if ($_GET['permission'] != $support_row['permission'] && !($our_permission == "ALL" || $our_permission == "ASSIGN")) { $system_message = $system_message . "You don't have the permission level necessary to modify permission levels<BR>"; } else { if (($_GET['permission'] == "ALL" || $_GET['permission'] == "ASSIGN") && !($our_permission == "ALL")) { $system_message = $system_message . "You must be set with 'ALL' level permission to grant 'ASSIGN' permissions and higher"; } else { //we need to update the information here... $update_query = "UPDATE support_list SET support_area='" . mysql_real_escape_string($_GET['support_area']) . "', permission='" . mysql_real_escape_string($_GET['permission']) . "' WHERE student_id={$student_id} AND egps_username='******'username']) . "'"; $update_result = mysql_query($update_query); if (!$update_result) { $error_message = "Database query failed (" . __FILE__ . ":" . __LINE__ . "): " . mysql_error() . "<BR>Query: '{$update_query}'<BR>"; $system_message = $system_message . $error_message; IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR'); } else { if (isset($_GET['mail_notification'])) { mail_notification(mysql_real_escape_string($_GET['username']), "This email has been sent to you to notify you that your permission levels for " . $student_row['first_name'] . " " . $student_row['last_name'] . "'s IPP on the {$IPP_ORGANIZATION} online individual program plan system have been changed to " . mysql_real_escape_string($_GET['permission']) . " access."); } //we need to redirect back to main... header("Location: " . IPP_PATH . "student_view.php?student_id={$student_id}"); } } } } //redo the query...one day should come up with a more efficient method... //get the support list for this student... $support_row = ""; $support_query = "SELECT * FROM support_list LEFT JOIN support_member ON support_list.egps_username=support_member.egps_username WHERE student_id={$student_id} AND support_list.egps_username='******'username']) . "'"; $support_result = mysql_query($support_query); if (!$support_result) { $error_message = "Database query failed (" . __FILE__ . ":" . __LINE__ . "): " . mysql_error() . "<BR>Query: '{$support_query}'<BR>"; $system_message = $system_message . $error_message;
} else { $insert_query = "INSERT INTO support_list (egps_username,student_id,permission,support_area) VALUES ('" . mysql_real_escape_string($_POST['add_username']) . "'," . mysql_real_escape_string($_POST['student_id']) . ",'" . mysql_real_escape_string($_POST['permission_level']) . "','" . mysql_real_escape_string($_POST['support_area']) . "')"; $insert_result = mysql_query($insert_query); if (!$insert_result) { $error_message = $error_message . "Database query failed (" . __FILE__ . ":" . __LINE__ . "): " . mysql_error() . "<BR>Query: '{$insert_query}'<BR>"; $system_message = $system_message . $error_message; IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR'); } else { //get the support list UID before we do another query... $support_list_uid = mysql_insert_id(); //successful add...log information and return to //this students ipp main page IPP_LOG("Added support member " . mysql_real_escape_string($_POST['add_username']) . " to student #" . mysql_real_escape_string($_POST['student_id']), $_SESSION['egps_username'], 'INFORMATIONAL'); if (isset($_POST['mail_notification'])) { //echo "mailing<BR>"; mail_notification(mysql_real_escape_string($_POST['add_username']), "This email has been sent to you to notify you that you have been given " . mysql_real_escape_string($_POST['permission_level']) . " access to " . $student_row['first_name'] . " " . $student_row['last_name'] . "'s IPP on the {$IPP_ORGANIZATION} online individual program plan system."); } header("Location: " . IPP_PATH . "modify_ipp_permission.php?student_id=" . $_POST['student_id']); exit; } } } /*************************** popup chooser support function ******************/ function createJavaScript($dataSource, $arrayName = 'rows') { // validate variable name if (!is_string($arrayName)) { $system_message = $system_message . "Error in popup chooser support function name supplied not a valid string (" . __FILE__ . ":" . __LINE__ . ")"; return FALSE; } // initialize JavaScript string
$update_query = $update_query . "egps_username='******' or "; } } //strip trailing 'or' and whitespace $update_query = substr($update_query, 0, -4); //echo $delete_query; $update_result = mysql_query($update_query); if (!$update_result) { $error_message = "Database query failed (" . __FILE__ . ":" . __LINE__ . "): " . mysql_error() . "<BR>Query: '{$update_query}'<BR>"; $system_message = $system_message . $error_message; IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR'); } else { //send a notification to the people set as site based ipp admin. foreach ($_POST as $key => $value) { if ($key != "delete_users" && $value == "on") { mail_notification(mysql_real_escape_string(str_replace("_", ".", $key)), "This email has been sent to you to notify you that you have been set as one of the school based IPP administrators for your school.