AddToDBOld.php | searchcode

/AddToDBOld.php

https://github.com/alexeiemam/GnT
PHP | 1329 lines | 1287 code | 27 blank | 15 comment | 15 complexity | 91809848d3b1d7b1f7be331f032f6002 MD5 | raw file

<?php
include('_CHECK.php');

include_once('_inc_sanitation.php');

function ArchiveTarget($tid)
{
	$query = 
		"INSERT INTO targets_archive 
			(Target_ID, Student_ID, set_by, subject, target_desc, start, modder, end, timestamp, status, note)
	    		SELECT Target_ID, Student_ID, set_by, subject, target_desc, start, modder, end, timestamp, status, note
	    		FROM targets 
				WHERE target_ID ='$tid'
				LIMIT 1";
	$result = mysql_query($query) or die (mysql_error()) ;
	return true;		
}

function ActivityUpdate($action, $actedOn, $actor, $actedOnID)
{
	$timestamp = date("Y-m-d H:i:s");
	$query = "
	INSERT INTO activities (action, actedOn, actor, actedOnID, tstamp) 
	VALUES('$action', '$actedOn', '$actor', '$actedOnID','$timestamp' )";
	$result = mysql_query($query) or die (mysql_error()) ;
	return true;
}

function checkUID($ID, $table, $column)
{
	$query = "Select count(*) from $table where $column='$ID'";	
	$result = mysql_query($query) or die (mysql_error()) ;
	$result = mysql_result($result, 0);
	While ($result > 0)
		{
		$ID = $ID."_".($result+1);
		$query = "Select count(*) from $table where $column='$ID'";	
		$result = mysql_query($query) or die (mysql_error()) ;
		$result = mysql_result($result, 0);
		}
	return  $ID;
}

function printStatus($title,  $info, $buttonCode=NULL, $colour=NULL)
{
	echo "<div style=\"border: 3px #99B3B4 double; margin 0;\">
				<div class='input' style=\"border: 1px #99B3B4 dashed; text-align:center; ";
	if (isset($colour))	
	echo "color: $colour;";
				echo " \">
					<big>$title</big>
				</div>
				<div class='input' style=\"border: 1px #99B3B4 dashed; text-align:center;  \">
					$info
				</div>";
	if (isset($buttonCode))	
		{echo "<div class='input' style=\"border: 1px #99B3B4 dashed;text-align:center; margin: 0; \">
			$buttonCode
		</div>";}		
	echo "</div>";	
}

function sessionError()
{
	$error = "LOGIN TIMEOUT";
	$colour = "red";
	$info = "Please logout and re-enter your email address and password.";
	printStatus($error, $info, NULL, $colour);
}


if($seshRights>0){

$changeWhat = (sanitize_sql_string($_GET['changeWhat']));

switch($changeWhat) {
		case "TargetMod": 
			if ($seshRights>1){
				$TargetID = (sanitize_sql_string($_GET['targetID']));
				$newStatus = (sanitize_sql_string($_GET['newStatus']));
				$resType = (sanitize_sql_string($_GET['resType']));
				$idx = (sanitize_sql_string($_GET['idx']));
				$val = (sanitize_sql_string($_GET['val']));
    			$ong = (sanitize_sql_string($_GET['ong']));
				$ach = (sanitize_sql_string($_GET['ach']));
				$dro = (sanitize_sql_string($_GET['dro']));
				$notes = (sanitize_sql_string($_GET['notes']));
				$forma = (sanitize_sql_string($_GET['forma']));

				$DateSwitch = date("Y-m-d");
				$d8time=date("Y-m-d H:i:s");
				$actor = $_SESSION['TID']; 
				
				$query= 
				"UPDATE targets 
					SET status='$newStatus', end='$DateSwitch', timestamp='$d8time', modder='$actor'
					WHERE Target_ID='$TargetID';";
				$result = mysql_query($query) or die (mysql_error()) ;
				
				// ARCHIVE
				ArchiveTarget($TargetID);
				/// ACTIVITY UPDATE ///
					$action = "Update-$newStatus";
					$actedOn = "Target";
					$actor = $_SESSION['TID'];
					$actedOnID = $TargetID;
					ActivityUpdate($action, $actedOn, $actor, $actedOnID);
				//////////////////////
				include('getResults.php');
				}
				break;
				
		case "TargetCorrectInit":
			if ($seshRights>1){ 				
				$TargetID = (sanitize_sql_string($_GET['targetID']));
				$resType = (sanitize_sql_string($_GET['resType']));
				$idx = (sanitize_sql_string($_GET['idx']));
				$val = (sanitize_sql_string($_GET['val']));
				$uid = (sanitize_sql_string($_GET['sid']));
				$query = 
						"SELECT student_ID, set_by, start, end, status, subject, target_desc, note
							FROM targets
							WHERE target_ID='$TargetID'";
				
				$result = mysql_query($query) or die (mysql_error()) ;

				echo "<div style=\"border: 3px #99B3B4 double; margin 0; padding 0; width=auto;\">
				<div class='input' style=\"border: 1px #99B3B4 dashed;text-align:center;  \"><big>EDITING TARGET</big></div> ";
				/* Trying to load selector
					onload=\"function () {	
					calSE = new dhtmlxCalendarObject('target_startdate$uid', true, {isMonthEditable: true, isYearEditable: true});
					calEE = new dhtmlxCalendarObject('target_enddate$uid', true, {isMonthEditable: true, isYearEditable: true});
					} \"
				*/
				while($row = mysql_fetch_array($result, MYSQL_ASSOC))
				 {
				 $initStudentID=trim($row['student_ID']);
				 $initTeacherID=trim($row['set_by']);
				 $initTargDesc=trim($row['target_desc']);
				 $initSubject=trim($row['subject']);
				 $initStatus=trim($row['status']);
				 $initStart=trim($row['start']);
				 $initEnd=trim($row['end']);
				 $initNote = trim($row['note']);
				 }
				 include_once('_inc_yearFinder.php');
				 $forma = (sanitize_sql_string($_GET['forma']));
        		if ($forma != 'true'){
					$bit1 = "Stat='Active'";	
					$StudentList = lowerSchoolAged();
					$bit2 = "Student_ID IN ($StudentList)";
					$formerbit = "$bit1 AND $bit2";	
					$formerbit = "WHERE $formerbit";
					}
				else{
						if ($seshRights < 4) {$formerbit = "Stat='Active'"; $formerbit = "WHERE $formerbit";}
						else {$formerbit = "";}
					}

