Location: PHPKode > projects > cPassMan > cpassman_1.55/sources/items.queries.php
<?php
####################################################################################################
## File : items.queries.php
## Author : Nils Laumaillé
## Description : File contains queries for ajax
## 
## DON'T CHANGE !!!
## 
####################################################################################################

session_start();
require_once('../includes/language/'.$_SESSION['user_language'].'.php');
include('../includes/settings.php');    
require_once('../includes/include.php');
header("Content-type: text/html; charset=".$k['charset']);  
include('main.functions.php'); 

//Connect to mysql server
require_once("class.database.php"); 
$db = new Database($server, $user, $pass, $database, $pre);
$db->connect(); 

//Function permits to identify what icon to display depending on file extension
function file_format_image($ext){
    global $k;
    if ( in_array($ext,$k['office_file_ext']) ) $image = "document-office.png";
    else if ( $ext == "pdf" ) $image = "document-pdf.png";
    else if ( in_array($ext,$k['image_file_ext']) ) $image = "document-image.png";
    else if ( $ext == "txt" ) $image = "document-txt.png";
    else  $image = "document.png";
    return $image;
}

// Construction de la requête en fonction du type de valeur
if ( isset($_POST['type']) ){
    switch($_POST['type'])
    {
        ### CASE ####
        ### creating a new ITEM
        case "new_item":        
            //check if element doesn't already exist
            $create_new_item = true;
            if ( isset($_SESSION['settings']['duplicate_item']) && $_SESSION['settings']['duplicate_item'] == 0 ){
                $data = $db->fetch_row("SELECT COUNT(*) FROM ".$pre."items WHERE label = '".mysql_real_escape_string(stripslashes(($_POST['label'])))."' AND inactif=0");
                if ( $data[0] != 0 ){
                    echo '$("#div_formulaire_saisi").dialog("open");';
                    echo 'document.getElementById("new_show_error").innerHTML = "'.$txt['error_item_exists'].'";';
                    echo '$("#new_show_error").show();';
                    $create_new_item = false;
                }
            }
            
            if( $create_new_item == true) {    
                echo '$("#new_show_error").hide();';       
                $resticted_to = $_POST['restricted_to'];
                //encrypt PW
                if ( !empty($_POST['salt_key']) && isset($_POST['salt_key']) ){
                    $pw = encrypt($_POST['pw'],mysql_real_escape_string(stripslashes($_POST['salt_key'])));
                    $resticted_to = $_SESSION['user_id'];
                }else
                    $pw = encrypt($_POST['pw']);
                
                //ADD item
                $new_id = $db->query_insert(
                    'items',
                    array(
                        'label' => mysql_real_escape_string(stripslashes($_POST['label'])),
                        'description' => addslashes($_POST['desc']),
                        'pw' => $pw,
                        'url' => mysql_real_escape_string(stripslashes(($_POST['url']))),
                        'id_tree' => $_POST['categorie'],
                        'login' => mysql_real_escape_string(stripslashes(($_POST['login']))),
                        'inactif' => '0',
                        'restricted_to' => $resticted_to,
                        'perso' => ( !empty($_POST['salt_key']) && isset($_POST['salt_key']) ) ? '1' : '0'
                    )
                );
                
                //log
                $db->query_insert(
                    'log_items',
                    array(
                        'id_item' => $new_id,
                        'date' => mktime(date('H'),date('i'),date('s'),date('m'),date('d'),date('y')),
                        'id_user' => $_SESSION['user_id'],
                        'action' => 'at_creation'
                    )
                );
                
                //Add tags
                $tags = explode(' ',$_POST['tags']);
                foreach($tags as $tag){
                    if ( !empty($tag) )
                        $db->query_insert(
                            'tags',
                            array(
                                'item_id' => $new_id,
                                'tag' => strtolower($tag)
                            )
                        );
                }
                
                // Check if any files have been added
                if ( !empty($_POST['random_id_from_files']) ){
                    $sql = "SELECT id 
                            FROM ".$pre."files 
                            WHERE id_item=".$_POST['random_id_from_files'];
                    $rows = $db->fetch_all_array($sql);
                    foreach ($rows as $reccord){                
                        //update item_id in files table
                        $db->query_update(
                            'files',
                            array(
                                'id_item' => $new_id
                            ),
                            "id='".$reccord['id']."'"
                        );
                    }
                }

                //Update CACHE table
                UpdateCacheTable("add_value",$new_id);
                
                //Announce by email?
                if ( $_POST['annonce'] == 1 ){
                    require_once("class.phpmailer.php");
                    //envoyer email
                    $destinataire= explode(';',$_POST['diffusion']);
                    foreach($destinataire as $mail_destinataire){
                        //envoyer ay destinataire
                        $mail = new PHPMailer();                    
                        $mail->SetLanguage("en","../includes/phpmailer/language");                    
                        $mail->IsSMTP();                                   // send via SMTP
                        $mail->Host     = $smtp_server; // SMTP servers
                        $mail->SMTPAuth = $smtp_auth;     // turn on SMTP authentication
                        $mail->Username = $smtp_auth_username;  // SMTP username
                        $mail->Password = $smtp_auth_password; // SMTP password
                        $mail->From     = $email_from;
                        $mail->FromName = $email_from_name;                    
                        $mail->AddAddress($mail_destinataire);     //Destinataire                     
                        $mail->WordWrap = 80;                              // set word wrap
                        $mail->IsHTML(true);                               // send as HTML                    
                        $mail->Subject  =  $txt['email_subject'];
                        $mail->AltBody     =  $txt['email_altbody_1']." ".mysql_real_escape_string(stripslashes(($_POST['label'])))." ".$txt['email_altbody_2'];
                        $corpsDeMail = $txt['email_body_1'].mysql_real_escape_string(stripslashes(($_POST['label']))).$txt['email_body_2'].
                        $_SESSION['settings']['cpassman_url']."/index.php?page=items&group=".$_POST['categorie']."&id=".$new_id.$txt['email_body_3'];                    
                        $mail->Body  =  $corpsDeMail;                            
                        $mail->Send();
                    }
                }
                //Refresh page
                echo 'window.location.href = "index.php?page=items&group='.$_POST['categorie'].'&id='.$new_id.'";';
                
                
        
                echo '$("#random_id").val("");';
            }
        break;
        
        #############
        ### CASE ####
        ### update an ITEM
        case "update_item":
            //init
            $reload_page = false;

            //Get existing values
            $data = $db->query_first("SELECT * FROM ".$pre."items WHERE id=".$_POST['id']);
            
            //Manage specific characters (&, +)
            $patterns = array('/ETCOMMERCIAL/','/SIGNEPLUS/');
            $remplacements = array('&','+');
            $pw_recu = $_POST['pw'];
            $pw_recu = preg_replace($patterns,$remplacements,$pw_recu);
            
            $resticted_to = $_POST['restricted_to'];
            
            //encrypt PW
            if ( isset($_POST['salt_key']) && !empty($_POST['salt_key']) ){
                $pw_recu = encrypt($pw_recu,mysql_real_escape_string(stripslashes($_POST['salt_key'])));
                $resticted_to = $_SESSION['user_id'];
            }else
                $pw_recu = encrypt($pw_recu);        
            
