$_REQUEST['staff_id'] = 'new';
include 'modules/Users/User.php';
Warehouse('footer_plain');
} else {
$_REQUEST['modfunc'] = 'update';
include 'modules/Users/User.php';
$note[] = _('Your account has been created.') . ' ' . _('You will be notified when it has been verified by a school administrator.') . ' ' . _('You will then be able to log in.');
session_destroy();
}
}
}
}
} else {
if (isset($_REQUEST['USERNAME']) && isset($_REQUEST['PASSWORD'])) {
$_REQUEST['USERNAME'] = DBEscapeString($_REQUEST['USERNAME']);
$_REQUEST['PASSWORD'] = DBEscapeString($_REQUEST['PASSWORD']);
$login_RET = DBGet(DBQuery("SELECT USERNAME,PROFILE,STAFF_ID,LAST_LOGIN,FAILED_LOGIN FROM STAFF WHERE SYEAR='{$DefaultSyear}' AND UPPER(USERNAME)=UPPER('{$_REQUEST['USERNAME']}') AND UPPER(PASSWORD)=UPPER('{$_REQUEST['PASSWORD']}')"));
if (!$login_RET) {
$student_RET = DBGet(DBQuery("SELECT s.USERNAME,s.STUDENT_ID,s.LAST_LOGIN,s.FAILED_LOGIN FROM STUDENTS s,STUDENT_ENROLLMENT se WHERE UPPER(s.USERNAME)=UPPER('{$_REQUEST['USERNAME']}') AND UPPER(s.PASSWORD)=UPPER('{$_REQUEST['PASSWORD']}') AND se.STUDENT_ID=s.STUDENT_ID AND se.SYEAR='{$DefaultSyear}' AND CURRENT_DATE>=se.START_DATE AND (CURRENT_DATE<=se.END_DATE OR se.END_DATE IS NULL)"));
}
$admin_RET = NULL;
if (!$login_RET && !$student_RET && $CentreAdmins) {
$admin_RET = DBGet(DBQuery("SELECT STAFF_ID FROM STAFF WHERE PROFILE='admin' AND SYEAR='{$DefaultSyear}' AND STAFF_ID IN ({$CentreAdmins}) AND UPPER(PASSWORD)=UPPER('{$_REQUEST['PASSWORD']}')"));
if ($admin_RET) {
$login_RET = DBGet(DBQuery("SELECT USERNAME,PROFILE,STAFF_ID,LAST_LOGIN,FAILED_LOGIN FROM STAFF WHERE SYEAR='{$DefaultSyear}' AND UPPER(USERNAME)=UPPER('{$_REQUEST['USERNAME']}')"));
if (!$login_RET) {
$student_RET = DBGet(DBQuery("SELECT s.USERNAME,s.STUDENT_ID,s.LAST_LOGIN,s.FAILED_LOGIN FROM STUDENTS s,STUDENT_ENROLLMENT se WHERE UPPER(s.USERNAME)=UPPER('{$_REQUEST['USERNAME']}') AND se.STUDENT_ID=s.STUDENT_ID AND se.SYEAR='{$DefaultSyear}' AND CURRENT_DATE>=se.START_DATE AND (CURRENT_DATE<=se.END_DATE OR se.END_DATE IS NULL)"));
}
}
}
if ($login_RET && ($login_RET[1]['PROFILE'] == 'admin' || $login_RET[1]['PROFILE'] == 'teacher' || $login_RET[1]['PROFILE'] == 'parent')) {
if ($_SESSION) {
//modif Francois: set logout page to old session locale
$old_session_locale = $_SESSION['locale'];
session_destroy();
//modif Francois: fix error Firefox has detected that the server is redirecting the request
// header("Location: $_SERVER[PHP_SELF]?modfunc=logout".(($_REQUEST['reason'])?'&reason='.$_REQUEST['reason']:''));
// header("Location: ".$_SERVER['PHP_SELF'].(($_REQUEST['reason'])?'&reason='.$_REQUEST['reason']:''));
header("Location: " . $_SERVER['PHP_SELF'] . '?locale=' . $old_session_locale . ($_REQUEST['reason'] ? '&reason=' . $_REQUEST['reason'] : ''));
}
} elseif ($_REQUEST['modfunc'] == 'create_account') {
if (!$ShowCreateAccount) {
unset($_REQUEST['modfunc']);
}
}
if ($_REQUEST['USERNAME'] && $_REQUEST['PASSWORD']) {
$_REQUEST['USERNAME'] = DBEscapeString($_REQUEST['USERNAME']);
//$_REQUEST['PASSWORD'] = DBEscapeString($_REQUEST['PASSWORD']);
