function check_login($i, $twig, $args)
{
if ($s = $i->prepare("SELECT ID, PASSWORD, USERNAME FROM USERS WHERE USERNAME = ?")) {
$s->bind_param('s', $_POST['username']);
$s->bind_result($uid, $upass, $uname);
if ($s->execute()) {
// Query success
if ($s->fetch() && password_verify($_POST['password'], $upass)) {
// Login success
$_SESSION['user-id'] = $uid;
$_SESSION['user-username'] = $uname;
header("Location: index.php");
} else {
// Login failure
login_error($twig, $args, "Invalid login");
}
} else {
// Execution Failure
error_log("Login error, execution: {$i->error}");
login_error($twig, $args, "There was an internal error while logging in. Please contact your administrator.");
}
$s->close();
} else {
// Preparation Failure
error_log("Login error preparation: {$i->error}");
login_error($twig, $args, "There was an internal error while logging in. Please contact your administrator.");
}
}
function login_check()
{
global $smarty;
$email = @$_POST['email'];
$pass = @$_POST['loginpass'];
if (login_needcaptcha()) {
if (recaptcha_verify() !== true) {
login_error(_('The CAPTCHA you entered is incorrect'));
die;
}
}
$ret = user_verify($email, $pass);
if ($ret !== true) {
login_incfail();
login_error($ret);
die;
} else {
user_online($email);
login_resetfail();
$url = 'account.php';
header("Location: {$url}");
$smarty->assign('url', $url);
$smarty->display('templates/redirect.html');
}
}
$print_blank_button = "\n\t\t\t\t<CENTER>\n\t\t\t\t<FORM action=printview_blankscoresheet.php method=POST target=new name=printview>\n\t\t\t\t<input type=submit class=submit name=submit value=\"Print\" class=\"submit\" /> Blank Score Sheet\n\t\t\t\t</form>";
//$new_assignment ="<a href=teach_addAssign2Gradebook.php?lev=".$_GET['lev']."&cat=".$_GET['cat']." onclick=\"return GB_showCenter('Add Assignment to Gradebook', this.href,400,1000)\">Add Assignment</a></center>";
//$new_assignment ="<a href=teach_addAssign2Gradebook.php?lev=".$_GET['lev']."&cat=".$_GET['cat']." class=\"greybox\" title=\"New Assignment\">Add Assignment</a></center>";
$class = $_SESSION[$_CONF['sess_name'] . '_selected_class'];
$sql = "SELECT term_start_date, term_end_date from terms, classes\n WHERE terms.term_id=classes.term_id AND classes.class_id=" . $class;
$result = $db->query($sql);
$row = $result->fetch_assoc();
$term_start = $row['term_start_date'];
$term_end = $row['term_end_date'];
list($sy, $sm, $sd) = preg_split("/-/", $term_start);
list($ey, $em, $ed) = preg_split("/-/", $term_end);
$new_assignment = "\n <script type='text/javascript'>\n \$(document).ready(\n function() {\n \$('input#a_1_due_date').datepick({\n onDate: \$.datepick.noWeekends,\n dateFormat: 'yyyy-mm-dd',\n minDate: new Date(" . $sy . ", " . ($sm - 1) . ", " . $sd . "),\n maxDate: new Date(" . $ey . ", " . ($em - 1) . ", " . $ed . "),\n numberOfMonths: 1\n }),\n \$('#addAssignForm').validationEngine()\n });\n </script>\n <div id=\"greybox\" class=\"greybox\"></div>\n <div id=\"popup\" class=\"popup\">";
$today = date('Y-m-d');
$sql = "SELECT * from categories where class_id=" . $class;
$result = $db->query($sql);
if ($result) {
while ($row = $result->fetch_assoc()) {
$catList .= "\n\t\t\t\t<option value=" . $row['category_id'] . ">" . $row['category_name'] . " (" . $row['category_weight'] . "%)</option>";
}
}
$new_assignment .= "\n <div id=assignDiv name=assignDiv>\n\t\t<div style=\"text-align:center; font-weight:bold; font-size:20px;\">Term Start: " . $sm . "-" . $sd . "-" . $sy . " Term End: " . $em . "-" . $ed . "-" . $ey . "</div>\n\t\t<center>\n\t\t<form id=\"addAssignForm\" name=\"addAssignForm\" action=" . $_SERVER['PHP_SELF'] . " method=post>\n\t\t<table cellspacing=1 cellpadding=3 border=0 bgcolor=black border=0>";
