summaryrefslogtreecommitdiff
path: root/includes/pages
diff options
context:
space:
mode:
authorPhilip Häusler <msquare@notrademark.de>2013-09-18 01:38:36 +0200
committerPhilip Häusler <msquare@notrademark.de>2013-09-18 01:38:36 +0200
commitbfb0cacd541cc20129a3c0ac77130370741dca18 (patch)
tree0a0e86e1a53d712065664c12d06603bc044df9ec /includes/pages
parentd50cc21f50cb3ec3afdabb74a20d81bd1a53dfbd (diff)
mysql to mysqli and a lot of cleanup and mvc
Diffstat (limited to 'includes/pages')
-rw-r--r--includes/pages/admin_language.php205
-rw-r--r--includes/pages/admin_news.php6
-rw-r--r--includes/pages/admin_questions.php24
-rw-r--r--includes/pages/admin_user.php38
-rw-r--r--includes/pages/user_messages.php207
-rw-r--r--includes/pages/user_news.php15
-rw-r--r--includes/pages/user_questions.php7
-rw-r--r--includes/pages/user_wakeup.php145
8 files changed, 344 insertions, 303 deletions
diff --git a/includes/pages/admin_language.php b/includes/pages/admin_language.php
index be89fc70..00afe622 100644
--- a/includes/pages/admin_language.php
+++ b/includes/pages/admin_language.php
@@ -1,110 +1,105 @@
<?php
function admin_language() {
- global $user;
-
- $html = "";
- if (!isset ($_POST["TextID"])) {
- $html .= Get_Text("Hello") . User_Nick_render($user) . ", <br />\n";
- $html .= Get_Text("pub_sprache_text1") . "<br /><br />\n";
-
- $html .= "<a href=\"" . page_link_to("admin_language") . "&ShowEntry=y\">" . Get_Text("pub_sprache_ShowEntry") . "</a>";
- // ausgabe Tabellenueberschift
- $SQL_Sprachen = "SELECT `Sprache` FROM `Sprache` GROUP BY `Sprache`;";
- $erg_Sprachen = sql_query($SQL_Sprachen);
-
- for ($i = 0; $i < mysql_num_rows($erg_Sprachen); $i++)
- $Sprachen[mysql_result($erg_Sprachen, $i, "Sprache")] = $i;
-
- $html .= "\t<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n\t\t<tr>";
- $html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_TextID") . "</b></td>";
- foreach ($Sprachen as $Name => $Value)
- $html .= "<td class=\"contenttopic\"><b>" .
- Get_Text("pub_sprache_Sprache") . " " . $Name .
- "</b></td>";
- $html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_Edit") . "</b></td>";
- $html .= "\t\t</tr>";
-
- if (isset ($_GET["ShowEntry"])) {
- // ausgabe eintraege
- $SQL = "SELECT * FROM `Sprache` ORDER BY `TextID`;";
- $erg = sql_query($SQL);
-
- $TextID_Old = mysql_result($erg, 0, "TextID");
- for ($i = 0; $i < mysql_num_rows($erg); $i++) {
- $TextID_New = mysql_result($erg, $i, "TextID");
- if ($TextID_Old != $TextID_New) {
- $html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">";
- $html .= "<tr class=\"content\">\n";
- $html .= "\t\t<td>$TextID_Old " .
- "<input name=\"TextID\" type=\"hidden\" value=\"$TextID_Old\"> </td>\n";
-
- foreach ($Sprachen as $Name => $Value) {
- $Value = html_entity_decode($Value, ENT_QUOTES);
- $html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Value</textarea></td>\n";
- $Sprachen[$Name] = "";
- }
-
- $html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n";
- $html .= "</tr>";
- $html .= "</form>\n";
- $TextID_Old = $TextID_New;
- }
- $Sprachen[mysql_result($erg, $i, "Sprache")] = mysql_result($erg, $i, "Text");
- } /*FOR*/
- }
-
- //fuer neu eintraege
- $html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">";
- $html .= "<tr class=\"content\">\n";
- $html .= "\t\t<td><input name=\"TextID\" type=\"text\" size=\"40\" value=\"new\"> </td>\n";
-
- foreach ($Sprachen as $Name => $Value)
- $html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Name Text</textarea></td>\n";
-
- $html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n";
- $html .= "</tr>";
- $html .= "</form>\n";
-
- $html .= "</table>\n";
- } /*if( !isset( $TextID ) )*/
- else {
- $html .= "edit: " . $_POST["TextID"] . "<br /><br />";
- foreach ($_POST as $k => $v) {
- if ($k != "TextID") {
- $sql_test = "SELECT * FROM `Sprache` " .
