function preparedata($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
$data = urldecode($data);
$data = ms_escape_string($data);
return $data;
}
public function escape($escape_value)
{
$this->connect();
if (is_array($escape_value)) {
foreach ($escape_value as $key => $value) {
$escape_value[$key] = ms_escape_string($value);
}
} else {
$escape_value = ms_escape_string($escape_value);
}
return $escape_value;
}
/**
* This function will return a row with student data
*
* @param string $student
* @return mssql result row
*/
function getSMSStudentInfo($student)
{
$ret['error'] = '0';
$ret['message'] = '';
$ret['student'] = '';
list($first, $last) = preg_split("/ /", $student);
$first = ms_escape_string($first);
$last = ms_escape_string($last);
$query = "SELECT * from StudentDemographicData WHERE FirstName like '" . $first . "' AND LastName like '" . $last . "'";
$result = queryMSsql($sql);
$n = mssql_num_rows($result);
if (!$n) {
$ret['error'] = '1';
$ret['message'] = "Problem running query {" . $query . "}. Error: ";
//.mssql_error();
} else {
$row = mssql_fetch_assoc($result);
$ret['message'] = "Found Student using {" . $query . "}";
$info = array();
$info['query'] = $query;
$info['name'] = $row['FirstName'] . " " . $row['LastName'];
$info['STGUID'] = mssql_guid_string($row['STGUID']);
$ret['student'] = $info;
}
return $ret;
}
if (!isset($data) or empty($data)) {
return '';
}
if (is_numeric($data)) {
return $data;
}
$non_displayables = array('/%0[0-8bcef]/', '/%1[0-9a-f]/', '/[\\x00-\\x08]/', '/\\x0b/', '/\\x0c/', '/[\\x0e-\\x1f]/');
foreach ($non_displayables as $regex) {
$data = preg_replace($regex, '', $data);
}
$data = str_replace("'", "", $data);
return $data;
}
if ('GET' == $_SERVER['REQUEST_METHOD']) {
if (!empty($_GET['text'])) {
$freetext = ms_escape_string($_GET["text"]);
} else {
$freetext = '';
}
if (!empty($_GET['subject'])) {
$subject = $_GET["subject"];
} else {
$subject = '';
}
if (!empty($_GET["location"])) {
$location = $_GET["location"];
} else {
$location = '';
}
if (!empty($_GET["semester"])) {
$semester = $_GET["semester"];
$sql->execute();
if ($db->error) {
print $db->errno . " : " . $db->error . "<br>";
exit;
}
$sql->close();
}
/**
*
*/
/**
* NOW for SMS
* Should not need to see if a reccord exists since I push grades up starting right off
* in the beginning of the year.
*/
$sql = "UPDATE StudentGradeRecords\n SET Comment='" . ms_escape_string($_POST['gradeComment']) . "'\n WHERE STGUID='" . $stguid . "' AND SectionID='" . $SectionID . "' AND SchoolYear='" . $schoolYear . "'";
$result = queryMSsql($sql);
}
$cid = -1;
$sid = -1;
if (isset($_SESSION[$_CONF['sess_name'] . '_selected_class'])) {
$cid = $_SESSION[$_CONF['sess_name'] . '_selected_class'];
$result = get_class_info($cid);
$row = $result->fetch_assoc();
$term_id = $row['term_id'];
$interimDueDate = $row['interimsDueDate'];
$gradesDueDate = $row['gradesDueDate'];
$className = $row['course_name'];
$termName = $row['term_name'];
$teacherName = $row['first_name'] . " " . $row['last_name'];
$tid = $_SESSION[$_CONF['sess_name'] . '_myUID'];
$exists = mssql_num_rows($r);
mssql_free_result($r);
if ($exists != 0) {
$errmsg .= "'txn_id' has already been processed: " . $_POST['txn_id'] . "\n";
}
if (!empty($errmsg)) {
// manually investigate errors from the fraud checking
$body = "IPN failed fraud checks: \n{$errmsg}\n\n";
$body .= $listener->getTextReport();
mail($personalEmail, 'Paypal Buyer Notice!', $body);
error_log($body);
exit(0);
} else {
$payer_email = ms_escape_string($_POST['payer_email']);
$mc_gross = ms_escape_string($_POST['mc_gross']);
$username = ms_escape_string($_POST['custom']);
$timenow = date("y-m-d H:i:s", time());
$sql = "INSERT INTO paypal (txn_id,payer_email,mc_gross,username,date)VALUES \r\n ('{$txn_id}', '{$payer_email}', {$mc_gross}, '{$username}', '{$timenow}')";
// Add A logs of buys for server owner [Naty48] .
if (!mssql_query($sql)) {
error_log(mysql_error());
exit(0);
}
//silk update [NATY48]
$silkAmount = $usdToSilks[(int) $mc_gross];
mssql_query("exec CGI.CGI_WebPurchaseSilk 0,'{$username}',0,{$silkAmount},0");
// will execute automated in game update of silks.
}
} else {
// manually investigate the invalid IPN .
// mail($personalEmail, 'Invalid IPN', $listener->getTextReport());
