$val = "now()";
$sql .= $val;
} else {
$sql .= "\"" . $val . "\"";
}
} else {
if ($type == "timestamp") {
$val = rt($name);
if ($val == "") {
$val = "null";
}
// causes timestamp to auto-update
$sql .= $val;
} else {
if ($type == "float") {
$val = rt($name);
if ($val == "") {
$val = 0;
}
$sql .= $val;
} else {
print "<br>";
p_red("UNHANDLED FIELD TYPE: {$type}");
print "<br>";
$sql .= 0;
}
}
}
}
}
$n++;
}
else
{
dbg("login failed");
$uid = "";
$user_type = "";
}
return false;
}
*/
// Process a login
if ($action == "login") {
$username = rt("username");
//$_REQUEST["username"];
$password = rt("password");
//$_REQUEST["password"];
dbg("processing login: username={$username} password={$password}");
$rs = dbExec("select * from users where active=1 and username=\"{$username}\" and password=\"{$password}\"");
// these 3 tests prevent sql injection from being effective on login
if ($rs->RecordCount() == 1 && strtolower($rs->fields("username")) == strtolower($username) && strtolower($rs->fields("password")) == strtolower($password)) {
dbg("login successful");
$uid = $rs->fields("id");
$user_type = $rs->fields("user_type");
$db->Execute("update users set sid='{$sid}', last_login=now() where id={$uid}");
// Set initial login cookies
setCookie("uid", $uid, time() + 60 * ($expire_mins + 5));
setCookie("sid", $sid, time() + 60 * $expire_mins);
$_COOKIE["uid"] = $uid;
$_COOKIE["sid"] = $sid;
logit("user logged in: username={$username} id={$uid} sid={$sid}");
$school_state = strtoupper($school_state);
}
dbg("school_state={$school_state}");
$school_city = rt("school_city");
if ($other_city != "") {
$school_city = $other_city;
}
$school_city = ucfirst($school_city);
dbg("school_city={$school_city}");
$school_name = rt("school_name");
if ($other_name != "") {
$school_name = $other_name;
}
$school_name = ucfirst($school_name);
dbg("school_name={$school_name}");
$confirm = rt("confirm");
$regopen = getField("config", "val", "where tag='registration'");
$regopen = $regopen == "1" ? true : false;
if ($regopen) {
if ($school_state == "") {
include "regintro.php";
}
?>
<div style="margin: 30px;">
<span class=body_copy_blue>
<style>
#inset {
p_red($o->fn . " " . $o->ln . "[" . $o->id . "]:\n");
for ($w = 1; $w <= $game_weeks; $w++) {
$wvs = "w" . $w . "v";
$wvl = "w" . $w . "vendor";
if ($o->{$wvs} == "" && $gd[$wvl] != "") {
$vn = getvname($gd[$wvl], $w, $o->cls);
$sql = "update tracking set {$wvl}='{$vn}' where user_id={$id}";
p_red($sql);
dbExec($sql);
}
}
p_red("");
}
exit;
}
if (rt("reset")) {
b("clearing raised money for teams and students");
//dbExec("delete from vars");
//p("cleared vars table");
dbExec("update tracking set raisedmoney=0");
p("cleared tracking.raisedmoney");
dbExec("update groups set raisedmoney=0");
p("cleared groups.raisedmoney");
dbExec("delete from results");
dbExec("insert into results (uid,gid)\n\t\t\t\tselect id,group_id from users where active=1 and user_type='s' and group_id!=0 and gamedata != ''");
p("Done");
}
b("updating raised money for students");
$tr = array();
$rs = dbExec("select uid,gid from results where raised is NULL");
$rc = $rs->RecordCount();
</tr>
</table></td>
</tr>
<tr>
<td><table align="left" border="0" cellpadding="0" cellspacing="0" width="800">
<tr>
