summaryrefslogtreecommitdiff
path: root/includes/pages/user_messages.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/pages/user_messages.php')
-rw-r--r--includes/pages/user_messages.php289
1 files changed, 170 insertions, 119 deletions
diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php
index eb07deea..06ae7e75 100644
--- a/includes/pages/user_messages.php
+++ b/includes/pages/user_messages.php
@@ -1,131 +1,182 @@
<?php
-function messages_title() {
- return _("Messages");
-}
+use Engelsystem\Database\DB;
-function user_unread_messages() {
- global $user;
-
- if (isset($user)) {
- $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`='" . sql_escape($user['UID']) . "'");
- if ($new_messages > 0) {
- return ' <span class="badge danger">' . $new_messages . '</span>';
- }
- }
- return '';
+/**
+ * @return string
+ */
+function messages_title()
+{
+ return _('Messages');
}
-function user_messages() {
- global $user;
-
- if (! isset($_REQUEST['action'])) {
- $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`='" . sql_escape($user['UID']) . "' ORDER BY `Nick`");
-
- $to_select_data = [
- "" => _("Select recipient...")
- ];
-
- foreach ($users as $u) {
- $to_select_data[$u['UID']] = $u['Nick'];
- }
-
- $to_select = html_select_key('to', 'to', $to_select_data, '');
-
- $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`='" . sql_escape($user['UID']) . "' OR `RUID`='" . sql_escape($user['UID']) . "' ORDER BY `isRead`,`Datum` DESC");
-
- $messages_table = [
- [
- 'news' => '',
- 'timestamp' => date("Y-m-d H:i"),
- 'from' => User_Nick_render($user),
- 'to' => $to_select,
- 'text' => form_textarea('text', '', ''),
- 'actions' => form_submit('submit', _("Save"))
- ]
- ];
-
- foreach ($messages as $message) {
- $sender_user_source = User($message['SUID']);
- $receiver_user_source = User($message['RUID']);
-
- $messages_table_entry = [
- 'new' => $message['isRead'] == 'N' ? '<span class="glyphicon glyphicon-envelope"></span>' : '',
- 'timestamp' => date("Y-m-d H:i", $message['Datum']),
- 'from' => User_Nick_render($sender_user_source),
- 'to' => User_Nick_render($receiver_user_source),
- 'text' => str_replace("\n", '<br />', $message['Text'])
- ];
-
- if ($message['RUID'] == $user['UID']) {
- if ($message['isRead'] == 'N') {
- $messages_table_entry['actions'] = button(page_link_to("user_messages") . '&action=read&id=' . $message['id'], _("mark as read"), 'btn-xs');
+/**
+ * @return string
+ */
+function user_unread_messages()
+{
+ global $user;
+
+ if (isset($user)) {
+ $new_messages = count(DB::select(
+ 'SELECT `id` FROM `Messages` WHERE isRead=\'N\' AND `RUID`=?',
+ [$user['UID']]
+ ));
+ if ($new_messages > 0) {
+ return ' <span class="badge danger">' . $new_messages . '</span>';
}
- } else {
- $messages_table_entry['actions'] = button(page_link_to("user_messages") . '&action=delete&id=' . $message['id'], _("delete message"), 'btn-xs');
- }
- $messages_table[] = $messages_table_entry;
}
-
- return page_with_title(messages_title(), [
- msg(),
- sprintf(_("Hello %s, here can you leave messages for other angels"), User_Nick_render($user)),
- form([
- table([
- 'new' => _("New"),
- 'timestamp' => _("Date"),
- 'from' => _("Transmitted"),
- 'to' => _("Recipient"),
- 'text' => _("Message"),
- 'actions' => ''
- ], $messages_table)
- ], page_link_to('user_messages') . '&action=send')
- ]);
- } else {
- switch ($_REQUEST['action']) {
- case "read":
- if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) {
- $message_id = $_REQUEST['id'];
- } else {
- return error(_("Incomplete call, missing Message ID."), true);
- }
-
- $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1");
- if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) {
- sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1");
- redirect(page_link_to("user_messages"));
- } else {
- return error(_("No Message found."), true);
- }
- break;
-
- case "delete":
- if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) {
- $message_id = $_REQUEST['id'];
- } else {
- return error(_("Incomplete call, missing Message ID."), true);
+ return '';
+}
+
+/**
+ * @return string
+ */
+function user_messages()
+{
+ global $user;
+ $request = request();
+
+ if (!$request->has('action')) {
+ $users = DB::select(
+ 'SELECT `UID`, `Nick` FROM `User` WHERE NOT `UID`=? ORDER BY `Nick`',
+ [$user['UID']]
+ );
+
+ $to_select_data = [
+ '' => _('Select recipient...')
