474 lines
17 KiB
PHP
474 lines
17 KiB
PHP
<?php
|
|
|
|
include "config.php";
|
|
include "helper.php";
|
|
|
|
$user = is_logged_in();
|
|
$show_settings = false;
|
|
|
|
if ($user === false) {
|
|
include "boilerplate/head.php";
|
|
echo "<a href=\"login.php\">{$lang['account']['log_in']}</a>";
|
|
|
|
$q = "SELECT count(*) FROM users LIMIT 1;";
|
|
|
|
if ($signups !== false) {
|
|
echo " - <a href=\"signup.php\">{$lang['account']['sign_up']}</a>";
|
|
}
|
|
|
|
include "boilerplate/foot.php";
|
|
exit();
|
|
} else if ($_SERVER["REQUEST_METHOD"] === "POST") {
|
|
$intent = $_POST["intent"];
|
|
$show_settings = true;
|
|
|
|
// TODO: update-texts
|
|
if ($intent === "create-section") {
|
|
$section_id = generate_id();
|
|
|
|
pg_insert(
|
|
$db, "section", array(
|
|
"id" => $section_id,
|
|
"users" => $user["id"],
|
|
"name" => $default_section_name,
|
|
"show_subtitle" => false
|
|
)
|
|
);
|
|
|
|
pg_insert(
|
|
$db, "row", array(
|
|
"id" => generate_id(),
|
|
"section" => $section_id,
|
|
"name" => $default_row_name,
|
|
"display_format" => $default_format
|
|
)
|
|
);
|
|
} else if ($intent === "create-row") {
|
|
$section_id = $_POST["section"];
|
|
|
|
if (strlen($section_id) !== 64 || !preg_match("/^[a-f0-9]{64}$/", $section_id)) {
|
|
$err = $lang["add"]["errors"]["invalid_id"];
|
|
} else {
|
|
pg_insert(
|
|
$db, "row", array(
|
|
"id" => generate_id(),
|
|
"section" => $section_id,
|
|
"name" => $default_row_name,
|
|
"display_format" => $default_format
|
|
)
|
|
);
|
|
}
|
|
} else if ($intent === "create-item") {
|
|
$show_settings = false;
|
|
$row_id = $_POST["row"];
|
|
$date = strtotime($_POST["date"]);
|
|
$description = $_POST["description"];
|
|
|
|
if (strlen($row_id) !== 64 || !preg_match("/^[a-f0-9]{64}$/", $row_id)) {
|
|
$err = $lang["add"]["errors"]["invalid_id"];
|
|
} else if ($date === false) {
|
|
$err = $lang["add"]["errors"]["date"];
|
|
} else if (strlen($description) === 0 || strlen($description) > 256) {
|
|
$err = $lang["add"]["errors"]["description_length"];
|
|
} else {
|
|
$repopulate = array(
|
|
"row_id" => $row_id,
|
|
"date" => $date
|
|
);
|
|
|
|
pg_insert(
|
|
$db, "item", array(
|
|
"id" => generate_id(),
|
|
"row" => $row_id,
|
|
"description" => $description,
|
|
"date" => date("Y-m-d", $date)
|
|
)
|
|
);
|
|
}
|
|
} else if ($intent === "delete-account") {
|
|
$pw = $_POST["password"];
|
|
|
|
if (!$pw) {
|
|
$err = $lang["account"]["errors"]["bad_request"];
|
|
} else if (password_verify($pw, $user["password_hash"])) {
|
|
pg_delete(
|
|
$db, "users",
|
|
array("username" => $user["username"])
|
|
);
|
|
header("Location: logout.php");
|
|
http_response_code(302);
|
|
exit();
|
|
} else {
|
|
$err = $lang["account"]["errors"]["incorrect_password"];
|
|
}
|
|
} else if ($intent === "update-texts") {
|
|
foreach ($_POST as $ident => $value) {
|
|
if (preg_match("/^(?:section-[a-f0-9]{64}-name)|(?:row-[a-f0-9]{64}-(?:name|format))$/", $ident)) {
|
|
$table_name = explode("-", $ident)[0];
|
|
$table_id = explode("-", $ident)[1];
|
|
$action = explode("-", $ident)[2];
|
|
|
|
if ($action === "name") {
|
|
if (strlen($value) !== 0 && strlen($value) <= 128) {
|
|
if ($table_name === "section") {
|
|
$v = array(
|
|
"name" => $value,
|
|
"show_subtitle" => (bool) $_POST["$table_name-$table_id-subtitle"]
|
|
