/AddToDB.php
PHP | 1354 lines | 1311 code | 28 blank | 15 comment | 16 complexity | d72b89cc572a793f669f34788e03f30d MD5 | raw file
- <?php
- include('_CHECK.php');
- include_once('_inc_sanitation.php');
- function ArchiveTarget($tid)
- {
- $query =
- "INSERT INTO targets_archive
- (Target_ID, Student_ID, set_by, subject, target_desc, start, modder, end, timestamp, status, note)
- SELECT Target_ID, Student_ID, set_by, subject, target_desc, start, modder, end, timestamp, status, note
- FROM targets
- WHERE target_ID ='$tid'
- LIMIT 1";
- $result = mysql_query($query) or die (mysql_error()) ;
- return true;
- }
- function ActivityUpdate($action, $actedOn, $actor, $actedOnID)
- {
- $timestamp = date("Y-m-d H:i:s");
- $query = "
- INSERT INTO activities (action, actedOn, actor, actedOnID, tstamp)
- VALUES('$action', '$actedOn', '$actor', '$actedOnID','$timestamp' )";
- $result = mysql_query($query) or die (mysql_error()) ;
- return true;
- }
- function checkUID($ID, $table, $column)
- {
- $query = "Select count(*) from $table where $column='$ID'";
- $result = mysql_query($query) or die (mysql_error()) ;
- $result = mysql_result($result, 0);
- While ($result > 0)
- {
- $ID = $ID."_".($result+1);
- $query = "Select count(*) from $table where $column='$ID'";
- $result = mysql_query($query) or die (mysql_error()) ;
- $result = mysql_result($result, 0);
- }
- return $ID;
- }
- function printStatus($title, $info, $buttonCode=NULL, $colour=NULL)
- {
- echo "<div style=\"border: 3px #99B3B4 double; margin 0;\">
- <div class='input' style=\"border: 1px #99B3B4 dashed; text-align:center; ";
- if (isset($colour))
- echo "color: $colour;";
- echo " \">
- <big>$title</big>
- </div>
- <div class='input' style=\"border: 1px #99B3B4 dashed; text-align:center; \">
- $info
- </div>";
- if (isset($buttonCode))
- {echo "<div class='input' style=\"border: 1px #99B3B4 dashed;text-align:center; margin: 0; \">
- $buttonCode
- </div>";}
- echo "</div>";
- }
- function sessionError()
- {
- $error = "LOGIN TIMEOUT";
- $colour = "red";
- $info = "Please <a href='logout.php'>logout</a> and re-enter your email address and password.";
- printStatus($error, $info, NULL, $colour);
- }
- if($seshRights>0){
- $changeWhat = (sanitize_sql_string($_GET['changeWhat']));
- switch($changeWhat) {
- case "TargetMod":
- if ($seshRights>1){
- $TargetID = (sanitize_sql_string($_GET['targetID']));
- $newStatus = (sanitize_sql_string($_GET['newStatus']));
- $resType = (sanitize_sql_string($_GET['resType']));
- $idx = (sanitize_sql_string($_GET['idx']));
- $val = (sanitize_sql_string($_GET['val']));
- $ong = (sanitize_sql_string($_GET['ong']));
- $ach = (sanitize_sql_string($_GET['ach']));
- $dro = (sanitize_sql_string($_GET['dro']));
- $notes = (sanitize_sql_string($_GET['notes']));
- $forma = (sanitize_sql_string($_GET['forma']));
- $DateSwitch = date("Y-m-d");
- $d8time=date("Y-m-d H:i:s");
- $actor = $_SESSION['TID'];
-
- $query=
- "UPDATE targets
- SET status='$newStatus', end='$DateSwitch', timestamp='$d8time', modder='$actor'
- WHERE Target_ID='$TargetID';";
- $result = mysql_query($query) or die (mysql_error()) ;
-
- // ARCHIVE
- ArchiveTarget($TargetID);
- /// ACTIVITY UPDATE ///
- $action = "Update-$newStatus";
- $actedOn = "Target";
- $actor = $_SESSION['TID'];
- $actedOnID = $TargetID;
- ActivityUpdate($action, $actedOn, $actor, $actedOnID);
- //////////////////////
- include('getResults.php');
- } else sessionError();
- break;
-
- case "TargetCorrectInit":
- if ($seshRights>1){
- $TargetID = (sanitize_sql_string($_GET['targetID']));
- $resType = (sanitize_sql_string($_GET['resType']));
- $idx = (sanitize_sql_string($_GET['idx']));
- $val = (sanitize_sql_string($_GET['val']));
- $uid = (sanitize_sql_string($_GET['sid']));
- $query =
- "SELECT student_ID, set_by, start, end, status, subject, target_desc, note
- FROM targets
- WHERE target_ID='$TargetID'";
-
- $result = mysql_query($query) or die (mysql_error()) ;
- echo "<div style=\"border: 3px #99B3B4 double; margin 0; padding 0; width=auto;\">
- <div class='input' style=\"border: 1px #99B3B4 dashed;text-align:center; \"><big>EDITING TARGET</big></div> ";
- /* Trying to load selector
- onload=\"function () {
- calSE = new dhtmlxCalendarObject('target_startdate$uid', true, {isMonthEditable: true, isYearEditable: true});
- calEE = new dhtmlxCalendarObject('target_enddate$uid', true, {isMonthEditable: true, isYearEditable: true});
- } \"
- */
- while($row = mysql_fetch_array($result, MYSQL_ASSOC))
- {
- $initStudentID=trim($row['student_ID']);
- $initTeacherID=trim($row['set_by']);
- $initTargDesc=trim($row['target_desc']);
- $initSubject=trim($row['subject']);
- $initStatus=trim($row['status']);
- $initStart=trim($row['start']);
- $initEnd=trim($row['end']);
