function AllowUse($modname = false)
{
global $_openSIS;
if (!$modname) {
$modname = $_REQUEST['modname'];
}
if ($modname == 'Students/Student.php' && $_REQUEST['category_id']) {
$modname = $modname . '&category_id=' . $_REQUEST['category_id'];
}
if (!$_openSIS['AllowUse']) {
if (User('PROFILE_ID') != '') {
$_openSIS['AllowUse'] = DBGet(DBQuery("SELECT MODNAME FROM PROFILE_EXCEPTIONS WHERE PROFILE_ID='" . User('PROFILE_ID') . "' AND CAN_USE='Y'"), array(), array('MODNAME'));
} else {
$_openSIS['AllowUse'] = DBGet(DBQuery("SELECT MODNAME FROM STAFF_EXCEPTIONS WHERE USER_ID='" . User('STAFF_ID') . "' AND CAN_USE='Y'"), array(), array('MODNAME'));
}
}
if (!$_openSIS['AllowUse']) {
$_openSIS['AllowUse'] = array(true);
}
if (count($_openSIS['AllowUse'][$modname])) {
return true;
} else {
return false;
}
}
/**
* @param \yii\authclient\ClientInterface $Client
* @return bool
* @throws \yii\base\InvalidConfigException
*/
public function save(\yii\authclient\ClientInterface $Client)
{
/** @var Account\backend\Module $Module */
$Module = \Yii::$app->getModule($this->accountModule);
$roles = $Module->roles;
/** @var AccountModel $Account */
$Account = \Yii::createObject(AccountModel::class);
$Account->appendClientAttributes($Client);
$Account->setAttributes(['email' => $this->email]);
$Account->validate() && $Account->save();
$AuthResponse = AccountAuthResponseModel::createLog($Client);
if ($Account->hasErrors()) {
$AuthResponse->result = Json::encode($Account->getErrors());
} else {
$AuthResponse->result = (string) $Account->id;
$Account->pushSocialLink($Client);
AuthManager()->assign(RbacFactory::Role($roles['user']), $Account->id);
$SignInFormModel = \Yii::createObject(SignInForm::class);
User()->login($Account, $SignInFormModel::REMEMBER_TIME);
}
$AuthResponse->validate() && $AuthResponse->save();
if ($Account->hasErrors()) {
$this->populateErrors($Account, 'name');
}
return !$Account->hasErrors();
}
function AllowUse($modname = false)
{
global $_openSIS;
if (!$modname) {
$modname = $_REQUEST['modname'];
}
if ($modname == 'Students/Student.php' && $_REQUEST['category_id']) {
$modname = $modname . '&category_id=' . $_REQUEST['category_id'];
}
if (!$_openSIS['AllowUse']) {
if (User('PROFILE_ID') != '') {
$_openSIS['AllowUse'] = DBGet(DBQuery('SELECT MODNAME FROM profile_exceptions WHERE PROFILE_ID=\'' . User('PROFILE_ID') . '\' AND CAN_USE=\'Y\''), array(), array('MODNAME'));
} else {
$_openSIS['AllowUse'] = DBGet(DBQuery('SELECT MODNAME FROM staff_exceptions WHERE USER_ID=\'' . User('STAFF_ID') . '\' AND CAN_USE=\'Y\''), array(), array('MODNAME'));
}
}
if (!$_openSIS['AllowUse']) {
$_openSIS['AllowUse'] = array(true);
}
if (count($_openSIS['AllowUse'][$modname])) {
return true;
} else {
return false;
}
}
public static function get_pages($lang = NULL)
{
if ($lang == NULL) {
$lang = Settings::get_lang('current');
}
self::$ci->load->model('page_model');
$pages = self::$ci->page_model->get_lang_list(NULL, $lang);
// Should never be displayed : no pages are set.
if (empty($pages)) {
show_error('Internal error : <b>No pages found.</b><br/>Solution: <b>Create at least one online page.</b>', 500);
exit;
}
/* Spread authorizations from parents pages to chidrens.
* This adds the group ID to the childrens pages of a protected page
* If you don't want this, just uncomment this line.
*/
// self::$ci->page_model->spread_authorizations($pages);
// Filter pages regarding the authorizations
if (User()->get('role_level') < 1000) {
$pages = array_values(array_filter($pages, array(__CLASS__, '_filter_pages_authorization')));
}
// Set all abolute URLs one time, for perf.
self::init_absolute_urls($pages, $lang);
return $pages;
}
function core_user_update_users_object()
{
//first, gather the necessary variables
global $_REQUEST;
//gather the Moodle user ID
if (User('PROFILE') == 'student') {
$rosario_id = UserStudentID();
$moodle_id = DBGet(DBQuery("SELECT moodle_id FROM moodlexrosario WHERE rosario_id='" . $rosario_id . "' AND \"column\"='student_id'"));
} else {
$rosario_id = User('STAFF_ID');
$moodle_id = DBGet(DBQuery("SELECT moodle_id FROM moodlexrosario WHERE rosario_id='" . $rosario_id . "' AND \"column\"='staff_id'"));
}
if (count($moodle_id)) {
$moodle_id = (double) $moodle_id[1]['MOODLE_ID'];
} else {
return '';
}
//then, convert variables for the Moodle object:
/*
list of (
object {
id double //ID of the user
password string Optional //Plain text password consisting of any characters
//note Francois: the password must respect the Moodle policy: 8 chars min., 1 number, 1 min, 1 maj and 1 non-alphanum at least.
