function login($username, $password)
{
$username = clean_up("{$username}");
$password = clean_up("{$password}");
$user_key = get_user_id($username);
$results = mysql_db_query("rowanprep", "SELECT user_key FROM users WHERE username = '******' AND password = '******'");
if (mysql_num_rows($results) === 0) {
return false;
} else {
return $user_key;
}
}
function generateXmlCache($xmlFiles, $callback = 'parseDatabaseDefinitionFile')
{
global $aSkipFiles, $aOptions, $oDbh, $oCache;
foreach ($xmlFiles as $fileName) {
if (!in_array(baseName($fileName), $aSkipFiles)) {
echo " => " . basename($fileName) . ": ";
flush();
$oSchema =& MDB2_Schema::factory($oDbh, $aOptions);
$result = $oSchema->{$callback}($fileName, true);
if (PEAR::isError($result)) {
clean_up();
die("Failed\n");
} else {
$oCache->save($result, $fileName);
echo "Processed";
eol_flush();
}
unset($result);
}
}
}
<?php
require '../init.php';
$addnew = true;
if (isset($_GET['orchestra'])) {
$orchestra = clean_up($_GET['orchestra']);
if ($result = mysql_db_query("rowanprep", "SELECT * FROM orchestra WHERE registration_key LIKE '{$orchestra}'")) {
$row = mysql_fetch_assoc($result);
if (mysql_num_rows($result) !== 0) {
$addnew = false;
}
}
}
$student = $_POST["student"];
$instrument = $_POST["instrument"];
$ryo_form = $_POST["ryo_form"];
$tuition_due = $_POST["tuition_due"];
$notes = $_POST["notes"];
$tuition_owed = $tuition_due - $tuition_paid;
if ($addnew) {
$sql = "INSERT INTO `orchestra` (student, instrument, ryo_form, tuition_due, notes) VALUES ('{$student}', '{$instrument}', '{$ryo_form}', '{$tuition_due}', '{$notes}')";
} else {
$sql = "UPDATE `orchestra` SET student='{$student}', instrument='{$instrument}', ryo_form='{$ryo_form}', tuition_due='{$tuition_due}', notes='{$notes}' WHERE registration_key= '{$orchestra}'";
}
$link = connectDB();
$results = mysql_db_query("rowanprep", $sql);
if (!$results) {
echo 'Input failed...<br>';
echo mysql_errno($link) . ": " . mysql_error($link) . "\n";
} else {
header("Location:../../reports.php");
<?php
function clean_up()
{
$_SESSION['returnArray'] = "";
}
session_start();
if (isset($_SESSION['returnArray'])) {
echo $_SESSION['returnArray'];
clean_up();
}
$newActive = 0;
if (isset($_GET['stop']) && $_GET['stop'] == "yes") {
$newActive = 0;
} else {
if (isset($_GET['stop']) && $_GET['stop'] == "no") {
$newActive = 1;
}
}
if (!isset($_SESSION['entrance'])) {
$_SESSION['entrance']['on'] = false;
$_SESSION['entrance']['email'] = "";
$_SESSION['entrance']['password'] = "";
}
?>
<!doctype html>
<html class="no-js" lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title><?php
// Called after the Office Visit Form is submitted.
// If you need an example backend script, please see `submit_pain_form.php`
include 'core/init.php';
/* For Debugging */
error_reporting(E_ALL);
ini_set('display_errors', 1);
/* patient_id will be propagated through a GET variable */
$form_status = STATUS_EMPTY;
//assume EMPTY until we determine otherwise
if (!isset($_GET['patient_id']) or !isset($_GET['slot_id']) or !isset($_GET['addnew'])) {
die("Patient ID and Slot ID and Addnew required");
}
$patient_id = clean_up($_GET['patient_id']);
$slot_id = clean_up($_GET['slot_id']);
$addnew = clean_up($_GET['addnew']);
// whether this is new (SQL INSERT) or adding (SQL UPDATE)
$form_status = get_form_status($patient_id, $slot_id);
$user_role = get_user_role($_SESSION['id']);
//role of user (doctor, med student, admin); not the patient
if ($form_status == STATUS_LOCKED and $user_role != 'ADMIN') {
// Form is locked, sorry, you can't edit it!
die("Sorry, this form is locked! <a href = 'patient-info.php?patient_id={$patient_id}'>Click here for a read-only copy of this patient's data</a>");
}
/*----------------------------------------------------------------------------------------------------------------------
* Step 1: Collect our POST variables into PHP variables for readability.
* We will perform data validation with helper functions.
* Pay careful attention to variables which have bounds
* As well as date parsing. SQL date convention is: YYYY-MM-DD
* As well as Yes/No or True/False responses. SQL convention dictates we
* store such information as CHAR(1): 'Y' or 'N'.