            //---Manage tags
                //deleting existing tags for this item
                $db->query("DELETE FROM ".$pre."tags WHERE item_id = '".$_POST['id']."'");
                
                //Add new tags
                $tags = explode(' ',$_POST['tags']);
                foreach($tags as $tag){
                    if ( !empty($tag) )
                        $db->query_insert(
                            'tags',
                            array(
                                'item_id' => $_POST['id'],
                                'tag' => strtolower($tag)
                            )
                        );
                }            
                    
            //update item
            $db->query_update(
                'items',
                array(
                    'label' => mysql_real_escape_string(stripslashes(($_POST['label']))),
                    'description' => addslashes($_POST['description']),
                    'pw' => addslashes($pw_recu),
                    'login' => mysql_real_escape_string(stripslashes(($_POST['login']))),
                    'url' => mysql_real_escape_string(stripslashes(($_POST['url']))),
                    'id_tree' => mysql_real_escape_string($_POST['categorie']),
                    'restricted_to' => $resticted_to
                ),
                "id='".$_POST['id']."'"
            );

            //Update CACHE table
            UpdateCacheTable("update_value",$_POST['id']);
            
            //Log all modifications done
                ## LABEL ##
                if ( $data['label'] != $_POST['label'] ) 
                    $db->query_insert(
                        'log_items',
                        array(
                            'id_item' => $_POST['id'],
                            'date' => mktime(date('H'),date('i'),date('s'),date('m'),date('d'),date('y')),
                            'id_user' => $_SESSION['user_id'],
                            'action' => 'at_modification',
                            'raison' => 'at_label : '.$data['label'].' => '.mysql_real_escape_string(stripslashes(($_POST['label'])))
                        )
                    );       
                ## LOGIN ## 
                if ( $data['login'] != $_POST['login'] ) 
                    $db->query_insert(
                        'log_items',
                        array(
                            'id_item' => $_POST['id'],
                            'date' => mktime(date('H'),date('i'),date('s'),date('m'),date('d'),date('y')),
                            'id_user' => $_SESSION['user_id'],
                            'action' => 'at_modification',
                            'raison' => 'at_login : '.$data['login'].' => '.mysql_real_escape_string(stripslashes(($_POST['login'])))
                        )
                    ); 
                ## URL ##
                if ( $data['url'] != $_POST['url'] ) 
                    $db->query_insert(
                        'log_items',
                        array(
                            'id_item' => $_POST['id'],
                            'date' => mktime(date('H'),date('i'),date('s'),date('m'),date('d'),date('y')),
                            'id_user' => $_SESSION['user_id'],
                            'action' => 'at_modification',
                            'raison' => 'at_url : '.$data['url'].' => '.mysql_real_escape_string(stripslashes(($_POST['url'])))
                        )
                    ); 
                ## DESCRIPTION ##
                if ( $data['description'] != $_POST['description'] ) 
                    $db->query_insert(
                        'log_items',
                        array(
                            'id_item' => $_POST['id'],
                            'date' => mktime(date('H'),date('i'),date('s'),date('m'),date('d'),date('y')),
                            'id_user' => $_SESSION['user_id'],
                            'action' => 'at_modification',
                            'raison' => 'at_description'
                        )
                    );
                ## FOLDER ##
                if ( $data['id_tree'] != mysql_real_escape_string($_POST['categorie']) ){
                    $db->query_insert(
                        'log_items',
                        array(
                            'id_item' => $_POST['id'],
                            'date' => mktime(date('H'),date('i'),date('s'),date('m'),date('d'),date('y')),
                            'id_user' => $_SESSION['user_id'],
                            'action' => 'at_modification',
                            'raison' => 'at_category : '.$data['id_tree'].' => '.mysql_real_escape_string(stripslashes(($_POST['categorie'])))
                        )
                    );
                    //ask for page reloading
                    $reload_page = true;
                }
                ## PASSWORD ##
                if ( $data['pw'] != $pw_recu ){
                    if( isset($_POST['salt_key']) && !empty($_POST['salt_key']) ) $old_pw = decrypt($data['pw'],$_POST['salt_key']);
                    else $old_pw = decrypt($data['pw']);
                    $db->query_insert(
                        'log_items',
                        array(
                            'id_item' => $_POST['id'],
                            'date' => mktime(date('H'),date('i'),date('s'),date('m'),date('d'),date('y')),
                            'id_user' => $_SESSION['user_id'],
                            'action' => 'at_modification',
                            'raison' => 'at_pw : '.$old_pw
                        )
                    ); 
                }
            
            //Reload new values
            $data_item = $db->query_first("
                SELECT * 
                FROM ".$pre."items AS i 
                INNER JOIN ".$pre."log_items AS l ON (l.id_item = i.id) 
                WHERE i.id=".$_POST['id']." 
                    AND l.action = 'at_creation'"
            );
            
            //Reload History
            $history = "";
            $rows = $db->fetch_all_array("
                SELECT l.date AS date, l.action AS action, l.raison AS raison, u.login AS login 
                FROM ".$pre."log_items AS l 
                LEFT JOIN ".$pre."users AS u ON (l.id_user=u.id) 
                WHERE id_item=".$_POST['id']);
            foreach($rows as $reccord){      
                $reason = explode(':',$reccord['raison']);    
                if ( empty($history) ) 
                    $history = date("d/m/Y H:i:s",$reccord['date'])." - ". $reccord['login'] ." - ".$txt[$reccord['action']]." - ".(!empty($reccord['raison']) ? (count($reason) > 1 ? $txt[trim($reason[0])].' : '.$reason[1] : $txt[trim($reason[0])] ):'');
                else
                    $history .= "<br />".date("d/m/Y H:i:s",$reccord['date'])." - ". $reccord['login'] ." - ".$txt[$reccord['action']]." - ".(!empty($reccord['raison']) ? (count($reason) > 1 ? $txt[trim($reason[0])].' : '.$reason[1] : $txt[trim($reason[0])] ):'');
            }
            
            //Get list of restriction
            $liste = explode(";",$data_item['restricted_to']);
            $liste_restriction = "";
            foreach($liste as $elem){
                if ( !empty($elem) ){
                    $data2 = $db->fetch_row("SELECT login FROM ".$pre."users WHERE id=".$elem);
                    $liste_restriction .= $data2[0].";";
                }
            }
            
            //decrypt PW
            if ( empty($_POST['salt_key']) ){
                $pw = decrypt($data_item['pw']);
            }else{
                $pw = decrypt($data_item['pw'],mysql_real_escape_string(stripslashes($_POST['salt_key'])));
                $_SESSION['salt_key'] = $_POST['salt_key'];
            }
            
