<?php
require_once 'scripts/database.php';
$db = new Database();
$db->connectToDB();
if ($_POST) {
$username = $_POST['username'];
$password = $_POST['password'];
$useremail = $_POST['useremail'];
$db->createAccount($username, $password, $useremail);
}
if ($myAcc === NULL || !$myAcc->canPromote()) {
$message = urlencode("You do not have permission to add uploaders for this course.");
header("Location: error.php?error={$message}");
exit;
}
$id = Database::getUserId($_POST['user']);
if ($id === -1) {
$id = Database::createUser($_POST['user']);
}
$acc = Database::getAccount($id, $_POST['course']);
if ($acc !== NULL && $acc->canUpload()) {
$message = urlencode("The uploader you want to add is already an uploader.");
header("Location: error.php?error={$message}");
exit;
}
Database::createAccount($id, $_POST['course'], Uploader::getName());
header("Location: admin.php?course={$courseInfo['id']}");
exit;
} else {
if (isset($_POST['remove']) && isset($_POST['removed']) && isset($_POST['token'])) {
if (!Session::verifyToken($_POST['token'])) {
$message = urlencode("The token provided does not match.");
header("Location: error.php?error={$message}");
exit;
}
$courseInfo = Database::getCourseByID($_POST['remove']);
//if the course with the id provided is not in the database then redirect and exit
if (!isset($courseInfo['id'])) {
$message = urlencode("The course provided is not valid.");
header("Location: error.php?error={$message}");
exit;