}
}
if (array_key_exists('buildalways', $_GET)) {
$force_build = (bool) $_GET['buildalways'];
}
//echo $force_build;
//Check if vtid and version were provided
//echo $vtid . $version;
if ($vtid != '' and $version != '') {
//echo $host . $port . $dbname . $vtid . $version;
$request = xmlrpc_encode_request('get_wf_xml', array($host, $port, $dbname, $vtid, $version));
//echo $request;
$response = do_call($VT_HOST, $VT_PORT, $request);
$response = html_entity_decode($response);
header("Content-Type: text/xml");
clean_up($response);
} else {
echo "ERROR: Vistrails id or version not provided.\n";
}
function get_version_from_response($xmlstring)
{
try {
$node = @new SimpleXMLElement($xmlstring);
return $node->params[0]->param[0]->value[0]->array[0]->data[0]->value[0]->int[0];
} catch (Exception $e) {
echo "bad xml";
}
}
function clean_up($xmlstring)
{
try {
}
}
//var_dumpclean_up($_POST);
$first_name = clean_up($_POST["first_name"]);
$last_name = clean_up($_POST["last_name"]);
$street_address = clean_up($_POST["street_address"]);
$city = clean_up($_POST["city"]);
$state = clean_up($_POST["state"]);
$zip_code = clean_up($_POST["zip_code"]);
$email = clean_up($_POST["email"]);
$banner_id = clean_up($_POST["banner_id"]);
$home_phone = store_phone(clean_up($_POST["home_phone"]));
$mobile_phone = store_phone(clean_up($_POST["mobile_phone"]));
$alternate_email = clean_up($_POST["alternate_email"]);
$faculty_status = clean_up($_POST["faculty_status"]);
$instrument = clean_up($_POST["instrument"]);
$background_check = clean_up($_POST["background_check"]);
/* Prepared statement, stage 1: prepare */
if ($addnew) {
$sql = "INSERT INTO teachers (last_name, first_name, banner_id, home_phone, mobile_phone, email, alternate_email, street_address, city, state, zip_code, faculty_status, instrument, background_check) VALUES ('{$last_name}', '{$first_name}','{$banner_id}','{$home_phone}','{$mobile_phone}','{$email}','{$alternate_email}','{$street_address}','{$city}','{$state}','{$zip_code}','{$faculty_status}','{$instrument}','{$background_check}')";
} else {
$sql = "UPDATE teachers SET last_name='{$last_name}', first_name='{$first_name}', banner_id='{$banner_id}', home_phone='{$home_phone}', mobile_phone='{$mobile_phone}', email='{$email}', alternate_email='{$alternate_email}', street_address='{$street_address}', city='{$city}', state='{$state}', zip_code='{$zip_code}', faculty_status='{$faculty_status}', instrument='{$instrument}', background_check='{$background_check}' WHERE teacher_key = '{$teacher}'";
}
$link = connectDB();
$results = mysql_db_query("rowanprep", $sql);
if (!$results) {
echo 'Input failed...<br>';
echo mysql_errno($link) . ": " . mysql_error($link) . "\n";
} else {
header("Location:../../reports.php?tab=teachers");
}
<td><div class="text-center">', $row['notes'], '</div></td>';
}
echo '</tbody>';
}
?>
</table>
</div>
</div>
<?php
} else {
if ($tab == 'class') {
?>
<div id="class" class="table-responsive">
<?php
if (isset($_GET['class-key'])) {
$class_key = clean_up($_GET['class-key']);
$results = get_student_list($class_key);
}
$results = get_class_name($class_key);
$row = mysql_fetch_assoc($results);
echo "<h3>" . $row['class_name'] . " Class</h3>";
?>
<ul class="list-inline">
<li><a href="reports.php?tab=class&class-key=<?php
echo $class_key;
?>
&sortby=1">Last Name</a></li>
<li><a href="reports.php?tab=class&class-key=<?php
echo $class_key;
?>
&sortby=2">First name</a></li>
<?php
require '../init.php';
if (!isAdmin($_SESSION[id])) {
header("Location: ../../index.php");
}
if (isset($_GET['key'])) {
$key = clean_up($_GET['key']);
$delete = false;
mysql_db_query("rowanprep", "DELETE FROM `classes` WHERE `class_id` LIKE '{$key}'");
if ($result = mysql_db_query("rowanprep", "SELECT * FROM `classes` WHERE `class_id` LIKE '{$key}'")) {
$row = mysql_fetch_assoc($result);
if ($result->num_rows == 0) {
$delete = true;
}
}
}
header("Location: ../../reports.php");
}
// of else user filled form
?>
<footer>
<div class="container">
<div class="row">
<div class="col-md-12">
<br>
<p><small>© B.Ζαχαριουδάκης<br><a href="mailto:it@dipe.ira.sch.gr">Τμ. Μηχανογράφησης ΔΙ.Π.Ε. Ηρακλείου</a>, 2015</small></p>
</div>
</div>
</div>
</footer>
<?php
// Clean up old pdf files
clean_up($cleanUpAfter);
?>
</body>
<script type = "text/javascript">
$(document).ready(function() {
var div = document.getElementById("postData");
var myData = div.textContent;
var userAfm = <?php
echo $inpAfm;
?>
;
$("#pdfButton").click(function(event){
$.post(
"pdf.php",
{ afm: userAfm, data: myData },
function(data) {
function create_conversation($chater2)
{
echo "conversation {$chater2}\n";
//variables globales
global $table_general, $table_messages, $table_conversations, $id, $session_time;
$binome = new Binome($chater2);
//un peu de nettoyage...
