Merge branch 'main' of http://git.pb.bib.de/PBBFA23CIV/EIANotesApp

Controller/NotesController.php

@@ -28,4 +28,12 @@ class NotesController
         ]);
     }
 
+    public function showNoteDetails() 
+    {
+        $noteId = $_GET['id'];
+        $note = $this->notesModel->getNoteById($noteId);
+        $this->view->setVars([
+            "note" => $note
+        ]);
+    }
 }

Model/NotesModel.php

@@ -43,4 +43,22 @@ class NotesModel extends Database
             return false;
         }
     }
+
+    function getNoteById($noteId) {
+        $pdo = $this->linkDB();
+        if (!$pdo) return null;
+        try {
+            if ($_SESSION['role'] === 'admin') { // Admin can fetch any note
+                $stmt = $pdo->prepare("SELECT n.*, u.username as owner_username FROM notes n JOIN users u ON n.user_id = u.id WHERE n.id = ?");
+                $stmt->execute([$noteId]);
+            } else { // Regular user can only fetch their own notes
+                $stmt = $pdo->prepare("SELECT * FROM notes WHERE id = ? AND user_id = ?");
+                $stmt->execute([$noteId, $_SESSION['user_id']]);
+            }
+            return $stmt->fetch();
+        } catch (PDOException $e) {
+            error_log("Get Note Error: " . $e->getMessage());
+            return null;
+        }
+    }
 }

Views/Notes/showNoteDetails.phtml

@@ -0,0 +1,43 @@
+<?php include dirname(__DIR__).'/header.phtml'; ?>
+
+<?php
+$parsedown = new Parsedown();
+$parsedown->setSafeMode(true);
+?>
+
+<div class="container">
+    <?php if (isset($note) && $note): ?>
+        <div class="note-details">
+            <div class="note-header">
+                <h2><?php echo htmlspecialchars($note['title'] ?? ''); ?></h2>
+                <div class="note-meta">
+                    <?php if (($isAdmin ?? false) && isset($note['owner_username'])): ?>
+                        <span class="note-owner">Owner: <?php echo htmlspecialchars($note['owner_username']); ?></span>
+                    <?php endif; ?>
+                    <span class="note-date">
+                        Last updated: <?php echo isset($note['updated_at']) ? date("d.m.Y H:i", strtotime($note['updated_at'])) : 'N/A'; ?>
+                    </span>
+                </div>
+            </div>
+            
+            <div class="note-content">
+                <?php echo $parsedown->text($note['content'] ?? ''); ?>
+            </div>
+            
+            <div class="note-actions">
+                <a href="?controller=NotesController&page=showNotes" class="button">Back to Notes</a>
+                <?php if (isset($note['id'])): ?>
+                    <a href="?controller=NotesController&page=editNote&note_id=<?php echo (int)$note['id']; ?>" class="button">Edit Note</a>
+                <?php endif; ?>
+            </div>
+        </div>
+    <?php else: ?>
+        <div class="error-message">
+            <h2>Note Not Found</h2>
+            <p><?php echo htmlspecialchars($error ?? 'The requested note could not be found.'); ?></p>
+            <a href="?controller=NotesController&page=showNotes" class="button">Back to Notes</a>
+        </div>
+    <?php endif; ?>
+</div>
+
+<?php include dirname(__DIR__).'/footer.phtml'; ?>

Views/Notes/showNotes.phtml

@@ -38,7 +38,7 @@
             <?php foreach ($notes as $note): ?>
                 <tr>
                     <td><?php echo sanitize($note['id']); ?></td>
-                    <td><a href="index.php?page=view_note&id=<?php echo $note['id']; ?>"><?php echo sanitize($note['title']); ?></a></td>
+                    <td><a href="?controller=Notes&do=showNoteDetails&id=<?php echo $note['id']; ?>"><?php echo sanitize($note['title']); ?></a></td>
                     <?php if (isAdmin()): ?>
                     <td><?php echo sanitize($note['owner_username']); ?></td>
                     <?php endif; ?>

Views/User/showUserLoginForm.phtml

@@ -1,5 +1,4 @@
 <?php include dirname(__DIR__).'/header.phtml'; ?>
-<script src="JavaScript/script.js"></script>
 <div class="form-container">
     <h2>Login</h2>
     <form id="login-form" method="POST">

Views/header.phtml

@@ -8,13 +8,27 @@
         <script src="JavaScript/script.js"></script>
      </head>
     <body>
-        <header>
-            <div class="wrapper">
-                <div class="button">
-                    <a href="?controller=User&do=showUserLoginForm">Anmelden</a>
+        <header class="top-bar">
+            <h1>Notes App <?php if($_SESSION['role'] === 'admin') echo "<span style='font-size:0.7em; color:#ffdd57;'>(Admin Panel)</span>"; ?></h1>
+            <?php if (isset($_SESSION['user_id'])): ?>
+                <div class="user-info">
+                    <span>Welcome, <?php echo htmlspecialchars($_SESSION['username'], ENT_QUOTES, 'UTF-8'); ?>!</span>
+                    <form id="logout-form" method="POST" style="display: inline;">
+                        <input type="hidden" name="action" value="logout">
+                        <button type="submit" class="icon-button" title="Logout">→</button>
+                    </form>
+                    <!-- <button class="icon-button" title="More options">⋮</button> -->
                 </div>
-                <h1>Notes<span>.de</span></h1>
+            <?php else: ?>
+                <div class="user-info">
+                    <?php if (!isset($_SESSION['user_id'])): ?>
+                        <a href="?controller=User&do=showUserLoginForm">Login</a>
+                    <?php endif; ?>
+                    <?php if (!isset($_SESSION['user_id'])): ?>
+                        <a href="?controller=User&do=showUserRegisterForm">Register</a>
+                    <?php endif; ?>
                 </div>
+            <?php endif; ?>
         </header>
         <nav>
             <ul>