}
$myAcc = Database::getAccount(Database::getUserId(Session::user()), $courseInfo['id']);
//if the current user does not have an account with promote/demote permissions then redirect and exit
if ($myAcc === NULL || !$myAcc->canPromote()) {
$message = urlencode("You do not have permission to remove uploaders for this course.");
header("Location: error.php?error={$message}");
exit;
}
$acc = Database::getAccount($_POST['removed'], $_POST['remove']);
//if the user provided in removed does not have an account that can upload then redirect and exit
if ($acc === NULL || !$acc->canUpload()) {
$message = urlencode("The uploader you want to remove is not an uploader.");
header("Location: error.php?error={$message}");
exit;
}
Database::removeAccount($_POST['removed'], $_POST['remove']);
header("Location: admin.php?course={$courseInfo['id']}");
exit;
} else {
if (isset($_POST['note']) && isset($_POST['token'])) {
if (!Session::verifyToken($_POST['token'])) {
$message = urlencode("The token provided does not match.");
header("Location: error.php?error={$message}");
exit;
}
//attempts to remove the note with the id provided in $_GET['note']
$note = Database::getNotesByID($_POST['note']);
if (!isset($note['id'])) {
$message = urlencode("The file you want to remove does not exist.");
header("Location: error.php?error={$message}");
exit;
