From d21da715852ef9e8ff3bee06116232cc831b0e0e Mon Sep 17 00:00:00 2001 From: Felix Ivo Date: Mon, 23 Jun 2025 10:48:57 +0200 Subject: [PATCH 1/5] edit and create notes first push --- Controller/NotesController.php | 50 +++++++++++++++++++++++ Model/NotesModel.php | 68 +++++++++++++++++++++++++++++++ Views/Notes/createNote.phtml | 60 +++++++++++++++++++++++++++ Views/Notes/editNote.phtml | 60 +++++++++++++++++++++++++++ Views/Notes/showNoteDetails.phtml | 6 +-- Views/Notes/showNotes.phtml | 3 +- 6 files changed, 243 insertions(+), 4 deletions(-) create mode 100644 Views/Notes/createNote.phtml create mode 100644 Views/Notes/editNote.phtml diff --git a/Controller/NotesController.php b/Controller/NotesController.php index c2b4ffe..77c1190 100644 --- a/Controller/NotesController.php +++ b/Controller/NotesController.php @@ -36,4 +36,54 @@ class NotesController "note" => $note ]); } + + public function createNote() + { + if ($_SERVER['REQUEST_METHOD'] === 'POST') { + // Process form submission + $note = $this->notesModel->createNote( + $_POST['title'], + $_POST['content'], + $_SESSION['user_id'] + ); + + if ($note) { + // Redirect to show notes page after successful creation + header('Location: ?controller=NotesController&page=showNotes'); + exit(); + } else { + // If creation failed, show error message and stay on the form + $this->view->setVars([ + 'error' => 'Failed to create note. Please try again.' + ]); + } + } + } + + public function editNote() + { + if ($_SERVER['REQUEST_METHOD'] === 'POST') { + // Process form submission + $noteId = $_GET['id']; + $note = $this->notesModel->editNote($noteId, $_POST['title'], $_POST['content'], $_SESSION['user_id']); + + if ($note) { + // Redirect to show notes page after successful creation + header('Location: ?controller=NotesController&page=showNotes'); + exit(); + } else { + // If creation failed, show error message and stay on the form + $this->view->setVars([ + 'error' => 'Failed to create note. Please try again.' + ]); + } + } + } + + public function deleteNote() + { + $noteId = $_GET['id']; + $this->notesModel->deleteNote($noteId, $_SESSION['user_id']); + header("Location: ?controller=NotesController&page=showNotes"); + } } \ No newline at end of file diff --git a/Model/NotesModel.php b/Model/NotesModel.php index 2e47ae1..d348f17 100644 --- a/Model/NotesModel.php +++ b/Model/NotesModel.php @@ -61,4 +61,72 @@ class NotesModel extends Database return null; } } + + function createNote($title, $content, $userId) { + $pdo = $this->linkDB(); + if (!$pdo) return ['success' => false, 'message' => 'Database error.']; + if (empty(trim($title))) return ['success' => false, 'message' => 'Title is required.']; + try { + $stmt = $pdo->prepare("INSERT INTO notes (user_id, title, content) VALUES (?, ?, ?)"); + $stmt->execute([$userId, trim($title), $content]); // user_id is current session user + return ['success' => true, 'message' => 'Note created successfully.']; + } catch (PDOException $e) { + error_log("Create Note Error: " . $e->getMessage()); + return ['success' => false, 'message' => 'Failed to create note.']; + } + } + + function editNote($noteId, $userId, $title, $content) { + $pdo = $this->linkDB(); + if (!$pdo) return ['success' => false, 'message' => 'Database error.']; + if (empty(trim($title))) return ['success' => false, 'message' => 'Title is required.']; + try { + if (isAdmin()) { // Admin can update any note, user_id for record not changed + $stmt = $pdo->prepare("UPDATE notes SET title = ?, content = ? WHERE id = ?"); + $params = [trim($title), $content, $noteId]; + } else { // User can only update their own note + $stmt = $pdo->prepare("UPDATE notes SET title = ?, content = ? WHERE id = ? AND user_id = ?"); + $params = [trim($title), $content, $noteId, $userId]; + } + $stmt->execute($params); + + if ($stmt->rowCount() > 0) { + return ['success' => true, 'message' => 'Note updated successfully.']; + } + // Check if note exists if rowCount is 0 + $checkStmt = isAdmin() ? $pdo->prepare("SELECT id FROM notes WHERE id=?") : $pdo->prepare("SELECT id FROM notes WHERE id=? AND user_id=?"); + $checkParams = isAdmin() ? [$noteId] : [$noteId, $userId]; + $checkStmt->execute($checkParams); + if ($checkStmt->fetch()) { + return ['success' => true, 'message' => 'No changes made to the note.']; // Or false if you prefer + } + return ['success' => false, 'message' => 'Note not found or permission denied.']; + } catch (PDOException $e) { + error_log("Update Note Error: " . $e->getMessage()); + return ['success' => false, 'message' => 'Failed to update note.']; + } + } + + function deleteNote($noteId, $userId) { + $pdo = $this->linkDB(); + if (!