diff --git a/main/css/blue_lagoon/default.css b/main/css/blue_lagoon/default.css index a86244238e..08e7a74455 100644 --- a/main/css/blue_lagoon/default.css +++ b/main/css/blue_lagoon/default.css @@ -2182,11 +2182,11 @@ div.comments { /* styles from the my.profile.php file */ .message-content { float:right; - margin:5px auto; - background:#FFF; - border:1px dotted #ccc; + margin:20px auto; + background:#F5E38E; + border:2px solid #EBCA4F; padding:10px; - width:50%; + width:200px; position:relative; } .message-content .message-delete { @@ -2207,8 +2207,8 @@ div.comments { margin-right:-100px; } .message-title { - /* color:#ff0000;*/ - font-size:12px; + color:#ff0000; + font-size:15px; } .message-body { font-size:11px; diff --git a/main/inc/lib/fckeditor/editor/plugins/ajaxfilemanager/inc/class.upload.php b/main/inc/lib/fckeditor/editor/plugins/ajaxfilemanager/inc/class.upload.php index a24cf61130..8180ebb37b 100644 --- a/main/inc/lib/fckeditor/editor/plugins/ajaxfilemanager/inc/class.upload.php +++ b/main/inc/lib/fckeditor/editor/plugins/ajaxfilemanager/inc/class.upload.php @@ -204,7 +204,7 @@ class Upload { $this->fileBaseName = $fileBaseName; } - $this->fileBaseName=disable_dangerous_file(replace_dangerous_char(str_replace(' ','_',$this->fileBaseName)));// Juan Carlos Raña replace space by _ because fix long names. See: ajaxfilemanager/inc/class.manager.php. And add cleaning from dokeos replace_dangerous_char() and disable_dangerous_file() + $this->fileBaseName=disable_dangerous_file(replace_dangerous_char(str_replace(' ','_',$this->fileBaseName),'strict'));// Juan Carlos Raña replace space by _ because fix long names. See: ajaxfilemanager/inc/class.manager.php. And add cleaning from dokeos replace_dangerous_char() and disable_dangerous_file() $fileName = $this->fileBaseName . $this->fileExtension; $filePath = $dest . $fileName; diff --git a/main/inc/lib/fileUpload.lib.php b/main/inc/lib/fileUpload.lib.php index 780815b1cc..0d9a15057b 100644 --- a/main/inc/lib/fileUpload.lib.php +++ b/main/inc/lib/fileUpload.lib.php @@ -248,8 +248,8 @@ function handle_uploaded_document($_course,$uploaded_file,$base_work_dir,$upload } else { - //clean up the name, only ASCII characters should stay. - $clean_name = replace_dangerous_char($uploaded_file['name']); + //clean up the name, only ASCII characters should stay. (and strict) + $clean_name = replace_dangerous_char($uploaded_file['name'], 'strict'); //no "dangerous" files $clean_name = disable_dangerous_file($clean_name); if(!filter_extension($clean_name)) @@ -703,7 +703,7 @@ function treat_uploaded_file($uploadedFile, $baseWorkDir, $uploadPath, $maxFille $fileName = trim($uploadedFile['name']); // CHECK FOR NO DESIRED CHARACTERS - $fileName = replace_dangerous_char($fileName); + $fileName = replace_dangerous_char($fileName, 'strict'); // TRY TO ADD AN EXTENSION TO FILES WITOUT EXTENSION $fileName = add_ext_on_mime($fileName,$uploadedFile['type']); @@ -1867,7 +1867,7 @@ $handle=opendir($path); else { //rename - $safe_file=disable_dangerous_file(replace_dangerous_char($file)); + $safe_file=disable_dangerous_file(replace_dangerous_char($file, 'strict')); @rename($base_work_dir.$current_path.'/'.$file,$base_work_dir.$current_path.'/'.$safe_file); if(!DocumentManager::get_document_id($_course, $current_path.'/'.$safe_file)) diff --git a/main/inc/lib/message.lib.php b/main/inc/lib/message.lib.php index fb945a1d0d..56be5a8567 100644 --- a/main/inc/lib/message.lib.php +++ b/main/inc/lib/message.lib.php @@ -1,29 +1,782 @@ - Copyright (c) Isaac Flores - For a full list of contributors, see "credits.txt". - The full license can be read in "license.txt". - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License - as published by the Free Software Foundation; either version 2 - of the License, or (at your option) any later version. +require_once api_get_path(LIBRARY_PATH).'online.inc.php'; +require_once api_get_path(LIBRARY_PATH).'fileUpload.lib.php'; +require_once api_get_path(LIBRARY_PATH).'fileDisplay.lib.php'; +require_once api_get_path(LIBRARY_PATH).'usermanager.lib.php'; - See the GNU General Public License for more details. +/* + * @todo use constants! + */ +define('MESSAGE_STATUS_NEW', '0'); +define('MESSAGE_STATUS_UNREAD', '1'); +define('MESSAGE_STATUS_DELETED', '2'); - Contact address: Dokeos, rue du Corbeau, 108, B-1030 Brussels, Belgium - Mail: info@dokeos.com +define('MESSAGE_STATUS_INVITATION_PENDING', '5'); +define('MESSAGE_STATUS_INVITATION_ACCEPTED','6'); +define('MESSAGE_STATUS_INVITATION_DENIED', '7'); -============================================================================== -*/ +class MessageManager +{ + function MessageManager() { + + } + public static function get_online_user_list($current_user_id) { + $min=30; + global $_configuration; + $userlist = WhoIsOnline($current_user_id,$_configuration['statistics_database'],$min); + foreach($userlist as $row) { + $receiver_id = $row[0]; + $online_user_list[$receiver_id] = GetFullUserName($receiver_id).($current_user_id==$receiver_id?(" (".get_lang('Myself').")"):("")); + } + return $online_user_list; + } + + /** + * Displays info stating that the message is sent successfully. + */ + public static function display_success_message($uid) { + global $charset; + if ($_SESSION['social_exist']===true) { + $redirect="#remote-tab-2"; + if (api_get_setting('allow_social_tool')=='true' && api_get_setting('allow_message_tool')=='true') { + $success=get_lang('MessageSentTo'). + " ". + GetFullUserName($uid). + ""; + }else { + $success=get_lang('MessageSentTo'). + " ". + GetFullUserName($uid). + ""; + } + } else { + $success=get_lang('MessageSentTo'). + " ". + GetFullUserName($uid). + ""; + } + Display::display_confirmation_message(api_xml_http_response_encode($success), false); + } + + /** + * Displays the wysiwyg html editor. + */ + public static function display_html_editor_area($name, $resp) { + api_disp_html_area($name, get_lang('TypeYourMessage'), '', '', null, array('ToolbarSet' => 'Messages', 'Width' => '95%', 'Height' => '250')); + } + + /** + * Get the new messages for the current user from the database. + */ + public static function get_new_messages() { + $table_message = Database::get_main_table(TABLE_MESSAGE); + if (!api_get_user_id()) { + return false; + } + $i=0; + $query = "SELECT * FROM $table_message WHERE user_receiver_id=".api_get_user_id()." AND msg_status=1"; + $result = Database::query($query,__FILE__,__LINE__); + $i = Database::num_rows($result); + return $i; + } + + /** + * Get the list of user_ids of users who are online. + */ + public static function users_connected_by_id() { + global $_configuration, $_user; + $minute=30; + $user_connect = WhoIsOnline($_user['user_id'],$_configuration['statistics_database'],$minute); + for ($i=0; $i'; + } else { + $message[0] = ($result[0]); + } + + if ($request===true) { + if($result[4]==0) + { + $message[1] = Display::return_icon('mail_open.png',get_lang('AlreadyReadMessage'));//Message already read + } + else + { + $message[1] = Display::return_icon('mail.png',get_lang('UnReadMessage'));//Message without reading + } + + $message[2] = ''.GetFullUserName($result[1]).''; + $message[3] = ''.str_replace("\\","",$result[2]).''; + $message[5] = ''.Display::return_icon('message_reply.png',get_lang('ReplyToMessage')).''