						$StudentsQ  = 
						"SELECT 
							Student_ID,
							CONCAT(first_name, ' ', last_name) as 'Student'
							FROM students 
							$formerbit
							ORDER BY first_name, last_name"; 
					
						$SubjectsQ =  
						"Select Subject
							FROM subjects Group By Subject"; 
					
						$TeachersQ =  
						"Select Teacher_ID, CONCAT(First_Name, ' ', Last_Name) as 'Set By Teacher' 
							FROM teachers 
							WHERE Stat < 3
							ORDER BY first_name, last_name";
						
						echo "<FORM name=\"EditMode\">";
						
						echo "<SELECT class='input' name=\"Students$uid\" id=\"Students$uid\">";
						$result2 = mysql_query($StudentsQ) or die (mysql_error()) ;
						while($row = mysql_fetch_array($result2, MYSQL_ASSOC))
						{
							echo "<option ";
							if (trim($row['Student_ID']) == $initStudentID)
							echo "selected ";
							echo "value='".$row['Student_ID']."'>".$row['Student'] ;
						}
						echo "</SELECT>";


						echo "<SELECT class='input' name=\"Teachers$uid\" id=\"Teachers$uid\">";
						$result2 = mysql_query($TeachersQ) or die (mysql_error()) ;
						while($row = mysql_fetch_array($result2, MYSQL_ASSOC))
						{
							echo "<option ";
							if (trim($row['Teacher_ID']) == $initTeacherID)
							echo "selected ";
							echo "value='".$row['Teacher_ID']."'>".$row['Set By Teacher'] ;	
						}
						echo "</SELECT>";
						
						echo "<SELECT class='input' name=\"Status$uid\" id=\"Status$uid\">";
						$statuses = array('Ongoing', 'Achieved', 'Dropped');
						for ( $i = 0; $i< sizeOf($statuses); $i+=1) {
							echo "<option ";
							if ($statuses[$i] == $initStatus)
							echo "selected ";
							echo "value='".$statuses[$i]."'>".$statuses[$i] ;	
						}
						echo "</SELECT>";
						echo "<hr>";
						echo "<SELECT class='input' name=\"Subjects$uid\" id=\"Subjects$uid\">";
							$result2 = mysql_query($SubjectsQ) or die (mysql_error()) ;
							// Using Init Selected Rather than Match Select
							// Because original subject list was different
							echo "<option value='$initSubject' Selected>$initSubject";
						while($row = mysql_fetch_array($result2, MYSQL_ASSOC))
						{
							echo "<option ";
							/*
							if (trim($row['Subject']) == $initSubject)
							echo "selected ";
							*/
							echo "value='".$row['Subject']."'>".$row['Subject'] ;	
						}
						echo "</SELECT>";
						
						echo  "<label for=\"target_desc_edit\">Target Description</label>
    		<textarea name=\"target_desc_edit\" id=\"target_desc_edit$uid\" class=\"input\" cols=\"50\" rows=\"8\" wrap=\"virtual\" >$initTargDesc</textarea>";
			echo "<label for=\"target_startdate$uid\">Target Start Date</label>
            			<input type=\"text\" class=\"input\" id=\"target_startdate$uid\" name=\"target_startdate\" value=\"$initStart\" size=\"10\" maxlength=\"10\">";
			echo "<label for=\"target_startdate$uid\">Target Completion Date (if applicable))</label>
            <input type=\"text\" class=\"input\" id=\"target_enddate$uid\" name=\"target_enddate\" value=\"$initEnd\" size=\"10\" maxlength=\"10\">";
            echo "<label for=\"target_note_edit\">Target Note</label>
    		<textarea name=\"target_note_edit\" id=\"target_note_edit$uid\" class=\"input\" cols=\"50\" rows=\"1\" wrap=\"virtual\" >$initNote</textarea>";

			echo "<div class='input' style=\"border: 1px #99B3B4 dashed;text-align:center;  padding:4px; margin:0px;\">
					<b><a href=# onclick=\"
					correctTargetEnd(
						'$TargetID',
						document.getElementById('Students$uid').value,
						document.getElementById('Teachers$uid').value, 
						document.getElementById('Subjects$uid').value, 
						document.getElementById('target_desc_edit$uid').value, 
						document.getElementById('target_startdate$uid').value, 
						document.getElementById('target_enddate$uid').value, 
						'$initStatus', 
						document.getElementById('Status$uid').value, 
						document.getElementById('target_note_edit$uid').value,
						'$resType', 
						'$idx', 
						'$val', 
						document.Arc.Opts[0].checked,
						document.Arc.Opts[1].checked, 
						document.Arc.Opts[2].checked, 
						document.Arc.Opts[3].checked, 
						document.Arc.Opts[4].checked,
						'$resType"."_Result_Div'); 
					return false;\">
				SAVE</a></b> Corrections to Target
					  |-----|
					<b><a href=# onclick=\"
					showResultsOr(
						'$idx',
						'$resType', 
						'$val', 
						document.Arc.Opts[0].checked,
						document.Arc.Opts[1].checked, 
						document.Arc.Opts[2].checked, 
						document.Arc.Opts[3].checked, 
						document.Arc.Opts[4].checked,
						'$resType"."_Result_Div'); 
					return false;\">
				CANCEL</a></b> without saving changes
					
