<?php
//////////////////
// DOCFLOW PAGE //
//////////////////
// do all the document management system
// show all documents for the admin, or only same-service documents for other users
// allow to edit the date, or to define new ones

// file map :
// - init: some variable / array definition
// - db selectors : compute what to use in the "WHERE ..." statement of the main table display SQL querry
//
// - actions :
//    - delete / undo delete row action
//    - set / delete a date in a cell (or terminate the row)
//
// - display
//    - options / selectors
//    - table heading row
//    - table content

require("misc.inc.php");
session_check();

//////////
// init
//
$action_status=null;

// some usefull data
$table_header=array(
	'del'=>'x',
	'service'=>'S.',
	'objet'=>'Objet',
	'datecreation'=>'Création',
	'datefait'=>'Fait le',
	'datedepot'=>'Dépot.',
	'dateretour'=>'Retour.',
	'datepublic'=>'public',
	'dateexecutoire'=>'Exéc.',
	'datefin'=>'Fin',
	'num'=>'Numéro',
	'filename'=>'fichiers'
);
$sortable_list=array(
	'service',
	'datecreation',
	'datefait',
	'datedepot',
	'dateretour',
	'datepublic',
	'dateexecutoire',
	'datefin',
	'num'
);
$dates_list=array('datecreation', 'datefait', 'datedepot', 'dateretour', 'datepublic', 'dateexecutoire');

$splitup_date=array(
	// field name => (byte size, right separator, date() php func character to obtain it),
	'dated'=>array('size'=>2, 'sep'=>'/', 'char'=>'j'),
	'datem'=>array('size'=>2, 'sep'=>'/', 'char'=>'n'),
	'datey'=>array('size'=>4, 'sep'=>' &nbsp; - &nbsp; ', 'char'=>'Y'),
	'timeh'=>array('size'=>2, 'sep'=>':', 'char'=>'G'),
	'timem'=>array('size'=>2, 'sep'=>'', 'char'=>'i')
);

if (array_key_exists('timeh', $_POST) && $_POST['timeh']=='') $_POST['timeh']='0';
if (array_key_exists('timem', $_POST) && $_POST['timem']=='') $_POST['timem']='0';
if (!array_key_exists('datetype', $_POST))
	$_POST['datetype']='now';
if ($_POST['datetype']=='custom' && !checkdatetime($_POST['dated'], $_POST['datem'], $_POST['datey'], $_POST['timeh'], $_POST['timem'])) {
	$action_status='error';
	$action_message='Date invalide';
}

if ($_POST['datetype']=='custom')
	$selected_year=html2php($_POST['datey']);
else
	$selected_year=date('Y');


//////////////////
// db selectors
//

// if user is not admin, only view documents for his own service
$selector_service='';

if ($_SESSION['userid']!=$CONFIG_ROOTID) {

	// not root
	if (!$_SESSION['service'])
		citydie('l\'utilisateur n\'est pas administrateur et n\'a aucun service spécifié');
	$selector_service=" AND service='". $_SESSION['service']."' ";
} else {
	// if root user, we allow the selector to be set in the input form
	$list_service=$_user_name; //mysql_fetch_all("SELECT id, name FROM services;", $dblink);
	if (array_key_exists('selected_service',$_POST) && $_POST['selected_service']) {
		$selector_service=" AND service='". php2db($_POST['selected_service'])."' ";
	}
}

// either finished / unfinished / deleted documents
// behavior :
// show_finished -> show all non deleted finished documents (although normaly it's impossible to delete finished document)
// show_unfinished -> show all non deleted unfinished documents
// show_deleted -> show all deleted documents, can show others if show_unfinished or show_finished also checked,
//	will obviously also show unfinished deleted documents even if show_unfinished is false
$selector_state=$selector_state_unfinished=$selector_state_finished=$selector_state_deleted='';
$show_finished=$show_unfinished=$show_deleted=false;
if (array_key_exists('state', $_POST)) {
	if (in_array('unfinished', $_POST['state']))
		$show_unfinished=true;
	if (in_array('finished', $_POST['state']))
		$show_finished=true;
	if (in_array('deleted', $_POST['state']))
		$show_deleted=true;
} else {
	$show_unfinished=true;
	$show_finished=true;
}

// construct something like " AND (del=1   OR datefin IS NOT NULL   OR datefin IS NULL  ) AND (del=0   OR del=1  )"
if ($show_finished)
	$selector_state_finished='OR datefin IS NOT NULL';
if ($show_unfinished)
	$selector_state_unfinished='OR datefin IS NULL';
if ($show_deleted)
	$selector_state_deleted='OR del=1';
$selector_state=" AND (del=1 $selector_state_finished $selector_state_unfinished) AND (del=0 $selector_state_deleted)";