- $initNote = trim($row['note']);
- }
-
- include_once('_inc_yearFinder.php');
- $forma = (sanitize_sql_string($_GET['forma']));
- if ($forma != 'true'){
- $bit1 = "Stat='Active'";
- $StudentList = lowerSchoolAged();
- $bit2 = "Student_ID IN ($StudentList)";
- $formerbit = "$bit1 AND $bit2";
- $formerbit = "WHERE $formerbit";
- }
- else{
- if ($seshRights < 4) {$formerbit = "Stat='Active'"; $formerbit = "WHERE $formerbit";}
- else {$formerbit = "";}
- }
- $StudentsQ =
- "SELECT
- Student_ID,
- CONCAT(first_name, ' ', last_name) as 'Student'
- FROM students
- $formerbit
- ORDER BY first_name, last_name";
-
- $SubjectsQ =
- "Select Subject
- FROM subjects Group By Subject";
-
- $TeachersQ =
- "Select Teacher_ID, CONCAT(First_Name, ' ', Last_Name) as 'Set By Teacher'
- FROM teachers
- WHERE Stat < 3
- ORDER BY first_name, last_name";
-
- echo "<FORM name=\"EditMode\">";
-
- echo "<SELECT class='input' name=\"Students$uid\" id=\"Students$uid\">";
- $result2 = mysql_query($StudentsQ) or die (mysql_error()) ;
- while($row = mysql_fetch_array($result2, MYSQL_ASSOC))
- {
- echo "<option ";
- if (trim($row['Student_ID']) == $initStudentID)
- echo "selected ";
- echo "value='".$row['Student_ID']."'>".$row['Student'] ;
- }
- echo "</SELECT>";
- echo "<SELECT class='input' name=\"Teachers$uid\" id=\"Teachers$uid\">";
- $result2 = mysql_query($TeachersQ) or die (mysql_error()) ;
- while($row = mysql_fetch_array($result2, MYSQL_ASSOC))
- {
- echo "<option ";
- if (trim($row['Teacher_ID']) == $initTeacherID)
- echo "selected ";
- echo "value='".$row['Teacher_ID']."'>".$row['Set By Teacher'] ;
- }
- echo "</SELECT>";
-
- echo "<SELECT class='input' name=\"Status$uid\" id=\"Status$uid\">";
- $statuses = array('Ongoing', 'Achieved', 'Dropped');
- for ( $i = 0; $i< sizeOf($statuses); $i+=1) {
- echo "<option ";
- if ($statuses[$i] == $initStatus)
- echo "selected ";
- echo "value='".$statuses[$i]."'>".$statuses[$i] ;
- }
- echo "</SELECT>";
- echo "<hr>";
- echo "<SELECT class='input' name=\"Subjects$uid\" id=\"Subjects$uid\">";
- $result2 = mysql_query($SubjectsQ) or die (mysql_error()) ;
- // Using Init Selected Rather than Match Select
- // Because original subject list was different
- echo "<option value='$initSubject' Selected>$initSubject";
- while($row = mysql_fetch_array($result2, MYSQL_ASSOC))
- {
- echo "<option ";
- /*
- if (trim($row['Subject']) == $initSubject)
- echo "selected ";
- */
- echo "value='".$row['Subject']."'>".$row['Subject'] ;
- }
- echo "</SELECT>";
-
- echo "<label for=\"target_desc_edit\">Target Description</label>
- <textarea name=\"target_desc_edit\" id=\"target_desc_edit$uid\" class=\"input\" cols=\"50\" rows=\"8\" wrap=\"virtual\" >$initTargDesc</textarea>";
- echo "<label for=\"target_startdate$uid\">Target Start Date</label>
- <input type=\"text\" class=\"input\" id=\"target_startdate$uid\" name=\"target_startdate\" value=\"$initStart\" size=\"10\" maxlength=\"10\">";
- echo "<label for=\"target_startdate$uid\">Target Completion Date (if applicable))</label>
- <input type=\"text\" class=\"input\" id=\"target_enddate$uid\" name=\"target_enddate\" value=\"$initEnd\" size=\"10\" maxlength=\"10\">";
- echo "<label for=\"target_note_edit\">Target Note</label>
- <textarea name=\"target_note_edit\" id=\"target_note_edit$uid\" class=\"input\" cols=\"50\" rows=\"1\" wrap=\"virtual\" >$initNote</textarea>";
- echo "<div class='input' style=\"border: 1px #99B3B4 dashed;text-align:center; padding:4px; margin:0px;\">
- <b><a href=# onclick=\"
- correctTargetEnd(
- '$TargetID',
- document.getElementById('Students$uid').value,
- document.getElementById('Teachers$uid').value,
- document.getElementById('Subjects$uid').value,
- document.getElementById('target_desc_edit$uid').value,
- document.getElementById('target_startdate$uid').value,
- document.getElementById('target_enddate$uid').value,
- '$initStatus',
- document.getElementById('Status$uid').value,
- document.getElementById('target_note_edit$uid').value,
- '$resType',
- '$idx',
- '$val',
- document.Arc.Opts[0].checked,
- document.Arc.Opts[1].checked,
- document.Arc.Opts[2].checked,
- document.Arc.Opts[3].checked,
- document.Arc.Opts[4].checked,
- '$resType"."_Result_Div');
- return false;\">
- SAVE</a></b> Corrections to Target
- |-----|
- <b><a href=# onclick=\"
- showResultsOr(
- '$idx',
- '$resType',
- '$val',
- document.Arc.Opts[0].checked,
- document.Arc.Opts[1].checked,
- document.Arc.Opts[2].checked,
- document.Arc.Opts[3].checked,
- document.Arc.Opts[4].checked,
- '$resType"."_Result_Div');
- return false;\">
- CANCEL</a></b> without saving changes
-
- </div>";
- echo "</div>";
- }else sessionError();
- break;
-
- case "TargetCorrectFin":
- if ($seshRights>1){