				</div>";
				echo "</div>";
				}
				break;
				
		case "TargetCorrectFin": 
			if ($seshRights>1){
				$resType = (sanitize_sql_string($_GET['resType']));
				$idx = (sanitize_sql_string($_GET['idx']));
				$val = (sanitize_sql_string($_GET['val']));
    			$ong = (sanitize_sql_string($_GET['ong']));
				$ach = (sanitize_sql_string($_GET['ach']));
				$dro = (sanitize_sql_string($_GET['dro']));
				$notes = (sanitize_sql_string($_GET['notes']));
				$forma = (sanitize_sql_string($_GET['forma']));		
				$TarID = (sanitize_sql_string($_GET['TarID']));
				$StuID = (sanitize_sql_string($_GET['StuID']));
				$TeachID = (sanitize_sql_string($_GET['TeachID']));
				$Subj = (sanitize_sql_string($_GET['Subj']));
				$note = (sanitize_sql_string($_GET['note']));
				$TargetDesc = (sanitize_sql_string($_GET['TargetDesc']));
				$start = (sanitize_sql_string($_GET['TargetDate1']));
				$end = (sanitize_sql_string($_GET['TargetDate2']));
				$initialStatus = (sanitize_sql_string($_GET['initialStatus']));
				$finalStatus = (sanitize_sql_string($_GET['finalStatus']));

				$d8time=date("Y-m-d H:i:s");
				$actor = $_SESSION['TID'];
				
				if (!(($finalStatus == 'Ongoing') 
					|| ($finalStatus == 'Achieved') 
					|| ($finalStatus == 'Dropped')))
						$finalStatus = 'Ongoing';
				
				if (!(isValidDate($start))) $start = date("Y-m-d");	
					
								
				if (($finalStatus == 'Ongoing')) 
					{$endBit="end=NULL,";}
				else  
					if (!(isValidDate($end))) 
						{
							$end = date("Y-m-d");
							$endBit = "end='$end',";
						}
					else {$endBit = "end='$end',";}
				
				$query=
					"UPDATE targets 
						SET Target_desc='$TargetDesc', 
							Student_ID='$StuID', 
							Set_By='$TeachID', 
							Subject='$Subj', 
							note='$note', 
							start='$start', 
							$endBit
							modder='$actor',
							timestamp='$d8time',
							Status='$finalStatus'
						WHERE Target_ID='$TarID'
						LIMIT 1";
				$result = mysql_query($query) or die (mysql_error());
				
				// ARCHIVE
					ArchiveTarget($TarID);
				/// ACTIVITY UPDATE ///
					$action = "Edit";
					$actedOn = "Target";
					$actor = $_SESSION['TID'];
					$actedOnID = $TarID;
					ActivityUpdate($action, $actedOn, $actor, $actedOnID);
				//////////////////////
				include ('getResults.php');
				}
				break;
				
		case "TargetAdd": 
		if ($seshRights>2){
				$emptyFields = FALSE;
				$emptyErrors = "";
				$StudentID = (sanitize_sql_string($_GET['stuID']));
				$rnd = (sanitize_sql_string($_GET['sid']));
				$TeacherID = (sanitize_sql_string($_GET['teachID']));		
				$Target = (sanitize_sql_string($_GET['targetDesc']));
				$DateSet = (sanitize_sql_string($_GET['targetDate']));			
				$subject = (sanitize_sql_string($_GET['subject'])); 
				$note = (sanitize_sql_string($_GET['note'])); 
				$repeatDesc = (sanitize_sql_string($_GET['repeatDesc'])); 
				
				if ($StudentID == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr><strong>Student ID</strong> is missing (Select a student from the dropdown list)";
				}
				if ($TeacherID == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Teacher information is missing";
				}
				if ($Target == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr><strong>Description</strong> of target is missing";
				}
				if ($DateSet == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Target start date is missing";
				}
				else 
				{
					if (!(isValidDate($DateSet)))
					{
						$emptyFields = TRUE;
						$emptyErrors = $emptyErrors."<hr><strong>$DateSet</strong> is not a valid date";	
					}
				}
				if ($subject == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr><strong>Subject</strong> is missing (Select or create a Subject)";
				}
				if ($emptyFields)
				{	
					$msg = "ERROR";
					$info =	$emptyErrors;
					$btn = "<a href=# onclick=\"
					document.getElementById('addTargContent').style.display = 'block'; 
					putThisThere('addTargetButton.php', 'AddTargButton'); 				
					return false;\">Try again</a>?";
					printStatus($msg, $info, $btn, "red");
				}
				else
				{
					//Check if Subject already exists
					{
					$query = "Select count(*) FROM Subjects where Subject='$subject'";	
					$result = mysql_query($query) or die (mysql_error()) ;
					$result = mysql_result($result, 0);
					//If not, add it		
					if ($result == 0)
						{
						$query = "INSERT INTO Subjects(Subject) VALUES ('$subject')";	
						$result = mysql_query($query) or die (mysql_error()) ;
						//Update Activity Table
						$action = "Add";
						$actedOn = "Subject";
						$actor = $_SESSION['TID'];
						$actedOnID = $subject;
						ActivityUpdate($action, $actedOn, $actor, $actedOnID);
						//
						}						
					}
					
