From a3be0289286c43d8656052217457d9162261ba90 Mon Sep 17 00:00:00 2001 From: Philip Häusler Date: Thu, 2 Jun 2011 00:48:29 +0200 Subject: rewrite --- includes/pages/guest_faq.php | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 includes/pages/guest_faq.php (limited to 'includes/pages/guest_faq.php') diff --git a/includes/pages/guest_faq.php b/includes/pages/guest_faq.php new file mode 100644 index 00000000..6b5eeeeb --- /dev/null +++ b/includes/pages/guest_faq.php @@ -0,0 +1,21 @@ +', $faq['Frage']); + list ($antwort_de, $antwort_en) = explode('
', $faq['Antwort']); + $html .= "

" . $frage_de . ": " . $antwort_de . "
" . $frage_en . ": " . $antwort_en . "

"; + } + return $html; +} +?> -- cgit v1.2.3-54-g00ecf From 06497b3a5387f30ea140562cc71e371b2ec1e131 Mon Sep 17 00:00:00 2001 From: Philip Häusler Date: Thu, 2 Jun 2011 01:18:08 +0200 Subject: cleanup --- includes/footer.php | 18 ---- includes/funktion_activeUser.php | 34 ------- includes/funktion_faq.php | 10 -- includes/funktion_flag.php | 9 -- includes/header_start.php | 40 -------- includes/login_eingabefeld.php | 17 ---- includes/pages/guest_faq.php | 9 ++ includes/secure.php | 25 ----- includes/sys_auth.php | 8 ++ www-ssl/css/style.css.old | 53 ---------- www-ssl/css/style.css.old2 | 69 ------------- www-ssl/css/style1.css.old | 79 --------------- www-ssl/faq.php | 31 ------ www-ssl/logout.php | 15 --- www-ssl/makeuser.php | 214 --------------------------------------- 15 files changed, 17 insertions(+), 614 deletions(-) delete mode 100644 includes/footer.php delete mode 100644 includes/funktion_activeUser.php delete mode 100644 includes/funktion_faq.php delete mode 100644 includes/funktion_flag.php delete mode 100644 includes/header_start.php delete mode 100644 includes/login_eingabefeld.php delete mode 100644 includes/secure.php delete mode 100644 www-ssl/css/style.css.old delete mode 100644 www-ssl/css/style.css.old2 delete mode 100644 www-ssl/css/style1.css.old delete mode 100644 www-ssl/faq.php delete mode 100644 www-ssl/logout.php delete mode 100644 www-ssl/makeuser.php (limited to 'includes/pages/guest_faq.php') diff --git a/includes/footer.php b/includes/footer.php deleted file mode 100644 index fdf00581..00000000 --- a/includes/footer.php +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - - - - - diff --git a/includes/funktion_activeUser.php b/includes/funktion_activeUser.php deleted file mode 100644 index 631ec2d1..00000000 --- a/includes/funktion_activeUser.php +++ /dev/null @@ -1,34 +0,0 @@ -Engel online"; - -$SQL = "SELECT UID, Nick, lastLogIn " . -"FROM User " . -"WHERE (`lastLogIn` > '" . (time() - 60 * 60) . "' AND NOT (UID=" . $_SESSION['UID'] . ")) " . -"ORDER BY lastLogIn DESC;"; - -$Erg = mysql_query($SQL, $con); - -echo "

"; - - if ($_SESSION['UID'] > 0) - echo DisplayAvatar(mysql_result($Erg, $i, "UID")); - - // Show Admin Page - echo funktion_isLinkAllowed_addLink_OrLinkText("admin/userChangeNormal.php?enterUID=" . mysql_result($Erg, $i, "UID") . "&Type=Normal", mysql_result($Erg, $i, "Nick")); - - $timestamp = mktime($hour, $minute, $second, $month, $day, $year); - - $Tlog = time() - mysql_result($Erg, $i, "lastLogIn"); - - echo " " . date("i:s", $Tlog); - echo "

"; -?> diff --git a/includes/funktion_faq.php b/includes/funktion_faq.php deleted file mode 100644 index e9f09e7c..00000000 --- a/includes/funktion_faq.php +++ /dev/null @@ -1,10 +0,0 @@ - diff --git a/includes/funktion_flag.php b/includes/funktion_flag.php deleted file mode 100644 index 6b4e2f06..00000000 --- a/includes/funktion_flag.php +++ /dev/null @@ -1,9 +0,0 @@ - 0) - $URL = $_SERVER["REQUEST_URI"] . "&SetLanguage="; -else - $URL = $_SERVER["REQUEST_URI"] . "?SetLanguage="; - -echo '

'; -echo '

