user messages

This commit is contained in:
Philip Häusler 2011-06-02 21:38:19 +02:00
parent d381f57951
commit c0b15dfe0d
10 changed files with 331 additions and 482 deletions

View File

@ -3,7 +3,7 @@
-- http://www.phpmyadmin.net -- http://www.phpmyadmin.net
-- --
-- Host: localhost -- Host: localhost
-- Erstellungszeit: 02. Juni 2011 um 18:17 -- Erstellungszeit: 02. Juni 2011 um 19:37
-- Server Version: 5.1.44 -- Server Version: 5.1.44
-- PHP-Version: 5.3.1 -- PHP-Version: 5.3.1
@ -71,16 +71,17 @@ CREATE TABLE IF NOT EXISTS `Counter` (
-- --
INSERT INTO `Counter` (`URL`, `Anz`) VALUES INSERT INTO `Counter` (`URL`, `Anz`) VALUES
('news', 44), ('news', 73),
('login', 12), ('login', 18),
('logout', 5), ('logout', 11),
('start', 13), ('start', 23),
('faq', 4), ('faq', 4),
('credits', 3), ('credits', 3),
('register', 3), ('register', 3),
('admin_rooms', 70), ('admin_rooms', 70),
('admin_angel_types', 68), ('admin_angel_types', 69),
('user_settings', 109); ('user_settings', 111),
('user_messages', 102);
-- -------------------------------------------------------- -- --------------------------------------------------------
@ -124,7 +125,7 @@ CREATE TABLE IF NOT EXISTS `GroupPrivileges` (
`privilege_id` int(11) NOT NULL, `privilege_id` int(11) NOT NULL,
PRIMARY KEY (`id`), PRIMARY KEY (`id`),
KEY `group_id` (`group_id`,`privilege_id`) KEY `group_id` (`group_id`,`privilege_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=9 ; ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=10 ;
-- --
-- Daten für Tabelle `GroupPrivileges` -- Daten für Tabelle `GroupPrivileges`
@ -138,7 +139,8 @@ INSERT INTO `GroupPrivileges` (`id`, `group_id`, `privilege_id`) VALUES
(5, -1, 5), (5, -1, 5),
(6, -4, 6), (6, -4, 6),
(7, -4, 7), (7, -4, 7),
(8, -2, 8); (8, -2, 8),
(9, -2, 9);
-- -------------------------------------------------------- -- --------------------------------------------------------
@ -170,18 +172,28 @@ INSERT INTO `Groups` (`Name`, `UID`) VALUES
-- --
CREATE TABLE IF NOT EXISTS `Messages` ( CREATE TABLE IF NOT EXISTS `Messages` (
`Datum` datetime NOT NULL DEFAULT '0000-00-00 00:00:00', `id` int(11) NOT NULL AUTO_INCREMENT,
`Datum` int(11) NOT NULL,
`SUID` int(11) NOT NULL DEFAULT '0', `SUID` int(11) NOT NULL DEFAULT '0',
`RUID` int(11) NOT NULL DEFAULT '0', `RUID` int(11) NOT NULL DEFAULT '0',
`isRead` char(1) NOT NULL DEFAULT 'N', `isRead` char(1) NOT NULL DEFAULT 'N',
`Text` text NOT NULL, `Text` text NOT NULL,
PRIMARY KEY (`Datum`,`SUID`,`RUID`) PRIMARY KEY (`id`),
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='Fuers interen Communikationssystem'; KEY `Datum` (`Datum`),
KEY `SUID` (`SUID`),
KEY `RUID` (`RUID`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='Fuers interen Communikationssystem' AUTO_INCREMENT=8 ;
-- --
-- Daten für Tabelle `Messages` -- Daten für Tabelle `Messages`
-- --
INSERT INTO `Messages` (`id`, `Datum`, `SUID`, `RUID`, `isRead`, `Text`) VALUES
(2, 1307042342, 1, 147, 'Y', 'asdfasdfasdfasdf'),
(4, 1307042622, 1, 147, 'Y', 'asdfasdfasdf'),
(5, 1307042643, 1, 147, 'Y', 'foobar'),
(6, 1307042663, 1, 147, 'Y', 'foobar'),
(7, 1307042692, 147, 1, 'Y', 'foobar');
-- -------------------------------------------------------- -- --------------------------------------------------------
@ -197,19 +209,16 @@ CREATE TABLE IF NOT EXISTS `News` (
`UID` int(11) NOT NULL DEFAULT '0', `UID` int(11) NOT NULL DEFAULT '0',
`Treffen` tinyint(4) NOT NULL DEFAULT '0', `Treffen` tinyint(4) NOT NULL DEFAULT '0',
PRIMARY KEY (`ID`) PRIMARY KEY (`ID`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=9 ; ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=4 ;
-- --
-- Daten für Tabelle `News` -- Daten für Tabelle `News`
-- --
INSERT INTO `News` (`ID`, `Datum`, `Betreff`, `Text`, `UID`, `Treffen`) VALUES INSERT INTO `News` (`ID`, `Datum`, `Betreff`, `Text`, `UID`, `Treffen`) VALUES
(3, '2011-06-02 01:32:31', '', '', 0, 0), (1, '2011-06-02 21:35:27', '', '', 1, 0),
(4, '2011-06-02 01:36:27', 'Darf ich News erstellen?', 'Darf ich.', 0, 0), (2, '2011-06-02 21:36:57', '', '', 1, 0),
