Merge branch 'spezial_includes_camp' of ssh://git.planetcyborg.de/home/git/projects/engelsystem into spezial_includes_camp

main
Philip Häusler 14 years ago
commit 28ac46aa4e

@ -4,8 +4,14 @@ function admin_faq() {
$faqs_html = "";
$faqs = sql_select("SELECT * FROM `FAQ`");
foreach ($faqs as $faq) {
$faqs_html .= '<tr><td><dl><dt>' . $faq['Frage_de'] . '</dt><dd>' . $faq['Antwort_de'] . '</dd></dl></td><td><dl><dt>' . $faq['Frage_en'] . '</dt><dd>' . $faq['Antwort_en'] . '</dd></dl></td>';
$faqs_html .= '<td><a href="' . page_link_to("admin_faq") . '&action=edit&id=' . $faq['FID'] . '">Edit</a></td></tr>';
$faqs_html .= sprintf(
'<tr><td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>'
. '<td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>'
. '<td><a href="%s&action=edit&id=%s">Edit</a></td></tr>',
$faq['Frage_de'], $faq['Antwort_de'],
$faq['Frage_en'], $faq['Antwort_en'],
page_link_to('admin_faq'), $faq['FID']
);
}
return template_render('../templates/admin_faq.html', array (
'link' => page_link_to("admin_faq"),
@ -14,11 +20,18 @@ function admin_faq() {
} else {
switch ($_REQUEST['action']) {
case 'create' :
$frage = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['frage']));
$antwort = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['antwort']));
$question = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question']));
$answer = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer']));
sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "'");
$frage = strip_request_item_nl('frage');
$antwort = strip_request_item_nl('antwort');
$question = strip_request_item_nl('question');
$answer = strip_request_item_nl('answer');
sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage)
. "', `Frage_en`='" . sql_escape($question)
. "', `Antwort_de`='" . sql_escape($antwort)
. "', `Antwort_en`='" . sql_escape($answer)
. "'"
);
header("Location: " . page_link_to("admin_faq"));
break;
@ -32,11 +45,18 @@ function admin_faq() {
if (count($faq) > 0) {
list ($faq) = $faq;
$frage = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['frage']));
$antwort = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['antwort']));
$question = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question']));
$answer = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer']));
sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
$frage = strip_request_item_nl('frage');
$antwort = strip_request_item_nl('antwort');
$question = strip_request_item_nl('question');
$answer = strip_request_item_nl('answer');
sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage)
. "', `Frage_en`='" . sql_escape($question)
. "', `Antwort_de`='" . sql_escape($antwort)
. "', `Antwort_en`='" . sql_escape($answer)
. "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1"
);
header("Location: " . page_link_to("admin_faq"));
} else
return error("No FAQ found.");

@ -7,15 +7,23 @@ function admin_groups() {
if (!isset ($_REQUEST["action"])) {
$groups_html = "";
foreach ($groups as $group) {
$groups_html .= '<tr>';
$groups_html .= '<td>' . $group['Name'] . '</td>';
$groups_html .= sprintf(
'<tr><td>%s</td>',
$group['Name']
);
$privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
$privileges_html = array ();
foreach ($privileges as $priv)
$privileges_html[] = $priv['name'];
$groups_html .= '<td>' . join(", ", $privileges_html) . '</td>';
$groups_html .= '<td><a href="' . page_link_to("admin_groups") . '&action=edit&id=' . $group['UID'] . '">Ändern</a></td>';
$groups_html .= '</tr>';
$groups_html .= sprintf(
'<td>%s</td>'
. '<td><a href="%s&action=edit&id=%s">Ändern</a></td>',
join(', ', $privileges_html),
page_link_to("admin_groups"),
$group['UID']
);
}
return template_render('../templates/admin_groups.html', array (

