qemudb/admin/addAppNote.php

<?php
/************************/
/* Add Application Note */
/************************/

include("path.php");
require(BASE."include/incl.php");
require(BASE."include/application.php");
require(BASE."include/mail.php");

//check for admin privs
if(!$_SESSION['current']->isLoggedIn() || (!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer($_REQUEST['appId'],$_REQUEST['versionId'])) )
{
    errorpage("Insufficient Privileges!");
    exit;
}

//set link for version
if(is_numeric($_REQUEST['versionId']) and !empty($_REQUEST['versionId']))
{
    $versionLink = "&versionId={$_REQUEST['versionId']}";
}
else 
    exit;

if(!is_numeric($_REQUEST['appId']))
{
    errorpage('Wrong ID');
    exit;
}  

if($_REQUEST['sub'] == "Submit")
{

    $aInsert = compile_insert_string(array( 'noteTitle' =>$_REQUEST['noteTitle'],
                                            'NoteDesc' => $_REQUEST['noteDesc'],
                                            'appId' => $_REQUEST['appId'],
                                            'versionId' => $_REQUEST['versionId'] ));

    if (query_appdb("INSERT INTO `appNotes` ({$aInsert['FIELDS']}) VALUES ({$aInsert['VALUES']})"))
    {
        // successful
        $sEmail = get_notify_email_address_list($_REQUEST['appId'], $_REQUEST['versionId']);
        if($sEmail)
        {
            $sFullAppName  = "Application: ".lookupAppName($_REQUEST['appId']);
            $sFullAppName .= " Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
            $sMsg  = APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']."\r\n";
            $sMsg .= "\r\n";
            $sMsg .= $_SESSION['current']->sRealname." added note to ".$sFullAppName."\r\n";
            $sMsg .= "\r\n";
            $sMsg .= "title: ".$_REQUEST['noteTitle']."\r\n";
            $sMsg .= "\r\n";
            $sMsg .= $_REQUEST['noteDesc']."\r\n";

            mail_appdb($sEmail, $sFullAppName ,$sMsg);
        }
        $statusMessage = "<p>Note added into the database</p>\n";
        addmsg($statusMessage,Green);
    }
    redirect(apidb_fullurl("appview.php?appId=".$_REQUEST['appId'].$versionLink));
    exit;
}
else if($_REQUEST['sub'] == 'Preview' OR empty($_REQUEST['submit']))
{
    apidb_header("Add Application Note");

    echo "<form method=post action='addAppNote.php'>\n";
    echo html_frame_start("Add Application Note {$_REQUEST['appId']}", "90%","",0);
    echo html_table_begin("width='100%' border=0 align=left cellpadding=6 cellspacing=0 class='box-body'");

    echo "<input type=hidden name='appId' value='{$_REQUEST['appId']}'>";
    echo "<input type=hidden name='versionId' value='{$_REQUEST['versionId']}'>";
    echo '<tr><td colspan=2 class=color4>';
    echo '<center><b>You can use html to make your Warning, Howto or Note look better.</b></center>';
    echo '</td></tr>',"\n";

    echo add_br($_REQUEST['noteDesc']);

    if ($_REQUEST['noteTitle'] == "HOWTO" || $_REQUEST['noteTitle'] == "WARNING")
    {
        echo "<input type=hidden name='noteTitle' value='{$_REQUEST['noteTitle']}'>";
        echo "<tr><td class=color1>Type</td><td class=color0>{$_REQUEST['noteTitle']}</td></tr>\n";
    }
    else
    {
        echo "<tr><td class=color1>Title</td><td class=color0><input size='80%' type='text' name='noteTitle' type='text' value='{$_REQUEST['noteTitle']}'></td></tr>\n";
    }
    echo '<tr><td class=color4>Description</td><td class=color0>', "\n";
    echo '<textarea cols=50 rows=10 name="noteDesc">'.stripslashes($_REQUEST['noteDesc']).'</textarea></td></tr>',"\n";

    echo '<tr><td colspan=2 align=center class=color3>',"\n";
    echo '<input type="submit" name=sub value="Preview">&nbsp',"\n";
    echo '<input type="submit" name=sub value="Submit"></td></tr>',"\n";
    echo html_table_end();
    echo html_frame_end();
    
    echo html_back_link(1,BASE."appview.php?appId={$_REQUEST['appId']}$versionLink");
    apidb_footer();
}

