cleanup

addAppeals.php

@@ -3,12 +3,12 @@
 include 'connect.php';
 include_once "appeals_function.php";
 
-session_start();
+// session_start();
 
-if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true) {
-    header("Location: index.html");
-    exit();
-}
+// if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true) {
+//     header("Location: index.html");
+//     exit();
+// }
 
 $criminal_ID = array_key_exists("criminal_ID", $_GET) ? $_GET['criminal_ID'] : null;
 if ($criminal_ID == null) {

addCharges.php

@@ -3,12 +3,12 @@
 include 'connect.php';
 include_once "addcharges_function.php";
 
-session_start();
+// session_start();
 
-if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true) {
-    header("Location: index.html");
-    exit();
-}
+// if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true) {
+//     header("Location: index.html");
+//     exit();
+// }
 
 $criminal_ID = array_key_exists("criminal_ID", $_GET) ? $_GET['criminal_ID'] : null;
 if ($criminal_ID == null) {

addCrimeofficers.php

@@ -1,11 +1,7 @@
 <?php
-// new.php
 
 if (isset($_POST['crimeID'])) {
     $crimeID = $_POST['crimeID'];
-    // Perform additional queries using $crimeID
-
-    // Display the crimeID (you can replace this with your actual logic)
     echo "Crime ID: $crimeID";
 } else {
     echo "No crime ID received";

addCrimes.php

@@ -1,11 +1,8 @@
 <?php
-// Assuming you have a valid database connection stored in $con
-// Ensure that the connection is established before this code
 
 session_start();
 
 if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true) {
-    // echo "not logged in";
     header("Location: index.html");
     exit();
 }

addSentences.php

@@ -3,7 +3,6 @@
 session_start();
 
 if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true) {
-    // echo "not logged in";
     header("Location: index.html");
     exit();
 }

addalias.php

@@ -3,12 +3,13 @@
 include 'connect.php';
 include_once "addco_functions.php";
 
-session_start();
+// session_start();
+
+// if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true) {
+//     header("Location: index.html");
+//     exit();
+// }
 
-if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true) {
-    header("Location: index.html");
-    exit();
-}
 /* 
 criminal_ID 
 crime_ID
@@ -31,7 +32,6 @@
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>Add Alias</title>
-    <!-- the whole "check" function, I don't think we need-->
     <script>
     function check(form) {
         return true;

addalias_functions.php

@@ -1,14 +1,22 @@
 <?php
 include 'connect.php';
+include 'user.php';
 
 /* 
 criminal_ID 
 crime_ID
 officer_ID 
 */ 
 
+session_start();
+
+if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true) {
+    header("Location: index.html");
+    exit();
+}
 
 function add_alias() {
+    User::checkPerm();
     global $con;
 
     $sql = "INSERT INTO `alias`(`alias_id`, `criminal_ID`, `alias`) VALUES (NULL, ?, ?)";
@@ -35,7 +43,7 @@ function add_alias() {
 }
 
 function delete_alias() {
-
+    User::checkPerm();
     global $con;
     // $officer_ID = array_key_exists('officer_ID', $_POST) ? $_POST['officer_ID'] : die("Officer ID required!");
     $criminal_ID = $_POST['criminal_ID'];

addcharges_function.php

@@ -1,5 +1,14 @@
 <?php
 include 'connect.php';
+include 'user.php';
+
+session_start();
+
+if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true) {
+    header("Location: index.html");
+    exit();
+}
+
 class Charge
 {
     public $charge_ID;
@@ -49,7 +58,7 @@ function get_charge_info_from_db()
 
 function add_charge()
 {
-    var_dump($_POST);
+    User::checkPerm();
 
 
     global $con;
@@ -92,7 +101,7 @@ function add_charge()
 
 function update_charge()
 {
-
+    User::checkPerm();
 
     global $con;
     $criminal_ID = array_key_exists('criminal_ID', $_REQUEST) ? $_REQUEST['criminal_ID'] : die("Criminal ID required!");
@@ -134,6 +143,7 @@ function update_charge()
 
 function delete_charge()
 {
+    User::checkPerm();
     global $con;
     $charge_ID = array_key_exists('charge_ID', $_POST) ? $_POST['charge_ID'] : die("Charge ID required!");
     $criminal_ID = $_POST['criminal_ID'];

addco.php

@@ -3,12 +3,13 @@
 include 'connect.php';
 include_once "addco_functions.php";
 
-session_start();
+// session_start();
+
+// if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true) {
+//     header("Location: index.html");
+//     exit();
+// }
 
-if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true) {
-    header("Location: index.html");
-    exit();
-}
 /* 
 criminal_ID 
 crime_ID
@@ -21,15 +22,11 @@
     exit();
 }
 
-//im assuming this is for either edit or appeal 
+
 if (isset($_GET['officer_ID'])) {
-    //only delete and update send a 'm' val 
-    //delete: $method = d 
-    //update: $method = u 
     $method = $_GET['m']; 
 
 } else {
-    //add: $method = a 
     $method = 'a';
 } 
 
@@ -43,7 +40,6 @@
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>Add Crime Officers</title>
-    <!-- the whole "check" function, I don't think we need-->
     <script>
     function check(form) {
         return true;

addco_functions.php

@@ -1,8 +1,16 @@
 <?php
 include 'connect.php';
+include 'user.php';
 
+session_start();
+
+if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true) {
+    header("Location: index.html");
+    exit();
+}
 
 function add_co() {
+    User::checkPerm();
     global $con;
     $officer_ID = array_key_exists('officer_ID', $_REQUEST) ? $_REQUEST['officer_ID'] : die("officer ID required!");
 
@@ -33,6 +41,7 @@ function add_co() {
 }
 
 function update_co() {
+    User::checkPerm();
     global $con;
     $criminal_ID = array_key_exists('criminal_ID', $_REQUEST) ? $_REQUEST['criminal_ID'] : die("Criminal ID required!");
 
@@ -61,6 +70,7 @@ function update_co() {
 }
 
 function delete_co() {
+    User::checkPerm();
 
     global $con;
     $officer_ID = array_key_exists('officer_ID', $_POST) ? $_POST['officer_ID'] : die("Officer ID required!");
@@ -87,7 +97,6 @@ function delete_co() {
 } else {
     return;
 }
-var_dump($_POST);
 
 if ($method == 'a') {
     add_co();