"; session_start(); include_once 'classes/lg-on_Smarty.class.php'; $smarty = new lgon_Smarty(); require_once("config.inc.php"); require_once("func_rollenrechte.php"); $templatename = substr(basename($_SERVER['PHP_SELF']),0,-3)."html"; require_once "language/german.inc.php"; // Rechteüberprüfung dbconnect(); if ($user_admin == ""){ require("index.php"); exit;} //Wenn man nicht angemeldet ist, darf man nicht auf die Seite if(!rore($user_admin,'a_notes','RE')){require("lib/rechte.php");exit;} // Rechteüberprüfung ende if(isset($_GET['action'])){ $action = $_GET['action']; }else{ $action = ''; } if($action == ''){ $lid = $_GET['lid']; $_SESSION['ck_lid_notiz'] = $lid; $result = $db->query( "SELECT notiz FROM notizen WHERE lid = '$lid' AND user = '$user_admin' "); $row = $result->fetch_array(); $notiz =str_replace ('"', '\"' , $row['notiz']); $notiz =str_replace ("'", "\'" , $notiz); $notiz = preg_replace("/\r*|\n*/s", "", $notiz); $notiz = preg_replace("/(\r\n|\n|\r)/", "", $notiz); # echo $notiz; # exit; #$notiz = strip_tags($notiz); $smarty->assign('notes_text', "$notiz"); $smarty->assign('notes_lid', "$lid"); } if($action == 'notes'){ $lid = $_SESSION['ck_lid_notiz']; $smarty->assign('notes_lid', "$lid"); $notiz = $db->real_escape_string(stripslashes( $_POST['notizen'] )); dbconnect(); $sql = $db->query( "DELETE FROM notizen WHERE lid='$lid' AND user = '$user_admin'" ); $sql = $db->query( "INSERT INTO notizen (lid, user, notiz) VALUES ($lid, '$user_admin', '$notiz')" ); $sql = $db->query( "DELETE FROM notizen WHERE notiz=''" ); session_destroy(); $smarty->assign('notes_redirect', "1"); } $smarty->assign('action', "$action"); $smarty->display("$template/$templatename"); ?>