<?php
    $_id = isset($_GET['i']) ? intval($_GET['i']) : 0;
    $_todo = isset($_POST['todo']) ? trim(strval($_POST['todo'])) : '';
    $_reason = isset($_POST['reason']) ? trim(strval($_POST['reason'])) : '';

    $tiles = mysqli_query_logged("SELECT * FROM tiles WHERE tile_id = " . sq($_id) . " AND quilt_id IN (SELECT quilt_id FROM quilts_permissions WHERE user_id = '" . $GLOBALS['auth']['id'] . "') AND visibility = '-1'");
    if ($tiles_row = mysqli_fetch_assoc($tiles))
    {
        if ($_todo == 0 || $_todo == 1)
        {
            if ($_todo == 0)
            {
                mysqli_query_logged("UPDATE tiles SET visibility = '0', deleted = '1' WHERE tile_id = " . sq($_id));
            }
            elseif ($_todo == 1)
            {
                mysqli_query_logged("UPDATE tiles SET visibility = '0' WHERE tile_id = " . sq($_id));    
            }
            if ($_reason)
            {
                if ($GLOBALS['auth']['id'] != $tiles_row['user_id'])
                {
                    mysqli_query_logged("INSERT INTO messages SET sender_id = '" . $GLOBALS['auth']['id'] . "', recipiant_id = '" . $tiles_row['user_id'] . "', body = '[" . ($_todo == 0 ? 'Rejected' : 'Approved') . "] About Tile #" . $tiles_row['tile_id'] . " With Comment: " . ($tiles_row['comment'] ? addslashes($tiles_row['comment']) : 'No Comment') . "\r\n\r\b" . addslashes($_reason) . "', posted_on = NOW()");
                }
            }
        }
    }

    header('Location: ./?s=approvals');
    die;
?>