[svn r10675] Fixing the messages plugin

http://www.dokeos.com/forum/viewtopic.php?p=32871

plugin/messages/functions.inc.php

@@ -20,7 +20,7 @@
 /**
 *	@package dokeos.survey
 * 	@author
-* 	@version $Id: functions.inc.php 10674 2007-01-11 12:37:20Z bmol $
+* 	@version $Id: functions.inc.php 10675 2007-01-11 13:03:10Z bmol $
 * 	@todo use database library
 */
 
@@ -28,20 +28,7 @@ include_once(api_get_path(LIBRARY_PATH).'/online.inc.php');
 
 define ("MESSAGES_DATABASE", "messages");
 
-/**
-* Displays a select list containing the users
-* who are currently online. Used when composing a message.
-*/
-function display_select_user_list($user_id,$_name,$width,$size)
-{
-	$MINUTE=30;
-	global $_configuration;
-	$userlist = WhoIsOnline($user_id,$_configuration['statistics_database'],$MINUTE);
-	echo '<select  size="'.$size.'" style="width: '.$width.'px;" name="'.$_name.'">';
-	foreach($userlist as $row)
-		echo "<option value=\"$row[0]\">".GetFullUserName($row[0]).($user_id==$row[0]?("&nbsp;(".get_lang('Myself').")"):(""))."</option>\n";
-	echo "</select>";
-}
+
 
 function get_online_user_list($current_user_id)
 {
@@ -207,7 +194,7 @@ function inbox_display()
 				$number_of_selected_messages = count($_POST['id']);
 				foreach ($_POST['id'] as $index => $message_id)
 				{
-					$query = "DELETE FROM ".MESSAGES_DATABASE." WHERE id_receiver=".$_SESSION['_uid']." AND id='$message_id'";
+					$query = "DELETE FROM ".MESSAGES_DATABASE." WHERE id_receiver=".api_get_user_id()." AND id='".mysql_real_escape_string($message_id)."'";
 					api_sql_query($query,__FILE__,__LINE__);
 				}
 				Display :: display_normal_message(get_lang('SelectedMessagesDeleted'));

plugin/messages/index.php

@@ -1,4 +1,4 @@
-<?php // $Id: index.php 10674 2007-01-11 12:37:20Z bmol $
+<?php // $Id: index.php 10675 2007-01-11 13:03:10Z bmol $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@@ -52,7 +52,7 @@ if(api_get_user_id())
 	if($number_of_new_messages > 0)
 	{
 	?>
-<div class="aviso" id="box">
+<div id="box" style="background-color:white;border:1px solid black;position:absolute;width:200px;height:60px;z-index:3;visibility:hidden;top:85px;left:10px;margin: 0px;padding: 0px;">
   <table width="100%" height="100%" border="0" cellpadding="0" cellspacing="2" id="table" class="content">
     <tr>
       <td width="28%" height="16" class="content" id="ref"><a style="color:red;font-size:10px" href="javascript:;" onclick="ocultar_aviso()">Close</a></td>

plugin/messages/new_message.php

@@ -1,21 +1,21 @@
-<?php // $Id: new_message.php 10204 2006-11-26 20:46:53Z pcool $
+<?php // $Id: new_message.php 10675 2007-01-11 13:03:10Z bmol $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
-	
+
 	Copyright (c) Facultad de Matematicas, UADY (México)
 	Copyright (c) Evie, Free University of Brussels (Belgium)
-	
+
 	For a full list of contributors, see "credits.txt".
 	The full license can be read in "license.txt".
-	
+
 	This program is free software; you can redistribute it and/or
 	modify it under the terms of the GNU General Public License
 	as published by the Free Software Foundation; either version 2
 	of the License, or (at your option) any later version.
-	
+
 	See the GNU General Public License for more details.
-	
+
 	Contact address: Dokeos, 44 rue des palais, B-1030 Brussels, Belgium
 	Mail: info@dokeos.com
 ==============================================================================
@@ -32,8 +32,8 @@
 ==============================================================================
 		INIT SECTION
 ==============================================================================
-*/ 
-// name of the language file that needs to be included 
+*/
+// name of the language file that needs to be included
 $language_file= "messages";
 $cidReset=true;
 include_once('../../main/inc/global.inc.php');
@@ -68,18 +68,15 @@ $nameTools = get_lang('ComposeMessage');
 ==============================================================================
 		FUNCTIONS
 ==============================================================================
-*/ 
+*/
 
 /**
 * Shows the compose area + a list of users to select from.
 */
 function show_compose_to_any($user_id)
 {
-	$online_user_list = get_online_user_list($user_id,$_name,$width,$size);
-	
-	$default['title'] = "Please enter a title";
-	$default['user_list'] = $receiver_id;
-	
+	$online_user_list = get_online_user_list($user_id);
+	$default['user_list'] = $user_id;
 	manage_form($default, $online_user_list);
 }
 
@@ -88,32 +85,32 @@ function show_compose_reply_to_message($message_id, $receiver_id)
 	$query = "SELECT * FROM `".MESSAGES_DATABASE."` WHERE id_receiver=".$receiver_id." AND id='".$message_id."';";
 	$result = api_sql_query($query,__FILE__,__LINE__);
 	$row = mysql_fetch_array($result);
-	
+
 	if(!isset($row[1]))
 	{
 		echo get_lang('InvalidMessageId');
 		die();
 	}
-		
-	echo get_lang('To').':&nbsp;<strong>'.	GetFullUserName($row[1],$mysqlMainDb).'</strong>';
-	
+
+	echo get_lang('To').':&nbsp;<strong>'.	GetFullUserName($row[1]).'</strong>';
+
 	$default['title'] = "Please enter a title";
 	$default['user_list'] = $row[1];
-	
-	manage_form($default, $select_from_user_list);
+
+	manage_form($default);
 }
 
 function show_compose_to_user($receiver_id)
 {
-	echo get_lang('To').':&nbsp;<strong>'.	GetFullUserName($receiver_id,$mysqlMainDb).'</strong>';
-	
+	echo get_lang('To').':&nbsp;<strong>'.	GetFullUserName($receiver_id).'</strong>';
+
 	$default['title'] = "Please enter a title";
 	$default['user_list'] = $receiver_id;
-	
-	manage_form($default, $select_from_user_list);
+
+	manage_form($default);
 }
 