- $resType = (sanitize_sql_string($_GET['resType']));
- $idx = (sanitize_sql_string($_GET['idx']));
- $val = (sanitize_sql_string($_GET['val']));
- $ong = (sanitize_sql_string($_GET['ong']));
- $ach = (sanitize_sql_string($_GET['ach']));
- $dro = (sanitize_sql_string($_GET['dro']));
- $notes = (sanitize_sql_string($_GET['notes']));
- $forma = (sanitize_sql_string($_GET['forma']));
- $TarID = (sanitize_sql_string($_GET['TarID']));
- $StuID = (sanitize_sql_string($_GET['StuID']));
- $TeachID = (sanitize_sql_string($_GET['TeachID']));
- $Subj = (sanitize_sql_string($_GET['Subj']));
- $note = (sanitize_sql_string($_GET['note']));
- $TargetDesc = (sanitize_sql_string($_GET['TargetDesc']));
- $start = (sanitize_sql_string($_GET['TargetDate1']));
- $end = (sanitize_sql_string($_GET['TargetDate2']));
- $initialStatus = (sanitize_sql_string($_GET['initialStatus']));
- $finalStatus = (sanitize_sql_string($_GET['finalStatus']));
- $d8time=date("Y-m-d H:i:s");
- $actor = $_SESSION['TID'];
-
- if (!(($finalStatus == 'Ongoing')
- || ($finalStatus == 'Achieved')
- || ($finalStatus == 'Dropped')))
- $finalStatus = 'Ongoing';
-
- if (!(isValidDate($start))) $start = date("Y-m-d");
-
-
- if (($finalStatus == 'Ongoing'))
- {$endBit="end=NULL,";}
- else
- if (!(isValidDate($end)))
- {
- $end = date("Y-m-d");
- $endBit = "end='$end',";
- }
- else {$endBit = "end='$end',";}
-
- $query=
- "UPDATE targets
- SET Target_desc='$TargetDesc',
- Student_ID='$StuID',
- Set_By='$TeachID',
- Subject='$Subj',
- note='$note',
- start='$start',
- $endBit
- modder='$actor',
- timestamp='$d8time',
- Status='$finalStatus'
- WHERE Target_ID='$TarID'
- LIMIT 1";
- $result = mysql_query($query) or die (mysql_error());
-
- // ARCHIVE
- ArchiveTarget($TarID);
- /// ACTIVITY UPDATE ///
- $action = "Edit";
- $actedOn = "Target";
- $actor = $_SESSION['TID'];
- $actedOnID = $TarID;
- ActivityUpdate($action, $actedOn, $actor, $actedOnID);
- //////////////////////
- include ('getResults.php');
- }
- else sessionError();
- break;
-
- case "TargetAdd":
- if ($seshRights>1){
- $emptyFields = FALSE;
- $emptyErrors = "";
- $StudentID = (sanitize_sql_string($_GET['stuID']));
- $rnd = (sanitize_sql_string($_GET['sid']));
- $TeacherID = (sanitize_sql_string($_GET['teachID']));
- $Target = (sanitize_sql_string($_GET['targetDesc']));
- $DateSet = (sanitize_sql_string($_GET['targetDate']));
- $subject = (sanitize_sql_string($_GET['subject']));
- $note = (sanitize_sql_string($_GET['note']));
- $repeatDesc = (sanitize_sql_string($_GET['repeatDesc']));
- if (($seshRights<3)&&($TeacherID != $_SESSION['TID']))
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."TeacherID Mismatch";
- }
- if ($StudentID == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr><strong>Student ID</strong> is missing (Select a student from the dropdown list)";
- }
- if ($TeacherID == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Teacher information is missing";
- }
- if ($Target == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr><strong>Description</strong> of target is missing";
- }
- if ($DateSet == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Target start date is missing";
- }
- else
- {
- if (!(isValidDate($DateSet)))
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr><strong>$DateSet</strong> is not a valid date";
- }
- }
- if ($subject == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr><strong>Subject</strong> is missing (Select or create a Subject)";
- }
- if ($emptyFields)
- {
- $msg = "ERROR";
- $info = $emptyErrors;
- $btn = "<a href=# onclick=\"
- document.getElementById('addTargContent').style.display = 'block';
- putThisThere('addTargetButton.php', 'AddTargButton');
- return false;\">Try again</a>?";
- printStatus($msg, $info, $btn, "red");
- }
- else
- {
- //Check if Subject already exists
- {
- $query = "Select count(*) FROM subjects where Subject='$subject'";
- $result = mysql_query($query) or die (mysql_error()) ;
- $result = mysql_result($result, 0);
- //If not, add it
- if ($result == 0)
- {
- $query = "INSERT INTO subjects(Subject) VALUES ('$subject')";
- $result = mysql_query($query) or die (mysql_error()) ;
- //Update Activity Table
- $action = "Add";
- $actedOn = "Subject";
- $actor = $_SESSION['TID'];
- $actedOnID = $subject;
- ActivityUpdate($action, $actedOn, $actor, $actedOnID);
- //
- }
- }
-
- $query =
- "SELECT Target_ID, status, start, end
- FROM targets
- WHERE
- Student_ID='$StudentID'
- AND Set_By='$TeacherID'
- AND Subject = '$subject'
- AND target_desc ='$Target'
- LIMIT 1";
- $result = mysql_query($query) or die (mysql_error()) ;
- while($row = mysql_fetch_array($result, MYSQL_ASSOC))
- {
- $TID = $row['Target_ID'];
- $status = $row['status'];
- $dates1 = $row['start'];
- $dates2 = $row['end'];
