} else { // get invoices $dbconnw = PDOconnect('nakaweb', $_SESSION["clientdefaults"]["host"], $logname); $theq = " select fullname,invoiceid,invoicedate,paymentreceived,login,invoiceamount,"; $theq .= " case when login is null then "; $theq .= ' \'<input type="text" name="checkno\'||invoiceid::text||\'">\''; $theq .= " else checknumber end as checknumber"; $theq .= " from invoices i"; $theq .= " join client c on i.schoolid=c.clientid"; $theq .= " left join users u on u.userid=receivedby"; $theq .= " order by paymentreceived desc, invoicedate desc, invoiceamount desc"; try { $pdoquery = $dbconnw->prepare($theq); $pdoquery->setFetchMode(PDO::FETCH_OBJ); $pdoquery->execute(); $invoices = $pdoquery->fetchAll(); unset($_SESSION['invoices']); $i = 0; foreach ($invoices as $key => $value) { $_SESSION['invoices'][$i] = $value->invoiceid; $i++; } } catch (PDOException $e) { logit($logname, ' **ERROR** on line ' . __LINE__ . ' with query - ' . $theq . ' ' . $e->getMessage()); $results->errortext = $e->getMessage(); $cancontinue = FALSE; } } $_SESSION['clientdefaults']['pagetitle'] = 'Record Invoice Payments'; $thehtml = LoadTheHTML('page_recordpayment', array('detail_invoices' => $invoices), $logname, 1, 1); echo $thehtml;
$theq .= " union all select 'SchoolCity'"; $theq .= " union all select 'SchoolState'"; $theq .= " union all select 'SchoolZip'"; $theq .= " union all select 'SchoolPhone'"; $theq .= " \$\$) as ("; $theq .= " rowid integer,"; $theq .= " schoolname text,"; $theq .= " schooladdress text,"; $theq .= " schooladdress2 text,"; $theq .= " schoolcity text,"; $theq .= " schoolstate text,"; $theq .= " schoolzip text,"; $theq .= " schoolphone text)"; try { $pdoquery = $dbconn->prepare($theq); $pdoquery->setFetchMode(PDO::FETCH_OBJ); $pdoquery->execute(); $schooldata = $pdoquery->fetchAll(); } catch (PDOException $e) { logit($logname, ' **ERROR** on line ' . __LINE__ . ' with query - ' . $theq . ' ' . $e->getMessage()); $results->errortext = $e->getMessage(); $cancontinue = FALSE; } $_SESSION['post'] = 'method="post"'; $_SESSION['clientdefaults']['pagetitle'] = 'Edit School'; $_SESSION['buttontextschool'] = ' Save '; $_SESSION['cancelbutton'] = ' <a href="school.php"><input class="button" type="submit" value=" Cancel " /></a>'; $_SESSION['editstudentsbutton'] = ''; $thehtml = LoadTheHTML('page_editschool', array('header_schooldetails' => $schooldata), $logname, 1, 1); echo $thehtml; $_SESSION['post'] = '';
$results->success = FALSE; $results->errortext = null; $cancontinue = TRUE; unset($_SESSION['testdetails']); // get list of possible arts $theq = " select distinct clt_description,ct.clt_index,clt_seq"; $theq .= " from students s"; $theq .= " join ranks r on s.stu_index=r.stu_index"; $theq .= " join sysdef.rank_names rn on rn.srk_index=r.srk_index"; $theq .= " join sysdef.class_type ct on ct.clt_index=rn.clt_index"; $theq .= " where current_rank=true"; $theq .= " and student_type in ('A','ANP','APC')"; $theq .= ' order by clt_seq'; try { $pdoquery = $dbconn->prepare($theq); $pdoquery->setFetchMode(PDO::FETCH_OBJ); $pdoquery->execute(); $_SESSION['artselection'] = '<select name="artid">'; while ($row = $pdoquery->fetch()) { $_SESSION['artselection'] .= ' <option value="' . $row->clt_index . '">' . $row->clt_description . '</option>'; } $_SESSION['artselection'] .= '</select>'; } catch (PDOException $e) { logit($logname, ' **ERROR** on line ' . __LINE__ . ' with query - ' . $theq . ' ' . $e->getMessage()); $results->errortext = $e->getMessage(); $cancontinue = FALSE; } $_SESSION['todaysdate'] = date('Y-m-d'); $_SESSION['clientdefaults']['pagetitle'] = 'Record Test'; $thehtml = LoadTheHTML('page_setuptest', null, $logname, 1, 1); echo $thehtml;
