$stuff = "<div class=\"mail_title\" style=\"text-decoration: underline; \">{$subject}</div><div class=\"mail_byline\">Sent {$date} by {$sender}</div><div class=\"mail_body\">{$body}</div><hr width=\"85%\" align=\"left\" /><div class=\"mail_footer\"><a href=\"messages.php?compose&id={$row->from}}\" title=\"send a reply\">reply</a>"; // only display the link to delete the post if it's not deleted if ($row->deleted == 0) { $stuff .= " : <a href=\"messages.php?delete&id={$mailid}\" title=\"delete this message\">delete</a>"; } $stuff .= "</div>"; } // tell the database that the message has been read @query("UPDATE `mail` SET `read`='1' WHERE `id`='{$mailid}'") or die("Error updating the database."); } else { $id = $_SESSION['id']; $messages = @query("SELECT * FROM `mail` WHERE `to`='{$id}' AND `deleted`='0' ORDER BY `id` DESC"); if (num_rows($messages) == 0) { $stuff = "You do not have any messages."; } else { $pass = gen_rss_pass($id); $stuff = "<table><tr><th>From</th><th>Subject</th><th>Date</th><td><a href=\"messages.php?xml&u={$id}&p={$pass}\" title=\"inbox XML feed\"><img src=\"images/xml.gif\" alt=\"XML feed\" /></a></td></tr>"; $tdcolour = 0; while ($row = result($messages)) { $messageid = $row->id; $from = $row->from; $from2 = @query("SELECT `firstname`, `surname` FROM `users` WHERE `ID`='{$from}'"); while ($row2 = result($from2)) { $from = stripslashes($row2->firstname) . " " . stripslashes($row2->surname); } $subject = stripslashes($row->subject); $date = date(timeformat, $row->timestamp); $date .= " on "; $date .= date(dateformat, $row->timestamp); $stuff .= "<tr class=\"tdcolour{$tdcolour}\"><td>{$from}</td><td><a href=\"messages.php?read&id={$messageid}\" title=\"read the message\">{$subject}</a></td><td>{$date}</td></tr>"; if ($tdcolour == 1) {
/** * displays the content for a user, depending upon what type of user he * or she is */ function display_content() { if (user_type() == "user") { // print his or her latest grades, etc print "<div class=\"grades\"><p class=\"big\">Latest Grades <a href=\"classes.php?xml&u={$_SESSION['id']}&p=" . gen_rss_pass($_SESSION['id']) . "\" title=\"latest grades feed\"><img src=\"images/xml.gif\" alt=\"latest grades via rss\" /></a></p>"; // get their (5) latest grades display_latest_grades($_SESSION['id'], 5, "all"); print "<p class=\"big\">Latest News <a href=\"news.php?xml&u={$_SESSION['id']}&p=" . gen_rss_pass($_SESSION['id']) . "\" title=\"latest news feed\"><img src=\"images/xml.gif\" alt=\"latest news via rss\" /></a></p>"; // get the user's class's latest news post display_latest_news($_SESSION['id'], 1); print "</div>"; print "<p class=\"big\">Classes</p>"; print_students_classes($_SESSION['id']); } elseif (user_type() == "teacher") { // eventually figure out what should go here. suggestions? print "Use the menu above."; } elseif (user_type() == "admin") { // eventually figure out what should go here. suggestions? print "Use the menu above to administer as you will."; } elseif (user_type() == "parent") { connect_sql(); $parentID = $_SESSION['id']; // see which students the parent is a parent of, and print info about their grades. // the following will eventually be turned into a function $students = @query("SELECT `students` FROM `parents` WHERE `parent_ID`='{$parentID}'") or die("Error checking the database."); while ($row = result($students)) { $student = explode(",", $row->students); $i = 0; foreach ($student as $the_student) { // get his or her name $student_name = @query("SELECT `firstname`, `surname` FROM `users` WHERE `ID`='{$the_student}' LIMIT 1") or die("Error checking the database."); while ($row2 = result($student_name)) { $students_name = stripslashes($row2->firstname) . " " . stripslashes($row2->surname); } print "<p class=\"title\">{$students_name}</p>"; // print his or her latest grades, etc print "<div class=\"grades\"><p class=\"big\">Latest Grades <a href=\"classes.php?xml&u={$the_student}&p=" . gen_rss_pass($the_student) . "\" title=\"latest grades feed\"><img src=\"images/xml.gif\" alt=\"latest grades via rss\" /></a></p>"; // get their (5) latest grades display_latest_grades($the_student, 5, "all"); print "<p class=\"big\">Latest News <a href=\"news.php?xml&u={$the_student}&p=" . gen_rss_pass($the_student) . "\" title=\"latest news feed\"><img src=\"images/xml.gif\" alt=\"latest news via rss\" /></a></p>"; // get the user's class's latest news post display_latest_news($the_student, 1); print "</div>"; print "<p class=\"big\">Classes</p>"; print_students_classes($the_student); $i++; // if we have more users to print, print a line if (isset($student[$i])) { print "<hr />"; } } } disconnect_sql(); } }
* \author Kevin Richardson <*****@*****.**> * \version $Id: news.php,v 1.8 2006/07/19 19:54:52 borismalcov Exp $ */ include "lib/main.php"; // allows them to get their news via a RSS feed if (isset($_GET['xml'])) { // if a user wants a 'latest news' feed... if (isset($_GET['u'])) { if (is_numeric($_GET['u']) == FALSE) { die("Invalid user ID."); } $user = escape_string($_GET['u']); if (!isset($_GET['p']) or is_numeric($_GET['p']) == FALSE) { die("Invalid password."); } $actual_password = gen_rss_pass($user); if ($actual_password != escape_string($_GET['p'])) { die("Incorrect password."); } $number = 3; $lastbuild = time(); rss_header("latest class news", "latest news for various classes", server_root . "news.php", $lastbuild); // get the classes the user is currently in $users_classes = classes_by_semester($user, current_semester); // get rid of the extra comma $users_classes = substr($users_classes, 0, strlen($users_classes) - 1); $classes = explode(",", $users_classes); foreach ($classes as $class) { // get the class's name $class_data = get_class_data($class); $class_data = explode("::", $class_data);
*/ include "lib/main.php"; if (isset($_GET['xml'])) { connect_sql(); if (!isset($_GET['u']) || !isset($_GET['p'])) { cust_die("You need to submit a user ID and/or password string to view this XML feed."); } /** * used to see if the user submitted a correct password */ $id = escape_string($_GET['u']); if (is_numeric($id) == FALSE) { die("Don't mess with the ID."); } $pass = escape_string($_GET['p']); $real_pass = gen_rss_pass($id); if ($real_pass != $pass) { cust_die("Incorrect password."); } if (!isset($_GET['c'])) { rss_latest_grades($id, 10, "all"); } else { $class = escape_string($_GET['c']); if (is_numeric($class) == FALSE) { die("Don't mess with that."); } $students = get_students($class); if ($students == $id or strpos($students, ",{$id}") != FALSE or strpos($students, "{$id},") != FALSE) { rss_latest_grades($id, 10, $class); } else { die("You aren't in that class.");