engelsystem/includes/pages/user_questions.php

<?php

use Engelsystem\Database\DB;
use Engelsystem\Models\User\User;

/**
 * @return string
 */
function questions_title()
{
    return __('Ask the Heaven');
}

/**
 * @return string
 */
function user_questions()
{
    $user = auth()->user();
    $request = request();

    if (!$request->has('action')) {
        $open_questions = DB::select(
            'SELECT * FROM `Questions` WHERE `AID` IS NULL AND `UID`=?',
            [$user->id]
        );

        $answered_questions = DB::select(
            'SELECT * FROM `Questions` WHERE NOT `AID` IS NULL AND `UID`=?',
            [$user->id]
        );

        foreach ($answered_questions as &$question) {
            $answer_user_source = User::find($question['AID']);
            $question['answer_user'] = User_Nick_render($answer_user_source);
        }

        return Questions_view(
            $open_questions,
            $answered_questions,
            page_link_to('user_questions', ['action' => 'ask'])
        );
    } else {
        switch ($request->input('action')) {
            case 'ask':
                $question = request()->get('question');
                if (!empty($question) && $request->hasPostData('submit')) {
                    DB::insert('
                        INSERT INTO `Questions` (`UID`, `Question`)
                        VALUES (?, ?)
                        ',
                        [$user->id, $question]
                    );

                    success(__('You question was saved.'));
                    redirect(page_link_to('user_questions'));
                } else {
                    return page_with_title(questions_title(), [
                        error(__('Please enter a question!'), true)
                    ]);
                }
                break;
            case 'delete':
                if (
                    $request->has('id')
                    && preg_match('/^\d{1,11}$/', $request->input('id'))
                    && $request->hasPostData('submit')
                ) {
                    $question_id = $request->input('id');
                } else {
                    return error(__('Incomplete call, missing Question ID.'), true);
                }

                $question = DB::selectOne(
                    'SELECT `UID` FROM `Questions` WHERE `QID`=? LIMIT 1',
                    [$question_id]
                );
                if (!empty($question) && $question['UID'] == $user->id) {
                    DB::delete(
                        'DELETE FROM `Questions` WHERE `QID`=? LIMIT 1',
                        [$question_id]
                    );
                    redirect(page_link_to('user_questions'));
                } else {
                    return page_with_title(questions_title(), [
                        error(__('No question found.'), true)
                    ]);
                }
                break;
        }
    }

    return '';
}
user questions 2011-06-02 23:45:54 +02:00			`<?php`
prohibit inline control structures on pages 2016-09-29 10:53:17 +02:00
Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00			`use Engelsystem\Database\DB;`
Changed more functions :tada: 2018-10-09 21:47:31 +02:00			`use Engelsystem\Models\User\User;`
Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00
PPHDoc, formatting, fixes, cleanup 2017-01-03 03:22:48 +01:00			`/**`
			`* @return string`
			`*/`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`function questions_title()`
			`{`
Replaced gettext translation `_()` with `__()` that uses the Translator class 2018-08-29 21:55:32 +02:00			`return __('Ask the Heaven');`
basic gettext integration 2013-11-25 21:04:58 +01:00			`}`

PPHDoc, formatting, fixes, cleanup 2017-01-03 03:22:48 +01:00			`/**`
			`* @return string`
			`*/`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`function user_questions()`
			`{`
Replaced `Auth()` with `auth()` 2018-10-31 12:48:22 +01:00			`$user = auth()->user();`
Changed $_GET, $_POST and $_REQUEST to use the Request object 2017-07-18 21:38:53 +02:00			`$request = request();`
Formatting 2017-01-02 15:43:36 +01:00
Changed $_GET, $_POST and $_REQUEST to use the Request object 2017-07-18 21:38:53 +02:00			`if (!$request->has('action')) {`
Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00			`$open_questions = DB::select(`
			'SELECT * FROM `Questions` WHERE `AID` IS NULL AND `UID`=?',
Replaced some global `$user` variables 2018-10-08 21:15:56 +02:00			`[$user->id]`
Formatting 2017-01-02 15:43:36 +01:00			`);`

Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00			`$answered_questions = DB::select(`
			'SELECT * FROM `Questions` WHERE NOT `AID` IS NULL AND `UID`=?',
Replaced some global `$user` variables 2018-10-08 21:15:56 +02:00			`[$user->id]`
Formatting 2017-01-02 15:43:36 +01:00			`);`
questions: Don't strip content from messages closes #545 ("=" removed in Questions & Answers) 2018-12-28 22:34:30 +01:00
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`foreach ($answered_questions as &$question) {`
Changed more functions :tada: 2018-10-09 21:47:31 +02:00			`$answer_user_source = User::find($question['AID']);`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`$question['answer_user'] = User_Nick_render($answer_user_source);`
			`}`
Formatting 2017-01-02 15:43:36 +01:00
#337: Added routing 2017-08-28 16:21:10 +02:00			`return Questions_view(`
			`$open_questions,`
			`$answered_questions,`
			`page_link_to('user_questions', ['action' => 'ask'])`
			`);`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`} else {`
Changed $_GET, $_POST and $_REQUEST to use the Request object 2017-07-18 21:38:53 +02:00			`switch ($request->input('action')) {`
Formatting 2017-01-02 15:43:36 +01:00			`case 'ask':`
questions: Don't strip content from messages closes #545 ("=" removed in Questions & Answers) 2018-12-28 22:34:30 +01:00			`$question = request()->get('question');`
			`if (!empty($question) && $request->hasPostData('submit')) {`
handle failed db queries in Db class 2017-07-23 11:46:54 +02:00			`DB::insert('`
Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00			INSERT INTO `Questions` (`UID`, `Question`)
			`VALUES (?, ?)`
			`',`
Replaced some global `$user` variables 2018-10-08 21:15:56 +02:00			`[$user->id, $question]`
Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00			`);`
handle failed db queries in Db class 2017-07-23 11:46:54 +02:00
Replaced gettext translation `_()` with `__()` that uses the Translator class 2018-08-29 21:55:32 +02:00			`success(__('You question was saved.'));`
Replaced " with ' 2017-01-03 14:12:17 +01:00			`redirect(page_link_to('user_questions'));`
Formatting 2017-01-02 15:43:36 +01:00			`} else {`
			`return page_with_title(questions_title(), [`
Replaced gettext translation `_()` with `__()` that uses the Translator class 2018-08-29 21:55:32 +02:00			`error(__('Please enter a question!'), true)`
Formatting 2017-01-02 15:43:36 +01:00			`]);`
			`}`
			`break;`
			`case 'delete':`
Require POST for sending forms * Ensure that the form is submitted with a post request * Replaced several links with forms Closes #494 (Security Vulnerability) 2018-11-20 16:02:03 +01:00			`if (`
			`$request->has('id')`
			`&& preg_match('/^\d{1,11}$/', $request->input('id'))`
			`&& $request->hasPostData('submit')`
			`) {`
Changed $_GET, $_POST and $_REQUEST to use the Request object 2017-07-18 21:38:53 +02:00			`$question_id = $request->input('id');`
Formatting 2017-01-02 15:43:36 +01:00			`} else {`
Replaced gettext translation `_()` with `__()` that uses the Translator class 2018-08-29 21:55:32 +02:00			`return error(__('Incomplete call, missing Question ID.'), true);`
Formatting 2017-01-02 15:43:36 +01:00			`}`

dried code by introducing selectOne for select queries with only one result line expected 2017-07-28 20:11:09 +02:00			`$question = DB::selectOne(`
Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00			'SELECT `UID` FROM `Questions` WHERE `QID`=? LIMIT 1',
			`[$question_id]`
			`);`
Replaced some global `$user` variables 2018-10-08 21:15:56 +02:00			`if (!empty($question) && $question['UID'] == $user->id) {`
Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00			`DB::delete(`
			'DELETE FROM `Questions` WHERE `QID`=? LIMIT 1',
			`[$question_id]`
			`);`
Replaced " with ' 2017-01-03 14:12:17 +01:00			`redirect(page_link_to('user_questions'));`
Formatting 2017-01-02 15:43:36 +01:00			`} else {`
			`return page_with_title(questions_title(), [`
Replaced gettext translation `_()` with `__()` that uses the Translator class 2018-08-29 21:55:32 +02:00			`error(__('No question found.'), true)`
Formatting 2017-01-02 15:43:36 +01:00			`]);`
			`}`
			`break;`
prohibit inline control structures on pages 2016-09-29 10:53:17 +02:00			`}`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`}`
PPHDoc, formatting, fixes, cleanup 2017-01-03 03:22:48 +01:00
			`return '';`
user questions 2011-06-02 23:45:54 +02:00			`}`