diff options
author | Philip Häusler <msquare@notrademark.de> | 2011-06-02 21:38:19 +0200 |
---|---|---|
committer | Philip Häusler <msquare@notrademark.de> | 2011-06-02 21:38:19 +0200 |
commit | c0b15dfe0dce7c4603cc7ec7c19b5a6cf226dc95 (patch) | |
tree | e7024a0547d7857f4e74f5d870b8557301fdde91 /includes | |
parent | d381f57951463a366b5264986a147ef5798ba205 (diff) |
user messages
Diffstat (limited to 'includes')
-rw-r--r-- | includes/pages/user_messages.php | 216 | ||||
-rw-r--r-- | includes/sys_menu.php | 1 |
2 files changed, 217 insertions, 0 deletions
diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php new file mode 100644 index 00000000..e3e9a469 --- /dev/null +++ b/includes/pages/user_messages.php @@ -0,0 +1,216 @@ +<?php +function user_unread_messages() { + global $user; + + $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID'])); + + if ($new_messages > 0) + return '<p class="notice"><a href="' . page_link_to("user_messages") . '">' . Get_Text("pub_messages_new1") . " " . $new_messages . " " . Get_Text("pub_messages_new2") . '</a></p><hr />'; + + return ""; +} + +function user_messages() { + global $user; + + if (!isset ($_REQUEST['action'])) { + $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`"); + $to_select_data = array ( + "" => "Select receiver..." + ); + foreach ($users as $u) + $to_select_data[$u['UID']] = $u['Nick']; + $to_select = html_select_key('to', $to_select_data, ''); + + $messages_html = ""; + $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC"); + foreach ($messages as $message) { + $messages_html .= '<tr' . ($message['isRead'] == 'N' ? ' class="new_message"' : '') . '>'; + $messages_html .= '<td>' . ($message['isRead'] == 'N' ? '•' : '') . '</td>'; + $messages_html .= '<td>' . date("Y-m-d H:i", $message['Datum']) . '</td>'; + $messages_html .= '<td>' . UID2Nick($message['SUID']) . '</td>'; + $messages_html .= '<td>' . UID2Nick($message['RUID']) . '</td>'; + $messages_html .= '<td>' . str_replace("\n", '<br />', $message['Text']) . '</td>'; + $messages_html .= '<td>'; + if ($message['RUID'] == $user['UID']) { + if ($message['isRead'] == 'N') + $messages_html .= '<a href="' . page_link_to("user_messages") . '&action=read&id=' . $message['id'] . '">' . Get_Text("pub_messages_MarkRead") . '</a>'; + } else { + $messages_html .= '<a href="' . page_link_to("user_messages") . '&action=delete&id=' . $message['id'] . '">' . Get_Text("pub_messages_DelMsg") . '</a>'; + } + $messages_html .= '</td></tr>'; + } + + return template_render('../templates/user_messages.html', array ( + 'link' => page_link_to("user_messages"), + 'greeting' => Get_Text("Hello") . $user['Nick'] . ", <br />\n" . Get_Text("pub_messages_text1") . "<br /><br />\n", + 'messages' => $messages_html, + 'new_label' => Get_Text("pub_messages_Neu"), + 'date_label' => Get_Text("pub_messages_Datum"), + 'from_label' => Get_Text("pub_messages_Von"), + 'to_label' => Get_Text("pub_messages_An"), + 'text_label' => Get_Text("pub_messages_Text"), + 'date' => date("Y-m-d H:i"), + 'from' => $user['Nick'], + 'to_select' => $to_select, + 'submit_label' => Get_Text("save") + )); + } else { + switch ($_REQUEST['action']) { + case "read" : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Message ID."); + + $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) { + sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("user_messages")); + } else + return error("No Message found."); + break; + + case "delete" : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Message ID."); + + $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) { + sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("user_messages")); + } else + return error("No Message found."); + break; + + case "send" : + $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); + $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['to'])); + if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) { + sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'"); + header("Location: " . page_link_to("user_messages")); + } else { + return error(Get_Text("pub_messages_Send_Error")); + } + break; + } + return ""; + } + + if (!isset ($_GET["action"])) + $_GET["action"] = "start"; + + switch ($_GET["action"]) { + case "start" : + echo Get_Text("Hello") . $_SESSION['Nick'] . ", <br />\n"; + echo Get_Text("pub_messages_text1") . "<br /><br />\n"; + + //show exist Messages + $SQL = "SELECT * FROM `Messages` WHERE `SUID`='" . $_SESSION["UID"] . "' OR `RUID`='" . $_SESSION["UID"] . "'"; + $erg = mysql_query($SQL, $con); + + echo "<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n"; + echo "<tr>\n"; + echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Datum") . "</b></td>\n"; + echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Von") . "</b></td>\n"; + echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_An") . "</b></td>\n"; + echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Text") . "</b></td>\n"; + echo "<td class=\"contenttopic\"></td>\n"; + echo "</tr>\n"; + + for ($i = 0; $i < mysql_num_rows($erg); $i++) { + echo "<tr class=\"content\">\n"; + echo "<td>" . mysql_result($erg, $i, "Datum") . "</td>\n"; + echo "<td>" . UID2Nick(mysql_result($erg, $i, "SUID")) . "</td>\n"; + echo "<td>" . UID2Nick(mysql_result($erg, $i, "RUID")) . "</td>\n"; + echo "<td>" . mysql_result($erg, $i, "Text") . "</td>\n"; + echo "<td>"; + + if (mysql_result($erg, $i, "RUID") == $_SESSION["UID"]) { + echo "<a href=\"?action=DelMsg&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_DelMsg") . "</a>"; + + if (mysql_result($erg, $i, "isRead") == "N") + echo "<a href=\"?action=MarkRead&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_MarkRead") . "</a>"; + } else { + if (mysql_result($erg, $i, "isRead") == "N") + echo Get_Text("pub_messages_NotRead"); + } + + echo "</td>\n"; + echo "</tr>\n"; + } + + // send Messeges + echo "<form action=\"" . $_SERVER['SCRIPT_NAME'] . "?action=SendMsg\" method=\"POST\">"; + echo "<tr class=\"content\">\n"; + echo "<td></td>\n"; + echo "<td></td>\n"; + + // Listet alle Nicks auf + echo "<td><select name=\"RUID\">\n"; + + $usql = "SELECT * FROM `User` WHERE (`UID`!='" . $_SESSION["UID"] . "') ORDER BY `Nick`"; + $uErg = mysql_query($usql, $con); + $urowcount = mysql_num_rows($uErg); + + for ($k = 0; $k < $urowcount; $k++) { + echo "<option value=\"" . mysql_result($uErg, $k, "UID") . "\">" . mysql_result($uErg, $k, "Nick") . "</option>\n"; + } + + echo "</select></td>\n"; + echo "<td><textarea name=\"Text\" cols=\"30\" rows=\"10\"></textarea></td>\n"; + echo "<td><input type=\"submit\" value=\"" . Get_Text("save") . "\"></td>\n"; + echo "</tr>\n"; + echo "</form>"; + + echo "</table>\n"; + break; + + case "SendMsg" : + echo Get_Text("pub_messages_Send1") . "...<br />\n"; + + $SQL = "INSERT INTO `Messages` ( `Datum` , `SUID` , `RUID` , `Text` ) VALUES (" . + "'" . gmdate("Y-m-j H:i:s", time()) . "', " . + "'" . $_SESSION["UID"] . "', " . + "'" . $_POST["RUID"] . "', " . + "'" . $_POST["Text"] . "');"; + + $Erg = mysql_query($SQL, $con); + + if ($Erg == 1) + echo Get_Text("pub_messages_Send_OK") . "\n"; + else + echo Get_Text("pub_messages_Send_Error") . "...\n(" . mysql_error($con) . ")"; + break; + + case "MarkRead" : + $SQL = "UPDATE `Messages` SET `isRead` = 'Y' " . + "WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID`='" . $_SESSION["UID"] . "' " . + "LIMIT 1 ;"; + $Erg = mysql_query($SQL, $con); + + if ($Erg == 1) + echo Get_Text("pub_messages_MarkRead_OK") . "\n"; + else + echo Get_Text("pub_messages_MarkRead_KO") . "...\n(" . mysql_error($con) . ")"; + break; + + case "DelMsg" : + $SQL = "DELETE FROM `Messages` " . + "WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID` ='" . $_SESSION["UID"] . "' " . + "LIMIT 1;"; + $Erg = mysql_query($SQL, $con); + + if ($Erg == 1) + echo Get_Text("pub_messages_DelMsg_OK") . "\n"; + else + echo Get_Text("pub_messages_DelMsg_KO") . "...\n(" . mysql_error($con) . ")"; + break; + + default : + echo Get_Text("pub_messages_NoCommand"); + } +} +?> diff --git a/includes/sys_menu.php b/includes/sys_menu.php index da9d5666..822d558f 100644 --- a/includes/sys_menu.php +++ b/includes/sys_menu.php @@ -22,6 +22,7 @@ function make_navigation() { // Engel Navigation $menu .= make_navigation_for(Get_Text('inc_schicht_engel'), array ( "news", + "user_messages", "user_settings" )); |