}
}
unset($_REQUEST['day_staff']);
unset($_REQUEST['month_staff']);
unset($_REQUEST['year_staff']);
if ($_REQUEST['staff']['SCHOOLS']) {
foreach ($_REQUEST['staff']['SCHOOLS'] as $school_id => $yes) {
$schools .= ',' . $school_id;
}
$_REQUEST['staff']['SCHOOLS'] = $schools . ',';
}
/* else
$_REQUEST['staff']['SCHOOLS'] = $_POST['staff'] = '';*/
if (count($_POST['staff']) && (User('PROFILE') == 'admin' || basename($_SERVER['PHP_SELF']) == 'index.php')) {
//modif Francois: Moodle integrator / password
if (!MoodlePasswordCheck($_REQUEST['staff']['PASSWORD'])) {
BackPrompt(_('Please enter a valid password'));
}
if (UserStaffID() && $_REQUEST['staff_id'] != 'new') {
$profile_RET = DBGet(DBQuery("SELECT PROFILE,PROFILE_ID,USERNAME FROM STAFF WHERE STAFF_ID='" . UserStaffID() . "'"));
if (isset($_REQUEST['staff']['PROFILE']) && $_REQUEST['staff']['PROFILE'] != $profile_RET[1]['PROFILE_ID']) {
if ($_REQUEST['staff']['PROFILE'] == 'admin') {
$_REQUEST['staff']['PROFILE_ID'] = '1';
} elseif ($_REQUEST['staff']['PROFILE'] == 'teacher') {
$_REQUEST['staff']['PROFILE_ID'] = '2';
} elseif ($_REQUEST['staff']['PROFILE'] == 'parent') {
$_REQUEST['staff']['PROFILE_ID'] = '3';
}
}
if ($_REQUEST['staff']['PROFILE_ID']) {
DBQuery("DELETE FROM STAFF_EXCEPTIONS WHERE USER_ID='" . UserStaffID() . "'");
<?php
DrawHeader(ProgramTitle());
if ($_REQUEST['values'] && $_POST['values']) {
if ($_REQUEST['tab'] == 'password') {
$current_password = str_replace("''", "'", $_REQUEST['values']['current']);
$new_password = str_replace("''", "'", $_REQUEST['values']['new']);
$verifiy_password = str_replace("''", "'", $_REQUEST['values']['verify']);
if (mb_strtolower($new_password) != mb_strtolower($verifiy_password)) {
$error = _('Your new passwords did not match.');
} elseif (!MoodlePasswordCheck($new_password)) {
$error = _('Please enter a valid password');
} else {
//modif Francois: enable password change for students
if (User('PROFILE') == 'student') {
$password_RET = DBGet(DBQuery("SELECT PASSWORD FROM STUDENTS WHERE STUDENT_ID='" . UserStudentID() . "'"));
} else {
$password_RET = DBGet(DBQuery("SELECT PASSWORD FROM STAFF WHERE STAFF_ID='" . User('STAFF_ID') . "' AND SYEAR='" . UserSyear() . "'"));
}
//modif Francois: add password encryption
// if(mb_strtolower($password_RET[1]['PASSWORD'])!=mb_strtolower($current_password))
if (!match_password($password_RET[1]['PASSWORD'], $current_password)) {
$error = _('Your current password was incorrect.');
} else {
// DBQuery("UPDATE STAFF SET PASSWORD='******' WHERE STAFF_ID='".User('STAFF_ID')."' AND SYEAR='".UserSyear()."'");
if (User('PROFILE') == 'student') {
DBQuery("UPDATE STUDENTS SET PASSWORD='******' WHERE STUDENT_ID='" . UserStudentID() . "'");
} else {
DBQuery("UPDATE STAFF SET PASSWORD='******' WHERE STAFF_ID='" . User('STAFF_ID') . "' AND SYEAR='" . UserSyear() . "'");
}
$note = _('Your new password was saved.');
}
}
}
}
unset($_REQUEST['day_students']);
unset($_REQUEST['month_students']);
unset($_REQUEST['year_students']);
if ((count($_REQUEST['students']) || count($_REQUEST['values'])) && AllowEdit()) {
//modif Francois: Moodle integrator / password
if ($_REQUEST['moodle_create_student'] && !MoodlePasswordCheck($_REQUEST['students']['PASSWORD'])) {
BackPrompt(_('Please enter a valid password'));
}
if (UserStudentID() && $_REQUEST['student_id'] != 'new') {
//modif Francois: Moodle integrator / password
$old_student_in_moodle = DBGet(DBQuery("SELECT 1 FROM moodlexrosario WHERE rosario_id='" . $_REQUEST['student_id'] . "' AND \"column\"='student_id'"));
if ($old_student_in_moodle && !empty($_REQUEST['students']['PASSWORD']) && !MoodlePasswordCheck($_REQUEST['students']['PASSWORD'])) {
BackPrompt(_('Please enter a valid password'));
}
if (count($_REQUEST['students'])) {
$sql = "UPDATE STUDENTS SET ";
foreach ($_REQUEST['students'] as $column => $value) {
if ($column == 'USERNAME' && $value) {
if (DBGet(DBQuery("SELECT STUDENT_ID FROM STUDENTS WHERE USERNAME='******' AND STUDENT_ID<>'" . UserStudentID() . "'"))) {
$value = '';
}
}
if (!is_array($value)) {
//modif Francois: add password encryption
if ($column !== 'PASSWORD') {
$sql .= "{$column}='" . str_replace(''', "''", $value) . "',";
}