'; -?> diff --git a/includes/header_start.php b/includes/header_start.php deleted file mode 100644 index 4795cee3..00000000 --- a/includes/header_start.php +++ /dev/null @@ -1,40 +0,0 @@ - 0)) { - echo "" . $SystemDisableMessage . ""; - echo "" . $SystemDisableMessage . "\n"; - die(); -} - -if (!isset ($_SESSION)) - session_start(); - -include "secure.php"; - -if (!isset ($_SESSION['IP'])) - $_SESSION['IP'] = $_SERVER['REMOTE_ADDR']; - -if (isset ($_SESSION['UID']) && ($_SESSION['IP'] <> $_SERVER['REMOTE_ADDR'])) { - session_destroy(); - header("Location: " . $url . $ENGEL_ROOT); -} - -include "UserCVS.php"; - -// update LASTlogin -if (isset ($_SESSION['UID'])) { - $SQLlastLogIn = "UPDATE `User` SET " . - "`lastLogIn` = '" . time() . "'" . - " WHERE `UID` = '" . $_SESSION['UID'] . "' LIMIT 1;"; - mysql_query($SQLlastLogIn, $con); -} -?> diff --git a/includes/login_eingabefeld.php b/includes/login_eingabefeld.php deleted file mode 100644 index 9e10271d..00000000 --- a/includes/login_eingabefeld.php +++ /dev/null @@ -1,17 +0,0 @@ - - - diff --git a/includes/pages/guest_faq.php b/includes/pages/guest_faq.php index 6b5eeeeb..48e75d16 100644 --- a/includes/pages/guest_faq.php +++ b/includes/pages/guest_faq.php @@ -18,4 +18,13 @@ function guest_faq() { } return $html; } + +function noAnswer() { + global $con; + + $SQL = "SELECT UID FROM Questions WHERE `AID`='0'"; + $Res = mysql_query($SQL, $con); + + return mysql_num_rows($Res); +} ?> diff --git a/includes/secure.php b/includes/secure.php deleted file mode 100644 index 1d1a9e46..00000000 --- a/includes/secure.php +++ /dev/null @@ -1,25 +0,0 @@ -\n"; - - foreach ($_GET as $k => $v) { - $v = htmlentities($v, ENT_QUOTES); - preg_replace('/([\'"`\'])/', '', $v); - $_GET[$k] = $v; - - if($debug) - echo "GET $k=\"$v\"
"; - } - - foreach ($_POST as $k => $v) { - $v = htmlentities($v, ENT_QUOTES); - preg_replace('/([\'"`\'])/', '', $v); - $_POST[$k] = $v; - - if($debug) - echo "POST $k=\"$v\"
"; - } - - if($debug) - echo "secure.php END
\n"; -?> diff --git a/includes/sys_auth.php b/includes/sys_auth.php index 1c15122e..68e336b0 100644 --- a/includes/sys_auth.php +++ b/includes/sys_auth.php @@ -5,6 +5,14 @@ function load_auth() { global $user; + if (!isset ($_SESSION['IP'])) + $_SESSION['IP'] = $_SERVER['REMOTE_ADDR']; + + if ($_SESSION['IP'] != $_SERVER['REMOTE_ADDR']) { + session_destroy(); + header("Location: " . link_to_page($start)); + } + $user = null; if (isset ($_SESSION['uid'])) { $user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_SESSION['uid']) . " LIMIT 1"); diff --git a/www-ssl/css/style.css.old b/www-ssl/css/style.css.old deleted file mode 100644 index 254fb1b7..00000000 --- a/www-ssl/css/style.css.old +++ /dev/null @@ -1,53 +0,0 @@ -H1 { - font-family : Helvetica,Arial,Verdana; - font-size : 25pt; -} -H4 { - font-family : Arial,Verdana; -} -A { - font-family : Arial; - font-size : small; - text-decoration : none; - color : #0000a0; -} -A:Visited { - font-family : Arial; - font-size : small; - color : #0000a0; - text-decoration : none; -} - A:Active { - text-decoration : none; - font-family : Arial; - font-size : small; -} -A:Hover { - font-family : Arial; - font-size : small; - color : #0000a0; - text-decoration : underline; - font-weight : bold; -} -B { - font-weight : bold; - font-family : Arial; - font-size : small; -} - -TD { - font-size : small; - font-family : Arial; - padding-left : 1cm; -} - -BODY { - font-size : small; - font-family : Arial; - background-color : #f3b115; - color : navy; -} -a.title { - color:#ffa000; -} - diff --git a/www-ssl/css/style.css.old2 b/www-ssl/css/style.css.old2 deleted file mode 100644 index 9f7c0c90..00000000 --- a/www-ssl/css/style.css.old2 +++ /dev/null @@ -1,69 +0,0 @@ -H1 { - font-family : Helvetica,Arial,Verdana; - font-size : 25pt; -} - -H4 { - font-family : Arial,Verdana; -} - -A { - font-family : Arial; - font-size : small; - text-decoration : none; - color : #778899; -} - -A:Visited { - font-family : Arial; - font-size : small; - color : #778899; - text-decoration : none; -} - -A:Active { - text-decoration : none; - font-family : Arial; - font-size : small; -} - -A:Hover { - font-family : Arial; - font-size : small; - color : #778899; - text-decoration : underline; - font-weight : bold; -} - -B { - font-weight : bold; - font-family : Arial; - font-size : small; -} - -TD { - font-size : small; - font-family : Arial; -} - -BODY { - font-size : small; - font-family : Arial; - background-color : #f3b115; - color : navy; -} - - -a.title { -color:#ffa000; -} - - -p.question { - font-weight: bold; -} - -p.answer { - margin-left: 30px; - margin-right: 30px; -} diff --git a/www-ssl/css/style1.css.old b/www-ssl/css/style1.css.old deleted file mode 100644 index 4a597f35..00000000 --- a/www-ssl/css/style1.css.old +++ /dev/null @@ -1,79 +0,0 @@ - -body { - font-family: Arial; - background-color: #3e9fef; - color: #000000; - font-size: small -} - -a { - text-decoration: none; - color: #304930 -} - -td { - font-size: small -} - -a:active, a:hover { - font-weight: bold -} - -li { - font-size: small -} - -.content { - background-color: #bdd9ef; - color: #000000 -} - -.contenttopic { - font-weight: bold; - font-size: small; - color: #fe961e; - background-color: #157cc1 -} - -.border { - background-color: #050509 -} - -.menu { - background-color: #bdd9ef; - color: #000022; - font-size: small -} -h4.menu { - font-weight: bold; - font-size: small; - color: #3e9fef -} - -.linkbox { - background-color: #ffffff -} - -.linkboxtitle { - font-weight: bold; - background-color: #000000; - color: #bdd9ef -} - -.question { - font-weight: bold; - font-size: 9pt -} - -.engeltreffen { - font-weight: bold; - font-size: 9pt; - color: #ff0000; -} - -.answer { - font-size: 9pt; -} -.comment { - font-size : 6pt; -} diff --git a/www-ssl/faq.php b/www-ssl/faq.php deleted file mode 100644 index 8a7b3ede..00000000 --- a/www-ssl/faq.php +++ /dev/null @@ -1,31 +0,0 @@ -', mysql_result($Erg, $n, "Frage")); - list ($antwort_de, $antwort_en) = split('
', mysql_result($Erg, $n, "Antwort")); - echo "

" . $frage_de . ": " . $antwort_de . "
" . $frage_en . ": " . $antwort_en . "

"; - } -} - -include "includes/footer.php"; -?> diff --git a/www-ssl/logout.php b/www-ssl/logout.php deleted file mode 100644 index 12b284f9..00000000 --- a/www-ssl/logout.php +++ /dev/null @@ -1,15 +0,0 @@ - diff --git a/www-ssl/makeuser.php b/www-ssl/makeuser.php deleted file mode 100644 index a67f4bd5..00000000 --- a/www-ssl/makeuser.php +++ /dev/null @@ -1,214 +0,0 @@ - 0) $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick3"); - elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false) $error = Get_Text("makeuser_error_mail"); - elseif (!is_numeric($_POST["Alter"])) $error = Get_Text("makeuser_error_Alter"); - elseif ($_POST["Passwort"] != $_POST["Passwort2"]) $error = Get_Text("makeuser_error_password1"); - elseif (strlen($_POST["Passwort"]) < 6) $error = Get_Text("makeuser_error_password2"); - else { - $_POST["Passwort"] = PassCrypt($_POST["Passwort"]); - unset ($_POST["Passwort2"]); - - $SQL = "INSERT INTO `User` (" . - "`Nick` , " . "`Name` , " . - "`Vorname`, " . "`Alter` , " . - "`Telefon`, " . "`DECT`, " . - "`Handy`, " . "`email`, " . - "`ICQ`, " . "`jabber`, " . - "`Size`, " . "`Passwort`, " . - "`Art` , " . "`kommentar`, " . - "`Hometown`," . "`CreateDate` ) " . - "VALUES ( " . - "'" . $_POST["Nick"] . "', " . "'" . $_POST["Name"] . "', " . - "'" . $_POST["Vorname"] . "', " . "'" . $_POST["Alter"] . "', " . - "'" . $_POST["Telefon"] . "', " . "'" . $_POST["DECT"] . "', " . - "'" . $_POST["Handy"] . "', " . "'" . $_POST["email"] . "', " . - "'" . $_POST["ICQ"] . "', " . "'" . $_POST["jabber"] . "', " . - "'" . $_POST["Size"] . "', " . "'" . $_POST["Passwort"] . "', " . - "'" . $_POST["Art"] . "', " . "'" . $_POST["kommentar"] . "', " . - "'" . $_POST["Hometown"] . "'," . "NOW());"; - $Erg = mysql_query($SQL, $con); - - if ($Erg != 1) { - echo Get_Text("makeuser_error_write1") . "
\n"; - $error = mysql_error($con); - } else { - echo "