            // Prepare files listing
                $files = $files_edit = "";
                // launch query
                $rows = $db->fetch_all_array(
                    "SELECT * 
                    FROM ".$pre."files 
                    WHERE id_item=".$_POST['id']
                );
                foreach ($rows as $reccord){
                    // get icon image depending on file format
                    $icon_image = file_format_image($reccord['extension']);
                    // If file is an image, then prepare lightbox. If not image, then prepare donwload
                    if ( in_array($reccord['extension'],$k['image_file_ext']) )
                        $files .=   '<img src=\'includes/images/'.$icon_image.'\' /><a class=\'image_dialog\' href=\''.$_SESSION['settings']['cpassman_url'].'/upload/'.$reccord['file'].'\' title=\''.$reccord['name'].'\'>'.$reccord['name'].'</a><br />';
                    else
                        $files .=   '<img src=\'includes/images/'.$icon_image.'\' /><a href=\'sources/downloadFile.php?name='.urlencode($reccord['name']).'&path=../upload/'.$reccord['file'].'&size='.$reccord['size'].'&type='.urlencode($reccord['type']).'\' target=\'_blank\'>'.$reccord['name'].'</a><br />';
                    // Prepare list of files for edit dialogbox
                    $files_edit .= '<span id=\'span_edit_file_'.$reccord['id'].'\'><img src=\'includes/images/'.$icon_image.'\' /><img src=\'includes/images/document--minus.png\' style=\'cursor:pointer;\'  onclick=\'delete_attached_file(\"'.$reccord['id'].'\")\' />&nbsp;'.$reccord['name']."</span><br />";
                }
            
                
            echo '$(\'#id_label\').text("'.$data_item['label'].'");';
            echo '$(\'#id_pw\').text("'.$pw.'");';
            echo 'document.getElementById(\'id_url\').innerHTML = "'.$data_item['url'].'";';
            echo 'document.getElementById(\'id_desc\').innerHTML = "'.stripslashes(str_replace('\n','<br>',(mysql_real_escape_string($data_item['description'])))).'";';
            echo 'document.getElementById(\'id_login\').innerHTML = "'.$data_item['login'].'";';
            echo 'document.getElementById(\'id_info\').innerHTML = "'.$history.'";';
            echo 'document.getElementById(\'id_restricted_to\').innerHTML = "'.$liste_restriction.'";';
            echo 'document.getElementById(\'id_tags\').innerHTML = "'.trim($_POST['tags']).'";';
            echo 'document.getElementById(\'item_edit_list_files\').innerHTML = "'.$files_edit.'";';
            echo 'document.getElementById(\'id_files\').innerHTML = "'.$files.'";';
            
            //Fill in hidden fields
            echo 'document.getElementById(\'hid_label\').value = "'.$data_item['label'].'";';
            echo 'document.getElementById(\'hid_pw\').value = "'.$pw.'";';
            echo 'document.getElementById(\'hid_url\').value = "'.$data_item['url'].'";';
            echo 'document.getElementById(\'hid_desc\').value = "'.stripslashes(mysql_real_escape_string($data_item['description'])).'";';
            echo 'document.getElementById(\'hid_login\').value = "'.$data_item['login'].'";';
            echo 'document.getElementById(\'id_categorie\').value = "'.$data_item['id_tree'].'";';
            echo 'document.getElementById(\'id_item\').value = "'.$data_item['id'].'";';
            echo 'document.getElementById(\'hid_restricted_to\').value = "'.$data_item['restricted_to'].'";';
            echo 'document.getElementById(\'hid_tags\').value = "'.trim($_POST['tags']).'";';
            echo 'document.getElementById(\'hid_files\').value = "'.$files.'";';
            
            // function calling image lightbox when clicking on link
            echo '$(\'a.image_dialog\').click(function(event){event.preventDefault();PreviewImage($(this).attr(\'href\'),$(this).attr(\'title\'));}); ';
            
            //Send email        
            if ( !empty($_POST['diffusion']) ){
                require_once("class.phpmailer.php");
                $destinataire= explode(';',$_POST['diffusion']);
                foreach($destinataire as $mail_destinataire){
                    //envoyer ay destinataire
                    $mail = new PHPMailer();                    
                    $mail->SetLanguage("en","../includes/phpmailer/language");
                    $mail->IsSMTP();                                   // send via SMTP
                    $mail->Host     = $smtp_server; // SMTP servers
                    $mail->SMTPAuth = $smtp_auth;     // turn on SMTP authentication
                    $mail->Username = $smtp_auth_username;  // SMTP username
                    $mail->Password = $smtp_auth_password; // SMTP password  
                    $mail->From     = $email_from;
                    $mail->FromName = $email_from_name;                
                    $mail->AddAddress($mail_destinataire);     //Destinataire                              
                    $mail->WordWrap = 80;                              // set word wrap
                    $mail->IsHTML(true);                               // send as HTML            
                    $mail->Subject  =  "Mise à jour d'un mot de passe";
                    $mail->AltBody     =  "Le mot de passe de ".mysql_real_escape_string(stripslashes(($_POST['label'])))." a été mis à jour.";
                    $corpsDeMail = "Bonjour,<br><br>Le mot de passe de '" .mysql_real_escape_string(stripslashes(($_POST['label'])))."' a été mis à jour.<br /><br />".
                    "Vous pouvez le consulter <a href=\"".$_SESSION['settings']['cpassman_url']."/index.php?page=items&group=".$_POST['categorie']."&id=".$_POST['id']."\">ICI</a><br /><br />".
                    "A bientot";            
                    $mail->Body  =  $corpsDeMail;                    
                    $mail->Send();
                }
            }
            //reload if category has changed
            if ( $reload_page == true )
                echo 'window.location.href = "index.php?page=items&group='.$data_item['id_tree'].'&id='.$data_item['id'].'";';
        break;
        
        #############
        ### CASE ####
        ### Display informations of selected item    
        case "show_details_item":
            //Change the class of this selected item
            echo 'var tmp = \'fileclass\'+document.getElementById(\'selected_items\').value;';
            echo 'if ( tmp != "fileclass") document.getElementById(tmp).className = "file";';
            echo 'document.getElementById(\'selected_items\').value = "'.$_POST['id'].'";';
                    
            //Get all informations for this item
            $sql = "SELECT * 
                    FROM ".$pre."items AS i 
                    INNER JOIN ".$pre."log_items AS l ON (l.id_item = i.id) 
                    WHERE i.id=".$_POST['id']." 
                    AND l.action = 'at_creation'";
            $data_item = $db->query_first($sql);
            
            //Get all tags for this item
            $tags = "";
            $sql = "SELECT tag 
                    FROM ".$pre."tags 
                    WHERE item_id=".$_POST['id'];
            $rows = $db->fetch_all_array($sql);
            foreach ($rows as $reccord)
                $tags .= $reccord['tag']." ";
            
            //check that actual user can access this item
            $access = explode(';',$data_item['id_tree']);
            $restriction_active = true;
            $restricted_to = explode(';',$data_item['restricted_to']);
            if ( in_array($_SESSION['user_id'],$restricted_to) ) $restriction_active = false;
            if ( empty($data_item['restricted_to']) ) $restriction_active = false;

            //Uncrypt PW
            if ( isset($_POST['salt_key_required']) && $_POST['salt_key_required'] == 1 ){
                if ( empty($_POST['salt_key']) ){
                    $restriction_active = true;
                    echo '$("#edit_item_salt_key").hide();';
                }else{
                    $pw = decrypt($data_item['pw'],mysql_real_escape_string(stripslashes($_POST['salt_key'])));
                    $_SESSION['salt_key'] = $_POST['salt_key'];
                    echo '$("#edit_item_salt_key").show();';
                }
            }else{
                $pw = decrypt($data_item['pw']);
                echo '$("#edit_item_salt_key").hide();';//echo "=>".$pw;
            }
              
