cust_die("You need to submit a user ID and/or password string to view this XML feed.");
}
$id = escape_string($_GET['u']);
if (is_numeric($id) == FALSE) {
die("Don't mess with the ID.");
}
$pass = escape_string($_GET['p']);
$real_pass = gen_rss_pass($id);
if ($real_pass != $pass) {
cust_die("Incorrect password.");
}
header("Content-type: text/xml");
$latest = @query("SELECT `timestamp` FROM `mail` WHERE `to`='{$id}' AND `deleted`='0' ORDER BY `timestamp` DESC") or die("Error getting the messages from the database.");
$latest = result($latest);
$latest = $latest->timestamp;
rss_header("phpmygrades mailbox", "your phpmygrades mailbox", "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'], $latest);
$messages = @query("SELECT * FROM `mail` WHERE `to`='{$id}' AND `deleted`='0' ORDER BY `id`") or die("Error getting the messages from the database.");
while ($row = result($messages)) {
$subject = stripslashes($row->subject);
$from = $row->from;
$body = stripslashes($row->body);
$link = server_root . "messages.php";
$timestamp = $row->timestamp;
$sender_query = @query("SELECT `firstname`,`surname` FROM `users` WHERE `ID`='{$from}' LIMIT 1") or die("Error getting information from the database.");
while ($row2 = result($sender_query)) {
$sender = stripslashes($row2->firstname . " " . $row2->surname);
$body = "Sent by {$sender}:<br />" . $body;
rss_item($subject, $body, $link, $timestamp);
}
}
rss_footer();
/**
* return a user's latest grades as a rss feed
*
* gets $user's $number latest grades (from $class; 'all' for all their classes),
* using get_latest_grades(), and makes a rss feed out of them
*/
function rss_latest_grades($user, $number, $class)
{
$real_name = "SELECT `firstname`,`surname` FROM `users` WHERE `ID`='{$user}' LIMIT 1";
$realname = query($real_name) or die("Error getting information from the database.");
while ($row = result($realname)) {
$real_name = stripslashes($row->firstname) . " " . stripslashes($row->surname);
}
$latest_date = "SELECT MAX(`date_assigned`) FROM `grades` WHERE `student_ID`='{$user}' LIMIT 1";
$latest_date = @query($latest_date) or die("Error getting information from the database.");
$latest_date = command_result($latest_date, 0);
rss_header("{$real_name}'s grades", "your latest grades", "http://" . server_root . "classes.php", $latest_date);
$grades = get_latest_grades($user, $number, $class, current_semester);
// break the grades string down into individual grades
$grades = explode("--", $grades);
foreach ($grades as $grade) {
// to get rid of the empty grade
if ($grade != "") {
// break the grade string down into its individual pieces
list($class_id, $assign_id, $assign_name, $assign_date, $points_possible, $points_scored, $grading_period) = split("::", $grade);
// get the class's name and print the grade
$class_name = @query("SELECT `name` FROM `classes` WHERE `ID`='{$class_id}' LIMIT 1") or die("Error getting class name.");
$result = result($class_name);
$class_name = $result->name;
// time to rss-ify 'em
rss_item($class_name . "-- " . $assign_name, "{$points_scored}/{$points_possible}", server_root . "/assignment.php?class={$class_id}%26id={$assign_id}", $assign_date);
}
}
rss_footer();
}
// see if $class is a class
$is_class = @query("SELECT 1 FROM `classes` WHERE `ID`='{$class}' LIMIT 1") or die("Error checking the database.");
if (num_rows($is_class) == 0) {
die("Invalid class.");
}
$class_info = @query("SELECT * FROM `classes` WHERE `ID`='{$class}' LIMIT 1") or die("Error getting information from the database.");
while ($row = result($class_info)) {
$period = $row->period;
$class_name = stripslashes($row->name);
}
$class_name = "Period {$period} {$class_name}";
$last_post = @query("SELECT MAX(timestamp) FROM `news` WHERE `class`='{$class}'") or die("Error getting information from the database.");
$last_post = command_result($last_post, 0);
$posts = @query("SELECT * FROM `news` WHERE `class`='{$class}' LIMIT 5") or die("Error getting the posts from the database.");
header("Content-type: text/xml");
rss_header($class_name . " news", "news for " . $class_name, server_root . "news.php", $last_post);
while ($row = result($posts)) {
$id = $row->ID;
$timestamp = $row->timestamp;
$subject = stripslashes($row->subject);
$body = stripslashes($row->body);
rss_item($subject, $body, server_root . "news.php?archive%26id={$id}", $timestamp);
}
rss_footer();
disconnect_sql();
}
die;
} elseif (isset($_GET['archive'])) {
if (!isset($_GET['id']) or is_numeric($_GET['id']) != "true") {
cust_die("Don't mess with that.");
}