" . Get_Text("makeuser_writeOK") . "\n"; - - $SQL2 = "SELECT `UID` FROM `User` WHERE `Nick`='" . $_POST["Nick"] . "';"; - $Erg2 = mysql_query($SQL2, $con); - $Data = mysql_fetch_array($Erg2); - - $SQL3 = "INSERT INTO `UserCVS` (`UID`) VALUES ('" . $Data["UID"] . "');"; - $Erg3 = mysql_query($SQL3, $con); - - if ($Erg3 != 1) { - echo "

" . Get_Text("makeuser_error_write2") . "
\n"; - $error = mysql_error($con); - } else { - echo Get_Text("makeuser_writeOK2") . "
\n"; - echo "

" . Get_Text("makeuser_writeOK3") . "

\n"; - } - - echo Get_Text("makeuser_writeOK4") . "

\n

\n"; - $success = "any"; - - if (isset ($SubscribeMailinglist)) { - if ($_POST["subscribe-mailinglist"] == "") { - $headers = "From: " . $_POST["email"] . "\r\n" . - "X-Mailer: PHP/" . phpversion(); - mail($SubscribeMailinglist, "subject", "message", $headers); - } - } - } - } - - if (isset ($error)) - echo "

\n" . $error . "\n

\n\n"; -} else { - // init vars - $_POST["Nick"] = ""; - $_POST["Name"] = ""; - $_POST["Vorname"] = ""; - $_POST["Alter"] = ""; - $_POST["Telefon"] = ""; - $_POST["DECT"] = ""; - $_POST["Handy"] = ""; - $_POST["email"] = ""; - $_POST["subscribe-mailinglist"] = ""; - $_POST["ICQ"] = ""; - $_POST["jabber"] = ""; - $_POST["Size"] = "L"; - $_POST["Art"] = ""; - $_POST["kommentar"] = ""; - $_POST["Hometown"] = ""; -} - -if ($success == "none") { - echo "

" . Get_Text("makeuser_text0") . "

\n"; - echo "

" . Get_Text("makeuser_text1") . "

\n"; - echo "

\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - - if (isset ($SubscribeMailinglist)) - echo "\n"; - - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "

" . Get_Text("makeuser_Nickname") . "*
" . Get_Text("makeuser_Nachname") . "
" . Get_Text("makeuser_Vorname") . "
" . Get_Text("makeuser_Alter") . "
" . Get_Text("makeuser_Telefon") . "
" . Get_Text("makeuser_DECT") . "		\n"; - echo "
" . Get_Text("makeuser_Handy") . "
" . Get_Text("makeuser_E-Mail") . "*
" . Get_Text("makeuser_subscribe-mailinglist") . "	($SubscribeMailinglist)
ICQ
jabber
" . Get_Text("makeuser_T-Shirt") . " Grösse*	\n"; - echo "\n"; - echo "
" . Get_Text("makeuser_Engelart") . "	\n"; - echo "\n"; - echo "
" . Get_Text("makeuser_text2") . "	" . $_POST["kommentar"] . "
" . Get_Text("makeuser_Hometown") . "
" . Get_Text("makeuser_Passwort") . "*
" . Get_Text("makeuser_Passwort2") . "*

\n"; - echo "