@ -5,11 +5,17 @@ function guest_faq() {
foreach ($faqs as $faq) {
$html .= "<dl>";
if ($_SESSION['Sprache'] == "DE") {
$html .= "<dt>" . $faq['Frage_de'] . "</dt>";
$html .= "<dd>" . $faq['Antwort_de'] . "</dd>";
$html .= sprintf(
'<dt>%s</dt> <dd>%s</dd>',
$faq['frage_de'],
$faq['antwort_de']
);
} else {
$html .= "<dt>" . $faq['Frage_en'] . "</dt>";
$html .= "<dd>" . $faq['Antwort_en'] . "</dd>";
$html .= sprintf(
'<dt>%s</dt> <dd>%s</dd>',
$faq['frage_en'],
$faq['antwort_en']
);
}
$html .= "</dl>";
}

@ -16,12 +16,25 @@ function guest_register() {
$Ergans = sql_select("SELECT UID FROM `User` WHERE `Nick`='" . sql_escape($_POST["Nick"]) . "'");
if (strlen($_POST["Nick"]) < 2)
$error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick2");
elseif (count($Ergans) > 0) $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick3");
elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false) $error = Get_Text("makeuser_error_mail");
elseif (!is_numeric($_POST["Alter"])) $error = Get_Text("makeuser_error_Alter");
elseif ($_POST["Passwort"] != $_POST["Passwort2"]) $error = Get_Text("makeuser_error_password1");
elseif (strlen($_POST["Passwort"]) < 6) $error = Get_Text("makeuser_error_password2");
$error = Get_Text("makeuser_error_nick1")
. $_POST["Nick"] . Get_Text("makeuser_error_nick2");
elseif (count($Ergans) > 0)
$error = Get_Text("makeuser_error_nick1")
. $_POST["Nick"] . Get_Text("makeuser_error_nick3");
elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false)
$error = Get_Text("makeuser_error_mail");
elseif (!is_numeric($_POST["Alter"]))
$error = Get_Text("makeuser_error_Alter");
elseif ($_POST["Passwort"] != $_POST["Passwort2"])
$error = Get_Text("makeuser_error_password1");
elseif (strlen($_POST["Passwort"]) < 6)
$error = Get_Text("makeuser_error_password2");
else {
$_POST["Passwort"] = PassCrypt($_POST["Passwort"]);
unset ($_POST["Passwort2"]);
@ -35,15 +48,26 @@ function guest_register() {
"`Size`, " . "`Passwort`, " .
"`Art` , " . "`kommentar`, " .
"`Hometown`," . "`CreateDate`, `Sprache` ) " .
"VALUES ( " .
"'" . $_POST["Nick"] . "', " . "'" . $_POST["Name"] . "', " .
"'" . $_POST["Vorname"] . "', " . "'" . $_POST["Alter"] . "', " .
"'" . $_POST["Telefon"] . "', " . "'" . $_POST["DECT"] . "', " .
"'" . $_POST["Handy"] . "', " . "'" . $_POST["email"] . "', " .
"'" . $_POST["ICQ"] . "', " . "'" . $_POST["jabber"] . "', " .
"'" . $_POST["Size"] . "', " . "'" . $_POST["Passwort"] . "', " .
"'" . $_POST["Art"] . "', " . "'" . $_POST["kommentar"] . "', " .
"'" . $_POST["Hometown"] . "'," . "NOW(), '" . $_SESSION['Sprache'] . "')");
"VALUES ( '"
. sql_escape($_POST["Nick"]) . "', " . "'"
. sql_escape($_POST["Name"]) . "', " . "'"
. sql_escape($_POST["Vorname"]) . "', " . "'"
. sql_escape($_POST["Alter"]) . "', " . "'"
. sql_escape($_POST["Telefon"]) . "', " . "'"
. sql_escape($_POST["DECT"]) . "', " . "'"
. sql_escape($_POST["Handy"]) . "', " . "'"
. sql_escape($_POST["email"]) . "', " . "'"
. sql_escape($_POST["ICQ"]) . "', " . "'"
. sql_escape($_POST["jabber"]) . "', " . "'"
. sql_escape($_POST["Size"]) . "', " . "'"
. sql_escape($_POST["Passwort"]) . "', " . "'"
. sql_escape($_POST["Art"]) . "', " . "'"
. sql_escape($_POST["kommentar"]) . "', " . "'"
. sql_escape($_POST["Hometown"]) . "',"
. "NOW(), '"
. sql_escape($_SESSION["Sprache"])
. "')"
);
if ($Erg != 1) {
$html .= Get_Text("makeuser_error_write1") . "<br />\n";

