psa-orderform/admin/faq.php

<?php
require_once __DIR__ . "/../config.php";
require_once __DIR__ . "/../includes/functions.php";

// Check admin login
if (!isset($_SESSION["admin_logged_in"]) || !$_SESSION["admin_logged_in"]) {
    header("Location: login.php");
    exit();
}

$pageTitle = "FAQ bearbeiten";
$message = "";
$messageType = "";

if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["save_faq"])) {
    // Validate CSRF token
    if (!validateCsrfToken($_POST["csrf_token"] ?? "")) {
        $message = "Ungültiges Token. Bitte versuchen Sie es erneut.";
        $messageType = "error";
    } else {
        $content = isset($_POST["content"]) ? (string) $_POST["content"] : "";
        saveFaqContent($content);
        logAccess("Admin updated FAQ content");
        $message = "FAQ-Inhalt wurde gespeichert.";
        $messageType = "success";
    }
}

$faqContent = getFaqContent();

$bodyClass = "admin-page";
include __DIR__ . "/../includes/header.php";
?>

<div class="admin-header">
    <h2>FAQ bearbeiten</h2>
    <div>
        <a href="index.php" class="btn btn-secondary">Zurück zum Dashboard</a>
    </div>
</div>

<?php if ($message): ?>
    <div class="alert alert-<?php echo $messageType; ?>">
        <?php echo htmlspecialchars($message); ?>
    </div>
<?php endif; ?>

<div class="panel panel-lg">
    <p class="mb-2">
        Unterstützte Markdown-Syntax: <code>#</code>, <code>##</code>, <code>###</code>, <code>**fett**</code>, <code>*kursiv*</code>, Listen mit <code>-</code> oder <code>1.</code>
    </p>

    <form method="POST">
        <?php echo csrfField(); ?>
        <div class="form-group">
            <label for="content">FAQ-Inhalt (Markdown)</label>
            <textarea id="content" name="content" rows="18"><?php echo htmlspecialchars(
                $faqContent,
            ); ?></textarea>
        </div>
        <button type="submit" name="save_faq" class="btn">Speichern</button>
    </form>
</div>

<?php include __DIR__ . "/../includes/footer.php"; ?>