);
|
|
} else {
|
|
$v = array("name" => $value);
|
|
}
|
|
|
|
pg_update(
|
|
$db, $table_name, $v,
|
|
array("id" => $table_id)
|
|
);
|
|
}
|
|
} else if ($action === "format") {
|
|
if (strlen($value) !== 0 && strlen($value) <= 128) {
|
|
pg_update(
|
|
$db, $table_name,
|
|
array("display_format" => $value),
|
|
array("id" => $table_id)
|
|
);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
} else if ($intent === "set-threshold") {
|
|
$yellow = (int) $_POST["yellow"];
|
|
$gray = (int) $_POST["gray"];
|
|
|
|
if ($yellow <= 0) {
|
|
$yellow = -1;
|
|
}
|
|
|
|
if ($gray < 0) {
|
|
$gray = -1;
|
|
}
|
|
|
|
pg_update(
|
|
$db, "user",
|
|
array(
|
|
"yellow_threshold" => $yellow,
|
|
"gray_threshold" => $gray
|
|
),
|
|
array("id" => $user["id"])
|
|
);
|
|
|
|
$user["yellow_threshold"] = $yellow;
|
|
$user["gray_threshold"] = $gray;
|
|
} else if ($intent === "change-password") {
|
|
$old_pw = $_POST["old"];
|
|
$new_pw = $_POST["new"];
|
|
$confirm_pw = $_POST["confirm"];
|
|
|
|
if (!($old_pw && $new_pw && $confirm_pw)) {
|
|
$err = $lang["account"]["errors"]["bad_request"];
|
|
} else if ($new_pw !== $confirm_pw) {
|
|
$err = $lang["account"]["errors"]["password_match"];
|
|
} else if (password_verify($old_pw, $user["password_hash"])) {
|
|
$pw_hash = password_hash($new_pw, PASSWORD_DEFAULT);
|
|
|
|
pg_update(
|
|
$db, "users",
|
|
array("password_hash" => $pw_hash),
|
|
array("id" => $user["id"])
|
|
);
|
|
|
|
$token = get_token($user["username"], $pw_hash);
|
|
setcookie(
|
|
"token", $token,
|
|
time() + 60 * 60 * 24 * 365
|
|
);
|
|
|
|
$conf = $lang["account"]["errors"]["password_changed"];
|
|
} else {
|
|
$err = $lang["account"]["errors"]["incorrect_password"];
|
|
}
|
|
} else {
|
|
$err = $lang["errors"]["intent"];
|
|
}
|
|
} else if ($_GET["del"]) {
|
|
$del_type = explode("-", $_GET["del"])[0];
|
|
$del_id = explode("-", $_GET["del"])[1];
|
|
|
|
$show_settings = $del_type !== "item";
|
|
|
|
if (strlen($del_id) === 64 && preg_match("/^[a-f0-9]{64}$/", $del_id) && ($del_type === "item" || $del_type === "row" || $del_type === "section")) {
|
|
pg_query($db, "DELETE FROM $del_type WHERE id='$del_id';");
|
|
}
|
|
}
|
|
|
|
include "boilerplate/head.php";
|
|
|
|
$select_options = "";
|
|
$todo_list = "";
|
|
$section_conf = "";
|
|
$section_forms = "";
|
|
|
|
$q = "SELECT * FROM section WHERE users='{$user['id']}' ORDER BY LOWER(name) ASC, id ASC;";
|
|
$sections = pg_fetch_all(pg_query($db, $q));
|
|
|
|
foreach ($sections as $section) {
|
|
$show_subtitle = $section["show_subtitle"] === "t";
|
|
$q = "SELECT * FROM row WHERE section='{$section['id']}' ORDER BY LOWER(name) ASC, id ASC;";
|
|
$rows = pg_fetch_all(pg_query($db, $q));
|
|
$enable_optgroup = $show_subtitle || count($rows) !== 1;
|
|
|
|
$todo_list .= "<h3>" . strip_name($section["name"]) . "</h3>";
|
|
$section_conf .= "<blockquote>
|
|
<div><label>
|
|
{$lang['settings']['sections']['section']['title']}
|
|
<input maxlength=\"128\" placeholder='{$lang['settings']['sections']['section']['placeholder']}' value=\"" . htmlspecialchars($section["name"]) . "\" required name=\"section-{$section['id']}-name\">
|
|
</label></div>
|
|
<div><label>
|
|
{$lang['settings']['sections']['section']['show_subtitle']}
|
|
<input type=\"checkbox\" name=\"section-{$section['id']}-subtitle\"" . ($show_subtitle ? " checked" : "") . ">
