$s2c = array();
$sql = "SELECT class_id FROM classes \n\t\t\t\t\t\t\tWHERE course_id =" . $selected_course . " AND term_id =" . $selected_term;
$result = $db->query($sql);
$row = $result->fetch_assoc();
$class_id = $row['class_id'];
$numErrors = 0;
$err = "";
//displayArray($records);exit;
foreach ($lines as $line) {
rtrim($line);
list($assign_id, $student_id, $raw_score, $comment, $assign_name, $assign_due_date, $assign_max_score, $assign_weight, $note, $cat_id, $cat_name, $cat_weight, $cat_ord) = preg_split("/:-:/", $line);
$s2c[$student_id] = $class_id;
$comment = makeSQLsafe($comment);
$assign_name = makeSQLsafe($assign_name);
$note = makeSQLsafe($note);
$cat_name = makeSQLsafe($cat_name);
/**
* Need to check for the categories and assignments here They may have been
* deleted by accident, so check to see if they are there. If not, insert them.
*/
/**
* Categories
*/
$check = "SELECT * from categories where category_id=" . $cat_id;
$result = $db->query($sql);
$count = $db->affected_rows;
if ($count == -1) {
$insert = "INSERT into categories (category_id, category_name, class_id, category_weight, category_ord)\n VALUES(" . $cat_id . ",'" . $cat_name . "'," . $class_id . "," . $cat_weight . "," . $cat_ord . ")";
$db->query($insert);
}
/**
$t = "Add Students";
$bc = "blue";
$b = "\n <FORM action=index.php?lev=" . $_SESSION[$_CONF['sess_name'] . '_lev'] . "&cat=" . $_SESSION[$_CONF['sess_name'] . '_cat'] . " method=POST onSubmit=\"return validateForm(this);\">\n\t\t\t\t<table cellspacing=1 cellpadding=3 border=0 bgcolor=black border=0>\n\t\t\t\t<tr>\n\t\t\t\t<th>First Name</th><th>Last Name</th><th>E-Mail</th><th>School</th>\n\t\t\t\t</tr>";
for ($i = 1; $i <= $_POST['numStudents']; $i++) {
$b .= "\n\t\t\t\t\t<tr>\n\t\t\t\t\t<td><input type=text size=30 name=s_" . $i . "_fName /></td>\n\t\t\t\t\t<td><input type=text size=30 name=s_" . $i . "_lName /></td>\n\t\t\t\t\t<td><input type=text size=30 name=s_" . $i . "_email /></td>\n\t\t\t\t\t<td><select name=s_" . $i . "_school_id>" . $schoolList . "</select></td>\n\t\t\t\t\t</tr>";
}
$b .= "\n\t\t\t\t</table><center>\n\t\t\t\t<input type=hidden name=numStudents value=" . $_POST['numStudents'] . " />\n\t\t\t\t<input type=submit class=submit name=insert_students value=Insert>\n\t\t\t\t</center></form>";
$main .= make_box($t, $b, $bc);
} elseif (isset($_POST['insert_students'])) {
for ($aid = 1; $aid <= $_POST['numStudents']; $aid++) {
$name = makeSQLsafe($_POST['s_' . $aid . '_name']);
$due_date = $_POST['s_' . $aid . '_due_year'] . "-" . $_POST['s_' . $aid . '_due_month'] . "-" . $_POST['s_' . $aid . '_due_day'];
$weight = $_POST['s_' . $aid . '_weight'];
$maxscore = $_POST['s_' . $aid . '_max_score'];
$categoryID = $_POST['s_' . $aid . '_category_id'];
$note = makeSQLsafe($_POST['s_' . $aid . '_assignment_note']);
$sql = "INSERT into assignments (assignment_name, category_id, max_score, due_date, assignment_weight,assignment_note)\t\n\t\t\t\t\tVALUES('" . $name . "'," . $categoryID . "," . $maxscore . ",'" . $due_date . "'," . $weight . ",'" . $note . "')";
$result = $db->query($sql);
}
} else {
/** if no categories exist, then display message and redirect to categories... **/
$sql = "SELECT count(*) as count from categories where class_id=" . $classID;
$result = $db->query($sql);
$row = $result->fetch_assoc();
$count = $row[0];
$copyALL = "\n\t\t\t\t<tr><td colspan=5><span style=\"color:red\">Copy ALL CLASS DATA from another class ?<br>\n\t\t\t\tWARNING : This will replace ALL data in the Categories, Assignments AND Grades Tables for the (Copy To) Class.</span></td><td>\n\t\t\t\t<form action=index.php?lev=" . $_SESSION[$_CONF['sess_name'] . '_lev'] . "&cat=" . $_SESSION[$_CONF['sess_name'] . '_cat'] . " method=POST>\n\t\t\t\t<input type=submit class=submit name=copy_ALL_from value=\"COPY ALL\" />\n\t\t\t\t</span>\n\t\t\t\t</form><br />\n\t\t\t\t</td></tr>";
if ($count) {
$bc = "blue";
/** list the assignments for the selected class **/
$sql = "SELECT assignments.assignment_id, assignments.assignment_name, assignments.due_date, assignments.max_score, assignments.assignment_weight, categories.category_name\n\t\t\t\t\tFROM assignments, categories \n\t\t\t\t\tWHERE categories.class_id=" . $classID . " and assignments.category_id=categories.category_id\n\t\t\t\t\tORDER by assignments.due_date";
$result = $db->query($sql);
if ($var == "recipients") {
if (is_array($value)) {
$recipients = $value;
} else {
$recipients = array($value => $_SESSION[$_CONF['sess_name'] . '_myName']);
}
}
}
$filename = $_FILES['upload_file']['name'];
$filesize = $_FILES['upload_file']['size'];
$filetype = $_FILES['upload_file']['type'];
$filedesc = $_POST['description'];
$filetitle = $_POST['title'];
$sqlfiledesc = makeSQLsafe($filedesc);
$sqlfilename = makeSQLsafe($filename);
$sqlfiletype = makeSQLsafe($filetype);
if (isset($_POST['upload-send'])) {
$file_name = $_SESSION[$_CONF['sess_name'] . '_username'] . "_" . $filename;
//$dropbox_path .= $yourLevel."/".$username."/";
$dropbox_path .= $yourLevel . "/";
$subDir = "";
}
if (isset($_POST['upload-add'])) {
$recipients = array($myID);
//$dropbox_path .= $myLevel."/".$_SESSION[$_CONF['sess_name'].'_username']."/save/";
$dropbox_path .= $myLevel . "/";
$subDir = "save/";
$file_name = $filename;
}
//$file_path = $dropbox_path.$filename;
$t = "Message...<br />";
$queryFields .= "student_id,referral_date";
$queryValues .= $_POST['student_id'] . ",'" . $_POST['referral_date'] . "'";
$q['student_id'] = $_POST['student_id'];
$q['course_id'] = $_POST['course_id'];
$q['referral_date'] = $_POST['referral_date'];
/** ONLY administrator can close a referral **/
if (isset($_POST['isClosed'])) {
$q['isClosed'] = 'Y';
}
}
/**
Don't forget to escape all text fields....
