From bfb0cacd541cc20129a3c0ac77130370741dca18 Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Wed, 18 Sep 2013 01:38:36 +0200
Subject: mysql to mysqli and a lot of cleanup and mvc

---
 includes/pages/admin_language.php  | 205 ++++++++++++++++++------------------
 includes/pages/admin_news.php      |   6 +-
 includes/pages/admin_questions.php |  24 ++++-
 includes/pages/admin_user.php      |  38 +++----
 includes/pages/user_messages.php   | 207 ++++++++++++++++++++-----------------
 includes/pages/user_news.php       |  15 ++-
 includes/pages/user_questions.php  |   7 +-
 includes/pages/user_wakeup.php     | 145 +++++++++++++-------------
 8 files changed, 344 insertions(+), 303 deletions(-)

(limited to 'includes/pages')

diff --git a/includes/pages/admin_language.php b/includes/pages/admin_language.php
index be89fc70..00afe622 100644
--- a/includes/pages/admin_language.php
+++ b/includes/pages/admin_language.php
@@ -1,110 +1,105 @@
 <?php
 function admin_language() {
-	global $user;
-
-	$html = "";
-	if (!isset ($_POST["TextID"])) {
-		$html .= Get_Text("Hello") . User_Nick_render($user) . ", <br />\n";
-		$html .= Get_Text("pub_sprache_text1") . "<br /><br />\n";
-
-		$html .= "<a href=\"" . page_link_to("admin_language") . "&ShowEntry=y\">" . Get_Text("pub_sprache_ShowEntry") . "</a>";
-		// ausgabe Tabellenueberschift
-		$SQL_Sprachen = "SELECT `Sprache` FROM `Sprache` GROUP BY `Sprache`;";
-		$erg_Sprachen = sql_query($SQL_Sprachen);
-
-		for ($i = 0; $i < mysql_num_rows($erg_Sprachen); $i++)
-			$Sprachen[mysql_result($erg_Sprachen, $i, "Sprache")] = $i;
-
-		$html .= "\t<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n\t\t<tr>";
-		$html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_TextID") . "</b></td>";
-		foreach ($Sprachen as $Name => $Value)
-			$html .= "<td class=\"contenttopic\"><b>" .
-			Get_Text("pub_sprache_Sprache") . " " . $Name .
-			"</b></td>";
-		$html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_Edit") . "</b></td>";
-		$html .= "\t\t</tr>";
-
-		if (isset ($_GET["ShowEntry"])) {
-			// ausgabe eintraege
-			$SQL = "SELECT * FROM `Sprache` ORDER BY `TextID`;";
-			$erg = sql_query($SQL);
-
-			$TextID_Old = mysql_result($erg, 0, "TextID");
-			for ($i = 0; $i < mysql_num_rows($erg); $i++) {
-				$TextID_New = mysql_result($erg, $i, "TextID");
-				if ($TextID_Old != $TextID_New) {
-					$html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">";
-					$html .= "<tr class=\"content\">\n";
-					$html .= "\t\t<td>$TextID_Old " .
-					"<input name=\"TextID\" type=\"hidden\" value=\"$TextID_Old\"> </td>\n";
-
-					foreach ($Sprachen as $Name => $Value) {
-						$Value = html_entity_decode($Value, ENT_QUOTES);
-						$html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Value</textarea></td>\n";
-						$Sprachen[$Name] = "";
-					}
-
-					$html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n";
-					$html .= "</tr>";
-					$html .= "</form>\n";
-					$TextID_Old = $TextID_New;
-				}
-				$Sprachen[mysql_result($erg, $i, "Sprache")] = mysql_result($erg, $i, "Text");
-			} /*FOR*/
-		}
-
-		//fuer neu eintraege
-		$html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">";
-		$html .= "<tr class=\"content\">\n";
-		$html .= "\t\t<td><input name=\"TextID\" type=\"text\" size=\"40\" value=\"new\"> </td>\n";
-
-		foreach ($Sprachen as $Name => $Value)
-			$html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Name Text</textarea></td>\n";
-
-		$html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n";
-		$html .= "</tr>";
-		$html .= "</form>\n";
-
-		$html .= "</table>\n";
-	} /*if( !isset( $TextID )  )*/
-	else {
-		$html .= "edit: " . $_POST["TextID"] . "<br /><br />";
-		foreach ($_POST as $k => $v) {
-			if ($k != "TextID") {
-				$sql_test = "SELECT * FROM `Sprache` " .
-				"WHERE `TextID`='" . sql_escape($_POST["TextID"])
-				. "' AND `Sprache`='"
-				. sql_escape($k) . "'";
-
-				$erg_test = sql_query($sql_test);
-
-				if (mysql_num_rows($erg_test) == 0) {
-					$sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) " .
-					"VALUES ('" . sql_escape($_POST["TextID"]) . "', '"
-					. sql_escape($k) . "', '"
-					. sql_escape($v) . "')";
-
-					$html .= $sql_save . "<br />";
-					$Erg = sql_query($sql_save);
-					$html .= success("$k Save: OK<br />\n", true);
-				} else
-					if (mysql_result($erg_test, 0, "Text") != $v) {
-						$sql_save = "UPDATE `Sprache` SET `Text`='"
