qemudb/admin/editAppVersion.php

<?php
require("path.php");
require(BASE."include/incl.php");
require_once(BASE."include/tableve.php");
require_once(BASE."include/application.php");
require_once(BASE."include/version.php");

$aClean = array(); //array of filtered user input

$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']);
$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);

if(!is_numeric($aClean['iAppId']) OR !is_numeric($aClean['iVersionId']))
    util_show_error_page_and_exit("Wrong ID");

/* Check for admin privs */
if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer($aClean['iVersionId']) && !$_SESSION['current']->isSuperMaintainer($aClean['iAppId']))
    util_show_error_page_and_exit("Insufficient Privileges!");

/* process the changes the user entered into the web form */
if(!empty($aClean['sSubmit']))
{
    process_app_version_changes(true);
    util_redirect_and_exit(apidb_fullurl("appview.php?iVersionId=".$aClean['iVersionId']));
} else /* or display the webform for making changes */
{

    $oVersion = new Version($aClean['iVersionId']);

    apidb_header("Edit Application Version");

    echo "<form method=post action='editAppVersion.php'>\n";

    if($_SESSION['current']->hasPriv("admin"))
        $oVersion->OutputEditor(true, true); /* false = not allowing the user to modify the parent application */
    else
        $oVersion->OutputEditor(false, true); /* false = not allowing the user to modify the parent application */
        
    echo '<table border=0 cellpadding=2 cellspacing=0 width="100%">',"\n";
    echo '<tr><td colspan=2 align=center class=color2><input type="submit" name="sSubmit" value="Update Database" /></td></tr>',"\n";
    echo html_table_end();

    echo "</form>";

    echo "<br/><br/>\n";

    // url edit form
    echo '<form enctype="multipart/form-data" action="editAppVersion.php" method="post">',"\n";
    echo '<input type=hidden name="iAppId" value='.$oVersion->iAppId.'>';
    echo '<input type=hidden name="iVersionId" value='.$oVersion->iVersionId.'>';
    echo html_frame_start("Edit URL","90%","",0);
    echo '<table border=0 cellpadding=6 cellspacing=0 width="100%">',"\n";
            
    $i = 0;
    $hResult = query_parameters("SELECT * FROM appData WHERE versionId = '?' AND type = 'url'",
                            $oVersion->iVersionId);
    if($hResult && mysql_num_rows($hResult) > 0)
    {
        echo '<tr><td class=color1><b>Delete</b></td><td class=color1>',"\n";
        echo '<b>Description</b></td><td class=color1><b>URL</b></td></tr>',"\n";
        while($oRow = mysql_fetch_object($hResult))
        {
            $temp0 = "adelete[".$i."]";
            $temp1 = "adescription[".$i."]";
            $temp2 = "aURL[".$i."]";
            $temp3 = "aId[".$i."]";
            $temp4 = "aOldDesc[".$i."]";
            $temp5 = "aOldURL[".$i."]";
            echo '<tr><td class=color3><input type="checkbox" name="'.$temp0.'"></td>',"\n";
            echo '<td class=color3><input size="45" type="text" name="'.$temp1.'" value ="'.stripslashes($oRow->description).'"</td>',"\n";
            echo '<td class=color3><input size="45" type="text" name="'.$temp2.'" value="'.$oRow->url.'"></td></tr>',"\n";
            echo '<input type="hidden" name="'.$temp3.'" value="'.$oRow->id.'" />';
            echo '<input type="hidden" name="'.$temp4.'" value="'.stripslashes($oRow->description).'" />';
            echo '<input type="hidden" name="'.$temp5.'" value="'.$oRow->url.'" />',"\n";
            $i++;
        }
    } else
    {
        echo '<tr><td class="color1"></td><td class="color1"><b>Description</b></td>',"\n";
        echo '<td class=color1><b>URL</b></td></tr>',"\n";
    }
    echo "</td></tr>\n";
    echo "<input type=hidden name='iRows' value='$i'>";
    echo '<tr><td class=color1>New</td><td class=color1><input size="45" type="text" name="sUrlDesc"></td>',"\n";
    echo '<td class=color1><input size=45% name="sUrl" type="text"></td></tr>',"\n";
     
    echo '<tr><td colspan=3 align=center class="color3"><input type="submit" name="sSubmit" value="Update URL"></td></tr>',"\n";
         
    echo '</table>',"\n";
    echo html_frame_end();
    echo "</form>";