. + '  '.Display::return_icon('message_delete.png',get_lang('DeleteMessage')).''; + } else { + $message[2] = ''.GetFullUserName(($result[1])).'';; + $message[3] = ''.$result[2].''; + $message[5] = ''.Display::return_icon('message_reply.png',get_lang('ReplyToMessage')).''. + '  '.Display::return_icon('message_delete.png',get_lang('DeleteMessage')).''; + } + $message[4] = ($result[3]); //date stays the same + foreach($message as $key => $value) { + $message[$key] = api_xml_http_response_encode($value); + } + $message_list[] = $message; + + $i++; + } + return $message_list; + } + + public static function send_message ($receiver_user_id, $title, $content, $file_attachments = array(), $file_comments = '', $group_id = 0, $parent_id = 0) { + global $charset; + $table_message = Database::get_main_table(TABLE_MESSAGE); + $group_id = intval($group_id); + $receiver_user_id = intval($receiver_user_id); + $parent_id = intval($parent_id); + + if (is_numeric($receiver_user_id)) { + $table_message = Database::get_main_table(TABLE_MESSAGE); + $title = api_convert_encoding($title,$charset,'UTF-8'); + $content = api_convert_encoding($content,$charset,'UTF-8'); + //message in inbox + $sql = "SELECT COUNT(*) as count FROM $table_message WHERE user_sender_id = ".api_get_user_id()." AND user_receiver_id='".Database::escape_string($receiver_user_id)."' AND title = '".Database::escape_string($title)."' AND content ='".Database::escape_string($content)."' "; + $res_exist = Database::query($sql,__FILE__,__LINE__); + $row_exist = Database::fetch_array($res_exist,'ASSOC'); + if ($row_exist['count'] == 0) { + //message in outbox + $sql = "INSERT INTO $table_message(user_sender_id, user_receiver_id, msg_status, send_date, title, content ) ". + " VALUES (". + "'".api_get_user_id()."', '".Database::escape_string($receiver_user_id)."', '4', '".date('Y-m-d H:i:s')."','".Database::escape_string($title)."','".Database::escape_string($content)."'". + ")"; + $rs = Database::query($sql,__FILE__,__LINE__); + $outbox_last_id = Database::insert_id(); + + // save attachment file for outbox messages + if (is_array($file_attachments)) { + $o = 0; + foreach ($file_attachments as $file_attach) { + if ($file_attach['error'] == 0) { + self::save_message_attachment_file($file_attach,$file_comments[$o],$outbox_last_id,api_get_user_id()); + } + $o++; + } + } + //message in inbox + $query = "INSERT INTO $table_message(user_sender_id, user_receiver_id, msg_status, send_date, title, content, group_id, parent_id ) ". + " VALUES (". + "'".api_get_user_id()."', '".Database::escape_string($receiver_user_id)."', '1', '".date('Y-m-d H:i:s')."','".Database::escape_string($title)."','".Database::escape_string($content)."','$group_id','$parent_id'". + ")"; + $result = Database::query($query,__FILE__,__LINE__); + $inbox_last_id = Database::insert_id(); + + // save attachment file for inbox messages + if (is_array($file_attachments)) { + $i = 0; + foreach ($file_attachments as $file_attach) { + if ($file_attach['error'] == 0) { + self::save_message_attachment_file($file_attach,$file_comments[$i],$inbox_last_id,null,$receiver_user_id); + } + $i++; + } + } + return $result; + } + } else { + return false; + } + + return false; + } + + public static function delete_message_by_user_receiver ($user_receiver_id,$id) { + $table_message = Database::get_main_table(TABLE_MESSAGE); + if ($id != strval(intval($id))) return false; + $id = Database::escape_string($id); + $sql="SELECT * FROM $table_message WHERE id=".$id." AND msg_status<>4;"; + $rs=Database::query($sql,__FILE__,__LINE__); + + if (Database::num_rows($rs) > 0 ) { + $row = Database::fetch_array($rs); + // delete attachment file + $res = self::delete_message_attachment_file($id,$user_receiver_id); + // delete message + $query = "UPDATE $table_message SET msg_status=3 WHERE user_receiver_id=".Database::escape_string($user_receiver_id)." AND id=".$id; + //$query = "DELETE FROM $table_message WHERE user_receiver_id=".Database::escape_string($user_receiver_id)." AND id=".$id; + $result = Database::query($query,__FILE__,__LINE__); + return $result; + } else { + return false; + } + } + /** + * Set status deleted + * @author Isaac FLores Paz + * @param integer + * @param integer + * @return array + */ + public static function delete_message_by_user_sender ($user_sender_id,$id) { + if ($id != strval(intval($id))) return false; + $table_message = Database::get_main_table(TABLE_MESSAGE); + + $id = intval($id); + $user_sender_id = intval($user_sender_id); + + $sql="SELECT * FROM $table_message WHERE id='$id'"; + $rs=Database::query($sql,__FILE__,__LINE__); + + if (Database::num_rows($rs) > 0 ) { + $row = Database::fetch_array($rs); + // delete attachment file + $res = self::delete_message_attachment_file($id,$user_sender_id); + // delete message + $query = "UPDATE $table_message SET msg_status=3 WHERE user_sender_id='$user_sender_id' AND id='$id'"; + //$query = "DELETE FROM $table_message WHERE user_sender_id='$user_sender_id' AND id='$id'"; + $result = Database::query($query,__FILE__,__LINE__); + return $result; + } + return false; + } + + public static function save_message_attachment_file($file_attach,$file_comment,$message_id,$receiver_user_id=0,$sender_user_id=0) { + + $tbl_message_attach = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT); + + // Try to add an extension to the file if it hasn't one + $new_file_name = add_ext_on_mime(stripslashes($file_attach['name']), $file_attach['type']); + + // user's file name + $file_name =$file_attach['name']; + + if (!filter_extension($new_file_name)) { + Display :: display_error_message(get_lang('UplUnableToSaveFileFilteredExtension')); + } else { + $new_file_name = uniqid(''); + + $message_user_id = ''; + if (!empty($receiver_user_id)) { + $message_user_id = $receiver_user_id; + } else { + $message_user_id = $sender_user_id; + } + + // User-reserved directory where photos have to be placed. + $path_user_info = UserManager::get_user_picture_path_by_id($message_user_id, 'system', true); + $path_message_attach = $path_user_info['dir'].'message_attachments/'; + + // If this directory does not exist - we create it. + if (!file_exists($path_message_attach)) { + $perm = api_get_setting('permissions_for_new_directories'); + $perm = octdec(!empty($perm) ? $perm : '0770'); + @mkdir($path_message_attach, $perm, true); + } + + $new_path=$path_message_attach.$new_file_name; + if (!empty($receiver_user_id)) { + $result= @copy($file_attach['tmp_name'], $new_path); + } else { + $result= @move_uploaded_file($file_attach['tmp_name'], $new_path); + } + + $safe_file_comment= Database::escape_string($file_comment); + $safe_file_name = Database::escape_string($file_name); + $safe_new_file_name = Database::escape_string($new_file_name); + // Storing the attachments if any + $sql="INSERT INTO $tbl_message_attach(filename,comment, path,message_id,size) + VALUES ( '$safe_file_name', '$safe_file_comment', '$safe_new_file_name' , '$message_id', '".$file_attach['size']."' )"; + $result=Database::query($sql, __LINE__, __FILE__); + $message.=' / '.get_lang('FileUploadSucces').'
