Gazelle/sections/staffpm/ajax_edit_response.php
2013-02-22 08:00:24 +00:00

48 lines
1.1 KiB
PHP

<?
enforce_login();
// Get user level
$DB->query("
SELECT
i.SupportFor,
p.DisplayStaff
FROM users_info as i
JOIN users_main as m ON m.ID = i.UserID
JOIN permissions as p ON p.ID = m.PermissionID
WHERE i.UserID = ".$LoggedUser['ID']
);
list($SupportFor, $DisplayStaff) = $DB->next_record();
if (!($SupportFor != '' || $DisplayStaff == '1')) {
// Logged in user is not FLS or Staff
error(403);
}
if (($Message = db_string($_POST['message'])) && ($Name = db_string($_POST['name']))) {
$ID = (int)$_POST['id'];
if (is_numeric($ID)) {
if ($ID == 0) {
// Create new response
$DB->query("INSERT INTO staff_pm_responses (Message, Name) VALUES ('$Message', '$Name')");
echo '1';
} else {
$DB->query("SELECT * FROM staff_pm_responses WHERE ID=$ID");
if ($DB->record_count() != 0) {
// Edit response
$DB->query("UPDATE staff_pm_responses SET Message='$Message', Name='$Name' WHERE ID=$ID");
echo '2';
} else {
// Create new response
$DB->query("INSERT INTO staff_pm_responses (Message, Name) VALUES ('$Message', '$Name')");
echo '1';
}
}
} else {
// No id
echo '-2';
}
} else {
// No message/name
echo '-1';
}
?>