(5, '2011-06-02 01:36:35', 'Darf ich News erstellen?', 'asdfasdfasdf', 1, 0), (3, '2011-06-02 21:36:57', '', '', 1, 0);
(6, '2011-06-02 01:38:59', '"''>', '"''>\r\n', 1, 0),
(7, '2011-06-02 01:38:59', '"''>', '"''>\r\n', 1, 0),
(8, '2011-06-02 01:38:59', '"''>', '"''>\r\n', 1, 0);
-- -------------------------------------------------------- -- --------------------------------------------------------
@ -244,7 +253,7 @@ CREATE TABLE IF NOT EXISTS `Privileges` (
`desc` varchar(1024) NOT NULL, `desc` varchar(1024) NOT NULL,
PRIMARY KEY (`id`), PRIMARY KEY (`id`),
UNIQUE KEY `name` (`name`) UNIQUE KEY `name` (`name`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=9 ; ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=10 ;
-- --
-- Daten für Tabelle `Privileges` -- Daten für Tabelle `Privileges`
@ -258,7 +267,8 @@ INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES
(5, 'register', 'Einen neuen Engel registerieren'), (5, 'register', 'Einen neuen Engel registerieren'),
(6, 'admin_rooms', 'Räume administrieren'), (6, 'admin_rooms', 'Räume administrieren'),
(7, 'admin_angel_types', 'Engel Typen administrieren'), (7, 'admin_angel_types', 'Engel Typen administrieren'),
(8, 'user_settings', 'User profile settings'); (8, 'user_settings', 'User profile settings'),
(9, 'user_messages', 'Writing and reading messages from user to user');
-- -------------------------------------------------------- -- --------------------------------------------------------
@ -800,8 +810,8 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES
('pub_einstellungen_Hometown', 'EN', 'hometown'), ('pub_einstellungen_Hometown', 'EN', 'hometown'),
('makeuser_error_Alter', 'DE', 'Fehler: Dein Alter muss eine Zahl oder leer sein'), ('makeuser_error_Alter', 'DE', 'Fehler: Dein Alter muss eine Zahl oder leer sein'),
('makeuser_error_Alter', 'EN', 'error: your age must be a number or empty'), ('makeuser_error_Alter', 'EN', 'error: your age must be a number or empty'),
('pub_menu_messages', 'DE', 'Nachrichten'), ('user_messages', 'DE', 'Nachrichten'),
('pub_menu_messages', 'EN', 'messages'), ('user_messages', 'EN', 'Messages'),
('pub_messages_Datum', 'DE', 'Datum'), ('pub_messages_Datum', 'DE', 'Datum'),
('pub_messages_Datum', 'EN', 'date'), ('pub_messages_Datum', 'EN', 'date'),
('pub_messages_Von', 'DE', 'Gesendet'), ('pub_messages_Von', 'DE', 'Gesendet'),
@ -983,7 +993,9 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES
('login', 'DE', 'Login'), ('login', 'DE', 'Login'),
('login', 'EN', 'Login'), ('login', 'EN', 'Login'),
('credits', 'DE', 'Credits'), ('credits', 'DE', 'Credits'),
('credits', 'EN', 'Credits'); ('credits', 'EN', 'Credits'),
('pub_messages_Neu', 'DE', 'Neu'),
('pub_messages_Neu', 'EN', 'New');
-- -------------------------------------------------------- -- --------------------------------------------------------
@ -1026,8 +1038,8 @@ CREATE TABLE IF NOT EXISTS `User` (
-- --
INSERT INTO `User` (`UID`, `Nick`, `Name`, `Vorname`, `Alter`, `Telefon`, `DECT`, `Handy`, `email`, `ICQ`, `jabber`, `Size`, `Passwort`, `Gekommen`, `Aktiv`, `Tshirt`, `color`, `Sprache`, `Avatar`, `Menu`, `lastLogIn`, `CreateDate`, `Art`, `kommentar`, `Hometown`) VALUES INSERT INTO `User` (`UID`, `Nick`, `Name`, `Vorname`, `Alter`, `Telefon`, `DECT`, `Handy`, `email`, `ICQ`, `jabber`, `Size`, `Passwort`, `Gekommen`, `Aktiv`, `Tshirt`, `color`, `Sprache`, `Avatar`, `Menu`, `lastLogIn`, `CreateDate`, `Art`, `kommentar`, `Hometown`) VALUES
(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307038600, '0000-00-00 00:00:00', '', '', ''), (1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307043433, '0000-00-00 00:00:00', '', '', ''),
(147, 'msquare', '', '', 23, '', '', '', 'msquare@notrademark.de', '', '', 'L', 'e10adc3949ba59abbe56e057f20f883e', 0, 0, 0, 6, 'EN', 0, 'L', 1306971362, '2011-06-02 00:55:09', '', '', ''); (147, 'msquare', '', '', 23, '', '', '', 'msquare@notrademark.de', '', '', 'L', 'e10adc3949ba59abbe56e057f20f883e', 0, 0, 0, 6, 'EN', 0, 'L', 1307042703, '2011-06-02 00:55:09', '', '', '');
-- -------------------------------------------------------- -- --------------------------------------------------------

