$_SESSION['msg']['title'] = 'Could not Reserve Book!'; $_SESSION['msg']['msg'] = $result; $_SESSION['msg']['backlink'] = $_SERVER['PHP_SELF'] . "?ID=" . $bid; header("Location: reservations_book.php?ID=".$bid); exit(); } else { header("Location: reservations_book.php?ID=".$bid); exit(); } } /** END: Reserve Book */ /** Cancel reservation */ if(isset($_REQUEST['do']) && ($_REQUEST['do'] == "cancel")){ $re = new Reservations; $rs = $re->GetReservationByRID($_REQUEST['rid']); if (mysql_num_rows($rs)==0){ // Invalid rid $_SESSION['BackLink'] = $_SERVER['PHP_SELF'] . "?ID=" . $_REQUEST['bid']; trigger_error("System error: invalid RID", E_USER_ERROR); exit(); } $row = mysql_fetch_assoc($rs); if( ($_SESSION['CurrentUser']['login_type'] == "ADMIN") || ($_SESSION['CurrentUser']['login_type']=="LIBSTAFF") || ($_SESSION['CurrentUser']['mid']==$row['mid']) ){ // Is this operation allowed $result = $re->CancelReservation($_REQUEST['rid']); header("Location: reservations_book.php?ID=" . $row['bid']); exit(); } else { $_SESSION['BackLink'] = $_SERVER['PHP_SELF'] . "?ID=" . $row['bid']; trigger_error("You are not allowed to perform this operation.", E_USER_ERROR);