From b91450e558455d704cd0d09504b503be9eacd590 Mon Sep 17 00:00:00 2001
From: cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8>
Date: Thu, 30 Nov 2006 10:49:24 +0000
Subject: newsverwaltung erweitert, add edit bouten und parameter check

git-svn-id: svn://svn.cccv.de/engel-system@187 29ba0400-6e00-0410-a75a-ca02368028f8
---
 www-ssl/admin/news.php | 163 ++++++++++++++++++++++++++-----------------------
 1 file changed, 88 insertions(+), 75 deletions(-)

(limited to 'www-ssl/admin')
diff --git a/www-ssl/admin/news.php b/www-ssl/admin/news.php
index f37c9a08..137695b3 100755
--- a/www-ssl/admin/news.php
+++ b/www-ssl/admin/news.php
@@ -7,13 +7,13 @@ include ("./inc/funktion_db_list.php");
 include ("./inc/funktion_user.php");
 
 
-if (!IsSet($_GET["action"])) {
-
-$SQL = "SELECT * from News order by Datum DESC";
-$Erg = mysql_query($SQL, $con);
+if (!IsSet($_GET["action"]))
+{
+	$SQL = "SELECT * from News order by Datum DESC";
+	$Erg = mysql_query($SQL, $con);
 
-$rowcount = mysql_num_rows($Erg);
-?>
+	$rowcount = mysql_num_rows($Erg);
+	?>
 Hallo <?PHP echo $_SESSION['Nick'] ?>, <br>
 hier kannst du die News s&auml;bern... falls jemand auf die Idee kommt, 
 hier herumzuspamen oder aus Versehen falsche Informationen zu hinterlegen :)<br><br>
@@ -29,82 +29,95 @@ hier herumzuspamen oder aus Versehen falsche Informationen zu hinterlegen :)<br>
 	</tr>
 <?PHP			  
 
-for ($i=0; $i < $rowcount; $i++) {
-	echo "\t<tr class=\"content\">\n";
-	echo "\t <td>".mysql_result($Erg, $i, "Datum")."</td>";
-	echo "\t <td>".mysql_result($Erg, $i, "Betreff")."</td>";
-	echo "\t <td>".mysql_result($Erg, $i, "Text")."</td>";
-	echo "\t <td>".UID2Nick(mysql_result($Erg, $i, "UID"))."</td>";
-	echo "\t <td>".mysql_result($Erg, $i, "Treffen")."</td>";
-	echo "\t <td><a href=\"./news.php?action=change&date=".mysql_result($Erg, $i, "Datum")."\">XXX</a></td>";
-	echo "\t</tr>\n";
-}
-echo "</table>";
-
-
-} else {
-
-switch ($_GET["action"]) 
-{
-
-case 'change':
-	$SQL = "SELECT * from News where (Datum='". $_GET["date"]. "')";
-	$Erg = mysql_query($SQL, $con);
-
-	echo "<form action=\"./news.php\" method=\"GET\">\n";
-
-	echo "<table>\n";
-	echo "  <tr><td>Datum</td><td><input type=\"text\" size=\"40\" name=\"date\" value=\"".
-		mysql_result($Erg, 0, "Datum")."\" disabled></td></tr>\n";
-	echo "  <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"".
-		mysql_result($Erg, 0, "Betreff")."\"></td></tr>\n";
-	echo "  <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">".
-		mysql_result($Erg, 0, "Text")."</textarea></td></tr>\n";
-	echo "  <tr><td>Engel</td><td><input type=\"text\" size=\"40\" name=\"eUser\" value=\"".
-		UID2Nick(mysql_result($Erg, 0, "UID"))."\" disabled></td></tr>\n";
-	echo "  <tr><td>Treffen</td><td><input type=\"text\" size=\"40\" name=\"eTreffen\" value=\"".
-		mysql_result($Erg, 0, "Treffen")."\"></td></tr>\n";
+	for ($i=0; $i < $rowcount; $i++) 
+	{
+		echo "\t<tr class=\"content\">\n";
+		echo "\t <td>".mysql_result($Erg, $i, "Datum")."</td>";
+		echo "\t <td>".mysql_result($Erg, $i, "Betreff")."</td>";
+		echo "\t <td>".mysql_result($Erg, $i, "Text")."</td>";
+		echo "\t <td>".UID2Nick(mysql_result($Erg, $i, "UID"))."</td>";
+		echo "\t <td>".mysql_result($Erg, $i, "Treffen")."</td>";
+		echo "\t <td><a href=\"./news.php?action=change&date=".mysql_result($Erg, $i, "Datum")."\">XXX</a></td>";
+		echo "\t</tr>\n";
+	}
 	echo "</table>";
+} 
+else 
+{
 