'; + + } + } + + /** + * Delete message attachment file (logicaly updating the row with a suffix _DELETE_id) + * @param int message id + * @param int message user id (receiver user id or sender user id) + * @return void + */ + public static function delete_message_attachment_file($message_id,$message_uid) { + + $message_id = intval($message_id); + $message_uid = intval($message_uid); + $table_message_attach = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT); + + $sql= "SELECT * FROM $table_message_attach WHERE message_id = '$message_id'"; + $rs = Database::query($sql,__FILE__,__LINE__); + $new_paths = array(); + while ($row = Database::fetch_array($rs)) { + $path = $row['path']; + $attach_id = $row['id']; + $new_path = $path.'_DELETED_'.$attach_id; + $path_user_info = UserManager::get_user_picture_path_by_id($message_uid, 'system', true); + $path_message_attach = $path_user_info['dir'].'message_attachments/'; + if (is_file($path_message_attach.$path)) { + if(rename($path_message_attach.$path, $path_message_attach.$new_path)) { + $sql_upd = "UPDATE $table_message_attach set path='$new_path' WHERE id ='$attach_id'"; + $rs_upd = Database::query($sql_upd,__FILE__,__LINE__); + } + } + } + } + + public static function update_message ($user_id, $id) { + if ($id != strval(intval($id)) || $user_id != strval(intval($user_id))) return false; + $table_message = Database::get_main_table(TABLE_MESSAGE); + $query = "UPDATE $table_message SET msg_status = '0' WHERE msg_status<>4 AND user_receiver_id=".Database::escape_string($user_id)." AND id='".Database::escape_string($id)."'"; + $result = Database::query($query,__FILE__,__LINE__); + } + + public static function get_message_by_user ($user_id,$id) { + if ($id != strval(intval($id)) || $user_id != strval(intval($user_id))) return false; + $table_message = Database::get_main_table(TABLE_MESSAGE); + $query = "SELECT * FROM $table_message WHERE user_receiver_id=".Database::escape_string($user_id)." AND id='".Database::escape_string($id)."'"; + $result = Database::query($query,__FILE__,__LINE__); + return $row = Database::fetch_array($result); + } + + public static function get_messages_by_group($group_id) { + if ($group_id != strval(intval($group_id))) return false; + $table_message = Database::get_main_table(TABLE_MESSAGE); + $group_id = intval($group_id); + $query = "SELECT * FROM $table_message WHERE group_id='$group_id' AND msg_status <> 4 ORDER BY id"; + $rs = Database::query($query,__FILE__,__LINE__); + $data = array(); + if (Database::num_rows($rs) > 0) { + while ($row = Database::fetch_array($rs)) { + $data[] = $row; + } + } + return $data; + } + + /** + * Gets information about if exist messages + * @author Isaac FLores Paz + * @param integer + * @param integer + * @return boolean + */ + public static function exist_message ($user_id, $id) { + if ($id != strval(intval($id)) || $user_id != strval(intval($user_id))) return false; + $table_message = Database::get_main_table(TABLE_MESSAGE); + $query = "SELECT id FROM $table_message WHERE user_receiver_id=".Database::escape_string($user_id)." AND id='".Database::escape_string($id)."'"; + $result = Database::query($query,__FILE__,__LINE__); + $num = Database::num_rows($result); + if ($num>0) + return true; + else + return false; + } + /** + * Gets information about messages sent + * @author Isaac FLores Paz + * @param integer + * @param integer + * @param string + * @return array + */ + public static function get_message_data_sent ($from, $number_of_items, $column, $direction) { + global $charset; + + $from = intval($from); + $number_of_items = intval($number_of_items); + $column = intval($column); + if (!in_array($direction, array('ASC', 'DESC'))) + $direction = 'ASC'; + + $table_message = Database::get_main_table(TABLE_MESSAGE); + $request=api_is_xml_http_request(); + $sql_query = "SELECT id as col0, user_sender_id as col1, title as col2, send_date as col3, user_receiver_id as col4, msg_status as col5 FROM $table_message " . + "WHERE user_sender_id=".api_get_user_id()." AND msg_status=4 " . + "ORDER BY col$column $direction LIMIT $from,$number_of_items"; + + $sql_result = Database::query($sql_query,__FILE__,__LINE__); + $i = 0; + $message_list = array (); + while ($result = Database::fetch_row($sql_result)) { + if ($request===true) { + $message[0] = ''; + } else { + $message[0] = ($result[0]); + } + + if ($request===true) { + if ($result[5]==4) + { + $message[1] = Display::return_icon('mail_send.png',get_lang('MessageSent'));//Message Sent + } + $message[2] = ''.GetFullUserName($result[4]).''; + $message[3] = ''.str_replace("\\","",$result[2]).''; + $message[5] = '  '.Display::return_icon('message_delete.png',get_lang('DeleteMessage')).''; + } else { + $message[2] = ''.GetFullUserName($result[4]).''; + $message[3] = ''.$result[2].''; + $message[5] = ''.Display::return_icon('message_reply.png',get_lang('ReplyToMessage')).''. + '  '.Display::return_icon('message_delete.png',get_lang('DeleteMessage')).''; + } + $message[4] = $result[3]; //date stays the same + foreach($message as $key => $value) { + $message[$key] = api_xml_http_response_encode($value); + } + $message_list[] = $message; + $i++; + } + return $message_list; + } + /** + * Gets information about number messages sent + * @author Isaac FLores Paz + * @param void + * @return integer + */ + public static function get_number_of_messages_sent () { + $table_message = Database::get_main_table(TABLE_MESSAGE); + $sql_query = "SELECT COUNT(*) as number_messages FROM $table_message WHERE msg_status=4 AND user_sender_id=".api_get_user_id(); + $sql_result = Database::query($sql_query,__FILE__,__LINE__); + $result = Database::fetch_array($sql_result); + return $result['number_messages']; + } + + /** + * display message box in the inbox + * @return void + */ + public static function show_message_box() { + global $charset; + + $table_message = Database::get_main_table(TABLE_MESSAGE); + $tbl_message_attach = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT); + + $message_id = ''; + if (isset($_GET['id_send']) && is_numeric($_GET['id_send'])) { + $query = "SELECT * FROM $table_message WHERE user_sender_id=".api_get_user_id()." AND id=".intval(Database::escape_string($_GET['id_send']))." AND msg_status=4;"; + $result = Database::query($query,__FILE__,__LINE__); + $path='outbox.php'; + $message_id = intval($_GET['id_send']); + } else { + if (is_numeric($_GET['id'])) { + $query = "UPDATE $table_message SET msg_status = '0' WHERE user_receiver_id=".api_get_user_id()." AND id='".intval(Database::escape_string($_GET['id']))."';"; + $result = Database::query($query,__FILE__,__LINE__); + $query = "SELECT * FROM $table_message WHERE msg_status<>4 AND user_receiver_id=".api_get_user_id()." AND id='".intval(Database::escape_string($_GET['id']))."';"; + $result = Database::query($query,__FILE__,__LINE__); + } + $path='inbox.php'; + $message_id = intval($_GET['id']); + } + + $row = Database::fetch_array($result); + + // get file attachments by message id + $files_attachments = ''; + if (!empty($message_id)) { + $sql = "SELECT * FROM $tbl_message_attach WHERE message_id = '$message_id'"; + $rs_file = Database::query($sql,__FILE__,__LINE__); + if (Database::num_rows($rs_file) > 0) { + $attach_icon = Display::return_icon('attachment.gif'); + $archiveURL=api_get_path(WEB_CODE_PATH).'messages/download.php?type=inbox&file='; + while ($row_file = Database::fetch_array($rs_file)) { + $archiveFile = $row_file['path']; + $filename = $row_file['filename']; + $filesize = format_file_size($row_file['size']); + $filecomment = $row_file['comment']; + $files_attachments .= $attach_icon.' '.$filename.' ('.$filesize.')'.(!empty($filecomment)?' - '.$filecomment:'').'
'; + } + } + } + + $user_con = self::users_connected_by_id(); + $band=0; + $reply=''; + for ($i=0;$i'.Display::return_icon('message_reply.png',api_xml_http_response_encode(get_lang('ReplyToMessage'))).api_xml_http_response_encode(get_lang('ReplyToMessage')).''; + } + } + echo '
'; + echo ''.Display::return_icon('folder_up.gif',api_xml_http_response_encode(get_lang('BackToInbox'))).api_xml_http_response_encode(get_lang('BackToInbox')).''; + echo $reply; + echo ''.Display::return_icon('message_delete.png',api_xml_http_response_encode(get_lang('DeleteMessage'))).''.api_xml_http_response_encode(get_lang('DeleteMessage')).''; + echo '

'; + echo ' + + + + + + +
  + + +

'.str_replace("\\","",api_xml_http_response_encode($row[5])).'

+ + + + + + + + +
+
'.api_xml_http_response_encode(get_lang('From').' '.GetFullUserName($row[1]).' '.api_strtolower(get_lang('To')).'  '.GetFullUserName($row[2])).'
'.api_xml_http_response_encode(get_lang('Date').'  '.$row[4]).'
+
+ + + + + + +
'.str_replace("\\","",api_xml_http_response_encode($row[6])).'
+ '.$files_attachments.' +
 
'; + } + + + /** + * display message box sent showing it into outbox + * @return void + */ + public static function show_message_box_sent () { + global $charset; + $table_message = Database::get_main_table(TABLE_MESSAGE); + $tbl_message_attach = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT); + + $message_id = ''; + if (is_numeric($_GET['id_send'])) { + $query = "SELECT * FROM $table_message WHERE user_sender_id=".api_get_user_id()." AND id=".intval(Database::escape_string($_GET['id_send']))." AND msg_status=4;"; + $result = Database::query($query,__FILE__,__LINE__); + $message_id = intval($_GET['id_send']); + } + $path='outbox.php'; + + // get file attachments by message id + $files_attachments = ''; + if (!empty($message_id)) { + $sql = "SELECT * FROM $tbl_message_attach WHERE message_id = '$message_id'"; + $rs_file = Database::query($sql,__FILE__,__LINE__); + if (Database::num_rows($rs_file) > 0) { + $attach_icon = Display::return_icon('attachment.gif'); + $archiveURL=api_get_path(WEB_CODE_PATH).'messages/download.php?type=outbox&file='; + while ($row_file = Database::fetch_array($rs_file)) { + $archiveFile = $row_file['path']; + $filename = $row_file['filename']; + $filesize = format_file_size($row_file['size']); + $filecomment = $row_file['comment']; + $files_attachments .= $attach_icon.' '.$filename.' ('.$filesize.')'.(!empty($filecomment)?' - '.$filecomment:'').'
