/**
* rangeCheck()
*
* Returns true if the parameter $postvar is bounded in length by $min and $max
*/
function rangeCheck($postvar, $min, $max, $spaceAllowed = true)
{
if (empty($_POST['ajaxcheck']) || $_POST['ajaxcheck'] == $postvar) {
if (!empty($_POST[$postvar])) {
if (!$spaceAllowed) {
if (strpos($_POST[$postvar], " ") !== false) {
postResponse("error", $postvar . ' Cannot contain spaces');
}
}
if (strlen($_POST[$postvar]) < $min) {
postResponse("error", $postvar . ' must be atleast ' . $min . ' characters long');
} else {
if (strlen($_POST[$postvar]) > $max) {
postResponse("error", $postvar . ' must not be longer than ' . $max . ' characters');
}
}
} else {
postResponse("error", 'Please enter ' . $postvar);
}
}
}
$_SESSION['faculty'] = $_SESSION['uName'];
}
if (!sessionCheck('level', 'faculty') && !empty($_GET['faculty'])) {
$_SESSION['faculty'] = $_GET['faculty'];
}
if (valueCheck('action', 'add')) {
rangeCheck('cName', 6, 100);
if (empty($_POST["allowConflict"])) {
$_POST["allowConflict"] = 0;
}
try {
$query = $db->prepare('INSERT INTO courses(course_Id,course_name,fac_id,allow_conflict) values (?,?,?,?)');
$query->execute([$cId, $_POST['cName'], $_SESSION['faculty'], $_POST["allowConflict"]]);
$query = $db->prepare('INSERT INTO allowed(course_Id,batch_name,batch_dept) values (?,?,?)');
foreach ($_POST['batch'] as $batch) {
$batch = explode(" : ", $batch);
$query->execute([$cId, $batch[0], $batch[1]]);
}
postResponse("addOpt", "Course Added", [$_POST['cName'], $cId]);
} catch (PDOException $e) {
if ($e->errorInfo[0] == 23000) {
postResponse("error", "Course ID already exists");
} else {
postResponse("error", $e->errorInfo[2]);
}
}
} elseif (valueCheck('action', 'delete')) {
$query = $db->prepare('DELETE FROM courses where course_id =? and fac_id =?');
$query->execute([$_POST['cId'], $_SESSION['faculty']]);
postResponse("removeOpt", "Course deleted");
}
$query->execute([$state, $slot[0], $slot[1], $current['table_name']]);
if ($state == 'disabled') {
$deleteAllocs->execute([$slot[0], $slot[1], $current['table_name']]);
}
}
postResponse("info", 'Slots updated');
die;
}
if (valueCheck('action', 'deleteTimetable')) {
$query = $db->prepare('DELETE from timetables where table_name=? AND active=0');
$query->execute([$_POST['table_name']]);
if ($query->rowCount()) {
postResponse("removeOpt", 'Timetable deleted');
die;
} else {
postResponse("error", 'Slot is the current active slot, choose another slot as active before deleting');
}
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>QuickSlots</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="shortcut icon" type="image/png" href="images/favicon.png"/>
<link rel="stylesheet" type="text/css" href="css/styles.css">
<link rel="stylesheet" type="text/css" href="css/dashboard.css">
<link rel="stylesheet" type="text/css" href="css/table.css">
<link rel="stylesheet" type="text/css" href="css/chosen.css">
<script type="text/javascript" src="js/jquery.min.js" ></script>
/**
* changeUserLevel()
*
* Add or remove $user to the admin table with the given $level
*/
function changeUserLevel($user, $level)
{
global $db;
try {
$query = $db->prepare('UPDATE faculty SET level = ? where uName = ?');
$query->execute([$level, $user]);
if (!$query->rowCount()) {
postResponse("error", "The selected user might have been deleted. Try reloading the page.");
}
} catch (PDOException $e) {
postResponse("error", $e->errorInfo[2]);
}
}
<?php
/**
* Back end routines to add/delete rooms, invoked by dean.php
* @author Avin E.M; Kunal Dahiya
*/
require_once 'functions.php';
require_once 'connect_db.php';
if (!sessionCheck('level', 'dean')) {
die;
}
rangeCheck('room_name', 2, 25);
if (valueCheck('action', 'add')) {
rangeCheck('capacity', 1, 3);
try {
$query = $db->prepare('INSERT INTO rooms(room_name,capacity) values (?,?)');
$query->execute([$_POST['room_name'], $_POST['capacity']]);
postResponse("addOpt", "Room Added", [$_POST['room_name'], $_POST['capacity']]);
} catch (PDOException $e) {
if ($e->errorInfo[0] == 23000) {
postResponse("error", "Room already exists");
} else {
postResponse("error", $e->errorInfo[2]);
}
}
} elseif (valueCheck('action', 'delete')) {
$query = $db->prepare('DELETE FROM rooms where room_name = ?');
$query->execute([$_POST['room_name']]);
postResponse("removeOpt", "Room deleted");
}
$_SESSION['fName'] = $faculty['fac_name'];
$_SESSION['uName'] = $uName;
$_SESSION['level'] = $faculty['level'];
$_SESSION['dept'] = $faculty['dept_code'];
} else {
postResponse("error", "Invalid credentials");
}
}
}
if (sessionCheck('logged_in')) {
$home = "faculty.php";
if ($_SESSION['level'] == "dean") {
$home = "dean.php";
}
if ($_POST) {
postResponse("redirect", $home);
}
header("Location: " . $home);
die;
}
?>
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="shortcut icon" type="image/png" href="images/favicon.png"/>
<script src="js/jquery.min.js"></script>