+ ];
+
+ foreach ($users as $u) {
+ $to_select_data[$u['UID']] = $u['Nick'];
}
-
- $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1");
- if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) {
- sql_query("DELETE FROM `Messages` WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1");
- redirect(page_link_to("user_messages"));
- } else {
- return error(_("No Message found."), true);
+
+ $to_select = html_select_key('to', 'to', $to_select_data, '');
+
+ $messages = DB::select('
+ SELECT *
+ FROM `Messages`
+ WHERE `SUID`=?
+ OR `RUID`=?
+ ORDER BY `isRead`,`Datum` DESC
+ ',
+ [
+ $user['UID'],
+ $user['UID'],
+ ]
+ );
+
+ $messages_table = [
+ [
+ 'news' => '',
+ 'timestamp' => date('Y-m-d H:i'),
+ 'from' => User_Nick_render($user),
+ 'to' => $to_select,
+ 'text' => form_textarea('text', '', ''),
+ 'actions' => form_submit('submit', _('Save'))
+ ]
+ ];
+
+ foreach ($messages as $message) {
+ $sender_user_source = User($message['SUID']);
+ $receiver_user_source = User($message['RUID']);
+
+ $messages_table_entry = [
+ 'new' => $message['isRead'] == 'N' ? '<span class="glyphicon glyphicon-envelope"></span>' : '',
+ 'timestamp' => date('Y-m-d H:i', $message['Datum']),
+ 'from' => User_Nick_render($sender_user_source),
+ 'to' => User_Nick_render($receiver_user_source),
+ 'text' => str_replace("\n", '<br />', $message['Text'])
+ ];
+
+ if ($message['RUID'] == $user['UID']) {
+ if ($message['isRead'] == 'N') {
+ $messages_table_entry['actions'] = button(
+ page_link_to('user_messages', ['action' => 'read', 'id' => $message['id']]),
+ _('mark as read'),
+ 'btn-xs'
+ );
+ }
+ } else {
+ $messages_table_entry['actions'] = button(
+ page_link_to('user_messages', ['action' => 'delete', 'id' => $message['id']]),
+ _('delete message'),
+ 'btn-xs'
+ );
+ }
+ $messages_table[] = $messages_table_entry;
}
- break;
-
- case "send":
- if (Message_send($_REQUEST['to'], $_REQUEST['text']) === true) {
- redirect(page_link_to("user_messages"));
- } else {
- return error(_("Transmitting was terminated with an Error."), true);
+
+ return page_with_title(messages_title(), [
+ msg(),
+ sprintf(_('Hello %s, here can you leave messages for other angels'), User_Nick_render($user)),
+ form([
+ table([
+ 'new' => _('New'),
+ 'timestamp' => _('Date'),
+ 'from' => _('Transmitted'),
+ 'to' => _('Recipient'),
+ 'text' => _('Message'),
+ 'actions' => ''
+ ], $messages_table)
+ ], page_link_to('user_messages', ['action' => 'send']))
+ ]);
+ } else {
+ switch ($request->input('action')) {
+ case 'read':
+ if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) {
+ $message_id = $request->input('id');
+ } else {
+ return error(_('Incomplete call, missing Message ID.'), true);
+ }
+
+ $message = DB::selectOne(
+ 'SELECT `RUID` FROM `Messages` WHERE `id`=? LIMIT 1',
+ [$message_id]
+ );
+ if (!empty($message) && $message['RUID'] == $user['UID']) {
+ DB::update(
+ 'UPDATE `Messages` SET `isRead`=\'Y\' WHERE `id`=? LIMIT 1',
+ [$message_id]
+ );
+ redirect(page_link_to('user_messages'));
+ } else {
+ return error(_('No Message found.'), true);
+ }
+ break;
+
+ case 'delete':
+ if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) {
+ $message_id = $request->input('id');
+ } else {
+ return error(_('Incomplete call, missing Message ID.'), true);
+ }
+
+ $message = DB::selectOne(
+ 'SELECT `SUID` FROM `Messages` WHERE `id`=? LIMIT 1',
+ [$message_id]
+ );
+ if (!empty($message) && $message['SUID'] == $user['UID']) {
+ DB::delete('DELETE FROM `Messages` WHERE `id`=? LIMIT 1', [$message_id]);
+ redirect(page_link_to('user_messages'));
+ } else {
+ return error(_('No Message found.'), true);
+ }
+ break;
+
+ case 'send':
+ // @TODO: Validation?
+ if (Message_send($request->input('to'), $request->input('text'))) {
+ redirect(page_link_to('user_messages'));
+ } else {
+ return error(_('Transmitting was terminated with an Error.'), true);
+ }
+ break;
+
+ default:
+ return error(_('Wrong action.'), true);
}
- break;
-
- default:
- return error(_("Wrong action."), true);
}
- }
+
+ return '';
}
-?>