echo $token;
?>
">
<input id='removedValue' type='hidden' name='note'>
</form>
<div class="darken_div"></div>
<div class="main-logo">
<a href="index.php">
<img src="images/logo.png" height="90px" width=auto></a>
</div>
<article class="main-content">
<header>
<?php
$user = Database::getUserId(Session::user());
$account = Database::getAccount($user, $searchId);
//if the current user can upload notes, add a link to allow them to upload a file
if ($account !== NULL && $account->canUpload()) {
?>
<div id="uploadFrame" class="upload">
<a id="uploadLink" href="#">Upload Notes</a>
</div>
<?php
}
?>
<p>
<?php
echo $retrievedCourse['name'] . " - " . $retrievedCourse['semester'];
?>
</p>
<p>
header("Location: login.php");
exit;
}
$token = Session::token();
if (isset($_GET['course'])) {
//show the admin page for instructors
//if the user does not have permission to see the admin page for the course then redirect them to the home page
$course = $_GET['course'];
$retrievedCourse = Database::getCoursebyID($course);
if (!isset($retrievedCourse['id'])) {
$message = urlencode("The course provided is not valid.");
header("Location: error.php?error={$message}");
exit;
}
$user = Database::getUserId(Session::user());
$account = Database::getAccount($user, $course);
if ($account === NULL || $account->canPromote() !== TRUE) {
$message = urlencode("You do not have permission to add uploaders for this course.");
header("Location: error.php?error={$message}");
exit;
}
$token = Session::token();
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Arizona Notes</title>
<link rel="stylesheet" type="text/css" href="css/main.css">
<link rel="stylesheet" type="text/css" href="css/fonts.css">
exit;
} else {
if (isset($_POST['note']) && isset($_POST['token'])) {
if (!Session::verifyToken($_POST['token'])) {
$message = urlencode("The token provided does not match.");
header("Location: error.php?error={$message}");
exit;
}
//attempts to remove the note with the id provided in $_GET['note']
$note = Database::getNotesByID($_POST['note']);
if (!isset($note['id'])) {
$message = urlencode("The file you want to remove does not exist.");
header("Location: error.php?error={$message}");
exit;
}
$myAcc = Database::getAccount(Database::getUserId(Session::user()), $note['courseID']);
//if the current user does not have an account with file delete permissions then redirect and exit
if ($myAcc === NULL || !$myAcc->canDelete()) {
$message = urlencode("You do not have permission to remove files for this course.");
header("Location: error.php?error={$message}");
exit;
}
if (!Database::removeNoteFile($note['id'])) {
$message = urlencode("The file could not be deleted.");
header("Location: error.php?error={$message}");
exit;
}
Database::removeNoteWithID($note['id']);
header("Location: admin.php?course={$note['courseID']}");
exit;
} else {
