private function create_metadataID() { $ipaddress = NetworkUtils::get_client_address(); $stmt = $this->db->prepare("INSERT INTO review_metadata VALUES(NULL, ?, ?, NOW(), NULL, ?, ?, NULL)"); $stmt->bind_param('iiss', $this->reviewerID, $this->paperID, $this->review_type, $ipaddress); $stmt->execute(); $reviewID = $this->db->insert_id; $stmt->close(); return $reviewID; }
/** * Get the details of the papers that are currently available for the current user and lab * @param array $paper_display Reference to array in which to build details of available papers * @param array $types Array of paper types to check for * @param UserObject $userObj The current user * @param mysqli $db Database reference * @param string $exclude Option ID of a paper to exclude from the check * @return integer The number of currently active papers */ public function get_active_papers(&$paper_display, $types, $userObj, $db, $exclude = '') { $type_sql = ''; foreach ($types as $type) { if ($type_sql != '') { $type_sql .= ' OR '; } $type_sql .= "paper_type='{$type}'"; } $exclude_sql = ''; if ($exclude != '') { $exclude_sql = ' AND property_id != ' . $exclude; } $paper_no = 0; $paper_query = $db->prepare("SELECT property_id, paper_type, crypt_name, paper_title, bidirectional, fullscreen, MAX(screen) AS max_screen, labs, calendar_year, password, completed FROM (papers, properties) LEFT JOIN log_metadata ON properties.property_id = log_metadata.paperID AND userID = ? WHERE papers.paper = properties.property_id AND (labs != '' OR password != '') AND ({$type_sql}) AND deleted IS NULL AND start_date < DATE_ADD(NOW(),interval 15 minute) AND end_date > NOW() {$exclude_sql} GROUP BY paper"); $paper_query->bind_param('i', $userObj->get_user_ID()); $paper_query->execute(); $paper_query->store_result(); $paper_query->bind_result($property_id, $paper_type, $crypt_name, $paper_title, $bidirectional, $fullscreen, $max_screen, $labs, $calendar_year, $password, $completed); while ($paper_query->fetch()) { if ($labs != '') { $machineOK = false; $labs = str_replace(",", " OR lab=", $labs); $lab_info = $db->query("SELECT address FROM client_identifiers WHERE address = '" . NetworkUtils::get_client_address() . "' AND (lab = {$labs})"); if ($lab_info->num_rows > 0) { $machineOK = true; } $lab_info->close(); } else { $machineOK = true; } if (strpos($userObj->get_username(), 'user') !== 0) { $moduleIDs = Paper_utils::get_modules($property_id, $db); if (count($moduleIDs) > 0) { $moduleOK = false; if ($calendar_year != '') { $cal_sql = "AND calendar_year = '" . $calendar_year . "'"; } else { $cal_sql = ''; } $module_in = implode(',', array_keys($moduleIDs)); $moduleInfo = $db->prepare("SELECT userID FROM modules_student WHERE userID = ? {$cal_sql} AND idMod IN ({$module_in})"); $moduleInfo->bind_param('i', $userObj->get_user_ID()); $moduleInfo->execute(); $moduleInfo->store_result(); $moduleInfo->bind_result($tmp_userID); $moduleInfo->fetch(); if ($moduleInfo->num_rows() > 0) { $moduleOK = true; } $moduleInfo->close(); } else { $moduleOK = true; } } else { $moduleOK = true; } if ($machineOK == true and $moduleOK == true) { $paper_display[$paper_no]['id'] = $property_id; $paper_display[$paper_no]['paper_title'] = $paper_title; $paper_display[$paper_no]['crypt_name'] = $crypt_name; $paper_display[$paper_no]['paper_type'] = $paper_type; $paper_display[$paper_no]['max_screen'] = $max_screen; $paper_display[$paper_no]['bidirectional'] = $bidirectional; $paper_display[$paper_no]['password'] = $password; $paper_display[$paper_no]['completed'] = $completed; $paper_no++; } } $paper_query->close(); return $paper_no; }
} if (isset($_POST['paperID'])) { $paper_id = $_POST['paperID']; } $student = array(); $student['user_ID'] = $student_id; $stmt = $mysqli->prepare('SELECT title, initials, surname FROM users WHERE user_deleted IS NULL AND id = ?'); $stmt->bind_param('i', $userID); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($student['title'], $student['initials'], $student['surname']); $stmt->fetch(); $title = $student['title']; $initials = $student['initials']; $surname = $student['surname']; $current_address = NetworkUtils::get_client_address(); $lab_factory = new LabFactory($mysqli); $lab_object = $lab_factory->get_lab_based_on_client($current_address); $propertyObj = PaperProperties::get_paper_properties_by_id($paper_id, $mysqli, $string); $log_lab_end_time = new LogLabEndTime($lab_object->get_id(), $propertyObj, $mysqli); $log_extra_time = new LogExtraTime($log_lab_end_time, $student, $mysqli); $onload = ''; if (isset($_POST['submit'])) { $invigilator_id = $userObject->get_user_ID(); if ((int) $_POST['extra_time'] == 0) { $log_extra_time->delete($invigilator_id); } elseif ((int) $_POST['extra_time'] > 0) { $special_needs_percentage = $_POST['extra_time']; $log_extra_time->save($invigilator_id, $special_needs_percentage); } $onload = 'closeWindow();';