// search objet selector, "like" comparer on objet field
$selector_search='';
$search_words=null;
if (array_key_exists('search', $_POST) && $_POST['search']) {
	$selector_search=" AND objet like '%".php2db(html2php($_POST['search']))."%' ";
	$search_words=html2php($_POST['search']);
}


// NEED TO KNOW ITEMCOUNT_MAX NOW, this code just read that
$querry=mysql_query_checked("SELECT count(*) AS c FROM documents WHERE 1=1 $selector_service $selector_state $selector_search;", $dblink);
$result=mysql_fetch_assoc($querry);
$itemcount_max=$result['c'];


// selector_order : if a row is cliked, use it with "ORDER BY" in the querry
$selector_order='';
if (array_key_exists('order_old', $_POST))
	$selector_order=html2php($_POST['order_old']);
foreach ($sortable_list as $sortable_item)
	if (array_key_exists('sort_'.$sortable_item, $_POST))
		$selector_order=$sortable_item;
if (!$selector_order || ! in_array($selector_order, $sortable_list))
	$selector_order='datecreation';
$selector_order_final=$selector_order;
if ($selector_order=='num')
	$selector_order_final='num_annee DESC, num';

// result range : start from itemmin, display itemcount items
if (!array_key_exists('itemmin', $_POST) || !ctype_digit($_POST['itemmin']) || $_POST['itemmin']<1 || $_POST['itemmin']>$itemcount_max)
	$itemmin=1;
else
	$itemmin=html2php($_POST['itemmin']);

if (!array_key_exists('itemcount', $_POST) || !ctype_digit($_POST['itemcount']) || $_POST['itemcount']<1)
	$itemcount=50;
else
	$itemcount=html2php($_POST['itemcount']);
$selector_range=' LIMIT '.php2db($itemcount).' OFFSET '.php2db($itemmin -1).' ';

/////////////////////
// db apply action
//

if (!$action_status){
// extract submited values
$action_type=$action_col=$action_filename=$action_service=null;
if (array_key_exists('submit_ok',$_POST)) {
	$action_type='submit_ok';
	list($action_col,$action_service, $action_filename)=explode("_", $_POST['submit_ok'], 3);
} elseif (array_key_exists('submit_del',$_POST)) {
	$action_type='submit_del';
	list($action_col,$action_service, $action_filename)=explode("_", $_POST['submit_del'], 3);
} elseif (array_key_exists('submit_delrow',$_POST)) {
	$action_type='submit_delrow';
	list($action_service, $action_filename)=explode("_", $_POST['submit_delrow'], 2);
} elseif (array_key_exists('submit_undo',$_POST)) {
	$action_type='submit_undo';
	list($action_service, $action_filename)=explode("_", $_POST['submit_undo'], 2);
}

// if extracted sucessfully, for row delelte/undo
if (($action_type=='submit_undo' || $action_type=='submit_delrow') && $action_filename && $action_service) {
	service_allowed_check($action_service);
	if ($action_type=='submit_undo') {
		$action_status='ok';
		$action_message="Document $action_filename ($action_service) récupéré";
		$value='0';
	} else {
		$action_status='ok';
		$action_message="Document $action_filename ($action_service) supprimé";
		$value='1';
	}
	$sql="UPDATE documents SET del=$value WHERE filename='".php2db($action_filename)
		."' AND service='".php2db($action_service)."';";
	mysql_query_checked($sql,$dblink);
}

// if extracted sucessfully, for date changes
if (($action_type=='submit_ok' || $action_type=='submit_del') && $action_col && $action_filename && $action_service) {
	if (in_array($action_col, $dates_list) || $action_col=='datefin') {
		service_allowed_check($action_service);
		// define the right datetime value in the sql statement
		if ($action_type=='submit_del') {
			$selector_isnull=" AND $action_col IS NOT NULL ";
			$sql_datevalue='NULL';
		} else {
			if ($_POST['datetype']=='now')
				$sql_datevalue='NOW()';
			else
				$sql_datevalue="'".$_POST['datey'].'-'.$_POST['datem'].'-'.$_POST['dated'].' '.$_POST['timeh'].':'.$_POST['timem'].":00'";

			$sql="SELECT num_annee, num, datecreation, datefait, datedepot, dateretour, datepublic, dateexecutoire, datefin, NOW()"
				." FROM documents WHERE filename='".php2db($action_filename)
				."' AND documents.service='".php2db($action_service)."';";
			$result=mysql_query_checked($sql, $dblink);
			list($num_annee, $num, $datecreation, $datefait, $datedepot, $dateretour, $datepublic, $dateexecutoire, $datefin, $sqlnow)=mysql_fetch_row($result);

