diff options
author | Philip Häusler <msquare@notrademark.de> | 2013-09-18 01:38:36 +0200 |
---|---|---|
committer | Philip Häusler <msquare@notrademark.de> | 2013-09-18 01:38:36 +0200 |
commit | bfb0cacd541cc20129a3c0ac77130370741dca18 (patch) | |
tree | 0a0e86e1a53d712065664c12d06603bc044df9ec /includes/pages | |
parent | d50cc21f50cb3ec3afdabb74a20d81bd1a53dfbd (diff) |
mysql to mysqli and a lot of cleanup and mvc
Diffstat (limited to 'includes/pages')
-rw-r--r-- | includes/pages/admin_language.php | 205 | ||||
-rw-r--r-- | includes/pages/admin_news.php | 6 | ||||
-rw-r--r-- | includes/pages/admin_questions.php | 24 | ||||
-rw-r--r-- | includes/pages/admin_user.php | 38 | ||||
-rw-r--r-- | includes/pages/user_messages.php | 207 | ||||
-rw-r--r-- | includes/pages/user_news.php | 15 | ||||
-rw-r--r-- | includes/pages/user_questions.php | 7 | ||||
-rw-r--r-- | includes/pages/user_wakeup.php | 145 |
8 files changed, 344 insertions, 303 deletions
diff --git a/includes/pages/admin_language.php b/includes/pages/admin_language.php index be89fc70..00afe622 100644 --- a/includes/pages/admin_language.php +++ b/includes/pages/admin_language.php @@ -1,110 +1,105 @@ <?php function admin_language() { - global $user; - - $html = ""; - if (!isset ($_POST["TextID"])) { - $html .= Get_Text("Hello") . User_Nick_render($user) . ", <br />\n"; - $html .= Get_Text("pub_sprache_text1") . "<br /><br />\n"; - - $html .= "<a href=\"" . page_link_to("admin_language") . "&ShowEntry=y\">" . Get_Text("pub_sprache_ShowEntry") . "</a>"; - // ausgabe Tabellenueberschift - $SQL_Sprachen = "SELECT `Sprache` FROM `Sprache` GROUP BY `Sprache`;"; - $erg_Sprachen = sql_query($SQL_Sprachen); - - for ($i = 0; $i < mysql_num_rows($erg_Sprachen); $i++) - $Sprachen[mysql_result($erg_Sprachen, $i, "Sprache")] = $i; - - $html .= "\t<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n\t\t<tr>"; - $html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_TextID") . "</b></td>"; - foreach ($Sprachen as $Name => $Value) - $html .= "<td class=\"contenttopic\"><b>" . - Get_Text("pub_sprache_Sprache") . " " . $Name . - "</b></td>"; - $html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_Edit") . "</b></td>"; - $html .= "\t\t</tr>"; - - if (isset ($_GET["ShowEntry"])) { - // ausgabe eintraege - $SQL = "SELECT * FROM `Sprache` ORDER BY `TextID`;"; - $erg = sql_query($SQL); - - $TextID_Old = mysql_result($erg, 0, "TextID"); - for ($i = 0; $i < mysql_num_rows($erg); $i++) { - $TextID_New = mysql_result($erg, $i, "TextID"); - if ($TextID_Old != $TextID_New) { - $html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">"; - $html .= "<tr class=\"content\">\n"; - $html .= "\t\t<td>$TextID_Old " . - "<input name=\"TextID\" type=\"hidden\" value=\"$TextID_Old\"> </td>\n"; - - foreach ($Sprachen as $Name => $Value) { - $Value = html_entity_decode($Value, ENT_QUOTES); - $html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Value</textarea></td>\n"; - $Sprachen[$Name] = ""; - } - - $html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n"; - $html .= "</tr>"; - $html .= "</form>\n"; - $TextID_Old = $TextID_New; - } - $Sprachen[mysql_result($erg, $i, "Sprache")] = mysql_result($erg, $i, "Text"); - } /*FOR*/ - } - - //fuer neu eintraege - $html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">"; - $html .= "<tr class=\"content\">\n"; - $html .= "\t\t<td><input name=\"TextID\" type=\"text\" size=\"40\" value=\"new\"> </td>\n"; - - foreach ($Sprachen as $Name => $Value) - $html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Name Text</textarea></td>\n"; - - $html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n"; - $html .= "</tr>"; - $html .= "</form>\n"; - - $html .= "</table>\n"; - } /*if( !isset( $TextID ) )*/ - else { - $html .