<td width="635" bgcolor="#FFFFFF"> </td>
<td><a href="signin.php" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('Start_Btn','','images/Start_Btn_f2.jpg',1);"><img name="Start_Btn" src="images/Start_Btn.jpg" width="165" height="47" border="0" id="Start_Btn" alt="" /></a></td>
</tr>
<tr>
<td bgcolor="#FFFFFF"> </td>
<td bgcolor="#FFFFFF"> </td>
</tr>
</table></td>
</tr>
<?php
}
?>
</table>
<?php
if (rt("w") != '') {
include "winteams.php";
}
?>
</body>
</html>
<?php
include "footer.php";
echo $style1;
?>
">
<div style="<?php
echo $style2;
?>
"><b>Info</b></div>
** ERROR POSTING MESSAGE **
</div>
<br>
<?php
}
}
} else {
if ($action == "mb_nuke") {
$id = rt("mb_id");
deleteRecords($mb_table, "where id={$id}");
}
}
if (!$mb_nopost) {
?>
<div style="<?php
echo $style1;
?>
">
<div style="<?php
echo $style2;
?>
"><b>Post a Message </b></div>
<table style="padding-top: 10px">
function print_vars($vars)
{
if ($GLOBALS['cli']) {
if (function_exists('rt')) {
print_r($vars);
rt($vars);
} else {
print_r($vars);
}
} else {
if (function_exists('r')) {
r($vars);
} else {
print_r($vars);
}
}
}
$sc = $o->sc;
$school = $o->school;
$school = "<font color=gray size=-1>{$school}</font>";
$t->row($rs->CurrentRow() + 1);
$t->set($rs->CurrentRow() + 1);
$t->set(percbar_str($pcntl, $pcntl));
$t->set($name . "<br>" . $school);
}
$t->dump();
}
}
?>
<p>
<?php
$id = rt("n");
$fc = rt("fc");
if ($id != "") {
function sr($t, $v)
{
?>
<tr>
<td width=320 id=tdh >
<?php
echo $t;
?>
</td>
<td width=320 id=tdc>
<?php
echo $v;
?>
</td>
<?php
include "lib.php";
include "db.php";
echo "<pre>";
//print_r($_REQUEST);
//print_r($_SERVER);
$rep = rt("report");
function send_mail($to, $from, $fromname, $subj, $body, $cc)
{
$hdrs = "Return-Path: <{$from}>\nFrom: {$fromname} <{$from}>\nReturn-Receipt-To: <{$from}>\nReply-To: <{$from}>\n";
if ($cc != "") {
$hdrs .= "Cc: {$cc}\n";
}
$body = preg_replace("|\r|", "", $body);
$body = preg_replace("|\n|", "\r\n", $body);
$r = mail($to, $subj, $body, $hdrs, " -f {$from} ");
return $r;
}
function snip($re, $s)
{
$r = "";
if (preg_match($re, $s, $m)) {
}
$r = $m[1];
echo "snipped {$r}\n";
return $r;
}
$final = snip("/FINAL (.)/i", $rep);
$hostname = snip("/hostname ([^\n]+)/i", $rep);
$username = snip("/username ([^\n]+)/i", $rep);
function pt($text)
{
return preg_replace('/\\|/', '%', rt($text));
}
<div class=body_copy_blue style="margin:30px;">
<?php
if ($user_type != 's') {
header("Location: home.php");
}
$action = rt("action");
$candidate = rt("candidate");
if ($action == "vote" && $candidate != "") {
dbg("candidate={$candidate}");
$id = unobfuscate_number($candidate);
dbg("id={$id}");
if ($id == $uid) {
header("Location: home.php");
}
$sql = "select * from users where id={$id} and group_id={$group_id} and teacher_code={$teacher_code}";
$rs = dbExec($sql);
$rc = $rs->RecordCount();
if ($rc != 1) {
fail("Voting irregularity.");
}
$first_name = $rs->fields("first_name");
$last_name = $rs->fields("last_name");
$username = $rs->fields("username");
$class = $rs->fields("class");
$name = "{$first_name} {$last_name}";
$role = roleName($class);
// $sql = "select count(*) from votes where office = 'mvp' and voter_id=$uid and stamp > date_sub(now(), interval 1 day)";