			$selector_isnull=" AND $action_col IS NULL ";
			if ($action_col=='datefin') {
				// do some cool file copy things
				$src=$CONFIG_WSPS_PATH.$CONFIG_WSPS_DOCFLOW.'sources/'.$action_service.'/'.$action_filename;
				$dest=$CONFIG_WSPS_PATH.$CONFIG_WSPS_VALID.'sources/_nouveaux/';
				$exts=Array('pdf','xml');
				// file access check
				if (!(is_dir($src) && is_readable($src)))
					citydie("chemin du fichier sur le serveur n'est pas un répertoire accessible $src");
				foreach ($exts as $ext)
					if (!(is_file($src.'/document.'.$ext) && is_readable($src.'/document.'.$ext)))
						citydie("le fichier $ext n'est pas accessible");
				if (!file_exists($CONFIG_WSPS_PATH.$CONFIG_WSPS_VALID.'sources/'.$action_service))
					if (!mkdir($CONFIG_WSPS_PATH.$CONFIG_WSPS_VALID.'sources/'.$action_service))
						citydie("impossible de créer le répertoire du service sur le serveur");

				// parse / rewrite document with metadata changes
				// the copy itself
				foreach ($exts as $ext) {
					$srcfile=$src.'/document.'.$ext;
					$destfile=$dest.$action_filename.'.'.$ext;
					
					if ($ext!='xml') {
						// copy generated document "as is"
						if (!copy($srcfile, $destfile))
							citydie("impossible de copier le fichier sur le serveur $srcfile -> $destfile");
					} else {
						$datecreation=date('d/m/y',strtotime($datecreation));
						$datefait=date('d/m/y',strtotime($datefait));
						if ($datedepot)
							$datedepot=date('d/m/y',strtotime($datedepot));
						if ($dateretour)
							$dateretour=date('d/m/y',strtotime($dateretour));
						if ($datepublic)
							$datepublic=date('d/m/y',strtotime($datepublic));
						if ($dateexecutoire)
							$dateexecutoire=date('d/m/y',strtotime($dateexecutoire));
						$metaarray=Array('service'=>$_user_code[$action_service], 'annee'=>$num_annee, 'num'=>$num,
							'datecreation'=>$datecreation, 'datefait'=>$datefait, 'dateenvoi'=>$datedepot,
							'dateretour'=>$dateretour, 'datepublic'=>$datepublic, 'dateexecutoire'=>$dateexecutoire);
						$da=new DOMArrete($srcfile);
						$da->setMeta($metaarray);
						$da->save($destfile);
					}
				}
				$action_status='ok';
				$action_message="Document $action_filename ($action_service) terminé";
			}
		}
		// auto-numbering
		if ($action_col=='datefait' && $action_type=='submit_ok') {
			// check if modified same year
			$result=mysql_query_checked("SELECT num_annee FROM documents WHERE filename='".php2db($action_filename)
				."' AND service='".php2db($action_service)."';",$dblink);
			list($num_year)=mysql_fetch_row($result);
			if ($num_year && $num_year!=$selected_year)
				citydie('La date "Fait le" doit être cohérente avec l\'année de la numérotation du document');
			if (! $num_year) {
				// extract next free number
				$result=mysql_query_checked("SELECT MAX(num) AS num FROM documents WHERE num_annee=$selected_year;",$dblink);
				list($max_num)=mysql_fetch_row($result);
				$max_num=((int)$max_num)+1;

				// do the query
				$sql="UPDATE documents SET num=$max_num,num_annee=$selected_year WHERE filename='".php2db($action_filename)
					."' AND service='".php2db($action_service)."' AND $action_col IS NULL;";
				mysql_query_checked($sql,$dblink);
			}
		}
		$sql="UPDATE documents SET $action_col=$sql_datevalue WHERE filename='".php2db($action_filename)
			."' AND service='".php2db($action_service)."' ".$selector_isnull.";";
		mysql_query_checked($sql,$dblink);
		
	} else {
		citydie("Erreur interne : le type de date a modifier n'est pas dans la liste des champs de la base de donnée.");
	}
}
}

//////////////////////
// db content fetch
//
$table_content=mysql_fetch_all("SELECT del, service, objet, datecreation, datefait, datedepot, dateretour, datepublic, dateexecutoire, datefin, num, num_annee, filename FROM documents WHERE 1=1 $selector_service $selector_state $selector_search ORDER BY $selector_order_final DESC $selector_range;", $dblink);

require("head.inc.php");