//effacer des messages
$sql = "DELETE FROM " . $table_messages . " WHERE conversation IN ( SELECT id_conversation FROM " . $table_conversations . " WHERE user1 = '" . $binome->nom1 . "' AND user2 = '" . $binome->nom2 . "'); ";
//effacer les conversations precedentes concernant les noms
if (!mysql_query($sql)) {
return -1;
}
//effacer la conversation precedente (les noms sont dans l'ordre)
$sql = "DELETE FROM " . $table_conversations . " WHERE user1 = '" . $binome->nom1 . "' AND user2 = '" . $binome->nom2 . "';";
//envoi de la requete
if (!mysql_query($sql)) {
return -1;
}
//un peu plus de nettoyage ?
$aleat = rand(0, 20);
if (aleat < 2) {
clean_up();
}
//creer la conversation
$sql = "INSERT INTO " . $table_conversations . " (user1,session_1,user2,session_2) " . "VALUES ('" . $binome->nom1 . "','" . $binome->session1 . "','" . $binome->nom2 . "','" . $binome->session2 . "');";
if (!mysql_query($sql)) {
echo $sql . " " . mysql_error() . "\n";
return -1;
}
echo $sql . "\n";
return mysql_insert_id();
//retourne l'index
}
<?php
if (isset($_GET['lesson'])) {
$lesson = clean_up($_GET['lesson']);
} else {
}
$addnew = false;
$link = connectDB();
$result = mysql_db_query("rowanprep", "SELECT * FROM lessons WHERE lesson_key LIKE '{$lesson}'");
$num_rows = mysql_num_rows($result);
if ($num_rows === 0) {
$addnew = true;
}
$row = mysql_fetch_assoc($result);
?>
<form action="core/database/add-edit-lessons.php?lesson=<?php
echo $row['lesson_key'];
?>
" class="form-horizontal" method="post" onsubmit="validate()">
<fieldset>
<!-- Form Name -->
<legend><div class="row text-center"><?php
echo $addnew ? "Add" : "Edit";
?>
Lesson</div></legend>
<!-- Text input-->
<form class="form-horizontal">
<fieldset>
<?php
if (isset($_GET['band'])) {
$band = clean_up($_GET['band']);
} else {
}
$addnew = false;
$link = connectDB();
$result = mysql_db_query("rowanprep", "SELECT * FROM brass_band WHERE registration_key LIKE '{$band}'");
$num_rows = mysql_num_rows($result);
if ($num_rows === 0) {
$addnew = true;
} else {
$row = mysql_fetch_assoc($result);
}
?>
<form action="core/database/add-edit-band.php?band=<?php
echo $row['registration_key'];
?>
" class="form-horizontal" method="post" onsubmit="validate()">
<fieldset>
<legend><div class="row text-center"><?php
echo $addnew ? "Add" : "Edit";
?>
Band Student</div></legend>
<!-- Text input-->
<li class="active"><a data-toggle="tab" href="#intake">Intake Paperwork</a></li>
<li><a data-toggle="tab" href="#complaint">Chief Complaint</a></li>
<li><a data-toggle="tab" href="#history">History</a></li>
<li><a data-toggle="tab" href="#vitals">Vitals</a></li>
<li><a data-toggle="tab" href="#physical">Physical</a></li>
<li><a data-toggle="tab" href="#omm">OMM Exam</a></li>
<li><a data-toggle="tab" href="#notes">Notes</a></li>
</ul>
</div>
<div class="tab-content" align="center">
<div id = "intake" class="tab-pane active">
<h2 align="center">Intake Work</h2>
<?php
$patient_id = clean_up($_GET['patient_id']);
//pass patient ID
include 'patient-info-content.php';
?>
</div>
<!-- Chief Complaint Tab -->
<div id="complaint" class="tab-pane">
<form action="submit_visit_form.php?patient_id=<?php
echo $patient_id;
?>
&slot_id=<?php
echo $slot_id;
?>
&addnew=<?php
/**
* Returns the form status, stored in one of the constants at the top of this file
* Example Usage: get_form_status(1, 1) => STATUS_EMPTY
* @param $patient_id int The patient ID to look for
* @param $slot_id int The scheduled slot aka visit date ID (OfficeVisitForm.visit_date_id)
* @return string The status of this form: one of: (STATUS_EMPTY, STATUS_AWAITING_APPROVAL, STATUS_LOCKED)
*/
function get_form_status($patient_id, $slot_id)
{
global $db;
$patient_id = clean_up($patient_id);
$slot_id = clean_up($slot_id);
$result = $db->query("SELECT status FROM OfficeVisitForm WHERE patient_id = '{$patient_id}' AND visit_date_id = '{$slot_id}'");
$row = $result->fetch_assoc();
if ($result->num_rows === 0) {
return STATUS_EMPTY;
} else {
return $row['status'];
}
// return the status, either waiting for doctor approval or locked.
