PageRenderTime 72ms CodeModel.GetById 28ms RepoModel.GetById 0ms app.codeStats 0ms

/common.php

https://github.com/obenauer/equilibrium
PHP | 685 lines | 510 code | 109 blank | 66 comment | 135 complexity | 00a96263cb24b226c8d22e6ba9eb2096 MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.0 
    

  1. <?php
    2. 

  2. // Copyright 2008, St. Jude Children's Research Hospital.
    3. 

  3. // Written by Dr. John Obenauer, john.obenauer@stjude.org.
    4. 

  4. 

  5. // This file is part of Equilibrium.  Equilibrium is free software:
    6. 

  6. // you can redistribute it and/or modify it under the terms of the
    7. 

  7. // GNU General Public License as published by the Free Software
    8. 

  8. // Foundation, either version 2 of the License, or (at your option)
    9. 

  9. // any later version.
    10. 

  10. 

  11. // Equilibrium is distributed in the hope that it will be useful,
    12. 

  12. // but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14. 

  14. // GNU General Public License for more details.
    15. 

  15. 

  16. // You should have received a copy of the GNU General Public License
    17. 

  17. // along with Equilibrium.  If not, see <http://www.gnu.org/licenses/>.
    18. 

  18. 

  19. require("check_login.php");
    20. 

  20. require("config.php");
    21. 

  21. 

  22. // Check for passed arguments
    23. 

  23. if (isset($_GET['action'])) {
    24. 

  24.     $action = $_GET['action'];
    25. 

  25. } else {
    26. 

  26.     $action = "";
    27. 

  27. }
    28. 

  28. 

  29. if (isset($_GET['cmd'])) {
    30. 

  30.     $cmd = $_GET['cmd'];
    31. 

  31. } else {
    32. 

  32.     $cmd = "";
    33. 

  33. }
    34. 

  34. 

  35. if (isset($_REQUEST['staff'])) {
    36. 

  36.     $staff = $_REQUEST['staff'];
    37. 

  37. } else {
    38. 

  38.     if ($_SESSION['SESSION_STAFF'] == "Y") {
    39. 

  39.         $staff = $_SESSION['SESSION_USERID'];
    40. 

  40.     } else {
    41. 

  41.         $staff = 0;
    42. 

  42.     }
    43. 

  43. }
    44. 

  44. 

  45. if (isset($_REQUEST['status'])) {
    46. 

  46.     $status = $_REQUEST['status'];
    47. 

  47. } else {
    48. 

  48.     $status = "Active";
    49. 

  49. }
    50. 

  50. 

  51. if (isset($_REQUEST['todostatus'])) {
    52. 

  52.     $todostatus = $_REQUEST['todostatus'];
    53. 

  53. } else {
    54. 

  54.     $todostatus = "Completed";
    55. 

  55. }
    56. 

  56. 

  57. if (isset($_REQUEST['priority'])) {
    58. 

  58.     $priority = $_REQUEST['priority'];
    59. 

  59. } else {
    60. 

  60.     $priority = "High";
    61. 

  61. }
    62. 

  62. 

  63. if (isset($_REQUEST['calmode'])) {
    64. 

  64.     $calmode = $_REQUEST['calmode'];
    65. 

  65. } else {
    66. 

  66.     $calmode = 0;
    67. 

  67. }
    68. 

  68. 

  69. if (isset($_REQUEST['edit_priv'])) {
    70. 

  70.     $edit_priv = $_REQUEST['edit_priv'];
    71. 

  71. } else {
    72. 

  72.     $edit_priv = "N";
    73. 

  73. }
    74. 

  74. 

  75. if (isset($_REQUEST['content'])) {
    76. 

  76.     $content = $_REQUEST['content'];
    77. 

  77. } else {
    78. 

  78.     $content = "";
    79. 

  79. }
    80. 

  80. 

  81. if (isset($_REQUEST['order'])) {
    82. 

  82.     $order = $_REQUEST['order'];
    83. 

  83. } else {
    84. 

  84.     $order = "";
    85. 

  85. }
    86. 

  86. 

  87. if (isset($_REQUEST['page'])) {
    88. 

  88.     $page = $_REQUEST['page'];
    89. 

  89. } else {
    90. 

  90.     $page = 1;
    91. 

  91. }
    92. 

  92. 

  93. if (isset($_REQUEST['pageflag'])) {
    94. 

  94.     $pageflag = $_REQUEST['pageflag'];
    95. 

  95. } else {
    96. 

  96.     $pageflag = 0;
    97. 

  97. }
    98. 

  98. 

  99. if (isset($_REQUEST['dragonly'])) {
    100. 

  100.     $dragonly = $_REQUEST['dragonly'];
    101. 

  101. } else {
    102. 

