$tpl->set_var(array("edit_locked" => "", "error" => "", "preview" => "", "form" => "", "accept" => "")); print generate_page('Edit Message Denied', $tpl->parse("CONTENT", "disabled")); exit; } $tpl->set_var("disabled", ""); $thread = get_thread($msg['tid']); if (isset($thread['flag']['Locked']) && !$user->capable($forum['fid'], 'Lock')) { $tpl->set_var(array("error" => "", "preview" => "", "form" => "", "accept" => "")); print generate_page('Edit Message Denied', $tpl->parse("CONTENT", "edit_locked")); exit; } $tpl->set_var("edit_locked", ""); /* Sanitize the strings */ $nmsg['name'] = stripcrap($user->name); if ($expose_email) { $nmsg['email'] = stripcrap($user->email); } else { $nmsg['email'] = ""; } /* update offtopic status */ if ($msg['state'] == 'Active' && $offtopic) { $nmsg['state'] = "OffTopic"; } else { if ($user->capable($forum['fid'], 'OffTopic') && $msg['state'] == 'OffTopic' && !$offtopic) { /* user can't unset offtopic unless he has offtopic capabilities */ $nmsg['state'] = "Active"; } else { $nmsg['state'] = $msg['state']; } } if (empty($nmsg['subject']) && strlen($nmsg['subject']) == 0) {
function process_request($tpl, $arg) { global $user; if (!count($arg)) { return; } dump($arg); $args = ''; if (isset($arg['gid']) && is_numeric($arg['gid'])) { $gid = $arg['gid']; if ($gid < 0 || $gid > 31) { err_not_found("GID out of range"); } } if (isset($gid)) { $sqls = array(); $sargs = array(); $name = $user->name; if (isset($arg['submit']) && $arg['submit'] == "Update Slot {$gid}") { global $subject_tags; $subject = stripcrap($arg['subject'], $subject_tags); $url = stripcrapurl($arg['url']); $sqls[] = "update f_global_messages set " . "subject = ?, url = ?, " . "name = ?, date = NOW() " . "where gid = ?"; $sargs[] = array($subject, $url, $name, $gid); /* resend edit so we get the form back */ $args = "?gid={$gid}&edit"; } if (isset($arg['add'])) { $sqls[] = "insert into f_global_messages " . "(gid, name, date) values " . "(?, ?, NOW())"; $sargs[] = array($gid, $name); } if (isset($arg['take'])) { $sqls[] = "update f_global_messages set " . "name = ?, date = NOW() " . "where gid = ?"; $sargs[] = array($name, $gid); } if (isset($arg['touch'])) { $sqls[] = "update f_global_messages set " . "date = NOW() " . "where gid = ?"; $sargs[] = array($gid); } if (isset($arg['unhide'])) { $sqls[] = "update u_users set " . "gmsgfilter = gmsgfilter & ~(1<<{$gid}) where gmsgfilter & (1<<{$gid})"; $sargs[] = array(); } if (count($sqls)) { /* don't allow any sql updates unless we have a valid token */ if (!$user->is_valid_token($arg['token'])) { err_not_found("invalid token"); } for ($i = 0; $i < count($sqls); $i++) { $sql = $sqls[$i]; $sarg = $sargs[$i]; debug($sql . "\narray(" . implode(",", $sarg) . ")\n"); db_exec($sql, $sarg); } } if (isset($arg['edit'])) { /* on edit and add, we will send Location: but with "edit" again, stripping add and the token */ if (isset($arg['add'])) { $args = "?gid={$gid}&edit"; } else { generate_edit_form($tpl, $gid); } } if (count($sqls)) { header("Location: /admin/gmessage.phtml{$args}"); } } }
* Training Typ editieren * **/ if ($action == "edit") { $smarty->assign("action", $action); if ($_POST['send']) { $result = $db->query("UPDATE rhs_portal SET url='{$_POST['url']}', email='{$_POST['email']}', text='{$_POST['message']}', bilddb_id='{$_POST['bilddb_id']}', titel='{$_POST['titel']}', changedate=" . time() . " WHERE mandant=" . $adminsession->session_mandant_data['mandant_id'] . " AND id={$_GET['id']}"); if ($result) { $smarty->assign("fehler", 1); $smarty->assign("page_redirect", "index_portal.php?sid=" . $adminsession->session_data['hash']); } else { $smarty->assign("fehler", 2); } } $rowlink = $db->query_first("SELECT * FROM rhs_portal WHERE mandant=" . $adminsession->session_mandant_data['mandant_id'] . " AND id={$_GET['id']}"); $rowlink['text'] = htmlconverter(stripcrap(trim($rowlink['text']))); $rowlink['bilddb_id2'] = makeoption(false, "Keine Bilder", true); $result = $db->query("SELECT g_title as title, g_id as aid FROM g2_Item WHERE g_canContainChildren = 1 ORDER BY g_title DESC"); while ($row = $db->fetch_array($result)) { $rowlink['bilddb_id2'] .= makeoption($row['aid'], $row['title'], $rowlink['bilddb_id']); } $smarty->assign($rowlink); $smarty->display("a_index_portal_edit.tpl.php"); exit; } /** * * Links erzeugen * **/ if ($action == "new") {
