diff --git a/includes/pages/admin_faq.php b/includes/pages/admin_faq.php
index 5b9a338f..b8ba1a64 100644
--- a/includes/pages/admin_faq.php
+++ b/includes/pages/admin_faq.php
@@ -4,8 +4,14 @@ function admin_faq() {
$faqs_html = "";
$faqs = sql_select("SELECT * FROM `FAQ`");
foreach ($faqs as $faq) {
- $faqs_html .= '
- ' . $faq['Frage_de'] . '
- ' . $faq['Antwort_de'] . '
| - ' . $faq['Frage_en'] . '
- ' . $faq['Antwort_en'] . '
| ';
- $faqs_html .= 'Edit |
';
+ $faqs_html .= sprintf(
+ ' - %s
- %s
| '
+ . ' - %s
- %s
| '
+ . 'Edit |
',
+ $faq['Frage_de'], $faq['Antwort_de'],
+ $faq['Frage_en'], $faq['Antwort_en'],
+ page_link_to('admin_faq'), $faq['FID']
+ );
}
return template_render('../templates/admin_faq.html', array (
'link' => page_link_to("admin_faq"),
@@ -14,11 +20,18 @@ function admin_faq() {
} else {
switch ($_REQUEST['action']) {
case 'create' :
- $frage = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['frage']));
- $antwort = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['antwort']));
- $question = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question']));
- $answer = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer']));
- sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "'");
+ $frage = strip_request_item_nl('frage');
+ $antwort = strip_request_item_nl('antwort');
+ $question = strip_request_item_nl('question');
+ $answer = strip_request_item_nl('answer');
+
+ sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage)
+ . "', `Frage_en`='" . sql_escape($question)
+ . "', `Antwort_de`='" . sql_escape($antwort)
+ . "', `Antwort_en`='" . sql_escape($answer)
+ . "'"
+ );
+
header("Location: " . page_link_to("admin_faq"));
break;
@@ -32,11 +45,18 @@ function admin_faq() {
if (count($faq) > 0) {
list ($faq) = $faq;
- $frage = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['frage']));
- $antwort = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['antwort']));
- $question = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question']));
- $answer = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer']));
- sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
+ $frage = strip_request_item_nl('frage');
+ $antwort = strip_request_item_nl('antwort');
+ $question = strip_request_item_nl('question');
+ $answer = strip_request_item_nl('answer');
+
+ sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage)
+ . "', `Frage_en`='" . sql_escape($question)
+ . "', `Antwort_de`='" . sql_escape($antwort)
+ . "', `Antwort_en`='" . sql_escape($answer)
+ . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1"
+ );
+
header("Location: " . page_link_to("admin_faq"));
} else
return error("No FAQ found.");
@@ -82,4 +102,4 @@ function admin_faq() {
}
}
}
-?>
\ No newline at end of file
+?>
diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php
index 5d9d8180..842640d8 100644
--- a/includes/pages/admin_groups.php
+++ b/includes/pages/admin_groups.php
@@ -7,15 +7,23 @@ function admin_groups() {
if (!isset ($_REQUEST["action"])) {
$groups_html = "";
foreach ($groups as $group) {
- $groups_html .= '';
- $groups_html .= '' . $group['Name'] . ' | ';
+ $groups_html .= sprintf(
+ '
%s | ',
+ $group['Name']
+ );
$privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
$privileges_html = array ();
+
foreach ($privileges as $priv)
$privileges_html[] = $priv['name'];
- $groups_html .= '' . join(", ", $privileges_html) . ' | ';
- $groups_html .= 'Ändern | ';
- $groups_html .= '
';
+
+ $groups_html .= sprintf(
+ '%s | '
+ . 'Ändern | ',
+ join(', ', $privileges_html),
+ page_link_to("admin_groups"),
+ $group['UID']
+ );
}
return template_render('../templates/admin_groups.html', array (
diff --git a/includes/pages/guest_faq.php b/includes/pages/guest_faq.php
index c4bcd0bb..2799cbaf 100644
--- a/includes/pages/guest_faq.php
+++ b/includes/pages/guest_faq.php
@@ -5,11 +5,17 @@ function guest_faq() {
foreach ($faqs as $faq) {
$html .= "";
if ($_SESSION['Sprache'] == "DE") {
- $html .= "- " . $faq['Frage_de'] . "
";
- $html .= "- " . $faq['Antwort_de'] . "
";
+ $html .= sprintf(
+ '- %s
- %s
',
+ $faq['frage_de'],
+ $faq['antwort_de']
+ );
} else {
- $html .= "- " . $faq['Frage_en'] . "
";
- $html .= "- " . $faq['Antwort_en'] . "
";
+ $html .= sprintf(
+ '- %s