  102.     $dragonly = 0;
    103. 

  103. }
    104. 

  104. 

  105. if ((isset($_REQUEST['project'])) && (is_numeric($_REQUEST['project']))) {
    106. 

  106.     $project = $_REQUEST['project'];
    107. 

  107. } else {
    108. 

  108.     $project = 0;
    109. 

  109. }
    110. 

  110. 

  111. if ((isset($_REQUEST['duty'])) && (is_numeric($_REQUEST['duty']))) {
    112. 

  112.     $duty = $_REQUEST['duty'];
    113. 

  113. } else {
    114. 

  114.     $duty = 0;
    115. 

  115. }
    116. 

  116. 

  117. if (isset($_REQUEST['maxresults'])) {
    118. 

  118.     $maxresults = $_REQUEST['maxresults'];
    119. 

  119.     if ($maxresults == 0) {
    120. 

  120.         $maxresults = 20;
    121. 

  121.     }
    122. 

  122. } else {
    123. 

  123.     $maxresults = 20;
    124. 

  124. }
    125. 

  125. 

  126. if (isset($_REQUEST['newtext'])) {
    127. 

  127.     $newtext = $_REQUEST['newtext'];
    128. 

  128. } else {
    129. 

  129.     $newtext = 0;
    130. 

  130. }
    131. 

  131. 

  132. if (isset($_REQUEST['pdflag'])) {
    133. 

  133.     $pdflag = $_REQUEST['pdflag'];
    134. 

  134. } else {
    135. 

  135.     $pdflag = "";
    136. 

  136. }
    137. 

  137. 

  138. if (isset($_REQUEST['pdchange'])) {
    139. 

  139.     $pdchange = $_REQUEST['pdchange'];
    140. 

  140. } else {
    141. 

  141.     $pdchange = 0;
    142. 

  142. }
    143. 

  143. 

  144. if (isset($_REQUEST['staffchange'])) {
    145. 

  145.     $staffchange = $_REQUEST['staffchange'];
    146. 

  146. } else {
    147. 

  147.     $staffchange = 0;
    148. 

  148. }
    149. 

  149. 

  150. if (isset($_REQUEST['visibility'])) {
    151. 

  151.     $visibility = $_REQUEST['visibility'];
    152. 

  152. } else {
    153. 

  153.     $visibility = "Public";
    154. 

  154. }
    155. 

  155. 

  156. if (isset($_REQUEST['scheduledate'])) {
    157. 

  157.     $scheduledate = $_REQUEST['scheduledate'];
    158. 

  158. } else {
    159. 

  159.     $scheduledate = "";
    160. 

  160. }
    161. 

  161. 

  162. if (isset($_REQUEST['fromdate'])) {
    163. 

  163.     $fromdate = $_REQUEST['fromdate'];
    164. 

  164. } else {
    165. 

  165.     // Default: one month ago
    166. 

  166.     $prevmonth = mktime(0, 0, 0, date("m") - 1, date("d"), date("Y"));
    167. 

  167.     $fromdate = date("Y", $prevmonth) . "-" . date("m", $prevmonth) . "-" .    
    168. 

  168.         date("d", $prevmonth);
    169. 

  169. }
    170. 

  170. 

  171. if (isset($_REQUEST['todate'])) {
    172. 

  172.     $todate = $_REQUEST['todate'];
    173. 

  173. } else {
    174. 

  174.     // Default: today's date
    175. 

  175.     $todate = date('Y') . "-" . date('m') . "-" . date('d');
    176. 

  176. }
    177. 

  177. 

  178. // Declare PHP functions
    179. 

  179. require("equilibrium.php");
    180. 

  180. 

  181. // Commands that don't generate HTML output
    182. 

  182. switch($cmd) {
    183. 

  183.     case "updatelist";
    184. 

  184.         if ($order) {
    185. 

  185.             $todo_order = explode(",", $order);
    186. 

  186.             
    187. 

  187.             if ($project) {
    188. 

  188.                 $order_var = "project_order";
    189. 

  189.             } else if ($duty) {
    190. 

  190.                 $order_var = "duty_order";
    191. 

  191.             } else {
    192. 

  192.                 $order_var = "order_number";
    193. 

  193.             }
    194. 

  194.             
    195. 

  195.             if ($calmode) {
    196. 

  196. 

  197.                 // Remove alphabetic div's from to-do order
    198. 

  198.                 $modlist = array();
    199. 

  199.                 $modcount = 0;
    200. 

  200.                 for ($i = 0; $i < count($todo_order); $i++) {
    201. 

  201.                     if (is_numeric($todo_order[$i])) {
    202. 

  202.                         $modlist[$modcount] = $todo_order[$i];
    203. 

  203.                         $modcount++;
    204. 

  204.                     }
    205. 

