<?php /* This file is part of myTinyTodo. (C) Copyright 2010-2011 Max Pozdeev <*****@*****.**> Licensed under the GNU GPL v2+ license. See file COPYRIGHT for details. */ require_once 'init.inc'; $db = DBConnection::instance(); $field_id = (int) $_GET['fid']; $listId = (int) _get('list'); // We can't use have_write_access() because this is a GET request and have_write_access() requires a CSRF token in a POST request. // Since we're not modifying any data, we don't use a POST request. $onlyPublishedList = have_access('edit') ? false : true; $listData = $db->sqa("SELECT * FROM {mytinytodo_lists} WHERE field_id = ? " . ($onlyPublishedList ? "AND published=1" : ""), array($field_id)); if (!$listData) { echo 'No such list or access denied'; drupal_exit(); } $sqlSort = "ORDER BY compl ASC, "; if ($listData['sorting'] == 1) { $sqlSort .= "prio DESC, ddn ASC, duedate ASC, ow ASC"; } elseif ($listData['sorting'] == 2) { $sqlSort .= "ddn ASC, duedate ASC, prio DESC, ow ASC"; } else { $sqlSort .= "ow ASC"; } $data = array(); $q = $db->dq("SELECT *, duedate IS NULL AS ddn FROM {mytinytodo_todos} WHERE list_id = ? {$sqlSort}", array($listId)); while ($r = $q->fetch_assoc($q)) { $data[] = $r;
function have_write_access($listId = null) { return valid_token() && have_access('edit'); }