<?php
/**
* @author Bettina Schwarzer, Fritz-Haber-Institut
* @copyright 08/2011
*
* UPDATE/DELETE Partnerdaten
*/
error_reporting(E_ALL ^ E_NOTICE);
session_start();
if (! isset($_SESSION["userid"]))
{
include_once ("inc/func_lib.inc.php");
login("partner_upd.php");
exit;
}
if (is_null($_SESSION["recht"]) || (!is_null($_SESSION["recht"]) && !in_array("vpr",$_SESSION["recht"]) && !in_array("vpe",$_SESSION["recht"])))
{
header("Location: start.php");
exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<link href="css/db.css" rel="STYLESHEET" type="TEXT/CSS" />
<title>Aktualisieren Partnerdaten</title>
</head>
<body>
<?php
echo " ";
echo "<div class=\"float-br smaller\" valign='top'>";
echo " user: " . $_SESSION["userid"];
echo " <a class='sc' href='/fhiiqm/logout.php' title='Session beenden'>logout</a></div>\n";
echo "<div class=\"float-r\"><img src=\"img/group_gear.png\" border=\"0\" alt=\"Partnerdaten bearbeiten\" title=\"Partnerdaten bearbeiten\"/></div>\n";
include_once($_SERVER['DOCUMENT_ROOT'] ."/fhiiqm/inc/dbconnect.inc.php");
$dbc = new dbconnection();
$pid = $_GET["uid"];
if (!$rid) $rid=1;
$ok = $_POST["ok"];
$upd = $_POST["upd"];
$del = $_POST["del"];
$part = $_POST["part"];
if (!$part['okn']) $ok=false;
// print_r($raum);
// echo "<br><br>\n";
// echo "Vertragsbezeichnung: " . $raum['cname'] ."<br><br>\n";
if ((!$ok && !$upd && !$del) || (!$ok && ($upd || $del)))
{
if (!$upd && !$del)
{
$sql = "SELECT part_ID,part_firma,part_nachname,part_vorname,part_titel,part_anrede,part_strasse,
part_ort,part_plz,part_tel,part_fax,part_mobil,part_email,part_bemerkung
FROM fhiiqm.Partner WHERE part_ID=$pid";
if ($result = $dbc ->queryObjectArray($sql))
{
foreach ($result as $row)
{
$part['firma'] = $row->part_firma;
$part['str'] = $row->part_strasse;
$part['ort'] = $row->part_ort;
$part['plz'] = $row->part_plz;
$part['nname'] = $row->part_nachname;
$part['vname'] = $row->part_vorname;
$part['titel'] = $row->part_titel;
$part['anr'] = $row->part_anrede;
$part['tel'] = $row->part_tel;
$part['motel'] = $row->part_mobil;
$part['fax'] = $row->part_fax;
$part['email'] = $row->part_email;
$part['bem'] = $row->part_bemerkung;
}
}
}
include ("form/partner_form.inc.php");
if ($upd || $del)
{
if ($upd)
$frage = "Alle Angaben ok?";
elseif ($del)
$frage = "Partner wirklich löschen?";
echo "<tr>
<td class=\"red\" valign=\"top\" align=\"left\">$frage</td>
<td><input type=\"checkbox\" name=\"ok\" value=\"1\"";
if ($ok) echo "checked";
echo "></td>\n</tr>\n";
}
if (!is_null($_SESSION["recht"]) && in_array("vpe",$_SESSION["recht"]))
{
echo "<tr>\n";
echo "
<td> </td>
<td><input class=\"button\" type=\"submit\" value=\"ändern\" name=\"upd\" title=\"update\" />
<input class=\"button\" type=\"submit\" value=\"löschen\" name=\"del\" title=\"delete\" /></td>\n";
echo "</tr>\n";
}
echo "</table>\n";
echo "</div>\n";
if (!is_null($_SESSION["recht"]) && !in_array("vpe",$_SESSION["recht"]))
echo "<p> <a href=\"partner_flist.php\" target=\"_self\" title=\"Partnerliste\">Zurück zur Partnerliste</a></p>\n";
echo "</form>\n";
}
elseif ($ok && $del)
{
echo "<div align='center'>\n";
//daten loeschen
$sql = "DELETE FROM Partner WHERE part_ID=pid";
$retd = $dbc -> execute($sql);
if ($retd)
{
echo "<p class='green'><b>Partner '" . $part['firma'] . "' wurde gelöscht!</b></p>";
include ($_SERVER["DOCUMENT_ROOT"] ."/fhiiqm/inc/partner_show.inc.php");
}
}
elseif ($ok && $upd)
{
echo "<div align='center'>\n";
//daten speichern
$part["firma"] = substr($part["firma"],0,50);
$part["nname"] = substr($part["nname"],0,30);
$part["vname"] = substr($part["vname"],0,30);
if ($part['anr']== -1) $part['anr']=null;
$part["titel"] = substr($part["titel"],0,10);
$part["tel"] = substr($part["tel"],0,20);
$part["mobil"] = substr($part["motel"],0,20);
$part["fax"] = substr($part["fax"],0,20);
$part["email"] = substr($part["email"],0,20);
$part["ort"] = substr($part["ort"],0,50);
$part["str"] = substr($part["str"],0,50);
$part["plz"] = substr($part["plz"],0,10);
$part["bem"] = substr($part["bem"],0,500);
foreach ($part as $key=>$value)
{
if (is_null($value) || $value < "!") $part["$key"] = null;
}
// vermeiden von SQL-Injection
$stmt = $dbc -> stmtinit();
if (is_object($stmt))
{
$stmt -> prepare("UPDATE fhiiqm.Partner SET
part_firma = ?,
part_nachname = ?,
part_vorname = ?,
part_titel = ?,
part_anrede = ?,
part_strasse = ?,
part_ort = ?,
part_plz = ?,
part_tel = ?,
part_fax = ?,
part_mobil = ?,
part_email = ?,
part_bemerkung = ?
WHERE part_ID = $pid");
$stmt -> bind_param('sssssssssssss',$part["firma"],$part["nname"],$part["vname"],$part["titel"],$part['anr'],
$part["str"],$part["ort"],$part["plz"],$part["tel"],$part["fax"],$part["motel"],$part["email"],$part["bem"]);
$result = $stmt -> execute();
if ($dbc->error) echo "error: " . $dbc->error . "<br><br>\n";
if ($result)
{
// UPDATE o.k.
echo "<p class='green'><b>Partnerdaten zu ID '$pid' wurden erfolgreich gespeichert.</b></p>\n";
echo "<br /><br />\n";
// Anzeigen gespeicherte Partnerdaten
include ("inc/partner_dat_show.inc.php");
}
else
echo "<p class='red'>Ändern der Partnerdaten ist fehlgeschlagen!</p>\n";
}
}
if ($ok && ($upd || $del))
{
echo "</div><br /><br />\n";
echo "<p> <a href=\"partner_flist.php\" target=\"_self\" title=\"Partnerliste\">Zurück zur Partnerliste</a></p>\n";
echo "<p> <a href=\"partner_ins.php\" target=\"_self\" title=\"Partner erfassen\">Weiteren Partner erfassen</a></p>\n";
}
?>
</body>
</html>