/**
* Show an experiment (in mode=show).
*
* @param int $id The ID of the experiment to show
* @param string $display Can be 'compact' or 'default'
* @return string|null HTML of the single experiment
*/
function showXP($id, $display = 'default')
{
global $pdo;
$sql = "SELECT experiments.*, status.color FROM\n experiments LEFT JOIN\n status ON (experiments.status = status.id)\n WHERE experiments.id = :id";
$req = $pdo->prepare($sql);
$req->bindParam(':id', $id, PDO::PARAM_INT);
$req->execute();
$experiments = $req->fetch();
if ($display === 'compact') {
// COMPACT MODE //
echo "<section class='item_compact' style='border-left: 6px solid #" . $experiments['color'] . "'>";
echo "<a href='experiments.php?mode=view&id=" . $experiments['id'] . "'>";
echo "<span class='date date_compact'>" . Tools::formatDate($experiments['date']) . "</span> ";
echo "<span style='padding-left:10px;'>";
// show lock if item is locked on viewXP
if ($experiments['locked']) {
echo "<img src='img/lock-blue.png' alt='lock' title='Locked' />";
}
echo stripslashes($experiments['title']);
echo "</a></span></section>";
} else {
// NOT COMPACT
?>
<section class="item" style='border-left: 6px solid #<?php
echo $experiments['color'];
?>
'>
<?php
// we show the abstract of the experiment on mouse hover with the title attribute
// we check if it is our experiment. It would be best to check if we have visibility rights on it
// but atm there is no such function. So we limit this feature to experiments we own, for simplicity.
if (is_owned_by_user($id, 'experiments', $_SESSION['userid'])) {
$body_abstract = str_replace("'", "", substr(strip_tags($experiments['body']), 0, 100));
} else {
$body_abstract = '';
}
echo "<a title='" . $body_abstract . "' href='experiments.php?mode=view&id=" . $experiments['id'] . "'>";
// show stamp if experiment is timestamped
if ($experiments['timestamped']) {
echo "<img class='align_right' src='img/stamp.png' alt='stamp' title='experiment timestamped' />";
}
echo "<p class='title'>";
// show lock if item is locked on viewXP
if ($experiments['locked']) {
echo "<img style='padding-bottom:3px;' src='img/lock-blue.png' alt='lock' title='Locked' /> ";
}
// TITLE
echo stripslashes($experiments['title']) . "</p></a>";
// DATE
echo "<span class='date'><img class='image' src='img/calendar.png' /> " . Tools::formatDate($experiments['date']) . "</span> ";
// _('Tags')
echo show_tags($id, 'experiments_tags');
// show attached if there is a file attached
if (has_attachement($experiments['id'], 'experiments')) {
echo "<img class='align_right' src='img/attached.png' alt='file attached' />";
}
echo "</section>";
}
}
/**
* Can we upload to that experiment?
* Make sure we own it.
*
* @throws Exception if we cannot upload file to this experiment
*/
private function checkPermission()
{
if ($this->itemType === 'experiments') {
if (!is_owned_by_user($this->itemId, 'experiments', $_SESSION['userid'])) {
throw new Exception('Not your experiment!');
}
}
}
}
if (is_owned_by_user($item_id, 'experiments', $_SESSION['userid'])) {
$delete_sql = "DELETE FROM experiments_links WHERE id= :id";
$delete_req = $pdo->prepare($delete_sql);
$result = $delete_req->execute(array('id' => $id));
}
break;
// DELETE TAGS
// DELETE TAGS
case 'exptag':
if (is_pos_int($_POST['item_id'])) {
$item_id = $_POST['item_id'];
} else {
die;
}
if (is_owned_by_user($item_id, 'experiments', $_SESSION['userid'])) {
$delete_sql = "DELETE FROM experiments_tags WHERE id = :id";
$delete_req = $pdo->prepare($delete_sql);
$delete_req->execute(array('id' => $id));
}
break;
case 'itemtag':
$delete_sql = "DELETE FROM items_tags WHERE id = :id";
$delete_req = $pdo->prepare($delete_sql);
$delete_req->execute(array('id' => $id));
break;
case 'status':
// normally there is no experiments left with this status
$delete_sql = "DELETE FROM status WHERE id = :id";
$delete_req = $pdo->prepare($delete_sql);
$delete_req->execute(array('id' => $id));
// TAG FOR ITEMS
case 'itemtag':
// Sanitize tag, we remove '\' because it f***s up the javascript if you have this in the tags
$tag = strtr(filter_var($_POST['tag'], FILTER_SANITIZE_STRING), '\\', '');
// check for string length only as there is no owning of database item
if (strlen($tag) > 0) {
// SQL for add tag to database item
$sql = "INSERT INTO items_tags (tag, item_id, team_id) VALUES(:tag, :item_id, :team_id)";
$req = $pdo->prepare($sql);
$req->bindParam(':tag', $tag, PDO::PARAM_STR);
$req->bindParam(':item_id', $_POST['item_id'], PDO::PARAM_INT);
$req->bindParam(':team_id', $_SESSION['team_id'], PDO::PARAM_INT);
$req->execute();
}
break;
// ADD A LINK TO AN EXPERIMENT
// ADD A LINK TO AN EXPERIMENT
case 'link':
// check link is int and experiment is owned by user
if (filter_var($_POST['link_id'], FILTER_VALIDATE_INT) && is_owned_by_user($id, 'experiments', $_SESSION['userid'])) {
// SQL for addlink
$sql = "INSERT INTO experiments_links (item_id, link_id) VALUES(:item_id, :link_id)";
$req = $pdo->prepare($sql);
$req->bindParam(':item_id', $_POST['item_id'], PDO::PARAM_INT);
$req->bindParam(':link_id', $_POST['link_id'], PDO::PARAM_INT);
$result = $req->execute();
}
break;
default:
die;
}
