librecat/action/reply.php

62 lines
1.7 KiB
PHP
Raw Normal View History

2020-05-22 00:20:59 +00:00
<?php
session_start();
include("../include/settings.php");
if(!isset($_GET["q"])){
echo("Question not specified.");
die();
}
else if(!isset($_SESSION["uid"])){
echo("You need to log in to perform that task.");
}
else if(isset($_POST["answered"])){
if($_POST["answer_body"] == ""){
echo("Answer cannot be blank.");
}
else{
$db = new sqlite3('../ask.db');
$question = $db->query("SELECT * FROM questions WHERE id = '" . $_GET["q"] . "';")->fetchArray(SQLITE3_ASSOC);
if(!$question || !$question["id"]){
echo("Question not found.");
}
else if($question["user"] != $_SESSION["uid"]){
echo("You're not allowed to perform that task.");
}
else{
$db->exec("UPDATE questions SET answer = '" . htmlspecialchars($_POST["answer_body"], ENT_QUOTES) . "', a_date = " . strtotime("now") . " WHERE id = " . $_GET["q"] . ";");
if($pretty_urls){
header("Location: /user/" . $db->querySingle("SELECT username FROM users WHERE id = " . $question["user"] . ";"));
die();
}
else{
header("Location: /user.php?q=" . $db->querySingle("SELECT username FROM users WHERE id = " . $question["user"] . ";"));
die();
}
}
}
}
$db = new SQLite3('../ask.db');
$question = $db->query("SELECT * FROM questions WHERE id = '" . $_GET["q"] . "';")->fetchArray(SQLITE3_ASSOC);
?>
2020-05-31 03:53:02 +00:00
<!DOCTYPE html>
2020-05-22 00:20:59 +00:00
<html>
<head>
2020-05-31 03:53:02 +00:00
<?php include("../themes/$theme_name/reply.php"); ?>
2020-05-22 00:20:59 +00:00
</head>
<body>
2020-05-31 03:53:02 +00:00
<div class="main-container">
<h3 class="question"><?= $question["question"] ?></h3>
2020-05-22 00:20:59 +00:00
<form action="" method="post">
<textarea cols=100 rows=10 name="answer_body" placeholder="Write your answer."></textarea><br/>
<input type="submit" name="answered"/>
</form>
2020-05-31 03:53:02 +00:00
</div>
2020-05-22 00:20:59 +00:00
</body>
</html>