View File

@ -0,0 +1,216 @@
<?php
function user_unread_messages() {
global $user;
$new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID']));
if ($new_messages > 0)
return '<p class="notice"><a href="' . page_link_to("user_messages") . '">' . Get_Text("pub_messages_new1") . " " . $new_messages . " " . Get_Text("pub_messages_new2") . '</a></p><hr />';
return "";
}
function user_messages() {
global $user;
if (!isset ($_REQUEST['action'])) {
$users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`");
$to_select_data = array (
"" => "Select receiver..."
);
foreach ($users as $u)
$to_select_data[$u['UID']] = $u['Nick'];
$to_select = html_select_key('to', $to_select_data, '');
$messages_html = "";
$messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC");
foreach ($messages as $message) {
$messages_html .= '<tr' . ($message['isRead'] == 'N' ? ' class="new_message"' : '') . '>';
$messages_html .= '<td>' . ($message['isRead'] == 'N' ? '•' : '') . '</td>';
$messages_html .= '<td>' . date("Y-m-d H:i", $message['Datum']) . '</td>';
$messages_html .= '<td>' . UID2Nick($message['SUID']) . '</td>';
$messages_html .= '<td>' . UID2Nick($message['RUID']) . '</td>';
$messages_html .= '<td>' . str_replace("\n", '<br />', $message['Text']) . '</td>';
$messages_html .= '<td>';
if ($message['RUID'] == $user['UID']) {
if ($message['isRead'] == 'N')
$messages_html .= '<a href="' . page_link_to("user_messages") . '&action=read&id=' . $message['id'] . '">' . Get_Text("pub_messages_MarkRead") . '</a>';
} else {
$messages_html .= '<a href="' . page_link_to("user_messages") . '&action=delete&id=' . $message['id'] . '">' . Get_Text("pub_messages_DelMsg") . '</a>';
}
$messages_html .= '</td></tr>';
}
return template_render('../templates/user_messages.html', array (
'link' => page_link_to("user_messages"),
'greeting' => Get_Text("Hello") . $user['Nick'] . ", <br />\n" . Get_Text("pub_messages_text1") . "<br /><br />\n",
'messages' => $messages_html,
'new_label' => Get_Text("pub_messages_Neu"),
'date_label' => Get_Text("pub_messages_Datum"),
'from_label' => Get_Text("pub_messages_Von"),
'to_label' => Get_Text("pub_messages_An"),
'text_label' => Get_Text("pub_messages_Text"),
'date' => date("Y-m-d H:i"),
'from' => $user['Nick'],
'to_select' => $to_select,
'submit_label' => Get_Text("save")
));
} else {
switch ($_REQUEST['action']) {
case "read" :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Message ID.");
$message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) {
sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("user_messages"));
} else
return error("No Message found.");
break;
case "delete" :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Message ID.");
$message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) {
sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("user_messages"));
} else
return error("No Message found.");
break;
case "send" :
$text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
$to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['to']));
if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) {
sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'");
header("Location: " . page_link_to("user_messages"));
} else {
return error(Get_Text("pub_messages_Send_Error"));
}
break;
}
return "";
}
if (!isset ($_GET["action"]))
$_GET["action"] = "start";
switch ($_GET["action"]) {
case "start" :
echo Get_Text("Hello") . $_SESSION['Nick'] . ", <br />\n";
echo Get_Text("pub_messages_text1") . "<br /><br />\n";
//show exist Messages
$SQL = "SELECT * FROM `Messages` WHERE `SUID`='" . $_SESSION["UID"] . "' OR `RUID`='" . $_SESSION["UID"] . "'";
$erg = mysql_query($SQL, $con);
echo "<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n";
echo "<tr>\n";
echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Datum") . "</b></td>\n";
echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Von") . "</b></td>\n";
echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_An") . "</b></td>\n";
echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Text") . "</b></td>\n";
echo "<td class=\"contenttopic\"></td>\n";
echo "</tr>\n";
for ($i = 0; $i < mysql_num_rows($erg); $i++) {
echo "<tr class=\"content\">\n";
echo "<td>" . mysql_result($erg, $i, "Datum") . "</td>\n";
echo "<td>" . UID2Nick(mysql_result($erg, $i, "SUID")) . "</td>\n";
echo "<td>" . UID2Nick(mysql_result($erg, $i, "RUID")) . "</td>\n";
echo "<td>" . mysql_result($erg, $i, "Text") . "</td>\n";
echo "<td>";
if (mysql_result($erg, $i, "RUID") == $_SESSION["UID"]) {
echo "<a href=\"?action=DelMsg&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_DelMsg") . "</a>";
if (mysql_result($erg, $i, "isRead") == "N")
echo "<a href=\"?action=MarkRead&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_MarkRead") . "</a>";
} else {
if (mysql_result($erg, $i, "isRead") == "N")
echo Get_Text("pub_messages_NotRead");
}
echo "</td>\n";
echo "</tr>\n";
}
// send Messeges
echo "<form action=\"" . $_SERVER['SCRIPT_NAME'] . "?action=SendMsg\" method=\"POST\">";
echo "<tr class=\"content\">\n";
echo "<td></td>\n";
echo "<td></td>\n";
// Listet alle Nicks auf
echo "<td><select name=\"RUID\">\n";
$usql = "SELECT * FROM `User` WHERE (`UID`!='" . $_SESSION["UID"] . "') ORDER BY `Nick`";
$uErg = mysql_query($usql, $con);
$urowcount = mysql_num_rows($uErg);
for ($k = 0; $k < $urowcount; $k++) {
echo "<option value=\"" . mysql_result($uErg, $k, "UID") . "\">" . mysql_result($uErg, $k, "Nick") . "</option>\n";
}
echo "</select></td>\n";
echo "<td><textarea name=\"Text\" cols=\"30\" rows=\"10\"></textarea></td>\n";
echo "<td><input type=\"submit\" value=\"" . Get_Text("save") . "\"></td>\n";
echo "</tr>\n";
echo "</form>";
echo "</table>\n";
break;
case "SendMsg" :
echo Get_Text("pub_messages_Send1") . "...<br />\n";
$SQL = "INSERT INTO `Messages` ( `Datum` , `SUID` , `RUID` , `Text` ) VALUES (" .
"'" . gmdate("Y-m-j H:i:s", time()) . "', " .
"'" . $_SESSION["UID"] . "', " .
"'" . $_POST["RUID"] . "', " .
"'" . $_POST["Text"] . "');";
$Erg = mysql_query($SQL, $con);
if ($Erg == 1)
echo Get_Text("pub_messages_Send_OK") . "\n";
else
echo Get_Text("pub_messages_Send_Error") . "...\n(" . mysql_error($con) . ")";
break;
case "MarkRead" :
$SQL = "UPDATE `Messages` SET `isRead` = 'Y' " .
"WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID`='" . $_SESSION["UID"] . "' " .
"LIMIT 1 ;";
$Erg = mysql_query($SQL, $con);
if ($Erg == 1)
echo Get_Text("pub_messages_MarkRead_OK") . "\n";
else
echo Get_Text("pub_messages_MarkRead_KO") . "...\n(" . mysql_error($con) . ")";
break;
case "DelMsg" :
$SQL = "DELETE FROM `Messages` " .
"WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID` ='" . $_SESSION["UID"] . "' " .
"LIMIT 1;";
$Erg = mysql_query($SQL, $con);
if ($Erg == 1)
echo Get_Text("pub_messages_DelMsg_OK") . "\n";
else
echo Get_Text("pub_messages_DelMsg_KO") . "...\n(" . mysql_error($con) . ")";
break;
default :
echo Get_Text("pub_messages_NoCommand");
}
}
?>