-						. sql_escape($v) . "' " .
-						"WHERE `TextID`='"
-						. sql_escape($_POST["TextID"])
-						. "' AND `Sprache`='" . sql_escape($k) . "' ";
-
-						$html .= $sql_save . "<br />";
-						$Erg = sql_query($sql_save);
-						$html .= success(" $k Update: OK<br />\n", true);
-					} else
-						$html .= "\t $k no changes<br />\n";
-			}
-		}
-
-	}
-	return $html;
+  global $user;
+  global $languages;
+
+  $html = "";
+  if (!isset ($_POST["TextID"])) {
+    $html .= Get_Text("Hello") . User_Nick_render($user) . ", <br />\n";
+    $html .= Get_Text("pub_sprache_text1") . "<br /><br />\n";
+
+    $html .= "<a href=\"" . page_link_to("admin_language") . "&ShowEntry=y\">" . Get_Text("pub_sprache_ShowEntry") . "</a>";
+    // ausgabe Tabellenueberschift
+    $html .= "\t<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n\t\t<tr>";
+    $html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_TextID") . "</b></td>";
+    foreach($languages as $language => $language_name) {
+      $html .= "<td class=\"contenttopic\"><b>" .
+          Get_Text("pub_sprache_Sprache") . " " . $language .
+          "</b></td>";
+      $Sprachen[$language] = $language_name;
+    }
+    $html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_Edit") . "</b></td>";
+    $html .= "\t\t</tr>";
+
+    if (isset ($_GET["ShowEntry"])) {
+      // ausgabe eintraege
+      $sprache_source = sql_select("SELECT * FROM `Sprache` ORDER BY `TextID`, `Sprache`");
+
+      $TextID_Old = $sprache_source[0]['TextID'];
+      foreach($sprache_source as $sprache_entry) {
+        $TextID_New = $sprache_entry['TextID'];
+        if ($TextID_Old != $TextID_New) {
+          $html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">";
+          $html .= "<tr class=\"content\">\n";
+          $html .= "\t\t<td>$TextID_Old " .
+          "<input name=\"TextID\" type=\"hidden\" value=\"$TextID_Old\"> </td>\n";
+
+          foreach ($Sprachen as $Name => $Value) {
+            $Value = html_entity_decode($Value, ENT_QUOTES);
+            $html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Value</textarea></td>\n";
+            $Sprachen[$Name] = "";
+          }
+
+          $html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n";
+          $html .= "</tr>";
+          $html .= "</form>\n";
+          $TextID_Old = $TextID_New;
+        }
+        $Sprachen[$sprache_entry['Sprache']] = $sprache_entry['Text'];
+      } /*FOR*/
+    }
+
+    //fuer neu eintraege
+    $html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">";
+    $html .= "<tr class=\"content\">\n";
+    $html .= "\t\t<td><input name=\"TextID\" type=\"text\" size=\"40\" value=\"new\"> </td>\n";
+
+    foreach ($Sprachen as $Name => $Value)
+      $html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Name Text</textarea></td>\n";
+
+    $html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n";
+    $html .= "</tr>";
+    $html .= "</form>\n";
+
+    $html .= "</table>\n";
+  } /*if( !isset( $TextID )  )*/
+  else {
+    $html .= "edit: " . $_POST["TextID"] . "<br /><br />";
+    foreach ($_POST as $k => $v) {
+      if ($k != "TextID") {
+        $sql_test = "SELECT * FROM `Sprache` " .
+            "WHERE `TextID`='" . sql_escape($_POST["TextID"])
+            . "' AND `Sprache`='"
+            . sql_escape($k) . "'";
+
+        $erg_test = sql_select("SELECT * FROM `Sprache` WHERE `TextID`='" . sql_escape($_POST["TextID"]) . "' AND `Sprache`='" . sql_escape($k) . "'");
+        if (count($erg_test) == 0) {
+          $sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) " .
+              "VALUES ('" . sql_escape($_POST["TextID"]) . "', '"
+              . sql_escape($k) . "', '"
+              . sql_escape($v) . "')";
+
+          $html .= $sql_save . "<br />";
+          $Erg = sql_query($sql_save);
+          $html .= success("$k Save: OK<br />\n", true);
+        } else
+          if ($erg_test[0]['Text'] != $v) {
+          $sql_save = "UPDATE `Sprache` SET `Text`='"
+          . sql_escape($v) . "' " .
+          "WHERE `TextID`='"
+          . sql_escape($_POST["TextID"])
+          . "' AND `Sprache`='" . sql_escape($k) . "' ";
+
+          $html .= $sql_save . "<br />";
+          $Erg = sql_query($sql_save);
+          $html .= success(" $k Update: OK<br />\n", true);
+        } else
+          $html .= "\t $k no changes<br />\n";
+      }
+    }
+
+  }
+  return $html;
 }
 ?>
 
diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php
index 661aa511..25807151 100644
--- a/includes/pages/admin_news.php
+++ b/includes/pages/admin_news.php
@@ -17,6 +17,10 @@ function admin_news() {
         if (count($news) > 0) {
           list ($news) = $news;
 
+          $user_source = User($news['UID']);
+          if($user_source === false)
+            engelsystem_error("Unable to load user.");
+
           $html .= '<a href="' . page_link_to("news") . '">&laquo Back</a>';
 
           $html .= "<form action=\"" . page_link_to("admin_news") . "&action=save\" method=\"post\">\n";
@@ -29,7 +33,7 @@ function admin_news() {
           $html .= "  <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">" .
               $news["Text"] . "</textarea></td></tr>\n";
           $html .= "  <tr><td>Engel</td><td>" .
-              UID2Nick($news["UID"]) . "</td></tr>\n";
+              User_Nick_render($user_source) . "</td></tr>\n";
           $html .= "  <tr><td>Treffen</td><td>" . html_select_key('eTreffen', 'eTreffen', array (
             '1' => "Ja",
             '0' => "Nein"
diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php
index 1e410f07..516d52c9 100644
--- a/includes/pages/admin_questions.php
+++ b/includes/pages/admin_questions.php
@@ -18,28 +18,42 @@ function admin_questions() {
   if (!isset ($_REQUEST['action'])) {
     $open_questions = "";
     $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0");
-    foreach ($questions as $question)
+    foreach ($questions as $question) {
+      $user_source = User($question['UID']);
+      if($user_source === false)
+        engelsystem_error("Unable to load user.");
+
       $open_questions .= template_render(
           '../templates/admin_question_unanswered.html', array (
-            'question_nick' => UID2Nick($question['UID']),
+            'question_nick' => User_Nick_render($user_source),
             'question_id'   => $question['QID'],
             'link'          => page_link_to("admin_questions"),
             'question'      => str_replace("\n", '<br />', $question['Question'])
           ));
+    }
 
     $answered_questions = "";
     $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0");
 
-    foreach ($questions as $question)
+    foreach ($questions as $question) {
+      $user_source = User($question['UID']);
+      if($user_source === false)
+        engelsystem_error("Unable to load user.");
+
+      $answer_user_source = User($question['AID']);
+      if($answer_user_source === false)
+        engelsystem_error("Unable to load user.");
+
       $answered_questions .= template_render(
           '../templates/admin_question_answered.html', array (
             'question_id'   => $question['QID'],
-            'question_nick' => UID2Nick($question['UID']),
+            'question_nick' => User_Nick_render($user_source),
             'question'      => str_replace("\n", "<br />", $question['Question']),
-            'answer_nick'   => UID2Nick($question['AID']),
+            'answer_nick'   => User_Nick_render($answer_user_source),
             'answer'        => str_replace("\n", "<br />", $question['Answer']),
             'link'          => page_link_to("admin_questions"),
           ));
+    }
 