**/
foreach ($referral_text_fields as $field) {
if (isset($_POST[$field]) && $_POST[$field] != " ") {
$val = makeSQLsafe($_POST[$field]);
$queryFields .= "," . $field;
$queryValues .= ",'" . $val . "'";
$q[$field] = $val;
}
}
/**
Now for all of the date fields... Test for the field to be 'on'
**/
foreach ($referral_date_fields as $field) {
if (isset($_POST[$field])) {
$sqldate = sprintf("%04d-%02d-%02d", $_POST[$field . '_year'], $_POST[$field . '_month'], $_POST[$field . '_day']);
$queryFields .= "," . $field;
$queryFields .= "," . $field . "_date";
$queryValues .= ",'on'";
$queryValues .= ",'" . $sqldate . "'";
}
$b .= " />AM\n <input class=\"validate[required] radio\" type=radio name=session id=sessionpm value='PM' ";
if ($sess == 'PM') {
$b .= " checked=true";
}
$b .= " />PM\n <input class=\"validate[required] radio\" type=radio name=session id=sessionboth value='BOTH' ";
if ($sess == 'BOTH') {
$b .= " checked=true";
}
$b .= " />BOTH\n </td>\n </tr>\n <tr>\n <td align=right>Date:</td>\n <td><input id=\"dateSelector\" name=\"dateSelector\" type=text size=15 value=" . $today . " /></td>\n </tr>\n <tr>\n <td align=right>Attendance Value:</td>\n <td>" . $attendVals . "</td>\n </tr>\n <tr>\n <td align=right>Minutes:</td>\n <td><input type=text size=3 class=\"attendMinutes validate[required,custom[integer]]\" name=\"a_minutes\" id=\"a_minutes\" value=\"" . $min . "\" />\n <span style=\"color:red;\">(Being Subtracted or 0 for absent)</span></td>\n </tr>\n <tr>\n <td align=right>Note:</td>\n <td><span style=white-space:nowrap>" . $noteSelectList . "<input type=text size=40 id=\"attendNote\" name=attendNote value=\"" . $note . "\"/></span></td>\n </tr>\n <tr>\n <td colspan=2 align=center>\n <input type=submit name=setAttend id=setAttend value=Set />\n </td>\n </tr>\n </table>\n </form>\n </center>\n ";
$main .= make_box($t, $b, $c);
if (isset($_POST['setAttend'])) {
$note = "";
if ($_POST['attendNote'] != "") {
$note1 = makeSQLsafe($_POST['attendReason']);
$note2 = makeSQLsafe($_POST['attendNote']);
if ($_POST['attendReason'] != 'none') {
if ($_POST['attendNote'] != '') {
$note = $note1 . " => " . $note2;
} else {
$note = $note1;
}
} else {
$note = $note2;
}
}
$SMSmsg = '';
foreach ($schoolsForBulkAttend as $schoolID => $schoolName) {
$SMSmsg .= "Bulk Attendance for School {" . $schoolName . "} for session {" . $_POST['session'] . "}<BR>";
$studentList = array();
$result1 = get_courses_for_bulkAttend($_SESSION[$_CONF['sess_name'] . '_myCenter'], $_POST['session'], $_POST['dateSelector']);
<?php
if ($_SESSION[$_CONF['sess_name'] . '_isAdmin']) {
if (isset($_POST['insert'])) {
$sql = "INSERT into links (cat, description, ord, forAdmin, forGuidance, forParent, forStudent, forTeacher, forGradebook, forOffice, isActive)\n\t\t\t\tVALUES('" . $_POST['category'] . "','" . $_POST['description'] . "','" . $_POST['order'] . "','" . $_POST['forAdmin'] . "','" . $_POST['forGuidance'] . "','" . $_POST['forParent'] . "','" . $_POST['forStudent'] . "','" . $_POST['forTeacher'] . "','" . $_POST['forGradebook'] . "','" . $_POST['forOffice'] . "','" . $_POST['isActive'] . "')";
$result = $db->query($sql);
$t = "INSERT NEW LINK";
$b = $sql;
//$main .= make_box($t,$b,"blue");
}
if (isset($_POST['really_delete'])) {
$sql = "DELETE from links WHERE link_id=" . $_POST['l_id'];
$result = $db->query($sql);
}
if (isset($_POST['update']) && isset($_POST['l_id'])) {
$sql = "UPDATE links set\n\t\t\t\t\tcat='" . $_POST['category'] . "',\n\t\t\t\t\tdescription='" . makeSQLsafe($_POST['description']) . "',\n\t\t\t\t\tord='" . $_POST['order'] . "',\n\t\t\t\t\tforAdmin='" . $_POST['forAdmin'] . "',\n\t\t\t\t\tforTeacher='" . $_POST['forTeacher'] . "',\n\t\t\t\t\tforGradebook='" . $_POST['forGradebook'] . "',\n\t\t\t\t\tforGuidance='" . $_POST['forGuidance'] . "',\n\t\t\t\t\tforOffice='" . $_POST['forOffice'] . "',\n\t\t\t\t\tforParent='" . $_POST['forParent'] . "',\n\t\t\t\t\tforStudent='" . $_POST['forStudent'] . "',\n\t\t\t\t\tisActive='" . $_POST['isActive'] . "'\n\t\t\t\t WHERE link_id=" . $_POST['l_id'];
