Improved reply permission handling
This commit is contained in:
parent
889a48b971
commit
432bb36691
|
@ -9,19 +9,22 @@ if(!isset($_GET["q"])){
|
||||||
else if(!isset($_SESSION["uid"])){
|
else if(!isset($_SESSION["uid"])){
|
||||||
echo("You need to log in to perform that task.");
|
echo("You need to log in to perform that task.");
|
||||||
}
|
}
|
||||||
else if(isset($_POST["answered"])){
|
else{
|
||||||
if($_POST["answer_body"] == ""){
|
$db = new sqlite3('../ask.db');
|
||||||
echo("Answer cannot be blank.");
|
|
||||||
|
$question = $db->query("SELECT * FROM questions WHERE id = '" . $_GET["q"] . "';")->fetchArray(SQLITE3_ASSOC);
|
||||||
|
if(!$question || !$question["id"]){
|
||||||
|
echo("Question not found.");
|
||||||
|
die();
|
||||||
}
|
}
|
||||||
else{
|
else if($question["user"] != $_SESSION["uid"]){
|
||||||
$db = new sqlite3('../ask.db');
|
echo("You have no permission to answer this question.");
|
||||||
|
die();
|
||||||
$question = $db->query("SELECT * FROM questions WHERE id = '" . $_GET["q"] . "';")->fetchArray(SQLITE3_ASSOC);
|
}
|
||||||
if(!$question || !$question["id"]){
|
|
||||||
echo("Question not found.");
|
if(isset($_POST["answered"])){
|
||||||
}
|
if($_POST["answer_body"] == ""){
|
||||||
else if($question["user"] != $_SESSION["uid"]){
|
echo("Answer cannot be blank.");
|
||||||
echo("You're not allowed to perform that task.");
|
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
$db->exec("UPDATE questions SET answer = '" . htmlspecialchars($_POST["answer_body"], ENT_QUOTES) . "', a_date = " . strtotime("now") . " WHERE id = " . $_GET["q"] . ";");
|
$db->exec("UPDATE questions SET answer = '" . htmlspecialchars($_POST["answer_body"], ENT_QUOTES) . "', a_date = " . strtotime("now") . " WHERE id = " . $_GET["q"] . ";");
|
||||||
|
@ -37,11 +40,6 @@ else if(isset($_POST["answered"])){
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
$db = new SQLite3('../ask.db');
|
|
||||||
|
|
||||||
$question = $db->query("SELECT * FROM questions WHERE id = '" . $_GET["q"] . "';")->fetchArray(SQLITE3_ASSOC);
|
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<!DOCTYPE html>
|
<!DOCTYPE html>
|
||||||
|
|
Loading…
Reference in New Issue