} $theq .= " \t\tselect clt_index, clt_seq, short_name, clt_description from sysdef.class_type') as ("; $theq .= " \t\tclt_index integer,"; $theq .= " \t\tclt_seq integer,"; $theq .= " \t\tshort_name character varying(5),"; $theq .= " \t\tclt_description character varying(20))) r on r.clt_index=t.artid"; $theq .= ' left join users u on u.userid=i.receivedby'; $theq .= ' where t.schoolid=:schoolid'; $theq .= ' order by testdate desc, i.invoiceid desc'; try { $pdoquery = $dbconn->prepare($theq); $pdoquery->setFetchMode(PDO::FETCH_OBJ); $pdoquery->execute(array(':schoolid' => $_SESSION["clientdefaults"]["clientid"])); $testdata = $pdoquery->fetchAll(); } catch (PDOException $e) { logit($logname, ' **ERROR** on line ' . __LINE__ . ' with query - ' . $theq . ' ' . $e->getMessage()); $results->errortext = $e->getMessage(); $cancontinue = FALSE; } if ($_SESSION['superuser'] == true) { $_SESSION['createnewuserbutton'] = '<form action="edituser.php">' . '<input type="hidden" name="userid" value="-1">' . '<input class="button" type="submit" value=" Add User " /></form>'; } else { $_SESSION['createnewuserbutton'] = ''; } $_SESSION['buttontextuser'] = '******'; $_SESSION['buttontextschool'] = ' Edit School '; $_SESSION['clientdefaults']['pagetitle'] = 'School Details'; $_SESSION['cancelbutton'] = ''; $_SESSION['editstudentsbutton'] = '<form action="selectstudent.php"><input class="button" type="submit" value=" Students " /></form>'; $thehtml = LoadTheHTML('page_school', array('header_schooldetails' => $schooldata, 'detail_superuserdetails' => $superuserdata, 'detail_userdetails' => $userdata, 'detail_tests' => $testdata), $logname, 1, 1); echo $thehtml;
} $_SESSION['activestudents'] .= "</select></form>"; $theq = 'select * from students s '; $theq .= " where student_type not in ('A','ANP','APC')"; $theq .= ' order by last_name,first_name'; try { $pdoquery = $dbconn->prepare($theq); $pdoquery->setFetchMode(PDO::FETCH_OBJ); $pdoquery->execute(); } catch (PDOException $e) { logit($logname, ' **ERROR** on line ' . __LINE__ . ' with query - ' . $theq . ' ' . $e->getMessage()); $results->errortext = $e->getMessage(); $cancontinue = FALSE; } $_SESSION['inactivestudents'] = '<form action="main.php">' . "<select name=\"dlStudent\" onchange=\"this.form.submit()\">" . "<option value=\"1\" selected>Select a Student</option>"; while ($data = $pdoquery->fetch()) { if (array_key_exists("dlStudent", $_POST) and $_POST["dlStudent"] == $data->stu_index) { $_SESSION['inactivestudents'] .= "<option value=\"" . $data->stu_index . "\" selected>" . $data->last_name . ', ' . $data->first_name . ' ' . $data->middle_name . "</option>"; } else { $_SESSION['inactivestudents'] .= "<option value=\"" . $data->stu_index . "\">" . $data->last_name . ', ' . $data->first_name . ' ' . $data->middle_name . "</option>\n"; } } $_SESSION['inactivestudents'] .= "</select></form>"; $thehtml = LoadTheHTML('page_selectstudent', null, $logname, 1, 1); if ($thehtml == '') { $results->errortext = 'no HTML found at: ' . __LINE__; $cancontinue = FALSE; } $thehtml = str_replace(' ', '', $thehtml); $_SESSION['errormessage'] = ''; echo $thehtml;