\n\nThis means you have full access to all of the IPP's at your school to move and assign permissions to the IPP's there. You are able to add teaching and TA staff members onto the IPP system for your school and you will be sent notifications when students are moved into your school so that you are able to assign the IPPs to the appropriate person.\n"); } } } //$system_message = $delete_query; } //check if we are deleting some people if ((isset($_GET['unset_local_admin_users']) || isset($_GET['unset_local_admin_users_x'])) && $permission_level == 0) { //only super admins //$system_message .= "Debug Msg: unsetting local admin<BR>"; if (!connectIPPDB()) { $system_message = $system_message . $error_message; //just to remember we need this IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR'); } $update_query = "UPDATE support_member SET is_local_ipp_administrator='N' WHERE ";
$system_message = $system_message . $error_message; IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR'); } else { //we need to notify the school based ipp administrator $ipp_admin_query = "SELECT * FROM support_member WHERE school_code=" . mysql_real_escape_string($_POST['school_code']) . " and is_local_ipp_administrator='Y'"; $ipp_admin_result = mysql_query($ipp_admin_query); if (!$ipp_admin_result) { $error_message = "Database query failed (" . __FILE__ . ":" . __LINE__ . "): " . mysql_error() . "<BR>Query: '{$ipp_admin_query}'<BR>"; $system_message = $system_message . $error_message; IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR'); } else { if (mysql_num_rows($ipp_admin_result) <= 0) { $system_message = $system_message . "There doesn't appear to be a school based IPP administrator for this school. The student has been moved but there was nobody at the receiving school notified (You might want to phone and let them know).<BR>"; } else { while ($ipp_admin_row = mysql_fetch_array($ipp_admin_result)) { mail_notification($ipp_admin_row['egps_username'], "This email has been sent to you to notify you that " . $student_row['first_name'] . " " . $student_row['last_name'] . "'s IPP has been moved to your school by " . username_to_common($_SESSION['egps_username']) . ". Please contact them for more information.\n\nYou should update the supervisor information and add the appropriate support members for your school to this students IPP (and remove anybody who should no longer be a support member)."); $system_message = $system_message . $ipp_admin_row['egps_username'] . " "; } $system_message .= " received an emailed notification that this student's IPP was forwarded to their school<BR>"; } } //take a snapshot... $pdf = create_pdf($student_id); //we add the entry. $insert_query = "INSERT INTO snapshot(student_id,date,file,filename) VALUES (" . mysql_real_escape_string($student_id) . ",NOW(),'" . mysql_real_escape_string($pdf->Output("ignored", 'S')) . "','IPP-" . $student_row['first_name'] . " " . $student_row['last_name'] . " " . date("F-d-Y") . ".pdf')"; $insert_result = mysql_query($insert_query); if (!$insert_result) { $error_message = "Snapshot not taken because the database query failed (" . __FILE__ . ":" . __LINE__ . "): " . mysql_error() . "<BR>Query: '" . substr($insert_query, 0, 100) . "[truncated]'<BR>"; $system_message = $system_message . $error_message; IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR'); } else {
$system_message = $system_message . $error_message; IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR'); } else { //if we don't have this user already in the users database then add them if (!mysql_affected_rows()) { $insert_users_query = "INSERT INTO users (login_name,encrypted_password,unencrypted_password,school_code,aliased_name) values (concat('" . mysql_real_escape_string($_GET['add_username']) . "','{$mysql_user_append_to_login}'),PASSWORD('" . mysql_real_escape_string($pwd) . "'),'" . mysql_real_escape_string($pwd) . "'," . mysql_real_escape_string($_GET['school_code']) . ",NULL)"; $insert_users_result = mysql_query($insert_users_query); if (!$insert_users_result) { $error_message = $error_message . "Database query failed (" . __FILE__ . ":" . __LINE__ . "): " . mysql_error() . "<BR>Query: '{$insert_users_query}'<BR>"; $system_message = $system_message . $error_message; IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR'); } } } if (isset($_GET['mail_notification'])) { mail_notification(mysql_real_escape_string($_GET['add_username']), "This email has been sent to you to notify you that you have been added to the {$IPP_ORGANIZATION} online IPP system. You are able to access the system now by going to " . $IPP_PAGE_ROOT . ". Enter your username as '" . $_GET['add_username'] . "' and use the password '" . $pwd . "'"); } require IPP_PATH . "superuser_manage_users.php"; exit; } } } } } } //connect to the user database to search for names.. //if(!connectUserDB()) { // $error_message = $error_message; //just to remember we need this // $system_message = $error_message; // IPP_LOG($system_message,$_SESSION['egps_username'],'ERROR'); //}