                            
            //check if item is expired
            if ( isset($_POST['expired_item']) && $_POST['expired_item'] == 0 ) $item_is_expired = false;
            else $item_is_expired = true;
                
                    
            //Check if actual USER can see this ITEM
            if ( ( in_array($access[0],$_SESSION['groupes_visibles']) || $_SESSION['is_admin'] == 1 ) 
                &&  ( $data_item['perso']==0 || ($data_item['perso']==1 && $data_item['id_user'] == $_SESSION['user_id'] ) )  
                && $restriction_active == false 
            ){              
                //Display menu icon for deleting if user is allowed
                if ($data_item['id_user'] == $_SESSION['user_id'] || $_SESSION['is_admin'] == 1 || ($_SESSION['user_gestionnaire'] == 1 && $_SESSION['settings']['manager_edit'] == 1) ){
                    echo '$(\'#menu_button_edit_item,#menu_button_del_item\').removeAttr(\'disabled\');';
                    $user_is_allowed_to_modify = true;
                }else{
                    echo '$(\'#menu_button_edit_item,#menu_button_del_item\').attr(\'disabled\',\'disabled\');';
                    $user_is_allowed_to_modify = false;
                }
                
                //GET Audit trail
                $historique = "";
                $rows = $db->fetch_all_array("
                    SELECT l.date AS date, l.action AS action, l.raison AS raison, u.login AS login 
                    FROM ".$pre."log_items AS l 
                    LEFT JOIN ".$pre."users AS u ON (l.id_user=u.id) 
                    WHERE id_item=".$_POST['id']
                );
                foreach ( $rows as $reccord ){  
                    $reason = explode(':',$reccord['raison']);          
                    if ( empty($historique) ) 
                        $historique = date("d/m/Y H:i:s",$reccord['date'])." - ". $reccord['login'] ." - ".$txt[$reccord['action']]." - ".(!empty($reccord['raison']) ? (count($reason) > 1 ? $txt[trim($reason[0])].' : '.$reason[1] : $txt[trim($reason[0])] ):'');
                    else
                        $historique .= "<br />".date("d/m/Y H:i:s",$reccord['date'])." - ". $reccord['login']  ." - ".$txt[$reccord['action']]." - ".(!empty($reccord['raison']) ? (count($reason) > 1 ? $txt[trim($reason[0])].' : '.$reason[1] : $txt[trim($reason[0])] ):'');                 
                }
                
                //Get restriction list
                $liste = explode(";",$data_item['restricted_to']);
                $liste_restriction = "";
                foreach($liste as $elem){
                    if ( !empty($elem) ){
                        $data2 = $db->fetch_row("SELECT login FROM ".$pre."users WHERE id=".$elem);
                        $liste_restriction .= $data2[0].";";
                    }
                }
                            
                //Prepare DIalogBox data
                if ( $item_is_expired == false ) {
                    echo 'document.getElementById(\'item_details_ok\').style.display = "";';
                    echo 'document.getElementById(\'item_details_expired\').style.display = "none";';
                }else if ( $user_is_allowed_to_modify == true && $item_is_expired == true ){
                    echo 'document.getElementById(\'item_details_ok\').style.display = "";';
                    echo 'document.getElementById(\'item_details_expired\').style.display = "";';
                }else{
                    echo 'document.getElementById(\'item_details_ok\').style.display = "none";';
                    echo 'document.getElementById(\'item_details_expired\').style.display = "";';
                }
                echo 'document.getElementById(\'item_details_nok\').style.display="none";';
                echo 'document.getElementById(\'fileclass'.$_POST['id'].'\').className = "fileselected";';
                
                echo '$(\'#id_label\').text("'.($data_item['label']).'");';
                echo '$(\'#id_pw\').text(\''.preg_replace ( "/\S/", " * ",addslashes($pw)).'\');';
                if ( substr($data_item['url'],0,7) == "http://" || substr($data_item['url'],0,8) == "https://" ) $lien = stripslashes(str_replace('\n','',mysql_real_escape_string($data_item['url'])));
                else $lien = "http://".(str_replace('\n','',mysql_real_escape_string($data_item['url'])));
                echo 'document.getElementById(\'id_url\').innerHTML = "'.stripslashes(str_replace('\n','',mysql_real_escape_string($data_item['url']))).'',!empty($data_item['url'])?'&nbsp;<a href=\''. $lien.'\' target=\'_blank\'><img src=\'includes/images/arrow_skip.png\' style=\'border:0px;\' title=\'Ouvrir la page\'></a>':'','";';
                echo 'document.getElementById(\'id_desc\').innerHTML = "'.stripslashes(str_replace('\n','<br />',mysql_real_escape_string($data_item['description']))).'";';
                echo 'document.getElementById(\'id_login\').innerHTML = "'.addslashes($data_item['login']).'";';
                if ( $data_item['perso'] == 0 ) $perso = "Non"; else $perso = "Oui";
                echo 'document.getElementById(\'id_info\').innerHTML = "'.$historique.'";';
                echo 'document.getElementById(\'id_restricted_to\').innerHTML = "'.$liste_restriction.'";';
                echo 'document.getElementById(\'id_restricted_to\').innerHTML = "'.$liste_restriction.'";';
                echo 'document.getElementById(\'id_tags\').innerHTML = "'.trim($tags).'";';
                
                //renseigner les champs masqués
                echo 'document.getElementById(\'hid_label\').value = "'.addslashes($data_item['label']).'";';
                echo 'document.getElementById(\'hid_pw\').value = \''.addslashes($pw).'\';';
                echo 'document.getElementById(\'hid_url\').value = "'.stripslashes(str_replace('\n','',mysql_real_escape_string(($data_item['url'])))).'";';
                echo 'document.getElementById(\'hid_desc\').value = "'.str_replace('<br />','\n',stripslashes(str_replace('\n','<br />',mysql_real_escape_string($data_item['description'])))).'";';
                echo 'document.getElementById(\'hid_login\').value = "'.addslashes($data_item['login']).'";';
                echo 'document.getElementById(\'id_categorie\').value = "'.$data_item['id_tree'].'";';
                echo 'document.getElementById(\'id_item\').value = "'.$data_item['id'].'";';
                echo 'document.getElementById(\'hid_restricted_to\').value = "'.$data_item['restricted_to'].'";';
                echo 'document.getElementById(\'hid_tags\').value = "'.trim($tags).'";';
                
                //Prepare clipboard copies
                if ( $pw != "" ) {
                    echo 'var clip = new ZeroClipboard.Client(); clip.setText( "'.addslashes($pw).'" ); clip.addEventListener( "onMouseDown", function(client) {$("#message_box").html("'.$txt['pw_copied_clipboard'].'").show().fadeOut(2500);});clip.glue(\'menu_button_copy_pw\');';   // 
                }
                if ( $data_item['login'] != "" ) {
                    echo 'var clip = new ZeroClipboard.Client(); clip.setText( "'.addslashes($data_item['login']).'" );clip.glue( "menu_button_copy_login" );clip.addEventListener( "onMouseDown", function(client) {$("#message_box").html("'.$txt['login_copied_clipboard'].'").show().fadeOut(2500);});';
                }
                
