Location: PHPKode > scripts > phptodolist > phptodolist/index.php
<?PHP

/********************************
phpToDoList V0.1 beta
@Author: ds.it (hide@address.com)
@Date: 2006-03-16
@License: GPL (GNU Public License)
**********************************/

#toggle for debug
#ini_set("display_errors","1");
#error_reporting(E_ALL);

# admin password is "admin" (you'll want to change this!)
# CHANGE these values for your needs.
##########################################################################################
$sqlHost = "localhost";
$sqlDB   = "bugtrack";
$sqlUser = "root";
$sqlPass = "";
##########################################################################################










$useDB = true; 	# not yet impl. / later we will use xml files or db
$mode = ""; 	# overall action switch
$tmpHTML = ""; 	# output
$header = '
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<style type="text/css">
<!--
label {float:left;margin:0px 0px 5px 10px;padding: 2px;}
.textfield {
font:1.1em  Verdana, Arial, Helvetica, sans-serif ;
color:#333 ;
margin:0px 0px 5px 10px;
height:20px;
border:solid 0 #fff;
padding: 3px 8px;
background: transparent url("img/formbg.gif") no-repeat;
width:200px;
width:187px;
}
.textsearch {
font:1.1em  Verdana, Arial, Helvetica, sans-serif ;
color:#333 ;
height:20px;
border:solid 0 #fff;
background: transparent url("img/formbg.gif") no-repeat;
width:70px;
padding: 3px 8px;
}

body {margin:0px;background:#fcfcfc;}
body, table, td {font-family:sans-serif;font-size:12px;}
a {text-decoration:none;color:#0066ff;}
a:hover {text-decoration:none; color:#000099;}
.mbar1 {padding:2px; float: left; top: 0px; left: 200px; position:absolute; width:300px;}
.mbar2 {padding:2px; float: left; top: 5px; right: 50px; position:absolute;width:100px; }
.mbar3 {width: 32px;position:absolute; top:0px; right:10px; padding:2px; }
.head {width: 180px;position:absolute; top:7px; left:500px; padding:2px; font-size:18px; font-weight:bold; color:white; font-stretch: extra-expanded; font-variant:small-caps;}
.logo {background:url("img/menubar.jpg") repeat-x; width:100%; top:0px;}
.tdh {background:#f0f0f0;font-weight:bold;}
a.mitem:hover{border-bottom: 1px solid white;background:url("img/menubar.jpg") repeat-x; }
//-->
</style>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body link="#0000FF" vlink="#0000FF">
<div class="logo"><img src="img/logo.jpg" width=190 height=48 border=0 alt="phpToDoList"></div>';

$footer = '</div><div style="bottom: 0px;	width:100%; height:27px; line-height:25px; position: fixed; text-align:right; background:url(\'img/footerbar.jpg\') repeat-x;"><small>© 2006 by ds.it | Last Change: 18.03.2006 by <a href="">lhasa</a> | All rights reserved. | <a href="http://www.gnu.org/copyleft/gpl.html" target="_blank">GPL</a> | <a href="http://phptodolist.sourceforge.net">phpToDoList</a> V0.1beta</small>&nbsp;</div></body></html>';
	

session_start();


if  (isset($_POST['mode'])) {	
	$mode = sanitize($_POST['mode']);
} elseif  (isset($_GET['mode'])) {
	$mode = sanitize($_GET['mode']);
}

	$connection = mysql_connect($sqlHost,$sqlUser ,$sqlPass );
	mysql_select_db( $sqlDB  ,$connection);


function sanitize($string, $allowed = array())    {
         $allow = null;
 
         if(!empty($allowed))
         {
             foreach ($allowed as $value)
             {
                 $allow .= "\\$value";
             }
         }
 
         if(is_array($string))
         {
             foreach ($string as $key => $clean)
             {
               $cleaned[$key] = preg_replace( "/[^{$allow}a-zA-Z0-9]/", "", $clean);
             }
         }
         else
         {
             $cleaned = preg_replace( "/[^{$allow}a-zA-Z0-9]/", "", $string );
         }
         return $cleaned;
}

# user logged in?
if ($_SESSION['uid']=="" || $_SESSION['username']=="") {
# no -> redirect to login page

if ( !empty($_POST['user']) && !empty($_POST['pass']) ) {
	$user = sanitize($_POST['user']);
	$pass = sanitize($_POST['pass']);