    /* only admins can move versions */
    if($_SESSION['current']->hasPriv("admin"))
    {
        // move version form
        echo '<form enctype="multipart/form-data" action="moveAppVersion.php" method="post">',"\n";
        echo '<input type=hidden name="iAppId" value='.$oVersion->iAppId.'>';
        echo '<input type=hidden name="iVersionId" value='.$oVersion->iVersionId.'>';
        echo html_frame_start("Move version to another application","90%","",0);
        echo '<center><input type="submit" name="sView" value="Move this version"></center>',"\n";
        echo html_frame_end();
    }

    echo html_back_link(1,BASE."appview.php?iVersionId=".$oVersion->iVersionId);
    apidb_footer();
}
?>
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`<?php`
Clean up includes. Make 'path.php' and 'incl.php' required includes. Switch to using require_once() for including files in /include so we can have include/*.php files include their own dependencies rather than figuring out that to include A.php we need to include B.php 2006-07-07 18:14:53 +00:00			`require("path.php");`
- use mail_appdb() instead of mail() for better error handling and to avoid code duplication - use \r\n as line separator in mail (RFC compliant) 2005-01-30 00:57:34 +00:00			`require(BASE."include/incl.php");`
Clean up includes. Make 'path.php' and 'incl.php' required includes. Switch to using require_once() for including files in /include so we can have include/*.php files include their own dependencies rather than figuring out that to include A.php we need to include B.php 2006-07-07 18:14:53 +00:00			`require_once(BASE."include/tableve.php");`
			`require_once(BASE."include/application.php");`
			`require_once(BASE."include/version.php");`
Allow Maintainers to edit Application version. Send out email indicating what they changed. 2004-11-17 23:02:07 +00:00
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`$aClean = array(); //array of filtered user input`

