/**
  * Initializes the database link $_db with its variables
  *
  * Creates a new mysqli object and stores that database link for use in the
  * other static methods of the class.
  *
  * @param string $db_URL      the string of the database's URL to connect to
  * @param string $db_username the string of the database username
  * @param string $db_password the string of the database password
  * @param string $db_name     the string of the database name to connect to
  * @param string $db_salt     the string of the salt used for encryption
  *
  * @return void
  * @throws die kills the page if we cannot connect. Why bother continuing?
  *
  * @access public
  * @static
  */
 public static function initialize($db_URL, $db_username, $db_password, $db_name, $db_salt)
 {
     self::$_db = new mysqli($db_URL, $db_username, $db_password, $db_name);
     if (self::$_db->connect_errno > 0) {
         die('Unable to connect to database [' . self::$_db->connect_error . ']');
     }
     self::$_salt = $db_salt;
 }
Example #2
0
<?php

require 'settings.ini';
require 'CourseRoadDB.php';
if (!__DEV__) {
    error_reporting(0);
}
CourseRoadDB::initialize($db_URL, $db_username, $db_password, $db_name, $db_salt);
unset($db_URL, $db_username, $db_password, $db_name, $db_salt);
session_start();
Example #3
0
if (isset($_POST['deleteRoad'])) {
    requireCSRF();
    requirePostDataFields('hash');
    $hash = $_POST['hash'];
    if (!$loggedin) {
        dieJSON(array('error' => true, 'errorDesc' => 'Not logged in', 'hash' => $oldhash));
    }
    if ($athena !== hashOwner($hash) && $hash !== 'null') {
        dieJSON(array('error' => true, 'errorDesc' => 'Bad owner or hash', 'hash' => $oldhash));
    }
    if ($hash !== 'null') {
        CourseRoadDB::deleteRoad($hash, $athena);
    }
    dieJSON(array('success' => true, 'hash' => $hash));
}
// When the user saves changes to their user prefs, we update their prefs if
// they're logged in and redisplay the userprefs HTML.
if (isset($_POST['viewUserSettings'])) {
    requireCSRF();
    $_SESSION['user']['class_year'] = intval($_POST['class_year']);
    $_SESSION['user']['view_req_lines'] = $_POST['toggle_view_req_lines'] === '1' ? 1 : 0;
    $_SESSION['user']['autocomplete'] = $_POST['toggle_autocomplete'] === '1' ? 1 : 0;
    $_SESSION['user']['edited'] = $loggedin ? 0 : 1;
    if ($loggedin) {
        CourseRoadDB::updateUserPrefs($athena, $_SESSION['user']);
    }
    dieJSON(array('success' => true, 'html' => makeUserSettingsHTML()));
}
if (__DEV__ && isset($_GET['dev'])) {
    dieJSON(array('debug' => true, '$_POST' => @$_POST, '$_SESSION' => @$_SESSION, '$_SERVER' => @$_SERVER));
}
Example #4
0
}
// The cert is valid and the user is trying to log in, so extract their athena
$athena = strstr($_SERVER['SSL_CLIENT_S_DN_Email'], '@', true);
// Assert the existence of the user session prefs
if (!isset($_SESSION['user'])) {
    $_SESSION['user'] = getDefaultUserPrefs();
}
// Try to determine the user's class year from LDAP data
if (!CourseRoadDB::userExists($athena)) {
    $ldap_data = fetchDataFromLDAP($athena);
    $cur_year = @$ldap_data['mitDirStudentYear'] ?: 1;
    $_SESSION['user']['class_year'] = getCurrentAcademicYear() + 4 - $cur_year;
    $_SESSION['user']['edited'] = true;
}
// Create a row for the user (default values are chosen for class_year et al)
CourseRoadDB::addUser($athena);
if ($_SESSION['user']['edited']) {
    CourseRoadDB::updateUserPrefs($athena, $_SESSION['user']);
}
// We've attempted auth
$_SESSION['triedcert'] = true;
$_SESSION['athena'] = $athena;
$_SESSION['saveas'] = $_SESSION['crhash'] . '';
// If we're also trying to Save with Log In, then update the hash and copy
// the old row.
