*/
require_once 'functions.php';
if (!sessionCheck('logged_in')) {
postResponse("error", "Your session has expired, please login again");
}
require_once 'connect_db.php';
rangeCheck('cId', 2, 20);
$cId = strtoupper($_POST['cId']);
if (!isset($_SESSION['faculty'])) {
$_SESSION['faculty'] = $_SESSION['uName'];
}
if (!sessionCheck('level', 'faculty') && !empty($_GET['faculty'])) {
$_SESSION['faculty'] = $_GET['faculty'];
}
if (valueCheck('action', 'add')) {
rangeCheck('cName', 6, 100);
if (empty($_POST["allowConflict"])) {
$_POST["allowConflict"] = 0;
}
try {
$query = $db->prepare('INSERT INTO courses(course_Id,course_name,fac_id,allow_conflict) values (?,?,?,?)');
$query->execute([$cId, $_POST['cName'], $_SESSION['faculty'], $_POST["allowConflict"]]);
$query = $db->prepare('INSERT INTO allowed(course_Id,batch_name,batch_dept) values (?,?,?)');
foreach ($_POST['batch'] as $batch) {
$batch = explode(" : ", $batch);
$query->execute([$cId, $batch[0], $batch[1]]);
}
postResponse("addOpt", "Course Added", [$_POST['cName'], $cId]);
} catch (PDOException $e) {
if ($e->errorInfo[0] == 23000) {
postResponse("error", "Course ID already exists");
$dept_code = "";
if (!empty($_POST['newDpt'])) {
rangeCheck('newDpt', 2, 5);
rangeCheck('dept', 6, 50);
$query = $db->prepare('INSERT INTO depts(dept_code,dept_name) VALUES (?,?)');
try {
$query->execute([$_POST['newDpt'], $_POST['dept']]);
} catch (PDOException $e) {
if ($e->errorInfo[0] != 23000) {
// Ignoring if department already exists, reporting otherwise
postResponse("error", $e->errorInfo[2]);
}
}
$dept_code = strtoupper($_POST['newDpt']);
} else {
rangeCheck('dept', 2, 5);
$dept_code = strtoupper($_POST['dept']);
}
// Add faculty to the databases
$query = $db->prepare('INSERT INTO faculty(uName,fac_name,pswd,dept_code,dateRegd) VALUES (?,?,?,?,?)');
$pswd = pwdHash($uName, $_POST['pswd']);
try {
$query->execute(array($uName, $_POST['fullName'], $pswd, $dept_code, date("d M Y h:i A")));
} catch (PDOException $e) {
if ($e->errorInfo[0] == 23000) {
postResponse("error", "Username already exists");
} else {
postResponse("error", $e->errorInfo[2]);
}
}
if ($newAdmin) {
<?php
/**
* Back end routines to add/delete rooms, invoked by dean.php
* @author Avin E.M; Kunal Dahiya
*/
require_once 'functions.php';
require_once 'connect_db.php';
if (!sessionCheck('level', 'dean')) {
die;
}
rangeCheck('room_name', 2, 25);
if (valueCheck('action', 'add')) {
rangeCheck('capacity', 1, 3);
try {
$query = $db->prepare('INSERT INTO rooms(room_name,capacity) values (?,?)');
$query->execute([$_POST['room_name'], $_POST['capacity']]);
postResponse("addOpt", "Room Added", [$_POST['room_name'], $_POST['capacity']]);
} catch (PDOException $e) {
if ($e->errorInfo[0] == 23000) {
postResponse("error", "Room already exists");
} else {
postResponse("error", $e->errorInfo[2]);
}
}
} elseif (valueCheck('action', 'delete')) {
$query = $db->prepare('DELETE FROM rooms where room_name = ?');
$query->execute([$_POST['room_name']]);
postResponse("removeOpt", "Room deleted");
}
/**
* Back end routines to add/delete batches, invoked by manage.php
* @author Avin E.M; Kunal Dahiya
*/
require_once 'functions.php';
require_once 'connect_db.php';
if (!sessionCheck('logged_in')) {
postResponse("error", "Your session has expired, please login again");
}
if (!sessionCheck('level', 'dean')) {
die('You are not authorized to perform this action');
}
if (valueCheck('action', 'add')) {
rangeCheck('batch_name', 2, 30);
rangeCheck('size', 1, 3);
try {
$query = $db->prepare('INSERT INTO batches(batch_name,batch_dept,size) values (?,?,?)');
$query->execute([$_POST['batch_name'], $_POST['dept'], $_POST['size']]);
postResponse("addOpt", "Batch Added", [$_POST['batch_name'] . ' : ' . $_POST['dept'], $_POST['size']]);
} catch (PDOException $e) {
if ($e->errorInfo[0] == 23000) {
postResponse("error", "Batch already exists");
} else {
postResponse("error", $e->errorInfo[2]);
}
}
} elseif (valueCheck('action', 'delete')) {
$query = $db->prepare('DELETE FROM batches where batch_name = ? AND batch_dept=?');
$batch = explode(" : ", $_POST['batch']);
$query->execute([$batch[0], $batch[1]]);
}
// schedule
if (isset($_POST['change-schedule']) && $_POST['change-schedule'] == 'Save') {
$schedule = readCrontab();
$deviceName = $_POST['deviceName'];
if (isset($devices[$deviceName])) {
if ($_POST['scheduled'] == 'yes') {
function rangeCheck($val, $min, $max)
{
$val = intval($val);
if ($val < $min) {
$val = $min;
} else {
if ($val > $max) {
$val = $max;
}
}
return $val;
}
$schedule[$deviceName]['timeOn']['hour'] = rangeCheck($_POST['timeOnHour'], 0, 23);
$schedule[$deviceName]['timeOn']['min'] = rangeCheck($_POST['timeOnMin'], 0, 59);
$schedule[$deviceName]['duration']['hour'] = rangeCheck($_POST['durationHour'], 0, 23);
$schedule[$deviceName]['duration']['min'] = rangeCheck($_POST['durationMin'], 0, 59);
} else {
$schedule[$deviceName] = NULL;
}
writeCrontab($schedule);
}
}
header("Location: {$baseUrl}/");
exit(0);
<?php
/**
* Back end routines to add/delete departments, invoked by manage.php
* @author Avin E.M; Kunal Dahiya
*/
require_once 'functions.php';
if (!sessionCheck('level', 'dean')) {
die;
}
require_once 'connect_db.php';
rangeCheck('dept_code', 2, 5, false);
$dept_code = strtoupper($_POST['dept_code']);
if (valueCheck('action', 'add')) {
rangeCheck('dName', 6, 50);
try {
$query = $db->prepare('INSERT INTO depts(dept_code,dept_name) values (?,?)');
$query->execute([$dept_code, $_POST['dName']]);
postResponse("addOpt", "Deparment Added", [$_POST['dName'], $dept_code]);
} catch (PDOException $e) {
if ($e->errorInfo[0] == 23000) {
postResponse("error", "Deparment already exists");
} else {
postResponse("error", $e->errorInfo[2]);
}
}
} elseif (valueCheck('action', 'delete')) {
$query = $db->prepare('DELETE FROM depts where dept_code =?');
$query->execute([$dept_code]);
postResponse("removeOpt", "Deparment deleted");
}
