junk.php

<?php

// Set defaults
$mode = "list";
$admin = false;

$admin_group = "sucsstaff";

// who's notified of items being requested?
$junk_contact = "admin@sucs.org";

$admin = isset($session->groups[$admin_group]);

// If you're an admin and the path ends in Edit/ then a number put it into edit mode
// create canedit rules
$canedit = isset($pathlist[($component[depth] / 2) + 1]);
$canedit = $canedit && isset($pathlist[($component[depth] / 2) + 2]);
$canedit = $canedit && $pathlist[($component[depth] / 2) + 1] == 'Edit';
$canedit = $canedit && is_numeric($pathlist[($component[depth] / 2) + 2]);
$canedit = $canedit && $admin;
// Apply canedit rules
if ($canedit) {
    $id = $pathlist[($component[depth] / 2) + 2];
    $items = $DB->GetAll("SELECT id, title, category, description, donated_by, status FROM inventory WHERE id=? AND requested_by IS NULL", $id);
    if (sizeof($items) === 1) {
        $item = $items[0];
        $smarty->assign("item", $item);
        $mode = "edit";
    }
}

// If you're an admin and the path ends in Add put it into add mode
// create canadd rules
$canadd = isset($pathlist[($component[depth] / 2) + 1]);
$canadd = $canadd && $pathlist[($component[depth] / 2) + 1] == 'Add';
$canadd = $canadd && $admin;
// Apply canadd rules
if ($canadd) {
    $mode = "add";
}


// Process actions before retrieving the data
// List request data
if ($session->loggedin && isset($_REQUEST['action'])) {
    // Junk Requests
    if ($_REQUEST['action'] == "Request") {
        // Request Item if its available
        $query = "UPDATE inventory SET requested_by=?, requested_on=now() WHERE id=? AND requested_by IS NULL";
        $DB->Query($query, array($session->username, $_REQUEST['item']));

        // mail someone so we know that this has been requested
        $iteminfo = $DB->GetRow("SELECT title, description FROM inventory WHERE id=?", array($_REQUEST['item']));
        $msgbody = "User {$session->username} has requested the junk item:\n\n";
        $msgbody .= "{$iteminfo['title']}: {$iteminfo['description']}\n\n";
        $msgbody .= "Please ensure this is taken away and never brought back.";
        mail($junk_contact, "Junk item requested", $msgbody);

    } elseif ($_REQUEST['action'] == "Un-Request") {
        // Un-Request Item
        if ($admin) {
            // if you're admin just do it
            $query = "UPDATE inventory SET requested_by=null, requested_on=null WHERE id=?";
            $array = array($_REQUEST['item']);
        } else {
            // if not admin check if you requested it first
            $query = "UPDATE inventory SET requested_by=null, requested_on=null WHERE id=? AND requested_by=?";
            $array = array($_REQUEST['item'], $session->username);
        }
        $DB->Query($query, $array);
    } elseif ($_REQUEST['action'] == "Take" && $admin) {
        // Take item, if you're admin
        $query = "UPDATE inventory SET taken_on=now() WHERE id=? AND requested_by IS NOT NULL";
        $DB->Query($query, $_REQUEST['item']);
    } elseif ($_REQUEST['action'] == "Remove" && $admin) {
        // Remove item, if you're admin
        $query = "DELETE FROM inventory WHERE id=?";
        if ($DB->Query($query, $_REQUEST['item'])) {
            message_flash("Item removed");
        } else {
            trigger_error("Failed to remove item");
        }
    } elseif ($_REQUEST['action'] == "Not Junk" && $admin) {
        // Mark item as not junk if it's not been requested and you're admin
        $query = "UPDATE inventory SET status='unknown' WHERE id=? AND requested_by IS NULL";
        $DB->Query($query, $_REQUEST['item']);
    } elseif ($_REQUEST['action'] == "Junk" && $admin) {
        // Mark item as junk, if you're admin
        $query = "UPDATE inventory SET status='junk' WHERE id=?";
        $DB->Query($query, $_REQUEST['item']);
    }

}
// Update/Add item
if ($session->loggedin && $admin && (isset($_REQUEST['update']) || isset($_REQUEST['add']))) {
    // try to guess which category field the user meant us to see
    // ideally we'd use an html combo box, but since they don't exist...
    if ($_REQUEST['categorymenu'] == "") {
        $category = $_REQUEST['category'];
    } else {
        $category = $_REQUEST['categorymenu'];
    }

    // Update/Add item if title and category are filled in else error
    if ($_REQUEST['title'] != "" && $category != "") {
        // if the description is blank, return null
        if ($_REQUEST['description'] == "") {
            $description = null;
        } else {
            $description = $_REQUEST['description'];
        }
        // if the donated_by is blank, return null
        if ($_REQUEST['donated_by'] == "") {
            $donated_by = null;
        } else {
            $donated_by = $_REQUEST['donated_by'];
        }
        // run the query
        if (isset($_REQUEST['update'])) {
            $query = "UPDATE inventory SET title=?, category=?, description=?, donated_by=?, status=? WHERE id=?";
            $array = array($_REQUEST['title'], $category, $description, $donated_by, $_REQUEST['status'], $_REQUEST['id']);
            if ($DB->Query($query, $array)) {
                message_flash("Item Updated");
            } else {
                trigger_error("Item update failed :-(", E_USER_ERROR);
            }
        } elseif (isset($_REQUEST['add'])) {
            $query = "INSERT INTO inventory (title, category, description, donated_by, status) VALUES (?, ?, ?, ?, ?)";
            $array = array($_REQUEST['title'], $category, $description, $donated_by, $_REQUEST['status']);
            if ($DB->Query($query, $array)) {
                message_flash("Item Added");
            } else {
                trigger_error("Adding item failed :-( - " . $DB->ErrorMsg(), E_USER_ERROR);
            }
        }
    } else {
        trigger_error("Required field(s) missing", E_USER_WARNING);
    }
}

// Remove old taken junk
$DB->Query("DELETE FROM inventory WHERE (taken_on + interval'7 days')  < now()");


if ($mode == 'list') {
    // Get junk from database, and give admin the full list
    if ($admin == true) {
        $junk = $DB->GetAll("SELECT * FROM inventory ORDER BY category, title, id");
    } else {
        $junk = $DB->GetAll("SELECT * FROM inventory WHERE status = 'junk' ORDER BY category, title, id");
    }
    //
    // Check there is some junk
    if (sizeof($junk) < 1) {
        $mode = "nojunk";
    } else {

        // group the junk by status then by category
        foreach ($junk as $junkitem) {
            if ($junkitem['status'] != 'junk') {
                $status = "unknown";
            } else if ($junkitem['requested_by'] == null) {
                $status = "available";
            } else if ($junkitem['taken_on'] == null) {
                $status = "requested";
            } else {
                $status = "taken";
            }

            $sortedjunk[$status][$junkitem['category']][] = $junkitem;
        }
        $smarty->assign("junk", $sortedjunk);
    }


} else {
    $categories = $DB->GetCol("SELECT DISTINCT category FROM inventory ORDER BY category ASC");
    $smarty->assign("categories", $categories);
}
// Generate output

$smarty->assign("statuses", array("unknown", "in use", "wanted", "junk"));
$smarty->assign("componentpath", $baseurl . $component[path]);
$smarty->assign("mode", $mode);
$smarty->assign("admin", $admin);

$output = $smarty->fetch("junk.tpl");

$smarty->assign("title", "Junk List");
$smarty->assign("body", $output);

?>