- "WHERE `TextID`='" . sql_escape($_POST["TextID"])
- . "' AND `Sprache`='"
- . sql_escape($k) . "'";
-
- $erg_test = sql_query($sql_test);
-
- if (mysql_num_rows($erg_test) == 0) {
- $sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) " .
- "VALUES ('" . sql_escape($_POST["TextID"]) . "', '"
- . sql_escape($k) . "', '"
- . sql_escape($v) . "')";
-
- $html .= $sql_save . "<br />";
- $Erg = sql_query($sql_save);
- $html .= success("$k Save: OK<br />\n", true);
- } else
- if (mysql_result($erg_test, 0, "Text") != $v) {
- $sql_save = "UPDATE `Sprache` SET `Text`='"
- . sql_escape($v) . "' " .
- "WHERE `TextID`='"
- . sql_escape($_POST["TextID"])
- . "' AND `Sprache`='" . sql_escape($k) . "' ";
-
- $html .= $sql_save . "<br />";
- $Erg = sql_query($sql_save);
- $html .= success(" $k Update: OK<br />\n", true);
- } else
- $html .= "\t $k no changes<br />\n";
- }
- }
-
- }
- return $html;
+ global $user;
+ global $languages;
+
+ $html = "";
+ if (!isset ($_POST["TextID"])) {
+ $html .= Get_Text("Hello") . User_Nick_render($user) . ", <br />\n";
+ $html .= Get_Text("pub_sprache_text1") . "<br /><br />\n";
+
+ $html .= "<a href=\"" . page_link_to("admin_language") . "&ShowEntry=y\">" . Get_Text("pub_sprache_ShowEntry") . "</a>";
+ // ausgabe Tabellenueberschift
+ $html .= "\t<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n\t\t<tr>";
+ $html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_TextID") . "</b></td>";
+ foreach($languages as $language => $language_name) {
+ $html .= "<td class=\"contenttopic\"><b>" .
+ Get_Text("pub_sprache_Sprache") . " " . $language .
+ "</b></td>";
+ $Sprachen[$language] = $language_name;
+ }
+ $html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_Edit") . "</b></td>";
+ $html .= "\t\t</tr>";
+
+ if (isset ($_GET["ShowEntry"])) {
+ // ausgabe eintraege
+ $sprache_source = sql_select("SELECT * FROM `Sprache` ORDER BY `TextID`, `Sprache`");
+
+ $TextID_Old = $sprache_source[0]['TextID'];
+ foreach($sprache_source as $sprache_entry) {
+ $TextID_New = $sprache_entry['TextID'];
+ if ($TextID_Old != $TextID_New) {
+ $html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">";
+ $html .= "<tr class=\"content\">\n";
+ $html .= "\t\t<td>$TextID_Old " .
+ "<input name=\"TextID\" type=\"hidden\" value=\"$TextID_Old\"> </td>\n";
+
+ foreach ($Sprachen as $Name => $Value) {
+ $Value = html_entity_decode($Value, ENT_QUOTES);
+ $html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Value</textarea></td>\n";
+ $Sprachen[$Name] = "";
+ }
+
+ $html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n";
+ $html .= "</tr>";
+ $html .= "</form>\n";
+ $TextID_Old = $TextID_New;
+ }
+ $Sprachen[$sprache_entry['Sprache']] = $sprache_entry['Text'];
+ } /*FOR*/
+ }
+
+ //fuer neu eintraege
+ $html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">";
+ $html .= "<tr class=\"content\">\n";
+ $html .= "\t\t<td><input name=\"TextID\" type=\"text\" size=\"40\" value=\"new\"> </td>\n";
+
+ foreach ($Sprachen as $Name => $Value)
+ $html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Name Text</textarea></td>\n";
+
+ $html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n";
+ $html .= "</tr>";
+ $html .= "</form>\n";
+
+ $html .= "</table>\n";
+ } /*if( !isset( $TextID ) )*/
+ else {
+ $html .= "edit: " . $_POST["TextID"] . "<br /><br />";
+ foreach ($_POST as $k => $v) {
+ if ($k != "TextID") {
+ $sql_test = "SELECT * FROM `Sprache` " .
+ "WHERE `TextID`='" . sql_escape($_POST["TextID"])
+ . "' AND `Sprache`='"
+ . sql_escape($k) . "'";
+
+ $erg_test = sql_select("SELECT * FROM `Sprache` WHERE `TextID`='" . sql_escape($_POST["TextID"]) . "' AND `Sprache`='" . sql_escape($k) . "'");
+ if (count($erg_test) == 0) {
+ $sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) " .
