*/ require_once "./database.php"; require_once "./config.php"; require_once "./session.php"; if (!Session::userLoggedIn()) { header("Location: login.php"); exit; } //get the id provided as a get parameter if (!isset($_GET['id'])) { $message = urlencode("You are missing the file id."); header("Location: error.php?error={$message}"); exit; } //if the id provided is not an actual id of a note in the database, error out $note = Database::getNotesByID($_GET['id']); if (!isset($note['id'])) { $message = urlencode("The file with the id provided does not exist."); header("Location: error.php?error={$message}"); exit; } //if the note with the id provided is not an actual file, error out $path = Database::getUploadPath($note['id'], $note['filetype']); if (!file_exists($path)) { //Log the error so that the server knows a file is missing for a valid note Database::logError("File '{$path}' could not be found\n", false); $message = urlencode("The file could not be found."); header("Location: error.php?error={$message}"); exit; } //tell browser to expect the mime type of whatever type the file is
$message = urlencode("The uploader you want to remove is not an uploader."); header("Location: error.php?error={$message}"); exit; } Database::removeAccount($_POST['removed'], $_POST['remove']); header("Location: admin.php?course={$courseInfo['id']}"); exit; } else { if (isset($_POST['note']) && isset($_POST['token'])) { if (!Session::verifyToken($_POST['token'])) { $message = urlencode("The token provided does not match."); header("Location: error.php?error={$message}"); exit; } //attempts to remove the note with the id provided in $_GET['note'] $note = Database::getNotesByID($_POST['note']); if (!isset($note['id'])) { $message = urlencode("The file you want to remove does not exist."); header("Location: error.php?error={$message}"); exit; } $myAcc = Database::getAccount(Database::getUserId(Session::user()), $note['courseID']); //if the current user does not have an account with file delete permissions then redirect and exit if ($myAcc === NULL || !$myAcc->canDelete()) { $message = urlencode("You do not have permission to remove files for this course."); header("Location: error.php?error={$message}"); exit; } if (!Database::removeNoteFile($note['id'])) { $message = urlencode("The file could not be deleted."); header("Location: error.php?error={$message}");