/ajax.php
PHP | 261 lines | 219 code | 10 blank | 32 comment | 25 complexity | 7f2bc43e0a727b314f48afbcc32b92d4 MD5 | raw file
Possible License(s): GPL-2.0
- <?php
- #**************************************************************************
- # openSIS is a free student information system for public and non-public
- # schools from Open Solutions for Education, Inc. web: www.os4ed.com
- #
- # openSIS is web-based, open source, and comes packed with features that
- # include student demographic info, scheduling, grade book, attendance,
- # report cards, eligibility, transcripts, parent portal,
- # student portal and more.
- #
- # Visit the openSIS web site at http://www.opensis.com to learn more.
- # If you have question regarding this system or the license, please send
- # an email to info@os4ed.com.
- #
- # This program is released under the terms of the GNU General Public License as
- # published by the Free Software Foundation, version 2 of the License.
- # See license.txt.
- #
- # This program is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
- # along with this program. If not, see <http://www.gnu.org/licenses/>.
- #
- #***************************************************************************************
- //error_reporting(1);
- //include('Redirect_root.php');
- error_reporting(E_ERROR);
- $isajax="ajax";
- $start_time = time();
- include 'Warehouse.php';
- array_rwalk($_REQUEST,'strip_tags');
-
- if(UserStudentID() && User('PROFILE')!='parent' && User('PROFILE')!='student')
- {
- $RET = DBGet(DBQuery("SELECT FIRST_NAME,LAST_NAME,MIDDLE_NAME,NAME_SUFFIX FROM STUDENTS WHERE STUDENT_ID='".UserStudentID()."'"));
- $count_student_RET=DBGet(DBQuery("SELECT COUNT(*) AS NUM FROM STUDENTS"));
- if($count_student_RET[1]['NUM']>1){
- DrawHeaderHome( 'Selected Student: '.$RET[1]['FIRST_NAME'].' '.($RET[1]['MIDDLE_NAME']?$RET[1]['MIDDLE_NAME'].' ':'').$RET[1]['LAST_NAME'].' '.$RET[1]['NAME_SUFFIX'].' (<A HREF=Side.php?student_id=new&modcat='.$_REQUEST['modcat'].'><font color=red>Remove</font></A>) | <A HREF=Modules.php?modname=Students/Student.php&search_modfunc=list&next_modname=Students%2FStudent.php&ajax=true&bottom_back=true&return_session=true target=body>Back to Student List</A>');
- }else if($count_student_RET[1]['NUM']==1){
- DrawHeaderHome( 'Selected Student: '.$RET[1]['FIRST_NAME'].' '.($RET[1]['MIDDLE_NAME']?$RET[1]['MIDDLE_NAME'].' ':'').$RET[1]['LAST_NAME'].' '.$RET[1]['NAME_SUFFIX'].' (<A HREF=Side.php?student_id=new&modcat='.$_REQUEST['modcat'].'><font color=red>Remove</font></A>) ');
- }
-
- }
- if(UserStaffID() && User('PROFILE')=='admin')
- {
- //if(UserStudentID())
- // echo '<IMG SRC=assets/pixel_trans.gif height=2>';
- $RET = DBGet(DBQuery("SELECT FIRST_NAME,LAST_NAME FROM STAFF WHERE STAFF_ID='".UserStaffID()."'"));
- DrawHeaderHome( 'Selected User: '.$RET[1]['FIRST_NAME'].' '.$RET[1]['LAST_NAME'].' (<A HREF=Side.php?staff_id=new&modcat='.$_REQUEST['modcat'].'><font color=red>Remove</font></A>)');
- }
-
- echo "<center><div id='divErr'></div></center>";
-
- if(!isset($_REQUEST['_openSIS_PDF']))
- {
- Warehouse('header');
-
