First commit.

8 files changed, 239 insertions, 0 deletions

diff --git a/lib/notes/delete.php b/lib/notes/delete.php
new file mode 100644
index 0000000..e8ef31e
--- /dev/null
+++ b/lib/notes/delete.php
@@ -0,0 +1,13 @@
+<?php
+
+assert_redir(count($args) >= 3, 'notes');
+$noteid = intval($args[2]);
+
+$note = mysql_fetch_assoc(sql("SELECT owner FROM notes WHERE id = $noteid"));
+assert_error($note && $note['owner'] == $user['id'],
+	"This note does not exist, or you are not allowed to delete it.");
+
+token_validate("Do you really want to delete this note ? All children notes will become children of the root note.", "view-notes-$noteid");
+sql("DELETE FROM notes WHERE id = $noteid");
+sql("UPDATE notes SET parent = 0 WHERE parent = $noteid");
+header("Location: user-notes-" . $user['id']);
diff --git a/lib/notes/edit.php b/lib/notes/edit.php
new file mode 100644
index 0000000..17f1573
--- /dev/null
+++ b/lib/notes/edit.php
@@ -0,0 +1,50 @@
+<?php
+
+require("lib/markdown.php");
+
+assert_redir(count($args) == 3, 'notes');
+$noteid = intval($args[2]);
+
+$note = mysql_fetch_assoc(sql(
+	"SELECT na.id AS id, na.title AS title, na.text AS text, na.public AS public, na.owner AS owner, ".
+	"nb.title AS parent_title, nb.id AS parent_id, account.login AS ownername FROM notes na ".
+	"LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ".
+	"WHERE na.id = $noteid"
+));
+assert_error($note && $note['owner'] == $user['id'],
+	"This note does not exist, or you are not allowed to edit it.");
+
+$note_title = $note['title'];
+$note_text = $note['text'];
+$note_public = $note['public'];
+if (isset($_POST['title']) && isset($_POST['text'])) {
+	$note_title = esca($_POST['title']);
+	$note_text = esca($_POST['text']);
+	$note_html = Markdown($note_text);
+	$note_public = isset($_POST['public']);
+	if ($note_title == "") {
+		$error = "You must enter a title for your note";
+	} else {
+		if (isset($_POST['preview']) && $_POST['preview'] == "Preview") {
+			$preview = $note_html;
+			$message = "Your preview is below the edit form.";
+		} else {
+			sql("UPDATE notes SET title = '" . escs($note_title) . "', text = '" . escs($note_text) .
+				"', text_html = '" . escs($note_html) . "', public = " . ($note_public?'1':'0') .
+				" WHERE id = $noteid");
+			header("Location: view-notes-" . $noteid);
+			die();
+		}
+	}
+}
+
+$title = "Edit : " . $note['title'];
+$fields = array(
+	array("label" => "Title : ", "name" => "title", "value" => $note_title),
+	array("label" => "Public ? ", "name" => "public", "type" => "checkbox", "checked" => $note_public),
+	array("label" => "Text : ", "name" => "text", "type" => "textarea", "value" => $note_text),
+	array("label" => "Preview : ", "name" => "preview", "type" => "submit", "value" => "Preview"),
+	);
+$validate = "Edit note";
+
+require("tpl/notes/edit.php");
diff --git a/lib/notes/index.php b/lib/notes/index.php
new file mode 100644
index 0000000..3c81f46
--- /dev/null
+++ b/lib/notes/index.php
@@ -0,0 +1,9 @@
+<?php
+
+$users = array();
+$n = sql("SELECT account.id AS id, login AS name, COUNT(notes.id) AS nbNotes FROM account ".
+	"LEFT JOIN notes ON notes.owner = account.id ".
+	"WHERE notes.public != 0 AND notes.id != 0 ".