?>
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`<?php`
			`/************************/`
			`/* Add Application Note */`
			`/************************/`
Initial revision 2004-03-15 16:22:00 +00:00
			`include("path.php");`
- use mail_appdb() instead of mail() for better error handling and to avoid code duplication - use \r\n as line separator in mail (RFC compliant) 2005-01-30 00:57:34 +00:00			`require(BASE."include/incl.php");`
			`require(BASE."include/application.php");`
			`require(BASE."include/mail.php");`
Initial revision 2004-03-15 16:22:00 +00:00
			`//check for admin privs`
- OO version of user class - no more duplicated functions - improved performances (much less duplicated mysql queries) - less code and better error handling 2005-01-30 23:12:48 +00:00			`if(!$_SESSION['current']->isLoggedIn() \|\| (!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer($_REQUEST['appId'],$_REQUEST['versionId'])) )`
Initial revision 2004-03-15 16:22:00 +00:00			`{`
			`errorpage("Insufficient Privileges!");`
			`exit;`
			`}`

- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`//set link for version`
Use super globals. Better input checking. 2004-12-29 03:47:48 +00:00			`if(is_numeric($_REQUEST['versionId']) and !empty($_REQUEST['versionId']))`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`{`
Use super globals. Better input checking. 2004-12-29 03:47:48 +00:00			`$versionLink = "&versionId={$_REQUEST['versionId']}";`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`}`
Use super globals. Better input checking. 2004-12-29 03:47:48 +00:00			`else`
			`exit;`

			`if(!is_numeric($_REQUEST['appId']))`
			`{`
			`errorpage('Wrong ID');`
			`exit;`
			`}`
Initial revision 2004-03-15 16:22:00 +00:00
Use super globals. Better input checking. 2004-12-29 03:47:48 +00:00			`if($_REQUEST['sub'] == "Submit")`
Initial revision 2004-03-15 16:22:00 +00:00			`{`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00
Tighten up security on add notes 2005-01-14 05:29:45 +00:00			`$aInsert = compile_insert_string(array( 'noteTitle' =>$_REQUEST['noteTitle'],`
			`'NoteDesc' => $_REQUEST['noteDesc'],`
			`'appId' => $_REQUEST['appId'],`
			`'versionId' => $_REQUEST['versionId'] ));`