  205.                 }
    206. 

  206.                 $numeric_todos = implode(",", $modlist);
    207. 

  207. 

  208.                 // Retrieve existing order of to-do's
    209. 

  209.                 $conn = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD)
    210. 

  210.                     or die ("Cannot connect to database. " . mysql_error() . "\n<br>\n");
    211. 

  211.                 mysql_select_db(DB_DATABASE);
    212. 

  212.                 $get_orig_order = mysql_query("select todo_id from todos " .
    213. 

  213.                     "where todo_id in ($numeric_todos) order by $order_var asc ");
    214. 

  214.                 $oldorder = array();
    215. 

  215.                 $oldcount = 0;
    216. 

  216.                 while ($row = mysql_fetch_array($get_orig_order, MYSQL_ASSOC)) {
    217. 

  217.                     $oldorder[$oldcount] = $row['todo_id'];
    218. 

  218.                     $oldcount++;
    219. 

  219.                 }
    220. 

  220.                 mysql_free_result($get_orig_order);
    221. 

  221. 

  222.                 // Get schedule dates of to-do's near the moved one
    223. 

  223.                 $mover = 0;
    224. 

  224.                 $datepartner = 0;
    225. 

  225.                 find_mover($oldorder, $todo_order, $mover, $datepartner);
    226. 

  226. 

  227.                 // Re-assign scheduled date of moved to-do item
    228. 

  228.                 $get_copy_date = mysql_query("select schedule_date from todos " .
    229. 

  229.                     "where todo_id = \"" . $datepartner . "\" ");
    230. 

  230.                 if ($row = mysql_fetch_array($get_copy_date, MYSQL_ASSOC)) {
    231. 

  231.                     $copied_date = $row['schedule_date'];
    232. 

  232.                 }
    233. 

  233.                 mysql_free_result($get_copy_date);
    234. 

  234.                 if (($copied_date == "0000-00-00") || ($copied_date == "")) {
    235. 

  235.                     $copied_date = "NULL";
    236. 

  236.                 } else {
    237. 

  237.                     // Don't allow scheduling a to-do to a past date
    238. 

  238.                     $parts = explode("-", $copied_date);
    239. 

  239.                     $calday = mktime(0, 0, 0, $parts[1], $parts[2], $parts[0]);
    240. 

  240.                     $today = mktime(0, 0, 0, date("m"), date("d"), date("Y"));
    241. 

  241.                     if ($calday < $today) {
    242. 

  242.                         $copied_date = "NULL";
    243. 

  243.                     }
    244. 

  244.                 }
    245. 

  245.                 $query = "update todos set schedule_date = \"" . $copied_date . "\" " .
    246. 

  246.                     "where todo_id = \"" . $mover . "\" ";
    247. 

  247.                 $update = mysql_query($query);
    248. 

  248.                 if ($update != 1) {
    249. 

  249.                     $errorflag = 1;
    250. 

  250.                 }
    251. 

  251.             }
    252. 

  252. 

  253.             // Re-order to-do items in response to drag and drop
    254. 

  254.             $conn = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE);
    255. 

  255.             $errorflag = 0;
    256. 

  256.             $offset = ($page - 1) * $maxresults;
    257. 

  257.             for ($i = 0; $i < count($todo_order); $i++) {
    258. 

  258.                 
    259. 

  259.                 $query = "update todos set $order_var = \"" . ($offset + $i + 1) . "\" " .
    260. 

  260.                     "where todo_id = \"" . $todo_order[$i] . "\" ";
    261. 

  261.                 //printf("query = $query (page = $page)<br>\n");
    262. 

  262.                 $update = $conn->query($query);
    263. 

  263.                 if ($update != 1) {
    264. 

  264.                     $errorflag = 1;
    265. 

  265.                 }
    266. 

  266.             }
    267. 

  267.             // Close the database connection
    268. 

  268.             $conn->close();
    269. 

  269. 

  270.             $new_todolist = build_todolist($staff, $status, $todostatus, $priority, 
    271. 

  271.                 $calmode, $project, $duty, $pageflag, $dragonly, $page, $maxresults);
    272. 

  272.             printf($new_todolist);
    273. 

  273.             exit;
    274. 

  274.         } else {
    275. 

  275.             printf("<p>Error updating to-do list: Order is not specified.</p>\n");
    276. 

  276.             require("footer.php");
    277. 

  277.             exit;
    278. 

  278.         }
    279. 

  279. 

  280.         break;
    281. 

  281. 

  282.     // Delete to-do item
    283. 

  283.     case "deleteitem";
    284. 

  284. 

  285.         $conn = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) 
    286. 

  286.             or die ("Cannot connect to database. " . mysql_error() . "\n<br>");
    287. 

  287.         mysql_select_db(DB_DATABASE);
    288. 

