engelsystem/includes/pages/admin_questions.php

<?php

use Engelsystem\Database\DB;
use Engelsystem\Models\User\User;

/**
 * @return string
 */
function admin_questions_title()
{
    return __('Answer questions');
}

/**
 * Renders a hint for new questions to answer.
 *
 * @return string|null
 */
function admin_new_questions()
{
    global $page;

    if ($page != 'admin_questions') {
        if (auth()->can('admin_questions')) {
            $new_messages = count(DB::select('SELECT `QID` FROM `Questions` WHERE `AID` IS NULL'));

            if ($new_messages > 0) {
                return '<a href="' . page_link_to('admin_questions') . '">'
                    . __('There are unanswered questions!')
                    . '</a>';
            }
        }
    }

    return null;
}

/**
 * @return string
 */
function admin_questions()
{
    $user = auth()->user();
    $request = request();

    if (!$request->has('action')) {
        $unanswered_questions_table = [];
        $questions = DB::select('SELECT * FROM `Questions` WHERE `AID` IS NULL');
        foreach ($questions as $question) {
            $user_source = User::find($question['UID']);

            $unanswered_questions_table[] = [
                'from'     => User_Nick_render($user_source),
                'question' => nl2br(htmlspecialchars($question['Question'])),
                'answer'   => form([
                    form_textarea('answer', '', ''),
                    form_submit('submit', __('Save'))
                ], page_link_to('admin_questions', ['action' => 'answer', 'id' => $question['QID']])),
                'actions'  => form([
                    form_submit('submit', __('delete'), 'btn-xs'),
                ], page_link_to('admin_questions', ['action' => 'delete', 'id' => $question['QID']])),
            ];
        }

        $answered_questions_table = [];
        $questions = DB::select('SELECT * FROM `Questions` WHERE NOT `AID` IS NULL');
        foreach ($questions as $question) {
            $user_source = User::find($question['UID']);
            $answer_user_source = User::find($question['AID']);
            $answered_questions_table[] = [
                'from'        => User_Nick_render($user_source),
                'question'    => nl2br(htmlspecialchars($question['Question'])),
                'answered_by' => User_Nick_render($answer_user_source),
                'answer'      => nl2br(htmlspecialchars($question['Answer'])),
                'actions'     => form([
                    form_submit('submit', __('delete'), 'btn-xs')
                ], page_link_to('admin_questions', ['action' => 'delete', 'id' => $question['QID']]))
            ];
        }

        return page_with_title(admin_questions_title(), [
            '<h2>' . __('Unanswered questions') . '</h2>',
            table([
                'from'     => __('From'),
                'question' => __('Question'),
                'answer'   => __('Answer'),
                'actions'  => ''
            ], $unanswered_questions_table),
            '<h2>' . __('Answered questions') . '</h2>',
            table([
                'from'        => __('From'),
                'question'    => __('Question'),
                'answered_by' => __('Answered by'),
                'answer'      => __('Answer'),
                'actions'     => ''
            ], $answered_questions_table)
        ]);
    } else {
        switch ($request->input('action')) {
            case 'answer':
                if (
                    $request->has('id')
                    && preg_match('/^\d{1,11}$/', $request->input('id'))
                    && $request->hasPostData('submit')
                ) {
                    $question_id = $request->input('id');
                } else {
                    return error('Incomplete call, missing Question ID.', true);
                }

                $question = DB::selectOne(
                    'SELECT * FROM `Questions` WHERE `QID`=? LIMIT 1',
                    [$question_id]
                );
                if (!empty($question) && empty($question['AID'])) {
                    $answer = trim($request->input('answer'));

                    if (!empty($answer)) {
                        DB::update('
                                UPDATE `Questions`
                                SET `AID`=?, `Answer`=?
                                WHERE `QID`=?
                                LIMIT 1
                            ',
                            [
                                $user->id,
                                $answer,
                                $question_id,
                            ]
                        );
                        engelsystem_log(
                            'Question '
                            . $question['Question']
                            . ' answered: '
                            . $answer
                        );
                        redirect(page_link_to('admin_questions'));
                    } else {
                        return error('Enter an answer!', true);
                    }
                } else {
                    return error('No question found.', true);
                }
                break;
            case 'delete':
                if (
                    $request->has('id')
                    && preg_match('/^\d{1,11}$/', $request->input('id'))
                    && $request->hasPostData('submit')
                ) {
                    $question_id = $request->input('id');
                } else {
                    return error('Incomplete call, missing Question ID.', true);
                }