     return template_render('../templates/admin_questions.html', array (
       'link' => page_link_to("admin_questions"),
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index 0c9f9bbe..58b2947e 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -26,38 +26,38 @@ function admin_user() {
       $html .= "<table>\n";
       $html .= "  <tr><td>Nick</td><td>" .
           "<input type=\"text\" size=\"40\" name=\"eNick\" value=\"" .
-          mysql_result($Erg, 0, "Nick") . "\"></td></tr>\n";
+          $user_source['Nick'] . "\"></td></tr>\n";
       $html .= "  <tr><td>lastLogIn</td><td>" .
-          date("Y-m-d H:i", mysql_result($Erg, 0, "lastLogIn")) . "</td></tr>\n";
+          date("Y-m-d H:i", $user_source['lastLogIn']) . "</td></tr>\n";
       $html .= "  <tr><td>Name</td><td>" .
           "<input type=\"text\" size=\"40\" name=\"eName\" value=\"" .
-          mysql_result($Erg, 0, "Name") . "\"></td></tr>\n";
+          $user_source['Name'] . "\"></td></tr>\n";
       $html .= "  <tr><td>Vorname</td><td>" .
           "<input type=\"text\" size=\"40\" name=\"eVorname\" value=\"" .
-          mysql_result($Erg, 0, "Vorname") . "\"></td></tr>\n";
+          $user_source['Vorname'] . "\"></td></tr>\n";
       $html .= "  <tr><td>Alter</td><td>" .
           "<input type=\"text\" size=\"5\" name=\"eAlter\" value=\"" .
-          mysql_result($Erg, 0, "Alter") . "\"></td></tr>\n";
+          $user_source['Alter'] . "\"></td></tr>\n";
       $html .= "  <tr><td>Telefon</td><td>" .
           "<input type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" .
-          mysql_result($Erg, 0, "Telefon") . "\"></td></tr>\n";
+          $user_source['Telefon'] . "\"></td></tr>\n";
       $html .= "  <tr><td>Handy</td><td>" .
           "<input type=\"text\" size=\"40\" name=\"eHandy\" value=\"" .
-          mysql_result($Erg, 0, "Handy") . "\"></td></tr>\n";
+          $user_source['Handy'] . "\"></td></tr>\n";
       $html .= "  <tr><td>DECT</td><td>" .
           "<input type=\"text\" size=\"4\" name=\"eDECT\" value=\"" .
-          mysql_result($Erg, 0, "DECT") . "\"></td></tr>\n";
+          $user_source['DECT'] . "\"></td></tr>\n";
       $html .= "  <tr><td>email</td><td>" .
           "<input type=\"text\" size=\"40\" name=\"eemail\" value=\"" .
-          mysql_result($Erg, 0, "email") . "\"></td></tr>\n";
+          $user_source['email'] . "\"></td></tr>\n";
       $html .= "  <tr><td>ICQ</td><td>" .
           "<input type=\"text\" size=\"40\" name=\"eICQ\" value=\"" .
-          mysql_result($Erg, 0, "ICQ") . "\"></td></tr>\n";
+          $user_source['ICQ'] . "\"></td></tr>\n";
       $html .= "  <tr><td>jabber</td><td>" .
           "<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"" .
-          mysql_result($Erg, 0, "jabber") . "\"></td></tr>\n";
+          $user_source['jabber'] . "\"></td></tr>\n";
       $html .= "  <tr><td>Size</td><td>" .
-          html_select_key('size', 'eSize', $tshirt_sizes, mysql_result($Erg, 0, "Size")) . "</td></tr>\n";
+          html_select_key('size', 'eSize', $tshirt_sizes, $user_source['Size']) . "</td></tr>\n";
 
       $options = array (
         '1' => "Yes",
@@ -66,21 +66,21 @@ function admin_user() {
 
       // Gekommen?
       $html .= "  <tr><td>Gekommen</td><td>\n";
-      $html .= html_options('eGekommen', $options, mysql_result($Erg, 0, "Gekommen")) . "</td></tr>\n";
+      $html .= html_options('eGekommen', $options, $user_source['Gekommen']) . "</td></tr>\n";
 
       // Aktiv?
       $html .= "  <tr><td>Aktiv</td><td>\n";
-      $html .= html_options('eAktiv', $options, mysql_result($Erg, 0, "Aktiv")) . "</td></tr>\n";
+      $html .= html_options('eAktiv', $options, $user_source['Aktiv']) . "</td></tr>\n";
 
       // T-Shirt bekommen?
       $html .= "  <tr><td>T-Shirt</td><td>\n";
-      $html .= html_options('eTshirt', $options, mysql_result($Erg, 0, "Tshirt")) . "</td></tr>\n";
+      $html .= html_options('eTshirt', $options, $user_source['Tshirt']) . "</td></tr>\n";
 
       $html .= "  <tr><td>Hometown</td><td>" .
           "<input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" .
-          mysql_result($Erg, 0, "Hometown") . "\"></td></tr>\n";
+          $user_source['Hometown'] . "\"></td></tr>\n";
 
-      $html .= "</table>\n</td><td valign=\"top\">" . displayavatar($id, false) . "</td></tr>";
+      $html .= "</table>\n</td><td valign=\"top\">" . User_Avatar_render($user_source) . "</td></tr>";
 
       $html .= "</td></tr>\n";
       $html .= "</table>\n<br />\n";
@@ -113,7 +113,7 @@ function admin_user() {
         $selected_angel_types = array_unique($selected_angel_types);
 
         // Assign angel-types
-        sql_start_transaction();
+        sql_transaction_start();
         sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']));
         $user_angel_type_info = array();
         if (!empty($selected_angel_types)) {
@@ -131,7 +131,7 @@ function admin_user() {
           if (!empty($accepted_angel_types))
             sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id` = '" . sql_escape($user['UID']) . "' WHERE `user_id` = '" . sql_escape($user_source['UID']) . "' AND `angeltype_id` IN (" . implode(',', $accepted_angel_types) . ")");
         }
-        sql_stop_transaction();
+        sql_transaction_commit();
 
         engelsystem_log("Set angeltypes of " . User_Nick_render($user_source) . " to: " . join(", ", $user_angel_type_info));
         success("Angeltypes saved.");
diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php
index ed736cc7..fccc6f1d 100644
--- a/includes/pages/user_messages.php
+++ b/includes/pages/user_messages.php
@@ -1,107 +1,120 @@
 <?php
 function user_unread_messages() {
-	global $user, $privileges;
+  global $user, $privileges;
 