}
<?php
require '../init.php';
global $db;
//if user does not have ADMIN role send them back to index
if (!get_user_role($_SESSION['id']) === "ADMIN") {
header("Location: index.php");
}
$id = clean_up($_GET['id']);
//First delete all logs from this user in Log table because each log record has a foreign key constraint
//referencing the user_id in the Authentication table
$sql = "DELETE FROM Log WHERE log_user_id = '{$id}'";
if ($db->query($sql) === TRUE) {
//successfully deleted logs
} else {
echo "Error deleting record: " . $db->error;
$db->close();
}
//Now we can delete the user from Authentication table without foreign key constraint problems
$sql = "DELETE FROM Authentication WHERE user_id = '{$id}'";
if ($db->query($sql) === TRUE) {
//successfully deleted user
$db->close();
header("Location: ../../users.php");
} else {
echo "Error deleting record: " . $db->error;
$db->close();
}
$force_build = (bool) $_GET['buildalways'];
}
//echo $force_build;
//Check if vtid and version were provided
//echo $vtid . $version;
if ($vtid != '' and $version != '') {
//echo $host . $port . $dbname . $vtid . $version;
$filename = md5($host . '_' . $dbname . '_' . $port . '_' . $vtid . '_' . $version);
$filename = 'workflows/' . $filename . ".pdf";
$fullpath = $PATH_TO_GRAPHS . $filename;
$cached = file_exists($fullpath);
if ($USE_LOCAL_VISTRAILS_SERVER or (!$cached or strcasecmp($force_build, 'True') == 0)) {
$request = xmlrpc_encode_request('get_wf_graph_pdf', array($host, $port, $dbname, $vtid, $version, $USE_LOCAL_VISTRAILS_SERVER));
//echo $request;
$response = do_call($VT_HOST, $VT_PORT, $request);
$path = clean_up($response, $filename);
} else {
$path = $filename;
}
echo "{$URL_TO_GRAPHS}{$path}";
} else {
echo "ERROR: Vistrails id or version not provided.\n";
}
function get_version_from_response($xmlstring)
{
try {
$node = @new SimpleXMLElement($xmlstring);
return $node->params[0]->param[0]->value[0]->array[0]->data[0]->value[0]->int[0];
} catch (Exception $e) {
echo "bad xml";
}
<?php
require '../init.php';
$pass_one = clean_up($_POST['password']);
$pass_two = clean_up($_POST['password-match']);
$pass_three = clean_up($_POST['current-password']);
if (isset($_SESSION['id'])) {
$id = clean_up($_SESSION['id']);
if ($result = mysql_db_query("rowanprep", "SELECT * FROM users WHERE user_key LIKE '{$id}'")) {
$row = mysql_fetch_assoc($result);
}
var_dump($row);
} else {
header("Location: ../../index.php");
}
if (!($pass_one === $pass_two)) {
header("Location: ../../change-password.php?missmatch=1");
}
if (!($pass_three === $row['password'])) {
header("Location: ../../change-password.php?missmatch=0");
}
$sql = "UPDATE users SET password = '******' WHERE user_key = '{$id}'";
$link = connectDB();
$result = mysql_db_query("rowanprep", $sql);
if (!$result) {
echo 'Password change failed<br>';
echo mysql_errno($link) . ": " . mysql_error($link) . "\n";
} else {
header("Location: ../../index.php");
}
<?php
require '../init.php';
$addnew = true;
if (isset($_GET['teacher'])) {
$teacher = clean_up($_GET['teacher']);
if ($result = mysql_db_query("rowanprep", "SELECT * FROM teachers WHERE teacher_key LIKE '{$teacher}'")) {
$row = mysql_fetch_assoc($result);
if (mysql_num_rows($result) !== 0) {
$addnew = false;
}
}
}
//var_dump($_POST);
$first_name = $_POST["first_name"];
$last_name = $_POST["last_name"];
$street_address = $_POST["street_address"];
$city = $_POST["city"];
$state = $_POST["state"];
$zip_code = $_POST["zip_code"];
$email = $_POST["email"];
$banner_id = $_POST["banner_id"];
$home_phone = store_phone($_POST["home_phone"]);
$mobile_phone = store_phone($_POST["mobile_phone"]);
$alternate_email = $_POST["alternate_email"];
$faculty_status = $_POST["faculty_status"];
