summaryrefslogtreecommitdiff
path: root/includes/pages/user_questions.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/pages/user_questions.php')
-rw-r--r--includes/pages/user_questions.php126
1 files changed, 77 insertions, 49 deletions
diff --git a/includes/pages/user_questions.php b/includes/pages/user_questions.php
index 4abceb92..5cb60db3 100644
--- a/includes/pages/user_questions.php
+++ b/includes/pages/user_questions.php
@@ -1,57 +1,85 @@
<?php
-function questions_title() {
- return _("Ask the Heaven");
+use Engelsystem\Database\DB;
+
+/**
+ * @return string
+ */
+function questions_title()
+{
+ return _('Ask the Heaven');
}
-function user_questions() {
- global $user;
-
- if (! isset($_REQUEST['action'])) {
- $open_questions = sql_select("SELECT * FROM `Questions` WHERE `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'");
-
- $answered_questions = sql_select("SELECT * FROM `Questions` WHERE NOT `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'");
- foreach ($answered_questions as &$question) {
- $answer_user_source = User($question['AID']);
- $question['answer_user'] = User_Nick_render($answer_user_source);
- }
-
- return Questions_view($open_questions, $answered_questions, page_link_to("user_questions") . '&action=ask');
- } else {
- switch ($_REQUEST['action']) {
- case 'ask':
- $question = strip_request_item_nl('question');
- if ($question != "") {
- $result = sql_query("INSERT INTO `Questions` SET `UID`='" . sql_escape($user['UID']) . "', `Question`='" . sql_escape($question) . "'");
- if ($result === false) {
- engelsystem_error(_("Unable to save question."));
- }
- success(_("You question was saved."));
- redirect(page_link_to("user_questions"));
- } else {
- return page_with_title(questions_title(), [
- error(_("Please enter a question!"), true)
- ]);
- }
- break;
- case 'delete':
- if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) {
- $question_id = $_REQUEST['id'];
- } else {
- return error(_("Incomplete call, missing Question ID."), true);
+/**
+ * @return string
+ */
+function user_questions()
+{
+ global $user;
+
+ if (!isset($_REQUEST['action'])) {
+ $open_questions = DB::select(
+ 'SELECT * FROM `Questions` WHERE `AID` IS NULL AND `UID`=?',
+ [$user['UID']]
+ );
+
+ $answered_questions = DB::select(
+ 'SELECT * FROM `Questions` WHERE NOT `AID` IS NULL AND `UID`=?',
+ [$user['UID']]
+ );
+ foreach ($answered_questions as &$question) {
+ $answer_user_source = User($question['AID']);
+ $question['answer_user'] = User_Nick_render($answer_user_source);
}
-
- $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($question_id) . "' LIMIT 1");
- if (count($question) > 0 && $question[0]['UID'] == $user['UID']) {
- sql_query("DELETE FROM `Questions` WHERE `QID`='" . sql_escape($question_id) . "' LIMIT 1");
- redirect(page_link_to("user_questions"));
- } else {
- return page_with_title(questions_title(), [
- error(_("No question found."), true)
- ]);
+
+ return Questions_view($open_questions, $answered_questions, page_link_to('user_questions') . '&action=ask');
+ } else {
+ switch ($_REQUEST['action']) {
+ case 'ask':
+ $question = strip_request_item_nl('question');
+ if ($question != '') {
+ $result = DB::insert('
+ INSERT INTO `Questions` (`UID`, `Question`)
+ VALUES (?, ?)
+ ',
+ [$user['UID'], $question]
+ );
+ if (!$result) {
+ engelsystem_error(_('Unable to save question.'));
+ }
+ success(_('You question was saved.'));
+ redirect(page_link_to('user_questions'));
+ } else {
+ return page_with_title(questions_title(), [
+ error(_('Please enter a question!'), true)
+ ]);
+ }
+ break;
+ case 'delete':
+ if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) {
+ $question_id = $_REQUEST['id'];
+ } else {
+ return error(_('Incomplete call, missing Question ID.'), true);
+ }
+
+ $question = DB::select(
+ 'SELECT `UID` FROM `Questions` WHERE `QID`=? LIMIT 1',
+ [$question_id]
+ );
+ if (count($question) > 0 && $question[0]['UID'] == $user['UID']) {
+ DB::delete(
+ 'DELETE FROM `Questions` WHERE `QID`=? LIMIT 1',
+ [$question_id]
+ );
+ redirect(page_link_to('user_questions'));
+ } else {
+ return page_with_title(questions_title(), [
+ error(_('No question found.'), true)
+ ]);
+ }
+ break;
}
- break;
}
- }
+
+ return '';
}
-?> \ No newline at end of file