}
)
*/
$password = $_REQUEST['values']['new'];
$users = array(array('id' => $moodle_id, 'password' => $password));
return array($users);
}
public function getIslove()
{
$category_id = $this->id;
$user_id = User()->id;
$record = ManyCategoryUser::model()->findByAttributes(array('category_id' => $category_id, 'user_id' => $user_id));
return $record === null ? false : true;
}
function GetStaffList(&$extra)
{
global $profiles_RET;
$functions = array('PROFILE' => 'makeProfile');
switch (User('PROFILE')) {
case 'admin':
$profiles_RET = DBGet(DBQuery("SELECT * FROM USER_PROFILES"), array(), array('ID'));
$sql = "SELECT CONCAT(\n\t\t\t\t\tCOALESCE(s.LAST_NAME,' '),', ',COALESCE(s.FIRST_NAME,' '),' ',COALESCE(s.MIDDLE_NAME,' ')) AS FULL_NAME,\n\t\t\t\t\ts.PROFILE,s.PROFILE_ID,s.STAFF_ID,s.SCHOOLS " . $extra['SELECT'] . "\n\t\t\t\tFROM\n\t\t\t\t\tSTAFF s " . $extra['FROM'] . "\n\t\t\t\tWHERE\n\t\t\t\t\ts.SYEAR='" . UserSyear() . "'";
if ($_REQUEST['_search_all_schools'] != 'Y') {
$sql .= " AND (s.SCHOOLS LIKE '%," . UserSchool() . ",%' OR s.SCHOOLS IS NULL OR s.SCHOOLS='') ";
}
if ($_REQUEST['username']) {
$sql .= "AND UPPER(s.USERNAME) LIKE '" . strtoupper($_REQUEST['username']) . "%' ";
}
if ($_REQUEST['last']) {
$sql .= "AND UPPER(s.LAST_NAME) LIKE '" . strtoupper($_REQUEST['last']) . "%' ";
}
if ($_REQUEST['first']) {
$sql .= "AND UPPER(s.FIRST_NAME) LIKE '" . strtoupper($_REQUEST['first']) . "%' ";
}
if ($_REQUEST['profile']) {
$sql .= "AND s.PROFILE='" . $_REQUEST['profile'] . "' ";
}
$sql .= $extra['WHERE'] . ' ';
$sql .= "ORDER BY FULL_NAME";
if ($extra['functions']) {
$functions += $extra['functions'];
}
return DBGet(DBQuery($sql), $functions);
break;
}
}
function user_news_comments()
{
global $user;
$html = '<div class="col-md-12"><h1>' . user_news_comments_title() . '</h1>';
if (isset($_REQUEST["nid"]) && preg_match("/^[0-9]{1,}\$/", $_REQUEST['nid']) && sql_num_query("SELECT * FROM `News` WHERE `ID`='" . sql_escape($_REQUEST['nid']) . "' LIMIT 1") > 0) {
$nid = $_REQUEST["nid"];
list($news) = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($nid) . "' LIMIT 1");
if (isset($_REQUEST["text"])) {
$text = preg_replace("/([^\\p{L}\\p{P}\\p{Z}\\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
sql_query("INSERT INTO `NewsComments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')");
engelsystem_log("Created news_comment: " . $text);
$html .= success(_("Entry saved."), true);
}
$html .= display_news($news);
$comments = sql_select("SELECT * FROM `NewsComments` WHERE `Refid`='" . sql_escape($nid) . "' ORDER BY 'ID'");
foreach ($comments as $comment) {
$user_source = User($comment['UID']);
if ($user_source === false) {
engelsystem_error(_("Unable to load user."));
}
$html .= '<div class="panel panel-default">';
$html .= '<div class="panel-body">' . nl2br($comment['Text']) . '</div>';
$html .= '<div class="panel-footer text-muted">';
$html .= '<span class="glyphicon glyphicon-time"></span> ' . $comment['Datum'] . ' ';
$html .= User_Nick_render($user_source);
$html .= '</div>';
$html .= '</div>';
}
$html .= '<hr /><h2>' . _("New Comment:") . '</h2>';
$html .= form(array(form_textarea('text', _("Message"), ''), form_submit('submit', _("Save"))), page_link_to('news_comments') . '&nid=' . $news['ID']);
} else {
$html .= _("Invalid request.");
}
return $html . '</div>';
}
function HackingLog()
{
echo "You're not allowed to use this program! This attempted violation has been logged and your IP address was captured.";
Warehouse('footer');
if ($_SERVER['HTTP_X_FORWARDED_FOR']) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
if ($openSISNotifyAddress) {
mail($openSISNotifyAddress, 'HACKING ATTEMPT', "INSERT INTO HACKING_LOG (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('{$_SERVER['SERVER_NAME']}','{$ip}','" . date('Y-m-d') . "','{$openSISVersion}','{$_SERVER['PHP_SELF']}','{$_SERVER['DOCUMENT_ROOT']}','{$_SERVER['SCRIPT_NAME']}','{$_REQUEST['modname']}','" . User('USERNAME') . "')");
}
/*if($openSISNotifyAddress)