$result = $db->query($sql);
$t = "Link Update";
$b = $sql;
//$main .= make_box($t,$b);
} elseif (isset($_POST['edit'])) {
/**
link_id, cat, description, ord,
forAdmin, forGuidance, forParent, forStudent, forTeacher, forGradebook, forOffice,
isActive
**/
$query = "SELECT * from links where link_id=" . $_POST['l_id'];
$result = $db->query($query);
if ($myrow = $result->fetch_assoc()) {
$forStudent = $myrow['forStudent'] == "Y";
$forParent = $myrow['forParent'] == "Y";
/**
* This will backup a class for a teacher. It is specific to a term/course pair.
* This function will be called by the teach_backup routine and will write data
* to a text file for potential restore at a later date.
*
* @param int $cid
* @param int $tid
*/
function backup_gradebook($cid, $tid, $sql)
{
/** Now lets retrieve the grades from the gradebook **/
$cat_name = "";
$assign_name = "";
$cat_names_array = array();
/** holds the names of the categories for this class **/
while ($row = $results->fetch_assoc()) {
/** create an array to hold each category **/
if ($row['category_name'] != $cat_name) {
$b .= "Creating Category " . $row['category_name'] . "<br />";
${$row['category_name']} = array();
array_push($cat_names_array, $row['category_name']);
$cat_name = $row['category_name'];
}
array_push(${$row['category_name']}, $row);
}
$new_catID = 0;
$new_assignID = 0;
foreach ($cat_names_array as $cat) {
$cat_created = 0;
$cur_assign_name = "";
$cur_due_date = "";
$prev_assign_name = "";
$prev_due_date = "";
$queries .= "================== New Cat {" . $cat . "} =================<br>";
foreach (${$cat} as $sqlrow) {
$cur_assign_name = $sqlrow['assignment_name'];
$cur_due_date = $sqlrow['due_date'];
$com = makeSQLsafe($sqlrow['comment']);
$assign;
if (!$cat_created) {
/** have to do this here so I can get the ID number right after inserting it **/
$sql = "INSERT into categories(category_name, class_id, category_weight, category_ord)\r\n\t\t\t\tVALUES('" . $cat . "'," . $to_class . "," . $sqlrow['category_weight'] . "," . $sqlrow['category_ord'] . ")";
$queries .= $sql . "<br>";
$result = $db->query($sql);
/** retrieve the ID for the above created category **/
$s = $db->query("SELECT LAST_INSERT_ID() as id");
$r = $s->fetch_assoc();
$new_catID = $r['id'];
$cat_created = 1;
}
if ($cur_assign_name != $prev_assign_name || $cur_assign_name == $prev_assign_name && $cur_due_date != $prev_due_date) {
/** INSERT the assignment using the above created category **/
$sql = "INSERT into assignments (assignment_name, category_id,due_date, max_score, assignment_weight, assignment_note)\r\n\t\t\t\tVALUES('" . $sqlrow['assignment_name'] . "'," . $new_catID . ",'" . $sqlrow['due_date'] . "'," . $sqlrow['max_score'] . "," . $sqlrow['assignment_weight'] . ",'" . $sqlrow['assignment_note'] . "')";
$queries .= $sql . "<br>";
$result = $db->query($sql);
/** retrieve the ID for the above created assignment **/
$s = $db->query("SELECT LAST_INSERT_ID() as id");
$r = $s->fetch_assoc();
$new_assignID = $r['id'];
}
if ($sqlrow['raw_score'] != '') {
/** INSERT the grade using the above created assignment ID **/
$sql = "INSERT into grades(student_id, assignment_id,raw_score, comment)\r\n\t\t\t\tVALUES(" . $sqlrow['student_id'] . "," . $new_assignID . ",'" . $sqlrow['raw_score'] . "','" . $com . "')";
} else {
$sql = "INSERT into grades(student_id, assignment_id, comment)\r\n\t\t\t\tVALUES(" . $sqlrow['student_id'] . "," . $new_assignID . ",'" . $com . "')";
}
$queries .= $sql . "<br>";
$result = $db->query($sql);
if (!$result) {
//print $sql;
}
$prev_assign_name = $cur_assign_name;
$prev_due_date = $cur_due_date;
}
// end foreach ${$cat}
}
// end foreach $cat_names_array
}
$main .= make_box($t, $b);
}
} elseif (isset($_POST['send'])) {
/**
if a student delivers a file,, send it to teachers dropBox
Get the teacher_id and teacher_uname so I can deliver the file on the file system
ONLY linking delivered files, not actually copying them to teachers folder...