- //if(strpos($_REQUEST['modname'],'misc/')===false && $_REQUEST['modname']!='Students/Student.php' && $_REQUEST['modname']!='School_Setup/Calendar.php' && $_REQUEST['modname']!='Scheduling/Schedule.php' && $_REQUEST['modname']!='Attendance/Percent.php' && $_REQUEST['modname']!='Attendance/Percent.php?list_by_day=true' && $_REQUEST['modname']!='Scheduling/MassRequests.php' && $_REQUEST['modname']!='Scheduling/MassSchedule.php' && $_REQUEST['modname']!='Student_Billing/Fees.php')
- if(strpos($_REQUEST['modname'],'misc/')===false)
- echo '<script language="JavaScript">if(window == top && (!window.opener || window.opener.location.href.substring(0,(window.opener.location.href.indexOf("&")!=-1?window.opener.location.href.indexOf("&"):window.opener.location.href.replace("#","").length))!=window.location.href.substring(0,(window.location.href.indexOf("&")!=-1?window.location.href.indexOf("&"):window.location.href.replace("#","").length)))) window.location.href = "index.php";</script>';
- echo "<body marginwidth=0 leftmargin=0 border=0 onload='doOnload();' background=assets/bg.gif>";
- #echo '<div id="Migoicons" style="visibility:hidden;position:absolute;z-index:1000;top:-100"></DIV><SCRIPT language="JavaScript1.2" type="text/javascript">var TipId="Migoicons";var FiltersEnabled = 1;mig_clay();';
- echo '<div id="Migoicons" style="visibility:hidden;position:absolute;z-index:1000;top:-100"></div>';
- echo "<table width=100% height=100% border=0 cellpadding=0 align=center><tr><td valign=top align=center>";
- }
-
- if($_REQUEST['modname'])
- {
- if($_REQUEST['_openSIS_PDF']=='true')
- ob_start();
- if(strpos($_REQUEST['modname'],'?')!==false)
- {
- $vars = substr($_REQUEST['modname'],(strpos($_REQUEST['modname'],'?')+1));
- $modname = substr($_REQUEST['modname'],0,strpos($_REQUEST['modname'],'?'));
-
- $vars = explode('?',$vars);
- foreach($vars as $code)
- {
- $code = decode_unicode_url("\$_REQUEST['".str_replace('=',"']='",$code)."';");
- eval($code);
- }
- }
- else
- $modname = $_REQUEST['modname'];
-
- if($_REQUEST['LO_save']!='1' && !isset($_REQUEST['_openSIS_PDF']) && (strpos($modname,'misc/')===false || $modname=='misc/Registration.php' || $modname=='misc/Export.php' || $modname=='misc/Portal.php'))
- $_SESSION['_REQUEST_vars'] = $_REQUEST;
-
- $allowed = false;
- include 'Menu.php';
- foreach($_openSIS['Menu'] as $modcat=>$programs)
- {
- if($_REQUEST['modname']==$modcat.'/Search.php')
- {
- $allowed = true;
- break;
- }
- foreach($programs as $program=>$title)
- {
- if($_REQUEST['modname']==$program)
- {
- $allowed = true;
- break;
- }
- }
- }
- if(substr($_REQUEST['modname'],0,5)=='misc/')
- $allowed = true;
-
- if($allowed || $_SESSION['take_mssn_attn'])
- {
- if(Preferences('SEARCH')!='Y')
- $_REQUEST['search_modfunc'] = 'list';
- include('modules/'.$modname);
- }
- else
- {
- if(User('USERNAME'))
- {
- echo "You're not allowed to use this program! This attempted violation has been logged and your IP address was captured.";
