0) { list ($news) = $news; $user_source = User($news['UID']); if($user_source === false) engelsystem_error("Unable to load user."); $html .= '« Back'; $html .= "
\n"; $html .= "\n"; $html .= " \n"; $html .= " \n"; $html .= " \n"; $html .= " \n"; $html .= " \n"; $html .= "
Datum" . date("Y-m-d H:i", $news['Datum']) . "
Betreff
Text
Engel" . User_Nick_render($user_source) . "
Treffen" . html_select_key('eTreffen', 'eTreffen', array ( '1' => "Ja", '0' => "Nein" ), $news['Treffen']) . "
"; $html .= "\n"; $html .= "\n"; $html .= "
"; $html .= "
\n"; $html .= "\n"; $html .= "\n"; $html .= "
"; } else return error("No News found.", true); break; case 'save' : if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id']; else return error("Incomplete call, missing News ID.", true); $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); if (count($news) > 0) { list ($news) = $news; sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) . "', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1"); engelsystem_log("News updated: " . $_POST["eBetreff"]); redirect(page_link_to("news")); } else return error("No News found.", true); break; case 'delete' : if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id']; else return error("Incomplete call, missing News ID.", true); $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); if (count($news) > 0) { list ($news) = $news; sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); engelsystem_log("News deleted: " . $news['Betreff']); redirect(page_link_to("news")); } else return error("No News found.", true); break; } } return $html; } ?>