**/
if (isset($_POST['deliver'])) {
$t = "Delivering File";
$b = "";
$sql = "SELECT * from dropbox where id=" . $_POST['fid'];
$result = $db->query($sql);
$row = $result->fetch_assoc();
$file_path = $row['file_path'];
$sql = "INSERT into dropbox (file_id, file_name, file_owner, file_recipient, file_path, file_description, file_type, file_size, file_title)\n\t\t\t\t\tValues(" . $_POST['fid'] . ",'" . $row['file_name'] . "'," . $myID . "," . $_POST['tid'] . ",'" . $file_path . "','" . makeSQLsafe($row['file_description']) . "','" . makeSQLsafe($row['file_type']) . "','" . $row['file_size'] . "','" . makeSQLsafe($row['file_title']) . "')";
$result = $db->query($sql);
} else {
$t = "Send File";
$b = "\n\t\t\t<center>\n\t\t\t<form enctype=\"multipart/form-data\" action=index.php?lev=" . $_SESSION[$_CONF['sess_name'] . '_lev'] . "&cat=" . $_SESSION[$_CONF['sess_name'] . '_cat'] . " method=\"post\" name=\"dropBox_Send\" onSubmit=\"return validateUploadForm(this);\">";
/** Get a list of files in MY save dir to select from **/
$sql = "SELECT * from dropbox \n\t\t\t\tWHERE file_owner=" . $myID . " AND file_recipient=" . $myID;
if ($result = $db->query($sql)) {
$lof = array();
while ($row = $result->fetch_assoc()) {
$lof[$row['id']] = $row['file_name'];
}
/** make_selection_list($list,$selected=-1,$select_name,$form, $what, $change="off")**/
$b .= make_selection_list($lof, -1, "fid", "dropBox_Send", "file", "off");
$b .= "<br />AND<br />";
$b .= make_selection_list($teachers, -1, "tid", "dropBox_Send", "teacher", "off");
$m1 = date("m");
$y1 = date("Y");
$date = $_POST['sqldate'];
list($y2, $m2, $d2) = preg_split("/-/", $date);
/** used for comparison **/
$student_array = unserialize(urldecode($_POST['abs_stud_array']));
$box_color_homeschool = $box_color_parent = $box_color_center = "blue";
$b_homeschool = $b_parent = $b_center = "";
$mesg = "";
foreach ($student_array as $student => $record) {
// $student=user_id
$userInfo = get_user_info($student);
$row = $userInfo->fetch_assoc();
$STGUID = $row['STGUID'];
if ($record['student'] != "") {
$note = makeSQLsafe($record['note']);
/** if($record['status']!="present"){ **/
if ($y1 == $y2 && $m1 == $m2 && $d1 == $d2) {
/** then inserting for Today **/
$verb = "is";
$when = "today";
} else {
/** must be back dating... **/
$verb = "was";
$when = "on " . $m2 . "-" . $d2 . "-" . $y2;
}
/** ******************************************************
* Get attendance officers email from the schools table
* Eventually the Ed Center will print/email the attendance
* for the home school to avoid the home school receiving
* email for each student for each teacher/class. One single
$errorFlag = 0;
$fname = makeSQLsafe(ucfirst($data[0]));
$lname = makeSQLsafe(ucfirst($data[1]));
$email = makeSQLsafe($data[2]);
$u_name = makeSQLsafe($data[3]);
$school_name_id = $data[4];
$pfname = makeSQLsafe(ucfirst($data[6]));
$plname = makeSQLsafe(ucfirst($data[7]));
$pemail = makeSQLsafe(ucfirst($data[8]));
$puname = makeSQLsafe($data[9]);
$address1 = makeSQLsafe(ucwords($data[10]));
$address2 = makeSQLsafe(ucwords($data[11]));
$city = makeSQLsafe(ucwords($data[12]));
$state = makeSQLsafe(strtoupper($data[13]));
$zip = makeSQLsafe($data[14]);
$phone = makeSQLsafe($data[15]);
// get the school name...
