kontakt
/
engelsystem
3
0
Fork 0
Code Issues 12 Pull Requests Projects Releases Wiki Activity

right fix

Browse Source
main
Philip Häusler 12 years ago
parent fd199ea3a0
commit 419da73bef
1 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File

27
includes/pages/admin_user.php
Unescape Escape View File

@ -104,21 +104,26 @@ function admin_user() {
if (isset ($_REQUEST['submit_user_angeltypes'])) { if (isset ($_REQUEST['submit_user_angeltypes'])) {
$selected_angel_types = array (); $selected_angel_types = array ();
foreach ($angel_types as $angel_type_id => $angel_type_name) foreach ($angel_types as $angel_type_id => $angel_type_name) {
if (isset ($_REQUEST['angel_types_' . $angel_type_id])) if (isset ($_REQUEST['angel_types_' . $angel_type_id]))
$selected_angel_types[] = $angel_type_id; $selected_angel_types[] = $angel_type_id;
}
// Assign angel-types // Assign angel-types
foreach ($angel_types_source as $angel_type) foreach ($angel_types_source as $angel_type) {
if (!in_array($angel_type['id'], $selected_angel_types)) if (!in_array($angel_type['id'], $selected_angel_types))
sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `angeltype_id`=" . sql_escape($angel_type['id']) . " LIMIT 1"); sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `angeltype_id`=" . sql_escape($angel_type['id']) . " LIMIT 1");
}
foreach ($selected_angel_types as $selected_angel_type_id) foreach ($selected_angel_types as $selected_angel_type_id) {
if (sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `angeltype_id`=" . sql_escape($selected_angel_type_id) . " LIMIT 1") == 0) if (sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `angeltype_id`=" . sql_escape($selected_angel_type_id) . " LIMIT 1") == 0) {
if (in_array("admin_user_angeltypes", $privileges)) if (in_array("admin_user_angeltypes", $privileges)) {
sql_query("INSERT INTO `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($user['UID']) . ", `user_id`=" . sql_escape($user_source['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id)); sql_query("INSERT INTO `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($user['UID']) . ", `user_id`=" . sql_escape($user_source['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id));
else } else {
sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user_source['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id)); sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user_source['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id));
}
}
}
success("Angeltypes saved."); success("Angeltypes saved.");
redirect(page_link_to('admin_user') . '&id=' . $user_source['UID']); redirect(page_link_to('admin_user') . '&id=' . $user_source['UID']);
@ -182,7 +187,7 @@ function admin_user() {
list ($my_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($user['UID']) . " ORDER BY `group_id`"); list ($my_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($user['UID']) . " ORDER BY `group_id`");
list ($his_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `group_id`"); list ($his_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `group_id`");
if ($my_highest_group <= $his_highest_group) { if ($my_highest_group['group_id'] <= $his_highest_group['group_id']) {
$groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group['group_id']) . " ORDER BY `Groups`.`Name`"); $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group['group_id']) . " ORDER BY `Groups`.`Name`");
$grouplist = array (); $grouplist = array ();
foreach ($groups as $group) foreach ($groups as $group)

Write Preview
Loading…
Cancel
Save