summaryrefslogtreecommitdiff
path: root/system/reports/answer.php
diff options
context:
space:
mode:
Diffstat (limited to 'system/reports/answer.php')
-rw-r--r--system/reports/answer.php42
1 files changed, 42 insertions, 0 deletions
diff --git a/system/reports/answer.php b/system/reports/answer.php
new file mode 100644
index 0000000..8c88a4a
--- /dev/null
+++ b/system/reports/answer.php
@@ -0,0 +1,42 @@
+<?php
+include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/alert.php";
+include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/accounts.php";
+include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/config.php";
+include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/utils.php";
+
+if (!CONFIG['reports']['enable']) {
+ generate_alert("/404.php", "Reports are disabled", 405);
+ exit();
+}
+
+if (!authorize_user(true) || !$_SESSION["user_role"]["permission_report_review"]) {
+ generate_alert("/404.php", "Not enough permissions", 403);
+ exit();
+}
+
+if (!isset($_POST["id"], $_POST["response"])) {
+ generate_alert("/system/reports/", "Not enough POST fields");
+ exit();
+}
+
+$id = $_POST["id"];
+
+$db = new PDO(CONFIG['database']['url'], CONFIG['database']['user'], CONFIG['database']['pass']);
+
+$stmt = $db->prepare("SELECT id, sender_id FROM reports WHERE id = ? AND resolved_by IS NULL");
+$stmt->execute([$id]);
+
+$row = $stmt->fetch(PDO::FETCH_ASSOC) ?: null;
+
+if (!$row) {
+ generate_alert("/system/reports/", "Report ID $id not found", 404);
+ exit();
+}
+
+$db->prepare("UPDATE reports SET resolved_by = ?, response_message = ? WHERE id = ?")
+ ->execute([$_SESSION['user_id'], str_safe($_POST['response'], null), $id]);
+
+$db->prepare("INSERT INTO inbox_messages(recipient_id, message_type, contents, link) VALUES (?, ?, ?, ?)")
+ ->execute([$row["sender_id"], "2", "Your report has been reviewed!", "/report/?id=" . $row["id"]]);
+
+generate_alert("/system/reports", 'The report has been reviewed!', 200); \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-12 15:30:49 +0000