			if (query_appdb("INSERT INTO `appNotes` ({$aInsert['FIELDS']}) VALUES ({$aInsert['VALUES']})"))
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`{`
Use super globals. Better input checking. 2004-12-29 03:47:48 +00:00			`// successful`
- OO version of user class - no more duplicated functions - improved performances (much less duplicated mysql queries) - less code and better error handling 2005-01-30 23:12:48 +00:00			`$sEmail = get_notify_email_address_list($_REQUEST['appId'], $_REQUEST['versionId']);`
- use mail_appdb() instead of mail() for better error handling and to avoid code duplication - use \r\n as line separator in mail (RFC compliant) 2005-01-30 00:57:34 +00:00			`if($sEmail)`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`{`
- use mail_appdb() instead of mail() for better error handling and to avoid code duplication - use \r\n as line separator in mail (RFC compliant) 2005-01-30 00:57:34 +00:00			`$sFullAppName = "Application: ".lookupAppName($_REQUEST['appId']);`
			`$sFullAppName .= " Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);`
			`$sMsg = APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']."\r\n";`
			`$sMsg .= "\r\n";`
- fix notifications - improves notifications 2005-02-02 00:14:01 +00:00			`$sMsg .= $_SESSION['current']->sRealname." added note to ".$sFullAppName."\r\n";`
- use mail_appdb() instead of mail() for better error handling and to avoid code duplication - use \r\n as line separator in mail (RFC compliant) 2005-01-30 00:57:34 +00:00			`$sMsg .= "\r\n";`
			`$sMsg .= "title: ".$_REQUEST['noteTitle']."\r\n";`
			`$sMsg .= "\r\n";`
			`$sMsg .= $_REQUEST['noteDesc']."\r\n";`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00
- use mail_appdb() instead of mail() for better error handling and to avoid code duplication - use \r\n as line separator in mail (RFC compliant) 2005-01-30 00:57:34 +00:00			`mail_appdb($sEmail, $sFullAppName ,$sMsg);`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`}`
			`$statusMessage = "<p>Note added into the database</p>\n";`
			`addmsg($statusMessage,Green);`
			`}`
Use super globals. Better input checking. 2004-12-29 03:47:48 +00:00			`redirect(apidb_fullurl("appview.php?appId=".$_REQUEST['appId'].$versionLink));`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`exit;`
Initial revision 2004-03-15 16:22:00 +00:00			`}`
Use super globals. Better input checking. 2004-12-29 03:47:48 +00:00			`else if($_REQUEST['sub'] == 'Preview' OR empty($_REQUEST['submit']))`
Initial revision 2004-03-15 16:22:00 +00:00			`{`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`apidb_header("Add Application Note");`
Initial revision 2004-03-15 16:22:00 +00:00
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`echo "<form method=post action='addAppNote.php'>\n";`
Use super globals. Better input checking. 2004-12-29 03:47:48 +00:00			`echo html_frame_start("Add Application Note {$_REQUEST['appId']}", "90%","",0);`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`echo html_table_begin("width='100%' border=0 align=left cellpadding=6 cellspacing=0 class='box-body'");`
Initial revision 2004-03-15 16:22:00 +00:00
Use super globals. Better input checking. 2004-12-29 03:47:48 +00:00			`echo "<input type=hidden name='appId' value='{$_REQUEST['appId']}'>";`
			`echo "<input type=hidden name='versionId' value='{$_REQUEST['versionId']}'>";`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`echo '<tr><td colspan=2 class=color4>';`
			`echo '<center><b>You can use html to make your Warning, Howto or Note look better.</b></center>';`
			`echo '</td></tr>',"\n";`
Initial revision 2004-03-15 16:22:00 +00:00
Use super globals. Better input checking. 2004-12-29 03:47:48 +00:00			`echo add_br($_REQUEST['noteDesc']);`
Initial revision 2004-03-15 16:22:00 +00:00
Use super globals. Better input checking. 2004-12-29 03:47:48 +00:00			`if ($_REQUEST['noteTitle'] == "HOWTO" \|\| $_REQUEST['noteTitle'] == "WARNING")`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`{`
Use super globals. Better input checking. 2004-12-29 03:47:48 +00:00			`echo "<input type=hidden name='noteTitle' value='{$_REQUEST['noteTitle']}'>";`
			`echo "<tr><td class=color1>Type</td><td class=color0>{$_REQUEST['noteTitle']}</td></tr>\n";`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`}`
			`else`
			`{`
Use super globals. Better input checking. 2004-12-29 03:47:48 +00:00			`echo "<tr><td class=color1>Title</td><td class=color0><input size='80%' type='text' name='noteTitle' type='text' value='{$_REQUEST['noteTitle']}'></td></tr>\n";`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`}`
			`echo '<tr><td class=color4>Description</td><td class=color0>', "\n";`
Clean up HTML and PHP, remove extranious checks for loggedin() 2004-12-29 20:21:31 +00:00			`echo '<textarea cols=50 rows=10 name="noteDesc">'.stripslashes($_REQUEST['noteDesc']).'</textarea></td></tr>',"\n";`
Initial revision 2004-03-15 16:22:00 +00:00
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`echo '<tr><td colspan=2 align=center class=color3>',"\n";`
Use super globals. Better input checking. 2004-12-29 03:47:48 +00:00			`echo '<input type="submit" name=sub value="Preview">&nbsp',"\n";`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`echo '<input type="submit" name=sub value="Submit"></td></tr>',"\n";`
			`echo html_table_end();`
			`echo html_frame_end();`
Initial revision 2004-03-15 16:22:00 +00:00
Use super globals. Better input checking. 2004-12-29 03:47:48 +00:00			`echo html_back_link(1,BASE."appview.php?appId={$_REQUEST['appId']}$versionLink");`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`apidb_footer();`
Initial revision 2004-03-15 16:22:00 +00:00			`}`

			`?>`