if (isset($_SESSION['trycert'])) {
    $_SESSION['trycert'] = false;
    $_SESSION['saveas'] = defaultOwnedHashName($_SESSION['athena']);
    CourseRoadDB::copyRoad($_SESSION['crhash'], $_SESSION['saveas'], $athena);
}
redirectHash($_SESSION['saveas']);
Example #5
0
 * By: Danny Ben-David (dannybd@mit.edu)
 */
require 'functions.php';
// Beginnings of an external API hook. From a comma-separated list of classes,
// a year value and a term, this will drop a set of classes into CourseRoad, to
// be saved by the user.
if (isset($_GET['addclasses'])) {
    if (!isset($_GET['year'])) {
        $_GET['year'] = false;
    }
    if (!isset($_GET['term'])) {
        $_GET['term'] = 1;
    }
    // SESSION.add_new_term holds onto the new term's data
    $_SESSION['add_new_term'] = array('year' => $_GET['year'], 'term' => $_GET['term'], 'classes' => explode(',', $_GET['addclasses']));
    if (!(isset($_GET['hash']) && CourseRoadDB::hashExists($_GET['hash']))) {
        $_GET['hash'] = '';
    }
}
// Record failed login attempts (when user denies login after pressing Login)
if (isset($_GET['triedlogin'])) {
    $_SESSION['triedcert'] = true;
    redirectHash($_SESSION['crhash']);
}
// A visible "?hash=" in the URL is unwanted, so we redirect to remove it,
// but first store the hash to make loading faster.
if (isset($_GET['hash'])) {
    redirectHash(urldecode($_GET['hash']));
}
// Store that we've been to index.php.
$_SESSION['wenttoindex'] = true;
Example #6
0
function importUserPrefs($athena)
{
    // If logged in, repopulate the user prefs with their real values.
    $userprefs = CourseRoadDB::getUserPrefs($athena);
    foreach ($userprefs as $pref_key => $pref_value) {
        $_SESSION['user'][$pref_key] = $pref_value;
    }
}
Example #7
0
<?php

error_reporting(E_ALL);
header("Content-type: text/javascript;");
if (isset($_GET['date'])) {
    die(date("d-M-Y", time() - 10 * 86400));
}
require 'connect.php';
if (!__DEV__) {
    header('Location: ./index.php');
    die;
}
// DEV ONLY
$db = CourseRoadDB::getDB();
$filename = '../../../cron_scripts/output.html';
$file = file_get_contents($filename);
if (isset($_GET['verbose'])) {
    echo preg_replace("/\\s*[\r\n]\\s*/", '', $file);
}
$test_mode = isset($_GET['test']);
if ($test_mode) {
    echo "Running in TEST mode:\n\n";
}
preg_match_all("/<td[^>]*>\n(.*?)\n<\\/td>/s", $file, $matches);
$matches = $matches[1];
if (!count($matches)) {
    file_put_contents($filename, '');
    die("No matches/changes\n");
}
$headers = explode(',', 'Academic Year,Subject Id,Subject Code,Subject Number,Source Subject Id,' . 'Print Subject Id,Is Printed In Bulletin,Department Code,Department Name,' . 'Effective Term Code,Subject Short Title,Subject Title,Is Variable Units,' . 'Lecture Units,Lab Units,Preparation Units,Total Units,Design Units,' . 'Grade Type,Grade Type Desc,Grade Rule,Grade Rule Desc,Hgn Code,Hgn Desc,' . 'Hgn Except,Gir Attribute,Gir Attribute Desc,Comm Req Attribute,' . 'Comm Req Attribute Desc,Tuition Attribute,Tuition Attribute Desc,' . 'Write Req Attribute,Write Req Attribute Desc,Supervisor Attribute,' . 'Supervisor Attribute Desc,Prerequisites,Subject Description,' . 'Joint Subjects,School Wide Electives,Meets With Subjects,' . 'Equivalent Subjects,Is Offered This Year,Is Offered Fall Term,' . 'Is Offered Iap,Is Offered Spring Term,Is Offered Summer Term,' . 'Fall Instructors,Spring Instructors,Status Change,Last Activity Date,' . 'Warehouse Load Date,Master Subject Id,Hass Attribute,Hass Attribute Desc,' . 'Term Duration,Global Regions,Global Countries,On Line Page Number');
foreach ($headers as &$header) {