From 12734da8826299ffd24c0a15f6dbf205892d7221 Mon Sep 17 00:00:00 2001
From: root
Date: Mon, 14 Apr 2014 08:35:13 +0200
Subject: Pushed to v3

---
 www/update.php | 75 +++++++++++++++++++---------------------------------------
 1 file changed, 24 insertions(+), 51 deletions(-)

(limited to 'www/update.php')

diff --git a/www/update.php b/www/update.php
index e59bf8e..04df988 100644
--- a/www/update.php
+++ b/www/update.php
@@ -1,53 +1,26 @@
 <?php
 
-/* Copyright Maximilian Möhring, 2013
-Licensed under the GPL. Read LICENSE for more Information.*/
-
-include('auth.php');
-/*error_reporting(E_ALL);
-
-ini_set('display_errors', '1');*/
-
-$id = SQLite3::escapeString($_POST["id"]);
-$name = SQLite3::escapeString($_POST["name"]);
-$adresse = SQLite3::escapeString($_POST["adresse"]);
-$telefonnummer = SQLite3::escapeString($_POST["telefonnummer"]);
-$handynummer = SQLite3::escapeString($_POST["handynummer"]);
-$email = SQLite3::escapeString($_POST["email"]);
-$bday = SQLite3::escapeString($_POST["geburtstag"]);
-
-//echo "$name<br> $adresse<br>$telefonnummer<br>$handynummer<br>$email<br>$bday<br>$ip<br>$cryptedip";
-
-
-
-$db = new SQLite3('../database/database.sqlite');
-
-$db->exec("UPDATE member SET name='$name' where id=$id;");
-$db->exec("UPDATE member SET adresse='$adresse' where id=$id;");
-$db->exec("UPDATE member SET telefonnummer='$telefonnummer' where id=$id;");
-$db->exec("UPDATE member SET handynummer='$handynummer' where id=$id;");
-$db->exec("UPDATE member SET email='$email' where id=$id;");
-$db->exec("UPDATE member SET geburtstag='$bday' where id=$id;");
-
-/*echo "
-<!doctype html public '-//W3C//DTD XHTML 1.0 //EN'>
-
-<html>
- <head>
-  <title>Junge Gemeinde Adlershof - Update erfolgreich!</title>
-  <meta http-equiv='Content-type' content='text/html; charset=utf-8' />
-  <link rel='stylesheet' type='text/css' href='style.css' />
-  <link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'>
- </head>
-
- <body>
-<center>
-<p5>Update erfolgreich!</p5><br><br>
-<a4>Weiterleitung in 3.. 2.. 1..</a4>
-</center></body></html>";*/
-
-header("Refresh: 0; liste.php");
-
-
-
-?>
+function update_db($db){
+
+	$id = SQLite3::escapeString($_POST["id"]);
+	$name = SQLite3::escapeString($_POST["name"]);
+	$adresse = SQLite3::escapeString($_POST["adresse"]);
+	$telefonnummer = SQLite3::escapeString($_POST["telefonnummer"]);
+	$handynummer = SQLite3::escapeString($_POST["handynummer"]);
+	$email = SQLite3::escapeString($_POST["email"]);
+	$bday = SQLite3::escapeString($_POST["geburtstag"]);
+
+	if(!preg_match("/^[0-9]+$/", $id) || !preg_match("/[0-9]+$/", $telefonnummer) || !preg_match("/^.+@.+$/", $email)){
+		return false;
+	}
+
+	if($db->exec("
+		BEGIN TRANSACTION;
+		UPDATE jg SET name='".$name."', adresse='".$adresse."', telefonnummer='".$telefonnummer."', handynummer='".$handynummer."', email='".$email."', geburtstag='".$bday."' WHERE id=".$id.";
+		COMMIT;
+	")){
+		return true;
+	} else {
+		return false;
+	}
+}
-- 
cgit v1.2.3