<?php
require_once "header.php";
if (isset($_GET['id'])) {
$object = Batch::get_by_id($_GET['id']);
if ($batch == false || $batch == null || $batch == "") {
header("location: index.php");
} else {
$school = School::get_by_id($object->schoolid);
//$batchname = $school->name." ".$object->get_batchyear();
$batchname = $object->get_batchyear();
}
} else {
header("location: index.php?negative");
}
if (!$session->is_logged_in()) {
header("location: index.php?negative");
} else {
$user = User::get_by_id($session->user_id);
if ($user->enabled == DISABLED) {
header("location: index.php?disabled");
}
if (!BatchUser::amIAdmin($session->user_id, $object->id) && !SchoolUser::amIAdmin($session->user_id, $object->schoolid) && !$user->is_super_admin()) {
header("location: index.php?negative");
}
}
$pathinfo = pathinfo($_SERVER["PHP_SELF"]);
$basename = $pathinfo["basename"];
$currentFile = str_replace(".php", "", $basename);
?>
<div class="container-fluid">
<?php
require_once "header.php";
if ($session->is_logged_in()) {
$loggeduser = User::get_by_id($session->user_id);
}
$pathinfo = pathinfo($_SERVER["PHP_SELF"]);
$basename = $pathinfo["basename"];
$currentFile = str_replace(".php", "", $basename);
$pageURL = "http://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
echo "<input id='batchid' type='hidden' value='" . $_GET['id'] . "'>";
if (isset($_GET['id'])) {
$batch = Batch::get_by_id($_GET['id']);
$school = School::get_by_id($batch->schoolid);
$batchUsers = BatchUser::getUsersInBatch($batch->id);
if ($session->is_logged_in()) {
if (!User::get_by_id($session->user_id)->is_super_admin()) {
if ($batch->pending == 1 || $batch->enabled == 0) {
header("location: index.php?negative");
}
}
} else {
if ($batch->pending == 1 || $batch->enabled == 0) {
header("location: index.php?negative");
}
}
} else {
header("location: index.php?negative");
}
?>
if ($searchOper == 'cn' || $searchOper == 'nc' || $searchOper == 'in' || $searchOper == 'ni') {
$searchString = '%' . $searchString . '%';
}
$where = "{$searchField} {$ops} '{$searchString}'";
$sections = Section::get_by_sql("SELECT * FROM " . T_SECTIONS . " WHERE " . $where . " AND " . $where2 . " ORDER BY {$sidx} {$sord} LIMIT {$start} , {$limit}");
} else {
$sections = Section::get_by_sql("SELECT * FROM " . T_SECTIONS . " WHERE " . $where2 . " ORDER BY {$sidx} {$sord} LIMIT {$start} , {$limit}");
}
header("Content-type: text/xml;charset=utf-8");
$s = "<?xml version='1.0' encoding='utf-8'?>";
$s .= "<rows>";
$s .= "<page>" . $page . "</page>";
$s .= "<total>" . $total_pages . "</total>";
$s .= "<records>" . $count . "</records>";
foreach ($sections as $section) {
$school = School::get_by_id($section->schoolid);
if (!$school) {
$school = new School();
}
$batch = Batch::get_by_id($section->batchid);
if (!$batch) {
$batch = new Batch();
}
$s .= "<row id='" . $section->id . "'>";
$s .= "<cell></cell>";
$s .= "<cell>" . $section->id . "</cell>";
$s .= "<cell>" . $school->id . "</cell>";
$s .= "<cell>" . $school->name . "</cell>";
$s .= "<cell>" . $batch->id . "</cell>";
$s .= "<cell>" . $batch->get_batchyear() . "</cell>";
$s .= "<cell>" . $section->name . "</cell>";
<?php
$schooladmins = SchoolUser::getAdminSchools($session->user_id);
if (count($schooladmins) > 0) {
foreach ($schooladmins as $schooladmin) {
echo "<option value='" . $schooladmin->schoolid . "'>" . School::get_by_id($schooladmin->schoolid)->name . "</option>";
}
} else {
echo "<option value='0'>NO SCHOOLS YET</option>";
}
?>
</select>
<select name="batchselect" id="batchselect">
<?php
if (count($schooladmins) > 0) {
$onlyschool = School::get_by_id($schooladmins[0]->schoolid);
$batchadmins = BatchUser::getAdminBatchs($session->user_id, $onlyschool->id);
if (count($batchadmins) > 0) {
foreach ($batchadmins as $batchadmin) {
$batchselect = Batch::get_by_id($batchadmin->batchid);
echo "<option value='" . $batchadmin->batchid . "'>" . $batchselect->fromyear . "-" . ($batchselect->fromyear + 1) . "</option>";
}
} else {
echo "<option value='0'>NO BATCHS YET</option>";
}
}
?>
</select>
<br/>
<?php
require_once "header.php";
if ($session->is_logged_in()) {
$loggeduser = User::get_by_id($session->user_id);
}
$pathinfo = pathinfo($_SERVER["PHP_SELF"]);
$basename = $pathinfo["basename"];
$currentFile = str_replace(".php", "", $basename);
$pageURL = "http://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
echo "<input id='schoolid' type='hidden' hidden value='" . $_GET['id'] . "'>";
if (isset($_GET['id'])) {
$school = School::get_by_id($_GET['id']);
if (!$school) {
header("location: index.php?negative");
}
$schoolUsers = SchoolUser::getStudentsInSchool($school->id);
if ($session->is_logged_in()) {
if (!User::get_by_id($session->user_id)->is_super_admin()) {
if ($school->pending == 1 || $school->enabled == 0) {
header("location: index.php?negative");
}
}
} else {
if ($school->pending == 1 || $school->enabled == 0) {
