<?php
session_start();
# Fuer debugging
#error_reporting(E_ALL);
#ini_set('display_errors', 1);
#echo __LINE__."<br>";
include_once 'classes/lg-on_Smarty.class.php';
$smarty = new lgon_Smarty();
require_once("config.inc.php");
require_once("func_rollenrechte.php");
$templatename = substr(basename($_SERVER['PHP_SELF']),0,-3)."html";
require_once "language/german.inc.php";
if(isset($_GET['lid'])){
$lid = $_GET['lid'];
setcookie("ck_lid","$lid");
}else{
$lid = $_COOKIE['ck_lid'];
}
if(isset($_GET['ausgabe_ansicht'])){
$ausgabe_ansicht = $_GET['ausgabe_ansicht'];
setcookie("ck_ausgabe_ansicht","$ausgabe_ansicht");
}else{
$ausgabe_ansicht = $_COOKIE['ck_ausgabe_ansicht'];
}
$smarty->assign('lied_lid', "$lid");
$smarty->assign('ausgabe_ansicht', "$ausgabe_ansicht");
$db = dbconnect();
//Wenn Kategorie nicht GD ist, dann keine Lieder anzeigen
$result = $db->query("SELECT 1 FROM quelle WHERE lid=$lid AND kid=1");
$row = $result->fetch_array();
if($row[0] != 1){
exit;
}
// Ist ein Admin angemeldet. Dieser darf immer Lieder löschen.
// Der normale Anwender darf nur selbst erfasste Lieder löschen
// Rechteüberprüfung
$db = dbconnect();
if ($user_admin == ""){ require("index.php"); exit;} //Wenn man nicht angemeldet ist, darf man nicht auf die Seite
if(!rore($user_admin,'a_lied','RE')){require("lib/rechte.php");exit;}
// Rechteüberprüfung ende
if(isset($_GET['action'])){
$action = $_GET['action'];
}else{
$action = '';
}
if($action == ''){
## Ab 28.11.2010 gibt es die neue Liturgie, daher auch Bußlied
$result_nl = $db->query("SELECT DISTINCT 1
FROM quelle
WHERE datum >= '2010-11-28'
AND lid='$lid'");
$row_nl = $result_nl->fetch_array();
if($row_nl[0] == 1){
$smarty->assign('lieder_neue_liturgie', "1");
}else{
$smarty->assign('lieder_neue_liturgie', "2");
}
$db = dbconnect();
$query = "SELECT a.gbid, nr, titel, user, text
FROM lieder a, lieder_quelle b, lieder_texte c
WHERE a.gbid=b.gbid
AND a.gbid=c.gbid
AND art= 'el'
AND lid='$lid'";
$result = $db->query( $query)
or die ("Cannot execute query");
$delnr="";
while ($row = $result->fetch_array()){
$titel = addslashes($row['titel']);
$text = strip_tags($row['text'], '<br>,<strong>');
$text = str_replace("\n","",$text);
$text = $db->real_escape_string(str_replace(chr(13),"",$text));
$text = str_replace("'","\'",$text);
if(($user_admin==$row['user'] OR rore($user_admin,'Administrator','RO')) AND $row['nr']!=""){
$delnr=1;
}else{
$delnr=0;
}
$row['titel'] = $titel;
$row['text'] = $text;
$row['del_nr'] = $delnr;
$value[] = $row;
}
// Assign this array to smarty..
$smarty->assign('table_data', $value);
$query = "SELECT a.gbid, nr, titel, user, text
FROM lieder a, lieder_quelle b, lieder_texte c
WHERE a.gbid=b.gbid
AND a.gbid=c.gbid
AND art= 'al'
AND lid='$lid'";
$result = $db->query( $query)
or die ("Cannot execute query");
$delnr="";
while ($row = $result->fetch_array()){
$titel = addslashes($row['titel']);
$text = strip_tags($row['text'], '<br>,<strong>');
$text = str_replace("\n","",$text);
$text = $db->real_escape_string(str_replace(chr(13),"",$text));
if(($user_admin==$row['user'] OR rore($user_admin,'Administrator','RO')) AND $row['nr']!=""){
$delnr=1;
}else{
$delnr=0;
}
$row['titel'] = $titel;
$row['text'] = $text;
$row['del_nr'] = $delnr;
$value1[] = $row;
}
// Assign this array to smarty..
$smarty->assign('table_data1', $value1);
$query = "SELECT a.gbid, nr, titel, user, text
FROM lieder a, lieder_quelle b, lieder_texte c
WHERE a.gbid=b.gbid
AND a.gbid=c.gbid
AND art= 'wl'
AND lid='$lid'";
$result = $db->query( $query)
or die ("Cannot execute query");
$delnr="";
while ($row = $result->fetch_array()){
$titel = addslashes($row['titel']);
$text = strip_tags($row['text'], '<br>,<strong>');
$text = str_replace("\n","",$text);
$text = $db->real_escape_string(str_replace(chr(13),"",$text));
if(($user_admin==$row['user'] OR rore($user_admin,'Administrator','RO')) AND $row['nr']!=""){
$delnr=1;
}else{
$delnr=0;
}
$row['titel'] = $titel;
$row['text'] = $text;
$row['del_nr'] = $delnr;
$value2[] = $row;
}
// Assign this array to smarty..