'; + } + } + } + + $row = Database::fetch_array($result); + $user_con = self::users_connected_by_id(); + $band=0; + $reply=''; + for ($i=0;$i'; + echo ''.Display::return_icon('folder_up.gif',api_xml_http_response_encode(get_lang('BackToOutbox'))).api_xml_http_response_encode(get_lang('BackToOutbox')).''; + echo ''.Display::return_icon('message_delete.png',api_xml_http_response_encode(get_lang('DeleteMessage'))).api_xml_http_response_encode(get_lang('DeleteMessage')).''; + echo '
'; + echo ' + + + + + + +
  + + +

'.str_replace("\\","",api_xml_http_response_encode($row[5])).'

+ + + + + + + + +
+
'.api_xml_http_response_encode(get_lang('From').' '.GetFullUserName($row[1]).' '.api_strtolower(get_lang('To')).'  '.GetFullUserName($row[2])).'
'.api_xml_http_response_encode(get_lang('Date').'  '.$row[4]).'
+
+ + + + + + +
'.str_replace("\\","",api_xml_http_response_encode($row[6])).'
+ '.$files_attachments.' +
 
'; + } + + /** + * get user id by user email + * @param string $user_email + * @return int user id + */ + public static function get_user_id_by_email ($user_email) { + $tbl_user = Database::get_main_table(TABLE_MAIN_USER); + $sql='SELECT user_id FROM '.$tbl_user.' WHERE email="'.Database::escape_string($user_email).'";'; + $rs=Database::query($sql,__FILE__,__LINE__); + $row=Database::fetch_array($rs,'ASSOC'); + if (isset($row['user_id'])) { + return $row['user_id']; + } else { + return null; + } + } + + /** + * display messages for group with nested view + * @param int group id + * @return void + */ + public static function display_messages_for_group($group_id) { + + global $origin; + $rows = self::get_messages_by_group($group_id); + $rows = self::calculate_children($rows); + $group_info = GroupPortalManager::get_group_data($group_id); + $count=0; + + foreach ($rows as $message) { + $indent = $message['indent_cnt']*'20'; + $user_sender_info = UserManager::get_user_info_by_id($message['user_sender_id']); + if (!empty($message['parent_id'])) { + $message_parent_info = self::get_message_by_id($message['parent_id']); + $user_parent_info = UserManager::get_user_info_by_id($message_parent_info['user_sender_id']); + $name_user_parent = api_get_person_name($user_parent_info['firstname'], $user_parent_info['lastname']); + } + $name=api_get_person_name($user_sender_info['firstname'], $user_sender_info['lastname']); + echo "
"; + echo '
'.$message['title'].' ( '.$message['send_date'].' ) 
'; + echo '
'.get_lang('From').' '.$name.' '.get_lang('ToGroup').' '.(!empty($message['parent_id'])?$name_user_parent:$group_info['name']).'
'; + echo '
'.$message['content'].'
'; + echo ''; + echo '
'; + $count++; + } + } + + /** + * Add children to messages by id is used for nested view messages + * @param array rows of messages + * @return array new list adding the item children + */ + public static function calculate_children($rows) { + + foreach($rows as $row) { + $rows_with_children[$row["id"]]=$row; + $rows_with_children[$row["parent_id"]]["children"][]=$row["id"]; + } + $rows=$rows_with_children; + $sorted_rows=array(0=>array()); + self::message_recursive_sort($rows, $sorted_rows); + unset($sorted_rows[0]); + return $sorted_rows; + } + + /** + * Sort recursively the messages, is used for for nested view messages + * @param array original rows of messages + * @param array list recursive of messages + * @param int seed for calculate the indent + * @param int indent for nested view + * @return void + */ + public static function message_recursive_sort($rows, &$messages, $seed=0, $indent=0) { + if($seed>0) { + $messages[$rows[$seed]["id"]]=$rows[$seed]; + $messages[$rows[$seed]["id"]]["indent_cnt"]=$indent; + $indent++; + } + if(isset($rows[$seed]["children"])) { + foreach($rows[$seed]["children"] as $child) { + self::message_recursive_sort($rows, $messages, $child, $indent); + } + } + } + + /** + * Get message list by id + * @param int message id + * @return array + */ + public static function get_message_by_id($message_id) { + $tbl_message = Database::get_main_table(TABLE_MESSAGE); + $message_id = intval($message_id); + $sql = "SELECT * FROM $tbl_message WHERE id = '$message_id'"; + $res = Database::query($sql, __FILE__, __LINE__); + $item = array(); + if (Database::num_rows($res)>0) { + $item = Database::fetch_array($res,'ASSOC'); + } + return $item; + } +} + + +//@todo this functions should be in the message class -require_once api_get_path(LIBRARY_PATH).'online.inc.php'; -require_once api_get_path(SYS_CODE_PATH).'messages/message.class.php'; function inbox_display() { global $charset; // $charset = api_get_setting('platform_charset'); diff --git a/main/inc/lib/social.lib.php b/main/inc/lib/social.lib.php index 3fa5ddc365..be951b40c2 100755 --- a/main/inc/lib/social.lib.php +++ b/main/inc/lib/social.lib.php @@ -1,8 +1,17 @@ + * Accepts invitation * @param int user sender id * @param int user receiver id - * @return void() + * @author isaac flores paz + * @author Julio Montoya Cleaning code */ public static function invitation_accepted ($user_send_id,$user_receiver_id) { $tbl_message=Database::get_main_table(TABLE_MAIN_MESSAGE); - $msg_status=6;// friend accepted - $sql='UPDATE '.$tbl_message.' SET msg_status='.$msg_status.' WHERE user_sender_id='.((int)$user_send_id).' AND user_receiver_id='.((int)$user_receiver_id).';'; + $sql='UPDATE '.$tbl_message.' SET msg_status='.MESSAGE_STATUS_INVITATION_ACCEPTED.' WHERE user_sender_id='.((int)$user_send_id).' AND user_receiver_id='.((int)$user_receiver_id).';'; Database::query($sql,__FILE__,__LINE__); } /** - * allow deny invitation - * @author isaac flores paz + * Denies invitation * @param int user sender id * @param int user receiver id - * @return void() + * @author isaac flores paz + * @author Julio Montoya Cleaning code */ public static function invitation_denied ($user_send_id,$user_receiver_id) { $tbl_message=Database::get_main_table(TABLE_MAIN_MESSAGE); - $msg_status=7; - $sql='UPDATE '.$tbl_message.' SET msg_status='.$msg_status.' WHERE user_sender_id='.((int)$user_send_id).' AND user_receiver_id='.((int)$user_receiver_id).';'; + //$msg_status=7; + //$sql='UPDATE '.$tbl_message.' SET msg_status='.$msg_status.' WHERE user_sender_id='.((int)$user_send_id).' AND user_receiver_id='.((int)$user_receiver_id).';'; + $sql='DELETE FROM '.$tbl_message.' WHERE user_sender_id='.((int)$user_send_id).' AND user_receiver_id='.((int)$user_receiver_id).';'; Database::query($sql,__FILE__,__LINE__); } /** @@ -369,6 +380,7 @@ class SocialManager extends UserManager { $succes = get_lang('MessageSentTo'); $succes.= ' : '.api_get_person_name($user_info['firstName'], $user_info['lastName']); if (isset($subject_message) && isset($content_message) && isset($userfriend_id)) { + error_log('1'); $send_message = MessageManager::send_message($userfriend_id, $subject_message, $content_message); if ($send_message) { echo Display::display_confirmation_message($succes,true); @@ -377,6 +389,7 @@ class SocialManager extends UserManager { } exit; } elseif (isset($userfriend_id) && !isset($subject_message)) { + error_log('2'); $count_is_true=false; $count_number_is_true=0; if (isset($userfriend_id) && $userfriend_id>0) { @@ -619,19 +632,20 @@ class SocialManager extends UserManager { } public static function show_social_menu() { - echo '
'; + /* + echo '
'; echo ''.Display::return_icon('shared_profile.png').' '.get_lang('ViewMySharedProfile').''; echo ''.Display::return_icon('inbox.png').' '.get_lang('Messages').''; echo ''.Display::return_icon('lp_users.png').' '.get_lang('Friends').''; echo ''.Display::return_icon('lp_users.png').' '.get_lang('Invitations').''; - echo ''.Display::return_icon('group.gif').' '.get_lang('MyGroups').''; + echo ''.Display::return_icon('group.gif').' '.get_lang('Groups').''; echo ''.Display::return_icon('search.gif').' '.get_lang('Search').''; echo ''.Display::return_icon('edit.gif').' '.get_lang('EditProfile').''; - /* + echo ''. ''.Display::return_icon('edit.gif').' '.get_lang('Configuration').''; ''; - */ - echo '
