/classes.php

https://github.com/adamfranco/segue-1.x · PHP · 513 lines · 395 code · 64 blank · 54 comment · 75 complexity · dab40df1bfd4f4c115447ed97dd9db1e MD5 · raw file

  1. <? /* $Id$ */
  2. include("objects/objects.inc.php");
  3. $content = '';
  4. $message = '';
  5. ob_start();
  6. session_start();
  7. /* // debug output -- handy :) */
  8. /* print "<pre>"; */
  9. /* print "request:\n"; */
  10. /* print_r($_REQUEST); */
  11. /* print "\n\n"; */
  12. /* print "session:\n"; */
  13. /* print_r($_SESSION); */
  14. /* print "\n\n"; */
  15. /* print "</pre>"; */
  16. // include all necessary files
  17. include("includes.inc.php");
  18. if ($_SESSION['ltype'] != 'admin') {
  19. // take them right to the user lookup page
  20. header("Location: username_lookup.php");
  21. exit;
  22. }
  23. db_connect($dbhost, $dbuser, $dbpass, $dbdb);
  24. // what's the action?
  25. $curraction = $_REQUEST['action'];
  26. $id = $_REQUEST['id'];
  27. if ($curraction == 'del') {
  28. $id = $_REQUEST['id'];
  29. if ($id > 0) {
  30. course::delCourse($id);
  31. $message = "Class ID $id deleted successfully.";
  32. }
  33. }
  34. // if they want to add a class...
  35. if ($curraction == 'add') {
  36. // check for errors first
  37. if (course::courseExists(generateCodeFromData($_REQUEST['department'],$_REQUEST['number'],$_REQUEST['section'],$_REQUEST['semester'],$_REQUEST['year']))) error("A class with that code already exists.");
  38. if (!ereg("^[a-zA-Z0-9\._\-]{1,}$",$_REQUEST['external_id'])) error("You must enter an external ID. Only combination of charactors \"a-z\" and \"A-Z\", numbers, and the charactors '-_.' are allowed.");
  39. if (!ereg("^[a-zA-Z]{1,}$",$_REQUEST['department'])) error("You must enter a department. Only charactors \"a-z\" and \"A-Z\" are allowed.");
  40. if (!ereg("^[0-9]{1,}$",$_REQUEST['number'])) error("You must enter a numeric number.");
  41. if (!ereg("^[a-zA-Z]{0,}$",$_REQUEST['section'])) error("Your course section must be letters \"a-z\" and \"A-Z\" only");
  42. if (!array_key_exists($_REQUEST['semester'], $cfg['semesters'])) error("You must enter a semester.");
  43. if (!ereg("^[0-9]{4}$",$_REQUEST['year'])) error("You must enter a valid 4-digit year.");
  44. if (!$_REQUEST['owner']) error("You must assign a owner to this class site.");
  45. $owner_id = db_get_value("user","user_id","user_uname='".addslashes($_REQUEST['owner'])."'");
  46. if (!$owner_id) error("The class owner you selected is not a register Segue user.");
  47. $external_id = $_REQUEST['external_id'];
  48. $duplicate_ids_num = 0;
  49. $query = "
  50. SELECT class_external_id
  51. FROM
  52. class
  53. WHERE
  54. class_external_id = '".addslashes($external_id)."'
  55. ";
  56. $duplicate_ids = db_query($query);
  57. $duplicate_ids_num = db_num_rows($duplicate_ids);
  58. if ($duplicate_ids_num != 0) {
  59. error("A class with this external ID has already been created. You must select a unique external ID.");
  60. }
  61. // all good
  62. if (!$error) {
  63. $query = "
  64. INSERT INTO
  65. ugroup
  66. SET
  67. ugroup_name = '".generateCodeFromData($_REQUEST['department'],$_REQUEST['number'],$_REQUEST['section'],$_REQUEST['semester'],$_REQUEST['year'])."',
  68. ugroup_type = 'class'
  69. ";
  70. db_query($query);
  71. $ugroup_id = lastid();
  72. if ($owner_id) {
  73. $query = "