\n"; - Print_Text("makeuser_text3"); -} - -include "includes/footer.php"; -?> -- cgit v1.2.3-54-g00ecf From 626b9a81f303a07fab5be1302496d8823d1fede4 Mon Sep 17 00:00:00 2001 From: Philip Häusler Date: Fri, 3 Jun 2011 01:03:39 +0200 Subject: admin faq --- DB/db_rewrite.sql | 65 +++++---- includes/pages/admin_faq.php | 85 ++++++++++++ includes/pages/guest_faq.php | 32 ++--- includes/sys_menu.php | 3 +- templates/admin_faq.html | 56 ++++++++ templates/admin_faq_edit_form.html | 41 ++++++ txt/TODO | 1 + www-ssl/admin/faq.1.php | 6 - www-ssl/admin/faq.php | 271 ------------------------------------- www-ssl/css/base.css | 5 + www-ssl/index.php | 4 + www-ssl/nonpublic/faq.php | 73 ---------- 12 files changed, 240 insertions(+), 402 deletions(-) create mode 100644 includes/pages/admin_faq.php create mode 100644 templates/admin_faq.html create mode 100644 templates/admin_faq_edit_form.html delete mode 100644 www-ssl/admin/faq.1.php delete mode 100644 www-ssl/admin/faq.php delete mode 100644 www-ssl/nonpublic/faq.php (limited to 'includes/pages/guest_faq.php') diff --git a/DB/db_rewrite.sql b/DB/db_rewrite.sql index 5d6b4e2c..fa31c6f8 100644 --- a/DB/db_rewrite.sql +++ b/DB/db_rewrite.sql @@ -3,7 +3,7 @@ -- http://www.phpmyadmin.net -- -- Host: localhost --- Erstellungszeit: 02. Juni 2011 um 22:21 +-- Erstellungszeit: 02. Juni 2011 um 23:02 -- Server Version: 5.1.44 -- PHP-Version: 5.3.1 @@ -75,16 +75,17 @@ INSERT INTO `Counter` (`URL`, `Anz`) VALUES ('login', 24), ('logout', 13), ('start', 25), -('faq', 6), +('faq', 16), ('credits', 3), ('register', 3), ('admin_rooms', 70), ('admin_angel_types', 69), ('user_settings', 116), -('user_messages', 108), -('admin_groups', 99), -('user_questions', 53), -('admin_questions', 41); +('user_messages', 111), +('admin_groups', 104), +('user_questions', 54), +('admin_questions', 41), +('admin_faq', 53); -- -------------------------------------------------------- @@ -94,27 +95,29 @@ INSERT INTO `Counter` (`URL`, `Anz`) VALUES CREATE TABLE IF NOT EXISTS `FAQ` ( `FID` bigint(20) NOT NULL AUTO_INCREMENT, - `Frage` text NOT NULL, - `Antwort` text NOT NULL, + `Frage_de` text NOT NULL, + `Antwort_de` text NOT NULL, + `Frage_en` text NOT NULL, + `Antwort_en` text NOT NULL, PRIMARY KEY (`FID`) -) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=24 ; +) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=26 ; -- -- Daten für Tabelle `FAQ` -- -INSERT INTO `FAQ` (`FID`, `Frage`, `Antwort`) VALUES -(1, 'Komme ich als Engel billiger/kostenlos auf den Congress?
\r\nDo I get in cheaper / for free to the congress as an angel ?', 'Nein, jeder Engel muss normal Eintritt bezahlen.
\r\nNo, every angel has to pay full price.'), -(2, 'Was bekomme ich für meine Mitarbeit?
\r\nWhat can i expect in return for my help? \r\n', 'Jeder Engel der arbeitet bekommt ein kostenloses T-Shirt nach der Veranstalltung
\r\nEvery working angel gets a free shirt after the event. '), -(3, 'Wie lange muss ich als Engel arbeiten?
\r\nHow long do I have to work as an angel ?', 'Diese Frage ist schwer zu beantworten. Es hängt z.B. davon ab, was man macht (z.B. Workshop-Engel) und wieviele Engel wir zusammen bekommen.
\r\nThis is difficult to answer. It depends on what you decide to do (e.g. workshop angel) and how many people will attend. '), -(6, 'Ich bin erst XX Jahre alt. Kann ich überhaupt helfen?
\r\nI''m only XX years old. Can I help anyway?', 'Wir können jede helfende Hand gebrauchen. Wenn du alt genug bist, um zum Congress zu kommen, bist du auch alt genug zu helfen.
\r\nWe need every help we can get. If your old enough to come to the congress, your old enough to help.'), -(8, 'Wer sind eigentlich die Erzengel?
\r\nWho are the Arch-Angels?\r\n', 'Erzengel sind dieses Jahr: BugBlue, TabascoEye, Jeedi, Daizy, volty
\r\nThe ArchAngels for this year are: BugBlue, TabascoEye, Jeedi, Daizy, volty\r\n'), -(9, 'Gibt es dieses Jahr wieder einen IRC-Channel für Engel?
\r\nWill there be an IRC-channel for angels again?', 'Ja, im IRC-Net existiert #chaos-angel. Einfach mal reinschaun!
\r\nYes, in the IRC-net there''s #chaos-angel. Just have a look!'), -(10, 'Wie gehe ich mit den Besuchern um?
\r\nHow do I treat visitors?', 'Man soll gegenüber den Besuchern immer höflich und freundlich sein, auch wenn diese gestresst sind. Wenn man das Gefühl hat, dass man mit der Situation nicht mehr klarkommt, sollte man sich jemanden zur Unterstützung holen, bevor man selbst auch gestresst wird :-)
\r\nYou should always be polite and friendly, especially if they are stressed. When you feel you can''t handle it on your own, get someone to help you out before you get so stressed yourself that you get impolite.'), -(11, 'Wann sind die Engelbesprechungen?
\r\nWhen are the angels briefings?', 'Das wird vor Ort noch festgelegt und steht im Himmelnewssystem.
\r\nThe information on the Angel Briefings will be in the news section of this system.'), -(12, 'Was muss ich noch bedenken?
\r\nAnything else I should know?', 'Man sollte nicht total übermüdet oder ausgehungert, wenn n man einen Einsatz hat. Eine gewisse Fitness ist hilfreich.
\r\nYou should not be exhausted or starving when you arrive for a shift. A reasonable amount of fitness for work would be very helpful.'), -(13, 'Ich habe eine Frage, auf die ich in der FAQ keine Antwort gefunden habe. Wohin soll ich mich wenden?
\r\nI have a guestion not answered here. Who can I ask?', 'Bei weitere Fragen kannst du die Anfragen an die Erzengel Formular benutzen.
\r\nIf you have further questions, you can use the Questions for the ArchAngels form.'), -(20, 'Wer muss alles Eintritt zahlen?
\r\nWho has to pay the full entrance price?', 'Jeder. Zumindest, solange er/sie älter als 12 Jahre ist...
\r\nEveryone who is at older than 12 years old.'); +INSERT INTO `FAQ` (`FID`, `Frage_de`, `Antwort_de`, `Frage_en`, `Antwort_en`) VALUES +(1, 'Komme ich als Engel billiger/kostenlos auf den Congress?', 'Nein, jeder Engel muss normal Eintritt bezahlen.', 'Do I get in cheaper / for free to the congress as an angel ?', 'No, every angel has to pay full price.'), +(2, 'Was bekomme ich für meine Mitarbeit?', 'Jeder Engel der arbeitet bekommt ein kostenloses T-Shirt nach der Veranstalltung', 'What can i expect in return for my help?', 'Every working angel gets a free shirt after the event.'), +(3, 'Wie lange muss ich als Engel arbeiten?', 'Diese Frage ist schwer zu beantworten. Es hängt z.B. davon ab, was man macht (z.B. Workshop-Engel) und wieviele Engel wir zusammen bekommen.', 'How long do I have to work as an angel ?', 'This is difficult to answer. It depends on what you decide to do (e.g. workshop angel) and how many people will attend.'), +(6, 'Ich bin erst XX Jahre alt. Kann ich überhaupt helfen?', 'Wir können jede helfende Hand gebrauchen. Wenn du alt genug bist, um zum Congress zu kommen, bist du auch alt genug zu helfen.', 'I''m only XX years old. Can I help anyway?', 'We need every help we can get. If your old enough to come to the congress, your old enough to help.'), +(8, 'Wer sind eigentlich die Erzengel?', 'Erzengel sind dieses Jahr: BugBlue, TabascoEye, Jeedi, Daizy, volty', 'Who are the Arch-Angels?', 'The ArchAngels for this year are: BugBlue, TabascoEye, Jeedi, Daizy, volty'), +(9, 'Gibt es dieses Jahr wieder einen IRC-Channel für Engel?', 'Ja, im IRC-Net existiert #chaos-angel. Einfach mal reinschaun!', 'Will there be an IRC-channel for angels again?', 'Yes, in the IRC-net there''s #chaos-angel. Just have a look!'), +(10, 'Wie gehe ich mit den Besuchern um?', 'Man soll gegenüber den Besuchern immer höflich und freundlich sein, auch wenn diese gestresst sind. Wenn man das Gefühl hat, dass man mit der Situation nicht mehr klarkommt, sollte man sich jemanden zur Unterstützung holen, bevor man selbst auch gestresst wird :-)', 'How do I treat visitors?', 'You should always be polite and friendly, especially if they are stressed. When you feel you can''t handle it on your own, get someone to help you out before you get so stressed yourself that you get impolite.'), +(11, 'Wann sind die Engelbesprechungen?', 'Das wird vor Ort noch festgelegt und steht im Himmelnewssystem.', 'When are the angels briefings?', 'The information on the Angel Briefings will be in the news section of this system.'), +(12, 'Was muss ich noch bedenken?', 'Man sollte nicht total übermüdet oder ausgehungert, wenn n man einen Einsatz hat. Eine gewisse Fitness ist hilfreich.', 'Anything else I should know?', 'You should not be exhausted or starving when you arrive for a shift. A reasonable amount of fitness for work would be very helpful.'), +(13, 'Ich habe eine Frage, auf die ich in der FAQ keine Antwort gefunden habe. Wohin soll ich mich wenden?', 'Bei weitere Fragen kannst du die Anfragen an die Erzengel Formular benutzen.', 'I have a guestion not answered here. Who can I ask?', 'If you have further questions, you can use the Questions for the ArchAngels form.'), +(20, 'Wer muss alles Eintritt zahlen?', 'Jeder. Zumindest, solange er/sie älter als 12 Jahre ist...', 'Who has to pay the full entrance price?', 'Everyone who is at older than 12 years old.'); -- -------------------------------------------------------- @@ -128,7 +131,7 @@ CREATE TABLE IF NOT EXISTS `GroupPrivileges` ( `privilege_id` int(11) NOT NULL, PRIMARY KEY (`id`), KEY `group_id` (`group_id`,`privilege_id`) -) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=36 ; +) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=40 ; -- -- Daten für Tabelle `GroupPrivileges` @@ -140,12 +143,13 @@ INSERT INTO `GroupPrivileges` (`id`, `group_id`, `privilege_id`) VALUES (31, -2, 11), (30, -2, 9), (23, -1, 2), -(34, -4, 12), -(33, -4, 7), +(36, -4, 7), +(37, -4, 13), (29, -2, 3), (28, -2, 4), (12, -5, 10), -(35, -4, 6); +(38, -4, 12), +(39, -4, 6); -- -------------------------------------------------------- @@ -256,7 +260,7 @@ CREATE TABLE IF NOT EXISTS `Privileges` ( `desc` varchar(1024) NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`) -) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=13 ; +) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=14 ; -- -- Daten für Tabelle `Privileges` @@ -274,7 +278,8 @@ INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES (9, 'user_messages', 'Writing and reading messages from user to user'), (10, 'admin_groups', 'Manage usergroups and their rights'), (11, 'user_questions', 'Let users ask questions'), -(12, 'admin_questions', 'Answer user''s questions'); +(12, 'admin_questions', 'Answer user''s questions'), +(13, 'admin_faq', 'Edit FAQs'); -- -------------------------------------------------------- @@ -1009,7 +1014,9 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('user_questions', 'DE', 'Erzengel fragen'), ('user_questions', 'EN', 'Ask arch angel'), ('admin_questions', 'DE', 'Fragen beantworten'), -('admin_questions', 'EN', 'Answer questions'); +('admin_questions', 'EN', 'Answer questions'), +('admin_faq', 'DE', 'FAQs bearbeiten'), +('admin_faq', 'EN', 'Edit FAQs'); -- -------------------------------------------------------- @@ -1052,7 +1059,7 @@ CREATE TABLE IF NOT EXISTS `User` ( -- INSERT INTO `User` (`UID`, `Nick`, `Name`, `Vorname`, `Alter`, `Telefon`, `DECT`, `Handy`, `email`, `ICQ`, `jabber`, `Size`, `Passwort`, `Gekommen`, `Aktiv`, `Tshirt`, `color`, `Sprache`, `Avatar`, `Menu`, `lastLogIn`, `CreateDate`, `Art`, `kommentar`, `Hometown`) VALUES -(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307053257, '0000-00-00 00:00:00', '', '', ''), +(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307055685, '0000-00-00 00:00:00', '', '', ''), (147, 'msquare', '', '', 23, '', '', '', 'msquare@notrademark.de', '', '', 'L', 'e10adc3949ba59abbe56e057f20f883e', 0, 0, 0, 6, 'EN', 0, 'L', 1307042703, '2011-06-02 00:55:09', '', '', ''); -- -------------------------------------------------------- diff --git a/includes/pages/admin_faq.php b/includes/pages/admin_faq.php new file mode 100644 index 00000000..5b9a338f --- /dev/null +++ b/includes/pages/admin_faq.php @@ -0,0 +1,85 @@ +