mail($openSISNotifyAddress,'HACKING ATTEMPT',"INSERT INTO HACKING_LOG (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('$_SERVER[SERVER_NAME]','$_SERVER[REMOTE_ADDR]','".date('Y-m-d')."','$openSISVersion','$_SERVER[PHP_SELF]','$_SERVER[DOCUMENT_ROOT]','$_SERVER[SCRIPT_NAME]','$_REQUEST[modname]','".User('USERNAME')."')");*/
if (false && function_exists('mysql_query')) {
if ($_SERVER['HTTP_X_FORWARDED_FOR']) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
$link = @mysql_connect('os4ed.com', 'openSIS_log', 'openSIS_log');
@mysql_select_db('openSIS_log');
@mysql_query("INSERT INTO HACKING_LOG (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('{$_SERVER['SERVER_NAME']}','{$ip}','" . date('Y-m-d') . "','{$openSISVersion}','{$_SERVER['PHP_SELF']}','{$_SERVER['DOCUMENT_ROOT']}','{$_SERVER['SCRIPT_NAME']}','{$_REQUEST['modname']}','" . User('USERNAME') . "')");
@mysql_close($link);
/*$link = @mysql_connect('os4ed.com','openSIS_log','openSIS_log');
@mysql_select_db('openSIS_log');
@mysql_query("INSERT INTO HACKING_LOG (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('$_SERVER[SERVER_NAME]','$_SERVER[REMOTE_ADDR]','".date('Y-m-d')."','$openSISVersion','$_SERVER[PHP_SELF]','$_SERVER[DOCUMENT_ROOT]','$_SERVER[SCRIPT_NAME]','$_REQUEST[modname]','".User('USERNAME')."')");
@mysql_close($link);*/
}
}
function PortalPollsDisplay($value, $name)
{
global $THIS_RET;
static $js_included = false;
$poll_id = $THIS_RET['ID'];
//get poll:
$poll_RET = DBGet(DBQuery("SELECT EXCLUDED_USERS, VOTES_NUMBER, DISPLAY_VOTES FROM PORTAL_POLLS WHERE ID='" . $poll_id . "'"));
$poll_questions_RET = DBGet(DBQuery("SELECT ID, QUESTION, OPTIONS, TYPE, VOTES FROM PORTAL_POLL_QUESTIONS WHERE PORTAL_POLL_ID='" . $poll_id . "' ORDER BY ID"));
if (!$poll_RET || !$poll_questions_RET) {
return ErrorMessage(array('Poll does not exist'));
}
//should never be displayed, so do not translate
//verify if user is in excluded users list (format = '|[profile_id]:[user_id]')
$profile_id = User('PROFILE_ID');
if ($profile_id != 0) {
//modif Francois: call right Student/Staff ID
$user_id = UserStaffID();
} else {
$user_id = UserStudentID();
}
$excluded_user = '******' . $profile_id . ':' . $user_id;
if (mb_strpos($poll_RET[1]['EXCLUDED_USERS'], $excluded_user) !== false) {
return PortalPollsVotesDisplay($poll_id, $poll_RET[1]['DISPLAY_VOTES'], $poll_questions_RET, $poll_RET[1]['VOTES_NUMBER']);
}
//user already voted, display votes
$PollForm = '';
if (!$js_included) {
$PollForm .= includeOnceJquery();
$PollForm .= '<script type="text/javascript" src="assets/js/jquery.form.js"></script>';
$PollForm .= '<script type="text/javascript">
$(document).ready(function() {
$(\'.formPortalPoll\').ajaxForm({ //send the votes in AJAX
success: function(data,status,xhr,form) {
$(form).parent().html(data);
}
});
});
</script>';
$js_included = true;
}
$PollForm .= '<div id="divPortalPoll' . $poll_id . '" style="max-height:350px; overflow-y:auto;"><form method="POST" class="formPortalPoll" action="ProgramFunctions/PortalPolls.fnc.php"><input type="hidden" name="profile_id" value="' . $profile_id . '" /><input type="hidden" name="user_id" value="' . $user_id . '" /><input type="hidden" name="total_votes_string" value="' . _('Total Participants') . '" /><input type="hidden" name="poll_completed_string" value="' . _('Poll completed') . '" /><TABLE class="width-100p cellspacing-0">';
foreach ($poll_questions_RET as $question) {
$PollForm .= '<TR><TD><b>' . $question['QUESTION'] . '</b></TD><TD><TABLE class="width-100p cellspacing-0">';
$options_array = explode('<br />', nl2br($question['OPTIONS']));
$checked = true;
foreach ($options_array as $option_nb => $option_label) {
if ($question['TYPE'] == 'multiple_radio') {
$PollForm .= '<TR><TD><label><input type="radio" name="votes[' . $poll_id . '][' . $question['ID'] . ']" value="' . $option_nb . '" ' . ($checked ? 'checked' : '') . ' /> ' . $option_label . '</label></TD></TR>' . "\n";
} else {
//multiple
$PollForm .= '<TR><TD><label><input type="checkbox" name="votes[' . $poll_id . '][' . $question['ID'] . '][]" value="' . $option_nb . '" /> ' . $option_label . '</label></TD></TR>' . "\n";
