mysql_query($sql);
}
}
}
// Title validation ends to show error message add else after this line
}
unset($_REQUEST['values']);
unset($_SESSION['_REQUEST_vars']['values']);
unset($_REQUEST['profiles']);
unset($_SESSION['_REQUEST_vars']['profiles']);
}
DrawBC("School Setup > " . ProgramTitle());
if (clean_param($_REQUEST['modfunc'], PARAM_ALPHAMOD) == 'remove' && AllowEdit()) {
if (DeletePrompt_Portal('message')) {
// echo paramlib_validation($column=SORT_ORDER,$_REQUEST[id]); exit;
DBQuery('DELETE FROM portal_notes WHERE ID=\'' . paramlib_validation($column = SORT_ORDER, $_REQUEST[id]) . '\'');
unset($_REQUEST['modfunc']);
}
}
if ($_REQUEST['modfunc'] != 'remove') {
$sql = 'SELECT ID,SORT_ORDER,TITLE,CONTENT,START_DATE,END_DATE,PUBLISHED_PROFILES,CASE WHEN END_DATE IS NOT NULL AND END_DATE<CURRENT_DATE THEN \'Y\' ELSE NULL END AS EXPIRED FROM portal_notes WHERE (SCHOOL_ID=\'' . UserSchool() . '\' OR SCHOOL_ID IS NULL) AND SYEAR=\'' . UserSyear() . '\' ORDER BY EXPIRED DESC,SORT_ORDER,PUBLISHED_DATE DESC';
$QI = DBQuery($sql);
$notes_RET = DBGet($QI, array('TITLE' => '_makeTextInput', 'CONTENT' => '_makeContentInput', 'SORT_ORDER' => '_makeTextInput', 'START_DATE' => '_makePublishing'));
$columns = array('TITLE' => 'Title', 'CONTENT' => 'Note', 'SORT_ORDER' => 'Sort Order', 'START_DATE' => 'Publishing Options');
//,'START_TIME'=>'Start Time','END_TIME'=>'End Time'
$link['add']['html'] = array('TITLE' => _makeTextInput('', 'TITLE'), 'CONTENT' => _makeContentInput('', 'CONTENT'), 'SHORT_NAME' => _makeTextInput('', 'SHORT_NAME'), 'SORT_ORDER' => _makeTextInput('', 'SORT_ORDER'), 'START_DATE' => _makePublishing('', 'START_DATE'));
$link['remove']['link'] = "Modules.php?modname={$_REQUEST['modname']}&modfunc=remove";
$link['remove']['variables'] = array('id' => 'ID');
echo "<FORM name=F2 id=F2 action=Modules.php?modname={$_REQUEST['modname']}&modfunc=update method=POST>";
#DrawHeader('',SubmitButton('Save'));
ListOutput($notes_RET, $columns, 'Note', 'Notes', $link);
$sql .= '(' . substr($fields, 0, -1) . ') values(' . substr($values, 0, -1) . ')';
$validate_title = DBGet(DBQuery('SELECT * FROM rooms WHERE TITLE=\'' . $title . '\' AND SCHOOL_ID=\'' . UserSchool() . '\''));
if (count($validate_title) != 0) {
echo "<font color='red'><b>Unable to save data, because title already exists.</b></font>";
} else {
if ($go) {
DBQuery($sql);
}
}
}
}
}
}
DrawBC("School Setup > " . ProgramTitle());
if (clean_param($_REQUEST['modfunc'], PARAM_ALPHAMOD) == 'remove' && AllowEdit()) {
$room_id = paramlib_validation($colmn = PERIOD_ID, $_REQUEST[id]);
$has_assigned_RET = DBGet(DBQuery("SELECT COUNT(*) AS TOTAL_ASSIGNED FROM course_period_var WHERE room_id='{$room_id}'"));
$has_assigned = $has_assigned_RET[1]['TOTAL_ASSIGNED'];
if ($has_assigned > 0) {
$qs = 'Modules.php?modname=schoolsetup/Rooms.php';
UnableDeletePromptMod('Cannot delete because room are associated.', 'delete', $qs);
} else {
$qs = 'Modules.php?modname=schoolsetup/Rooms.php';
if (DeletePromptMod('room', $qs)) {
DBQuery("DELETE FROM rooms WHERE room_id='{$room_id}'");
unset($_REQUEST['modfunc']);
}
}
}
if ($_REQUEST['modfunc'] != 'remove') {
$sql = "SELECT ROOM_ID,TITLE,TITLE as NAME,CAPACITY,DESCRIPTION,SORT_ORDER FROM rooms WHERE school_id='" . UserSchool() . "' ORDER BY sort_order";
// ----------------------------------------------- //
}
}
if (($scheduleAssociation || $gradeAssociation) && is_array($asso_err)) {
foreach ($asso_err as $err) {
ShowErrPhp($err);
}
}
}
unset($_REQUEST['tables']);
}
if (clean_param($_REQUEST['modfunc'], PARAM_ALPHAMOD) == 'delete' && AllowEdit()) {
unset($sql);
$course_period_id = paramlib_validation($colmn = PERIOD_ID, $_REQUEST[course_period_id]);
$course_id = paramlib_validation($colmn = PERIOD_ID, $_REQUEST[course_id]);
$subject_id = paramlib_validation($colmn = PERIOD_ID, $_REQUEST[subject_id]);
if (clean_param($_REQUEST['course_period_id'], PARAM_ALPHANUM)) {
$table = 'course period';
$sql[] = 'UPDATE course_periods SET PARENT_ID=NULL WHERE PARENT_ID=\'' . $course_period_id . '\'';
