Gazelle/sections/staffpm/ajax_edit_response.php

<?
enforce_login();
// Get user level
$DB->query('
	SELECT
		i.SupportFor,
		p.DisplayStaff
	FROM users_info AS i
		JOIN users_main AS m ON m.ID = i.UserID
		JOIN permissions AS p ON p.ID = m.PermissionID
	WHERE i.UserID = '.$LoggedUser['ID']
);
list($SupportFor, $DisplayStaff) = $DB->next_record();

if (!($SupportFor != '' || $DisplayStaff == '1')) {
	// Logged in user is not FLS or Staff
	error(403);
}

if (($Message = db_string($_POST['message'])) && ($Name = db_string($_POST['name']))) {
	$ID = (int)$_POST['id'];
	if (is_numeric($ID)) {
		if ($ID == 0) {
			// Create new response
			$DB->query("
				INSERT INTO staff_pm_responses (Message, Name)
				VALUES ('$Message', '$Name')");
			echo '1';
		} else {
			$DB->query("
				SELECT *
				FROM staff_pm_responses
				WHERE ID = $ID");
			if ($DB->has_results()) {
				// Edit response
				$DB->query("
					UPDATE staff_pm_responses
					SET Message = '$Message', Name = '$Name'
					WHERE ID = $ID");
				echo '2';
			} else {
				// Create new response
				$DB->query("
					INSERT INTO staff_pm_responses (Message, Name)
					VALUES ('$Message', '$Name')");
				echo '1';
			}
		}
	} else {
		// No ID
		echo '-2';
	}

} else {
	// No message/name
	echo '-1';
}
?>
Empty commit 2012-09-01 08:00:24 +00:00			`<?`
			`enforce_login();`
			`// Get user level`
Empty commit 2013-07-02 08:01:37 +00:00			`$DB->query('`
Empty commit 2012-09-01 08:00:24 +00:00			`SELECT`
			`i.SupportFor,`
			`p.DisplayStaff`
Empty commit 2013-11-17 08:00:47 +00:00			`FROM users_info AS i`
			`JOIN users_main AS m ON m.ID = i.UserID`
			`JOIN permissions AS p ON p.ID = m.PermissionID`
Empty commit 2013-07-02 08:01:37 +00:00			`WHERE i.UserID = '.$LoggedUser['ID']`
Empty commit 2012-09-01 08:00:24 +00:00			`);`
			`list($SupportFor, $DisplayStaff) = $DB->next_record();`

			`if (!($SupportFor != '' \|\| $DisplayStaff == '1')) {`
			`// Logged in user is not FLS or Staff`
			`error(403);`
			`}`

			`if (($Message = db_string($_POST['message'])) && ($Name = db_string($_POST['name']))) {`
			`$ID = (int)$_POST['id'];`
			`if (is_numeric($ID)) {`
			`if ($ID == 0) {`
			`// Create new response`
Empty commit 2013-07-02 08:01:37 +00:00			`$DB->query("`
			`INSERT INTO staff_pm_responses (Message, Name)`
			`VALUES ('$Message', '$Name')");`
Empty commit 2012-09-01 08:00:24 +00:00			`echo '1';`
			`} else {`
Empty commit 2013-07-02 08:01:37 +00:00			`$DB->query("`
			`SELECT *`
			`FROM staff_pm_responses`
			`WHERE ID = $ID");`
Empty commit 2013-07-10 00:08:53 +00:00			`if ($DB->has_results()) {`
Empty commit 2012-09-01 08:00:24 +00:00			`// Edit response`
Empty commit 2013-07-02 08:01:37 +00:00			`$DB->query("`
			`UPDATE staff_pm_responses`
			`SET Message = '$Message', Name = '$Name'`
			`WHERE ID = $ID");`
Empty commit 2012-09-01 08:00:24 +00:00			`echo '2';`
			`} else {`
			`// Create new response`
Empty commit 2013-07-02 08:01:37 +00:00			`$DB->query("`
			`INSERT INTO staff_pm_responses (Message, Name)`
			`VALUES ('$Message', '$Name')");`
Empty commit 2012-09-01 08:00:24 +00:00			`echo '1';`
			`}`
			`}`
			`} else {`
Empty commit 2013-07-02 08:01:37 +00:00			`// No ID`
Empty commit 2012-09-01 08:00:24 +00:00			`echo '-2';`
			`}`
Empty commit 2013-02-22 08:00:24 +00:00
Empty commit 2012-09-01 08:00:24 +00:00			`} else {`
			`// No message/name`
			`echo '-1';`
			`}`
Empty commit 2013-07-02 08:01:37 +00:00			`?>`