PageRenderTime 19ms CodeModel.GetById 12ms RepoModel.GetById 1ms app.codeStats 0ms

/documentation/index/index.php

https://github.com/harriswong/ATutor
PHP | 164 lines | 137 code | 20 blank | 7 comment | 35 complexity | 65bd22508cedb885d782e4f9a333dc8e MD5 | raw file
    

  1. <?php

    2. 

  2. require(dirname(__FILE__) .'/../common/vitals.inc.php');

    3. 

  3. 

    4. 

  4. // using 401 authentication

    5. 

  5. if (isset($_GET['login'])) {

    6. 

  6. 	if (!isset($_SERVER['PHP_AUTH_USER'])) {

    7. 

  7. 		header('WWW-Authenticate: Basic realm="Administrator Login"');

    8. 

  8. 		header('HTTP/1.0 401 Unauthorized');

    9. 

  9. 		echo 'Wrong username/password combination.';

    10. 

  10. 		exit;

    11. 

  11. 	} else {

    12. 

  12. 		$_POST['username'] = $_SERVER['PHP_AUTH_USER'];

    13. 

  13. 		$_POST['password'] = $_SERVER['PHP_AUTH_PW'];

    14. 

  14. 		$_POST['submit']   = true;

    15. 

  15. 	}

    16. 

  16. 	unset($_SERVER['PHP_AUTH_USER']);

    17. 

  17. 	unset($_SERVER['PHP_AUTH_PW']);

    18. 

  18. }

    19. 

  19. 

    20. 

  20. $config_location = '../../include/config.inc.php';

    21. 

  21. if (is_file($config_location) && is_readable($config_location)) {

    22. 

  22. 	require($config_location);

    23. 

  23. 	$db = mysql_connect(DB_HOST . ':' . DB_PORT, DB_USER, DB_PASSWORD);

    24. 

  24. 	mysql_select_db(DB_NAME, $db);

    25. 

  25. 

    26. 

  26. 	// check atutor config table to see if handbook notes is enabled.

    27. 

  27. 	$sql    = "SELECT value FROM ".TABLE_PREFIX."config WHERE name='user_notes'";

    28. 

  28. 	$result = @mysql_query($sql, $db);

    29. 

  29. 	if (($row = mysql_fetch_assoc($result)) && $row['value']) {

    30. 

  30. 		define('AT_HANDBOOK_ENABLE', true);

    31. 

  31. 		$enable_user_notes = true;

    32. 

  32. 	}

    33. 

  33. 	define('AT_HANDBOOK_DB_TABLE_PREFIX', TABLE_PREFIX);

    34. 

  34. 

    35. 

  35. 	if (isset($_POST['submit'])) {

    36. 

  36. 		// try to validate $_POST

    37. 

  37. 		// authenticate against the ATutor database if a connection can be made

    38. 

  38. 		$_POST['username'] = addslashes($_POST['username']);

    39. 

  39. 		$_POST['password'] = addslashes($_POST['password']);

    40. 

  40. 			

    41. 

  41. 		if (!$db) {

    42. 

  42. 			$db = @mysql_connect(AT_HANDBOOK_DB_HOST . ':' . AT_HANDBOOK_DB_PORT, AT_HANDBOOK_DB_USER, AT_HANDBOOK_DB_PASSWORD);

    43. 

  43. 			if (@mysql_select_db(AT_HANDBOOK_DB_DATABASE, $db)) {

    44. 

  44. 				$enable_user_notes = true;

    45. 

  45. 			}

    46. 

  46. 		}

    47. 

  47. 			

    48. 

  48. 		// check if it's an admin login.

    49. 

  49. 		$sql = "SELECT login, `privileges` FROM ".TABLE_PREFIX."admins WHERE login='$_POST[username]' AND PASSWORD(password)=PASSWORD('$_POST[password]') AND `privileges`>0";

    50. 

  50. 		$result = mysql_query($sql, $db);

    51. 

  51. 		if ($row = mysql_fetch_assoc($result)) {

    52. 