                //prepare link to clipboard
                $link = $_SESSION['settings']['cpassman_url'].'/index.php?page=items&group='.$data_item['id_tree'].'&id='.$data_item['id'];
                echo 'var clip = new ZeroClipboard.Client();clip.setText( "'.$link.'" );clip.addEventListener( "onMouseDown", function(client) {$("#message_box").html("'.$txt['url_copied'].'").show().fadeOut(2500);});clip.glue( "menu_button_copy_link" );'; //
                
                //Add this item to the latests list
                if ( isset($_SESSION['latest_items']) && isset($_SESSION['settings']['max_latest_items']) && !in_array($data_item['id'],$_SESSION['latest_items']) ){
                    if ( count($_SESSION['latest_items']) >= $_SESSION['settings']['max_latest_items'] ){
                        array_pop($_SESSION['latest_items']);   //delete last items
                    }
                    array_unshift($_SESSION['latest_items'],$data_item['id']);
                    //update DB
                    $db->query_update(
                        "users",
                        array(
                            'latest_items' => implode(';',$_SESSION['latest_items'])
                        ),
                        "id=".$_SESSION['user_id']
                    );
                }
                
                // Prepare files listing
                    $files = $files_edit = "";
                    // launch query
                    $rows = $db->fetch_all_array(
                        "SELECT * 
                        FROM ".$pre."files 
                        WHERE id_item=".$_POST['id']
                    );
                    foreach ($rows as $reccord){
                        // get icon image depending on file format
                        $icon_image = file_format_image($reccord['extension']);
                        // If file is an image, then prepare lightbox. If not image, then prepare donwload
                        if ( in_array($reccord['extension'],$k['image_file_ext']) )
                            $files .=   '<img src=\'includes/images/'.$icon_image.'\' /><a class=\'image_dialog\' href=\''.$_SESSION['settings']['cpassman_url'].'/upload/'.$reccord['file'].'\' title=\''.$reccord['name'].'\'>'.$reccord['name'].'</a><br />';
                        else
                            $files .=   '<img src=\'includes/images/'.$icon_image.'\' /><a href=\'sources/downloadFile.php?name='.urlencode($reccord['name']).'&path=../upload/'.$reccord['file'].'&size='.$reccord['size'].'&type='.urlencode($reccord['type']).'\'>'.$reccord['name'].'</a><br />';
                        // Prepare list of files for edit dialogbox
                        $files_edit .= '<span id=\'span_edit_file_'.$reccord['id'].'\'><img src=\'includes/images/'.$icon_image.'\' /><img src=\'includes/images/document--minus.png\' style=\'cursor:pointer;\'  onclick=\'delete_attached_file(\"'.$reccord['id'].'\")\' />&nbsp;'.$reccord['name']."</span><br />";
                    }
                    //display lists
                    echo 'document.getElementById("item_edit_list_files").innerHTML = "'.$files_edit.'";';
                    echo 'document.getElementById("id_files").innerHTML = "'.$files.'";';
                    // function calling image lightbox when clicking on link
                    echo '$(\'a.image_dialog\').click(function(event){event.preventDefault();PreviewImage($(this).attr(\'href\'),$(this).attr(\'title\'));}); ';
                
                //Refresh last seen items
                    $text = $txt['last_items_title'].":&nbsp;";
                    $_SESSION['latest_items_tab'][] = "";
                    foreach($_SESSION['latest_items'] as $item){
                        if ( !empty($item) ){
                            $data = $db->query_first("SELECT label,id_tree FROM ".$pre."items WHERE id = ".$item);
                            $_SESSION['latest_items_tab'][$item] = array(
                                'label'=>addslashes($data['label']),
                                'url'=>'index.php?page=items&amp;group='.$data['id_tree'].'&amp;id='.$item
                            );
                            $text .= '<span style=\"cursor:pointer;\" onclick=\"javascript:window.location.href = \''.$_SESSION['latest_items_tab'][$item]['url'].'\'\"><img src=\"includes/images/tag_small.png\" />'.$_SESSION['latest_items_tab'][$item]['label'].'</span>&nbsp;';
                        }
                    }
                    echo 'document.getElementById("div_last_items").innerHTML = "'.$text.'";';
                            
                    //enable copy buttons
                    echo '$("#menu_button_show_pw, #menu_button_copy_pw, #menu_button_copy_login, #menu_button_copy_link").removeAttr(\'disabled\');';
                    
                    //disable add bookmark if alread bookmarked
                    if ( in_array($_POST['id'],$_SESSION['favourites']) ) {
                        echo '$("#menu_button_add_fav").attr(\'disabled\',\'disabled\');';
                        echo '$("#menu_button_del_fav").removeAttr(\'disabled\');';
                    }else{
                        echo '$("#menu_button_add_fav").removeAttr(\'disabled\');';
                        echo '$("#menu_button_del_fav").attr(\'disabled\',\'disabled\');';
                    }
            }else{
                echo 'document.getElementById(\'item_details_nok\').style.display="";';
                echo 'document.getElementById(\'item_details_ok\').style.display = "none";'; 
                echo 'document.getElementById(\'item_details_expired\').style.display="none";';        
                echo '$(\'#menu_button_edit_item, #menu_button_del_item, #menu_button_add_fav, #menu_button_del_fav, #menu_button_show_pw, #menu_button_copy_pw, #menu_button_copy_login, #menu_button_copy_link\').attr(\'disabled\',\'disabled\');';
            }
        break;
        
        #############
        ### CASE ####
        ### Generate a password
        case "pw_generate":
            $size = $_POST['size'];
            $letters = "abcdefghijklmnopqrstuvwxyz";
            $key = "";
            if ( $_POST['num'] == "true" ) $letters .= "0123456789";
            if ( $_POST['maj'] == "true" ) $letters .= "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
            if ( $_POST['symb'] == "true" ) $letters .= "_-&#+§?+@";
            srand(time());
            for ($i=0;$i<$size;$i++)
            {
                $key.=substr($letters,(rand()%(strlen($letters))),1);
            }
            if ( isset($_POST['fixed_elem']) && $_POST['fixed_elem'] == 1 ) $myElem = $_POST['elem'];
            else $myElem = $_POST['elem'].'pw1';
            echo 'document.getElementById(\''.$myElem.'\').value = "'.$key.'";';
            
            if ( !isset($_POST['fixed_elem']) )
                echo 'runPassword(document.getElementById(\''.$myElem.'\').value, \''.$_POST['elem'].'mypassword\');';
            
            echo '$("#'.$_POST['elem'].'pw_wait").hide();';
        break;
        
        #############
        ### CASE ####
        ### Delete an item
        case "del_item":
            //delete item consists in disabling it
            $db->query_update(
                "items",
                array(
                    'inactif' => '1',
                ),
                "id = ".$_POST['id']
            );
            //log
            $db->query_insert(
                "log_items",
                array(
                    'id_item' => $_POST['id'],
                    'date' => mktime(date('H'),date('i'),date('s'),date('m'),date('d'),date('y')),
                    'id_user' => $_SESSION['user_id'],
                    'action' => 'at_delete'
                )
            );