' . $faq['Frage_de'] . ': ' . $faq['Antwort_de'] . '

' . $faq['Frage_en'] . ': ' . $faq['Antwort_en'] . '

'; + $faqs_html .= 'Edit'; + } + return template_render('../templates/admin_faq.html', array ( + 'link' => page_link_to("admin_faq"), + 'faqs' => $faqs_html + )); + } else { + switch ($_REQUEST['action']) { + case 'create' : + $frage = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['frage'])); + $antwort = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['antwort'])); + $question = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question'])); + $answer = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer'])); + sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "'"); + header("Location: " . page_link_to("admin_faq")); + break; + + case 'save' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing FAQ ID."); + + $faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); + if (count($faq) > 0) { + list ($faq) = $faq; + + $frage = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['frage'])); + $antwort = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['antwort'])); + $question = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question'])); + $answer = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer'])); + sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("admin_faq")); + } else + return error("No FAQ found."); + break; + + case 'edit' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing FAQ ID."); + + $faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); + if (count($faq) > 0) { + list ($faq) = $faq; + + return template_render('../templates/admin_faq_edit_form.html', array ( + 'link' => page_link_to("admin_faq"), + 'id' => $id, + 'frage' => $faq['Frage_de'], + 'antwort' => $faq['Antwort_de'], + 'question' => $faq['Frage_en'], + 'answer' => $faq['Antwort_en'] + )); + } else + return error("No FAQ found."); + break; + + case 'delete' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing FAQ ID."); + + $faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); + if (count($faq) > 0) { + list ($faq) = $faq; + + sql_query("DELETE FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("admin_faq")); + } else + return error("No FAQ found."); + break; + } + } +} +?> \ No newline at end of file diff --git a/includes/pages/guest_faq.php b/includes/pages/guest_faq.php index 48e75d16..c4bcd0bb 100644 --- a/includes/pages/guest_faq.php +++ b/includes/pages/guest_faq.php @@ -2,29 +2,17 @@ function guest_faq() { $html = ""; $faqs = sql_select("SELECT * FROM `FAQ`"); - foreach ($faqs as $faq) - if ($faq['Antwort'] != "") { - list ($frage_de, $frage_en) = explode('
', $faq['Frage']); - list ($antwort_de, $antwort_en) = explode('
', $faq['Antwort']); - $html .= "