+ "VALUES ('" . sql_escape($_POST["TextID"]) . "', '"
+ . sql_escape($k) . "', '"
+ . sql_escape($v) . "')";
+
+ $html .= $sql_save . "<br />";
+ $Erg = sql_query($sql_save);
+ $html .= success("$k Save: OK<br />\n", true);
+ } else
+ if ($erg_test[0]['Text'] != $v) {
+ $sql_save = "UPDATE `Sprache` SET `Text`='"
+ . sql_escape($v) . "' " .
+ "WHERE `TextID`='"
+ . sql_escape($_POST["TextID"])
+ . "' AND `Sprache`='" . sql_escape($k) . "' ";
+
+ $html .= $sql_save . "<br />";
+ $Erg = sql_query($sql_save);
+ $html .= success(" $k Update: OK<br />\n", true);
+ } else
+ $html .= "\t $k no changes<br />\n";
+ }
+ }
+
+ }
+ return $html;
}
?>
diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php
index 661aa511..25807151 100644
--- a/includes/pages/admin_news.php
+++ b/includes/pages/admin_news.php
@@ -17,6 +17,10 @@ function admin_news() {
if (count($news) > 0) {
list ($news) = $news;
+ $user_source = User($news['UID']);
+ if($user_source === false)
+ engelsystem_error("Unable to load user.");
+
$html .= '<a href="' . page_link_to("news") . '">&laquo Back</a>';
$html .= "<form action=\"" . page_link_to("admin_news") . "&action=save\" method=\"post\">\n";
@@ -29,7 +33,7 @@ function admin_news() {
$html .= " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">" .
$news["Text"] . "</textarea></td></tr>\n";
$html .= " <tr><td>Engel</td><td>" .
- UID2Nick($news["UID"]) . "</td></tr>\n";
+ User_Nick_render($user_source) . "</td></tr>\n";
$html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', 'eTreffen', array (
'1' => "Ja",
'0' => "Nein"
diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php
index 1e410f07..516d52c9 100644
--- a/includes/pages/admin_questions.php
+++ b/includes/pages/admin_questions.php
@@ -18,28 +18,42 @@ function admin_questions() {
if (!isset ($_REQUEST['action'])) {
$open_questions = "";
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0");
- foreach ($questions as $question)
+ foreach ($questions as $question) {
+ $user_source = User($question['UID']);
+ if($user_source === false)
+ engelsystem_error("Unable to load user.");
+
$open_questions .= template_render(
'../templates/admin_question_unanswered.html', array (
- 'question_nick' => UID2Nick($question['UID']),
+ 'question_nick' => User_Nick_render($user_source),
'question_id' => $question['QID'],
'link' => page_link_to("admin_questions"),
'question' => str_replace("\n", '<br />', $question['Question'])
));
+ }
$answered_questions = "";
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0");
- foreach ($questions as $question)
+ foreach ($questions as $question) {
+ $user_source = User($question['UID']);
+ if($user_source === false)
+ engelsystem_error("Unable to load user.");
+
+ $answer_user_source = User($question['AID']);
+ if($answer_user_source === false)
+ engelsystem_error("Unable to load user.");
+
$answered_questions .= template_render(
'../templates/admin_question_answered.html', array (
'question_id' => $question['QID'],
- 'question_nick' => UID2Nick($question['UID']),
+ 'question_nick' => User_Nick_render($user_source),
'question' => str_replace("\n", "<br />", $question['Question']),
- 'answer_nick' => UID2Nick($question['AID']),
+ 'answer_nick' => User_Nick_render($answer_user_source),
'answer' => str_replace("\n", "<br />", $question['Answer']),
'link' => page_link_to("admin_questions"),
));
+ }
return template_render('../templates/admin_questions.html', array (
'link' => page_link_to("admin_questions"),
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index 0c9f9bbe..58b2947e 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -26,38 +26,38 @@ function admin_user() {
$html .= "<table>\n";
$html .= " <tr><td>Nick</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eNick\" value=\"" .
- mysql_result($Erg, 0, "Nick") . "\"></td></tr>\n";
+ $user_source['Nick'] . "\"></td></tr>\n";
$html .= " <tr><td>lastLogIn</td><td>" .
- date("Y-m-d H:i", mysql_result($Erg, 0, "lastLogIn")) . "</td></tr>\n";
+ date("Y-m-d H:i", $user_source['lastLogIn']) . "</td></tr>\n";
$html .= " <tr><td>Name</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eName\" value=\"" .
- mysql_result($Erg, 0, "Name") . "\"></td></tr>\n";
+ $user_source['Name'] . "\"></td></tr>\n";
$html .= " <tr><td>Vorname</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eVorname\" value=\"" .