-	if (in_array("user_messages", $privileges)) {
-		$new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID']));
+  if (in_array("user_messages", $privileges)) {
+    $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID']));
 
-		if ($new_messages > 0)
-			return sprintf('<p class="info"><a href="%s">%s %s %s</a></p><hr />', page_link_to("user_messages"), Get_Text("pub_messages_new1"), $new_messages, Get_Text("pub_messages_new2"));
-	}
+    if ($new_messages > 0)
+      return sprintf('<p class="info"><a href="%s">%s %s %s</a></p><hr />', page_link_to("user_messages"), Get_Text("pub_messages_new1"), $new_messages, Get_Text("pub_messages_new2"));
+  }
 
-	return "";
+  return "";
 }
 
 function user_messages() {
-	global $user;
-
-	if (!isset ($_REQUEST['action'])) {
-		$users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`");
-
-		$to_select_data = array (
-			"" => "Select recipient..."
-		);
-
-		foreach ($users as $u)
-			$to_select_data[$u['UID']] = $u['Nick'];
-
-		$to_select = html_select_key('to', 'to', $to_select_data, '');
-
-		$messages_html = "";
-		$messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC");
-		foreach ($messages as $message) {
-
-			$messages_html .= sprintf('<tr %s> <td>%s</td> <td>%s</td> <td>%s</td> <td>%s</td>' .
-			'<td>%s</td>', ($message['isRead'] == 'N' ? ' class="new_message"' : ''), ($message['isRead'] == 'N' ? '•' : ''), date("Y-m-d H:i", $message['Datum']), UID2Nick($message['SUID']), UID2Nick($message['RUID']), str_replace("\n", '<br />', $message['Text']));
-
-			$messages_html .= '<td>';
-			if ($message['RUID'] == $user['UID']) {
-				if ($message['isRead'] == 'N')
-					$messages_html .= '<a href="' . page_link_to("user_messages") . '&action=read&id=' . $message['id'] . '">' . Get_Text("pub_messages_MarkRead") . '</a>';
-			} else {
-				$messages_html .= '<a href="' . page_link_to("user_messages") . '&action=delete&id=' . $message['id'] . '">' . Get_Text("pub_messages_DelMsg") . '</a>';
-			}
-			$messages_html .= '</td></tr>';
-		}
-
-		return template_render('../templates/user_messages.html', array (
-			'link' => page_link_to("user_messages"),
-			'greeting' => Get_Text("Hello") . User_Nick_render($user) . ", <br />\n" . Get_Text("pub_messages_text1") . "<br /><br />\n",
-			'messages' => $messages_html,
-			'new_label' => Get_Text("pub_messages_Neu"),
-			'date_label' => Get_Text("pub_messages_Datum"),
-			'from_label' => Get_Text("pub_messages_Von"),
-			'to_label' => Get_Text("pub_messages_An"),
-			'text_label' => Get_Text("pub_messages_Text"),
-			'date' => date("Y-m-d H:i"),
-			'from' => User_Nick_render($user),
-			'to_select' => $to_select,
-			'submit_label' => Get_Text("save")
-		));
-	} else {
-		switch ($_REQUEST['action']) {
-			case "read" :
-				if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
-					$id = $_REQUEST['id'];
-				else
-					return error("Incomplete call, missing Message ID.", true);
-
-				$message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
-				if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) {
-					sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1");
-					redirect(page_link_to("user_messages"));
-				} else
-					return error("No Message found.", true);
-				break;
-
-			case "delete" :
-				if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
-					$id = $_REQUEST['id'];
-				else
-					return error("Incomplete call, missing Message ID.", true);
-
-				$message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
-				if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) {
-					sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
-					redirect(page_link_to("user_messages"));
-				} else
-					return error("No Message found.", true);
-				break;
-
-			case "send" :
-				$text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
-				$to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['to']));
-				if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) {
-					sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'");
-					redirect(page_link_to("user_messages"));
-				} else {
-					return error(Get_Text("pub_messages_Send_Error"), true);
-				}
-				break;
-
-			default :
-				return error("Wrong action.", true);
-		}
-	}
+  global $user;
+
+  if (!isset ($_REQUEST['action'])) {
+    $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`");
+
+    $to_select_data = array (
+      "" => "Select recipient..."
+    );
+
+    foreach ($users as $u)
+      $to_select_data[$u['UID']] = $u['Nick'];
+
+    $to_select = html_select_key('to', 'to', $to_select_data, '');
+
+    $messages_html = "";
