0) return '

There are unanswered questions!


'; } return ""; } function admin_questions() { global $user; if (!isset ($_REQUEST['action'])) { $open_questions = ""; $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0"); foreach ($questions as $question) { $open_questions .= '' . UID2Nick($question['UID']) . '' . str_replace("\n", '
', $question['Question']) . ''; $open_questions .= '

'; $open_questions .= 'Delete'; } $answered_questions = ""; $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0"); foreach ($questions as $question) { $answered_questions .= '' . UID2Nick($question['UID']) . '' . str_replace("\n", '
', $question['Question']) . ''; $answered_questions .= '' . UID2Nick($question['AID']) . '' . str_replace("\n", '
', $question['Answer']) . ''; $answered_questions .= 'Delete'; } return template_render('../templates/admin_questions.html', array ( 'link' => page_link_to("admin_questions"), 'open_questions' => $open_questions, 'answered_questions' => $answered_questions )); } else { switch ($_REQUEST['action']) { case 'answer' : if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id']; else return error("Incomplete call, missing Question ID."); $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); if (count($question) > 0 && $question[0]['AID'] == "0") { $answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer']))); if ($answer != "") { sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); header("Location: " . page_link_to("admin_questions")); } else return error("Please enter an answer!"); } else return error("No question found."); break; case 'delete' : if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id']; else return error("Incomplete call, missing Question ID."); $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); if (count($question) > 0) { sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); header("Location: " . page_link_to("admin_questions")); } else return error("No question found."); break; } } } ?>