librecat/action/reply.php

60 lines
1.5 KiB
PHP

<?php
session_start();
include("../include/settings.php");
if(!isset($_GET["q"])){
echo("Question not specified.");
die();
}
else if(!isset($_SESSION["uid"])){
echo("You need to log in to perform that task.");
}
else{
$db = new sqlite3('../ask.db');
$question = $db->query("SELECT * FROM questions WHERE id = '" . $_GET["q"] . "';")->fetchArray(SQLITE3_ASSOC);
if(!$question || !$question["id"]){
echo("Question not found.");
die();
}
else if($question["user"] != $_SESSION["uid"]){
echo("You have no permission to answer this question.");
die();
}
if(isset($_POST["answered"])){
if($_POST["answer_body"] == ""){
echo("Answer cannot be blank.");
}
else{
$db->exec("UPDATE questions SET answer = '" . htmlspecialchars($_POST["answer_body"], ENT_QUOTES) . "', a_date = " . strtotime("now") . " WHERE id = " . $_GET["q"] . ";");
if($pretty_urls){
header("Location: /user/" . $db->querySingle("SELECT username FROM users WHERE id = " . $question["user"] . ";"));
die();
}
else{
header("Location: /user.php?q=" . $db->querySingle("SELECT username FROM users WHERE id = " . $question["user"] . ";"));
die();
}
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<?php include("../themes/$theme_name/reply.php"); ?>
</head>
<body>
<div class="main-container">
<h3 class="question"><?= $question["question"] ?></h3>
<form action="" method="post">
<textarea cols=100 rows=10 name="answer_body" placeholder="Write your answer."></textarea><br/>
<input type="submit" name="answered"/>
</form>
</div>
</body>
</html>