chiro-canto/public/discussion/messages/index.php

<?php
session_reset();
session_start();
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
$root = realpath($_SERVER["DOCUMENT_ROOT"]);
require("$root/lang/gettext.php");
require "$root/database/credentials.php";
// Connect the database
try {
	$db = new PDO("mysql:host=$host;dbname=$database;charset=utf8", 
		$user, 
		$password, 
		array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
		));
} catch (Exception $e) {
	die("Error : ".$e->getMessage());
}
if (isset($_SESSION['username'])) {
    $req = $db->prepare('SELECT id FROM `authors` WHERE username=:username');
    $req->execute(array(
        "username"=>$_SESSION['username']
    ));
    if ($data = $req->fetch()) {
        $sender_id = $data['id'];
    }
} else {
    $_SESSION['error_msg'] = _('You must be logged in to receive or send messages.');
    header('Location: /auth/login');
}
if (isset($_GET['author'])) {
    if (!is_numeric($_GET['author'])) {
        $req = $db->prepare('SELECT id FROM `authors` WHERE username=:username');
        $req->execute(array(
            "username"=>$_GET['author']
        ));
        if ($data = $req->fetch()) {
            $user_id = $data['id'];
        } else {
            $user_id = $_GET['author'];
        }
        $req = $db->prepare('SELECT username FROM `authors` WHERE id=:id');
        $req->execute(array(
            "id"=>$sender_id
        ));
        if ($data = $req->fetch()) {
            $addressee = $data['username'];
        }
    }
    $req = $db->prepare('SELECT * FROM `messages` WHERE message_by=:sender_id AND message_to=:user_id OR message_by=:sender_id AND message_to=:user_id ORDER BY message_datetime ASC');
    $req->execute(array(
        "sender_id"=>$sender_id,
        "user_id"=>$user_id
    ));
    $result = $req->fetchAll();
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Explore | Chiro - Canto</title>
    <link rel="stylesheet" type="text/css" href="/styles/style.css">
</head>
<?php 
include("$root/analytics/owa.php");
include("$root/analytics/matomo.php");
?>
<body>
    <?php include("$root/menu.php");?>
    <?php include("$root/header.php");?>
    <section>
    <h2><?=_('Discussion')?></h2>
    <div class="messages">
        <div class="author">
            <?=$addressee?>
        </div>
        <?php
        foreach($result as $message) {
            $message_id = $message['id'];
            $req = $db->prepare('UPDATE `messages` SET message_read=1 WHERE id=:id');
            $req->execute(array(
                "id"=>$message_id
            ));
            if ($message['message_by'] == $_SESSION['username']) {
                $class = "right";
            } else {
                $class = "left";
            }
            ?>
            <div class="message <?=$class?>">
                <div class="datetime">
                    <?=$message['message_datetime']?>
                </div>
                <div class="content">
                    <?=$message['message_content']?>
                </div>
            </div>
            <?php
        }
        ?>
    </div>
    <?php
    if (isset($user_id) and isset($_GET['author'])) {
    ?>
    <form action="sendmessage.php" method="post">
        <input type="hidden" name="message_by" value="<?=$user_id?>">
        <input type="hidden" name="message_to" value="<?=$_GET['author']?>">
        <input type="text" name="message_content" id="message_content" placeholder="<?=_('Enter your message..')?>">
        <input type="submit" name="submit" value="<?=_('Send')?>">
    </form>
    <?php
    }
    ?>
    </section>
    <?php include("$root/footer.php");?>
</body>
<script src="/scripts/script.js"></script>
</html>