[svn r10675] Fixing the messages plugin

http://www.dokeos.com/forum/viewtopic.php?p=32871
18 years ago · 6ff9b79658
parent d13ad542a4
commit 6ff9b79658
4 changed files with 48 additions and 59 deletions
--- a/plugin/messages/functions.inc.php
+++ b/plugin/messages/functions.inc.php
@ -20,7 +20,7 @@
 /**
 *	@package dokeos.survey
 * 	@author
-* 	@version $Id: functions.inc.php 10674 2007-01-11 12:37:20Z bmol $
+* 	@version $Id: functions.inc.php 10675 2007-01-11 13:03:10Z bmol $
 * 	@todo use database library
 */

@ -28,20 +28,7 @@ include_once(api_get_path(LIBRARY_PATH).'/online.inc.php');

 define ("MESSAGES_DATABASE", "messages");

-/**
-* Displays a select list containing the users
-* who are currently online. Used when composing a message.
-*/
-function display_select_user_list($user_id,$_name,$width,$size)
-{
-	$MINUTE=30;
-	global $_configuration;
-	$userlist = WhoIsOnline($user_id,$_configuration['statistics_database'],$MINUTE);
-	echo '<select  size="'.$size.'" style="width: '.$width.'px;" name="'.$_name.'">';
-	foreach($userlist as $row)
-		echo "<option value=\"$row[0]\">".GetFullUserName($row[0]).($user_id==$row[0]?("&nbsp;(".get_lang('Myself').")"):(""))."</option>\n";
-	echo "</select>";
-}
+

 function get_online_user_list($current_user_id)
 {
@ -207,7 +194,7 @@ function inbox_display()
 				$number_of_selected_messages = count($_POST['id']);
 				foreach ($_POST['id'] as $index => $message_id)
 				{
-					$query = "DELETE FROM ".MESSAGES_DATABASE." WHERE id_receiver=".$_SESSION['_uid']." AND id='$message_id'";
+					$query = "DELETE FROM ".MESSAGES_DATABASE." WHERE id_receiver=".api_get_user_id()." AND id='".mysql_real_escape_string($message_id)."'";
 					api_sql_query($query,__FILE__,__LINE__);
 				}
 				Display :: display_normal_message(get_lang('SelectedMessagesDeleted'));
--- a/plugin/messages/index.php
+++ b/plugin/messages/index.php
@ -1,4 +1,4 @@
-<?php // $Id: index.php 10674 2007-01-11 12:37:20Z bmol $
+<?php // $Id: index.php 10675 2007-01-11 13:03:10Z bmol $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@ -52,7 +52,7 @@ if(api_get_user_id())
 	if($number_of_new_messages > 0)
 	{
 	?>
-<div class="aviso" id="box">
+<div id="box" style="background-color:white;border:1px solid black;position:absolute;width:200px;height:60px;z-index:3;visibility:hidden;top:85px;left:10px;margin: 0px;padding: 0px;">
  <table width="100%" height="100%" border="0" cellpadding="0" cellspacing="2" id="table" class="content">
    <tr>
      <td width="28%" height="16" class="content" id="ref"><a style="color:red;font-size:10px" href="javascript:;" onclick="ocultar_aviso()">Close</a></td>
--- a/plugin/messages/new_message.php
+++ b/plugin/messages/new_message.php
@ -1,4 +1,4 @@
-<?php // $Id: new_message.php 10204 2006-11-26 20:46:53Z pcool $
+<?php // $Id: new_message.php 10675 2007-01-11 13:03:10Z bmol $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@ -75,11 +75,8 @@ $nameTools = get_lang('ComposeMessage');
 */
 function show_compose_to_any($user_id)
 {
-	$online_user_list = get_online_user_list($user_id,$_name,$width,$size);
-	
-	$default['title'] = "Please enter a title";
-	$default['user_list'] = $receiver_id;
-	
+	$online_user_list = get_online_user_list($user_id);
+	$default['user_list'] = $user_id;
 	manage_form($default, $online_user_list);
 }

@ -95,25 +92,25 @@ function show_compose_reply_to_message($message_id, $receiver_id)
 		die();
 	}

-	echo get_lang('To').':&nbsp;<strong>'.	GetFullUserName($row[1],$mysqlMainDb).'</strong>';
+	echo get_lang('To').':&nbsp;<strong>'.	GetFullUserName($row[1]).'</strong>';

 	$default['title'] = "Please enter a title";
 	$default['user_list'] = $row[1];