$sql[] = 'DELETE FROM course_periods WHERE COURSE_PERIOD_ID=\'' . $course_period_id . '\'';
$sql[] = 'DELETE FROM schedule WHERE COURSE_PERIOD_ID=\'' . $course_period_id . '\'';
} elseif (clean_param($_REQUEST['course_id'], PARAM_ALPHANUM)) {
$table = 'course';
$course_period = DBGet(DBQuery('SELECT COURSE_PERIOD_ID FROM course_periods WHERE COURSE_ID=\'' . $course_id . '\''));
//print_r($course_period['COURSE_PERIOD_ID']);
foreach ($course_period as $course1) {
if ($course1['COURSE_PERIOD_ID'] == '') {
//echo 'hiii';exit;
$sql[] = 'DELETE FROM courses WHERE COURSE_ID=\'' . $course_id . '\'';
#$sql[] = "UPDATE course_periods SET PARENT_ID=NULL WHERE PARENT_ID IN (SELECT COURSE_PERIOD_ID FROM course_periods WHERE COURSE_ID='$_REQUEST[course_id]')";
############# query error solved ##############
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#***************************************************************************************
include '../../RedirectModulesInc.php';
DrawBC("users > " . ProgramTitle());
if (clean_param($_REQUEST['values'], PARAM_NOTAGS) && ($_POST['values'] || $_REQUEST['ajax'])) {
if (clean_param($_REQUEST['tab'], PARAM_ALPHAMOD) == 'password') {
$column_name = PASSWORD;
$pass_current = paramlib_validation($column_name, $_REQUEST['values']['current']);
$pass_new = paramlib_validation($column_name, $_REQUEST['values']['new']);
$pass_verify = paramlib_validation($column_name, $_REQUEST['values']['verify']);
$pass_new_after = md5($pass_new);
$profile_RET = DBGet(DBQuery('SELECT s.PROFILE FROM staff s , staff_school_relationship ssr WHERE s.STAFF_ID=ssr.STAFF_ID AND s.STAFF_ID=\'' . User('STAFF_ID') . '\' AND ssr.SYEAR=\'' . UserSyear() . '\''));
if (User('PROFILE') == 'parent') {
$sql = DBQuery('SELECT l.PASSWORD FROM people p,login_authentication l WHERE l.USER_ID=\'' . User('STAFF_ID') . '\' AND l.USER_ID=p.STAFF_ID AND l.password=\'' . $pass_new_after . '\' AND l.PROFILE_ID=p.PROFILE_ID');
} else {
$sql = DBQuery('SELECT l.PASSWORD FROM staff s , staff_school_relationship ssr,login_authentication l where l.USER_ID=\'' . User('STAFF_ID') . '\' AND l.USER_ID=s.STAFF_ID AND l.password=\'' . $pass_new_after . '\' AND ssr.STAFF_ID=s.STAFF_ID AND ssr.SYEAR=\'' . UserSyear() . '\' AND l.PROFILE_ID=s.PROFILE_ID');
}
$number = mysql_num_rows($sql);
if ($pass_new != $pass_verify) {
$error = 'Your new passwords did not match.';
} elseif ($number > 0) {
echo '<font color = red><b>This password is alredy taken</b></font>';
} else {
if (User('PROFILE') == 'parent') {
$password_RET = DBGet(DBQuery('SELECT l.PASSWORD FROM people p,login_authentication l WHERE l.USER_ID=\'' . User('STAFF_ID') . '\' AND l.USER_ID=p.STAFF_ID AND l.PROFILE_ID=p.PROFILE_ID'));
DBQuery('INSERT INTO school_years (MARKING_PERIOD_ID,SYEAR,SCHOOL_ID,TITLE,SHORT_NAME,SORT_ORDER,START_DATE,END_DATE,POST_START_DATE,POST_END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS,ROLLOVER_ID) SELECT fn_marking_period_seq(),SYEAR,\'' . $id . '\' AS SCHOOL_ID,TITLE,SHORT_NAME,SORT_ORDER,START_DATE,END_DATE,POST_START_DATE,POST_END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS,MARKING_PERIOD_ID FROM school_years WHERE SYEAR=\'' . UserSyear() . '\' AND SCHOOL_ID=\'' . UserSchool() . '\' ORDER BY MARKING_PERIOD_ID');
DBQuery('INSERT INTO program_config(SCHOOL_ID,SYEAR,PROGRAM,TITLE,VALUE) VALUES(\'' . $id . '\',\'' . $new_sch_syear . '\',\'MissingAttendance\',\'LAST_UPDATE\',\'' . date('Y-m-d') . '\')');
DBQuery('INSERT INTO staff_school_relationship(staff_id,school_id,syear)VALUES(\'' . User('STAFF_ID') . '\',\'' . $id . '\',\'' . UserSyear() . '\')');
if (User('PROFILE_ID') != 0) {
$super_id = DBGet(DBQuery('SELECT STAFF_ID FROM staff WHERE PROFILE_ID=0 AND PROFILE=\'admin\''));
DBQuery('INSERT INTO staff_school_relationship(staff_id,school_id,syear) VALUES (' . $super_id[1]['STAFF_ID'] . ',' . $id . ',' . UserSyear() . ')');
}
foreach ($_REQUEST['tables'] as $table => $value) {
_rollover($table);
}
DBQuery("UPDATE school_years SET ROLLOVER_ID = NULL WHERE SCHOOL_ID='{$id}'");
}