  74. INSERT INTO
  75. ugroup_user
  76. SET
  77. FK_ugroup = '".addslashes($ugroup_id)."',
  78. FK_user = '".addslashes($owner_id)."'
  79. ";
  80. db_query($query);
  81. }
  82. $obj = &new course();
  83. $obj->external_id = $_REQUEST['external_id'];
  84. $obj->department = $_REQUEST['department'];
  85. $obj->number = $_REQUEST['number'];
  86. $obj->section = $_REQUEST['section'];
  87. $obj->semester = $_REQUEST['semester'];
  88. $obj->year = $_REQUEST['year'];
  89. $obj->name = $_REQUEST['name'];
  90. $obj->owner = $owner_id;
  91. $obj->ugroup = $ugroup_id;
  92. // $obj->classgroup = $_REQUEST['classgroup'];
  93. $obj->insertDB();
  94. $message = "Class '".generateCodeFromData($_REQUEST['department'],$_REQUEST['number'],$_REQUEST['section'],$_REQUEST['semester'],$_REQUEST['year'])."' added successfully.";
  95. unset($_REQUEST['external_id'],$_REQUEST['name'],$_REQUEST['department'],$_REQUEST['number'],$_REQUEST['section'],$_REQUEST['semester'],$_REQUEST['year'],$_REQUEST['owner'],$_REQUEST['ugroup']);
  96. }
  97. }
  98. // if they're editing a course
  99. if ($curraction == 'edit') {
  100. if ($_REQUEST['commit']==1) {
  101. if (!ereg("^[a-zA-Z]{1,}$",$_REQUEST['department'])) error("You must enter a department. Only charactors \"a-z\" and \"A-Z\" are allowed.");
  102. if (!ereg("^[0-9]{1,}$",$_REQUEST['number'])) error("You must enter a numeric number.");
  103. if (!ereg("^[a-zA-Z0-9]{0,}$",$_REQUEST['section'])) error("Your course section must be letters \"a-z\" and \"A-Z\" only");
  104. if (!array_key_exists($_REQUEST['semester'], $cfg['semesters'])) error("You must enter a semester.");
  105. if (!ereg("^[0-9]{4}$",$_REQUEST['year'])) error("You must enter a valid 4-digit year.");
  106. $owner_id = db_get_value("user","user_id","user_uname='".addslashes($_REQUEST['owner'])."'");
  107. if (!$owner_id) error("The class owner you selected is not a register Segue user.");
  108. if (!$error) {
  109. $obj = &new course();
  110. $obj->fetchCourseID($_REQUEST['id']);
  111. $obj->external_id = $_REQUEST['external_id'];
  112. $obj->department = $_REQUEST['department'];
  113. $obj->number = $_REQUEST['number'];
  114. $obj->section = $_REQUEST['section'];
  115. $obj->semester = $_REQUEST['semester'];
  116. $obj->year = $_REQUEST['year'];
  117. $obj->name = $_REQUEST['name'];
  118. $obj->owner = $owner_id;
  119. // $obj->ugroup = $ugroup_id;
  120. // $obj->classgroup = $_REQUEST['classgroup'];
  121. $obj->updateDB();
  122. $query = "
  123. UPDATE
  124. ugroup
  125. SET
  126. ugroup_name='".generateCodeFromData($_REQUEST['department'],$_REQUEST['number'],$_REQUEST['section'],$_REQUEST['semester'],$_REQUEST['year'])."'
  127. WHERE
  128. ugroup_id='".addslashes($obj->ugroup)."'
  129. ";
  130. db_query($query);
  131. if ($owner_id && !db_get_line("ugroup_user","FK_user='".addslashes($owner_id)."' AND FK_ugroup = '".addslashes($obj->ugroup)."'")) {
  132. $query = "