- mysql_result($Erg, 0, "Vorname") . "\"></td></tr>\n";
+ $user_source['Vorname'] . "\"></td></tr>\n";
$html .= " <tr><td>Alter</td><td>" .
"<input type=\"text\" size=\"5\" name=\"eAlter\" value=\"" .
- mysql_result($Erg, 0, "Alter") . "\"></td></tr>\n";
+ $user_source['Alter'] . "\"></td></tr>\n";
$html .= " <tr><td>Telefon</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" .
- mysql_result($Erg, 0, "Telefon") . "\"></td></tr>\n";
+ $user_source['Telefon'] . "\"></td></tr>\n";
$html .= " <tr><td>Handy</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eHandy\" value=\"" .
- mysql_result($Erg, 0, "Handy") . "\"></td></tr>\n";
+ $user_source['Handy'] . "\"></td></tr>\n";
$html .= " <tr><td>DECT</td><td>" .
"<input type=\"text\" size=\"4\" name=\"eDECT\" value=\"" .
- mysql_result($Erg, 0, "DECT") . "\"></td></tr>\n";
+ $user_source['DECT'] . "\"></td></tr>\n";
$html .= " <tr><td>email</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eemail\" value=\"" .
- mysql_result($Erg, 0, "email") . "\"></td></tr>\n";
+ $user_source['email'] . "\"></td></tr>\n";
$html .= " <tr><td>ICQ</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eICQ\" value=\"" .
- mysql_result($Erg, 0, "ICQ") . "\"></td></tr>\n";
+ $user_source['ICQ'] . "\"></td></tr>\n";
$html .= " <tr><td>jabber</td><td>" .
"<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"" .
- mysql_result($Erg, 0, "jabber") . "\"></td></tr>\n";
+ $user_source['jabber'] . "\"></td></tr>\n";
$html .= " <tr><td>Size</td><td>" .
- html_select_key('size', 'eSize', $tshirt_sizes, mysql_result($Erg, 0, "Size")) . "</td></tr>\n";
+ html_select_key('size', 'eSize', $tshirt_sizes, $user_source['Size']) . "</td></tr>\n";
$options = array (
'1' => "Yes",
@@ -66,21 +66,21 @@ function admin_user() {
// Gekommen?
$html .= " <tr><td>Gekommen</td><td>\n";
- $html .= html_options('eGekommen', $options, mysql_result($Erg, 0, "Gekommen")) . "</td></tr>\n";
+ $html .= html_options('eGekommen', $options, $user_source['Gekommen']) . "</td></tr>\n";
// Aktiv?
$html .= " <tr><td>Aktiv</td><td>\n";
- $html .= html_options('eAktiv', $options, mysql_result($Erg, 0, "Aktiv")) . "</td></tr>\n";
+ $html .= html_options('eAktiv', $options, $user_source['Aktiv']) . "</td></tr>\n";
// T-Shirt bekommen?
$html .= " <tr><td>T-Shirt</td><td>\n";
- $html .= html_options('eTshirt', $options, mysql_result($Erg, 0, "Tshirt")) . "</td></tr>\n";
+ $html .= html_options('eTshirt', $options, $user_source['Tshirt']) . "</td></tr>\n";
$html .= " <tr><td>Hometown</td><td>" .
"<input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" .
- mysql_result($Erg, 0, "Hometown") . "\"></td></tr>\n";
+ $user_source['Hometown'] . "\"></td></tr>\n";
- $html .= "</table>\n</td><td valign=\"top\">" . displayavatar($id, false) . "</td></tr>";
+ $html .= "</table>\n</td><td valign=\"top\">" . User_Avatar_render($user_source) . "</td></tr>";
$html .= "</td></tr>\n";
$html .= "</table>\n<br />\n";
@@ -113,7 +113,7 @@ function admin_user() {
$selected_angel_types = array_unique($selected_angel_types);
// Assign angel-types
- sql_start_transaction();
+ sql_transaction_start();
sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']));
$user_angel_type_info = array();
if (!empty($selected_angel_types)) {
@@ -131,7 +131,7 @@ function admin_user() {
if (!empty($accepted_angel_types))
sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id` = '" . sql_escape($user['UID']) . "' WHERE `user_id` = '" . sql_escape($user_source['UID']) . "' AND `angeltype_id` IN (" . implode(',', $accepted_angel_types) . ")");
}
- sql_stop_transaction();
+ sql_transaction_commit();
engelsystem_log("Set angeltypes of " . User_Nick_render($user_source) . " to: " . join(", ", $user_angel_type_info));
success("Angeltypes saved.");
diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php
index ed736cc7..fccc6f1d 100644
--- a/includes/pages/user_messages.php
+++ b/includes/pages/user_messages.php
@@ -1,107 +1,120 @@
<?php
function user_unread_messages() {
- global $user, $privileges;
+ global $user, $privileges;
- if (in_array("user_messages", $privileges)) {
- $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID']));
+ if (in_array("user_messages", $privileges)) {
+ $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID']));
- if ($new_messages > 0)
- return sprintf('<p class="info"><a href="%s">%s %s %s</a></p><hr />', page_link_to("user_messages"), Get_Text("pub_messages_new1"), $new_messages, Get_Text("pub_messages_new2"));
- }
+ if ($new_messages > 0)
+ return sprintf('<p class="info"><a href="%s">%s %s %s</a></p><hr />', page_link_to("user_messages"), Get_Text("pub_messages_new1"), $new_messages, Get_Text("pub_messages_new2"));
+ }
- return "";
+ return "";
}
function user_messages() {
- global $user;
-
- if (!isset ($_REQUEST['action'])) {
- $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`");
-
- $to_select_data = array (
- "" => "Select recipient..."
