Merge branch 'spezial_includes_camp' of ssh://git.planetcyborg.de/home/git/projects/engelsystem into spezial_includes_camp

main
Philip Häusler 14 years ago
commit 28ac46aa4e

@ -4,8 +4,14 @@ function admin_faq() {
$faqs_html = ""; $faqs_html = "";
$faqs = sql_select("SELECT * FROM `FAQ`"); $faqs = sql_select("SELECT * FROM `FAQ`");
foreach ($faqs as $faq) { foreach ($faqs as $faq) {
$faqs_html .= '<tr><td><dl><dt>' . $faq['Frage_de'] . '</dt><dd>' . $faq['Antwort_de'] . '</dd></dl></td><td><dl><dt>' . $faq['Frage_en'] . '</dt><dd>' . $faq['Antwort_en'] . '</dd></dl></td>'; $faqs_html .= sprintf(
$faqs_html .= '<td><a href="' . page_link_to("admin_faq") . '&action=edit&id=' . $faq['FID'] . '">Edit</a></td></tr>'; '<tr><td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>'
. '<td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>'
. '<td><a href="%s&action=edit&id=%s">Edit</a></td></tr>',
$faq['Frage_de'], $faq['Antwort_de'],
$faq['Frage_en'], $faq['Antwort_en'],
page_link_to('admin_faq'), $faq['FID']
);
} }
return template_render('../templates/admin_faq.html', array ( return template_render('../templates/admin_faq.html', array (
'link' => page_link_to("admin_faq"), 'link' => page_link_to("admin_faq"),
@ -14,11 +20,18 @@ function admin_faq() {
} else { } else {
switch ($_REQUEST['action']) { switch ($_REQUEST['action']) {
case 'create' : case 'create' :
$frage = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['frage'])); $frage = strip_request_item_nl('frage');
$antwort = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['antwort'])); $antwort = strip_request_item_nl('antwort');
$question = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question'])); $question = strip_request_item_nl('question');
$answer = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer'])); $answer = strip_request_item_nl('answer');
sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "'");
sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage)
. "', `Frage_en`='" . sql_escape($question)
. "', `Antwort_de`='" . sql_escape($antwort)
. "', `Antwort_en`='" . sql_escape($answer)
. "'"
);
header("Location: " . page_link_to("admin_faq")); header("Location: " . page_link_to("admin_faq"));
break; break;
@ -32,11 +45,18 @@ function admin_faq() {
if (count($faq) > 0) { if (count($faq) > 0) {
list ($faq) = $faq; list ($faq) = $faq;
$frage = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['frage'])); $frage = strip_request_item_nl('frage');
$antwort = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['antwort'])); $antwort = strip_request_item_nl('antwort');
$question = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question'])); $question = strip_request_item_nl('question');
$answer = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer'])); $answer = strip_request_item_nl('answer');
sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage)
. "', `Frage_en`='" . sql_escape($question)
. "', `Antwort_de`='" . sql_escape($antwort)
. "', `Antwort_en`='" . sql_escape($answer)
. "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1"
);
header("Location: " . page_link_to("admin_faq")); header("Location: " . page_link_to("admin_faq"));
} else } else
return error("No FAQ found."); return error("No FAQ found.");
@ -82,4 +102,4 @@ function admin_faq() {
} }
} }
} }
?> ?>

@ -7,15 +7,23 @@ function admin_groups() {
if (!isset ($_REQUEST["action"])) { if (!isset ($_REQUEST["action"])) {
$groups_html = ""; $groups_html = "";
foreach ($groups as $group) { foreach ($groups as $group) {
$groups_html .= '<tr>'; $groups_html .= sprintf(
$groups_html .= '<td>' . $group['Name'] . '</td>'; '<tr><td>%s</td>',
$group['Name']
);
$privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID'])); $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
$privileges_html = array (); $privileges_html = array ();
foreach ($privileges as $priv) foreach ($privileges as $priv)
$privileges_html[] = $priv['name']; $privileges_html[] = $priv['name'];
$groups_html .= '<td>' . join(", ", $privileges_html) . '</td>';
$groups_html .= '<td><a href="' . page_link_to("admin_groups") . '&action=edit&id=' . $group['UID'] . '">Ändern</a></td>'; $groups_html .= sprintf(
$groups_html .= '</tr>'; '<td>%s</td>'
. '<td><a href="%s&action=edit&id=%s">Ändern</a></td>',
join(', ', $privileges_html),
page_link_to("admin_groups"),
$group['UID']
);
} }
return template_render('../templates/admin_groups.html', array ( return template_render('../templates/admin_groups.html', array (

