private function create_metadataID()
{
$ipaddress = NetworkUtils::get_client_address();
$stmt = $this->db->prepare("INSERT INTO review_metadata VALUES(NULL, ?, ?, NOW(), NULL, ?, ?, NULL)");
$stmt->bind_param('iiss', $this->reviewerID, $this->paperID, $this->review_type, $ipaddress);
$stmt->execute();
$reviewID = $this->db->insert_id;
$stmt->close();
return $reviewID;
}
/**
* Get the details of the papers that are currently available for the current user and lab
* @param array $paper_display Reference to array in which to build details of available papers
* @param array $types Array of paper types to check for
* @param UserObject $userObj The current user
* @param mysqli $db Database reference
* @param string $exclude Option ID of a paper to exclude from the check
* @return integer The number of currently active papers
*/
public function get_active_papers(&$paper_display, $types, $userObj, $db, $exclude = '')
{
$type_sql = '';
foreach ($types as $type) {
if ($type_sql != '') {
$type_sql .= ' OR ';
}
$type_sql .= "paper_type='{$type}'";
}
$exclude_sql = '';
if ($exclude != '') {
$exclude_sql = ' AND property_id != ' . $exclude;
}
$paper_no = 0;
$paper_query = $db->prepare("SELECT property_id, paper_type, crypt_name, paper_title, bidirectional, fullscreen, MAX(screen) AS max_screen, labs, calendar_year, password, completed FROM (papers, properties) LEFT JOIN log_metadata ON properties.property_id = log_metadata.paperID AND userID = ? WHERE papers.paper = properties.property_id AND (labs != '' OR password != '') AND ({$type_sql}) AND deleted IS NULL AND start_date < DATE_ADD(NOW(),interval 15 minute) AND end_date > NOW() {$exclude_sql} GROUP BY paper");
$paper_query->bind_param('i', $userObj->get_user_ID());
$paper_query->execute();
$paper_query->store_result();
$paper_query->bind_result($property_id, $paper_type, $crypt_name, $paper_title, $bidirectional, $fullscreen, $max_screen, $labs, $calendar_year, $password, $completed);
while ($paper_query->fetch()) {
if ($labs != '') {
$machineOK = false;
$labs = str_replace(",", " OR lab=", $labs);
$lab_info = $db->query("SELECT address FROM client_identifiers WHERE address = '" . NetworkUtils::get_client_address() . "' AND (lab = {$labs})");
if ($lab_info->num_rows > 0) {
$machineOK = true;
}
$lab_info->close();
} else {
$machineOK = true;
}
if (strpos($userObj->get_username(), 'user') !== 0) {
$moduleIDs = Paper_utils::get_modules($property_id, $db);
if (count($moduleIDs) > 0) {
$moduleOK = false;
if ($calendar_year != '') {
$cal_sql = "AND calendar_year = '" . $calendar_year . "'";
} else {
$cal_sql = '';
}
$module_in = implode(',', array_keys($moduleIDs));
$moduleInfo = $db->prepare("SELECT userID FROM modules_student WHERE userID = ? {$cal_sql} AND idMod IN ({$module_in})");
$moduleInfo->bind_param('i', $userObj->get_user_ID());
$moduleInfo->execute();
$moduleInfo->store_result();
$moduleInfo->bind_result($tmp_userID);
$moduleInfo->fetch();
if ($moduleInfo->num_rows() > 0) {
$moduleOK = true;
}
$moduleInfo->close();
} else {
$moduleOK = true;
}
} else {
$moduleOK = true;
}
if ($machineOK == true and $moduleOK == true) {
$paper_display[$paper_no]['id'] = $property_id;
$paper_display[$paper_no]['paper_title'] = $paper_title;