- );
-
- foreach ($users as $u)
- $to_select_data[$u['UID']] = $u['Nick'];
-
- $to_select = html_select_key('to', 'to', $to_select_data, '');
-
- $messages_html = "";
- $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC");
- foreach ($messages as $message) {
-
- $messages_html .= sprintf('<tr %s> <td>%s</td> <td>%s</td> <td>%s</td> <td>%s</td>' .
- '<td>%s</td>', ($message['isRead'] == 'N' ? ' class="new_message"' : ''), ($message['isRead'] == 'N' ? '•' : ''), date("Y-m-d H:i", $message['Datum']), UID2Nick($message['SUID']), UID2Nick($message['RUID']), str_replace("\n", '<br />', $message['Text']));
-
- $messages_html .= '<td>';
- if ($message['RUID'] == $user['UID']) {
- if ($message['isRead'] == 'N')
- $messages_html .= '<a href="' . page_link_to("user_messages") . '&action=read&id=' . $message['id'] . '">' . Get_Text("pub_messages_MarkRead") . '</a>';
- } else {
- $messages_html .= '<a href="' . page_link_to("user_messages") . '&action=delete&id=' . $message['id'] . '">' . Get_Text("pub_messages_DelMsg") . '</a>';
- }
- $messages_html .= '</td></tr>';
- }
-
- return template_render('../templates/user_messages.html', array (
- 'link' => page_link_to("user_messages"),
- 'greeting' => Get_Text("Hello") . User_Nick_render($user) . ", <br />\n" . Get_Text("pub_messages_text1") . "<br /><br />\n",
- 'messages' => $messages_html,
- 'new_label' => Get_Text("pub_messages_Neu"),
- 'date_label' => Get_Text("pub_messages_Datum"),
- 'from_label' => Get_Text("pub_messages_Von"),
- 'to_label' => Get_Text("pub_messages_An"),
- 'text_label' => Get_Text("pub_messages_Text"),
- 'date' => date("Y-m-d H:i"),
- 'from' => User_Nick_render($user),
- 'to_select' => $to_select,
- 'submit_label' => Get_Text("save")
- ));
- } else {
- switch ($_REQUEST['action']) {
- case "read" :
- if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
- $id = $_REQUEST['id'];
- else
- return error("Incomplete call, missing Message ID.", true);
-
- $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
- if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) {
- sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1");
- redirect(page_link_to("user_messages"));
- } else
- return error("No Message found.", true);
- break;
-
- case "delete" :
- if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
- $id = $_REQUEST['id'];
- else
- return error("Incomplete call, missing Message ID.", true);
-
- $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
- if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) {
- sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
- redirect(page_link_to("user_messages"));
- } else
- return error("No Message found.", true);
- break;
-
- case "send" :
- $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
- $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['to']));
- if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) {
- sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'");
- redirect(page_link_to("user_messages"));
- } else {
- return error(Get_Text("pub_messages_Send_Error"), true);
- }
- break;
-
- default :
- return error("Wrong action.", true);
- }
- }
+ global $user;
+
+ if (!isset ($_REQUEST['action'])) {
+ $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`");
+
+ $to_select_data = array (
+ "" => "Select recipient..."
