Example #1
0
     }
 }
 unset($_REQUEST['day_staff']);
 unset($_REQUEST['month_staff']);
 unset($_REQUEST['year_staff']);
 if ($_REQUEST['staff']['SCHOOLS']) {
     foreach ($_REQUEST['staff']['SCHOOLS'] as $school_id => $yes) {
         $schools .= ',' . $school_id;
     }
     $_REQUEST['staff']['SCHOOLS'] = $schools . ',';
 }
 /*	else
 		$_REQUEST['staff']['SCHOOLS'] = $_POST['staff'] = '';*/
 if (count($_POST['staff']) && (User('PROFILE') == 'admin' || basename($_SERVER['PHP_SELF']) == 'index.php')) {
     //modif Francois: Moodle integrator / password
     if (!MoodlePasswordCheck($_REQUEST['staff']['PASSWORD'])) {
         BackPrompt(_('Please enter a valid password'));
     }
     if (UserStaffID() && $_REQUEST['staff_id'] != 'new') {
         $profile_RET = DBGet(DBQuery("SELECT PROFILE,PROFILE_ID,USERNAME FROM STAFF WHERE STAFF_ID='" . UserStaffID() . "'"));
         if (isset($_REQUEST['staff']['PROFILE']) && $_REQUEST['staff']['PROFILE'] != $profile_RET[1]['PROFILE_ID']) {
             if ($_REQUEST['staff']['PROFILE'] == 'admin') {
                 $_REQUEST['staff']['PROFILE_ID'] = '1';
             } elseif ($_REQUEST['staff']['PROFILE'] == 'teacher') {
                 $_REQUEST['staff']['PROFILE_ID'] = '2';
             } elseif ($_REQUEST['staff']['PROFILE'] == 'parent') {
                 $_REQUEST['staff']['PROFILE_ID'] = '3';
             }
         }
         if ($_REQUEST['staff']['PROFILE_ID']) {
             DBQuery("DELETE FROM STAFF_EXCEPTIONS WHERE USER_ID='" . UserStaffID() . "'");
Example #2
0
<?php

DrawHeader(ProgramTitle());
if ($_REQUEST['values'] && $_POST['values']) {
    if ($_REQUEST['tab'] == 'password') {
        $current_password = str_replace("''", "'", $_REQUEST['values']['current']);
        $new_password = str_replace("''", "'", $_REQUEST['values']['new']);
        $verifiy_password = str_replace("''", "'", $_REQUEST['values']['verify']);
        if (mb_strtolower($new_password) != mb_strtolower($verifiy_password)) {
            $error = _('Your new passwords did not match.');
        } elseif (!MoodlePasswordCheck($new_password)) {
            $error = _('Please enter a valid password');
        } else {
            //modif Francois: enable password change for students
            if (User('PROFILE') == 'student') {
                $password_RET = DBGet(DBQuery("SELECT PASSWORD FROM STUDENTS WHERE STUDENT_ID='" . UserStudentID() . "'"));
            } else {
                $password_RET = DBGet(DBQuery("SELECT PASSWORD FROM STAFF WHERE STAFF_ID='" . User('STAFF_ID') . "' AND SYEAR='" . UserSyear() . "'"));
            }
            //modif Francois: add password encryption
            //			if(mb_strtolower($password_RET[1]['PASSWORD'])!=mb_strtolower($current_password))
            if (!match_password($password_RET[1]['PASSWORD'], $current_password)) {
                $error = _('Your current password was incorrect.');
            } else {
                //				DBQuery("UPDATE STAFF SET PASSWORD='******' WHERE STAFF_ID='".User('STAFF_ID')."' AND SYEAR='".UserSyear()."'");
                if (User('PROFILE') == 'student') {
                    DBQuery("UPDATE STUDENTS SET PASSWORD='******' WHERE STUDENT_ID='" . UserStudentID() . "'");
                } else {
                    DBQuery("UPDATE STAFF SET PASSWORD='******' WHERE STAFF_ID='" . User('STAFF_ID') . "' AND SYEAR='" . UserSyear() . "'");
                }
                $note = _('Your new password was saved.');
Example #3
0
             }
         }
     }
 }
 unset($_REQUEST['day_students']);
 unset($_REQUEST['month_students']);
 unset($_REQUEST['year_students']);
 if ((count($_REQUEST['students']) || count($_REQUEST['values'])) && AllowEdit()) {
     //modif Francois: Moodle integrator / password
     if ($_REQUEST['moodle_create_student'] && !MoodlePasswordCheck($_REQUEST['students']['PASSWORD'])) {
         BackPrompt(_('Please enter a valid password'));
     }
     if (UserStudentID() && $_REQUEST['student_id'] != 'new') {
         //modif Francois: Moodle integrator / password
         $old_student_in_moodle = DBGet(DBQuery("SELECT 1 FROM moodlexrosario WHERE rosario_id='" . $_REQUEST['student_id'] . "' AND \"column\"='student_id'"));
         if ($old_student_in_moodle && !empty($_REQUEST['students']['PASSWORD']) && !MoodlePasswordCheck($_REQUEST['students']['PASSWORD'])) {
             BackPrompt(_('Please enter a valid password'));
         }
         if (count($_REQUEST['students'])) {
             $sql = "UPDATE STUDENTS SET ";
             foreach ($_REQUEST['students'] as $column => $value) {
                 if ($column == 'USERNAME' && $value) {
                     if (DBGet(DBQuery("SELECT STUDENT_ID FROM STUDENTS WHERE USERNAME='******' AND STUDENT_ID<>'" . UserStudentID() . "'"))) {
                         $value = '';
                     }
                 }
                 if (!is_array($value)) {
                     //modif Francois: add password encryption
                     if ($column !== 'PASSWORD') {
                         $sql .= "{$column}='" . str_replace('&#39;', "''", $value) . "',";
                     }