|
<?php |
|
session_start(); |
|
|
|
require 'pdo.php'; |
|
|
|
if (!isset($_SESSION['id'])) { |
|
http_response_code(403); |
|
die("L'accès à cette page requiert d'être authentifié"); |
|
} |
|
|
|
$stmt = $bdd->prepare(<<<'EOS' |
|
SELECT s.*, m.id AS meta_id, m.read_at |
|
FROM mp_sujets s |
|
LEFT JOIN mp_meta m ON m.sujet_id = s.id AND m.membre_id = :user_id |
|
WHERE s.id = :sujet_id |
|
EOS |
|
); |
|
$stmt->bindValue('sujet_id', $_GET['id'], PDO::PARAM_INT); |
|
$stmt->bindValue('user_id', $_SESSION['id'], PDO::PARAM_INT); |
|
$stmt->execute(); |
|
|
|
if ($sujet = $stmt->fetch()) { |
|
if (!$sujet['meta_id']) { |
|
http_response_code(403); |
|
die("Ce MP ne vous est pas adressé"); |
|
} else { |
|
$stmt = $bdd->prepare('UPDATE mp_meta SET read_at = NOW() WHERE membre_id = :user_id AND sujet_id = :sujet_id'); |
|
$stmt->bindValue('sujet_id', $_GET['id'], PDO::PARAM_INT); |
|
$stmt->bindValue('user_id', $_SESSION['id'], PDO::PARAM_INT); |
|
$stmt->execute(); |
|
|
|
$page_courante = isset($_GET['page']) ? max(intval($_GET['page']), 1) : 1; |
|
|
|
$messages = $bdd->prepare(<<<'EOS' |
|
SELECT m.*, u.nom, :read IS NULL OR :read_at < created_at AS unread |
|
FROM mp_messages m |
|
JOIN membres u ON m.auteur_id = u.id |
|
WHERE sujet_id = :sujet_id |
|
LIMIT :limit |
|
OFFSET :offset |
|
EOS |
|
); |
|
$messages->bindValue('read', $sujet['read_at'], PDO::PARAM_STR); |
|
$messages->bindValue('read_at', $sujet['read_at'], PDO::PARAM_STR); |
|
$messages->bindValue('sujet_id', $_GET['id'], PDO::PARAM_INT); |
|
$messages->bindValue('limit', NB_MESSAGES_PAR_PAGE, PDO::PARAM_INT); |
|
$messages->bindValue('offset', NB_MESSAGES_PAR_PAGE * ($page_courante - 1), PDO::PARAM_INT); |
|
$messages->execute(); |
|
|
|
echo '<h1>', htmlspecialchars($sujet['titre'], ENT_NOQUOTES), '</h1>'; |
|
|
|
pagination($sujet['nb_messages'], NB_MESSAGES_PAR_PAGE, $page_courante, ['id' => $sujet['id']]); |
|
|
|
echo '<table width="100%">'; |
|
$datefmt = new IntlDateFormatter('fr_FR', NULL, NULL, NULL, NULL, 'EEEE dd LLLL HH:mm'); |
|
foreach ($messages as $message) { |
|
?> |
|
<tr id="<?= $message['id'] ?>" class="<?= $message['unread'] ? 'unread' : '' ?>"> |
|
<td> |
|
<?= htmlspecialchars($message['nom'], ENT_NOQUOTES) ?> |
|
<br /> |
|
<?= $datefmt->format(date_create($message['created_at'])) ?> |
|
</td> |
|
<td><?= nl2br(htmlspecialchars($message['message'], ENT_NOQUOTES)) ?></td> |
|
</tr> |
|
<?php |
|
} |
|
echo '</table>'; |
|
|
|
pagination($sujet['nb_messages'], NB_MESSAGES_PAR_PAGE, $page_courante, ['id' => $sujet['id']]); |
|
} |
|
} else { |
|
http_response_code(404); |
|
die("MP inexistant"); |
|
} |
|
|
|
$erreurs = []; |
|
if ('POST' == $_SERVER['REQUEST_METHOD']) { |
|
if (empty($_POST['message'])) { |
|
$erreurs['message'] = "Champ message non rempli"; |
|
} else if (mb_strlen($_POST['message']) < 3) { |
|
$erreurs['message'] = "message trop court"; |
|
} |
|
if ($erreurs) { |
|
echo '<p>Veuillez corriger les erreurs suivantes :</p>'; |
|
echo '<ul><li>', implode('</li><li>', $erreurs), '</li></ul>'; |
|
} else { |
|
$bdd->beginTransaction(); |
|
$stmt = $bdd->prepare('INSERT INTO mp_messages(sujet_id, auteur_id, message, created_at) VALUES(:sujet_id, :auteur_id, :message, NOW())' . ('pgsql' == $bdd->getAttribute(PDO::ATTR_DRIVER_NAME) ? ' RETURNING id' : '')); |
|
$stmt->bindValue('sujet_id', $_GET['id'], PDO::PARAM_INT); |
|
$stmt->bindValue('auteur_id', $_SESSION['id'], PDO::PARAM_INT); |
|
$stmt->bindValue('message', $_POST['message'], PDO::PARAM_STR); |
|
$stmt->execute(); |
|
$msg_id = 'pgsql' == $bdd->getAttribute(PDO::ATTR_DRIVER_NAME) ? $stmt->fetchColumn() : $bdd->lastInsertId(); |
|
|
|
$stmt = $bdd->prepare('UPDATE mp_sujets SET dernier_message_id = ' . LAST_INSERT_ID_FUNC_NAME . '(), dernier_message_date = NOW(), dernier_message_auteur_id = :auteur_id, nb_messages = nb_messages + 1 WHERE id = :sujet_id'); |
|
$stmt->bindValue('sujet_id', $_GET['id'], PDO::PARAM_INT); |
|
$stmt->bindValue('auteur_id', $_SESSION['id'], PDO::PARAM_INT); |
|
$stmt->execute(); |
|
$bdd->commit(); |
|
header('Location: show.php?id=' . $sujet['id'] . '#' . $msg_id); |
|
exit; |
|
} |
|
} |
|
?> |
|
|
|
<form method="POST"> |
|
<div> |
|
<label for="message">Message :</label> |
|
<textarea id="message" name="message" class="<?= isset($erreurs['message']) ? 'erreur' : '' ?>"><?= htmlspecialchars($_POST['message'] ?? '', ENT_NOQUOTES) ?></textarea> |
|
</div> |
|
<div> |
|
<input type="submit" value="Répondre"/> |
|
</div> |
|
</form> |