Location: PHPKode > projects > Athena Research Assistant > athena-dev-0.1pre-alpha/modules/addnotes.php
<?php
//BEGIN - CHECK IF THE USER IS ALLOWED TO DO THIS IN CASE OF A $_GET HACK
//THIS ENSURES THAT THE USER DOES NOT ATTEMPT ON SLIPPING VARIABLES IN THE URL
//IN ORDER TO OBTAIN ACCESS TO ADMINI PRIVILIDGES

$thisUSERGROUP = $_SESSION["userGROUPID"];

$getUSERperm =	mysql_query("SELECT * FROM ath_groups WHERE " . //obtain permission values
				"ath_groups_id=$thisUSERGROUP");
				
$checkUSER = mysql_fetch_array($getUSERperm);				
//END - CHECK FOR $_GET HACK

if ($checkUSER["ath_groups_addNOTES"] == 1){ //IF PERMISSION EXISTS ALLOW TO ADD
	
	if ($_POST["addnote"] == "Add Note"){ //IF FORM SUBMITTED
		$groupname = $_POST["groupname"];
	
		/*$checkGROUPNAMEexists = 	mysql_query("SELECT count(*) from ath_groups WHERE " .
									"ath_groups_name='$groupname'");
	
		if (!$checkGROUPNAMEexists){ //REPORT QUERY FAILURE
			echo("checkGROUPNAMEexists failed in modules/adduser.php");
			exit();
		}						
	
		$count = mysql_result($checkGROUPNAMEexists, 0, 0);

		if ($count > 0){ //
			echo("<p class=\"red\">Group name " . $_POST["groupname"] . " already exists.</p>");
			include("../objects/addgroupFORM.php");
		}*/
		
		if ($_POST["heading"] == ""){
			echo("<p class=\"red\">Note title cannot be left blank.</p>");
			include("../objects/addnotesFORM.php");
		}
		else{
			//ADD TO DATABASE
		
			$WITHresrc = $_POST["WITHresrc"];
			$datecreated = date("Y-m-d");
			$heading = addslashes(strip_tags($_POST["heading"]));
			$text = nl2br(addslashes(strip_tags($_POST["text"])));
			$ownerGROUP = $_POST["ownerGROUPID"];
			
			$INSERTnote = 	mysql_query("INSERT INTO ath_notes SET ". 
										"ath_notes_resourceID='$WITHresrc', " .
										"ath_notes_datecreated='$datecreated', " .
										"ath_notes_heading='$heading', " .
										"ath_notes_text='$text', " .
										"ath_notes_ownerGROUP='$ownerGROUP'");
										
			if (!$INSERTnote){
				echo("<p class=\"red\">INSTERTnote failed in addnote.php</p>");
				echo(mysql_error());
				exit();
			}
			echo("added");
			//include("../objects/groupADDEDconfirm.php");
		}
	}
	else{ //ENTER DATA
		include("../objects/addnotesFORM.php");
	}
}
else{
	echo("<p class=\"red\">You do not have permission to add new notes!</p>");
}
?>

Return current item: Athena Research Assistant