/** * return a user's latest grades as a rss feed * * gets $user's $number latest grades (from $class; 'all' for all their classes), * using get_latest_grades(), and makes a rss feed out of them */ function rss_latest_grades($user, $number, $class) { $real_name = "SELECT `firstname`,`surname` FROM `users` WHERE `ID`='{$user}' LIMIT 1"; $realname = query($real_name) or die("Error getting information from the database."); while ($row = result($realname)) { $real_name = stripslashes($row->firstname) . " " . stripslashes($row->surname); } $latest_date = "SELECT MAX(`date_assigned`) FROM `grades` WHERE `student_ID`='{$user}' LIMIT 1"; $latest_date = @query($latest_date) or die("Error getting information from the database."); $latest_date = command_result($latest_date, 0); rss_header("{$real_name}'s grades", "your latest grades", "http://" . server_root . "classes.php", $latest_date); $grades = get_latest_grades($user, $number, $class, current_semester); // break the grades string down into individual grades $grades = explode("--", $grades); foreach ($grades as $grade) { // to get rid of the empty grade if ($grade != "") { // break the grade string down into its individual pieces list($class_id, $assign_id, $assign_name, $assign_date, $points_possible, $points_scored, $grading_period) = split("::", $grade); // get the class's name and print the grade $class_name = @query("SELECT `name` FROM `classes` WHERE `ID`='{$class_id}' LIMIT 1") or die("Error getting class name."); $result = result($class_name); $class_name = $result->name; // time to rss-ify 'em rss_item($class_name . "-- " . $assign_name, "{$points_scored}/{$points_possible}", server_root . "/assignment.php?class={$class_id}%26id={$assign_id}", $assign_date); } } rss_footer(); }
disconnect_sql(); } else { connect_sql(); // see if $class is a class $is_class = @query("SELECT 1 FROM `classes` WHERE `ID`='{$class}' LIMIT 1") or die("Error checking the database."); if (num_rows($is_class) == 0) { die("Invalid class."); } $class_info = @query("SELECT * FROM `classes` WHERE `ID`='{$class}' LIMIT 1") or die("Error getting information from the database."); while ($row = result($class_info)) { $period = $row->period; $class_name = stripslashes($row->name); } $class_name = "Period {$period} {$class_name}"; $last_post = @query("SELECT MAX(timestamp) FROM `news` WHERE `class`='{$class}'") or die("Error getting information from the database."); $last_post = command_result($last_post, 0); $posts = @query("SELECT * FROM `news` WHERE `class`='{$class}' LIMIT 5") or die("Error getting the posts from the database."); header("Content-type: text/xml"); rss_header($class_name . " news", "news for " . $class_name, server_root . "news.php", $last_post); while ($row = result($posts)) { $id = $row->ID; $timestamp = $row->timestamp; $subject = stripslashes($row->subject); $body = stripslashes($row->body); rss_item($subject, $body, server_root . "news.php?archive%26id={$id}", $timestamp); } rss_footer(); disconnect_sql(); } die; } elseif (isset($_GET['archive'])) {
} // see if the category is valid $valid_category = @query("SELECT 1 FROM `categories` WHERE `ID`='{$category}' LIMIT 1") or die("Error checking the database."); if (num_rows($valid_category) == 0) { cust_die("Invalid category."); } $students = get_students($class_id); $students = explode(",", $students); foreach ($students as $student) { if (!isset($_POST[$student . "_scored"]) or $_POST[$student . "_scored"] == "") { cust_die("You must fill in a grade for all students. If a student doesn't have that grade, fill the box in with an x."); } } // get the assignment's number $assign_number = @query("SELECT MAX(`assign_number`) FROM `grades` WHERE `class_id`='{$class_id}'") or die("Error getting information from the database."); $result = command_result($assign_number, 0); $assign_number = $result; $assign_number++; $grading_period = current_semester; foreach ($students as $student) { $points_scored = escape_string($_POST[$student . "_scored"]); $query = "INSERT INTO `grades` (`class_id`, `assign_number`, `assign_name`, `assign_desc`, `date_assigned`, `grading_period`, `student_ID`, `points_possible`, `points_scored`"; if (isset($_POST[$student . "_comment"])) { if (strlen($_POST[$student . "_comment"]) <= 255) { $comment = escape_string(htmlspecialchars($_POST[$student . "_comment"])); $query .= ", `comment`"; } } $query .= ", `category`) VALUES ('{$class_id}', '{$assign_number}', '{$assign_name}', '{$description}', '{$timestamp}', '{$grading_period}', '{$student}', '{$points_possible}', '{$points_scored}'"; if (isset($comment)) { $query .= ", '{$comment}'";
$password = strrev($password); $password = substr($password, 0, 7); } elseif (isset($_POST['pass1']) and $_POST['pass1'] != "") { if (!isset($_POST['pass2']) or $_POST['pass2'] == "") { cust_die("You must confirm the user's password."); } elseif ($_POST['pass1'] != $_POST['pass2']) { cust_die("The passwords did not match."); } else { $password = escape_string($_POST['pass1']); } } $cryptedpass = md5(md5($password)); // add the user to the database add_user($username, $cryptedpass, "1", $firstname, $surname, $gender, $email); $student_id = @query("SELECT `ID` FROM `users` WHERE `username`='{$username}' LIMIT 1") or die("Error getting the student's ID number."); $student_id = command_result($student_id, 0); $classes = ""; // add 'em to the student table for ($i = 1; $i <= number_of_semesters; $i++) { $classes .= "{$i}\\{"; for ($day = 1; $day <= 5; $day++) { switch ($day) { case 1: $classes .= "Mon"; break; case 2: $classes .= "Tue"; break; case 3: $classes .= "Wed"; break;