Exemplo n.º 1
0
    $student_id = $_POST['student_id'];
}
if ($student_id == "") {
    //we shouldn't be here without a student id.
    echo "You've entered this page without supplying a valid student id. Fatal, quitting";
    exit;
}
//check permission levels
$permission_level = getPermissionLevel($_SESSION['egps_username']);
if ($permission_level > $MINIMUM_AUTHORIZATION_LEVEL || $permission_level == NULL) {
    $system_message = $system_message . "You do not have permission to view this page (IP: " . $_SERVER['REMOTE_ADDR'] . ")";
    IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
    require IPP_PATH . 'security_error.php';
    exit;
}
$our_permission = getStudentPermission($student_id);
if ($our_permission == "WRITE" || $our_permission == "ASSIGN" || $our_permission == "ALL") {
    //we have write permission.
    $have_write_permission = true;
} else {
    $have_write_permission = false;
}
//************** validated past here SESSION ACTIVE WRITE PERMISSION CONFIRMED****************
$student_query = "SELECT * FROM student WHERE student_id = " . mysql_real_escape_string($student_id);
$student_result = mysql_query($student_query);
if (!$student_result) {
    $error_message = $error_message . "Database query failed (" . __FILE__ . ":" . __LINE__ . "): " . mysql_error() . "<BR>Query: '{$student_query}'<BR>";
    $system_message = $system_message . $error_message;
    IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
} else {
    $student_row = mysql_fetch_array($student_result);
Exemplo n.º 2
0
        }
        $target_result = mysql_query($target_query);
        if (!$target_result) {
            $error_message = $error_message . "Database query failed (" . __FILE__ . ":" . __LINE__ . "): " . mysql_error() . "<BR>Query: '{$target_query}'<BR>";
            $system_message = $system_message . $error_message;
            IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
        }
    }
}
runQuery();
//check permissions if necessary...
$have_write_permission = false;
switch ($_GET['target']) {
    case "guardian":
        while ($guardian_row = mysql_fetch_array($target_result)) {
            $our_permission = getStudentPermission($guardian_row['student_id']);
            if ($our_permission != "WRITE" && $our_permission != "ASSIGN" && $our_permission != "ALL") {
                //we don't have permission...
                //do nothing.
            } else {
                $have_write_permission = true;
            }
        }
        break;
}
if (!$have_write_permission) {
    $system_message = $system_message . "You do not have permission to view this page (IP: " . $_SERVER['REMOTE_ADDR'] . ")";
    IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
    require IPP_PATH . 'security_error.php';
    exit;
}
Exemplo n.º 3
0
    $error_message = $error_message . "Database query failed (" . __FILE__ . ":" . __LINE__ . "): " . mysql_error() . "<BR>Query: '{$previous_guardians_query}'<BR>";
    $system_message = $system_message . $error_message;
    IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
}
//reevaluate our permissions for this student...
$our_permission = getStudentPermission($_GET['student_id']);
if ($our_permission != "READ" && $our_permission != "WRITE" && $our_permission != "ASSIGN" && $our_permission != "ALL") {
    //we don't have permission...
    $system_message = $system_message . "You do not have permission to view this page (IP: " . $_SERVER['REMOTE_ADDR'] . ")";
    IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
    require IPP_PATH . 'security_error.php';
    exit;
}
//check permissions if necessary...
$have_write_permission = false;
$our_permission = getStudentPermission($_GET['student_id']);
if ($our_permission != "WRITE" && $our_permission != "ASSIGN" && $our_permission != "ALL") {
    //we don't have write permission...
    //do nothing.
} else {
    $have_write_permission = true;
}
?>
 

<!DOCTYPE HTML>
<HTML lang=en>
<HEAD>
    <META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-8">
    <TITLE><?php 
echo $page_title;
Exemplo n.º 4
0
if ($iLimit + $iCur < $szTotalStudents) {
    echo "<td align=\"right\"><a href=\"./student_archive.php?iCur=" . ($iCur + $iLimit) . "&iLimit={$iLimit}&szSearchVal=" . $_GET['szSearchVal'] . "&field=" . $_GET['field'] . "&SEARCH=" . $_GET['SEARCH'] . "\" class=\"default\">next ";
    if ($sqlLogTotals - ($iCur + $iLimit) > $iLimit) {
        echo $iLimit . "</td>";
    } else {
        echo $szTotalStudents - ($iCur + $iLimit) . "</td>";
    }
} else {
    echo "<td>&nbsp;</td>";
}
echo "</tr>\n";
//end print next and prev links
//print the header row...
echo "<tr><td bgcolor=\"#E0E2F2\">&nbsp;</td><td align=\"center\" bgcolor=\"#E0E2F2\">UID</td><td align=\"center\" bgcolor=\"#E0E2F2\">Last Name, First Name</td><td align=\"center\" bgcolor=\"#E0E2F2\">School</td><td align=\"center\" bgcolor=\"#E0E2F2\">Permission</td></tr>\n";
while ($student_row = mysql_fetch_array($sqlStudents)) {
    $current_student_permission = getStudentPermission($student_row['student_id']);
    echo "<tr>\n";
    $school_colour = "#FFFFFF";
    //all white.
    echo "<td bgcolor=\"{$school_colour}\"><input type=\"checkbox\" name=\"" . $student_row['student_id'] . "\" value=\"" . $student_row['first_name'] . " " . $student_row['last_name'] . "\"></td>";
    echo "<td bgcolor=\"{$bgcolor}\" class=\"row_default\">" . $student_row['student_id'] . "<p></td>\n";
    echo "<td bgcolor=\"{$bgcolor}\"><a href=\"" . IPP_PATH . "student_view.php?student_id=" . $student_row['student_id'] . "\" class=\"default\" ";
    if ($current_student_permission == "NONE" || $current_student_permission == "ERROR") {
        echo "onClick=\"return noPermission();\" ";
    }
    echo ">" . $student_row['last_name'] . "," . $student_row['first_name'] . "</a>";
    if ($current_student_permission == "READ" || $current_student_permission != "WRITE" || $current_student_permission != "ALL") {
        echo "<a href=\"" . IPP_PATH . "ipp_pdf.php?student_id=" . $student_row['student_id'] . "\" class=\"default\" target=\"_blank\"";
        if ($current_student_permission == "NONE" || $current_student_permission == "ERROR") {
            echo "onClick=\"return noPermission();\" ";
        }