$paper_display[$paper_no]['crypt_name'] = $crypt_name;
$paper_display[$paper_no]['paper_type'] = $paper_type;
$paper_display[$paper_no]['max_screen'] = $max_screen;
$paper_display[$paper_no]['bidirectional'] = $bidirectional;
$paper_display[$paper_no]['password'] = $password;
$paper_display[$paper_no]['completed'] = $completed;
$paper_no++;
}
}
$paper_query->close();
return $paper_no;
}
}
if (isset($_POST['paperID'])) {
$paper_id = $_POST['paperID'];
}
$student = array();
$student['user_ID'] = $student_id;
$stmt = $mysqli->prepare('SELECT title, initials, surname FROM users WHERE user_deleted IS NULL AND id = ?');
$stmt->bind_param('i', $userID);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($student['title'], $student['initials'], $student['surname']);
$stmt->fetch();
$title = $student['title'];
$initials = $student['initials'];
$surname = $student['surname'];
$current_address = NetworkUtils::get_client_address();
$lab_factory = new LabFactory($mysqli);
$lab_object = $lab_factory->get_lab_based_on_client($current_address);
$propertyObj = PaperProperties::get_paper_properties_by_id($paper_id, $mysqli, $string);
$log_lab_end_time = new LogLabEndTime($lab_object->get_id(), $propertyObj, $mysqli);
$log_extra_time = new LogExtraTime($log_lab_end_time, $student, $mysqli);
$onload = '';
if (isset($_POST['submit'])) {
$invigilator_id = $userObject->get_user_ID();
if ((int) $_POST['extra_time'] == 0) {
$log_extra_time->delete($invigilator_id);
} elseif ((int) $_POST['extra_time'] > 0) {
$special_needs_percentage = $_POST['extra_time'];
$log_extra_time->save($invigilator_id, $special_needs_percentage);
}
$onload = 'closeWindow();';
function loginbutton($displaystdformobj)
{
global $string;
$config = Config::get_instance();
$this->savetodebug('Button Check');
$labs_list = '';
// detect if we should display login button
$paper_match = false;
$ip_match = false;
$query = "SELECT labs FROM properties WHERE start_date < DATE_ADD(NOW(), interval 15 minute) AND end_date > NOW() AND paper_type IN ('1', '2') AND labs != ''";
$results = $this->db->prepare($query);
if ($this->db->error) {
try {
$e = $this->db->error;
$en = $this->db->errno;
throw new Exception("MySQL error {$e} <br /> Query:<br /> {$query}", $en);
} catch (Exception $e) {
echo "Error No: " . $e->getCode() . " - " . $e->getMessage() . "<br />";
echo nl2br($e->getTraceAsString());
}
}
$results->execute();
$results->store_result();
$results->bind_result($labs);
while ($results->fetch()) {
$paper_match = true;
$query = "SELECT address FROM client_identifiers WHERE lab IN ({$labs})";
$sub_results = $this->db->prepare($query);
if ($this->db->error) {
try {
$e = $this->db->error;
$en = $this->db->errno;
throw new Exception("MySQL error {$e} <br /> Query:<br /> {$query}", $en);
} catch (Exception $e) {
echo "Error No: " . $e->getCode() . " - " . $e->getMessage() . "<br />";
echo nl2br($e->getTraceAsString());
}
}
$sub_results->execute();
$sub_results->store_result();
$sub_results->bind_result($address);
while ($sub_results->fetch()) {
$labs_list = $labs_list . ' ' . $address;
if (NetworkUtils::get_client_address() == $address) {
$ip_match = true;
}
}
$sub_results->close();
}
$results->close();
