Location: PHPKode > projects > Athena Research Assistant > athena-dev-0.1pre-alpha/modules/addproject.php
<?php
//BEGIN - CHECK IF THE USER IS ALLOWED TO DO THIS IN CASE OF A $_GET HACK
//THIS ENSURES THAT THE USER DOES NOT ATTEMPT ON SLIPPING VARIABLES IN THE URL
//IN ORDER TO OBTAIN ACCESS TO ADMIN PRIVILIDGES

$thisUSERGROUP = $_SESSION["userGROUPID"];

$getUSERperm =	mysql_query("SELECT * FROM ath_groups WHERE " . //obtain permission values
				"ath_groups_id=$thisUSERGROUP");
				
$checkUSER = mysql_fetch_array($getUSERperm);				
//END - CHECK FOR $_GET HACK

if ($checkUSER["ath_groups_addPROJECTS"] == 1){ //IF PERMISSION EXISTS ALLOW TO ADD
	
	if ($_POST["addproject"] == "Add Project"){ //IF FORM SUBMITTED
		
		//ADD TO DATABASE
		
			
			$groupID =  $_POST["groupID"];
			$contributorID =  $_POST["contributorID"];
			
			//GET GROUP NAME
			$getgroupNAME = mysql_query("SELECT * FROM ath_groups WHERE ath_groups_id=$groupID");
			$ROWgetgroupNAME = mysql_fetch_array($getgroupNAME);
			
			//GET USER NAME
			$getuserNAME = mysql_query("SELECT * FROM ath_users WHERE ath_users_id=$contributorID");
			$ROWgetuserNAME = mysql_fetch_array($getuserNAME);
			
			$datecreated = date("Y-m-d");
			$groupNAME =  addslashes(strip_tags($ROWgetgroupNAME["ath_groups_name"]));
			$contributorNAME =  addslashes(strip_tags($ROWgetuserNAME["ath_users_username"]));
			$projectname =  addslashes(strip_tags($_POST["projectname"]));
			$shortdesc =  addslashes(strip_tags($_POST["shortdescription"]));
			$keywords =  addslashes(strip_tags($_POST["keywords"]));
			$category = addslashes(strip_tags($_POST["category"]));
			$details =  addslashes(strip_tags($_POST["details"]));
			
			$INSERTproject = 	mysql_query("INSERT INTO ath_projects SET " . 
										"ath_projects_datecreated='$datecreated', " . 
										"ath_projects_contributorNAME='$contributorNAME', " . 
										"ath_projects_contributorID='$contributorID', " . 
										"ath_projects_groupNAME='$groupNAME', " . 
										"ath_projects_groupID='$groupID', " . 
										"ath_projects_name='$projectname', " . 
										"ath_projects_shortdesc='$shortdesc', " . 
										"ath_projects_keywords='$keywords', " . 
										"ath_projects_category='$category', " . 
										"ath_projects_details='$details'");
										
			if (!$INSERTproject){
				echo("<p class=\"red\">INSTERTproject failed in addproject.php</p>");
				echo(mysql_error());
				exit();
			}
			include("../objects/projectADDEDconfirm.php");
		
	}
	else{ //ENTER DATA
		include("../objects/addprojectFORM.php");
	}
}
else{
	echo("<p class=\"red\">You do not have permission to add new projects!</p>");
}
?>
100% Free PHP Newsletter Script! Download now!
Return current item: Athena Research Assistant