$_SESSION['faculty'] = $_SESSION['uName'];
}
if (!sessionCheck('level', 'faculty') && !empty($_GET['faculty'])) {
$_SESSION['faculty'] = $_GET['faculty'];
}
if (valueCheck('action', 'add')) {
rangeCheck('cName', 6, 100);
if (empty($_POST["allowConflict"])) {
$_POST["allowConflict"] = 0;
}
try {
$query = $db->prepare('INSERT INTO courses(course_Id,course_name,fac_id,allow_conflict) values (?,?,?,?)');
$query->execute([$cId, $_POST['cName'], $_SESSION['faculty'], $_POST["allowConflict"]]);
$query = $db->prepare('INSERT INTO allowed(course_Id,batch_name,batch_dept) values (?,?,?)');
foreach ($_POST['batch'] as $batch) {
$batch = explode(" : ", $batch);
$query->execute([$cId, $batch[0], $batch[1]]);
}
postResponse("addOpt", "Course Added", [$_POST['cName'], $cId]);
} catch (PDOException $e) {
if ($e->errorInfo[0] == 23000) {
postResponse("error", "Course ID already exists");
} else {
postResponse("error", $e->errorInfo[2]);
}
}
} elseif (valueCheck('action', 'delete')) {
$query = $db->prepare('DELETE FROM courses where course_id =? and fac_id =?');
$query->execute([$_POST['cId'], $_SESSION['faculty']]);
postResponse("removeOpt", "Course deleted");
}
$(this).removeClass('blue').addClass('disabled');
if(!$("input[name="+ this.id +"]")[0])
$("#disabledSlots").append($('<input type="hidden" name="' + this.id + '" value="active">'));
$("input[name="+ this.id +"]").val('disabled');
})
$("#timetable").on("click", ".cell.disabled", function()
{
changes = true;
$(this).removeClass('disabled').addClass('blue');
$("input[name="+ this.id +"]").val('active');
})
$("#snapshot").change(function(){
$("#filename").val(this.value);
})
<?php
if (valueCheck('status', 'restoreComplete')) {
?>
var msg=$('<div class="blocktext info" style="display:none;margin-top:10px;"><b>✔ </b> Database restored, please logout and login again.</div>');
$("#content").prepend(msg);
msg.show(400,function(){
setTimeout(function(){
msg.hide(400);
},5000)
})
<?php
}
?>
var changes = false;
window.onbeforeunload = function(e) {
message = "There are unsaved changes in the timetable, are you sure you want to navigate away without saving them?.";
if(changes)
}
}
if ($newAdmin) {
changeUserLevel($uName, 'dean');
$_SESSION['logged_in'] = true;
$_SESSION['uName'] = $uName;
$_SESSION['level'] = "dean";
$_SESSION['fName'] = $_POST['fullName'];
$_SESSION['dept'] = $dept_code;
postResponse("redirect", $_SESSION['level'] . ".php");
}
}
if (!empty($_POST['level'])) {
changeUserLevel($uName, $_POST['level']);
}
if (valueCheck('action', 'changeLevel')) {
postResponse("updateOpt", "Level Changed");
} else {
postResponse("addOpt", "Faculty Added", [$_POST["fullName"], $uName]);
}
}
/**
* changeUserLevel()
*
* Add or remove $user to the admin table with the given $level
*/
function changeUserLevel($user, $level)
{
global $db;
try {
$query = $db->prepare('UPDATE faculty SET level = ? where uName = ?');
function buildSQL($tableName, $columnNames)
{
$whereClause = array();
$numericTypes = array('INTEGER', 'INT', 'SMALLINT', 'TINYINT', 'MEDIUMINT', 'BIGINT', 'DECIMAL', 'NUMERIC', 'FLOAT', 'DOUBLE', 'BIT', 'DATE', 'DATETIME', 'TIMESTAMP');
foreach ($columnNames as $columnName => $columnData) {
switch ($this->searchOptions) {
case 1:
$wordList = explode(" ", $this->searchPattern);
$temp = array();
foreach ($wordList as $words) {
$includeNumeric = valueCheck($words, $columnData);
if ($includeNumeric == TRUE || !in_array(strtoupper($columnData['type']), $numericTypes)) {
$temp[] = $columnName . " LIKE '%" . $words . "%'";
}
}
if (!empty($temp)) {
$wordList = implode(" OR ", $temp);
$whereClause[] = '(' . $wordList . ')';
}
break;
case 2:
$wordList = explode(" ", $this->searchPattern);
$temp = array();
foreach ($wordList as $words) {
$includeNumeric = valueCheck($words, $columnData);
if ($includeNumeric == TRUE || !in_array(strtoupper($columnData['type']), $numericTypes)) {
$temp[] = $columnName . " LIKE '%" . $words . "%'";
}
}
if (!empty($temp)) {
$wordList = implode(" AND ", $temp);
$whereClause[] = '(' . $wordList . ')';
}
break;
case 3:
if (stristr($this->searchPattern, "%") !== FALSE) {