logit($logname, ' user has access to multiple clients'); $theq = 'select c.clientid, fullname, ' . $_SESSION["userid"] . ' as userid'; $theq .= ' from client c'; $theq .= ' join clientuser cu on c.clientid = cu.clientid'; $theq .= " where userid = :userid"; $theq .= ' order by fullname'; try { $pdoquery = $PDOconn->prepare($theq); $pdoquery->setFetchMode(PDO::FETCH_OBJ); $pdoquery->execute(array(':userid' => $_SESSION["userid"])); } catch (PDOException $e) { logit($logname, ' **ERROR** on line ' . __LINE__ . ' with query - ' . $theq . ' ' . $e->getMessage()); $cancontinue = FALSE; } $_SESSION['clientdefaults']['fullname'] = 'Select a School'; $thehtml = LoadTheHTML('page_clientselect', array('detail_clients' => $pdoquery->fetchAll()), $logname, 1, 1); if ($thehtml == '') { $results->errortext = 'no HTML found at: ' . __LINE__; $cancontinue = FALSE; } echo $thehtml; } } } // not a GET call } $totaltime = microtime(TRUE) - $starttime; if ($totaltime > 0.5) { logit($logname, " That took a REALLY long time: " . $totaltime . " seconds"); } elseif ($totaltime > 0.25) { logit($logname, " That took a long time: " . $totaltime . " seconds");
function LoadTheHTML($thehtmlfile, $allrows, $logname, $mulitrow, $depth = 1, $changeoncol = '*') { /* * funtion to do row-by-row replacements on html file. final result should be an * html ready to display to the client. * * $thehtmlfile : name of the $_SESSION['html'] key that holds the html text * $allrows : an array of arrays of objects. the first key must match the name of the html file that * will use that particular data. objects, represetning all rows of the data make up the second key * $depth : just for debugging info to tell you how many times the function has recursivly called itself * $multirow : either 1 or x. tells the function that only one row of data is expected for the sake of * doing replacements (there is then no need to repeat the html multiple times) * $changeoncol : column that will dictate the changing of the row color. when this column changes * from one row of data to the next, the color of the row will change too. '*' * means the row color will change every time * * for testing purposes, leftover replacement fields are NOT removed. */ if ($depth > 100) { //prevent infinte loops exit; } $indent = substr(' ', 0, $depth); logit($logname, $indent . 'Loading HTML: ' . $thehtmlfile); $therow = ''; // initialze some vars if (!key_exists($thehtmlfile, $_SESSION['html'])) { logit($logname, $indent . ' **ERROR** the html is MISSING'); exit; } $thehtml = $_SESSION['html'][$thehtmlfile]; $rowtype = 'ReportDetailsEvenDataRow'; // check if there are html's inside this html $i = 0; while (strpos($thehtml, '%%%') != 0 and $i < 10) { // get next html replacement $nextpiece = substr($thehtml, strpos($thehtml, '%%%') + 3); $nextpiece = substr($nextpiece, 0, strpos($nextpiece, '%%%')); //fill var that indicates multi or single row replacements $nextmulitrow = substr($thehtml, strpos($thehtml, '%%%') + 3, 1); //extract the html name $thehtmlname = substr($nextpiece, 2); // get the color change col if present if (strpos($thehtmlname, '|') > 1) { $changeoncol = substr($thehtmlname, strpos($thehtmlname, '|') + 1); //$changeoncol = substr($changeoncol,0,strlen($changeoncol)-3); $thehtmlname = substr($thehtmlname, 0, strpos($thehtmlname, '|')); } else { $changeoncol = '*'; } $newstuff = LoadTheHTML($thehtmlname, $allrows, $logname, $nextmulitrow, $depth + 1, $changeoncol); $thehtml = str_replace('%%%' . $nextpiece . '%%%', $newstuff, $thehtml); $i++; } //for each row of data in the query $lastchangeonvalue = '~%~%~'; if ($mulitrow == 'x') { foreach ($allrows[$thehtmlfile] as $row) { $therow .