librecat/action/reply.php

<?php 
session_start();
include("../include/settings.php");

if(!isset($_GET["q"])){
	echo("Question not specified.");
	die();
}
else if(!isset($_SESSION["uid"])){
       	echo("You need to log in to perform that task.");
}
else{
	$db = new sqlite3('../ask.db');
	
	$question = $db->query("SELECT * FROM questions WHERE id = '" . $_GET["q"] . "';")->fetchArray(SQLITE3_ASSOC);
	if(!$question || !$question["id"]){
		echo("Question not found.");
		die();
	}
	else if($question["user"] != $_SESSION["uid"]){
		echo("You have no permission to answer this question.");
		die();
	}

	if(isset($_POST["answered"])){
		if($_POST["answer_body"] == ""){
			echo("Answer cannot be blank.");
		}
		else{
			$db->exec("UPDATE questions SET answer = '" . htmlspecialchars($_POST["answer_body"], ENT_QUOTES) . "', a_date = " . strtotime("now") . " WHERE id = " . $_GET["q"] . ";");
			if($pretty_urls){
				header("Location: /user/" . $db->querySingle("SELECT username FROM users WHERE id = " . $question["user"] . ";"));
				die();
			}
			else{
				header("Location: /user.php?q=" . $db->querySingle("SELECT username FROM users WHERE id = " . $question["user"] . ";"));
				die();
			}
		}
	}
}

?>

<!DOCTYPE html>
<html>
<head>
<?php include("../themes/$theme_name/reply.php"); ?>
</head>
<body>
	<div class="main-container">
	<h3 class="question"><?= $question["question"] ?></h3>
	<form action="" method="post">
		<textarea cols=100 rows=10 name="answer_body" placeholder="Write your answer."></textarea><br/>
		<input type="submit" name="answered"/>
	</form>
	</div>
</body>
</html>
Implement Answers 2020-05-22 00:20:59 +00:00			`<?php`
			`session_start();`
			`include("../include/settings.php");`

			`if(!isset($_GET["q"])){`
			`echo("Question not specified.");`
			`die();`
			`}`
			`else if(!isset($_SESSION["uid"])){`
			`echo("You need to log in to perform that task.");`
			`}`
Improved reply permission handling 2020-08-16 05:38:24 +00:00			`else{`
			`$db = new sqlite3('../ask.db');`

			`$question = $db->query("SELECT * FROM questions WHERE id = '" . $_GET["q"] . "';")->fetchArray(SQLITE3_ASSOC);`
			`if(!$question \|\| !$question["id"]){`
			`echo("Question not found.");`
			`die();`
Implement Answers 2020-05-22 00:20:59 +00:00			`}`
Improved reply permission handling 2020-08-16 05:38:24 +00:00			`else if($question["user"] != $_SESSION["uid"]){`
			`echo("You have no permission to answer this question.");`
			`die();`
			`}`

			`if(isset($_POST["answered"])){`
			`if($_POST["answer_body"] == ""){`
			`echo("Answer cannot be blank.");`
Implement Answers 2020-05-22 00:20:59 +00:00			`}`
			`else{`
			`$db->exec("UPDATE questions SET answer = '" . htmlspecialchars($_POST["answer_body"], ENT_QUOTES) . "', a_date = " . strtotime("now") . " WHERE id = " . $_GET["q"] . ";");`
			`if($pretty_urls){`
			`header("Location: /user/" . $db->querySingle("SELECT username FROM users WHERE id = " . $question["user"] . ";"));`
			`die();`
			`}`
			`else{`
			`header("Location: /user.php?q=" . $db->querySingle("SELECT username FROM users WHERE id = " . $question["user"] . ";"));`
			`die();`
			`}`
			`}`
			`}`
			`}`

			`?>`

Reply for default theme 2020-05-31 03:53:02 +00:00			`<!DOCTYPE html>`
Implement Answers 2020-05-22 00:20:59 +00:00			`<html>`
			`<head>`
Reply for default theme 2020-05-31 03:53:02 +00:00			`<?php include("../themes/$theme_name/reply.php"); ?>`
Implement Answers 2020-05-22 00:20:59 +00:00			`</head>`
			`<body>`
Reply for default theme 2020-05-31 03:53:02 +00:00			`<div class="main-container">`
			`<h3 class="question"><?= $question["question"] ?></h3>`
Implement Answers 2020-05-22 00:20:59 +00:00			`<form action="" method="post">`
			`<textarea cols=100 rows=10 name="answer_body" placeholder="Write your answer."></textarea><br/>`
			`<input type="submit" name="answered"/>`
			`</form>`
Reply for default theme 2020-05-31 03:53:02 +00:00			`</div>`
Implement Answers 2020-05-22 00:20:59 +00:00			`</body>`
			`</html>`