                $question = DB::selectOne(
                    'SELECT * FROM `Questions` WHERE `QID`=? LIMIT 1',
                    [$question_id]
                );
                if (!empty($question)) {
                    DB::delete('DELETE FROM `Questions` WHERE `QID`=? LIMIT 1', [$question_id]);
                    engelsystem_log('Question deleted: ' . $question['Question']);
                    redirect(page_link_to('admin_questions'));
                } else {
                    return error('No question found.', true);
                }
                break;
        }
    }

    return '';
}
admin questions 2011-06-03 00:22:11 +02:00			`<?php`
prohibit inline control structures on pages 2016-09-29 10:53:17 +02:00
Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00			`use Engelsystem\Database\DB;`
Changed more functions :tada: 2018-10-09 21:47:31 +02:00			`use Engelsystem\Models\User\User;`
Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00
PPHDoc, formatting, fixes, cleanup 2017-01-03 03:22:48 +01:00			`/**`
			`* @return string`
			`*/`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`function admin_questions_title()`
			`{`
Replaced gettext translation `_()` with `__()` that uses the Translator class 2018-08-29 21:55:32 +02:00			`return __('Answer questions');`
basic gettext integration 2013-11-25 21:04:58 +01:00			`}`

reduce complexity of menu and hints 2016-11-15 16:28:20 +01:00			`/**`
			`* Renders a hint for new questions to answer.`
PPHDoc, formatting, fixes, cleanup 2017-01-03 03:22:48 +01:00			`*`
			`* @return string\|null`
reduce complexity of menu and hints 2016-11-15 16:28:20 +01:00			`*/`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`function admin_new_questions()`
			`{`
Moved permission checks to Authenticator class 2018-11-12 14:41:23 +01:00			`global $page;`
Formatting 2017-01-02 15:43:36 +01:00
Replaced " with ' 2017-01-03 14:12:17 +01:00			`if ($page != 'admin_questions') {`
Moved permission checks to Authenticator class 2018-11-12 14:41:23 +01:00			`if (auth()->can('admin_questions')) {`
Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00			$new_messages = count(DB::select('SELECT `QID` FROM `Questions` WHERE `AID` IS NULL'));
Formatting 2017-01-02 15:43:36 +01:00
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`if ($new_messages > 0) {`
Formatting & Docstrings 2017-12-25 23:12:52 +01:00			`return '<a href="' . page_link_to('admin_questions') . '">'`
Replaced gettext translation `_()` with `__()` that uses the Translator class 2018-08-29 21:55:32 +02:00			`. __('There are unanswered questions!')`
Formatting & Docstrings 2017-12-25 23:12:52 +01:00			`. '</a>';`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`}`
			`}`
prohibit inline control structures on pages 2016-09-29 10:53:17 +02:00			`}`
Formatting 2017-01-02 15:43:36 +01:00
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`return null;`
admin questions 2011-06-03 00:22:11 +02:00			`}`

PPHDoc, formatting, fixes, cleanup 2017-01-03 03:22:48 +01:00			`/**`
			`* @return string`
			`*/`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`function admin_questions()`
			`{`
Replaced `Auth()` with `auth()` 2018-10-31 12:48:22 +01:00			`$user = auth()->user();`
Changed $_GET, $_POST and $_REQUEST to use the Request object 2017-07-18 21:38:53 +02:00			`$request = request();`
Formatting 2017-01-02 15:43:36 +01:00
Changed $_GET, $_POST and $_REQUEST to use the Request object 2017-07-18 21:38:53 +02:00			`if (!$request->has('action')) {`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`$unanswered_questions_table = [];`
Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00			$questions = DB::select('SELECT * FROM `Questions` WHERE `AID` IS NULL');
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`foreach ($questions as $question) {`
Changed more functions :tada: 2018-10-09 21:47:31 +02:00			`$user_source = User::find($question['UID']);`
Formatting 2017-01-02 15:43:36 +01:00
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`$unanswered_questions_table[] = [`
Formatting 2017-01-02 15:43:36 +01:00			`'from' => User_Nick_render($user_source),`
questions: Don't strip content from messages closes #545 ("=" removed in Questions & Answers) 2018-12-28 22:34:30 +01:00			`'question' => nl2br(htmlspecialchars($question['Question'])),`
Formatting 2017-01-02 15:43:36 +01:00			`'answer' => form([`
			`form_textarea('answer', '', ''),`
Replaced gettext translation `_()` with `__()` that uses the Translator class 2018-08-29 21:55:32 +02:00			`form_submit('submit', __('Save'))`
#337: Added routing 2017-08-28 16:21:10 +02:00			`], page_link_to('admin_questions', ['action' => 'answer', 'id' => $question['QID']])),`
Require POST for sending forms * Ensure that the form is submitted with a post request * Replaced several links with forms Closes #494 (Security Vulnerability) 2018-11-20 16:02:03 +01:00			`'actions' => form([`
			`form_submit('submit', __('delete'), 'btn-xs'),`
			`], page_link_to('admin_questions', ['action' => 'delete', 'id' => $question['QID']])),`
Formatting 2017-01-02 15:43:36 +01:00			`];`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`}`
Formatting 2017-01-02 15:43:36 +01:00
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`$answered_questions_table = [];`
Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00			$questions = DB::select('SELECT * FROM `Questions` WHERE NOT `AID` IS NULL');
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`foreach ($questions as $question) {`
Changed more functions :tada: 2018-10-09 21:47:31 +02:00			`$user_source = User::find($question['UID']);`
Removed `User($id)` function :tada: 2018-10-10 03:10:28 +02:00			`$answer_user_source = User::find($question['AID']);`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`$answered_questions_table[] = [`
Formatting 2017-01-02 15:43:36 +01:00			`'from' => User_Nick_render($user_source),`
questions: Don't strip content from messages closes #545 ("=" removed in Questions & Answers) 2018-12-28 22:34:30 +01:00			`'question' => nl2br(htmlspecialchars($question['Question'])),`
Formatting 2017-01-02 15:43:36 +01:00			`'answered_by' => User_Nick_render($answer_user_source),`
questions: Don't strip content from messages closes #545 ("=" removed in Questions & Answers) 2018-12-28 22:34:30 +01:00			`'answer' => nl2br(htmlspecialchars($question['Answer'])),`
Require POST for sending forms * Ensure that the form is submitted with a post request * Replaced several links with forms Closes #494 (Security Vulnerability) 2018-11-20 16:02:03 +01:00			`'actions' => form([`
			`form_submit('submit', __('delete'), 'btn-xs')`
			`], page_link_to('admin_questions', ['action' => 'delete', 'id' => $question['QID']]))`
Formatting 2017-01-02 15:43:36 +01:00			`];`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`}`
Formatting 2017-01-02 15:43:36 +01:00
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`return page_with_title(admin_questions_title(), [`
Replaced gettext translation `_()` with `__()` that uses the Translator class 2018-08-29 21:55:32 +02:00			`'<h2>' . __('Unanswered questions') . '</h2>',`
Formatting 2017-01-02 15:43:36 +01:00			`table([`
Replaced gettext translation `_()` with `__()` that uses the Translator class 2018-08-29 21:55:32 +02:00			`'from' => __('From'),`
			`'question' => __('Question'),`
			`'answer' => __('Answer'),`
Formatting 2017-01-02 15:43:36 +01:00			`'actions' => ''`
			`], $unanswered_questions_table),`
Replaced gettext translation `_()` with `__()` that uses the Translator class 2018-08-29 21:55:32 +02:00			`'<h2>' . __('Answered questions') . '</h2>',`
Formatting 2017-01-02 15:43:36 +01:00			`table([`
Replaced gettext translation `_()` with `__()` that uses the Translator class 2018-08-29 21:55:32 +02:00			`'from' => __('From'),`
			`'question' => __('Question'),`
			`'answered_by' => __('Answered by'),`
			`'answer' => __('Answer'),`
Formatting 2017-01-02 15:43:36 +01:00			`'actions' => ''`
			`], $answered_questions_table)`
			`]);`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`} else {`
Changed $_GET, $_POST and $_REQUEST to use the Request object 2017-07-18 21:38:53 +02:00			`switch ($request->input('action')) {`
Formatting 2017-01-02 15:43:36 +01:00			`case 'answer':`
Require POST for sending forms * Ensure that the form is submitted with a post request * Replaced several links with forms Closes #494 (Security Vulnerability) 2018-11-20 16:02:03 +01:00			`if (`
			`$request->has('id')`
			`&& preg_match('/^\d{1,11}$/', $request->input('id'))`
			`&& $request->hasPostData('submit')`
			`) {`
Changed $_GET, $_POST and $_REQUEST to use the Request object 2017-07-18 21:38:53 +02:00			`$question_id = $request->input('id');`
Formatting 2017-01-02 15:43:36 +01:00			`} else {`
Replaced " with ' 2017-01-03 14:12:17 +01:00			`return error('Incomplete call, missing Question ID.', true);`
Formatting 2017-01-02 15:43:36 +01:00			`}`

dried code by introducing selectOne for select queries with only one result line expected 2017-07-28 20:11:09 +02:00			`$question = DB::selectOne(`
Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00			'SELECT * FROM `Questions` WHERE `QID`=? LIMIT 1',
			`[$question_id]`
			`);`
database: updated checks for selectOne 2018-01-14 17:47:26 +01:00			`if (!empty($question) && empty($question['AID'])) {`
questions: Don't strip content from messages closes #545 ("=" removed in Questions & Answers) 2018-12-28 22:34:30 +01:00			`$answer = trim($request->input('answer'));`
Formatting 2017-01-02 15:43:36 +01:00
questions: Don't strip content from messages closes #545 ("=" removed in Questions & Answers) 2018-12-28 22:34:30 +01:00			`if (!empty($answer)) {`
Removed spaces 2017-01-22 01:02:52 +01:00			`DB::update('`
Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00			UPDATE `Questions`
			SET `AID`=?, `Answer`=?
			WHERE `QID`=?
			`LIMIT 1`
			`',`
			`[`
Replaced some global `$user` variables 2018-10-08 21:15:56 +02:00			`$user->id,`
Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00			`$answer,`
			`$question_id,`
			`]`
			`);`
questions: Don't strip content from messages closes #545 ("=" removed in Questions & Answers) 2018-12-28 22:34:30 +01:00			`engelsystem_log(`
			`'Question '`
Log messages without inline HTML 2019-05-31 04:03:19 +02:00			`. $question['Question']`
questions: Don't strip content from messages closes #545 ("=" removed in Questions & Answers) 2018-12-28 22:34:30 +01:00			`. ' answered: '`
Log messages without inline HTML 2019-05-31 04:03:19 +02:00			`. $answer`
questions: Don't strip content from messages closes #545 ("=" removed in Questions & Answers) 2018-12-28 22:34:30 +01:00			`);`
Replaced " with ' 2017-01-03 14:12:17 +01:00			`redirect(page_link_to('admin_questions'));`
Formatting 2017-01-02 15:43:36 +01:00			`} else {`
Replaced " with ' 2017-01-03 14:12:17 +01:00			`return error('Enter an answer!', true);`
Formatting 2017-01-02 15:43:36 +01:00			`}`
			`} else {`
Replaced " with ' 2017-01-03 14:12:17 +01:00			`return error('No question found.', true);`
Formatting 2017-01-02 15:43:36 +01:00			`}`
			`break;`
			`case 'delete':`
Require POST for sending forms * Ensure that the form is submitted with a post request * Replaced several links with forms Closes #494 (Security Vulnerability) 2018-11-20 16:02:03 +01:00			`if (`
			`$request->has('id')`
			`&& preg_match('/^\d{1,11}$/', $request->input('id'))`
			`&& $request->hasPostData('submit')`
			`) {`
Changed $_GET, $_POST and $_REQUEST to use the Request object 2017-07-18 21:38:53 +02:00			`$question_id = $request->input('id');`
Formatting 2017-01-02 15:43:36 +01:00			`} else {`
Replaced " with ' 2017-01-03 14:12:17 +01:00			`return error('Incomplete call, missing Question ID.', true);`
Formatting 2017-01-02 15:43:36 +01:00			`}`

dried code by introducing selectOne for select queries with only one result line expected 2017-07-28 20:11:09 +02:00			`$question = DB::selectOne(`
Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00			'SELECT * FROM `Questions` WHERE `QID`=? LIMIT 1',
			`[$question_id]`
			`);`
dried code by introducing selectOne for select queries with only one result line expected 2017-07-28 20:11:09 +02:00			`if (!empty($question)) {`
Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00			DB::delete('DELETE FROM `Questions` WHERE `QID`=? LIMIT 1', [$question_id]);
Log messages without inline HTML 2019-05-31 04:03:19 +02:00			`engelsystem_log('Question deleted: ' . $question['Question']);`
Replaced " with ' 2017-01-03 14:12:17 +01:00			`redirect(page_link_to('admin_questions'));`
Formatting 2017-01-02 15:43:36 +01:00			`} else {`
Replaced " with ' 2017-01-03 14:12:17 +01:00			`return error('No question found.', true);`
Formatting 2017-01-02 15:43:36 +01:00			`}`
			`break;`
prohibit inline control structures on pages 2016-09-29 10:53:17 +02:00			`}`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`}`
PPHDoc, formatting, fixes, cleanup 2017-01-03 03:22:48 +01:00
			`return '';`
admin questions 2011-06-03 00:22:11 +02:00			`}`