$query = "SELECT school_name from schools where school_id=" . $school_name_id;
if ($result = $db->query($query)) {
$row = $result->fetch_assoc();
$schoolName = $row['school_name'];
} else {
$schoolName = "NONE (" . $school_name_id . ")";
}
// check the username for student
$sresults = check_user_info($u_name, -1, $email);
if (!$sresults[result] || in_array($u_name, $unames)) {
$errorFlag = 1;
$scolor = "red";
} else {
array_push($unames, $u_name);
if (substr($k, 0, 2) == "s_") {
list($j, $id, $keys) = preg_split("/_/", $k);
$split = "s_" . $id . "_";
list($junk, $key) = preg_split("/{$split}/", $k);
if (empty($key)) {
$v = "NULL";
}
$scoresArray[$id][$key] = $v;
}
}
$cols = array();
$scores = array();
foreach ($scoresArray as $id => $fields) {
foreach ($fields as $k => $v) {
if ($v != '') {
$cols[] = $k . "='" . makeSQLsafe($v) . "'";
} else {
$cols[] = $k . "= NULL";
}
}
$sql = "UPDATE custom_scores set " . implode(', ', $cols) . " WHERE score_id=" . $id;
$msg .= $sql . "<br>";
$result = $db->query($sql);
$scores[$id] .= "\n\t\t\t<tr id=s_" . $id . ">\n\t\t\t\t<td>\n\t\t\t\t\t<input type=checkbox id=s_" . $id . " name=s_" . $id . " value=" . $id . " />\n\t\t\t\t</td>\n\t\t\t\t<td bgcolor=white><span style=white-space:nowrap>" . $fields['long_name'] . "</span></td>\n\t\t\t\t<td bgcolor=white><span style=white-space:nowrap>" . $fields['code'] . "</span></td>\n\t\t\t\t<td bgcolor=white><span style=white-space:nowrap>" . $fields['grade'] . "</span></td>\n\t\t\t</tr>";
}
$ret = array('message' => $msg, 'error' => $error, 'updateScores' => $scores);
echo json_encode($ret);
}
if (isset($_POST['editScores'])) {
$error = false;
$msg = "";
$b .= "<tr>\n\t\t\t\t\t\t\t<td><input type=text size=30 name=t_" . $i . "_name />\n\t\t\t\t\t\t\t\t<input type=hidden name=t_" . $i . "_ord value=" . $i . " /></td>\n\t\t\t\t\t\t\t<td><input type=text size=5 name=t_" . $i . "_weight /></td>\n\t\t\t\t\t\t\t<td><input type=text size=15 name=t_" . $i . "_start_date id=t_" . $i . "_start_date /></td>\n <td><input type=text size=15 name=t_" . $i . "_interimsDueDate id=t_" . $i . "_interimsDueDate /></td>\n <td><input type=text size=15 name=t_" . $i . "_end_date id=t_" . $i . "_end_date /></td>\n <td><input type=text size=15 name=t_" . $i . "_gradesDueDate id=t_" . $i . "_gradesDueDate /></td>\n\t\t\t\t\t\t\t</tr>";
}
$b .= "\n\t\t\t\t</table><center>\n\t\t\t\t\t\t<input type=hidden name=numTerms value=" . ($i - 1) . " />\n\t\t\t\t\t\t<input type=submit class=submit name=insert_term value=Insert>\n\t\t\t\t</center></form>";
$main .= make_box($t, $b, $bc);
}
if (isset($_POST['insert_term'])) {
/** one term record is t_#_name, t_#_weight, t_#_startMonth,t_#_startDay, t_#_startYear , t_#_endMonth, t_#_endDay, t_#_endYear **/
for ($tid = 1; $tid <= $_POST['numTerms']; $tid++) {
$ord = $_POST['t_' . $tid . '_ord'];
//$start_date = $_POST['t_'.$tid.'_startYear']."-".$_POST['t_'.$tid.'_startMonth']."-".$_POST['t_'.$tid.'_startDay'];
$start_date = $_POST['t_' . $tid . '_start_date'];
//$end_date = $_POST['t_'.$tid.'_endYear']."-".$_POST['t_'.$tid.'_endMonth']."-".$_POST['t_'.$tid.'_endDay'];
$end_date = $_POST['t_' . $tid . '_end_date'];
$interimsDueDate = $_POST['t_' . $tid . '_interimsDueDate'];
$gradesDueDate = $_POST['t_' . $tid . '_gradesDueDate'];
$name = makeSQLsafe($_POST['t_' . $tid . '_name']);
$weight = $_POST['t_' . $tid . '_weight'];
$sql = "INSERT into terms (school_year_id, term_name, term_weight,term_start_date, term_end_date, term_ord,center_id, interimsDueDate, gradesDueDate)\n\t\t\tVALUES(" . $_SESSION[$_CONF['sess_name'] . '_current_school_year'] . ",'" . $name . "'," . $weight . ",'" . $start_date . "','" . $end_date . "'," . $ord . "," . $_SESSION[$_CONF['sess_name'] . '_adminCenterID'] . ",'" . $interimsDueDate . "','" . $gradesDueDate . "')\n\t\t\t\t\tON DUPLICATE KEY UPDATE term_name='" . $name . "', term_start_date='" . $start_date . "', term_end_date='" . $end_date . "', term_weight=" . $weight . ", interimsDueDate='" . $interimsDueDate . "', gradesDueDate='" . $gradesDueDate . "'";
$result = $db->query($sql);
}
}
/** The Update and Edit Term have been depreciated, handled by INSERT/ADD now to preserve error checking **/
if (isset($_POST['really_delete_term'])) {
/**
Deleting a term is complicated. Must remove all references to classes that are in this term.
This means we need to remove the assignments/categories/grades/homework/classes/reports
remove_class should handle the extra stuff...
**/
/** get the list of classes belonging to this term **/
$sql = "SELECT * from classes where term_id=" . $_POST['term_id'];
$result = $db->query($sql);
$user = array('first_name' => $_POST['parentFirstName'], 'last_name' => $_POST['parentLastName'], 'u_name' => $_POST['u_name'], 'email' => $_POST['parentEmail'], 'passwd' => md5($u_passwd));
$where_clause = 'isParent';
$centers = array_keys(get_center_for_user($studentID));
/**
* If u_name already exits, then this is a paarent adding a child....
* Look up info by u_name to get the user_id etc...
