From b91450e558455d704cd0d09504b503be9eacd590 Mon Sep 17 00:00:00 2001 From: cookie Date: Thu, 30 Nov 2006 10:49:24 +0000 Subject: [PATCH] newsverwaltung erweitert, add edit bouten und parameter check git-svn-id: svn://svn.cccv.de/engel-system@187 29ba0400-6e00-0410-a75a-ca02368028f8 --- www-ssl/admin/news.php | 163 +++++++++++++------------ www-ssl/nonpublic/engelbesprechung.php | 19 ++- www-ssl/nonpublic/news_output.php | 16 ++- 3 files changed, 112 insertions(+), 86 deletions(-) diff --git a/www-ssl/admin/news.php b/www-ssl/admin/news.php index f37c9a08..137695b3 100755 --- a/www-ssl/admin/news.php +++ b/www-ssl/admin/news.php @@ -7,13 +7,13 @@ include ("./inc/funktion_db_list.php"); include ("./inc/funktion_user.php"); -if (!IsSet($_GET["action"])) { - -$SQL = "SELECT * from News order by Datum DESC"; -$Erg = mysql_query($SQL, $con); +if (!IsSet($_GET["action"])) +{ + $SQL = "SELECT * from News order by Datum DESC"; + $Erg = mysql_query($SQL, $con); -$rowcount = mysql_num_rows($Erg); -?> + $rowcount = mysql_num_rows($Erg); + ?> Hallo ,
hier kannst du die News säbern... falls jemand auf die Idee kommt, hier herumzuspamen oder aus Versehen falsche Informationen zu hinterlegen :)

@@ -29,82 +29,95 @@ hier herumzuspamen oder aus Versehen falsche Informationen zu hinterlegen :)
\n"; - echo "\t ".mysql_result($Erg, $i, "Datum").""; - echo "\t ".mysql_result($Erg, $i, "Betreff").""; - echo "\t ".mysql_result($Erg, $i, "Text").""; - echo "\t ".UID2Nick(mysql_result($Erg, $i, "UID")).""; - echo "\t ".mysql_result($Erg, $i, "Treffen").""; - echo "\t XXX"; - echo "\t\n"; -} -echo ""; - - -} else { - -switch ($_GET["action"]) -{ - -case 'change': - $SQL = "SELECT * from News where (Datum='". $_GET["date"]. "')"; - $Erg = mysql_query($SQL, $con); - - echo "
\n"; - - echo "\n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; + for ($i=0; $i < $rowcount; $i++) + { + echo "\t\n"; + echo "\t "; + echo "\t "; + echo "\t "; + echo "\t "; + echo "\t "; + echo "\t "; + echo "\t\n"; + } echo "
Datum
Betreff
Text
Engel
Treffen
".mysql_result($Erg, $i, "Datum")."".mysql_result($Erg, $i, "Betreff")."".mysql_result($Erg, $i, "Text")."".UID2Nick(mysql_result($Erg, $i, "UID"))."".mysql_result($Erg, $i, "Treffen")."XXX
"; +} +else +{ - echo "\n"; - echo "\n"; - echo "\n"; - echo "
"; - - echo "
\n"; - echo "\n"; - echo "\n"; - echo "
"; - - break; - -case 'change_save': - $chsql="UPDATE News set Betreff = \"". $_GET["eBetreff"]. "\", Text = \"". $_GET["eText"]. - "\", Treffen=". $_GET["eTreffen"]. " where (Datum = '". $_GET["date"]. "') limit 1"; - break; - -case 'delete': - $chsql="DELETE from News where Datum = '". $_POST["date"]. "' limit 1"; - break; -} + unSet($chsql); -if (IsSet($chsql)) { -// SQL-Statement ausführen... - $Erg = mysql_query($chsql, $con); - If ($Erg == 1) + switch ($_GET["action"]) { - echo "Änderung erfolgreich gesichert..."; - } - else + case 'change': + if (isset($_GET["date"])) + { + $SQL = "SELECT * from News where (Datum='". $_GET["date"]. "')"; + $Erg = mysql_query($SQL, $con); + + if( mysql_num_rows( $Erg)==1) + { + echo "
\n"; + + echo "\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo "
Datum
Betreff
Text
Engel
Treffen
"; + + echo "\n"; + echo "\n"; + echo "\n"; + echo "
"; + + echo "
\n"; + echo "\n"; + echo "\n"; + echo "
"; + } + else + echo "FEHLER: Eintrag \"". $_GET["date"]. "\" nicht gefunden"; + } + else + echo "Fehler: \"date\" nicht übergeben"; + break; + + case 'change_save': + if( isset($_GET["date"]) && isset($_GET["eBetreff"]) && isset($_GET["eText"]) ) + $chsql="UPDATE News set Betreff = \"". $_GET["eBetreff"]. "\", Text = \"". $_GET["eText"]. + "\", Treffen=". $_GET["eTreffen"]. " where (Datum = '". $_GET["date"]. "') limit 1"; + else + echo "Fehler: nicht genügend parameter übergeben"; + break; + + case 'delete': + if (isset($_POST["date"])) + $chsql="DELETE from News where Datum = '". $_POST["date"]. "' limit 1"; + else + echo "Fehler: \"date\" nicht übergeben"; + break; + } //SWITCH + + if (IsSet($chsql)) { - echo "Ein Fehler ist aufgetreten... probiere es am besten nocheinmal... :)

