<?php
  require('global-php.php');
  header('Content-type: text/xml; charset=utf-8');
  $verbindung = database_connection(
  	      "<status>" . $lang_database_failure[$language] . "</status>");
  $PHP_AUTH_USER = $_SERVER["PHP_AUTH_USER"];
  $PHP_AUTH_PW = $_SERVER["PHP_AUTH_PW"];
  $ergebnis = db_exec($verbindung,
			"SELECT * FROM staff_authorization,superuser,"
					. "capability "
				. "WHERE superuser.account"
				. "=staff_authorization.id "
				. "AND superuser.capability=capability.id "
				. "AND capability.name='users' "
				. "AND "
				. login_query_clauses(
					$PHP_AUTH_USER,
					$PHP_AUTH_PW)
				. ";");
  if (pg_numrows($ergebnis) < 1) {
    header('WWW-Authenticate: Basic realm="Kursverwaltung"');
    header("HTTP/1.0 401 Unauthorized");
    echo '<status>' . $lang_authentication_failure[$language] . '</status>';
    db_close($verbindung);
    exit;
  }
  $course_period = option_value($course_period_option);
  $account = intval($_REQUEST["account"]);
  $kategorie = intval($_REQUEST["kategorie"]);
  $kurs = intval($_REQUEST["kurs"]);
  $termin = intval($_REQUEST["termin"]);
  if (0 < pg_cmdtuples(db_exec($verbindung, "DELETE "
			. "FROM authorized_course "
			. "WHERE account=" . $account . " "
			. "AND EXISTS ("
			. "SELECT true "
			. "FROM category,course,$course_date_readable "
			. "WHERE ("
			. "$course_date_readable.id=" . $termin . " "
			. "OR " . $termin . "=-1 "
			. "OR " . $kurs . "=-1 "
			. "OR " . $kategorie . "=-1) "
			. "AND ("
			. "course.id=" . $kurs . " "
			. "OR " . $kurs . "=-1 "
			. "OR " . $kategorie . "=-1) "
			. "AND ("
			. "category.id=" . $kategorie . " "
			. "OR " . $kategorie . "=-1) "
			. "AND category=category.id "
			. "AND $course_date_readable.course=course.id "
			. "AND authorized_course.course="
			. "$course_date_readable.id);"))) {
?>
<status><?=$lang_privileges_revoked[$language]?></status>
<?php
  } else {
?>
<status><?=$lang_privileges_not_revoked[$language]?></status>
<?php
  }
  db_close($verbindung);
?>