View File

@ -22,6 +22,7 @@ function make_navigation() {
// Engel Navigation // Engel Navigation
$menu .= make_navigation_for(Get_Text('inc_schicht_engel'), array ( $menu .= make_navigation_for(Get_Text('inc_schicht_engel'), array (
"news", "news",
"user_messages",
"user_settings" "user_settings"
)); ));

View File

@ -0,0 +1,50 @@
%greeting%
<form action="%link%&action=send" method="post">
<table>
<thead>
<tr>
<th>
%new_label%
</th>
<th>
%date_label%
</th>
<th>
%from_label%
</th>
<th>
%to_label%
</th>
<th>
%text_label%
</th>
<th>
&nbsp;
</th>
</tr>
</thead>
<tbody>
%messages%
<tr>
<td>
&nbsp;
</td>
<td>
%date%
</td>
<td>
%from%
</td>
<td>
%to_select%
</td>
<td>
<textarea name="text"></textarea>
</td>
<td>
<input type="submit" name="submit" value="%submit_label%" />
</td>
</tr>
</tbody>
</table>
</form>

View File

@ -1,6 +1,9 @@
* MD5-Passwörter mit Salt speichern * MD5-Passwörter mit Salt speichern
* Passwort-Mindestanforderungen stellen * Passwort-Mindestanforderungen stellen
* Avatare * User-Avatare
* user_messages schön machen
* Formulare weg von Tabellen
* user_news lässt sich nicht bedienen (POST ohne redirects...)
* schichten ueber monatsgrenzen einbaue im moment werden die tage nur * schichten ueber monatsgrenzen einbaue im moment werden die tage nur

View File

@ -128,3 +128,14 @@ td, th {
.success { .success {
color: #090; color: #090;
} }
.notice {
background: #f0f0f0;
border: 2px solid #888;
margin: 10px;
padding: 10px;
}
.new_message {
font-weight: bold;
}

View File

@ -71,6 +71,6 @@ h4.menu {
font-size : 6pt; font-size : 6pt;
} }
h4, h1 { h4, h1, th {
background: #333E47; background: #333E47;
} }

View File

@ -13,6 +13,8 @@ require_once ('includes/sys_user.php');
require_once ('config/config.php'); require_once ('config/config.php');
require_once ('config/config_db.php'); require_once ('config/config_db.php');
require_once ('includes/pages/user_messages.php');
session_start(); session_start();
sql_connect($config['host'], $config['user'], $config['pw'], $config['db']); sql_connect($config['host'], $config['user'], $config['pw'], $config['db']);
@ -20,7 +22,7 @@ sql_connect($config['host'], $config['user'], $config['pw'], $config['db']);
load_auth(); load_auth();
// Gewünschte Seite/Funktion // Gewünschte Seite/Funktion
$p = "start"; $p = isset ($user) ? "news" : "start";
if (isset ($_REQUEST['p'])) if (isset ($_REQUEST['p']))
$p = $_REQUEST['p']; $p = $_REQUEST['p'];
@ -33,6 +35,9 @@ if (in_array($p, $privileges)) {
require_once ('includes/pages/user_news.php'); require_once ('includes/pages/user_news.php');
$content = user_news(); $content = user_news();
} }
elseif ($p == "user_messages") {
$content = user_messages();
}
elseif ($p == "user_settings") { elseif ($p == "user_settings") {
require_once ('includes/pages/user_settings.php'); require_once ('includes/pages/user_settings.php');
$content = user_settings(); $content = user_settings();
@ -79,6 +84,10 @@ elseif ($p == "faq") {
} }
} }
// Hinweis für ungelesene Nachrichten
if (isset ($user) && $p != "user_messages")
$content = user_unread_messages() . $content;
echo template_render('../templates/layout.html', array ( echo template_render('../templates/layout.html', array (
'theme' => isset ($user) ? $user['color'] : $default_theme, 'theme' => isset ($user) ? $user['color'] : $default_theme,
'title' => $title, 'title' => $title,

