From 32b3ce5f900cf0d378f77a6675b989ee0e641f13 Mon Sep 17 00:00:00 2001 From: Philip Häusler Date: Fri, 3 Jun 2011 00:22:11 +0200 Subject: admin questions --- includes/pages/admin_questions.php | 76 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 includes/pages/admin_questions.php (limited to 'includes/pages/admin_questions.php') diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php new file mode 100644 index 00000000..5355dd86 --- /dev/null +++ b/includes/pages/admin_questions.php @@ -0,0 +1,76 @@ + 0) + return '

There are unanswered questions!

'; + } + + return ""; +} + +function admin_questions() { + global $user; + + if (!isset ($_REQUEST['action'])) { + $open_questions = ""; + $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0"); + foreach ($questions as $question) { + $open_questions .= '' . UID2Nick($question['UID']) . '' . str_replace("\n", '
', $question['Question']) . ''; + $open_questions .= '

'; + $open_questions .= 'Delete'; + } + + $answered_questions = ""; + $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0"); + foreach ($questions as $question) { + $answered_questions .= '' . UID2Nick($question['UID']) . '' . str_replace("\n", '
', $question['Question']) . ''; + $answered_questions .= '' . UID2Nick($question['AID']) . '' . str_replace("\n", '
', $question['Answer']) . ''; + $answered_questions .= 'Delete'; + } + + return template_render('../templates/admin_questions.html', array ( + 'link' => page_link_to("admin_questions"), + 'open_questions' => $open_questions, + 'answered_questions' => $answered_questions + )); + } else { + switch ($_REQUEST['action']) { + case 'answer' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Question ID."); + + $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + if (count($question) > 0 && $question[0]['AID'] == "0") { + $answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer']))); + + if ($answer != "") { + sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("admin_questions")); + } else + return error("Please enter an answer!"); + } else + return error("No question found."); + break; + case 'delete' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Question ID."); + + $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + if (count($question) > 0) { + sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("admin_questions")); + } else + return error("No question found."); + break; + } + } +} +?> \ No newline at end of file -- cgit v1.2.3-54-g00ecf From 5d9335fe183a0486c593975c45c2abe6875ab719 Mon Sep 17 00:00:00 2001 From: Daniel Friesel Date: Fri, 3 Jun 2011 20:24:36 +0200 Subject: admin_questions: More templates + sql fixes --- includes/pages/admin_groups.php | 12 +++++++++++- includes/pages/admin_language.php | 18 ++++++++++++++---- includes/pages/admin_questions.php | 31 ++++++++++++++++++++----------- templates/admin_question_answered.html | 9 +++++++++ templates/admin_question_unanswered.html | 14 ++++++++++++++ templates/admin_questions.html | 6 +++--- 6 files changed, 71 insertions(+), 19 deletions(-) create mode 100644 templates/admin_question_answered.html create mode 100644 templates/admin_question_unanswered.html (limited to 'includes/pages/admin_questions.php') diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php index 842640d8..770f09b4 100644 --- a/includes/pages/admin_groups.php +++ b/includes/pages/admin_groups.php @@ -44,7 +44,17 @@ function admin_groups() { $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`"); $privileges_html = ""; foreach ($privileges as $priv) - $privileges_html .= '' . $priv['name'] . '' . $priv['desc'] . ''; + $privileges_html .= sprintf( + '' + . ' %s %s', + $priv['id'], + ($priv['group_id'] != "" + ? 'checked="checked"' + : ''), + $priv['name'], + $priv['desc'] + ); $html .= template_render('../templates/admin_groups_edit_form.html', array ( 'link' => page_link_to("admin_groups"), diff --git a/includes/pages/admin_language.php b/includes/pages/admin_language.php index a866528e..749cd643 100644 --- a/includes/pages/admin_language.php +++ b/includes/pages/admin_language.php @@ -72,19 +72,29 @@ function admin_language() { foreach ($_POST as $k => $v) { if ($k != "TextID") { $sql_test = "SELECT * FROM `Sprache` " . - "WHERE `TextID`='" . $_POST["TextID"] . "' AND `Sprache`='$k'"; + "WHERE `TextID`='" . sql_escape($_POST["TextID"]) + . "' AND `Sprache`='" + . sql_escape($k) . "'"; + $erg_test = sql_query($sql_test); if (mysql_num_rows($erg_test) == 0) { $sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) " . - "VALUES ('" . $_POST["TextID"] . "', '$k', '$v')"; + "VALUES ('" . sql_escape($_POST["TextID"]) . "', '" + . sql_escape($k) . "', '" + . sql_escape($v) . "')"; + $html .= $sql_save . "
"; $Erg = sql_query($sql_save); $html .= success("$k Save: OK
\n"); } else if (mysql_result($erg_test, 0, "Text") != $v) { - $sql_save = "UPDATE `Sprache` SET `Text`='$v' " . - "WHERE `TextID`='" . $_POST["TextID"] . "' AND `Sprache`='$k' "; + $sql_save = "UPDATE `Sprache` SET `Text`='" + . sql_escape($v) . "' " . + "WHERE `TextID`='" + . sql_escape($_POST["TextID"]) + . "' AND `Sprache`='" . sql_escape($k) . "' "; + $html .= $sql_save . "
"; $Erg = sql_query($sql_save); $html .= success(" $k Update: OK
\n"); diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php index 5355dd86..0e4469d5 100644 --- a/includes/pages/admin_questions.php +++ b/includes/pages/admin_questions.php @@ -18,19 +18,28 @@ function admin_questions() { if (!isset ($_REQUEST['action'])) { $open_questions = ""; $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0"); - foreach ($questions as $question) { - $open_questions .= '' . UID2Nick($question['UID']) . '' . str_replace("\n", '
', $question['Question']) . ''; - $open_questions .= '

