diff options
Diffstat (limited to 'lib/notes')
-rw-r--r-- | lib/notes/delete.php | 13 | ||||
-rw-r--r-- | lib/notes/edit.php | 50 | ||||
-rw-r--r-- | lib/notes/index.php | 9 | ||||
-rw-r--r-- | lib/notes/move.php | 44 | ||||
-rw-r--r-- | lib/notes/new.php | 47 | ||||
-rw-r--r-- | lib/notes/source.php | 22 | ||||
-rw-r--r-- | lib/notes/user.php | 33 | ||||
-rw-r--r-- | lib/notes/view.php | 21 |
8 files changed, 239 insertions, 0 deletions
diff --git a/lib/notes/delete.php b/lib/notes/delete.php new file mode 100644 index 0000000..e8ef31e --- /dev/null +++ b/lib/notes/delete.php @@ -0,0 +1,13 @@ +<?php + +assert_redir(count($args) >= 3, 'notes'); +$noteid = intval($args[2]); + +$note = mysql_fetch_assoc(sql("SELECT owner FROM notes WHERE id = $noteid")); +assert_error($note && $note['owner'] == $user['id'], + "This note does not exist, or you are not allowed to delete it."); + +token_validate("Do you really want to delete this note ? All children notes will become children of the root note.", "view-notes-$noteid"); +sql("DELETE FROM notes WHERE id = $noteid"); +sql("UPDATE notes SET parent = 0 WHERE parent = $noteid"); +header("Location: user-notes-" . $user['id']); diff --git a/lib/notes/edit.php b/lib/notes/edit.php new file mode 100644 index 0000000..17f1573 --- /dev/null +++ b/lib/notes/edit.php @@ -0,0 +1,50 @@ +<?php + +require("lib/markdown.php"); + +assert_redir(count($args) == 3, 'notes'); +$noteid = intval($args[2]); + +$note = mysql_fetch_assoc(sql( + "SELECT na.id AS id, na.title AS title, na.text AS text, na.public AS public, na.owner AS owner, ". + "nb.title AS parent_title, nb.id AS parent_id, account.login AS ownername FROM notes na ". + "LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ". + "WHERE na.id = $noteid" +)); +assert_error($note && $note['owner'] == $user['id'], + "This note does not exist, or you are not allowed to edit it."); + +$note_title = $note['title']; +$note_text = $note['text']; +$note_public = $note['public']; +if (isset($_POST['title']) && isset($_POST['text'])) { + $note_title = esca($_POST['title']); + $note_text = esca($_POST['text']); + $note_html = Markdown($note_text); + $note_public = isset($_POST['public']); + if ($note_title == "") { + $error = "You must enter a title for your note"; + } else { + if (isset($_POST['preview']) && $_POST['preview'] == "Preview") { + $preview = $note_html; + $message = "Your preview is below the edit form."; + } else { + sql("UPDATE notes SET title = '" . escs($note_title) . "', text = '" . escs($note_text) . + "', text_html = '" . escs($note_html) . "', public = " . ($note_public?'1':'0') . + " WHERE id = $noteid"); + header("Location: view-notes-" . $noteid); + die(); + } + } +} + +$title = "Edit : " . $note['title']; +$fields = array( + array("label" => "Title : ", "name" => "title", "value" => $note_title), + array("label" => "Public ? ", "name" => "public", "type" => "checkbox", "checked" => $note_public), + array("label" => "Text : ", "name" => "text", "type" => "textarea", "value" => $note_text), + array("label" => "Preview : ", "name" => "preview", "type" => "submit", "value" => "Preview"), + ); +$validate = "Edit note"; + +require("tpl/notes/edit.php"); diff --git a/lib/notes/index.php b/lib/notes/index.php new file mode 100644 index 0000000..3c81f46 --- /dev/null +++ b/lib/notes/index.php @@ -0,0 +1,9 @@ +<?php + +$users = array(); +$n = sql("SELECT account.id