if ($page['booking'] == null) { Session::setError('Booking does not exist, please try again.'); Session::redirect('/bookings'); } // Make sure attendance hasn't already been recorded for this booking, // or the booking hasn't been set as cancelled $attendance = Attendance::getAttendance($bookingId); if ($attendance != null) { Session::setError('You have already recorded attendance for this workshop.'); Session::redirect('/bookings'); } // If the request is a post if ($_SERVER['REQUEST_METHOD'] === 'POST') { // Make sure the fields are correct if (!Attendance::checkAttendanceField($_POST['attendance']['taught']) || !Attendance::checkAttendanceField($_POST['attendance']['learn'])) { $page = Session::setImmediateError($page, 'You have not met the minimum word count for some of these fields, please try again.'); // Set the field text so the user does not have to retype it $page['field']['taught'] = $_POST['attendance']['taught']; $page['field']['learn'] = $_POST['attendance']['learn']; } else { // Make sure the file name does not contain php in it if (strpos($_FILES['attendance']['name']['file'], 'php')) { Session::setError('File rejected'); Session::redirect('/bookings'); } // Make the filename $extension = pathinfo($_FILES['attendance']['name']['file'], PATHINFO_EXTENSION); $filename = Attendance::generateRandomFileName() . '.' . $extension; // Upload file path $uploadedFile = $GLOBALS['file-directory'] . basename($filename); if (!move_uploaded_file($_FILES['attendance']['tmp_name']['file'], $uploadedFile)) {