$sql = "select count(*) from votes where office = 'mvp' and voter_id={$uid}";
$rs = dbExec($sql);
if ($rs->fields(0) > 0) {
?>
</div>
<div >
<table class=stuff border=0>
<tr>
<td colspan=5 class=sutdh><b>User Accounts</b></td>
</tr>
<tr>
<td class=sutdh> Active User Recs </td>
<td class=sutdh> Active Teachers </td>
<td class=sutdh> Active Students </td>
<td class=sutdh> Active Teacher:Student Ratio</td>
<td class=sutd rowspan=2>
<?php
if (rt("act") == "nuke_it") {
echo "<span bgcolor=black><i>Oh brilliant. What did the button say?<br>Now you've really gone and done it.</i></span>";
} else {
?>
<input type=button value="DO NOT CLICK THIS BUTTON" onClick="if(confirm('Are you sure you want to do this?')) document.location = '?act=nuke_it'">
<?php
}
?>
</td>
</tr>
<tr>
<td class=sutd>
<?php
echo $db->GetOne("select count(id) from users where active=1");
?>
</td>
if ($_GET["supw"] == "bubba") {
su_sc("su", "true");
$su = true;
} else {
su_sc("su", "");
$su = false;
}
} else {
if ($_GET["su"] == "off" || $_GET["su"] == "false") {
su_sc("su", "false");
$su = false;
}
}
}
if ($su) {
$action = rt("action");
?>
<div style="background-color: #c00; padding: 0.5em; text-align: center;">
<?php
but("Admin Menu", "a_menu.php");
?>
<?php
but("Support ", "a_support.php");
?>
<?php
but("Dupes", "a_dupstuds.php");
?>
<?php
but("Registration", "a_regctrl.php");
?>
<?php
<?php
include "dbg.php";
include "lib.php";
$where = rt("where");
dbg("where={$where}");
if ($where == "") {
$where = "/";
} else {
if ($where == "/register.php" || $where == "/registration.php") {
$where = "/register.php";
} else {
if ($where == "/prizes.php") {
$where = "/rules.php#Scoring";
}
}
}
//else
//if($where == "/test.php")
// $where = "/test/index.php";
dbg("where={$where}");
jmp($where);
}
function dump($a, $b)
{
var_dump($a, $b);
}
echo "sfc\n";
x(p(1), p(2), p(3), 4);
$y = 'x';
echo "dfc\n";
$y(p(1), p(2), p(3), 4);
echo "smc\n";
c::g(p(1), p(2), p(3), 4);
$y = 'g';
echo "dsmc\n";
c::$y(p(1), p(2), p(3), 4);
echo "occ\n";
$q = new c(p(1), p(2), p(3), 4);
echo "omc\n";
$q->f(p(1), p(2), p(3), 4);
echo "rsfc\n";
rt($a, id(10));
var_dump($a);
dump($v++, $v++);
$v = 10;
dump($v, $v = 0);
echo "nest\n";
x(p(1), x(p(2), p(3), p(4), p(5)), p(6), x(p(7), p(8), p(9), p(10)));
echo "arr\n";
$z = array(p(1), p(2), x(p(3), p(4), p(5), p(6)), p(7));
$q = 1;
$z = array(1, 2, $q);
<?php
include "a_menu.php";
$act = rt("act");
if ($act) {
ob_clean();
$dec = rt("decision");
$col = rt("col");
$val = rt("val");
if ($act == "set") {
$sql = "update scores set {$col}={$val} where decision='{$dec}'";
dbExec($sql);
$nval = dbGetFld("select {$col} from scores where decision='{$dec}'");
echo "ok,{$dec},{$col},{$nval}";
exit;
} else {
if ($act == "clr") {
$sql = "delete from scores where decision='{$dec}'";
dbExec($sql);
$sql = "insert into scores (decision) values ('{$dec}')";
dbExec($sql);
} else {
if ($act == "del") {
$sql = "delete from scores where decision='{$dec}'";
dbExec($sql);
}
}
}
}
include "table.php";
?>
break;
}
//dbg($teams);
}
dbg("============ Done ");
dbg($teams);
echo "<p>";
if ($errcount > 40) {
?>
<p>
<b>*** Batch processing halted - too many errrors ***</b>
</p>
<?php
} else {
if ($errcount == 0) {
if (rt("goforit") == 1) {
// really do it here.
