-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathshow_requests_delete.php
51 lines (38 loc) · 1.44 KB
/
show_requests_delete.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
<?php include 'header.php';
//Control loggedin
if(!$loggedin){
$_SESSION['AlertRed'] = "You have to be logged in to do that.";
header("location:index.php");
}
//Control parameters
if (!isset($_GET['comm_id']) || !isset($_GET['user_id'])) {
$_SESSION['AlertRed'] = "No such community/user can be found.";
header("location:index.php");
}else{
$commid=$_GET['comm_id'];
$ruserid=$_GET['user_id']; //this is different than $userid
//Control admin rights
$stmt=$db->prepare("SELECT * FROM UsersInComms UC, Comms C WHERE UC.UserID=? AND
UC.CommID=? AND UC.CommID=C.CommID AND C.Privacy='Private' AND UC.Role='admin';");
$stmt->execute(array($userid,$commid));
$numrows = $stmt->rowCount();
if($numrows == 0){
$_SESSION['AlertRed'] = "You don't have rights to access Requests page.";
header("location:index.php");
}else{
//Control such request exists
$stmt=$db->prepare("SELECT * FROM Requests R WHERE R.UserID=? AND R.CommID=?;");
$stmt->execute(array($ruserid,$commid));
$numrows = $stmt->rowCount();
if($numrows == 0){
$_SESSION['AlertRed'] = "Request could not be found.";
header("location:index.php");
}else{
//Remove the request.
$stmt = $db->prepare("DELETE FROM Requests WHERE UserID=? AND CommID=?;");
$stmt->execute(array($ruserid,$commid));
$db=null;
$_SESSION['AlertGreen'] = "Successfully deleted.";
header("location:show_Requests.php?comm_id=".$commid);
}}}
include 'footer.php';?>