$content = user_news();
} elseif ($p == "news_comments") {
require_once realpath(__DIR__ . '/../includes/pages/user_news.php');
$title = user_news_comments_title();
$content = user_news_comments();
} elseif ($p == "user_meetings") {
$title = meetings_title();
$content = user_meetings();
} elseif ($p == "user_myshifts") {
$title = myshifts_title();
$content = user_myshifts();
} elseif ($p == "user_shifts") {
$title = shifts_title();
$content = user_shifts();
} elseif ($p == "user_messages") {
$title = messages_title();
$content = user_messages();
} elseif ($p == "user_questions") {
$title = questions_title();
$content = user_questions();
} elseif ($p == "user_settings") {
$title = settings_title();
$content = user_settings();
} elseif ($p == "login") {
$title = login_title();
$content = guest_login();
} elseif ($p == "register") {
$title = register_title();
$content = guest_register();
} elseif ($p == "logout") {
$title = logout_title();
function user_messages()
{
global $user;
if (!isset($_REQUEST['action'])) {
$users = sql_select("SELECT * FROM `User` WHERE NOT `UID`='" . sql_escape($user['UID']) . "' ORDER BY `Nick`");
$to_select_data = array("" => _("Select recipient..."));
foreach ($users as $u) {
$to_select_data[$u['UID']] = $u['Nick'];
}
$to_select = html_select_key('to', 'to', $to_select_data, '');
$messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`='" . sql_escape($user['UID']) . "' OR `RUID`='" . sql_escape($user['UID']) . "' ORDER BY `isRead`,`Datum` DESC");
$messages_table = [['news' => '', 'timestamp' => date("Y-m-d H:i"), 'from' => User_Nick_render($user), 'to' => $to_select, 'text' => form_textarea('text', '', ''), 'actions' => form_submit('submit', _("Save"))]];
foreach ($messages as $message) {
$sender_user_source = User($message['SUID']);
if ($sender_user_source === false) {
engelsystem_error(_("Unable to load user."));
}
$receiver_user_source = User($message['RUID']);
if ($receiver_user_source === false) {
engelsystem_error(_("Unable to load user."));
}
$messages_table_entry = array('new' => $message['isRead'] == 'N' ? '<span class="glyphicon glyphicon-envelope"></span>' : '', 'timestamp' => date("Y-m-d H:i", $message['Datum']), 'from' => User_Nick_render($sender_user_source), 'to' => User_Nick_render($receiver_user_source), 'text' => str_replace("\n", '<br />', $message['Text']));
if ($message['RUID'] == $user['UID']) {
if ($message['isRead'] == 'N') {
$messages_table_entry['actions'] = button(page_link_to("user_messages") . '&action=read&id=' . $message['id'], _("mark as read"), 'btn-xs');
}
} else {
$messages_table_entry['actions'] = button(page_link_to("user_messages") . '&action=delete&id=' . $message['id'], _("delete message"), 'btn-xs');
}
$messages_table[] = $messages_table_entry;
}
return page_with_title(messages_title(), array(msg(), sprintf(_("Hello %s, here can you leave messages for other angels"), User_Nick_render($user)), form(array(table(array('new' => _("New"), 'timestamp' => _("Date"), 'from' => _("Transmitted"), 'to' => _("Recipient"), 'text' => _("Message"), 'actions' => ''), $messages_table)), page_link_to('user_messages') . '&action=send')));
} else {
switch ($_REQUEST['action']) {
case "read":
if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) {
$id = $_REQUEST['id'];
} else {
return error(_("Incomplete call, missing Message ID."), true);
}
$message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1");
if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) {
sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`='" . sql_escape($id) . "' LIMIT 1");
redirect(page_link_to("user_messages"));
} else {
return error(_("No Message found."), true);
}
break;
case "delete":
if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) {
$id = $_REQUEST['id'];
} else {
return error(_("Incomplete call, missing Message ID."), true);
}
$message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1");
if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) {
sql_query("DELETE FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1");
redirect(page_link_to("user_messages"));
} else {
return error(_("No Message found."), true);
}
break;
case "send":
if (Message_send($_REQUEST['to'], $_REQUEST['text']) === true) {
redirect(page_link_to("user_messages"));
} else {
return error(_("Transmitting was terminated with an Error."), true);
}
break;
default:
return error(_("Wrong action."), true);
}
}
}