	$sQuery = "SELECT uid,id,pass,hash FROM bugtrack_users WHERE id='".$user."'";
	$result = mysql_query($sQuery,$connection);
	$userArr = array();
	while ($val = mysql_fetch_assoc($result )) {
		if ($val['id']==$user) {
			if (trim(strlen($pass))>0 && $val['pass'] == md5($pass.$val['hash'])) {
					$_SESSION['uid']=$val['uid'];
					$_SESSION['username']=$val['id'];			
					header ("Location: index.php");
			}
		}
	}


	
} else {
	$tmpHTML = "<div id='content'><fieldset>
<form method=post action=\"".$_SERVER['PHP_SELF']."\"><label for='user'>Username</label><input class='textfield' type='text' name='user'><br><label for='pass'>Password</label><input class='textfield' type='password' name='pass'><br><input type='submit' value='login'></fieldset></form>";
}


} else {

	
$header .= "

<script src='sort.js'></script>
<div class='mbar1'><a class='mitem' title='Meine Aufgaben' href='javascript:ajx(\"userlist\");'><img src='img/home.png' width=32 height=32 border=0 hspace=10 alt='Bearbeiten'></a><a class='mitem' title='Alle Aufgaben' href='javascript:ajx(\"list\")'><img hspace=10 src='img/list.png' width=32 height=32 border=0 alt='Löschen'></a><a class='mitem' title='Neue Aufgabe' href='javascript:ajx(\"new\")'><img hspace=10 src='img/new.png' width=32 height=32 border=0 alt='Neuer Eintrag'></a><a class='mitem' title='Einstellungen' href='javascript:ajx(\"config\")'><img hspace=10 src='img/config.png' width=32 height=32 border=0 alt='config'></a><a class='mitem' title='Hilfe' href='javascript:ajx(\"help\");'><img hspace=10 src='img/help.png' width=32 height=32 border=0 alt='Hilfe'></a></div>
<div class='head' id='heading'>Welcome</div>
<div class='mbar2'><form method=post><input class='textsearch' size='8' type=text name='searchtxt'><input type=submit value='>' name='search'></form></div>
<div class='mbar3'><a class='mitem' title='Benutzer abmelden' href='?mode=logout'><img src='img/lock.png' width=32 height=32 border=0 hspace=5 alt='Benutzer abmelden'></a></div>
<div id='content' style=''>
";
	$sQuery = "SELECT * FROM bugtrack_users";
	$result = mysql_query($sQuery,$connection);
	$userArr = array();
	while ($rows = mysql_fetch_assoc($result )) {
		Array_push($userArr,$rows);
	}

$dateNow = date("d.m.Y, H:i \U\h\\r");
			$bugNr		 = "";
			$bugStatus   = "";
			$bugDate 	 = $dateNow;
			$bugUrl 	 = "";
			$bugTxt	 	 = "";
			$bugTyp 	 = "";
			$bugPro 	 = "";
			$bugPrio 	 = "";
			$assigned	 = "";
			$from		 = "";

	$statArr = array(0 => "Open",1 => "20%",2 => "40%",3 => "60%",4 => "80%",5 => "Done");
	$prioArr = array(0 => "Low",1 => "Normal",2 => "High",3 => "Alert");


	if (isset($_POST['userMail'])) {
			$sQuery = "UPDATE bugtrack_users SET username = '" . sanitize($_POST['userName']) . "', userpass = '" . sanitize($_POST['userPass']) . "',usermail = '" . sanitize($_POST['userMail']) . "' WHERE username = '".$_SESSION['username']."'";
		$result = mysql_query($sQuery,$connection);
	}
	else if (!empty($_POST['updateuser'])) {

#			if (trim(strlen($pass))>0 && $val['pass'] == md5($pass.$val['hash'])) 

	if (!empty($_POST["newpass"])) {
	            $HASH_VAR=date('YmdHis').$_SERVER['REMOTE_ADDR'];
	            $hash=md5($HASH_VAR);
	            $newpass=md5($_POST["newpass"].$hash);
	} else {
		$newpass = "";
	}

	
$activeMark = "0";
if ($_POST["active"]=="on") {$activeMark ="1";}
			$sQuery = "UPDATE bugtrack_users SET " .
"id='" . $_POST["id"] . "', " .
"email='" . $_POST["email"] . "', " .
"active='" . $activeMark . "', " .
"lname='" . $_POST["lname"] . "', " .
"fname='" . $_POST["fname"] . "', " .
"mname='" . $_POST["mname"] . "', " .
"hash='" . $hash . "', " .
"phone='" . $_POST["phone"] . "', " .
"pass='" . $newpass .  "' " .
"WHERE uid='".$_POST["uid"]."'";
		