  52. 			$_SESSION['handbook_admin'] = true;

    53. 

  53. 			header('Location: '.$_SERVER['PHP_SELF']);

    54. 

  54. 			exit;

    55. 

  55. 		}

    56. 

  56. 	} else if (isset($_GET['logout'])) {

    57. 

  57. 		header('WWW-Authenticate: Basic realm="Administrator Login"');

    58. 

  58. 		header('HTTP/1.0 401 Unauthorized');

    59. 

  59. 

    60. 

  60. 		unset($_SERVER['PHP_AUTH_USER']);

    61. 

  61. 		unset($_SERVER['PHP_AUTH_PW']);

    62. 

  62. 		unset($_SESSION['handbook_admin']);

    63. 

  63. 		session_write_close();

    64. 

  64. 		header('Location: '.$_SERVER['PHP_SELF']);

    65. 

  65. 		exit;

    66. 

  66. 	}

    67. 

  67. }

    68. 

  68. 

    69. 

  69. if (!defined('AT_HANDBOOK_ENABLE')) {

    70. 

  70. 	// use local config file

    71. 

  71. 	require('../config.inc.php');

    72. 

  72. 

    73. 

  73. 	if (isset($_POST['submit'])) {

    74. 

  74. 		// try to validate $_POST

    75. 

  75. 		if (($_POST['username'] == AT_HANDBOOK_ADMIN_USERNAME) && ($_POST['password'] == AT_HANDBOOK_ADMIN_PASSWORD)) {

    76. 

  76. 			$_SESSION['handbook_admin'] = true;

    77. 

  77. 			header('Location: '.$_SERVER['PHP_SELF']);

    78. 

  78. 			exit;

    79. 

  79. 		}

    80. 

  80. 	} else if (key($_GET) == 'logout') {

    81. 

  81. 		header('WWW-Authenticate: Basic realm="Administrator Login"');

    82. 

  82. 		header('HTTP/1.0 401 Unauthorized');

    83. 

  83. 

    84. 

  84. 		unset($_SERVER['PHP_AUTH_USER']);

    85. 

  85. 		unset($_SERVER['PHP_AUTH_PW']);

    86. 

  86. 		unset($_SESSION['handbook_admin']);

    87. 

  87. 		session_write_close();

    88. 

  88. 		header('Location: '.$_SERVER['PHP_SELF']);

    89. 

  89. 		exit;

    90. 

  90. 	}

    91. 

  91. }

    92. 

  92. 

    93. 

  93. if (!$db && defined('AT_HANDBOOK_ENABLE') && AT_HANDBOOK_ENABLE) {

    94. 

  94. 	$db = @mysql_connect(AT_HANDBOOK_DB_HOST . ':' . AT_HANDBOOK_DB_PORT, AT_HANDBOOK_DB_USER, AT_HANDBOOK_DB_PASSWORD);

    95. 

  95. 	@mysql_select_db(AT_HANDBOOK_DB_DATABASE, $db);

    96. 

  96. 	$enable_user_notes = true;

    97. 

  97. }

    98. 

  98. ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict //EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

    99. 

  99. <html lang="<?php if ($req_lang) { echo $req_lang; } else { echo 'dp'; } ?>">

    100. 

  100. <head>

    101. 

  101. 	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

    102. 

  102. 	<title><?php get_text('doc_title'); ?></title>

    103. 

  103. 	<link rel="stylesheet" href="../common/styles.css" type="text/css" />

    104. 

  104. </head>

    105. 

  105. <body>

    106. 

  106. <?php if ($missing_lang): ?>

    107. 

  107. 	<div style="margin: 20px auto; border: 1px solid #aaf; padding: 4px; text-align: center; background-color: #eef;">

    108. 

  108. 		<?php get_text('page_not_translated'); ?>

    109. 

  109. 	</div>

    110. 

  110. <?php endif; ?>

    111. 

  111. 

    112. 

  112. <h1><?php get_text('doc_title'); ?></h1>

    113. 

  113. <p><?php get_text('doc_welcome'); ?></p>

    114. 