Prefix all GPC variables according to our coding standard 2006-07-06 17:27:54 +00:00			`$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']);`
			`$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);`
			`$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00
Prefix all GPC variables according to our coding standard 2006-07-06 17:27:54 +00:00			`if(!is_numeric($aClean['iAppId']) OR !is_numeric($aClean['iVersionId']))`
Rename util_show_error_page() to util_show_error_page_and_exit() and redirect() to util_redirect_and_exit() so it is explicit that we exit in those functions that so we know it isn't necessary to put an exit after we call them 2006-07-06 18:44:56 +00:00			`util_show_error_page_and_exit("Wrong ID");`
Initial revision 2004-03-15 16:22:00 +00:00
- OO version of user class - no more duplicated functions - improved performances (much less duplicated mysql queries) - less code and better error handling 2005-01-30 23:12:48 +00:00			`/* Check for admin privs */`
Prefix all GPC variables according to our coding standard 2006-07-06 17:27:54 +00:00			`if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer($aClean['iVersionId']) && !$_SESSION['current']->isSuperMaintainer($aClean['iAppId']))`
Rename util_show_error_page() to util_show_error_page_and_exit() and redirect() to util_redirect_and_exit() so it is explicit that we exit in those functions that so we know it isn't necessary to put an exit after we call them 2006-07-06 18:44:56 +00:00			`util_show_error_page_and_exit("Insufficient Privileges!");`
Initial revision 2004-03-15 16:22:00 +00:00
Factor ~80 lines of code that were present in both editAppFamily.php and editAppVersion.php into a new function in util.php. 2005-06-05 18:41:47 +00:00			`/* process the changes the user entered into the web form */`
Prefix all GPC variables according to our coding standard 2006-07-06 17:27:54 +00:00			`if(!empty($aClean['sSubmit']))`
Allow Maintainers to edit Application version. Send out email indicating what they changed. 2004-11-17 23:02:07 +00:00			`{`
Factor ~80 lines of code that were present in both editAppFamily.php and editAppVersion.php into a new function in util.php. 2005-06-05 18:41:47 +00:00			`process_app_version_changes(true);`
Rename util_show_error_page() to util_show_error_page_and_exit() and redirect() to util_redirect_and_exit() so it is explicit that we exit in those functions that so we know it isn't necessary to put an exit after we call them 2006-07-06 18:44:56 +00:00			`util_redirect_and_exit(apidb_fullurl("appview.php?iVersionId=".$aClean['iVersionId']));`
Factor ~80 lines of code that were present in both editAppFamily.php and editAppVersion.php into a new function in util.php. 2005-06-05 18:41:47 +00:00			`} else /* or display the webform for making changes */`
Initial revision 2004-03-15 16:22:00 +00:00			`{`
Switch from using htmlarea to using xinha. Clean up the use of the editor plugin 2005-09-30 02:48:33 +00:00
Prefix all GPC variables according to our coding standard 2006-07-06 17:27:54 +00:00			`$oVersion = new Version($aClean['iVersionId']);`
Initial revision 2004-03-15 16:22:00 +00:00
Allow Maintainers to edit Application version. Send out email indicating what they changed. 2004-11-17 23:02:07 +00:00			`apidb_header("Edit Application Version");`
Initial revision 2004-03-15 16:22:00 +00:00
Allow Maintainers to edit Application version. Send out email indicating what they changed. 2004-11-17 23:02:07 +00:00			`echo "<form method=post action='editAppVersion.php'>\n";`
Factor application/version editing code out of files and move it into the application and version classes. Add support to HtmlAreaLoaderScript() to be called multiple times on a single page without generating javascript that overwrites the previous html area settings. 2005-10-10 02:37:55 +00:00
Move hidden fields used by application and version class into their OutputEditor() member functions. Fix broken old style calls to application and version update() functions that were passing parameters in. Fix broken application::CheckOutputEditorInput() 2005-10-16 04:24:37 +00:00			`if($_SESSION['current']->hasPriv("admin"))`
			`$oVersion->OutputEditor(true, true); /* false = not allowing the user to modify the parent application */`
			`else`
			`$oVersion->OutputEditor(false, true); /* false = not allowing the user to modify the parent application */`

			`echo '<table border=0 cellpadding=2 cellspacing=0 width="100%">',"\n";`
Prefix all GPC variables according to our coding standard 2006-07-06 17:27:54 +00:00			`echo '<tr><td colspan=2 align=center class=color2><input type="submit" name="sSubmit" value="Update Database" /></td></tr>',"\n";`
Allow Maintainers to edit Application version. Send out email indicating what they changed. 2004-11-17 23:02:07 +00:00			`echo html_table_end();`
Move hidden fields used by application and version class into their OutputEditor() member functions. Fix broken old style calls to application and version update() functions that were passing parameters in. Fix broken application::CheckOutputEditorInput() 2005-10-16 04:24:37 +00:00
- drop version specific keywords - drop version specific url - let user add links for versions (installation, support, whatever) - use application description and version description to display version description - don't provide a link in the cat_path to go in the same page we already are - various html improvement and fixes in modified lines 2005-02-02 00:35:49 +00:00			`echo "</form>";`
Allow Maintainers to edit Application version. Send out email indicating what they changed. 2004-11-17 23:02:07 +00:00
Move hidden fields used by application and version class into their OutputEditor() member functions. Fix broken old style calls to application and version update() functions that were passing parameters in. Fix broken application::CheckOutputEditorInput() 2005-10-16 04:24:37 +00:00			`echo "<br/><br/>\n";`

