<?php
/*
# Fuer debugging
error_reporting(E_ALL);
ini_set('display_errors', 1);
#echo __LINE__."<br>";
*/
session_start();

include_once 'classes/lg-on_Smarty.class.php';
$smarty = new lgon_Smarty();
require_once("config.inc.php");
require_once("func_rollenrechte.php");
$templatename = substr(basename($_SERVER['PHP_SELF']),0,-3)."html";
require_once "language/german.inc.php";

// Rechteüberprüfung
$db = dbconnect();
if ($user_admin == ""){ require("index.php"); exit;} //Wenn man nicht angemeldet ist, darf man nicht auf die Seite
if(!rore($user_admin,'a_notes','RE')){require("lib/rechte.php");exit;}
// Rechteüberprüfung ende

if(isset($_GET['eid'])){
  $eid = $_GET['eid'];
}else{
  $eid = "";
}



if(isset($_GET['action'])){
  $action = $_GET['action'];
}else{
  $action = '';
}

if($action == ''){
   $_SESSION['ck_eid_notiz'] = $eid;

   $result = $db->query("SELECT notiz
                            FROM lue_notizen
                           WHERE eid = '$eid'
                             AND user = '$user_admin'
                         ");
   $row = $result->fetch_array();
   
   
   $notiz =str_replace  ('"',  '\"'  ,  $row['notiz']);
   $notiz =str_replace  ("'",  "\'"  ,  $notiz);
   $notiz = preg_replace("/\r*|\n*/s", "", $notiz);
   $notiz = preg_replace("/(\r\n|\n|\r)/", "", $notiz);
   $smarty->assign('notes_text', "$notiz");
}

if($action == 'notes'){
  $eid_notiz = $_SESSION['ck_eid_notiz'];
  $smarty->assign('notes_eid', "$eid_notiz");
  $notiz = $db -> real_escape_string(stripslashes( $_POST['notizen'] ));
  
  $sql = $db->query( "DELETE FROM lue_notizen WHERE eid='$eid_notiz' AND user = '$user_admin'" );
  $sql = $db->query( "INSERT INTO lue_notizen (eid, user, notiz) VALUES ($eid_notiz, '$user_admin', '$notiz')" );
  $sql = $db->query( "DELETE FROM lue_notizen WHERE notiz=''" );

  session_destroy();
}



$smarty->assign('action', "$action");
$smarty->display("$template/$templatename");
?>