function loginbutton($displaystdformobj) { global $string; $config = Config::get_instance(); $this->savetodebug('Button Check'); $labs_list = ''; // detect if we should display login button $paper_match = false; $ip_match = false; $query = "SELECT labs FROM properties WHERE start_date < DATE_ADD(NOW(), interval 15 minute) AND end_date > NOW() AND paper_type IN ('1', '2') AND labs != ''"; $results = $this->db->prepare($query); if ($this->db->error) { try { $e = $this->db->error; $en = $this->db->errno; throw new Exception("MySQL error {$e} <br /> Query:<br /> {$query}", $en); } catch (Exception $e) { echo "Error No: " . $e->getCode() . " - " . $e->getMessage() . "<br />"; echo nl2br($e->getTraceAsString()); } } $results->execute(); $results->store_result(); $results->bind_result($labs); while ($results->fetch()) { $paper_match = true; $query = "SELECT address FROM client_identifiers WHERE lab IN ({$labs})"; $sub_results = $this->db->prepare($query); if ($this->db->error) { try { $e = $this->db->error; $en = $this->db->errno; throw new Exception("MySQL error {$e} <br /> Query:<br /> {$query}", $en); } catch (Exception $e) { echo "Error No: " . $e->getCode() . " - " . $e->getMessage() . "<br />"; echo nl2br($e->getTraceAsString()); } } $sub_results->execute(); $sub_results->store_result(); $sub_results->bind_result($address); while ($sub_results->fetch()) { $labs_list = $labs_list . ' ' . $address; if (NetworkUtils::get_client_address() == $address) { $ip_match = true; } } $sub_results->close(); } $results->close(); $this->savetodebug('Status paper_match:' . var_export($paper_match, true) . ' ip_match:' . var_export($ip_match, true) . ' ip address:' . var_export(NetworkUtils::get_client_address(), true) . ' <br /> ' . $labs . ' ' . $labs_list); if ($paper_match === true and $ip_match === true) { $this->savetodebug('Adding New Button'); $newbutton = new displaystdformobjbutton(); $newbutton->type = 'button'; $newbutton->value = ' ' . $string['guestbutton'] . ' '; $newbutton->name = 'guestlogin'; $newbutton->class = 'guestlogin'; $displaystdformobj->buttons[] = $newbutton; $newscript = "\$('.guestlogin').click(function() {\n window.location.href = '" . $config->get('cfg_root_path') . "/users/guest_account.php';\n});"; $displaystdformobj->scripts[] = $newscript; } return $displaystdformobj; }
} else { $results = shell_exec('wmic cpu get name'); $lines = explode('<br />', nl2br($results)); echo "<tr><td>" . $string['processor'] . "</td><td>" . $lines[1] . "</td></tr>\n"; } echo "<tr><td style=\"width:90px\">" . $string['servername'] . "</td><td>" . gethostbyaddr(gethostbyname($_SERVER['SERVER_NAME'])) . "</td></tr>\n"; echo "<tr><td>" . $string['hostname'] . "</td><td>" . $_SERVER['HTTP_HOST'] . "</td></tr>\n"; echo "<tr><td>" . $string['ipaddress'] . "</td><td>" . NetworkUtils::get_server_address() . "</td></tr>\n"; echo "<tr><td>" . $string['clock'] . "</td><td>" . date('d F Y H:i:s') . "</td></tr>\n"; echo "<tr><td>" . $string['os'] . "</td><td>" . php_uname('s') . "</td></tr>\n"; echo "<tr><td>" . $string['webserver'] . "</td><td>" . $_SERVER['SERVER_SOFTWARE'] . "</td></tr>\n"; echo "<tr><td>" . $string['php'] . "</td><td>" . phpversion() . "</td></tr>\n"; echo "<tr><td>" . $string['mysql'] . "</td><td>" . $mysqli->server_info . "</td></tr>\n"; echo '<tr><td colspan="2"> </td></tr>'; echo '<tr><td colspan="2" class="sechead">' . $string['clientcomputer'] . '</td></tr>'; echo '<tr><td>' . $string['ipaddress'] . '</td><td>' . NetworkUtils::get_client_address() . '</td></tr>'; echo '<tr><td>' . $string['clock'] . '</td><td><script>the_date = new Date(); document.write(the_date.toLocaleString("' . $language . '")); </script></td></tr>'; echo '<tr><td>' . $string['browser'] . '</td><td>' . $_SERVER['HTTP_USER_AGENT'] . '</td></tr>'; echo '<tr><td colspan="2"> </td></tr>'; echo '<tr><td colspan="2" class="sechead">' . $string['partitions'] . '</td></tr>'; echo '<tr><td colspan="2" rowspan="18" valign="top" align="left"><table cellspacing="0" cellpadding="2" border="0" style="font-size:90%">'; if (php_uname('s') == 'Windows NT') { $disks = array('A:\\', 'B:\\', 'C:\\', 'D:\\', 'E:\\', 'F:\\', 'G:\\', 'H:\\', 'I:\\', 'J:\\', 'K:\\', 'L:\\', 'M:\\', 'N:\\', 'O:\\', 'P:\\', 'Q:\\', 'R:\\', 'S:\\', 'T:\\', 'U:\\', 'V:\\', 'W:\\', 'X:\\', 'Y:\\', 'Z:\\'); $i = 1; foreach ($disks as $disk) { if (file_exists($disk)) { $master_array[$i][3] = @disk_free_space($disk); $master_array[$i][1] = @disk_total_space($disk); $master_array[$i][5] = $disk; $i++; }