+    $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC");
+    foreach ($messages as $message) {
+      $sender_user_source = User($message['SUID']);
+      if($sender_user_source === false)
+        engelsystem_error("Unable to load user.");
+      $receiver_user_source = User($message['RUID']);
+      if($receiver_user_source === false)
+        engelsystem_error("Unable to load user.");
+
+      $messages_html .= sprintf(
+          '<tr %s> <td>%s</td> <td>%s</td> <td>%s</td> <td>%s</td><td>%s</td>',
+          ($message['isRead'] == 'N' ? ' class="new_message"' : ''),
+          ($message['isRead'] == 'N' ? '•' : ''),
+          date("Y-m-d H:i", $message['Datum']),
+          User_Nick_render($sender_user_source),
+          User_Nick_render($receiver_user_source),
+          str_replace("\n", '<br />', $message['Text'])
+      );
+
+      $messages_html .= '<td>';
+      if ($message['RUID'] == $user['UID']) {
+        if ($message['isRead'] == 'N')
+          $messages_html .= '<a href="' . page_link_to("user_messages") . '&action=read&id=' . $message['id'] . '">' . Get_Text("pub_messages_MarkRead") . '</a>';
+      } else {
+        $messages_html .= '<a href="' . page_link_to("user_messages") . '&action=delete&id=' . $message['id'] . '">' . Get_Text("pub_messages_DelMsg") . '</a>';
+      }
+      $messages_html .= '</td></tr>';
+    }
+
+    return template_render('../templates/user_messages.html', array (
+      'link' => page_link_to("user_messages"),
+      'greeting' => Get_Text("Hello") . User_Nick_render($user) . ", <br />\n" . Get_Text("pub_messages_text1") . "<br /><br />\n",
+      'messages' => $messages_html,
+      'new_label' => Get_Text("pub_messages_Neu"),
+      'date_label' => Get_Text("pub_messages_Datum"),
+      'from_label' => Get_Text("pub_messages_Von"),
+      'to_label' => Get_Text("pub_messages_An"),
+      'text_label' => Get_Text("pub_messages_Text"),
+      'date' => date("Y-m-d H:i"),
+      'from' => User_Nick_render($user),
+      'to_select' => $to_select,
+      'submit_label' => Get_Text("save")
+    ));
+  } else {
+    switch ($_REQUEST['action']) {
+      case "read" :
+        if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+          $id = $_REQUEST['id'];
+        else
+          return error("Incomplete call, missing Message ID.", true);
+
+        $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+        if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) {
+          sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+          redirect(page_link_to("user_messages"));
+        } else
+          return error("No Message found.", true);
+        break;
+
+      case "delete" :
+        if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+          $id = $_REQUEST['id'];
+        else
+          return error("Incomplete call, missing Message ID.", true);
+
+        $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+        if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) {
+          sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+          redirect(page_link_to("user_messages"));
+        } else
+          return error("No Message found.", true);
+        break;
+
+      case "send" :
+        $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
+        $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['to']));
+        if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) {
+          sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'");
+          redirect(page_link_to("user_messages"));
+        } else {
+          return error(Get_Text("pub_messages_Send_Error"), true);
+        }
+        break;
+
+      default :
+        return error("Wrong action.", true);
+    }
+  }
 }
 ?>
diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php
index a8d819d0..481cf738 100644
--- a/includes/pages/user_news.php
+++ b/includes/pages/user_news.php
@@ -35,7 +35,12 @@ function display_news($news) {
   $html .= '<article class="news' . ($news['Treffen'] == 1 ? ' meeting' : '') . '">';
   $html .= '<details>';
   $html .= date("Y-m-d H:i", $news['Datum']) . ', ';
-  $html .= UID2Nick($news['UID']);
+
+  $user_source = User($news['UID']);
+  if($user_source === false)
+    engelsystem_error("Unable to load user.");
+
+  $html .= User_Nick_render($user_source);
   if ($p != "news_comments")
     $html .= ', <a href="' . page_link_to("news_comments") . '&nid=' . $news['ID'] . '">Kommentare (' . sql_num_query("SELECT * FROM `news_comments` WHERE `Refid`='" . sql_escape($news['ID']) . "'") . ') &raquo;</a>';
   $html .= '</details>';
@@ -69,11 +74,15 @@ function user_news_comments() {
 