$instrument = $_POST["instrument"];
$background_check = $_POST["background_check"];
/* Prepared statement, stage 1: prepare */
if ($addnew) {
$sql = "INSERT INTO teachers (last_name, first_name, banner_id, home_phone, mobile_phone, email, alternate_email, street_address, city, state, zip_code, faculty_status, instrument, background_check) VALUES ('{$last_name}', '{$first_name}','{$banner_id}','{$home_phone}','{$mobile_phone}','{$email}','{$alternate_email}','{$street_address}','{$city}','{$state}','{$zip_code}','{$faculty_status}','{$instrument}','{$background_check}')";
<?php
require '../init.php';
global $db;
// Get info from post
$username = clean_up($_POST['user_name']);
$full_name = clean_up($_POST['full_name']);
$password = clean_up($_POST['password']);
$user_role = clean_up($_POST['user_role']);
if (user_exists($username)) {
header("Location: ../../add-user.php?userexists=0");
}
$sql = "INSERT INTO Authentication (username, name, password, user_role, created, last_modified) VALUES (?,?,?,?,now(), now())";
//prepare
if (!($stmt = $db->prepare($sql))) {
echo "Prepare failed: (" . $db->errno . ") " . $db->error;
}
//bind
if (!$stmt->bind_param("ssss", $username, $full_name, $password, $user_role)) {
echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}
//execute
if ($stmt->execute()) {
if ($addnew) {
$patient = $db->insert_id;
// get the id, if insert, to pass in the redirect url
}
header("Location:../../users.php");
} else {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
<?php
if (isset($_GET['class'])) {
$class = clean_up($_GET['class']);
} else {
}
$link = connectDB();
$result = mysql_db_query("rowanprep", "SELECT * FROM classes WHERE class_id LIKE '{$class}'");
$num_rows = mysql_num_rows($result);
if ($num_rows === 0) {
} else {
$row = mysql_fetch_assoc($result);
}
?>
<form action="core/database/add-student-to-class.php?class=<?php
echo $row['class_id'];
?>
" class="form-horizontal" method="post" onsubmit="validate()">
<fieldset>
<legend><div class="row text-center">Add Student to <?php
echo $row['class_name'];
?>
</div></legend>
<form class="form-horizontal">
<fieldset>
<!-- Select Basic -->
<div class="form-group">
<?php
require 'core/init.php';
if (!logged_in()) {
header("Location: index.php");
}
if (!isAdmin()) {
header("Location: index.php");
}
include 'templates/header.php';
if (!isset($_GET['tab'])) {
header('Location: admin.php?tab=users');
} else {
$tab = clean_up($_GET['tab']);
}
include 'templates/navbar-logged-in.php';
include 'templates/admin-content.php';
include 'templates/footer.php';
<?php
if (isset($_GET['class'])) {
$class_id = clean_up($_GET['class']);
} else {
}
$addnew = false;
$link = connectDB();
$result = mysql_db_query("rowanprep", "SELECT * FROM classes WHERE class_id LIKE '{$class_id}'");
$num_rows = mysql_num_rows($result);
if ($num_rows === 0) {
$addnew = true;
}
$row = mysql_fetch_assoc($result);
?>
<form action="core/database/add-edit-lessons.php?lesson=<?php
echo $row['lesson_key'];
?>
" class="form-horizontal" method="post" onsubmit="validate()">
<fieldset>
<!-- Form Name -->
<legend><h3 class="text-center"><?php
echo $addnew ? "Add" : "Edit";
?>
Class</h3>
</legend>
<form class="form-horizontal">
function printVistrailTag($input, $params)
{
global $PATH_TO_IMAGES, $WEB_PATH_TO_IMAGES, $URL_TO_GRAPHS, $PATH_TO_GRAPHS, $VT_HOST, $VT_PORT, $USE_LOCAL_VISTRAILS_SERVER, $USE_VISTRAILS_XML_RPC_SERVER, $PATH_TO_VISTRAILS, $URL_TO_DOWNLOAD, $DB_HOST, $DB_NAME, $DB_PORT;
$host = $DB_HOST;
$dbname = $DB_NAME;
$username = "******";
$vtid = "";
$version = "";
$port = $DB_PORT;
$version_tag = "";
$execute = "False";
$showspreadsheetonly = "False";
$force_build = 'False';