View File

@ -1,376 +0,0 @@
<?php
require_once ('../bootstrap.php');
$title = "Himmel";
$header = "Deine pers&ouml;nlichen Einstellungen";
include "includes/header.php";
include "includes/crypt.php";
if (!isset ($_POST["action"])) {
echo Get_Text("Hallo") . $_SESSION['Nick'] . ",<br />\n\n";
Print_Text(13);
?>
<hr width="100%">
<?php Print_Text("pub_einstellungen_Text_UserData"); ?>
<form action="./einstellungen.php" method="post">
<input type="hidden" name="action" value="setUserData">
<table>
<tr>
<td><?php Print_Text("pub_einstellungen_Nick"); ?></td>
<td><input type="text" name="eNick" size="23" value="<?php echo $_SESSION["Nick"]; ?>"></td>
</tr>
<tr>
<td><?php Print_Text("pub_einstellungen_Name"); ?></td>
<td><input type="text" name="eName" size="23" value="<?php echo $_SESSION['Name']; ?>"></td>
</tr>
<tr>
<td><?php Print_Text("pub_einstellungen_Vorname"); ?></td>
<td><input type="text" name="eVorname" size="23" value="<?php echo $_SESSION['Vorname']; ?>"></td>
</tr>
<tr>
<td><?php Print_Text("pub_einstellungen_Alter"); ?></td>
<td><input type="text" name="eAlter" size="3" value="<?php echo $_SESSION['Alter']; ?>"></td>
</tr>
<tr>
<td><?php Print_Text("pub_einstellungen_Telefon"); ?></td>
<td><input type="text" name="eTelefon" size="40" value="<?php echo $_SESSION['Telefon']; ?>"></td>
</tr>
<tr>
<td><?php Print_Text("pub_einstellungen_Handy"); ?></td>
<td><input type="text" name="eHandy" size="40" value="<?php echo $_SESSION['Handy']; ?>"></td>
</tr>
<tr>
<td><?php Print_Text("pub_einstellungen_DECT"); ?></td>
<td><input type="text" name="eDECT" size="4" value="<?php echo $_SESSION['DECT']; ?>"></td>
</tr>
<tr>
<td><?php Print_Text("pub_einstellungen_email"); ?></td>
<td><input type="text" name="eemail" size="40" value="<?php echo $_SESSION['email']; ?>"></td>
</tr>
<tr>
<td>ICQ</td>
<td><input type="text" name="eICQ" size="40" value="<?php echo $_SESSION['ICQ']; ?>"></td>
</tr>
<tr>
<td>jabber</td>
<td><input type="text" name="ejabber" size="40" value="<?php echo $_SESSION['jabber']; ?>"></td>
</tr>
<tr>
<td><?php Print_Text("pub_einstellungen_Hometown"); ?></td>
<td><input type="text" name="Hometown" size="40" value="<?php echo $_SESSION['Hometown']; ?>"></td>
</tr>
<?php
if ($_SESSION['CVS']["Change T_Shirt Size"] == "Y") {
?>
<tr>
<td><?php Print_Text("makeuser_T-Shirt"); ?></td>
<td><select name="Sizeid">
<option <?php if($_SESSION['Size'] == 'S') { echo "selected"; } ?> value="S">S</option>
<option <?php if($_SESSION['Size'] == 'M') { echo "selected"; } ?> value="M">M</option>
<option <?php if($_SESSION['Size'] == 'L') { echo "selected"; } ?> value="L">L</option>
<option <?php if($_SESSION['Size'] == 'XL') { echo "selected"; } ?> value="XL">XL</option>
<option <?php if($_SESSION['Size'] == 'XXL') { echo "selected"; } ?> value="XXL">XXL</option>
<option <?php if($_SESSION['Size'] == 'XXXL') { echo "selected"; } ?> value="XXXL">XXXL</option>
</select></td>
</tr>
<?php
}
?>
</table>
<input type="submit" value="<?php Print_Text("save"); ?>">
</form>
<br />
<hr width="100%">
<?php Print_Text(14); ?>
<form action="./einstellungen.php" method="post">
<input type="hidden" name="action" value="set">
<table>
<tr><td><?php Print_Text(15); ?></td><td><input type="password" name="old" size="20"></td></tr>
<tr><td><?php Print_Text(16); ?></td><td><input type="password" name="new1" size="20"></td></tr>
<tr><td><?php Print_Text(17); ?></td><td><input type="password" name="new2" size="20"></td></tr>
</table>
<input type="submit" value="<?php Print_Text("save"); ?>">
</form>
<br />
<hr width="100%">
<br />
<?php Print_Text(18); ?>
<form action="./einstellungen.php" method="post">
<input type="hidden" name="action" value="colour">
<table>
<tr>
<td><?php Print_Text(19); ?></td>
<td>
<select name="colourid">
<option <?php if($_SESSION['color'] == 1) { echo "selected"; } ?> value="1">Standard-Style</option>
<option <?php if($_SESSION['color'] == 2) { echo "selected"; } ?> value="2">Rot/Gelber Style</option>
<option <?php if($_SESSION['color'] == 3) { echo "selected"; } ?> value="3">Club-Mate Style</option>
<option <?php if($_SESSION['color'] == 5) { echo "selected"; } ?> value="5">Debian Style</option>
<option <?php if($_SESSION['color'] == 6) { echo "selected"; } ?> value="6">c-base Style</option>