     $comments = sql_select("SELECT * FROM `news_comments` WHERE `Refid`='" . sql_escape($nid) . "' ORDER BY 'ID'");
     foreach ($comments as $comment) {
+      $user_source = User($comment['UID']);
+      if($user_source === false)
+        engelsystem_error("Unable to load user.");
+
       $html .= '<article class="news_comment">';
-      $html .= DisplayAvatar($comment['UID']);
+      $html .= User_Avatar_render($user_source);
       $html .= '<details>';
       $html .= $comment['Datum'] . ', ';
-      $html .= UID2Nick($comment['UID']);
+      $html .= User_Nick_render($user_source);
       $html .= '</details>';
       $html .= '<p>' . nl2br($comment['Text']) . '</p>';
       $html .= '</article>';
diff --git a/includes/pages/user_questions.php b/includes/pages/user_questions.php
index 5d55f647..97035546 100644
--- a/includes/pages/user_questions.php
+++ b/includes/pages/user_questions.php
@@ -12,7 +12,12 @@ function user_questions() {
     $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0 AND `UID`=" . sql_escape($user['UID']));
     foreach ($questions as $question) {
       $answered_questions .= '<tr><td>' . str_replace("\n", '<br />', $question['Question']) . '</td>';
-      $answered_questions .= '<td>' . UID2Nick($question['AID']) . '</td><td>' . str_replace("\n", '<br />', $question['Answer']) . '</td>';
+
+      $answer_user_source = User($question['AID']);
+      if($answer_user_source === false)
+        engelsystem_error("Unable to load user.");
+
+      $answered_questions .= '<td>' . User_Nick_render($answer_user_source) . '</td><td>' . str_replace("\n", '<br />', $question['Answer']) . '</td>';
       $answered_questions .= '<td><a href="' . page_link_to("user_questions") . '&action=delete&id=' . $question['QID'] . '">Löschen</a></td><tr>';
     }
 
diff --git a/includes/pages/user_wakeup.php b/includes/pages/user_wakeup.php
index c897d43e..63aff97c 100644
--- a/includes/pages/user_wakeup.php
+++ b/includes/pages/user_wakeup.php
@@ -1,86 +1,87 @@
 <?php
 function user_wakeup() {
-	global $user;
+  global $user;
 
-	$html = "";
+  $html = "";
 
-	if (isset ($_REQUEST['action'])) {
-		switch ($_REQUEST['action']) {
-			case 'create' :
-				$date = DateTime::createFromFormat("Y-m-d H:i", $_REQUEST['Date']);
-				if ($date != null) {
-					$date = $date->getTimestamp();
-					$bemerkung = strip_request_item_nl('Bemerkung');
-					$ort = strip_request_item('Ort');
-					$SQL = "INSERT INTO `Wecken` (`UID`, `Date`, `Ort`, `Bemerkung`) "
-					. "VALUES ('" . sql_escape($user['UID']) . "', '"
-					. sql_escape($date) . "', '" . sql_escape($ort) . "', " . "'"
-					. sql_escape($bemerkung) . "')";
-					sql_query($SQL);
-					$html .= success(Get_Text(4), true);
-				} else
-					$html .= error("Broken date!", true);
-				break;
+  if (isset ($_REQUEST['action'])) {
+    switch ($_REQUEST['action']) {
+      case 'create' :
+        $date = DateTime::createFromFormat("Y-m-d H:i", $_REQUEST['Date']);
+        if ($date != null) {
+          $date = $date->getTimestamp();
+          $bemerkung = strip_request_item_nl('Bemerkung');
+          $ort = strip_request_item('Ort');
+          $SQL = "INSERT INTO `Wecken` (`UID`, `Date`, `Ort`, `Bemerkung`) "
+          . "VALUES ('" . sql_escape($user['UID']) . "', '"
+          . sql_escape($date) . "', '" . sql_escape($ort) . "', " . "'"
+          . sql_escape($bemerkung) . "')";
+          sql_query($SQL);
+          $html .= success(Get_Text(4), true);
+        } else
+          $html .= error("Broken date!", true);
+        break;
 
-			case 'delete' :
-				if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
-					$id = $_REQUEST['id'];
-				else
-					return error("Incomplete call, missing wake-up ID.", true);
+      case 'delete' :
+        if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+          $id = $_REQUEST['id'];
+        else
+          return error("Incomplete call, missing wake-up ID.", true);
 
-				$wakeup = sql_select("SELECT * FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
-				if (count($wakeup) > 0 && $wakeup[0]['UID'] == $user['UID']) {
-					sql_query("DELETE FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
-					$html .= success("Wake-up call deleted.", true);
-				} else
-					return error("No wake-up found.", true);
-				break;
-		}
-	}
+        $wakeup = sql_select("SELECT * FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
+        if (count($wakeup) > 0 && $wakeup[0]['UID'] == $user['UID']) {
+          sql_query("DELETE FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
+          $html .= success("Wake-up call deleted.", true);
+        } else
+          return error("No wake-up found.", true);
+        break;
+    }
+  }
 
