<?php #pgs/blog/index.php

//Load template and style, then extract subsection
$tpl = array(
  "main" => tplExtrSection(tplLoadFile("pgs/blog/blog.html"), "BLOG"),
  "entry" => "",
  "new" => ""
);
addStyle("pgs/blog/blog.css");

if ($userID = lgnCheckLogin($mysqli)) {
  // Eingabemaske für Blogeintrag
  if (lgnCheckRight($mysqli, "BLOG_ADD", $userID)) {
    // Neue Nachricht wurde verfasst?
    if (isset($input["blog_new_submit"]) && ""!=$input["blog_new_text"] && ""!=$input["blog_new_title"] && $input["secToken"]==$_SESSION["secTokenVerify"]) {
      // Autor überprüfen und gegebenenfalls überschreiben
      $guestID = null;
      $guestName = "";
      $qry = "SELECT g.ID,g.prenames,g.surnames FROM guests g LEFT JOIN users u ON u.groupID=g.groupID WHERE g.companion=0 AND u.ID = ? ORDER BY g.ID = ? DESC LIMIT 1";
      if ($stmt = $mysqli->prepare($qry)) {
        $stmt->bind_param("ii", $userID, $input["boardnew_author"]);
        $stmt->execute();
        $res = $stmt->get_result();
        if ($row = $res->fetch_assoc()) {
          $guestID = $row["ID"];
          $guestName = $row["prenames"]." ".$row["surnames"];
        }
      }

      // Datensatz einfügen
      $insert = "INSERT INTO blog (guestID, rightID, dttm, title, text) VALUES (?, (SELECT r.ID FROM rights r WHERE name = ?), NOW(), ?, ?)";
      if ($stmt->prepare($insert)) {
        $encTitle = cntCipherTextSym($input["blog_new_title"], SYM_CIPHER_KEY);
        $encText = cntCipherTextSym($input["blog_new_text"], SYM_CIPHER_KEY);
        $right = isset($input["blog_new_brautpaar"]) && $input["blog_new_brautpaar"]=="1" ? null : "HIDDEN_FROM_BRAUTPAAR";
        $stmt->bind_param("isss", $guestID, $right, $encTitle, $encText);
        if ($stmt->execute()) {
          $text = tplExtrSection(tplLoadFile("pgs/blog/mail.html"), "###MASSMAIL###");
          if ($right==null) {
            $text = tplReplSection($text, "###NO_BRAUTPAAR_WARNING###", "");
          } else {
            $text = tplReplSection($text, "###NO_BRAUTPAAR_WARNING###", tplExtrSection($text, "###NO_BRAUTPAAR_WARNING###"));
          }
          $text = tplReplMarker($text, "###TITLE###", $input["blog_new_title"]);
          $text = tplReplMarker($text, "###MESSAGE###", str_replace("\\r\\n", "<br />", $input["blog_new_text"]));
          $text = tplReplMarker($text, "###FROM###", $guestName);
          emlSendMassmail($mysqli, $userID, $guestName, "Rundmail zur Hochzeit von Sophia und Nils", $text, $right);
        }
      }
    }
    
    $tpl["new"] = tplExtrSection($tpl["main"], "###BLOG.NEW###");
    $tpl["author"] = tplExtrSection($tpl["new"], "###BLOG.NEW.AUTHOR###");
    $authors = "";
    $qry = "SELECT g.ID, g.prenames, g.surnames FROM guests g WHERE g.companion=0 AND g.groupID = (SELECT groupID FROM users WHERE ID = ".$userID.")";
    if ($res = $mysqli->query($qry)) {
      while ($row = $res->fetch_assoc()) {
        $author = tplReplMarker($tpl["author"], "###BLOG.NEW.AUTHOR.ID", $row["ID"]);
        $author = tplReplMarker($author, "###BLOG.NEW.AUTHOR.NAME", $row["prenames"]." ".$row["surnames"]);
        $authors.= $author;
      }
    }
    $tpl["new"] = tplReplSection($tpl["new"], "###BLOG.NEW.AUTHOR###", $authors);
    if (lgnCheckRight($mysqli, "HIDDEN_FROM_BRAUTPAAR", $userID)) {
      $tpl["new"] = tplReplMarker($tpl["new"], "###BLOG.NEW.BRAUTPAAR.OPTIONS###", "");
    } else {
      $tpl["new"] = tplReplMarker($tpl["new"], "###BLOG.NEW.BRAUTPAAR.OPTIONS###", "checked style='visibility: hidden;' ");
    }
  }
  
  // Blogeinträge auflisten
  $tpl["entry"] = tplExtrSection($tpl["main"], "###BLOG.ENTRY###");
  $entries = "";
  $qry = "SELECT b.*, g.prenames, g.surnames FROM blog b LEFT JOIN guests g ON g.ID=b.guestID "
        ."LEFT JOIN rolerights r ON r.rightID=b.rightID LEFT JOIN users u ON u.roleID=r.roleID "
        ."WHERE b.rightID IS NULL OR u.ID=".$userID;
  if ($res = $mysqli->query($qry)) {
    while ($row = $res->fetch_assoc()) {
      $replace = array(
        "###BLOG.ENTRY.ID###" => $row["ID"],
        "###BLOG.ENTRY.DATETIME###" => $row["dttm"],
        "###BLOG.ENTRY.AUTHOR###" => $row["prenames"]." ".$row["surnames"],
        "###BLOG.ENTRY.TITLE###" => cntCipherTextSym($row["title"], SYM_CIPHER_KEY),
        "###BLOG.ENTRY.TEXT###" => str_replace("\\r\\n", "<br />", cntCipherTextSym($row["text"], SYM_CIPHER_KEY))
      );
      $entry = tplReplMarkerArray($tpl["entry"], $replace);
      if ($row["rightID"]==null) {
        $entry = tplReplSection($entry, "###NO_BRAUTPAAR_WARNING###", "");
      } else {
        $entry = tplReplSection($entry, "###NO_BRAUTPAAR_WARNING###", tplExtrSection($entry, "###NO_BRAUTPAAR_WARNING###"));
      }
      
      $entries.= $entry;
    }
  } else {
    addError("Mysql", $mysqli->error." // Query: ".$qry);
  }
  $tpl["entry"] = $entries;
}

$tpl["main"] = tplReplSection($tpl["main"], "###BLOG.ENTRY###", $tpl["entry"]);
$tpl["main"] = tplReplSection($tpl["main"], "###BLOG.NEW###", $tpl["new"]);
$output["main"] = $tpl["main"];

?>