AS id, login AS name, COUNT(notes.id) AS nbNotes FROM account ". + "LEFT JOIN notes ON notes.owner = account.id ". + "WHERE notes.public != 0 AND notes.id != 0 ". + "GROUP BY account.id ORDER BY nbNotes DESC"); +while ($nn = mysql_fetch_assoc($n)) $users[] = $nn; +require("tpl/notes/index.php"); diff --git a/lib/notes/move.php b/lib/notes/move.php new file mode 100644 index 0000000..c3439d7 --- /dev/null +++ b/lib/notes/move.php @@ -0,0 +1,44 @@ +<?php + +assert_redir(count($args) >= 3, 'notes'); +$noteid = intval($args[2]); + +$note = mysql_fetch_assoc(sql( + "SELECT na.id AS id, na.title AS title, na.text AS text, na.public AS public, na.owner AS owner, ". + "nb.title AS parent_title, nb.id AS parent_id, account.login AS ownername FROM notes na ". + "LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ". + "WHERE na.id = $noteid" +)); +assert_error($note && $note['owner'] == $user['id'], + "This note does not exist, or you are not allowed to move it."); + +if (count($args) == 4) { + $newparent = intval($args[3]); + // SHOULD CHECK FOR TREE CONSISTENCY, SKIP FOR NOW. + if ($newparent != 0) { + $p = mysql_fetch_assoc(sql("SELECT id, owner FROM notes WHERE id = $newparent")); + } + if ($newparent != 0 && !$p) { + $error = "Selected parent does not exist."; + } else if ($newparent != 0 && $p['owner'] != $user['id']) { + $error = "Selected parent is not belong to you."; + } else { + sql("UPDATE notes SET parent = $newparent WHERE id = $noteid"); + header("Location: view-notes-$noteid"); + die(); + } +} + +$notes_tree = array(); +$n = sql("SELECT id, parent, title FROM notes ". + "WHERE owner = " . $user['id'] . " AND id != $noteid AND parent != $noteid ORDER BY title ASC"); +while ($nn = mysql_fetch_assoc($n)) { + if (isset($notes_tree[$nn['parent']])) { + $notes_tree[$nn['parent']][] = $nn; + } else { + $notes_tree[$nn['parent']] = array($nn); + } +} + +$title = "Move note : " . $note["title"]; +require("tpl/notes/move.php"); diff --git a/lib/notes/new.php b/lib/notes/new.php new file mode 100644 index 0000000..1213b94 --- /dev/null +++ b/lib/notes/new.php @@ -0,0 +1,47 @@ +<?php + +require("lib/markdown.php"); + +assert_redir(count($args) == 3, 'notes'); +$parentid = intval($args[2]); + +if ($parentid != 0) { + $parent = mysql_fetch_assoc(sql( + "SELECT na.id AS id, na.title AS title, na.text_html AS html, na.public AS public, na.owner AS owner, ". + "nb.title AS parent_title, nb.id AS parent_id, account.login AS ownername FROM notes na ". + "LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ". + "WHERE na.id = $parentid" + )); + assert_error($parent && $parent['owner'] == $user['id'], + "The selected parent does not exist, or you cannot create children for it."); +} + +$note_title = ""; +$note_text = ""; +$note_public = (isset($parent) ? $parent['public'] : true); +if (isset($_POST['title']) && isset($_POST['text'])) { + $note_title = esca($_POST['title']); + $note_text = esca($_POST['text']); + $note_html = Markdown($note_text); + $note_public = isset($_POST['public']); + if ($note_title == "") { + $error = "You must enter a title for your note"; + } else { + sql("INSERT INTO notes(owner, parent, title, text, text_html, public) ". + "VALUES(" . $user['id'] . ", $parentid, '" . escs($note_title) . "', '" . + escs($note_text) . "', '" . escs($note_html) . "', ". ($note_public?'1':'0') . ")"); + header("Location: view-notes-" . mysql_insert_id()); + die(); + } +} + + +$title = "New note"; +$fields = array( + array("label" => "Title : ", "name" => "title", "value" => $note_title), + array("label" => "Public ? ", "name" => "public", "type" => "checkbox", "checked" => $note_public), + array("label" => "Text : ", "name" => "text", "type" => "textarea", "value" => $note_text), + ); +$validate = "Create note"; + +require("tpl/notes/new.php"); diff --git a/lib/notes/source.php b/lib/notes/source.php new file mode 100644 index 0000000..4ff40d7 --- /dev/null +++ b/lib/notes/source.php @@ -0,0 +1,22 @@ +<?php + +assert_redir(count($args) == 3, 'notes'); +$noteid = intval($args[2]); + +$note = mysql_fetch_assoc(sql("SELECT id, title, text, public, owner FROM notes WHERE id = $noteid")); +assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id']), + "This note does not exist, or you are not allowed to see it."); + +//header("Content-Type: text/plain: charset=utf-8"); +?> +<!DOCTYPE html> +<html> +<head> + <meta http-equiv="Content-Type" value="text/html; charset=utf-8" /> +</head> +<body> +<pre><? echo $note['text']; ?></pre> +</body> +</html> +<? +die(); diff --git a/lib/notes/user.php b/lib/notes/user.php new file mode 100644 index 0000000..e420946 --- /dev/null +++ b/lib/notes/user.php @@ -0,0 +1,33 @@ +<?php + +assert_redir(count($args) == 3, 'notes'); +$userid = intval($args[2]); + +if ($userid == $user['id']) { + $note_owner = $user; +} else { + $note_owner = mysql_fetch_assoc(sql("SELECT login AS name, id FROM account WHERE id = $userid")); + assert_error($note_owner, "That user id does not exist.", "no such user"); +} + +$users = array(); +$n = sql("SELECT account.id AS id, login AS name, COUNT(notes.id) AS nbNotes FROM account ". + "LEFT JOIN notes ON notes.owner = account.id ". + "WHERE notes.public != 0 AND notes.id != 0 ". + "GROUP BY account.id ORDER BY nbNotes DESC"); +while ($nn = mysql_fetch_assoc($n)) $users[] = $nn; + +$notes_tree = array(); +$n = sql("SELECT id, parent, title FROM notes ". + "WHERE owner = $userid ". + ($userid == $user['id'] ? "" : "AND public != 0 "). + "ORDER BY title ASC"); +while ($nn = mysql_fetch_assoc($n)) { + if (isset($notes_tree[$nn['parent']])) { + $notes_tree[$nn['parent']][] = $nn; + } else { + $notes_tree[$nn['parent']] = array($nn); + } +} + +require("tpl/notes/user.php"); diff --git a/lib/notes/view.php b/lib/notes/view.php new file mode 100644 index 0000000..f81b6d7 --- /dev/null +++ b/lib/notes/view.php @@ -0,0 +1,21 @@ +<?php + +assert_redir(count($args) == 3, 'notes'); +$noteid = intval($args[2]); + +$note = mysql_fetch_assoc(sql( + "SELECT na.id AS id, na.title AS title, na.text_html AS html, na.public AS public, na.owner AS owner, ". + "nb.title AS parent_title, nb.id AS parent_id, account.login AS ownername FROM notes na ". + "LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ". + "WHERE na.id = $noteid" +)); +assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id']), + "This note does not exist, or you are not allowed to see it."); + +$can_new = ($user['priv'] >= $apps['notes']['new'] && $user['id'] == $note['owner']); +$can_edit = ($user['priv'] >= $apps['notes']['edit'] && $user['id'] == $note['owner']); +$can_delete = ($user['priv'] >= $apps['notes']['delete'] && $user['id'] == $note['owner']); +$can_move = ($user['priv'] >= $apps['notes']['move'] && $user['id'] == $note['owner']); + +require("tpl/notes/view.php"); + |