summaryrefslogtreecommitdiff
path: root/lib/notes
diff options
context:
space:
mode:
Diffstat (limited to 'lib/notes')
-rw-r--r--lib/notes/delete.php13
-rw-r--r--lib/notes/edit.php50
-rw-r--r--lib/notes/index.php9
-rw-r--r--lib/notes/move.php44
-rw-r--r--lib/notes/new.php47
-rw-r--r--lib/notes/source.php22
-rw-r--r--lib/notes/user.php33
-rw-r--r--lib/notes/view.php21
8 files changed, 239 insertions, 0 deletions
diff --git a/lib/notes/delete.php b/lib/notes/delete.php
new file mode 100644
index 0000000..e8ef31e
--- /dev/null
+++ b/lib/notes/delete.php
@@ -0,0 +1,13 @@
+<?php
+
+assert_redir(count($args) >= 3, 'notes');
+$noteid = intval($args[2]);
+
+$note = mysql_fetch_assoc(sql("SELECT owner FROM notes WHERE id = $noteid"));
+assert_error($note && $note['owner'] == $user['id'],
+ "This note does not exist, or you are not allowed to delete it.");
+
+token_validate("Do you really want to delete this note ? All children notes will become children of the root note.", "view-notes-$noteid");
+sql("DELETE FROM notes WHERE id = $noteid");
+sql("UPDATE notes SET parent = 0 WHERE parent = $noteid");
+header("Location: user-notes-" . $user['id']);
diff --git a/lib/notes/edit.php b/lib/notes/edit.php
new file mode 100644
index 0000000..17f1573
--- /dev/null
+++ b/lib/notes/edit.php
@@ -0,0 +1,50 @@
+<?php
+
+require("lib/markdown.php");
+
+assert_redir(count($args) == 3, 'notes');
+$noteid = intval($args[2]);
+
+$note = mysql_fetch_assoc(sql(
+ "SELECT na.id AS id, na.title AS title, na.text AS text, na.public AS public, na.owner AS owner, ".
+ "nb.title AS parent_title, nb.id AS parent_id, account.login AS ownername FROM notes na ".
+ "LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ".
+ "WHERE na.id = $noteid"
+));
+assert_error($note && $note['owner'] == $user['id'],
+ "This note does not exist, or you are not allowed to edit it.");
+
+$note_title = $note['title'];
+$note_text = $note['text'];
+$note_public = $note['public'];
+if (isset($_POST['title']) && isset($_POST['text'])) {
+ $note_title = esca($_POST['title']);
+ $note_text = esca($_POST['text']);
+ $note_html = Markdown($note_text);
+ $note_public = isset($_POST['public']);
+ if ($note_title == "") {
+ $error = "You must enter a title for your note";
+ } else {
+ if (isset($_POST['preview']) && $_POST['preview'] == "Preview") {
+ $preview = $note_html;
+ $message = "Your preview is below the edit form.";
+ } else {
+ sql("UPDATE notes SET title = '" . escs($note_title) . "', text = '" . escs($note_text) .
+ "', text_html = '" . escs($note_html) . "', public = " . ($note_public?'1':'0') .
+ " WHERE id = $noteid");
+ header("Location: view-notes-" . $noteid);
+ die();
+ }
+ }
+}
+
+$title = "Edit : " . $note['title'];
+$fields = array(
+ array("label" => "Title : ", "name" => "title", "value" => $note_title),
+ array("label" => "Public ? ", "name" => "public", "type" => "checkbox", "checked" => $note_public),
+ array("label" => "Text : ", "name" => "text", "type" => "textarea", "value" => $note_text),
+ array("label" => "Preview : ", "name" => "preview", "type" => "submit", "value" => "Preview"),
+ );
+$validate = "Edit note";
+
+require("tpl/notes/edit.php");
diff --git a/lib/notes/index.php b/lib/notes/index.php
new file mode 100644
index 0000000..3c81f46
--- /dev/null
+++ b/lib/notes/index.php
@@ -0,0 +1,9 @@
+<?php
+
+$users = array();
+$n = sql("SELECT account.id AS id, login AS name, COUNT(notes.id) AS nbNotes FROM account ".
