msg_eleve.php at Pnyx : des lections virtuelles!

<?

	#########################################################################################
	# Envoie d'un message à un élève de Pnyx												#
	# Auteur : V. Blais																		#
	# Création : 2006-05-02																	#
	# Modification : 2008-09-10																#
	# 																						#
	# Pnyx - une application Web (PHP/MySQL) d'élections virtuelles conçue pour	des	élèves	#
	# du primaire et du secondaire, dans lequel ils sont amenés à faire des	propositions	#
	# en ligne et voter pour leur favorite, sous la supervision d'un enseignant.			#
	#																						#
    # Copyright (C) <2008 - 2009>															#
	# <Service national du RÉCIT de l'univers social de la Commission scolaire de la		#
	# Pointe-de-l'Île>																		#
	#																						#
	# This program is free software; you can redistribute it and/or modify it under the 	#
	# terms of the GNU General Public License as published by the Free Software Foundation.	#
	# This program is distributed in the hope that it will be useful, but WITHOUT ANY 		#
	# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A 		#
	# PARTICULAR PURPOSE.  See the GNU General Public License for more details.				#
	# You should have received a copy of the GNU General Public License along with this 	#
	# program as the file LICENSE.txt; if not, please see 									#
	# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.									#
	# 																						#
	# Service national du RÉCIT de l'univers social											#
	# http://www.recitus.qc.ca																#
	# Contact e-mail : steve-hide@address.com												#
	#########################################################################################

	require "entete_php.php";
	
	/*session_name("cliquez");
	session_start();
	bd_connexion();*/
	
		# ou verifier si la session est valide 
		# puis verifier si l'usager dispose des autorisations requises
		# pour la saisie
		verifier_session();
		acces_resp("msg_eleve.php");
		
		/*$idp = $HTTP_SESSION_VARS[SESSION][projet];
		$idr = $HTTP_SESSION_VARS[SESSION][usager_id];*/
if(isset($HTTP_POST_VARS['type_action'])){
	if ($HTTP_POST_VARS['type_action'] == "envoyer"){
		$date = date("Y-m-d");
		$time = date("H:i:s");
		$temps = $date." ".$time; 
		$texte = addslashes($HTTP_POST_VARS['texte']);
		
			$requete_sql = "INSERT INTO msg_resp (auteur, destinataire, type_dest, 
													date, titre, texte, projet_id)
							VALUES ($usager, \"$HTTP_POST_VARS[id_eleve]\", \"eleve\", \"$temps\", 
								\"".addslashes($HTTP_POST_VARS["titre"])."\", \"$texte\", $projet)
							";
			$reponse_msg_grp = bd_executer_sql($requete_sql);
			
			$requete_sql = "SELECT nom, prenom FROM eleve
							WHERE eleve_id = $HTTP_POST_VARS[id_eleve]";
			
			$reponse_grp = bd_executer_sql($requete_sql);
			$eleve = mysql_fetch_array($reponse_grp);
		
			$HTTP_SESSION_VARS['SESSION']['message'] = "Le message est envoyé."; 
		
	
	}
}

	$requete_sql = "SELECT titre
					FROM site_parametres
					";
	$reponse_titre = mysql_query($requete_sql);
	$ligne_titre = mysql_fetch_array($reponse_titre);
	
	$requete_sql = "SELECT groupe_id
					FROM eleve
					WHERE eleve_id = " . $_GET['id_eleve'] . "
					";
	$reponse_eleve = mysql_query($requete_sql);
	$ligne_eleve = mysql_fetch_array($reponse_eleve);
	
	$requete_sql = "SELECT resp_id
					FROM groupe
					WHERE groupe_id = " . $ligne_eleve['groupe_id'] . "
					";	
	$reponse_grp = mysql_query($requete_sql);
	$ligne_grp = mysql_fetch_array($reponse_grp);

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<title><?= $ligne_titre['titre'] ?></title>

<script type="text/javascript" src="lib/fonctions.js"></script>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
<script type="text/javascript">
_uacct = "UA-1684383-1";
urchinTracker();
</script>
</head>
<body bgcolor="#FFFFFF">
<?
	if ($HTTP_POST_VARS[type_action] == "envoyer"){
?>
		<script language="JavaScript">
			refresh_parent();
		</script>
<?
	}
if($ligne_grp['resp_id'] == $usager){
?>	
<form action="msg_eleve.php" name="form_mod_groupe" method="post">
		<table width="664" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
		<tr>
		<td colspan="2">&nbsp;</td>
		</tr>
		<tr>
		<td colspan="2"><?
		
		if ($HTTP_POST_VARS[type_action] == "envoyer"){
			echo "<br>$message";
			$message="";
	}else{ 
		
	
?></td>
		</tr>
		<tr>
		<td width="78" valign="top"><p><strong>Titre :</strong></p></td>
		<td width="586"><input type="text" name="titre" size="50" maxlength="255"/> </td>
		</tr>
		<tr>
		<td width="78" valign="top"><p><strong>Texte :</strong></p></td>
		<td width="586"><textarea name="texte" cols="60" rows="10"></textarea> </td>
		</tr>
		<tr>
		<td colspan="2"><p>&nbsp;</p></td>
		</tr>
		<tr>
		<td colspan="2" align="center"><input type="submit" name="Submit3" value="Envoyer"/>
			<input type="hidden" name="type_action" value="envoyer" />
<?
		echo "<input type='hidden' name='id_eleve' value='$HTTP_GET_VARS[id_eleve]' />";
}
?>
			&nbsp;&nbsp;&nbsp;<input type="button" value="Fermer" onclick="self.close()" />
		</td>
		</tr> 
		<tr>
		<td colspan="2"><p>&nbsp;</p></td>
		</tr>
    	</table>
		</form>
<?
}
else{
?>
	<p>Vous n'êtes pas l'enseignant de cet élève. Il vous est impossible de lui envoyer un message.</p>
<?
}
	mysql_close();
?>
</body>
</html>