<link rel="icon" type="image/ico" href="images/favicon.ico" /> </head> <body> <a href="./"><img src="images/campusreconnectionlogo.png" style="border:0px;" alt="Campus Reconnection" /></a> <div id="pagediv"> <?php require "library/system.php"; //With this it won't log us out when traversing through pages. if (!isset($_SESSION["crlogin"])) { $_SESSION["crlogin"] = false; } $error = ""; //This string is displayed to the user upon f**k ups. if ($_SERVER["REQUEST_METHOD"] == "POST" && $_SESSION["crlogin"] == false) { $username = strtolower(fixInput($_POST["username"])); $password = fixInput($_POST["password"]); $row = dbGetFirst("SELECT * FROM tbluser WHERE strEID = ?", "s", $username); if ($password != "" && $password == $row[2]) { $_SESSION["crlogin"] = true; $_SESSION["cruser"] = $username; $row = dbGetFirst("SELECT strFirstName, strLastName FROM tblStudent WHERE strStudentEID = ?", "s", $username); $_SESSION["crname"] = $row[0] . " " . $row[1]; $row = dbGetFirst("SELECT vntImage FROM tblPictureID WHERE strOwner = ?", "s", $username); $_SESSION["crphototb"] = $row[0] . ".jpg"; } else { $_SESSION["crlogin"] = false; $error = "*Incorrect user and password combination!"; } } if ($_SESSION["crlogin"] == true) { header("Location:/index.php");
//else echo $result; } else { echo "That student already exists!"; } break; case "course": // Fix response data. Replace empty strings with "null". $deptCode = fixInput($_POST["dept"]); $courseId = $deptCode . fixInput($_POST["courseId"]); $courseName = fixInput($_POST["courseName"]); $genEdCat = fixInput($_POST["genEdCat"]) == "" ? null : fixInput($_POST["genEdCat"]); $preReq = fixInput($_POST["preReq"]) == "" ? null : fixInput($_POST["preReq"]); $coReq = fixInput($_POST["coReq"]) == "" ? null : fixInput($_POST["coReq"]); $credits = fixInput($_POST["credits"]); $fee = fixInput($_POST["fee"]); $courseDesc = fixInput($_POST["courseDesc"]) == "" ? null : fixInput($_POST["courseDesc"]); // Check if record already exists $sql = "SELECT strCourseID FROM tblCourse WHERE strCourseID = ?"; if (!dbGetExists($sql, "s", $courseId)) { // Record does not exist - add it! $sql = "INSERT INTO tblCourse VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)"; $result = dbPush($sql, "ssssssids", $courseId, $courseName, $deptCode, $genEdCat, $preReq, $coReq, $credits, $fee, $courseDesc); if ($result) { echo "Course '" . $courseName . "' added successfully!"; } //else echo $result; } else { echo "That course ID already exists!"; } break; default: