l104/H17/nieuw.php
<?php
include ('../dbpepijn.php');
include ('functions.php');
$bewerken='nee';
if($_POST['bewerken'] == 'ja'){$bewerken='ja';}
if ((($_POST['ontvanger']!=='' && $_POST['onderwerp']!== '' &&$_POST['bericht']!=='')||(isset($_POST['ontvanger']) && isset($_POST['onderwerp']) && isset($_POST['bericht'])))||isset($_POST['bewerken'])){
$ontvanger = $_POST['ontvanger'];
$onderwerp = $_POST['onderwerp'];
$bericht = $_POST['bericht'];
$verzender = id();
$verzonden = (new DateTime())->format('Y-m-d H:i:s');
$onderwerp = remove_tags($onderwerp, "<img", ">");
$onderwerp = remove_tags($onderwerp, "<script", "</script>");
$bericht = remove_tags($bericht, "<img", ">");
$bericht = remove_tags($bericht, "<script", "</script>");
if ($ontvanger==''){
}
elseif ($bewerken=='nee') {
$query = "INSERT INTO berichten (van, aan, onderwerp, tekst, gelezen, verzonden) VALUES ('$verzender', '$ontvanger', '$onderwerp', '$bericht', 0, '$verzonden')";
mysqli_query($db, $query) or die(mysqli_error($db) . "1");
echo "<script>document.location='uit.php'</script>";
}
elseif ($bewerken=='ja') {
$id = $_POST['id'];
$query = "SELECT * FROM berichten WHERE id = $id";
$result = mysqli_query($db, $query) or die(mysqli_error($db) . "2");
$row = mysqli_fetch_array($result);
if($row['gelezen']){
echo "<script>alert('U kunt geen bericht bewerken dat al gelezen is!'); document.location = 'uit.php';</script>";
}
else {
$query = "UPDATE berichten SET onderwerp = '$onderwerp', tekst = '$bericht' WHERE id = $id";
mysqli_query($db, $query) or die(mysqli_error($db) . "3");
echo "<script>document.location='uit.php'</script>";
}
}
}
elseif (isset($_POST['ontvanger']) || isset($_POST['onderwerp']) || isset($_POST['bericht'])){
echo "<script>alert('U heeft niet alle velden ingevuld!');</script>";
}
if (isset($_GET['re'])){
$id=$_GET['re'];
$query = "SELECT * FROM berichten WHERE id = $id";
$result = mysqli_query($db, $query) or die(mysqli_error($db). "4");
$row = mysqli_fetch_array($result);
$query1= "SELECT * FROM leden WHERE id = $row[van]";
$result1 = mysqli_query($db, $query1) or die(mysqli_error($db). "5");
$row1 = mysqli_fetch_array($result1);
$query2 = "SELECT * FROM leden WHERE id = $row[aan]";
$result2 = mysqli_query($db, $query2) or die(mysqli_error($db). "6");
$row2 = mysqli_fetch_array($result2);
if (strpos($row['onderwerp'], 'Re: ') === false){
$onderwerp = "Re: $row[onderwerp]";
}
else {
$onderwerp = $row['onderwerp'];
}
$bericht = " \n-------------\n(Op $row[verzonden] stuurde $row1[voornaam] $row1[tv] $row1[achternaam] ($row1[gebruikersnaam]) naar $row2[voornaam] $row2[tv] $row2[achternaam] ($row2[gebruikersnaam])):\n \n$row[tekst]";
}
if (isset($_GET['bw'])){
$id=$_GET['bw'];
$bewerken = 'ja';
$query = "SELECT * FROM berichten WHERE id = $id";
$result = mysqli_query($db, $query) or die(mysqli_error($db). "7");
$row = mysqli_fetch_array($result);
$query1= "SELECT * FROM leden WHERE id = $row[van]";
$result1 = mysqli_query($db, $query1) or die(mysqli_error($db). "8");
$row1 = mysqli_fetch_array($result1);
$query2 = "SELECT * FROM leden WHERE id = $row[aan]";
$result2 = mysqli_query($db, $query2) or die(mysqli_error($db). "9");
$row2 = mysqli_fetch_array($result2);
$onderwerp = $row['onderwerp'];
$bericht = "$row[tekst]";
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
<style>
h2 {
text-align: center;
}
.label {
display: inline-block;
padding: 5px;
width: 100px;
text-align: right;
}
</style>
</head>
<body>
<h2>Nieuw bericht</h2>
<?php include('menu.php');?>
<form action="nieuw.php" method="post">
<div><span class="label">Ontvanger</span><select name="ontvanger">
<option value=''></option>
<?php
$query = "SELECT * FROM leden where gebruikersnaam != '$_COOKIE[ingelogd]'";
$result = mysqli_query($db, $query);
while ($row = mysqli_fetch_array($result)) {
$selected = ($row['id'] == $row2['id']) ? 'selected' : '';
echo "\n<option value='$row[id]' $selected> $row[gebruikersnaam] </option>";
}
?>
</select></div>
<div><span class="label">Onderwerp</span><input type="text" name="onderwerp" placeholder="Onderwerp" value='<?php echo $onderwerp; ?>'></div>
<div><span class="label">Bericht</span><textarea name="bericht" cols="50" rows="10" ><?php echo $bericht; ?></textarea></div>
<input type="hidden" name="bewerken" value='<?php echo $bewerken; ?>'>
<input type="hidden" name="id" value='<?php echo $id; ?>'>
<div><span class="label"></span><input type="submit" value="<?php if($_GET['bw']){echo 'Bewerken';}else{echo 'Versturen';} ?>"></div>
</body>
</html>
Resultaat
Made by Thijs Aarnoudse