kontakt
/
engelsystem
3
0
Fork 0
Code Issues 12 Pull Requests Projects Releases Wiki Activity

system ist jetzt auf folstaengig auf regiserGlobals=off umgestellt :-)

Browse Source 
git-svn-id: svn://svn.cccv.de/engel-system@19 29ba0400-6e00-0410-a75a-ca02368028f8
main
cookie 19 years ago
parent c3f45775b0
commit fbc8e11b91
2 changed files with 39 additions and 28 deletions
Show Stats Download Patch File Download Diff File

57
admin/faq.php
Unescape Escape View File

@ -1,13 +1,17 @@
<?php <?php
$title = "Himmel"; $title = "Himmel";
$header = "FAQ / Fragen an die Erzengel"; $header = "FAQ / Fragen an die Erzengel";
$submenus = 1;
include ("./inc/header.php"); include ("./inc/header.php");
include ("./inc/funktion_user.php"); include ("./inc/funktion_user.php");
$submenus = 1;
if (IsSet($quest)) { //var init
$quest_bearb=0;
if (IsSet($_GET["quest"])) {
switch ($quest) { switch ($_GET["quest"])
{
// *--------------------------------------------------------------------------- // *---------------------------------------------------------------------------
// * Anfragen - Bearbeitung // * Anfragen - Bearbeitung
@ -63,15 +67,15 @@ case "open":
break; break;
case "edit": case "edit":
$quest_bearb=0; // keine Fragenliste anzeigen, Frage editieren... $quest_bearb=0; // keine Fragenliste anzeigen, Frage editieren...
if (!IsSet($QID)){ if (!IsSet($_GET["QID"])){
?> ?>
Fehlerhafter Aufruf...<br>Bitte die Bearbeitung nochmals beginnen :) Fehlerhafter Aufruf...<br>Bitte die Bearbeitung nochmals beginnen :)
<?php <?php
} else { } else {
$SQL = "SELECT * FROM Questions where QID=$QID"; $SQL = "SELECT * FROM Questions where QID=". $_GET["QID"];
$Erg = mysql_query($SQL, $con); $Erg = mysql_query($SQL, $con);
?> ?>
<form action="./faq.php" method="post"> <form action="./faq.php" method="GET">
Anfrage von <b><?php echo UID2NICK(mysql_result($Erg, 0, "UID")); ?></b>:<br> Anfrage von <b><?php echo UID2NICK(mysql_result($Erg, 0, "UID")); ?></b>:<br>
<textarea name="Question" rows="3" cols="80"><?php echo mysql_result($Erg, 0, "Question"); ?></textarea> <textarea name="Question" rows="3" cols="80"><?php echo mysql_result($Erg, 0, "Question"); ?></textarea>
<br><br> <br><br>
@ -89,7 +93,7 @@ case "edit":
<?php <?php
} }
?> ?>
<input type="hidden" name="QID" value="<? echo $QID ?>"> <input type="hidden" name="QID" value="<? echo $_GET["QID"]; ?>">
<input type="hidden" name="quest" value="save"> <input type="hidden" name="quest" value="save">
<input type="submit" value="Sichern..."> <input type="submit" value="Sichern...">
</form> </form>
@ -106,12 +110,14 @@ case "edit":
break; break;
case "save": case "save":
if (!IsSet($QID)){ if (!IsSet($_GET["QID"])){
?> ?>
Fehlerhafter Aufruf... Bitte die Bearbeitung nochmal starten... Fehlerhafter Aufruf... Bitte die Bearbeitung nochmal starten...
<?php <?php
} else { } else {
$SQL = "UPDATE Questions SET Question=\"$Question\", AID=\"".$_SESSION['UID']."\" , Answer=\"$Answer\" where QID = \"".$QID."\" LIMIT 1"; $SQL = "UPDATE Questions SET Question=\"". $_GET["Question"].
"\", AID=\"". $_SESSION['UID']. "\" , Answer=\"". $_GET["Answer"]. "\" ".
"where QID = \"". $_GET["QID"]. "\" LIMIT 1";
$Erg = mysql_query($SQL, $con); $Erg = mysql_query($SQL, $con);
if ($Erg == 1) { if ($Erg == 1) {
?> ?>
@ -126,15 +132,16 @@ case "save":
break; break;
case "transfer": case "transfer":
if (!IsSet($QID)){ if (!IsSet($_GET["QID"])){
?> ?>
Fehlerhafter Aufruf... Bitte die Bearbeitung nochmal starten... Fehlerhafter Aufruf... Bitte die Bearbeitung nochmal starten...
<?php <?php
} else { } else {
$SQL1="Select * from Questions where QID=$QID"; $SQL1="Select * from Questions where QID=". $_GET["QID"];
$Erg = mysql_query($SQL1, $con); $Erg = mysql_query($SQL1, $con);
$SQL2="Insert into FAQ Values (\"\", \"".mysql_result($Erg, 0, "Question")."\", \"".mysql_result($Erg, 0, "Answer")."\")"; $SQL2="Insert into FAQ Values (\"\", \"".