            //Update CACHE table
            UpdateCacheTable("delete_value",$_POST['id']);

            //Reload
            echo 'window.location.href = "index.php?page=items&group='.$_POST['groupe'].'";';
        break;
        
        #############
        ### CASE ####
        ### Create a new Group
        case "new_rep":  
            //Check if title doesn't contains html codes
            if (preg_match_all("|<[^>]+>(.*)</[^>]+>|U",$_POST['title'],$out)) {
                echo '$("#div_ajout_rep").dialog("open");';
                echo 'document.getElementById("new_rep_show_error").innerHTML = "'.$txt['error_html_codes'].'";';
                echo '$("#new_rep_show_error").show();';
            }
            
            //Check if duplicate folders name are allowed
            $create_new_folder = true;
            if ( isset($_SESSION['settings']['duplicate_folder']) && $_SESSION['settings']['duplicate_folder'] == 0 ){
                $data = $db->fetch_row("SELECT COUNT(*) FROM ".$pre."nested_tree WHERE title = '".mysql_real_escape_string(stripslashes(($_POST['title'])))."'");
                if ( $data[0] != 0 ){
                    //echo 'alert(\''.$txt['error_group_exist'].'\');';
                    echo '$("#div_ajout_rep").dialog("open");';
                    echo 'document.getElementById("new_rep_show_error").innerHTML = "'.$txt['error_group_exist'].'";';
                    echo '$("#new_rep_show_error").show();';
                    $create_new_folder = false;
                }
            }
            
            if ( $create_new_folder == true ){
                //Check if group is a personnal folder
                $data = $db->fetch_row("SELECT personal_folder FROM ".$pre."nested_tree WHERE id = ".$_POST['groupe']);            
                $new_id=$db->query_insert(
                    "nested_tree",
                    array(
                        'parent_id' => $_POST['groupe'],
                        'title' => mysql_real_escape_string(stripslashes(($_POST['title']))),
                        'personal_folder' => $data[0]
                    )
                );
                
                //Add complexity
                $db->query_insert(
                    "misc",
                    array(
                        'type' => 'complex',
                        'intitule' => $new_id,
                        'valeur' => $_POST['complexite']
                    )
                );
                
                require_once('NestedTree.class.php');
                $tree = new NestedTree($pre.'nested_tree', 'id', 'parent_id', 'title');
                $tree->rebuild();
                
                //Get user's rights          
                IdentificationDesDroits($_SESSION['groupes_visibles'].';'.$new_id,$_SESSION['groupes_interdits'],$_SESSION['is_admin'],$_SESSION['fonction_id'],true);
                
                //Reload page
                echo 'window.location.href = "index.php?page=items";';
            }        
        break;
        
        #############
        ### CASE ####
        ### Update a Group
        case "update_rep":   
            //Check if title doesn't contains html codes
            if (preg_match_all("|<[^>]+>(.*)</[^>]+>|U",$_POST['title'],$out)) $html_codes = true;
            else $html_codes = false;  
            
            if ( $html_codes == true ) {
                echo '$("#div_editer_rep").dialog("open");';
                echo 'document.getElementById("edit_rep_show_error").innerHTML = "'.$txt['error_html_codes'].'";';
                echo '$("#edit_rep_show_error").show();';
            }else{      
                //update Folders table   
                $db->query_update(
                    "nested_tree",
                    array(
                        'title' => mysql_real_escape_string(stripslashes(($_POST['title'])))
                    ),
                    'id='.$_POST['groupe']
                );
                
                //update complixity value
                $db->query_update(
                    "misc",
                    array(
                        'valeur' => $_POST['complexite']
                    ),
                    'intitule = "'.$_POST['groupe'].'" AND type = "complex"'
                );
                
                //rebuild fuild tree folder
                require_once('NestedTree.class.php');
                $tree = new NestedTree($pre.'nested_tree', 'id', 'parent_id', 'title');
                $tree->rebuild();
                
                //reload page
                echo 'window.location.href = "index.php?page=items";';
            }
        break;
        
        #############
        ### CASE ####
        ### Delete a Group
        case "delete_rep":
            
            //Build tree
            require_once ("NestedTree.class.php");
            $tree = new NestedTree($pre.'nested_tree', 'id', 'parent_id', 'title');
            
            // this will delete all sub folders and items associated
            // Get through each subfolder
            $folders = $tree->getDescendants($_POST['groupe'],true);
            foreach($folders as $folder){
                //delete folder
                $db->query("DELETE FROM ".$pre."nested_tree WHERE id = ".$folder->id);
                
                //delete items & logs
                $items = $db->fetch_all_array("SELECT id FROM ".$pre."items WHERE id_tree='".$folder->id."'");
                foreach( $items as $item ) {
                    //Delete item
                    $db->query("DELETE FROM ".$pre."items WHERE id = ".$item['id']);
                    //log
                    $db->query("DELETE FROM ".$pre."log_items WHERE id_item = ".$item['id']);
                }
            }
            echo 'window.location.href = "index.php?page=items";';
        break;
        
        #############
        ### CASE ####
        ### Store hierarchic position of Group
        case 'save_position':
            require_once ("NestedTree.class.php");
            $db->query_update(
                "nested_tree",
                array(
                    'parent_id' => $_POST['destination']
                ),
                'id = '.$_POST['source']
            );
            $tree = new NestedTree($pre.'nested_tree', 'id', 'parent_id', 'title');
            $tree->rebuild();
        break;
        
        #############
        ### CASE ####
        ### List items of a group
        case 'lister_items_groupe':
            //préparer l'arborescence
            require_once ("NestedTree.class.php");
            $tree = new NestedTree($pre.'nested_tree', 'id', 'parent_id', 'title');
            $arbo = $tree->getPath($_POST['id'], true);
            $arbo_html = "";
            foreach($arbo as $elem){
                if ( $elem->title == $_SESSION['user_id'] && $elem->nlevel == 1 ) $elem->title = $_SESSION['login'];
                $arbo_html .= $elem->title." > ";
            }
            //check if items exist
            $data_count = $db->fetch_row("SELECT COUNT(*) FROM ".$pre."items WHERE inactif = 0");
            if ( $data_count[0] > 0 ){      
                //init variables
                $init_personal_folder = false;              
                $expired_item = false;  
                
