dendy
/
librecat
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Improved reply permission handling

This commit is contained in:
posweg 2020-08-16 05:38:24 +00:00
parent 889a48b971
commit 432bb36691
1 changed files with 15 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
action/reply.php
View File

@ -9,19 +9,22 @@ if(!isset($_GET["q"])){
else if(!isset($_SESSION["uid"])){
echo("You need to log in to perform that task.");
}
else if(isset($_POST["answered"])){
if($_POST["answer_body"] == ""){
echo("Answer cannot be blank.");
else{
$db = new sqlite3('../ask.db');
$question = $db->query("SELECT * FROM questions WHERE id = '" . $_GET["q"] . "';")->fetchArray(SQLITE3_ASSOC);
if(!$question || !$question["id"]){
echo("Question not found.");
die();
}
else{
$db = new sqlite3('../ask.db');
$question = $db->query("SELECT * FROM questions WHERE id = '" . $_GET["q"] . "';")->fetchArray(SQLITE3_ASSOC);
if(!$question || !$question["id"]){
echo("Question not found.");
}
else if($question["user"] != $_SESSION["uid"]){
echo("You're not allowed to perform that task.");
else if($question["user"] != $_SESSION["uid"]){
echo("You have no permission to answer this question.");
die();
}
if(isset($_POST["answered"])){
if($_POST["answer_body"] == ""){
echo("Answer cannot be blank.");
}
else{
$db->exec("UPDATE questions SET answer = '" . htmlspecialchars($_POST["answer_body"], ENT_QUOTES) . "', a_date = " . strtotime("now") . " WHERE id = " . $_GET["q"] . ";");
@ -37,11 +40,6 @@ else if(isset($_POST["answered"])){
}
}
$db = new SQLite3('../ask.db');
$question = $db->query("SELECT * FROM questions WHERE id = '" . $_GET["q"] . "';")->fetchArray(SQLITE3_ASSOC);
?>
<!DOCTYPE html>