+ );
+
+ foreach ($users as $u)
+ $to_select_data[$u['UID']] = $u['Nick'];
+
+ $to_select = html_select_key('to', 'to', $to_select_data, '');
+
+ $messages_html = "";
+ $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC");
+ foreach ($messages as $message) {
+ $sender_user_source = User($message['SUID']);
+ if($sender_user_source === false)
+ engelsystem_error("Unable to load user.");
+ $receiver_user_source = User($message['RUID']);
+ if($receiver_user_source === false)
+ engelsystem_error("Unable to load user.");
+
+ $messages_html .= sprintf(
+ '<tr %s> <td>%s</td> <td>%s</td> <td>%s</td> <td>%s</td><td>%s</td>',
+ ($message['isRead'] == 'N' ? ' class="new_message"' : ''),
+ ($message['isRead'] == 'N' ? '•' : ''),
+ date("Y-m-d H:i", $message['Datum']),
+ User_Nick_render($sender_user_source),
+ User_Nick_render($receiver_user_source),
+ str_replace("\n", '<br />', $message['Text'])
+ );
+
+ $messages_html .= '<td>';
+ if ($message['RUID'] == $user['UID']) {
+ if ($message['isRead'] == 'N')
+ $messages_html .= '<a href="' . page_link_to("user_messages") . '&action=read&id=' . $message['id'] . '">' . Get_Text("pub_messages_MarkRead") . '</a>';
+ } else {
+ $messages_html .= '<a href="' . page_link_to("user_messages") . '&action=delete&id=' . $message['id'] . '">' . Get_Text("pub_messages_DelMsg") . '</a>';
+ }
+ $messages_html .= '</td></tr>';
+ }
+
+ return template_render('../templates/user_messages.html', array (
+ 'link' => page_link_to("user_messages"),
+ 'greeting' => Get_Text("Hello") . User_Nick_render($user) . ", <br />\n" . Get_Text("pub_messages_text1") . "<br /><br />\n",
+ 'messages' => $messages_html,
+ 'new_label' => Get_Text("pub_messages_Neu"),
+ 'date_label' => Get_Text("pub_messages_Datum"),
+ 'from_label' => Get_Text("pub_messages_Von"),
+ 'to_label' => Get_Text("pub_messages_An"),
+ 'text_label' => Get_Text("pub_messages_Text"),
+ 'date' => date("Y-m-d H:i"),
+ 'from' => User_Nick_render($user),
+ 'to_select' => $to_select,
+ 'submit_label' => Get_Text("save")
+ ));
+ } else {
+ switch ($_REQUEST['action']) {
+ case "read" :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing Message ID.", true);
+
+ $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+ if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) {
+ sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+ redirect(page_link_to("user_messages"));
+ } else
+ return error("No Message found.", true);
+ break;
+
+ case "delete" :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing Message ID.", true);
+
+ $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+ if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) {
+ sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+ redirect(page_link_to("user_messages"));
+ } else
+ return error("No Message found.", true);
+ break;
+
+ case "send" :
+ $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
+ $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['to']));
+ if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) {
+ sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'");
+ redirect(page_link_to("user_messages"));
+ } else {
+ return error(Get_Text("pub_messages_Send_Error"), true);
+ }
+ break;
+
+ default :
+ return error("Wrong action.", true);
+ }
+ }
}
?>
diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php
index a8d819d0..481cf738 100644
--- a/includes/pages/user_news.php
+++ b/includes/pages/user_news.php
@@ -35,7 +35,12 @@ function display_news($news) {
$html .= '<article class="news' . ($news['Treffen'] == 1 ? ' meeting' : '') . '">';
$html .= '<details>';
$html .= date("Y-m-d H:i", $news['Datum']) . ', ';
- $html .= UID2Nick($news['UID']);
+
+ $user_source = User($news['UID']);
+ if($user_source === false)
+ engelsystem_error("Unable to load user.");
+
+ $html .= User_Nick_render($user_source);
if ($p != "news_comments")
