$_SESSION['faculty'] = $_SESSION['uName']; } if (!sessionCheck('level', 'faculty') && !empty($_GET['faculty'])) { $_SESSION['faculty'] = $_GET['faculty']; } if (valueCheck('action', 'add')) { rangeCheck('cName', 6, 100); if (empty($_POST["allowConflict"])) { $_POST["allowConflict"] = 0; } try { $query = $db->prepare('INSERT INTO courses(course_Id,course_name,fac_id,allow_conflict) values (?,?,?,?)'); $query->execute([$cId, $_POST['cName'], $_SESSION['faculty'], $_POST["allowConflict"]]); $query = $db->prepare('INSERT INTO allowed(course_Id,batch_name,batch_dept) values (?,?,?)'); foreach ($_POST['batch'] as $batch) { $batch = explode(" : ", $batch); $query->execute([$cId, $batch[0], $batch[1]]); } postResponse("addOpt", "Course Added", [$_POST['cName'], $cId]); } catch (PDOException $e) { if ($e->errorInfo[0] == 23000) { postResponse("error", "Course ID already exists"); } else { postResponse("error", $e->errorInfo[2]); } } } elseif (valueCheck('action', 'delete')) { $query = $db->prepare('DELETE FROM courses where course_id =? and fac_id =?'); $query->execute([$_POST['cId'], $_SESSION['faculty']]); postResponse("removeOpt", "Course deleted"); }
$(this).removeClass('blue').addClass('disabled'); if(!$("input[name="+ this.id +"]")[0]) $("#disabledSlots").append($('<input type="hidden" name="' + this.id + '" value="active">')); $("input[name="+ this.id +"]").val('disabled'); }) $("#timetable").on("click", ".cell.disabled", function() { changes = true; $(this).removeClass('disabled').addClass('blue'); $("input[name="+ this.id +"]").val('active'); }) $("#snapshot").change(function(){ $("#filename").val(this.value); }) <?php if (valueCheck('status', 'restoreComplete')) { ?> var msg=$('<div class="blocktext info" style="display:none;margin-top:10px;"><b>✔ </b> Database restored, please logout and login again.</div>'); $("#content").prepend(msg); msg.show(400,function(){ setTimeout(function(){ msg.hide(400); },5000) }) <?php } ?> var changes = false; window.onbeforeunload = function(e) { message = "There are unsaved changes in the timetable, are you sure you want to navigate away without saving them?."; if(changes)
} } if ($newAdmin) { changeUserLevel($uName, 'dean'); $_SESSION['logged_in'] = true; $_SESSION['uName'] = $uName; $_SESSION['level'] = "dean"; $_SESSION['fName'] = $_POST['fullName']; $_SESSION['dept'] = $dept_code; postResponse("redirect", $_SESSION['level'] . ".php"); } } if (!empty($_POST['level'])) { changeUserLevel($uName, $_POST['level']); } if (valueCheck('action', 'changeLevel')) { postResponse("updateOpt", "Level Changed"); } else { postResponse("addOpt", "Faculty Added", [$_POST["fullName"], $uName]); } } /** * changeUserLevel() * * Add or remove $user to the admin table with the given $level */ function changeUserLevel($user, $level) { global $db; try { $query = $db->prepare('UPDATE faculty SET level = ? where uName = ?');
function buildSQL($tableName, $columnNames) { $whereClause = array(); $numericTypes = array('INTEGER', 'INT', 'SMALLINT', 'TINYINT', 'MEDIUMINT', 'BIGINT', 'DECIMAL', 'NUMERIC', 'FLOAT', 'DOUBLE', 'BIT', 'DATE', 'DATETIME', 'TIMESTAMP'); foreach ($columnNames as $columnName => $columnData) { switch ($this->searchOptions) { case 1: $wordList = explode(" ", $this->searchPattern); $temp = array(); foreach ($wordList as $words) { $includeNumeric = valueCheck($words, $columnData); if ($includeNumeric == TRUE || !in_array(strtoupper($columnData['type']), $numericTypes)) { $temp[] = $columnName . " LIKE '%" . $words . "%'"; } } if (!empty($temp)) { $wordList = implode(" OR ", $temp); $whereClause[] = '(' . $wordList . ')'; } break; case 2: $wordList = explode(" ", $this->searchPattern); $temp = array(); foreach ($wordList as $words) { $includeNumeric = valueCheck($words, $columnData); if ($includeNumeric == TRUE || !in_array(strtoupper($columnData['type']), $numericTypes)) { $temp[] = $columnName . " LIKE '%" . $words . "%'"; } } if (!empty($temp)) { $wordList = implode(" AND ", $temp); $whereClause[] = '(' . $wordList . ')'; } break; case 3: if (stristr($this->searchPattern, "%") !== FALSE) { $operator = "LIKE"; } else { $operator = "="; } $includeNumeric = $this->valueCheck($this->searchPattern, $columnData); if ($includeNumeric == TRUE || !in_array(strtoupper($columnData['type']), $numericTypes)) { $whereClause[] = $columnName . " {$operator} '" . $this->searchPattern . "'"; } break; } } $where = implode(" OR ", $whereClause); $sql = array(); if (!empty($where)) { $sql['run'] = "SELECT count(*) rc FROM {$tableName} WHERE {$where}"; $sql['show'] = "SELECT * FROM {$tableName} WHERE {$where}"; } return $sql; }