- DBQuery("INSERT INTO HACKING_LOG (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('$_SERVER[SERVER_NAME]','$_SERVER[REMOTE_ADDR]','".date('Y-m-d')."','$openSISVersion','$_SERVER[PHP_SELF]','$_SERVER[DOCUMENT_ROOT]','$_SERVER[SCRIPT_NAME]','$_REQUEST[modname]','".User('USERNAME')."')");
- Warehouse('footer');
- if($openSISNotifyAddress)
- mail($openSISNotifyAddress,'HACKING ATTEMPT',"INSERT INTO HACKING_LOG (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('$_SERVER[SERVER_NAME]','$_SERVER[REMOTE_ADDR]','".date('Y-m-d')."','$openSISVersion','$_SERVER[PHP_SELF]','$_SERVER[DOCUMENT_ROOT]','$_SERVER[SCRIPT_NAME]','$_REQUEST[modname]','".User('USERNAME')."')");
- }
- exit;
- }
-
- if($_SESSION['unset_student'])
- {
- unset($_SESSION['unset_student']);
- unset($_SESSION['staff_id']);
- }
- }
-
- echo "<div id='cal' class='divcal'> </div>";
-
-
-
- if(!isset($_REQUEST['_openSIS_PDF']))
- {
- echo '</td></tr></table>';
- for($i=1;$i<=$_openSIS['PrepareDate'];$i++)
- {
- echo '<script type="text/javascript">
- Calendar.setup({
- monthField : "monthSelect'.$i.'",
- dayField : "daySelect'.$i.'",
- yearField : "yearSelect'.$i.'",
- ifFormat : "%d-%b-%y",
- button : "trigger'.$i.'",
- align : "Tl",
- singleClick : true
- });
- </script>';
- }
- echo '</body>';
- echo '</html>';
- }
-
-
- function decode_unicode_url($str)
- {
- $res = '';
-
- $i = 0;
- $max = strlen($str) - 6;
- while ($i <= $max)
- {
- $character = $str[$i];
- if ($character == '%' && $str[$i + 1] == 'u')
- {
- $value = hexdec(substr($str, $i + 2, 4));
- $i += 6;
-
- if ($value < 0x0080) // 1 byte: 0xxxxxxx
- $character = chr($value);
- else if ($value < 0x0800) // 2 bytes: 110xxxxx 10xxxxxx
- $character =
- chr((($value & 0x07c0) >> 6) | 0xc0)
- . chr(($value & 0x3f) | 0x80);
- else // 3 bytes: 1110xxxx 10xxxxxx 10xxxxxx
- $character =
- chr((($value & 0xf000) >> 12) | 0xe0)
- . chr((($value & 0x0fc0) >> 6) | 0x80)
- . chr(($value & 0x3f) | 0x80);
- }
- else
- $i++;
-
- $res .= $character;
- }
-
- return $res . substr($str, $i);
- }
-
-
-
-
-
- function code2utf($num){
- if($num<128)
- return chr($num);
- if($num<1024)
- return chr(($num>>6)+192).chr(($num&63)+128);
- if($num<32768)
- return chr(($num>>12)+224).chr((($num>>6)&63)+128)
- .chr(($num&63)+128);
- if($num<2097152)
- return chr(($num>>18)+240).chr((($num>>12)&63)+128)
- .chr((($num>>6)&63)+128).chr(($num&63)+128);
- return '';
- }
-
- function unescape($strIn, $iconv_to = 'UTF-8') {
- $strOut = '';
- $iPos = 0;
- $len = strlen ($strIn);
- while ($iPos < $len) {
- $charAt = substr ($strIn, $iPos, 1);
- if ($charAt == '%') {
- $iPos++;
- $charAt = substr ($strIn, $iPos, 1);
- if ($charAt == 'u') {
- // Unicode character
- $iPos++;
- $unicodeHexVal = substr ($strIn, $iPos, 4);
- $unicode = hexdec ($unicodeHexVal);
- $strOut .= code2utf($unicode);
- $iPos += 4;
- }
- else {
- // Escaped ascii character
- $hexVal = substr ($strIn, $iPos, 2);
- if (hexdec($hexVal) > 127) {
- // Convert to Unicode
- $strOut .= code2utf(hexdec ($hexVal));
- }
- else {
- $strOut .= chr (hexdec ($hexVal));
- }
- $iPos += 2;
- }
- }
- else {
- $strOut .= $charAt;
- $iPos++;
- }
- }
- if ($iconv_to != "UTF-8") {
- $strOut = iconv("UTF-8", $iconv_to, $strOut);
- }
- return $strOut;
- }
-
-
-
- ?>