-	$html .= "<p>" . Get_Text("Hello") . User_Nick_render($user) . ",<br />"
-		. Get_Text("pub_wake_beschreibung") . "</p>\n\n";
-	$html .= Get_Text("pub_wake_beschreibung2");
-	$html .= '
-<table border="0" width="100%" class="border" cellpadding="2" cellspacing="1">
+  $html .= "<p>" . Get_Text("Hello") . User_Nick_render($user) . ",<br />"
+  . Get_Text("pub_wake_beschreibung") . "</p>\n\n";
+  $html .= Get_Text("pub_wake_beschreibung2");
+  $html .= '
+  <table border="0" width="100%" class="border" cellpadding="2" cellspacing="1">
   <tr class="contenttopic">
-    <th>' . Get_Text("pub_wake_Datum") . '</th>
-    <th>' . Get_Text("pub_waeckliste_Nick") . '</th>
-    <th>' . Get_Text("pub_wake_Ort") . '</th>
-    <th>' . Get_Text("pub_wake_Bemerkung") . '</th>
-    <th></th>
-        </tr>
-';
+  <th>' . Get_Text("pub_wake_Datum") . '</th>
+  <th>' . Get_Text("pub_waeckliste_Nick") . '</th>
+  <th>' . Get_Text("pub_wake_Ort") . '</th>
+  <th>' . Get_Text("pub_wake_Bemerkung") . '</th>
+  <th></th>
+  </tr>
+  ';
 
-	$sql = "SELECT * FROM `Wecken` ORDER BY `Date` ASC";
-	$Erg = sql_query($sql);
-	$count = mysql_num_rows($Erg);
+  $wecken_source = sql_select("SELECT * FROM `Wecken` ORDER BY `Date` ASC");
+  foreach($wecken_source as $wecken) {
+    $html .= '<tr class="content">';
+    $html .= '<td>' . date("Y-m-d H:i", $wecken['Date']) . ' </td>';
 
-	for ($i = 0; $i < $count; $i++) {
-		$row = mysql_fetch_row($Erg);
-		$html .= '<tr class="content">';
-		$html .= '<td>' . date("Y-m-d H:i", mysql_result($Erg, $i, "Date")) . ' </td>';
-		$html .= '<td>' . UID2Nick(mysql_result($Erg, $i, "UID")) . ' </td>';
-		$html .= '<td>' . mysql_result($Erg, $i, "Ort") . ' </td>';
-		$html .= '<td>' . mysql_result($Erg, $i, "Bemerkung") . ' </td>';
-		if (mysql_result($Erg, $i, "UID") == $user['UID'])
-			$html .= '<td><a href="' . page_link_to("user_wakeup") . '&action=delete&id=' . mysql_result($Erg, $i, "ID") . "\">" . Get_Text("pub_wake_del") . '</a></td>';
-		else
-			$html .= '<td></td>';
-		$html .= '</tr>';
-	}
+    $user_source = User($wecken['UID']);
+    if($user_source === false)
+      engelsystem_error("Unable to load user.");
 
-	$html .= '</table><hr />' . Get_Text("pub_wake_Text2");
+    $html .= '<td>' . User_Nick_render($user_source) . ' </td>';
+    $html .= '<td>' . $wecken['Ort'] . ' </td>';
+    $html .= '<td>' . $wecken['Bemerkung'] . ' </td>';
+    if ($wecken['UID'] == $user['UID'])
+      $html .= '<td><a href="' . page_link_to("user_wakeup") . '&action=delete&id=' . $wecken['ID'] . "\">" . Get_Text("pub_wake_del") . '</a></td>';
+    else
+      $html .= '<td></td>';
+    $html .= '</tr>';
+  }
 
-	$html .= template_render('../templates/user_wakeup.html', array (
-		'wakeup_link'   => page_link_to("user_wakeup"),
-		'date_text'     => Get_Text("pub_wake_Datum"),
-		'date_value'    => date("Y-m-d H:i"),
-		'place_text'    => Get_Text("pub_wake_Ort"),
-		'comment_text'  => Get_Text("pub_wake_Bemerkung"),
-		'comment_value' => "Knock knock Leo, follow the white rabbit to the blue tent",
-		'submit_text'   => Get_Text("pub_wake_bouton")
-	));
-	return $html;
+  $html .= '</table><hr />' . Get_Text("pub_wake_Text2");
+
+  $html .= template_render('../templates/user_wakeup.html', array (
+    'wakeup_link'   => page_link_to("user_wakeup"),
+    'date_text'     => Get_Text("pub_wake_Datum"),
+    'date_value'    => date("Y-m-d H:i"),
+    'place_text'    => Get_Text("pub_wake_Ort"),
+    'comment_text'  => Get_Text("pub_wake_Bemerkung"),
+    'comment_value' => "Knock knock Leo, follow the white rabbit to the blue tent",
+    'submit_text'   => Get_Text("pub_wake_bouton")
+  ));
+  return $html;
 }
 ?>
-- 
cgit v1.2.3-54-g00ecf