$new_assignment .= "\n\t\t<tr>\n <th align=right>Name</th>\n\t\t\t<td>\n\t\t\t\t<input class=\"validate[required]\" type=text size=30 id=a_1_assignment_name name=a_1_assignment_name />\n\t\t\t</td>\n </tr>\n <tr>\n <th align=right>Category</th>\n\t\t\t<td>\n\t\t\t\t<select id=a_1_category_id name=a_1_category_id>" . $catList . "</select>\n\t\t\t</td>\n </tr>\n <tr>\n <th align=right>Due Date</th>\n\t\t\t<td>\n\t\t\t\t<input class=\"validate[required,custom[date]]\" type=text size=15 id=a_1_due_date name=a_1_due_date value=" . $today . " />\n\t\t\t</td>\n </tr>\n <tr>\n <th align=right>Max Score</th>\n\t\t\t<td>\n\t\t\t\t<input class=\"validate[required,custom[number]]\" type=text size=5 id=a_1_max_score name=a_1_max_score value=100 />\n\t\t\t</td>\n </tr>\n <tr>\n <th align=right>Weight</th>\n\t\t\t<td>\n\t\t\t\t<input class=\"validate[required,custom[number]]\" type=text size=5 id=a_1_weight name=a_1_assignment_weight value=1 />\n\t\t\t</td>\n </tr>\n <tr>\n <th align=right>Extra Credit?</th>\n <td>\n <input class=\"validate[required] radio\" type=radio id=a_1_isExtraCredit name=a_1_isExtraCredit value='Y'>Y \n <input class=\"validate[required] radio\" type=radio id=a_1_isExtraCredit name=a_1_isExtraCredit value='N' checked=\"checked\">N\n </td>\n\t\t</tr>\n\t\t<tr>\n\t\t\t<th align=right>Note</th>\n <td><input type=text size=50 name=a_1_assignment_note /></td>\n\t\t</tr>";
$new_assignment .= "\n\t\t</table>\n\t\t<input type=submit class=submit id=insertAssign name=insertAssign value=Insert />\n\t\t</center>\n </div><!-- end assignDiv -->";
$new_assignment .= "\n <input type=button id=close name=close value=Close />\n </form>\n </div><!-- end pouup div -->\n <div id=\"newAssignPopupDiv\" class=\"newAssignPopupDiv\">\n <input type=submit id=\"newAssignPopup\" name=\"newAssignPopup\" value=\"New Assignment\" />\n </div>";
$b .= "<br />" . $print_gradebook_button . $print_blank_button . $new_assignment;
$main .= make_box($t, $b);
}
/** end if class_id and term_id **/
} else {
$main .= login_error();
}
$token = uniqid();
setcookie("roll", $roll);
setcookie("token", $token);
$login_query = 'update students set token="' . $token . '" where roll=' . $roll;
if (db_exec_only($login_query)) {
$login_success = true;
}
}
}
theme_header('Login');
theme_navbar($login_success, $roll);
?>
<div class="col-lg-5">
<h2><i class="fa fa-sign-in fa-fw"></i> Login <small>Get access student database</small></h2>
<?
if($login_success)
login_success();
else {
if($_POST) {
login_error();
}
theme_login_form();
}
?>
</div>
<?
theme_footer();
db_close();
?>
$result = $db->query("SELECT * FROM cc" . $n . "_users WHERE username='******'");
$row = $db->fetch_array($result);
if (strtolower($row['username']) != $username) {
trace_msg("login ERROR '{$username}' wrong username", 2);
login_error($ln_login_e_2);
exit;
}
if ($row['password'] != md5($password)) {
trace_msg("login ERROR '{$username}' wrong password", 2);
login_error($ln_login_e_2);
exit;
}
if (!$row['serveradmin']) {
$grp_q = $db->query("SELECT `perm_lvl`, `id` FROM `cc" . $n . "_user_groups` WHERE `id` = '" . $row['group'] . "'");
$grp = $db->fetch_array($grp_q);
if (!$grp) {
login_error('Schwerer Fehler! Die Usergruppe konnte nicht gefunden werden! Sie haben keine Berechtigungen für diesen Bereich!');
exit;
}
if ($grp['perm_lvl'] <= 0) {
login_error('Sie haben keine Berechtigungen für diesen Bereich!');
exit;
}
}
$userid = intval($row['userid']);
$_SESSION['userid'] = $userid;
trace_msg("login OK '{$username}' ", 2);
$db->unbuffered_query("UPDATE cc" . $n . "_users SET lastlogin='******', ip='" . getenv("REMOTE_ADDR") . "' WHERE username='******'");
header("LOCATION: " . LITO_MODUL_PATH_URL . 'acp_core/admin.php');
exit;
}
