notes.php

本代码是为客户联系管理而做的系统

<?php
// +-------------------------------------------------------------+
// | DeskPRO v [2.0.1 Production]
// | Copyright (C) 2001 - 2004 Headstart Solutions Limited
// | Supplied by WTN-WDYL
// | Nullified by WTN-WDYL
// | Distribution via WebForum, ForumRU and associated file dumps
// +-------------------------------------------------------------+
// | DESKPRO IS NOT FREE SOFTWARE
// +-------------------------------------------------------------+
// | License ID : Full Enterprise License =) ...
// | License Owner : WTN-WDYL Team
// +-------------------------------------------------------------+
// | $RCSfile: notes.php,v $
// | $Date: 2004/02/10 01:34:32 $
// | $Revision: 1.20 $
// +-------------------------------------------------------------+
// | File Details:
// | - User notes management.
// +-------------------------------------------------------------+

error_reporting(E_ALL ^ E_NOTICE);

include "./../global.php";

tech_nav('users');

// default do
$_REQUEST['do'] = trim($_REQUEST['do']);
if (!isset($_REQUEST['do']) or $_REQUEST['do'] == "") {
	$_REQUEST['do'] = "add";
}

// globalise variables
$global = array	(
			array('id')	
);
rg($global);

if ($_REQUEST['user']) {
	$user_details = $db->query_return("SELECT * FROM user WHERE id = '$_REQUEST[user]'");
}

################################### ADD NOTE (2) ###################################

if ($_REQUEST['do'] == "add2") {
	$result = $db->query_return("SELECT id FROM user WHERE username = '" . mysql_escape_string($_REQUEST['user']) . "'");
	if ($db->num_rows() > 0) {
		$note = xss_check($_REQUEST['note'], 'tech');
		$db->query("INSERT INTO user_notes SET
			userid = '$result[id]',
			techid = '$user[id]',
			note = '" . mysql_escape_string($note) . "',
			timestamp = " . mktime() . 
			iff($user['p_global_note'], ", global = '" . mysql_escape_string($_REQUEST['global']) . "'")
		);
		jump("view.php?id=$result[id]", 'Note added');
	} else {
		alert('User not found');
		$_REQUEST['do'] = "add";
	}
}

################################### EDIT NOTE (2) ###################################
					
if ($_REQUEST['do'] == "edit2" and $user['p_edit_users']) {
	$result = $db->query_return("SELECT userid FROM user_notes WHERE id = '$id'");
	$note = xss_check($_REQUEST['note'], 'tech');
	if ($user['p_global_note']) {
		$db->query("UPDATE user_notes SET
					note = '" . mysql_escape_string($note) . "',
					timestamp = " . mktime() . ",
					global = '" . mysql_escape_string($_REQUEST['global']) . "'
					WHERE id = '$id'
				");
	} else {
		$db->query("UPDATE user_notes SET
					note = '" . mysql_escape_string($note) . "',
					timestamp = " . mktime() . ",
					WHERE id = '$id'
					AND techid = '$user[id]'
				");
	}
	jump("view.php?id=$result[userid]", 'Note updated');
}

################################### EDIT NOTE ###################################
if ($_REQUEST['do'] == "edit" and $user['p_edit_users']) {
	$note = $db->query_return("
			SELECT user_notes.*, user.username 
			FROM user_notes 
			LEFT JOIN user ON (user_notes.userid = user.id)
			WHERE user_notes.id = '$id'
		");

	$table[] = array('<b>User</b>', $note[username]);
	$bit = form_textarea('note', 85, 15, $note[note]);
	$table[] = array('<b>Note</b>', $bit);

	if ($user['p_global_note']) {
		$bit = form_radio_yn('global', '', $note['global']);
	} else {
		$bit = iff($note['global'], 'Yes', 'No');
	}
		
	$table[] = array(table_thelp('<b>Global</b> ', 'User Notes', 'Global'), $bit);
	table_header('Edit Note', 'notes.php', array('do' => 'edit2', 'id' => $id));
	table_content('', $table);
	table_footer('Edit Note');
}

################################### DELETE NOTE ###################################
if ($_REQUEST['do'] == "delete" and $user['p_edit_users']) {
	if ($user['p_global_delete']) {
		$result = $db->query_return("SELECT userid FROM user_notes WHERE id = '$id'");
	} else {
		$result = $db->query_return("SELECT userid FROM user_notes WHERE techid = '$user[id]' AND id = '$id'");
	}
	if ($result['userid']) {
		$db->query("DELETE FROM user_notes WHERE id = '$id'");
		jump("view.php?id=$result[userid]", "Note deleted");
	} else {
		mistake('No such note.');
	}
}

################################### ADD FORM ###################################
if ($_REQUEST['do'] == "add") {
	$bit = form_input('user', $user_details['username'], 30) . " <a href=\"#\" onClick=\"openWindow('./../users/quickfind.php', 450, 600, 'userfind')\">find</a>";
	$table[] = array('<b>User</b>', $bit);

	$bit = form_textarea('note', 85, 15, $_REQUEST['note']);
	$table[] = array('<b>Note</b>', $bit);

	if ($user['p_global_note']) {
		$bit = form_radio_yn('global');
		$table[] = array(table_thelp('<b>Global</b> ', 'User Notes', 'Global'), $bit);
	}
		
	table_header('Add User Note', 'notes.php', array('do' => 'add2'));
	table_content('', $table);
	table_footer('Create Note');

}

tech_footer();
?>