" . $frage_de . ": " . $antwort_de . "
" . $frage_en . ": " . $antwort_en . "

"; + foreach ($faqs as $faq) { + $html .= "

" . $faq['Frage_de'] . ": " . $faq['Antwort_de'] . "
" . $faq['Frage_en'] . ": " . $faq['Antwort_en'] . "

"; + } return $html; } - -function noAnswer() { - global $con; - - $SQL = "SELECT UID FROM Questions WHERE `AID`='0'"; - $Res = mysql_query($SQL, $con); - - return mysql_num_rows($Res); -} ?> diff --git a/includes/sys_menu.php b/includes/sys_menu.php index c3dfa041..ca34ee6c 100644 --- a/includes/sys_menu.php +++ b/includes/sys_menu.php @@ -32,7 +32,8 @@ function make_navigation() { "admin_questions", "admin_angel_types", "admin_rooms", - "admin_groups" + "admin_groups", + "admin_faq" )); return $menu; } diff --git a/templates/admin_faq.html b/templates/admin_faq.html new file mode 100644 index 00000000..5dacf522 --- /dev/null +++ b/templates/admin_faq.html @@ -0,0 +1,56 @@ + + + + + + + + + + %faqs% + +

+ Deutsch +	+ English +	+ +

Create new FAQ: + \ No newline at end of file diff --git a/templates/admin_faq_edit_form.html b/templates/admin_faq_edit_form.html new file mode 100644 index 00000000..1ef791aa --- /dev/null +++ b/templates/admin_faq_edit_form.html @@ -0,0 +1,41 @@ +Edit FAQ: +

+ \ No newline at end of file diff --git a/txt/TODO b/txt/TODO index 14188a6f..5609482b 100644 --- a/txt/TODO +++ b/txt/TODO @@ -7,6 +7,7 @@ * Privilegien korrigieren (an die vom CVS anpassen) * Beim Raum-Management die benötigten Engel anzeigen * Löschen nur mit Rückfrage + * FAQ ordentlich mehrsprachig machen * schichten ueber monatsgrenzen einbaue im moment werden die tage nur hochgezaehlt und die monatzgrenzen werden ignoriert diff --git a/www-ssl/admin/faq.1.php b/www-ssl/admin/faq.1.php deleted file mode 100644 index 04dda6aa..00000000 --- a/www-ssl/admin/faq.1.php +++ /dev/null @@ -1,6 +0,0 @@ - - -

Alle Anfragen

Offene Anfragen ()

FAQ-Liste editiern

- diff --git a/www-ssl/admin/faq.php b/www-ssl/admin/faq.php deleted file mode 100644 index 779d8822..00000000 --- a/www-ssl/admin/faq.php +++ /dev/null @@ -1,271 +0,0 @@ - - Alle Anfragen:
- - - - - - - - - - -\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - } else { - echo "Nein\n"; - echo "\n"; - echo "\n"; - } - echo ""; - echo "\n"; - } - echo "

Frage	Anfragender	Beantwortet?	Antwort	Antwort von	change
" . mysql_result($Erg, $n, "Question") . "	" . UID2Nick(mysql_result($Erg, $n, "UID")) . "	"; - if (mysql_result($Erg, $n, "AID") > 0) { - echo "Ja	" . mysql_result($Erg, $n, "Answer") . "	" . UID2Nick(mysql_result($Erg, $n, "AID")) . "			xxx

\n"; - break; - - case "open" : - $SQL = "SELECT * FROM `Questions` WHERE `AID`='0' ORDER BY `QID` DESC"; - $quest_bearb = 1; // Fragenliste anzeigen - echo "\t\tOffene Anfragen:
\n"; - break; - - case "edit" : - if (!IsSet ($_GET["QID"])) - echo "\t\tFehlerhafter Aufruf...
Bitte die Bearbeitung nochmals beginnen :)\n"; - else { - $SQL = "SELECT * FROM `Questions` WHERE `QID`='" . $_GET["QID"] . "'"; - $Erg = mysql_query($SQL, $con); - echo "\t\t\n"; - if (mysql_result($Erg, 0, "AID") <> "0") { - echo "\tDu kannst diese Anfrage so wie sie ist, als Engel-FAQ eintrag übernehmen.
\n"; - echo "Als FAQ-Eintrag sichern...\n"; - } - } // Abfrage der QID - break; - - case "save" : - if (!IsSet ($_GET["QID"])) - echo "\tFehlerhafter Aufruf... Bitte die Bearbeitung nochmal starten..."; - else { - $SQL = "UPDATE `Questions` SET `Question`='" . $_GET["Question"] . - "', `AID`='" . $_SESSION['UID'] . "' , `Answer`='" . $_GET["Answer"] . "' " . - "WHERE `QID`='" . $_GET["QID"] . "' LIMIT 1"; - $Erg = db_query($SQL, "save Question"); - if ($Erg == 1) { - echo "\tDer Eintrag wurde geändert
\n"; - SetHeaderGo2Back(); - } else - echo "\tEin Fehler ist aufgetreten. Sorry, du kannst es aber ja nochmal probieren :)\n"; - } - break; - - case "transfer" : - if (!IsSet ($_GET["QID"])) - echo "\tFehlerhafter Aufruf... Bitte die Bearbeitung nochmal starten...\n"; - else { - $SQL1 = "SELECT * FROM `Questions` WHERE `QID`='" . $_GET["QID"] . "'"; - $Erg = mysql_query($SQL1, $con); - $SQL2 = "INSERT INTO `FAQ` Values ('', '" . - mysql_result($Erg, 0, "Question") . "', '" . mysql_result($Erg, 0, "Answer") . "')"; - $Erg = db_query($SQL2, "trasfert to request to the FAQ"); - if ($Erg == 1) - echo "\tDer Eintrag wurde übertragen.
\n"; - else - echo "\tEin Fehler ist aufgetreten. Sorry, du kannst es aber ja nochmal probieren :)\n"; - } - - break; - - // *--------------------------------------------------------------------------- - // * FAQ - Bearbeitung - // *--------------------------------------------------------------------------- - // * je nach �bergabeoption ($quest) koennen FAQ's erfasst werden, - // * geaendert oder geloscht werden... - // *--------------------------------------------------------------------------- - case "faq" : - $quest_bearb = 0; // keine Fragenliste anzeigen, FAQ editieren... - echo "\tFAQ-Liste:
"; - echo "Neuen Eintrag"; - - $SQL = "SELECT * FROM `FAQ`"; - $Erg = mysql_query($SQL, $con); - - // anzahl zeilen - $Zeilen = mysql_num_rows($Erg); - - for ($n = 0; $n < $Zeilen; $n++) - if (mysql_result($Erg, $n, "Antwort") != "") { - echo "\t

