{ $comments = portal_get_activity_comments($diy_id, $member_id); if (count($comments) > 0) { return $comments[0]; } else { return $comments; } } if ($_SESSION['is_logged_in'] != 'yes' || !$_SESSION['portal']['taking_course']) { mystery_redirect('/'); } switch ($_PORTAL['activity']) { case 'details': $diy_id = @$_PORTAL['action']; if ($diy_id == '') { mystery_redirect('/course/'); } if (isset($_PORTAL['params']['process'])) { $query = 'DELETE FROM portal_comments_ratings WHERE comment_diy_identifier = ? AND comment_author = ?'; $params = array($diy_id, $_SESSION['portal']['member_id']); $status = mystery_delete_query($query, $params, 'portal_dbh'); if (!isset($_REQUEST['comment_delete'])) { $data = array(); $data['comment_author'] = $_SESSION['portal']['member_id']; $data['comment_diy_identifier'] = $diy_id; $data['comment_title'] = $_REQUEST['comment_title']; $data['comment_body'] = $_REQUEST['comment_body']; //$data['comment_rating'] = $_REQUEST['comment_rating']; $data['creation_date'] = date('Y-m-d H:i:s'); $comment_id = mystery_insert_query('portal_comments_ratings', $data, 'comment_id', 'portal_dbh'); echo '<p style="color: #009900;"><em>Comment saved!</em></p>';
$id_param = $_PORTAL['action']; $page_title = 'Copy a class'; $class_info = portal_get_class_info($id_param); $class_info['class_name'] = $class_info['class_name'] . ' Copy'; @($class_info['class_word'] = ''); break; case 'add': $id_param = 'new'; $page_title = 'Add a class'; $class_info = array(); $class_info['activities'] = array(); $class_info['diy_activities'] = array(); break; } if ($_SESSION['portal']['member_type'] != 'superuser' && $_SESSION['portal']['member_type'] != 'admin' && $_SESSION['portal']['member_type'] != 'teacher') { mystery_redirect('/'); exit; } // FIXME - Add a check here to see if this is the class teacher if the role is a teacher if (isset($_PORTAL['params']['process'])) { $data = array(); $data['class_name'] = $_REQUEST['class_name']; $data['class_teacher'] = $_SESSION['portal']['member_id']; //mystery_print_r($_REQUEST, $_PORTAL, $data); exit; // check the class word $class_word_in_use = 'no'; $class_using_word = portal_check_class_word($_REQUEST['class_word']); if ($class_using_word != $id_param && $class_using_word != false) { $class_word_in_use = 'yes'; } if ($_REQUEST['class_word'] != '' && $class_word_in_use == 'no') {
if ($_PORTAL['action'] == 'process') { $data = array(); $data['school_name'] = $_REQUEST['school_name']; $data['school_address_1'] = $_REQUEST['school_address_1']; $data['school_address_2'] = $_REQUEST['school_address_2']; $data['school_city'] = $_REQUEST['school_city']; $data['school_state'] = $_REQUEST['school_state']; $data['school_zip'] = $_REQUEST['school_zip']; $data['school_country'] = $_REQUEST['school_country']; $status = mystery_update_query('portal_schools', $data, 'school_id', $_SESSION['portal']['member_school'], 'portal_dbh'); if ($status == 0) { $errors = array('Could not update school information'); echo portal_generate_error_page($errors); } else { // redirect back to the admin page mystery_redirect('/admin/'); exit; } } else { $school_info = portal_get_school_info($_SESSION['portal']['member_school']); $state_list = portal_generate_db_form_list('school_state', @$school_info['school_state'], 'mystery4.mystery_states', 'state_abbr', 'state_name', 'list', '', '', array(), array('<option value=""></option>'), 35); $country_list = portal_generate_db_form_list('school_country', $school_info['district_school'], 'mystery4.mystery_countries', 'country_name', 'country_name', 'list', '', '', array(), array('<option value=""></option>'), 50); $school_info = portal_web_output_filter($school_info); echo ' <form action="/school/edit/process/" method="post"> <h1>Edit School</h1> <p><label for="school-name">School Name</label> <input type="text" name="school_name" id="school-name" value="' . @$school_info['school_name'] . '" size="35"></p> <p><label for="school-address-1">Address 1</label> <input type="text" name="school_address_1" id="school-address-1" value="' . @$school_info['school_address_1'] . '" size="35"></p>
// check to see if the selected member is in the member's class $taught_classes = portal_get_teacher_classes($_SESSION['portal']['member_id']); if (array_intersect($taught_classes, $member_info['classes']['student'])) { $selected_member_is_members_student = 'yes'; } } if ($_SESSION['portal']['member_type'] != 'superuser' && $_SESSION['portal']['member_type'] != 'admin' && $selected_member_is_members_student != 'yes') { mystery_redirect('/'); exit; } if (isset($_PORTAL['params']['process'])) { if ($member_id == $_SESSION['portal']['member_id']) { $errors = array('Sorry you cannot delete your own account.'); echo portal_generate_error_page($errors); } else { portal_delete_member($_PORTAL['action']); mystery_redirect($return_page); exit; } } else { // FIXME - Maybe add in details on the class to be deleted here echo ' <form action="/member/delete/' . $member_id . '/process/" method="post"> <h1>Delete a member?</h1> <p>Are you <strong>absolutely sure</strong> that you want to delete the member <strong>' . $member_info['member_first_name'] . ' ' . $member_info['member_last_name'] . '</strong>? There is no undo available.</p> <p><input type="button" value="No" onclick="history.back();"> <input type="submit" value="Yes"></p> </form> '; }
