.
*/
include("./include/include.php");
admin_header();
if( !in_array("candidate_editpositions", $_SESSION['sess_functions']) ) {
echoln("You are not authorized to see this page.");
}else {
$query="SELECT `position`, `places`, `deadline` FROM `candidatepost` WHERE `id`=".addslashes(get_int('candidatepost_id'));
if( @mysql_num_rows( $res=doquery($query) )!=1 ) {
echoln("Error: unknown position.
");
echoln("Back
");
}else {
$row = mysql_fetch_array($res);
$Position = $row['position'];
echoln("Additional questions - " . $Position . "
");
echoln("Back
");
$questionsAnswered = false;
$query = "SELECT COUNT(*) AS `count` FROM `cand_extraanswers` INNER JOIN `cand_extraquestions` ON `cand_extraquestions`.`id` = `cand_extraanswers`.`question_id` WHERE `candidatepost_id` = " . addslashes(get_int('candidatepost_id'));
if( @mysql_num_rows( $res = doquery($query))==1 ) {
$row = mysql_fetch_assoc($res);
$questionsAnswered = $row['count'] > 0;
}
$error = false;
if( isset($_REQUEST['new']) ) {
###########
### New ###
###########
$data['id'] = 0;
$data['question'] = "";
$data['maxlength'] = 100;
$data['candidatepost_id'] = get_int('candidatepost_id');
}
if( isset($_REQUEST['edit']) || isset($_REQUEST['delete']) || isset($_REQUEST['up']) || isset($_REQUEST['down']) ) {
#################
### Load Data ###
#################
$query = "SELECT `id`, `question`, `maxlength`, `order` FROM `cand_extraquestions` WHERE `id`=".addslashes(get_int('id')) . " AND `candidatepost_id` = " . addslashes(get_int('candidatepost_id'));
if( @mysql_num_rows( $res=doquery($query) )==1 ) {
// Ok, load data
$data = mysql_fetch_assoc($res);
}else {
// Query failed
echoln("Error: unable to load the question. Please try again later.
");
$error = true;
}
}
if( !$questionsAnswered && isset($_REQUEST['delete']) && !$error ) {
##############
### DELETE ###
##############
if( isset($_GET['confirm']) ) {
// Delete this user
$query = "DELETE FROM `cand_extraquestions` WHERE `id`=".addslashes($data['id']) . " AND `candidatepost_id` = " . addslashes(get_int('candidatepost_id'));
if( doquery($query) ) {
// Successfull
echoln("Successfully deleted '".$data['question']."'.");
$query = "SELECT `id` FROM `cand_extraquestions` WHERE `candidatepost_id` = " . addslashes(get_int('candidatepost_id')) . " ORDER BY `order`";
if( @mysql_num_rows( $res=doquery($query) )>0 ) {
$order = 1;
while( $row = mysql_fetch_assoc($res) ) {
$query = "UPDATE `cand_extraquestions` SET `order`=" . addslashes($order++) . " WHERE `id`=" . addslashes($row['id']);
doquery($query);
}
}
}else {
// Error
echoln("Unable to delete question. Please try again.");
}
unset($_REQUEST['delete']);
}else {
// Ask for confirmation
echoln("Are you sure you want to delete '".$data['question']."'?");
echoln("Yes ");
echoln("No
");
}
}
if( isset($_REQUEST['save']) && !$error ) {
###################
### ERROR CHECK ###
###################
$errors = "";
$errorFields = array();
// Check for errors before saving
$data['id'] = get_int('id');
$data['candidatepost_id'] = get_int('candidatepost_id');
//Question
$data['question'] = $_POST['question'];
if( strlen($data['question'])<3 || strlen($data['question'])>255 ) {
$errors .= "The question must be maximum 255 characters.";
$error = true;
}
//Maxlength
$data['maxlength'] = get_int('maxlength');
if( $data['maxlength']<1 || $data['maxlength']>4000 ) {
$errors .= "The maximum length must be between 1 and 4000.";
$error = true;
}
//Order
if( $data['id']<1 ) {
$query = "SELECT MAX(`order`) + 1 AS `order` FROM `cand_extraquestions` WHERE `candidatepost_id` = " . addslashes(get_int('candidatepost_id'));
if( @mysql_num_rows( $res=doquery($query) )==1 ) {
$orderResult = mysql_fetch_assoc($res);
if( $orderResult['order']==NULL ) {
$data['order'] = 1;
}else {
$data['order'] = $orderResult['order'];
}
}
}
if( $errors!="" ) {
echoln("");
}
if( !$error ) {
#################
### SAVE DATA ###
#################
if( $data['id']>0 ) {
// Edited entry, update
$query = "UPDATE `cand_extraquestions` SET `question`='".addslashes($data['question'])."', `maxlength`=".addslashes($data['maxlength'])." ";
