chiro-canto/public/discussion/messages/index.php
2021-04-18 16:59:01 +02:00

121 lines
3.7 KiB
PHP

<?php
session_reset();
session_start();
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
$root = realpath($_SERVER["DOCUMENT_ROOT"]);
require "$root/database/credentials.php";
// Connect the database
try {
$db = new PDO("mysql:host=$host;dbname=$database;charset=utf8",
$user,
$password,
array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
));
} catch (Exception $e) {
die("Error : ".$e->getMessage());
}
if (isset($_SESSION['username'])) {
$req = $db->prepare('SELECT id FROM `authors` WHERE username=:username');
$req->execute(array(
"username"=>$_SESSION['username']
));
if ($data = $req->fetch()) {
$sender_id = $data['id'];
}
} else {
$_SESSION['error_msg'] = "You must be logged in to receive an send message.";
header('Location: /auth/login');
}
if (isset($_GET['author'])) {
if (!is_numeric($_GET['author'])) {
$req = $db->prepare('SELECT id FROM `authors` WHERE username=:username');
$req->execute(array(
"username"=>$_GET['author']
));
if ($data = $req->fetch()) {
$user_id = $data['id'];
} else {
$user_id = $_GET['author'];
}
$req = $db->prepare('SELECT username FROM `authors` WHERE id=:id');
$req->execute(array(
"id"=>$sender_id
));
if ($data = $req->fetch()) {
$addressee = $data['username'];
}
}
$req = $db->prepare('SELECT * FROM `messages` WHERE message_by=:sender_id AND message_to=:user_id OR message_by=:sender_id AND message_to=:user_id ORDER BY message_datetime ASC');
$req->execute(array(
"sender_id"=>$sender_id,
"user_id"=>$user_id
));
$result = $req->fetchAll();
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Explore | Chiro - Canto</title>
<link rel="stylesheet" type="text/css" href="/styles/style.css">
</head>
<?php
include("$root/analytics/owa.php");
include("$root/analytics/matomo.php");
?>
<body>
<?php include("$root/menu.php");?>
<?php include("$root/header.php");?>
<section>
<h2>Discussion</h2>
<div class="messages">
<div class="author">
<?=$addressee?>
</div>
<?php
foreach($result as $message) {
$message_id = $message['id'];
$req = $db->prepare('UPDATE `messages` SET message_read=1 WHERE id=:id');
$req->execute(array(
"id"=>$message_id
));
if ($message['message_by'] == $_SESSION['username']) {
$class = "right";
} else {
$class = "left";
}
?>
<div class="message <?=$class?>">
<div class="datetime">
<?=$message['message_datetime']?>
</div>
<div class="content">
<?=$message['message_content']?>
</div>
</div>
<?php
}
?>
</div>
<?php
if (isset($user_id) and isset($_GET['author'])) {
?>
<form action="sendmessage.php" method="post">
<input type="hidden" name="message_by" value="<?=$user_id?>">
<input type="hidden" name="message_to" value="<?=$_GET['author']?>">
<input type="text" name="message_content" id="message_content" placeholder="Enter your message..">
<input type="submit" name="submit" value="Send">
</form>
<?php
}
?>
</section>
<?php include("$root/footer.php");?>
</body>
<script src="/scripts/script.js"></script>
</html>