= "edit: " . $_POST["TextID"] . "<br /><br />"; - foreach ($_POST as $k => $v) { - if ($k != "TextID") { - $sql_test = "SELECT * FROM `Sprache` " . - "WHERE `TextID`='" . sql_escape($_POST["TextID"]) - . "' AND `Sprache`='" - . sql_escape($k) . "'"; - - $erg_test = sql_query($sql_test); - - if (mysql_num_rows($erg_test) == 0) { - $sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) " . - "VALUES ('" . sql_escape($_POST["TextID"]) . "', '" - . sql_escape($k) . "', '" - . sql_escape($v) . "')"; - - $html .= $sql_save . "<br />"; - $Erg = sql_query($sql_save); - $html .= success("$k Save: OK<br />\n", true); - } else - if (mysql_result($erg_test, 0, "Text") != $v) { - $sql_save = "UPDATE `Sprache` SET `Text`='" - . sql_escape($v) . "' " . - "WHERE `TextID`='" - . sql_escape($_POST["TextID"]) - . "' AND `Sprache`='" . sql_escape($k) . "' "; - - $html .= $sql_save . "<br />"; - $Erg = sql_query($sql_save); - $html .= success(" $k Update: OK<br />\n", true); - } else - $html .= "\t $k no changes<br />\n"; - } - } - - } - return $html; + global $user; + global $languages; + + $html = ""; + if (!isset ($_POST["TextID"])) { + $html .= Get_Text("Hello") . User_Nick_render($user) . ", <br />\n"; + $html .= Get_Text("pub_sprache_text1") . "<br /><br />\n"; + + $html .= "<a href=\"" . page_link_to("admin_language") . "&ShowEntry=y\">" . Get_Text("pub_sprache_ShowEntry") . "</a>"; + // ausgabe Tabellenueberschift + $html .= "\t<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n\t\t<tr>"; + $html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_TextID") . "</b></td>"; + foreach($languages as $language => $language_name) { + $html .= "<td class=\"contenttopic\"><b>" . + Get_Text("pub_sprache_Sprache") . " " . $language . + "</b></td>"; + $Sprachen[$language] = $language_name; + } + $html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_Edit") . "</b></td>"; + $html .= "\t\t</tr>"; + + if (isset ($_GET["ShowEntry"])) { + // ausgabe eintraege + $sprache_source = sql_select("SELECT * FROM `Sprache` ORDER BY `TextID`, `Sprache`"); + + $TextID_Old = $sprache_source[0]['TextID']; + foreach($sprache_source as $sprache_entry) { + $TextID_New = $sprache_entry['TextID']; + if ($TextID_Old != $TextID_New) { + $html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">"; + $html .= "<tr class=\"content\">\n"; + $html .= "\t\t<td>$TextID_Old " . + "<input name=\"TextID\" type=\"hidden\" value=\"$TextID_Old\"> </td>\n"; + + foreach ($Sprachen as $Name => $Value) { + $Value = html_entity_decode($Value, ENT_QUOTES); + $html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Value</textarea></td>\n"; + $Sprachen[$Name] = ""; + } + + $html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n"; + $html .= "</tr>"; + $html .= "</form>\n"; + $TextID_Old = $TextID_New; + } + $Sprachen[$sprache_entry['Sprache']] = $sprache_entry['Text']; + } /*FOR*/ + } + + //fuer neu eintraege + $html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">"; + $html .= "<tr class=\"content\">\n"; + $html .= "\t\t<td><input name=\"TextID\" type=\"text\" size=\"40\" value=\"new\"> </td>\n"; + + foreach ($Sprachen as $Name => $Value) + $html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Name Text</textarea></td>\n"; + + $html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n"; + $html .= "</tr>"; + $html .= "</form>\n"; + + $html .= "</table>\n"; + } /*if( !isset( $TextID ) )*/ + else { + $html .= "edit: " . $_POST["TextID"] . "<br /><br />"; + foreach ($_POST as $k => $v) { + if ($k != "TextID") { + $sql_test = "SELECT * FROM `Sprache` " . + "WHERE `TextID`='" . sql_escape($_POST["TextID"]) + . "' AND `Sprache`='" + . sql_escape($k) . "'"; + + $erg_test = sql_select("SELECT * FROM `Sprache` WHERE `TextID`='" . sql_escape($_POST["TextID"]) . "' AND `Sprache`='" . sql_escape($k) . "'"); + if (count($erg_test) == 0) { + $sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) " . + "VALUES ('" . sql_escape($_POST["TextID"]) . "', '" + . sql_escape($k) . "', '" + . sql_escape($v) . "')"; + + $html .= $sql_save . "<br />"; + $Erg = sql_query($sql_save); + $html .