@ -6,7 +6,13 @@ function user_unread_messages() {
$new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID']));
if ($new_messages > 0)
return '<p class="notice"><a href="' . page_link_to("user_messages") . '">' . Get_Text("pub_messages_new1") . " " . $new_messages . " " . Get_Text("pub_messages_new2") . '</a></p><hr />';
return sprintf(
'<p class="notice"><a href="%s">%s %s %s</a></p><hr />',
page_link_to("user_messages"),
Get_Text("pub_messages_new1"),
$new_messages,
Get_Text("pub_messages_new2")
);
}
return "";
@ -16,23 +22,37 @@ function user_messages() {
global $user;
if (!isset ($_REQUEST['action'])) {
$users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`");
$users = sql_select("SELECT * FROM `User` WHERE NOT `UID`="
. sql_escape($user['UID']) . " ORDER BY `Nick`");
$to_select_data = array (
"" => "Select receiver..."
);
foreach ($users as $u)
$to_select_data[$u['UID']] = $u['Nick'];
$to_select = html_select_key('to', $to_select_data, '');
$messages_html = "";
$messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC");
$messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`="
. sql_escape($user['UID'])
. " OR `RUID`=" . sql_escape($user['UID'])
. " ORDER BY `isRead`,`Datum` DESC"
);
foreach ($messages as $message) {
$messages_html .= '<tr' . ($message['isRead'] == 'N' ? ' class="new_message"' : '') . '>';
$messages_html .= '<td>' . ($message['isRead'] == 'N' ? '•' : '') . '</td>';
$messages_html .= '<td>' . date("Y-m-d H:i", $message['Datum']) . '</td>';
$messages_html .= '<td>' . UID2Nick($message['SUID']) . '</td>';
$messages_html .= '<td>' . UID2Nick($message['RUID']) . '</td>';
$messages_html .= '<td>' . str_replace("\n", '<br />', $message['Text']) . '</td>';
$messages_html .= sprintf(
'<tr %s> <td>%s</td> <td>%s</td> <td>%s</td> <td>%s</td>'
.'<td>%s</td>',
($message['isRead'] == 'N' ? ' class="new_message"' : ''),
($message['isRead'] == 'N' ? '•' : ''),
date("Y-m-d H:i", $message['Datum']),
UID2Nick($message['SUID']),
UID2Nick($message['RUID']),
str_replace("\n", '<br />', $message['Text'])
);
$messages_html .= '<td>';
if ($message['RUID'] == $user['UID']) {
if ($message['isRead'] == 'N')
@ -45,7 +65,8 @@ function user_messages() {
return template_render('../templates/user_messages.html', array (
'link' => page_link_to("user_messages"),
'greeting' => Get_Text("Hello") . $user['Nick'] . ", <br />\n" . Get_Text("pub_messages_text1") . "<br /><br />\n",
'greeting' => Get_Text("Hello") . $user['Nick'] . ", <br />\n"
. Get_Text("pub_messages_text1") . "<br /><br />\n",
'messages' => $messages_html,
'new_label' => Get_Text("pub_messages_Neu"),
'date_label' => Get_Text("pub_messages_Datum"),

@ -19,7 +19,10 @@ function load_auth() {
if (count($user) > 0) {
// User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten
list ($user) = $user;
sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . $_SESSION['uid'] . "' LIMIT 1;");
sql_query("UPDATE `User` SET "
. "`lastLogIn` = '" . time() . "'"
. " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;"
);
} else
unset ($_SESSION['uid']);
}

@ -8,6 +8,14 @@ function strip_request_item($name) {
);
}
function strip_request_item_nl($name) {
return preg_replace(
"/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui",
'',
strip_tags($_REQUEST[$name])
);
}
function error($msg) {
return '<p class="error">' . $msg . '</p>';
}

Loading…
Cancel
Save