}
$checked = false;
}
$PollForm .= '</TABLE></TD></TR>';
}
$PollForm .= '</TD></TR></TABLE><P><input type="submit" value="' . _('Submit') . '" /></P></form></div>';
return $PollForm;
}
function UserStudentID()
{
if (User('PROFILE') == 'student') {
return $_SESSION['STUDENT_ID'];
} else {
return $_SESSION['student_id'];
}
}
/**
* Constructor
*
*/
public function __construct()
{
parent::__construct();
// Models
$this->load->model(array('role_model', 'resource_model', 'rule_model', 'user_model'), '', TRUE);
// Current connected user level
$this->current_role = User()->get_role();
}
public function isAccept()
{
$r = false;
$record = ManyAttackAccept::model()->findByAttributes(array('attack_id' => User()->id, 'accept_id' => $this->id));
if ($record != null) {
$r = true;
}
return $r;
}
function Developer($name, $title, $skills)
{
$user = User($name, $title);
if (!is_array($skills)) {
$skills = array($skills);
}
$user['skills'] = $skills;
return $user;
return $user;
}
public function actionLove()
{
$record = ManyCategoryUser::model()->deleteAll(array('user_id' => User()->id));
$nodes = $_POST['nodes'];
foreach ($nodes as $node) {
$rel = new ManyCategoryUser();
$rel->category_id = $node;
$rel->user_id = User()->id;
$rel->save();
}
$this->redirect(rurl());
}
function getCSS()
{
$css = 'Blue';
if (User('STAFF_ID')) {
$sql = "select value from PROGRAM_USER_CONFIG where title='THEME' and user_id=" . User('STAFF_ID');
$data = DBGet(DBQuery($sql));
if (count($data[1])) {
$css = $data[1]['VALUE'];
}
}
return $css;
}
function _makeLetterGrade($percent, $course_period_id = 0, $staff_id = 0, $ret = 'TITLE')
{
global $programconfig, $_ROSARIO;
if (!$course_period_id) {
$course_period_id = UserCoursePeriod();
}
if (!$staff_id) {
$staff_id = User('STAFF_ID');
}
if (!$programconfig[$staff_id]) {
$config_RET = DBGet(DBQuery("SELECT TITLE,VALUE FROM PROGRAM_USER_CONFIG WHERE USER_ID='" . $staff_id . "' AND PROGRAM='Gradebook'"), array(), array('TITLE'));
if (count($config_RET)) {
foreach ($config_RET as $title => $value) {
$programconfig[$staff_id][$title] = $value[1]['VALUE'];
}
} else {
$programconfig[$staff_id] = true;
}
}
if (!$_ROSARIO['_makeLetterGrade']['courses'][$course_period_id]) {
$_ROSARIO['_makeLetterGrade']['courses'][$course_period_id] = DBGet(DBQuery("SELECT DOES_BREAKOFF,GRADE_SCALE_ID FROM COURSE_PERIODS WHERE COURSE_PERIOD_ID='" . $course_period_id . "'"));
}
$does_breakoff = $_ROSARIO['_makeLetterGrade']['courses'][$course_period_id][1]['DOES_BREAKOFF'];
$grade_scale_id = $_ROSARIO['_makeLetterGrade']['courses'][$course_period_id][1]['GRADE_SCALE_ID'];
$percent *= 100;
if ($does_breakoff == 'Y') {
if ($programconfig[$staff_id]['ROUNDING'] == 'UP') {
$percent = ceil($percent);
} elseif ($programconfig[$staff_id]['ROUNDING'] == 'DOWN') {
$percent = floor($percent);
} elseif ($programconfig[$staff_id]['ROUNDING'] == 'NORMAL') {
$percent = round($percent);
}
} else {
$percent = round($percent);
}
// school default
if ($ret == '%') {
return $percent;
}
if (!$_ROSARIO['_makeLetterGrade']['grades'][$grade_scale_id]) {
$_ROSARIO['_makeLetterGrade']['grades'][$grade_scale_id] = DBGet(DBQuery("SELECT TITLE,ID,BREAK_OFF,COMMENT FROM REPORT_CARD_GRADES WHERE SYEAR='" . UserSyear() . "' AND SCHOOL_ID='" . UserSchool() . "' AND GRADE_SCALE_ID='{$grade_scale_id}' ORDER BY BREAK_OFF IS NOT NULL DESC,BREAK_OFF DESC,SORT_ORDER"));
}
//$grades = array('A+','A','A-','B+','B','B-','C+','C','C-','D+','D','D-','F');
foreach ($_ROSARIO['_makeLetterGrade']['grades'][$grade_scale_id] as $grade) {
if ($does_breakoff == 'Y' ? $percent >= $programconfig[$staff_id][$course_period_id . '-' . $grade['ID']] && is_numeric($programconfig[$staff_id][$course_period_id . '-' . $grade['ID']]) : $percent >= $grade['BREAK_OFF']) {
//modif Francois: use Report Card Grades comments
//return $ret=='ID' ? $grade['ID'] : $grade['TITLE'];
return $grade[$ret];
}
}
}
/**
* @inheritdoc
*
* In case, when the [[value]] property is `null`, the value of `Yii::$app->user->id` will be used as the value.