= success("$k Save: OK<br />\n", true); + } else + if ($erg_test[0]['Text'] != $v) { + $sql_save = "UPDATE `Sprache` SET `Text`='" + . sql_escape($v) . "' " . + "WHERE `TextID`='" + . sql_escape($_POST["TextID"]) + . "' AND `Sprache`='" . sql_escape($k) . "' "; + + $html .= $sql_save . "<br />"; + $Erg = sql_query($sql_save); + $html .= success(" $k Update: OK<br />\n", true); + } else + $html .= "\t $k no changes<br />\n"; + } + } + + } + return $html; } ?> diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php index 661aa511..25807151 100644 --- a/includes/pages/admin_news.php +++ b/includes/pages/admin_news.php @@ -17,6 +17,10 @@ function admin_news() { if (count($news) > 0) { list ($news) = $news; + $user_source = User($news['UID']); + if($user_source === false) + engelsystem_error("Unable to load user."); + $html .= '<a href="' . page_link_to("news") . '">« Back</a>'; $html .= "<form action=\"" . page_link_to("admin_news") . "&action=save\" method=\"post\">\n"; @@ -29,7 +33,7 @@ function admin_news() { $html .= " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">" . $news["Text"] . "</textarea></td></tr>\n"; $html .= " <tr><td>Engel</td><td>" . - UID2Nick($news["UID"]) . "</td></tr>\n"; + User_Nick_render($user_source) . "</td></tr>\n"; $html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', 'eTreffen', array ( '1' => "Ja", '0' => "Nein" diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php index 1e410f07..516d52c9 100644 --- a/includes/pages/admin_questions.php +++ b/includes/pages/admin_questions.php @@ -18,28 +18,42 @@ function admin_questions() { if (!isset ($_REQUEST['action'])) { $open_questions = ""; $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0"); - foreach ($questions as $question) + foreach ($questions as $question) { + $user_source = User($question['UID']); + if($user_source === false) + engelsystem_error("Unable to load user."); + $open_questions .= template_render( '../templates/admin_question_unanswered.html', array ( - 'question_nick' => UID2Nick($question['UID']), + 'question_nick' => User_Nick_render($user_source), 'question_id' => $question['QID'], 'link' => page_link_to("admin_questions"), 'question' => str_replace("\n", '<br />', $question['Question']) )); + } $answered_questions = ""; $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0"); - foreach ($questions as $question) + foreach ($questions as $question) { + $user_source = User($question['UID']); + if($user_source === false) + engelsystem_error("Unable to load user."); + + $answer_user_source = User($question['AID']); + if($answer_user_source === false) + engelsystem_error("Unable to load user."); + $answered_questions .= template_render( '../templates/admin_question_answered.html', array ( 'question_id' => $question['QID'], - 'question_nick' => UID2Nick($question['UID']), + 'question_nick' => User_Nick_render($user_source), 'question' => str_replace("\n", "<br />", $question['Question']), - 'answer_nick' => UID2Nick($question['AID']), + 'answer_nick' => User_Nick_render($answer_user_source), 'answer' => str_replace("\n", "<br />", $question['Answer']), 'link' => page_link_to("admin_questions"), )); + } return template_render('../templates/admin_questions.html', array ( 'link' => page_link_to("admin_questions"), diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index 0c9f9bbe..58b2947e 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -26,38 +26,38 @@ function admin_user() { $html .= "<table>\n"; $html .= " <tr><td>Nick</td><td>" . "<input type=\"text\" size=\"40\" name=\"eNick\" value=\"" . - mysql_result($Erg, 0, "Nick") . "\"></td></tr>\n"; + $user_source['Nick'] . "\"></td></tr>\n"; $html .= " <tr><td>lastLogIn</td><td>" . - date("Y-m-d H:i", mysql_result($Erg, 0, "lastLogIn")) . "</td></tr>\n"; + date("Y-m-d H:i", $user_source['lastLogIn']) . "</td></tr>\n"; $html .= " <tr><td>Name</td><td>" . "<input type=\"text\" size=\"40\" name=\"eName\" value=\"" . - mysql_result($Erg, 0, "Name") . "\"></td></tr>\n"; + $user_source['Name'] . "\"></td></tr>\n"; $html .