0) return '

' . Get_Text("pub_messages_new1") . " " . $new_messages . " " . Get_Text("pub_messages_new2") . '


'; return ""; } function user_messages() { global $user; if (!isset ($_REQUEST['action'])) { $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`"); $to_select_data = array ( "" => "Select receiver..." ); foreach ($users as $u) $to_select_data[$u['UID']] = $u['Nick']; $to_select = html_select_key('to', $to_select_data, ''); $messages_html = ""; $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC"); foreach ($messages as $message) { $messages_html .= ''; $messages_html .= '' . ($message['isRead'] == 'N' ? '•' : '') . ''; $messages_html .= '' . date("Y-m-d H:i", $message['Datum']) . ''; $messages_html .= '' . UID2Nick($message['SUID']) . ''; $messages_html .= '' . UID2Nick($message['RUID']) . ''; $messages_html .= '' . str_replace("\n", '
', $message['Text']) . ''; $messages_html .= ''; if ($message['RUID'] == $user['UID']) { if ($message['isRead'] == 'N') $messages_html .= '' . Get_Text("pub_messages_MarkRead") . ''; } else { $messages_html .= '' . Get_Text("pub_messages_DelMsg") . ''; } $messages_html .= ''; } return template_render('../templates/user_messages.html', array ( 'link' => page_link_to("user_messages"), 'greeting' => Get_Text("Hello") . $user['Nick'] . ",
\n" . Get_Text("pub_messages_text1") . "

\n", 'messages' => $messages_html, 'new_label' => Get_Text("pub_messages_Neu"), 'date_label' => Get_Text("pub_messages_Datum"), 'from_label' => Get_Text("pub_messages_Von"), 'to_label' => Get_Text("pub_messages_An"), 'text_label' => Get_Text("pub_messages_Text"), 'date' => date("Y-m-d H:i"), 'from' => $user['Nick'], 'to_select' => $to_select, 'submit_label' => Get_Text("save") )); } else { switch ($_REQUEST['action']) { case "read" : if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id']; else return error("Incomplete call, missing Message ID."); $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) { sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1"); header("Location: " . page_link_to("user_messages")); } else return error("No Message found."); break; case "delete" : if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id']; else return error("Incomplete call, missing Message ID."); $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) { sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); header("Location: " . page_link_to("user_messages")); } else return error("No Message found."); break; case "send" : $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['to'])); if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) { sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'"); header("Location: " . page_link_to("user_messages")); } else { return error(Get_Text("pub_messages_Send_Error")); } break; } return ""; } if (!isset ($_GET["action"])) $_GET["action"] = "start"; switch ($_GET["action"]) { case "start" : echo Get_Text("Hello") . $_SESSION['Nick'] . ",
\n"; echo Get_Text("pub_messages_text1") . "

\n"; //show exist Messages $SQL = "SELECT * FROM `Messages` WHERE `SUID`='" . $_SESSION["UID"] . "' OR `RUID`='" . $_SESSION["UID"] . "'"; $erg = mysql_query($SQL, $con); echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; for ($i = 0; $i < mysql_num_rows($erg); $i++) { echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; } // send Messeges echo ""; echo "\n"; echo "\n"; echo "\n"; // Listet alle Nicks auf echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo ""; echo "
" . Get_Text("pub_messages_Datum") . "" . Get_Text("pub_messages_Von") . "" . Get_Text("pub_messages_An") . "" . Get_Text("pub_messages_Text") . "
" . mysql_result($erg, $i, "Datum") . "" . UID2Nick(mysql_result($erg, $i, "SUID")) . "" . UID2Nick(mysql_result($erg, $i, "RUID")) . "" . mysql_result($erg, $i, "Text") . ""; if (mysql_result($erg, $i, "RUID") == $_SESSION["UID"]) { echo "" . Get_Text("pub_messages_DelMsg") . ""; if (mysql_result($erg, $i, "isRead") == "N") echo "" . Get_Text("pub_messages_MarkRead") . ""; } else { if (mysql_result($erg, $i, "isRead") == "N") echo Get_Text("pub_messages_NotRead"); } echo "
\n"; break; case "SendMsg" : echo Get_Text("pub_messages_Send1") . "...
\n"; $SQL = "INSERT INTO `Messages` ( `Datum` , `SUID` , `RUID` , `Text` ) VALUES (" . "'" . gmdate("Y-m-j H:i:s", time()) . "', " . "'" . $_SESSION["UID"] . "', " . "'" . $_POST["RUID"] . "', " . "'" . $_POST["Text"] . "');"; $Erg = mysql_query($SQL, $con); if ($Erg == 1) echo Get_Text("pub_messages_Send_OK") . "\n"; else echo Get_Text("pub_messages_Send_Error") . "...\n(" . mysql_error($con) . ")"; break; case "MarkRead" : $SQL = "UPDATE `Messages` SET `isRead` = 'Y' " . "WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID`='" . $_SESSION["UID"] . "' " . "LIMIT 1 ;"; $Erg = mysql_query($SQL, $con); if ($Erg == 1) echo Get_Text("pub_messages_MarkRead_OK") . "\n"; else echo Get_Text("pub_messages_MarkRead_KO") . "...\n(" . mysql_error($con) . ")"; break; case "DelMsg" : $SQL = "DELETE FROM `Messages` " . "WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID` ='" . $_SESSION["UID"] . "' " . "LIMIT 1;"; $Erg = mysql_query($SQL, $con); if ($Erg == 1) echo Get_Text("pub_messages_DelMsg_OK") . "\n"; else echo Get_Text("pub_messages_DelMsg_KO") . "...\n(" . mysql_error($con) . ")"; break; default : echo Get_Text("pub_messages_NoCommand"); } } ?>