                //List all ITEMS
                $html = '<ul class="liste_items">';
                $rows = $db->fetch_all_array("
                    SELECT i.id AS id, i.restricted_to AS restricted_to, i.perso AS perso, i.label AS label, i.description AS description, i.pw AS pw, 
                        l.date AS date, 
                        n.renewal_period AS renewal_period 
                    FROM ".$pre."items AS i 
                    INNER JOIN ".$pre."nested_tree AS n ON (i.id_tree = n.id) 
                    INNER JOIN ".$pre."log_items AS l ON (i.id = l.id_item) 
                    WHERE i.inactif = 0 
                    AND i.id_tree=".$_POST['id']." 
                    AND (l.action = 'at_creation' OR (l.action = 'at_modification' AND l.raison LIKE 'at_pw :%')) 
                    ORDER BY i.label ASC, l.date DESC");
                $id_managed = '';  
                $i = 0;
                $items_id_list = array();
                foreach( $rows as $reccord ) {
                    //exclude all results except the first one returned by query
                    if ( empty($id_managed) || $id_managed != $reccord['id'] ){
                        //Get Expiration date
                        $expiration_flag = '';
                        $expired_item = false;
                        if ( $_SESSION['settings']['activate_expiration'] == 1 ){
                            $expiration_flag = '<img src="includes/images/flag-green.png">';
                            if ( $reccord['renewal_period']> 0 && ($reccord['date'] + ($reccord['renewal_period'] * $k['one_month_seconds'])) < time() ){
                                $expiration_flag = '<img src="includes/images/flag-red.png">';
                                $expired_item = true;
                            }
                        }
                        //list of restricted users
                        $restricted_users_array = explode(';',$reccord['restricted_to']);
                        $item_pw = "";
                        
                        //Case where item is in own personal folder
                        if ( in_array($_POST['id'],$_SESSION['personal_visible_groups']) && $reccord['perso'] == 1 && !empty($reccord['restricted_to']) ){
                            $perso = '<img src="includes/images/tag-small-alert.png">';
                            echo 'document.getElementById("recherche_group_pf").value = "1";';
                            $action = 'AfficherDetailsItem(\''.$reccord['id'].'\',\'1\',\''.$expired_item.'\')';
                        }else
                        //CAse where item is restricted to a group of users included user
                        if ( !empty($reccord['restricted_to']) && in_array($_SESSION['user_id'],$restricted_users_array) ){
                            $perso = '<img src="includes/images/tag-small-yellow.png">';
                            echo 'document.getElementById("recherche_group_pf").value = "0";';
                            $action = 'AfficherDetailsItem(\''.$reccord['id'].'\',\'0\',\''.$expired_item.'\')';
                        }else
                        //CAse where item is restricted to a group of users included user
                        if ( $reccord['perso'] == 1 || (!empty($reccord['restricted_to']) && !in_array($_SESSION['user_id'],$restricted_users_array)) ){
                            $perso = '<img src="includes/images/tag-small-red.png">';
                            $action = 'AfficherDetailsItem(\''.$reccord['id'].'\',\'0\',\''.$expired_item.'\')';
                            //reinit in case of not personal group
                            if ( $init_personal_folder == false ){
                                echo 'document.getElementById("recherche_group_pf").value = "";';    
                                $init_personal_folder = true;
                            }
                        }
                        //Case where item can be seen by user
                        else{
                            $perso = '<img src="includes/images/tag-small-green.png">';
                            $action = 'AfficherDetailsItem(\''.$reccord['id'].'\',\'0\',\''.$expired_item.'\')';
                            //$item_pw = '<span class="ui-icon ui-icon-key" style="float: right; margin-right: .3em;" id="icon_pw_'.$reccord['id'].'">&nbsp;</span>';
                            //reinit in case of not personal group
                            if ( $init_personal_folder == false ){
                                echo 'document.getElementById("recherche_group_pf").value = "";';
                                $init_personal_folder = true;
                            }
                        }
                        $html .= '<li class="item">'.$expiration_flag.''.$perso.'&nbsp;<a id="fileclass'.$reccord['id'].'" class="file" onclick="'.$action.'">'.stripslashes($reccord['label']);
                        if (!empty($reccord['description']) )
                            $html .= '&nbsp;<font size=2px>['.strip_tags(stripslashes(substr(CleanString($reccord['description']),0,30))).']</font>';
                        $html .= '</a>'.$item_pw;
                        
                        //finish line
                        $html .= '</li>';   
                        $i ++;         
                    }
                    $id_managed = $reccord['id'];
                    
                    //build full list of items
                    /*$items_id_list($reccord['id']) = array(
                        'id' => $reccord['id'],
                        'pw' => decrypt($reccord['pw'])
                    );*/
                }
                $html .= '</ul>';
                echo 'document.getElementById(\'liste_des_items\').style.display = "";';
                echo 'document.getElementById(\'liste_des_items\').innerHTML = "'.addslashes($html).'";';
                echo 'document.getElementById(\'arborescence\').innerHTML = "'.addslashes(substr($arbo_html,0,strlen($arbo_html)-3)).'";';
                echo 'document.getElementById(\'selected_items\').value = "";';
                echo 'document.getElementById(\'hid_cat\').value = "'.$_POST['id'].'";';
                
                RecupDroitCreationSansComplexite($_POST['id']);
            }else{
                echo 'document.getElementById(\'liste_des_items\').style.display = "";';
                echo 'document.getElementById(\'liste_des_items\').innerHTML = "";';
                echo 'document.getElementById(\'arborescence\').innerHTML = "'.addslashes(substr($arbo_html,0,strlen($arbo_html)-3)).'";';
                echo 'document.getElementById(\'selected_items\').value = "";';
            }
            
            
        break;
        
        #############
        ### CASE ####
        ### Get complexity level of a group
        case "recup_complex":
            $data = $db->fetch_row("SELECT valeur FROM ".$pre."misc WHERE type='complex' AND intitule = '".$_POST['groupe']."'");        
            echo 'document.getElementById("complexite_groupe").value = "'.$data[0].'";'; 
            
            //display personal slat key input if needed
            $data_pf =  $db->fetch_row("SELECT personal_folder FROM ".$pre."nested_tree WHERE id = '".$_POST['groupe']."'");
            
            //display personal salt key input if needed
            if ( !empty($data_pf[0]) ){
                echo 'document.getElementById("new_item_salt_key").style.display = "";';
                echo '$("#edit_complex_introduction").hide();';
            }else{
                echo 'document.getElementById("new_item_salt_key").style.display = "none";';
                echo '$("#edit_complex_introduction").show();';
            }
            
            //aficher la complexité attendue
            if ( $_POST['edit']==1 ) {
                $div = "edit_complex_attendue"; 
            }else{
                $div = "complex_attendue";
            }
            echo 'document.getElementById("'.$div.'").innerHTML = "<b>', @((!empty($data[0]) || $data[0] == 0) ? $mdp_complexite[$data[0]][1] : $txt['not_defined']), '</b>";';
            
            //afficher la visibilité
            $visibilite = "";
            if ( !empty($data_pf[0]) ){
                $visibilite = $_SESSION['login'];
            }else{
                $data =  $db->fetch_row("SELECT valeur FROM ".$pre."misc WHERE type='visibilite' AND intitule = '".$_POST['groupe']."'");
                $tab = explode(';',$data[0]);
                foreach($tab as $elem){
                    //rechercher l'itnitulé du groupe
                    $data = $db->fetch_row("SELECT title FROM ".$pre."functions WHERE id = '".$elem."'");
                    if ( !empty($data[0]) ){
                        if ( empty($visibilite) ) $visibilite = $data[0];
                        else $visibilite .= " - ".$data[0];
                    }
                }
            }
            if ( $_POST['edit']==1 ) $div = "edit_afficher_visibilite"; else $div = "afficher_visibilite";
            if ( empty($visibilite) ) $visibilite = $txt['admin_error_no_visibility'];
            echo 'document.getElementById("'.$div.'").innerHTML = "<img src=\'includes/images/users.png\'>&nbsp;<b>'.$visibilite.'</b>";';
            