$embedWorkflow = 'False';
$includeFullTree = 'False';
$forceDB = 'False';
$showTree = 'False';
$showWorkflow = 'False';
foreach ($params as $key => $value) {
if ($key == "vtid") {
$vtid = $value;
}
if ($key == "version") {
$version = $value;
}
if ($key == "host") {
$host = $value;
}
if ($key == "db") {
$dbname = $value;
}
if ($key == "port") {
$port = $value;
}
if ($key == "tag") {
$version_tag = $value;
if ($version_tag != '') {
$request = xmlrpc_encode_request('get_tag_version', array($host, $port, $dbname, $vtid, $version_tag));
$response = do_call($VT_HOST, $VT_PORT, $request);
$version = get_version_from_response($response);
//echo $version;
}
}
if ($key == "execute") {
$execute = $value;
}
if ($key == "showspreadsheetonly") {
$showspreadsheetonly = $value;
}
if ($key == "buildalways") {
$force_build = $value;
}
if ($key == 'embedworkflow') {
$embedWorkflow = $value;
}
if ($key == 'includefulltree') {
$includeFullTree = $value;
}
if ($key == 'forcedb') {
$forceDB = $value;
}
if ($key == 'showworkflow') {
$showWorkflow = $value;
}
if ($key == 'showtree') {
$showTree = $value;
}
}
$linkParams = "getvt=" . $vtid . "&version=" . $version . "&db=" . $dbname . "&host=" . $host . "&port=" . $port . "&tag=" . $version_tag . "&execute=" . $execute . "&showspreadsheetonly=" . $showspreadsheetonly . "&embedWorkflow=" . $embedWorkflow . "&includeFullTree=" . $includeFullTree . "&forceDB=" . $forceDB;
if (strcasecmp($showTree, 'True') == 0) {
$filename = md5($host . '_' . $dbname . '_' . $port . '_' . $vtid);
$filename = 'vistrails/' . $filename . ".png";
//this request is cached only on the server side
$request = xmlrpc_encode_request("get_vt_graph_png", array($host, $port, $dbname, $vtid, $USE_LOCAL_VISTRAILS_SERVER));
$response = do_call($VT_HOST, $VT_PORT, $request);
$result = clean_up($response, $filename);
list($width, $height, $type, $attr) = getimagesize($PATH_TO_GRAPHS . $result);
if ($width > 400) {
$width = 400;
}
$res = '<a href="' . $URL_TO_DOWNLOAD . '?' . $linkParams . '">';
$res = $res . '<img src="' . $URL_TO_GRAPHS . $result . "\" alt=\"vt_id:{$vtid}\" width=\"{$width}\"/>";
$res = $res . '</a>';
return $res;
} elseif (strcasecmp($showWorkflow, 'True') == 0) {
$filename = md5($host . '_' . $dbname . '_' . $port . '_' . $vtid . '_' . $version);
$filename = 'workflows/' . $filename . ".png";
$fullpath = $PATH_TO_GRAPHS . $filename;
$cached = file_exists($fullpath);
if ($USE_LOCAL_VISTRAILS_SERVER or (!$cached or strcasecmp($force_build, 'True') == 0)) {
$request = xmlrpc_encode_request("get_wf_graph_png", array($host, $port, $dbname, $vtid, $version, $USE_LOCAL_VISTRAILS_SERVER));
$response = do_call($VT_HOST, $VT_PORT, $request);
$result = clean_up($response, $filename);
} else {
$result = $filename;
}
list($width, $height, $type, $attr) = getimagesize($PATH_TO_GRAPHS . $result);
if ($width > 400) {
$width = 400;
}
$res = '<a href="' . $URL_TO_DOWNLOAD . '?' . $linkParams . '">';
$res = $res . '<img src="' . $URL_TO_GRAPHS . $result . "\" alt=\"vt_id:{$vtid} version:{$version}\" width=\"{$width}\"/>";
$res = $res . '</a>';
return $res;
} else {
$result = '';
$destdir = $PATH_TO_IMAGES;
$destversion = $host . '_' . $dbname . '_' . $port . '_' . $vtid . '_' . $version;
$destversion = md5($destversion);
$destdir = $destdir . $destversion;
$build_always_bool = False;
if (strcasecmp($force_build, 'True') == 0) {
$build_always_bool = True;
}
if (!path_exists_and_not_empty($destdir) or strcasecmp($force_build, 'True') == 0) {
if (!file_exists($destdir)) {
mkdir($destdir, 0770);
chmod($destdir, 0770);
}
if (!$USE_VISTRAILS_XML_RPC_SERVER) {
chdir($PATH_TO_VISTRAILS);
