messages.inc.php | searchcode

/modules/messages/includes/messages.inc.php

https://bitbucket.org/websightdesigns/project-manager
PHP | 207 lines | 196 code | 6 blank | 5 comment | 40 complexity | eb5e4172785e5bbc73492d716b468ffa MD5 | raw file

<div class="navbar">
  <div class="navbar-inner">
    <div class="container">
		<a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-messages-collapse">
			<span class="icon-bar"></span>
			<span class="icon-bar"></span>
			<span class="icon-bar"></span>
		</a>
		<a class="brand" href="<?php echo $basehref; ?>messages/">Messages</a>
		<div class="nav-collapse nav-messages-collapse collapse">
			<ul class="nav nav-pills">
				<li class="active"><a href="#current" data-toggle="tab">Current</a></li>
				<li><a href="#archived" data-toggle="tab">Archived</a></li>
			</ul>
			<div class="pull-right">
				<form class="navbar-search">
				  <input type="text" id="searchbox" class="search-query" placeholder="Search Messages" data-provide="typeahead">
				</form>
			</div>
		</div>
    </div>
  </div>
</div>

<div class="row">
	<div class="span6 pull-left">

	</div>
	<div class="span6 pull-right">
		<button href="#addMessage" role="button" class="btn btn-success pull-right" type="button" data-toggle="modal"><i class="icon-plus icon-white"></i> Add A New Message</button>
	</div>
</div>

<br clear="all" /><br clear="all" />

<?php
	if($_POST['doAddMessage'] && $link) {
		// add the message
		if($_POST['clientid'] != "X") $clientid = $_POST['clientid'];
		if($_POST['projectid'] != "0") $projectid = $_POST['projectid'];
		$sql = "INSERT INTO messages (
			    `message_title`,
			    `message_describe`,
			    `created`,
			    `modified`,
			    `clientid`,
			    `projectid`,
			    `userid`
			) VALUES (
			    '" . $_POST['message_title'] . "',
			    '" . $message_describe . "',
			    NOW(),
			    NOW(),
			    '" . $clientid . "',
				'" . $projectid . "',
			    '" . $_SESSION['userid_auth'] . "'
			)";
		$q = mysql_query($sql);
		$notice = "Your new image was created.";
	}
	if(getSetting("dateFormat", $_SESSION['userid_auth']) && getSetting("dateFormat", $_SESSION['userid_auth']) != "0") {
	    $date_format_setting = getSetting("dateFormat", $_SESSION['userid_auth']);
	}
	if (isset($_POST['search'])) { // a search was performed
		$level_auth = getCurrentUserAccessLevel();
		$group_auth = getCurrentUserGroupID();
		$search_client = "Client: ";
		// CLIENT SECTION
		if(substr($_POST['search'], 0, strlen($search_client)) == $search_client) {
			$message_sql = "SELECT id
                            FROM clients
                            WHERE fullname LIKE '%" . str_replace($search_client, "", $_POST['search']) . "%'";
			$message_q = mysql_query($message_sql);
			while($i = mysql_fetch_object($message_q)) {
			    $message_id = $i->id;
			}
			$sql = "SELECT messages.`id` AS `id`,
				messages.`message_title` AS `message_title`,
				messages.`message_hourly` AS `message_hourly`,
				messages.`message_rate` AS `message_rate`,
				DATE_FORMAT(messages.`created`, '" . $date_format_setting . ", %l:%i %p') AS `fcreated`,
				DATE_FORMAT(messages.`modified`, '" . $date_format_setting . ", %l:%i %p') AS `fmodified`,
				messages.`created` AS `created`,
				messages.`modified` AS `modified`,
				messages.`clientid` AS `clientid`
				FROM messages, users
				WHERE users.userid='" . $_SESSION['userid_auth'] . "'
                AND messages.message_title LIKE '%" . $_POST['search'] . "%'";
			if($level_auth < "11" || getSetting('onlyShowImagesInMyGroup', $_SESSION['userid_auth']) == "0")
            	$sql .= " AND users.id=messages.ownerid AND users.groupid = '" . $group_auth . "'";
			$sql .= " ORDER BY messages.`sort` ASC, messages.`modified` DESC, messages.`created` DESC";
			$search_text = "Images for the client <u>".str_replace($search_client, "", $_POST['search'])."</u>";
		// PROJECT SECTION
		} elseif(substr($_POST['search'], 0, strlen($search_client)) == $search_client) {
			$message_sql = "SELECT id
                            FROM clients
                            WHERE fullname LIKE '%" . str_replace($search_client, "", $_POST['search']) . "%'";
			$message_q = mysql_query($message_sql);
			while($i = mysql_fetch_object($message_q)) {
			    $message_id = $i->id;
			}
			$sql = "SELECT messages.`id` AS `id`,
				messages.`message_title` AS `message_title`,
				messages.`message_describe` AS `message_describe`,
				DATE_FORMAT(messages.`created`, '" . $date_format_setting . ", %l:%i %p') AS `fcreated`,
				DATE_FORMAT(messages.`modified`, '" . $date_format_setting . ", %l:%i %p') AS `fmodified`,
				messages.`created` AS `created`,
				messages.`modified` AS `modified`,
				messages.`clientid` AS `clientid`
				FROM messages, users
				WHERE users.userid='" . $_SESSION['userid_auth'] . "'
                AND messages.message_title LIKE '%" . $_POST['search'] . "%'";
			if($level_auth < "11" || getSetting('onlyShowImagesInMyGroup', $_SESSION['userid_auth']) == "0")
            $sql .= " AND users.id=messages.ownerid AND users.groupid = '" . $group_auth . "'";
			$sql .= " ORDER BY messages.`sort` ASC, messages.`modified` DESC, messages.`created` DESC";
			$search_text = "Images for the client <u>".str_replace($search_client, "", $_POST['search'])."</u>";
		// SEARCH SECTION
		} else {
		    $sql = "SELECT messages.`id` AS `id`,
				messages.`message_title` AS `message_title`,
				messages.`message_hourly` AS `message_hourly`,
				messages.`message_rate` AS `message_rate`,
				DATE_FORMAT(messages.`created`, '" . $date_format_setting . ", %l:%i %p') AS `fcreated`,
				DATE_FORMAT(messages.`modified`, '" . $date_format_setting . ", %l:%i %p') AS `fmodified`,
				messages.`created` AS `created`,
				messages.`modified` AS `modified`,
				messages.`clientid` AS `clientid`
				FROM messages
				WHERE userid='" . $_SESSION['userid_auth'] . "'
				AND milestoneid='0'
				AND completed='" . $completed . "'
				AND messageid='" . $message_id . "'";
            $sql .= " ORDER BY messages.`sort` ASC, messages.`modified` DESC, messages.`created` DESC";
		    $search_text = "Search results for the search term <u>".$_POST['search']."</u>";
		}
	} else { // a search was not performed
		$sql = "SELECT messages.`id` AS `id`,
		messages.`message_title` AS `message_title`,
		messages.`message_describe` AS `message_describe`,
		DATE_FORMAT(messages.`created`, '" . $date_format_setting . ", %l:%i %p') AS `fcreated`,
		DATE_FORMAT(messages.`modified`, '" . $date_format_setting . ", %l:%i %p') AS `fmodified`,
		messages.`created` AS `created`,
		messages.`modified` AS `modified`,
		messages.`clientid` AS `clientid`,
		messages.`projectid` AS `projectid`
		FROM messages
        ORDER BY messages.`modified` DESC, messages.`created` DESC";
 	}
 	//if($debugmode) echo "<pre>".$sql."</pre>";
	$q = mysql_query($sql);
	$total_numrows = mysql_num_rows($q);

