<?php
  require('global-php.php');
  $verbindung = database_connection($lang_database_failure[$language]);
  $PHP_AUTH_USER = $_SERVER["PHP_AUTH_USER"];
  $PHP_AUTH_PW = $_SERVER["PHP_AUTH_PW"];
  $ergebnis = db_exec($verbindung,
			"SELECT * FROM staff_authorization "
  				. "WHERE "
				. login_query_clauses(
					$PHP_AUTH_USER,
					$PHP_AUTH_PW)
				. ";");
  if (pg_numrows($ergebnis) < 1) {
    header('WWW-Authenticate: Basic realm="Kursverwaltung"');
    header("HTTP/1.0 401 Unauthorized");
    echo $lang_authentication_failure[$language];
    db_close($verbindung);
    exit;
  }
  db_exec($verbindung, "START TRANSACTION;");
  db_exec($verbindung, "LOCK TABLE person_course;");
  foreach($_POST as $key => $value) {
    if ($key == "kurs") {
      $kurs = intval($value);
      $ergebnis = db_exec($verbindung,
			"SELECT * FROM staff_authorization,authorized_course"
  				. " WHERE staff_authorization.id=account"
				. " AND "
				. login_query_clauses(
					$PHP_AUTH_USER,
					$PHP_AUTH_PW)
				. " AND (course=$kurs"
				. " OR -1=$kurs)"
				. ";");
      if (pg_numrows($ergebnis) < 1) {
        header('WWW-Authenticate: Basic realm="Kursverwaltung"');
        header("HTTP/1.0 401 Unauthorized");
        echo $lang_authentication_failure[$language];
        db_exec($verbindung, "ROLLBACK;");
        db_close($verbindung);
        exit;
      }
      db_exec($verbindung, "DELETE FROM person_course WHERE course=$kurs;");
    } else {
      $registration = str_replace("person", "", $key);
      $parts = explode("_", $registration);
      $priority = intval($parts[0]);
      $person = intval($parts[1]);
      $person_priority[$person] = $priority;
    }
  }
  foreach ($person_priority as $person => $priority) {
    db_exec($verbindung, "INSERT INTO person_course (person,course,priority) "
				. "SELECT $person,$kurs,$priority;");
  }
  db_exec($verbindung, "COMMIT;");
  db_close($verbindung);
?>