echo '<FORM action=Modules.php?modname=' . strip_tags(trim($_REQUEST['modname'])) . ' method=POST>';
echo '<script language=JavaScript>parent.side.location="' . $_SESSION['Side_PHP_SELF'] . '?modcat="+parent.side.document.forms[0].modcat.value;</script>';
echo "<br><br>";
DrawHeaderHome('<IMG SRC=assets/check.gif> The data have been copied to a new school called "' . paramlib_validation($col = TITLE, $_REQUEST['title']) . '".To finish the operation, click OK button.', '<INPUT type=submit value=OK class="btn_medium">');
echo '<input type="hidden" name="copy" value="done"/>';
echo '</FORM>';
unset($_SESSION['_REQUEST_vars']['tables']);
unset($_SESSION['_REQUEST_vars']['delete_ok']);
}
}
function _rollover($table)
{
global $id;
switch ($table) {
case 'school_periods':
DBQuery('INSERT INTO school_periods (SYEAR,SCHOOL_ID,SORT_ORDER,TITLE,SHORT_NAME,LENGTH,START_TIME,END_TIME,IGNORE_SCHEDULING,ATTENDANCE) SELECT SYEAR,\'' . $id . '\' AS SCHOOL_ID,SORT_ORDER,TITLE,SHORT_NAME,LENGTH,START_TIME,END_TIME,IGNORE_SCHEDULING,ATTENDANCE FROM school_periods WHERE SYEAR=\'' . UserSyear() . '\' AND SCHOOL_ID=\'' . UserSchool() . '\'');
break;
case 'school_gradelevels':
$table_properties = db_properties($table);
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#***************************************************************************************
include '../../RedirectModulesInc.php';
DrawBC("School Setup >> " . ProgramTitle());
if (clean_param($_REQUEST['action'], PARAM_ALPHAMOD) == 'update' && clean_param($_REQUEST['button'], PARAM_ALPHAMOD) == 'Save' && (User('PROFILE') == 'parent' || User('PROFILE') == 'student')) {
$stu_PASS = DBGet(DBQuery('SELECT la.PASSWORD FROM login_authentication la, students s WHERE s.STUDENT_ID=\'' . UserStudentId() . '\' AND la.USER_ID=s.STUDENT_ID AND la.PROFILE_ID=3'));
$pass_old = $_REQUEST['old'];
if ($pass_old == "") {
$error[] = "Please Type The Password";
echo ErrorMessage($error, 'Error');
} else {
$column_name = PASSWORD;
$pass_old = paramlib_validation($column_name, $_REQUEST['old']);
$pass_new = paramlib_validation($column_name, $_REQUEST['new']);
$pass_retype = paramlib_validation($column_name, $_REQUEST['retype']);
$pass_old = str_replace("\\'", "''", md5($pass_old));
$pass_new = str_replace("\\'", "''", md5($pass_new));
$pass_retype = str_replace("\\'", "''", md5($pass_retype));
if ($stu_PASS[1]['PASSWORD'] == $pass_old) {
if ($pass_new == $pass_retype) {
$sql = 'UPDATE login_authentication SET PASSWORD=\'' . $pass_new . '\' WHERE USER_ID=\'' . UserStudentId() . '\' AND PROFILE_ID=3 ';
DBQuery($sql);
$note[] = "Password Sucessfully Changed";
echo ErrorMessage($note, 'note');
} else {
$error[] = "Please Retype Password";
echo ErrorMessage($error, 'Error');
}
} else {
$error[] = "Old password is incorrect";
//echo $sql;
DBQuery($sql);
}
unset($_REQUEST['modfunc']);
}
if (clean_param($_REQUEST['modfunc'], PARAM_ALPHA) == 'add') {
$flag = true;
if ($_REQUEST['subject_id'] == 0) {
echo "<font color='red'>" . "Please select a subject" . "</font>";
unset($_REQUEST['modfunc']);
} else {
if ($_REQUEST['course_id'] == 0) {
echo "<font color='red'>" . "Please select a course" . "</font>";
unset($_REQUEST['modfunc']);
} else {
$course_id = paramlib_validation($colmn = PERIOD_ID, $_REQUEST['course_id']);
$course_weight = substr($_REQUEST['course'], strpos($_REQUEST['course'], '-') + 1);
//$subject_id = DBGet(DBQuery("SELECT SUBJECT_ID FROM courses WHERE COURSE_ID='".$course_id."'"));
$subject_id = $_REQUEST['subject_id'];
$mp_id = DBGet(DBQuery('SELECT MARKING_PERIOD_ID FROM school_years WHERE SYEAR=\'' . UserSyear() . '\' AND SCHOOL_ID=\'' . UserSchool() . '\''));
$mp_id = UserMP();
$same_course_check = DBGet(DBQuery('SELECT COURSE_ID FROM schedule_requests WHERE STUDENT_ID=\'' . UserStudentID() . '\' AND SYEAR=\'' . UserSyear() . '\''));
foreach ($same_course_check as $key => $same_course) {
if ($same_course['COURSE_ID'] == $course_id) {
$flag = false;
}
}
if ($flag) {
