$formEntry = new FormEntry($database, intval($_POST['form_entry']['id'])); } catch (Exception $e) { redirect_to(array('location' => 'form_entry.php' . (isset($form_entry['id']) ? "?id=" . intval($form_entry['id']) : ""), 'status' => 'This form entry does not exist.', 'class' => 'error')); } // check to ensure that the user is authed to modify this form entry. if (intval($_POST['form_entry']['id']) == 0) { $formEntry->machine = array('id' => intval($_POST['form_entry']['machine_id']), 'name' => ''); $formEntry->user = array('id' => intval($_POST['form_entry']['user_id']), 'name' => ''); } if (!$formEntry->allow($user, $_REQUEST['action'])) { redirect_to(array('location' => 'form_entry.php' . (isset($form_entry['id']) ? "?id=" . intval($form_entry['id']) : ""), 'status' => 'You do not have permissions to do this.', 'class' => 'error')); } $createFormEntry = $formEntry->create_or_update($_POST['form_entry']); // clear autosave entries for this user. $targetForm = new Form($database, intval($_POST['form_entry']['form_id'])); $targetForm->clearAutosaveEntries($user); redirect_to($createFormEntry); } } elseif ($_REQUEST['action'] == 'approve' || $_REQUEST['action'] == 'unapprove') { if ($_REQUEST['action'] == 'approve') { $approvalVal = 1; } else { $approvalVal = 0; } $formEntry = new FormEntry($database, intval($_REQUEST['id'])); if (!$formEntry->user['id'] || $user->id != $formEntry->user['id'] && !$user->isPhysicist() && !$user->isAdmin()) { redirect_to(array('location' => 'form_entry.php?action=edit&id=' . intval($formEntry->id), 'status' => "You don't have permissions to update that entry.", 'class' => 'error')); } if ($formEntry->setApproval($user, $approvalVal)) { redirect_to(array('location' => 'form_entry.php?action=index&form_id=' . intval($formEntry->form['id']), 'status' => "Successfully " . $_REQUEST['action'] . "d entry.", 'class' => 'success')); } else {