Location: PHPKode > projects > Athena Research Assistant > athena-dev-0.1pre-alpha/modules/viewprojects.php
<?php
//BEGIN - CHECK IF THE USER IS ALLOWED TO DO THIS IN CASE OF A $_GET HACK
//THIS ENSURES THAT THE USER DOES NOT ATTEMPT ON SLIPPING VARIABLES IN THE URL
//IN ORDER TO OBTAIN ACCESS TO ADMIN PRIVILIDGES

$thisUSERGROUP = $_SESSION["userGROUPID"];

$getUSERperm =	mysql_query("SELECT * FROM ath_groups WHERE " . //obtain permission values
				"ath_groups_id=$thisUSERGROUP");
				
$checkUSER = mysql_fetch_array($getUSERperm);				
//END - CHECK FOR $_GET HACK

if ($checkUSER["ath_groups_addPROJECTS"] == 1){ //IF PERMISSION EXISTS ALLOW TO ADD
	
	include("../objects/showPROJECTS.php");
	
	/*if ($checkUSER["ath_groups_ADMINISTRATE"]){
		//SHOW ALL PROJECTS
		$getUSERSprojects = mysql_query("SELECT * FROM ath_projects ORDER BY ath_projects_groupIDÊASC");
		
		if (!$getUSERSprojects){
			echo("<p class=\"red\">getUSERSprojects failed in view projects.php");
			exit();
		}
		
		while ($ROWgetUSERSprojects = mysql_fetch_array($getUSERSprojects)){
			include("../objects/showPROJECTS.php");
		}
		
		
	}
	else{
		//SHOW ONLY PROJECTS IN THE GROUP
		$getUSERSprojects = mysql_query("SELECT * FROM ath_projects WHERE ath_projects_groupID=$thisUSERGROUP");
		
		if (!$getUSERSprojects){
			echo("<p class=\"red\">getUSERSprojects failed in view projects.php");
			exit();
		}
		
		while ($ROWgetUSERSprojects = mysql_fetch_array($getUSERSprojects)){
			include("../objects/showPROJECTS.php");
		}
	}*/
	
}
else{
	echo("<p class=\"red\">You do not have permission to view projects!</p>");
}
?>

Return current item: Athena Research Assistant