#		echo $sQuery ;
			$result = mysql_query($sQuery,$connection);
			echo mysql_error();
		
     }
	else if (!empty($_POST['saveuser'])) {

#			if (trim(strlen($pass))>0 && $val['pass'] == md5($pass.$val['hash'])) 

	if (!empty($_POST["newpass"])) {
	            $HASH_VAR=date('YmdHis').$_SERVER['REMOTE_ADDR'];
	            $hash=md5($HASH_VAR);
	            $newpass=md5($_POST["newpass"].$hash);
	} else {
		$newpass = "";
	}
$activeMark = "0";
if ($_POST["active"]=="on") {$activeMark ="1";}
	
			$sQuery = "INSERT INTO bugtrack_users VALUES ('".
			$_POST["uid"]."', '','','". 
			$_POST["id"]."','".
			$_POST["lname"] . "', '" .
			$_POST["fname"] . "', '" .
			$_POST["mname"] . "', '" .
 			$_POST["email"] . "', '" .
			$_POST["phone"] . "', '" .
			$newpass . "', '" .
			$hash .  "', '" .
			$activeMark . "', '','', '" . date('Y-m-d H:i:s') . "','','')";
		echo $sQuery ;
#			$result = mysql_query($sQuery,$connection);
			echo mysql_error();
		
     }



	else if (isset($_POST['add'])) {
	
	 if (!empty($_POST['newType'])) {

	 	$sQuery = "SELECT * FROM bugtrackcat WHERE bugcat = '". sanitize($_POST['newType']) . "'";
		$result = mysql_query($sQuery,$connection);
		$numRows = mysql_num_rows($result);
		if ($numRows == 0) {
			$sQuery = "INSERT INTO bugtrackcat VALUES('','" . sanitize($_POST['newType']) . "','cat');";
			$result = mysql_query($sQuery,$connection);
		}
		else {
			$sQuery = "DELETE FROM bugtrackcat WHERE bugcat = '" . sanitize($_POST['newType']) . "' AND type='cat';";
			$result = mysql_query($sQuery,$connection);
		}
		
	 
	 } else if (!empty($_POST['newBrowser'])) {

	 	$sQuery = "SELECT * FROM bugtrackcat WHERE bugcat = '". sanitize($_POST['newBrowser']) . "'";
		$result = mysql_query($sQuery,$connection);
		$numRows = mysql_num_rows($result);
		if ($numRows == 0) {
			$sQuery = "INSERT INTO bugtrackcat VALUES('','" . sanitize($_POST['newBrowser']) . "','browser');";
			$result = mysql_query($sQuery,$connection);
		}
		else {
			$sQuery = "DELETE FROM bugtrackcat WHERE bugcat = '" . sanitize($_POST['newBrowser']) . "' AND type='browser';";
			$result = mysql_query($sQuery,$connection);
		}
	 } else if (!empty($_POST['newUser'])) {
			$sQuery = "INSERT INTO bugtrack_users VALUES('','" . sanitize($_POST['newUser']) . "','','');";
			$result = mysql_query($sQuery,$connection);
			echo mysql_error();
		
     }
	
	
	}
	else if (isset($_POST['save'])) {

	$dateNow = date("Y-m-d H:i:s");

	if ($_POST['browser'] == "") {$typ = "5";}
	else {$browser = sanitize($_POST['browser']);}

	if ($_POST['typ'] == "") {$typ = "5";}
	else {$typ = sanitize($_POST['typ']);}

	$sQuery ="INSERT INTO bugtrack  VALUES (''," .
		 "'" . $dateNow . "'," .  	 
		 "'Open'," .  
		 "'" . str_replace("'","''",sanitize($_POST['url']))  . "'," .  
		 "'" . str_replace("'","''",sanitize($_POST['txt'])) . "'," . 
		 "'" . $typ . "'," . 
		 "'" .str_replace("'","''",sanitize($_POST['pro']))  . "'," .
		 "'" . $browser . "'," . 
		 "'" . sanitize($_POST['prio']). "',".
		 "'" . sanitize($_POST['assigned']) . "',".		 
		 "'" . sanitize($_POST['from']) . "')";	 
		$result = mysql_query($sQuery,$connection);
			