@ -5,11 +5,17 @@ function guest_faq() {
foreach ($faqs as $faq) { foreach ($faqs as $faq) {
$html .= "<dl>"; $html .= "<dl>";
if ($_SESSION['Sprache'] == "DE") { if ($_SESSION['Sprache'] == "DE") {
$html .= "<dt>" . $faq['Frage_de'] . "</dt>"; $html .= sprintf(
$html .= "<dd>" . $faq['Antwort_de'] . "</dd>"; '<dt>%s</dt> <dd>%s</dd>',
$faq['frage_de'],
$faq['antwort_de']
);
} else { } else {
$html .= "<dt>" . $faq['Frage_en'] . "</dt>"; $html .= sprintf(
$html .= "<dd>" . $faq['Antwort_en'] . "</dd>"; '<dt>%s</dt> <dd>%s</dd>',
$faq['frage_en'],
$faq['antwort_en']
);
} }
$html .= "</dl>"; $html .= "</dl>";
} }

@ -16,12 +16,25 @@ function guest_register() {
$Ergans = sql_select("SELECT UID FROM `User` WHERE `Nick`='" . sql_escape($_POST["Nick"]) . "'"); $Ergans = sql_select("SELECT UID FROM `User` WHERE `Nick`='" . sql_escape($_POST["Nick"]) . "'");
if (strlen($_POST["Nick"]) < 2) if (strlen($_POST["Nick"]) < 2)
$error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick2"); $error = Get_Text("makeuser_error_nick1")
elseif (count($Ergans) > 0) $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick3"); . $_POST["Nick"] . Get_Text("makeuser_error_nick2");
elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false) $error = Get_Text("makeuser_error_mail");
elseif (!is_numeric($_POST["Alter"])) $error = Get_Text("makeuser_error_Alter"); elseif (count($Ergans) > 0)
elseif ($_POST["Passwort"] != $_POST["Passwort2"]) $error = Get_Text("makeuser_error_password1"); $error = Get_Text("makeuser_error_nick1")
elseif (strlen($_POST["Passwort"]) < 6) $error = Get_Text("makeuser_error_password2"); . $_POST["Nick"] . Get_Text("makeuser_error_nick3");
elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false)
$error = Get_Text("makeuser_error_mail");
elseif (!is_numeric($_POST["Alter"]))
$error = Get_Text("makeuser_error_Alter");
elseif ($_POST["Passwort"] != $_POST["Passwort2"])
$error = Get_Text("makeuser_error_password1");
elseif (strlen($_POST["Passwort"]) < 6)
$error = Get_Text("makeuser_error_password2");
else { else {
$_POST["Passwort"] = PassCrypt($_POST["Passwort"]); $_POST["Passwort"] = PassCrypt($_POST["Passwort"]);
unset ($_POST["Passwort2"]); unset ($_POST["Passwort2"]);
@ -35,15 +48,26 @@ function guest_register() {
"`Size`, " . "`Passwort`, " . "`Size`, " . "`Passwort`, " .
"`Art` , " . "`kommentar`, " . "`Art` , " . "`kommentar`, " .
"`Hometown`," . "`CreateDate`, `Sprache` ) " . "`Hometown`," . "`CreateDate`, `Sprache` ) " .
"VALUES ( " . "VALUES ( '"
"'" . $_POST["Nick"] . "', " . "'" . $_POST["Name"] . "', " . . sql_escape($_POST["Nick"]) . "', " . "'"
"'" . $_POST["Vorname"] . "', " . "'" . $_POST["Alter"] . "', " . . sql_escape($_POST["Name"]) . "', " . "'"
"'" . $_POST["Telefon"] . "', " . "'" . $_POST["DECT"] . "', " . . sql_escape($_POST["Vorname"]) . "', " . "'"
"'" . $_POST["Handy"] . "', " . "'" . $_POST["email"] . "', " . . sql_escape($_POST["Alter"]) . "', " . "'"
"'" . $_POST["ICQ"] . "', " . "'" . $_POST["jabber"] . "', " . . sql_escape($_POST["Telefon"]) . "', " . "'"
"'" . $_POST["Size"] . "', " . "'" . $_POST["Passwort"] . "', " . . sql_escape($_POST["DECT"]) . "', " . "'"
"'" . $_POST["Art"] . "', " . "'" . $_POST["kommentar"] . "', " . . sql_escape($_POST["Handy"]) . "', " . "'"
"'" . $_POST["Hometown"] . "'," . "NOW(), '" . $_SESSION['Sprache'] . "')"); . sql_escape($_POST["email"]) . "', " . "'"
. sql_escape($_POST["ICQ"]) . "', " . "'"
. sql_escape($_POST["jabber"]) . "', " . "'"
. sql_escape($_POST["Size"]) . "', " . "'"
. sql_escape($_POST["Passwort"]) . "', " . "'"
. sql_escape($_POST["Art"]) . "', " . "'"
. sql_escape($_POST["kommentar"]) . "', " . "'"
. sql_escape($_POST["Hometown"]) . "',"
. "NOW(), '"
. sql_escape($_SESSION["Sprache"])
. "')"
);
if ($Erg != 1) { if ($Erg != 1) {
$html .= Get_Text("makeuser_error_write1") . "<br />\n"; $html .= Get_Text("makeuser_error_write1") . "<br />\n";
@ -242,4 +266,4 @@ function guest_login_form() {
'send' => Get_Text("index_lang_send") 'send' => Get_Text("index_lang_send")
)); ));
} }
?> ?>