|
|
</label></div>
|
|
<div>
|
|
<a class=\"plain\" href=\"index.php?del=section-{$section['id']}\">
|
|
<button type=\"button\" tabindex=\"-1\">{$lang['settings']['sections']['section']['delete']}</button>
|
|
</a>
|
|
</div>
|
|
";
|
|
|
|
if ($enable_optgroup) {
|
|
$select_options .= "<optgroup label=\"" . htmlspecialchars($section["name"]) . "\">";
|
|
}
|
|
|
|
$first = true;
|
|
foreach ($rows as $row) {
|
|
if ($repopulate["row_id"] == $row["id"]) {
|
|
$select_options .= "<option value=\"{$row['id']}\" selected>";
|
|
} else {
|
|
$select_options .= "<option value=\"{$row['id']}\">";
|
|
}
|
|
|
|
if ($first && !$show_subtitle) {
|
|
$select_options .= htmlspecialchars(strip_name($section["name"]));
|
|
} else {
|
|
$select_options .= htmlspecialchars(strip_name($row["name"]));
|
|
$todo_list .= "<strong>" . htmlspecialchars(strip_name($row["name"])) . "</strong>";
|
|
}
|
|
|
|
$section_conf .= "<blockquote><div><label>
|
|
{$lang['settings']['sections']['row']['title']}
|
|
<input required placeholder=\"{$lang['settings']['sections']['row']['placeholder']}\" maxlength=\"128\" name=\"row-{$row['id']}-name\" value=\"" . htmlspecialchars($row["name"]) . "\">
|
|
</label></div>
|
|
<div><label>
|
|
{$lang['settings']['sections']['row']['format']}
|
|
<input placeholder=\"{$lang['settings']['sections']['row']['format_placeholder']}\" maxlength=\"128\" name=\"row-{$row['id']}-format\" value=\"" . htmlspecialchars($row["display_format"]) . "\">
|
|
</label></div>
|
|
<div><a class=\"plain\" href=\"index.php?del=row-{$row['id']}\">
|
|
<button tabindex=\"-1\" type=\"button\">
|
|
{$lang['settings']['sections']['row']['delete']}
|
|
</button>
|
|
</a></div></blockquote>";
|
|
|
|
$q = "SELECT * FROM item WHERE row='{$row['id']}' ORDER BY date ASC, LOWER(description) ASC, id ASC;";
|
|
$items = pg_fetch_all(pg_query($db, $q));
|
|
$todo_list .= "<ul>";
|
|
|
|
if (count($items) === 0) {
|
|
$todo_list .= "<li><i>{$lang['list']['none']}</i></li>";
|
|
} else {
|
|
foreach ($items as $item) {
|
|
$current_time = time();
|
|
$for_time = strtotime($item["date"]);
|
|
|
|
if ($current_time > $for_time) {
|
|
$color = "red";
|
|
} else if ($user["yellow_threshold"] !== -1 && $current_time > $for_time - (60 * 60 * 24 * $user["yellow_threshold"])) {
|
|
$color = "yellow";
|
|
} else if ($user["gray_threshold"] !== -1 && $current_time < $for_time - (60 * 60 * 24 * $user["gray_threshold"])) {
|
|
$color = "gray";
|
|
} else {
|
|
$color = "";
|
|
}
|
|
|
|
$todo_list .= "<li>" . str_replace(
|
|
"%d", htmlspecialchars($item["description"]), str_replace(
|
|
"%c", "</span>", str_replace(
|
|
"%C", "<span class=\"$color\">", str_replace(
|
|
"%t", date("d M, Y", strtotime($item["date"])), $row["display_format"]
|
|
)
|
|
)
|
|
)
|
|
) . " <a class=\"plain\" href=\"index.php?del=item-{$item['id']}\"><button tabindex=\"-1\">{$lang['list']['remove']}</button></a></li>";
|
|
}
|
|
}
|
|
|
|
$todo_list .= "</ul>";
|
|
$select_options .= "</option>";
|
|
$first = false;
|
|
}
|
|
|
|
$section_forms .= "<form method=\"POST\" id=\"section-{$section['id']}-new\">
|
|
<input type=\"hidden\" name=\"intent\" value=\"create-row\">
|
|
<input type=\"hidden\" name=\"section\" value=\"{$section['id']}\">
|
|
</form>";
|
|