= $thehtml; //alternating row colors if ($changeoncol == '*' or $row->{$changeoncol} != $lastchangeonvalue) { if ($changeoncol != '*') { $lastchangeonvalue = $row->{$changeoncol}; } if ($rowtype != 'ReportDetailsEvenDataRow') { $rowtype = 'ReportDetailsEvenDataRow'; } else { $rowtype = 'ReportDetailsOddDataRow'; } } $therow = str_replace('%%rowtype%%', $rowtype, $therow); // set tooltips if any if (strpos($therow, '%%tooltip|') != 0) { if (!isset($pdowebcntrl)) { $pdowebcntrl = PDOconnect('wc2', $_SESSION["wc2host"], $logname); } while (strpos($therow, '%%tooltip|') != 0) { $thecol = substr($therow, strpos($therow, '%%tooltip|') + 10); $thecol = substr($thecol, 0, strpos($thecol, '%%')); $thecolvalue = (array) $row; $therow = str_replace('%%tooltip|' . $thecol . '%%', CreateToolTip($thehtmlfile, $thecol, $thecolvalue[$thecol], $_SESSION["userlanguage"], $pdowebcntrl, 'left', $logname), $therow); } } //for each column of the row of data, replace the merge fields with the data form the query foreach ($row as $key => $value) { $therow = str_replace('%%data-' . $key . '%%', $value, $therow); //echo $key.' '; } //echo '<br>'; } } else { if ($mulitrow == '1' or isset($allrows[$thehtmlfile][0])) { // not a multi row $therow .= $thehtml; // set tooltips if any if (strpos($therow, '%%tooltip|') != 0) { if (!isset($pdowebcntrl)) { $pdowebcntrl = PDOconnect('wc2', $_SESSION["wc2host"], $logname); } while (strpos($therow, '%%tooltip|') != 0) { $thecol = substr($therow, strpos($therow, '%%tooltip|') + 10); $thecol = substr($thecol, 0, strpos($thecol, '%%')); //echo ' ' . $thecol; $therow = str_replace('%%tooltip|' . $thecol . '%%', CreateToolTip($thehtmlfile, $thecol, '', $_SESSION["userlanguage"], $pdowebcntrl, 'left', $logname), $therow); } } //for each column of the row of data (if there is any data), replace the merge fields with the data form the query if (isset($allrows[$thehtmlfile][0])) { //var_dump($allrows[$thehtmlfile][0]); foreach ($allrows[$thehtmlfile][0] as $key => $value) { $therow = str_replace('%%data-' . $key . '%%', $value, $therow); } } } } // put menu in if (isset($_SESSION['viewlevel'])) { if ($_SESSION['viewlevel'] == 5) { $therow = str_replace('%%vertmenu%%', $_SESSION['usermenu-account'], $therow); } else { $therow = str_replace('%%vertmenu%%', $_SESSION['usermenu-field'], $therow); } } //localization replacements // foreach ($_SESSION['local'] as $key => $value) { //$therow = str_replace('%%local-' . $key . '%%', $value, $therow); //logit($logname, $key); //} //clientdefault replacements foreach ($_SESSION['clientdefaults'] as $key => $value) { $therow = str_replace('%%clientdefaults-' . $key . '%%', $value, $therow); //logit($logname, $key); } // other misc replacements (accountinfo, userinfo, languagebar) foreach ($_SESSION as $key => $value) { if (!is_array($value)) { $therow = str_replace('%%' . $key . '%%', $value, $therow); // echo $value.'<br>'; } } // erase any leftovers ONLY when running under production if ($_SERVER['SERVER_NAME'] != 'localhost') { $therow = preg_replace('/%%.+%%/', '', $therow); } return $therow; }
} catch (PDOException $e) { logit($logname, ' **ERROR** on line ' . __LINE__ . ' with query - ' . $theq . ' ' . $e->getMessage()); $cancontinue = FALSE; } header('Location: clientselector.php'); exit; } } } } else { $results->success = TRUE; $results->errortext = 'someone looking at the login page'; } if (!$results->success) { $_SESSION['errortext'] = $results->errortext; } $thehtml = LoadTheHTML('page_login', null, $logname, 1, 1); $_SESSION['errortext'] = ''; if ($thehtml == '') { $results->errortext = 'no HTML found at: ' . __LINE__; $cancontinue = FALSE; } $thehtml = str_replace(' ', '', $thehtml); echo $thehtml; if (!$results->success) { logit($logname, " **ERROR** something went wrong in " . __FILE__ . " Error text is: " . $results->errortext); } else { $totaltime = microtime(TRUE) - $starttime; logit($logname, json_encode($results)); logit($logname, " That took: " . $totaltime . " seconds"); }