$operator = "LIKE";
} else {
$operator = "=";
}
$includeNumeric = $this->valueCheck($this->searchPattern, $columnData);
if ($includeNumeric == TRUE || !in_array(strtoupper($columnData['type']), $numericTypes)) {
$whereClause[] = $columnName . " {$operator} '" . $this->searchPattern . "'";
}
break;
}
}
$where = implode(" OR ", $whereClause);
$sql = array();
if (!empty($where)) {
$sql['run'] = "SELECT count(*) rc FROM {$tableName} WHERE {$where}";
$sql['show'] = "SELECT * FROM {$tableName} WHERE {$where}";
}
return $sql;
}
<?php
if (empty($department)) {
$deptFilter = '';
}
$query = $db->prepare('SELECT * FROM faculty ' . $deptFilter);
$query->execute([$department]);
foreach ($query->fetchall() as $fac) {
echo "<option value=\"{$fac['uName']}\">{$fac['fac_name']}</option>";
}
?>
</select>
<?php
}
?>
<?php
if (!valueCheck('print', true) || isset($_GET['batch'])) {
?>
<span class="inline" style="vertical-align: middle;padding:10px 0 0 10px">Batch: </span>
<select id="batch" name="batch" data-placeholder="Choose Batch...">
<option label="Choose Batch..."></option>
<?php
foreach ($db->query('SELECT * FROM batches') as $batch) {
echo "<option value=\"{$batch['batch_name']} : {$batch['batch_dept']}\">{$batch['batch_name']} : {$batch['batch_dept']} ({$batch['size']})</option>";
}
?>
</select>
<?php
}
?>
</div>
</form>
<option label="Choose Department..."></option>
<?php
foreach ($db->query('SELECT * FROM depts') as $dept) {
echo "<option value=\"{$dept['dept_code']}\">{$dept['dept_name']} ({$dept['dept_code']})</option>";
}
?>
</select>
<div class="blocktext info"></div>
<div class="center button">
<button>Delete</button>
</div>
</form>
</div>
</div>
<?php
} elseif (valueCheck('action', 'batches')) {
?>
<div class="box">
<div class="boxbg"></div>
<div class="information"><div class="icon add"></div></div>
<div class="title">Add Batch</div>
<div class="elements">
<form method="post" action="batches.php?action=add">
<input type="text" name="batch_name" class="styled uInfo" required pattern="[^:]{2,30}" title="2 to 30 alphanumeric characters" placeholder="Batch Name" />
<select name="dept" class="stretch" data-placeholder="Choose Department..." required>
<option label="Choose Department..."></option>
<?php
foreach ($db->query('SELECT * FROM depts') as $dept) {
echo "<option value=\"{$dept['dept_code']}\">{$dept['dept_name']} ({$dept['dept_code']})</option>";
}
?>
echo "<option value=\"{$timetable['table_name']}\">{$timetable['table_name']}{$active}</option>";
}
?>
</select>
</div>
<div id="timetable" class="table"></div>
<form id="courseAlloc" action="allocate.php?action=saveSlots">
<?php
$query = $db->prepare('SELECT * FROM slot_allocs where table_name=? AND course_id IN (SELECT course_id FROM courses where fac_id=?)');
$query->execute([$current['table_name'], $_SESSION['faculty']]);
while ($slot = $query->fetch()) {
echo '<input type="hidden" name="' . $slot['day'] . '_' . $slot['slot_num'] . '" value="' . $slot['course_id'] . ':' . $slot['room'] . '" >';
}
?>
<?php
if (valueCheck("error", "conflict")) {
?>
<div class="blocktext info error">
<b>✖ </b> Another faculty has just allocated one of the slots. Please try again
</div>
<?php
} else {
?>
<div class="blocktext info">
</div>
<?php
}
?>
<div class="center">
<button>Save</button>
</div>
<?php
/**
* Back end routines to generate/restore backups, invoked by dean.php
* @author Avin E.M; Kunal Dahiya
*/
require_once 'functions.php';
if (!sessionCheck('level', 'dean')) {
die;
}
require_once 'connect_db.php';
if (valueCheck('action', 'backup')) {
header('Content-type: text/plain');
header('Content-Disposition: attachment; filename=backup_' . date("H-i_d-m-Y") . '.sql');
passthru("mysqldump --user={$config['db_user']} --password={$config['db_pswd']} --host={$config['db_host']} {$config['db_name']}");
} else {
$snapshot = $_FILES['snapshot']['tmp_name'];
try {
$db->exec(file_get_contents($snapshot));
unlink($snapshot);
header("Location: dean.php?status=restoreComplete");
} catch (PDOException $e) {
postResponse("error", $e->errorInfo[2]);
}
}
