Example #1
0
 public static function setAdmin($username)
 {
     $id = Database::getUserId($username);
     $_SESSION['admin'] = false;
     if ($id !== -1) {
         $_SESSION['admin'] = Database::isAdmin($id);
     }
 }
Example #2
0
<?php

$title = "Inicio";
session_start();
if (!empty($_SESSION['id'])) {
    echo "<script>window.location='dashboard.php';</script>";
}
include_once "../clases/Database.php";
include_once "../clases/Query.php";
if ($_SERVER['REQUEST_METHOD'] == "POST") {
    $username = $_POST['username'];
    $password = $_POST['password'];
    $db = new Database();
    if ($db->isLogin($username, $password)) {
        $_SESSION['id'] = $db->getUserId($username, $password);
        header("Location:dashboard.php");
    } else {
        $errors = true;
    }
}
?>



<!DOCTYPE html>
<!-- 
Template Name: Metronic - Responsive Admin Dashboard Template build with Twitter Bootstrap 3.3.5
Version: 4.5.2
Author: KeenThemes
Website: http://www.keenthemes.com/
Contact: support@keenthemes.com
Example #3
0
if (!Session::userLoggedIn()) {
    header("Location: login.php");
    exit;
}
$token = Session::token();
if (isset($_GET['course'])) {
    //show the admin page for instructors
    //if the user does not have permission to see the admin page for the course then redirect them to the home page
    $course = $_GET['course'];
    $retrievedCourse = Database::getCoursebyID($course);
    if (!isset($retrievedCourse['id'])) {
        $message = urlencode("The course provided is not valid.");
        header("Location: error.php?error={$message}");
        exit;
    }
    $user = Database::getUserId(Session::user());
    $account = Database::getAccount($user, $course);
    if ($account === NULL || $account->canPromote() !== TRUE) {
        $message = urlencode("You do not have permission to add uploaders for this course.");
        header("Location: error.php?error={$message}");
        exit;
    }
    $token = Session::token();
    ?>
<!doctype html>
<html>
	<head>
    <meta charset="utf-8">
    <title>Arizona Notes</title>
	  
	<link rel="stylesheet" type="text/css" href="css/main.css">
Example #4
0
     exit;
 } else {
     if (isset($_POST['note']) && isset($_POST['token'])) {
         if (!Session::verifyToken($_POST['token'])) {
             $message = urlencode("The token provided does not match.");
             header("Location: error.php?error={$message}");
             exit;
         }
         //attempts to remove the note with the id provided in $_GET['note']
         $note = Database::getNotesByID($_POST['note']);
         if (!isset($note['id'])) {
             $message = urlencode("The file you want to remove does not exist.");
             header("Location: error.php?error={$message}");
             exit;
         }
         $myAcc = Database::getAccount(Database::getUserId(Session::user()), $note['courseID']);
         //if the current user does not have an account with file delete permissions then redirect and exit
         if ($myAcc === NULL || !$myAcc->canDelete()) {
             $message = urlencode("You do not have permission to remove files for this course.");
             header("Location: error.php?error={$message}");
             exit;
         }
         if (!Database::removeNoteFile($note['id'])) {
             $message = urlencode("The file could not be deleted.");
             header("Location: error.php?error={$message}");
             exit;
         }
         Database::removeNoteWithID($note['id']);
         header("Location: admin.php?course={$note['courseID']}");
         exit;
     } else {