<link href="css/styles.css" rel="stylesheet" type="text/css" />
<title>QuickSlots | Login</title>
<script src="js/form.js"></script>
* Back end routines to add/delete batches, invoked by manage.php
* @author Avin E.M; Kunal Dahiya
*/
require_once 'functions.php';
require_once 'connect_db.php';
if (!sessionCheck('logged_in')) {
postResponse("error", "Your session has expired, please login again");
}
if (!sessionCheck('level', 'dean')) {
die('You are not authorized to perform this action');
}
if (valueCheck('action', 'add')) {
rangeCheck('batch_name', 2, 30);
rangeCheck('size', 1, 3);
try {
$query = $db->prepare('INSERT INTO batches(batch_name,batch_dept,size) values (?,?,?)');
$query->execute([$_POST['batch_name'], $_POST['dept'], $_POST['size']]);
postResponse("addOpt", "Batch Added", [$_POST['batch_name'] . ' : ' . $_POST['dept'], $_POST['size']]);
} catch (PDOException $e) {
if ($e->errorInfo[0] == 23000) {
postResponse("error", "Batch already exists");
} else {
postResponse("error", $e->errorInfo[2]);
}
}
} elseif (valueCheck('action', 'delete')) {
$query = $db->prepare('DELETE FROM batches where batch_name = ? AND batch_dept=?');
$batch = explode(" : ", $_POST['batch']);
$query->execute([$batch[0], $batch[1]]);
postResponse("removeOpt", "Batch deleted");
}
}
} catch (PDOException $e) {
if ($e->getCode() == '42S02') {
$db->exec(file_get_contents('create_tables.sql'));
if ($_POST) {
postResponse('redirect', 'setup.php');
}
}
if ($_POST) {
if ($e->getCode() == 1045) {
postResponse('error', "Cannot connect to the database: Invalid username or password");
} else {
if ($e->getCode() == 1044) {
postResponse('error', $e->getMessage());
} else {
postResponse('error', $e->getMessage());
}
}
} else {
copy('config.php', 'tmp/config.old_invalid.php');
file_put_contents('config.php', '');
}
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="shortcut icon" type="image/png" href="images/favicon.png"/>
<link href="css/styles.css" rel="stylesheet" type="text/css" />
try {
foreach ($_POST as $slotStr => $course_room) {
$course_room = explode(':', $course_room);
$course = $course_room[0];
$room = $course_room[1];
$slot = explode('_', $slotStr);
$query->execute([$current['table_name'], $slot[0], $slot[1], $room, $course]);
}
} catch (PDOException $e) {
if ($e->errorInfo[0] == 23000) {
postResponse("error", "The selected room has been booked already, rooms list has been refreshed");
} else {
postResponse("error", $e->errorInfo[2]);
}
}
postResponse("info", "Slots Saved");
die;
}
if (valueCheck('action', 'queryRooms')) {
$slot = explode('_', $_POST["slot"]);
$query = $db->prepare('SELECT min(size) FROM allowed NATURAL JOIN batches where course_id=?');
$query->execute([$_POST['course']]);
$minCap = $query->fetch()[0];
$query = $db->prepare('SELECT room_name,capacity FROM rooms
where capacity>=? AND room_name NOT IN
(SELECT room FROM slot_allocs where table_name=? AND day=? AND slot_num=?
AND course_id NOT IN (SELECT course_id FROM courses where fac_id=?)
) ORDER BY capacity');
$query->execute([$minCap, $current['table_name'], $slot[0], $slot[1], $_SESSION['faculty']]);
$rooms = $query->fetchall(PDO::FETCH_NUM);
die(json_encode($rooms));
<?php
/**
* Back end routines to generate/restore backups, invoked by dean.php
* @author Avin E.M; Kunal Dahiya
*/
require_once 'functions.php';
if (!sessionCheck('level', 'dean')) {
die;
}
require_once 'connect_db.php';
if (valueCheck('action', 'backup')) {
header('Content-type: text/plain');
header('Content-Disposition: attachment; filename=backup_' . date("H-i_d-m-Y") . '.sql');
passthru("mysqldump --user={$config['db_user']} --password={$config['db_pswd']} --host={$config['db_host']} {$config['db_name']}");
} else {
$snapshot = $_FILES['snapshot']['tmp_name'];
try {
$db->exec(file_get_contents($snapshot));
unlink($snapshot);
header("Location: dean.php?status=restoreComplete");
} catch (PDOException $e) {
postResponse("error", $e->errorInfo[2]);
}
}
<?php
/**
* Back end routines to add/delete departments, invoked by manage.php
* @author Avin E.M; Kunal Dahiya
*/
require_once 'functions.php';
if (!sessionCheck('level', 'dean')) {
die;
}
require_once 'connect_db.php';
rangeCheck('dept_code', 2, 5, false);
$dept_code = strtoupper($_POST['dept_code']);
if (valueCheck('action', 'add')) {
rangeCheck('dName', 6, 50);
try {
$query = $db->prepare('INSERT INTO depts(dept_code,dept_name) values (?,?)');
$query->execute([$dept_code, $_POST['dName']]);
postResponse("addOpt", "Deparment Added", [$_POST['dName'], $dept_code]);
} catch (PDOException $e) {
if ($e->errorInfo[0] == 23000) {
postResponse("error", "Deparment already exists");
} else {
postResponse("error", $e->errorInfo[2]);
}
}
} elseif (valueCheck('action', 'delete')) {
$query = $db->prepare('DELETE FROM depts where dept_code =?');
$query->execute([$dept_code]);
postResponse("removeOpt", "Deparment deleted");
}