*/
protected function getValue($event)
{
if ($this->value === null) {
if (\Yii::$app instanceof \yii\web\Application) {
$this->value = !User()->isGuest ? User()->id : null;
} else {
$this->value = null;
}
}
if ($this->value instanceof \Closure || is_array($this->value) && is_callable($this->value)) {
return call_user_func($this->value, $event);
}
return $this->value;
}
function _makeLetterGrade($percent, $course_period_id = 0, $staff_id = 0, $ret = '')
{
global $programconfig, $_openSIS;
if (!$course_period_id) {
$course_period_id = UserCoursePeriod();
}
if (!$staff_id) {
$staff_id = User('STAFF_ID');
}
if (!$programconfig[$staff_id]) {
$config_RET = DBGet(DBQuery('SELECT TITLE,VALUE FROM program_user_config WHERE USER_ID=\'' . $staff_id . '\' AND PROGRAM=\'Gradebook\''), array(), array('TITLE'));
if (count($config_RET)) {
foreach ($config_RET as $title => $value) {
$programconfig[$staff_id][$title] = $value[1]['VALUE'];
}
} else {
$programconfig[$staff_id] = true;
}
}
if (!$_openSIS['_makeLetterGrade']['courses'][$course_period_id]) {
$_openSIS['_makeLetterGrade']['courses'][$course_period_id] = DBGet(DBQuery('SELECT DOES_BREAKOFF,GRADE_SCALE_ID FROM course_periods WHERE COURSE_PERIOD_ID=\'' . $course_period_id . '\''));
}
$does_breakoff = $_openSIS['_makeLetterGrade']['courses'][$course_period_id][1]['DOES_BREAKOFF'];
$grade_scale_id = $_openSIS['_makeLetterGrade']['courses'][$course_period_id][1]['GRADE_SCALE_ID'];
$percent *= 100;
// if ($does_breakoff=='Y')
// {
if ($programconfig[$staff_id]['ROUNDING'] == 'UP') {
$percent = ceil($percent);
} elseif ($programconfig[$staff_id]['ROUNDING'] == 'DOWN') {
$percent = floor($percent);
} elseif ($programconfig[$staff_id]['ROUNDING'] == 'NORMAL') {
$percent = round($percent, 2);
} else {
$percent = round($percent, 2);
}
// school default
if ($ret == '%') {
return $percent;
}
if (!$_openSIS['_makeLetterGrade']['grades'][$grade_scale_id]) {
$_openSIS['_makeLetterGrade']['grades'][$grade_scale_id] = DBGet(DBQuery('SELECT TITLE,ID,BREAK_OFF FROM report_card_grades WHERE SYEAR=\'' . UserSyear() . '\' AND SCHOOL_ID=\'' . UserSchool() . '\' AND GRADE_SCALE_ID=\'' . $grade_scale_id . '\' ORDER BY BREAK_OFF IS NOT NULL DESC,BREAK_OFF DESC,SORT_ORDER'));
}
//$grades = array('A+','A','A-','B+','B','B-','C+','C','C-','D+','D','D-','F');
foreach ($_openSIS['_makeLetterGrade']['grades'][$grade_scale_id] as $grade) {
if ($does_breakoff == 'Y' ? $percent >= $programconfig[$staff_id][$course_period_id . '-' . $grade['ID']] && is_numeric($programconfig[$staff_id][$course_period_id . '-' . $grade['ID']]) : $percent >= $grade['BREAK_OFF']) {
return $ret == 'ID' ? $grade['ID'] : $grade['TITLE'];
}
}
}
public function actionSignout()
{
$user = User::model()->findByPk(User()->id);
if ($user) {
$user->last_logout_time = Time::now();
$user->last_ip = API::get_ip();
$user->save();
}
Yii::app()->user->logout();
if (isset($_GET['rurl'])) {
$this->redirect(array($_GET['rurl']));
} else {
$this->redirect(Yii::app()->homeUrl);
}
}
function HackingLog()
{
global $RosarioNotifyAddress;
echo _('You\'re not allowed to use this program!') . ' ' . _('This attempted violation has been logged and your IP address was captured.');
Warehouse('footer');
if ($RosarioNotifyAddress) {
//modif Francois: add email headers
$headers = 'From:' . $RosarioNotifyAddress . "\r\n";
$headers .= 'Return-Path:' . $RosarioNotifyAddress . "\r\n";
$headers .= 'Reply-To:' . $RosarioNotifyAddress . "\r\n" . 'X-Mailer:PHP/' . phpversion();
$params = '-f ' . $RosarioNotifyAddress;
@mail($RosarioNotifyAddress, 'HACKING ATTEMPT', "INSERT INTO HACKING_LOG (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,QUERY_STRING,USERNAME) values('{$_SERVER['SERVER_NAME']}','{$_SERVER['REMOTE_ADDR']}','" . date('Y-m-d') . "','{$RosarioVersion}','{$_SERVER['PHP_SELF']}','{$_SERVER['DOCUMENT_ROOT']}','{$_SERVER['SCRIPT_NAME']}','{$_REQUEST['modname']}','{$_SERVER['QUERY_STRING']}','" . User('USERNAME') . "')", $headers, $params);
