1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
|
if ($action == 'suggestions') {
$suggestions = '';
$suggestions_move=intval($_POST['Idee']);
$suggestions_move=str_replace("-","",$suggestions_move);
if(isset($_POST['Betreff'])) $suggestions_betreff = trim($_POST['Betreff']);
if ($suggestions_betreff == ""){
$suggestions_betreff = "Kein Betreff";
}
$control=$db->query_first("SELECT userid
FROM bb".$n."_users
WHERE userid='".$_POST['user']."'");
if(isset($_POST['send'])){
if($suggestions_move > $wbbuserdata['suggestions'] OR $suggestions_move <= 0 OR $wbbuserdata[userid] == $_POST['user'] OR $control==""){
eval("\$tpl->output(\"".$tpl->get("idee_error")."\");");
exit;
}
$names=$db->query_first("SELECT userid,username
FROM bb".$n."_users
WHERE userid='".$_POST['user']."'");
$db->query("INSERT INTO bb".$n."_idee (userid,idee,date)
VALUES ($wbbuserdata[userid], 'Idee an $name[username] | Betreff : $suggestions_betreff','".time()."')");
$db->query("INSERT INTO bb".$n."_idee (userid,idee,date)
VALUES (".$_POST['user'].", 'Idee von $wbbuserdata[username] | Betreff : $suggestions_betreff','".time()."')");
header("Location: idee.php?action=index");
exit();
}
$user=$db->query("SELECT userid, username
FROM bb".$n."_users
ORDER BY username DESC");
while($row=$db->fetch_array($user)){
$user_options.=makeoption($row[userid],$row[username],"",0);
}
eval ("\$suggestionsbit .= \"".$tpl->get("suggestionsbit")."\";");
if($suggestionsbit) eval ("\$suggestions = \"".$tpl->get("suggestionsheader")."\";");
else eval ("\$suggestions = \"".$tpl->get("suggestionsno")."\";");
if ($wbbuserdata['groupid'] != 4 && $wbbuserdata['groupid']!=6 && $wbbuserdata['groupid']!=7 && $wbbuserdata['groupid']!=14) eval("\$tpl->output(\"".$tpl->get("suggestions")."\");");
else eval ("\$tpl->output(\"".$tpl->get("no_access")."\");");
} |