<option <?php if($_SESSION['color'] == 7) { echo "selected"; } ?> value="7">Blau/Gelber Style </option>
<option <?php if($_SESSION['color'] == 8) { echo "selected"; } ?> value="8">Pastel Style</option>
<option <?php if($_SESSION['color'] == 4) { echo "selected"; } ?> value="4">Test Style</option>
<option <?php if($_SESSION['color'] == 9) { echo "selected"; } ?> value="9">Test Style 21c3 </option>
<option <?php if($_SESSION['color'] == 10) { echo "selected"; } ?> value="10">msquare (cccamp2011)</option>
</select>
</td>
</tr>
<tr>
<td>Menu</td>
<td><input type="radio" name="eMenu" value="L"<?php if($_SESSION['Menu'] == 'L') echo " checked"; ?>>L
<input type="radio" name="eMenu" value="R"<?php if($_SESSION['Menu'] == 'R') echo " checked"; ?>>R
</td>
</tr>
</table>
<input type="submit" value="<?php Print_Text("save"); ?>">
</form>
<br />
<hr width="100%">
<br />
<?php Print_Text(20); ?>
<form action="./einstellungen.php" method="post">
<input type="hidden" name="action" value="sprache" />
<table>
<tr>
<td><?php Print_Text(21); ?></td>
<td>
<select name="language">
<option value="DE" <?php if($_SESSION['Sprache'] == 'DE') { echo "selected"; } ?>>Deutsch</option>
<option value="EN" <?php if($_SESSION['Sprache'] == 'EN') { echo "selected"; } ?>>English</option>
<?php
/* <option value="NL" <?php if($_SESSION['Sprache'] == 'NL') { echo "selected"; } ?>>Dutch</option> */
?>
</select>
</td></tr>
</table>
<input type="submit" value="<?php Print_Text("save"); ?>">
</form>
<?php
if (get_cfg_var("file_uploads")) {
echo "<br />\n<hr width=\"100%\">\n<br />\n\n";
echo Get_Text('pub_einstellungen_PictureUpload') . "<br />";
echo "<form action=\"./einstellungen.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"sendPicture\">\n";
echo "<input name=\"file\" type=\"file\" size=\"50\" maxlength=\"" . get_cfg_var("post_max_size") . "\">\n";
echo "(max " . get_cfg_var("post_max_size") . "Byte)<br />\n";
echo "<input type=\"submit\" value=\"" . Get_Text("upload"), "\">\n";
echo "</form>\n";
}
switch (GetPicturShow($_SESSION['UID'])) {
case 'Y' :
echo Get_Text('pub_einstellungen_PictureShow') . "<br />";
echo displayPictur($_SESSION['UID'], 0);
echo "<form action=\"./einstellungen.php\" method=\"post\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"delPicture\">\n";
echo "<input type=\"submit\" value=\"" . Get_Text("delete"), "\">\n";
echo "</form>\n";
break;
case 'N' :
echo Get_Text('pub_einstellungen_PictureNoShow') . "<br />";
echo displayPictur($_SESSION['UID'], 0);
echo "<form action=\"./einstellungen.php\" method=\"post\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"delPicture\">\n";
echo "<input type=\"submit\" value=\"" . Get_Text("delete"), "\">\n";
echo "</form>\n";
echo "<br />\n<hr width=\"100%\">\n<br />\n\n";
case '' :
echo "<br />\n<hr width=\"100%\">\n<br />\n\n";
echo Get_Text(22) . "<br />";
echo "\n<form action=\"./einstellungen.php\" method=\"post\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"avatar\">\n";
echo "<table>\n";
echo "<tr>\n<td>" . Get_Text(23) . "<br /></td>\n</tr>\n";
echo "<tr>\n";
echo "<td>\n";
echo "<select name=\"eAvatar\" onChange=\"document.avatar.src = '" . $url . $ENGEL_ROOT . "pic/avatar/avatar' + this.value + '.gif'\" onKeyup=\"document.avatar.src = '" . $url . $ENGEL_ROOT . "pic/avatar/avatar' + this.value + '.gif'\">\n";
for ($i = 1; file_exists("../pic/avatar/avatar" . $i . ".gif"); $i++)
echo "<option value=\"" . $i . "\"" . ($_SESSION['Avatar'] == $i ? " selected" : "") . ">avatar" . $i . "</option>\n";
echo "</select>&nbsp;&nbsp;\n";
echo "<img src=\"" . $url . $ENGEL_ROOT . "pic/avatar/avatar" . $_SESSION['Avatar'] . ".gif\" name=\"avatar\" border=\"0\" align=\"top\">\n";
echo "</td>\n</tr>\n";
echo "</table>\n";
echo "<input type=\"submit\" value=\"" . Get_Text("save") . "\">\n";
echo "</form>\n";
break;
} //CASE
} else {
switch ($_POST["action"]) {
case 'set' :
if ($_POST["new1"] == $_POST["new2"]) {
Print_Text(25);
$sql = "SELECT * FROM `User` WHERE `UID`='" . $_SESSION['UID'] . "'";
$Erg = mysql_query($sql, $con);
if (PassCrypt($_POST["old"]) == mysql_result($Erg, 0, "Passwort")) {
Print_Text(26);
Print_Text(27);
$usql = "UPDATE `User` SET `Passwort`='" . PassCrypt($_POST["new1"]) . "' WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1";
$Erg = mysql_query($usql, $con);
if ($Erg == 1) {
Print_Text(28);
} else {
Print_Text(29);
}
} else {
