mirror of
https://github.com/WhatCD/Gazelle.git
synced 2024-12-15 03:46:25 +00:00
48 lines
1.2 KiB
PHP
48 lines
1.2 KiB
PHP
|
<?
|
||
|
enforce_login();
|
||
|
// Get user level
|
||
|
$DB->query("
|
||
|
SELECT
|
||
|
i.SupportFor,
|
||
|
p.DisplayStaff
|
||
|
FROM users_info as i
|
||
|
JOIN users_main as m ON m.ID = i.UserID
|
||
|
JOIN permissions as p ON p.ID = m.PermissionID
|
||
|
WHERE i.UserID = ".$LoggedUser['ID']
|
||
|
);
|
||
|
list($SupportFor, $DisplayStaff) = $DB->next_record();
|
||
|
|
||
|
if (!($SupportFor != '' || $DisplayStaff == '1')) {
|
||
|
// Logged in user is not FLS or Staff
|
||
|
error(403);
|
||
|
}
|
||
|
|
||
|
if (($Message = db_string($_POST['message'])) && ($Name = db_string($_POST['name']))) {
|
||
|
$ID = (int)$_POST['id'];
|
||
|
if (is_numeric($ID)) {
|
||
|
if ($ID == 0) {
|
||
|
// Create new response
|
||
|
$DB->query("INSERT INTO staff_pm_responses (Message, Name) VALUES ('$Message', '$Name')");
|
||
|
echo '1';
|
||
|
} else {
|
||
|
$DB->query("SELECT * FROM staff_pm_responses WHERE ID=$ID");
|
||
|
if ($DB->record_count() != 0) {
|
||
|
// Edit response
|
||
|
$DB->query("UPDATE staff_pm_responses SET Message='$Message', Name='$Name' WHERE ID=$ID");
|
||
|
echo '2';
|
||
|
} else {
|
||
|
// Create new response
|
||
|
$DB->query("INSERT INTO staff_pm_responses (Message, Name) VALUES ('$Message', '$Name')");
|
||
|
echo '1';
|
||
|
}
|
||
|
}
|
||
|
} else {
|
||
|
// No id
|
||
|
echo '-2';
|
||
|
}
|
||
|
|
||
|
} else {
|
||
|
// No message/name
|
||
|
echo '-1';
|
||
|
}
|
||
|
?>
|