$pdo) return ['success' => false, 'message' => 'Database error.']; + try { + if (isAdmin()) { // Admin can delete any note + $stmt = $pdo->prepare("DELETE FROM notes WHERE id = ?"); + $params = [$noteId]; + } else { // User can only delete their own note + $stmt = $pdo->prepare("DELETE FROM notes WHERE id = ? AND user_id = ?"); + $params = [$noteId, $userId]; + } + $stmt->execute($params); + + if ($stmt->rowCount() > 0) { + return ['success' => true, 'message' => 'Note deleted successfully.']; + } + return ['success' => false, 'message' => 'Note not found or permission denied.']; + } catch (PDOException $e) { + error_log("Delete Note Error: " . $e->getMessage()); + return ['success' => false, 'message' => 'Failed to delete note.']; + } + } } \ No newline at end of file diff --git a/Views/Notes/createNote.phtml b/Views/Notes/createNote.phtml new file mode 100644 index 0000000..db595b0 --- /dev/null +++ b/Views/Notes/createNote.phtml @@ -0,0 +1,60 @@ +notesModel = new \ppa\Model\NotesModel(); + +$isEditMode = false; +$note = null; +if ($isEditMode) { + $noteId = $_GET['id'] ?? 0; + $note = $this->notesModel->getNoteById($noteId, 2); //$_SESSION['user_id'] + if (!$note) { + echo "
Note not found or you don't have permission to edit it.
"; + echo "Back to Dashboard"; + } +} + +function isLoggedIn() { + return isset($_SESSION['user_id']); +} + +function isAdmin() { + return false;// isLoggedIn() && isset($_SESSION['role']) && $_SESSION['role'] === 'admin'; +} + +function sanitize($data, $flags = ENT_QUOTES, $encoding = 'UTF-8') { + return htmlspecialchars((string)$data, $flags, $encoding); +} +?> + + + +
Drag & drop a .txt or .md file here, or fill manually.
+ +
+ + + + +
+ + +
+
+ + +
+
+ +
+ text(sanitize($note['content'])); else echo "Start typing or drop a file to see preview..."; ?> +
+
+
+ +
+
\ No newline at end of file diff --git a/Views/Notes/editNote.phtml b/Views/Notes/editNote.phtml new file mode 100644 index 0000000..3108b9e --- /dev/null +++ b/Views/Notes/editNote.phtml @@ -0,0 +1,60 @@ +notesModel = new \ppa\Model\NotesModel(); + +$isEditMode = true; +$note = null; +if ($isEditMode) { + $noteId = $_GET['id'] ?? 0; + $note = $this->notesModel->getNoteById($noteId, 2); //$_SESSION['user_id'] + if (!$note) { + echo "
Note not found or you don't have permission to edit it.
"; + echo "Back to Dashboard"; + } +} + +function isLoggedIn() { + return isset($_SESSION['user_id']); +} + +function isAdmin() { + return false;// isLoggedIn() && isset($_SESSION['role']) && $_SESSION['role'] === 'admin'; +} + +function sanitize($data, $flags = ENT_QUOTES, $encoding = 'UTF-8') { + return htmlspecialchars((string)$data, $flags, $encoding); +} +?> + + + +
Drag & drop a .txt or .md file here, or fill manually.
+ +
+ + + + +
+ + +
+
+ + +
+
+ +
+ text(sanitize($note['content'])); else echo "Start typing or drop a file to see preview..."; ?> +
+
+
+ +
+
\ No newline at end of file diff --git a/Views/Notes/showNoteDetails.phtml b/Views/Notes/showNoteDetails.phtml index 934deed..3c7aa7f 100644 --- a/Views/Notes/showNoteDetails.phtml +++ b/Views/Notes/showNoteDetails.phtml @@ -25,9 +25,9 @@ $parsedown->setSafeMode(true);
- Back to Notes + Back to Notes - Edit Note + Edit Note
@@ -35,7 +35,7 @@ $parsedown->setSafeMode(true);

Note Not Found

- Back to Notes + Back to Notes
diff --git a/Views/Notes/showNotes.phtml b/Views/Notes/showNotes.phtml index 09eecae..0c264ca 100644 --- a/Views/Notes/showNotes.phtml +++ b/Views/Notes/showNotes.phtml @@ -14,6 +14,7 @@ function isAdmin() { return false;// isLoggedIn() && isset($_SESSION['role']) && $_SESSION['role'] === 'admin'; } + function sanitize($data, $flags = ENT_QUOTES, $encoding = 'UTF-8') { return htmlspecialchars((string)$data, $flags, $encoding); } @@ -51,7 +52,7 @@ - Edit + Edit From 21aa81dbd3f881d6cac76886b8f7b899e02662aa Mon Sep 17 00:00:00 2001 From: Felix Ivo Date: Mon, 23 Jun 2025 10:52:30 +0200 Subject: [PATCH 2/5] removed user specified hardcode --- Views/Notes/createNote.phtml | 2 +- Views/Notes/editNote.phtml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Views/Notes/createNote.phtml b/Views/Notes/createNote.phtml index db595b0..5b47333 100644 --- a/Views/Notes/createNote.phtml +++ b/Views/Notes/createNote.phtml @@ -8,7 +8,7 @@ $isEditMode = false; $note = null; if ($isEditMode) { $noteId = $_GET['id'] ?? 0; - $note = $this->notesModel->getNoteById($noteId, 2); //$_SESSION['user_id'] + $note = $this->notesModel->getNoteById($noteId, $_SESSION['user_id']); if (!$note) { echo "
Note not found or you don't have permission to edit it.
