fixes

admin/index.php

@@ -18,15 +18,20 @@
     $strDistrict=$_SESSION['district'];
     include("../config.php");
     $boolShowmap=false;
+    
+    $sqlDistrict = ($boolSuperAdmin) ? "1" : "l.district='$strDistrict'";
 
+    // Eintag löschen
     if (isset($_GET['delid'])) {
         if($_GET['csrf'] !== $_SESSION['csrf_token']) {
             die("Ungültiger Token");
         }
         $numDelete = (int)$_GET['delid'];
 
-        $stmt = $db->prepare("DELETE FROM location WHERE id = :id");
+
+        $stmt = $db->prepare("DELETE FROM location WHERE id = :id AND district=:district");
         $stmt->bindValue(":id",$numDelete);
+        $stmt->bindValue(":district",$strDistrict);
         $stmt->execute();
 
         $stmt = $db->prepare("DELETE FROM comment WHERE loc_id= :loc_id");
@@ -46,7 +51,8 @@
         $stmt->bindValue(":loc_id",$numDelete);
         $stmt->execute();
     }
-
+    
+    // Kommentar löschen
     if (isset($_GET['delcid'])) {
         if($_GET['csrf'] !== $_SESSION['csrf_token']) {
             die("Ungültiger Token");
@@ -57,7 +63,7 @@
         $stmt->execute();
     }
 
-
+    // Bild löschen
     if (isset($_GET['delfid'])) {
         if($_GET['csrf'] !== $_SESSION['csrf_token']) {
             die("Ungültiger Token");
@@ -77,7 +83,8 @@
         $stmt->execute();
         
     }
-
+    
+    // Karte zeigen
     if (isset($_GET['showmap'])) {
         $numShowmap=(int)$_GET['showmap'];
         $boolShowmap=$numShowmap==1;
@@ -180,7 +187,10 @@
     <?php
     $strScript="";
     //$strSQL="SELECT * FROM location ORDER BY created_at DESC";
-    $strSQL="SELECT l.id as lid,l.*,adr.* FROM location l LEFT JOIN address adr ON l.id=adr.loc_id ORDER BY created_at ASC";
+    $strSQL="SELECT l.id as lid,l.*,adr.* 
+              FROM location l LEFT JOIN address adr ON l.id=adr.loc_id 
+              WHERE $sqlDistrict
+              ORDER BY created_at ASC";
     $result = $db->query($strSQL);
     while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
         $id = $row['lid'];