$section_conf .= "<input type=\"submit\" form=\"section-{$section['id']}-new\" value=\"{$lang['settings']['sections']['row']['new']}\"></blockquote>";
|
|
|
|
if ($enable_optgroup) {
|
|
$select_options .= "</optgroup>";
|
|
}
|
|
}
|
|
|
|
?>
|
|
|
|
<div id="container">
|
|
<h2><?php echo $lang["add"]["title"]; ?></h2>
|
|
<form method="POST">
|
|
<input type="hidden" name="intent" value="create-item">
|
|
<table>
|
|
<tr>
|
|
<td class="right"><label for="row"><?php echo $lang["add"]["section"]; ?></label></td>
|
|
<td>
|
|
<select required id="row" name="row">
|
|
<?php echo $select_options; ?>
|
|
</select>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td class="right"><label for="date"><?php echo $lang["add"]["date"]; ?></label></td>
|
|
<td><input <?php echo get_pop("date", "date"); ?> type="date" name="date" id="date" required></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="right"><label for="description"><?php echo $lang["add"]["description"]; ?></label></td>
|
|
<td><input autofocus maxlength="256" placeholder="<?php echo $lang["add"]["description_placeholder"]; ?>" name="description" id="description" required></td>
|
|
</tr>
|
|
<tr>
|
|
<td></td>
|
|
<td><input type="submit" value="<?php echo $lang["add"]["button"]; ?>"></td>
|
|
</tr>
|
|
</table>
|
|
</form>
|
|
|
|
<h2><?php echo $lang["list"]["title"]; ?></h2>
|
|
<?php echo $todo_list; ?>
|
|
|
|
<details<?php if ($show_settings) { echo " open"; } ?>>
|
|
<summary><?php echo $lang["settings"]["title"]; ?></summary>
|
|
|
|
<div id="settings-container">
|
|
<div>
|
|
<h3><?php echo $lang["settings"]["sections"]["title"]; ?></h3>
|
|
|
|
<?php echo $section_forms; ?>
|
|
|
|
<form method="POST" id="create-section">
|
|
<input type="hidden" name="intent" value="create-section">
|
|
</form>
|
|
|
|
<form method="POST">
|
|
<div id="section-config">
|
|
<?php echo $section_conf; ?>
|
|
</div>
|
|
|
|
<input type="hidden" name="intent" value="update-texts">
|
|
<input type="submit" value="<?php echo $lang["settings"]["sections"]["save"]; ?>">
|
|
<input type="submit" form="create-section" value="<?php echo $lang["settings"]["sections"]["section"]["new"]; ?>">
|
|
</form>
|
|
|
|
<h4><?php echo $lang["settings"]["sections"]["format"]["title"]; ?></h4>
|
|
<ul>
|
|
<li>
|
|
<?php echo $lang["settings"]["sections"]["format"]["alphabetical"]; ?>
|
|
<ul><li>
|
|
<?php echo $lang["settings"]["sections"]["format"]["alphabetical_bypass"]; ?>
|
|
</li></ul>
|
|
</li>
|
|
<li><?php echo $lang["settings"]["sections"]["format"]["html"]; ?></li>
|
|
<li>
|
|
<?php echo $lang["settings"]["sections"]["format"]["replacements"]["title"] ?>
|
|
<ul>
|
|
<li><code>%t</code> - <?php echo $lang["settings"]["sections"]["format"]["replacements"]["%t"]; ?></li>
|
|
<li><code>%d</code> - <?php echo $lang["settings"]["sections"]["format"]["replacements"]["%d"]; ?></li>
|
|
<li><code>%C</code> - <?php echo $lang["settings"]["sections"]["format"]["replacements"]["%C"]; ?></li>
|
|
<li><code>%c</code> - <?php echo $lang["settings"]["sections"]["format"]["replacements"]["%c"]; ?></li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
|
|
<div>
|
|
<h3><?php echo $lang["settings"]["cosmetic"]["title"]; ?></h3>
|
|
<form method="POST">
|
|
<input type="hidden" name="intent" value="set-threshold">
|
|
<table>
|
|
<tr>
|