if ($dbg) {
?>
<h2>(Not actually doing it cause you're in debug mode)</h2><?php
} else {
logit("doing batch reg for teacher code {$teacher_code}");
// remove students
nuke_all_students($teacher_code);
// release groups
release_all_groups($teacher_code);
// create groups and assign students
foreach ($teams as $n4 => $t4) {
$ROLE = $r;
$TEAM = $n4;
$s = create_group($teacher_code, $TEAM);
text-align: left;
}
</style>
<div style="margin: 2em;">
<center>
<?php
/*function mailto($s)
{
return "<a href='mailto:$s'>$s</a>";
}
*/
$act = rt("act");
$userqry = rt("userqry");
$user_id = rt("user_id");
$group_id = rt("group_id");
?>
<h3>Support Support Page</h3>
<h4>(somebody shoot me)</h4>
<p>
<form>
<input type='text' name='userqry' value='<?php
echo $userqry;
?>
'>
<input type='submit' value='Search Users'>
</form>
</p>
<?php
include "top.php";
$vid = rt("vid");
?>
<center>
<div style="width: 760px; background-color: white; text-align: justify; padding: 20px;">
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0" width="780" height="350" title="wk_<?php
echo $week;
?>
_videos">
<param
name="movie"
value="<?php
echo $vid;
?>
"
/>
<param
name="quality"
value="high"
/>
<embed
src="<?php
echo $vid;
?>
"
quality="high"
pluginspage="http://www.macromedia.com/go/getflashplayer"
type="application/x-shockwave-flash"
width="780"
} else {
$han = "WDLL-{$db}-{$dt}.sql.gz";
$fp = gzopen($han, "w");
}
$tb = @mysql_query("SHOW TABLES");
while ($X = @mysql_fetch_array($tb)) {
$X = $X['Tables_in_' . $db];
$mf = @mysql_fetch_array(@mysql_query("SHOW CREATE TABLE " . $X));
rt($mf['Create Table'] . ";\n\n");
$sql = @mysql_query("SELECT * FROM " . $X);
if (@mysql_num_rows($sql)) {
while ($row = @mysql_fetch_row($sql)) {
foreach ($row as $v => $w) {
$row[$v] = "'" . @mysql_escape_string($w) . "'";
}
rt("INSERT INTO {$X} VALUES(" . implode(",", $row) . ");\n");
}
}
}
if ($dmt == 'SQL') {
fclose($fp);
} else {
gzclose($fp);
}
header("Content-Disposition: attachment; filename=" . $han);
header("Content-Type: application/download");
header("Content-Length: " . @filesize($han));
@flush();
$fp = @fopen($han, "r");
while (!feof($fp)) {
echo @fread($fp, 65536);
if ($i != 0) {
$f .= ",";
}
$f .= "a{$n}";
if ($i != 0) {
$v .= ",";
}
$a = rt("a{$n}");
if ($a == "") {
$a = 0;
}
$v .= $a;
}
$comments = rt("comments");
$a15other = rt("a15other");
$a16other = rt("a16other");
$sql = "insert into assessment (stamp,user_id,{$f},comments,a15other,a16other) values (now(),{$uid},{$v},\"{$comments}\", \"{$a15other}\", \"{$a16other}\")";
dbg("sql={$sql}");
$rs = dbExec($sql);
$submitted = true;
}
}
if ($submitted) {
?>
<div class=body_Copy_Blue style="padding: 30pt; text-align: center;">
Thank you for filling out the student assessment!