mysql_result($Erg, 0, "Question")."\", \"".mysql_result($Erg, 0, "Answer")."\")";
$Erg = mysql_query($SQL2, $con); $Erg = mysql_query($SQL2, $con);
if ($Erg == 1) { if ($Erg == 1) {
?> ?>
@ -182,30 +189,31 @@ case "faq":
break; break;
case "faqedit": case "faqedit":
if (!IsSet($FAQID)){ if (!IsSet($_GET["FAQID"]))
{
?> ?>
Fehlerhafter Aufruf...<br>Bitte die Bearbeitung nochmals beginnen :) Fehlerhafter Aufruf...<br>Bitte die Bearbeitung nochmals beginnen :)
<?php <?php
} else { } else {
$SQL = "SELECT * FROM FAQ where FID=$FAQID"; $SQL = "SELECT * FROM FAQ where FID=". $_GET["FAQID"];
$Erg = mysql_query($SQL, $con); $Erg = mysql_query($SQL, $con);
// anzahl zeilen // anzahl zeilen
$Zeilen = mysql_num_rows($Erg); $Zeilen = mysql_num_rows($Erg);
?> ?>
<form action="./faq.php" method="post"> <form action="./faq.php" method="GET">
Frage:<br> Frage:<br>
<textarea name="Frage" rows="3" cols="80"><?php echo mysql_result($Erg, 0, "Frage"); ?></textarea> <textarea name="Frage" rows="3" cols="80"><?php echo mysql_result($Erg, 0, "Frage"); ?></textarea>
<br><br> <br><br>
Antwort:<br> Antwort:<br>
<textarea name="Antwort" rows="5" cols="80"><?php echo mysql_result($Erg, 0, "Antwort"); ?></textarea><br> <textarea name="Antwort" rows="5" cols="80"><?php echo mysql_result($Erg, 0, "Antwort"); ?></textarea><br>
<input type="hidden" name="FAQID" value="<? echo $FAQID; ?>"> <input type="hidden" name="FAQID" value="<? echo $_GET["FAQID"]; ?>">
<input type="hidden" name="quest" value="faqsave"> <input type="hidden" name="quest" value="faqsave">
<input type="submit" value="Sichern..."> <input type="submit" value="Sichern...">
</form> </form>
<form action="./faq.php"> <form action="./faq.php">
<input type="hidden" name="FAQID" value="<? echo $FAQID; ?>"> <input type="hidden" name="FAQID" value="<? echo $_GET["FAQID"]; ?>">
<input type="hidden" name="quest" value="faqdelete"> <input type="hidden" name="quest" value="faqdelete">
<input type="submit" value="L&ouml;schen..."> <input type="submit" value="L&ouml;schen...">
</form> </form>
@ -214,12 +222,13 @@ case "faqedit":
break; break;
case "faqdelete"; case "faqdelete";
if (!IsSet($FAQID)){ if (!IsSet($_GET["FAQID"]))
{
?> ?>
Fehlerhafter Aufruf... Bitte die Bearbeitung nochmal starten... Fehlerhafter Aufruf... Bitte die Bearbeitung nochmal starten...
<?php <?php
} else { } else {
$SQL = "delete from FAQ where FID = \"$FAQID\" LIMIT 1"; $SQL = "delete from FAQ where FID = \"". $_GET["FAQID"]. "\" LIMIT 1";
$Erg = mysql_query($SQL, $con); $Erg = mysql_query($SQL, $con);
if ($Erg == 1) { if ($Erg == 1) {
?> ?>
@ -234,12 +243,14 @@ case "faqdelete";
break; break;
case "faqsave"; case "faqsave";
if (!IsSet($FAQID)){ if (!IsSet($_GET["FAQID"]))
{
?> ?>
Fehlerhafter Aufruf... Bitte die Bearbeitung nochmal starten... Fehlerhafter Aufruf... Bitte die Bearbeitung nochmal starten...
<?php <?php
} else { } else {
$SQL = "UPDATE FAQ SET Frage=\"$Frage\", Antwort=\"$Antwort\" where FID = \"$FAQID\" LIMIT 1"; $SQL = "UPDATE FAQ SET Frage=\"". $_GET["Frage"]. "\", Antwort=\"". $_GET["Antwort"].
"\" where FID = \"". $_GET["FAQID"]. "\" LIMIT 1";
$Erg = mysql_query($SQL, $con); $Erg = mysql_query($SQL, $con);
if ($Erg == 1) { if ($Erg == 1) {
?> ?>
@ -255,7 +266,7 @@ case "faqsave";
case "faqnew": case "faqnew":
?> ?>
<form action="./faq.php" method="post"> <form action="./faq.php" method="GET">
Frage:<br> Frage:<br>
<textarea name="Frage" rows="3" cols="80">Frage...</textarea><br><br> <textarea name="Frage" rows="3" cols="80">Frage...</textarea><br><br>
Antwort:<br> Antwort:<br>
@ -266,7 +277,7 @@ case "faqnew":
<?php <?php
break; break;
case "faqnewsave"; case "faqnewsave";
$SQL = "INSERT INTO FAQ VALUES (\"\", \"$Frage\", \"$Antwort\")"; $SQL = "INSERT INTO FAQ VALUES (\"\", \"". $_GET["Frage"]. "\", \"". $_GET["Antwort"]. "\")";
$Erg = mysql_query($SQL, $con); $Erg = mysql_query($SQL, $con);
if ($Erg == 1) { if ($Erg == 1) {
?> ?>