            RecupDroitCreationSansComplexite($_POST['groupe']);
        break;
        
        #############
        ### CASE ####
        ### Add item to my favourites
        case "add_item_to_my_favourites":
            //Check if item is not aloready in favourites
            if ( !in_array($_POST['id'],$_SESSION['favourites']) ){
                //Add new favourite
                array_push($_SESSION['favourites'],$_POST['id']);
                $db->query_update(
                    "users",
                    array(
                        'favourites' => implode(';',$_SESSION['favourites'])
                    ),
                    'id = '.$_SESSION['user_id']
                );
                //Update SESSION with this new favourite
                $data = $db->query("SELECT label,id_tree FROM ".$pre."items WHERE id = ".$_POST['id']);
                $_SESSION['favourites_tab'][$_POST['id']] = array(
                    'label'=>$data['label'],
                    'url'=>'index.php?page=items&amp;group='.$data['id_tree'].'&amp;id='.$_POST['id']
                );
            }
        break;
        
        #############
        ### CASE ####
        ### DELETE item from my favourites
        case "del_item_from_my_favourites":
            //Check if item is in favourites
            if ( in_array($_POST['id'],$_SESSION['favourites']) ){
                //delete from session
                foreach ($_SESSION['favourites'] as $key => $value){
                    if ($_SESSION['favourites'][$key] == $_POST['id']){
                        unset($_SESSION['favourites'][$key]);
                        break;
                    }
                }
                //delete from DB
                $db->query("UPDATE ".$pre."users SET favourites = '".implode(';',$_SESSION['favourites'])."' WHERE id = '".$_SESSION['user_id']."'");
                //refresh session fav list
                foreach ($_SESSION['favourites_tab'] as $key => $value){
                    if ($key == $_POST['id']){
                        unset($_SESSION['favourites_tab'][$key]);echo "=>".$key;
                        break;
                    }
                }
            }
        break;
        
        #############
        ### CASE ####
        ### DELETE attached file from an item
        case "delete_attached_file":
            //Get some info before deleting
            $data = $db->fetch_row("SELECT name,id_item,file FROM ".$pre."files WHERE id = '".$_POST['file_id']."'");
            if ( !empty($data[1]) ){
            
                //Delete from FILES table
                $db->query("DELETE FROM ".$pre."files WHERE id = '".$_POST['file_id']."'");
                
                //Update the log
                $db->query_insert(
                    'log_items',
                    array(
                        'id_item' => $data[1],
                        'date' => mktime(date('H'),date('i'),date('s'),date('m'),date('d'),date('y')),
                        'id_user' => $_SESSION['user_id'],
                        'action' => 'at_modification',
                        'raison' => 'at_del_file : '. $data[0]
                    )
                );
                
                //Strike through file
                echo '$("#span_edit_file_'.$_POST['file_id'].'").css("textDecoration", "line-through");';
                
                //Delete file from server
                @unlink("../upload/".$data[2]);
            }
        break;
        
        #############
        ### CASE ####
        ### REBUILD the description editor
        case "rebuild_description_textarea":
            //Remove existing description div
            echo '$("#'.$_POST['id'].'").remove();';
            
            //Create a new textarea for description
            if ( $_POST['id'] == "edit_desc" )
                echo '$("#'.$_POST['id'].'_span").html("<textarea rows=\"5\" cols=\"51\" id=\"'.$_POST['id'].'\">"+$("#id_desc").html()+"</textarea>");';
            else
                echo '$("#'.$_POST['id'].'_span").html("<textarea rows=\"5\" cols=\"51\" id=\"'.$_POST['id'].'\"></textarea>");';
            
            //Build editor
            echo '$("#'.$_POST['id'].'").wysiwyg({resizeOptions:true, controls: {indent  : { visible : false },outdent : { visible : false }, subscript   : { visible : false }, superscript : { visible : false }, insertOrderedList    : { visible : false }, insertUnorderedList  : { visible : false }, insertHorizontalRule : { visible : false }, insertTable : { visible : false }, h1 : { visible : false }, h2 : { visible : false }, h3 : { visible : false }, cut   : { visible : true }, copy  : { visible : true }, paste : { visible : true }, html : { visible : true }, insertImage : { visible : false }}});';
       
            //Display popup
            if ( $_POST['id'] == "edit_desc" )
                echo '$("#div_formulaire_edition_item").dialog("open");';
            else
                echo '$("#div_formulaire_saisi").dialog("open");';
            
        break;
        
        
        #############
        ### CASE ####
        ### Get password for an ITEM
        case "copy_to_clipboard":
            //Get all informations for this item
            $sql = "SELECT pw 
                    FROM ".$pre."items  
                    WHERE id=".$_POST['item_id'];
            $data_item = $db->query_first($sql);
            
            //Uncrypt PW
            $pw = decrypt($data_item['pw']);
            
            //Display clipboard flash elemnt
            echo 'var clip = new ZeroClipboard.Client();clip.setText( "'.addslashes($pw).'" );clip.addEventListener( "onMouseDown", function(client) {$("#message_box").html("'.$txt['pw_copied_clipboard'].'").show().fadeOut(2500);}); clip.glue(\'icon_cp_pw_'.$_POST['icon_id'].'\'); ';
            echo '$("#clipboard_loaded_'.$_POST['icon_id'].'").val("true");';
                    
        break;
    }
}

if ( isset($_POST['type']) ){
    //Hide the ajax loader image
    echo 'document.getElementById(\'div_loading\').style.display = "none";';
}
    

// Build the QUERY in case of GET
if ( isset($_GET['type']) ){
    switch($_GET['type'])
    {
        #############
        ### CASE ####
        ### Autocomplet for TAGS
        case "autocomplete_tags":
            //Get a list off all existing TAGS
            $rows = $db->fetch_all_array("SELECT tag FROM ".$pre."tags GROUP BY tag");
            foreach ($rows as $reccord ){
                echo $reccord['tag']."|".$reccord['tag']."\n";
            }
        break;
    }
}


#############
# FUNCTION
# Identify if this group authorize creation of item without the complexit level reached
function RecupDroitCreationSansComplexite($groupe){
    global $db, $pre;
    $data = $db->fetch_row("SELECT bloquer_creation,bloquer_modification,personal_folder FROM ".$pre."nested_tree WHERE id = '".$groupe."'");
    
    //Check if it's in a personal folder. If yes, then force complexity overhead.
    if ( $data[2] == 1 ){
        echo 'document.getElementById("bloquer_modification_complexite").value = "1";';
        echo 'document.getElementById("bloquer_creation_complexite").value = "1";';
    }else{
        echo 'document.getElementById("bloquer_creation_complexite").value = "'.$data[0].'";';
        echo 'document.getElementById("bloquer_modification_complexite").value = "'.$data[1].'";';
    }
}

?>
Return current item: cPassMan