mirror of
https://github.com/WhatCD/Gazelle.git
synced 2024-12-15 11:56:25 +00:00
59 lines
1.2 KiB
PHP
59 lines
1.2 KiB
PHP
<?
|
|
enforce_login();
|
|
// Get user level
|
|
$DB->query('
|
|
SELECT
|
|
i.SupportFor,
|
|
p.DisplayStaff
|
|
FROM users_info AS i
|
|
JOIN users_main AS m ON m.ID = i.UserID
|
|
JOIN permissions AS p ON p.ID = m.PermissionID
|
|
WHERE i.UserID = '.$LoggedUser['ID']
|
|
);
|
|
list($SupportFor, $DisplayStaff) = $DB->next_record();
|
|
|
|
if (!($SupportFor != '' || $DisplayStaff == '1')) {
|
|
// Logged in user is not FLS or Staff
|
|
error(403);
|
|
}
|
|
|
|
if (($Message = db_string($_POST['message'])) && ($Name = db_string($_POST['name']))) {
|
|
$ID = (int)$_POST['id'];
|
|
if (is_numeric($ID)) {
|
|
if ($ID == 0) {
|
|
// Create new response
|
|
$DB->query("
|
|
INSERT INTO staff_pm_responses (Message, Name)
|
|
VALUES ('$Message', '$Name')");
|
|
echo '1';
|
|
} else {
|
|
$DB->query("
|
|
SELECT *
|
|
FROM staff_pm_responses
|
|
WHERE ID = $ID");
|
|
if ($DB->has_results()) {
|
|
// Edit response
|
|
$DB->query("
|
|
UPDATE staff_pm_responses
|
|
SET Message = '$Message', Name = '$Name'
|
|
WHERE ID = $ID");
|
|
echo '2';
|
|
} else {
|
|
// Create new response
|
|
$DB->query("
|
|
INSERT INTO staff_pm_responses (Message, Name)
|
|
VALUES ('$Message', '$Name')");
|
|
echo '1';
|
|
}
|
|
}
|
|
} else {
|
|
// No ID
|
|
echo '-2';
|
|
}
|
|
|
|
} else {
|
|
// No message/name
|
|
echo '-1';
|
|
}
|
|
?>
|