 include ("./inc/footer.php");
 ?>
 
diff --git a/www-ssl/nonpublic/engelbesprechung.php b/www-ssl/nonpublic/engelbesprechung.php
index 436a5271..84bd92b5 100755
--- a/www-ssl/nonpublic/engelbesprechung.php
+++ b/www-ssl/nonpublic/engelbesprechung.php
@@ -15,12 +15,21 @@ $Erg = mysql_query($SQL, $con);
 // anzahl zeilen
 $Zeilen  = mysql_num_rows($Erg);
 
-for ($n = 0 ; $n < $Zeilen ; $n++) {
-  if (mysql_result($Erg, $n, "Treffen")=="1") {
-    echo "<p class='question'><u>".mysql_result($Erg, $n, "Betreff")."</u><br>".
-    	 "&nbsp; &nbsp;<font size=1>".mysql_result($Erg, $n, "Datum").", ";
+for ($n = 0 ; $n < $Zeilen ; $n++) 
+{
+  if (mysql_result($Erg, $n, "Treffen")=="1") 
+  {
+    echo "<p class='question'><u>".mysql_result($Erg, $n, "Betreff")."</u>";
+   
+    // Schow Admin Page
+    if( $_SESSION['CVS'][ "admin/news.php" ] == "Y" )
+	echo " <a href=\"./../admin/news.php?action=change&date=". mysql_result($Erg, $n, "Datum"). "\">[edit]</a>";
+
+    echo "<br>&nbsp; &nbsp;<font size=1>".mysql_result($Erg, $n, "Datum").", ";
     echo UID2Nick(mysql_result($Erg, $n, "UID"))."</font></p>\n";
-    echo "<p class='answetion'>".nl2br(mysql_result($Erg, $n, "Text"))."</p>\n";
+
+		
+   echo "<p class='answetion'>".nl2br(mysql_result($Erg, $n, "Text"))."</p>\n";
   }
 }
 	    
diff --git a/www-ssl/nonpublic/news_output.php b/www-ssl/nonpublic/news_output.php
index 1e4a349d..6c6fb8ff 100755
--- a/www-ssl/nonpublic/news_output.php
+++ b/www-ssl/nonpublic/news_output.php
@@ -27,17 +27,21 @@ $Erg = mysql_query($SQL, $con);
 // anzahl zeilen
 $news_rows  = mysql_num_rows($Erg);
 
-for ($n = 0 ; $n < $news_rows ; $n++) {
+for ($n = 0 ; $n < $news_rows ; $n++) 
+{
 
-  if (mysql_result($Erg, $n, "Treffen") == 0) {
+  if (mysql_result($Erg, $n, "Treffen") == 0) 
   	echo "<p class='question'>";
-  } else {	
+  else 
 	echo "<p class='engeltreffen'>";
-  }
-  echo "<u>".mysql_result($Erg, $n, "Betreff")."</u><br>\n";
+  
+  echo "<u>".mysql_result($Erg, $n, "Betreff")."</u>\n";
 
+  // Schow Admin Page
+  if( $_SESSION['CVS'][ "admin/news.php" ] == "Y" )
+	echo " <a href=\"./../admin/news.php?action=change&date=". mysql_result($Erg, $n, "Datum"). "\">[edit]</a><br>\n\t\t";
 
-  echo "&nbsp; &nbsp;<font size=1>".mysql_result($Erg, $n, "Datum").", ";
+  echo "<br>&nbsp; &nbsp;<font size=1>".mysql_result($Erg, $n, "Datum").", ";
   echo UID2Nick(mysql_result($Erg, $n, "UID"))."</font>";
   // avatar anzeigen?
   echo DisplayAvatar (mysql_result($Erg, $n, "UID"));
-- 
cgit v1.2.3-54-g00ecf