}
// Start of the ad code
$self = $context->addSession($_SERVER['PHP_SELF']);
if (strpos($self, '?') > 0) {
$selfp = $self . '&';
} else {
$selfp = $self . '?';
}
$action = $_REQUEST['action'];
$message = false;
$title = false;
$description = false;
$idvalue = false;
// print_r($_REQUEST);
// AuthZ WHERE clause terms
$authzsql = "course_key=" . "'" . mysql_real_escape_string($context->getCourseKey()) . "'";
if (!$context->isInstructor()) {
$authzsql = $authzsql . "AND user_key=" . "'" . mysql_real_escape_string($context->getUserKey()) . "'";
}
if ($action == 'delete') {
$idvalue = $_REQUEST['id'];
if ($idvalue) {
$sql = 'DELETE FROM ads WHERE id=' . "'" . mysql_real_escape_string($idvalue) . "' AND " . $authzsql;
$result = mysql_query($sql);
$retval = mysql_affected_rows();
if ($retval != 1) {
$message = "Error, unable to delete ad.";
$action = 'main';
} else {
$message = "Deleted record id=" . $idvalue;
$action = 'main';