- $dates ="$dates1 $dates2";
- $dupe = TRUE;
- }
- if (isset($dupe))
- {
- $msg = "ERROR";
- $info = "Target <strong>not</strong> added to the database
- <br>Reason: This target already exists for this student
- <br>Its current status is: <strong>".$status."</strong>
- <br> The date(s) associated to this target are: <strong>".$dates."</strong>";
- $btn = "<a href=# onclick=\"
- document.getElementById('target_desc').value='';
- document.getElementById('addTargContent').style.display = 'block';
- putThisThere('addTargetButton.php', 'AddTargButton');
- return false;\">Add a different target</a>?";
- printStatus($msg, $info, $btn, "red");
- }
- else
- {
- $query = "SELECT max(Target_ID) FROM targets";
- $result = mysql_query($query) or die (mysql_error());
- $TID = mysql_result($result, 0);
- $TID +=1;
- $actor = $_SESSION['TID'];
- $d8time=date("Y-m-d H:i:s");
-
- //Add Target
- $query = "INSERT INTO targets(Target_ID, Student_ID, set_by, subject, target_desc, start, modder, timestamp, status, note) VALUES('$TID', '$StudentID', '$TeacherID', '$subject', '$Target', '$DateSet', '$actor', '$d8time', 'Ongoing', '$note')";
- $result = mysql_query($query) or die (mysql_error()) ;
-
- // Copy to Archive
- ArchiveTarget($TID);
- //Update Activity Table
- $action = "Add";
- $actedOn = "Target";
- $actor = $_SESSION['TID'];
- $actedOnID = $TID;
- ActivityUpdate($action, $actedOn, $actor, $actedOnID);
- //
-
- if ($repeatDesc=='false')
- {$targetBit = "document.getElementById('target_desc').value='';
- document.getElementById('Subject_Select_xml_addTarg').value='';
- document.getElementById('Subject_idx_addTarg').value='';";}
- else
- {$targetBit = "";}
- $msg ="SUCCESS";
- $info ="<strong>$subject</strong> target successfully added";
- $btn="<a href=# onclick=\"
- $targetBit
- document.getElementById('Student_idx_addTarg').value='';
- document.getElementById('target_note_add').value='';
- document.getElementById('Student_Select_xml_addTarg').value='';
- document.getElementById('addTargContent').style.display = 'block';
- putThisThere('addTargetButton.php', 'AddTargButton');
- return false;\">Add another</a>?";
- printStatus($msg, $info, $btn);
- }
- }
- } else sessionError();
- break;
-
- case "Student":
- if ($seshRights>3){
- $emptyFields = FALSE;
- $emptyErrors = "";
- // Get Vars
- $firstname= (sanitize_sql_string($_GET['firstname']));
- $lastname=(sanitize_sql_string($_GET['lastname']));
- $class=(sanitize_sql_string($_GET['class']));
- $DOB=(sanitize_sql_string($_GET['DOB']));
- $DOR=(sanitize_sql_string($_GET['DOR']));
- $status=(sanitize_sql_string($_GET['status']));
- $skipped=intval(sanitize_sql_string($_GET['skipped']));
- if ($firstname == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>First name is missing";
- }
- if ($lastname == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Last name is missing";
- }
- if ($class == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Class is missing";
- }
- if ($DOB == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Date of Birth is missing";
- }
- else
- {
- if (!(isValidDate($DOB)))
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Date of Birth: $DOB is not a valid date";
- }
- }
- if ($DOR == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Date of Registration is missing";
- }
- else
- {
- if (!(isValidDate($DOR)))
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Registration Date: $DOR is not a valid date";
- }
- }
- if ($status == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Status information is missing";
- }
- if (!(($status == 'Active') || ($status == 'Dropped') || ($status == 'Left')))
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr><strong>$status</strong> is not a valid status.";
- }
- if (($skipped < -1 ) || ($skipped > 5))
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Are you sure the student has skipped <strong>$skipped</strong> years?";
- }
- if ($emptyFields)
- {
- $msg = "ERROR";
- $info = $emptyErrors;
- $btn = "<a href=#
- onclick=\"
- document.getElementById('addStudeContent').style.display = 'block';
- putThisThere('addStudentButton.php', 'AddStudentButton');
- return false;\">Try again?</a>";
- printStatus($msg, $info, $btn, "red");
- }
- else
- {
- // Check if person already exists
- $query = "Select count(*) from students where LOWER(First_name)=LOWER('$firstname') AND LOWER(last_name)=LOWER('$lastname') and DOB = '$DOB' and class ='$class'";
- $result = mysql_query($query) or die (mysql_error()) ;
- $result = mysql_result($result, 0);
- if ($result != 0)
- {
- $msg = "ERROR";
- $info = "A Student named <strong>$firstname $lastname</strong> in class <strong>$class</strong> with Date of Birth: <strong>$DOB</strong> already exists in the database.
