ob_start(); require_once("includes/include.php"); if ((!isset($_SESSION['uid'])) || ($_SESSION['uid']=='')) { header("Location: login"); } $uid=$_SESSION['uid']; $user = get_user_by_id($uid); $utype=$user['utype']; ob_flush(); $db=new database(); $db2=new database(); $db->query("SELECT * FROM `users_accts` WHERE `uid` = '$uid' "); $row=$db->get_row(); $CompanyID=$row['CompanyID']; $CompanyName=$row['CompanyName']; $years=array(); $db->query("SELECT distinct SUBSTRING(FileDate, 1, 4) FROM `files`"); while($row=$db->get_row()) { $years[]=$row[0]; } rsort($years); $years = array(2009, 2012); $prems1= explode(', ', $user['perms']); $year_error = ''; $year = isset($_GET['year']) ? $_GET['year'] : '2009'; if(in_array($year, $prems1)) { // get the files for that year // set title //Method Advisors 2009, L.P. $intranet_title = 'Method Advisors '.$year.', L.P. > Files'; $year_error = false; } else { $intranet_title = 'Year Error'; $year_error = true; } get_header(); ?>