This is very weird usage of the mforms API. What is the point of such a form mod_domoscio_create_notion_form if it is not actually used to transfer and validate the data?

Among other consequences, the delete_notion.php is not protected against CSRF so any teacher can become a subject of a malicious attack like

<img width="1" height="1" src=".../url/to/delete_notion.php?d=1&kn=1" />