= " <tr><td>Vorname</td><td>" . "<input type=\"text\" size=\"40\" name=\"eVorname\" value=\"" . - mysql_result($Erg, 0, "Vorname") . "\"></td></tr>\n"; + $user_source['Vorname'] . "\"></td></tr>\n"; $html .= " <tr><td>Alter</td><td>" . "<input type=\"text\" size=\"5\" name=\"eAlter\" value=\"" . - mysql_result($Erg, 0, "Alter") . "\"></td></tr>\n"; + $user_source['Alter'] . "\"></td></tr>\n"; $html .= " <tr><td>Telefon</td><td>" . "<input type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" . - mysql_result($Erg, 0, "Telefon") . "\"></td></tr>\n"; + $user_source['Telefon'] . "\"></td></tr>\n"; $html .= " <tr><td>Handy</td><td>" . "<input type=\"text\" size=\"40\" name=\"eHandy\" value=\"" . - mysql_result($Erg, 0, "Handy") . "\"></td></tr>\n"; + $user_source['Handy'] . "\"></td></tr>\n"; $html .= " <tr><td>DECT</td><td>" . "<input type=\"text\" size=\"4\" name=\"eDECT\" value=\"" . - mysql_result($Erg, 0, "DECT") . "\"></td></tr>\n"; + $user_source['DECT'] . "\"></td></tr>\n"; $html .= " <tr><td>email</td><td>" . "<input type=\"text\" size=\"40\" name=\"eemail\" value=\"" . - mysql_result($Erg, 0, "email") . "\"></td></tr>\n"; + $user_source['email'] . "\"></td></tr>\n"; $html .= " <tr><td>ICQ</td><td>" . "<input type=\"text\" size=\"40\" name=\"eICQ\" value=\"" . - mysql_result($Erg, 0, "ICQ") . "\"></td></tr>\n"; + $user_source['ICQ'] . "\"></td></tr>\n"; $html .= " <tr><td>jabber</td><td>" . "<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"" . - mysql_result($Erg, 0, "jabber") . "\"></td></tr>\n"; + $user_source['jabber'] . "\"></td></tr>\n"; $html .= " <tr><td>Size</td><td>" . - html_select_key('size', 'eSize', $tshirt_sizes, mysql_result($Erg, 0, "Size")) . "</td></tr>\n"; + html_select_key('size', 'eSize', $tshirt_sizes, $user_source['Size']) . "</td></tr>\n"; $options = array ( '1' => "Yes", @@ -66,21 +66,21 @@ function admin_user() { // Gekommen? $html .= " <tr><td>Gekommen</td><td>\n"; - $html .= html_options('eGekommen', $options, mysql_result($Erg, 0, "Gekommen")) . "</td></tr>\n"; + $html .= html_options('eGekommen', $options, $user_source['Gekommen']) . "</td></tr>\n"; // Aktiv? $html .= " <tr><td>Aktiv</td><td>\n"; - $html .= html_options('eAktiv', $options, mysql_result($Erg, 0, "Aktiv")) . "</td></tr>\n"; + $html .= html_options('eAktiv', $options, $user_source['Aktiv']) . "</td></tr>\n"; // T-Shirt bekommen? $html .= " <tr><td>T-Shirt</td><td>\n"; - $html .= html_options('eTshirt', $options, mysql_result($Erg, 0, "Tshirt")) . "</td></tr>\n"; + $html .= html_options('eTshirt', $options, $user_source['Tshirt']) . "</td></tr>\n"; $html .= " <tr><td>Hometown</td><td>" . "<input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" . - mysql_result($Erg, 0, "Hometown") . "\"></td></tr>\n"; + $user_source['Hometown'] . "\"></td></tr>\n"; - $html .= "</table>\n</td><td valign=\"top\">" . displayavatar($id, false) . "</td></tr>"; + $html .= "</table>\n</td><td valign=\"top\">" . User_Avatar_render($user_source) . "</td></tr>"; $html .= "</td></tr>\n"; $html .= "</table>\n<br />\n"; @@ -113,7 +113,7 @@ function admin_user() { $selected_angel_types = array_unique($selected_angel_types); // Assign angel-types - sql_start_transaction(); + sql_transaction_start(); sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID'])); $user_angel_type_info = array(); if (!empty($selected_angel_types)) { @@ -131,7 +131,7 @@ function admin_user() { if (!empty($accepted_angel_types)) sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id` = '" . sql_escape($user['UID']) . "' WHERE `user_id` = '" . sql_escape($user_source['UID']) . "' AND `angeltype_id` IN (" . implode(',', $accepted_angel_types) . ")"); } - sql_stop_transaction(); + sql_transaction_commit(); engelsystem_log("Set angeltypes of " . User_Nick_render($user_source) . " to: " . join(", ", $user_angel_type_info)); success("Angeltypes saved."); diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php index ed736cc7..fccc6f1d 100644 --- a/includes/pages/user_messages.php +++ b/includes/pages/user_messages.php @@ -1,107 +1,120 @@ <?php function