  288.         $content = trim(mysql_real_escape_string($content));
    289. 

  289.         $result = mysql_query("DELETE FROM todos WHERE todo_id = '$content'");
    290. 

  290.         mysql_close($conn);
    291. 

  291.         $new_todolist = build_todolist($staff, $status, $todostatus, $priority, 
    292. 

  292.             $calmode, $project, $duty, $pageflag, $dragonly, $page, $maxresults);
    293. 

  293.         printf($new_todolist);
    294. 

  294.         exit;
    295. 

  295.         break;
    296. 

  296. 

  297.     case "edititem";
    298. 

  298. 

  299.         $conn = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) 
    300. 

  300.             or die ("Cannot connect to database. " . mysql_error() . "\n<br>");
    301. 

  301.         mysql_select_db(DB_DATABASE);
    302. 

  302.         //$newtext = trim(mysql_real_escape_string($newtext));
    303. 

  303.         if (($scheduledate) && ($scheduledate != "NULL") && ($scheduledate != "000-00-00")) {
    304. 

  304.             $scheduleclause = "schedule_date = \"$scheduledate\", ";
    305. 

  305.         } else {
    306. 

  306.             $scheduleclause = "schedule_date = NULL, ";
    307. 

  307.         }
    308. 

  308.         if ($pdflag == "Project") {
    309. 

  309.             $edit_item = mysql_query("UPDATE todos set description = \"" . $newtext . 
    310. 

  310.                 "\", project_id = \"$pdchange\", duty_id = \"0\", " .
    311. 

  311.                 "staff_assigned = \"$staffchange\", $scheduleclause " . 
    312. 

  312.                 "visibility = \"$visibility\" WHERE todo_id = '$content' ");
    313. 

  313.         
    314. 

  314.         } else if ($pdflag == "Duty") {
    315. 

  315.             $edit_item = mysql_query("UPDATE todos set description = \"" . $newtext . 
    316. 

  316.                 "\", duty_id = \"$pdchange\", project_id = \"0\", " .
    317. 

  317.                 "staff_assigned = \"$staffchange\", $scheduleclause " . 
    318. 

  318.                 "visibility = \"$visibility\" WHERE todo_id = '$content' ");
    319. 

  319.                 
    320. 

  320.         } else {
    321. 

  321.             $edit_item = mysql_query("UPDATE todos set description = \"" . $newtext . 
    322. 

  322.                 "\", staff_assigned = \"$staffchange\", $scheduleclause " . 
    323. 

  323.                 "visibility = \"$visibility\" WHERE todo_id = '$content' ");
    324. 

  324.         }
    325. 

  325.         mysql_close($conn);
    326. 

  326. 

  327.         $new_todolist = build_todolist($staff, $status, $todostatus, $priority, 
    328. 

  328.             $calmode, $project, $duty, $pageflag, $dragonly, $page, $maxresults);
    329. 

  329.         //$new_todolist .= "UPDATE todos set description = \"" . $newtext . 
    330. 

  330.         //        "\", duty_id = \"$pdchange\", project_id = \"0\", " .
    331. 

  331.         //        "staff_assigned = \"$staffchange\", " . 
    332. 

  332.         //        "visibility = \"$visibility\" WHERE todo_id = '$content' ";
    333. 

  333.         printf($new_todolist);
    334. 

  334.         exit;
    335. 

  335. 

  336.         break;
    337. 

  337. 

  338.     case "additem";
    339. 

  339. 

  340.         // Add new item
    341. 

  341.         $conn = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) 
    342. 

  342.             or die ("Cannot connect to database. " . mysql_error() . "\n<br>");
    343. 

  343.         mysql_select_db(DB_DATABASE);
    344. 

  344.         //$newtext = trim(mysql_real_escape_string($content));
    345. 

  345.         $newtext = trim($content);
    346. 

  346.         if ($newtext) {
    347. 

  347.             if ($pdflag == "Project") {
    348. 

  348.                 
    349. 

  349.                 // Move existing to-do items up in order
    350. 

  350.                 $start_trans = mysql_query("start transaction ");
    351. 

  351.                 $get_order = mysql_query("SELECT todo_id from todos " .
    352. 

  352.                     "where project_id = \"$pdchange\" " .
    353. 

  353.                     "and completed = 'N' " .
    354. 

  354.                     "order by project_order asc ");
    355. 

  355.                 $count = 2;
    356. 

  356.                 while ($row = mysql_fetch_array($get_order, MYSQL_ASSOC)) {
    357. 

  357.                     $set_order = mysql_query("update todos set project_order = \"$count\" " .
    358. 

  358.                         "where todo_id = \"" . $row['todo_id'] . "\" ");
    359. 

  359.                     $count++;
    360. 