'; + + echo '
';*/ } } \ No newline at end of file diff --git a/main/inc/lib/usermanager.lib.php b/main/inc/lib/usermanager.lib.php index a007df03f4..e57c9586b4 100644 --- a/main/inc/lib/usermanager.lib.php +++ b/main/inc/lib/usermanager.lib.php @@ -2648,22 +2648,8 @@ class UserManager * */ public function get_search_form($query) { - echo'
- - - - - -
-
-
- Search (Users, Groups) -
-
- - -
-
'; + //Not available yet + return ''; } //deprecated public function get_public_users($keyword, $from = 0, $number_of_items= 20, $column=2, $direction='ASC') { @@ -2736,7 +2722,8 @@ class UserManager } return $users; } - function show_menu(){ + function show_menu() { + /* echo '
'; echo ''.Display::return_icon('profile.png').' '.get_lang('PersonalData').''; echo ''.Display::return_icon('inbox.png').' '. get_lang('Inbox').''; @@ -2744,7 +2731,7 @@ class UserManager echo ''. ''.Display::return_icon('edit.gif').' '.get_lang('Configuration').''; ''; - echo '
'; + echo '';*/ } /** * Gives a list of course auto-register (field special_course) diff --git a/main/messages/inbox.php b/main/messages/inbox.php index 43f6c75350..0c270a34e2 100755 --- a/main/messages/inbox.php +++ b/main/messages/inbox.php @@ -32,8 +32,8 @@ $language_file = array('registration','messages','userInfo','admin','index'); $cidReset=true; require_once '../inc/global.inc.php'; -require_once '../messages/message.class.php'; require_once api_get_path(LIBRARY_PATH).'message.lib.php'; + api_block_anonymous_users(); if (isset($_GET['messages_page_nr'])) { if (api_get_setting('allow_social_tool')=='true' && api_get_setting('allow_message_tool')=='true') { diff --git a/main/messages/message.class.php b/main/messages/message.class.php index d5b921082a..05e9f51752 100755 --- a/main/messages/message.class.php +++ b/main/messages/message.class.php @@ -1,769 +1,3 @@ ". - GetFullUserName($uid). - ""; - }else { - $success=get_lang('MessageSentTo'). - " ". - GetFullUserName($uid). - ""; - } - } else { - $success=get_lang('MessageSentTo'). - " ". - GetFullUserName($uid). - ""; - } - Display::display_confirmation_message(api_xml_http_response_encode($success), false); - } - - /** - * Displays the wysiwyg html editor. - */ - public static function display_html_editor_area($name, $resp) { - api_disp_html_area($name, get_lang('TypeYourMessage'), '', '', null, array('ToolbarSet' => 'Messages', 'Width' => '95%', 'Height' => '250')); - } - - /** - * Get the new messages for the current user from the database. - */ - public static function get_new_messages() { - $table_message = Database::get_main_table(TABLE_MESSAGE); - if (!api_get_user_id()) { - return false; - } - $i=0; - $query = "SELECT * FROM $table_message WHERE user_receiver_id=".api_get_user_id()." AND msg_status=1"; - $result = Database::query($query,__FILE__,__LINE__); - $i = Database::num_rows($result); - return $i; - } - - /** - * Get the list of user_ids of users who are online. - */ - public static function users_connected_by_id() { - global $_configuration, $_user; - $minute=30; - $user_connect = WhoIsOnline($_user['user_id'],$_configuration['statistics_database'],$minute); - for ($i=0; $i'; - } else { - $message[0] = ($result[0]); - } - - if ($request===true) { - if($result[4]==0) - { - $message[1] = Display::return_icon('mail_open.png',get_lang('AlreadyReadMessage'));//Message already read - } - else - { - $message[1] = Display::return_icon('mail.png',get_lang('UnReadMessage'));//Message without reading - } - - $message[2] = ''.GetFullUserName($result[1]).''; - $message[3] = ''.str_replace("\\","",$result[2]).''; - $message[5] = ''.Display::return_icon('message_reply.png',get_lang('ReplyToMessage')).''. - '  '.Display::return_icon('message_delete.png',get_lang('DeleteMessage')).''; - } else { - $message[2] = ''.GetFullUserName(($result[1])).'';; - $message[3] = ''.$result[2].''; - $message[5] = ''.Display::return_icon('message_reply.png',get_lang('ReplyToMessage')).''. - '  '.Display::return_icon('message_delete.png',get_lang('DeleteMessage')).''; - } - $message[4] = ($result[3]); //date stays the same - foreach($message as $key => $value) { - $message[$key] = api_xml_http_response_encode($value); - } - $message_list[] = $message; - - $i++; - } - return $message_list; - } - - public static function send_message ($receiver_user_id, $title, $content, $file_attachments = array(), $file_comments = '', $group_id = 0, $parent_id = 0) { - global $charset; - $table_message = Database::get_main_table(TABLE_MESSAGE); - $group_id = intval($group_id); - $receiver_user_id = intval($receiver_user_id); - $parent_id = intval($parent_id); - - if (is_numeric($receiver_user_id)) { - $table_message = Database::get_main_table(TABLE_MESSAGE); - $title = api_convert_encoding($title,$charset,'UTF-8'); - $content = api_convert_encoding($content,$charset,'UTF-8'); - //message in inbox - $sql = "SELECT COUNT(*) as count FROM $table_message WHERE user_sender_id = ".api_get_user_id()." AND user_receiver_id='".Database::escape_string($receiver_user_id)."' AND title = '".Database::escape_string($title)."' AND content ='".Database::escape_string($content)."' "; - $res_exist = Database::query($sql,__FILE__,__LINE__); - $row_exist = Database::fetch_array($res_exist,'ASSOC'); - if ($row_exist['count'] == 0) { - //message in outbox - $sql = "INSERT INTO $table_message(user_sender_id, user_receiver_id, msg_status, send_date, title, content ) ". - " VALUES (". - "'".api_get_user_id()."', '".Database::escape_string($receiver_user_id)."', '4', '".date('Y-m-d H:i:s')."','".Database::escape_string($title)."','".Database::escape_string($content)."'". - ")"; - $rs = Database::query($sql,__FILE__,__LINE__); - $outbox_last_id = Database::insert_id(); - - // save attachment file for outbox messages - if (is_array($file_attachments)) { - $o = 0; - foreach ($file_attachments as $file_attach) { - if ($file_attach['error'] == 0) { - self::save_message_attachment_file($file_attach,$file_comments[$o],$outbox_last_id,api_get_user_id()); - } - $o++; - } - } - //message in inbox - $query = "INSERT INTO $table_message(user_sender_id, user_receiver_id, msg_status, send_date, title, content, group_id, parent_id ) ". - " VALUES (". - "'".api_get_user_id()."', '".Database::escape_string($receiver_user_id)."', '1', '".date('Y-m-d H:i:s')."','".Database::escape_string($title)."','".Database::escape_string($content)."','$group_id','$parent_id'". - ")"; - $result = Database::query($query,__FILE__,__LINE__); - $inbox_last_id = Database::insert_id(); - - // save attachment file for inbox messages - if (is_array($file_attachments)) { - $i = 0; - foreach ($file_attachments as $file_attach) { - if ($file_attach['error'] == 0) { - self::save_message_attachment_file($file_attach,$file_comments[$i],$inbox_last_id,null,$receiver_user_id); - } - $i++; - } - } - return $result; - } - } else { - return false; - } - - return false; - } - - public static function delete_message_by_user_receiver ($user_receiver_id,$id) { - $table_message = Database::get_main_table(TABLE_MESSAGE); - if ($id != strval(intval($id))) return false; - $id = Database::escape_string($id); - $sql="SELECT * FROM $table_message WHERE id=".$id." AND msg_status<>4;"; - $rs=Database::query($sql,__FILE__,__LINE__); - - if (Database::num_rows($rs) > 0 ) { - $row = Database::fetch_array($rs); - // delete attachment file - $res = self::delete_message_attachment_file($id,$user_receiver_id); - // delete message - $query = "UPDATE $table_message SET msg_status=3 WHERE user_receiver_id=".Database::escape_string($user_receiver_id)." AND id=".$id; - //$query = "DELETE FROM $table_message WHERE user_receiver_id=".Database::escape_string($user_receiver_id)." AND id=".