////////////////////
// Status display
// (area or placeholder
if (!$action_status)
	echo '<div class="status_none">&nbsp;</div>';
else
	echo '<div class="status_'.$action_status.'">'.php2html($action_message).'</div>';


////////////////////////////
// Form display : options
//
?>
<form action="docflow.php" method="post">
<div class="row">
<input class="tradio" type="radio" name="datetype" value="now" <?php if ($_POST['datetype']!='custom') {echo "checked";} ?>/>Date courante <?php
echo date('(d/m/Y - H:i)');
?><br>
<input class="tradio" type="radio" name="datetype" value="custom" <?php if ($_POST['datetype']=='custom') {echo "checked";} ?>/>Date spécifique (jj/mm/aaaa)
<?php
// check if no filed of the date has recieved input
$date_empty=true;
foreach ($splitup_date as $name=>$a)
	if (array_key_exists($name, $_POST) && $name!='timeh' && $name!='timem' && $_POST[$name]!=='') {
		$date_empty=false;
	}

// if unfilled, do prefill
if ($date_empty)
	foreach ($splitup_date as $name => $val)
		$_POST[$name]=date($val['char']);

// display broken up date selector (1 cell = 1 date field)
foreach ($splitup_date as $name => $val)
	echo '<span><input class="ttext" type="text" name="'.$name.'" maxlength="'.$val['size'].'" size="'.$val['size'].'" value="'. $_POST[$name] . '"/></span>'.$val['sep']."\n";
echo '<input class="tsubmit" style="margin-left:30px;" type="submit" name="refresh" value="Actualiser">';
echo '</div>';
echo '<hr>'."\n";

// display text search selector
echo '<span style="margin-right:50px;">';
echo 'Objet contient : ';
if (!array_key_exists('search', $_POST))
	 $_POST['search']='';
echo '<input class="ttext" type="text" name="search" maxlength="80" size="20" value="'. $_POST['search'] . '"/>';
echo '</span>' . "\n";


// display state selector
$checkbox_finished=$checkbox_unfinished=$checkbox_deleted='';
echo '<span style="margin-right:50px;">';
if ($show_finished)
	$checkbox_finished=' CHECKED';
if ($show_unfinished)
	$checkbox_unfinished=' CHECKED';
if ($show_deleted)
	$checkbox_deleted=' CHECKED';
echo 'Etat : ';
echo '<input type="checkbox" name="state[]" value="unfinished"'.$checkbox_unfinished.'> Non terminés &nbsp; | &nbsp;';
echo '<input type="checkbox" name="state[]" value="finished"'.$checkbox_finished.'> Terminés &nbsp; | &nbsp;';
echo '<input type="checkbox" name="state[]" value="deleted"'.$checkbox_deleted.'> Supprimés';
echo '</span>';

echo '<div>'."\n";


// display "items from X to Y" selector
echo '<span style="margin-right:50px;">';
echo 'Afficher <input class="ttext" type="text" name="itemcount" maxlength="5" size="5" value="'. $itemcount . '"/> ';
echo 'en commençant a l\'item <input class="ttext" type="text" name="itemmin" maxlength="5" size="5" value="'. $itemmin . '"/> / '. $itemcount_max;
echo '</span>'."\n";

// display service selector
if ($_SESSION['userid']==$CONFIG_ROOTID) {
	echo '<span>Service : <select name="selected_service" class="tselect">';
	echo '<option value=""> - Tout voir - </option>';
	foreach ($_user_name as $key => $value) {
		if ($key==$GLOBALS['CONFIG_ROOTID'])
			continue;
		$selected_str='';
		if (array_key_exists('selected_service',$_POST) && $_POST['selected_service'])
			$selected_str=($key==$_POST['selected_service'])? ' selected':'';
		echo '<option value="'.$key.'"'.$selected_str.'>'.$value.'</option>'."\n";
	}
	/*
	foreach ($list_service as $service) {
		$selected_str='';
		if (array_key_exists('selected_service',$_POST) && $_POST['selected_service'])
			$selected_str=($service['id']==$_POST['selected_service'])? ' selected':'';
		echo '<option value="'.$service['id'].'"'.$selected_str.'>'.db2php($service['name']).'</option>'."\n";
	}*/
	echo '</select></span>';
}

echo '</div>' . "\n";

//////////////////////////
// Form display : table
//
echo '<input type="hidden" name="order_old" value="'.$selector_order.'">';
echo '<table class="main">';
echo '<tr class="main">';
// Display table header
foreach ($table_header as $name => $val) {
	if (in_array($name,$sortable_list)) {
		$color='';
		if ($name=='datefin' || $name=='datefait')
			$color=' style="color:#DD0000;"';
		$val="<input class=\"tsubmit\" type=\"submit\" name=\"sort_$name\" value=\"$val\"$color>";
	}
	echo '<th class="main">'.$val.'</th>';
}

