[go: up one dir, main page]
Menu

[2a284d]: / www / courseDrop.php  Maximize  Restore  History

Download this file

124 lines (111 with data), 3.2 kB 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
<?php

require_once("loginCheck.php");



// Ensure that the security random number is correct

if (!isset($_GET['rand']) || $_GET['rand'] != md5(session_id()))

{

  $_SESSION['msg']['error'] = "Security Error.";

  header("Location: courses.php");

  exit();

}



$fatal = false;



// Connect to database

include("connect.php");



// Check that course id is valid

if (!isset($_GET['courseId']) || !is_numeric($_GET['courseId']))

{

  if (!isset($_SESSION['msg']['error']))

    $_SESSION['msg']['error'] = "";

  $_SESSION['msg']['error'] .= "Invalid course id.";

  $fatal = true;

}

else

{

  // Check that course id is valid

  if (!courseExists($_GET['courseId']))

  {

    if (!isset($_SESSION['msg']['error']))

      $_SESSION['msg']['error'] = "";

    $_SESSION['msg']['error'] .= "Invalid course id.";

    $fatal = true;

  }

}



// Get user id

$userId = $_SESSION['userId'];

if (isset($_GET['userId']) && $_GET['userId'] != $userId)

{

  $userId = $_GET['userId'];



  // Check that the course id is for the current professor

  if ($_SESSION['acctType'] == 'professor')

  {

    $error = true;

    // Get course info

    if ($courseInfo = getCourseInfo($_GET['courseId']))

      if ($courseInfo['profId'] == $_SESSION['userId'])

        $error = false;



    // Indicate error and redirect

    if ($error)

    {

      if (!isset($_SESSION['msg']['error']))

        $_SESSION['msg']['error'] = "";

      $_SESSION['msg']['error'] .= "You cannot edit another user's courses.<br/>";

      $fatal = true;

    }

  }



  if ($_SESSION['acctType'] != 'admin' && $_SESSION['acctType'] != 'professor')

  {

    if (!isset($_SESSION['msg']['error']))

      $_SESSION['msg']['error'] = "";

    $_SESSION['msg']['error'] .= "You cannot edit another user's courses.<br/>";

    $fatal = true;

  }

  else if (!is_numeric($_GET['userId']))

  {

    if (!isset($_SESSION['msg']['error']))

      $_SESSION['msg']['error'] = "";

    $_SESSION['msg']['error'] .= "Invalid user id.<br/>";

    $fatal = true;

  }

  else

  {

    // Check that course id is valid

    if (!userIdExists($_GET['userId']))

    {

      if (!isset($_SESSION['msg']['error']))

        $_SESSION['msg']['error'] = "";

      $_SESSION['msg']['error'] .= "Invalid user id.";

      $fatal = true;

    }

  }

}



if (!$fatal)

{

  // Check that user is enrolled in the course

  if (!isUserInCourse($userId, $_GET['courseId']))

  {

    if (!isset($_SESSION['msg']['error']))

      $_SESSION['msg']['error'] = "";

    $_SESSION['msg']['error'] .= "You are not enrolled in this course.";

    $fatal = true;

  }

}



// Proceed with course registration if no fatal errors

if (!$fatal)

{

  // Try to drop the course

  if (courseDrop($userId, $_GET['courseId']))

  {

    $_SESSION['msg']['success'] = "Successfully dropped the course.";

  }

  else

  {

    /*

    if (!isset($_SESSION['msg']['error']))

      $_SESSION['msg']['error'] = "";

    $_SESSION['msg']['error'] .= "MySQL Error: " . mysql_error();

    */

  }

}



mysql_close();



$location = (isset($_GET['loc'])) ? $_GET['loc'] : 'courses.php';

header('Location: '.$location);

?>