$html .= ', <a href="' . page_link_to("news_comments") . '&nid=' . $news['ID'] . '">Kommentare (' . sql_num_query("SELECT * FROM `news_comments` WHERE `Refid`='" . sql_escape($news['ID']) . "'") . ') &raquo;</a>';
$html .= '</details>';
@@ -69,11 +74,15 @@ function user_news_comments() {
$comments = sql_select("SELECT * FROM `news_comments` WHERE `Refid`='" . sql_escape($nid) . "' ORDER BY 'ID'");
foreach ($comments as $comment) {
+ $user_source = User($comment['UID']);
+ if($user_source === false)
+ engelsystem_error("Unable to load user.");
+
$html .= '<article class="news_comment">';
- $html .= DisplayAvatar($comment['UID']);
+ $html .= User_Avatar_render($user_source);
$html .= '<details>';
$html .= $comment['Datum'] . ', ';
- $html .= UID2Nick($comment['UID']);
+ $html .= User_Nick_render($user_source);
$html .= '</details>';
$html .= '<p>' . nl2br($comment['Text']) . '</p>';
$html .= '</article>';
diff --git a/includes/pages/user_questions.php b/includes/pages/user_questions.php
index 5d55f647..97035546 100644
--- a/includes/pages/user_questions.php
+++ b/includes/pages/user_questions.php
@@ -12,7 +12,12 @@ function user_questions() {
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0 AND `UID`=" . sql_escape($user['UID']));
foreach ($questions as $question) {
$answered_questions .= '<tr><td>' . str_replace("\n", '<br />', $question['Question']) . '</td>';
- $answered_questions .= '<td>' . UID2Nick($question['AID']) . '</td><td>' . str_replace("\n", '<br />', $question['Answer']) . '</td>';
+
+ $answer_user_source = User($question['AID']);
+ if($answer_user_source === false)
+ engelsystem_error("Unable to load user.");
+
+ $answered_questions .= '<td>' . User_Nick_render($answer_user_source) . '</td><td>' . str_replace("\n", '<br />', $question['Answer']) . '</td>';
$answered_questions .= '<td><a href="' . page_link_to("user_questions") . '&action=delete&id=' . $question['QID'] . '">Löschen</a></td><tr>';
}
diff --git a/includes/pages/user_wakeup.php b/includes/pages/user_wakeup.php
index c897d43e..63aff97c 100644
--- a/includes/pages/user_wakeup.php
+++ b/includes/pages/user_wakeup.php
@@ -1,86 +1,87 @@
<?php
function user_wakeup() {
- global $user;
+ global $user;
- $html = "";
+ $html = "";
- if (isset ($_REQUEST['action'])) {
- switch ($_REQUEST['action']) {
- case 'create' :
- $date = DateTime::createFromFormat("Y-m-d H:i", $_REQUEST['Date']);
- if ($date != null) {
- $date = $date->getTimestamp();
- $bemerkung = strip_request_item_nl('Bemerkung');
- $ort = strip_request_item('Ort');
- $SQL = "INSERT INTO `Wecken` (`UID`, `Date`, `Ort`, `Bemerkung`) "
- . "VALUES ('" . sql_escape($user['UID']) . "', '"
- . sql_escape($date) . "', '" . sql_escape($ort) . "', " . "'"
- . sql_escape($bemerkung) . "')";
- sql_query($SQL);
- $html .= success(Get_Text(4), true);
- } else
- $html .= error("Broken date!", true);
- break;
+ if (isset ($_REQUEST['action'])) {
+ switch ($_REQUEST['action']) {
+ case 'create' :
+ $date = DateTime::createFromFormat("Y-m-d H:i", $_REQUEST['Date']);
+ if ($date != null) {
+ $date = $date->getTimestamp();
+ $bemerkung = strip_request_item_nl('Bemerkung');
+ $ort = strip_request_item('Ort');
+ $SQL = "INSERT INTO `Wecken` (`UID`, `Date`, `Ort`, `Bemerkung`) "
+ . "VALUES ('" . sql_escape($user['UID']) . "', '"
+ . sql_escape($date) . "', '" . sql_escape($ort) . "', " . "'"
+ . sql_escape($bemerkung) . "')";
+ sql_query($SQL);
+ $html .= success(Get_Text(4), true);
+ } else
+ $html .= error("Broken date!", true);
+ break;
- case 'delete' :
- if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
- $id = $_REQUEST['id'];
- else
- return error("Incomplete call, missing wake-up ID.", true);
+ case 'delete' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing wake-up ID.", true);
- $wakeup = sql_select("SELECT * FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
- if (count($wakeup) > 0 && $wakeup[0]['UID'] == $user['UID']) {
- sql_query("DELETE FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
- $html .= success("Wake-up call deleted.", true);
- } else