<?php if (empty($department)) { $deptFilter = ''; } $query = $db->prepare('SELECT * FROM faculty ' . $deptFilter); $query->execute([$department]); foreach ($query->fetchall() as $fac) { echo "<option value=\"{$fac['uName']}\">{$fac['fac_name']}</option>"; } ?> </select> <?php } ?> <?php if (!valueCheck('print', true) || isset($_GET['batch'])) { ?> <span class="inline" style="vertical-align: middle;padding:10px 0 0 10px">Batch: </span> <select id="batch" name="batch" data-placeholder="Choose Batch..."> <option label="Choose Batch..."></option> <?php foreach ($db->query('SELECT * FROM batches') as $batch) { echo "<option value=\"{$batch['batch_name']} : {$batch['batch_dept']}\">{$batch['batch_name']} : {$batch['batch_dept']} ({$batch['size']})</option>"; } ?> </select> <?php } ?> </div> </form>
<option label="Choose Department..."></option> <?php foreach ($db->query('SELECT * FROM depts') as $dept) { echo "<option value=\"{$dept['dept_code']}\">{$dept['dept_name']} ({$dept['dept_code']})</option>"; } ?> </select> <div class="blocktext info"></div> <div class="center button"> <button>Delete</button> </div> </form> </div> </div> <?php } elseif (valueCheck('action', 'batches')) { ?> <div class="box"> <div class="boxbg"></div> <div class="information"><div class="icon add"></div></div> <div class="title">Add Batch</div> <div class="elements"> <form method="post" action="batches.php?action=add"> <input type="text" name="batch_name" class="styled uInfo" required pattern="[^:]{2,30}" title="2 to 30 alphanumeric characters" placeholder="Batch Name" /> <select name="dept" class="stretch" data-placeholder="Choose Department..." required> <option label="Choose Department..."></option> <?php foreach ($db->query('SELECT * FROM depts') as $dept) { echo "<option value=\"{$dept['dept_code']}\">{$dept['dept_name']} ({$dept['dept_code']})</option>"; } ?>
echo "<option value=\"{$timetable['table_name']}\">{$timetable['table_name']}{$active}</option>"; } ?> </select> </div> <div id="timetable" class="table"></div> <form id="courseAlloc" action="allocate.php?action=saveSlots"> <?php $query = $db->prepare('SELECT * FROM slot_allocs where table_name=? AND course_id IN (SELECT course_id FROM courses where fac_id=?)'); $query->execute([$current['table_name'], $_SESSION['faculty']]); while ($slot = $query->fetch()) { echo '<input type="hidden" name="' . $slot['day'] . '_' . $slot['slot_num'] . '" value="' . $slot['course_id'] . ':' . $slot['room'] . '" >'; } ?> <?php if (valueCheck("error", "conflict")) { ?> <div class="blocktext info error"> <b>✖ </b> Another faculty has just allocated one of the slots. Please try again </div> <?php } else { ?> <div class="blocktext info"> </div> <?php } ?> <div class="center"> <button>Save</button> </div>
<?php /** * Back end routines to generate/restore backups, invoked by dean.php * @author Avin E.M; Kunal Dahiya */ require_once 'functions.php'; if (!sessionCheck('level', 'dean')) { die; } require_once 'connect_db.php'; if (valueCheck('action', 'backup')) { header('Content-type: text/plain'); header('Content-Disposition: attachment; filename=backup_' . date("H-i_d-m-Y") . '.sql'); passthru("mysqldump --user={$config['db_user']} --password={$config['db_pswd']} --host={$config['db_host']} {$config['db_name']}"); } else { $snapshot = $_FILES['snapshot']['tmp_name']; try { $db->exec(file_get_contents($snapshot)); unlink($snapshot); header("Location: dean.php?status=restoreComplete"); } catch (PDOException $e) { postResponse("error", $e->errorInfo[2]); } }