	if($_POST['search']) echo "<p><strong>" . $search_text . "</strong></p>";
	if($notice) {
	    ?>
	    <div class="icon-container fadeout">
		<img src="/img/icons/button-info.png" class="icon-image" alt="" />
	    </div>
	    <div class="icon-text fadeout"><?php echo $notice; ?></div>
	    <br clear="all" /><br clear="all" />
	    <?php
	}

	if($_POST['search'] || $total_numrows) {
            ?><table id="messages" class="rowsbox tablesorter" border="0" cellspacing="0" cellpadding="4" summary="">
            <thead>
                <tr>
	                <th class="icon"></th>
	                <th class="item">Image</th>
				    <th>Client</th>
				    <th>Project</th>
	                <th>Updated</th>
				    <th class="delete"></th>
                </tr>
            </thead>
            <tbody><?php
            $j = 0;
            while($i = mysql_fetch_object($q)) {
                    $id = $i->id;
                    $message_title = $i->message_title;
                    $message_describe = $i->message_describe;
                    $message_describe = $i->message_describe;
                    $completed = $i->completed;
                    $created = $i->created;
                    $modified = $i->modified;
                    $fcreated = $i->fcreated;
                    $fmodified = $i->fmodified;
		    $clientid = $i->clientid;
		    if($j % 2 == 0) $rowcolor = "row"; else $rowcolor = "altrow";
                    ?>
                    <tr id="item_<?php echo $id; ?>" class="<? echo $rowcolor; ?> item_<? echo $id; ?>">
                        <td class="icon"><img src="/modules/messages/img/button-message.png" title="Image" alt="" /></td>
                        <td class="item"><a href="<?php echo $basehref; ?>/ajax/get_message.php?id=<? echo $id; ?>" class="lightbox" rel="lightbox"><? echo $message_title; ?></a></td>
			    		<td><?php if($clientid) echo getClientName($clientid); else echo 'Internal'; ?></td>
			    		<td><?php if($projectid) echo getProjectName($clientid); ?></td>
                        <td><?php if($modified != "0000-00-00 00:00:00" && $modified != "") echo $fmodified; else echo '-'; ?></td>
					    <td class="delete"><a href="" id="<?php echo $id; ?>"><img src="/img/icons/button-delete.png"  border="0" alt="" /></a></td>
					</tr>
                    <?php
                    $j++;
            }
            ?></tbody><?php
            if($total_numrows > "10") pagination();
            ?></table><?php
        }
        mysql_close($link);
?>