$formEntry = new FormEntry($database, intval($_POST['form_entry']['id']));
} catch (Exception $e) {
redirect_to(array('location' => 'form_entry.php' . (isset($form_entry['id']) ? "?id=" . intval($form_entry['id']) : ""), 'status' => 'This form entry does not exist.', 'class' => 'error'));
}
// check to ensure that the user is authed to modify this form entry.
if (intval($_POST['form_entry']['id']) == 0) {
$formEntry->machine = array('id' => intval($_POST['form_entry']['machine_id']), 'name' => '');
$formEntry->user = array('id' => intval($_POST['form_entry']['user_id']), 'name' => '');
}
if (!$formEntry->allow($user, $_REQUEST['action'])) {
redirect_to(array('location' => 'form_entry.php' . (isset($form_entry['id']) ? "?id=" . intval($form_entry['id']) : ""), 'status' => 'You do not have permissions to do this.', 'class' => 'error'));
}
$createFormEntry = $formEntry->create_or_update($_POST['form_entry']);
// clear autosave entries for this user.
$targetForm = new Form($database, intval($_POST['form_entry']['form_id']));
$targetForm->clearAutosaveEntries($user);
redirect_to($createFormEntry);
}
} elseif ($_REQUEST['action'] == 'approve' || $_REQUEST['action'] == 'unapprove') {
if ($_REQUEST['action'] == 'approve') {
$approvalVal = 1;
} else {
$approvalVal = 0;
}
$formEntry = new FormEntry($database, intval($_REQUEST['id']));
if (!$formEntry->user['id'] || $user->id != $formEntry->user['id'] && !$user->isPhysicist() && !$user->isAdmin()) {
redirect_to(array('location' => 'form_entry.php?action=edit&id=' . intval($formEntry->id), 'status' => "You don't have permissions to update that entry.", 'class' => 'error'));
}
if ($formEntry->setApproval($user, $approvalVal)) {
redirect_to(array('location' => 'form_entry.php?action=index&form_id=' . intval($formEntry->form['id']), 'status' => "Successfully " . $_REQUEST['action'] . "d entry.", 'class' => 'success'));
} else {