/** * Adds a new paper note. * @param string $note - The text of the note (message). * @param int $paperID - ID of the paper the note is associated with. * @param int $authorID - User ID of the member of staff/invigilator creating the note. * @param object $db - MySQL connection */ static function add_note($note, $paperID, $authorID, $db) { $current_address = NetworkUtils::get_client_address(); $result = $db->prepare("INSERT INTO paper_notes VALUES (NULL, ?, NOW(), ?, ?, ?)"); $result->bind_param('siis', $note, $paperID, $authorID, $current_address); $result->execute(); $result->close(); }
public function record_access($user_id, $type, $page) { $current_address = NetworkUtils::get_client_address(); $result = $this->_mysqli->prepare('INSERT INTO access_log VALUES(NULL, ?, ?, NOW(), ?, ?)'); $result->bind_param('isss', $user_id, $type, $current_address, $page); $result->execute(); $result->close(); }
echo "<p style=\"margin-left:90px; color:#C00000\">" . $string['note1'] . " <img src=\"{$configObject->get('cfg_root_path')}/artwork/small_link.png\" width=\"11\" height=\"11\" /> <a href=\"../index.php\"><strong>" . $string['staffmangscreens'] . "</strong></a>?</p>\n"; } echo "<div class=\"hr_line\"></div>\n<p style=\"margin-left:90px\">" . $string['mostLikely'] . "</p>\n<ul style=\"margin-left:80px\">\n"; $current_address = NetworkUtils::get_client_address(); $ip_info = $mysqli->prepare("SELECT name, room_no FROM (labs, client_identifiers) WHERE labs.id = client_identifiers.lab AND address = ?"); $ip_info->bind_param('s', $current_address); $ip_info->execute(); $ip_info->store_result(); $ip_info->bind_result($computer_lab, $computer_lab_short); $ip_info->fetch(); if ($ip_info->num_rows() == 0) { $computer_lab = $computer_lab_short = '<span style="color:#C00000">' . $string['unknownIp'] . '</span>'; } $computer_lab_short = $computer_lab_short == '' ? $computer_lab : $computer_lab_short; $ip_info->close(); echo "<li>" . $string['IPaddress'] . " - " . NetworkUtils::get_client_address() . " {$computer_lab}</li>\n"; echo "<li>" . $string['Time/Date'] . " - " . date('d/m/Y H:i:s') . "</li>\n"; echo "<li>" . $string['yearofstudy'] . " - "; if ($userObject->get_year() == '') { echo '<span style="color:#C00000">' . $string['noyear'] . '</span>'; } else { echo $userObject->get_year(); } echo "</li>\n"; echo "<li>" . $string['Modules'] . " - \n"; $last_cal_year = ''; $info = $mysqli->prepare("SELECT moduleID, calendar_year FROM modules_student, modules WHERE modules.id = modules_student.idMod AND userID = ? ORDER BY calendar_year DESC, moduleID"); $info->bind_param('i', $userObject->get_user_ID()); $info->execute(); $info->bind_result($user_moduleID, $user_calendar_year); $info->store_result();
$mysqli = new mysqli($configObject->get('cfg_db_host'), $configObject->get('cfg_db_student_user'), $configObject->get('cfg_db_student_passwd'), $configObject->get('cfg_db_database')); // Check that the client address of the current user is within the exam lab. $paper_match = false; $lab_match = false; $results = $mysqli->prepare("SELECT labs FROM properties WHERE start_date < DATE_ADD(NOW(), interval 15 minute) AND end_date > NOW() AND paper_type IN ('1','2') AND labs != ''"); $results->execute(); $results->store_result(); $results->bind_result($labs); while ($results->fetch()) { $paper_match = true; $sub_results = $mysqli->prepare("SELECT address FROM client_identifiers WHERE lab IN ({$labs})"); $sub_results->execute(); $sub_results->store_result(); $sub_results->bind_result($address); while ($sub_results->fetch()) { if (NetworkUtils::get_client_address() == $address) { $lab_match = true; } } $sub_results->close(); } $results->close(); if ($paper_match == false) { $notice->access_denied($mysqli, $string, $string['cannotfindexams'], false, true); } elseif ($lab_match == false) { $msg = sprintf($string['furtherassistance'], $configObject->get('support_email'), $configObject->get('support_email')); $notice->display_notice_and_exit($mysqli, $string['pagenotfound'], $msg, $string['pagenotfound'], '/artwork/page_not_found.png', '#C00000', true, true); } ?> <!DOCTYPE html> <html>