					$query = 
					"SELECT Target_ID, status, start, end 
						FROM targets 
						WHERE 
							Student_ID='$StudentID' 
							AND Set_By='$TeacherID' 
							AND Subject = '$subject' 
							AND target_desc ='$Target' 
						LIMIT 1";	
					$result = mysql_query($query) or die (mysql_error()) ;
					while($row = mysql_fetch_array($result, MYSQL_ASSOC))
						{
								$TID = $row['Target_ID'];
								$status = $row['status'];
								$dates1 = $row['start'];	
								$dates2 = $row['end'];	
								$dates ="$dates1 $dates2";
								$dupe = TRUE;
						}
					if (isset($dupe))
					{
						$msg = "ERROR";
						$info =	"Target <strong>not</strong> added to the database
							<br>Reason: This target already exists for this student
							<br>Its current status is: <strong>".$status."</strong>
							<br> The date(s) associated to this target are: <strong>".$dates."</strong>";
						$btn = "<a href=# onclick=\"
						document.getElementById('target_desc').value='';
						document.getElementById('addTargContent').style.display = 'block'; 
						putThisThere('addTargetButton.php', 'AddTargButton'); 				
						return false;\">Add a different target</a>?";
						printStatus($msg, $info, $btn, "red");
					}
					else
					{
						$query = "SELECT max(Target_ID) FROM targets";
						$result = mysql_query($query) or die (mysql_error());
						$TID =  mysql_result($result, 0);
						$TID +=1;
						$actor = $_SESSION['TID'];
						$d8time=date("Y-m-d H:i:s");
						
						//Add Target
						$query = "INSERT INTO targets(Target_ID, Student_ID, set_by, subject, target_desc, start, modder, timestamp, status, note) VALUES('$TID', '$StudentID', '$TeacherID', '$subject', '$Target', '$DateSet', '$actor', '$d8time', 'Ongoing', '$note')";
						$result = mysql_query($query) or die (mysql_error()) ;
						
						// Copy to Archive
						ArchiveTarget($TID);
						//Update Activity Table
						$action = "Add";
						$actedOn = "Target";
						$actor = $_SESSION['TID'];
						$actedOnID = $TID;
						ActivityUpdate($action, $actedOn, $actor, $actedOnID);
						//	
						
						if ($repeatDesc=='false')
							{$targetBit = "document.getElementById('target_desc').value='';
							document.getElementById('Subject_Select_xml_addTarg').value='';
							document.getElementById('Subject_idx_addTarg').value='';";}
						else 
							{$targetBit = "";}
						$msg ="SUCCESS";
						$info ="<strong>$subject</strong> target successfully added";
						$btn="<a href=# onclick=\"
						$targetBit
						document.getElementById('Student_idx_addTarg').value='';
						document.getElementById('DOB').value='';
						document.getElementById('target_note_add').value='';
						document.getElementById('Student_Select_xml_addTarg').value='';					
						document.getElementById('addTargContent').style.display = 'block';		
						putThisThere('addTargetButton.php', 'AddTargButton'); 				
						return false;\">Add another</a>?";
						printStatus($msg, $info, $btn);
					}
				}
			}
				break;
				
        case "Student": 
        if ($seshRights>3){
			$emptyFields = FALSE;
			$emptyErrors = "";
			// Get Vars
			$firstname= (sanitize_sql_string($_GET['firstname']));
			$lastname=(sanitize_sql_string($_GET['lastname']));
			$class=(sanitize_sql_string($_GET['class']));
			$DOB=(sanitize_sql_string($_GET['DOB']));
			$DOR=(sanitize_sql_string($_GET['DOR']));
			$status=(sanitize_sql_string($_GET['status']));
			$skipped=intval(sanitize_sql_string($_GET['skipped']));
			if ($firstname == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>First name is missing";
				}
			if ($lastname == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Last name is missing";
				}	
			if ($class == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Class is missing";
				}
			if ($DOB == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Date of Birth is missing";
				}
			else 
				{
					if (!(isValidDate($DOB)))
						{
							$emptyFields = TRUE;
							$emptyErrors = $emptyErrors."<hr>Date of Birth: $DOB is not a valid date";	
						}
				}
			if ($DOR == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Date of Registration is missing";
				}
			else 
				{
					if (!(isValidDate($DOR)))
						{
							$emptyFields = TRUE;
							$emptyErrors = $emptyErrors."<hr>Registration Date: $DOR is not a valid date";	
						}
				}
			if ($status == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Status information is missing";
				}
			if (!(($status == 'Active') ||  ($status == 'Dropped') || ($status == 'Left')))
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr><strong>$status</strong> is not a valid status.";
				}
			if (($skipped < 0 ) || ($skipped > 5))
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Are you sure the student has skipped <strong>$skipped</strong> years?";
				}	
			if ($emptyFields)
			{
					$msg = "ERROR";
					$info =	$emptyErrors;
					$btn = "<a href=# 
					onclick=\"	
					document.getElementById('addStudeContent').style.display = 'block';
				 	putThisThere('addStudentButton.php', 'AddStudentButton'); 	
					return false;\">Try again?</a>";
					printStatus($msg, $info, $btn, "red");
			}	
			else
			{	
				// Check if person already exists
				$query = "Select count(*) from students where First_name='$firstname' AND last_name='$lastname' and DOB = '$DOB' and class ='$class'";	
				$result = mysql_query($query) or die (mysql_error()) ;
				$result = mysql_result($result, 0);		
				if ($result != 0)
					{				
						$msg = "ERROR";
						$info =	"A Student named <strong>$firstname $lastname</strong> in class <strong>$class</strong> with Date of Birth: <strong>$DOB</strong> already exists in the database.
					 <br>If you wish to add another student with the same name, DOB and class add their middle initial after their first name";	
					 	$btn = "<a href=# onclick=\"
					 	document.getElementById('addStudeContent').style.display = 'block';
					 	putThisThere('addStudentButton.php', 'AddStudentButton');  
						return false;\">Try again?</a>";
						printStatus($msg, $info, $btn, "red");
					}
				else
					{
						// Create UID based on name
						$UID = substr($firstname, 0,3).substr($lastname, 0, 3)."_".$class;
						// Check UID is unique, if not make unique
						$UID = checkUID($UID, "students", "Student_ID");
						$Dobmod=intval(substr($DOB,0,4));
						$Dobmod=$Dobmod - $skipped;
						$Dobmod = $Dobmod.(substr($DOB,4,6));
						$timestamp = date("Y-m-d H:i:s");			
						$query = "INSERT INTO students(student_ID, first_name, last_name, class, DOB, reg_date, DOBmod, lastModDate) VALUES('$UID', '$firstname', '$lastname' , '$class', '$DOB', '$DOR', '$Dobmod', '$timestamp' ) ";
						$result = mysql_query($query) or die (mysql_error()) ;
						