DBQuery('INSERT INTO schedule_requests (SYEAR,SCHOOL_ID,STUDENT_ID,SUBJECT_ID,COURSE_ID,MARKING_PERIOD_ID) values(\'' . UserSyear() . '\',\'' . UserSchool() . '\',\'' . UserStudentID() . '\',\'' . $subject_id . '\',\'' . $course_id . '\',\'' . $mp_id . '\')');
} else {
echo "<font color='red'><b>" . "You have already requested for this course" . "</b></font>";
}
$go = true;
}
}
$sql .= '(' . substr($fields, 0, -1) . ') values(' . substr($values, 0, -1) . ')';
if ($go) {
DBQuery($sql);
}
}
echo '<SCRIPT language=javascript>opener.document.location = "Modules.php?modname=' . $_REQUEST['modname'] . '&year=' . $_REQUEST['year'] . '&month=' . MonthNWSwitch($_REQUEST['month'], 'tochar') . '"; window.close();</script>';
unset($_REQUEST['values']);
unset($_SESSION['_REQUEST_vars']['values']);
}
} elseif (clean_param($_REQUEST['button'], PARAM_ALPHAMOD) == 'Delete') {
if (DeletePrompt('event')) {
DBQuery("DELETE FROM CALENDAR_EVENTS WHERE ID='" . paramlib_validation($column = EVENT_ID, $_REQUEST[event_id]) . "'");
echo '<SCRIPT language=javascript>opener.document.location = "Modules.php?modname=' . $_REQUEST['modname'] . '&year=' . $_REQUEST['year'] . '&month=' . MonthNWSwitch($_REQUEST['month'], 'tochar') . '"; window.close();</script>';
unset($_REQUEST['values']);
unset($_SESSION['_REQUEST_vars']['values']);
unset($_REQUEST['button']);
unset($_SESSION['_REQUEST_vars']['button']);
}
} else {
if ($_REQUEST['event_id']) {
if ($_REQUEST['event_id'] != 'new') {
$RET = DBGet(DBQuery("SELECT TITLE,DESCRIPTION,DATE_FORMAT(SCHOOL_DATE,'%d-%b-%y') AS SCHOOL_DATE FROM CALENDAR_EVENTS WHERE ID='{$_REQUEST['event_id']}'"));
$title = $RET[1]['TITLE'];
} else {
$title = 'New Event';
$RET[1]['SCHOOL_DATE'] = $_REQUEST['school_date'];
}
} else {
$sql .= $column . '=\'' . str_replace("'", "''", str_replace("\\'", "''", trim($value))) . '\',';
}
}
$sql = substr($sql, 0, -1) . ' WHERE ID=\'' . UserSchool() . '\'';
if ($error != 1) {
DBQuery($sql);
}
echo '<script language=JavaScript>parent.side.location="' . $_SESSION['Side_PHP_SELF'] . '?modcat="+parent.side.document.forms[0].modcat.value;</script>';
$note[] = 'This school has been modified.';
$_REQUEST['modfunc'] = '';
} else {
$fields = $values = '';
foreach ($_REQUEST['values'] as $column => $value) {
if ($column != 'ID' && $value) {
$value = paramlib_validation($column, trim($value));
$fields .= ',' . $column;
$values .= ",\"" . str_replace("'", "''", str_replace("\\'", "''", trim($value))) . " \"";
}
}
if ($fields && $values) {
$id = DBGet(DBQuery('SHOW TABLE STATUS LIKE \'schools\''));
$id = $id[1]['AUTO_INCREMENT'];
$sql = 'INSERT INTO schools (SYEAR' . $fields . ') values(' . UserSyear() . '' . $values . ')';
DBQuery($sql);
DBQuery('INSERT INTO staff_school_relationship(staff_id,school_id,syear) VALUES (' . UserID() . ',' . $id . ',' . UserSyear() . ')');
if (User('PROFILE_ID') != 0) {
$super_id = DBGet(DBQuery('SELECT STAFF_ID FROM staff WHERE PROFILE_ID=0 AND PROFILE=\'admin\''));
DBQuery('INSERT INTO staff_school_relationship(staff_id,school_id,syear) VALUES (' . $super_id[1]['STAFF_ID'] . ',' . $id . ',' . UserSyear() . ')');
}
DBQuery('INSERT INTO school_years (MARKING_PERIOD_ID,SYEAR,SCHOOL_ID,TITLE,SHORT_NAME,SORT_ORDER,START_DATE,END_DATE,POST_START_DATE,POST_END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS,ROLLOVER_ID) SELECT fn_marking_period_seq(),SYEAR,\'' . $id . '\' AS SCHOOL_ID,TITLE,SHORT_NAME,SORT_ORDER,START_DATE,END_DATE,POST_START_DATE,POST_END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS,MARKING_PERIOD_ID FROM school_years WHERE SYEAR=\'' . UserSyear() . '\' AND SCHOOL_ID=\'' . UserSchool() . '\' ORDER BY MARKING_PERIOD_ID');
function SaveData($iu_extra, $fields_done = false, $field_names = false)
{
if (!$fields_done) {
$fields_done = array();
}
if (!$field_names) {
$field_names = array();
}
if ($_REQUEST['month_values']) {
foreach ($_REQUEST['month_values'] as $table => $values) {
foreach ($values as $id => $columns) {
foreach ($columns as $column => $value) {
if ($value == 'JAN') {
$value = '01';
}
if ($value == 'FEB') {
$value = '02';
}
if ($value == 'MAR') {
$value = '03';
}
if ($value == 'APR') {
$value = '04';
}
if ($value == 'MAY') {
