/* Rob's Easy Budget Tool 
*  http://www.edgerob.net/budget
*
*  This code is freely distributable for educational and non-commercial use.
*/

<?php


$action = $_GET['action'];

if ($action == "login")
{
	$user = $_GET['user'];
	$pass = $_GET['pass'];

	if (doLogin($user, $pass) == 0)
	{
		echo "0";
	} else {
		echo "1";
	}

	return;
}

if ($action == "logout")
{
	unset($_SESSION['username']);
	unset($_SESSION['name']);
	$_SESSION = array();
	session_destroy();

	header("Location: index.php");
	return;
}

if ($action == "register")
{
	$email = $_GET['email'];
	$pass = $_GET['pass'];
	$name = $_GET['name'];

	$q = "select email from users where email='$email'";
	$result = mysql_query($q) or die(mysql_error());
	if (mysql_num_rows($result))
	{
		echo "1";
		return;
	}

	$q = "insert into users (email, password, name) values ('$email', '$pass', '$name')";
	$result = mysql_query($q) or die(mysql_error());

	$q = "insert into totals (user, total) values ('$email', '0')";
	$result = mysql_query($q) or die(mysql_error());

	echo "0";
	return;
}

if ($action == "reset")
{
	$email = $_GET['email'];

	$q = "select name, email from users where email='$email'";
	$result = mysql_query($q) or die(mysql_error());
	if (!mysql_num_rows($result))
	{
		echo "1";
		return;
	}
	$temp = mysql_fetch_array($result);
	$name = $temp['name'];

    $chars = "abcdefghijkmnopqrstuvwxyz023456789";
    srand((double)microtime()*1000000);
    $i = 0;
    $pass = '' ;
    while ($i <= 7) {
        $num = rand() % 33;
        $tmp = substr($chars, $num, 1);
        $pass = $pass . $tmp;
        $i++;
    }

	$to = $name." <".$email.">";
	$headers = "From: Rob's Easy Budget Tool <budget@edgerob.net>\r\n";
	$subject = "Password Reset Request";
	$body = "Hello, here is your new password for Rob's Easy Budget Tool. Use this to login to your account.\n\n";
	$body .= $pass."\n\n";
	$body .= "http://edgerob.net/budget";
    mail ($to, $subject, $body, $headers);

    $q = "update users set password='".md5($pass)."' where email='$email'";
	$result = mysql_query($q) or die(mysql_error());

	echo "0";
	return;
}

$logged_in = checkLogin();
if ($logged_in)
	$user = $_SESSION['username'];

if ($action == "changepw")
{
	$pass = $_GET['pass'];

    $q = "update users set password='$pass' where email='$user'";
	$result = mysql_query($q) or die(mysql_error());

	echo "0";
	return;
}

$cat = $_GET['cat'];

if ($action == "updatetotal")
{
	$total = $_GET['total'];
	$rel = $_GET['rel'];

	$q = "update totals set total='$total' where user='$user'";
	$result = mysql_query($q) or die(mysql_error());

	return;
}

if ($action == "filltotal")
{
	filltotal();
	return;
}

if ($action == "addtrans")
{
	$type = $_GET['type'];
	$amount = $_GET['amount'];
	$date = $_GET['date'];
	$description = $_GET['description'];

	if ($type == "debit") $q = "update categories set balance=balance-$amount where id=$cat";
	else $q = "update categories set balance=balance+$amount where id=$cat";
	$result = mysql_query($q) or die(mysql_error());

	if ($type == "debit") $q = "update totals set total=total-$amount where user='$user'";
	else $q = "update totals set total=total+$amount where user='$user'";
	$result = mysql_query($q) or die(mysql_error());

	$q = "insert into transactions (user, cat, type, amount, date, description) values ('$user', $cat, '$type', '$amount', '$date', '$description')";
	$result = mysql_query($q) or die(mysql_error());

	fillcat($cat);
	return;
}

if ($action == "addcat")
{
	$name = $_GET['name'];

	$q = "select name from categories where user='$user' and name='$name'";
	$result = mysql_query($q) or die(mysql_error());

	if (!mysql_num_rows($result))
	{
		$q = "insert into categories (user, name, balance) values ('$user', '$name', 0)";
		$result = mysql_query($q) or die(mysql_error());
	}

	fillcats($user);
	return;
}

if ($action == "deltrans")
{
	$cat = $_GET['cat'];
	$id = $_GET['id'];
	
	$q = "select user from categories where id='$cat'";
	$result = mysql_query($q) or die(mysql_error());
	$temp = mysql_fetch_array($result);
	if ($user != $temp['user'])
		return;	