						/// ACTIVITY UPDATE ///
						$action = "Add";
						$actedOn = "Student";
						$actor = $_SESSION['TID'];
						$actedOnID = $UID;
						ActivityUpdate($action, $actedOn, $actor, $actedOnID);
						//////////////////////						
						//STATUS MESSAGE AND LINK//
						$msg = "SUCCESS";
						$info =	"Student named <strong> $firstname $lastname (DOB:$DOB) </strong> has been successfully added to the database";
						$btn = "<a href=# onclick=\"
						document.getElementById('Stu_FirstName').value ='';
						document.getElementById('Stu_LastName').value='';
						document.getElementById('ClassLet').value = '';
						document.getElementById('add_student_status').value = 'Active';
						document.getElementById('add_skipped_years').value = '0';
						document.getElementById('addStudeContent').style.display = 'block';
						putThisThere('addStudentButton.php', 'AddStudentButton'); 
						return false;\">Add another</a>?";
						printStatus($msg, $info, $btn);
						///////////////////////////
					}
			}
		}
			break;
        case "editStudent": 
        if ($seshRights>3){
			$emptyFields = FALSE;
			$emptyErrors = "";
			// Get Vars
			$stu_ID= (sanitize_sql_string($_GET['idx']));
			$firstname= (sanitize_sql_string($_GET['firstname']));
			$lastname=(sanitize_sql_string($_GET['lastname']));
			$class=(sanitize_sql_string($_GET['class']));
			$DOB=(sanitize_sql_string($_GET['DOB']));
			$DOR=(sanitize_sql_string($_GET['DOR']));
			$status=(sanitize_sql_string($_GET['status']));
			$skipped=intval(sanitize_sql_string($_GET['skipped']));
			if ($stu_ID == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Student ID is missing";
				}
			if ($firstname == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>First name is missing";
				}
			if ($lastname == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Last name is missing";
				}	
			if ($class == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Class is missing";
				}
			if ($DOB == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Date of Birth is missing";
				}
			else 
				{
					if (!(isValidDate($DOB)))
						{
							$emptyFields = TRUE;
							$emptyErrors = $emptyErrors."<hr>Date of Birth: $DOB is not a valid date";	
						}
				}
			if ($DOR == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Date of Registration is missing";
				}
			else 
				{
					if (!(isValidDate($DOR)))
						{
							$emptyFields = TRUE;
							$emptyErrors = $emptyErrors."<hr>Registration Date: $DOR is not a valid date";	
						}
				}
			if ($status == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Status information is missing";
				}
			if (!(($status == 'Active') ||  ($status == 'Dropped') || ($status == 'Left')))
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr><strong>$status</strong> is not a valid status.";
				}
			if (($skipped < 0 ) || ($skipped > 5))
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Are you sure the student has skipped <strong>$skipped</strong> years?";
				}	
			if ($emptyFields)
			{
					$msg = "ERROR";
					$info =	$emptyErrors;
					$btn = "<a href=# 
					onclick=\"	
					document.getElementById('editStudeContent').style.display = 'block';
				 	putThisThere('editStudentButton.php', 'editStudentButton'); 	
					return false;\">Try again?</a>";
					printStatus($msg, $info, $btn, "red");
			}	
			else
			{	
				// Check if person already exists
				$query = 
				"Select 
					count(*) 
				FROM 
					students 
				WHERE 
					First_name='$firstname' 
					AND last_name='$lastname' 
					AND DOB = '$DOB' 
					AND class ='$class'
					AND student_ID!='$stu_ID'";	
				$result = mysql_query($query) or die (mysql_error()) ;
				$result = mysql_result($result, 0);		
				if ($result != 0)
					{				
						$msg = "ERROR";
						$info =	"A Student named <strong>$firstname $lastname</strong> in class <strong>$class</strong> with Date of Birth: <strong>$DOB</strong> already exists in the database.
					 <br>If you wish to add another student with the same name, DOB and class add their middle initial after their first name";	
					 	$btn = "<a href=# onclick=\"
					 	document.getElementById('addStudeContent').style.display = 'block';
					 	putThisThere('editStudentButton.php', 'editStudentButton');  
						return false;\">Try again?</a>";
						printStatus($msg, $info, $btn, "red");
					}
				else
					{
						$Dobmod=intval(substr($DOB,0,4));
						$Dobmod=$Dobmod - $skipped;
						$Dobmod = $Dobmod.(substr($DOB,4,6));
						$timestamp = date("Y-m-d H:i:s");			
						$query = 
					"UPDATE 
						students 
					SET 
						first_name='$firstname',
						last_name='$lastname', 
						class='$class', 
						DOB='$DOB' ,
						reg_date='$DOR', 
						DOBmod='$Dobmod', 
						Stat='$status',
						lastModDate ='$timestamp'   
					WHERE 
						student_ID='$stu_ID'";
						$result = mysql_query($query) or die (mysql_error()) ;
						
						
						
