2011-06-02 21:38:19 +02:00
< ? php
function user_unread_messages () {
2011-06-03 00:22:11 +02:00
global $user , $privileges ;
2011-06-02 21:38:19 +02:00
2011-06-03 00:22:11 +02:00
if ( in_array ( " user_messages " , $privileges )) {
$new_messages = sql_num_query ( " SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`= " . sql_escape ( $user [ 'UID' ]));
2011-06-02 21:38:19 +02:00
2011-06-03 00:22:11 +02:00
if ( $new_messages > 0 )
2011-06-13 19:34:01 +02:00
return sprintf ( '<p class="notice"><a href="%s">%s %s %s</a></p><hr />' , page_link_to ( " user_messages " ), Get_Text ( " pub_messages_new1 " ), $new_messages , Get_Text ( " pub_messages_new2 " ));
2011-06-03 00:22:11 +02:00
}
2011-06-02 21:38:19 +02:00
return " " ;
}
function user_messages () {
global $user ;
if ( ! isset ( $_REQUEST [ 'action' ])) {
2011-06-13 19:34:01 +02:00
$users = sql_select ( " SELECT * FROM `User` WHERE NOT `UID`= " . sql_escape ( $user [ 'UID' ]) . " ORDER BY `Nick` " );
2011-06-03 11:46:46 +02:00
2011-06-02 21:38:19 +02:00
$to_select_data = array (
" " => " Select receiver... "
);
2011-06-03 11:46:46 +02:00
2011-06-02 21:38:19 +02:00
foreach ( $users as $u )
$to_select_data [ $u [ 'UID' ]] = $u [ 'Nick' ];
2011-06-03 11:46:46 +02:00
2011-12-26 15:55:17 +01:00
$to_select = html_select_key ( 'to' , 'to' , $to_select_data , '' );
2011-06-02 21:38:19 +02:00
$messages_html = " " ;
2011-06-13 19:34:01 +02:00
$messages = sql_select ( " SELECT * FROM `Messages` WHERE `SUID`= " . sql_escape ( $user [ 'UID' ]) . " OR `RUID`= " . sql_escape ( $user [ 'UID' ]) . " ORDER BY `isRead`,`Datum` DESC " );
2011-06-02 21:38:19 +02:00
foreach ( $messages as $message ) {
2011-06-03 11:46:46 +02:00
2011-06-13 19:34:01 +02:00
$messages_html .= sprintf ( '<tr %s> <td>%s</td> <td>%s</td> <td>%s</td> <td>%s</td>' .
'<td>%s</td>' , ( $message [ 'isRead' ] == 'N' ? ' class="new_message"' : '' ), ( $message [ 'isRead' ] == 'N' ? '•' : '' ), date ( " Y-m-d H:i " , $message [ 'Datum' ]), UID2Nick ( $message [ 'SUID' ]), UID2Nick ( $message [ 'RUID' ]), str_replace ( " \n " , '<br />' , $message [ 'Text' ]));
2011-06-03 11:46:46 +02:00
2011-06-02 21:38:19 +02:00
$messages_html .= '<td>' ;
if ( $message [ 'RUID' ] == $user [ 'UID' ]) {
if ( $message [ 'isRead' ] == 'N' )
$messages_html .= '<a href="' . page_link_to ( " user_messages " ) . '&action=read&id=' . $message [ 'id' ] . '">' . Get_Text ( " pub_messages_MarkRead " ) . '</a>' ;
} else {
$messages_html .= '<a href="' . page_link_to ( " user_messages " ) . '&action=delete&id=' . $message [ 'id' ] . '">' . Get_Text ( " pub_messages_DelMsg " ) . '</a>' ;
}
$messages_html .= '</td></tr>' ;
}
return template_render ( '../templates/user_messages.html' , array (
'link' => page_link_to ( " user_messages " ),
2011-06-13 19:34:01 +02:00
'greeting' => Get_Text ( " Hello " ) . $user [ 'Nick' ] . " , <br /> \n " . Get_Text ( " pub_messages_text1 " ) . " <br /><br /> \n " ,