user_unread_messages() { - global $user, $privileges; + global $user, $privileges; - if (in_array("user_messages", $privileges)) { - $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID'])); + if (in_array("user_messages", $privileges)) { + $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID'])); - if ($new_messages > 0) - return sprintf('<p class="info"><a href="%s">%s %s %s</a></p><hr />', page_link_to("user_messages"), Get_Text("pub_messages_new1"), $new_messages, Get_Text("pub_messages_new2")); - } + if ($new_messages > 0) + return sprintf('<p class="info"><a href="%s">%s %s %s</a></p><hr />', page_link_to("user_messages"), Get_Text("pub_messages_new1"), $new_messages, Get_Text("pub_messages_new2")); + } - return ""; + return ""; } function user_messages() { - global $user; - - if (!isset ($_REQUEST['action'])) { - $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`"); - - $to_select_data = array ( - "" => "Select recipient..." - ); - - foreach ($users as $u) - $to_select_data[$u['UID']] = $u['Nick']; - - $to_select = html_select_key('to', 'to', $to_select_data, ''); - - $messages_html = ""; - $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC"); - foreach ($messages as $message) { - - $messages_html .= sprintf('<tr %s> <td>%s</td> <td>%s</td> <td>%s</td> <td>%s</td>' . - '<td>%s</td>', ($message['isRead'] == 'N' ? ' class="new_message"' : ''), ($message['isRead'] == 'N' ? '•' : ''), date("Y-m-d H:i", $message['Datum']), UID2Nick($message['SUID']), UID2Nick($message['RUID']), str_replace("\n", '<br />', $message['Text'])); - - $messages_html .= '<td>'; - if ($message['RUID'] == $user['UID']) { - if ($message['isRead'] == 'N') - $messages_html .= '<a href="' . page_link_to("user_messages") . '&action=read&id=' . $message['id'] . '">' . Get_Text("pub_messages_MarkRead") . '</a>'; - } else { - $messages_html .= '<a href="' . page_link_to("user_messages") . '&action=delete&id=' . $message['id'] . '">' . Get_Text("pub_messages_DelMsg") . '</a>'; - } - $messages_html .= '</td></tr>'; - } - - return template_render('../templates/user_messages.html', array ( - 'link' => page_link_to("user_messages"), - 'greeting' => Get_Text("Hello") . User_Nick_render($user) . ", <br />\n" . Get_Text("pub_messages_text1") . "<br /><br />\n", - 'messages' => $messages_html, - 'new_label' => Get_Text("pub_messages_Neu"), - 'date_label' => Get_Text("pub_messages_Datum"), - 'from_label' => Get_Text("pub_messages_Von"), - 'to_label' => Get_Text("pub_messages_An"), - 'text_label' => Get_Text("pub_messages_Text"), - 'date' => date("Y-m-d H:i"), - 'from' => User_Nick_render($user), - 'to_select' => $to_select, - 'submit_label' => Get_Text("save") - )); - } else { - switch ($_REQUEST['action']) { - case "read" : - if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) - $id = $_REQUEST['id']; - else - return error("Incomplete call, missing Message ID.", true); - - $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); - if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) { - sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1"); - redirect(page_link_to("user_messages")); - } else - return error("No Message found.", true); - break; - - case "delete" : - if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) - $id = $_REQUEST['id']; - else - return error("Incomplete call, missing Message ID.", true); - - $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); - if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) { - sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); - redirect(page_link_to("user_messages")); - } else - return error("No Message found.", true); - break; - - case "send" : - $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); - $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['to'])); - if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) { - sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'"); - redirect(page_link_to("user_messages")); - } else { - return