- %s
',
+ $faq['frage_en'],
+ $faq['antwort_en']
+ );
}
$html .= "
";
}
diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php
index bbf36b6d..db20a207 100644
--- a/includes/pages/guest_login.php
+++ b/includes/pages/guest_login.php
@@ -16,12 +16,25 @@ function guest_register() {
$Ergans = sql_select("SELECT UID FROM `User` WHERE `Nick`='" . sql_escape($_POST["Nick"]) . "'");
if (strlen($_POST["Nick"]) < 2)
- $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick2");
- elseif (count($Ergans) > 0) $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick3");
- elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false) $error = Get_Text("makeuser_error_mail");
- elseif (!is_numeric($_POST["Alter"])) $error = Get_Text("makeuser_error_Alter");
- elseif ($_POST["Passwort"] != $_POST["Passwort2"]) $error = Get_Text("makeuser_error_password1");
- elseif (strlen($_POST["Passwort"]) < 6) $error = Get_Text("makeuser_error_password2");
+ $error = Get_Text("makeuser_error_nick1")
+ . $_POST["Nick"] . Get_Text("makeuser_error_nick2");
+
+ elseif (count($Ergans) > 0)
+ $error = Get_Text("makeuser_error_nick1")
+ . $_POST["Nick"] . Get_Text("makeuser_error_nick3");
+
+ elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false)
+ $error = Get_Text("makeuser_error_mail");
+
+ elseif (!is_numeric($_POST["Alter"]))
+ $error = Get_Text("makeuser_error_Alter");
+
+ elseif ($_POST["Passwort"] != $_POST["Passwort2"])
+ $error = Get_Text("makeuser_error_password1");
+
+ elseif (strlen($_POST["Passwort"]) < 6)
+ $error = Get_Text("makeuser_error_password2");
+
else {
$_POST["Passwort"] = PassCrypt($_POST["Passwort"]);
unset ($_POST["Passwort2"]);
@@ -35,15 +48,26 @@ function guest_register() {
"`Size`, " . "`Passwort`, " .
"`Art` , " . "`kommentar`, " .
"`Hometown`," . "`CreateDate`, `Sprache` ) " .
- "VALUES ( " .
- "'" . $_POST["Nick"] . "', " . "'" . $_POST["Name"] . "', " .
- "'" . $_POST["Vorname"] . "', " . "'" . $_POST["Alter"] . "', " .
- "'" . $_POST["Telefon"] . "', " . "'" . $_POST["DECT"] . "', " .
- "'" . $_POST["Handy"] . "', " . "'" . $_POST["email"] . "', " .
- "'" . $_POST["ICQ"] . "', " . "'" . $_POST["jabber"] . "', " .
- "'" . $_POST["Size"] . "', " . "'" . $_POST["Passwort"] . "', " .
- "'" . $_POST["Art"] . "', " . "'" . $_POST["kommentar"] . "', " .
- "'" . $_POST["Hometown"] . "'," . "NOW(), '" . $_SESSION['Sprache'] . "')");
+ "VALUES ( '"
+ . sql_escape($_POST["Nick"]) . "', " . "'"
+ . sql_escape($_POST["Name"]) . "', " . "'"
+ . sql_escape($_POST["Vorname"]) . "', " . "'"
+ . sql_escape($_POST["Alter"]) . "', " . "'"
+ . sql_escape($_POST["Telefon"]) . "', " . "'"
+ . sql_escape($_POST["DECT"]) . "', " . "'"
+ . sql_escape($_POST["Handy"]) . "', " . "'"
+ . sql_escape($_POST["email"]) . "', " . "'"
+ . sql_escape($_POST["ICQ"]) . "', " . "'"
+ . sql_escape($_POST["jabber"]) . "', " . "'"
+ . sql_escape($_POST["Size"]) . "', " . "'"
+ . sql_escape($_POST["Passwort"]) . "', " . "'"
+ . sql_escape($_POST["Art"]) . "', " . "'"
+ . sql_escape($_POST["kommentar"]) . "', " . "'"
+ . sql_escape($_POST["Hometown"]) . "',"
+ . "NOW(), '"
+ . sql_escape($_SESSION["Sprache"])
+ . "')"
+ );
if ($Erg != 1) {
$html .= Get_Text("makeuser_error_write1") . "
\n";
@@ -242,4 +266,4 @@ function guest_login_form() {
'send' => Get_Text("index_lang_send")
));
}
-?>
\ No newline at end of file
+?>
diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php
index 30871d9d..a13b28f0 100644
--- a/includes/pages/user_messages.php
+++ b/includes/pages/user_messages.php
@@ -6,7 +6,13 @@ function user_unread_messages() {
$new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID']));
if ($new_messages > 0)
- return '' . Get_Text("pub_messages_new1") . " " . $new_messages . " " . Get_Text("pub_messages_new2") . '
';
+ return sprintf(
+ '%s %s %s
',
+ page_link_to("user_messages"),
+ Get_Text("pub_messages_new1"),
+ $new_messages,
+ Get_Text("pub_messages_new2")
+ );
}
return "";
@@ -16,23 +22,37 @@ function user_messages() {
global $user;
if (!isset ($_REQUEST['action'])) {
- $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`");
+ $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`="
+ . sql_escape($user['UID']) . " ORDER BY `Nick`");
+
$to_select_data = array (
"" => "Select receiver..."
);
+
foreach ($users as $u)
$to_select_data[$u['UID']] = $u['Nick'];
+
$to_select = html_select_key('to', $to_select_data, '');
$messages_html = "";
- $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC");
+ $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`="
+ . sql_escape($user['UID'])
+ . " OR `RUID`=" . sql_escape($user['UID'])
+ . " ORDER BY `isRead`,`Datum` DESC"
+ );
foreach ($messages as $message) {
- $messages_html .= '';
- $messages_html .= '' . ($message['isRead'] == 'N' ? '•' : '') . ' | ';
- $messages_html .= '' . date("Y-m-d H:i", $message['Datum']) . ' | ';
- $messages_html .= '' . UID2Nick($message['SUID']) . ' | ';
- $messages_html .= '' . UID2Nick($message['RUID']) . ' | ';
- $messages_html .= '' . str_replace("\n", ' ', $message['Text']) . ' | ';
+
+ $messages_html .= sprintf(
+ '
%s | %s | %s | %s | '
+ .'%s | ',
+ ($message['isRead'] == 'N' ? ' class="new_message"' : ''),
+ ($message['isRead'] == 'N' ? '•' : ''),
+ date("Y-m-d H:i", $message['Datum']),
+ UID2Nick($message['SUID']),
+ UID2Nick($message['RUID']),
+ str_replace("\n", '
', $message['Text'])
+ );
+
$messages_html .= '';
if ($message['RUID'] == $user['UID']) {
if ($message['isRead'] == 'N')
@@ -45,7 +65,8 @@ function user_messages() {
return template_render('../templates/user_messages.html', array (
'link' => page_link_to("user_messages"),
- 'greeting' => Get_Text("Hello") . $user['Nick'] . ", \n" . Get_Text("pub_messages_text1") . "
\n",
+ 'greeting' => Get_Text("Hello") . $user['Nick'] . ", \n"
+ . Get_Text("pub_messages_text1") . "
\n",
'messages' => $messages_html,
'new_label' => Get_Text("pub_messages_Neu"),
'date_label' => Get_Text("pub_messages_Datum"),
diff --git a/includes/sys_auth.php b/includes/sys_auth.php
index 68e336b0..009be2d8 100644
--- a/includes/sys_auth.php
+++ b/includes/sys_auth.php
@@ -19,7 +19,10 @@ function load_auth() {
if (count($user) > 0) {
// User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten
list ($user) = $user;
- sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . $_SESSION['uid'] . "' LIMIT 1;");
+ sql_query("UPDATE `User` SET "
+ . "`lastLogIn` = '" . time() . "'"
+ . " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;"
+ );
} else
unset ($_SESSION['uid']);
}
@@ -52,4 +55,4 @@ function PassCrypt($passwort) {
return md5($passwort);
}
}
-?>
\ No newline at end of file
+?>
diff --git a/includes/sys_page.php b/includes/sys_page.php
index 2af5f729..e499cd57 100644
--- a/includes/sys_page.php
+++ b/includes/sys_page.php
@@ -8,6 +8,14 @@ function strip_request_item($name) {
);
}
+function strip_request_item_nl($name) {
+ return preg_replace(
+ "/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui",
+ '',
+ strip_tags($_REQUEST[$name])
+ );
+}
+
function error($msg) {
return '' . $msg . ' ';
}
|