This commit is contained in:
Pòsweg 2020-08-16 07:42:46 +02:00
commit 3826f92b8a
1 changed files with 15 additions and 17 deletions

View File

@ -9,19 +9,22 @@ if(!isset($_GET["q"])){
else if(!isset($_SESSION["uid"])){
echo("You need to log in to perform that task.");
}
else if(isset($_POST["answered"])){
if($_POST["answer_body"] == ""){
echo("Answer cannot be blank.");
}
else{
else{
$db = new sqlite3('../ask.db');
$question = $db->query("SELECT * FROM questions WHERE id = '" . $_GET["q"] . "';")->fetchArray(SQLITE3_ASSOC);
if(!$question || !$question["id"]){
echo("Question not found.");
die();
}
else if($question["user"] != $_SESSION["uid"]){
echo("You're not allowed to perform that task.");
echo("You have no permission to answer this question.");
die();
}
if(isset($_POST["answered"])){
if($_POST["answer_body"] == ""){
echo("Answer cannot be blank.");
}
else{
$db->exec("UPDATE questions SET answer = '" . htmlspecialchars($_POST["answer_body"], ENT_QUOTES) . "', a_date = " . strtotime("now") . " WHERE id = " . $_GET["q"] . ";");
@ -37,11 +40,6 @@ else if(isset($_POST["answered"])){
}
}
$db = new SQLite3('../ask.db');
$question = $db->query("SELECT * FROM questions WHERE id = '" . $_GET["q"] . "';")->fetchArray(SQLITE3_ASSOC);
?>
<!DOCTYPE html>