exit(0); } // Check if a risk ID was sent if (isset($_GET['id']) || isset($_POST['id'])) { if (isset($_GET['id'])) { $id = htmlentities($_GET['id']); } else { if (isset($_POST['id'])) { $id = htmlentities($_POST['id']); } } // Get the details of the risk $risk = get_risk_by_id($id); $subject = htmlentities($risk[0]['subject']); $calculated_risk = $risk[0]['calculated_risk']; $risk_level = get_risk_level_name($calculated_risk); // If the risk level is high and they have permission if ($risk_level == "High" && $_SESSION['review_high'] == 1) { // Review is approved $approved = true; } else { if ($risk_level == "Medium" && $_SESSION['review_medium'] == 1) { // Review is approved $approved = true; } else { if ($risk_level == "Low" && $_SESSION['review_low'] == 1) { // Review is approved $approved = true; } } }
<li><a href="/management/mgmt_review.php?id=<?php echo $id; ?> ">Perform a Review</a></li> <li><a href="/management/comment.php?id=<?php echo $id; ?> ">Add a Comment</a></li> </ul> </div> <h4>Risk ID: <?php echo $id; ?> </h4> <h4>Calculated Risk: <?php echo $calculated_risk . " (" . get_risk_level_name($calculated_risk) . ")"; ?> </h4> <h4>Status: <?php echo $status; ?> </h4> </div> </div> <div class="row-fluid"> <form name="submit_risk" method="post" action=""> <div class="span4"> <div class="well"> <h4>Details</h4> <?php // If the user has selected to edit the risk