}
exit;
}
function ErrorMessage($errors, $code = 'error')
{
$errors = array_unique($errors);
if ($errors) {
$return = "<div style=text-align:left><table cellpadding=5 cellspacing=5 class=alert_box ><tr>";
if (count($errors) == 1) {
if ($code == 'error' || $code == 'fatal') {
$return .= '<td class=note></td><td class=note_msg >';
} else {
$return .= '<td class=alert></td><td class=alert_msg >';
}
$return .= $errors[0] ? $errors[0] : $errors[1];
} else {
if ($code == 'error' || $code == 'fatal') {
$return .= "<td class=note></td><td class=note_msg >";
} else {
$return .= '<td class=alert></td><td class=alert_msg >';
}
$return .= '<ul>';
foreach ($errors as $value) {
$return .= "<LI>{$value}</LI>\n";
}
$return .= '</ul>';
}
$return .= "</td></tr></table></div>";
if ($code == 'fatal') {
$css = getCSS();
$return .= "</td></tr></table>";
$return .= "</td></tr></table></div>";
$return .= "</td></tr></table>";
$return .= "</td></tr></table>";
$return .= "</td></tr></table>";
$return .= "</td></tr>";
if (User('PROFILE') != 'teacher') {
$return .= "<tr>\r\n\t\t\t\t\t\t\t\t<td class=\"footer\">\r\n\t\t\t\t\t\t\t\t<table width=\"100%\" border=\"0\">\r\n\t\t\t\t\t\t\t\t<tr>\r\n <td align='center' class='copyright'>\r\n <center>Copyright@2016 Feng Hua Language Studies Centre/丰华语言学习中心. All rights reserved.</center></td>\r\n </tr>\r\n\t\t\t\t\t\t\t\t</table>\r\n\t\t\t\t\t\t\t\t</td>\r\n\t\t\t\t\t\t\t\t</tr>\r\n\t\t\t\t\t\t\t\t</table>";
}
$return .= "</td></tr></table></td></tr></table>";
if ($isajax == "") {
echo $return;
}
if (!$_REQUEST['_openSIS_PDF']) {
Warehouse('footer');
}
exit;
}
return $return;
}
}
function ErrorMessage($errors, $code = 'error')
{
$errors = array_unique($errors);
if ($errors) {
$return = "<div style=text-align:left><table cellpadding=5 cellspacing=5 class=alert_box ><tr>";
if (count($errors) == 1) {
if ($code == 'error' || $code == 'fatal') {
$return .= '<td class=note></td><td class=note_msg >';
} else {
$return .= '<td class=alert></td><td class=alert_msg >';
}
$return .= $errors[0] ? $errors[0] : $errors[1];
} else {
if ($code == 'error' || $code == 'fatal') {
$return .= "<td class=note></td><td class=note_msg >";
} else {
$return .= '<td class=alert></td><td class=alert_msg >';
}
$return .= '<ul>';
foreach ($errors as $value) {
$return .= "<LI>{$value}</LI>\n";
}
$return .= '</ul>';
}
$return .= "</td></tr></table></div>";
if ($code == 'fatal') {
$css = getCSS();
$return .= "</td></tr></table>";
$return .= "</td></tr></table></div>";
$return .= "</td></tr></table>";
$return .= "</td></tr></table>";
$return .= "</td></tr></table>";
$return .= "</td></tr>";
if (User('PROFILE') != 'teacher') {
$return .= "<tr>\r\n\t\t\t\t\t\t\t\t<td class=\"footer\">\r\n\t\t\t\t\t\t\t\t<table width=\"100%\" border=\"0\">\r\n\t\t\t\t\t\t\t\t<tr>\r\n <td align='center' class='copyright'>\r\n <center>openSIS is a product of Open Solutions for Education, Inc. (<a href='http://www.os4ed.com' target='_blank'>OS4Ed</a>).\r\n and is licensed under the <a href='http://www.gnu.org/licenses/gpl.html' target='_blank'>GPL License</a>.\r\n </center></td>\r\n </tr>\r\n\t\t\t\t\t\t\t\t</table>\r\n\t\t\t\t\t\t\t\t</td>\r\n\t\t\t\t\t\t\t\t</tr>\r\n\t\t\t\t\t\t\t\t</table>";
}
$return .= "</td></tr></table></td></tr></table>";
if ($isajax == "") {
echo $return;
}
if (!$_REQUEST['_openSIS_PDF']) {
Warehouse('footer');
}
exit;
}
return $return;
}
}
function Preferences($item, $program = 'Preferences')
{
global $_openSIS;
if ($_SESSION['STAFF_ID'] && !$_openSIS['Preferences'][$program]) {
$QI = DBQuery('SELECT TITLE,VALUE FROM program_user_config WHERE USER_ID=' . $_SESSION[STAFF_ID] . ' AND PROGRAM=\'' . $program . '\'');
$_openSIS['Preferences'][$program] = DBGet($QI, array(), array('TITLE'));
}