  133. INSERT INTO
  134. ugroup_user
  135. SET
  136. FK_ugroup = '".addslashes($obj->ugroup)."',
  137. FK_user = '".addslashes($owner_id)."'
  138. ";
  139. db_query($query);
  140. }
  141. $message = "Class '".generateCodeFromData($_REQUEST['department'],$_REQUEST['number'],$_REQUEST['section'],$_REQUEST['semester'],$_REQUEST['year'])."' updated successfully.";
  142. unset($_REQUEST['external_id'],$_REQUEST['name'],$_REQUEST['department'],$_REQUEST['number'],$_REQUEST['section'],$_REQUEST['semester'],$_REQUEST['year'],$_REQUEST['owner'],$_REQUEST['ugroup']);
  143. }
  144. }
  145. }
  146. /* if ($curraction == 'resetpw') { */
  147. /* $id = $_REQUEST['id']; */
  148. /* if ($id > 0) { */
  149. /* $obj = &new user(); */
  150. /* $obj->fetchUserID($id); */
  151. /* $obj->randpass(5,3); */
  152. /* $obj->updateDB(); */
  153. /* $obj->sendemail(1); */
  154. /* $message = "A random password has been generated for '".$obj->uname."' and an email has been sent to them."; */
  155. /* } */
  156. /* } */
  157. /******************************************************************************
  158. * get search variables and create query
  159. ******************************************************************************/
  160. $class_external_id = $_REQUEST['class_external_id'];
  161. $class_name = $_REQUEST['class_name'];
  162. $class_dept = $_REQUEST['class_dept'];
  163. $semester = $_REQUEST['semester'];
  164. $class_year = $_REQUEST['class_year'];
  165. $class_owner = $_REQUEST['class_owner'];
  166. if ($curraction == 'edit') {
  167. $where = "class_id ='".addslashes($id)."'";
  168. } else {
  169. $where = "class_external_id LIKE '%'";
  170. }
  171. if ($class_external_id) $where = "class_external_id LIKE '".addslashes($class_external_id)."%'";
  172. if ($class_name) $where .= " AND class_name LIKE '%".addslashes($class_name)."%'";
  173. if ($class_dept) $where .= " AND class_department LIKE '".addslashes($class_dept)."%'";
  174. if ($semester == "any") {
  175. $where .= " AND class_semester LIKE '%'";
  176. } else if ($semester) {
  177. $where .= " AND class_semester = '".addslashes($semester)."'";
  178. }
  179. if ($class_year) $where .= " AND class_year LIKE '".addslashes($class_year)."%'";
  180. if ($class_owner) $where .= " AND (classowner.user_uname LIKE '%".addslashes($class_owner)."%' OR classowner.user_fname LIKE '%".addslashes($class_owner)."%')";
  181. if ($findall) {
  182. $class_external_id = "%";
  183. $class_name = "";
  184. $class_dept = "";
  185. $semester = "any";
  186. $class_year = "";
  187. $class_owner = "";
  188. $where = "class_external_id LIKE '%'";
  189. }
  190. /******************************************************************************
  191. * query database only if search has been made
  192. ******************************************************************************/
  193. if ($curraction == "edit" || $class_external_id || $class_name || $class_dept || $semester || $class_year || $class_owner) {
  194. $query = "
  195. SELECT
  196. COUNT(*) AS class_count
  197. FROM
  198. class
  199. LEFT JOIN
  200. user AS classowner
  201. ON
  202. class.FK_owner = user_id
  203. LEFT JOIN
  204. classgroup
  205. ON
  206. FK_classgroup = classgroup_id
  207. LEFT JOIN
  208. ugroup
  209. ON
  210. FK_ugroup = ugroup_id
  211. WHERE
  212. $where";
  213. $r = db_query($query);
  214. $a = db_fetch_assoc($r);
  215. $numclasses = $a[class_count];
  216. if (isset($_REQUEST['lowerlimit']))
  217. $lowerlimit = intval($_REQUEST['lowerlimit']);
  218. else
  219. $lowerlimit = 0;
  220. if ($lowerlimit < 0)
  221. $lowerlimit = 0;
  222. $limit = " limit $lowerlimit,30";
  223. $query = "
  224. SELECT
  225. class_id,
  226. class_external_id,
  227. class_name,
  228. class_department,
  229. class_number,
  230. class_section,
  231. class_semester,
  232. class_year,
  233. classowner.user_id AS classowner_id,
  234. classowner.user_uname AS classowner_uname,
  235. classowner.user_fname AS classowner_fname,
  236. classgroup_id,
  237. classgroup_name,
  238. ugroup_id
  239. FROM
  240. class
  241. LEFT JOIN
  242. user AS classowner
  243. ON
  244. class.FK_owner = user_id
  245. LEFT JOIN
  246. classgroup
  247. ON
  248. FK_classgroup = classgroup_id
  249. LEFT JOIN
  250. ugroup
  251. ON
  252. FK_ugroup = ugroup_id
  253. WHERE
  254. $where
  255. ORDER BY
  256. class_year DESC, class_department ASC, class_number ASC, class_section ASC
  257. $limit";
  258. $r = db_query($query);
  259. }
  260. //print $where;
  261. printerr();
  262. ?>
  263. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  264. <html>
  265. <head>
  266. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  267. <title>Classes</title>
  268. <?
  269. include("themes/common/logs_css.inc.php");
  270. include("themes/common/header.inc.php");
  271. ?>
  272. </head>
  273. <body onload="document.searchform.name.focus()">
  274. <?
