$stuff = "<div class=\"mail_title\" style=\"text-decoration: underline; \">{$subject}</div><div class=\"mail_byline\">Sent {$date} by {$sender}</div><div class=\"mail_body\">{$body}</div><hr width=\"85%\" align=\"left\" /><div class=\"mail_footer\"><a href=\"messages.php?compose&id={$row->from}}\" title=\"send a reply\">reply</a>";
// only display the link to delete the post if it's not deleted
if ($row->deleted == 0) {
$stuff .= " : <a href=\"messages.php?delete&id={$mailid}\" title=\"delete this message\">delete</a>";
}
$stuff .= "</div>";
}
// tell the database that the message has been read
@query("UPDATE `mail` SET `read`='1' WHERE `id`='{$mailid}'") or die("Error updating the database.");
} else {
$id = $_SESSION['id'];
$messages = @query("SELECT * FROM `mail` WHERE `to`='{$id}' AND `deleted`='0' ORDER BY `id` DESC");
if (num_rows($messages) == 0) {
$stuff = "You do not have any messages.";
} else {
$pass = gen_rss_pass($id);
$stuff = "<table><tr><th>From</th><th>Subject</th><th>Date</th><td><a href=\"messages.php?xml&u={$id}&p={$pass}\" title=\"inbox XML feed\"><img src=\"images/xml.gif\" alt=\"XML feed\" /></a></td></tr>";
$tdcolour = 0;
while ($row = result($messages)) {
$messageid = $row->id;
$from = $row->from;
$from2 = @query("SELECT `firstname`, `surname` FROM `users` WHERE `ID`='{$from}'");
while ($row2 = result($from2)) {
$from = stripslashes($row2->firstname) . " " . stripslashes($row2->surname);
}
$subject = stripslashes($row->subject);
$date = date(timeformat, $row->timestamp);
$date .= " on ";
$date .= date(dateformat, $row->timestamp);
$stuff .= "<tr class=\"tdcolour{$tdcolour}\"><td>{$from}</td><td><a href=\"messages.php?read&id={$messageid}\" title=\"read the message\">{$subject}</a></td><td>{$date}</td></tr>";
if ($tdcolour == 1) {
/**
* displays the content for a user, depending upon what type of user he
* or she is
*/
function display_content()
{
if (user_type() == "user") {
// print his or her latest grades, etc
print "<div class=\"grades\"><p class=\"big\">Latest Grades <a href=\"classes.php?xml&u={$_SESSION['id']}&p=" . gen_rss_pass($_SESSION['id']) . "\" title=\"latest grades feed\"><img src=\"images/xml.gif\" alt=\"latest grades via rss\" /></a></p>";
// get their (5) latest grades
display_latest_grades($_SESSION['id'], 5, "all");
print "<p class=\"big\">Latest News <a href=\"news.php?xml&u={$_SESSION['id']}&p=" . gen_rss_pass($_SESSION['id']) . "\" title=\"latest news feed\"><img src=\"images/xml.gif\" alt=\"latest news via rss\" /></a></p>";
// get the user's class's latest news post
display_latest_news($_SESSION['id'], 1);
print "</div>";
print "<p class=\"big\">Classes</p>";
print_students_classes($_SESSION['id']);
} elseif (user_type() == "teacher") {
// eventually figure out what should go here. suggestions?
print "Use the menu above.";
} elseif (user_type() == "admin") {
// eventually figure out what should go here. suggestions?
print "Use the menu above to administer as you will.";
} elseif (user_type() == "parent") {
connect_sql();
$parentID = $_SESSION['id'];
// see which students the parent is a parent of, and print info about their grades.
// the following will eventually be turned into a function
$students = @query("SELECT `students` FROM `parents` WHERE `parent_ID`='{$parentID}'") or die("Error checking the database.");
while ($row = result($students)) {
$student = explode(",", $row->students);
$i = 0;
foreach ($student as $the_student) {
// get his or her name
$student_name = @query("SELECT `firstname`, `surname` FROM `users` WHERE `ID`='{$the_student}' LIMIT 1") or die("Error checking the database.");
while ($row2 = result($student_name)) {
$students_name = stripslashes($row2->firstname) . " " . stripslashes($row2->surname);
}
print "<p class=\"title\">{$students_name}</p>";
// print his or her latest grades, etc
print "<div class=\"grades\"><p class=\"big\">Latest Grades <a href=\"classes.php?xml&u={$the_student}&p=" . gen_rss_pass($the_student) . "\" title=\"latest grades feed\"><img src=\"images/xml.gif\" alt=\"latest grades via rss\" /></a></p>";
// get their (5) latest grades
display_latest_grades($the_student, 5, "all");
print "<p class=\"big\">Latest News <a href=\"news.php?xml&u={$the_student}&p=" . gen_rss_pass($the_student) . "\" title=\"latest news feed\"><img src=\"images/xml.gif\" alt=\"latest news via rss\" /></a></p>";
// get the user's class's latest news post
display_latest_news($the_student, 1);
print "</div>";
print "<p class=\"big\">Classes</p>";
print_students_classes($the_student);
$i++;
// if we have more users to print, print a line
if (isset($student[$i])) {
print "<hr />";
}
}
}
disconnect_sql();
}
}
* \author Kevin Richardson <*****@*****.**>
* \version $Id: news.php,v 1.8 2006/07/19 19:54:52 borismalcov Exp $
*/
include "lib/main.php";
// allows them to get their news via a RSS feed
if (isset($_GET['xml'])) {
// if a user wants a 'latest news' feed...
if (isset($_GET['u'])) {
if (is_numeric($_GET['u']) == FALSE) {
die("Invalid user ID.");
}
$user = escape_string($_GET['u']);
if (!isset($_GET['p']) or is_numeric($_GET['p']) == FALSE) {
die("Invalid password.");
}
$actual_password = gen_rss_pass($user);
if ($actual_password != escape_string($_GET['p'])) {
die("Incorrect password.");
}
$number = 3;
$lastbuild = time();
rss_header("latest class news", "latest news for various classes", server_root . "news.php", $lastbuild);
// get the classes the user is currently in
$users_classes = classes_by_semester($user, current_semester);
// get rid of the extra comma
$users_classes = substr($users_classes, 0, strlen($users_classes) - 1);
$classes = explode(",", $users_classes);
foreach ($classes as $class) {
// get the class's name
$class_data = get_class_data($class);
$class_data = explode("::", $class_data);
*/
include "lib/main.php";
if (isset($_GET['xml'])) {
connect_sql();
if (!isset($_GET['u']) || !isset($_GET['p'])) {
cust_die("You need to submit a user ID and/or password string to view this XML feed.");
}
/**
* used to see if the user submitted a correct password
*/
$id = escape_string($_GET['u']);
if (is_numeric($id) == FALSE) {
die("Don't mess with the ID.");
}
$pass = escape_string($_GET['p']);
$real_pass = gen_rss_pass($id);
if ($real_pass != $pass) {
cust_die("Incorrect password.");
}
if (!isset($_GET['c'])) {
rss_latest_grades($id, 10, "all");
} else {
$class = escape_string($_GET['c']);
if (is_numeric($class) == FALSE) {
die("Don't mess with that.");
}
$students = get_students($class);
if ($students == $id or strpos($students, ",{$id}") != FALSE or strpos($students, "{$id},") != FALSE) {
rss_latest_grades($id, 10, $class);
} else {
die("You aren't in that class.");
