is_maintainer($_REQUEST['appId'],$_REQUEST['versionId'])) )
{
errorpage("Insufficient Privileges!");
exit;
}
//set link for version
if(is_numeric($_REQUEST['versionId']) and !empty($_REQUEST['versionId']))
{
$versionLink = "&versionId={$_REQUEST['versionId']}";
}
else
exit;
if(!is_numeric($_REQUEST['appId']))
{
errorpage('Wrong ID');
exit;
}
if($_REQUEST['sub'] == "Submit")
{
$query = "INSERT into appNotes VALUES (null, '".
addslashes($_REQUEST['noteTitle'])."', '".
addslashes($_REQUEST['noteDesc'])."', ".
"{$_REQUEST['appId']}, {$_REQUEST['versionId']})";
if (query_appdb($query))
{
// successful
$email = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']);
if($email)
{
$fullAppName = "Application: ".lookupAppName($_REQUEST['appId']);
$fullAppName .= " Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
$ms = APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']."\n";
$ms .= "\n";
$ms .= ($_SESSION['current']->realname ? $_SESSION['current']->realname : "Anonymous")." added note to ".$fullAppName."\n";
$ms .= "\n";
$ms .= "title: ".$_REQUEST['noteTitle']."\n";
$ms .= "\n";
$ms .= $_REQUEST['noteDesc']."\n";
$ms .= "\n";
$ms .= STANDARD_NOTIFY_FOOTER;
mail(stripslashes($email), "[AppDB] ".$fullAppName ,$ms);
} else
{
$email = "no one";
}
addmsg("mesage sent to: ".$email, green);
$statusMessage = "Note added into the database
\n";
addmsg($statusMessage,Green);
}
else
{
// error
addmsg($query,red);
$statusMessage = "Database Error!
".mysql_error()."
\n";
addmsg($statusMessage,red);
}
redirect(apidb_fullurl("appview.php?appId=".$_REQUEST['appId'].$versionLink));
exit;
}
else if($_REQUEST['sub'] == 'Preview' OR empty($_REQUEST['submit']))
{
apidb_header("Add Application Note");
echo "