	}
	else if (isset($_POST['update'])) {
	if ($_POST['typ'] == "") {$typ = "5";}
	else {$typ = sanitize($_POST['typ']);}

	if ($_POST['browser'] == "") {$typ = "5";}
	else {$browser = sanitize($_POST['browser']);}

	if (sanitize($_POST['bugStatus'])=="5") {

		foreach ($userArr as $k=>$v) {
			if ($v[uid]==sanitize($_POST['assigned'])) {
				$EMAILF = $v[email];
			} else if ($v[uid]==sanitize($_POST['from'])){
				$email['tomail'] = $v[email];
			}
		}

		$email['subject']= "Task confirmation: [" . substr($_POST['txt'],0,25) . "]";
		$email['msg'] = "The task ".sanitize($_POST['url'])."<br>".sanitize($_POST['txt'])." has been completed. Please review.\n\n";

		$email["headers"]="Return-path: ".$EMAILF."\n";
		$email["headers"].="From: <".$EMAILF.">\n";
		$email["headers"].="Reply-To: <".$EMAILF.">\n";
		$email['tomail'] = sanitize($_POST['email']);
		@mail($email['tomail'], $email['subject'], $email['msg'], $email['headers']);

	
	}
	
	$sQuery ="UPDATE bugtrack SET bugStatus=" .
		 "'" . $_POST['bugStatus'] . "',bugUrl=".
		 "'" .str_replace("'","''",sanitize($_POST['url'])) . "',bugTxt=" .  
		 "'" .str_replace("'","''",sanitize($_POST['txt']))  . "',bugTyp=" . 
		 "'" . $typ . "', browser='" . $browser . "',bugPro=" . 
		 "'" . str_replace("'","''",sanitize($_POST['pro']))  . "',bugPrio=" .
		 "'" . $_POST['prio'] . "',assigned=".
		 "'" . $_POST['assigned'] . "',`from`=".		 
		 "'" . $_POST['from'] . "' WHERE bugNr = '".sanitize($_POST['bugNr'])."'";	 
		$result = mysql_query($sQuery,$connection);
	}
	





	$sQuery = "SELECT * FROM bugtrack ORDER BY bugPrio DESC, bugStatus ASC";
	if ($_GET['mode']=="userlist") {
	$sQuery = "SELECT * FROM bugtrack WHERE assigned = '".$_SESSION['uid']."'"; }
	$result = mysql_query($sQuery,$connection);
	$bugArr = array();
	while ($rows = mysql_fetch_assoc($result )) {
		Array_push($bugArr,$rows);
	}


	
	$sQuery = "SELECT * FROM bugtrackcat WHERE type='cat'";
	$result = mysql_query($sQuery,$connection);
	$typeArr = array();
	while ($rows = mysql_fetch_assoc($result )) {
		Array_push($typeArr,$rows['bugcat']);
	}
	$sQuery = "SELECT * FROM bugtrackcat WHERE type='browser'";
	$result = mysql_query($sQuery,$connection);
	$browserArr = array();
	while ($rows = mysql_fetch_assoc($result )) {
		Array_push($browserArr,$rows['bugcat']);
	}
	if ($mode=="edit") {
		$sQuery = "SELECT * FROM bugtrack WHERE bugNr = '".sanitize($_GET['id'])."'";
		$result = mysql_query($sQuery,$connection);
		while ($rows = mysql_fetch_assoc($result )) {
			$bugNr		 = $rows['bugNr'];
			$bugStatus   = $rows['bugStatus'];
			$bugDate 	 = $rows['date_add'];
			$bugUrl 	 = $rows['bugUrl'];
			$bugTxt	 	 = $rows['bugTxt'];
			$bugTyp 	 = $rows['bugTyp'];
			$browser 	 = $rows['browser'];
			$bugPro 	 = $rows['bugPro'];
			$bugPrio 	 = $rows['bugPrio'];
			$assigned	 = $rows['assigned'];
			$from		 = $rows['from'];			
		}
	}
	else if ($mode=="del") {
		$sQuery = "DELETE FROM bugtrack WHERE bugNr = '".sanitize($_GET['id'])."'";
		$result = mysql_query($sQuery,$connection);
	}
	else if ($mode=="user") {
		$sQuery = "SELECT usermail FROM bugtrack_users WHERE username = '".$_SESSION['username']."'";
		$result = mysql_query($sQuery,$connection);
		while ($rows = mysql_fetch_row($result )) {
			$userEmail		 = $rows[0];			
		}
	}
	else if ($mode=="savepwd") {
	    $pass = sanitize($_POST['newpass']);
		
		$sQuery = "UPDATE bugtrack_users SET pass='".$pass."' WHERE username = '".$_SESSION['username']."'";
		$result = mysql_query($sQuery,$connection);
		