$value = '05';
}
if ($value == 'JUN') {
$value = '06';
}
if ($value == 'JUL') {
$value = '07';
}
if ($value == 'AUG') {
$value = '08';
}
if ($value == 'SEP') {
$value = '09';
}
if ($value == 'OCT') {
$value = '10';
}
if ($value == 'NOV') {
$value = '11';
}
if ($value == 'DEC') {
$value = '12';
}
$_REQUEST['values'][$table][$id][$column] = $_REQUEST['year_values'][$table][$id][$column] . '-' . $value . '-' . $_REQUEST['day_values'][$table][$id][$column];
if ($_REQUEST['values'][$table][$id][$column] == '--') {
$_REQUEST['values'][$table][$id][$column] = '';
}
}
}
}
}
foreach ($_REQUEST['values'] as $table => $values) {
$table_properties = db_properties($table);
foreach ($values as $id => $columns) {
foreach ($columns as $column => $value) {
if ($table == 'student_enrollment') {
if ($column == 'START_DATE') {
$s_date = '1-' . $_REQUEST['month_values'][$table][$id][$column] . '-' . $_REQUEST['year_values'][$table][$id][$column];
$num_days = date('t', strtotime($s_date));
if ($num_days < $_REQUEST['day_values'][$table][$id][$column]) {
$error[] = '<font color=red>' . date('F', strtotime($s_date)) . ' has ' . $num_days . ' days</font>';
continue;
}
}
}
if ($field_names[$table][$column]) {
$name = 'The value for ' . $field_names[$table][$column];
} else {
$name = 'The value for ' . ucwords(strtolower(str_replace('_', ' ', $column)));
}
// COLUMN DOESN'T EXIST
if (!$table_properties[$column]) {
$error[] = 'There is no column for ' . $name . '. This value was not saved.';
continue;
}
// VALUE IS TOO LONG
if ($table_properties[$column]['TYPE'] == 'VARCHAR' && strlen($value) > $table_properties[$column]['SIZE']) {
$value = substr($value, 0, $table_properties[$column]['SIZE']);
$error[] = $name . ' was too long. It was truncated to fit in the field.';
}
// FIELD IS NUMERIC, VALUE CONTAINS NON-NUMERICAL CHARACTERS
if ($table_properties[$column]['TYPE'] == 'NUMERIC' && ereg('[^0-9-]', $value)) {
$value = ereg_replace('[^0-9]', '', $value);
$error[] = $name . ', a numerical field, contained non-numerical characters. These characaters were removed.';
}
// FIELD IS DATE, DATE IS WRONG
if ($table_properties[$column]['TYPE'] == 'DATE' && $value && !VerifyDate($value)) {
$error[] = $name . ', a date field, was not a valid date. This value could not be saved.';
continue;
}
if ($table_properties[$column]['TYPE'] == 'DATE' && $value) {
$value = date('Y-m-d', strtotime($value));
}
if ($id == 'new') {
if (trim($value)) {
$value = paramlib_validation($column, $value);
$ins_fields[$table] .= $column . ',';
if (stripos($_SERVER['SERVER_SOFTWARE'], 'linux')) {
$ins_values[$table] .= '\'' . str_replace("'", "''", $value) . ' \',';
} else {
$ins_values[$table] .= '\'' . str_replace("'", "''", $value) . ' \',';
}
$go = true;
}
} else {
if (strlen($value) > 0) {
$value = paramlib_validation($column, $value);
if (stripos($_SERVER['SERVER_SOFTWARE'], 'linux')) {
$values = $column . '=\'' . str_replace("'", "''", $value) . ' \',';
} else {
$values = $column . '=\'' . str_replace("'", "''", $value) . ' \',';
}
$sql[$table] .= str_replace('%u201D', "\"", $values);
if ($column == 'END_DATE' && $table == 'student_enrollment') {
DBQuery('UPDATE schedule SET END_DATE=\'' . $value . '\' WHERE STUDENT_ID=\'' . $_REQUEST['student_id'] . '\' AND SCHOOL_ID=\'' . UserSchool() . '\' AND SYEAR=\'' . UserSyear() . '\'');
}
} else {
$sql[$table] .= "{$column}=NULL,";
}
}
}
if ($id == 'new') {
$sql[$table] = 'INSERT INTO ' . $table . ' (' . $iu_extra['fields'][$table] . substr($ins_fields[$table], 0, -1) . ') values(' . $iu_extra['values'][$table] . substr($ins_values[$table], 0, -1) . ')';
} else {
$sql[$table] = 'UPDATE ' . $table . ' SET ' . substr($sql[$table], 0, -1) . ' WHERE ' . str_replace('__ID__', $id, $iu_extra[$table]);
if ($table == 'student_enrollment') {
$enrollment_record = DBGet(DBQuery("SELECT * FROM student_enrollment WHERE STUDENT_ID='{$_REQUEST['student_id']}' AND SYEAR='" . UserSyear() . "' AND SCHOOL_ID='" . UserSchool() . "'"));
$enrollment_record = $enrollment_record[1];
//
}
}
echo ErrorMessage($error);