</div>
} else {
$email = rt("email");
$sql = "update users set email='{$email}' where sid='{$sid}'";
dbExec($sql);
if ($db->Affected_Rows() < 1) {
echo "fail\n";
echo "act={$act}\n";
echo "sid={$sid}\n";
echo "email={$email}\n";
} else {
echo "ok";
}
}
} else {
if ($act == "forgot_pass") {
$email = rt("email");
$sql = "select password, username from users where email='{$email}'";
$rs = dbExec($sql);
if ($rs->RecordCount() != 1) {
echo "Sorry, there does not appear to be\nan account using that email address.";
} else {
require_once "mail.php";
$username = $rs->fields("username");
$password = $rs->fields("password");
$from = "*****@*****.**";
$to = array($email);
//,"*****@*****.**");
$subj = "Account information you requested";
$msg = "";
$msg .= "\r\n";
$msg .= "Here is the account information you requested:\r\n";
fail("The teacher-code provided is invalid. Please re-enter.");
}
$school_code = $rs->fields("school_code");
create_student($teacher_code, $first_name, $last_name, $username, $password);
anchorRedirect($anchor, $tab);
}
}
}
}
}
}
}
}
}
}
$tab = rt("tab");
if ($tab == "") {
$tab = "mgr_addstudents";
}
dbg("tab={$tab}");
?>
<style>
#tabcontent {
border-top: solid 1px #ddf;
border-left: solid 1px #aaf;
border-bottom: solid 1px #228;
border-right: solid 1px #228;
padding: 20px;
}
#tab {
border-top: solid 1px #ddf;
}
$email = rt("email");
if ($email == "") {
fail("E-Mail address not provided");
}
$gender = rt("gender");
if ($gender != "f" && $gender != "m") {
$gender = "-";
}
$phone = rt("phone");
$addr = rt("addr");
$email2 = rt("email2");
$emailit = rt("emailit");
$hear = rt("hear");
if ($hear == "other") {
$hear = rt("hear_other");
}
$econf = md5($username . mt_rand(1, 0xffff));
//$sql = "insert into users (active,econf,username,password,email,user_type,first_name,last_name,gender,teacher_code,school_code) values (0,'$econf','$username','$password','$email','$user_type','$first_name','$last_name','$gender',$teacher_code,$school_code)";
$sql = "insert into users (active,created,econf,username,password,email,user_type,first_name,last_name,gender,teacher_code,school_code, email2, emailit, hear, phone, addr) values (1,now(),'{$econf}','{$username}','{$password}','{$email}','{$user_type}','{$first_name}','{$last_name}','{$gender}',{$teacher_code},{$school_code},'{$email2}','{$emailit}','{$hear}','{$phone}','{$addr}')";
dbg("sql={$sql}");
$rs = dbExec($sql);
$insid = $db->Insert_ID();
// create a tracking rec for user
$sql = "insert into tracking (user_id) values ({$insid})";
dbg("sql={$sql}");
$rs = dbExec($sql);
// create a progress rec for user
$sql = "insert into progress (user_id) values ({$insid})";
$rs = dbExec($sql);
// send reg notice to staff
color: #888;
font-size: 11px;
text-align: right;
}
#divider {
border-top: solid 1px #ddd;
height=1;
margin: 25px;
}
#inset {
margin: 30px;
}
</style>
<?php
if ($action == "newquestion") {
$q = rt("q");
if ($q != "") {
$sql = "insert into questions (active,when_submitted,user_id,question) values (1,now(),{$uid},\"{$q}\")";
$rs = dbExec($sql);
$lastid = $db->Insert_ID();
logit("support question {$lastid} submitted by {$uid}");
// send reg. conf. email
include_once "mail.php";
$from = $email;
