diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php index 553473eb..789fc728 100644 --- a/includes/pages/admin_news.php +++ b/includes/pages/admin_news.php @@ -5,63 +5,62 @@ function admin_news() { if (! isset($_GET["action"])) { redirect(page_link_to("news")); + } + + $html = '

' . _("Edit news entry") . '

' . msg(); + if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) { + $news_id = $_REQUEST['id']; } else { - $html = '

' . _("Edit news entry") . '

' . msg(); - if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) { - $news_id = $_REQUEST['id']; - } else { - return error("Incomplete call, missing News ID.", true); - } + return error("Incomplete call, missing News ID.", true); + } + + $news = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($news_id) . "' LIMIT 1"); + if (empty($news)) { + return error("No News found.", true); + } + switch ($_REQUEST["action"]) { + default: + redirect(page_link_to('news')); + case 'edit': + list($news) = $news; + + $user_source = User($news['UID']); + + $html .= form([ + form_info(_("Date"), date("Y-m-d H:i", $news['Datum'])), + form_info(_("Author"), User_Nick_render($user_source)), + form_text('eBetreff', _("Subject"), $news['Betreff']), + form_textarea('eText', _("Message"), $news['Text']), + form_checkbox('eTreffen', _("Meeting"), $news['Treffen'] == 1, 1), + form_submit('submit', _("Save")) + ], page_link_to('admin_news&action=save&id=' . $news_id)); + + $html .= ' ' . _("Delete") . ''; + break; - $news = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($news_id) . "' LIMIT 1"); - if (count($news) > 0) { - switch ($_REQUEST["action"]) { - default: - redirect(page_link_to('news')); - case 'edit': - list($news) = $news; - - $user_source = User($news['UID']); - - $html .= form([ - form_info(_("Date"), date("Y-m-d H:i", $news['Datum'])), - form_info(_("Author"), User_Nick_render($user_source)), - form_text('eBetreff', _("Subject"), $news['Betreff']), - form_textarea('eText', _("Message"), $news['Text']), - form_checkbox('eTreffen', _("Meeting"), $news['Treffen'] == 1, 1), - form_submit('submit', _("Save")) - ], page_link_to('admin_news&action=save&id=' . $news_id)); - - $html .= ' ' . _("Delete") . ''; - break; - - case 'save': - list($news) = $news; - - sql_query("UPDATE `News` SET + case 'save': + list($news) = $news; + + sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) . "', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`='" . sql_escape($news_id) . "'"); - engelsystem_log("News updated: " . $_POST["eBetreff"]); - success(_("News entry updated.")); - redirect(page_link_to("news")); - break; - - case 'delete': - list($news) = $news; - - sql_query("DELETE FROM `News` WHERE `ID`='" . sql_escape($news_id) . "' LIMIT 1"); - engelsystem_log("News deleted: " . $news['Betreff']); - success(_("News entry deleted.")); - redirect(page_link_to("news")); - break; - } - } else { - return error("No News found.", true); - } + engelsystem_log("News updated: " . $_POST["eBetreff"]); + success(_("News entry updated.")); + redirect(page_link_to("news")); + break; + + case 'delete': + list($news) = $news; + + sql_query("DELETE FROM `News` WHERE `ID`='" . sql_escape($news_id) . "' LIMIT 1"); + engelsystem_log("News deleted: " . $news['Betreff']); + success(_("News entry deleted.")); + redirect(page_link_to("news")); + break; } return $html . '
'; } diff --git a/includes/sys_template.php b/includes/sys_template.php index 2faf98c3..5b6caade 100644 --- a/includes/sys_template.php +++ b/includes/sys_template.php @@ -374,11 +374,11 @@ function render_table($columns, $rows, $data = true) { foreach ($rows as $row) { $html .= ''; foreach ($columns as $key => $column) { + $value = " "; if (isset($row[$key])) { - $html .= '' . $row[$key] . ''; - } else { - $html .= ' '; + $value = $row[$key]; } + $html .= '' . $value . ''; } $html .= ''; }