'; - $open_questions .= 'Delete'; - } + foreach ($questions as $question) + $open_questions .= template_render( + '../templates/admin_question_unanswered.html', array ( + 'question_nick' => UID2Nick($question['UID']), + 'question_id' => $question['QID'], + 'link' => page_link_to("admin_questions"), + 'question' => str_replace("\n", '
', $question['Question']) + )); $answered_questions = ""; $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0"); - foreach ($questions as $question) { - $answered_questions .= '' . UID2Nick($question['UID']) . '' . str_replace("\n", '
', $question['Question']) . ''; - $answered_questions .= '' . UID2Nick($question['AID']) . '' . str_replace("\n", '
', $question['Answer']) . ''; - $answered_questions .= 'Delete'; - } + + foreach ($questions as $question) + $answered_questions .= template_render( + '../templates/admin_question_answered.html', array ( + 'question_id' => $question['QID'], + 'question_nick' => UID2Nick($question['UID']), + 'question' => str_replace("\n", "
", $question['Question']), + 'answer_nick' => UID2Nick($question['AID']), + 'answer' => str_replace("\n", "
", $question['Answer']), + 'link' => page_link_to("admin_questions"), + )); return template_render('../templates/admin_questions.html', array ( 'link' => page_link_to("admin_questions"), @@ -73,4 +82,4 @@ function admin_questions() { } } } -?> \ No newline at end of file +?> diff --git a/templates/admin_question_answered.html b/templates/admin_question_answered.html new file mode 100644 index 00000000..e4f07932 --- /dev/null +++ b/templates/admin_question_answered.html @@ -0,0 +1,9 @@ + + %question_nick% + %question% + %answer_nick% + %answer% + + Delete + + diff --git a/templates/admin_question_unanswered.html b/templates/admin_question_unanswered.html new file mode 100644 index 00000000..fc3db78a --- /dev/null +++ b/templates/admin_question_unanswered.html @@ -0,0 +1,14 @@ + + %question_nick% + %question% + +
+ + + +
+ + + Delete + + diff --git a/templates/admin_questions.html b/templates/admin_questions.html index ad8d6572..171f10b5 100644 --- a/templates/admin_questions.html +++ b/templates/admin_questions.html @@ -24,6 +24,9 @@ Not yet answered questions: + @@ -33,9 +36,6 @@ Not yet answered questions: - -- cgit v1.2.3-54-g00ecf
+ From + Question Answer - From -