echo $token; ?> "> <input id='removedValue' type='hidden' name='note'> </form> <div class="darken_div"></div> <div class="main-logo"> <a href="index.php"> <img src="images/logo.png" height="90px" width=auto></a> </div> <article class="main-content"> <header> <?php $user = Database::getUserId(Session::user()); $account = Database::getAccount($user, $searchId); //if the current user can upload notes, add a link to allow them to upload a file if ($account !== NULL && $account->canUpload()) { ?> <div id="uploadFrame" class="upload"> <a id="uploadLink" href="#">Upload Notes</a> </div> <?php } ?> <p> <?php echo $retrievedCourse['name'] . " - " . $retrievedCourse['semester']; ?> </p> <p>
header("Location: login.php"); exit; } $token = Session::token(); if (isset($_GET['course'])) { //show the admin page for instructors //if the user does not have permission to see the admin page for the course then redirect them to the home page $course = $_GET['course']; $retrievedCourse = Database::getCoursebyID($course); if (!isset($retrievedCourse['id'])) { $message = urlencode("The course provided is not valid."); header("Location: error.php?error={$message}"); exit; } $user = Database::getUserId(Session::user()); $account = Database::getAccount($user, $course); if ($account === NULL || $account->canPromote() !== TRUE) { $message = urlencode("You do not have permission to add uploaders for this course."); header("Location: error.php?error={$message}"); exit; } $token = Session::token(); ?> <!doctype html> <html> <head> <meta charset="utf-8"> <title>Arizona Notes</title> <link rel="stylesheet" type="text/css" href="css/main.css"> <link rel="stylesheet" type="text/css" href="css/fonts.css">
exit; } else { if (isset($_POST['note']) && isset($_POST['token'])) { if (!Session::verifyToken($_POST['token'])) { $message = urlencode("The token provided does not match."); header("Location: error.php?error={$message}"); exit; } //attempts to remove the note with the id provided in $_GET['note'] $note = Database::getNotesByID($_POST['note']); if (!isset($note['id'])) { $message = urlencode("The file you want to remove does not exist."); header("Location: error.php?error={$message}"); exit; } $myAcc = Database::getAccount(Database::getUserId(Session::user()), $note['courseID']); //if the current user does not have an account with file delete permissions then redirect and exit if ($myAcc === NULL || !$myAcc->canDelete()) { $message = urlencode("You do not have permission to remove files for this course."); header("Location: error.php?error={$message}"); exit; } if (!Database::removeNoteFile($note['id'])) { $message = urlencode("The file could not be deleted."); header("Location: error.php?error={$message}"); exit; } Database::removeNoteWithID($note['id']); header("Location: admin.php?course={$note['courseID']}"); exit; } else {