0) { return ' ' . $new_messages . ''; } } return ''; } function user_messages() { global $user; if (! isset($_REQUEST['action'])) { $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`='" . sql_escape($user['UID']) . "' ORDER BY `Nick`"); $to_select_data = [ "" => _("Select recipient...") ]; foreach ($users as $u) { $to_select_data[$u['UID']] = $u['Nick']; } $to_select = html_select_key('to', 'to', $to_select_data, ''); $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`='" . sql_escape($user['UID']) . "' OR `RUID`='" . sql_escape($user['UID']) . "' ORDER BY `isRead`,`Datum` DESC"); $messages_table = [ [ 'news' => '', 'timestamp' => date("Y-m-d H:i"), 'from' => User_Nick_render($user), 'to' => $to_select, 'text' => form_textarea('text', '', ''), 'actions' => form_submit('submit', _("Save")) ] ]; foreach ($messages as $message) { $sender_user_source = User($message['SUID']); $receiver_user_source = User($message['RUID']); $messages_table_entry = [ 'new' => $message['isRead'] == 'N' ? '' : '', 'timestamp' => date("Y-m-d H:i", $message['Datum']), 'from' => User_Nick_render($sender_user_source), 'to' => User_Nick_render($receiver_user_source), 'text' => str_replace("\n", '
', $message['Text']) ]; if ($message['RUID'] == $user['UID']) { if ($message['isRead'] == 'N') { $messages_table_entry['actions'] = button(page_link_to("user_messages") . '&action=read&id=' . $message['id'], _("mark as read"), 'btn-xs'); } } else { $messages_table_entry['actions'] = button(page_link_to("user_messages") . '&action=delete&id=' . $message['id'], _("delete message"), 'btn-xs'); } $messages_table[] = $messages_table_entry; } return page_with_title(messages_title(), [ msg(), sprintf(_("Hello %s, here can you leave messages for other angels"), User_Nick_render($user)), form([ table([ 'new' => _("New"), 'timestamp' => _("Date"), 'from' => _("Transmitted"), 'to' => _("Recipient"), 'text' => _("Message"), 'actions' => '' ], $messages_table) ], page_link_to('user_messages') . '&action=send') ]); } else { switch ($_REQUEST['action']) { case "read": if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) { $message_id = $_REQUEST['id']; } else { return error(_("Incomplete call, missing Message ID."), true); } $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1"); if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) { sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1"); redirect(page_link_to("user_messages")); } else { return error(_("No Message found."), true); } break; case "delete": if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) { $message_id = $_REQUEST['id']; } else { return error(_("Incomplete call, missing Message ID."), true); } $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1"); if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) { sql_query("DELETE FROM `Messages` WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1"); redirect(page_link_to("user_messages")); } else { return error(_("No Message found."), true); } break; case "send": if (Message_send($_REQUEST['to'], $_REQUEST['text']) === true) { redirect(page_link_to("user_messages")); } else { return error(_("Transmitting was terminated with an Error."), true); } break; default: return error(_("Wrong action."), true); } } } ?>