Print_Text(30);
}
} else {
Print_Text(31);
}
break;
case 'colour' :
$chsql = "UPDATE `User` SET " .
"`color`= '" . $_POST["colourid"] . "', " .
"`Menu`= '" . $_POST["eMenu"] . "' " .
"WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1";
$Erg = mysql_query($chsql, $con);
echo mysql_error($con);
$_SESSION['color'] = $_POST["colourid"];
$_SESSION['Menu'] = $_POST["eMenu"];
if ($Erg == 1) {
Print_Text(32);
} else {
Print_Text(29);
}
break;
case 'sprache' :
$chsql = "UPDATE `User` SET `Sprache` = '" . $_POST["language"] . "' WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1";
$Erg = mysql_query($chsql, $con);
$_SESSION['Sprache'] = $_POST["language"];
if ($Erg == 1) {
Print_Text(33);
} else {
Print_Text(29);
}
break;
case 'avatar' :
$chsql = "UPDATE `User` SET `Avatar`='" . $_POST["eAvatar"] . "' WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1";
$Erg = mysql_query($chsql, $con);
$_SESSION['Avatar'] = $_POST["eAvatar"];
if ($Erg == 1)
Print_Text(34);
else
Print_Text(29);
break;
case 'setUserData' :
if ($_SESSION['CVS']["Change T_Shirt Size"] == "Y") {
$chsql = "UPDATE `User` SET " .
"`Nick`='" . $_POST["eNick"] . "', `Name`='" . $_POST["eName"] . "', " .
"`Vorname`='" . $_POST["eVorname"] . "', `Alter`='" . $_POST["eAlter"] . "', " .
"`Telefon`='" . $_POST["eTelefon"] . "', `Handy`='" . $_POST["eHandy"] . "', " .
"`DECT`='" . $_POST["eDECT"] . "', `email`='" . $_POST["eemail"] . "', " .
"`ICQ`='" . $_POST["eICQ"] . "', `jabber`='" . $_POST["ejabber"] . "', " .
"`Hometown`='" . $_POST["Hometown"] . "', `Size`='" . $_POST["Sizeid"] . "' " .
"WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1;";
} else {
$chsql = "UPDATE `User` SET " .
"`Nick`='" . $_POST["eNick"] . "', `Name`='" . $_POST["eName"] . "', " .
"`Vorname`='" . $_POST["eVorname"] . "', `Alter`='" . $_POST["eAlter"] . "', " .
"`Telefon`='" . $_POST["eTelefon"] . "', `Handy`='" . $_POST["eHandy"] . "', " .
"`DECT`='" . $_POST["eDECT"] . "', `email`='" . $_POST["eemail"] . "', " .
"`ICQ`='" . $_POST["eICQ"] . "', `jabber`='" . $_POST["ejabber"] . "', " .
"`Hometown`='" . $_POST["Hometown"] . "' " .
"WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1;";
}
$Erg = mysql_query($chsql, $con);
if ($Erg == 1) {
$_SESSION['Nick'] = $_POST["eNick"];
$_SESSION['Name'] = $_POST["eName"];
$_SESSION['Vorname'] = $_POST["eVorname"];
$_SESSION['Alter'] = $_POST["eAlter"];
$_SESSION['Telefon'] = $_POST["eTelefon"];
$_SESSION['Handy'] = $_POST["eHandy"];
$_SESSION['DECT'] = $_POST["eDECT"];
$_SESSION['email'] = $_POST["eemail"];
$_SESSION['ICQ'] = $_POST["eICQ"];
$_SESSION['jabber'] = $_POST["ejabber"];
$_SESSION['Hometown'] = $_POST["Hometown"];
if ($_SESSION['CVS']["Change T_Shirt Size"] == "Y") {
$_SESSION['Size'] = $_POST["Sizeid"];
} else
if ($_SESSION['Size'] != $_POST["Sizeid"]) {
array_push($error_messages, "einstellungen.php, change t-shirt size not allowed\n");
}
Print_Text("pub_einstellungen_UserDateSaved");
} else {
Print_Text(29);
echo mysql_error($con);
}
break;
case 'sendPicture' :
if ($_FILES["file"]["size"] > 0) {
if (($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/png") || ($_FILES["file"]["type"] == "image/gif")) {
$data = addslashes(fread(fopen($_FILES["file"]["tmp_name"], "r"), filesize($_FILES["file"]["tmp_name"])));
if (GetPicturShow($_SESSION['UID']) == "")
$SQL = "INSERT INTO `UserPicture` " .
"( `UID`,`Bild`, `ContentType`, `show`) " .
"VALUES ('" . $_SESSION['UID'] . "', '$data', '" . $_FILES["file"]["type"] . "', 'N')";
else
$SQL = "UPDATE `UserPicture` SET " .
"`Bild`='$data', " .
"`ContentType`='" . $_FILES["file"]["type"] . "', " .
"`show`='N' " .
"WHERE `UID`='" . $_SESSION['UID'] . "'";
$res = mysql_query($SQL, $con);
if ($res)
Print_Text("pub_einstellungen_send_OK");
else
Print_Text("pub_einstellungen_send_KO");
echo "<h6>('" . $_FILES["file"]["name"] . "', MIME-Type: " . $_FILES["file"]["type"] . ", " . $_FILES["file"]["size"] . " Byte)</h6>";
} else
Print_Text("pub_einstellungen_send_KO");
} else
Print_Text("pub_einstellungen_send_KO");
break;
case 'delPicture' :
$chsql = "DELETE FROM `UserPicture` WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1";
$Erg = mysql_query($chsql, $con);
if ($Erg == 1)
Print_Text("pub_einstellungen_del_OK");
else
Print_Text("pub_einstellungen_del_KO");
Break;
}
}
include ("includes/footer.php");
?>