$this->savetodebug('Status paper_match:' . var_export($paper_match, true) . ' ip_match:' . var_export($ip_match, true) . ' ip address:' . var_export(NetworkUtils::get_client_address(), true) . ' <br /> ' . $labs . ' ' . $labs_list);
if ($paper_match === true and $ip_match === true) {
$this->savetodebug('Adding New Button');
$newbutton = new displaystdformobjbutton();
$newbutton->type = 'button';
$newbutton->value = ' ' . $string['guestbutton'] . ' ';
$newbutton->name = 'guestlogin';
$newbutton->class = 'guestlogin';
$displaystdformobj->buttons[] = $newbutton;
$newscript = "\$('.guestlogin').click(function() {\n window.location.href = '" . $config->get('cfg_root_path') . "/users/guest_account.php';\n});";
$displaystdformobj->scripts[] = $newscript;
}
return $displaystdformobj;
}
} else {
$results = shell_exec('wmic cpu get name');
$lines = explode('<br />', nl2br($results));
echo "<tr><td>" . $string['processor'] . "</td><td>" . $lines[1] . "</td></tr>\n";
}
echo "<tr><td style=\"width:90px\">" . $string['servername'] . "</td><td>" . gethostbyaddr(gethostbyname($_SERVER['SERVER_NAME'])) . "</td></tr>\n";
echo "<tr><td>" . $string['hostname'] . "</td><td>" . $_SERVER['HTTP_HOST'] . "</td></tr>\n";
echo "<tr><td>" . $string['ipaddress'] . "</td><td>" . NetworkUtils::get_server_address() . "</td></tr>\n";
echo "<tr><td>" . $string['clock'] . "</td><td>" . date('d F Y H:i:s') . "</td></tr>\n";
echo "<tr><td>" . $string['os'] . "</td><td>" . php_uname('s') . "</td></tr>\n";
echo "<tr><td>" . $string['webserver'] . "</td><td>" . $_SERVER['SERVER_SOFTWARE'] . "</td></tr>\n";
echo "<tr><td>" . $string['php'] . "</td><td>" . phpversion() . "</td></tr>\n";
echo "<tr><td>" . $string['mysql'] . "</td><td>" . $mysqli->server_info . "</td></tr>\n";
echo '<tr><td colspan="2"> </td></tr>';
echo '<tr><td colspan="2" class="sechead">' . $string['clientcomputer'] . '</td></tr>';
echo '<tr><td>' . $string['ipaddress'] . '</td><td>' . NetworkUtils::get_client_address() . '</td></tr>';
echo '<tr><td>' . $string['clock'] . '</td><td><script>the_date = new Date(); document.write(the_date.toLocaleString("' . $language . '")); </script></td></tr>';
echo '<tr><td>' . $string['browser'] . '</td><td>' . $_SERVER['HTTP_USER_AGENT'] . '</td></tr>';
echo '<tr><td colspan="2"> </td></tr>';
echo '<tr><td colspan="2" class="sechead">' . $string['partitions'] . '</td></tr>';
echo '<tr><td colspan="2" rowspan="18" valign="top" align="left"><table cellspacing="0" cellpadding="2" border="0" style="font-size:90%">';
if (php_uname('s') == 'Windows NT') {
$disks = array('A:\\', 'B:\\', 'C:\\', 'D:\\', 'E:\\', 'F:\\', 'G:\\', 'H:\\', 'I:\\', 'J:\\', 'K:\\', 'L:\\', 'M:\\', 'N:\\', 'O:\\', 'P:\\', 'Q:\\', 'R:\\', 'S:\\', 'T:\\', 'U:\\', 'V:\\', 'W:\\', 'X:\\', 'Y:\\', 'Z:\\');
$i = 1;
foreach ($disks as $disk) {
if (file_exists($disk)) {
$master_array[$i][3] = @disk_free_space($disk);
$master_array[$i][1] = @disk_total_space($disk);
$master_array[$i][5] = $disk;
$i++;
}
/**
* Adds a new paper note.
* @param string $note - The text of the note (message).
* @param int $paperID - ID of the paper the note is associated with.
* @param int $authorID - User ID of the member of staff/invigilator creating the note.
