<?php
// notes_view.php - PHProjekt Version 3.3
// copyright  ©  2000-2002 Albrecht Guenther  hide@address.com
// www.phprojekt.com
// Author: Albrecht Guenther


// check whether the lib has been included - authentication!
if (!defined("lib_included")) die("Please use index.php!");
$include_path = "lib/permission.inc.php";
include_once $include_path;

// **************
// navigation bar

grab_settings(array('up', 'sort', 'perpage', 'keyword'));

if(!$_GET['mode']) {

if($submit_copy) {
	// then we'll copy it
} elseif($submit_mail) {
	// we'll mail it
} elseif($submit_modify && $note_id) {
	// we'll modify it
	$result = db_query("replace into ".$DB['current'].".notes values('$note_id','$user_ID','$title','$remark','$contact','$ext',".time().",".time().",'$projekt', '$clientname')");
} elseif($submit_create && !$note_id) {
	// we'll add it
	if (!$title)
		// throw error
		echo "<br> You must enter a title for this note.";
	else
		$result = db_query("INSERT INTO ".$DB['current'].".notes values('','$user_ID','$title','$remark','$contact','$ext',".time().",".time().",'$projekt', '$clientname')");
}



// For our sorting/filter cirtieria, go ahead and get our data
$where = "";

if($client_id)
	$where .= "(client_id='$client_id') AND ";

$where = "WHERE ($where 1)";

if (!$sort)
	$sort = "note_id";
$direction = $up ? 'ASC' : 'DESC';

if (!$perpage)
	$perpage = 30;
if($page)
	$page = 0;
							

$result = db_query("select count(note_id) from ".$DB['current'].".notes $where");
$row = db_fetch_row($result);
$num_records = $row[0];

$limit = "LIMIT ".$page*$perpage.",$perpage";

$query=sprintf("select `note_id`, `name`, `remark`, `notes`. `contact`, `added`, `changed`, `projekt`, `ext`, `von`, `notes`.`client_id`, `clientname` from `%s`.`notes`,`%s`.`clients` %s%s`clients`.`client_id`=`notes`.`client_id` order by %s %s %s;", $DB['current'], $DB['core'], $where, ($where?" and ":""), $sort, $direction, $limit);
$result=$sql_session->query($query);


//
// Start outputting the page
//


// filter & items per page
echo "<table border=0>\n";
echo form_open_post("index.php?sys_module=notes");

// filter
echo "<td>Search:</td><td>".form_text('keyword', $keyword, 15)."</td>";	

// set default per page
echo "<td>&nbsp;".form_select_open('perpage');
for ($i = 10; $i <= 50; $i+=10)
	echo form_option($i, $i, ($i == $perpage));
echo form_select_close()." $items</td>\n";

// end perpage slect box, next submit button
echo "<td>".form_image("img/los.gif")."</td>".form_close()."</tr>\n";

// define 'next' & 'previous' button
$page_n = $page + 1;
$page_p = $page - 1;
if ($page)
	echo "<a href='".href("index.php?sys_module=notes&page=$page_p")."'>$previous</a>&nbsp;&nbsp;";
if ($num_records > $page_n*$perpage)
	echo "<a href='".href("index.php?sys_module=notes&page=$page_n")."'>$next</a>";
		
//echo "</td></tr></table><br>";
  
// ***********
// record list
// ***********

// end table form and begin table with record list
echo "<table width=100%>\n<tr><td width=40>&nbsp;</td>\n";
function makesort($width, $key, $name) {
	global $DB, $sort, $up;

	if($sort != $key)
		$href = "<a href='".href("index.php?sys_module=notes&sort=$key")."'>$name</a>";
	else
		$href = "$name<a href='".href("index.php?sys_module=notes&up=".($up ? '0' : '1'))."'>&nbsp;".($up ? '^' : 'v')."</a>";
	
	return "<td><b>$href</b></td>\n";
}

echo makesort(20, "name", $forum_text5);
echo makesort(20, "added", $notes_text2);
echo makesort(20, "changed", $notes_text3);
if ($adressen and !$contacts_nolink)
	echo makesort(20, "contact", $proj_text12);
if ($projekte)
	echo makesort(20, "projekt", $l_text11);
echo makesort(20, "client_id", "Client");
echo "</tr>\n";