	}

	if (isset($_POST['searchtxt'])) {

		$searchRes = "<b>Search results</b><br><br>";
		$sQuery = "SELECT * FROM bugtrack WHERE bugTxt LIKE '%".sanitize($_POST['searchtxt'])."%' OR bugUrl = '%".$_POST['searchtxt']."%' OR bugPro = '%".sanitize($_POST['searchtxt'])."%'";
		$result = mysql_query($sQuery,$connection);
		while ($rows = mysql_fetch_assoc($result )) {
			$searchRes .= "<b> #".$rows['bugNr'] ."</b>  ". 
				 $rows['bugUrl'] ." <br> ". 
				 $rows['bugTxt'] ." / ". 
				 $rows['bugPro'] ."<br><br>";
	
		}
		$searchRes .= "<br><br>";
	}
mysql_close($connection);






if (isset($_POST['search'])) {
	$tmpHTML .= $searchRes;
}
if ($mode=="del") {

	$tmpHTML .= "Eintrag gelöscht.";

}

else if ($mode=="new" || $mode=="edit") {
$tmpHTML .= '
<form method="post" action="'.$_SERVER['PHP_SELF'].'">
<table width=100% border="0" cellpadding=3 cellspacing=2>';

if ($mode=="edit") {
$tmpHTML .= '
<tr bgcolor="#f0f0f0" >
	<td colspan=3 valign=center align=left>
	<table width=100%>
	<tr>
	<td colspan=3>
	<b style="font-size:20px;"> #'.$bugNr .'&nbsp;'.substr($bugTxt,0,20).'</b> 
	</td>
	</tr>
	<tr>
	<td>
	<b>Date:</b>	
	</td>
	<td>

	</td>
	<td align=right>'.$bugDate.'&nbsp;
	</td>
	</tr>
	</table>
	
	</td>
	<td bgcolor="#ffffff" ></td>
</tr>';
} 
$tmpHTML .= '
<tr bgcolor="#f0f0f0" >
	<td valign=top>&nbsp;<b>Description:</b></td>
	<td colspan=2><textarea name="txt" style="width:650px;" rows=5 >'.$bugTxt .'</textarea></td>
	<td bgcolor="#ffffff" ></td>
</tr>
<tr bgcolor="#f0f0f0" >
	<td valign=top>&nbsp;<b>URL:</b></td>
	<td colspan=2><input type="text" name="url" value="'.$bugUrl .'" style="width:650px;"></td>
	<td bgcolor="#ffffff" ></td>
</tr>


<tr bgcolor="#f0f0f0" >
	<td valign=top>&nbsp;<b>Type:</b></td>
	<td valign=middle align=left><select name="typ" style="width:200px;">
		<option value="">-- Please choose --';
			
			foreach ($typeArr as $key => $val) {
			if ($bugTyp!="") {
				if ($key == $bugTyp) {	$tmpHTML .= "<option selected value='".$key."'>".$val;	} 
				else {				    $tmpHTML .=  "<option value='".$key."'>".$val; 			}
			} else {
					$tmpHTML .= "<option value='".$key."'>".$val;
			}
			}
$tmpHTML .= '</select>';

if ($_SESSION['username']=="admin") {$tmpHTML .= '<input type="text" name="newType" value="" style="width:160px;"><input type="submit" name="add" value=">>" > neue Kategorie';};
	
$tmpHTML .= '</td>
	<td valign=middle align=center></td>
	<td valign=top  bgcolor="#ffffff" ></td>
</tr>
<tr bgcolor="#f0f0f0" >
	<td valign=top>&nbsp;<b>Browser:</b></td>
	<td valign=middle align=left><select name=browser style="width:200px;">
		<option value="">-- Please choose --';
			
			foreach ($browserArr as $key => $val) {
			if ($bugTyp!="") {
				if ($key == $browser) {	$tmpHTML .=  "<option selected value='".$key."'>".$val;	} 
				else {				    $tmpHTML .=  "<option value='".$key."'>".$val; 			}
			} else {
					$tmpHTML .=  "<option value='".$key."'>".$val;
			}
			}
$tmpHTML .= '</select>';

if ($_SESSION['username']=="admin") {$tmpHTML .= '<input type="text" name="newBrowser" value="" style="width:160px;"><input type="submit" name="add" value=">>" > neuer Browser';};
	
