claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Use super globals

Browse Source 
- Use include/db.php (including the new query compile function)
- Better input checking
- Cleanup
- Use the new variable naming
This commit is contained in:
Paul van Schayck
2004-12-29 18:49:19 +00:00
committed by WineHQ
parent c600083423
commit 9fac8bc853
1 changed files with 90 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

158
admin/editAppNote.php
View File

@@ -7,152 +7,130 @@ include("path.php");
include(BASE."include/"."incl.php"); include(BASE."include/"."incl.php");
require(BASE."include/"."application.php"); require(BASE."include/"."application.php");
//check for admin privs if(!is_numeric($_REQUEST['noteId']))
if(!loggedin() || (!havepriv("admin") && !$_SESSION['current']->is_maintainer($appId,$versionId)) ) {
errorpage('Wrong note ID');
exit;
}
/* Get note data */
$sQuery = "SELECT * from appNotes where noteId = {$_REQUEST['noteId']}";
$hResult = query_appdb($sQuery);
$ob = mysql_fetch_object($hResult);
/* Check for privs */
if(!loggedin() || (!havepriv("admin") && !$_SESSION['current']->is_maintainer($ob->appId,$ob->versionId)) )
{ {
errorpage("Insufficient Privileges!"); errorpage("Insufficient Privileges!");
exit; exit;
} }
//set link for version if(isset($_REQUEST['sub']))
if ($versionId != 0)
{ {
$versionLink = "&versionId=$versionId"; $sOldNoteTitle = $ob->noteTitle;
} $sOldNoteDesc = $ob->noteDesc;
if($sub) $sFullAppName = "Application: ".lookupAppName($ob->appId)." Version: ".lookupVersionName($ob->appId, $ob->versionId);
{
$query = "SELECT * from appNotes where noteId = $noteId;";
$result = mysql_query($query);
if(!$result)
{
$ob = mysql_fetch_object($result);
$oldNoteTitle = $ob->noteTitle; /* Start of e-mail */
$oldNoteDesc = $ob->noteDesc; $ms = APPDB_ROOT."appview.php?appId={$ob->appId}&versionId={$ob->versionId}"."\n";
}
if ($sub == 'Delete')
{
//delete Note
$query = "DELETE from appNotes where noteId = $noteId;";
$result = mysql_query($query);
if(!$result)
{
//error
addmsg("Internal Error: unable to delete selected note!", "red");
}
else
{
$email = getNotifyEmailAddressList($appId, $versionId);
if($email)
{
$fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId);
$ms = APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n";
$ms .= "\n"; $ms .= "\n";
$ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." deleted note from ".$fullAppName."\n";
$sEmail = getNotifyEmailAddressList($ob->appId, $ob->versionId);
if ($_REQUEST['sub'] == 'Delete')
{
// delete Note
query_appdb("DELETE from `appNotes` where noteId = {$_REQUEST['noteId']}");
if($sEmail)
{
$ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." deleted note from ".$sFullAppName."\n";
$ms .= "\n"; $ms .= "\n";
$ms .= "title: ".$oldNoteTitle."\n"; $ms .= "title: ".$sOldNoteTitle."\n";
$ms .= "\n"; $ms .= "\n";
$ms .= $oldNoteDesc."\n"; $ms .= $sOldNoteDesc."\n";
$ms .= "\n"; $ms .= "\n";
$ms .= STANDARD_NOTIFY_FOOTER; $ms .= STANDARD_NOTIFY_FOOTER;
mail(stripslashes($email), "[AppDB] ".$fullAppName ,$ms); mail(stripslashes($sEmail), "[AppDB] ".$sFullAppName ,$ms);
} else } else
{ {
$email = "no one"; $sEmail = "no one";
} }
addmsg("mesage sent to: ".$email, green);
//success addmsg("mesage sent to: ".$sEmail, 'green');
// success
addmsg("Note Deleted.", "green"); addmsg("Note Deleted.", "green");
} }
} else if ($_REQUEST['sub'] == 'Update')
if ($sub == 'Update')
{ {
//Update Note $sUpdate = compile_update_string(array( 'noteTitle' => $_REQUEST['noteTitle'],
$NewNoteTitle = addslashes($noteTitle); 'noteDesc' => $_REQUEST['noteDesc']));
$NewNoteDesc = addslashes($noteDesc);
if (!mysql_query("UPDATE appNotes SET noteTitle = '".$NewNoteTitle."', ". query_appdb("UPDATE appNotes SET $sUpdate WHERE noteId = {$_REQUEST['noteId']}");
"noteDesc = '".$NewNoteDesc."'".
" WHERE noteId = $noteId")) if($sEmail)
{ {
$statusMessage = "<p><b>Database Error!<br>".mysql_error()."</b></p>\n"; $ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." changed note for ".$sFullAppName."\n";
addmsg($statusMessage, "red");
}
else
{
$email = getNotifyEmailAddressList($appId, $versionId);
if($email)
{
$fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId);
$ms = APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n";
$ms .= "\n";
$ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." changed note for ".$fullAppName."\n";
$ms .= "\n";
$ms .= "From --------------------------\n"; $ms .= "From --------------------------\n";