if ($id != 'new' || $go == true) {
DBQuery($sql[$table]);
}
$error = $ins_fields = $ins_values = $sql = $go = '';
}
}
}
$go = true;
}
}
$sql .= '(' . substr($fields, 0, -1) . ') values(' . substr($values, 0, -1) . ')';
if ($go) {
DBQuery($sql);
}
}
echo '<SCRIPT language=javascript>opener.document.location = "Modules.php?modname=' . $_REQUEST['modname'] . '&year=' . $_REQUEST['year'] . '&month=' . MonthNWSwitch($_REQUEST['month'], 'tochar') . '"; window.close();</script>';
unset($_REQUEST['values']);
unset($_SESSION['_REQUEST_vars']['values']);
}
echo '<SCRIPT language=javascript> window.close();</script>';
} elseif (clean_param($_REQUEST['button'], PARAM_ALPHAMOD) == 'Delete') {
if (DeletePrompt('event', 'delete', 'y')) {
DBQuery("DELETE FROM calendar_events WHERE ID='" . paramlib_validation($column = EVENT_ID, $_REQUEST[event_id]) . "'");
echo '<SCRIPT language=javascript>opener.document.location = "Modules.php?modname=' . $_REQUEST['modname'] . '&year=' . $_REQUEST['year'] . '&month=' . MonthNWSwitch($_REQUEST['month'], 'tochar') . '"; window.close();</script>';
unset($_REQUEST['values']);
unset($_SESSION['_REQUEST_vars']['values']);
unset($_REQUEST['button']);
unset($_SESSION['_REQUEST_vars']['button']);
}
} else {
if ($_REQUEST['event_id']) {
if ($_REQUEST['event_id'] != 'new') {
$RET = DBGet(DBQuery("SELECT TITLE,DESCRIPTION,SCHOOL_DATE,CALENDAR_ID FROM calendar_events WHERE ID='{$_REQUEST['event_id']}'"));
$title = $RET[1]['TITLE'];
} else {
$title = 'New Event';
$RET[1]['SCHOOL_DATE'] = date('Y-m-d', strtotime($_REQUEST['school_date']));
$RET[1]['CALENDAR_ID'] = '';
$sql = substr($sql, 0, -1) . " WHERE ID='{$id}'";
//echo $sql.'<br>';
$sql = str_replace('&', "", $sql);
$sql = str_replace('"', "", $sql);
$sql = str_replace(''', "", $sql);
$sql = str_replace('<', "", $sql);
$sql = str_replace('>', "", $sql);
DBQuery($sql);
} else {
$sql = "INSERT INTO standard_grades ";
$fields = 'SCHOOL_ID,SYEAR,';
$values = "'" . UserSchool() . "','" . UserSyear() . "',";
$go = 0;
foreach ($columns as $column => $value) {
if (trim($value)) {
$value = trim(paramlib_validation($column, $value));
$fields .= $column . ',';
$values .= "'" . str_replace("\\'", "''", $value) . "',";
$go = true;
}
}
$sql .= '(' . substr($fields, 0, -1) . ') values(' . substr($values, 0, -1) . ')';
if ($go) {
DBQuery($sql);
}
}
}
}
unset($_REQUEST['modfunc']);
}
if (clean_param($_REQUEST['modfunc'], PARAM_ALPHAMOD) == 'remove') {
$sql = str_replace('<', "", $sql);
$sql = str_replace('>', "", $sql);
mysql_query($sql);
}
}
}
unset($_REQUEST['values']);
unset($_SESSION['_REQUEST_vars']['values']);
unset($_REQUEST['profiles']);
unset($_SESSION['_REQUEST_vars']['profiles']);
}
DrawBC("School Setup > " . ProgramTitle());
if (clean_param($_REQUEST['modfunc'], PARAM_ALPHAMOD) == 'remove' && AllowEdit()) {
if (DeletePrompt_Portal('message')) {
// echo paramlib_validation($column=SORT_ORDER,$_REQUEST[id]); exit;
DBQuery("DELETE FROM PORTAL_NOTES WHERE ID='" . paramlib_validation($column = SORT_ORDER, $_REQUEST[id]) . "'");
unset($_REQUEST['modfunc']);
}
}
if ($_REQUEST['modfunc'] != 'remove') {
$sql = "SELECT ID,SORT_ORDER,TITLE,CONTENT,START_DATE,END_DATE,PUBLISHED_PROFILES,CASE WHEN END_DATE IS NOT NULL AND END_DATE<CURRENT_DATE THEN 'Y' ELSE NULL END AS EXPIRED FROM PORTAL_NOTES WHERE SCHOOL_ID='" . UserSchool() . "' AND SYEAR='" . UserSyear() . "' ORDER BY EXPIRED DESC,SORT_ORDER,PUBLISHED_DATE DESC";
$QI = DBQuery($sql);
$notes_RET = DBGet($QI, array('TITLE' => '_makeTextInput', 'CONTENT' => '_makeContentInput', 'SORT_ORDER' => '_makeTextInput_rc1', 'START_DATE' => '_makePublishing'));
$columns = array('TITLE' => 'Title', 'CONTENT' => 'Note', 'SORT_ORDER' => 'Sort Order', 'START_DATE' => 'Publishing Options');
//,'START_TIME'=>'Start Time','END_TIME'=>'End Time'
$link['add']['html'] = array('TITLE' => _makeTextInput('', 'TITLE'), 'CONTENT' => _makeContentInput('', 'CONTENT'), 'SHORT_NAME' => _makeTextInput('', 'SHORT_NAME'), 'SORT_ORDER' => _makeTextInput_rc('', 'SORT_ORDER'), 'START_DATE' => _makePublishing('', 'START_DATE'));