$tmpHTML .= '</td>
	<td valign=middle align=center></td>
	<td bgcolor="#ffffff" ></td>
</tr>
<tr bgcolor="#f0f0f0" >
	<td valign=top>&nbsp;<b>Suggestion:</b></td>
	<td colspan=2><textarea name="pro" style="width:650px;" rows=2>'.$bugPro.'</textarea></td>
	<td bgcolor="#ffffff" ></td>
</tr>
<tr bgcolor="#f0f0f0" >
	<td valign=middle>&nbsp;<b>Task for:</b></td>
	<td valign=middle align=left><select name="assigned" style="width:200px;">
	<option value="">Please choose';
			
			foreach ($userArr as $k => $v) 
			{
			if ($assigned==$v['uid']) {
				$tmpHTML .=  '<option selected value="'.$v['uid'].'">' . ucfirst($v['id']);
			}
			else {
				$tmpHTML .=  '<option value="'.$v['uid'].'">' . ucfirst($v['id']);
			}
			}
$tmpHTML .= '</select>';

if ($_SESSION['username']=="admin") {$tmpHTML .= '<input type="text" name="newUser" value="" style="width:160px;"><input type="submit" name="add" value=">>" > neuer User';};
	
$tmpHTML .= '</td>
	<td valign=middle align=center></td>	
	<td bgcolor="#ffffff" ></td>
</tr>';

if ($mode=="edit") {

if ($assigned == $_SESSION['uid']) {
$tmpHTML .= '
<tr bgcolor="#f0f0f0" >
	<td valign=top>&nbsp;<b>Status</b></td>
	<td colspan=2>
	<select name="bugStatus">
	<option value="">-- Please choose --';
	
		for ($i=0;$i<=count($statArr)-1;$i++) {
		if ($i==$bugStatus ) {
		$tmpHTML .=  "<option selected value='".$i."' >".$statArr[$i]; 
		} else {
		$tmpHTML .= "<option value='".$i."' >".$statArr[$i]; }
	}
	
$tmpHTML .= '
	</select>
	</td>
	<td bgcolor="#ffffff" ></td>
</tr>
<tr bgcolor="#f0f0f0" >
	<td valign=top>&nbsp;<b>Priority</b></td>
	<td colspan=2><select name="prio">
	<option value="">-- Please choose --';
	
	for ($i=0;$i<=count($prioArr)-1;$i++) {
		if ($i==$bugPrio ) {
		$tmpHTML .=  "<option selected value='".$i."' >".$prioArr[$i]; 
		} else {
		$tmpHTML .=  "<option value='".$i."' >".$prioArr[$i]; }
	}
$tmpHTML .= '
	</select>
	</td>
	<td bgcolor="#ffffff" ></td>
</tr>
<tr >
	<td colspan=3 align=center><input type="hidden" name="bugNr" value="'.$bugNr .'"><input type="hidden" name="from" value="'.$_SESSION['uid'].'"><input type="submit" name="update" style="width:180px;" value="Save changes"></td>
	<td bgcolor="#ffffff" ></td>
</tr>';


}
} else {
$tmpHTML .= '
<tr >
	<td colspan=3 align=center><input type="hidden" name="from" value="'.$_SESSION['uid'] .'"><input type="submit" name="save" style="width:180px;" value="send report"></td>
	<td bgcolor="#ffffff" ></td>
</tr>';

}
$tmpHTML .= '

</table>
</form>
<br><br><br>';







}
else if ($mode=="list" || $mode=="" || $mode=="userlist") {
$tmpHTML .= '
<table class="sortable" id="unique_id" cellpadding=3 cellspacing=2 style="border:1px solid gray;" width=100%>
<tr style="font-weight:bold;background:#f0f0f0;">
	<td width=40>&nbsp;</td><td valign=top>&nbsp;Nr.</td><td >Status</td><td  width=80 nowrap>Priority</td><td width=100%>Description</td><td>URL</td><td width=100>Date</td><td  width=60>for</td>
</tr>';
			