$defaults = array('NAME' => 'Common', 'SORT' => 'Name', 'SEARCH' => 'Y', 'DELIMITER' => 'Tab', 'COLOR' => '#FFFFCC', 'HIGHLIGHT' => '#85E1FF', 'TITLES' => 'gray', 'THEME' => 'Brushed-Steel', 'HIDDEN' => 'Y', 'MONTH' => 'M', 'DAY' => 'j', 'YEAR' => 'Y', 'DEFAULT_ALL_SCHOOLS' => 'N', 'ASSIGNMENT_SORTING' => 'ASSIGNMENT_ID', 'ANOMALOUS_MAX' => '100');
if (!isset($_openSIS['Preferences'][$program][$item][1]['VALUE'])) {
$_openSIS['Preferences'][$program][$item][1]['VALUE'] = $defaults[$item];
}
if ($_SESSION['STAFF_ID'] && User('PROFILE') == 'parent' || $_SESSION['STUDENT_ID']) {
$_openSIS['Preferences'][$program]['SEARCH'][1]['VALUE'] = 'N';
}
return $_openSIS['Preferences'][$program][$item][1]['VALUE'];
}
function admin_news()
{
global $user;
if (!isset($_GET["action"])) {
redirect(page_link_to("news"));
} else {
$html = '<div class="col-md-12"><h1>' . _("Edit news entry") . '</h1>' . msg();
if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) {
$id = $_REQUEST['id'];
} else {
return error("Incomplete call, missing News ID.", true);
}
$news = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($id) . "' LIMIT 1");
if (count($news) > 0) {
switch ($_REQUEST["action"]) {
default:
redirect(page_link_to('news'));
case 'edit':
list($news) = $news;
$user_source = User($news['UID']);
if ($user_source === false) {
engelsystem_error("Unable to load user.");
}
$html .= form(array(form_info(_("Date"), date("Y-m-d H:i", $news['Datum'])), form_info(_("Author"), User_Nick_render($user_source)), form_text('eBetreff', _("Subject"), $news['Betreff']), form_textarea('eText', _("Message"), $news['Text']), form_checkbox('eTreffen', _("Meeting"), $news['Treffen'] == 1, 1), form_submit('submit', _("Save"))), page_link_to('admin_news&action=save&id=' . $id));
$html .= '<a class="btn btn-danger" href="' . page_link_to('admin_news&action=delete&id=' . $id) . '"><span class="glyphicon glyphicon-trash"></span> ' . _("Delete") . '</a>';
break;
case 'save':
list($news) = $news;
sql_query("UPDATE `News` SET \n `Datum`='" . sql_escape(time()) . "', \n `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', \n `Text`='" . sql_escape($_POST["eText"]) . "', \n `UID`='" . sql_escape($user['UID']) . "', \n `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' \n WHERE `ID`='" . sql_escape($id) . "'");
engelsystem_log("News updated: " . $_POST["eBetreff"]);
success(_("News entry updated."));
redirect(page_link_to("news"));
break;
case 'delete':
list($news) = $news;
sql_query("DELETE FROM `News` WHERE `ID`='" . sql_escape($id) . "' LIMIT 1");
engelsystem_log("News deleted: " . $news['Betreff']);
success(_("News entry deleted."));
redirect(page_link_to("news"));
break;
}
} else {
return error("No News found.", true);
}
}
return $html . '</div>';
}
function ErrorMessage($errors, $code = 'error')
{
if ($errors) {
$return = "<div style=text-align:left><table cellpadding=5 cellspacing=5 class=alert_box ><tr>";
if (count($errors) == 1) {
if ($code == 'error' || $code == 'fatal') {
$return .= '<td class=note></td><td class=note_msg >';
} else {
$return .= '<td class=alert></td><td class=alert_msg >';
}
$return .= $errors[0] ? $errors[0] : $errors[1];
} else {
if ($code == 'error' || $code == 'fatal') {
$return .= "<td class=note></td><td class=note_msg >";
} else {
$return .= '<td class=alert></td><td class=alert_msg >';
}
$return .= '<ul>';
foreach ($errors as $value) {
$return .= "<LI>{$value}</LI>\n";
}
$return .= '</ul>';
}
$return .= "</td></tr></table></div>";
if ($code == 'fatal') {
$css = getCSS();
$return .= "</td></tr></table>";
$return .= "</td></tr></table></div>";
$return .= "</td></tr></table>";
$return .= "</td></tr></table>";
$return .= "</td></tr></table>";
$return .= "</td></tr>";
if (User('PROFILE') != 'teacher') {
$return .= "<tr>\n\t\t\t\t\t\t\t\t<td class=\"footer\">\n\t\t\t\t\t\t\t\t<table width=\"100%\" border=\"0\">\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td valign=middle class=\"copyright\">Copyright © 2007-2008 Open Solutions for Education, Inc. (<a href='http://www.os4ed.com' target='_blank'>OS4Ed</a>).</td>\n\t\t\t\t\t\t\t\t<td valign=bottom class=\"credits\"><a href='http://www.os4ed.com' target='_blank'><img src=\"themes/" . $css . "/os4ed_logo.png\" /></a></td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t</table>";
