From a3be0289286c43d8656052217457d9162261ba90 Mon Sep 17 00:00:00 2001 From: Philip Häusler Date: Thu, 2 Jun 2011 00:48:29 +0200 Subject: rewrite --- includes/sys_page.php | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 includes/sys_page.php (limited to 'includes/sys_page.php') diff --git a/includes/sys_page.php b/includes/sys_page.php new file mode 100644 index 00000000..ab8b05e2 --- /dev/null +++ b/includes/sys_page.php @@ -0,0 +1,9 @@ +' . $msg . '

'; +} + +function success($msg) { + return '

' . $msg . '

'; +} +?> \ No newline at end of file -- cgit v1.2.3-54-g00ecf From cb1736d180ce91cb8b66acfe6cf7cede3a04d097 Mon Sep 17 00:00:00 2001 From: Daniel Friesel Date: Thu, 2 Jun 2011 23:41:50 +0200 Subject: include/pages/admin_angel_types: Cleanup; add strip_request_item function --- includes/pages/admin_angel_types.php | 162 ++++++----------------------------- includes/sys_page.php | 11 ++- 2 files changed, 36 insertions(+), 137 deletions(-) (limited to 'includes/sys_page.php') diff --git a/includes/pages/admin_angel_types.php b/includes/pages/admin_angel_types.php index ba2e5325..c5283899 100644 --- a/includes/pages/admin_angel_types.php +++ b/includes/pages/admin_angel_types.php @@ -1,22 +1,36 @@ ' . $angel_type['Name'] . '' . $angel_type['Man'] . 'Edit'; + $table .= sprintf( + '%s%s' + . 'Edit', + $angel_type['Name'], $angel_type['Man'], + page_link_to("admin_angel_types"), + $angel_type['TID'] + ); $html .= template_render('../templates/admin_angel_types.html', array ( 'link' => page_link_to("admin_angel_types"), 'table' => $table )); + } else { + switch ($_REQUEST['action']) { + case 'create' : - $name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['name'])); - $man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['man'])); + $name = strip_request_item("name"); + $man = strip_request_item("man"); + sql_query("INSERT INTO `AngelTypes` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "'"); + header("Location: " . page_link_to("admin_angel_types")); break; @@ -30,11 +44,12 @@ function admin_angel_types() { if (count($angel_type) > 0) { list ($angel_type) = $angel_type; - $html .= template_render('../templates/admin_angel_types_edit_form.html', array ( - 'link' => page_link_to("admin_angel_types"), - 'id' => $id, - 'name' => $angel_type['Name'], - 'man' => $angel_type['Man'] + $html .= template_render( + '../templates/admin_angel_types_edit_form.html', array ( + 'link' => page_link_to("admin_angel_types"), + 'id' => $id, + 'name' => $angel_type['Name'], + 'man' => $angel_type['Man'] )); } else return error("No Angel Type found."); @@ -50,8 +65,9 @@ function admin_angel_types() { if (count($angel_type) > 0) { list ($angel_type) = $angel_type; - $name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['name'])); - $man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['man'])); + $name = strip_request_item("name"); + $man = strip_request_item("man"); + sql_query("UPDATE `AngelTypes` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "' WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); header("Location: " . page_link_to("admin_angel_types")); } else @@ -76,131 +92,5 @@ function admin_angel_types() { } return $html; - $Sql = "SELECT * FROM `EngelType` ORDER BY `NAME`"; - $Erg = mysql_query($Sql, $con); - - if (!IsSet ($_GET["action"])) { - echo "Hallo " . $_SESSION['Nick'] . - ",
\nhier hast du die Möglichkeit, neue Engeltypen für die Schichtpläne einzutragen " . - "oder vorhandene abzuändern:

\n"; - - echo "- Neuen EngelType eintragen
\n"; - - echo "\n"; - echo "\n"; - - for ($i = 1; $i < mysql_num_fields($Erg); $i++) { - echo "\t"; - } - echo "\t"; - echo ""; - - for ($t = 0; $t < mysql_num_rows($Erg); $t++) { - echo "\t\n"; - for ($j = 1; $j < mysql_num_fields($Erg); $j++) { - echo "\t\t\n"; - } - echo "\t\t\n"; - echo "\t\n"; - } // ende Auflistung Raeume - echo "
" . mysql_field_name($Erg, $i) . "Ändern
" . mysql_result($Erg, $t, $j) . "###
"; - } else { - - switch ($_GET["action"]) { - - case 'new' : - echo "Neuen EngelType einrichten:
"; - echo "
\n"; - echo "\n"; - - for ($Uj = 1; $Uj < mysql_num_fields($Erg); $Uj++) { - echo "" . - "\n"; - } - echo "
" . mysql_field_name($Erg, $Uj) . "
\n"; - echo "\n"; - echo "\n"; - echo "
"; - break; - - case 'newsave' : - $vars = $_GET; - $count = count($vars) - 1; - $vars = array_splice($vars, 0, $count); - $Keys = ""; - $Values = ""; - foreach ($vars as $key => $value) { - $Keys .= ", `$key`"; - $Values .= ", '$value'"; - } - - if (runSQL_log("INSERT INTO `EngelType` (" . substr($Keys, 2) . ") VALUES (" . substr($Values, 2) . ")", "save new EngelType")) { - SetHeaderGo2Back(); - - $SQL2 = "SELECT * FROM `EngelType` WHERE `Name`='" . $_GET["Name"] . "'"; - $ERG = mysql_query($SQL2, $con); - - if (mysql_num_rows($ERG) == 1) - runSQL_log("ALTER TABLE `Room` ADD `DEFAULT_EID_" . mysql_result($ERG, 0, 0) . - "` INT DEFAULT '0' NOT NULL;", "add new EngelType in Romm Table"); - } - break; - - case 'change' : - if (!IsSet ($_GET["TID"])) - echo "Fehlerhafter Aufruf!"; - else { - echo "Raum abändern:\n"; - echo "Hier kannst du eintragen, den EngelType ändern."; - echo "
\n"; - echo "\n"; - - $SQL2 = "SELECT * FROM `EngelType` WHERE `TID`='" . $_GET["TID"] . "'"; - $ERG = mysql_query($SQL2, $con); - - for ($Uj = 1; $Uj < mysql_num_fields($ERG); $Uj++) - echo "" . - "\n"; - - echo "
" . mysql_field_name($ERG, $Uj) . "
\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "
"; - echo "
\n"; - echo "\n"; - echo "\n"; - echo ""; - echo "
"; - } - break; - - case 'changesave' : - $vars = $_GET; - $count = count($vars) - 2; - $vars = array_splice($vars, 0, $count); - $keys = ""; - $sql = ""; - foreach ($vars as $key => $value) { - $keys = substr($key, 1); - $sql .= ", `" . $keys . "`='" . $value . "'"; - } - runSQL_log("UPDATE `EngelType` SET " . substr($sql, 2) . " WHERE `TID`='" . $_GET["eTID"] . "'", "Save Change EngelType"); - SetHeaderGo2Back(); - break; - - case 'delete' : - if (IsSet ($_GET["TID"])) { - if (runSQL_log("DELETE FROM `EngelType` WHERE `TID`='" . $_GET["TID"] . "'", "delete EngelType")) - runSQL_log("ALTER TABLE `Room` DROP `DEFAULT_EID_" . $_GET["TID"] . "`;", "delete EngelType in Room Table"); - } else - echo "Fehlerhafter Aufruf"; - SetHeaderGo2Back(); - break; - } - } - - include ("includes/footer.php"); } ?> diff --git a/includes/sys_page.php b/includes/sys_page.php index ab8b05e2..2af5f729 100644 --- a/includes/sys_page.php +++ b/includes/sys_page.php @@ -1,4 +1,13 @@ ' . $msg . '