						/// ACTIVITY UPDATE ///
						$action = "Edit";
						$actedOn = "Student";
						$actor = $_SESSION['TID'];
						$actedOnID = $stu_ID;
						ActivityUpdate($action, $actedOn, $actor, $actedOnID);
						//////////////////////						
						//STATUS MESSAGE AND LINK//
						$msg = "SUCCESS";
						$info =	"New details for Student named <strong> $firstname $lastname (DOB:$DOB) </strong> saved.";
						$btn = "<a href=# onclick=\"
					   		document.getElementById('Student_Select_xml').value = '$firstname $lastname';
							showResultsOr('$stu_ID', 
						'Student', 
						'$firstname $lastname',
						document.Arc.Opts[0].checked, 
						document.Arc.Opts[1].checked, 
						document.Arc.Opts[2].checked, 
						document.Arc.Opts[3].checked, 
						document.Arc.Opts[4].checked,
						'Student_Result_Div');
						HideAlert('editStude'); 
						return false;\">Close</a>";
						printStatus($msg, $info, $btn);
						///////////////////////////
					}
			}
		}
			break;
        case "Teacher": 
        if ($seshRights>3){
			$emptyFields = FALSE;
			$emptyErrors = "";
			// Get Vars
			$teach_firstname= (sanitize_sql_string($_GET['firstname']));
			$teach_lastname=(sanitize_sql_string($_GET['lastname']));
			$teach_title=(sanitize_sql_string($_GET['title']));
			$raw_email=$_GET['email'];
			$teach_email=(sanitize_sql_string($_GET['email']));
			$teach_pass=(sanitize_sql_string($_GET['pass']));
			$teach_status=(sanitize_sql_string($_GET['status']));
			$teach_rights=(sanitize_sql_string($_GET['rights']));
			if ($teach_firstname == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>First name is missing";
				}
			if ($teach_lastname == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Last name is missing";
				}	
			if ($teach_title == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Title is missing";
				}
			if ($teach_email == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>E-mail address is missing";
				}
			else 
				{	
					include('_inc_EmailAddressValidator.php');
					$validator = new EmailAddressValidator;
        			if (!($validator->check_email_address($raw_email))) 
					{
            			$emptyFields = TRUE;
						$emptyErrors = $emptyErrors."<hr><strong>$raw_email</strong> is not a valid E-mail address";
        			}
					else
					{
						$query = "SELECT title, first_name, last_name 
									FROM teachers 
									WHERE email = '$teach_email' 
									LIMIT 1";	
						$result = mysql_query($query) or die (mysql_error());
						
							while($row = mysql_fetch_array($result, MYSQL_ASSOC))
							{
								$t = $row['title'];
								$fn = $row['first_name'];	
								$ln = $row['last_name'];	
								$emptyFields = TRUE;
								$emptyErrors = $emptyErrors."<hr><strong>$teach_email</strong> already in use by <strong>$t $fn $ln</strong>";
							}
							
						
					}
				}
			if ($teach_pass == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Blank passwords are not allowed";
				}
			if ($teach_status == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Status Information is missing";
				}
			if ($teach_rights == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Access Rights Information is missing";
				}
				
				
			if ($emptyFields)
			{
					$msg = "ERROR";
					$info =	$emptyErrors;
					$btn = "<a href=# 
					onclick=\"	
					document.getElementById('addTeachContent').style.display = 'block';	
					putThisThere('addTeacherButton.php', 'AddTeacherButton');	
					return false;\">Try again?</a>";
					printStatus($msg, $info, $btn, "red");
			}		
			else 
			{
				// Check if person already exists
				$query = "Select count(*) from teachers where First_name='$teach_firstname' AND last_name='$teach_lastname'";	
				$result = mysql_query($query) or die (mysql_error()) ;
				$result = mysql_result($result, 0);		
				if ($result != 0)
					{
					$msg = "ERROR";
					$info =	"A teacher named <strong>$teach_firstname $teach_lastname </strong> already exists in the database.<br><small>If you wish to add another teacher with the same name add their middle initial (or the class taught by this teacher) as part of their first name</small>";
					$btn = "<a href=# 
						onclick=\"					
						document.getElementById('addTeachContent').style.display = 'block';	
						putThisThere('addTeacherButton.php', 'AddTeacherButton');
						return false;\">Try again?</a>";
					printStatus($msg, $info, $btn, "red");
					}
				else
					{
						
					// Create UID based on name
					$UID = substr($teach_firstname, 0,3).substr($teach_lastname, 0, 3);
					// Check UID is unique, if not make unique
					$UID = checkUID($UID, "teachers", "Teacher_ID");
					$timestamp = date("Y-m-d H:i:s");				
					$query = "INSERT INTO teachers (teacher_ID, first_name, last_name, title, email, pwd, stat, rights, Status_change_date ) VALUES('$UID', '$teach_firstname', '$teach_lastname' , '$teach_title', '$teach_email', '$teach_pass', '$teach_status', '$teach_rights', '$timestamp' ) ";
					$result = mysql_query($query) or die (mysql_error()) ;
					
					/// ACTIVITY UPDATE ///
					$action = "Add";
					$actedOn = "Teacher";
					$actor = $_SESSION['TID'];
					$actedOnID = $UID;
					ActivityUpdate($action, $actedOn, $actor, $actedOnID);
					//////////////////////
					
					//STATUS MESSAGE AND LINK//
					$msg = "SUCCESS";
					$info =	"Teacher named <strong>$teach_title $teach_firstname $teach_lastname</strong> has been successfully added to the database";
					$btn = "<a href=# 
					onclick=\"
					document.getElementById('Teach_FirstName').value = '';
					document.getElementById('Teach_LastName').value = '';
					document.getElementById('Teach_Title').value = '';
					document.getElementById('Teach_Pass').value = '';
					document.getElementById('Teach_Email').value = '';
					document.getElementById('Teach_Status').value = 1;
					document.getElementById('Teach_Rights').value = 3;
					
					document.getElementById('addTeachContent').style.display = 'block';	
					putThisThere('addTeacherButton.php', 'AddTeacherButton');	
					return false;\">Add another</a>?";
					printStatus($msg, $info, $btn);
					///////////////////////////
					