	$q = "select amount, type, cat from transactions where id='$id'";
	$result = mysql_query($q) or die(mysql_error());
	$temp=mysql_fetch_array($result);
	$type = $temp['type'];
	$amount = $temp['amount'];
	$cat = $temp['cat'];

	if ($type == "debit") $q = "update categories set balance=balance+$amount where id='$cat'";
	else $q = "update categories set balance=balance-$amount where id='$cat'";
	$result = mysql_query($q) or die(mysql_error());

	if ($type == "debit") $q = "update totals set total=total+$amount where user='$user'";
	else $q = "update totals set total=total-$amount where user='$user'";
	$result = mysql_query($q) or die(mysql_error());

	$q = "delete from transactions where id='$id'";
	$result = mysql_query($q) or die(mysql_error());

	fillcat($cat);
	return;
}

if ($action == "delcat")
{
	$id = $_GET['id'];
	
	$q = "select user from categories where id='$id'";
	$result = mysql_query($q) or die(mysql_error());
	$temp = mysql_fetch_array($result);
	if ($user != $temp['user'])
		return;

	$q = "delete from transactions where cat='$id'";
	$result = mysql_query($q) or die(mysql_error());

	$q = "delete from categories where id='$id'";
	$result = mysql_query($q) or die(mysql_error());

	fillcats($user);
	return;
}

if ($action == "post")
{
	if (!$logged_in)
	{
		echo "1";
		die();
	}

	$name = $_GET['name'];
	$subject = $_GET['subject'];
	$message = nl2br($_GET['message']);
	$date = time();

	$q = "insert into posts (user, name, subject, message, date) values ('$user', '$name', '$subject', '$message', '$date')";
	$result = mysql_query($q) or die(mysql_error());

	fillforum("latest");
	return;
}

if ($action == "delpost")
{
	$id = $_GET['id'];
	$q = "select user from posts where id='$id'";
	$result = mysql_query($q) or die(mysql_error());
	$temp = mysql_fetch_array($result);
	
	if ($user != $temp['user'])
		return;
	
	$q = "delete from posts where id='$id'";
	$result = mysql_query($q) or die(mysql_error());

	fillforum("latest");
	return;
}	

if ($action == "fillforum")
{
	fillforum($_GET['page']);
	return;
}

function filltotal()
{
	global $user;
	$q = "select total from totals where user='$user'";
	$result = mysql_query($q) or die(mysql_error());
	$temp = mysql_fetch_array($result);
	$total = $temp['total'];

	?>
	<div class="row"><div class="totalleft" style="border-top:none; background-color:#FFB03B;">Total Money <span style="font-size:9px">(click to change)</span>:</div><div class="totalright" style="border-top:none"><div id="totalcontainer"><div id="total" onclick="totalClick(<? echo $total ?>)">$<? echo $total ?></div></div></div></div>
	<?
	$q = "select name, balance from categories where user='$user'";
	$result = mysql_query($q) or die(mysql_error());

	while ($cat = mysql_fetch_array($result))
	{
		echo '<div class="row"><div class="totalleft">'.$cat['name'].'</div><div class="totalright">$'.$cat['balance'].'</div></div>';
		$total = $total - $cat['balance'];
	}
	?>
	<div class="row" on><div class="totalleft" style="background-color:#FFB03B;">Leftover Money:</div><div class="totalright" style="font-weight:bold; color:<? if ($total < 0) echo "pink"; else echo "white"; ?>; " >$<? echo $total ?></div></div>
	<?
	return;
}

function fillcat($c)
{
	$q = "select * from transactions where cat='$c' order by date asc";
	$result = mysql_query($q) or die(mysql_error());
	$q = "select balance from categories where id='$c'";
	$result2 = mysql_query($q) or die(mysql_error());
	$temp = mysql_fetch_array($result2);
	$bal = $temp['balance'];

	if (mysql_num_rows($result) == 0)
	{
		echo '<div class="row" style="font-size:10px">No transactions. Add a new transaction below.</div>';
		return;
	}

	while ($t = mysql_fetch_array($result))
	{
		$a = explode ('-', $t['date']);
		$date = date("M d, Y", mktime(0,0,0,$a[1],$a[2],$a[0]));

		echo '<div class="row"><div class="num">';
		if ($t['type'] == 'debit') echo '$'.$t['amount'];
		else echo '&nbsp;';
		echo '</div><div class="num">';
		if ($t['type'] == 'credit') echo '$'.$t['amount'];
		else echo '&nbsp;';
		echo '</div><div class="date">'.$date.'</div><div class="desc">&nbsp;'.$t['description'].'</div>';
		echo '<div class="lastcol">&nbsp;<img src="x.gif" onclick="delTrans('.$c.', '.$t['id'].', event)" style="cursor:pointer" /></div></div>';
	}