@ -6,7 +6,13 @@ function user_unread_messages() {
$new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID'])); $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID']));
if ($new_messages > 0) if ($new_messages > 0)
return '<p class="notice"><a href="' . page_link_to("user_messages") . '">' . Get_Text("pub_messages_new1") . " " . $new_messages . " " . Get_Text("pub_messages_new2") . '</a></p><hr />'; return sprintf(
'<p class="notice"><a href="%s">%s %s %s</a></p><hr />',
page_link_to("user_messages"),
Get_Text("pub_messages_new1"),
$new_messages,
Get_Text("pub_messages_new2")
);
} }
return ""; return "";
@ -16,23 +22,37 @@ function user_messages() {
global $user; global $user;
if (!isset ($_REQUEST['action'])) { if (!isset ($_REQUEST['action'])) {
$users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`"); $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`="
. sql_escape($user['UID']) . " ORDER BY `Nick`");
$to_select_data = array ( $to_select_data = array (
"" => "Select receiver..." "" => "Select receiver..."
); );
foreach ($users as $u) foreach ($users as $u)
$to_select_data[$u['UID']] = $u['Nick']; $to_select_data[$u['UID']] = $u['Nick'];
$to_select = html_select_key('to', $to_select_data, ''); $to_select = html_select_key('to', $to_select_data, '');
$messages_html = ""; $messages_html = "";
$messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC"); $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`="
. sql_escape($user['UID'])
. " OR `RUID`=" . sql_escape($user['UID'])
. " ORDER BY `isRead`,`Datum` DESC"
);
foreach ($messages as $message) { foreach ($messages as $message) {
$messages_html .= '<tr' . ($message['isRead'] == 'N' ? ' class="new_message"' : '') . '>';
$messages_html .= '<td>' . ($message['isRead'] == 'N' ? '•' : '') . '</td>'; $messages_html .= sprintf(
$messages_html .= '<td>' . date("Y-m-d H:i", $message['Datum']) . '</td>'; '<tr %s> <td>%s</td> <td>%s</td> <td>%s</td> <td>%s</td>'
$messages_html .= '<td>' . UID2Nick($message['SUID']) . '</td>'; .'<td>%s</td>',
$messages_html .= '<td>' . UID2Nick($message['RUID']) . '</td>'; ($message['isRead'] == 'N' ? ' class="new_message"' : ''),
$messages_html .= '<td>' . str_replace("\n", '<br />', $message['Text']) . '</td>'; ($message['isRead'] == 'N' ? '•' : ''),
date("Y-m-d H:i", $message['Datum']),
UID2Nick($message['SUID']),
UID2Nick($message['RUID']),
str_replace("\n", '<br />', $message['Text'])
);
$messages_html .= '<td>'; $messages_html .= '<td>';
if ($message['RUID'] == $user['UID']) { if ($message['RUID'] == $user['UID']) {
if ($message['isRead'] == 'N') if ($message['isRead'] == 'N')
@ -45,7 +65,8 @@ function user_messages() {
return template_render('../templates/user_messages.html', array ( return template_render('../templates/user_messages.html', array (
'link' => page_link_to("user_messages"), 'link' => page_link_to("user_messages"),
'greeting' => Get_Text("Hello") . $user['Nick'] . ", <br />\n" . Get_Text("pub_messages_text1") . "<br /><br />\n", 'greeting' => Get_Text("Hello") . $user['Nick'] . ", <br />\n"
. Get_Text("pub_messages_text1") . "<br /><br />\n",
'messages' => $messages_html, 'messages' => $messages_html,
'new_label' => Get_Text("pub_messages_Neu"), 'new_label' => Get_Text("pub_messages_Neu"),
'date_label' => Get_Text("pub_messages_Datum"), 'date_label' => Get_Text("pub_messages_Datum"),

@ -19,7 +19,10 @@ function load_auth() {
if (count($user) > 0) { if (count($user) > 0) {
// User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten // User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten
list ($user) = $user; list ($user) = $user;
sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . $_SESSION['uid'] . "' LIMIT 1;"); sql_query("UPDATE `User` SET "
. "`lastLogIn` = '" . time() . "'"
. " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;"
);
} else } else
unset ($_SESSION['uid']); unset ($_SESSION['uid']);
} }
@ -52,4 +55,4 @@ function PassCrypt($passwort) {
return md5($passwort); return md5($passwort);
} }
} }
?> ?>

@ -8,6 +8,14 @@ function strip_request_item($name) {
); );
} }
function strip_request_item_nl($name) {
return preg_replace(
"/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui",
'',
strip_tags($_REQUEST[$name])
);
}
function error($msg) { function error($msg) {
return '<p class="error">' . $msg . '</p>'; return '<p class="error">' . $msg . '</p>';
} }

Loading…
Cancel
Save