\n"; - echo mysql_error($con); - echo "

\n[$chsql]"; + // SQL-Statement ausführen... + $Erg = mysql_query($chsql, $con); + If ($Erg == 1) + echo "Änderung erfolgreich gesichert..."; + else + echo "Ein Fehler ist aufgetreten... probiere es am besten nocheinmal... :)

\n". + mysql_error($con). "

\n[$chsql]"; + SetHeaderGo2Back(); } - SetHeaderGo2Back(); -} +}// IF-ELSE -} include ("./inc/footer.php"); ?> diff --git a/www-ssl/nonpublic/engelbesprechung.php b/www-ssl/nonpublic/engelbesprechung.php index 436a5271..84bd92b5 100755 --- a/www-ssl/nonpublic/engelbesprechung.php +++ b/www-ssl/nonpublic/engelbesprechung.php @@ -15,12 +15,21 @@ $Erg = mysql_query($SQL, $con); // anzahl zeilen $Zeilen = mysql_num_rows($Erg); -for ($n = 0 ; $n < $Zeilen ; $n++) { - if (mysql_result($Erg, $n, "Treffen")=="1") { - echo "

".mysql_result($Erg, $n, "Betreff")."
". - "   ".mysql_result($Erg, $n, "Datum").", "; +for ($n = 0 ; $n < $Zeilen ; $n++) +{ + if (mysql_result($Erg, $n, "Treffen")=="1") + { + echo "

".mysql_result($Erg, $n, "Betreff").""; + + // Schow Admin Page + if( $_SESSION['CVS'][ "admin/news.php" ] == "Y" ) + echo " [edit]"; + + echo "
   ".mysql_result($Erg, $n, "Datum").", "; echo UID2Nick(mysql_result($Erg, $n, "UID"))."

\n"; - echo "

".nl2br(mysql_result($Erg, $n, "Text"))."

\n"; + + + echo "

".nl2br(mysql_result($Erg, $n, "Text"))."

\n"; } } diff --git a/www-ssl/nonpublic/news_output.php b/www-ssl/nonpublic/news_output.php index 1e4a349d..6c6fb8ff 100755 --- a/www-ssl/nonpublic/news_output.php +++ b/www-ssl/nonpublic/news_output.php @@ -27,17 +27,21 @@ $Erg = mysql_query($SQL, $con); // anzahl zeilen $news_rows = mysql_num_rows($Erg); -for ($n = 0 ; $n < $news_rows ; $n++) { +for ($n = 0 ; $n < $news_rows ; $n++) +{ - if (mysql_result($Erg, $n, "Treffen") == 0) { + if (mysql_result($Erg, $n, "Treffen") == 0) echo "

"; - } else { + else echo "

"; - } - echo "".mysql_result($Erg, $n, "Betreff")."
\n"; + + echo "".mysql_result($Erg, $n, "Betreff")."\n"; + // Schow Admin Page + if( $_SESSION['CVS'][ "admin/news.php" ] == "Y" ) + echo " [edit]
\n\t\t"; - echo "   ".mysql_result($Erg, $n, "Datum").", "; + echo "
   ".mysql_result($Erg, $n, "Datum").", "; echo UID2Nick(mysql_result($Erg, $n, "UID")).""; // avatar anzeigen? echo DisplayAvatar (mysql_result($Erg, $n, "UID"));