exit; } /** * * Links erzeugen * **/ if ($action == "new") { $smarty->assign("action", $action); if ($_POST['send']) { $result = $db->query("INSERT INTO rhs_mandant SET mandant_name='{$_POST['mandant_name']}', mandant_email='{$_POST['mandant_email']}',\n\t\tmandant_nachname='{$_POST['mandant_nachname']}', mandant_vorname='{$_POST['mandant_vorname']}', mandant_show_index_start='{$_POST['mandant_show_index_start']}',\n\t\tmandant_show_kontakt='{$_POST['mandant_show_kontakt']}', mandant_show_index_portal='{$_POST['mandant_show_index_portal']}',\n\t\tmandant_show_index_projects='{$_POST['mandant_show_index_projects']}', mandant_show_index_sponsors='{$_POST['mandant_show_index_sponsors']}',\n\t\tmandant_show_konto='{$_POST['mandant_show_konto']}', mandant_konto_nr='{$_POST['mandant_konto_nr']}',\n\t\tmandant_konto_blz='{$_POST['mandant_konto_blz']}', mandant_konto_bank='{$_POST['mandant_konto_bank']}',\n\t\tmandant_staffeltext='{$_POST['message']}'\n\t\t create_userid=" . $adminsession->session_user_data['customer_id'] . ", create_date=" . time()); @mkdir("../bilder/kontakt/" . $db->insert_id()); if ($result) { $rowlink = $db->query_first("SELECT\n\t\t\t\tmandant_id as mandant_id2, mandant_name as mandant_name2, mandant_email as mandant_email2, mandant_nachname as mandant_nachname2,\n\t\t\t\tmandant_vorname as mandant_vorname2 , mandant_show_kontakt as mandant_show_kontakt2, mandant_show_index_start as mandant_show_index_start2,\n\t\t\t\tmandant_show_index_portal as mandant_show_index_portal2, mandant_show_index_projects as mandant_show_index_projects2,\n\t\t\t\tmandant_show_index_sponsors as mandant_show_index_sponsors2, mandant_show_konto as mandant_show_konto2, mandant_konto_nr as mandant_konto_nr2,\n\t\t\t\tmandant_konto_blz as mandant_konto_blz2, mandant_konto_bank as mandant_konto_bank2, mandant_staffeltext as mandant_staffeltext2\n\t\t\t\tFROM rhs_mandant WHERE mandant_id=" . $db->insert_id()); $smarty->assign("fehler", 1); $smarty->assign("page_redirect", "mandant.php?sid=" . $adminsession->session_data['hash']); } else { $smarty->assign("fehler", 2); } } $rowlink['mandant_show_index_start2'] = create_options_yes_no($rowlink['mandant_show_index_start2']); $rowlink['mandant_show_kontakt2'] = create_options_yes_no($rowlink['mandant_show_kontakt2']); $rowlink['mandant_show_index_portal2'] = create_options_yes_no($rowlink['mandant_show_index_portal2']); $rowlink['mandant_show_index_projects2'] = create_options_yes_no($rowlink['mandant_show_index_projects2']); $rowlink['mandant_show_index_sponsors2'] = create_options_yes_no($rowlink['mandant_show_index_sponsors2']); $rowlink['mandant_show_konto2'] = create_options_yes_no($rowlink['mandant_show_konto2']); $rowlink['mandant_staffeltext2'] = htmlconverter(stripcrap(trim($rowlink['mandant_staffeltext2']))); $smarty->assign($rowlink); $smarty->display("a_mandant_edit.tpl.php"); exit; }
exit; } /** * * Links erzeugen * **/ if ($action == "new") { $smarty->assign("action", $action); $rowlink['dateto'] = time(); $rowlink['datefrom'] = time(); if ($_POST['send']) { $result = $db->query("INSERT INTO rhs_tberichte SET titel='{$_POST['titel']}', datefrom='" . makemytime($_POST['datum']) . "', dateto='" . makemytime($_POST['datumbis']) . "', ort='{$_POST['ort']}', beschreibung='{$_POST['message']}', mandant=" . $adminsession->session_mandant_data['mandant_id'] . ", create_userid=" . $adminsession->session_user_data['customer_id'] . ", create_date=" . time()); if ($result) { $rowlink = $db->query_first("SELECT * FROM rhs_tberichte WHERE mandant=" . $adminsession->session_mandant_data['mandant_id'] . " AND id=" . $db->insert_id()); $rowlink['beschreibung'] = htmlconverter(stripcrap(trim($rowlink['beschreibung']))); $smarty->assign($rowlink); $smarty->assign("fehler", 1); $smarty->assign("page_redirect", "termin.php?sid=" . $adminsession->session_data['hash']); } else { $smarty->assign("fehler", 2); } } $smarty->assign($rowlink); $smarty->display("a_termin_edit.tpl.php"); exit; } /** * * Entfernen einer Link Kategorie *