*/
$parentInfo = make_assoc_array_from_sql(get_user_info_by_username($_POST['u_name']), 'u_name', 'my');
if (count($parentInfo[$_POST['u_name']])) {
$parentID = $parentInfo[$_POST['u_name']]['user_id'];
} else {
$msg = createUser($user, $where_clause, $centers);
if ($msg['error']) {
$b .= "<span style=\"color:red;\">There was a problem creating your user account.<br> \n Please contact the system administrator {" . $_CONF['admin_name'] . " @ " . $_CONF['admin_email'] . "}.<br>\n The error was " . $msg['message'] . "</span>";
} else {
$email_results = email_user_login_info(makeSQLsafe($_POST['parentFirstName']), makeSQLsafe($_POST['parentFirstName']), $_POST['parentEmail'], $_POST['u_name'], $u_passwd, '2');
$parentID = $msg['user_id'];
}
}
/**
* Link Parent to Student
*
*/
$sql = "INSERT into parent2student(parent_id, student_id) VALUES(" . $parentID . "," . $studentID . ")";
if ($result = $db->query($sql)) {
$b .= "You have successfully create an account and have been linked to your child.<br>\n Please check your email for further instructions.<br>\n If you have any questions you can contact the system administrator {" . $_CONF['admin_name'] . " @ " . $_CONF['admin_email'] . "}.<br>";
} else {
$b .= "<span style=\"color:red;\">There was an error linking you to your child. using {" . $sql . "}<br> \n Please contact the system administrator {" . $_CONF['admin_name'] . " @ " . $_CONF['admin_email'] . "}.<br></span>";
}
} else {
$b .= "<span style=\"color:red;\">Some of the supplied student information was incorrect.<br> Please hit your browsers \"Back\" button and try again.</span>";
[location] => de
[wbl_36215_student] => 36215
[wbl_36216_student] => 36216
[wbl_36220_student] => 36220
[wbl_36221_student] => 36221
[wbl_36222_student] => 36222
[send] => Send
[date] => 2014-03-03
)
*/
$date = $_POST['date'];
$type = makeSQLsafe($_POST['type']);
$job = makeSQLsafe($_POST['job']);
$contact = makeSQLsafe($_POST['contact']);
$location = makeSQLsafe($_POST['location']);
$minutes = makeSQLsafe($_POST['minutes']);
$student_array = array();
$d1 = date("d");
$m1 = date("m");
$y1 = date("Y");
$student_array = unserialize(urldecode($_POST['wbl_stud_array']));
$box_color_homeschool = $box_color_parent = $box_color_center = "blue";
$b_homeschool = $b_parent = $b_center = "";
$mesg = "";
foreach ($student_array as $student => $record) {
// $student=user_id
$userInfo = get_user_info($student);
$row = $userInfo->fetch_assoc();
$note = "";
if ($record['student'] != "") {
/** Insert into Local Storage for AIT */
if ($msg != "") {
$main .= make_box("ERROR", $msg, "red");
} else {
$sqlerrors = "";
foreach ($sqlCommands as $sql) {
$result = $db->query($sql);
if (!$result) {
$sqlerrors .= "There was a database error processing \"" . $sql . "\" :\"" . ${$db}->error . "\".<br>";
}
}
if ($sqlerrors != "") {
$main .= make_box("ERROR", $msg, "red");
}
$i = 1;
foreach ($toBeUpdated as $id => $info) {
$sql4 = "UPDATE categories set category_name='" . makeSQLsafe($info['name']) . "', category_weight=" . makeSQLsafe($info['weight']) . " ,category_ord=" . $i . " WHERE category_id=" . $id;
$result4 = $db->query($sql4);
$i++;
}
}
}
if (isset($_POST['delCat'])) {
list($cat_id, $cat_ord) = preg_split("/_/", $_POST['cat_id']);
$sql = "SELECT * from categories where class_id=" . $_SESSION[$_CONF['sess_name'] . '_selected_class'];
$result = $db->query($sql);
/**
New process: display all categories in inputs except selected one to delete.
Make that one RED and text only. Apply the validation on the remaining
including the submit button like in add / edit so the sum validates.
On submit, the really delete needs to remove the cat selected and update
others to reflect new %'s
$msg = '';
// used to email admin if an error.
$error = false;
/**
* NOTE: Teachers in multiple buildings still have the same email address. So,
* Look up the teachers based on email rather than TGUID, then look for them in the
* user2center table by user_id
*/
foreach ($smsTeachers as $email => $row) {
$BuildingID = $row['buildingID'];
$CID = $edCenters[$BuildingID]['center_id'];
$u_name = makeSQLsafe(trim($row['username']));
$first_name = makeSQLsafe(trim(ucfirst(strtolower($row['firstname']))));
$last_name = makeSQLsafe(trim(ucfirst(strtolower($row['lastname']))));
$email = makeSQLsafe(trim(strtolower($email)));
$passwd = md5(makeSQLsafe(trim($row['Password'])));
$user = array("u_name" => $u_name, "first_name" => $first_name, "last_name" => $last_name, "email" => $email, "passwd" => md5($row['password']), "school_id" => '33', "send_attend_email" => 'N', "weekly_progress" => 'N', "created_by" => '1');
if (!array_key_exists($email, $q3aitTeachers)) {
//print "Creating teacher {".$first_name." ".$last_name."} email {".$email."}<br>";//continue;
if ($user['school_id'] > 0) {
$message = createUser($user, 'isTeacher', $CID);
$user_id = $message['user_id'];
if ($message['error']) {
$error = true;
$msg .= "AN error was reported while trying to create user { " . $user['first_name'] . " " . $user['last_name'] . " }: " . $message['message'] . "<br>";
} else {
$q3aitTeachers[$email] = array("user_id" => $user_id, "first_name" => $first_name, "last_name" => $last_name, "email" => $email);
array_push($u2c, $user_id . $CID);
}
} else {
$error = true;
$sql = "SELECT course_id from message2course where message_id=" . $_POST['message_id'];
$result = $db->query($sql);
$courses = array();
if ($result) {
while ($row = $result->fetch_assoc()) {
array_push($courses, $row['course_id']);
}
}
$data['forCourses'] = $courses;
}
$main .= messageForm($data);
}
if (isset($_POST['update_message'])) {
$start = $_POST['startYear'] . "-" . $_POST['startMonth'] . "-" . $_POST['startDay'];
$end = $_POST['endYear'] . "-" . $_POST['endMonth'] . "-" . $_POST['endDay'];