  275. /******************************************************************************
  276. * Get site id for links to participation section
  277. ******************************************************************************/
  278. $siteObj =&new site($site);
  279. $siteid = $siteObj->id;
  280. if ($_SESSION['ltype']=='admin') {
  281. print "<table width='100%' class='bg'><tr><td class='bg'>
  282. Logs: <a href='viewsites.php?$sid&amp;site=$site'>sites</a>
  283. | <a href='viewusers.php?$sid&amp;site=$site'>users</a>
  284. </td><td align='right' class='bg'>
  285. <a href='users.php?$sid&amp;site=$site'>add/edit users</a> |
  286. add/edit classes |
  287. <a href='add_slot.php?$sid&amp;site=$site'>add/edit slots</a> |
  288. <a href='update.php?$sid&amp;site=$site'>segue updates</a>
  289. </td></tr></table>";
  290. }
  291. if ($site) {
  292. print "<div align='right'>";
  293. print "<a href='add_students.php?$sid&amp;name=$site'>Roster</a>";
  294. print " | <a href='email.php?$sid&amp;siteid=$siteid&amp;site=$site&amp;action=list&amp;scope=site'>Participation</a>";
  295. print " | Logs";
  296. print "</div><br />";
  297. }
  298. ?>
  299. <?=$content?>
  300. <table cellspacing='1' width='100%' id='maintable'>
  301. <tr><td>
  302. <table cellspacing='1' width='100%'>
  303. <tr><td>
  304. <form action="<? echo $PHP_SELF ?>" method='get' name='searchform'>
  305. Code: <input type='text' name='class_external_id' size='10' value='<?echo $class_external_id?>' />
  306. Name: <input type='text' name='class_name' size='10' value='<?echo $class_name?>' />
  307. Dept: <input type='text' name='class_dept' size='3' value='<?echo $class_dept?>' />
  308. Semester:
  309. <select name='semester'>
  310. <option<?=($semester=='any')?" selected='selected'":""?> value='any'>Any</option>
  311. <?
  312. foreach (array_keys($cfg['semesters']) as $semesterKey) {
  313. print "<option".(($semester == $semesterKey)?" selected='selected'":"")." value='".$semesterKey."'>";
  314. print $cfg['semesters'][$semesterKey]['name'];
  315. print "</option>";
  316. }
  317. ?>
  318. </select>
  319. Year: <input type='text' name='class_year' size='5' value='<?echo $class_year?>' />
  320. Owner: <input type='text' name='class_owner' size='7' value='<?echo $class_owner?>' />
  321. <input type='submit' name='search' value='Find' />
  322. <input type='submit' name='findall' value='Find All' />
  323. </form>
  324. </td>
  325. <td align='right'>
  326. <?
  327. $tpages = ceil($numclasses/30);
  328. $curr = ceil(($lowerlimit+30)/30);
  329. $prev = $lowerlimit-30;
  330. if ($prev < 0) $prev = 0;
  331. $next = $lowerlimit+30;
  332. if ($next >= $numclasses) $next = $numclasses-30;
  333. if ($next < 0) $next = 0;
  334. print "$curr of $tpages ";
  335. // print "$prev $lowerlimit $next ";
  336. if ($prev != $lowerlimit)
  337. print "<input type='button' value='&lt;&lt;' onclick='window.location=\"$PHP_SELF?$sid&lowerlimit=$prev&class_external_id=$class_external_id&class_name=$class_name&class_dept=$class_dept&semester=$semester&order=$order&class_year=$class_year&class_owner=$class_owner\"' />\n";
  338. if ($next != $lowerlimit && $next > $lowerlimit)
  339. print "<input type='button' value='&gt;&gt;' onclick='window.location=\"$PHP_SELF?$sid&lowerlimit=$next&class_external_id=$class_external_id&class_name=$class_name&class_dept=$class_dept&semester=$semester&order=$order&class_year=$class_year&class_owner=$class_owner\"' />\n";
  340. ?>
  341. </td></tr>
  342. </table>
  343. <?