error(Get_Text("pub_messages_Send_Error"), true); - } - break; - - default : - return error("Wrong action.", true); - } - } + global $user; + + if (!isset ($_REQUEST['action'])) { + $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`"); + + $to_select_data = array ( + "" => "Select recipient..." + ); + + foreach ($users as $u) + $to_select_data[$u['UID']] = $u['Nick']; + + $to_select = html_select_key('to', 'to', $to_select_data, ''); + + $messages_html = ""; + $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC"); + foreach ($messages as $message) { + $sender_user_source = User($message['SUID']); + if($sender_user_source === false) + engelsystem_error("Unable to load user."); + $receiver_user_source = User($message['RUID']); + if($receiver_user_source === false) + engelsystem_error("Unable to load user."); + + $messages_html .= sprintf( + '<tr %s> <td>%s</td> <td>%s</td> <td>%s</td> <td>%s</td><td>%s</td>', + ($message['isRead'] == 'N' ? ' class="new_message"' : ''), + ($message['isRead'] == 'N' ? '•' : ''), + date("Y-m-d H:i", $message['Datum']), + User_Nick_render($sender_user_source), + User_Nick_render($receiver_user_source), + str_replace("\n", '<br />', $message['Text']) + ); + + $messages_html .= '<td>'; + if ($message['RUID'] == $user['UID']) { + if ($message['isRead'] == 'N') + $messages_html .= '<a href="' . page_link_to("user_messages") . '&action=read&id=' . $message['id'] . '">' . Get_Text("pub_messages_MarkRead") . '</a>'; + } else { + $messages_html .= '<a href="' . page_link_to("user_messages") . '&action=delete&id=' . $message['id'] . '">' . Get_Text("pub_messages_DelMsg") . '</a>'; + } + $messages_html .= '</td></tr>'; + } + + return template_render('../templates/user_messages.html', array ( + 'link' => page_link_to("user_messages"), + 'greeting' => Get_Text("Hello") . User_Nick_render($user) . ", <br />\n" . Get_Text("pub_messages_text1") . "<br /><br />\n", + 'messages' => $messages_html, + 'new_label' => Get_Text("pub_messages_Neu"), + 'date_label' => Get_Text("pub_messages_Datum"), + 'from_label' => Get_Text("pub_messages_Von"), + 'to_label' => Get_Text("pub_messages_An"), + 'text_label' => Get_Text("pub_messages_Text"), + 'date' => date("Y-m-d H:i"), + 'from' => User_Nick_render($user), + 'to_select' => $to_select, + 'submit_label' => Get_Text("save") + )); + } else { + switch ($_REQUEST['action']) { + case "read" : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Message ID.", true); + + $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) { + sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + redirect(page_link_to("user_messages")); + } else + return error("No Message found.", true); + break; + + case "delete" : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Message ID.", true); + + $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) { + sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + redirect(page_link_to("user_messages")); + } else + return error("No Message found.", true); + break; + + case "send" : + $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); + $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['to'])); + if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) { + sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'"); + redirect(page_link_to("user_messages")); + } else { + return error(Get_Text("pub_messages_Send_Error"), true); + } + break; + + default : + return error("Wrong action.", true); + } + } } ?> diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php index a8d819d0..481cf738 100644 --- a/includes/pages/user_news.php +++ b/includes/pages/user_news.php @@ -35,7 +35,12 @@ function display_news($news) { $html .= '<article class="news' . ($news['Treffen'] == 1 ? ' meeting' : '') . '">'; $html .= '<details>'; $html .= date("Y-m-d H:i", $news['Datum']) . ', '; - $html .= UID2Nick($news['UID']); + + $user_source = User($news['UID']); + if($user_source === false) + engelsystem_error("Unable to load user."); + + $html .= User_Nick_render($user_source); if ($p != "news_comments") $html .