+	"GROUP BY account.id ORDER BY nbNotes DESC");
+while ($nn = mysql_fetch_assoc($n)) $users[] = $nn;
+require("tpl/notes/index.php");
diff --git a/lib/notes/move.php b/lib/notes/move.php
new file mode 100644
index 0000000..c3439d7
--- /dev/null
+++ b/lib/notes/move.php
@@ -0,0 +1,44 @@
+<?php
+
+assert_redir(count($args) >= 3, 'notes');
+$noteid = intval($args[2]);
+
+$note = mysql_fetch_assoc(sql(
+	"SELECT na.id AS id, na.title AS title, na.text AS text, na.public AS public, na.owner AS owner, ".
+	"nb.title AS parent_title, nb.id AS parent_id, account.login AS ownername FROM notes na ".
+	"LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ".
+	"WHERE na.id = $noteid"
+));
+assert_error($note && $note['owner'] == $user['id'],
+	"This note does not exist, or you are not allowed to move it.");
+
+if (count($args) == 4) {
+	$newparent = intval($args[3]);
+	// SHOULD CHECK FOR TREE CONSISTENCY, SKIP FOR NOW.
+	if ($newparent != 0)  {
+		$p = mysql_fetch_assoc(sql("SELECT id, owner FROM notes WHERE id = $newparent"));
+	}
+	if ($newparent != 0 && !$p) {
+		$error = "Selected parent does not exist.";
+	} else if ($newparent != 0 && $p['owner'] != $user['id']) {
+		$error = "Selected parent is not belong to you.";
+	} else {
+		sql("UPDATE notes SET parent = $newparent WHERE id = $noteid");
+		header("Location: view-notes-$noteid");
+		die();
+	}
+}
+
+$notes_tree = array();
+$n = sql("SELECT id, parent, title FROM notes ".
+	"WHERE owner =  " . $user['id'] . " AND id != $noteid AND parent != $noteid ORDER BY title ASC");
+while ($nn = mysql_fetch_assoc($n)) {
+	if (isset($notes_tree[$nn['parent']])) {
+		$notes_tree[$nn['parent']][] = $nn;
+	} else {
+		$notes_tree[$nn['parent']] = array($nn);
+	}
+}
+
+$title = "Move note : " . $note["title"];
+require("tpl/notes/move.php");
diff --git a/lib/notes/new.php b/lib/notes/new.php
new file mode 100644
index 0000000..1213b94
--- /dev/null
+++ b/lib/notes/new.php
@@ -0,0 +1,47 @@
+<?php
+
+require("lib/markdown.php");
+
+assert_redir(count($args) == 3, 'notes');
+$parentid = intval($args[2]);
+
+if ($parentid != 0) {
+	$parent = mysql_fetch_assoc(sql(
+		"SELECT na.id AS id, na.title AS title, na.text_html AS html, na.public AS public, na.owner AS owner, ".
+		"nb.title AS parent_title, nb.id AS parent_id, account.login AS ownername FROM notes na ".
+		"LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ".
+		"WHERE na.id = $parentid"
+	));
+	assert_error($parent && $parent['owner'] == $user['id'],
+		"The selected parent does not exist, or you cannot create children for it.");
+}
+
+$note_title = "";
+$note_text = "";
+$note_public = (isset($parent) ? $parent['public'] : true);
+if (isset($_POST['title']) && isset($_POST['text'])) {
+	$note_title = esca($_POST['title']);
+	$note_text = esca($_POST['text']);
+	$note_html = Markdown($note_text);
+	$note_public = isset($_POST['public']);
+	if ($note_title == "") {
+		$error = "You must enter a title for your note";
+	} else {
+		sql("INSERT INTO notes(owner, parent, title, text, text_html, public) ".
+			"VALUES(" . $user['id'] . ", $parentid, '" . escs($note_title) . "', '" . 