  114. 

    115. 

  115. 	<ol>

    116. 

  116. 		<li><a href="../general/index.php?<?php echo $req_lang; ?>"><?php get_text('doc_user'); ?></a></li>

    117. 

  117. 		<li><a href="../admin/index.php?<?php echo $req_lang; ?>"><?php get_text('doc_admin'); ?></a></li>

    118. 

  118. 		<li><a href="../instructor/index.php?<?php echo $req_lang; ?>"><?php get_text('doc_instructor'); ?></a></li>

    119. 

  119. 		<li><a href="../developer/guidelines.html"><?php get_text('doc_dev'); ?></a></li>

    120. 

  120. 		<li><a href="../developer/modules.html"><?php get_text('doc_mods'); ?></a></li>

    121. 

  121. 		<li><a href="../developer/themes.html"><?php get_text('doc_themes'); ?></a></li>

    122. 

  122. 	</ol>

    123. 

  123. 

    124. 

  124. 	<ol>

    125. 

  125. 		<li><a href="http://www.atutor.ca" target="new">atutor.ca</a></li>

    126. 

  126. 		<li><a href="http://www.atutor.ca/forums/" target="new">atutor.ca/forums/</a></li>

    127. 

  127. 		<li><a href="http://www.atutor.ca/atutor/docs/index.php" target="new">atutor.ca/atutor/docs/</a></li>

    128. 

  128. 	</ol>

    129. 

  129. 

    130. 

  130. <?php if ($enable_user_notes && (!isset($_SESSION['handbook_admin']) || (isset($_SESSION['handbook_admin']) && !$_SESSION['handbook_admin']))): ?>

    131. 

  131. 	<div style="text-align: right;">

    132. 

  132. 		<p><?php get_text('doc_notes_enabled');  ?></p>

    133. 

  133. 	</div>

    134. 

  134. <?php elseif ($enable_user_notes): ?>

    135. 

  135. 

    136. 

  136. 	<p><?php get_text('doc_logged_in'); ?></p>

    137. 

  137. 

    138. 

  138. 	<?php

    139. 

  139. 		$sql = "SELECT note_id, date, section, page, email, note FROM ".AT_HANDBOOK_DB_TABLE_PREFIX."handbook_notes WHERE approved=0 ORDER BY date DESC";

    140. 

  140. 		$result = mysql_query($sql, $db);

    141. 

  141. 	?>

    142. 

  142. 	<div class="add-note">

    143. 

  143. 		<h3><?php get_text('doc_unapproved_notes'); ?></h3>

    144. 

  144. 	</div>

    145. 

  145. 

    146. 

  146. 	<?php if ($result && (mysql_num_rows($result) > 0)): ?>

    147. 

  147. 		<?php while ($row = mysql_fetch_assoc($result)): ?>

    148. 

  148. 			<div class="note">

    149. 

  149. 				<h5><?php echo $row['date']; ?>

    150. 

  150. 					<a href="../approve_note.php?id=<?php echo $row['note_id']; ?>" onclick="return confirm('<?php echo get_text('doc_approved_confirm'); ?>');"><?php  get_text('doc_approve'); ?></a> | 

    151. 

  151. 					<a href="../delete_note.php?id=<?php echo $row['note_id']; ?>" onclick="return confirm('<?php echo get_text('doc_delete_confirm'); ?>');"><?php get_text('doc_delete'); ?></a>

    152. 

  152. 				</h5>

    153. 

  153. 				<h4><?php echo $row['email'];?></h4>

    154. 

  154. 				<p><?php echo nl2br($row['note']); ?></p>

    155. 

  155. 			</div>

    156. 

  156. 		<?php endwhile; ?>

    157. 

  157. 	<?php else: ?>

    158. 

  158. 		<div class="note"><?php get_text('doc_no_notes'); ?></div>

    159. 

  159. 	<?php endif; ?>

    160. 

  160. 

    161. 

  161. <?php endif; ?>

    162. 

  162. 

    163. 

  163. </body>

    164. 

  164. </html>
    165.