function add_new_class($p_class, $p_letter, $p_school_year_id, $p_teacher_id)
{
$retArray = array('isError' => false);
//check if class alresy exists
$sql = "SELECT class_id FROM classes WHERE class=%n AND letter='%s' AND school_year_id=%n";
$res = db_query($sql, $p_class, $p_letter, $p_school_year_id);
$row = mysql_fetch_row($res);
if ($row) {
$retArray['isError'] = true;
$retArray['errorText'] = 'Класс с такимим параметрами уже существует.';
} else {
$sql = "INSERT INTO classes (class, letter, school_year_id, teacher_id) VALUES(%n,'%s',%n,%n)";
$res = db_query($sql, $p_class, $p_letter, $p_school_year_id, $p_teacher_id);
if (!res) {
$retArray['isError'] = true;
$retArray['errorText'] = "INSERT MySQL error " . mysql_errno() . ": " . mysql_error();
} else {
$retArray['newClassId'] = db_get_insert_id();
}
}
return $retArray;
}
function add_user($login, $password, $first_name = null, $middle_name = null, $last_name = null)
{
$retArray = array('isError' => false);
//check if user alresy exists
$sql = "SELECT user_id FROM users WHERE login='******'";
$res = db_query($sql, $login);
$row = mysql_fetch_row($res);
if ($row) {
$retArray['isError'] = true;
$retArray['errorText'] = 'Пользователь с таким именем уже существует.';
} else {
$sql = "INSERT INTO users (login,passwd,first_name,middle_name,last_name,access) VALUES('%s','%s','%s','%s','%s',%n)";
$res = db_query($sql, $login, md5($password), $first_name, $middle_name, $last_name, 1);
if (!res) {
$retArray['isError'] = true;
$retArray['errorText'] = "INSERT MySQL error " . mysql_errno() . ": " . mysql_error();
} else {
$retArray['newUserId'] = db_get_insert_id();
}
}
return $retArray;
}
function add_lesson($lesson_date, $subject_id, $lesson_topic, $lesson_type_id)
{
$sql = "INSERT INTO lessons (lesson_date, subject_id, topic, active, lesson_type_id) VALUES('%s',%n,'%s',%n,%n)";
$res = db_query($sql, $lesson_date, $subject_id, $lesson_topic, time() + 60 * 60 * 45, $lesson_type_id);
return db_get_insert_id();
}
$fields[] = "middle_name='" . mysql_escape_string(substr($_POST['middle_name'], 0, 25)) . "'";
$fields[] = "birthday='" . mysql_escape_string(implode('-', array_reverse(explode('.', $_POST['birthday'])))) . "'";
$fields[] = "address='" . mysql_escape_string(substr($_POST['address'], 0, 255)) . "'";
$fields[] = "phone='" . mysql_escape_string(substr($_POST['phone'], 0, 25)) . "'";
/* Информация о родителях*/
$fields[] = "mother_fio='" . mysql_escape_string(substr($_POST['mother_fio'], 0, 50)) . "'";
$fields[] = "mother_work_phone='" . mysql_escape_string(substr($_POST['mother_work_phone'], 0, 25)) . "'";
$fields[] = "mother_cell_phone='" . mysql_escape_string(substr($_POST['mother_cell_phone'], 0, 25)) . "'";
$fields[] = "father_fio='" . mysql_escape_string(substr($_POST['father_fio'], 0, 50)) . "'";
$fields[] = "father_work_phone='" . mysql_escape_string(substr($_POST['father_work_phone'], 0, 25)) . "'";
$fields[] = "father_cell_phone='" . mysql_escape_string(substr($_POST['father_cell_phone'], 0, 25)) . "'";
$fields[] = "pin_code=" . intval(substr($_POST['pin_code'], 0, 6)) . "";
$fields[] = "email='" . substr($_POST['email'], 0, 25) . "'";
$fields[] = "smsphone='" . mysql_escape_string(substr($_POST['smsphone'], 0, 11)) . "'";
db_query("INSERT students SET " . implode(', ', $fields));
$student_id = db_get_insert_id();
db_query("INSERT students_in_class VALUES ({$class_id}, {$student_id}, 0)");
header('Location: student.php?mode=success_add&class_id=' . $class_id);
exit;
} elseif ($action == 'update') {
$fields = array();
/* Информация об ученике*/
$fields[] = "last_name='" . mysql_escape_string(substr($_POST['last_name'], 0, 25)) . "'";
$fields[] = "first_name='" . mysql_escape_string(substr($_POST['first_name'], 0, 25)) . "'";
$fields[] = "middle_name='" . mysql_escape_string(substr($_POST['middle_name'], 0, 25)) . "'";
$fields[] = "birthday='" . mysql_escape_string(implode('-', array_reverse(explode('.', $_POST['birthday'])))) . "'";
$fields[] = "address='" . mysql_escape_string(substr($_POST['address'], 0, 255)) . "'";
$fields[] = "phone='" . mysql_escape_string(substr($_POST['phone'], 0, 25)) . "'";
/* Информация о родителях*/
$fields[] = "mother_fio='" . mysql_escape_string(substr($_POST['mother_fio'], 0, 50)) . "'";
$fields[] = "mother_work_phone='" . mysql_escape_string(substr($_POST['mother_work_phone'], 0, 25)) . "'";
