<?php
//Authors: Joseph Smith and Christopher Bowen
session_start();
//Start the session
if (!isset($_SESSION['name'])) {
header("location:login.php?msg=You must log in to access this page.");
} else {
header('Content-Type: text/html; charset=utf-8');
}
// Query the database for the current user's priveleges
// Store the user type for later use
$db = new SQLITE3('SQLiteDB/OfficeLayout.db', SQLITE3_OPEN_READONLY);
$query = 'SELECT userType FROM User Where Username=:username';
$statement = $db->prepare($query);
$statement->bindParam(':username', $_SESSION['name'], SQLITE3_TEXT);
$result = $statement->execute();
if (!$result) {
$statement->close();
$db->close();
die('Query could not be executed.');
}
$row = $result->fetchArray(SQLITE3_ASSOC);
$result->finalize();
$statement->close();
$db->close();
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?php
session_start();
require 'php/get_messages.php';
require 'php/auth.php';
require 'conf.php';
$speaker = SQLITE3::escapeString($_GET['username']);
$value = SQLITE3::escapeString($_GET['eval']);
$type = SQLITE3::escapeString($_GET['type']);
$sqlcheck = "select count(*) from speakers where teacher='{$name}' and username='******'";
if ($type == 'phones') {
$field = 'phones_evaluation';
} elseif ($type == 'fluency') {
$field = 'fluency_evaluation';
}
if (isset($field)) {
if ($db->querySingle($sqlcheck) == 1) {
$sqlcommand = "update speakers set {$field}='{$value}' where username='******';";
$success = $db->exec($sqlcommand);
if ($success) {
echo "ok!";
} else {
echo "Not good.";
}
} else {
echo "Houston, we have an id problem...";
}
} else {
echo "F**k off, joker.";
}
// Search by phone number or extension
case 'phone':
$query_text .= " Phone LIKE '%" . $search_text . "%'";
break;
// Search by first or last name
// Search by first or last name
case 'name':
default:
$query_text .= " FirstName LIKE '%" . $search_text . "%'" . " OR LastName LIKE '%" . $search_text . "%'";
break;
}
}
return $query_text;
}
// Open the SQLite database
$db = new SQLITE3('SQLiteDB/OfficeLayout.db', SQLITE3_OPEN_READONLY);
if (!$db) {
die('Database could not be accessed.');
}
// Grab the variables that were posted through AJAX.
$search_text = $_REQUEST['search_text'];
$filter = $_REQUEST['filter'];
// Initial SELECT query string without any filtering. This will be concatenated
// with filtering constraints if the user has selected any.
$query_text = "SELECT EmployeeID, CubicleNumber, FirstName, LastName, DeptName, Email, Phone FROM Personnel WHERE";
// Split the text in the search boxes by commas.
// This is in case the user wishes to search for multiple items.
$exploded_string = explode(",", $search_text);
for ($i = 0; $i < count($exploded_string); $i++) {
$query_text = generate_query($query_text, $db->escapeString($exploded_string[$i]), $filter);
if ($i < count($exploded_string) - 1) {