- drop version specific keywords - drop version specific url - let user add links for versions (installation, support, whatever) - use application description and version description to display version description - don't provide a link in the cat_path to go in the same page we already are - various html improvement and fixes in modified lines 2005-02-02 00:35:49 +00:00			`// url edit form`
			`echo '<form enctype="multipart/form-data" action="editAppVersion.php" method="post">',"\n";`
Prefix all GPC variables according to our coding standard 2006-07-06 17:27:54 +00:00			`echo '<input type=hidden name="iAppId" value='.$oVersion->iAppId.'>';`
			`echo '<input type=hidden name="iVersionId" value='.$oVersion->iVersionId.'>';`
- drop version specific keywords - drop version specific url - let user add links for versions (installation, support, whatever) - use application description and version description to display version description - don't provide a link in the cat_path to go in the same page we already are - various html improvement and fixes in modified lines 2005-02-02 00:35:49 +00:00			`echo html_frame_start("Edit URL","90%","",0);`
			`echo '<table border=0 cellpadding=6 cellspacing=0 width="100%">',"\n";`

			`$i = 0;`
Use query_parameters() in SQL select, update and delete statements to protect against sql injection attacks 2006-06-27 19:16:27 +00:00			`$hResult = query_parameters("SELECT * FROM appData WHERE versionId = '?' AND type = 'url'",`
			`$oVersion->iVersionId);`
Make code more consistent by making it follow the appdb coding standards. Fix some spaces vs. tabs odd indenting. 2006-06-21 01:04:12 +00:00			`if($hResult && mysql_num_rows($hResult) > 0)`
- drop version specific keywords - drop version specific url - let user add links for versions (installation, support, whatever) - use application description and version description to display version description - don't provide a link in the cat_path to go in the same page we already are - various html improvement and fixes in modified lines 2005-02-02 00:35:49 +00:00			`{`
			`echo '<tr><td class=color1><b>Delete</b></td><td class=color1>',"\n";`
			`echo '<b>Description</b></td><td class=color1><b>URL</b></td></tr>',"\n";`
Make code more consistent by making it follow the appdb coding standards. Fix some spaces vs. tabs odd indenting. 2006-06-21 01:04:12 +00:00			`while($oRow = mysql_fetch_object($hResult))`
- drop version specific keywords - drop version specific url - let user add links for versions (installation, support, whatever) - use application description and version description to display version description - don't provide a link in the cat_path to go in the same page we already are - various html improvement and fixes in modified lines 2005-02-02 00:35:49 +00:00			`{`
			`$temp0 = "adelete[".$i."]";`
			`$temp1 = "adescription[".$i."]";`
			`$temp2 = "aURL[".$i."]";`
			`$temp3 = "aId[".$i."]";`
			`$temp4 = "aOldDesc[".$i."]";`
			`$temp5 = "aOldURL[".$i."]";`
			`echo '<tr><td class=color3><input type="checkbox" name="'.$temp0.'"></td>',"\n";`
Make code more consistent by making it follow the appdb coding standards. Fix some spaces vs. tabs odd indenting. 2006-06-21 01:04:12 +00:00			`echo '<td class=color3><input size="45" type="text" name="'.$temp1.'" value ="'.stripslashes($oRow->description).'"</td>',"\n";`
			`echo '<td class=color3><input size="45" type="text" name="'.$temp2.'" value="'.$oRow->url.'"></td></tr>',"\n";`
			`echo '<input type="hidden" name="'.$temp3.'" value="'.$oRow->id.'" />';`
			`echo '<input type="hidden" name="'.$temp4.'" value="'.stripslashes($oRow->description).'" />';`
			`echo '<input type="hidden" name="'.$temp5.'" value="'.$oRow->url.'" />',"\n";`
- drop version specific keywords - drop version specific url - let user add links for versions (installation, support, whatever) - use application description and version description to display version description - don't provide a link in the cat_path to go in the same page we already are - various html improvement and fixes in modified lines 2005-02-02 00:35:49 +00:00			`$i++;`
