} $myAcc = Database::getAccount(Database::getUserId(Session::user()), $courseInfo['id']); //if the current user does not have an account with promote/demote permissions then redirect and exit if ($myAcc === NULL || !$myAcc->canPromote()) { $message = urlencode("You do not have permission to remove uploaders for this course."); header("Location: error.php?error={$message}"); exit; } $acc = Database::getAccount($_POST['removed'], $_POST['remove']); //if the user provided in removed does not have an account that can upload then redirect and exit if ($acc === NULL || !$acc->canUpload()) { $message = urlencode("The uploader you want to remove is not an uploader."); header("Location: error.php?error={$message}"); exit; } Database::removeAccount($_POST['removed'], $_POST['remove']); header("Location: admin.php?course={$courseInfo['id']}"); exit; } else { if (isset($_POST['note']) && isset($_POST['token'])) { if (!Session::verifyToken($_POST['token'])) { $message = urlencode("The token provided does not match."); header("Location: error.php?error={$message}"); exit; } //attempts to remove the note with the id provided in $_GET['note'] $note = Database::getNotesByID($_POST['note']); if (!isset($note['id'])) { $message = urlencode("The file you want to remove does not exist."); header("Location: error.php?error={$message}"); exit;