  360.                 }
    361. 

  361.                 mysql_free_result($get_order);
    362. 

  362.                     
    363. 

  363.                 // Assign this to-do the same visibility as its project
    364. 

  364.                 $get_vis = mysql_query("SELECT visibility from projects " .
    365. 

  365.                     "where project_id = \"$pdchange\" ");
    366. 

  366.                 if ($row = mysql_fetch_array($get_vis, MYSQL_ASSOC)) {
    367. 

  367.                     $visibility = $row['visibility'];
    368. 

  368.                 } else {
    369. 

  369.                     $visibility = 'Public';
    370. 

  370.                 }
    371. 

  371.                 mysql_free_result($get_vis);
    372. 

  372.                 
    373. 

  373.                 // Add new item at top of list
    374. 

  374.                 $add_item = mysql_query("INSERT into todos (description, " .
    375. 

  375.                     "project_id, duty_id, staff_assigned, project_order, " .
    376. 

  376.                     "visibility) " .
    377. 

  377.                     "values (\"$newtext\", \"$pdchange\", \"0\", \"$staff\", " .
    378. 

  378.                     "\"1\", \"$visibility\" ) ");
    379. 

  379.                 $stop_trans = mysql_query("commit ");
    380. 

  380.                 
    381. 

  381.             } else if ($pdflag == "Duty") {
    382. 

  382.                 
    383. 

  383.                 // Move existing to-do items up in order
    384. 

  384.                 $start_trans = mysql_query("start transaction ");
    385. 

  385.                 $get_order = mysql_query("SELECT todo_id from todos " .
    386. 

  386.                     "where duty_id = \"$pdchange\" " .
    387. 

  387.                     "and completed = 'N' " .
    388. 

  388.                     "order by duty_order asc ");
    389. 

  389.                 $count = 2;
    390. 

  390.                 while ($row = mysql_fetch_array($get_order, MYSQL_ASSOC)) {
    391. 

  391.                     $set_order = mysql_query("update todos set duty_order = \"$count\" " .
    392. 

  392.                         "where todo_id = \"" . $row['todo_id'] . "\" ");
    393. 

  393.                     $count++;
    394. 

  394.                 }
    395. 

  395.                 mysql_free_result($get_order);
    396. 

  396.                 
    397. 

  397.                 // Assign this to-do the same visibility as its duty
    398. 

  398.                 $get_vis = mysql_query("SELECT visibility from duties " .
    399. 

  399.                     "where duty_id = \"$pdchange\" ");
    400. 

  400.                 if ($row = mysql_fetch_array($get_vis, MYSQL_ASSOC)) {
    401. 

  401.                     $visibility = $row['visibility'];
    402. 

  402.                 } else {
    403. 

  403.                     $visibility = 'Public';
    404. 

  404.                 }
    405. 

  405.                 mysql_free_result($get_vis);
    406. 

  406.                 
    407. 

  407.                 // Add new item at top of list
    408. 

  408.                 $add_item = mysql_query("INSERT into todos (description, " .
    409. 

  409.                     "project_id, duty_id, staff_assigned, duty_order, " .
    410. 

  410.                     "visibility) " .
    411. 

  411.                     "values (\"$newtext\", \"0\", \"$pdchange\", \"$staff\", " .
    412. 

  412.                     "\"1\", \"$visibility\" ) ");
    413. 

  413.                 $stop_trans = mysql_query("commit ");
    414. 

  414.             
    415. 

  415.             } else {
    416. 

  416.                 
    417. 

  417.                 // Query conditions for To Do page
    418. 

  418.                 if ($status == "All") {
    419. 

  419.                     $statusclause = "";
    420. 

  420.                 } else if ($status == "Open") {
    421. 

  421.                     $statusclause = "and ((p.status in ('Pending', 'Active', 'Suspended') " .
    422. 

  422.                         "or t.project_id = 0) " .
    423. 

  423.                         "and (d.status = \"Active\"  or t.duty_id = 0)) ";
    424. 

  424.                 } else {
    425. 

  425.                     $statusclause = "and ((p.status = \"$status\" " .
    426. 

  426.                         "or t.project_id = 0) " .
    427. 

  427.                         "and (d.status = \"Active\"  or t.duty_id = 0)) ";
    428. 

  428.                 }
    429. 

  429.                 
    430. 

  430.                 // Only let people add items as themselves, but can reassign later
    431. 

  431.                 $staffclause = "and t.staff_assigned = \"" . 
    432. 

  432.                     $_SESSION['SESSION_USERID'] . "\" ";
    433. 

  433.                 
    434. 

  434.                 // Move existing to-do items up in order
    435. 

  435.                 $start_trans = mysql_query("start transaction ");
    436. 

