"; include_once 'classes/lg-on_Smarty.class.php'; $smarty = new lgon_Smarty(); require_once("config.inc.php"); require_once("func_rollenrechte.php"); $templatename = substr(basename($_SERVER['PHP_SELF']),0,-3)."html"; require_once "language/german.inc.php"; if(isset($_GET['lid'])){ $lid = $_GET['lid']; setcookie("ck_lid","$lid"); }else{ $lid = $_COOKIE['ck_lid']; } if(isset($_GET['ausgabe_ansicht'])){ $ausgabe_ansicht = $_GET['ausgabe_ansicht']; setcookie("ck_ausgabe_ansicht","$ausgabe_ansicht"); }else{ $ausgabe_ansicht = $_COOKIE['ck_ausgabe_ansicht']; } $smarty->assign('lied_lid', "$lid"); $smarty->assign('ausgabe_ansicht', "$ausgabe_ansicht"); $db = dbconnect(); //Wenn Kategorie nicht GD ist, dann keine Lieder anzeigen $result = $db->query("SELECT 1 FROM quelle WHERE lid=$lid AND kid=1"); $row = $result->fetch_array(); if($row[0] != 1){ exit; } // Ist ein Admin angemeldet. Dieser darf immer Lieder löschen. // Der normale Anwender darf nur selbst erfasste Lieder löschen // Rechteüberprüfung $db = dbconnect(); if ($user_admin == ""){ require("index.php"); exit;} //Wenn man nicht angemeldet ist, darf man nicht auf die Seite if(!rore($user_admin,'a_lied','RE')){require("lib/rechte.php");exit;} // Rechteüberprüfung ende if(isset($_GET['action'])){ $action = $_GET['action']; }else{ $action = ''; } if($action == ''){ ## Ab 28.11.2010 gibt es die neue Liturgie, daher auch Bußlied $result_nl = $db->query("SELECT DISTINCT 1 FROM quelle WHERE datum >= '2010-11-28' AND lid='$lid'"); $row_nl = $result_nl->fetch_array(); if($row_nl[0] == 1){ $smarty->assign('lieder_neue_liturgie', "1"); }else{ $smarty->assign('lieder_neue_liturgie', "2"); } $db = dbconnect(); $query = "SELECT a.gbid, nr, titel, user, text FROM lieder a, lieder_quelle b, lieder_texte c WHERE a.gbid=b.gbid AND a.gbid=c.gbid AND art= 'el' AND lid='$lid'"; $result = $db->query( $query) or die ("Cannot execute query"); $delnr=""; while ($row = $result->fetch_array()){ $titel = addslashes($row['titel']); $text = strip_tags($row['text'], '
,'); $text = str_replace("\n","",$text); $text = $db->real_escape_string(str_replace(chr(13),"",$text)); $text = str_replace("'","\'",$text); if(($user_admin==$row['user'] OR rore($user_admin,'Administrator','RO')) AND $row['nr']!=""){ $delnr=1; }else{ $delnr=0; } $row['titel'] = $titel; $row['text'] = $text; $row['del_nr'] = $delnr; $value[] = $row; } // Assign this array to smarty.. $smarty->assign('table_data', $value); $query = "SELECT a.gbid, nr, titel, user, text FROM lieder a, lieder_quelle b, lieder_texte c WHERE a.gbid=b.gbid AND a.gbid=c.gbid AND art= 'al' AND lid='$lid'"; $result = $db->query( $query) or die ("Cannot execute query"); $delnr=""; while ($row = $result->fetch_array()){ $titel = addslashes($row['titel']); $text = strip_tags($row['text'], '
,'); $text = str_replace("\n","",$text); $text = $db->real_escape_string(str_replace(chr(13),"",$text)); if(($user_admin==$row['user'] OR rore($user_admin,'Administrator','RO')) AND $row['nr']!=""){ $delnr=1; }else{ $delnr=0; } $row['titel'] = $titel; $row['text'] = $text; $row['del_nr'] = $delnr; $value1[] = $row; } // Assign this array to smarty.. $smarty->assign('table_data1', $value1); $query = "SELECT a.gbid, nr, titel, user, text FROM lieder a, lieder_quelle b, lieder_texte c WHERE a.gbid=b.gbid AND a.gbid=c.gbid AND art= 'wl' AND lid='$lid'"; $result = $db->query( $query) or die ("Cannot execute query"); $delnr=""; while ($row = $result->fetch_array()){ $titel = addslashes($row['titel']); $text = strip_tags($row['text'], '