}
$return .= "</td></tr></table></td></tr></table>";
if ($isajax == "") {
echo $return;
}
if (!$_REQUEST['_CENTRE_PDF']) {
Warehouse('footer');
}
exit;
}
return $return;
}
}
function user_questions()
{
global $user;
if (!isset($_REQUEST['action'])) {
$open_questions = sql_select("SELECT * FROM `Questions` WHERE `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'");
$answered_questions = sql_select("SELECT * FROM `Questions` WHERE NOT `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'");
foreach ($answered_questions as &$question) {
$answer_user_source = User($question['AID']);
if ($answer_user_source === false) {
engelsystem_error(_("Unable to load user."));
}
$question['answer_user'] = User_Nick_render($answer_user_source);
}
return Questions_view($open_questions, $answered_questions, page_link_to("user_questions") . '&action=ask');
} else {
switch ($_REQUEST['action']) {
case 'ask':
$question = strip_request_item_nl('question');
if ($question != "") {
$result = sql_query("INSERT INTO `Questions` SET `UID`='" . sql_escape($user['UID']) . "', `Question`='" . sql_escape($question) . "'");
if ($result === false) {
engelsystem_error(_("Unable to save question."));
}
success(_("You question was saved."));
redirect(page_link_to("user_questions"));
} else {
return page_with_title(questions_title(), array(error(_("Please enter a question!"), true)));
}
break;
case 'delete':
if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}\$/", $_REQUEST['id'])) {
$id = $_REQUEST['id'];
} else {
return error(_("Incomplete call, missing Question ID."), true);
}
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1");
if (count($question) > 0 && $question[0]['UID'] == $user['UID']) {
sql_query("DELETE FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1");
redirect(page_link_to("user_questions"));
} else {
return page_with_title(questions_title(), array(error(_("No question found."), true)));
}
break;
}
}
}
/**
* @return bool
*/
public function login()
{
$Account = $this->getAccount();
if (true === ($reason = $Account->isAvailable())) {
return User()->login($Account, $this->remember === 'true' ? static::REMEMBER_TIME : 0);
} else {
switch ($reason) {
case 'deleted':
$this->addError('email', \Yii::t('account', 'Account removed.'));
break;
case 'not-activated':
$this->addError('email', \Yii::t('account', 'Account is not activated.'));
break;
}
}
return false;
}
/**
* @inheritdoc
* @throws \yii\web\ForbiddenHttpException
*/
public function init()
{
parent::init();
$this->on(self::EVENT_BEFORE_ACTION, function (\yii\base\ActionEvent $ActionEvent) {
$Action = $ActionEvent->action;
if (!User()->isGuest && !in_array($Action->getUniqueId(), ['site/error'], true)) {
$Account = Account();
if (($reason = $Account->isAvailable()) !== true) {
switch ($reason) {
case 'not-activated':
throw new \yii\web\ForbiddenHttpException('You account is not activated.');
case 'deleted':
throw new \yii\web\ForbiddenHttpException('You account removed.');
}
}
}
});
}
public function actionV()
{
$model = Inbox::model()->findByPk($_GET['id']);
if ($model == null && ($model->source_id != User()->id || $model->dest_id != User()->id)) {
throw new CHttpException(404, 'The requested Node does not exist.');
}
$nmodel = new Inbox();
$nmodel->dest_id = User()->id == $model->source_id ? $model->dest_id : $model->source_id;
$nmodel->parent_id = $model->id;
$u =& $this->iuser;
if ($u->id == $model->dest_id) {
// dest user read the mail
$model->is_read = 1;
$model->save(false);
}
Inbox::model()->updateAll(array('is_read' => 1), " dest_id = {$u->id} AND parent_id = {$model->id} ");
$this->render('view', array('m' => $u, 'model' => $model, 'nmodel' => $nmodel), false, true);
}