-	manage_form($default, $select_from_user_list);
+	manage_form($default);
 }

 function show_compose_to_user($receiver_id)
 {
-	echo get_lang('To').':&nbsp;<strong>'.	GetFullUserName($receiver_id,$mysqlMainDb).'</strong>';
+	echo get_lang('To').':&nbsp;<strong>'.	GetFullUserName($receiver_id).'</strong>';

 	$default['title'] = "Please enter a title";
 	$default['user_list'] = $receiver_id;

-	manage_form($default, $select_from_user_list);
+	manage_form($default);
 }

-function manage_form($default, $select_from_user_list)
+function manage_form($default, $select_from_user_list = null)
 {
 	$form = new FormValidator('compose_message');
 	if (isset($select_from_user_list))
@ -131,19 +128,24 @@ function manage_form($default, $select_from_user_list)

 	if( $form->validate() )
 	{
+		$values = $form->exportValues();
+		$receiver_user_id = $values['user_list'];
+		$title = mysql_real_escape_string($values['title']);
+		$content = mysql_real_escape_string($values['content']);
 		//all is well, send the message
-		$id_tmp = $_SESSION['_uid'].$_POST['user_list'].date('d-D-w-m-Y-H-s').
-					microtime().rand();
+		$id_tmp = api_get_user_id().$receiver_user_id.date('d-D-w-m-Y-H-s').microtime().rand();
 		$id_msg = md5($id_tmp);
 		$query = "INSERT INTO `".MESSAGES_DATABASE."` ( `id`, `id_sender`, `id_receiver`, `status`, `date`, `title`, `content` ) ".
 				 " VALUES (".
-		 		 "' ".$id_msg ."' , '".$_SESSION['_uid']."', '".$_POST['user_list']."', '1', '".date('Y-m-d H:i:s')."','".$_POST['title']."','".$_POST['content']."'".
+		 		 "' ".$id_msg ."' , '".api_get_user_id()."', '".$receiver_user_id."', '1', '".date('Y-m-d H:i:s')."','".$title."','".$content."'".
 		 		 ");";
 		@api_sql_query($query,__FILE__,__LINE__);
-		display_success_message($_POST['user_list']);
+		display_success_message($receiver_user_id);
+	}
+	else
+	{
+		$form->display();
 	}
-	
-	$form->display();
 }

 /*
@ -159,7 +161,7 @@ if(!isset($_POST['compose']))
 	if(isset($_GET['re_id']))
 	{
 		$message_id = $_GET['re_id'];
-		$receiver_id = $_SESSION['_uid'];
+		$receiver_id = api_get_user_id();
 		show_compose_reply_to_message($message_id, $receiver_id);
 	}
 	else if(isset($_GET['send_to_user']))
@ -173,7 +175,7 @@ if(!isset($_POST['compose']))
 }
 else
 {
-	if(isset($_SESSION['_uid']) && isset($_POST['user_list']) && isset($_POST['content']))
+	if(api_get_user_id() && isset($_POST['user_list']) && isset($_POST['content']))
 	{
 		$default['title'] = $_POST['title'];
 		$default['user_list'] = $_POST['user_list'];
--- a/plugin/messages/view_message.php
+++ b/plugin/messages/view_message.php
@ -1,4 +1,4 @@
-<?php // $Id: view_message.php 10204 2006-11-26 20:46:53Z pcool $
+<?php // $Id: view_message.php 10675 2007-01-11 13:03:10Z bmol $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@ -35,10 +35,10 @@ $nameTools = get_lang("Messages");
 $interbredcrump[]=array("url" => "inbox.php","name" => get_lang("Inbox"));
 Display::display_header($nameTools,"messages");

-$query = "UPDATE `".MESSAGES_DATABASE."` SET `status` = '0' WHERE `id_receiver`=".$_SESSION['_uid']." AND `id`='".mysql_real_escape_string($_GET['id'])."';";
+$query = "UPDATE `".MESSAGES_DATABASE."` SET `status` = '0' WHERE `id_receiver`=".api_get_user_id()." AND `id`='".mysql_real_escape_string($_GET['id'])."';";
 $result = api_sql_query($query,__FILE__,__LINE__);

-$query = "SELECT * FROM `".MESSAGES_DATABASE."` WHERE id_receiver=".$_SESSION['_uid']." AND id='".mysql_real_escape_string($_GET['id'])."';";
+$query = "SELECT * FROM `".MESSAGES_DATABASE."` WHERE id_receiver=".api_get_user_id()." AND id='".mysql_real_escape_string($_GET['id'])."';";
 $result = api_sql_query($query,__FILE__,__LINE__);
 $row = mysql_fetch_array($result);