View File

@ -1,77 +0,0 @@
<?PHP
include ('../bootstrap.php');
$title = "Index";
$header = "Index";
include ("config/config_db.php");
include ("includes/crypt.php");
session_start(); // alte Session - falls vorhanden - wiederherstellen...
function LoginOK() {
include ("config/config.php");
header("HTTP/1.1 302 Moved Temporarily");
header("Location: " . $url . $ENGEL_ROOT . "nonpublic/news.php");
}
if (!IsSet ($_POST["user"])) { // User ist bereits angemeldet... normaler Inhalt...
LoginOK();
} else { // User ist noch nicht angemeldet
$sql = "SELECT * FROM `User` WHERE `Nick`='" . $_POST["user"] . "'";
$userstring = mysql_query($sql, $con);
// anzahl zeilen
$user_anz = mysql_num_rows($userstring);
if ($user_anz == 1) { // Check, ob User angemeldet wird...
if (mysql_result($userstring, 0, "Passwort") == PassCrypt($_POST["password"])) { // Passwort ok...
// Session wird eingeleitet und Session-Variablen gesetzt..
// session_start();
session_name("Himmel");
$_SESSION['UID'] = mysql_result($userstring, 0, "UID");
$_SESSION['Nick'] = mysql_result($userstring, 0, "Nick");
$_SESSION['Name'] = mysql_result($userstring, 0, "Name");
$_SESSION['Vorname'] = mysql_result($userstring, 0, "Vorname");
$_SESSION['Alter'] = mysql_result($userstring, 0, "Alter");
$_SESSION['Telefon'] = mysql_result($userstring, 0, "Telefon");
$_SESSION['Handy'] = mysql_result($userstring, 0, "Handy");
$_SESSION['DECT'] = mysql_result($userstring, 0, "DECT");
$_SESSION['email'] = mysql_result($userstring, 0, "email");
$_SESSION['ICQ'] = mysql_result($userstring, 0, "ICQ");
$_SESSION['jabber'] = mysql_result($userstring, 0, "jabber");
$_SESSION['Size'] = mysql_result($userstring, 0, "Size");
$_SESSION['Gekommen'] = mysql_result($userstring, 0, "Gekommen");
$_SESSION['Aktiv'] = mysql_result($userstring, 0, "Aktiv");
$_SESSION['Tshirt'] = mysql_result($userstring, 0, "Tshirt");
$_SESSION['Menu'] = mysql_result($userstring, 0, "Menu");
$_SESSION['color'] = mysql_result($userstring, 0, "color");
$_SESSION['Avatar'] = mysql_result($userstring, 0, "Avatar");
$_SESSION['Sprache'] = mysql_result($userstring, 0, "Sprache");
$_SESSION['Hometown'] = mysql_result($userstring, 0, "Hometown");
$_SESSION['IP'] = $_SERVER['REMOTE_ADDR'];
// CVS import Data
$SQL = "SELECT * FROM `UserCVS` WHERE `UID`='" . $_SESSION['UID'] . "'";
$Erg_CVS = mysql_query($SQL, $con);
$_SESSION['CVS'] = mysql_fetch_array($Erg_CVS);
LoginOK();
} else { // Passwort nicht ok...
$ErrorText = "pub_index_pass_no_ok";
} // Ende Passwort-Check
} else { // Anzahl der User in User-Tabelle <> 1 --> keine Anmeldung
if ($user_anz == 0)
$ErrorText = "pub_index_User_unset";
else
$ErrorText = "pub_index_User_more_as_one";
} // Ende Check, ob User angemeldet wurde
}
include ("includes/header.php");
if (isset ($ErrorText))
echo "<h2>" . Get_Text($ErrorText) . "</h2><br />\n";
include ("includes/login_eingabefeld.php");
include ("includes/footer.php");
?>