$_SESSION['select_groupusers'] = "hide";
}
$origin = isset($_GET['origin']) ? Security::remove_XSS($_GET['origin']) : null;
/* Action handling */
// display the form
if (!empty($_GET['action']) && $_GET['action'] == 'add' && $_GET['origin'] == "" || !empty($_GET['action']) && $_GET['action'] == 'edit' || !empty($_POST['To'])) {
if (api_get_session_id() != 0 && api_is_allowed_to_session_edit(false, true) == false) {
api_not_allowed(true);
}
$display_form = true;
}
// clear all resources
if (empty($originalresource) || $originalresource !== 'no' and !empty($action) && $action == 'add') {
$_SESSION['formelements'] = null;
}
$htmlHeadXtra[] = AnnouncementManager::to_javascript();
/* Filter user/group */
if (!empty($_GET['toolgroup'])) {
if ($_GET['toolgroup'] == strval(intval($_GET['toolgroup']))) {
//check is integer
$toolgroup = intval($_GET['toolgroup']);
$_SESSION['select_groupusers'] = 'hide';
} else {
$toolgroup = 0;
}
Session::write("toolgroup", $toolgroup);
}
/* Sessions */
$ctok = $_SESSION['sec_token'];
$stok = Security::get_token();
$to = null;