?>
  	<script language="javascript">
		function urlprompt(url) {
			if(confirm("Are you sure you want to delete this note?")) {
				document.location=url;
			}
		}
	</script>
<?php

while ($row = db_fetch_row($result)) {
	if ($b >= $page*$perpage and $b < ($page+1)*$perpage) {
		$title = html_out($row[1]);
		$remark = html_out(trim(substr($row[2],0,60)));
		$ref = href("index.php?sys_module=notes&note_id=$row[0]&mode=view");
		tr_tag($ref);
		
		// button with text of the remark
		echo "<td width=40 valign=middle><img src=img/b.gif alt='$remark' title='$remark' width=7>\n";
		
		// ... delete button
		if ($row[8] == $user_ID) {
			echo "<a href=\"javascript:urlprompt('".href("index.php?sys_module=notes&note_id=$row[0]&mode=data&action=delete")."');\"><img src='img/r.gif' alt='$delete_it' title='$delete_it' border=0 width=7></a>\n";
			// ... and personal button
			if (!$row[7]) {
				echo "<img src=img/g.gif alt='$datei_text13' title='$datei_text13' width=7>\n";
			}
		}
		// title and link to the full note
		echo "<td><b><a href='".href("index.php?sys_module=notes&note_id=$row[0]&mode=view")."'>$title</a></b></td>\n";
		
		// dates
		$added = time_string($row[4]);
		$changed = time_string($row[5]);
		echo "<td width=95>$added&nbsp;</td><td width=95>$changed&nbsp;</td>\n";
		// contact
		if ($adressen and !$contacts_nolink) {
			echo "<td>";
			if ( $row[3] > 0) {
				$result2 = db_query("select nachname from ".$DB['core'].".contacts where ID = '$row[3]'");
				$row2 = db_fetch_row($result2);
				echo "$row2[0]";
			} else
				$row2[0] = "";
			echo "&nbsp;</td>\n";
		}
		// project
		if ($projekte) {
			echo "<td>";
			if ($row[6] > 0) {
				$result3 = db_query("select name from ".$DB['current'].".projekte where ID = '$row[6]'");
				$row3 = db_fetch_row($result3);
				echo "$row3[0]";
			} else
				$row2[0] = "";
			echo "&nbsp;</td>\n";
		}
		//client
		printf("<td>&nbsp;%s</td>", $row[10]);
		echo "</tr>\n";
	}
	$b++;
}

echo "</table><br>";
// fetch data from record
$title = "";
$remark = "";
} else {
if ($note_id) {
	// fetch values from db
	$result = db_query("select * from ".$DB['current'].".notes where note_id = '$note_id'");
	$row = db_fetch_row($result);
	// only check whether the user is the owner if 
	// 1. notes is private or 
	// 2. in group system user is not in this group or
	// in groupless system the value ext is not set to 1
	if (!$row[5] or ($groups and $row[5] <> $user_group) or (!$groups and $row[5] <> 1))
		// check permission and if a record exist
		check_permission("notes","von",$note_id);

	$title = html_out($row[2]);
	$remark = html_out($row[3]);
}
////////////////////////
// display input form //
////////////////////////
	echo form_open_post("index.php?sys_module=notes", "", "name=frm onSubmit=\"return chkForm('frm','title','$opt_bm4!')\"");
	echo form_hidden('note_id', $note_id);
	echo "<br><table>\n";

	// title ...
echo "<tr><td>$forum_text5: ".form_text('title', $title, 60);

echo "<td rowspan='2'>";

