public static function setAdmin($username) { $id = Database::getUserId($username); $_SESSION['admin'] = false; if ($id !== -1) { $_SESSION['admin'] = Database::isAdmin($id); } }
<?php $title = "Inicio"; session_start(); if (!empty($_SESSION['id'])) { echo "<script>window.location='dashboard.php';</script>"; } include_once "../clases/Database.php"; include_once "../clases/Query.php"; if ($_SERVER['REQUEST_METHOD'] == "POST") { $username = $_POST['username']; $password = $_POST['password']; $db = new Database(); if ($db->isLogin($username, $password)) { $_SESSION['id'] = $db->getUserId($username, $password); header("Location:dashboard.php"); } else { $errors = true; } } ?> <!DOCTYPE html> <!-- Template Name: Metronic - Responsive Admin Dashboard Template build with Twitter Bootstrap 3.3.5 Version: 4.5.2 Author: KeenThemes Website: http://www.keenthemes.com/ Contact: support@keenthemes.com
if (!Session::userLoggedIn()) { header("Location: login.php"); exit; } $token = Session::token(); if (isset($_GET['course'])) { //show the admin page for instructors //if the user does not have permission to see the admin page for the course then redirect them to the home page $course = $_GET['course']; $retrievedCourse = Database::getCoursebyID($course); if (!isset($retrievedCourse['id'])) { $message = urlencode("The course provided is not valid."); header("Location: error.php?error={$message}"); exit; } $user = Database::getUserId(Session::user()); $account = Database::getAccount($user, $course); if ($account === NULL || $account->canPromote() !== TRUE) { $message = urlencode("You do not have permission to add uploaders for this course."); header("Location: error.php?error={$message}"); exit; } $token = Session::token(); ?> <!doctype html> <html> <head> <meta charset="utf-8"> <title>Arizona Notes</title> <link rel="stylesheet" type="text/css" href="css/main.css">
exit; } else { if (isset($_POST['note']) && isset($_POST['token'])) { if (!Session::verifyToken($_POST['token'])) { $message = urlencode("The token provided does not match."); header("Location: error.php?error={$message}"); exit; } //attempts to remove the note with the id provided in $_GET['note'] $note = Database::getNotesByID($_POST['note']); if (!isset($note['id'])) { $message = urlencode("The file you want to remove does not exist."); header("Location: error.php?error={$message}"); exit; } $myAcc = Database::getAccount(Database::getUserId(Session::user()), $note['courseID']); //if the current user does not have an account with file delete permissions then redirect and exit if ($myAcc === NULL || !$myAcc->canDelete()) { $message = urlencode("You do not have permission to remove files for this course."); header("Location: error.php?error={$message}"); exit; } if (!Database::removeNoteFile($note['id'])) { $message = urlencode("The file could not be deleted."); header("Location: error.php?error={$message}"); exit; } Database::removeNoteWithID($note['id']); header("Location: admin.php?course={$note['courseID']}"); exit; } else {