- <br>If you wish to add another student with the same name, DOB and class add their middle initial after their first name";
- $btn = "<a href=# onclick=\"
- document.getElementById('addStudeContent').style.display = 'block';
- putThisThere('addStudentButton.php', 'AddStudentButton');
- return false;\">Try again?</a>";
- printStatus($msg, $info, $btn, "red");
- }
- else
- {
- // Create UID based on name
- $UID = substr($firstname, 0,3).substr($lastname, 0, 3)."_".$class;
- // Check UID is unique, if not make unique
- $UID = checkUID($UID, "students", "Student_ID");
- $Dobmod=intval(substr($DOB,0,4));
- $Dobmod=$Dobmod - $skipped;
- $Dobmod = $Dobmod.(substr($DOB,4,6));
- $timestamp = date("Y-m-d H:i:s");
- $query = "INSERT INTO students(student_ID, first_name, last_name, class, DOB, reg_date, DOBmod, lastModDate) VALUES('$UID', '$firstname', '$lastname' , '$class', '$DOB', '$DOR', '$Dobmod', '$timestamp' ) ";
- $result = mysql_query($query) or die (mysql_error()) ;
-
- /// ACTIVITY UPDATE ///
- $action = "Add";
- $actedOn = "Student";
- $actor = $_SESSION['TID'];
- $actedOnID = $UID;
- ActivityUpdate($action, $actedOn, $actor, $actedOnID);
- //////////////////////
- //STATUS MESSAGE AND LINK//
- $msg = "SUCCESS";
- $info = "Student named <strong> $firstname $lastname (DOB:$DOB) </strong> has been successfully added to the database";
- $btn = "<a href=# onclick=\"
- document.getElementById('Stu_FirstName').value ='';
- document.getElementById('Stu_LastName').value='';
- document.getElementById('ClassLet').value = '';
- document.getElementById('add_student_status').value = 'Active';
- document.getElementById('add_skipped_years').value = '0';
- document.getElementById('addStudeContent').style.display = 'block';
- putThisThere('addStudentButton.php', 'AddStudentButton');
- return false;\">Add another</a>?";
- printStatus($msg, $info, $btn);
- ///////////////////////////
- }
- }
- } else sessionError();
- break;
- case "editStudent":
- if ($seshRights>3){
- $emptyFields = FALSE;
- $emptyErrors = "";
- // Get Vars
- $stu_ID= (sanitize_sql_string($_GET['idx']));
- $firstname= (sanitize_sql_string($_GET['firstname']));
- $lastname=(sanitize_sql_string($_GET['lastname']));
- $class=(sanitize_sql_string($_GET['class']));
- $DOB=(sanitize_sql_string($_GET['DOB']));
- $DOR=(sanitize_sql_string($_GET['DOR']));
- $status=(sanitize_sql_string($_GET['status']));
- $skipped=intval(sanitize_sql_string($_GET['skipped']));
- if ($stu_ID == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Student ID is missing";
- }
- if ($firstname == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>First name is missing";
- }
- if ($lastname == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Last name is missing";
- }
- if ($class == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Class is missing";
- }
- if ($DOB == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Date of Birth is missing";
- }
- else
- {
- if (!(isValidDate($DOB)))
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Date of Birth: $DOB is not a valid date";
- }
- }
- if ($DOR == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Date of Registration is missing";
- }
- else
- {
- if (!(isValidDate($DOR)))
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Registration Date: $DOR is not a valid date";
- }
- }
- if ($status == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Status information is missing";
- }
- if (!(($status == 'Active') || ($status == 'Dropped') || ($status == 'Left')))
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr><strong>$status</strong> is not a valid status.";
- }
- if (($skipped < -1 ) || ($skipped > 5))
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Are you sure the student has skipped <strong>$skipped</strong> years?";
- }
- if ($emptyFields)
- {
- $msg = "ERROR";
- $info = $emptyErrors;
- $btn = "<a href=#
- onclick=\"
- document.getElementById('editStudeContent').style.display = 'block';
- putThisThere('editStudentButton.php', 'editStudentButton');
- return false;\">Try again?</a>";
- printStatus($msg, $info, $btn, "red");
- }
- else
- {
- // Check if person already exists
- $query =
- "Select
- count(*)
- FROM
- students
- WHERE
- LOWER(First_name)=LOWER('$firstname')
- AND LOWER(last_name)=LOWER('$lastname')
- AND DOB = '$DOB'
- AND class ='$class'
- AND student_ID!='$stu_ID'";
- $result = mysql_query($query) or die (mysql_error()) ;
- $result = mysql_result($result, 0);
- if ($result != 0)
- {
- $msg = "ERROR";
- $info = "A Student named <strong>$firstname $lastname</strong> in class <strong>$class</strong> with Date of Birth: <strong>$DOB</strong> already exists in the database.