// Display table content
foreach ($table_content as $row) {
	echo '<tr class="main" style="table-layout:fixed;">';
	$datecount=0;
	// for each documement (1 by row)
	foreach ($row as $name=>$val) {
		$invaliddate_style='';
		$invaliddate_message='';
		$val=db2php($val);
		if ($name=='num_annee' || $name=='servicename')
			continue;
		$submit='';
		$submit_type='';
		$completed=$deleted='';
		// replace raw number with service-year-num format
		if ($name=='num' && $val )
			$val=$row['num_annee']. '-'.$val;
		if ($name=='filename' && $val) {
			$val='<table class="docicons"><tr>';
			foreach (Array('pdf','xml') as $type)
				$val.='<td><a target="blank" href="'.$CONFIG_BASELOCATION.'/openfile.php?filename='.urlencode($row['filename']).'&amp;service='.urlencode($row['service']).'&amp;type='.$type.'"><img style="border:0px none;" src="img/page_white_'.$type.'.png" alt="'.$row['filename'].'.'.$type.'" title="'.$row['filename'].'.'.$type.'"></a></td>';
			$val.='</tr></table>';
		}
		if ($row['datefin']) $completed=' completed';
		if ($row['del']) $deleted=' deleted';
		if (in_array($name, $dates_list)) {
			if ($val) {
				// number of filled dates
				$datecount++;
				$submit_type="del";
			} else {
				if ($name!='datefait' || !$row['num_annee'] || $selected_year==$row['num_annee'])
					$submit_type="ok";
				// cannot change datefait if year is different that current
			}
		}
		// completed field : only for the right field, if not already completed, and if all previous dates are completed
		if ($name=='datefin' && !$val
				// you are not forced to send to "prefecture", you can still validate it
				&& ($datecount==5 || ($datecount==3 && !$row['datedepot'] && !$row['dateretour'])))
			$submit_type="ok";
		if ($submit_type && !$completed && !$deleted &&
				// datepublic & dateexecutoire are mutualy exclusive
				!($name=='datepublic' && $row['dateexecutoire']) && 
				!($name=='dateexecutoire' && $row['datepublic']))
			$submit='<div class="submitcontainer"><input class="customsubmit_'.$submit_type.'" type="submit" name="submit_'.$submit_type.'" value="'.$name."_".$row['service']."_".$row['filename'].'"></div>';
		switch ($name) {
			case 'datecreation':
				$previousdate=null;
			case 'datefait':
			case 'datedepot':
			case 'dateretour':
			case 'datepublic':
			case 'dateexecutoire':
			case 'datefin':
				// colwidth not used yet
				$colwidth='6%';
				if ($previousdate && $val && $previousdate>$val) {
					$invaliddate_style=' invaliddate';
					$invaliddate_message=' (attention, date ou heure décroissante)';
				}
				if ($val) {
					$previousdate=$val;
					$val='<span class="date" title="'.date('H:i:s',strtotime($val)).$invaliddate_message.'">'.date('d/m/y',strtotime($val)).'</span>';
				}
				break;
			case 'service':
				if (array_key_exists($row['service'], $_user_name))
					$val='<span title="'.$_user_name[$row['service']].'">'.$val.'</span>';
				$colwidth='6%';
				break;
			case 'objet':
				$colwidth='40%';
				if (strlen($val)>100)
					$val=substr($val, 0, 100) . '...';
				// escape after truncate (not to break an html entity), but before search highlight (to allow <span>)
				$val=php2html($val);
				if ($search_words)
					$val=str_replace($search_words, '<span class="search_results">'.$search_words.'</span>',$val);
				break;
			case 'filename':
				$colwidth='60';
				break;
			case 'del':
				$colwidth='18';
				if ($completed)
					break;
				if ($val)
					$action_part='undo';
				else
					$action_part='delrow';
				$val='<input class="customsubmit_'.$action_part.'" type="submit" name="submit_'.$action_part.'" value="'
					.$row['service']."_".$row['filename'].'">';
				break;
		}
		if (!$val)
			$val="&nbsp;";
		echo '<td class="main'.$completed.$deleted.$invaliddate_style.'" width="'.$colwidth.'">'.$submit.'<div class="val">'.$val.'</div></td>'."\n";
	}
	echo '</tr>';
}
echo '</table>';
?>

</form>
<?php require("foot.inc.php"); ?>