Leitgedanken/notizen.php

<?php

# Fuer debugging
#error_reporting(E_ALL);
#ini_set('display_errors', 1);
#echo __LINE__."<br>";

session_start();
include_once 'classes/lg-on_Smarty.class.php';
$smarty = new lgon_Smarty();
require_once("config.inc.php");
require_once("func_rollenrechte.php");
$templatename = substr(basename($_SERVER['PHP_SELF']),0,-3)."html";
require_once "language/german.inc.php";

// Rechteüberprüfung
dbconnect();
if ($user_admin == ""){ require("index.php"); exit;} //Wenn man nicht angemeldet ist, darf man nicht auf die Seite
if(!rore($user_admin,'a_notes','RE')){require("lib/rechte.php");exit;}
// Rechteüberprüfung ende


if(isset($_GET['action'])){
  $action = $_GET['action'];
}else{
  $action = '';
}
if($action == ''){
   $lid = $_GET['lid'];
   $_SESSION['ck_lid_notiz'] = $lid;
   

  $result = $db->query( "SELECT notiz
                           FROM notizen
                          WHERE lid = '$lid'
                            AND user = '$user_admin'
                        ");
  $row = $result->fetch_array();


  $notiz =str_replace  ('"',  '\"'  ,  $row['notiz']);
  $notiz =str_replace  ("'",  "\'"  ,  $notiz);
  $notiz = preg_replace("/\r*|\n*/s", "", $notiz);
  $notiz = preg_replace("/(\r\n|\n|\r)/", "", $notiz);
#  echo $notiz;
#  exit;
  #$notiz = strip_tags($notiz);

  $smarty->assign('notes_text', "$notiz");
  
  $smarty->assign('notes_lid', "$lid");
  
}

if($action == 'notes'){
  $lid = $_SESSION['ck_lid_notiz'];
  $smarty->assign('notes_lid', "$lid");
  $notiz = $db->real_escape_string(stripslashes( $_POST['notizen'] ));

  dbconnect();
  $sql = $db->query( "DELETE FROM notizen WHERE lid='$lid' AND user = '$user_admin'" );
  $sql = $db->query( "INSERT INTO notizen (lid, user, notiz) VALUES ($lid, '$user_admin', '$notiz')" );
  $sql = $db->query( "DELETE FROM notizen WHERE notiz=''" );
  session_destroy(); 
  $smarty->assign('notes_redirect', "1");
}

$smarty->assign('action', "$action");
$smarty->display("$template/$templatename");
?>