/includes/remove.php
PHP | 24 lines | 23 code | 0 blank | 1 comment | 5 complexity | 11902a78858a8a1982f35b57bee32d3c MD5 | raw file
- <? if ($_SESSION['logged_in'] != true) {
- echo "There has been an error, please go back and try again";
- die();
- }
- $return = escape($_POST['return']);
- $id = escape($_POST['id']);
- $c_user = escape($_POST['c_id']);
- //Security measure, ensure logged in user is the same as the user's shift being edited or that an admin is editing
- $r = mysql_query("SELECT * FROM hours WHERE id='$id' AND worker='$c_user'");
- if (mysql_num_rows($r) == 0) { //no such shift
- echo "There has been an error, please go back and try again";
- die();
- }
- $r = mysql_fetch_array($r);
- $str = "$r[3]-$r[2]-$r[1]"; //get the date of the shift
- $shift_date = strtotime($str);
- if (time() > $shift_date) {
- echo "You cannot edit shifts that are in the past, redirecting...";
- echo "$str <br /> $shift_date <br />". time();
- echo "<META HTTP-EQUIV='Refresh' Content='1; URL=index.php?page=cal&$return'>";
- die();
- }
- mysql_query("UPDATE hours SET worker='0' WHERE id='$id'");
- echo "<META HTTP-EQUIV='Refresh' Content='0; URL=index.php?page=cal&$return'>";