= ', <a href="' . page_link_to("news_comments") . '&nid=' . $news['ID'] . '">Kommentare (' . sql_num_query("SELECT * FROM `news_comments` WHERE `Refid`='" . sql_escape($news['ID']) . "'") . ') »</a>'; $html .= '</details>'; @@ -69,11 +74,15 @@ function user_news_comments() { $comments = sql_select("SELECT * FROM `news_comments` WHERE `Refid`='" . sql_escape($nid) . "' ORDER BY 'ID'"); foreach ($comments as $comment) { + $user_source = User($comment['UID']); + if($user_source === false) + engelsystem_error("Unable to load user."); + $html .= '<article class="news_comment">'; - $html .= DisplayAvatar($comment['UID']); + $html .= User_Avatar_render($user_source); $html .= '<details>'; $html .= $comment['Datum'] . ', '; - $html .= UID2Nick($comment['UID']); + $html .= User_Nick_render($user_source); $html .= '</details>'; $html .= '<p>' . nl2br($comment['Text']) . '</p>'; $html .= '</article>'; diff --git a/includes/pages/user_questions.php b/includes/pages/user_questions.php index 5d55f647..97035546 100644 --- a/includes/pages/user_questions.php +++ b/includes/pages/user_questions.php @@ -12,7 +12,12 @@ function user_questions() { $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0 AND `UID`=" . sql_escape($user['UID'])); foreach ($questions as $question) { $answered_questions .= '<tr><td>' . str_replace("\n", '<br />', $question['Question']) . '</td>'; - $answered_questions .= '<td>' . UID2Nick($question['AID']) . '</td><td>' . str_replace("\n", '<br />', $question['Answer']) . '</td>'; + + $answer_user_source = User($question['AID']); + if($answer_user_source === false) + engelsystem_error("Unable to load user."); + + $answered_questions .= '<td>' . User_Nick_render($answer_user_source) . '</td><td>' . str_replace("\n", '<br />', $question['Answer']) . '</td>'; $answered_questions .= '<td><a href="' . page_link_to("user_questions") . '&action=delete&id=' . $question['QID'] . '">Löschen</a></td><tr>'; } diff --git a/includes/pages/user_wakeup.php b/includes/pages/user_wakeup.php index c897d43e..63aff97c 100644 --- a/includes/pages/user_wakeup.php +++ b/includes/pages/user_wakeup.php @@ -1,86 +1,87 @@ <?php function user_wakeup() { - global $user; + global $user; - $html = ""; + $html = ""; - if (isset ($_REQUEST['action'])) { - switch ($_REQUEST['action']) { - case 'create' : - $date = DateTime::createFromFormat("Y-m-d H:i", $_REQUEST['Date']); - if ($date != null) { - $date = $date->getTimestamp(); - $bemerkung = strip_request_item_nl('Bemerkung'); - $ort = strip_request_item('Ort'); - $SQL = "INSERT INTO `Wecken` (`UID`, `Date`, `Ort`, `Bemerkung`) " - . "VALUES ('" . sql_escape($user['UID']) . "', '" - . sql_escape($date) . "', '" . sql_escape($ort) . "', " . "'" - . sql_escape($bemerkung) . "')"; - sql_query($SQL); - $html .= success(Get_Text(4), true); - } else - $html .= error("Broken date!", true); - break; + if (isset ($_REQUEST['action'])) { + switch ($_REQUEST['action']) { + case 'create' : + $date = DateTime::createFromFormat("Y-m-d H:i", $_REQUEST['Date']); + if ($date != null) { + $date = $date->getTimestamp(); + $bemerkung = strip_request_item_nl('Bemerkung'); + $ort = strip_request_item('Ort'); + $SQL = "INSERT INTO `Wecken` (`UID`, `Date`, `Ort`, `Bemerkung`) " + . "VALUES ('" . sql_escape($user['UID']) . "', '" + . sql_escape($date) . "', '" . sql_escape($ort) . "', " . "'" + . sql_escape($bemerkung) . "')"; + sql_query($SQL); + $html .= success(Get_Text(4), true); + } else + $html .= error("Broken date!", true); + break; - case 'delete' : - if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) - $id = $_REQUEST['id']; - else - return error("Incomplete call, missing wake-up ID.", true); + case 'delete' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing wake-up ID.", true); - $wakeup = sql_select("SELECT * FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); - if (count($wakeup) > 0 && $wakeup[0]['UID'] == $user['UID']) { - sql_query("DELETE FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); - $html .