+ "LEFT JOIN notes ON notes.owner = account.id ".
+ "WHERE notes.public != 0 AND notes.id != 0 ".
+ "GROUP BY account.id ORDER BY nbNotes DESC");
+while ($nn = mysql_fetch_assoc($n)) $users[] = $nn;
+require("tpl/notes/index.php");
diff --git a/lib/notes/move.php b/lib/notes/move.php
new file mode 100644
index 0000000..c3439d7
--- /dev/null
+++ b/lib/notes/move.php
@@ -0,0 +1,44 @@
+<?php
+
+assert_redir(count($args) >= 3, 'notes');
+$noteid = intval($args[2]);
+
+$note = mysql_fetch_assoc(sql(
+ "SELECT na.id AS id, na.title AS title, na.text AS text, na.public AS public, na.owner AS owner, ".
+ "nb.title AS parent_title, nb.id AS parent_id, account.login AS ownername FROM notes na ".
+ "LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ".
+ "WHERE na.id = $noteid"
+));
+assert_error($note && $note['owner'] == $user['id'],
+ "This note does not exist, or you are not allowed to move it.");
+
+if (count($args) == 4) {
+ $newparent = intval($args[3]);
+ // SHOULD CHECK FOR TREE CONSISTENCY, SKIP FOR NOW.
+ if ($newparent != 0) {
+ $p = mysql_fetch_assoc(sql("SELECT id, owner FROM notes WHERE id = $newparent"));
+ }
+ if ($newparent != 0 && !$p) {
+ $error = "Selected parent does not exist.";
+ } else if ($newparent != 0 && $p['owner'] != $user['id']) {
+ $error = "Selected parent is not belong to you.";
+ } else {
+ sql("UPDATE notes SET parent = $newparent WHERE id = $noteid");
+ header("Location: view-notes-$noteid");
+ die();
+ }
+}
+
+$notes_tree = array();
+$n = sql("SELECT id, parent, title FROM notes ".
+ "WHERE owner = " . $user['id'] . " AND id != $noteid AND parent != $noteid ORDER BY title ASC");
+while ($nn = mysql_fetch_assoc($n)) {
+ if (isset($notes_tree[$nn['parent']])) {
+ $notes_tree[$nn['parent']][] = $nn;
+ } else {
+ $notes_tree[$nn['parent']] = array($nn);
+ }
+}
+
+$title = "Move note : " . $note["title"];
+require("tpl/notes/move.php");
diff --git a/lib/notes/new.php b/lib/notes/new.php
new file mode 100644
index 0000000..1213b94
--- /dev/null
+++ b/lib/notes/new.php
@@ -0,0 +1,47 @@
+<?php
+
+require("lib/markdown.php");
+
+assert_redir(count($args) == 3, 'notes');
+$parentid = intval($args[2]);
+
+if ($parentid != 0) {
+ $parent = mysql_fetch_assoc(sql(
+ "SELECT na.id AS id, na.title AS title, na.text_html AS html, na.public AS public, na.owner AS owner, ".
+ "nb.title AS parent_title, nb.id AS parent_id, account.login AS ownername FROM notes na ".
+ "LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ".
+ "WHERE na.id = $parentid"
+ ));
+ assert_error($parent && $parent['owner'] == $user['id'],
+ "The selected parent does not exist, or you cannot create children for it.");
+}
+
+$note_title = "";
+$note_text = "";
+$note_public = (isset($parent) ? $parent['public'] : true);
+if (isset($_POST['title']) && isset($_POST['text'])) {
+ $note_title = esca($_POST['title']);
+ $note_text = esca($_POST['text']);
+ $note_html = Markdown($note_text);
+ $note_public = isset($_POST['public']);
+ if ($note_title == "") {
+ $error = "You must enter a title for your note";
+ } else {
+ sql("INSERT INTO notes(owner, parent, title, text, text_html, public) ".
+ "VALUES(" . $user['id'] . ", $parentid, '" . escs($note_title) . "', '" .
