$student_id = $_POST['student_id'];
}
if ($student_id == "") {
//we shouldn't be here without a student id.
echo "You've entered this page without supplying a valid student id. Fatal, quitting";
exit;
}
//check permission levels
$permission_level = getPermissionLevel($_SESSION['egps_username']);
if ($permission_level > $MINIMUM_AUTHORIZATION_LEVEL || $permission_level == NULL) {
$system_message = $system_message . "You do not have permission to view this page (IP: " . $_SERVER['REMOTE_ADDR'] . ")";
IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
require IPP_PATH . 'security_error.php';
exit;
}
$our_permission = getStudentPermission($student_id);
if ($our_permission == "WRITE" || $our_permission == "ASSIGN" || $our_permission == "ALL") {
//we have write permission.
$have_write_permission = true;
} else {
$have_write_permission = false;
}
//************** validated past here SESSION ACTIVE WRITE PERMISSION CONFIRMED****************
$student_query = "SELECT * FROM student WHERE student_id = " . mysql_real_escape_string($student_id);
$student_result = mysql_query($student_query);
if (!$student_result) {
$error_message = $error_message . "Database query failed (" . __FILE__ . ":" . __LINE__ . "): " . mysql_error() . "<BR>Query: '{$student_query}'<BR>";
$system_message = $system_message . $error_message;
IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
} else {
$student_row = mysql_fetch_array($student_result);
}
$target_result = mysql_query($target_query);
if (!$target_result) {
$error_message = $error_message . "Database query failed (" . __FILE__ . ":" . __LINE__ . "): " . mysql_error() . "<BR>Query: '{$target_query}'<BR>";
$system_message = $system_message . $error_message;
IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
}
}
}
runQuery();
//check permissions if necessary...
$have_write_permission = false;
switch ($_GET['target']) {
case "guardian":
while ($guardian_row = mysql_fetch_array($target_result)) {
$our_permission = getStudentPermission($guardian_row['student_id']);
if ($our_permission != "WRITE" && $our_permission != "ASSIGN" && $our_permission != "ALL") {
//we don't have permission...
//do nothing.
} else {
$have_write_permission = true;
}
}
break;
}
if (!$have_write_permission) {
$system_message = $system_message . "You do not have permission to view this page (IP: " . $_SERVER['REMOTE_ADDR'] . ")";
IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
require IPP_PATH . 'security_error.php';
exit;
}
$error_message = $error_message . "Database query failed (" . __FILE__ . ":" . __LINE__ . "): " . mysql_error() . "<BR>Query: '{$previous_guardians_query}'<BR>";
$system_message = $system_message . $error_message;
IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
}
//reevaluate our permissions for this student...
$our_permission = getStudentPermission($_GET['student_id']);
if ($our_permission != "READ" && $our_permission != "WRITE" && $our_permission != "ASSIGN" && $our_permission != "ALL") {
//we don't have permission...
$system_message = $system_message . "You do not have permission to view this page (IP: " . $_SERVER['REMOTE_ADDR'] . ")";
IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
require IPP_PATH . 'security_error.php';
exit;
}
//check permissions if necessary...
$have_write_permission = false;
$our_permission = getStudentPermission($_GET['student_id']);
if ($our_permission != "WRITE" && $our_permission != "ASSIGN" && $our_permission != "ALL") {
//we don't have write permission...
//do nothing.
} else {
$have_write_permission = true;
}
?>
<!DOCTYPE HTML>
<HTML lang=en>
<HEAD>
<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-8">
<TITLE><?php
echo $page_title;
if ($iLimit + $iCur < $szTotalStudents) {
echo "<td align=\"right\"><a href=\"./student_archive.php?iCur=" . ($iCur + $iLimit) . "&iLimit={$iLimit}&szSearchVal=" . $_GET['szSearchVal'] . "&field=" . $_GET['field'] . "&SEARCH=" . $_GET['SEARCH'] . "\" class=\"default\">next ";
if ($sqlLogTotals - ($iCur + $iLimit) > $iLimit) {
echo $iLimit . "</td>";
} else {
echo $szTotalStudents - ($iCur + $iLimit) . "</td>";
}
} else {
echo "<td> </td>";
}
echo "</tr>\n";
//end print next and prev links
//print the header row...
echo "<tr><td bgcolor=\"#E0E2F2\"> </td><td align=\"center\" bgcolor=\"#E0E2F2\">UID</td><td align=\"center\" bgcolor=\"#E0E2F2\">Last Name, First Name</td><td align=\"center\" bgcolor=\"#E0E2F2\">School</td><td align=\"center\" bgcolor=\"#E0E2F2\">Permission</td></tr>\n";
while ($student_row = mysql_fetch_array($sqlStudents)) {
$current_student_permission = getStudentPermission($student_row['student_id']);
echo "<tr>\n";
$school_colour = "#FFFFFF";
//all white.
echo "<td bgcolor=\"{$school_colour}\"><input type=\"checkbox\" name=\"" . $student_row['student_id'] . "\" value=\"" . $student_row['first_name'] . " " . $student_row['last_name'] . "\"></td>";
echo "<td bgcolor=\"{$bgcolor}\" class=\"row_default\">" . $student_row['student_id'] . "<p></td>\n";
echo "<td bgcolor=\"{$bgcolor}\"><a href=\"" . IPP_PATH . "student_view.php?student_id=" . $student_row['student_id'] . "\" class=\"default\" ";
if ($current_student_permission == "NONE" || $current_student_permission == "ERROR") {
echo "onClick=\"return noPermission();\" ";
}
echo ">" . $student_row['last_name'] . "," . $student_row['first_name'] . "</a>";
if ($current_student_permission == "READ" || $current_student_permission != "WRITE" || $current_student_permission != "ALL") {
echo "<a href=\"" . IPP_PATH . "ipp_pdf.php?student_id=" . $student_row['student_id'] . "\" class=\"default\" target=\"_blank\"";
if ($current_student_permission == "NONE" || $current_student_permission == "ERROR") {
echo "onClick=\"return noPermission();\" ";
}