'; } @@ -6,4 +15,4 @@ function error($msg) { function success($msg) { return '

' . $msg . '

'; } -?> \ No newline at end of file +?> -- cgit v1.2.3-54-g00ecf From 5113776a42d0bc7ff8ed2db8619045d3ffb164a9 Mon Sep 17 00:00:00 2001 From: Daniel Friesel Date: Fri, 3 Jun 2011 11:09:25 +0200 Subject: include/pages/admin_faq cleanup --- includes/pages/admin_faq.php | 46 +++++++++++++++++++++++++++++++------------- includes/sys_page.php | 8 ++++++++ 2 files changed, 41 insertions(+), 13 deletions(-) (limited to 'includes/sys_page.php') diff --git a/includes/pages/admin_faq.php b/includes/pages/admin_faq.php index 5b9a338f..b8ba1a64 100644 --- a/includes/pages/admin_faq.php +++ b/includes/pages/admin_faq.php @@ -4,8 +4,14 @@ function admin_faq() { $faqs_html = ""; $faqs = sql_select("SELECT * FROM `FAQ`"); foreach ($faqs as $faq) { - $faqs_html .= '
' . $faq['Frage_de'] . '
' . $faq['Antwort_de'] . '
' . $faq['Frage_en'] . '
' . $faq['Antwort_en'] . '
'; - $faqs_html .= 'Edit'; + $faqs_html .= sprintf( + '
%s
%s
' + . '
%s
%s
' + . 'Edit', + $faq['Frage_de'], $faq['Antwort_de'], + $faq['Frage_en'], $faq['Antwort_en'], + page_link_to('admin_faq'), $faq['FID'] + ); } return template_render('../templates/admin_faq.html', array ( 'link' => page_link_to("admin_faq"), @@ -14,11 +20,18 @@ function admin_faq() { } else { switch ($_REQUEST['action']) { case 'create' : - $frage = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['frage'])); - $antwort = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['antwort'])); - $question = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question'])); - $answer = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer'])); - sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "'"); + $frage = strip_request_item_nl('frage'); + $antwort = strip_request_item_nl('antwort'); + $question = strip_request_item_nl('question'); + $answer = strip_request_item_nl('answer'); + + sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage) + . "', `Frage_en`='" . sql_escape($question) + . "', `Antwort_de`='" . sql_escape($antwort) + . "', `Antwort_en`='" . sql_escape($answer) + . "'" + ); + header("Location: " . page_link_to("admin_faq")); break; @@ -32,11 +45,18 @@ function admin_faq() { if (count($faq) > 0) { list ($faq) = $faq; - $frage = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['frage'])); - $antwort = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['antwort'])); - $question = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question'])); - $answer = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer'])); - sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); + $frage = strip_request_item_nl('frage'); + $antwort = strip_request_item_nl('antwort'); + $question = strip_request_item_nl('question'); + $answer = strip_request_item_nl('answer'); + + sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage) + . "', `Frage_en`='" . sql_escape($question) + . "', `Antwort_de`='" . sql_escape($antwort) + . "', `Antwort_en`='" . sql_escape($answer) + . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1" + ); + header("Location: " . page_link_to("admin_faq")); } else return error("No FAQ found."); @@ -82,4 +102,4 @@ function admin_faq() { } } } -?> \ No newline at end of file +?> diff --git a/includes/sys_page.php b/includes/sys_page.php index 2af5f729..e499cd57 100644 --- a/includes/sys_page.php +++ b/includes/sys_page.php @@ -8,6 +8,14 @@ function strip_request_item($name) { ); } +function strip_request_item_nl($name) { + return preg_replace( + "/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", + '', + strip_tags($_REQUEST[$name]) + ); +} + function error($msg) { return '

' . $msg . '

'; } -- cgit v1.2.3-54-g00ecf