$theq .= ' join transactions t on c.con_index=t.con_index '; $theq .= ' where stu_index=:student'; $theq .= ' and c.active=false'; $theq .= ' order by start_date desc'; try { $pdoqueryinactive = $dbconn->prepare($theq); $pdoqueryinactive->setFetchMode(PDO::FETCH_OBJ); $pdoqueryinactive->execute(array(':student' => $stu_index)); $contractsi = $pdoqueryinactive->fetchAll(); } catch (PDOException $e) { logit($logname, ' **ERROR** on line ' . __LINE__ . ' with query - ' . $theq . ' ' . $e->getMessage()); $results->errortext = $e->getMessage(); $cancontinue = FALSE; } $_SESSION['clientdefaults']['pagetitle'] = 'Student Info'; $thehtml = LoadTheHTML('page_main', array('shared_student' => $studentdata, 'shared_parents' => $studentdata, 'shared_contact' => $studentdata, 'detail_ranks' => $studentranks, 'header_contractsa' => $contractsa, 'detail_contractsa' => $contractsa, 'header_contractsi' => $contractsi, 'detail_contractsi' => $contractsi, 'detail_medicalalert' => $medalert, 'detail_notes' => $notes), $logname, 1, 1); echo $thehtml; } elseif (key_exists('dlStudent', $_POST)) { // write updates to database and go backto student selection screen $stu_index = $_POST["dlStudent"]; if ($stu_index == -1) { //-1 indicates that this is a new student so we need to get the next id // and do an insert first $theq = "select nextval('seq_students') as stu_index"; try { $pdoquery = $dbconn->prepare($theq); $pdoquery->setFetchMode(PDO::FETCH_OBJ); $pdoquery->execute(); $row = $pdoquery->fetch(); $stu_index = $row->stu_index; } catch (PDOException $e) {
$pdoquery->setFetchMode(PDO::FETCH_OBJ); $pdoquery->execute(array(':artid' => $_SESSION['artid'])); // ?? why assiing another session var to the art id?? $_SESSION['recordtestartid'] = clean_user_input($_GET['artid']); $studentdata = $pdoquery->fetchAll(); unset($_SESSION['activestudents']); $i = 0; foreach ($studentdata as $key => $value) { //echo $value -> stu_index.' '; $_SESSION['activestudents'][$i]['stu_index'] = $value->stu_index; $_SESSION['activestudents'][$i]['first_name'] = $value->first_name; $_SESSION['activestudents'][$i]['last_name'] = $value->last_name; $_SESSION['activestudents'][$i]['srk_description'] = $value->srk_description; $_SESSION['activestudents'][$i]['srk_index'] = $value->srk_index; $_SESSION['activestudents'][$i]['srk_seq'] = $value->srk_seq; $i++; } } catch (PDOException $e) { logit($logname, ' **ERROR** on line ' . __LINE__ . ' with query - ' . $theq . ' ' . $e->getMessage()); $results->errortext = $e->getMessage(); $cancontinue = FALSE; } $_SESSION['step'] = 'verifyit'; $_SESSION['recordtestbuttontitle'] = ' Verify Ranks '; $_SESSION['recordtestcol1name'] = 'Tested'; $_SESSION['recordtestcol2name'] = 'Pay New<br>Member Fee'; $_SESSION['recordtestcol3name'] = 'Skipped'; } $_SESSION['clientdefaults']['pagetitle'] = 'Record Test'; $thehtml = LoadTheHTML('page_recordtest', array('detail_recordtest' => $studentdata), $logname, 1, 1); echo $thehtml;
if (!$email->Send()) { logit($logname, ' **ERROR** EMAIL FAILED: ' . $email->ErrorInfo); } else { logit($logname, ' email sent'); } $results->success = TRUE; } } $_SESSION['errortext'] = $results->errortext; logit($logname, $_SESSION['errortext']); logit($logname, 'refresing display with get'); header('Location: passwordreset.php'); exit; } else { $results->success = TRUE; $results->errortext = 'just someone looking at the password reset page'; } $thehtml = LoadTheHTML('page_passwordreset', null, $logname, 1, 1); $_SESSION['errortext'] = ''; if ($thehtml == '') { $results->errortext = 'no HTML found at: ' . __LINE__; $cancontinue = FALSE; } echo $thehtml; if (!$results->success) { logit($logname, " **ERROR** something went wrong in " . __FILE__ . " Error text is: " . $results->errortext); } else { $totaltime = microtime(TRUE) - $starttime; logit($logname, json_encode($results)); logit($logname, " That took: " . $totaltime . " seconds"); }