$setVariables = 'export PATH=$PATH:/usr/bin/X11;export HOME=/var/lib/wwwrun; export TEMP=/tmp; export DISPLAY=localhost:1.0; export LD_LIBRARY_PATH=/usr/local/lib;';
$mainCommand = 'python vistrails/run.py -b -e ' . $destdir . ' -t ' . host . ' -r ' . $port . ' -f ' . $dbname . ' -u ' . username . ' "' . $vtid . ':' . $version . '"';
$result = exec($setVariables . $mainCommand . ' 2>&1', $output, $result);
} else {
$request = xmlrpc_encode_request('run_from_db', array($host, $port, $dbname, $vtid, $destdir, $version, False, '', $build_always_bool, '', $USE_LOCAL_VISTRAILS_SERVER));
$response = do_call($VT_HOST, $VT_PORT, $request);
$result = multiple_clean_up($response, $destdir);
}
}
}
$files = scandir($destdir);
$n = sizeof($files);
if ($n > 2) {
$res = '<a href="' . $URL_TO_DOWNLOAD . '?' . $linkParams . '">';
foreach ($files as $filename) {
if ($filename != '.' and $filename != '..') {
list($width, $height, $type, $attr) = getimagesize($destdir . '/' . $filename);
if ($width > 350) {
$width = 350;
}
$res = $res . '<img src="' . $WEB_PATH_TO_IMAGES . $destversion . '/' . $filename . "\" alt=\"vt_id:{$vtid} version:{$version}\" width=\"{$width}\"/>";
}
}
$res = $res . '</a>';
} else {
$res = "ERROR: Vistrails didn't produce any image.\n" . "This is the output: \n" . $result;
}
return $res;
}
if ($result = mysql_db_query("rowanprep", "SELECT * FROM lessons WHERE lesson_key LIKE '{$lesson}'")) {
$row = mysql_fetch_assoc($result);
if (mysql_num_rows($result) !== 0) {
$addnew = false;
}
}
}
$student = clean_up($_POST["student"]);
$teacher = clean_up($_POST["teacher"]);
$teacher_type = clean_up($_POST["teacher_type"]);
$duration = clean_up($_POST["duration"]);
$day = clean_up($_POST["day"]);
$semester = clean_up($_POST["semester"]);
$year = clean_up($_POST["year"]);
$instrument = clean_up($_POST["instrument"]);
$tuition_due = clean_up($_POST["tuition_due"]);
$total_lessons = clean_up($_POST["total_lessons"]);
$pay_rate = clean_up($_POST["pay_rate"]);
if ($addnew) {
$sql = "INSERT INTO lessons (student, teacher, teacher_type, duration, day, semester, year, instrument, tuition_due, total_lessons, pay_rate) VALUES ('{$student}', '{$teacher}', '{$teacher_type}', '{$duration}', '{$day}', '{$semester}', '{$year}', '{$instrument}', '{$tuition_due}', '{$total_lessons}', '{$pay_rate}')";
} else {
$sql = "UPDATE lessons SET student='{$student}', teacher='{$teacher}', teacher_type='{$teacher_type}', duration='{$duration}', day='{$day}', semester='{$semester}', year='{$year}', instrument='{$instrument}', tuition_due='{$tuition_due}', total_lessons='{$total_lessons}', pay_rate='{$pay_rate}' WHERE lesson_key = '{$lesson}'";
}
$link = connectDB();
$results = mysql_db_query("rowanprep", $sql);
if (!$results) {
echo 'Input failed...<br>';
echo mysql_errno($link) . ": " . mysql_error($link) . "\n";
} else {
header("Location:../../reports.php?tab=lessons");
}
<?php
if (isset($_GET['userexists'])) {
$ue = clean_up($_GET['userexists']);
} else {
$ue = 0;
}
?>
<div class="container">
<div style="margin-top:10px;" class="mainbox col-md-12 text-center">
<form action="core/database/add-user.php" class="form-horizontal" method="post" onsubmit="validate()">
<fieldset>
<legend><div class="row text-center">Create a New User
<?php
if ($ue != 0) {
echo '<br><h5>USER NAME ALREADY EXISTS!</h5>';
echo '<h5>Please choose a different username!</h5>';
}
?>
</div></legend>
<form class="form-horizontal">
<fieldset>
<div class="form-group">
<label class="col-md-3 control-label" for="textinput"></label>
<div class="col-md-6">
<input id="textinput" name="user_name" type="text" placeholder="User Name" class="form-control input-md" required="">
</div>
function add_directory_listing($dir, $disabled, $makediff, $stats, &$list)
{
global $diffpath;