$link['remove']['link'] = "Modules.php?modname={$_REQUEST['modname']}&modfunc=remove";
$link['remove']['variables'] = array('id' => 'ID');
echo "<FORM name=F2 id=F2 action=Modules.php?modname={$_REQUEST['modname']}&modfunc=update method=POST>";
#DrawHeader('',SubmitButton('Save'));
ListOutput($notes_RET, $columns, 'Note', 'Notes', $link);
$table = $parent_table;
}
}
}
unset($_SESSION['_REQUEST_vars']['modfunc']);
}
if (!$_REQUEST['modfunc']) {
if ($_REQUEST['marking_period_id'] != 'new') {
$delete_button = "<INPUT type=button class=btn_medium value=Delete onClick='load_link(\"Modules.php?modname={$_REQUEST['modname']}&modfunc=delete&mp_term={$_REQUEST['mp_term']}&year_id={$_REQUEST['year_id']}&semester_id={$_REQUEST['semester_id']}&quarter_id={$_REQUEST['quarter_id']}&marking_period_id={$_REQUEST['marking_period_id']}\")'>";
}
// ADDING & EDITING FORM
if ($_REQUEST['marking_period_id'] && $_REQUEST['marking_period_id'] != 'new') {
$sql = 'SELECT TITLE,SHORT_NAME,SORT_ORDER,DOES_GRADES,DOES_EXAM,DOES_COMMENTS,
START_DATE,END_DATE,POST_START_DATE,POST_END_DATE
FROM ' . $table . '
WHERE MARKING_PERIOD_ID=\'' . paramlib_validation($column = MARKING_PERIOD_ID, $_REQUEST[marking_period_id]) . '\'';
$QI = DBQuery($sql);
$RET = DBGet($QI);
$RET = $RET[1];
$title = $RET['TITLE'];
}
if (clean_param($_REQUEST['marking_period_id'], PARAM_ALPHANUM)) {
if ($err_msg) {
echo "<b style='color:red'>" . $err_msg . "</b>";
unset($err_msg);
}
echo "<FORM name=marking_period id=marking_period action=Modules.php?modname={$_REQUEST['modname']}&mp_term={$_REQUEST['mp_term']}&marking_period_id={$_REQUEST['marking_period_id']}&year_id={$_REQUEST['year_id']}&semester_id={$_REQUEST['semester_id']}&quarter_id={$_REQUEST['quarter_id']} method=POST>";
PopTable('header', $title);
$header .= '<TABLE cellspacing=0 cellpadding=3 border=0>';
$header .= '<TR><td class=lable >Title</td><TD>' . TextInput($RET['TITLE'], 'tables[' . $_REQUEST['marking_period_id'] . '][TITLE]', '', 'class=cell_floating') . '</TD></tr>';
$header .= '<TR><td class=lable>Short Name</td><TD>' . TextInput($RET['SHORT_NAME'], 'tables[' . $_REQUEST['marking_period_id'] . '][SHORT_NAME]', '', 'class=cell_floating') . '</TD></tr>';
unset($_REQUEST['values'][$field_name]);
}
}
}
if (count($_REQUEST['values']) && count($_REQUEST['student'])) {
if ($_REQUEST['values']['NEXT_SCHOOL'] != '') {
$next_school = $_REQUEST['values']['NEXT_SCHOOL'];
unset($_REQUEST['values']['NEXT_SCHOOL']);
}
if ($_REQUEST['values']['CALENDAR_ID']) {
$calendar = clean_param($_REQUEST['values']['CALENDAR_ID'], PARAM_INT);
unset($_REQUEST['values']['CALENDAR_ID']);
}
foreach ($_REQUEST['values'] as $field => $value) {
if (isset($value) && trim($value) != '') {
$value = paramlib_validation($field, $value);
$update .= ',' . $field . "='{$value}'";
$values_count++;
}
}
foreach ($_REQUEST['student'] as $student_id => $yes) {
if ($yes == 'Y') {
$students .= ",'{$student_id}'";
$students_count++;
}
}
if ($values_count && $students_count) {
DBQuery('UPDATE students SET ' . substr($update, 1) . ' WHERE STUDENT_ID IN (' . substr($students, 1) . ')');
} elseif ($note) {
$note = substr($note, 0, strpos($note, '. '));
} elseif ($next_school == '' && !$calendar) {
</style>';
echo "<div class=back_preference><a href=Modules.php?modname={$_REQUEST['modname']}><strong>«" . _('Back to System Preference') . "</strong>\n</a></div><br/>";
}
if (clean_param($_REQUEST['page_display'], PARAM_ALPHAMOD) == 'system_preference') {
if (clean_param($_REQUEST['action'], PARAM_ALPHAMOD) == 'update' && clean_param($_REQUEST['button'], PARAM_ALPHAMOD) == _('Save') && clean_param($_REQUEST['values'], PARAM_NOTAGS) && $_POST['values'] && User('PROFILE') == 'admin') {
$sql = 'UPDATE system_preference SET ';
foreach ($_REQUEST['values'] as $column => $value) {
$value = paramlib_validation($column, $value);
$sql .= $column . '=\'' . str_replace("\\'", "''", $value) . '\',';
}
$sql = substr($sql, 0, -1) . ' WHERE SCHOOL_ID=\'' . UserSchool() . '\'';
DBQuery($sql);