10
admin/sprache.php
Unescape Escape View File

@ -5,7 +5,7 @@ $header = "Liste der existierenden Sprcheintr&auml;ge";
include ("./inc/header.php"); include ("./inc/header.php");
if( !isset( $TextID ) ) if( !isset( $_GET["TextID"] ) )
{ {
echo Get_Text("Hello").$_SESSION['Nick'].", <br>\n"; echo Get_Text("Hello").$_SESSION['Nick'].", <br>\n";
echo Get_Text("pub_sprache_text1")."<br><br>\n"; echo Get_Text("pub_sprache_text1")."<br><br>\n";
@ -75,18 +75,18 @@ if( !isset( $TextID ) )
} /*if( !isset( $TextID ) )*/ } /*if( !isset( $TextID ) )*/
else else
{ {
echo "edit: ". $TextID. "<br><br>"; echo "edit: ". $_GET["TextID"]. "<br><br>";
foreach ($_GET as $k => $v) { foreach ($_GET as $k => $v) {
if( $k != "TextID" ) if( $k != "TextID" )
{ {
$sql_test = "SELECT * FROM `Sprache` ". $sql_test = "SELECT * FROM `Sprache` ".
"WHERE `TextID`='$TextID' AND `Sprache`='$k'"; "WHERE `TextID`='". $_GET["TextID"]. "' AND `Sprache`='$k'";
$erg_test = mysql_query($sql_test, $con); $erg_test = mysql_query($sql_test, $con);
if( mysql_num_rows($erg_test)==0 ) if( mysql_num_rows($erg_test)==0 )
{ {
$sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) ". $sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) ".
"VALUES ('$TextID', '$k', '$v')"; "VALUES ('". $_GET["TextID"]. "', '$k', '$v')";
$Erg = mysql_query($sql_save, $con); $Erg = mysql_query($sql_save, $con);
if ($Erg == 1) if ($Erg == 1)
echo "\t $k Save: OK<br>\n"; echo "\t $k Save: OK<br>\n";
@ -96,7 +96,7 @@ else
else if( mysql_result($erg_test, 0, "Text")!=$v ) else if( mysql_result($erg_test, 0, "Text")!=$v )
{ {
$sql_save = "UPDATE `Sprache` SET `Text`='$v' ". $sql_save = "UPDATE `Sprache` SET `Text`='$v' ".
"WHERE `TextID`='$TextID' AND `Sprache`='$k' "; "WHERE `TextID`='". $_GET["TextID"]. "' AND `Sprache`='$k' ";
echo $sql_save."<br>"; echo $sql_save."<br>";
$Erg = mysql_query($sql_save, $con); $Erg = mysql_query($sql_save, $con);
if ($Erg == 1) if ($Erg == 1)

Write Preview
Loading…
Cancel
Save