$handle = opendir($dir);
while (($entry = readdir($handle)) !== false) {
if ($entry != '.' && $entry != '..') {
$type = filetype($dir . $entry);
if ($type == 'file') {
$file = $dir . $entry;
$hash = get_file_hash($file);
$parsed = array('file' => $file, 'hash' => $hash);
$parsed['state'] = 'New';
$parsed['staged'] = 'N';
if ($makediff) {
$command = $diffpath;
$args = array('-u', '/dev/null', $parsed['file']);
$h = start_command($command, $args);
close_stdin($h);
$diff = htmlentities(get_all_data($h));
clean_up($h);
} else {
$diff = false;
}
list($str, $prefix) = html_file($file, $parsed['state'], $parsed['staged'], $parsed['hash'], $diff, $disabled);
echo $str;
$parsed['prefix'] = $prefix;
$list[] = $parsed;
} elseif ($type == 'dir') {
add_directory_listing($dir . $entry . '/', $disabled, $makediff, $stats, $list);
} else {
interpret_not_supported($dir . $entry, __FILE__, __LINE__);
}
}
}
return $list;
}
<?php
require 'connect.php';
$username = clean_up($_POST["username"]);
$firstname = clean_up($_POST["firstname"]);
$lastname = clean_up($_POST["lastname"]);
$password = clean_up($_POST["password"]);
$email = clean_up($_POST["email"]);
if ($insert = $db->query("INSERT INTO users (username, password, first_name, last_name, email)\n\t\t\t\t\t\t\t VALUES ('{$username}', '{$password}', '{$firstname}', '{$lastname}', '{$email}')")) {
header("Location: ../../registration-successful.php");
die;
} else {
echo "insert failed.";
header("Location: ../../register.php");
}
$db->close();
<?php
require '../init.php';
if (!isAdmin($_SESSION['id'])) {
header("../../index.php");
}
$username = clean_up($_POST["username"]);
$email = clean_up($_POST["email"]);
$admin = clean_up($_POST["admin"]);
$password = random_password(10);
/* Prepared statement, stage 1: prepare */
$link = connectDB();
if ($result = mysql_db_query("rowanprep", "INSERT INTO users (username, password, email, admin) VALUES ('{$username}', '{$password}', '{$email}', '{$admin}')")) {
$msg = "An account has been registered with this email address at elvis.rowan.edu/rowanprep.";
$msg .= "\nPlease sign in using your username.\nAuto-generated password: "******"\n\n\nContact Anna at Rowan Prep if you have troubles signing in. Thanks,\nRowan Prep";
$subj = "Rowan Prep User Information - DO NOT REPLY";
mail($email, $subj, $msg, "From: Rowan Prep");
header("Location: ../../admin.php");
die;
} else {
echo "insert failed." . $db->error;
}
?>
require '../init.php';
$addnew = true;
if (isset($_GET['class'])) {
$class_id = clean_up($_GET['class']);
if ($result = mysql_db_query("rowanprep", "SELECT * FROM classes WHERE class_id_key LIKE '{$class_id}'")) {
$row = mysql_fetch_assoc($result);
if (mysql_num_rows($result) !== 0) {
$addnew = false;
}
}
}
$class_name = clean_up($_POST["class_name"]);
$teacher = clean_up($_POST["teacher"]);
$pay_rate = clean_up($_POST["pay_rate"]);
$day = clean_up($_POST["day"]);
$semester = clean_up($_POST["semester"]);
$year = clean_up($_POST["year"]);
$total_number = clean_up($_POST["total_number"]);
if ($addnew) {
$sql = "INSERT INTO classes (class_name, teacher, pay_rate, day, semester, year, total_number) VALUES ('{$class_name}', '{$teacher}', '{$pay_rate}', '{$day}', '{$semester}', '{$year}', '{$total_number}')";
} else {
$sql = "UPDATE classes SET class_name='{$class_name}', teacher='{$teacher}', pay_rate='{$pay_rate}', day='{$day}', semester='{$semester}', year='{$year}', total_number='{$total_number}' WHERE class_id = '{$class_id}'";
}
$link = connectDB();
$results = mysql_db_query("rowanprep", $sql);
if (!$results) {
echo 'Input failed...<br>';
echo mysql_errno($link) . ": " . mysql_error($link) . "\n";
} else {
header("Location:../../reports.php?tab=classes");
}