-        echo "<input type=\"hidden\" name=\"date\" value=\"". $_GET["date"]. "\">\n";
-	echo "<input type=\"hidden\" name=\"action\" value=\"change_save\">\n";
-	echo "<input type=\"submit\" value=\"Abschicken...\">\n";
-	echo "</form>";
-
-	echo "<form action=\"./news.php?action=delete\" method=\"POST\">\n";
-	echo "<input type=\"hidden\" name=\"date\" value=\"". $_GET["date"]. "\">\n";
-	echo "<input type=\"submit\" value=\"l&ouml;schen...\">\n";
-	echo "</form>";
-
-	break;
-
-case 'change_save':
-	$chsql="UPDATE News set Betreff = \"". $_GET["eBetreff"]. "\", Text = \"". $_GET["eText"]. 
-		"\", Treffen=". $_GET["eTreffen"]. " where (Datum = '". $_GET["date"]. "') limit 1";
-	break;
-
-case 'delete':
-        $chsql="DELETE from News where Datum = '". $_POST["date"]. "' limit 1";
-	break;
-}
+	unSet($chsql);
 
-if (IsSet($chsql)) {
-// SQL-Statement ausführen...
-	$Erg = mysql_query($chsql, $con);
-	If ($Erg == 1)
+	switch ($_GET["action"]) 
 	{
-		echo "&Auml;nderung erfolgreich gesichert...";
-	} 
-	else 
+	case 'change':
+		if (isset($_GET["date"]))
+		{
+			$SQL = "SELECT * from News where (Datum='". $_GET["date"]. "')";
+			$Erg = mysql_query($SQL, $con);
+
+			if( mysql_num_rows( $Erg)==1)
+			{
+				echo "<form action=\"./news.php\" method=\"GET\">\n";
+
+				echo "<table>\n";
+				echo "  <tr><td>Datum</td><td><input type=\"text\" size=\"40\" name=\"date\" value=\"".
+					mysql_result($Erg, 0, "Datum")."\" disabled></td></tr>\n";
+				echo "  <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"".
+					mysql_result($Erg, 0, "Betreff")."\"></td></tr>\n";
+				echo "  <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">".
+					mysql_result($Erg, 0, "Text")."</textarea></td></tr>\n";
+				echo "  <tr><td>Engel</td><td><input type=\"text\" size=\"40\" name=\"eUser\" value=\"".
+					UID2Nick(mysql_result($Erg, 0, "UID"))."\" disabled></td></tr>\n";
+				echo "  <tr><td>Treffen</td><td><input type=\"text\" size=\"40\" name=\"eTreffen\" value=\"".
+					mysql_result($Erg, 0, "Treffen")."\"></td></tr>\n";
+				echo "</table>";
+
+			        echo "<input type=\"hidden\" name=\"date\" value=\"". $_GET["date"]. "\">\n";
+				echo "<input type=\"hidden\" name=\"action\" value=\"change_save\">\n";
+				echo "<input type=\"submit\" value=\"Abschicken...\">\n";
+				echo "</form>";
+
+				echo "<form action=\"./news.php?action=delete\" method=\"POST\">\n";
+				echo "<input type=\"hidden\" name=\"date\" value=\"". $_GET["date"]. "\">\n";
+				echo "<input type=\"submit\" value=\"l&ouml;schen...\">\n";
+				echo "</form>";
+			}
+			else
+				echo "FEHLER: Eintrag \"". $_GET["date"]. "\" nicht gefunden";
+		}
+		else
+			echo "Fehler: \"date\" nicht übergeben";
+		break;
+
+	case 'change_save':
+		if( isset($_GET["date"]) && isset($_GET["eBetreff"]) && isset($_GET["eText"]) )
+			$chsql="UPDATE News set Betreff = \"". $_GET["eBetreff"]. "\", Text = \"". $_GET["eText"]. 
+				"\", Treffen=". $_GET["eTreffen"]. " where (Datum = '". $_GET["date"]. "') limit 1";
+		else
+			echo "Fehler: nicht genügend parameter übergeben";
+		break;
+
+	case 'delete':
+		if (isset($_POST["date"]))
+		        $chsql="DELETE from News where Datum = '". $_POST["date"]. "' limit 1";
+		else
+			echo "Fehler: \"date\" nicht übergeben";
+		break;
+	} //SWITCH
+
+	if (IsSet($chsql)) 
 	{
-		echo "Ein Fehler ist aufgetreten... probiere es am besten nocheinmal... :)<br><br>\n";
-		echo mysql_error($con);
-		echo "<br><br>\n[$chsql]";
+		// SQL-Statement ausführen...
+		$Erg = mysql_query($chsql, $con);
+		If ($Erg == 1)
+			echo "&Auml;nderung erfolgreich gesichert...";
+		else 
+			echo "Ein Fehler ist aufgetreten... probiere es am besten nocheinmal... :)<br><br>\n".
+				mysql_error($con). "<br><br>\n[$chsql]";
+		SetHeaderGo2Back();
 	}
-	SetHeaderGo2Back();
-}
+}// IF-ELSE
 
-}
 include ("./inc/footer.php");
 ?>
 
-- 
cgit v1.2.3-54-g00ecf


Datum
Betreff
Text	". - mysql_result($Erg, 0, "Text")."
Engel
Treffen
".mysql_result($Erg, $i, "Datum")."	".mysql_result($Erg, $i, "Betreff")."	".mysql_result($Erg, $i, "Text")."	".UID2Nick(mysql_result($Erg, $i, "UID"))."	".mysql_result($Erg, $i, "Treffen")."	XXX