$message = makeSQLsafe($_POST['message']);
$current_courses = array();
$future_courses = array();
$insert = array();
$remove = array();
while (list($var, $value) = each($_POST)) {
if (substr($var, 0, 4) == "cid_") {
array_push($future_courses, $value);
}
}
if ($_POST['message_id'] == -1) {
$sql = "INSERT into messages (user_id, level, start_date, end_date, message, center_id)\n\t\t\tVALUES(" . $_SESSION[$_CONF['sess_name'] . '_myUID'] . "," . $lev . ",'" . $start . "','" . $end . "','" . $message . "'," . $_SESSION[$_CONF['sess_name'] . '_myCenter'] . ")";
$result = $db->query($sql);
$sql = "SELECT LAST_INSERT_ID() as message_id";
$result = $db->query($sql);
$row = $result->fetch_assoc();
/** now save all HW assigns in the HW array etc... **/
array_push(${$row['category_name']}, $row);
}
$new_catID = 0;
$new_assignID = 0;
foreach ($cat_names_array as $cat) {
$cat_created = 0;
$cur_assign_name = "";
$cur_due_date = "";
$prev_assign_name = "";
$prev_due_date = "";
$queries .= "================== New Cat {" . $cat . "} =================<br>";
foreach (${$cat} as $sqlrow) {
$cur_assign_name = $sqlrow['assignment_name'];
$cur_due_date = $sqlrow['due_date'];
$com = makeSQLsafe($sqlrow['comment']);
$assign;
if (!$cat_created) {
/** have to do this here so I can get the ID number right after inserting it **/
$sql = "INSERT into categories(category_name, class_id, category_weight, category_ord)\n\t\t\t\t\t\t\tVALUES('" . $cat . "'," . $to_class . "," . $sqlrow['category_weight'] . "," . $sqlrow['category_ord'] . ")";
$queries .= $sql . "<br>";
$result = $db->query($sql);
/** retrieve the ID for the above created category **/
$s = $db->query("SELECT LAST_INSERT_ID() as id");
$r = $s->fetch_assoc();
$new_catID = $r['id'];
$cat_created = 1;
}
if ($cur_assign_name != $prev_assign_name || $cur_assign_name == $prev_assign_name && $cur_due_date != $prev_due_date) {
/** INSERT the assignment using the above created category **/
$sql = "INSERT into assignments (assignment_name, category_id,due_date, max_score, assignment_weight, assignment_note)\n\t\t\t\t\t\t\tVALUES('" . $sqlrow['assignment_name'] . "'," . $new_catID . ",'" . $sqlrow['due_date'] . "'," . $sqlrow['max_score'] . "," . $sqlrow['assignment_weight'] . ",'" . $sqlrow['assignment_note'] . "')";
/**
Send = put in save folder and create entry for students
OR select a file from my save folder and create entry for students
NOTE: The entry is simply a record in db for students Not actual file
Generate a list of students to choose from similar to student2class
**/
if (isset($_POST['deliver'])) {
/** for each $los[] crate a link in db **/
$t = "Delivering File";
$b = "";
$sql = "SELECT file_path, file_name, file_description from dropbox where id=" . $_POST['fid'];
$result = $db->query($sql);
$row = $result->fetch_assoc();
$file_path = makeSQLsafe($row['file_path']);
$file_name = makeSQLsafe($row['file_name']);
$file_description = makeSQLsafe($row['file_description']);
foreach ($_POST['los'] as $id => $uid) {
//$b .= "Sending to ".$uid."<br />";
$sql = "INSERT into dropbox (file_id, file_owner, file_recipient, file_path, file_name, file_description)\n\t\t\t\t\t\tValues(" . $_POST['fid'] . "," . $myID . "," . $uid . ",'" . $file_path . "','" . $file_name . "','" . $file_description . "')";
$result = $db->query($sql);
//$b .= $sql."<br />";
}
//$main .= make_box($t,$b);
} elseif (isset($_POST['select_students'])) {
/** display a list of students to send to **/
$b = "<center><form enctype=\"multipart/form-data\" action=index.php?lev=" . $_SESSION[$_CONF['sess_name'] . '_lev'] . "&cat=" . $_SESSION[$_CONF['sess_name'] . '_cat'] . " method=\"post\">";
$b .= "Now select the recipients.<br />";
$result = get_students_for_teacher($myID);
$values = array("first_name", "last_name");
$key = "user_id";
$los = make_array_from_mysql($result, $key, $values, " ");
<?php
if (isset($_POST['update_secret_questions'])) {
if ($_POST['secret_question1'] > 0 && $_POST['secret_question2'] > 0) {
$sql = "UPDATE users set secret_question1 = " . makeSQLsafe($_POST['secret_question1']) . ",\n\t\t\t\t\t\tsecret_answer1 = '" . makeSQLsafe($_POST['secret_answer1']) . "',\n\t\t\t\t\t\tsecret_question2 = " . makeSQLsafe($_POST['secret_question2']) . ",\n\t\t\t\t\t\tsecret_answer2 = '" . makeSQLsafe($_POST['secret_answer2']) . "'\n\t\t\t\t\twhere u_name = '" . $_SESSION[$_CONF['sess_name'] . '_username'] . "'";
//print $sql;
$result = $db->query($sql);
$_SESSION[$_CONF['sess_name'] . '_secretQuestion1'] = $_POST['secret_question1'];
$_SESSION[$_CONF['sess_name'] . '_secretQuestion2'] = $_POST['secret_question2'];
$_SESSION[$_CONF['sess_name'] . '_secretAnswer1'] = $_POST['secret_answer1'];
$_SESSION[$_CONF['sess_name'] . '_secretAnswer2'] = $_POST['secret_answer2'];
$_SESSION[$_CONF['sess_name'] . '_hasSecretQuestions'] = true;
$t = "Message...";
$b = "<br />The user database has been updated.\n\t\t\t<FORM action=" . $_SERVER['PHP_SELF'] . "?lev=" . $_POST['from'] . "&cat=pref method=post>\n\t\t\t<CENTER>\n\t\t\t<input type=submit class=submit name=submit value=OK>\n\t\t\t</CENTER>\n\t\t\t</FORM>";
$main .= make_box($t, $b);
} else {
$t = "ERROR...";
$b = "You did not select 2 questions.<br />Please press your browsers back button and fix the error.";
$main .= make_box($t, $b, "red");
}
} else {
if (isset($_GET['cat'])) {
$t = "Set Secret Questions...";
$msg = "";
} else {
$t = "IMPORTANT Message...";
$msg = "You have reached this screen because you have not set your secret questions and answers. These will be used in case you forget your password. In the event that you do forget your password, you will be able to reset it using the answers to your secret questions.<br /><br />";
}
// if first time user, then we need to set $from here...