} elseif (clean_param($_REQUEST['action'], PARAM_ALPHAMOD) == 'insert' && clean_param($_REQUEST['button'], PARAM_ALPHAMOD) == 'Save' && clean_param($_REQUEST['values'], PARAM_NOTAGS) && $_POST['values'] && User('PROFILE') == 'admin') {
$sql = 'INSERT INTO system_preference SET ';
foreach ($_REQUEST['values'] as $column => $value) {
$value = paramlib_validation($column, $value);
$sql .= $column . '=\'' . str_replace("\\'", "''", $value) . '\',';
}
$sql = substr($sql, 0, -1) . ',school_id=\'' . UserSchool() . '\'';
DBQuery($sql);
}
$sys_pref = DBGet(DBQuery('SELECT * FROM system_preference WHERE SCHOOL_ID=' . UserSchool()));
$sys_pref = $sys_pref[1];
PopTable('header', _('Half-day and full-day minutes'));
if ($sys_pref == '') {
echo "<FORM name=sys_pref id=sys_pref action=Modules.php?modname={$_REQUEST['modname']}&action=insert&page_display=system_preference method=POST>";
} else {
echo "<FORM name=sys_pref id=sys_pref action=Modules.php?modname={$_REQUEST['modname']}&action=update&page_display=system_preference method=POST>";
}
echo "<table width=300px><tr><td><table border=0 cellpadding=4 align=center>";
echo "<tr><td><strong>" . _('Full day minutes') . " :</strong> </td><td>" . TextInput($sys_pref['FULL_DAY_MINUTE'], 'values[FULL_DAY_MINUTE]', '', 'class=cell_floating size=5') . "</td></tr><tr><td><strong>" . _('Half day minutes') . " :</strong></td><td>" . TextInput($sys_pref['HALF_DAY_MINUTE'], 'values[HALF_DAY_MINUTE]', '', 'class=cell_floating size=5') . "</td></tr>";
}
DBQuery("DELETE FROM {$table} WHERE MARKING_PERIOD_ID='" . paramlib_validation($column = MARKING_PERIOD_ID, $_REQUEST[marking_period_id]) . "'");
unset($_REQUEST['modfunc']);
$_REQUEST['mp_term'] = $parent_term;
$_REQUEST['marking_period_id'] = $parent_id;
}
}
unset($_SESSION['_REQUEST_vars']['modfunc']);
}
if (!$_REQUEST['modfunc']) {
if ($_REQUEST['marking_period_id'] != 'new') {
$delete_button = "<INPUT type=button class=btn_medium value=Delete onClick='javascript:window.location=\"Modules.php?modname={$_REQUEST['modname']}&modfunc=delete&mp_term={$_REQUEST['mp_term']}&year_id={$_REQUEST['year_id']}&semester_id={$_REQUEST['semester_id']}&quarter_id={$_REQUEST['quarter_id']}&marking_period_id={$_REQUEST['marking_period_id']}\"'>";
}
// ADDING & EDITING FORM
if ($_REQUEST['marking_period_id'] && $_REQUEST['marking_period_id'] != 'new') {
$sql = "SELECT TITLE,SHORT_NAME,SORT_ORDER,DOES_GRADES,DOES_EXAM,DOES_COMMENTS,\r\n\t\t\t\t\t\tSTART_DATE,END_DATE,POST_START_DATE,POST_END_DATE\r\n\t\t\t\tFROM {$table}\r\n\t\t\t\tWHERE MARKING_PERIOD_ID='" . paramlib_validation($column = MARKING_PERIOD_ID, $_REQUEST[marking_period_id]) . "'";
$QI = DBQuery($sql);
$RET = DBGet($QI);
$RET = $RET[1];
$title = $RET['TITLE'];
}
if (clean_param($_REQUEST['marking_period_id'], PARAM_ALPHANUM)) {
echo "<FORM name=marking_period id=marking_period action=Modules.php?modname={$_REQUEST['modname']}&mp_term={$_REQUEST['mp_term']}&marking_period_id={$_REQUEST['marking_period_id']}&year_id={$_REQUEST['year_id']}&semester_id={$_REQUEST['semester_id']}&quarter_id={$_REQUEST['quarter_id']} method=POST>";
PopTable('header', $title);
$header .= '<TABLE cellspacing=0 cellpadding=3 border=0>';
$header .= '<TR><td class=lable >Title</td><TD>' . TextInput($RET['TITLE'], 'tables[' . $_REQUEST['marking_period_id'] . '][TITLE]', '', 'class=cell_floating') . '</TD></tr>';
$header .= '<TR><td class=lable>Short Name</td><TD>' . TextInput($RET['SHORT_NAME'], 'tables[' . $_REQUEST['marking_period_id'] . '][SHORT_NAME]', '', 'class=cell_floating') . '</TD></tr>';
if (clean_param($_REQUEST['marking_period_id'], PARAM_ALPHANUM) == 'new') {
$header .= '<TR><td class=lable>Sort Order</td><TD>' . TextInput($RET['SORT_ORDER'], 'tables[' . $_REQUEST['marking_period_id'] . '][SORT_ORDER]', '', 'class=cell_small onKeyDown="return numberOnly(event);"') . '</TD></tr>';
} else {
$header .= '<TR><td class=lable>Sort Order</td><TD>' . TextInput($RET['SORT_ORDER'], 'tables[' . $_REQUEST['marking_period_id'] . '][SORT_ORDER]', '', 'class=cell_small onKeyDown=\\"return numberOnly(event);\\"') . '</TD></tr>';