$id; - $result = Database::query($query,__FILE__,__LINE__); - return $result; - } else { - return false; - } - } - /** - * Set status deleted - * @author Isaac FLores Paz - * @param integer - * @param integer - * @return array - */ - public static function delete_message_by_user_sender ($user_sender_id,$id) { - if ($id != strval(intval($id))) return false; - $table_message = Database::get_main_table(TABLE_MESSAGE); - - $id = intval($id); - $user_sender_id = intval($user_sender_id); - - $sql="SELECT * FROM $table_message WHERE id='$id'"; - $rs=Database::query($sql,__FILE__,__LINE__); - - if (Database::num_rows($rs) > 0 ) { - $row = Database::fetch_array($rs); - // delete attachment file - $res = self::delete_message_attachment_file($id,$user_sender_id); - // delete message - $query = "UPDATE $table_message SET msg_status=3 WHERE user_sender_id='$user_sender_id' AND id='$id'"; - //$query = "DELETE FROM $table_message WHERE user_sender_id='$user_sender_id' AND id='$id'"; - $result = Database::query($query,__FILE__,__LINE__); - return $result; - } - return false; - } - - public static function save_message_attachment_file($file_attach,$file_comment,$message_id,$receiver_user_id=0,$sender_user_id=0) { - - $tbl_message_attach = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT); - - // Try to add an extension to the file if it hasn't one - $new_file_name = add_ext_on_mime(stripslashes($file_attach['name']), $file_attach['type']); - - // user's file name - $file_name =$file_attach['name']; - - if (!filter_extension($new_file_name)) { - Display :: display_error_message(get_lang('UplUnableToSaveFileFilteredExtension')); - } else { - $new_file_name = uniqid(''); - - $message_user_id = ''; - if (!empty($receiver_user_id)) { - $message_user_id = $receiver_user_id; - } else { - $message_user_id = $sender_user_id; - } - - // User-reserved directory where photos have to be placed. - $path_user_info = UserManager::get_user_picture_path_by_id($message_user_id, 'system', true); - $path_message_attach = $path_user_info['dir'].'message_attachments/'; - - // If this directory does not exist - we create it. - if (!file_exists($path_message_attach)) { - $perm = api_get_setting('permissions_for_new_directories'); - $perm = octdec(!empty($perm) ? $perm : '0770'); - @mkdir($path_message_attach, $perm, true); - } - - $new_path=$path_message_attach.$new_file_name; - if (!empty($receiver_user_id)) { - $result= @copy($file_attach['tmp_name'], $new_path); - } else { - $result= @move_uploaded_file($file_attach['tmp_name'], $new_path); - } - - $safe_file_comment= Database::escape_string($file_comment); - $safe_file_name = Database::escape_string($file_name); - $safe_new_file_name = Database::escape_string($new_file_name); - // Storing the attachments if any - $sql="INSERT INTO $tbl_message_attach(filename,comment, path,message_id,size) - VALUES ( '$safe_file_name', '$safe_file_comment', '$safe_new_file_name' , '$message_id', '".$file_attach['size']."' )"; - $result=Database::query($sql, __LINE__, __FILE__); - $message.=' / '.get_lang('FileUploadSucces').'
'; - - } - } - - /** - * Delete message attachment file (logicaly updating the row with a suffix _DELETE_id) - * @param int message id - * @param int message user id (receiver user id or sender user id) - * @return void - */ - public static function delete_message_attachment_file($message_id,$message_uid) { - - $message_id = intval($message_id); - $message_uid = intval($message_uid); - $table_message_attach = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT); - - $sql= "SELECT * FROM $table_message_attach WHERE message_id = '$message_id'"; - $rs = Database::query($sql,__FILE__,__LINE__); - $new_paths = array(); - while ($row = Database::fetch_array($rs)) { - $path = $row['path']; - $attach_id = $row['id']; - $new_path = $path.'_DELETED_'.$attach_id; - $path_user_info = UserManager::get_user_picture_path_by_id($message_uid, 'system', true); - $path_message_attach = $path_user_info['dir'].'message_attachments/'; - if (is_file($path_message_attach.$path)) { - if(rename($path_message_attach.$path, $path_message_attach.$new_path)) { - $sql_upd = "UPDATE $table_message_attach set path='$new_path' WHERE id ='$attach_id'"; - $rs_upd = Database::query($sql_upd,__FILE__,__LINE__); - } - } - } - } - - public static function update_message ($user_id, $id) { - if ($id != strval(intval($id)) || $user_id != strval(intval($user_id))) return false; - $table_message = Database::get_main_table(TABLE_MESSAGE); - $query = "UPDATE $table_message SET msg_status = '0' WHERE msg_status<>4 AND user_receiver_id=".Database::escape_string($user_id)." AND id='".Database::escape_string($id)."'"; - $result = Database::query($query,__FILE__,__LINE__); - } - - public static function get_message_by_user ($user_id,$id) { - if ($id != strval(intval($id)) || $user_id != strval(intval($user_id))) return false; - $table_message = Database::get_main_table(TABLE_MESSAGE); - $query = "SELECT * FROM $table_message WHERE user_receiver_id=".Database::escape_string($user_id)." AND id='".Database::escape_string($id)."'"; - $result = Database::query($query,__FILE__,__LINE__); - return $row = Database::fetch_array($result); - } - - public static function get_messages_by_group($group_id) { - if ($group_id != strval(intval($group_id))) return false; - $table_message = Database::get_main_table(TABLE_MESSAGE); - $group_id = intval($group_id); - $query = "SELECT * FROM $table_message WHERE group_id='$group_id' AND msg_status <> 4 ORDER BY id"; - $rs = Database::query($query,__FILE__,__LINE__); - $data = array(); - if (Database::num_rows($rs) > 0) { - while ($row = Database::fetch_array($rs)) { - $data[] = $row; - } - } - return $data; - } - - /** - * Gets information about if exist messages - * @author Isaac FLores Paz - * @param integer - * @param integer - * @return boolean - */ - public static function exist_message ($user_id, $id) { - if ($id != strval(intval($id)) || $user_id != strval(intval($user_id))) return false; - $table_message = Database::get_main_table(TABLE_MESSAGE); - $query = "SELECT id FROM $table_message WHERE user_receiver_id=".Database::escape_string($user_id)." AND id='".Database::escape_string($id)."'"; - $result = Database::query($query,__FILE__,__LINE__); - $num = Database::num_rows($result); - if ($num>0) - return true; - else - return false; - } - /** - * Gets information about messages sent - * @author Isaac FLores Paz - * @param integer - * @param integer - * @param string - * @return array - */ - public static function get_message_data_sent ($from, $number_of_items, $column, $direction) { - global $charset; - - $from = intval($from); - $number_of_items = intval($number_of_items); - $column = intval($column); - if (!in_array($direction, array('ASC', 'DESC'))) - $direction = 'ASC'; - - $table_message = Database::get_main_table(TABLE_MESSAGE); - $request=api_is_xml_http_request(); - $sql_query = "SELECT id as col0, user_sender_id as col1, title as col2, send_date as col3, user_receiver_id as col4, msg_status as col5 FROM $table_message " . - "WHERE user_sender_id=".api_get_user_id()." AND msg_status=4 " . - "ORDER BY col$column $direction LIMIT $from,$number_of_items"; - - $sql_result = Database::query($sql_query,__FILE__,__LINE__); - $i = 0; - $message_list = array (); - while ($result = Database::fetch_row($sql_result)) { - if ($request===true) { - $message[0] = ''; - } else { - $message[0] = ($result[0]); - } - - if ($request===true) { - if ($result[5]==4) - { - $message[1] = Display::return_icon('mail_send.png',get_lang('MessageSent'));//Message Sent - } - $message[2] = ''.GetFullUserName($result[4]).''; - $message[3] = ''.str_replace("\\","",$result[2]).''; - $message[5] = '  '.Display::return_icon('message_delete.png',get_lang('DeleteMessage')).''; - } else { - $message[2] = ''.GetFullUserName($result[4]).''; - $message[3] = ''.$result[2].''; - $message[5] = ''.Display::return_icon('message_reply.png',get_lang('ReplyToMessage')).''