<?php
// Load the Expense Functions
require_once 'include.php';
// Load the Translations for this Module
if (!xml2php('expense')) {
$smarty->assign('error_msg', "Error in language file");
}
$expenseID = $VAR['expenseID'];
// Load PHP Language Translations
$langvals = gateway_xml2php('expense');
// Make sure we got an Expense ID number
if (!isset($expenseID) || $expenseID == "") {
$smarty->assign('results', 'Please go back and select an expense record');
die;
}
// Delete the expense function call
if (!delete_expense($db, $expenseID)) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1&type=database');
exit;
} else {
force_page('expense', 'search&page_title=' . $langvals['expense_search_title']);
exit;
}
if (array_key_exists(4, $permissions) || $details['ownerid'] == $user->data['user_id']) {
if ($_POST['confirm'] == 1) {
//delete_expense($expid);
//echo "expense deleted";
$token_err = false;
if ($_POST['token'] != $_SESSION['token']) {
$token_err = true;
}
$token_age = time() - $_SESSION['token_time'];
// force to resubmit after 5 minutes
if ($token_age > 300) {
$token_err = true;
}
if ($token_err) {
$msg = "x5";
} elseif (delete_expense($expid)) {
//$resultString = "Expense succesfully added";
$msg = "x3";
} else {
//$resultString = "Error: Could not add expense";
$msg = "x4";
}
$redirect = "http://" . $_SERVER['HTTP_HOST'] . DIR . "expenses.php?groupid={$groupid}&msg={$msg}";
header("Location: {$redirect}");
} else {
$delete = true;
$show = true;
}
} else {
fatal_error("No permission to delete this expense");
}
