Location: PHPKode > projects > Athena Research Assistant > athena-dev-0.1pre-alpha/modules/addresrc.php
<?php
//BEGIN - CHECK IF THE USER IS ALLOWED TO DO THIS IN CASE OF A $_GET HACK
//THIS ENSURES THAT THE USER DOES NOT ATTEMPT ON SLIPPING VARIABLES IN THE URL
//IN ORDER TO OBTAIN ACCESS TO ADMINI PRIVILIDGES

$thisUSERGROUP = $_SESSION["userGROUPID"];

$getUSERperm =	mysql_query("SELECT * FROM ath_groups WHERE " . //obtain permission values
				"ath_groups_id=$thisUSERGROUP");
				
$checkUSER = mysql_fetch_array($getUSERperm);				
//END - CHECK FOR $_GET HACK

if ($checkUSER["ath_groups_addRESRC"] == 1){ //IF PERMISSION EXISTS ALLOW TO ADD
	
	if ($_POST["addRESOURCE"] == "add"){ //ADD RESOURCE
		
		//CONVERT USER ID FUNCTION
		require("../includes/UID_to_username.inc.php");
		
		if ($_POST["addresource"] == "Add Resource"){
			
			//prep POST vars
			$WITHproject = $_POST["WITHproject"];
			$ownerID = $_SESSION["UID"];
			$ownerUSERNAME = convert_ID($_SESSION["UID"]);
			$ownerGROUPID = $_SESSION["userGROUPID"];
			$format = $_POST["format"];
			$title = addslashes(strip_tags($_POST["title"]));
			$authorFIRST = addslashes(strip_tags($_POST["authorfirst"]));
			$authorLAST = addslashes(strip_tags($_POST["authorlast"]));
			$category = $_POST["category"];
			$url = $_POST["url"];
			$year = addslashes(strip_tags($_POST["year"]));
			$lenght = addslashes(strip_tags($_POST["lenght"]));
			$publisher = addslashes(strip_tags($_POST["publisher"]));
			$addtopublic = $_POST["addtopublic"];
			$notes = addslashes(strip_tags($_POST["notes"]));
			
			require("../includes/convert_resrc_formats.inc.php");
			
			$insertRESRC =	@mysql_query("INSERT INTO ath_resrc SET " .
								"ath_resrc_WITHproject='$WITHproject', " .
								"ath_resrc_ownerID='$ownerID', " .
								"ath_resrc_ownerUSERNAME='$ownerUSERNAME', " .
								"ath_resrc_ownerGROUPID='$ownerGROUPID', " . 
								"ath_resrc_format='$format', " .
								"ath_resrc_title='$title', " .
								"ath_resrc_authorFIRST='$authorFIRST', " .
								"ath_resrc_authorLAST='$authorLAST', " .
								"ath_resrc_category='$category', " .
								"ath_resrc_url='$url', " .
								"ath_resrc_year='$year', " .
								"ath_resrc_lenght='$lenght', " .
								"ath_resrc_publisher='$publisher', " .
								"ath_resrc_notes='$notes'");
							
			if (!$insertRESRC){
				echo("<p class=\"red\">Could not add new resource. insertRESRC error in addresrc.php</p>");
				echo(mysql_error());
				exit();
			}
			
			if ($_POST["addtopublic"] == 1){
								
				$insertRESRCtopublic =	@mysql_query("INSERT INTO ath_public_resrc SET " .
											"ath_resrc_ownerID='$ownerID', " .
											"ath_resrc_ownerUSERNAME='$ownerUSERNAME', " .
											"ath_resrc_format='$format', " .
											"ath_resrc_title='$title', " .
											"ath_resrc_authorFIRST='$authorFIRST', " .
											"ath_resrc_authorLAST='$authorLAST', " .
											"ath_resrc_category='$category', " .
											"ath_resrc_url='$url', " .
											"ath_resrc_year='$year', " .
											"ath_resrc_lenght='$lenght', " .
											"ath_resrc_publisher='$publisher', " .
											"ath_resrc_notes='$notes'");
							
				if (!$insertRESRC){
					echo("<p class=\"red\">Could not add new resource to Public Resource. insertRESRCtopublic error in addresrc.php</p>");
					echo(mysql_error());
					exit();
				}
			}	
			
			include("../objects/resrcADDEDconfirm.php");
		}
		else{
			include("../objects/addresrcFORM.php");
		}
	}
	elseif ($_POST["addRESOURCE"] == "copy"){ //COPY RESOURCE
		//include("");
		echo("COPY");
	}
	else{ //ASK IF COPYING OR CREATING NEW
		include("../objects/addRESRCstep1.php");
	}
	
}
else{ //REFUTE THE ADDITION
	echo("<p class=\"red\">You do not have permission to add new groups!</p>");
}
?>
100% Free PHP Newsletter Script! Download now!
Return current item: Athena Research Assistant