  344. if (!db_num_rows($r)) {
  345. print "No matching classes found";
  346. } else {
  347. //$numclasses = db_num_rows($r);
  348. print "Total classes found: ".$numclasses;
  349. }
  350. ?>
  351. <form method='post' name='addform' action="<? echo $PHP_SELF ?>">
  352. <table width='100%'>
  353. <tr>
  354. <th>id</th>
  355. <th>code</th>
  356. <th>external id</th>
  357. <th>name</th>
  358. <th>department</th>
  359. <th>number</th>
  360. <th>section</th>
  361. <th>semester</th>
  362. <th>year</th>
  363. <th>owner</th>
  364. <th>group</th>
  365. <th>options</th>
  366. </tr>
  367. <? if ($curraction != 'edit') { doClassForm($_REQUEST); }
  368. if ($curraction == 'edit') {
  369. $a = db_fetch_assoc($r);
  370. //print " id=";
  371. //print $a['class_external_id'];
  372. doClassForm($a,'class_',1);
  373. // output found users
  374. } else if ($r) {
  375. while ($a = db_fetch_assoc($r)) {
  376. print "<tr>";
  377. print "<td align='center'>".$a['class_id']."</td>";
  378. print "<td>".generateCourseCode($a['class_id'])."</td>";
  379. print "<td>".$a['class_external_id']."</td>";
  380. print "<td>".$a['class_name']."</td>";
  381. print "<td>".$a['class_department']."</td>";
  382. print "<td>".$a['class_number']."</td>";
  383. print "<td>".$a['class_section']."</td>";
  384. print "<td>".$cfg['semesters'][$a['class_semester']]['name']."</td>";
  385. print "<td>".$a['class_year']."</td>";
  386. print "<td>".(($a['classowner_id'])?$a['classowner_fname']." (".$a['classowner_uname'].")":"")."</td>";
  387. print "<td>".$a['classgroup_name']."</td>";
  388. print "<td align='center'><span style='white-space: nowrap;'>";
  389. print "<a href='classes.php?$sid&amp;action=del&amp;id=".$a['class_id']."'>del</a> | \n";
  390. print "<a href='classes.php?$sid&amp;action=edit&amp;id=".$a['class_id']."'>edit</a> | \n";
  391. print "<a href=\"Javascript:sendWindow('addstudents',500,350,'add_students.php?$sid&amp;ugroup_id=".$a['ugroup_id']."')\">students</a>\n";
  392. print "</span></td>";
  393. print "</tr>";
  394. }
  395. }
  396. ?>
  397. </table>
  398. </form>
  399. </td>
  400. </tr>
  401. </table>
  402. <br />
  403. <div align='right'><input type='button' value='Close Window' onclick='window.close()' /></div>
  404. <?
  405. function doClassForm($a,$p='',$e=0) {
  406. global $cfg;
  407. ?>
  408. <tr>
  409. <td><?=($e)?$a[$p.'id']:"&nbsp;"?></td>
  410. <td><?=($e)?generateCourseCode($a[$p.'id']):""?></td>
  411. <td><input type='text' name='external_id' size='10' value="<?=$a[$p.'external_id']?>" /></td>
  412. <td><input type='text' name='name' size='20' value="<?=$a[$p.'name']?>" /></td>
  413. <td><input type='text' name='department' size='3' value="<?=$a[$p.'department']?>" /></td>
  414. <td><input type='text' name='number' size='3' value="<?=$a[$p.'number']?>" /></td>
  415. <td><input type='text' name='section' size='1' value="<?=$a[$p.'section']?>" /></td>
  416. <td><select name='semester'>
  417. <?
  418. foreach (array_keys($cfg['semesters']) as $semesterKey) {
  419. print "<option".(($a[$p.'semester'] == $semesterKey)?" selected='selected'":"")." value='".$semesterKey."'>";
  420. print $cfg['semesters'][$semesterKey]['name'];
  421. print "</option>";
  422. }
  423. ?>
  424. </select>
  425. </td>
  426. <td><input type='text' name='year' size='4' value="<?=$a[$p.'year']?>" /></td>
  427. <td><input type='text' name='owner' size='8' value="<?=$a['classowner_uname']?>" /> <a href="Javascript:sendWindow('addeditor',400,250,'add_editor.php?$sid&amp;comingfrom=classes')">choose</a></td>
  428. <td><?=$a[classgroup_name]?></td>
  429. <td align='center'>
  430. <input type='hidden' name='action' value='<?=($e)?"edit":"add"?>' />
  431. <?=($e)?"<input type='hidden' name='id' value='".$a[$p."id"]."' /><input type='hidden' name='commit' value='1' />":""?>
  432. <a href='#' onclick='document.addform.submit()'><?=($e)?"update":"add class"?></a>
  433. <!-- | <a href='classes.php'>cancel</a> -->
  434. </td>
  435. </tr>
  436. <?
  437. }
  438. /* // debug output -- handy :) */
  439. /* print "<pre>"; */
  440. /* print "request:\n"; */
  441. /* print_r($_REQUEST); */
  442. /* print "\n\n"; */
  443. /* print "session:\n"; */
  444. /* print_r($_SESSION); */
  445. /* print "\n\n"; */
  446. /* print "</pre>"; */
  447. ?>
  448. </body>
  449. </html>