Beispiel #1
0
         display_agenda_items();
     } else {
         show_add_form();
     }
     break;
 case "edit":
     if (!(api_is_course_coach() && !api_is_element_in_the_session(TOOL_AGENDA, intval($_REQUEST['id'])))) {
         // a coach can only delete an element belonging to his session
         if ($_POST['submit_event']) {
             $my_id_attach = (int) $_REQUEST['id_attach'];
             $my_file_comment = Database::escape_string($_REQUEST['file_comment']);
             store_edited_agenda_item($my_id_attach, $my_file_comment);
             display_agenda_items();
         } else {
             $id = (int) $_GET['id'];
             show_add_form($id);
         }
     } else {
         display_agenda_items();
     }
     break;
 case "delete":
     $id = (int) $_GET['id'];
     if (!(api_is_course_coach() && !api_is_element_in_the_session(TOOL_AGENDA, $id))) {
         // a coach can only delete an element belonging to his session
         if (api_is_allowed_to_edit() && !api_is_anonymous()) {
             if (!empty($id)) {
                 $res_del = delete_agenda_item($id);
                 if ($res_del) {
                     Display::display_normal_message(get_lang("AgendaDeleteSuccess"));
                 }
							} else {
								if ( isset($_GET['advmode']) ) {
									if ( isset($_GET['add']) ) {
										if ( isset($_GET['t']) ) {
											show_new_form();
										} else if ( isset($_GET['r']) ) {
											show_receipt_form();
										} else if ( isset($_GET['thr']) ) {
											show_therapy_form();
										} else {
											show_add_form();
										}
									} else {
										if ( isset($_GET['edit']) ) {
											if ( isset($_GET['cd']) && isset($_GET['order']) && isset($_GET['type']) ) {
												show_add_form( $_GET['cd'], $_GET['type'], $_GET['order'], $interface->getInfo( 'desease', $interface->card[0] ));
												exit;
											} else {
												die;
											}
										} else {
											print ( $interface->mode != 3 ) ? "true" : "false";
										}
									}
									exit;
								} else {
									initP( $interface->mode, $interface->getInfo( 'desease', $interface->card[0] ), $interface->getInfo( 'cdates', $interface->card[0] ) );
									exit;
								}
							}
						} else {
Beispiel #3
0
function do_add_test()
{
    // Check XSRF token
    if ($_SESSION['xsrf_token'] != $_POST['xsrf_token']) {
        trigger_error('Do_Add: XSRF token invalid', E_USER_ERROR);
    }
    // Validate the entered information:
    //
    // Check name length
    $name = mysqli_real_escape_string(DB::get(), htmlentities($_POST['name']));
    if (strlen($_POST['name']) > 20) {
        show_add_form('Name is too long');
        return;
    }
    if ($name == '') {
        show_add_form('Name can\'t be blank');
        return;
    }
    // Check date
    $date = strtotime($_POST['date']);
    if ($date == false) {
        show_add_form('Huh? I can\'t understand that date');
        return;
    }
    // Check total points
    $total_points = (int) $_POST['total_points'];
    if ($total_points <= 0) {
        show_add_form('Too few points');
        return;
    }
    // ** INFORMATION VALIDATED AT THIS POINT **
    $query = 'INSERT INTO tests (name, date, total_points) VALUES("' . $name . '", "' . date('Y-m-d', $date) . '", "' . $total_points . '")';
    DB::queryRaw($query);
    $_SESSION['TEST_added'] = 'The test "' . $name . '" has been added';
    redirect();
}
Beispiel #4
0
             break;
         } else {
             Display::display_confirmation_message(get_lang('AddSuccess'));
             echo $agenda_result;
         }
     } else {
         display_ical_import_form();
     }
     break;
 case 'edit':
     // a coach can only delete an element belonging to his session
     if ($_POST['submit_event']) {
         store_edited_agenda_item($event_id, $_REQUEST['id_attach'], $_REQUEST['file_comment']);
         $action = 'view';
     } else {
         show_add_form($event_id, $event_type);
     }
     break;
 case "delete":
     if (!(api_is_course_coach() && !api_is_element_in_the_session(TOOL_AGENDA, $event_id))) {
         // a coach can only delete an element belonging to his session
         delete_agenda_item($event_id);
         $action = 'view';
     }
     break;
 case "showhide":
     if (!(api_is_course_coach() && !api_is_element_in_the_session(TOOL_AGENDA, $event_id))) {
         // a coach can only delete an element belonging to his session
         showhide_agenda_item($event_id);
         $action = 'view';
     }