$fromname = "{$first_name} {$last_name}";
$to = $support_email;
$subj = "Support Question - Virtual Team Challenge";
$msg .= "{$q}\r\n";
$msg .= "\r\n";
sendMail($from, $to, $subj, $msg, $fromname);
}
<?php
include "a_menu.php";
if ($action == "msg") {
$name = rt("msg");
?>
<div id=blueresult>
<?php
echo $msg;
?>
</div>
<?php
} else {
if ($action == "addschool") {
global $db;
$a = array("name", "address", "city", "state", "zip");
$school_code = gen_school_code();
$sql = "insert into schools (";
foreach ($a as $v) {
$sql .= "{$v},";
}
$sql .= "code) values (";
foreach ($a as $v) {
$vv = $_REQUEST[$v];
$sql .= "'{$vv}',";
}
$sql .= "{$school_code})";
if ($action == "setweekmax") {
$w = (int) rt("w");
$sql = "update config set val={$w} where tag='week'";
dbExec($sql);
getconfig();
?>
<br>
MAX task set to <?php
echo $w;
?>
<br>
<br>
<?php
} else {
if ($action == "setweekmin") {
$w = (int) rt("w");
$sql = "update config set val={$w} where tag='weekmin'";
dbExec($sql);
$sql = "update users set week={$w} where week < {$w}";
dbExec($sql);
$sql = "update groups set week={$w} where week < {$w}";
dbExec($sql);
getconfig();
?>
<br>
MIN task set to <?php
echo $w;
?>
<br>
<br>
<?php
<?php
if (rt("trustme") != "on") {
$password = "******";
$timeout = 60;
// in minutes, not seconds!!
$pw = $_COOKIE["ppass"];
// freshen the cookie
function freshen()
{
global $timeout;
global $password;
setCookie("ppass", $password, time() + 60 * $timeout);
}
if ($pw == $password) {
freshen();
} else {
$a = $_REQUEST["action"];
$pw = $_REQUEST["ppass"];
if ($a == "pplogin" && $pw == $password) {
freshen();
$_COOKIE["ppass"] = $password;
} else {
?>
<div style="padding: 50px; margin: 50px; text-align: center;">
<h2>Access Restricted</h2>
<form method=post>
<input type=hidden name=action value=pplogin>
Password: <input type=password name=ppass value="">
<input type=submit value="Login">
</form>
if ($game_over) {
echo __LINE__ . " ERROR\n";
exit;
}
if ($temp_disable) {
echo __LINE__ . " ERROR\n";
exit;
}
include_once "dbg.php";
include_once "lib.php";
include_once "cache.php";
$username = rt("u");
$password = rt("p");
$table = rt("t");
$col = rt("c");
$val = rt("v");
$t = $table;
$c = $col;
$v = $val;
// ******************************
// ******************************
// ******************************
// IP RESTRICTION
// Only certain hosts can access this script
/*
$kosher_ips = array(
"127.0.0.1",
"63.202.45.150", // SLE SAC
"70.102.129.141", // SLE RDD
"71.212.100.35", // joe's house
);
If you would like to be notified about the next run
of the Virtual Team Challenge, enter your email address here
and click "Let me know!" to add yourself to the list.
<div style='margin: 1em;'>
<p>
<form>
<center>
Your E-Mail
<input style='font-size: 100%;' type='text' name='letmeknow' value='' size=15>
<input style='font-size: 100%;' type='submit' value='Let me know!'>
</center>
</form>
</p>
<p>
<?php
$lmk = trim(rt("letmeknow"));
if ($lmk) {
file_get_contents("http://virtualteamchallenge.com/letmeknow.php?letmeknow={$lmk}");
/*dbExec("insert
into prospects
(created,email)
values
(now(),'$lmk')
");*/
?>
<div style="padding: 0.5em; border: solid 1px #8a5; color: blue;">
Stored: <?php
echo $lmk;
?>
<br>
Thanks for your interest.</br>