Location: PHPKode > projects > Athena Research Assistant > athena-dev-0.1pre-alpha/modules/viewresrc.php
<?php
//BEGIN - CHECK IF THE USER IS ALLOWED TO DO THIS IN CASE OF A $_GET HACK
//THIS ENSURES THAT THE USER DOES NOT ATTEMPT ON SLIPPING VARIABLES IN THE URL
//IN ORDER TO OBTAIN ACCESS TO ADMIN PRIVILIDGES

$thisUSERGROUP = $_SESSION["userGROUPID"];
$thisUSERID = $_SESSION["UID"];

$getUSERperm =	mysql_query("SELECT * FROM ath_groups WHERE " . //obtain permission values
				"ath_groups_id=$thisUSERGROUP");
				
$checkUSER = mysql_fetch_array($getUSERperm);				
//END - CHECK FOR $_GET HACK

if ($checkUSER["ath_groups_addRESRC"] == 1){ //IF PERMISSION EXISTS ALLOW TO VIEW
	
	//CONVERTS RESOURCE IDs INTO NAMES
	include("../includes/convert_resrc_formats.inc.php");
	//SHOWS RESOURCES IN LISTS
	include("../objects/showRESRC.php");
}
else{
	echo("<p class=\"red\">You do not have permission to view resources!</p>");
}
?>
PHP Helpdesk script - 100% PHP source code. Try it now!
Return current item: Athena Research Assistant