OF56/App
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity
master
App/pgs/blog/index.php

105 lines
4.9 KiB
PHP
Executable File
Raw Permalink Blame History

<?php #pgs/blog/index.php
//Load template and style, then extract subsection
$tpl = array(
"main" => tplExtrSection(tplLoadFile("pgs/blog/blog.html"), "BLOG"),
"entry" => "",
"new" => ""
);
addStyle("pgs/blog/blog.css");
if ($userID = lgnCheckLogin($mysqli)) {
// Eingabemaske für Blogeintrag
if (lgnCheckRight($mysqli, "BLOG_ADD", $userID)) {
// Neue Nachricht wurde verfasst?
if (isset($input["blog_new_submit"]) && ""!=$input["blog_new_text"] && ""!=$input["blog_new_title"] && $input["secToken"]==$_SESSION["secTokenVerify"]) {
// Autor überprüfen und gegebenenfalls überschreiben
$guestID = null;
$guestName = "";
$qry = "SELECT g.ID,g.prenames,g.surnames FROM guests g LEFT JOIN users u ON u.groupID=g.groupID WHERE g.companion=0 AND u.ID = ? ORDER BY g.ID = ? DESC LIMIT 1";
if ($stmt = $mysqli->prepare($qry)) {
$stmt->bind_param("ii", $userID, $input["boardnew_author"]);
$stmt->execute();
$res = $stmt->get_result();
if ($row = $res->fetch_assoc()) {
$guestID = $row["ID"];
$guestName = $row["prenames"]." ".$row["surnames"];
}
}
// Datensatz einfügen
$insert = "INSERT INTO blog (guestID, rightID, dttm, title, text) VALUES (?, (SELECT r.ID FROM rights r WHERE name = ?), NOW(), ?, ?)";
if ($stmt->prepare($insert)) {
$encTitle = cntCipherTextSym($input["blog_new_title"], SYM_CIPHER_KEY);
$encText = cntCipherTextSym($input["blog_new_text"], SYM_CIPHER_KEY);
$right = isset($input["blog_new_brautpaar"]) && $input["blog_new_brautpaar"]=="1" ? null : "HIDDEN_FROM_BRAUTPAAR";
$stmt->bind_param("isss", $guestID, $right, $encTitle, $encText);
if ($stmt->execute()) {
$text = tplExtrSection(tplLoadFile("pgs/blog/mail.html"), "###MASSMAIL###");
if ($right==null) {
$text = tplReplSection($text, "###NO_BRAUTPAAR_WARNING###", "");
} else {
$text = tplReplSection($text, "###NO_BRAUTPAAR_WARNING###", tplExtrSection($text, "###NO_BRAUTPAAR_WARNING###"));
}
$text = tplReplMarker($text, "###TITLE###", $input["blog_new_title"]);
$text = tplReplMarker($text, "###MESSAGE###", str_replace("\\r\\n", "<br />", $input["blog_new_text"]));
$text = tplReplMarker($text, "###FROM###", $guestName);
emlSendMassmail($mysqli, $userID, $guestName, "Rundmail zur Hochzeit von Sophia und Nils", $text, $right);
}
}
}
$tpl["new"] = tplExtrSection($tpl["main"], "###BLOG.NEW###");
$tpl["author"] = tplExtrSection($tpl["new"], "###BLOG.NEW.AUTHOR###");
$authors = "";
$qry = "SELECT g.ID, g.prenames, g.surnames FROM guests g WHERE g.companion=0 AND g.groupID = (SELECT groupID FROM users WHERE ID = ".$userID.")";
if ($res = $mysqli->query($qry)) {
while ($row = $res->fetch_assoc()) {
$author = tplReplMarker($tpl["author"], "###BLOG.NEW.AUTHOR.ID", $row["ID"]);
$author = tplReplMarker($author, "###BLOG.NEW.AUTHOR.NAME", $row["prenames"]." ".$row["surnames"]);
$authors.= $author;
}
}
$tpl["new"] = tplReplSection($tpl["new"], "###BLOG.NEW.AUTHOR###", $authors);
if (lgnCheckRight($mysqli, "HIDDEN_FROM_BRAUTPAAR", $userID)) {
$tpl["new"] = tplReplMarker($tpl["new"], "###BLOG.NEW.BRAUTPAAR.OPTIONS###", "");
} else {
$tpl["new"] = tplReplMarker($tpl["new"], "###BLOG.NEW.BRAUTPAAR.OPTIONS###", "checked style='visibility: hidden;' ");
}
}
// Blogeinträge auflisten
$tpl["entry"] = tplExtrSection($tpl["main"], "###BLOG.ENTRY###");
$entries = "";
$qry = "SELECT b.*, g.prenames, g.surnames FROM blog b LEFT JOIN guests g ON g.ID=b.guestID "
."LEFT JOIN rolerights r ON r.rightID=b.rightID LEFT JOIN users u ON u.roleID=r.roleID "
."WHERE b.rightID IS NULL OR u.ID=".$userID;
if ($res = $mysqli->query($qry)) {
while ($row = $res->fetch_assoc()) {
$replace = array(
"###BLOG.ENTRY.ID###" => $row["ID"],
"###BLOG.ENTRY.DATETIME###" => $row["dttm"],
"###BLOG.ENTRY.AUTHOR###" => $row["prenames"]." ".$row["surnames"],
"###BLOG.ENTRY.TITLE###" => cntCipherTextSym($row["title"], SYM_CIPHER_KEY),
"###BLOG.ENTRY.TEXT###" => str_replace("\\r\\n", "<br />", cntCipherTextSym($row["text"], SYM_CIPHER_KEY))
);
$entry = tplReplMarkerArray($tpl["entry"], $replace);
if ($row["rightID"]==null) {
$entry = tplReplSection($entry, "###NO_BRAUTPAAR_WARNING###", "");
} else {
$entry = tplReplSection($entry, "###NO_BRAUTPAAR_WARNING###", tplExtrSection($entry, "###NO_BRAUTPAAR_WARNING###"));
}
$entries.= $entry;
}
} else {
addError("Mysql", $mysqli->error." // Query: ".$qry);
}
$tpl["entry"] = $entries;
}
$tpl["main"] = tplReplSection($tpl["main"], "###BLOG.ENTRY###", $tpl["entry"]);
$tpl["main"] = tplReplSection($tpl["main"], "###BLOG.NEW###", $tpl["new"]);
$output["main"] = $tpl["main"];
?>
Reference in New Issue View Git Blame Copy Permalink