					}
			}
		}
			break;
		case "editTeacher": 
		if ($seshRights>3){
			$emptyFields = FALSE;
			$emptyErrors = "";
			// Get Vars
			$teach_ID = (sanitize_sql_string($_GET['idx']));
			$teach_firstname= (sanitize_sql_string($_GET['firstname']));
			$teach_lastname=(sanitize_sql_string($_GET['lastname']));
			$teach_title=(sanitize_sql_string($_GET['title']));
			$raw_email=$_GET['email'];
			$teach_email=(sanitize_sql_string($_GET['email']));
			$teach_pass=(sanitize_sql_string($_GET['pass']));
			$teach_status=(sanitize_sql_string($_GET['status']));
			$teach_rights=(sanitize_sql_string($_GET['rights']));
			if ($teach_ID == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Teacher ID is missing";
				}	
			if ($teach_firstname == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>First name is missing";
				}
			if ($teach_lastname == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Last name is missing";
				}	
			if ($teach_title == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Title is missing";
				}
			if ($teach_email == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>E-mail address is missing";
				}
			else 
				{	
					include('_inc_EmailAddressValidator.php');
					$validator = new EmailAddressValidator;
        			if (!($validator->check_email_address($raw_email))) 
					{
            			$emptyFields = TRUE;
						$emptyErrors = $emptyErrors."<hr><strong>$raw_email</strong> is not a valid E-mail address";
        			}
					else
					{
						
						$query = 
							"SELECT 
								title, 
								first_name, 
								last_name 
							FROM 
								teachers 
							WHERE 
								email = '$teach_email' 
								AND Teacher_ID!='$teach_ID'
							LIMIT 1";	
						$result = mysql_query($query) or die (mysql_error());
						
							while($row = mysql_fetch_array($result, MYSQL_ASSOC))
							{
								$t = $row['title'];
								$fn = $row['first_name'];	
								$ln = $row['last_name'];	
								$emptyFields = TRUE;
								$emptyErrors = $emptyErrors."<hr><strong>$teach_email</strong> already in use by <strong>$t $fn $ln</strong>";
							}
							
						
					}
				}
			if ($teach_pass == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Blank passwords are not allowed";
				}
			if ($teach_status == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Status Information is missing";
				}
			if ($teach_rights == '') 
				{
					$emptyFields = TRUE;
					$emptyErrors = $emptyErrors."<hr>Access Rights Information is missing";
				}
				
				
			if ($emptyFields)
			{
					$msg = "ERROR";
					$info =	$emptyErrors;
					$btn = "<a href=# 
					onclick=\"	
					document.getElementById('editTeachContent').style.display = 'block';	
					putThisThere('editTeacherButton.php', 'editTeacherButton');	
					return false;\">Try again?</a>";
					printStatus($msg, $info, $btn, "red");
			}		
			else 
			{
				// Check if person already exists
				$query = "SELECT 
							count(*) 
						FROM 
							teachers 
						WHERE 
							First_name='$teach_firstname' 
							AND last_name='$teach_lastname' 
							AND Teacher_ID!='$teach_ID'";	
				$result = mysql_query($query) or die (mysql_error()) ;
				$result = mysql_result($result, 0);		
				if ($result != 0)
					{
					$msg = "ERROR";
					$info =	"A teacher named <strong>$teach_firstname $teach_lastname </strong> already exists in the database.<br><small>If you wish to add another teacher with the same name add their middle initial (or the class taught by this teacher) as part of their first name</small>";
					$btn = "<a href=# 
						onclick=\"					
						document.getElementById('editTeachContent').style.display = 'block';	
						putThisThere('editTeacherButton.php', 'editTeacherButton');
						return false;\">Try again?</a>";
					printStatus($msg, $info, $btn, "red");
					}
				else
					{
					$timestamp = date("Y-m-d H:i:s");				
					$query = 
					"UPDATE 
						teachers 
					SET 
						first_name='$teach_firstname',
						last_name='$teach_lastname', 
						title='$teach_title', 
						email='$teach_email', 
						pwd='$teach_pass', 
						stat='$teach_status', 
						rights='$teach_rights', 
						Status_change_date='$timestamp'   
					WHERE 
						Teacher_ID='$teach_ID'";
					$result = mysql_query($query) or die (mysql_error()) ;
					
					/// ACTIVITY UPDATE ///
					$action = "Edit";
					$actedOn = "Teacher";
					$actor = $_SESSION['TID'];
					$actedOnID = $teach_ID;
					ActivityUpdate($action, $actedOn, $actor, $actedOnID);
					//////////////////////
					
					//STATUS MESSAGE AND LINK//
					$msg = "SUCCESS";
					$info =	"Information successfully modified for teacher named <strong>$teach_title $teach_firstname $teach_lastname</strong>";
					$btn = "<a href=# 
					onclick=
					\"document.getElementById('editTeach_ID').value = '';
					document.getElementById('editTeach_FirstName').value = '';
					document.getElementById('editTeach_LastName').value = '';
					document.getElementById('editTeach_Title').value = '';
					document.getElementById('editTeach_Pass').value = '';
					document.getElementById('editTeach_Email').value = '';
					document.getElementById('editTeach_Status').value = '1';
					document.getElementById('editTeach_Rights').value = '3';
					document.getElementById('Teacher_Select_xml').value = '$teach_firstname $teach_lastname';
					showResultsOr('$teach_ID', 
						'Teacher', 
						'$teach_firstname $teach_lastname',
						document.Arc.Opts[0].checked, 
						document.Arc.Opts[1].checked, 
						document.Arc.Opts[2].checked, 
						document.Arc.Opts[3].checked, 
						document.Arc.Opts[4].checked,
						'Teacher_Result_Div');
					HideAlert('editTeach');	
					return false;\">Close</a>";
					printStatus($msg, $info, $btn);
					///////////////////////////
					