+ escs($note_text) . "', '" . escs($note_html) . "', ". ($note_public?'1':'0') . ")");
+ header("Location: view-notes-" . mysql_insert_id());
+ die();
+ }
+}
+
+
+$title = "New note";
+$fields = array(
+ array("label" => "Title : ", "name" => "title", "value" => $note_title),
+ array("label" => "Public ? ", "name" => "public", "type" => "checkbox", "checked" => $note_public),
+ array("label" => "Text : ", "name" => "text", "type" => "textarea", "value" => $note_text),
+ );
+$validate = "Create note";
+
+require("tpl/notes/new.php");
diff --git a/lib/notes/source.php b/lib/notes/source.php
new file mode 100644
index 0000000..4ff40d7
--- /dev/null
+++ b/lib/notes/source.php
@@ -0,0 +1,22 @@
+<?php
+
+assert_redir(count($args) == 3, 'notes');
+$noteid = intval($args[2]);
+
+$note = mysql_fetch_assoc(sql("SELECT id, title, text, public, owner FROM notes WHERE id = $noteid"));
+assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id']),
+ "This note does not exist, or you are not allowed to see it.");
+
+//header("Content-Type: text/plain: charset=utf-8");
+?>
+<!DOCTYPE html>
+<html>
+<head>
+ <meta http-equiv="Content-Type" value="text/html; charset=utf-8" />
+</head>
+<body>
+<pre><? echo $note['text']; ?></pre>
+</body>
+</html>
+<?
+die();
diff --git a/lib/notes/user.php b/lib/notes/user.php
new file mode 100644
index 0000000..e420946
--- /dev/null
+++ b/lib/notes/user.php
@@ -0,0 +1,33 @@
+<?php
+
+assert_redir(count($args) == 3, 'notes');
+$userid = intval($args[2]);
+
+if ($userid == $user['id']) {
+ $note_owner = $user;
+} else {
+ $note_owner = mysql_fetch_assoc(sql("SELECT login AS name, id FROM account WHERE id = $userid"));
+ assert_error($note_owner, "That user id does not exist.", "no such user");
+}
+
+$users = array();
+$n = sql("SELECT account.id AS id, login AS name, COUNT(notes.id) AS nbNotes FROM account ".
+ "LEFT JOIN notes ON notes.owner = account.id ".
+ "WHERE notes.public != 0 AND notes.id != 0 ".
+ "GROUP BY account.id ORDER BY nbNotes DESC");
+while ($nn = mysql_fetch_assoc($n)) $users[] = $nn;
+
+$notes_tree = array();
+$n = sql("SELECT id, parent, title FROM notes ".
+ "WHERE owner = $userid ".
+ ($userid == $user['id'] ? "" : "AND public != 0 ").
+ "ORDER BY title ASC");
+while ($nn = mysql_fetch_assoc($n)) {
+ if (isset($notes_tree[$nn['parent']])) {
+ $notes_tree[$nn['parent']][] = $nn;
+ } else {
+ $notes_tree[$nn['parent']] = array($nn);
+ }
+}
+
+require("tpl/notes/user.php");
diff --git a/lib/notes/view.php b/lib/notes/view.php
new file mode 100644
index 0000000..f81b6d7
--- /dev/null
+++ b/lib/notes/view.php
@@ -0,0 +1,21 @@
+<?php
+
+assert_redir(count($args) == 3, 'notes');
+$noteid = intval($args[2]);
+
+$note = mysql_fetch_assoc(sql(
+ "SELECT na.id AS id, na.title AS title, na.text_html AS html, na.public AS public, na.owner AS owner, ".
+ "nb.title AS parent_title, nb.id AS parent_id, account.login AS ownername FROM notes na ".
+ "LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ".
+ "WHERE na.id = $noteid"
+));
+assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id']),
+ "This note does not exist, or you are not allowed to see it.");
+
+$can_new = ($user['priv'] >= $apps['notes']['new'] && $user['id'] == $note['owner']);
+$can_edit = ($user['priv'] >= $apps['notes']['edit'] && $user['id'] == $note['owner']);
+$can_delete = ($user['priv'] >= $apps['notes']['delete'] && $user['id'] == $note['owner']);
+$can_move = ($user['priv'] >= $apps['notes']['move'] && $user['id'] == $note['owner']);
+
+require("tpl/notes/view.php");
+