			foreach ($bugArr as $k => $v) {
			if ($v['bugPrio']=="3") 
			{$tmpHTML .=  "<tr style=\"background:#fc6666;\">";}		#sehr hoch
			else if ($v['bugStatus']=="5") 
			{$tmpHTML .=  "<tr style='text-decoration: line-through;'>";}			#erledigt
			else {echo "<tr style=\"background:#e8fce8;\">";}  
			$tmpHTML .=  "<td nowrap='nowrap'><a href='" .$_SERVER['PHP_SELF'] . "?mode=edit&id=".$v['bugNr']."'><img src='img/edit.png' hspace=2 border=0></a>";
			if ($v['from'] == $_SESSION['uid']) {
			$tmpHTML .=  "<a href='" .$_SERVER['PHP_SELF'] . "?mode=del&id=".$v['bugNr']."'><img src='img/delete.png' hspace=2 border=0></a>";
			}
			$tmpHTML .=  "</td><td>".$v['bugNr']."</td>
				  <td>".$statArr[$v['bugStatus']]."</td>
				  <td>".$prioArr[$v['bugPrio']] . "</td>
				  <td>".substr($v['bugTxt'],0,50)."</td>
				  <td><a href='".$v['bugUrl']."' title='".$v['bugUrl']."'>".substr($v['bugUrl'],0,25)."</a></td>
				  <td>".substr($v['date_add'],0,10)."&nbsp;</td>";
		foreach ($userArr as $kk => $kv) {
			if ($kv['uid']==$v['assigned']) {
							$tmpHTML .=  "<td>".$kv['id']."&nbsp;</td>";
			break;
			}
		}
		$tmpHTML .= '</tr>';
}
$tmpHTML .= '
</table>
<br><br>';

}
else if ($mode == "logout") {
unset($_SESSION['uid']);
unset($_SESSION['username']);
session_unset();
session_destroy();
header("Location: index.php");
}
else if ($mode == "config") {
$tmpHTML .= '<form name=pwd method=post>';

	if ($_SESSION['username'] == "admin") {
	
	#userlist
		$tmpHTML .=  "<table ><tr><td width=300 valign=top><table cellpadding=3 cellspacing=2 width=300 style='border:1px solid gray;' ><tr><td><h3>User List <input type='button' onclick='location.href=\"index.php?mode=config&id=new\"' value='new'></h3></td></tr>";
			foreach ($userArr as $kk => $kv) {
				$tmpHTML .=  "<tr><td nowrap='nowrap'><a href='" .$_SERVER['PHP_SELF'] . "?mode=config&id=".$kv['uid']."'><img src='img/edit.png' hspace=2 border=0 align=absmiddle>".$kv['id']."</a></tr>";
			}
		$tmpHTML .= '</table></td>';
	#edit user
	if ($_GET['id']!="new") {
		$tmpHTML .= '<td width=300 valign=top><table cellpadding=3 cellspacing=2 style="border:1px solid gray;" >';
		foreach ($userArr as $k=>$v) {
			if (($v['uid']==$_GET['id'])) {
				$activechk = "";
				if ($v['active']=="1") { $activechk = "checked"; }
				$tmpHTML .= '
				<tr><td class="tdh">Username:</td><td><input name="id" type="text" value="'.$v['id'].'"></td>
				</tr><tr><td class="tdh">EMail:</td><td><input name="email" type="text" value="'.$v['email'].'"></td>
				</tr><tr><td class="tdh">Active:</td><td><input name="active" type="checkbox" name="active" '.$activechk.'></td>
				</tr><tr><td class="tdh">Surname:</td><td><input name="lname" type="text" value="'.$v['lname'] .'"></td>
				</tr><tr><td class="tdh">Name:</td><td><input name="fname" type="text" value="'. $v['fname'] .'"></td>
				</tr><tr><td class="tdh">Middle:</td><td><input name="mname" type="text" value="'.$v['mname'] .'"></td>
				</tr><tr><td class="tdh">Phone:</td><td><input name="phone" type="text" value="'. $v['phone'] . '"></td>
				</tr><tr><td class="tdh">Pass:</td><td><input name="newpass" type="password" name="newpass" value=""></td>
				</tr><tr><td></td><td><input type="submit" name="deleteuser" value="delete"><input type="submit" name="updateuser" value="update user"><input name="uid" type="hidden" value="'.$v['uid'].'"><br><br></td></tr>';
			}
		}
	} else {
			$tmpHTML .= '<td width=300 valign=top><table cellpadding=3 cellspacing=2 style="border:1px solid gray;" >';
			$tmpHTML .= '
				<tr><td class="tdh">Username:</td><td><input name="id" type="text" value="'.$v['id'].'"></td>
				</tr><tr><td class="tdh">EMail:</td><td><input name="email" type="text" value="'.$v['email'].'"></td>
				</tr><tr><td class="tdh">Active:</td><td><input name="active" type="checkbox" name="active" '.$activechk.'></td>
				</tr><tr><td class="tdh">Surname:</td><td><input name="lname" type="text" value="'.$v['lname'] .'"></td>
				</tr><tr><td class="tdh">Name:</td><td><input name="fname" type="text" value="'. $v['fname'] .'"></td>
				</tr><tr><td class="tdh">Middle:</td><td><input name="mname" type="text" value="'.$v['mname'] .'"></td>
				</tr><tr><td class="tdh">Phone:</td><td><input name="phone" type="text" value="'. $v['phone'] . '"></td>
				</tr><tr><td class="tdh">Pass:</td><td><input name="newpass" type="password" name="newpass" value=""></td>
				</tr><tr><td></td><td><input type="submit" name="deleteuser" value="delete"><input type="submit" name="saveuser" value="save user"><input name="uid" type="hidden" value="'.$v['uid'].'"><br><br></td></tr>';