-function manage_form($default, $select_from_user_list)
+function manage_form($default, $select_from_user_list = null)
 {
 	$form = new FormValidator('compose_message');
 	if (isset($select_from_user_list))
@@ -128,29 +125,34 @@ function manage_form($default, $select_from_user_list)
 	$form->add_html_editor('content', get_lang('Content'));
 	$form->addElement('submit', 'compose', get_lang('Ok'));
 	$form->setDefaults($default);
-	
+
 	if( $form->validate() )
 	{
+		$values = $form->exportValues();
+		$receiver_user_id = $values['user_list'];
+		$title = mysql_real_escape_string($values['title']);
+		$content = mysql_real_escape_string($values['content']);
 		//all is well, send the message
-		$id_tmp = $_SESSION['_uid'].$_POST['user_list'].date('d-D-w-m-Y-H-s').
-					microtime().rand();
+		$id_tmp = api_get_user_id().$receiver_user_id.date('d-D-w-m-Y-H-s').microtime().rand();
 		$id_msg = md5($id_tmp);
 		$query = "INSERT INTO `".MESSAGES_DATABASE."` ( `id`, `id_sender`, `id_receiver`, `status`, `date`, `title`, `content` ) ".
 				 " VALUES (".
-		 		 "' ".$id_msg ."' , '".$_SESSION['_uid']."', '".$_POST['user_list']."', '1', '".date('Y-m-d H:i:s')."','".$_POST['title']."','".$_POST['content']."'".
+		 		 "' ".$id_msg ."' , '".api_get_user_id()."', '".$receiver_user_id."', '1', '".date('Y-m-d H:i:s')."','".$title."','".$content."'".
 		 		 ");";
 		@api_sql_query($query,__FILE__,__LINE__);
-		display_success_message($_POST['user_list']);
+		display_success_message($receiver_user_id);
+	}
+	else
+	{
+		$form->display();
 	}
-	
-	$form->display();
 }
 
 /*
 ==============================================================================
 		MAIN SECTION
 ==============================================================================
-*/ 
+*/
 $interbreadcrumb[] = array ("url" => 'inbox.php', "name" => get_lang('Messages'));
 Display::display_header($nameTools, get_lang("ComposeMessage"));
 api_display_tool_title($nameTools);
@@ -159,7 +161,7 @@ if(!isset($_POST['compose']))
 	if(isset($_GET['re_id']))
 	{
 		$message_id = $_GET['re_id'];
-		$receiver_id = $_SESSION['_uid'];
+		$receiver_id = api_get_user_id();
 		show_compose_reply_to_message($message_id, $receiver_id);
 	}
 	else if(isset($_GET['send_to_user']))
@@ -173,7 +175,7 @@ if(!isset($_POST['compose']))
 }
 else
 {
-	if(isset($_SESSION['_uid']) && isset($_POST['user_list']) && isset($_POST['content']))
+	if(api_get_user_id() && isset($_POST['user_list']) && isset($_POST['content']))
 	{
 		$default['title'] = $_POST['title'];
 		$default['user_list'] = $_POST['user_list'];
@@ -186,8 +188,8 @@ else
 
 /*
 ==============================================================================
-		FOOTER 
+		FOOTER
 ==============================================================================
-*/ 
+*/
 Display::display_footer();
 ?>

plugin/messages/view_message.php

@@ -1,4 +1,4 @@
-<?php // $Id: view_message.php 10204 2006-11-26 20:46:53Z pcool $
+<?php // $Id: view_message.php 10675 2007-01-11 13:03:10Z bmol $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@@ -26,7 +26,7 @@
 =========================================================================5====
 */
 
-// name of the language file that needs to be included 
+// name of the language file that needs to be included
 $language_file= "messages";
 include('../../main/inc/global.inc.php');
 api_block_anonymous_users();
@@ -35,10 +35,10 @@ $nameTools = get_lang("Messages");
 $interbredcrump[]=array("url" => "inbox.php","name" => get_lang("Inbox"));
 Display::display_header($nameTools,"messages");
 
-$query = "UPDATE `".MESSAGES_DATABASE."` SET `status` = '0' WHERE `id_receiver`=".$_SESSION['_uid']." AND `id`='".mysql_real_escape_string($_GET['id'])."';";
+$query = "UPDATE `".MESSAGES_DATABASE."` SET `status` = '0' WHERE `id_receiver`=".api_get_user_id()." AND `id`='".mysql_real_escape_string($_GET['id'])."';";
 $result = api_sql_query($query,__FILE__,__LINE__);
 
-$query = "SELECT * FROM `".MESSAGES_DATABASE."` WHERE id_receiver=".$_SESSION['_uid']." AND id='".mysql_real_escape_string($_GET['id'])."';";
+$query = "SELECT * FROM `".MESSAGES_DATABASE."` WHERE id_receiver=".api_get_user_id()." AND id='".mysql_real_escape_string($_GET['id'])."';";
 $result = api_sql_query($query,__FILE__,__LINE__);
 $row = mysql_fetch_array($result);