" . mysql_result($Erg, $n, "Frage") . "

\n"; - echo "\t

" . mysql_result($Erg, $n, "Antwort") . "

\n"; - echo "\tBearbeiten\n
---
\n"; - } - break; - - case "faqedit" : - if (!IsSet ($_GET["FAQID"])) - echo "\tFehlerhafter Aufruf...
Bitte die Bearbeitung nochmals beginnen :)\n"; - else { - $SQL = "SELECT * FROM `FAQ` WHERE `FID`='" . $_GET["FAQID"] . "'"; - $Erg = mysql_query($SQL, $con); - - // anzahl zeilen - $Zeilen = mysql_num_rows($Erg); -?> - - -\n"; - else - echo "\tEin Fehler ist aufgetreten. Ist der Eintag bereits gelöscht gewesen?\n"; - } - break; - - case "faqsave"; - if (!IsSet ($_GET["FAQID"])) - echo "\tFehlerhafter Aufruf... Bitte die Bearbeitung nochmal starten...\n"; - else { - $SQL = "UPDATE `FAQ` SET `Frage`='" . $_GET["Frage"] . "', `Antwort`='" . $_GET["Antwort"] . - "' WHERE `FID`='" . $_GET["FAQID"] . "' LIMIT 1"; - $Erg = db_query($SQL, $con); - if ($Erg == 1) - echo "\tDer Eintrag wurde geändert
\n"; - else - echo "\tEin Fehler ist aufgetreten. Sorry, du kannst es aber ja nochmal probieren :)\n"; - } - break; - - case "faqnew" : -?> - -\n"; - else - echo "\tEin Fehler ist aufgetreten. Sorry, du kannst es aber ja nochmal probieren :)\n"; - break; - - } //switch ($_GET["quest"]) - - // Hilfsroutine f�r die Anfragen: - // Fragenliste anzeigen??? - if ($quest_bearb == 1) { - $Erg = mysql_query($SQL, $con); - // anzahl zeilen - $Zeilen = mysql_num_rows($Erg); - - if ($Zeilen == 0) - echo "\tkeine vorhanden...\n"; - else - for ($n = 0; $n < $Zeilen; $n++) { - echo "\t

" . nl2br(mysql_result($Erg, $n, "Question")) . "\n

\n"; - echo "\tBearbeiten\n"; - echo "
---
\n"; - } - - } - -} //if (IsSet($_GET["quest"])) -else { - echo "Bitte wähle aus, ob du:\n"; - echo "

Alle Anfragen anzeigen/bearbeiten möchtest
Alle offenen Anfragen anzeigen/bearbeiten möchtest (" . - noAnswer() . ")
Die FAQ's anzeigen/bearbeiten

\n"; -} - -include ("includes/footer.php"); -?> diff --git a/www-ssl/css/base.css b/www-ssl/css/base.css index bfe050a5..44e1959c 100644 --- a/www-ssl/css/base.css +++ b/www-ssl/css/base.css @@ -109,6 +109,11 @@ td, th { border: 1px solid #888; } +textarea { + height: 200px; + width: 300px; +} + .background { background: #f0f0f0; } diff --git a/www-ssl/index.php b/www-ssl/index.php index d722de32..8ad025aa 100644 --- a/www-ssl/index.php +++ b/www-ssl/index.php @@ -73,6 +73,10 @@ if (in_array($p, $privileges)) { elseif ($p == "admin_groups") { require_once ('includes/pages/admin_groups.php'); $content = admin_groups(); + } + elseif ($p == "admin_faq") { + require_once ('includes/pages/admin_faq.php'); + $content = admin_faq(); } else { require_once ('includes/pages/guest_start.php'); $content = guest_start(); diff --git a/www-ssl/nonpublic/faq.php b/www-ssl/nonpublic/faq.php deleted file mode 100644 index fcc17158..00000000 --- a/www-ssl/nonpublic/faq.php +++ /dev/null @@ -1,73 +0,0 @@ - -

- -" . Get_Text(37) . "

\n" . nl2br($_POST["frage"]) . "

\n" . Get_Text(38) . "
\n"; - - $SQL = "INSERT INTO `Questions` VALUES ('', '" . $_SESSION['UID'] . "', '" . $_POST["frage"] . "', '', '')"; - $Erg = mysql_query($SQL, $con); - -} -// Bisherige Anfragen: -echo "
\n" . Get_Text(39) . "
\n"; -echo "

\n"; -echo "
" . Get_Text(40) . "
\n"; - -$SQL = "SELECT * FROM `Questions` WHERE `UID` = " . $_SESSION['UID'] . " AND `AID`='0' ORDER BY 'QID' DESC"; -$Erg = mysql_query($SQL, $con); - -// anzahl zeilen -$Zeilen = mysql_num_rows($Erg); - -if ($Zeilen == 0) { - Print_Text(41); - -} else { - for ($n = 0; $n < $Zeilen; $n++) { - echo "

" . nl2br(mysql_result($Erg, $n, "Question")) . "
\n"; - // Es gibt ja noch keine Antwort: - // echo "

".nl2br(mysql_result($Erg, $n, "Answer"))."

\n"; - echo "\n
---
"; - } -} - -echo "

\n"; -echo "
" . Get_Text(42) . "
\n"; -$SQL = "SELECT * FROM `Questions` WHERE `UID`='" . $_SESSION['UID'] . "' and `AID`<>'0' ORDER BY 'QID' DESC"; -$Erg = mysql_query($SQL, $con); - -// anzahl zeilen -$Zeilen = mysql_num_rows($Erg); - -if ($Zeilen == 0) { - Print_Text(41); -} else { - for ($n = 0; $n < $Zeilen; $n++) { - echo "

" . nl2br(mysql_result($Erg, $n, "Question")) . "
\n"; - echo "