	}
	
	$tmpHTML .=  "</table></td></tr></table>";
	
	}
	else {
	
				$tmpHTML .= '<table cellpadding=3 cellspacing=2 style="border:1px solid gray;" >';
			$tmpHTML .= '
				<tr><td class="tdh">Username:</td><td>'.$_SESSION['username'].'</td>
				</tr><tr><td class="tdh">EMail:</td><td><input name="email" type="text" value="'.$v['email'].'"></td>
				</tr><tr><td class="tdh">Surname:</td><td><input name="lname" type="text" value="'.$v['lname'] .'"></td>
				</tr><tr><td class="tdh">Name:</td><td><input name="fname" type="text" value="'. $v['fname'] .'"></td>
				</tr><tr><td class="tdh">Middle:</td><td><input name="mname" type="text" value="'.$v['mname'] .'"></td>
				</tr><tr><td class="tdh">Phone:</td><td><input name="phone" type="text" value="'. $v['phone'] . '"></td>
				</tr><tr><td class="tdh">Pass:</td><td><input name="newpass" type="password" name="newpass" value=""></td>
				</tr><tr><td></td><td><input type="submit" name="updateuser" value="save user"><input name="uid" type="hidden" value="'.$_SESSION['uid'].'"><br><br></td></tr></table>';
	}
	
$tmpHTML .= '</form>';

}
else if ($mode == "help") {
$tmpHTML .= '
<table cellpadding=3 cellspacing=2  	width=100%>
<tr style="">
	<td>
	<div style="border: 1px solid gray; padding: 5px; width: 90%;"> 
	<div style="background: rgb(240, 240, 240) none repeat scroll 0% 50%; font-size: 16px;">
	<strong>My Tasks / Task-List </strong></div> 
	<ul><br><strong>red/rot </strong>- alert / Priorität sehr hoch<br>
	<br><strong>white/weiss</strong> - finished tasks / erledigte Aufgaben<br>
	<br><strong>green/grün </strong>- all other tasks / alle anderen Aufgaben<br>
	<br>List is sorted by priority and status.
	<br>Die Liste ist nach Priorität und zusätzlich nach Status sortiert. </ul></div>
	<br>
	<br>
	<div style="border: 1px solid gray; padding: 5px; width: 90%;"> 
	<div style="background: rgb(240, 240, 240) none repeat scroll 0% 50%; font-size: 16px;"><strong>Neu</strong></div> 
	<ul><br><b>New, Delete / Neu anlegen, Löschen</b><br>Everyone can change every task. Only the task initiator can delete a task. Status and priority are controlled by the assigned user.
	<br>Jeder kann jede Aufgabe ändern. Nur der Auftraggeber kann eine Aufgabe löschen. Status und Priorität werden vom Beauftragten festgelegt. <br><br>
	<b>Type, Browser, Task for / Art, Browser, Auftrag für</b>
	<br>To add or delete a category, type the new/old name and click ">>".
	<br>Um einen Eintrag zur Kategorienliste hinzufügen bzw. zu löschen, den neuen/entsprechenden Namen eingeben 
	und ">>" klicken. 
	<br><br><b>Task for / Auftrag für:</b>
	<br>After a task is finished the task initiator gets a confirmation mail.
	<br>Nachdem die Aufgabe erledigt wurde, erhält der Auftraggeber eine EMail über die Fertigstellung. </ul></div>  
	</td>
</tr>
</table>';
}

$tmpHTML .= "<script>";
$tmpHTML .= "function submitter(command) {";
$tmpHTML .= "	document.forms.siteflx.action.value = command;";
$tmpHTML .= "	document.forms.siteflx.submit();";
$tmpHTML .= " } ";	
$tmpHTML .= "</script>";		
}


if ($_GET['ajx']) {
	echo $tmpHTML;
} else {
	echo $header . $tmpHTML . $footer;
}
Return current item: phptodolist