	echo '<div class="catfoot"><div style="float:right "> Balance: <span style="font-weight:bold; color:';
	if ($bal < 0) echo 'pink';
	else echo '#fff';
	echo '">$'.$bal.'</span></div></div>';

	return;
}

function fillcats($u)
{
	$q = "select * from categories where user='$u' order by name asc";
	$result = mysql_query($q) or die(mysql_error());

	if (mysql_num_rows($result) == 0)
	{
		echo '<span style="font-size:10px">You currently have no categories. Please add a new category below.</span>';
		return;
	}

	while ($cat = mysql_fetch_array($result)) { ?>

	<div class="box">

	<div class="cattitle" ><div class="cattitleleft" onclick="showHide('<? echo $cat['id'] ?>')"><img id="<? echo $cat['id'] ?>_rd"src="r.gif" /> <? echo $cat['name'] ?></div>
	<div class="cattitleright"><img src="x.gif" onclick="delCat(<? echo $cat['id'] ?>, event)" style="cursor:pointer" /></div></div>
	<div id="<? echo $cat['id'] ?>_content" style="display:none">
	<div class="cathead"><div class="num">Debit (-)</div><div class="num">Credit (+)</div><div class="date">Date</div><div class="desc">Description</div><div class="lastcol">&nbsp;</div></div>

	<div id="<? echo $cat['id'] ?>_body" style="height:145px; overflow:scroll;">
	<? fillcat ($cat['id']) ?>
	</div>
	<div class="catbody">
	<p>Add new transaction:</p>
	<form name="addtrans_<? echo $cat['id'] ?>">
	<p>Type: <select id="type"><option value="debit">Debit (-)</option><option value="credit">Credit (+)</option></select>
	Amount: $<input id="amount" type="text" size=5 /> Date (yyyy-mm-dd): <input id="date" name="date_<? echo $cat['id'] ?>" type="text" size="10" /> <img src="calendar.jpg" onclick="displayDatePicker('date_<? echo $cat['id'] ?>', false, 'ymd', '-');" style="cursor:pointer"></p>
	<p>Description: <input id="description" type="text" size=30 /> <input type="button" name="sub" onclick="addTrans('<? echo $cat['id'] ?>')" value="Add" /></p>
	</form>
    </div>

	</div>
	</div>
	<?
	}
}

function fillforum($page)
{
	global $user;
    $q = "select id from posts";
    $result2 = mysql_query($q) or die(mysql_error());
    $pages = (int)(mysql_num_rows($result2) / 10) + 1;
	if (mysql_num_rows($result2) % 10 == 0)
		$pages = $pages - 1;
	
	if ($page == "latest")
		$page = $pages;
		
	$q = "select * from posts order by id asc limit ".(($page-1)*10).", 10";
	$result = mysql_query($q) or die(mysql_error());

    $pagebox = '<div class="box" style="text-align:right; background:none; padding-top:2px; padding-bottom:2px;">Page:';

    for ($i = 1; $i <= $pages; $i++)
    {
        if ($i != $page)
            $pagebox .= ' <span class="link" onclick="showPage('.$i.')">'.$i.'</span>';
        else
            $pagebox .= ' '.$i;
    }
    $pagebox .= '&nbsp;</div>';
	
	echo $pagebox;

	while ($post = mysql_fetch_array($result))
	{
		$date = date("M d, Y H:i", $post['date']);

		?>
		<div class="box">

		<div class="cattitle"><div class="cattitleleft" style="cursor:default"><strong><? echo $post['subject']; ?></strong><br><span style="font-style:italic">Posted by </span><span style="text-decoration:underline"><? echo $post['name'] ?></span><span style="font-style:italic"> on </span><? echo $date ?></div><div class="cattitleright"><span style="font-size:10px">
        <? if ($user == $post['user']) echo '<span class="link" onclick="deletePost('.$post['id'].', event)">Delete</span>'; ?>
        </span></div></div>
		<div class="catbody"><? echo $post['message'] ?></div>

		</div>
	<? }
    
	echo $pagebox;

	return;
}


function checkLogin()
{
	if (isset($_SESSION['username']))
		return true;
	else
		return false;
}

function doLogin($username, $password)
{
	global $conn;
	$q = "select name, email from users where email='$username' and password='$password'";
	$result = mysql_query($q) or die(mysql_error());
	if (mysql_num_rows($result) == 0)
		return 1;
	$user = mysql_fetch_array($result);
	$_SESSION['username'] = $user['email'];
	$_SESSION['name'] = $user['name'];
}


?>