includes/pages/admin_questions.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

<?php

function admin_questions_title()
{
    return _("Answer questions");
}

/**
 * Renders a hint for new questions to answer.
 */
function admin_new_questions()
{
    global $privileges, $page;
  
    if ($page != "admin_questions") {
        if (in_array("admin_questions", $privileges)) {
            $new_messages = sql_num_query("SELECT * FROM `Questions` WHERE `AID` IS NULL");
      
            if ($new_messages > 0) {
                return '<a href="' . page_link_to("admin_questions") . '">' . _('There are unanswered questions!') . '</a>';
            }
        }
    }
  
    return null;
}

function admin_questions()
{
    global $user;
  
    if (! isset($_REQUEST['action'])) {
        $unanswered_questions_table = [];
        $questions = sql_select("SELECT * FROM `Questions` WHERE `AID` IS NULL");
        foreach ($questions as $question) {
            $user_source = User($question['UID']);
      
            $unanswered_questions_table[] = [
          'from' => User_Nick_render($user_source),
          'question' => str_replace("\n", "<br />", $question['Question']),
          'answer' => form([
              form_textarea('answer', '', ''),
              form_submit('submit', _("Save"))
          ], page_link_to('admin_questions') . '&action=answer&id=' . $question['QID']),
          'actions' => button(page_link_to("admin_questions") . '&action=delete&id=' . $question['QID'], _("delete"), 'btn-xs')
      ];
        }
    
        $answered_questions_table = [];
        $questions = sql_select("SELECT * FROM `Questions` WHERE NOT `AID` IS NULL");
        foreach ($questions as $question) {
            $user_source = User($question['UID']);
            $answer_user_source = User($question['AID']);
            $answered_questions_table[] = [
          'from' => User_Nick_render($user_source),
          'question' => str_replace("\n", "<br />", $question['Question']),
          'answered_by' => User_Nick_render($answer_user_source),
          'answer' => str_replace("\n", "<br />", $question['Answer']),
          'actions' => button(page_link_to("admin_questions") . '&action=delete&id=' . $question['QID'], _("delete"), 'btn-xs')
      ];
        }
    
        return page_with_title(admin_questions_title(), [
        '<h2>' . _("Unanswered questions") . '</h2>',
        table([
            'from' => _("From"),
            'question' => _("Question"),
            'answer' => _("Answer"),
            'actions' => ''
        ], $unanswered_questions_table),
        '<h2>' . _("Answered questions") . '</h2>',
        table([
            'from' => _("From"),
            'question' => _("Question"),
            'answered_by' => _("Answered by"),
            'answer' => _("Answer"),
            'actions' => ''
        ], $answered_questions_table)
    ]);
    } else {
        switch ($_REQUEST['action']) {
      case 'answer':
        if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) {
            $question_id = $_REQUEST['id'];
        } else {
            return error("Incomplete call, missing Question ID.", true);
        }
        
        $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($question_id) . "' LIMIT 1");
        if (count($question) > 0 && $question[0]['AID'] == null) {
            $answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer'])));
          
            if ($answer != "") {
                sql_query("UPDATE `Questions` SET `AID`='" . sql_escape($user['UID']) . "', `Answer`='" . sql_escape($answer) . "' WHERE `QID`='" . sql_escape($question_id) . "' LIMIT 1");
                engelsystem_log("Question " . $question[0]['Question'] . " answered: " . $answer);
                redirect(page_link_to("admin_questions"));
            } else {
                return error("Enter an answer!", true);
            }
        } else {
            return error("No question found.", true);
        }
        break;
      case 'delete':
        if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) {
            $question_id = $_REQUEST['id'];
        } else {
            return error("Incomplete call, missing Question ID.", true);
        }
        
        $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($question_id) . "' LIMIT 1");
        if (count($question) > 0) {
            sql_query("DELETE FROM `Questions` WHERE `QID`='" . sql_escape($question_id) . "' LIMIT 1");
            engelsystem_log("Question deleted: " . $question[0]['Question']);
            redirect(page_link_to("admin_questions"));
        } else {
            return error("No question found.", true);
        }
        break;
    }
    }
}