$query.= "WHERE `id`=".addslashes($data['id']) . " AND `candidatepost_id` = " . addslashes($data['candidatepost_id']);
if( doquery($query) ) {
// Saving succeeded
echoln("Question saved successfully.");
}else {
// Saving failed
echoln("Saving of question failed. Please try again.");
}
}else {
// New entry, insert
$query = "INSERT INTO `cand_extraquestions` (`question`, `maxlength`, `order`, `candidatepost_id`) ";
$query.= "VALUES ('".addslashes($data['question'])."', ".addslashes($data['maxlength']).", ".addslashes($data['order']).", " . addslashes($data['candidatepost_id']) . ")";
if( doquery($query) ) {
$data['id'] = mysql_insert_id();
// Saving succeeded
echoln("New question saved successfully.");
}else {
// Saving failed
echoln("Saving of new question failed. Please try again.");
}
}
}else {
// Error found, reshow form
$error = false;
if( $data['id']>0 ) {
$_REQUEST['edit'] = true; // id avail, so this was an edit
}else {
$_REQUEST['new'] = true; // id unavailable, so this was a new entry
}
}
}
if( isset($_REQUEST['up']) && !$error ) {
$query = "SELECT `id` FROM `cand_extraquestions` WHERE `order` = " . addslashes($data['order'] - 1) . " AND `candidatepost_id` = " . addslashes(get_int('candidatepost_id'));
if( @mysql_num_rows( $res = doquery($query) ) ) {
$row = mysql_fetch_assoc($res);
$otherId = $row['id'];
$query1 = "UPDATE `cand_extraquestions` SET `order` = " . addslashes($data['order']) . " WHERE `id` = " . addslashes($otherId) . " AND `candidatepost_id` = " . addslashes(get_int('candidatepost_id'));
$query2 = "UPDATE `cand_extraquestions` SET `order` = " . addslashes($data['order'] - 1) . " WHERE `id` = " . addslashes($data['id']). " AND `candidatepost_id` = " . addslashes(get_int('candidatepost_id'));
if( doquery($query1) && doquery($query2) ) {
echoln("Question moved up successfully.");
}else {
echoln("Moving up of question failed. Please try again.");
}
}else {
echoln("Moving up of question failed, there is no question above.");
}
}
if( isset($_REQUEST['down']) && !$error ) {
$query = "SELECT `id` FROM `cand_extraquestions` WHERE `order` = " . addslashes($data['order'] + 1) . " AND `candidatepost_id` = " . addslashes(get_int('candidatepost_id'));
if( @mysql_num_rows( $res = doquery($query) ) ) {
$row = mysql_fetch_assoc($res);
$otherId = $row['id'];
$query1 = "UPDATE `cand_extraquestions` SET `order` = " . addslashes($data['order']) . " WHERE `id` = " . addslashes($otherId) . " AND `candidatepost_id` = " . addslashes(get_int('candidatepost_id'));
$query2 = "UPDATE `cand_extraquestions` SET `order` = " . addslashes($data['order'] + 1) . " WHERE `id` = " . addslashes($data['id']) . " AND `candidatepost_id` = " . addslashes(get_int('candidatepost_id'));
if( doquery($query1) && doquery($query2) ) {
echoln("Question moved down successfully.");
}else {
echoln("Moving down of question failed. Please try again.");
}
}else {
echoln("Moving down of question failed, there is no question below.");
}
}
if( (isset($_REQUEST['new']) || isset($_REQUEST['edit'])) && !$error ) {
#################
### Show form ###
#################
echoln("Back");
echoln("");
echoln(" ");
}elseif( !isset($_REQUEST['delete']) || (isset($_REQUEST['delete']) && isset($_GET['confirm'])) ) {
#################
### Show list ###
#################
echoln("Add new question");
$query="SELECT `id`, `question`, `maxlength`, `order` FROM `cand_extraquestions` WHERE `candidatepost_id` = " . addslashes(get_int('candidatepost_id')) . " ORDER BY `order`";
if( @mysql_num_rows( $res=doquery($query) )>0 ) {
echoln("");
echoln(" ");
echoln(" | Question | ");
echoln(" Maximum length | ");
echoln(" | ");
echoln("
");
$r=0;
while( $row=mysql_fetch_array($res) ) {
echoln(" ");
echoln(" | ".$row['question']." | ");
echoln(" ".$row['maxlength']." | ");
echoln(" ");
if( $row['order'] > 1 ) {
echoln(" up ");
}
if( $row['order'] < mysql_num_rows($res) ) {
echoln(" down ");
}
echoln(" edit ");
if( !$questionsAnswered ) {
echoln(" delete");
}
echoln(" | ");
echoln("
");
}
echoln("
");
}
}
}
}
admin_footer();
?>