function check_write_access($listId = null) { if (have_write_access($listId)) { return; } jsonExit(array('total' => 0, 'list' => array(), 'denied' => 1)); }
<?php /* This file is part of myTinyTodo. (C) Copyright 2010-2011 Max Pozdeev <*****@*****.**> Licensed under the GNU GPL v2 license. See file COPYRIGHT for details. */ //$dontStartSession = 1; require_once './init.php'; $onlyPublishedList = false; if (!have_write_access()) { $onlyPublishedList = true; } $listId = (int) _get('list'); $listData = $db->sqa("SELECT * FROM {$db->prefix}lists WHERE id={$listId} " . ($onlyPublishedList ? "AND published=1" : "")); if (!$listData) { die("No such list or access denied"); } $sqlSort = "ORDER BY compl ASC, "; if ($listData['sorting'] == 1) { $sqlSort .= "prio DESC, ddn ASC, duedate ASC, ow ASC"; } elseif ($listData['sorting'] == 2) { $sqlSort .= "ddn ASC, duedate ASC, prio DESC, ow ASC"; } else { $sqlSort .= "ow ASC"; } $data = array(); $q = $db->dq("SELECT *, duedate IS NULL AS ddn FROM {$db->prefix}todolist WHERE list_id={$listId} {$sqlSort}"); while ($r = $q->fetch_assoc($q)) { $data[] = $r; }
$sqlSort .= "d_edited ASC, prio DESC, ow ASC"; } elseif ($sort == 104) { $sqlSort .= "d_edited DESC, prio ASC, ow DESC"; } else { $sqlSort .= "ow ASC"; } $lists = loadLists($db, ''); $t = array(); $t['total'] = 0; $t['list'] = array(); $q = $db->dq("SELECT *, duedate IS NULL AS ddn FROM {$db->prefix}todolist {$inner} WHERE 1=1 {$sqlWhere} {$sqlSort}"); while ($r = $q->fetch_assoc($q)) { $t['total']++; $t['list'][] = prepareTaskRow($r, $lists); } if (_get('setCompl') && have_write_access($listId)) { $bitwise = _get('compl') == 0 ? 'taskview & ~1' : 'taskview | 1'; $db->dq("UPDATE {$db->prefix}lists SET taskview={$bitwise} WHERE id={$listId}"); } jsonExit($t); } elseif (isset($_GET['newTask'])) { stop_gpc($_POST); $listId = (int) _post('list'); check_write_access($listId); $t = addTask($db, $listId, _post('title'), _post('tag')); jsonExit($t); } elseif (isset($_GET['fullNewTask'])) { stop_gpc($_POST); $listId = (int) _post('list'); check_write_access($listId); $t = addTask($db, $listId, _post('title'), _post('tag'), _post('note'), _post('prio'), _post('duedate'), _post('tags'));