- return error("No wake-up found.", true);
- break;
- }
- }
+ $wakeup = sql_select("SELECT * FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($wakeup) > 0 && $wakeup[0]['UID'] == $user['UID']) {
+ sql_query("DELETE FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
+ $html .= success("Wake-up call deleted.", true);
+ } else
+ return error("No wake-up found.", true);
+ break;
+ }
+ }
- $html .= "<p>" . Get_Text("Hello") . User_Nick_render($user) . ",<br />"
- . Get_Text("pub_wake_beschreibung") . "</p>\n\n";
- $html .= Get_Text("pub_wake_beschreibung2");
- $html .= '
-<table border="0" width="100%" class="border" cellpadding="2" cellspacing="1">
+ $html .= "<p>" . Get_Text("Hello") . User_Nick_render($user) . ",<br />"
+ . Get_Text("pub_wake_beschreibung") . "</p>\n\n";
+ $html .= Get_Text("pub_wake_beschreibung2");
+ $html .= '
+ <table border="0" width="100%" class="border" cellpadding="2" cellspacing="1">
<tr class="contenttopic">
- <th>' . Get_Text("pub_wake_Datum") . '</th>
- <th>' . Get_Text("pub_waeckliste_Nick") . '</th>
- <th>' . Get_Text("pub_wake_Ort") . '</th>
- <th>' . Get_Text("pub_wake_Bemerkung") . '</th>
- <th></th>
- </tr>
-';
+ <th>' . Get_Text("pub_wake_Datum") . '</th>
+ <th>' . Get_Text("pub_waeckliste_Nick") . '</th>
+ <th>' . Get_Text("pub_wake_Ort") . '</th>
+ <th>' . Get_Text("pub_wake_Bemerkung") . '</th>
+ <th></th>
+ </tr>
+ ';
- $sql = "SELECT * FROM `Wecken` ORDER BY `Date` ASC";
- $Erg = sql_query($sql);
- $count = mysql_num_rows($Erg);
+ $wecken_source = sql_select("SELECT * FROM `Wecken` ORDER BY `Date` ASC");
+ foreach($wecken_source as $wecken) {
+ $html .= '<tr class="content">';
+ $html .= '<td>' . date("Y-m-d H:i", $wecken['Date']) . ' </td>';
- for ($i = 0; $i < $count; $i++) {
- $row = mysql_fetch_row($Erg);
- $html .= '<tr class="content">';
- $html .= '<td>' . date("Y-m-d H:i", mysql_result($Erg, $i, "Date")) . ' </td>';
- $html .= '<td>' . UID2Nick(mysql_result($Erg, $i, "UID")) . ' </td>';
- $html .= '<td>' . mysql_result($Erg, $i, "Ort") . ' </td>';
- $html .= '<td>' . mysql_result($Erg, $i, "Bemerkung") . ' </td>';
- if (mysql_result($Erg, $i, "UID") == $user['UID'])
- $html .= '<td><a href="' . page_link_to("user_wakeup") . '&action=delete&id=' . mysql_result($Erg, $i, "ID") . "\">" . Get_Text("pub_wake_del") . '</a></td>';
- else
- $html .= '<td></td>';
- $html .= '</tr>';
- }
+ $user_source = User($wecken['UID']);
+ if($user_source === false)
+ engelsystem_error("Unable to load user.");
- $html .= '</table><hr />' . Get_Text("pub_wake_Text2");
+ $html .= '<td>' . User_Nick_render($user_source) . ' </td>';
+ $html .= '<td>' . $wecken['Ort'] . ' </td>';
+ $html .= '<td>' . $wecken['Bemerkung'] . ' </td>';
+ if ($wecken['UID'] == $user['UID'])
+ $html .= '<td><a href="' . page_link_to("user_wakeup") . '&action=delete&id=' . $wecken['ID'] . "\">" . Get_Text("pub_wake_del") . '</a></td>';
+ else
+ $html .= '<td></td>';
+ $html .= '</tr>';
+ }
- $html .= template_render('../templates/user_wakeup.html', array (
- 'wakeup_link' => page_link_to("user_wakeup"),
- 'date_text' => Get_Text("pub_wake_Datum"),
- 'date_value' => date("Y-m-d H:i"),
- 'place_text' => Get_Text("pub_wake_Ort"),
- 'comment_text' => Get_Text("pub_wake_Bemerkung"),
- 'comment_value' => "Knock knock Leo, follow the white rabbit to the blue tent",
- 'submit_text' => Get_Text("pub_wake_bouton")
- ));
- return $html;
+ $html .= '</table><hr />' . Get_Text("pub_wake_Text2");
+
+ $html .= template_render('../templates/user_wakeup.html', array (
+ 'wakeup_link' => page_link_to("user_wakeup"),
+ 'date_text' => Get_Text("pub_wake_Datum"),
+ 'date_value' => date("Y-m-d H:i"),
+ 'place_text' => Get_Text("pub_wake_Ort"),
+ 'comment_text' => Get_Text("pub_wake_Bemerkung"),
+ 'comment_value' => "Knock knock Leo, follow the white rabbit to the blue tent",
+ 'submit_text' => Get_Text("pub_wake_bouton")
+ ));
+ return $html;
}
?>
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-27 18:16:30 +0000