*/ require_once 'functions.php'; if (!sessionCheck('logged_in')) { postResponse("error", "Your session has expired, please login again"); } require_once 'connect_db.php'; rangeCheck('cId', 2, 20); $cId = strtoupper($_POST['cId']); if (!isset($_SESSION['faculty'])) { $_SESSION['faculty'] = $_SESSION['uName']; } if (!sessionCheck('level', 'faculty') && !empty($_GET['faculty'])) { $_SESSION['faculty'] = $_GET['faculty']; } if (valueCheck('action', 'add')) { rangeCheck('cName', 6, 100); if (empty($_POST["allowConflict"])) { $_POST["allowConflict"] = 0; } try { $query = $db->prepare('INSERT INTO courses(course_Id,course_name,fac_id,allow_conflict) values (?,?,?,?)'); $query->execute([$cId, $_POST['cName'], $_SESSION['faculty'], $_POST["allowConflict"]]); $query = $db->prepare('INSERT INTO allowed(course_Id,batch_name,batch_dept) values (?,?,?)'); foreach ($_POST['batch'] as $batch) { $batch = explode(" : ", $batch); $query->execute([$cId, $batch[0], $batch[1]]); } postResponse("addOpt", "Course Added", [$_POST['cName'], $cId]); } catch (PDOException $e) { if ($e->errorInfo[0] == 23000) { postResponse("error", "Course ID already exists");
$dept_code = ""; if (!empty($_POST['newDpt'])) { rangeCheck('newDpt', 2, 5); rangeCheck('dept', 6, 50); $query = $db->prepare('INSERT INTO depts(dept_code,dept_name) VALUES (?,?)'); try { $query->execute([$_POST['newDpt'], $_POST['dept']]); } catch (PDOException $e) { if ($e->errorInfo[0] != 23000) { // Ignoring if department already exists, reporting otherwise postResponse("error", $e->errorInfo[2]); } } $dept_code = strtoupper($_POST['newDpt']); } else { rangeCheck('dept', 2, 5); $dept_code = strtoupper($_POST['dept']); } // Add faculty to the databases $query = $db->prepare('INSERT INTO faculty(uName,fac_name,pswd,dept_code,dateRegd) VALUES (?,?,?,?,?)'); $pswd = pwdHash($uName, $_POST['pswd']); try { $query->execute(array($uName, $_POST['fullName'], $pswd, $dept_code, date("d M Y h:i A"))); } catch (PDOException $e) { if ($e->errorInfo[0] == 23000) { postResponse("error", "Username already exists"); } else { postResponse("error", $e->errorInfo[2]); } } if ($newAdmin) {
<?php /** * Back end routines to add/delete rooms, invoked by dean.php * @author Avin E.M; Kunal Dahiya */ require_once 'functions.php'; require_once 'connect_db.php'; if (!sessionCheck('level', 'dean')) { die; } rangeCheck('room_name', 2, 25); if (valueCheck('action', 'add')) { rangeCheck('capacity', 1, 3); try { $query = $db->prepare('INSERT INTO rooms(room_name,capacity) values (?,?)'); $query->execute([$_POST['room_name'], $_POST['capacity']]); postResponse("addOpt", "Room Added", [$_POST['room_name'], $_POST['capacity']]); } catch (PDOException $e) { if ($e->errorInfo[0] == 23000) { postResponse("error", "Room already exists"); } else { postResponse("error", $e->errorInfo[2]); } } } elseif (valueCheck('action', 'delete')) { $query = $db->prepare('DELETE FROM rooms where room_name = ?'); $query->execute([$_POST['room_name']]); postResponse("removeOpt", "Room deleted"); }
/** * Back end routines to add/delete batches, invoked by manage.php * @author Avin E.M; Kunal Dahiya */ require_once 'functions.php'; require_once 'connect_db.php'; if (!sessionCheck('logged_in')) { postResponse("error", "Your session has expired, please login again"); } if (!sessionCheck('level', 'dean')) { die('You are not authorized to perform this action'); } if (valueCheck('action', 'add')) { rangeCheck('batch_name', 2, 30); rangeCheck('size', 1, 3); try { $query = $db->prepare('INSERT INTO batches(batch_name,batch_dept,size) values (?,?,?)'); $query->execute([$_POST['batch_name'], $_POST['dept'], $_POST['size']]); postResponse("addOpt", "Batch Added", [$_POST['batch_name'] . ' : ' . $_POST['dept'], $_POST['size']]); } catch (PDOException $e) { if ($e->errorInfo[0] == 23000) { postResponse("error", "Batch already exists"); } else { postResponse("error", $e->errorInfo[2]); } } } elseif (valueCheck('action', 'delete')) { $query = $db->prepare('DELETE FROM batches where batch_name = ? AND batch_dept=?'); $batch = explode(" : ", $_POST['batch']); $query->execute([$batch[0], $batch[1]]);
} // schedule if (isset($_POST['change-schedule']) && $_POST['change-schedule'] == 'Save') { $schedule = readCrontab(); $deviceName = $_POST['deviceName']; if (isset($devices[$deviceName])) { if ($_POST['scheduled'] == 'yes') { function rangeCheck($val, $min, $max) { $val = intval($val); if ($val < $min) { $val = $min; } else { if ($val > $max) { $val = $max; } } return $val; } $schedule[$deviceName]['timeOn']['hour'] = rangeCheck($_POST['timeOnHour'], 0, 23); $schedule[$deviceName]['timeOn']['min'] = rangeCheck($_POST['timeOnMin'], 0, 59); $schedule[$deviceName]['duration']['hour'] = rangeCheck($_POST['durationHour'], 0, 23); $schedule[$deviceName]['duration']['min'] = rangeCheck($_POST['durationMin'], 0, 59); } else { $schedule[$deviceName] = NULL; } writeCrontab($schedule); } } header("Location: {$baseUrl}/"); exit(0);
<?php /** * Back end routines to add/delete departments, invoked by manage.php * @author Avin E.M; Kunal Dahiya */ require_once 'functions.php'; if (!sessionCheck('level', 'dean')) { die; } require_once 'connect_db.php'; rangeCheck('dept_code', 2, 5, false); $dept_code = strtoupper($_POST['dept_code']); if (valueCheck('action', 'add')) { rangeCheck('dName', 6, 50); try { $query = $db->prepare('INSERT INTO depts(dept_code,dept_name) values (?,?)'); $query->execute([$dept_code, $_POST['dName']]); postResponse("addOpt", "Deparment Added", [$_POST['dName'], $dept_code]); } catch (PDOException $e) { if ($e->errorInfo[0] == 23000) { postResponse("error", "Deparment already exists"); } else { postResponse("error", $e->errorInfo[2]); } } } elseif (valueCheck('action', 'delete')) { $query = $db->prepare('DELETE FROM depts where dept_code =?'); $query->execute([$dept_code]); postResponse("removeOpt", "Deparment deleted"); }