					}
			}
		}
			break;	
			case "editMe": 
				$emptyFields = FALSE;
				$emptyErrors = "";
				// Get Vars
				$teachID = $_SESSION['TID'];
				$email = (sanitize_sql_string($_GET['em']));
				$pass= (sanitize_sql_string($_GET['pas']));
				$passo=(sanitize_sql_string($_GET['paso']));
				$passn=(sanitize_sql_string($_GET['pasn']));
				$raw_email=$_GET['em'];

				if (($passo == '') && ($pass == ''))
					{
						$emptyFields = TRUE;
						$emptyErrors = $emptyErrors."<hr>Your Password is required to modify your login details.";
					}
				else 
					{
						if ($passn!='')
						{
							$query = 
							"SELECT count(pwd) 	
								FROM teachers 
								WHERE Teacher_ID='$teachID'
								AND pwd='$passo' OR pwd='$pass'
								LIMIT 1";	
							$result = mysql_query($query) or die (mysql_error()) ;
							$pz = mysql_result($result, 0);
							if ($pz < 1)
							{
								$emptyFields = TRUE;
								$emptyErrors = $emptyErrors."<hr>The password you have entered is incorrect";
							}
						}
						else
						{
							$query = 
							"SELECT pwd 	
								FROM teachers 
								WHERE Teacher_ID='$teachID'
								LIMIT 1";	
							$result = mysql_query($query) or die (mysql_error()) ;
							$passn = mysql_result($result, 0);	
						}
					}
				if ($email == '')
				{
					$query = 
							"SELECT email 	
								FROM teachers 
								WHERE Teacher_ID='$teachID'
								LIMIT 1";	
					$result = mysql_query($query) or die (mysql_error()) ;
					$email = mysql_result($result, 0);	
				}
				else 
					{	
						include('_inc_EmailAddressValidator.php');
						$validator = new EmailAddressValidator;
	        			if (!($validator->check_email_address($raw_email))) 
						{
	            			$emptyFields = TRUE;
							$emptyErrors = $emptyErrors."<hr><strong>$raw_email</strong> is not a valid E-mail address";
	        			}
						else
						{
							
							$query = 
								"SELECT 
									title, 
									first_name, 
									last_name 
								FROM 
									teachers 
								WHERE 
									email = '$email' 
									AND Teacher_ID!='$teachID'
								LIMIT 1";	
							$result = mysql_query($query) or die (mysql_error());
							
								while($row = mysql_fetch_array($result, MYSQL_ASSOC))
								{
									$t = $row['title'];
									$fn = $row['first_name'];	
									$ln = $row['last_name'];	
									$emptyFields = TRUE;
									$emptyErrors = $emptyErrors."<hr><strong>$raw_email</strong> already in use by <strong>$t $fn $ln</strong>";
								}
								
							
						}
					}
					if ($emptyErrors == '')
					{
						$timestamp = date("Y-m-d H:i:s");				
						$query = 
						"UPDATE 
						teachers 
						SET 
						
						email='$email', 
						pwd='$passn', 
						Status_change_date='$timestamp'   
					WHERE 
						Teacher_ID='$teachID'";
					$result = mysql_query($query) or die (mysql_error()) ;
					
					/// ACTIVITY UPDATE ///
					$action = "Edit";
					$actedOn = "Teacher";
					$actor = $_SESSION['TID'];
					$actedOnID = $teachID;
					ActivityUpdate($action, $actedOn, $actor, $actedOnID);
					//////////////////////
					
					//STATUS MESSAGE AND LINK//
					$msg = "SUCCESS";
					$info =	"<b>$email</b> : Your login information has been successfully modified.</strong>";
					$btn = "<a href=# 
					onclick=
					\"document.getElementById('editMeButton').innerHTML='';
					HideAlert('editMe'); 
					return false;\">Close</a>";
					printStatus($msg, $info, $btn);
					}
					
					else 
					{
					$msg = "ERROR";
					$info =	$emptyErrors;
					$btn = "<a href=# 
						onclick=\"					
						document.getElementById('editMeContent').style.display = 'block';	
						document.getElementById('editMeButton').style.display = 'none';
						return false;\">Try again?</a>";
					printStatus($msg, $info, $btn);	
					}
				break;
			case "remindMe": 
				$query = 		"SELECT email, pwd 
								FROM teachers 
								WHERE Teacher_ID='".$_SESSION['TID']."'
								LIMIT 1";	
							$result = mysql_query($query) or die (mysql_error());
							
								while($row = mysql_fetch_array($result, MYSQL_ASSOC))
								{
									$em = $row['email'];
									$pw = $row['pwd'];	
								}
								
				$Name = "Gifted and Talented DataBase"; //senders name
				$email = "GiftednTalented@pembridgehall.co.uk"; //senders e-mail adress
				$recipient = $em; //recipient
				$replyto = "annemarie.walsh@pembridgehall.co.uk";
				$mail_body = "A password reminder was requested for the Gifted and Talented database from your account. Your password is $pw. If you believe you have received this email in error, please contact the database administrator."; //mail body
				$subject = "Gifted and Talented Reminder"; //subject
				$header = "From: ". $Name . " <" . $email . ">\r\n".
				   "Reply-To: $replyto \r\n" .
				   "X-Mailer: PHP/" . phpversion();
				// Optional, use if doesn't work
				ini_set('sendmail_from', 'emamio@moran.dreamhost.com'); //Suggested by "Some Guy"
				//
				mail($recipient, $subject, $mail_body, $header);
				
				//STATUS MESSAGE AND LINK//
					$msg = "SUCCESS";
					$info =	"Password reminder sent to <b>$em<b>";
					$btn = "<a href=# 
					onclick=
					\"document.getElementById('editMeButton').innerHTML='';
					HideAlert('editMe'); 
					return false;\">Close</a>";
					printStatus($msg, $info, $btn);
				break;
        default:  return false;
    }
	/*
							document.getElementById('SpecSubj').value='';
						document.getElementById('SubjAdd').innerHTML='';
						*/
//include ('_inc_closeDB.php');
}
else sessionError();
?>