t("In game messages"), 'description' => t("In game messages."), 'type' => MENU_CALLBACK, 'page callback' => '_chess_messages_js_fetch', 'access arguments' => array('access chess module'), //'access' => true, 'weight' => 0, ); return $items; } function _chess_messages_post() { global $user; if(!isset($_POST) || !isset($_SESSION['gameID']) || $user->uid == 0 ) return; $sql = "INSERT INTO webchess_messaging ( timestamp, gameID, uid, message ) VALUES ( NOW(), %d, %d, '%s' )"; // we'll be using _strip_html_tags till there is a default drupal // function which removes tags. // I've tested check_plain, check_markup, filter_xss but failed. if(isset($_POST['message'])) { $clean_message = _strip_html_tags($_POST['message']); db_query($sql, $_SESSION['gameID'], $user->uid, $clean_message); } } function _chess_messages_js_fetch() { _chess_messages_post(); print _chess_messages_fetch(); } function _chess_messages_normal_fetch() { drupal_add_js(drupal_get_path('module', 'chess_messages'). "/js/message.js", "chess_messages"); $opts = array('absolute' => TRUE); $json_url = url('chess/game_message', $opts); drupal_add_js( array('chess_messages' => array("json_url" => $json_url)), 'setting'); return _chess_messages_fetch(); } function _chess_messages_fetch($gameID = NULL) { if(isset($_SESSION['gameID'])) $gameID = $_SESSION['gameID']; if($gameID == NULL || $gameID == '') return t('There are no messages.'); $result = db_query(" SELECT wm.*, u.name FROM webchess_messaging as wm LEFT JOIN {users} AS u ON u.uid = wm.uid WHERE wm.gameID = %d ORDER BY timestamp ASC", $gameID ); $output =''; while($obj = db_fetch_object($result)) { $output .= _chess_messages_block_content($obj); } // insert form $output .= '
This field is required.
'; return $output; } function _chess_messages_block_content($obj = NULL) { if($obj == NULL) return t('object not found'); $output = '
'; $output .= "[{$obj->timestamp}] {$obj->name} : "; $output .= ''; $output .= t('%s' , array('%s' => $obj->message)); $output .= ''; $output .= '
'; return $output; } function _strip_html_tags( $text ) { $text = preg_replace( array( // Remove invisible content '@]*?>.*?@siu', '@]*?>.*?@siu', '@]*?.*?@siu', '@]*?.*?@siu', '@]*?.*?@siu', '@]*?.*?@siu', '@]*?.*?@siu', '@]*?.*?@siu', '@]*?.*?@siu', // Add line breaks before and after blocks '@