if ($_SESSION[$_CONF['sess_name'] . '_isStudent']) {
$from = "stud";
/** the following is because the double quotes screw with the tooltip. use single quotes only... **/
$value = str_replace("\"", "'", $value);
$sql = "UPDATE grades set comment='" . makeSQLsafe($value) . "'\n\t\t\t\t\t\tWHERE assignment_id=" . $assign . " AND student_id=" . $stud;
$result = $db->query($sql);
}
if (substr($var, 0, 12) == "lockedGrade_") {
list($j, $stud) = preg_split("/_/", $var);
/**
* Deal with the locked grade now, test to see if $value is empty
* $stud = student_id
* $classID = class_id
* $value = lockedGrade
*
*/
if (!empty($value)) {
$lockedGrade = makeSQLsafe($value);
$sql = "\n INSERT into lockedGrades (student_id, class_id, lockedGrade)\n VALUES(" . $stud . "," . $classID . ",'" . $lockedGrade . "')\n ON DUPLICATE KEY UPDATE\n lockedGrade='" . $lockedGrade . "'";
$db->query($sql);
} else {
// remove from db
$sql = "DELETE from lockedGrades where student_id = " . $stud . " AND class_id = " . $classID;
$db->query($sql);
}
}
}
}
$order_by = $_SESSION[$_CONF['sess_name'] . '_gradebook_sortBy'];
$bc = "blue";
$t = "Gradebook - Class Selection";
$b = "<FORM action=index.php?lev=" . $_SESSION[$_CONF['sess_name'] . '_lev'] . "&cat=" . $_SESSION[$_CONF['sess_name'] . '_cat'] . " method=POST id=\"classes\">\n\t\t\t<center>" . get_teacher_class_list($_SESSION[$_CONF['sess_name'] . '_myUID'], $classID, 'class_id', "classes") . "\n <br />\n Sort Assignments by : \n <select name=gradebook_sortBy onChange=document.forms['classes'].submit();>\n <option value=\"assignments.due_date desc\"";
if ($_SESSION[$_CONF['sess_name'] . '_gradebook_sortBy'] == "assignments.due_date desc") {
$course = array('teacher_id' => '', 'course_name' => '', 'school_year_id' => '', 'isCore' => '', 'ed_center' => '', 'SectionID' => '');
foreach ($smsCourses as $SectionID => $courseInfo) {
if ($courseInfo['TakesAttendance'] != 1) {
continue;
}
$teacher_id = $q3aitTeachers[$smsTeachers[$courseInfo['username']]['email']]['user_id'];
if (!$teacher_id) {
continue;
}
$teacher_fname = $q3aitTeachers[$smsTeachers[$courseInfo['username']]['email']]['first_name'];
$teacher_lname = $q3aitTeachers[$smsTeachers[$courseInfo['username']]['email']]['last_name'];
if ($SectionID != '' && $courseInfo['username'] != '' && $courseInfo['BuildingID'] != '') {
if (!array_key_exists($SectionID, $q3aitCourses)) {
$course = array('teacher_id' => $teacher_id, 'course_name' => $courseInfo['tsn'], 'school_year_id' => array_search($courseInfo['SchoolYear'], $schoolYears), 'isCore' => $courseInfo['TakesAttendance'], 'ed_center' => $edCenters[$courseInfo['BuildingID']]['center_id'], 'SectionID' => $courseInfo['SectionID']);
foreach ($course as &$cell) {
$cell = makeSQLsafe(trim($cell));
}
if ($course['teacher_id'] != '' && array_key_exists($smsTeachers[$courseInfo['username']]['email'], $q3aitTeachers)) {
//print "Creating course {".$courseInfo['tsn']."} for teacher {".$teacher_fname." ".$teacher_lname."} in building {".$courseInfo['BuildingID']."}<br>";
//continue;
$msg = createCourse($course);
if ($msg['error']) {
$error = true;
$msg .= "There was an error creating course {" . $courseInfo['tsn'] . "}<br>" . $msg['message'] . "<br>";
}
}
} else {
//print "Course {".$courseInfo['tsn']."} with CourseID{".$courseInfo['SectionID']."} already exists in Q3<br>";
}
}
}
