<?
enforce_login();
// Get user level
$DB->query("
	SELECT
		i.SupportFor,
		p.DisplayStaff
	FROM users_info as i
	JOIN users_main as m ON m.ID = i.UserID
	JOIN permissions as p ON p.ID = m.PermissionID
	WHERE i.UserID = ".$LoggedUser['ID']
);
list($SupportFor, $DisplayStaff) = $DB->next_record();

if (!($SupportFor != '' || $DisplayStaff == '1')) {
	// Logged in user is not FLS or Staff
	error(403);
}

if (($Message = db_string($_POST['message'])) && ($Name = db_string($_POST['name']))) {
	$ID = (int)$_POST['id'];
	if (is_numeric($ID)) {
		if ($ID == 0) {
			// Create new response
			$DB->query("INSERT INTO staff_pm_responses (Message, Name) VALUES ('$Message', '$Name')");
			echo '1';
		} else {
			$DB->query("SELECT * FROM staff_pm_responses WHERE ID=$ID");
			if ($DB->record_count() != 0) {
				// Edit response
				$DB->query("UPDATE staff_pm_responses SET Message='$Message', Name='$Name' WHERE ID=$ID");
				echo '2';
			} else {
				// Create new response
				$DB->query("INSERT INTO staff_pm_responses (Message, Name) VALUES ('$Message', '$Name')");
				echo '1';
			}
		}
	} else {
		// No id
		echo '-2';
	}
	
} else {
	// No message/name
	echo '-1';
}
?>