- <br>If you wish to add another student with the same name, DOB and class add their middle initial after their first name";
- $btn = "<a href=# onclick=\"
- document.getElementById('addStudeContent').style.display = 'block';
- putThisThere('editStudentButton.php', 'editStudentButton');
- return false;\">Try again?</a>";
- printStatus($msg, $info, $btn, "red");
- }
- else
- {
- $Dobmod=intval(substr($DOB,0,4));
- $Dobmod=$Dobmod - $skipped;
- $Dobmod = $Dobmod.(substr($DOB,4,6));
- $timestamp = date("Y-m-d H:i:s");
- $query =
- "UPDATE
- students
- SET
- first_name='$firstname',
- last_name='$lastname',
- class='$class',
- DOB='$DOB' ,
- reg_date='$DOR',
- DOBmod='$Dobmod',
- Stat='$status',
- lastModDate ='$timestamp'
- WHERE
- student_ID='$stu_ID'";
- $result = mysql_query($query) or die (mysql_error()) ;
-
-
-
- /// ACTIVITY UPDATE ///
- $action = "Edit";
- $actedOn = "Student";
- $actor = $_SESSION['TID'];
- $actedOnID = $stu_ID;
- ActivityUpdate($action, $actedOn, $actor, $actedOnID);
- //////////////////////
- //STATUS MESSAGE AND LINK//
- $msg = "SUCCESS";
- $info = "New details for Student named <strong> $firstname $lastname (DOB:$DOB) </strong> saved.";
- $btn = "<a href=# onclick=\"
- document.getElementById('Student_Select_xml').value = '$firstname $lastname';
- showResultsOr('$stu_ID',
- 'Student',
- '$firstname $lastname',
- document.Arc.Opts[0].checked,
- document.Arc.Opts[1].checked,
- document.Arc.Opts[2].checked,
- document.Arc.Opts[3].checked,
- document.Arc.Opts[4].checked,
- 'Student_Result_Div');
- HideAlert('editStude');
- return false;\">Close</a>";
- printStatus($msg, $info, $btn);
- ///////////////////////////
- }
- }
- }
- else sessionError();
- break;
- case "Teacher":
- if ($seshRights>3){
- $emptyFields = FALSE;
- $emptyErrors = "";
- // Get Vars
- $teach_firstname= (sanitize_sql_string($_GET['firstname']));
- $teach_lastname=(sanitize_sql_string($_GET['lastname']));
- $teach_title=(sanitize_sql_string($_GET['title']));
- $raw_email=$_GET['email'];
- $teach_email=(sanitize_sql_string($_GET['email']));
- $teach_pass=(sanitize_sql_string($_GET['pass']));
- $teach_status=(sanitize_sql_string($_GET['status']));
- $teach_rights=(sanitize_sql_string($_GET['rights']));
- if ($teach_firstname == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>First name is missing";
- }
- if ($teach_lastname == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Last name is missing";
- }
- if ($teach_title == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Title is missing";
- }
- if ($teach_email == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>E-mail address is missing";
- }
- else
- {
- include('_inc_EmailAddressValidator.php');
- $validator = new EmailAddressValidator;
- if (!($validator->check_email_address($raw_email)))
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr><strong>$raw_email</strong> is not a valid E-mail address";
- }
- else
- {
- $query = "SELECT title, first_name, last_name
- FROM teachers
- WHERE LOWER(email) = LOWER('$teach_email')
- LIMIT 1";
- $result = mysql_query($query) or die (mysql_error());
-
- while($row = mysql_fetch_array($result, MYSQL_ASSOC))
- {
- $t = $row['title'];
- $fn = $row['first_name'];
- $ln = $row['last_name'];
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr><strong>$teach_email</strong> already in use by <strong>$t $fn $ln</strong>";
- }
-
-
- }
- }
- if ($teach_pass == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Blank passwords are not allowed";
- }
- if ($teach_status == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Status Information is missing";
- }
- if ($teach_rights == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Access Rights Information is missing";
- }
-
-
- if ($emptyFields)
- {
- $msg = "ERROR";
- $info = $emptyErrors;
- $btn = "<a href=#
- onclick=\"
- document.getElementById('addTeachContent').style.display = 'block';
- putThisThere('addTeacherButton.php', 'AddTeacherButton');
- return false;\">Try again?</a>";
- printStatus($msg, $info, $btn, "red");
- }
- else
- {
- // Check if person already exists
- $query = "Select count(*) from teachers where First_name='$teach_firstname' AND last_name='$teach_lastname'";
- $result = mysql_query($query) or die (mysql_error()) ;
- $result = mysql_result($result, 0);
- if ($result != 0)
- {
- $msg = "ERROR";
- $info = "A teacher named <strong>$teach_firstname $teach_lastname </strong> already exists in the database.<br><small>If you wish to add another teacher with the same name add their middle initial (or the class taught by this teacher) as part of their first name</small>";
- $btn = "<a href=#
- onclick=\"
- document.getElementById('addTeachContent').style.display = 'block';
- putThisThere('addTeacherButton.php', 'AddTeacherButton');
- return false;\">Try again?</a>";
- printStatus($msg, $info, $btn, "red");
- }
- else
- {
-
- // Create UID based on name
- $UID = substr($teach_firstname, 0,3).substr($teach_lastname, 0, 3);
- // Check UID is unique, if not make unique
- $UID = checkUID($UID, "teachers", "Teacher_ID");
- $timestamp = date("Y-m-d H:i:s");
- $query = "INSERT INTO teachers (teacher_ID, first_name, last_name, title, email, pwd, stat, rights, Status_change_date ) VALUES('$UID', '$teach_firstname', '$teach_lastname' , '$teach_title', '$teach_email', '$teach_pass', '$teach_status', '$teach_rights', '$timestamp' ) ";
- $result = mysql_query($query) or die (mysql_error()) ;
-
- /// ACTIVITY UPDATE ///
- $action = "Add";
- $actedOn = "Teacher";
- $actor = $_SESSION['TID'];
- $actedOnID = $UID;
- ActivityUpdate($action, $actedOn, $actor, $actedOnID);