  436.                 $get_order = mysql_query("SELECT t.todo_id from todos as t " .
    437. 

  437.                     "left join projects as p on t.project_id = p.project_id " .
    438. 

  438.                     "left join duties as d on t.duty_id = d.duty_id " .
    439. 

  439.                     "where project_id = \"$pdchange\" " .
    440. 

  440.                     "and completed = 'N' " .
    441. 

  441.                     $statusclause . $staffclause .
    442. 

  442.                     "order by order_number asc ");
    443. 

  443.                 $count = 2;
    444. 

  444.                 while ($row = mysql_fetch_array($get_order, MYSQL_ASSOC)) {
    445. 

  445.                     $set_order = mysql_query("update todos set order_number = \"$count\" " .
    446. 

  446.                         "where todo_id = \"" . $row['todo_id'] . "\" ");
    447. 

  447.                     $count++;
    448. 

  448.                 }
    449. 

  449.                 mysql_free_result($get_order);
    450. 

  450.                 
    451. 

  451.                 // Add new item at top of list
    452. 

  452.                 $add_item = mysql_query("INSERT into todos (description, project_id, " .
    453. 

  453.                     "duty_id, staff_assigned, order_number) values (\"" . $newtext . "\", \"0\", " .
    454. 

  454.                     "\"0\", \"$staff\", \"1\" ) ");
    455. 

  455.                 $stop_trans = mysql_query("commit ");
    456. 

  456.             
    457. 

  457.             }
    458. 

  458.         }
    459. 

  459.         mysql_close($conn);
    460. 

  460. 

  461.         $new_todolist = build_todolist($staff, $status, $todostatus, $priority, 
    462. 

  462.             $calmode, $project, $duty, $pageflag, $dragonly, $page, $maxresults);
    463. 

  463.         printf($new_todolist);
    464. 

  464.         exit;
    465. 

  465. 

  466.         break;
    467. 

  467. 

  468.       // Toggle task priority
    469. 

  469.       case 'togglepriority':
    470. 

  470. 

  471.         $conn = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD)
    472. 

  472.             or die ("Cannot connect to database. " . mysql_error() . "\n<br>");
    473. 

  473.         mysql_select_db(DB_DATABASE);
    474. 

  474.         // escape input data
    475. 

  475.         $content = trim(mysql_real_escape_string($content));
    476. 

  476. 

  477.         // Check whether task is high or low priority already
    478. 

  478.         $result = mysql_query('SELECT priority FROM todos ' .
    479. 

  479.             'where todo_id = "' . $content . '"');
    480. 

  480.         $row = mysql_fetch_array($result, MYSQL_ASSOC);
    481. 

  481.         if ($row['priority'] == "High") {
    482. 

  482. 

  483.             // mark task low priority
    484. 

  484.             $result = mysql_query('UPDATE todos set priority = "Low" WHERE todo_id="'
    485. 

  485.                 . $content . '"');
    486. 

  486. 

  487.         } else {
    488. 

  488. 

  489.             // mark task completed
    490. 

  490.             $result = mysql_query('UPDATE todos set priority = "High" WHERE todo_id="'
    491. 

  491.                 . $content . '"');
    492. 

  492.         }
    493. 

  493.         mysql_close($conn);
    494. 

  494. 

  495.         $new_todolist = build_todolist($staff, $status, $todostatus, $priority, 
    496. 

  496.             $calmode, $project, $duty, $pageflag, $dragonly, $page, $maxresults);
    497. 

  497.         printf($new_todolist);
    498. 

  498.         exit;
    499. 

  499. 

  500.         break;
    501. 

  501.     //}
    502. 

  502. 

  503.     case "togglecomplete";
    504. 

  504. 

  505.         $conn = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) 
    506. 

  506.             or die ("Cannot connect to database. " . mysql_error() . "\n<br>");
    507. 

  507.         mysql_select_db(DB_DATABASE);
    508. 

  508.         $content = trim(mysql_real_escape_string($content));
    509. 

  509.         
    510. 

  510.         // Check whether task is already marked completed
    511. 

  511.         $result = mysql_query('SELECT completed FROM todos ' .
    512. 

  512.             'where todo_id = "' . $content . '"');
    513. 

  513.         $row = mysql_fetch_array($result, MYSQL_ASSOC);
    514. 

  514.         if ($row['completed'] == "Y") {
    515. 

  515.         
    516. 

  516.             // mark task NOT completed
    517. 

  517.             $result = mysql_query('UPDATE todos set completed = "N", ' .
    518. 

  518.                 'completed_date = NULL, completed_time = NULL ' .
    519. 

  519.                 'WHERE todo_id="' . $content . '"');
    520. 

  520. 

  521.         } else {
    522. 

  522.         
    523. 

  523.             // mark task completed
    524. 