+				escs($note_text) . "', '" . escs($note_html) . "', ". ($note_public?'1':'0') . ")");
+		header("Location: view-notes-" . mysql_insert_id());
+		die();
+	}
+}
+
+
+$title = "New note";
+$fields = array(
+	array("label" => "Title : ", "name" => "title", "value" => $note_title),
+	array("label" => "Public ? ", "name" => "public", "type" => "checkbox", "checked" => $note_public),
+	array("label" => "Text : ", "name" => "text", "type" => "textarea", "value" => $note_text),
+	);
+$validate = "Create note";
+
+require("tpl/notes/new.php");
diff --git a/lib/notes/source.php b/lib/notes/source.php
new file mode 100644
index 0000000..4ff40d7
--- /dev/null
+++ b/lib/notes/source.php
@@ -0,0 +1,22 @@
+<?php
+
+assert_redir(count($args) == 3, 'notes');
+$noteid = intval($args[2]);
+
+$note = mysql_fetch_assoc(sql("SELECT id, title, text, public, owner FROM notes WHERE id = $noteid"));
+assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id']),
+	"This note does not exist, or you are not allowed to see it.");
+
+//header("Content-Type: text/plain: charset=utf-8");
+?>
+<!DOCTYPE html>
+<html>
+<head>
+	<meta http-equiv="Content-Type" value="text/html; charset=utf-8" />
+</head>
+<body>
+<pre><? echo $note['text']; ?></pre>
+</body>
+</html>
+<?
+die();
diff --git a/lib/notes/user.php b/lib/notes/user.php
new file mode 100644
index 0000000..e420946
--- /dev/null
+++ b/lib/notes/user.php
@@ -0,0 +1,33 @@
+<?php
+
+assert_redir(count($args) == 3, 'notes');
+$userid = intval($args[2]);
+
+if ($userid == $user['id']) {
+	$note_owner = $user;
+} else {
+	$note_owner = mysql_fetch_assoc(sql("SELECT login AS name, id FROM account WHERE id = $userid"));
+	assert_error($note_owner, "That user id does not exist.", "no such user");
+}
+
+$users = array();
+$n = sql("SELECT account.id AS id, login AS name, COUNT(notes.id) AS nbNotes FROM account ".
+	"LEFT JOIN notes ON notes.owner = account.id ".
+	"WHERE notes.public != 0 AND notes.id != 0 ".
+	"GROUP BY account.id ORDER BY nbNotes DESC");
+while ($nn = mysql_fetch_assoc($n)) $users[] = $nn;
+
+$notes_tree = array();
+$n = sql("SELECT id, parent, title FROM notes ".
+	"WHERE owner = $userid ".
+	($userid == $user['id'] ? "" : "AND public != 0 ").
+	"ORDER BY title ASC");
+while ($nn = mysql_fetch_assoc($n)) {
+	if (isset($notes_tree[$nn['parent']])) {
+		$notes_tree[$nn['parent']][] = $nn;
+	} else {
+		$notes_tree[$nn['parent']] = array($nn);
+	}
+}
+
+require("tpl/notes/user.php");
diff --git a/lib/notes/view.php b/lib/notes/view.php
new file mode 100644
index 0000000..f81b6d7
--- /dev/null
+++ b/lib/notes/view.php
@@ -0,0 +1,21 @@
+<?php
+
+assert_redir(count($args) == 3, 'notes');
+$noteid = intval($args[2]);
+
+$note = mysql_fetch_assoc(sql(
+	"SELECT na.id AS id, na.title AS title, na.text_html AS html, na.public AS public, na.owner AS owner, ".
+	"nb.title AS parent_title, nb.id AS parent_id, account.login AS ownername FROM notes na ".
+	"LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ".
+	"WHERE na.id = $noteid"
+));
+assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id']),
+	"This note does not exist, or you are not allowed to see it.");
+
+$can_new = ($user['priv'] >= $apps['notes']['new'] && $user['id'] == $note['owner']);
+$can_edit = ($user['priv'] >= $apps['notes']['edit'] && $user['id'] == $note['owner']);
+$can_delete = ($user['priv'] >= $apps['notes']['delete'] && $user['id'] == $note['owner']);
+$can_move = ($user['priv'] >= $apps['notes']['move'] && $user['id'] == $note['owner']);
+
+require("tpl/notes/view.php");
+