Example #1
0
     if ($acc !== NULL && $acc->canUpload()) {
         $message = urlencode("The uploader you want to add is already an uploader.");
         header("Location: error.php?error={$message}");
         exit;
     }
     Database::createAccount($id, $_POST['course'], Uploader::getName());
     header("Location: admin.php?course={$courseInfo['id']}");
     exit;
 } else {
     if (isset($_POST['remove']) && isset($_POST['removed']) && isset($_POST['token'])) {
         if (!Session::verifyToken($_POST['token'])) {
             $message = urlencode("The token provided does not match.");
             header("Location: error.php?error={$message}");
             exit;
         }
         $courseInfo = Database::getCourseByID($_POST['remove']);
         //if the course with the id provided is not in the database then redirect and exit
         if (!isset($courseInfo['id'])) {
             $message = urlencode("The course provided is not valid.");
             header("Location: error.php?error={$message}");
             exit;
         }
         $myAcc = Database::getAccount(Database::getUserId(Session::user()), $courseInfo['id']);
         //if the current user does not have an account with promote/demote permissions then redirect and exit
         if ($myAcc === NULL || !$myAcc->canPromote()) {
             $message = urlencode("You do not have permission to remove uploaders for this course.");
             header("Location: error.php?error={$message}");
             exit;
         }
         $acc = Database::getAccount($_POST['removed'], $_POST['remove']);
         //if the user provided in removed does not have an account that can upload then redirect and exit