  524.             $result = mysql_query('UPDATE todos set completed = "Y", ' .
    525. 

  525.                 'completed_date = CURDATE(), completed_time = NOW() ' .
    526. 

  526.                 'WHERE todo_id="' . $content . '"');
    527. 

  527.         }          
    528. 

  528.         mysql_close($conn);
    529. 

  529.         
    530. 

  530.         $new_todolist = build_todolist($staff, $status, $todostatus, $priority, 
    531. 

  531.             $calmode, $project, $duty, $pageflag, $dragonly, $page, $maxresults);
    532. 

  532.         printf($new_todolist);
    533. 

  533.         exit;
    534. 

  534.         break;
    535. 

  535. 

  536.     case "togglecomplete_twolists";
    537. 

  537. 

  538.         $conn = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) 
    539. 

  539.             or die ("Cannot connect to database. " . mysql_error() . "\n<br>");
    540. 

  540.         mysql_select_db(DB_DATABASE);
    541. 

  541.         $content = trim(mysql_real_escape_string($content));
    542. 

  542.         
    543. 

  543.         // Check whether task is already marked completed
    544. 

  544.         $result = mysql_query('SELECT completed FROM todos ' .
    545. 

  545.             'where todo_id = "' . $content . '"');
    546. 

  546.         $row = mysql_fetch_array($result, MYSQL_ASSOC);
    547. 

  547.         if ($row['completed'] == "Y") {
    548. 

  548.         
    549. 

  549.             // mark task NOT completed
    550. 

  550.             $result = mysql_query('UPDATE todos set completed = "N", ' .
    551. 

  551.                 'completed_date = NULL WHERE todo_id="' . $content . '"');
    552. 

  552. 

  553.         } else {
    554. 

  554.         
    555. 

  555.             // mark task completed
    556. 

  556.             $result = mysql_query('UPDATE todos set completed = "Y", ' .
    557. 

  557.                 'completed_date = CURDATE() WHERE todo_id="' . $content . '"');
    558. 

  558.         }          
    559. 

  559.         mysql_close($conn);
    560. 

  560.         
    561. 

  561.         $new_twolists = build_two_lists($staff, $status, $priority, $calmode,
    562. 

  562.             $project, $duty, $pageflag, $dragonly, $page, $maxresults);
    563. 

  563.         printf($new_twolists);
    564. 

  564.         exit;
    565. 

  565.         break;
    566. 

  566. 

  567.     // Delete comment
    568. 

  568.     case "deletecomment";
    569. 

  569. 

  570.         $conn = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) 
    571. 

  571.             or die ("Cannot connect to database. " . mysql_error() . "\n<br>");
    572. 

  572.         mysql_select_db(DB_DATABASE);
    573. 

  573.         $content = trim(mysql_real_escape_string($content));
    574. 

  574.         $result = mysql_query("DELETE FROM comments WHERE comment_id = '$content' ");
    575. 

  575.         mysql_close($conn);
    576. 

  576.         $new_commentlist = build_commentlist($staff, $project, $duty, 
    577. 

  577.             $fromdate, $todate, $pageflag, $page, $maxresults);
    578. 

  578.         printf($new_commentlist);
    579. 

  579.         break;
    580. 

  580. 

  581.     // Edit comment
    582. 

  582.     case "editcomment";
    583. 

  583. 

  584.         $conn = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) 
    585. 

  585.             or die ("Cannot connect to database. " . mysql_error() . "\n<br>");
    586. 

  586.         mysql_select_db(DB_DATABASE);
    587. 

  587.         $newtext = trim(mysql_real_escape_string($newtext));
    588. 

  588.         if ($pdflag == "Project") {
    589. 

  589.             $edit_comment = mysql_query("UPDATE comments set comment_text = \"" . $newtext . 
    590. 

  590.                 "\", project_id = \"$pdchange\", duty_id = \"0\", " .
    591. 

  591.                 "submitter_id = \"" . $_SESSION['SESSION_USERID'] . "\", " . 
    592. 

  592.                 "visibility = \"$visibility\" WHERE comment_id = '$content' ");
    593. 

  593.         
    594. 

  594.         } else if ($pdflag == "Duty") {
    595. 

  595.             $edit_comment = mysql_query("UPDATE comments set comment_text = \"" . $newtext . 
    596. 

  596.                 "\", duty_id = \"$pdchange\", project_id = \"0\", " .
    597. 

  597.                 "submitter_id = \"" . $_SESSION['SESSION_USERID'] . "\", " . 
    598. 

  598.                 "visibility = \"$visibility\" WHERE comment_id = '$content' ");
    599. 

  599.                 
    600. 

  600.         } else {
    601. 

  601.             $edit_comment = mysql_query("UPDATE comments set comment_text = \"" . $newtext . 
    602. 