" . nl2br(mysql_result($Erg, $n, "Answer")) . - "@" . UID2Nick(mysql_result($Erg, $n, "AID")) . "\n"; - echo "\n
---
"; - } -} - -include ("includes/footer.php"); -?> -- cgit v1.2.3-54-g00ecf From 70de7e5a1dd96c47c48eb45498004d219bec1283 Mon Sep 17 00:00:00 2001 From: Daniel Friesel Date: Fri, 3 Jun 2011 11:34:54 +0200 Subject: guest_login: Cleanup, fix sql injection --- includes/pages/guest_faq.php | 14 ++++++++--- includes/pages/guest_login.php | 56 ++++++++++++++++++++++++++++++------------ 2 files changed, 50 insertions(+), 20 deletions(-) (limited to 'includes/pages/guest_faq.php') diff --git a/includes/pages/guest_faq.php b/includes/pages/guest_faq.php index c4bcd0bb..2799cbaf 100644 --- a/includes/pages/guest_faq.php +++ b/includes/pages/guest_faq.php @@ -5,11 +5,17 @@ function guest_faq() { foreach ($faqs as $faq) { $html .= "

" . $faq['Frage_de'] . ": " . $faq['Antwort_de'] . "
%s: %s
" . $faq['Frage_en'] . ": " . $faq['Antwort_en'] . "
%s: %s

"; } diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index bbf36b6d..db20a207 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -16,12 +16,25 @@ function guest_register() { $Ergans = sql_select("SELECT UID FROM `User` WHERE `Nick`='" . sql_escape($_POST["Nick"]) . "'"); if (strlen($_POST["Nick"]) < 2) - $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick2"); - elseif (count($Ergans) > 0) $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick3"); - elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false) $error = Get_Text("makeuser_error_mail"); - elseif (!is_numeric($_POST["Alter"])) $error = Get_Text("makeuser_error_Alter"); - elseif ($_POST["Passwort"] != $_POST["Passwort2"]) $error = Get_Text("makeuser_error_password1"); - elseif (strlen($_POST["Passwort"]) < 6) $error = Get_Text("makeuser_error_password2"); + $error = Get_Text("makeuser_error_nick1") + . $_POST["Nick"] . Get_Text("makeuser_error_nick2"); + + elseif (count($Ergans) > 0) + $error = Get_Text("makeuser_error_nick1") + . $_POST["Nick"] . Get_Text("makeuser_error_nick3"); + + elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false) + $error = Get_Text("makeuser_error_mail"); + + elseif (!is_numeric($_POST["Alter"])) + $error = Get_Text("makeuser_error_Alter"); + + elseif ($_POST["Passwort"] != $_POST["Passwort2"]) + $error = Get_Text("makeuser_error_password1"); + + elseif (strlen($_POST["Passwort"]) < 6) + $error = Get_Text("makeuser_error_password2"); + else { $_POST["Passwort"] = PassCrypt($_POST["Passwort"]); unset ($_POST["Passwort2"]); @@ -35,15 +48,26 @@ function guest_register() { "`Size`, " . "`Passwort`, " . "`Art` , " . "`kommentar`, " . "`Hometown`," . "`CreateDate`, `Sprache` ) " . - "VALUES ( " . - "'" . $_POST["Nick"] . "', " . "'" . $_POST["Name"] . "', " . - "'" . $_POST["Vorname"] . "', " . "'" . $_POST["Alter"] . "', " . - "'" . $_POST["Telefon"] . "', " . "'" . $_POST["DECT"] . "', " . - "'" . $_POST["Handy"] . "', " . "'" . $_POST["email"] . "', " . - "'" . $_POST["ICQ"] . "', " . "'" . $_POST["jabber"] . "', " . - "'" . $_POST["Size"] . "', " . "'" . $_POST["Passwort"] . "', " . - "'" . $_POST["Art"] . "', " . "'" . $_POST["kommentar"] . "', " . - "'" . $_POST["Hometown"] . "'," . "NOW(), '" . $_SESSION['Sprache'] . "')"); + "VALUES ( '" + . sql_escape($_POST["Nick"]) . "', " . "'" + . sql_escape($_POST["Name"]) . "', " . "'" + . sql_escape($_POST["Vorname"]) . "', " . "'" + . sql_escape($_POST["Alter"]) . "', " . "'" + . sql_escape($_POST["Telefon"]) . "', " . "'" + . sql_escape($_POST["DECT"]) . "', " . "'" + . sql_escape($_POST["Handy"]) . "', " . "'" + . sql_escape($_POST["email"]) . "', " . "'" + . sql_escape($_POST["ICQ"]) . "', " . "'" + . sql_escape($_POST["jabber"]) . "', " . "'" + . sql_escape($_POST["Size"]) . "', " . "'" + . sql_escape($_POST["Passwort"]) . "', " . "'" + . sql_escape($_POST["Art"]) . "', " . "'" + . sql_escape($_POST["kommentar"]) . "', " . "'" + . sql_escape($_POST["Hometown"]) . "'," + . "NOW(), '" + . sql_escape($_SESSION["Sprache"]) + . "')" + ); if ($Erg != 1) { $html .= Get_Text("makeuser_error_write1") . "
\n"; @@ -242,4 +266,4 @@ function guest_login_form() { 'send' => Get_Text("index_lang_send") )); } -?> \ No newline at end of file +?> -- cgit v1.2.3-54-g00ecf From f6ad58750d8597329526413a0bff3c0b85dfdd28 Mon Sep 17 00:00:00 2001 From: Philip Häusler Date: Fri, 3 Jun 2011 15:08:05 +0200 Subject: fixed faq --- includes/pages/guest_faq.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'includes/pages/guest_faq.php') diff --git a/includes/pages/guest_faq.php b/includes/pages/guest_faq.php index 2799cbaf..e639731b 100644 --- a/includes/pages/guest_faq.php +++ b/includes/pages/guest_faq.php @@ -7,14 +7,14 @@ function guest_faq() { if ($_SESSION['Sprache'] == "DE") { $html .= sprintf( '

', - $faq['frage_de'], - $faq['antwort_de'] + $faq['Frage_de'], + $faq['Antwort_de'] ); } else { $html .= sprintf( '

', - $faq['frage_en'], - $faq['antwort_en'] + $faq['Frage_en'], + $faq['Antwort_en'] ); } $html .= ""; -- cgit v1.2.3-54-g00ecf

+ Frage +	+ %frage% +
+ Antwort +	+ %antwort% +
+ Question +	+ %question% +
+ Answer +	+ %answer% +

" . Get_Text("makeuser_error_write2") . "\n"; - $error = mysql_error($con); - } else { - echo Get_Text("makeuser_writeOK2") . "\n"; - echo "

" . Get_Text("makeuser_writeOK3") . "

" . Get_Text("makeuser_text0") . "

" . Get_Text("makeuser_text1") . "

Anfragen und FAQ

" . Get_Text("makeuser_error_write2") . "
\n"; - $error = mysql_error($con); - } else { - echo Get_Text("makeuser_writeOK2") . "
\n"; - echo "