- //////////////////////
-
- //STATUS MESSAGE AND LINK//
- $msg = "SUCCESS";
- $info = "Teacher named <strong>$teach_title $teach_firstname $teach_lastname</strong> has been successfully added to the database";
- $btn = "<a href=#
- onclick=\"
- document.getElementById('Teach_FirstName').value = '';
- document.getElementById('Teach_LastName').value = '';
- document.getElementById('Teach_Title').value = '';
- document.getElementById('Teach_Pass').value = '';
- document.getElementById('Teach_Email').value = '';
- document.getElementById('Teach_Status').value = 1;
- document.getElementById('Teach_Rights').value = 3;
-
- document.getElementById('addTeachContent').style.display = 'block';
- putThisThere('addTeacherButton.php', 'AddTeacherButton');
- return false;\">Add another</a>?";
- printStatus($msg, $info, $btn);
- ///////////////////////////
-
- }
- }
- }
- else sessionError();
- break;
- case "editTeacher":
- if ($seshRights>3){
- $emptyFields = FALSE;
- $emptyErrors = "";
- // Get Vars
- $teach_ID = (sanitize_sql_string($_GET['idx']));
- $teach_firstname= (sanitize_sql_string($_GET['firstname']));
- $teach_lastname=(sanitize_sql_string($_GET['lastname']));
- $teach_title=(sanitize_sql_string($_GET['title']));
- $raw_email=$_GET['email'];
- $teach_email=(sanitize_sql_string($_GET['email']));
- $teach_pass=(sanitize_sql_string($_GET['pass']));
- $teach_status=(sanitize_sql_string($_GET['status']));
- $teach_rights=(sanitize_sql_string($_GET['rights']));
- if ($teach_ID == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Teacher ID is missing";
- }
- if ($teach_firstname == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>First name is missing";
- }
- if ($teach_lastname == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Last name is missing";
- }
- if ($teach_title == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Title is missing";
- }
- if ($teach_email == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>E-mail address is missing";
- }
- else
- {
- include('_inc_EmailAddressValidator.php');
- $validator = new EmailAddressValidator;
- if (!($validator->check_email_address($raw_email)))
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr><strong>$raw_email</strong> is not a valid E-mail address";
- }
- else
- {
-
- $query =
- "SELECT
- title,
- first_name,
- last_name
- FROM
- teachers
- WHERE
- LOWER(email) = LOWER('$teach_email')
- AND Teacher_ID!='$teach_ID'
- LIMIT 1";
- $result = mysql_query($query) or die (mysql_error());
-
- while($row = mysql_fetch_array($result, MYSQL_ASSOC))
- {
- $t = $row['title'];
- $fn = $row['first_name'];
- $ln = $row['last_name'];
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr><strong>$teach_email</strong> already in use by <strong>$t $fn $ln</strong>";
- }
-
-
- }
- }
- if ($teach_pass == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Blank passwords are not allowed";
- }
- if ($teach_status == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Status Information is missing";
- }
- if ($teach_rights == '')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Access Rights Information is missing";
- }
-
-
- if ($emptyFields)
- {
- $msg = "ERROR";
- $info = $emptyErrors;
- $btn = "<a href=#
- onclick=\"
- document.getElementById('editTeachContent').style.display = 'block';
- putThisThere('editTeacherButton.php', 'editTeacherButton');
- return false;\">Try again?</a>";
- printStatus($msg, $info, $btn, "red");
- }
- else
- {
- // Check if person already exists
- $query = "SELECT
- count(*)
- FROM
- teachers
- WHERE
- First_name='$teach_firstname'
- AND last_name='$teach_lastname'
- AND Teacher_ID!='$teach_ID'";
- $result = mysql_query($query) or die (mysql_error()) ;
- $result = mysql_result($result, 0);
- if ($result != 0)
- {
- $msg = "ERROR";
- $info = "A teacher named <strong>$teach_firstname $teach_lastname </strong> already exists in the database.<br><small>If you wish to add another teacher with the same name add their middle initial (or the class taught by this teacher) as part of their first name</small>";
- $btn = "<a href=#
- onclick=\"
- document.getElementById('editTeachContent').style.display = 'block';
- putThisThere('editTeacherButton.php', 'editTeacherButton');
- return false;\">Try again?</a>";
- printStatus($msg, $info, $btn, "red");
- }
- else
- {
- $timestamp = date("Y-m-d H:i:s");
- $query =
- "UPDATE
- teachers
- SET
- first_name='$teach_firstname',
- last_name='$teach_lastname',
- title='$teach_title',
- email='$teach_email',
- pwd='$teach_pass',
- stat='$teach_status',
- rights='$teach_rights',
- Status_change_date='$timestamp'
- WHERE
- Teacher_ID='$teach_ID'";
- $result = mysql_query($query) or die (mysql_error()) ;
-
- /// ACTIVITY UPDATE ///
- $action = "Edit";
- $actedOn = "Teacher";
- $actor = $_SESSION['TID'];
- $actedOnID = $teach_ID;
- ActivityUpdate($action, $actedOn, $actor, $actedOnID);
- //////////////////////
-
- //STATUS MESSAGE AND LINK//
- $msg = "SUCCESS";
- $info = "Information successfully modified for teacher named <strong>$teach_title $teach_firstname $teach_lastname</strong>";
- $btn = "<a href=#
- onclick=
- \"document.getElementById('editTeach_ID').value = '';
- document.getElementById('editTeach_FirstName').value = '';
- document.getElementById('editTeach_LastName').value = '';
- document.getElementById('editTeach_Title').value = '';
- document.getElementById('editTeach_Pass').value = '';
- document.getElementById('editTeach_Email').value = '';
- document.getElementById('editTeach_Status').value = '1';
- document.getElementById('editTeach_Rights').value = '3';
