admin faq

3 files changed, 97 insertions, 23 deletions

diff --git a/includes/pages/admin_faq.php b/includes/pages/admin_faq.php
new file mode 100644
index 00000000..5b9a338f
--- /dev/null
+++ b/includes/pages/admin_faq.php
@@ -0,0 +1,85 @@
+<?php
+function admin_faq() {
+	if (!isset ($_REQUEST['action'])) {
+		$faqs_html = "";
+		$faqs = sql_select("SELECT * FROM `FAQ`");
+		foreach ($faqs as $faq) {
+			$faqs_html .= '<tr><td><dl><dt>' . $faq['Frage_de'] . '</dt><dd>' . $faq['Antwort_de'] . '</dd></dl></td><td><dl><dt>' . $faq['Frage_en'] . '</dt><dd>' . $faq['Antwort_en'] . '</dd></dl></td>';
+			$faqs_html .= '<td><a href="' . page_link_to("admin_faq") . '&action=edit&id=' . $faq['FID'] . '">Edit</a></td></tr>';
+		}
+		return template_render('../templates/admin_faq.html', array (
+			'link' => page_link_to("admin_faq"),
+			'faqs' => $faqs_html
+		));
+	} else {
+		switch ($_REQUEST['action']) {
+			case 'create' :
+				$frage = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['frage']));
+				$antwort = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['antwort']));
+				$question = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question']));
+				$answer = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer']));
+				sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "'");
+				header("Location: " . page_link_to("admin_faq"));
+				break;
+
+			case 'save' :
+				if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+					$id = $_REQUEST['id'];
+				else
+					return error("Incomplete call, missing FAQ ID.");
+
+				$faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
+				if (count($faq) > 0) {
+					list ($faq) = $faq;
+
+					$frage = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['frage']));
+					$antwort = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['antwort']));
+					$question = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question']));
+					$answer = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer']));
+					sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
+					header("Location: " . page_link_to("admin_faq"));
+				} else
+					return error("No FAQ found.");
+				break;
+
+			case 'edit' :
+				if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+					$id = $_REQUEST['id'];
+				else
+					return error("Incomplete call, missing FAQ ID.");
+
+				$faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
+				if (count($faq) > 0) {
+					list ($faq) = $faq;
+
+					return template_render('../templates/admin_faq_edit_form.html', array (
+						'link' => page_link_to("admin_faq"),
+						'id' => $id,
+						'frage' => $faq['Frage_de'],
+						'antwort' => $faq['Antwort_de'],
+						'question' => $faq['Frage_en'],
+						'answer' => $faq['Antwort_en']
+					));
+				} else
+					return error("No FAQ found.");
+				break;
+
+			case 'delete' :
+				if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+					$id = $_REQUEST['id'];
+				else
+					return error("Incomplete call, missing FAQ ID.");
+
+				$faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
+				if (count($faq) > 0) {
+					list ($faq) = $faq;
+
+					sql_query("DELETE FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
+					header("Location: " . page_link_to("admin_faq"));
+				} else
+					return error("No FAQ found.");
+				break;
+		}
+	}
+}
+?>
\ No newline at end of file
diff --git a/includes/pages/guest_faq.php b/includes/pages/guest_faq.php
index 48e75d16..c4bcd0bb 100644
--- a/includes/pages/guest_faq.php
+++ b/includes/pages/guest_faq.php
@@ -2,29 +2,17 @@
 function guest_faq() {
 	$html = "";
 	$faqs = sql_select("SELECT * FROM `FAQ`");
-	foreach ($faqs as $faq)
-		if ($faq['Antwort'] != "") {
-			list ($frage_de, $frage_en) = explode('<br />', $faq['Frage']);
-			list ($antwort_de, $antwort_en) = explode('<br />', $faq['Antwort']);
-			$html .= "<dl>";
-			if ($_SESSION['Sprache'] == "DE") {
-				$html .= "<dt>" . $frage_de . "</dt>";
-				$html .= "<dd>" . $antwort_de . "</dd>";
-			} else {
-				$html .= "<dt>" . $frage_en . "</dt>";
-				$html .= "<dd>" . $antwort_en . "</dd>";
-			}
-			$html .= "</dl>";
+	foreach ($faqs as $faq) {
+		$html .= "<dl>";
+		if ($_SESSION['Sprache'] == "DE") {
+			$html .= "<dt>" . $faq['Frage_de'] . "</dt>";
+			$html .= "<dd>" . $faq['Antwort_de'] . "</dd>";
+		} else {
+			$html .= "<dt>" . $faq['Frage_en'] . "</dt>";
+			$html .= "<dd>" . $faq['Antwort_en'] . "</dd>";
 		}
+		$html .= "</dl>";
+	}
 	return $html;
 }
-
-function noAnswer() {
-	global $con;
-
-	$SQL = "SELECT UID FROM Questions WHERE `AID`='0'";
-	$Res = mysql_query($SQL, $con);
-
-	return mysql_num_rows($Res);
-}
 ?>
diff --git a/includes/sys_menu.php b/includes/sys_menu.php
index c3dfa041..ca34ee6c 100644
--- a/includes/sys_menu.php
+++ b/includes/sys_menu.php
@@ -32,7 +32,8 @@ function make_navigation() {
 		"admin_questions",
 		"admin_angel_types",
 		"admin_rooms",
-		"admin_groups"
+		"admin_groups",
+		"admin_faq"
 	));
 	return $menu;
 }