$_SESSION['msg']['title'] = 'Could not Reserve Book!';
$_SESSION['msg']['msg'] = $result;
$_SESSION['msg']['backlink'] = $_SERVER['PHP_SELF'] . "?ID=" . $bid;
header("Location: reservations_book.php?ID=".$bid);
exit();
} else {
header("Location: reservations_book.php?ID=".$bid);
exit();
}
}
/** END: Reserve Book */
/** Cancel reservation */
if(isset($_REQUEST['do']) && ($_REQUEST['do'] == "cancel")){
$re = new Reservations;
$rs = $re->GetReservationByRID($_REQUEST['rid']);
if (mysql_num_rows($rs)==0){ // Invalid rid
$_SESSION['BackLink'] = $_SERVER['PHP_SELF'] . "?ID=" . $_REQUEST['bid'];
trigger_error("System error: invalid RID", E_USER_ERROR);
exit();
}
$row = mysql_fetch_assoc($rs);
if( ($_SESSION['CurrentUser']['login_type'] == "ADMIN") || ($_SESSION['CurrentUser']['login_type']=="LIBSTAFF") || ($_SESSION['CurrentUser']['mid']==$row['mid']) ){ // Is this operation allowed
$result = $re->CancelReservation($_REQUEST['rid']);
header("Location: reservations_book.php?ID=" . $row['bid']);
exit();
} else {
$_SESSION['BackLink'] = $_SERVER['PHP_SELF'] . "?ID=" . $row['bid'];
trigger_error("You are not allowed to perform this operation.", E_USER_ERROR);