// BEGIN right-hand side sub table
echo "<table>";

// contact link
if ($adressen and !$contacts_nolink) {
	echo "<tr><td>";
	if (!$contact_ID)
		$contact_ID = $row[4];
	echo "$proj_text12: </td><td>".form_select_open('contact').form_option(0);
	$result2 = db_query("select ID, nachname, vorname from ".$DB['core'].".contacts where (von = '$user_ID' or acc like 'a') and $sql_user_group order by nachname");
	while ($row2 = db_fetch_row($result2))
		echo form_option($row2[0], "$row2[1], $row2[2]", ($contact_ID == $row2[0]));
	echo form_select_close()."</td></tr>\n";
}
// project link
if ($projekte) {
	echo "<tr><td>";
	if (!$projekt_ID)
		$projekt_ID = $row[8];
	echo "$l_text11: </td><td>".form_select_open('projekt').form_option(0);
	// prepare query for function
	$query = "where $sql_user_group";
	// call function to show all required elemts in a tree structure in the select box
	show_elements_of_tree("projekte","name",$query,"personen"," order by name",$projekt_ID,"parent",0);
	echo form_select_close()."</td></tr>";
}


// client
echo "<tr><td>Client: </td><td>";
printf("<select name=\"clientname\">\n<option value=\"None\">None\n");
$result2=$sql_session->query("select client_id, clientname from `".$DB['core']."`.`clients` order by clientname;");
while($row2=$sql_session->get_row($result2)) {
	printf("<option value=\"%s\"%s>%s\n", $row2[0], ($row2[0]==$row[9]?" selected":""), $row2[1]);
}
printf("</select></td></tr>");


// checkbox for general note			CLEAN UP!!!!!!!
// show only if you are the author		CLEAN UP!!!!!!!
//if ($row[1] == $user_ID or !$note_id) {
	echo "<tr><td>Open to all: </td><td>";
	// in the group system the value for this field is be the group ID
	if ($groups == "1")
		$ext_value = $user_group;
	// but the groupless system the group doesn't have any number, so define the value of this field simply as '1'
	else
		$ext_value = "1";
	echo form_checkbox('ext', $ext_value, ($row[5] > 0), ($row[1] == $user_ID or !$note_id));
//} else
	// otherwise as hidden field so the other user shouldn't change this flag
	// do we really need this?  -- adam
//	echo "<input type='hidden' name='ext' value='$row[5]'>\n";
echo "</td></tr>";
echo "<tr><td></td><td>";


// buttons
//echo"<tr><td colspan=2><input type=image class=image src='img/los.gif' border='0' id='tr'><br></td></tr>";
if ($note_id) {
	echo form_submit('Modify', 'submit_modify')."</td></tr>";
	
	//print, copy or mail
	echo "<tr><td>";
	echo form_submit('Copy', 'submit_copy', "onClick=\"return confirm*$confirm')\"")." or ";
	echo form_submit('Mail', 'submit_mail', "onClick=\"return confirm('$confirm')\"")." to:</td><td>";
	echo form_select_open('pers_ID');
	$result3 = db_query("select ID from ".$DB['core'].".users where ID <> '$user_ID'");
	while ($row3 = db_fetch_row($result3)) {
		$result2 = db_query("select ID, nachname, vorname from ".$DB['core'].".users where ID = '$row3[0]' order by nachname");
		$row2 = db_fetch_row($result2);
		echo form_option($row2[0], "$row2[1], $row2[2]")."\n";
	}
	echo form_select_close();
	echo "</td></tr>";
} else {
	echo form_submit('Create', 'submit_create')."</td></tr>";
}
	echo "</table>";

	echo "</td></tr>\n";
	// ... and remark
	echo "<tr><td><textarea name=\"remark\" rows=\"15\" cols=\"70\" wrap=physical style=\"width:100%;\">".$remark."</textarea></td><td></td></tr>";
	echo "</table>";
	echo form_close();
}
?>