$lastloc = preg_replace('~/process/$~', '/', $lastloc); } if (@$_SESSION['is_logged_in'] == 'yes') { mystery_redirect('/'); exit; } // attempt a login and redirect if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) { if (mystery_auth($_REQUEST['username'], $_REQUEST['password'])) { if (!isset($_COOKIE['cookietest'])) { // they know their username and password but since they do not // have cookies enabled, they won't be able to use the site $login_failed = 'yes'; $login_failure_reason = 'cookie'; } else { mystery_redirect($lastloc); } } else { $login_failed = 'yes'; } } // destroy any existing sessions mystery_setup_default_session(); // display alert messages if necessary if ($login_failed == 'yes') { if ($login_failure_reason == 'cookie') { $alert = '<p class="error-message"><strong>There was a problem signing in.</strong><br> It appears that you do not have cookies enabled. You must enable cookies in order to use this site.</p>'; } else { $alert = '<p class="error-message"><strong>There was a problem signing in.</strong><br>
mystery_display_user_feedback('You have successfully logged out.'); } // Process the authentication for the user. If not logged in, it will display the login box mystery_process_authentication(); // Load the configuration for this table, if applicable if ($_REQUEST['table'] != 'none') { mystery_get_table_configuration($_REQUEST['table']); } // FIX if (isset($_REQUEST['ss'])) { mystery_print_r($_SESSION); } // Determine which action the user is looking for switch ($_REQUEST['action']) { case 'redirect': mystery_redirect($_REQUEST['location']); break; case 'help': mystery_header(); mystery_display_help(); mystery_footer(); break; case 'documentation': mystery_header(); mystery_display_documentation(); mystery_footer(); break; case 'user_info': mystery_header(); mystery_display_user_info_form(); mystery_footer();
<?php // now get rid of the session session_destroy(); mystery_setup_default_session(); session_regenerate_id(); // get rid of any diy session mystery_cookie($portal_config['diy_session_name'], ''); mystery_redirect('/signin/?signout');
case 'report': $teacher_name = urlencode(base64_decode(rawurldecode($_PORTAL['params']['teacher']))); $class_name = urlencode(base64_decode(rawurldecode($_PORTAL['params']['class']))); $activity_name = urlencode(base64_decode(rawurldecode($_PORTAL['params']['activity']))); $member_list = urlencode(base64_decode(rawurldecode($_PORTAL['params']['members']))); $class_identifier = urlencode(base64_decode(rawurldecode($_PORTAL['params']['uuid']))); $url = 'http://' . $portal_config['diy_server'] . $portal_config['diy_server_path'] . '/reports/' . $diy_id . '/sail_jnlp?users=' . $member_list . '&system.report.class.name=' . $class_name . '&system.report.teacher.name=' . $teacher_name . '&system.report.activity.name=' . $activity_name . '&group_id=' . $class_identifier . '&group_list=' . urlencode($class_members); // . '&group_list_url=' . $class_list_url; break; case 'run': $url = 'http://' . $portal_config['diy_server'] . $portal_config['diy_server_path'] . '/' . $portal_config['diy_activities_name'] . '/' . $diy_id . '/sail_jnlp/' . $member_interface_path . '?group_id=' . $class_identifier . '&system.report.class.name=' . urlencode($class_name) . '&group_list=' . urlencode($class_members); // . '&group_list_url=' . $class_list_url ; break; case 'show': $url = 'http://' . $portal_config['diy_server'] . $portal_config['diy_server_path'] . '/' . $portal_config['diy_activities_name'] . '/' . $diy_id; break; case 'usage': $url = 'http://' . $portal_config['diy_server'] . $portal_config['diy_server_path'] . '/' . $portal_config['diy_activities_name'] . '/' . $diy_id . '/usage'; break; case 'work': $class_info = portal_get_class_info_by_student($student_id); $class_members = implode(',', portal_get_class_students_diy_ids($class_info['class_id'])); $class_identifier = $class_info['class_uuid']; $class_name = $class_info['class_name']; $class_id_prefix = strlen($reporting_param) == 0 ? '?group_id=' : '&group_id='; $url = 'http://' . $portal_config['diy_server'] . $portal_config['diy_server_path'] . '/' . $portal_config['diy_activities_name'] . '/' . $diy_id . '/sail_jnlp/' . $student_interface_path . '/view' . $reporting_param . $class_id_prefix . $class_identifier . '&system.report.class.name=' . urlencode($class_name) . '&group_list=' . urlencode($class_members); // . '&group_list_url=' . $class_list_url; break; } mystery_redirect($url); exit;