//modif Francois: add password encryption
// $login_RET = DBGet(DBQuery("SELECT USERNAME,PROFILE,STAFF_ID,LAST_LOGIN,FAILED_LOGIN FROM STAFF WHERE SYEAR='$DefaultSyear' AND UPPER(USERNAME)=UPPER('$_REQUEST[USERNAME]') AND UPPER(PASSWORD)=UPPER('$_REQUEST[PASSWORD]')"));
//modif Francois: add WHERE PROFILE<>'admin' to restrict admin login to $RosarioAdmins list
$login_RET = DBGet(DBQuery("SELECT USERNAME,PROFILE,STAFF_ID,LAST_LOGIN,FAILED_LOGIN,PASSWORD FROM STAFF WHERE PROFILE<>'admin' AND SYEAR='" . Config('SYEAR') . "' AND UPPER(USERNAME)=UPPER('{$_REQUEST['USERNAME']}')"));
if ($login_RET && match_password($login_RET[1]['PASSWORD'], $_REQUEST['PASSWORD'])) {
$_REQUEST['PASSWORD'] = '';
} else {
$login_RET = false;
}
if (!$login_RET) {
// $student_RET = DBGet(DBQuery("SELECT s.USERNAME,s.STUDENT_ID,s.LAST_LOGIN,s.FAILED_LOGIN FROM STUDENTS s,STUDENT_ENROLLMENT se WHERE UPPER(s.USERNAME)=UPPER('$_REQUEST[USERNAME]') AND UPPER(s.PASSWORD)=UPPER('$_REQUEST[PASSWORD]') AND se.STUDENT_ID=s.STUDENT_ID AND se.SYEAR='$DefaultSyear' AND CURRENT_DATE>=se.START_DATE AND (CURRENT_DATE<=se.END_DATE OR se.END_DATE IS NULL)"));
$student_RET = DBGet(DBQuery("SELECT s.USERNAME,s.STUDENT_ID,s.LAST_LOGIN,s.FAILED_LOGIN,s.PASSWORD FROM STUDENTS s,STUDENT_ENROLLMENT se WHERE UPPER(s.USERNAME)=UPPER('{$_REQUEST['USERNAME']}') AND se.STUDENT_ID=s.STUDENT_ID AND se.SYEAR='" . Config('SYEAR') . "' AND CURRENT_DATE>=se.START_DATE AND (CURRENT_DATE<=se.END_DATE OR se.END_DATE IS NULL)"));
if ($student_RET && match_password($student_RET[1]['PASSWORD'], $_REQUEST['PASSWORD'])) {
$_REQUEST['PASSWORD'] = '';
* Saved Reports (Setup)
*
* @package Reports
*/
// RosarioSIS 2.9: ajaxLink( 'Side.php' );
$reload_side = '<script>
var side_link = document.createElement("a");
side_link.href = "Side.php";
side_link.target = "menu";
ajaxLink(side_link);
</script>';
// Save New Report.
if ($_REQUEST['modfunc'] === 'new' && AllowEdit()) {
$report_id = DBGet(DBQuery("SELECT " . db_seq_nextval('SAVED_REPORTS_SEQ') . ' AS ID'));
$report_id = $report_id[1]['ID'];
DBQuery("INSERT INTO SAVED_REPORTS (ID,TITLE,STAFF_ID,PHP_SELF,SEARCH_PHP_SELF,SEARCH_VARS)\n\t\tvalues(\n\t\t\t'" . $report_id . "',\n\t\t\t'" . DBEscapeString(_('Untitled')) . "',\n\t\t\t'" . User('STAFF_ID') . "',\n\t\t\t'" . PreparePHP_SELF($_SESSION['_REQUEST_vars']) . "',\n\t\t\t'" . $_SESSION['Search_PHP_SELF'] . "',\n\t\t\t'" . "')");
// FJ disable Publishing options.
$modname = 'Reports/RunReport.php&id=' . $report_id;
// Admin can Use Report.
DBQuery("INSERT INTO PROFILE_EXCEPTIONS (PROFILE_ID,MODNAME,CAN_USE,CAN_EDIT)\n\t\tvalues('1','" . $modname . "','Y','Y')");
unset($_REQUEST['modfunc']);
unset($_SESSION['_REQUEST_vars']['modfunc']);
// Reload Side.php Menu.
echo $reload_side;
}
// Update Saved Report.
if (isset($_REQUEST['values']) && isset($_POST['values']) && AllowEdit()) {
foreach ((array) $_REQUEST['values'] as $id => $columns) {
$sql = "UPDATE SAVED_REPORTS SET ";
foreach ((array) $columns as $column => $value) {
$sql .= $column . "='" . $value . "',";