,'); $text = str_replace("\n","",$text); $text = $db->real_escape_string(str_replace(chr(13),"",$text)); if(($user_admin==$row['user'] OR rore($user_admin,'Administrator','RO')) AND $row['nr']!=""){ $delnr=1; }else{ $delnr=0; } $row['titel'] = $titel; $row['text'] = $text; $row['del_nr'] = $delnr; $value2[] = $row; } // Assign this array to smarty.. $smarty->assign('table_data2', $value2); $query = "SELECT a.gbid, nr, titel, user, text FROM lieder a, lieder_quelle b, lieder_texte c WHERE a.gbid=b.gbid AND a.gbid=c.gbid AND art= 'bl' AND lid='$lid'"; $result = $db->query( $query) or die ("Cannot execute query"); $delnr=""; while ($row = $result->fetch_array()){ $titel = addslashes($row['titel']); $text = strip_tags($row['text'], '
,'); $text = str_replace("\n","",$text); $text = $db->real_escape_string(str_replace(chr(13),"",$text)); if(($user_admin==$row['user'] OR rore($user_admin,'Administrator','RO')) AND $row['nr']!=""){ $delnr=1; }else{ $delnr=0; } $row['titel'] = $titel; $row['text'] = $text; $row['del_nr'] = $delnr; $value3[] = $row; } // Assign this array to smarty.. $smarty->assign('table_data3', $value3); } if($action == 'liederf'){ $el = $_POST['el']; $bl = $_POST['bl']; $al = $_POST['al']; $wl = $_POST['wl']; $db = dbconnect(); $result_el = $db->query("SELECT gbid FROM lieder WHERE nr='$el' LIMIT 1"); $row_el = $result_el->fetch_array(); $result_bl = $db->query("SELECT gbid FROM lieder WHERE nr='$bl' LIMIT 1"); $row_bl = $result_bl->fetch_array(); $result_al = $db->query("SELECT gbid FROM lieder WHERE nr='$al' LIMIT 1"); $row_al = $result_al->fetch_array(); $result_wl = $db->query("SELECT gbid FROM lieder WHERE nr='$wl' LIMIT 1"); $row_wl = $result_wl->fetch_array(); if (!(preg_match("/^[0-9]+$/",$el)) AND $el != '') { $smarty->assign('error_el', "1"); } elseif (!(preg_match("/^[0-9]+$/",$bl)) AND $bl != '') { $smarty->assign('error_bl', "1"); } elseif (!(preg_match("/^[0-9]+$/",$al)) AND $al != '') { $smarty->assign('error_al', "1"); } elseif (!(preg_match("/^[0-9]+$/",$wl)) AND $wl != '') { $smarty->assign('error_wl', "1"); }elseif($el != '' AND $row_el['gbid'] == ''){ $smarty->assign('invalid_el', "1"); }elseif($bl != '' AND $row_bl['gbid'] == ''){ $smarty->assign('invalid_bl', "1"); }elseif($al != '' AND $row_al['gbid'] == ''){ $smarty->assign('invalid_al', "1"); }elseif($wl != '' AND $row_wl['gbid'] == ''){ $smarty->assign('invalid_wl', "1"); $smarty->assign('invalid_wl', "1"); }else{ $sql = $db->query( "DELETE FROM lieder_quelle WHERE lid=$lid AND gbid=$row_el[gbid] AND art = 'el'" ); $sql = $db->query( "DELETE FROM lieder_quelle WHERE lid=$lid AND gbid=$row_bl[gbid] AND art = 'bl'" ); $sql = $db->query( "DELETE FROM lieder_quelle WHERE lid=$lid AND gbid=$row_al[gbid] AND art = 'al'" ); $sql = $db->query( "DELETE FROM lieder_quelle WHERE lid=$lid AND gbid=$row_wl[gbid] AND art = 'wl'" ); $sql = $db->query( "INSERT INTO lieder_quelle (lid, gbid, art, user) VALUES ($lid, $row_el[gbid], 'el', '$user_admin')" ); $sql = $db->query( "INSERT INTO lieder_quelle (lid, gbid, art, user) VALUES ($lid, $row_bl[gbid], 'bl', '$user_admin')" ); $sql = $db->query( "INSERT INTO lieder_quelle (lid, gbid, art, user) VALUES ($lid, $row_al[gbid], 'al', '$user_admin')" ); $sql = $db->query( "INSERT INTO lieder_quelle (lid, gbid, art, user) VALUES ($lid, $row_wl[gbid], 'wl', '$user_admin')" ); $sql = $db->query( "DELETE FROM lieder_quelle WHERE gbid=''"); $smarty->assign('lieder_success', "1"); } } if($action == 'del'){ $gbid = $_GET["gbid"]; $art= $_GET["art"]; $db = dbconnect(); $sql = $db->query( "DELETE FROM lieder_quelle WHERE lid=$lid AND gbid=$gbid AND art = '$art'"); $smarty->assign('lieder_del', "1"); } $smarty->assign('action', "$action"); $smarty->display("$template/$templatename"); ?>