- document.getElementById('Teacher_Select_xml').value = '$teach_firstname $teach_lastname';
- showResultsOr('$teach_ID',
- 'Teacher',
- '$teach_firstname $teach_lastname',
- document.Arc.Opts[0].checked,
- document.Arc.Opts[1].checked,
- document.Arc.Opts[2].checked,
- document.Arc.Opts[3].checked,
- document.Arc.Opts[4].checked,
- 'Teacher_Result_Div');
- HideAlert('editTeach');
- return false;\">Close</a>";
- printStatus($msg, $info, $btn);
- ///////////////////////////
-
- }
- }
- }
- else sessionError();
- break;
- case "editMe":
- $emptyFields = FALSE;
- $emptyErrors = "";
- // Get Vars
- $teachID = $_SESSION['TID'];
- $email = (sanitize_sql_string($_GET['em']));
- $pass= (sanitize_sql_string($_GET['pas']));
- $passo=(sanitize_sql_string($_GET['paso']));
- $passn=(sanitize_sql_string($_GET['pasn']));
- $raw_email=$_GET['em'];
- if (($passo == '') && ($pass == ''))
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Your Password is required to modify your login details.";
- }
- else
- {
- $passToCheck = mt_rand();
- $passToCheck =
- md5(md5($passToCheck)
- .$passToCheck)
- .$passToCheck
- .md5(mt_rand())
- .mt_rand();
- $passToCheck = ($pass != '') ? $pass : $passToCheck;
- $passToCheck = ($passo != '') ? $passo : $passToCheck;
- $query =
- "SELECT count(pwd)
- FROM teachers
- WHERE
- Teacher_ID='$teachID'
- AND
- LOWER(pwd)=LOWER('$passToCheck')
- LIMIT 1";
- $result = mysql_query($query) or die (mysql_error()) ;
- $pz = mysql_result($result, 0);
- if ($pz < 1)
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>The password you have entered is incorrect";
- }
- }
-
- if ($passn=='')
- {
- if ($passo!='')
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr>Blank passwords are not allowed";
- }
- else
- {
- $query =
- "SELECT pwd
- FROM teachers
- WHERE Teacher_ID='$teachID'
- LIMIT 1";
- $result = mysql_query($query) or die (mysql_error()) ;
- $passn = mysql_result($result, 0);
- }
- }
- if ($email == '')
- {
- $query =
- "SELECT email
- FROM teachers
- WHERE Teacher_ID='$teachID'
- LIMIT 1";
- $result = mysql_query($query) or die (mysql_error()) ;
- $email = mysql_result($result, 0);
- }
- else
- {
- include('_inc_EmailAddressValidator.php');
- $validator = new EmailAddressValidator;
- if (!($validator->check_email_address($raw_email)))
- {
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr><strong>$raw_email</strong> is not a valid E-mail address";
- }
- else
- {
-
- $query =
- "SELECT
- title,
- first_name,
- last_name
- FROM
- teachers
- WHERE
- LOWER(email) = LOWER('$email')
- AND Teacher_ID!='$teachID'
- LIMIT 1";
- $result = mysql_query($query) or die (mysql_error());
-
- while($row = mysql_fetch_array($result, MYSQL_ASSOC))
- {
- $t = $row['title'];
- $fn = $row['first_name'];
- $ln = $row['last_name'];
- $emptyFields = TRUE;
- $emptyErrors = $emptyErrors."<hr><strong>$raw_email</strong> already in use by <strong>$t $fn $ln</strong>";
- }
-
-
- }
- }
- if ($emptyErrors == '')
- {
- $timestamp = date("Y-m-d H:i:s");
- $query =
- "UPDATE
- teachers
- SET
-
- email='$email',
- pwd='$passn',
- Status_change_date='$timestamp'
- WHERE
- Teacher_ID='$teachID'";
- $result = mysql_query($query) or die (mysql_error()) ;
-
- /// ACTIVITY UPDATE ///
- $action = "Edit";
- $actedOn = "Teacher";
- $actor = $_SESSION['TID'];
- $actedOnID = $teachID;
- ActivityUpdate($action, $actedOn, $actor, $actedOnID);
- //////////////////////
-
- //STATUS MESSAGE AND LINK//
- $msg = "SUCCESS";
- $info = "<b>$email</b> : Your login information has been successfully modified.</strong>";
- $btn = "<a href=#
- onclick=
- \"document.getElementById('editMeButton').innerHTML='';
- HideAlert('editMe');
- return false;\">Close</a>";
- printStatus($msg, $info, $btn);
- }
-
- else
- {
- $msg = "ERROR";
- $info = $emptyErrors;
- $btn = "<a href=#
- onclick=\"
- document.getElementById('editMeContent').style.display = 'block';
- document.getElementById('editMeButton').style.display = 'none';
- return false;\">Try again?</a>";
- printStatus($msg, $info, $btn, "red");
- }
- break;
- case "remindMe":
- $query = "SELECT email, pwd
- FROM teachers
- WHERE Teacher_ID='".$_SESSION['TID']."'
- LIMIT 1";
- $result = mysql_query($query) or die (mysql_error());
-
- while($row = mysql_fetch_array($result, MYSQL_ASSOC))
- {
- $em = $row['email'];
- $pw = $row['pwd'];
- }
-
- $Name = "Gifted and Talented DataBase"; //senders name
- $email = "GiftednTalented@pembridgehall.co.uk"; //senders e-mail adress
- $recipient = $em; //recipient
- $replyto = "ann-marie.walsh@pembridgehall.co.uk";
- $mail_body = "A password reminder was requested for the Gifted and Talented database from your account. Your password is $pw. If you believe you have received this email in error, please contact the database administrator."; //mail body
- $subject = "Gifted and Talented Reminder"; //subject
- $header = "From: ". $Name . " <" . $email . ">\r\n".
- "Reply-To: $replyto \r\n" .
- "X-Mailer: PHP/" . phpversion();
- // Optional, use if doesn't work
- ini_set('sendmail_from', 'emamio@moran.dreamhost.com'); //Suggested by "Some Guy"
- //
- mail($recipient, $subject, $mail_body, $header);
-
- //STATUS MESSAGE AND LINK//
- $msg = "SUCCESS";
- $info = "Password reminder sent to <b>$em<b>";
- $btn = "<a href=#
- onclick=
- \"document.getElementById('editMeButton').innerHTML='';
- HideAlert('editMe');
- return false;\">Close</a>";
- printStatus($msg, $info, $btn);
- break;
- default: return false;
- }
- /*
- document.getElementById('SpecSubj').value='';
- document.getElementById('SubjAdd').innerHTML='';
- */
- //include ('_inc_closeDB.php');
- }
- else sessionError();
- ?>