* @param object $db - MySQL connection
*/
static function add_note($note, $paperID, $authorID, $db)
{
$current_address = NetworkUtils::get_client_address();
$result = $db->prepare("INSERT INTO paper_notes VALUES (NULL, ?, NOW(), ?, ?, ?)");
$result->bind_param('siis', $note, $paperID, $authorID, $current_address);
$result->execute();
$result->close();
}
public function record_access($user_id, $type, $page)
{
$current_address = NetworkUtils::get_client_address();
$result = $this->_mysqli->prepare('INSERT INTO access_log VALUES(NULL, ?, ?, NOW(), ?, ?)');
$result->bind_param('isss', $user_id, $type, $current_address, $page);
$result->execute();
$result->close();
}
echo "<p style=\"margin-left:90px; color:#C00000\">" . $string['note1'] . " <img src=\"{$configObject->get('cfg_root_path')}/artwork/small_link.png\" width=\"11\" height=\"11\" /> <a href=\"../index.php\"><strong>" . $string['staffmangscreens'] . "</strong></a>?</p>\n";
}
echo "<div class=\"hr_line\"></div>\n<p style=\"margin-left:90px\">" . $string['mostLikely'] . "</p>\n<ul style=\"margin-left:80px\">\n";
$current_address = NetworkUtils::get_client_address();
$ip_info = $mysqli->prepare("SELECT name, room_no FROM (labs, client_identifiers) WHERE labs.id = client_identifiers.lab AND address = ?");
$ip_info->bind_param('s', $current_address);
$ip_info->execute();
$ip_info->store_result();
$ip_info->bind_result($computer_lab, $computer_lab_short);
$ip_info->fetch();
if ($ip_info->num_rows() == 0) {
$computer_lab = $computer_lab_short = '<span style="color:#C00000">' . $string['unknownIp'] . '</span>';
}
$computer_lab_short = $computer_lab_short == '' ? $computer_lab : $computer_lab_short;
$ip_info->close();
echo "<li>" . $string['IPaddress'] . " - " . NetworkUtils::get_client_address() . " {$computer_lab}</li>\n";
echo "<li>" . $string['Time/Date'] . " - " . date('d/m/Y H:i:s') . "</li>\n";
echo "<li>" . $string['yearofstudy'] . " - ";
if ($userObject->get_year() == '') {
echo '<span style="color:#C00000">' . $string['noyear'] . '</span>';
} else {
echo $userObject->get_year();
}
echo "</li>\n";
echo "<li>" . $string['Modules'] . " - \n";
$last_cal_year = '';
$info = $mysqli->prepare("SELECT moduleID, calendar_year FROM modules_student, modules WHERE modules.id = modules_student.idMod AND userID = ? ORDER BY calendar_year DESC, moduleID");
$info->bind_param('i', $userObject->get_user_ID());
$info->execute();
$info->bind_result($user_moduleID, $user_calendar_year);
$info->store_result();
$mysqli = new mysqli($configObject->get('cfg_db_host'), $configObject->get('cfg_db_student_user'), $configObject->get('cfg_db_student_passwd'), $configObject->get('cfg_db_database'));
// Check that the client address of the current user is within the exam lab.
$paper_match = false;
$lab_match = false;
$results = $mysqli->prepare("SELECT labs FROM properties WHERE start_date < DATE_ADD(NOW(), interval 15 minute) AND end_date > NOW() AND paper_type IN ('1','2') AND labs != ''");
$results->execute();
$results->store_result();
$results->bind_result($labs);
while ($results->fetch()) {
$paper_match = true;
$sub_results = $mysqli->prepare("SELECT address FROM client_identifiers WHERE lab IN ({$labs})");
$sub_results->execute();
$sub_results->store_result();
$sub_results->bind_result($address);
while ($sub_results->fetch()) {
if (NetworkUtils::get_client_address() == $address) {
$lab_match = true;
}
}
$sub_results->close();
}
$results->close();
if ($paper_match == false) {
$notice->access_denied($mysqli, $string, $string['cannotfindexams'], false, true);
} elseif ($lab_match == false) {
$msg = sprintf($string['furtherassistance'], $configObject->get('support_email'), $configObject->get('support_email'));
$notice->display_notice_and_exit($mysqli, $string['pagenotfound'], $msg, $string['pagenotfound'], '/artwork/page_not_found.png', '#C00000', true, true);
}
?>
<!DOCTYPE html>
<html>