$ms .= "title: ".$oldNoteTitle."\n"; $ms .= "title: ".$sOldNoteTitle."\n";
$ms .= "\n"; $ms .= "\n";
$ms .= $oldNoteDesc."\n"; $ms .= $sOldNoteDesc."\n";
$ms .= "To --------------------------\n"; $ms .= "To --------------------------\n";
$ms .= "title: ".$noteTitle."\n"; $ms .= "title: ".$_REQUEST['noteTitle']."\n";
$ms .= "\n"; $ms .= "\n";
$ms .= $noteDesc."\n"; $ms .= $_REQUEST['noteDesc']."\n";
$ms .= "\n"; $ms .= "\n";
$ms .= STANDARD_NOTIFY_FOOTER; $ms .= STANDARD_NOTIFY_FOOTER;
mail(stripslashes($email), "[AppDB] ".$fullAppName ,$ms); mail(stripslashes($sEmail), "[AppDB] ".$sFullAppName ,$ms);
} else } else
{ {
$email = "no one"; $sEmail = "no one";
} }
addmsg("mesage sent to: ".$email, green); addmsg("mesage sent to: ".$sEmail, green);
addmsg("Note Updated", "green"); addmsg("Note Updated", "green");
} }
}
redirect(apidb_fullurl("appview.php?appId=".$appId.$versionLink));
redirect(apidb_fullurl("appview.php?appId={$ob->appId}&versionId={$ob->versionId}"));
} }
else else
{ {
if (!$preview) if (!isset($_REQUEST['preview']))
{ {
$table = "appNotes"; $_REQUEST['noteTitle'] = $ob->noteTitle;
$query = "SELECT * FROM $table WHERE noteId = $noteId"; $_REQUEST['noteDesc'] = $ob->noteDesc;
$result = mysql_query($query); $_REQUEST['appId'] = $ob->appId;
$ob = mysql_fetch_object($result); $_REQUEST['versionId'] = $ob->versionId;
$noteTitle = $ob->noteTitle;
$noteDesc = $ob->noteDesc;
$appId = $ob->appId;
$versionId = $ob->versionId;
} }
// show form // show form
apidb_header("Edit Application Note"); apidb_header("Edit Application Note");
echo "<form method=post action='editAppNote.php'>\n"; echo "<form method=post action='editAppNote.php'>\n";
echo html_frame_start("Edit Application Note $ob->noteId", "90%","",0); echo html_frame_start("Edit Application Note {$_REQUEST['noteId']}", "90%","",0);
echo html_table_begin("width='100%' border=0 align=left cellpadding=6 cellspacing=0 class='box-body'"); echo html_table_begin("width='100%' border=0 align=left cellpadding=6 cellspacing=0 class='box-body'");
echo '<tr><td colspan=2 class=color4>'; echo '<tr><td colspan=2 class=color4>';
echo '<center><b>You can use html to make your Warning, Howto or Note look better.</b></center>'; echo '<center><b>You can use html to make your Warning, Howto or Note look better.</b></center>';
echo '</td></tr>',"\n"; echo '</td></tr>',"\n";
echo add_br($noteDesc); echo add_br($_REQUEST['noteDesc']);
echo '<input type=hidden name="noteId" value='.$noteId.'>';
echo '<input type=hidden name="appId" value='.$appId.'>'; echo '<input type=hidden name="noteId" value='.$_REQUEST['noteId'].'>';
echo '<input type=hidden name="versionId" value='.$versionId.'>';
if ($noteTitle == "HOWTO" || $noteTitle == "WARNING") if ($_REQUEST['noteTitle'] == "HOWTO" || $_REQUEST['noteTitle'] == "WARNING")
{ {
echo '<tr><td class=color1>Title (Do not change)</td>'; echo '<tr><td class=color1>Title (Do not change)</td>';
echo '<td class=color0><input size=80% type="text" name="noteTitle" type="text" value="'.$noteTitle.'"></td></tr>',"\n"; echo '<td class=color0><input size=80% type="text" name="noteTitle" type="text" value="'.$_REQUEST['noteTitle'].'"></td></tr>',"\n";
} }
else else
{ {
echo '<tr><td class=color1>Title</td><td class=color0><input size=80% type="text" name="noteTitle" type="text" value="'.$noteTitle.'"></td></tr>',"\n"; echo '<tr><td class=color1>Title</td><td class=color0><input size=80% type="text" name="noteTitle" type="text" value="'.$_REQUEST['noteTitle'].'"></td></tr>',"\n";
} }
echo '<tr><td class=color4>Description</td><td class=color0>', "\n"; echo '<tr><td class=color4>Description</td><td class=color0>', "\n";
echo '<textarea cols=$50 rows=10 name="noteDesc">'.stripslashes($noteDesc).'</textarea></td></tr>',"\n"; echo '<textarea cols=$50 rows=10 name="noteDesc">'.stripslashes($_REQUEST['noteDesc']).'</textarea></td></tr>',"\n";
echo '<tr><td colspan=2 align=center class=color3>',"\n"; echo '<tr><td colspan=2 align=center class=color3>',"\n";
echo '<input type="submit" name=preview value="Preview">&nbsp',"\n"; echo '<input type="submit" name=preview value="Preview">&nbsp',"\n";
echo '<input type="submit" name=sub value="Update">&nbsp',"\n"; echo '<input type="submit" name=sub value="Update">&nbsp',"\n";
@@ -161,7 +139,7 @@ else
echo html_table_end(); echo html_table_end();
echo html_frame_end(); echo html_frame_end();
echo html_back_link(1,BASE."appview.php?appId=$appId".$versionLink); echo html_back_link();
} }