/** END: Reserve Book */ /** Cancel reservation */ if(isset($_REQUEST['do']) && ($_REQUEST['do'] == "cancel")){ $re = new Reservations; $rs = $re->GetReservationByRID($_REQUEST['rid']); if (mysql_num_rows($rs)==0){ // Invalid rid $_SESSION['BackLink'] = $_SERVER['PHP_SELF'] . "?ID=" . $_REQUEST['bid']; trigger_error("System error: invalid RID", E_USER_ERROR); exit(); } $row = mysql_fetch_assoc($rs); if( ($_SESSION['CurrentUser']['login_type'] == "ADMIN") || ($_SESSION['CurrentUser']['login_type']=="LIBSTAFF") || ($_SESSION['CurrentUser']['mid']==$row['mid']) ){ // Is this operation allowed $result = $re->CancelReservation($_REQUEST['rid']); header("Location: reservations_book.php?ID=" . $row['bid']); exit(); } else { $_SESSION['BackLink'] = $_SERVER['PHP_SELF'] . "?ID=" . $row['bid']; trigger_error("You are not allowed to perform this operation.", E_USER_ERROR); exit(); } } // Get book details into $row //////////////////////////////////////////// if(!isset($_REQUEST['ID'])){ header("Location: book_browse.php"); exit(); } $id = $_REQUEST['ID'];