function remove($id) { $this->db = Staple_DB::get(); if ($id !== null) { $auth = Staple_Auth::get(); $user = new userModel($auth->getAuthId()); $userId = $user->getId(); $accountLevel = $user->getAuthLevel(); $entry = new timeEntryModel($id); $fullDate = $entry->getFullDate(); $inTime = $entry->getInTime(); $outTime = $entry->getOutTime(); $effectedUserId = $entry->getUserId(); $effectedUser = new userModel(); $account = $effectedUser->userInfo($effectedUserId); //Check for admin account delete if ($accountLevel >= 900) { $sql = "DELETE FROM timeEntries WHERE id = '" . $this->db->real_escape_string($id) . "'"; //AND userId <> '".$this->db->real_escape_string($userId)."' if ($this->db->query($sql)) { $audit = new auditModel(); $audit->setUserId($account['id']); $audit->setAction('Admin Entry Remove'); $audit->setItem($user->getUsername() . " removed entry for " . $fullDate . " In Time: " . $inTime . " Out Time: " . $outTime . ""); $audit->save(); return true; } } else { //Check if validated if ($this->validated($id)) { $sql = "DELETE FROM timeEntries WHERE id = '" . $this->db->real_escape_string($id) . "' AND userId = '" . $this->db->real_escape_string($userId) . "'"; if ($this->db->query($sql)) { return true; } } } } }