"; echo "Back to Dashboard"; diff --git a/Views/Notes/editNote.phtml b/Views/Notes/editNote.phtml index 3108b9e..b990bd1 100644 --- a/Views/Notes/editNote.phtml +++ b/Views/Notes/editNote.phtml @@ -8,7 +8,7 @@ $isEditMode = true; $note = null; if ($isEditMode) { $noteId = $_GET['id'] ?? 0; - $note = $this->notesModel->getNoteById($noteId, 2); //$_SESSION['user_id'] + $note = $this->notesModel->getNoteById($noteId, $_SESSION['user_id']); if (!$note) { echo "
Note not found or you don't have permission to edit it.
"; echo "Back to Dashboard"; From e54a8f241e56b2bf42c1e85d81e692e69611883b Mon Sep 17 00:00:00 2001 From: Felix Ivo Date: Mon, 23 Jun 2025 11:04:08 +0200 Subject: [PATCH 3/5] fixed parsedown import, submit buttons are now shown --- Views/Notes/createNote.phtml | 3 +++ Views/Notes/editNote.phtml | 3 +++ Views/Notes/showNotes.phtml | 7 +++++-- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/Views/Notes/createNote.phtml b/Views/Notes/createNote.phtml index 5b47333..d87fe08 100644 --- a/Views/Notes/createNote.phtml +++ b/Views/Notes/createNote.phtml @@ -2,6 +2,9 @@ use ppa\Model\NotesModel; include dirname(__DIR__).'/header.phtml'; +$parsedown = new Parsedown(); +$parsedown->setSafeMode(true); + $this->notesModel = new \ppa\Model\NotesModel(); $isEditMode = false; diff --git a/Views/Notes/editNote.phtml b/Views/Notes/editNote.phtml index b990bd1..123a961 100644 --- a/Views/Notes/editNote.phtml +++ b/Views/Notes/editNote.phtml @@ -2,6 +2,9 @@ use ppa\Model\NotesModel; include dirname(__DIR__).'/header.phtml'; +$parsedown = new Parsedown(); +$parsedown->setSafeMode(true); + $this->notesModel = new \ppa\Model\NotesModel(); $isEditMode = true; diff --git a/Views/Notes/showNotes.phtml b/Views/Notes/showNotes.phtml index 0c264ca..067374d 100644 --- a/Views/Notes/showNotes.phtml +++ b/Views/Notes/showNotes.phtml @@ -1,7 +1,5 @@ -

Notes

-
+ + From bcde6649b5ddb1334b6ac760e2c0f4a215a5a5fa Mon Sep 17 00:00:00 2001 From: Felix Ivo Date: Mon, 23 Jun 2025 11:06:11 +0200 Subject: [PATCH 4/5] enabled live markdown preview --- Views/header.phtml | 1 + 1 file changed, 1 insertion(+) diff --git a/Views/header.phtml b/Views/header.phtml index d5593ba..2987ec5 100644 --- a/Views/header.phtml +++ b/Views/header.phtml @@ -5,6 +5,7 @@ + From 80cb9f2818f027c8fac4ceb674cda189173a7d04 Mon Sep 17 00:00:00 2001 From: Felix Ivo Date: Mon, 23 Jun 2025 11:12:35 +0200 Subject: [PATCH 5/5] fixed margins --- Views/Notes/createNote.phtml | 6 +++++- Views/Notes/editNote.phtml | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/Views/Notes/createNote.phtml b/Views/Notes/createNote.phtml index d87fe08..82acc2d 100644 --- a/Views/Notes/createNote.phtml +++ b/Views/Notes/createNote.phtml @@ -31,6 +31,8 @@ function sanitize($data, $flags = ENT_QUOTES, $encoding = 'UTF-8') { } ?> +
+ diff --git a/Views/Notes/editNote.phtml b/Views/Notes/editNote.phtml index 123a961..dcc388a 100644 --- a/Views/Notes/editNote.phtml +++ b/Views/Notes/editNote.phtml @@ -31,6 +31,8 @@ function sanitize($data, $flags = ENT_QUOTES, $encoding = 'UTF-8') { } ?> +
+