|
<td class="right"><?php echo $lang["settings"]["cosmetic"]["threshold"]["yellow"]; ?></td>
|
|
<td><?php echo str_replace(
|
|
"%n",
|
|
"<input type=\"number\" name=\"yellow\" min=\"-1\" required value=\"{$user['yellow_threshold']}\">",
|
|
$lang["settings"]["cosmetic"]["threshold"]["days_less"]
|
|
); ?></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="right"><?php echo $lang["settings"]["cosmetic"]["threshold"]["gray"]; ?></td>
|
|
<td><?php echo str_replace(
|
|
"%n",
|
|
"<input type=\"number\" name=\"gray\" min=\"-1\" required value=\"{$user['gray_threshold']}\">",
|
|
$lang["settings"]["cosmetic"]["threshold"]["days_more"]
|
|
); ?></td>
|
|
</tr>
|
|
<tr>
|
|
<td></td>
|
|
<td><input type="submit" value="<?php echo $lang["settings"]["cosmetic"]["threshold"]["button"]; ?>"></td>
|
|
</table>
|
|
</form>
|
|
</div>
|
|
|
|
<div>
|
|
<h3><?php echo $lang["settings"]["account"]["title"]; ?></h3>
|
|
<?php echo str_replace("%u", "<code>{$user['username']}</code>", $lang["settings"]["account"]["current"]); ?>
|
|
<a href="logout.php"><?php echo $lang["settings"]["account"]["log_out"]; ?></a>
|
|
|
|
<h4><?php echo $lang["settings"]["account"]["password"]["title"]; ?></h4>
|
|
<form method="POST">
|
|
<input type="hidden" name="intent" value="change-password">
|
|
<table>
|
|
<tr>
|
|
<td class="right"><label for="old-pw"><?php echo $lang["settings"]["account"]["password"]["current"]; ?></td>
|
|
<td><input type="password" id="old-pw" name="old" placeholder="<?php echo $lang["settings"]["account"]["password"]["old_placeholder"]; ?>"></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="right"><label for="new-pw"><?php echo $lang["settings"]["account"]["password"]["new"]; ?></td>
|
|
<td><input type="password" id="new-pw" name="new" placeholder="<?php echo $lang["settings"]["account"]["password"]["new_placeholder"]; ?>"></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="right"><label for="confirm-pw"><?php echo $lang["settings"]["account"]["password"]["confirm"]; ?></td>
|
|
<td><input type="password" id="confirm-pw" name="confirm" placeholder="<?php echo $lang["settings"]["account"]["password"]["new_placeholder"]; ?>"></td>
|
|
</tr>
|
|
<tr>
|
|
<td></td>
|
|
<td><input type="submit" value="<?php echo $lang["settings"]["account"]["password"]["button"]; ?>"></td>
|
|
</tr>
|
|
</table>
|
|
</form>
|
|
|
|
<h4><?php echo $lang["settings"]["account"]["delete"]["title"]; ?></h4>
|
|
<form method="POST">
|
|
<input type="hidden" name="intent" value="delete-account">
|
|
<div><input type="password" name="password" placeholder="<?php echo $lang["settings"]["account"]["delete"]["password"]; ?>" required></div>
|
|
<div><label>
|
|
<?php echo $lang["settings"]["account"]["delete"]["confirmation"]; ?>
|
|
<input type="checkbox" required>
|
|
</label></div>
|
|
<div><input type="submit" value="<?php echo $lang["settings"]["account"]["delete"]["button"]; ?>"></div>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
<p>
|
|
<a href="https://git.trinkey.com/trinkey/tlm"><?php echo $lang["settings"]["source_code"]; ?></a>
|
|
<?php
|
|
if (in_array($user["username"], $admin_users, true)) {
|
|
echo "- <a href=\"admin.php\">{$lang['admin']['title']}</a>";
|
|
}
|
|
?>
|
|
<p>
|
|
</details>
|
|
</div>
|
|
|
|
<?php include "boilerplate/foot.php"; ?>
|