<?php
/*
This file is part of myTinyTodo.
(C) Copyright 2010-2011 Max Pozdeev <*****@*****.**>
Licensed under the GNU GPL v2+ license. See file COPYRIGHT for details.
*/
require_once 'init.inc';
$db = DBConnection::instance();
$field_id = (int) $_GET['fid'];
$listId = (int) _get('list');
// We can't use have_write_access() because this is a GET request and have_write_access() requires a CSRF token in a POST request.
// Since we're not modifying any data, we don't use a POST request.
$onlyPublishedList = have_access('edit') ? false : true;
$listData = $db->sqa("SELECT * FROM {mytinytodo_lists} WHERE field_id = ? " . ($onlyPublishedList ? "AND published=1" : ""), array($field_id));
if (!$listData) {
echo 'No such list or access denied';
drupal_exit();
}
$sqlSort = "ORDER BY compl ASC, ";
if ($listData['sorting'] == 1) {
$sqlSort .= "prio DESC, ddn ASC, duedate ASC, ow ASC";
} elseif ($listData['sorting'] == 2) {
$sqlSort .= "ddn ASC, duedate ASC, prio DESC, ow ASC";
} else {
$sqlSort .= "ow ASC";
}
$data = array();
$q = $db->dq("SELECT *, duedate IS NULL AS ddn FROM {mytinytodo_todos} WHERE list_id = ? {$sqlSort}", array($listId));
while ($r = $q->fetch_assoc($q)) {
$data[] = $r;
function have_write_access($listId = null)
{
return valid_token() && have_access('edit');
}