$theq .= ColAsInputField('state', '', '', '', '', 'userstate') . ','; $theq .= ColAsInputField('zip', '', '', '', '', 'userzip') . ','; $theq .= ColAsInputField('phone', '', '', 'placeholder="123-123-1234" pattern="[0-9]{3}-[0-9]{3}-[0-9]{4}" title="Please user the format 123-123-1234"', 'tel', 'userphone') . ','; $theq .= ' case when locked then \'Disabled\' else \'Enabled\' end as lockeddisplay'; $theq .= ' from users u'; $theq .= ' where userid=:userid'; try { $pdoquery = $dbconn->prepare($theq); $pdoquery->setFetchMode(PDO::FETCH_OBJ); $pdoquery->execute(array(':userid' => $userid)); $userdata = $pdoquery->fetchAll(); } catch (PDOException $e) { logit($logname, ' **ERROR** on line ' . __LINE__ . ' with query - ' . $theq . ' ' . $e->getMessage()); $results->errortext = $e->getMessage(); $cancontinue = FALSE; } if ($userdata[0]->locked == true) { $enabledselected = ''; $disabledselected = 'selected'; } else { $enabledselected = 'selected'; $disabledselected = ''; } $_SESSION['createnewuserbutton'] = ""; $_SESSION['post'] = 'method="post"'; $_SESSION['clientdefaults']['pagetitle'] = 'Edit User'; $_SESSION['buttontextuser'] = '******'; $_SESSION['cancelbutton'] = ' <a href="school.php"><input class="button" type="submit" value=" Cancel " /></a>' . "<br>Enabled: <select name=\"locked\">" . "<option value=\"false\" " . $enabledselected . ">True</option>" . "<option value=\"true\" " . $disabledselected . ">False</option>" . "</select>"; $thehtml = LoadTheHTML('page_edituser', array('detail_userdetails' => $userdata), $logname, 1, 1); $_SESSION['post'] = ''; echo $thehtml;
$theq .= ' and c.active=true'; $theq .= ' order by start_date desc'; try { $pdoqueryactive = $dbconn->prepare($theq); $pdoqueryactive->setFetchMode(PDO::FETCH_OBJ); $pdoqueryactive->execute(array(':student' => $stu_index)); $contractsa = $pdoqueryactive->fetchAll(); } catch (PDOException $e) { logit($logname, ' **ERROR** on line ' . __LINE__ . ' with query - ' . $theq . ' ' . $e->getMessage()); $results->errortext = $e->getMessage(); $cancontinue = FALSE; } $theq = 'select * from contracts c '; $theq .= ' join sysdef.programs p on p.pro_index=c.pro_index '; $theq .= ' join transactions t on c.con_index=t.con_index '; $theq .= ' where stu_index=:student'; $theq .= ' and c.active=false'; $theq .= ' order by start_date desc'; try { $pdoqueryinactive = $dbconn->prepare($theq); $pdoqueryinactive->setFetchMode(PDO::FETCH_OBJ); $pdoqueryinactive->execute(array(':student' => $stu_index)); $contractsi = $pdoqueryinactive->fetchAll(); } catch (PDOException $e) { logit($logname, ' **ERROR** on line ' . __LINE__ . ' with query - ' . $theq . ' ' . $e->getMessage()); $results->errortext = $e->getMessage(); $cancontinue = FALSE; } $_SESSION['clientdefaults']['pagetitle'] = 'Student Info'; $thehtml = LoadTheHTML('page_main', array('shared_student' => $studentdata, 'shared_parents' => $studentdata, 'shared_contact' => $studentdata, 'detail_ranks' => $pdoqueryranks->fetchAll(), 'header_contractsa' => $contractsa, 'detail_contractsa' => $contractsa, 'header_contractsi' => $contractsi, 'detail_contractsi' => $contractsi, 'detail_medicalalert' => $pdoquerymed->fetchAll(), 'detail_notes' => $pdoquerynotes->fetchAll()), $logname, 1, 1); echo $thehtml;