Location: PHPKode > projects > Athena Research Assistant > athena-dev-0.1pre-alpha/modules/addgroup.php
<?php
//BEGIN - CHECK IF THE USER IS ALLOWED TO DO THIS IN CASE OF A $_GET HACK
//THIS ENSURES THAT THE USER DOES NOT ATTEMPT ON SLIPPING VARIABLES IN THE URL
//IN ORDER TO OBTAIN ACCESS TO ADMINI PRIVILIDGES

$thisUSERGROUP = $_SESSION["userGROUPID"];

$getUSERperm =	mysql_query("SELECT * FROM ath_groups WHERE " . //obtain permission values
				"ath_groups_id=$thisUSERGROUP");
				
$checkUSER = mysql_fetch_array($getUSERperm);				
//END - CHECK FOR $_GET HACK

if ($checkUSER["ath_groups_addGROUPS"] == 1){ //IF PERMISSION EXISTS ALLOW TO ADD
	
	if ($_POST["addgroup"] == "Add Group"){ //IF FORM SUBMITTED
		$groupname = $_POST["groupname"];
	
		$checkGROUPNAMEexists = 	mysql_query("SELECT count(*) from ath_groups WHERE " .
									"ath_groups_name='$groupname'");
	
		if (!$checkGROUPNAMEexists){ //REPORT QUERY FAILURE
			echo("checkGROUPNAMEexists failed in modules/adduser.php");
			exit();
		}
	
		$count = mysql_result($checkGROUPNAMEexists, 0, 0);

		require("../includes/verify_no_special_chars.inc.php"); //THIS FILE CONTAINS A FUNCTION FOR VERYFYING THAT NO SPECIAL CHARS ARE USED
		
		if ($_POST["groupname"] == ""){
			echo("<p class=\"red\">Group name cannot be left blank.</p>");
			include("../objects/addgroupFORM.php");
		}
		elseif (!verifyCHARS($_POST["groupname"])){ //VERIFY SPECIAL NO CHARS
			echo("<p class=\"red\">Please remove special characters like: ' @ # \$ etc. from the group name.</p>");
			include("../objects/addgrouoFORM.php");
		}
		elseif ($count > 0){ //
			echo("<p class=\"red\">Group name " . $_POST["groupname"] . " already exists.</p>");
			include("../objects/addgroupFORM.php");
		}
		else{
			//ADD TO DATABASE
			$name = addslashes(strip_tags($_POST["groupname"]));
			$datecreated = date("Y-m-d");
			$addUSERS = $_POST["addusers"];
			$viewUSERS = $_POST["viewuserprofiles"];
			$addGROUPS = $_POST["addgroups"];
			$viewGROUPS = $_POST["viewgroups"];
			$addPROJECTS = $_POST["addprojects"];
			$addNOTES = $_POST["addnotes"];
			$addRESRC = $_POST["addresrc"];
			$addtoPUBLIC  = $_POST["addtopublic"];
			$administrate = $_POST["administrate"];
			$locked == 0;
			
			$INSERTgroup = 	mysql_query("INSERT INTO ath_groups SET ". 
										"ath_groups_name='$name', " .
										"ath_groups_datecreated='$datecreated', " .
										"ath_groups_addUSERS='$addUSERS', " .
										"ath_groups_viewUSERS='$viewUSERS', " .
										"ath_groups_addGROUPS='$addGROUPS', " .
										"ath_groups_viewGROUPS='$viewGROUPS', " .
										"ath_groups_addPROJECTS='$addPROJECTS', " .
										"ath_groups_addNOTES='$addNOTES', " .
										"ath_groups_addRESRC='$addRESRC', " .
										"ath_groups_addtoPUBLIC='$addtoPUBLIC', " .
										"ath_groups_ADMINISTRATE='$administrate', " .
										"ath_groups_LOCKED='$locked'");
										
			if (!$INSERTgroup){
				echo("<p class=\"red\">INSTERTgroup failed in addgroup.php</p>");
				echo(mysql_error());
				exit();
			}
			include("../objects/groupADDEDconfirm.php");
		}
	}
	else{ //ENTER DATA
		include("../objects/addgroupFORM.php");
	}
}
else{
	echo("<p class=\"red\">You do not have permission to add new groups!</p>");
}
?>

Return current item: Athena Research Assistant