= success("Wake-up call deleted.", true); - } else - return error("No wake-up found.", true); - break; - } - } + $wakeup = sql_select("SELECT * FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + if (count($wakeup) > 0 && $wakeup[0]['UID'] == $user['UID']) { + sql_query("DELETE FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + $html .= success("Wake-up call deleted.", true); + } else + return error("No wake-up found.", true); + break; + } + } - $html .= "<p>" . Get_Text("Hello") . User_Nick_render($user) . ",<br />" - . Get_Text("pub_wake_beschreibung") . "</p>\n\n"; - $html .= Get_Text("pub_wake_beschreibung2"); - $html .= ' -<table border="0" width="100%" class="border" cellpadding="2" cellspacing="1"> + $html .= "<p>" . Get_Text("Hello") . User_Nick_render($user) . ",<br />" + . Get_Text("pub_wake_beschreibung") . "</p>\n\n"; + $html .= Get_Text("pub_wake_beschreibung2"); + $html .= ' + <table border="0" width="100%" class="border" cellpadding="2" cellspacing="1"> <tr class="contenttopic"> - <th>' . Get_Text("pub_wake_Datum") . '</th> - <th>' . Get_Text("pub_waeckliste_Nick") . '</th> - <th>' . Get_Text("pub_wake_Ort") . '</th> - <th>' . Get_Text("pub_wake_Bemerkung") . '</th> - <th></th> - </tr> -'; + <th>' . Get_Text("pub_wake_Datum") . '</th> + <th>' . Get_Text("pub_waeckliste_Nick") . '</th> + <th>' . Get_Text("pub_wake_Ort") . '</th> + <th>' . Get_Text("pub_wake_Bemerkung") . '</th> + <th></th> + </tr> + '; - $sql = "SELECT * FROM `Wecken` ORDER BY `Date` ASC"; - $Erg = sql_query($sql); - $count = mysql_num_rows($Erg); + $wecken_source = sql_select("SELECT * FROM `Wecken` ORDER BY `Date` ASC"); + foreach($wecken_source as $wecken) { + $html .= '<tr class="content">'; + $html .= '<td>' . date("Y-m-d H:i", $wecken['Date']) . ' </td>'; - for ($i = 0; $i < $count; $i++) { - $row = mysql_fetch_row($Erg); - $html .= '<tr class="content">'; - $html .= '<td>' . date("Y-m-d H:i", mysql_result($Erg, $i, "Date")) . ' </td>'; - $html .= '<td>' . UID2Nick(mysql_result($Erg, $i, "UID")) . ' </td>'; - $html .= '<td>' . mysql_result($Erg, $i, "Ort") . ' </td>'; - $html .= '<td>' . mysql_result($Erg, $i, "Bemerkung") . ' </td>'; - if (mysql_result($Erg, $i, "UID") == $user['UID']) - $html .= '<td><a href="' . page_link_to("user_wakeup") . '&action=delete&id=' . mysql_result($Erg, $i, "ID") . "\">" . Get_Text("pub_wake_del") . '</a></td>'; - else - $html .= '<td></td>'; - $html .= '</tr>'; - } + $user_source = User($wecken['UID']); + if($user_source === false) + engelsystem_error("Unable to load user."); - $html .= '</table><hr />' . Get_Text("pub_wake_Text2"); + $html .= '<td>' . User_Nick_render($user_source) . ' </td>'; + $html .= '<td>' . $wecken['Ort'] . ' </td>'; + $html .= '<td>' . $wecken['Bemerkung'] . ' </td>'; + if ($wecken['UID'] == $user['UID']) + $html .= '<td><a href="' . page_link_to("user_wakeup") . '&action=delete&id=' . $wecken['ID'] . "\">" . Get_Text("pub_wake_del") . '</a></td>'; + else + $html .= '<td></td>'; + $html .= '</tr>'; + } - $html .= template_render('../templates/user_wakeup.html', array ( - 'wakeup_link' => page_link_to("user_wakeup"), - 'date_text' => Get_Text("pub_wake_Datum"), - 'date_value' => date("Y-m-d H:i"), - 'place_text' => Get_Text("pub_wake_Ort"), - 'comment_text' => Get_Text("pub_wake_Bemerkung"), - 'comment_value' => "Knock knock Leo, follow the white rabbit to the blue tent", - 'submit_text' => Get_Text("pub_wake_bouton") - )); - return $html; + $html .= '</table><hr />' . Get_Text("pub_wake_Text2"); + + $html .= template_render('../templates/user_wakeup.html', array ( + 'wakeup_link' => page_link_to("user_wakeup"), + 'date_text' => Get_Text("pub_wake_Datum"), + 'date_value' => date("Y-m-d H:i"), + 'place_text' => Get_Text("pub_wake_Ort"), + 'comment_text' => Get_Text("pub_wake_Bemerkung"), + 'comment_value' => "Knock knock Leo, follow the white rabbit to the blue tent", + 'submit_text' => Get_Text("pub_wake_bouton") + )); + return $html; } ?> |