  602.                 "\", submitter_id = \"" . $_SESSION['SESSION_USERID'] . "\", " . 
    603. 

  603.                 "visibility = \"$visibility\" WHERE comment_id = '$content' ");
    604. 

  604.         }
    605. 

  605.         mysql_close($conn);
    606. 

  606. 

  607.         $new_commentlist = build_commentlist($staff, $project, $duty, 
    608. 

  608.             $fromdate, $todate, $pageflag, $page, $maxresults);
    609. 

  609.         printf($new_commentlist);
    610. 

  610.         exit;
    611. 

  611. 

  612.         break;
    613. 

  613. 

  614.     // Add comment
    615. 

  615.     case "addcomment";
    616. 

  616. 

  617.         // Add new comment
    618. 

  618.         $conn = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) 
    619. 

  619.             or die ("Cannot connect to database. " . mysql_error() . "\n<br>");
    620. 

  620.         mysql_select_db(DB_DATABASE);
    621. 

  621.         $newtext = trim(mysql_real_escape_string($content));
    622. 

  622.         if ($newtext) {
    623. 

  623.             if ($pdflag == "Project") {
    624. 

  624.                 
    625. 

  625.                 // Assign this comment the same visibility as its project
    626. 

  626.                 $get_vis = mysql_query("SELECT visibility from projects " .
    627. 

  627.                     "where project_id = \"$pdchange\" ");
    628. 

  628.                 if ($row = mysql_fetch_array($get_vis, MYSQL_ASSOC)) {
    629. 

  629.                     $visibility = $row['visibility'];
    630. 

  630.                 } else {
    631. 

  631.                     $visibility = 'Public';
    632. 

  632.                 }
    633. 

  633.                 mysql_free_result($get_vis);
    634. 

  634.                 
    635. 

  635.                 // Add new comment
    636. 

  636.                 $add_comment = mysql_query("INSERT into comments (comment_text, " .
    637. 

  637.                     "project_id, duty_id, submitter_id, submit_date, submit_time, " .
    638. 

  638.                     "visibility) " .
    639. 

  639.                     "values (\"$newtext\", \"$pdchange\", \"0\", \"" . 
    640. 

  640.                     $_SESSION['SESSION_USERID'] . "\", curdate(), now(), " .
    641. 

  641.                     "\"$visibility\" ) ");
    642. 

  642.                 
    643. 

  643.             } else if ($pdflag == "Duty") {
    644. 

  644.                 
    645. 

  645.                 // Assign this comment the same visibility as its duty
    646. 

  646.                 $get_vis = mysql_query("SELECT visibility from duties " .
    647. 

  647.                     "where duty_id = \"$pdchange\" ");
    648. 

  648.                 if ($row = mysql_fetch_array($get_vis, MYSQL_ASSOC)) {
    649. 

  649.                     $visibility = $row['visibility'];
    650. 

  650.                 } else {
    651. 

  651.                     $visibility = 'Public';
    652. 

  652.                 }
    653. 

  653.                 mysql_free_result($get_vis);
    654. 

  654.                 
    655. 

  655.                 // Add new comment
    656. 

  656.                 $add_comment = mysql_query("INSERT into comments (comment_text, " .
    657. 

  657.                     "project_id, duty_id, submitter_id, submit_date, submit_time, " .
    658. 

  658.                     "visibility) " .
    659. 

  659.                     "values (\"$newtext\", \"0\", \"$pdchange\", \"" . 
    660. 

  660.                     $_SESSION['SESSION_USERID'] . "\", curdate(), now(), " .
    661. 

  661.                     "\"$visibility\" ) ");
    662. 

  662.             
    663. 

  663.             } else {
    664. 

  664.                 
    665. 

  665.                 // Add new comment
    666. 

  666.                 $add_comment = mysql_query("INSERT into comments (comment_text, " .
    667. 

  667.                     "project_id, duty_id, submitter_id, submit_date, submit_time) " .
    668. 

  668.                     "values (\"$newtext\", \"0\", \"$pdchange\", \"" . 
    669. 

  669.                     $_SESSION['SESSION_USERID'] . "\", curdate(), now() ) ");
    670. 

  670.                 // Add new item at top of list
    671. 

  671.             
    672. 

  672.             }
    673. 

  673.         }
    674. 

  674.         mysql_close($conn);
    675. 

  675. 

  676.         $new_commentlist = build_commentlist($staff, $project, $duty, 
    677. 

  677.             $fromdate, $todate, $pageflag, $page, $maxresults);
    678. 

  678.         printf($new_commentlist);
    679. 

  679.         exit;
    680. 

  680.         break;
    681. 

  681. 

  682. }
    683. 

  683. 

  684. ?>
    685. 

  685. 

  686.