. - '  '.Display::return_icon('message_delete.png',get_lang('DeleteMessage')).''; - } - $message[4] = $result[3]; //date stays the same - foreach($message as $key => $value) { - $message[$key] = api_xml_http_response_encode($value); - } - $message_list[] = $message; - $i++; - } - return $message_list; - } - /** - * Gets information about number messages sent - * @author Isaac FLores Paz - * @param void - * @return integer - */ - public static function get_number_of_messages_sent () { - $table_message = Database::get_main_table(TABLE_MESSAGE); - $sql_query = "SELECT COUNT(*) as number_messages FROM $table_message WHERE msg_status=4 AND user_sender_id=".api_get_user_id(); - $sql_result = Database::query($sql_query,__FILE__,__LINE__); - $result = Database::fetch_array($sql_result); - return $result['number_messages']; - } - - /** - * display message box in the inbox - * @return void - */ - public static function show_message_box() { - global $charset; - - $table_message = Database::get_main_table(TABLE_MESSAGE); - $tbl_message_attach = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT); - - $message_id = ''; - if (isset($_GET['id_send']) && is_numeric($_GET['id_send'])) { - $query = "SELECT * FROM $table_message WHERE user_sender_id=".api_get_user_id()." AND id=".intval(Database::escape_string($_GET['id_send']))." AND msg_status=4;"; - $result = Database::query($query,__FILE__,__LINE__); - $path='outbox.php'; - $message_id = intval($_GET['id_send']); - } else { - if (is_numeric($_GET['id'])) { - $query = "UPDATE $table_message SET msg_status = '0' WHERE user_receiver_id=".api_get_user_id()." AND id='".intval(Database::escape_string($_GET['id']))."';"; - $result = Database::query($query,__FILE__,__LINE__); - $query = "SELECT * FROM $table_message WHERE msg_status<>4 AND user_receiver_id=".api_get_user_id()." AND id='".intval(Database::escape_string($_GET['id']))."';"; - $result = Database::query($query,__FILE__,__LINE__); - } - $path='inbox.php'; - $message_id = intval($_GET['id']); - } - - $row = Database::fetch_array($result); - - // get file attachments by message id - $files_attachments = ''; - if (!empty($message_id)) { - $sql = "SELECT * FROM $tbl_message_attach WHERE message_id = '$message_id'"; - $rs_file = Database::query($sql,__FILE__,__LINE__); - if (Database::num_rows($rs_file) > 0) { - $attach_icon = Display::return_icon('attachment.gif'); - $archiveURL=api_get_path(WEB_CODE_PATH).'messages/download.php?type=inbox&file='; - while ($row_file = Database::fetch_array($rs_file)) { - $archiveFile = $row_file['path']; - $filename = $row_file['filename']; - $filesize = format_file_size($row_file['size']); - $filecomment = $row_file['comment']; - $files_attachments .= $attach_icon.' '.$filename.' ('.$filesize.')'.(!empty($filecomment)?' - '.$filecomment:'').'
'; - } - } - } - - $user_con = self::users_connected_by_id(); - $band=0; - $reply=''; - for ($i=0;$i'.Display::return_icon('message_reply.png',api_xml_http_response_encode(get_lang('ReplyToMessage'))).api_xml_http_response_encode(get_lang('ReplyToMessage')).''; - } - } - echo '
'; - echo ''.Display::return_icon('folder_up.gif',api_xml_http_response_encode(get_lang('BackToInbox'))).api_xml_http_response_encode(get_lang('BackToInbox')).''; - echo $reply; - echo ''.Display::return_icon('message_delete.png',api_xml_http_response_encode(get_lang('DeleteMessage'))).''.api_xml_http_response_encode(get_lang('DeleteMessage')).''; - echo '

'; - echo ' - - - - - - -
  - - -

'.str_replace("\\","",api_xml_http_response_encode($row[5])).'

- - - - - - - - -
-
'.api_xml_http_response_encode(get_lang('From').' '.GetFullUserName($row[1]).' '.api_strtolower(get_lang('To')).'  '.GetFullUserName($row[2])).'
'.api_xml_http_response_encode(get_lang('Date').'  '.$row[4]).'
-
- - - - - - -
'.str_replace("\\","",api_xml_http_response_encode($row[6])).'
- '.$files_attachments.' -
 
'; - } - - - /** - * display message box sent showing it into outbox - * @return void - */ - public static function show_message_box_sent () { - global $charset; - $table_message = Database::get_main_table(TABLE_MESSAGE); - $tbl_message_attach = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT); - - $message_id = ''; - if (is_numeric($_GET['id_send'])) { - $query = "SELECT * FROM $table_message WHERE user_sender_id=".api_get_user_id()." AND id=".intval(Database::escape_string($_GET['id_send']))." AND msg_status=4;"; - $result = Database::query($query,__FILE__,__LINE__); - $message_id = intval($_GET['id_send']); - } - $path='outbox.php'; - - // get file attachments by message id - $files_attachments = ''; - if (!empty($message_id)) { - $sql = "SELECT * FROM $tbl_message_attach WHERE message_id = '$message_id'"; - $rs_file = Database::query($sql,__FILE__,__LINE__); - if (Database::num_rows($rs_file) > 0) { - $attach_icon = Display::return_icon('attachment.gif'); - $archiveURL=api_get_path(WEB_CODE_PATH).'messages/download.php?type=outbox&file='; - while ($row_file = Database::fetch_array($rs_file)) { - $archiveFile = $row_file['path']; - $filename = $row_file['filename']; - $filesize = format_file_size($row_file['size']); - $filecomment = $row_file['comment']; - $files_attachments .= $attach_icon.' '.$filename.' ('.$filesize.')'.(!empty($filecomment)?' - '.$filecomment:'').'
'; - } - } - } - - $row = Database::fetch_array($result); - $user_con = self::users_connected_by_id(); - $band=0; - $reply=''; - for ($i=0;$i'; - echo ''.Display::return_icon('folder_up.gif',api_xml_http_response_encode(get_lang('BackToOutbox'))).api_xml_http_response_encode(get_lang('BackToOutbox')).''; - echo ''.Display::return_icon('message_delete.png',api_xml_http_response_encode(get_lang('DeleteMessage'))).api_xml_http_response_encode(get_lang('DeleteMessage')).''; - echo '
'; - echo ' - - - - - - -
  - - -

'.str_replace("\\","",api_xml_http_response_encode($row[5])).'

- - - - - - - - -
-
'.api_xml_http_response_encode(get_lang('From').' '.GetFullUserName($row[1]).' '.api_strtolower(get_lang('To')).'  '.GetFullUserName($row[2])).'
'.api_xml_http_response_encode(get_lang('Date').'  '.$row[4]).'
-
- - - - - - -
'.str_replace("\\","",api_xml_http_response_encode($row[6])).'
- '.$files_attachments.' -
 
'; - } - - /** - * get user id by user email - * @param string $user_email - * @return int user id - */ - public static function get_user_id_by_email ($user_email) { - $tbl_user = Database::get_main_table(TABLE_MAIN_USER); - $sql='SELECT user_id FROM '.$tbl_user.' WHERE email="'.Database::escape_string($user_email).'";'; - $rs=Database::query($sql,__FILE__,__LINE__); - $row=Database::fetch_array($rs,'ASSOC'); - if (isset($row['user_id'])) { - return $row['user_id']; - } else { - return null; - } - } - - /** - * display messages for group with nested view - * @param int group id - * @return void - */ - public static function display_messages_for_group($group_id) { - - global $origin; - $rows = self::get_messages_by_group($group_id); - $rows = self::calculate_children($rows); - $group_info = GroupPortalManager::get_group_data($group_id); - $count=0; - - foreach ($rows as $message) { - $indent = $message['indent_cnt']*'20'; - $user_sender_info = UserManager::get_user_info_by_id($message['user_sender_id']); - if (!empty($message['parent_id'])) { - $message_parent_info = self::get_message_by_id($message['parent_id']); - $user_parent_info = UserManager::get_user_info_by_id($message_parent_info['user_sender_id']); - $name_user_parent = api_get_person_name($user_parent_info['firstname'], $user_parent_info['lastname']); - } - $name=api_get_person_name($user_sender_info['firstname'], $user_sender_info['lastname']); - echo "
"; - echo '
'.$message['title'].' ( '.$message['send_date'].' ) 
'; - echo '
'.get_lang('From').' '.$name.' '.get_lang('ToGroup').' '.(!empty($message['parent_id'])?$name_user_parent:$group_info['name']).'