$smarty->assign('table_data2', $value2);
$query = "SELECT a.gbid, nr, titel, user, text
FROM lieder a, lieder_quelle b, lieder_texte c
WHERE a.gbid=b.gbid
AND a.gbid=c.gbid
AND art= 'bl'
AND lid='$lid'";
$result = $db->query( $query)
or die ("Cannot execute query");
$delnr="";
while ($row = $result->fetch_array()){
$titel = addslashes($row['titel']);
$text = strip_tags($row['text'], '<br>,<strong>');
$text = str_replace("\n","",$text);
$text = $db->real_escape_string(str_replace(chr(13),"",$text));
if(($user_admin==$row['user'] OR rore($user_admin,'Administrator','RO')) AND $row['nr']!=""){
$delnr=1;
}else{
$delnr=0;
}
$row['titel'] = $titel;
$row['text'] = $text;
$row['del_nr'] = $delnr;
$value3[] = $row;
}
// Assign this array to smarty..
$smarty->assign('table_data3', $value3);
}
if($action == 'liederf'){
$el = $_POST['el'];
$bl = $_POST['bl'];
$al = $_POST['al'];
$wl = $_POST['wl'];
$db = dbconnect();
$result_el = $db->query("SELECT gbid FROM lieder WHERE nr='$el' LIMIT 1");
$row_el = $result_el->fetch_array();
$result_bl = $db->query("SELECT gbid FROM lieder WHERE nr='$bl' LIMIT 1");
$row_bl = $result_bl->fetch_array();
$result_al = $db->query("SELECT gbid FROM lieder WHERE nr='$al' LIMIT 1");
$row_al = $result_al->fetch_array();
$result_wl = $db->query("SELECT gbid FROM lieder WHERE nr='$wl' LIMIT 1");
$row_wl = $result_wl->fetch_array();
if (!(preg_match("/^[0-9]+$/",$el)) AND $el != '') {
$smarty->assign('error_el', "1");
}
elseif (!(preg_match("/^[0-9]+$/",$bl)) AND $bl != '') {
$smarty->assign('error_bl', "1");
}
elseif (!(preg_match("/^[0-9]+$/",$al)) AND $al != '') {
$smarty->assign('error_al', "1");
}
elseif (!(preg_match("/^[0-9]+$/",$wl)) AND $wl != '') {
$smarty->assign('error_wl', "1");
}elseif($el != '' AND $row_el['gbid'] == ''){
$smarty->assign('invalid_el', "1");
}elseif($bl != '' AND $row_bl['gbid'] == ''){
$smarty->assign('invalid_bl', "1");
}elseif($al != '' AND $row_al['gbid'] == ''){
$smarty->assign('invalid_al', "1");
}elseif($wl != '' AND $row_wl['gbid'] == ''){
$smarty->assign('invalid_wl', "1");
$smarty->assign('invalid_wl', "1");
}else{
$sql = $db->query( "DELETE FROM lieder_quelle WHERE lid=$lid AND gbid=$row_el[gbid] AND art = 'el'" );
$sql = $db->query( "DELETE FROM lieder_quelle WHERE lid=$lid AND gbid=$row_bl[gbid] AND art = 'bl'" );
$sql = $db->query( "DELETE FROM lieder_quelle WHERE lid=$lid AND gbid=$row_al[gbid] AND art = 'al'" );
$sql = $db->query( "DELETE FROM lieder_quelle WHERE lid=$lid AND gbid=$row_wl[gbid] AND art = 'wl'" );
$sql = $db->query( "INSERT INTO lieder_quelle (lid, gbid, art, user) VALUES ($lid, $row_el[gbid], 'el', '$user_admin')" );
$sql = $db->query( "INSERT INTO lieder_quelle (lid, gbid, art, user) VALUES ($lid, $row_bl[gbid], 'bl', '$user_admin')" );
$sql = $db->query( "INSERT INTO lieder_quelle (lid, gbid, art, user) VALUES ($lid, $row_al[gbid], 'al', '$user_admin')" );
$sql = $db->query( "INSERT INTO lieder_quelle (lid, gbid, art, user) VALUES ($lid, $row_wl[gbid], 'wl', '$user_admin')" );
$sql = $db->query( "DELETE FROM lieder_quelle WHERE gbid=''");
$smarty->assign('lieder_success', "1");
}
}
if($action == 'del'){
$gbid = $_GET["gbid"];
$art= $_GET["art"];
$db = dbconnect();
$sql = $db->query( "DELETE FROM lieder_quelle WHERE lid=$lid AND gbid=$gbid AND art = '$art'");
$smarty->assign('lieder_del', "1");
}
$smarty->assign('action', "$action");
$smarty->display("$template/$templatename");
?>