2011-06-02 21:38:19 +02:00
'messages' => $messages_html ,
'new_label' => Get_Text ( " pub_messages_Neu " ),
'date_label' => Get_Text ( " pub_messages_Datum " ),
'from_label' => Get_Text ( " pub_messages_Von " ),
'to_label' => Get_Text ( " pub_messages_An " ),
'text_label' => Get_Text ( " pub_messages_Text " ),
'date' => date ( " Y-m-d H:i " ),
'from' => $user [ 'Nick' ],
'to_select' => $to_select ,
'submit_label' => Get_Text ( " save " )
));
} else {
switch ( $_REQUEST [ 'action' ]) {
case " read " :
if ( isset ( $_REQUEST [ 'id' ]) && preg_match ( " /^[0-9] { 1,11} $ / " , $_REQUEST [ 'id' ]))
$id = $_REQUEST [ 'id' ];
else
2011-12-21 23:18:57 +01:00
return error ( " Incomplete call, missing Message ID. " , true );
2011-06-02 21:38:19 +02:00
$message = sql_select ( " SELECT * FROM `Messages` WHERE `id`= " . sql_escape ( $id ) . " LIMIT 1 " );
if ( count ( $message ) > 0 && $message [ 0 ][ 'RUID' ] == $user [ 'UID' ]) {
sql_query ( " UPDATE `Messages` SET `isRead`='Y' WHERE `id`= " . sql_escape ( $id ) . " LIMIT 1 " );
header ( " Location: " . page_link_to ( " user_messages " ));
} else
2011-12-21 23:18:57 +01:00
return error ( " No Message found. " , true );
2011-06-02 21:38:19 +02:00
break ;
case " delete " :
if ( isset ( $_REQUEST [ 'id' ]) && preg_match ( " /^[0-9] { 1,11} $ / " , $_REQUEST [ 'id' ]))
$id = $_REQUEST [ 'id' ];
else
2011-12-21 23:18:57 +01:00
return error ( " Incomplete call, missing Message ID. " , true );
2011-06-02 21:38:19 +02:00
$message = sql_select ( " SELECT * FROM `Messages` WHERE `id`= " . sql_escape ( $id ) . " LIMIT 1 " );
if ( count ( $message ) > 0 && $message [ 0 ][ 'SUID' ] == $user [ 'UID' ]) {
sql_query ( " DELETE FROM `Messages` WHERE `id`= " . sql_escape ( $id ) . " LIMIT 1 " );
header ( " Location: " . page_link_to ( " user_messages " ));
} else
2011-12-21 23:18:57 +01:00
return error ( " No Message found. " , true );
2011-06-02 21:38:19 +02:00
break ;
case " send " :
$text = preg_replace ( " /([^ \ p { L} \ p { P} \ p { Z} \ p { N} \n ] { 1,})/ui " , '' , strip_tags ( $_REQUEST [ 'text' ]));
$to = preg_replace ( " /([^0-9] { 1,})/ui " , '' , strip_tags ( $_REQUEST [ 'to' ]));
if ( $text != " " && is_numeric ( $to ) && sql_num_query ( " SELECT * FROM `User` WHERE `UID`= " . sql_escape ( $to ) . " AND NOT `UID`= " . sql_escape ( $user [ 'UID' ]) . " LIMIT 1 " ) > 0 ) {
sql_query ( " INSERT INTO `Messages` SET `Datum`= " . sql_escape ( time ()) . " , `SUID`= " . sql_escape ( $user [ 'UID' ]) . " , `RUID`= " . sql_escape ( $to ) . " , `Text`=' " . sql_escape ( $text ) . " ' " );
header ( " Location: " . page_link_to ( " user_messages " ));
} else {
2011-12-21 23:18:57 +01:00
return error ( Get_Text ( " pub_messages_Send_Error " ), true );
2011-06-02 21:38:19 +02:00
}
break ;
2011-06-13 19:34:01 +02:00
default :
2011-12-21 23:18:57 +01:00
return error ( " Wrong action. " , true );
2011-06-13 19:34:01 +02:00
}
2011-06-02 21:38:19 +02:00
}
}
?>