'; - echo '
'.$message['content'].'
'; - echo ''; - echo '
'; - $count++; - } - } - - /** - * Add children to messages by id is used for nested view messages - * @param array rows of messages - * @return array new list adding the item children - */ - public static function calculate_children($rows) { - - foreach($rows as $row) { - $rows_with_children[$row["id"]]=$row; - $rows_with_children[$row["parent_id"]]["children"][]=$row["id"]; - } - $rows=$rows_with_children; - $sorted_rows=array(0=>array()); - self::message_recursive_sort($rows, $sorted_rows); - unset($sorted_rows[0]); - return $sorted_rows; - } - - /** - * Sort recursively the messages, is used for for nested view messages - * @param array original rows of messages - * @param array list recursive of messages - * @param int seed for calculate the indent - * @param int indent for nested view - * @return void - */ - public static function message_recursive_sort($rows, &$messages, $seed=0, $indent=0) { - if($seed>0) { - $messages[$rows[$seed]["id"]]=$rows[$seed]; - $messages[$rows[$seed]["id"]]["indent_cnt"]=$indent; - $indent++; - } - if(isset($rows[$seed]["children"])) { - foreach($rows[$seed]["children"] as $child) { - self::message_recursive_sort($rows, $messages, $child, $indent); - } - } - } - - /** - * Get message list by id - * @param int message id - * @return array - */ - public static function get_message_by_id($message_id) { - $tbl_message = Database::get_main_table(TABLE_MESSAGE); - $message_id = intval($message_id); - $sql = "SELECT * FROM $tbl_message WHERE id = '$message_id'"; - $res = Database::query($sql, __FILE__, __LINE__); - $item = array(); - if (Database::num_rows($res)>0) { - $item = Database::fetch_array($res,'ASSOC'); - } - return $item; - } - -} +/* see main/inc/lib/message.lib.php*/ ?> diff --git a/main/messages/new_message.php b/main/messages/new_message.php index 4f42030ef6..d81903dd7d 100755 --- a/main/messages/new_message.php +++ b/main/messages/new_message.php @@ -5,7 +5,7 @@ Copyright (c) 2009 Dokeos SPRL Copyright (c) 2009 Julio Montoya Armas - Copyright (c) Facultad de Matematicas, UADY (México) + Copyright (c) Facultad de Matematicas, UADY (M�xico) Copyright (c) Evie, Free University of Brussels (Belgium) Copyright (c) 2009 Isaac Flores Paz For a full list of contributors, see "credits.txt". @@ -46,11 +46,11 @@ if (api_get_setting('allow_message_tool')!='true'){ api_not_allowed(); } - -require_once api_get_path(SYS_CODE_PATH).'messages/message.class.php'; require_once api_get_path(LIBRARY_PATH).'text.lib.php'; require_once api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php'; require_once api_get_path(LIBRARY_PATH).'group_portal_manager.lib.php'; +require_once api_get_path(LIBRARY_PATH).'message.lib.php'; + $request=api_is_xml_http_request(); $nameTools = api_xml_http_response_encode(get_lang('Messages')); /* @@ -241,18 +241,14 @@ if (isset($_GET['rs'])) { 'name' => get_lang('SocialNetwork') ); } else { - $interbreadcrumb[] = array ('url' => 'javascript: void(0);', 'name' => get_lang('Messages')); - $interbreadcrumb[]= array ( - 'url' => 'outbox.php', - 'name' => get_lang('Outbox') - ); + $interbreadcrumb[] = array ('url' => 'main/auth/profile.php', 'name' => get_lang('Profile')); $interbreadcrumb[]= array ( 'url' => 'inbox.php', 'name' => get_lang('Inbox') ); } $interbreadcrumb[]= array ( - 'url' => 'javascript: void(0);', + 'url' => '#', 'name' => get_lang('ComposeMessage') ); diff --git a/main/messages/outbox.php b/main/messages/outbox.php index c09de349c8..948801e1a8 100755 --- a/main/messages/outbox.php +++ b/main/messages/outbox.php @@ -32,8 +32,8 @@ $language_file = array('registration','messages','userInfo','admin'); $cidReset=true; require_once '../inc/global.inc.php'; -require_once '../messages/message.class.php'; require_once api_get_path(LIBRARY_PATH).'message.lib.php'; + api_block_anonymous_users(); if (isset($_GET['messages_page_nr'])) { if (api_get_setting('allow_social_tool')=='true' && api_get_setting('allow_message_tool')=='true') { diff --git a/main/messages/send_message.php b/main/messages/send_message.php index ea64933bdc..e219f53530 100755 --- a/main/messages/send_message.php +++ b/main/messages/send_message.php @@ -4,7 +4,6 @@ $language_file = array('registration','messages','userInfo','admin'); $cidReset=true; require_once '../inc/global.inc.php'; -require_once '../messages/message.class.php'; require_once api_get_path(LIBRARY_PATH).'usermanager.lib.php'; require_once api_get_path(LIBRARY_PATH).'message.lib.php'; require_once api_get_path(LIBRARY_PATH).'social.lib.php'; diff --git a/main/messages/send_message_to_userfriend.inc.php b/main/messages/send_message_to_userfriend.inc.php index c1f50f2073..2fb60af9c6 100755 --- a/main/messages/send_message_to_userfriend.inc.php +++ b/main/messages/send_message_to_userfriend.inc.php @@ -3,10 +3,10 @@ $language_file = array('registration','messages','userInfo','admin'); $cidReset=true; require_once '../inc/global.inc.php'; -require_once '../messages/message.class.php'; require_once api_get_path(LIBRARY_PATH).'usermanager.lib.php'; require_once api_get_path(LIBRARY_PATH).'message.lib.php'; require_once api_get_path(LIBRARY_PATH).'social.lib.php'; + if (api_is_anonymous()) { api_not_allowed(); } diff --git a/main/social/groups.php b/main/social/groups.php index b96d17b09a..5953ccdcd9 100644 --- a/main/social/groups.php +++ b/main/social/groups.php @@ -4,9 +4,9 @@ $language_file = array('admin'); require_once '../inc/global.inc.php'; require_once api_get_path(LIBRARY_PATH).'usermanager.lib.php'; -require_once api_get_path(SYS_CODE_PATH).'messages/message.class.php'; require_once api_get_path(LIBRARY_PATH).'group_portal_manager.lib.php'; require_once api_get_path(LIBRARY_PATH).'social.lib.php'; +require_once api_get_path(LIBRARY_PATH).'message.lib.php'; $this_section = SECTION_SOCIAL; @@ -58,13 +58,6 @@ if ($group_id != 0 ) { $users = GroupPortalManager::get_users_by_group($group_id, true); - //@todo this must be move to default.css for dev use only - echo ''; - echo '
'; //Group's title diff --git a/main/social/invitations.php b/main/social/invitations.php index 5209a500f8..bdf414d8f8 100644 --- a/main/social/invitations.php +++ b/main/social/invitations.php @@ -80,15 +80,6 @@ $pending_invitations = GroupPortalManager::get_groups_by_user($user_id, GROUP_US $number_loop=count($list_get_invitation); -//@todo move this to default.css -echo ''; - - if ($number_loop==0) { Display::display_normal_message(get_lang('NoPendingInvitations')); } else { diff --git a/main/social/profile.php b/main/social/profile.php index 612f1c9cbb..7981b32eee 100644 --- a/main/social/profile.php +++ b/main/social/profile.php @@ -7,9 +7,6 @@ * @package dokeos.social */ -/** - * Init - */ $language_file = array('registration','messages','userInfo','admin','forum','blog'); $cidReset = true; require '../inc/global.inc.php'; @@ -210,7 +207,7 @@ if (isset($_GET['u'])) { $info_user=api_get_user_info(api_get_user_id()); $param_user=''; } -$_SESSION['social_user_id'] = $user_id; +$_SESSION['social_user_id'] = intval($user_id); /** * Display @@ -333,7 +330,6 @@ echo '
'; } } } else { - // No friends!! :( $friend_html .= '
'.get_lang('Friends').'
'; $friend_html.= '