			`}`
			`} else`
			`{`
- improve application and related classes - use application/version/vendor class in scripts - don't use a full table for queued appication but only one field in the application and version tables - simplify the code in many places 2005-02-07 23:21:33 +00:00			`echo '<tr><td class="color1"></td><td class="color1"><b>Description</b></td>',"\n";`
- drop version specific keywords - drop version specific url - let user add links for versions (installation, support, whatever) - use application description and version description to display version description - don't provide a link in the cat_path to go in the same page we already are - various html improvement and fixes in modified lines 2005-02-02 00:35:49 +00:00			`echo '<td class=color1><b>URL</b></td></tr>',"\n";`
			`}`
			`echo "</td></tr>\n";`
Prefix all GPC variables according to our coding standard 2006-07-06 17:27:54 +00:00			`echo "<input type=hidden name='iRows' value='$i'>";`
			`echo '<tr><td class=color1>New</td><td class=color1><input size="45" type="text" name="sUrlDesc"></td>',"\n";`
			`echo '<td class=color1><input size=45% name="sUrl" type="text"></td></tr>',"\n";`
- drop version specific keywords - drop version specific url - let user add links for versions (installation, support, whatever) - use application description and version description to display version description - don't provide a link in the cat_path to go in the same page we already are - various html improvement and fixes in modified lines 2005-02-02 00:35:49 +00:00
Prefix all GPC variables according to our coding standard 2006-07-06 17:27:54 +00:00			`echo '<tr><td colspan=3 align=center class="color3"><input type="submit" name="sSubmit" value="Update URL"></td></tr>',"\n";`
- drop version specific keywords - drop version specific url - let user add links for versions (installation, support, whatever) - use application description and version description to display version description - don't provide a link in the cat_path to go in the same page we already are - various html improvement and fixes in modified lines 2005-02-02 00:35:49 +00:00
			`echo '</table>',"\n";`
			`echo html_frame_end();`
			`echo "</form>";`
Add the ability for admins to move a version from one application to another. This is useful when there are duplicate applications and you want to move versions prior to removing the duplicate app. 2005-06-05 21:26:07 +00:00
			`/* only admins can move versions */`
			`if($_SESSION['current']->hasPriv("admin"))`
			`{`
			`// move version form`
			`echo '<form enctype="multipart/form-data" action="moveAppVersion.php" method="post">',"\n";`
Prefix all GPC variables according to our coding standard 2006-07-06 17:27:54 +00:00			`echo '<input type=hidden name="iAppId" value='.$oVersion->iAppId.'>';`
			`echo '<input type=hidden name="iVersionId" value='.$oVersion->iVersionId.'>';`
Add the ability for admins to move a version from one application to another. This is useful when there are duplicate applications and you want to move versions prior to removing the duplicate app. 2005-06-05 21:26:07 +00:00			`echo html_frame_start("Move version to another application","90%","",0);`
Prefix all GPC variables according to our coding standard 2006-07-06 17:27:54 +00:00			`echo '<center><input type="submit" name="sView" value="Move this version"></center>',"\n";`
Add the ability for admins to move a version from one application to another. This is useful when there are duplicate applications and you want to move versions prior to removing the duplicate app. 2005-06-05 21:26:07 +00:00			`echo html_frame_end();`
			`}`

Prefix all GPC variables according to our coding standard 2006-07-06 17:27:54 +00:00			`echo html_back_link(1,BASE."appview.php?iVersionId=".$oVersion->iVersionId);`
Allow Maintainers to edit Application version. Send out email indicating what they changed. 2004-11-17 23:02:07 +00:00			`apidb_footer();`
			`}`
Initial revision 2004-03-15 16:22:00 +00:00			`?>`