header("location: index.php?negative");
}
}
} else {
header("location: index.php?negative");
}
<?php
require_once "header.php";
if (isset($_GET['id'])) {
$object = School::get_by_id($_GET['id']);
if ($object == false || $object == null || $object == "") {
header("location: index.php");
}
} else {
header("location: index.php?negative");
}
if (!$session->is_logged_in()) {
header("location: index.php?negative");
} else {
$user = User::get_by_id($session->user_id);
if ($user->enabled == DISABLED) {
header("location: index.php?disabled");
}
if (!SchoolUser::amIAdmin($session->user_id, $object->id) && !$user->is_super_admin()) {
header("location: index.php?negative");
}
}
$pathinfo = pathinfo($_SERVER["PHP_SELF"]);
$basename = $pathinfo["basename"];
$currentFile = str_replace(".php", "", $basename);
?>
<div class="container-fluid">
<div class="row-fluid">
<div class="span1"></div>
<div class="span9">
<form id="theform" class="form-horizontal" method="post" action="#" enctype="multipart/form-data">
$school->comments = $_POST['comments'];
$school->pending = $_POST['pending'];
$school->enabled = $_POST['enabled'];
$school->name = $_POST['name'];
$school->email = $_POST['email'];
$school->number = $_POST['number'];
$school->about = $_POST['about'];
$school->address = $_POST['address'];
$school->update();
$log = new Log($session->user_id, $clientip, "WEB", "UPDATED SCHOOL: " . $_POST['id']);
$log->create();
} else {
if ($_POST['oper'] == 'del') {
$log = new Log($session->user_id, $clientip, "WEB", "DELETED SCHOOL: " . $_POST['id']);
$log->create();
$school = School::get_by_id($_POST['id']);
$folder_path = "../../public/schools/" . $school->id;
if (file_exists($folder_path) && $folder_path != "../../public/schools/") {
rrmdir($folder_path);
}
//===================SECTION=============================//
SectionUser::delete_all_by_schoolid($school->id);
Section::delete_all_by_schoolid($school->id);
//===================BATCH=============================//
BatchUser::delete_all_by_schoolid($school->id);
Batch::delete_all_by_schoolid($school->id);
//===================SCHOOL=============================//
SchoolUser::delete_all_by_schoolid($school->id);
$school->delete();
}
}
$object->number = $_POST['number'];
$object->comments = $_POST["comments"];
$object->fbcomments = $_POST["fbcomments"];
$object->enabled = 1;
$object->pending = 0;
$file = new File($_FILES['cover']);
if ($file->valid) {
$object->cover = $file->data;
}
$file = new File($_FILES['picture']);
if ($file->valid) {
$object->picture = $file->data;
}
$object->create();
if (isset($_POST['schoolselect']) && $_POST['schoolselect'] != "NOTHING") {
$school = School::get_by_id($_POST['schoolselect']);
}
$schooluser = new SchoolUser();
$schooluser->schoolid = $school->id;
$schooluser->userid = $object->id;
$schooluser->level = 0;
$schooluser->enabled = 1;
$schooluser->pending = 0;
$schooluser->create();
if (isset($_POST['batchselect']) && $_POST['batchselect'] != "NOTHING") {
$batch = Batch::get_by_id($_POST['batchselect']);
$batchuser = new BatchUser();
$batchuser->schoolid = $school->id;
$batchuser->batchid = $batch->id;
$batchuser->userid = $object->id;
$batchuser->level = 0;
<?php
require_once "header.php";
if (!$session->is_logged_in()) {
header("location: index.php?negative");
} else {
$user = User::get_by_id($session->user_id);
if ($user->enabled == DISABLED) {
header("location: index.php?disabled");
}
}
$school = School::get_by_id(CSNTRID);
$pathinfo = pathinfo($_SERVER["PHP_SELF"]);
$basename = $pathinfo["basename"];
$currentFile = str_replace(".php", "", $basename);
$schoolusers = SchoolUser::getAdminSchools($session->user_id);
$batchusers = BatchUser::getAdminBatchs($session->user_id);
$sectionusers = SectionUser::getAdminSections($session->user_id);
if (count($schoolusers) == 0 && count($batchusers) == 0 && count($sectionusers) == 0) {
header("location: index.php?negative");
}
?>
<div class="container-fluid">
<div class="row-fluid">
<div class="span1"></div>
<div class="span9">
<form id="theform" class="form-horizontal" method="post" action="#" enctype="multipart/form-data">
<fieldset>
<legend>
Create Student
</legend>
$schoolusers = SchoolUser::get_by_sql("SELECT * FROM " . T_SCHOOLUSERS . " WHERE " . $where . " AND " . $where2 . " ORDER BY {$sidx} {$sord} LIMIT {$start} , {$limit}");
} else {
$schoolusers = SchoolUser::get_by_sql("SELECT * FROM " . T_SCHOOLUSERS . " WHERE " . $where2 . " ORDER BY {$sidx} {$sord} LIMIT {$start} , {$limit}");
}
header("Content-type: text/xml;charset=utf-8");
$s = "<?xml version='1.0' encoding='utf-8'?>";
$s .= "<rows>";
$s .= "<page>" . $page . "</page>";
$s .= "<total>" . $total_pages . "</total>";
$s .= "<records>" . $count . "</records>";
foreach ($schoolusers as $schooluser) {
$user = User::get_by_id($schooluser->userid);
if (!$user) {
$user = new User();
}
$school = School::get_by_id($schooluser->schoolid);
if (!$school) {
$school = new School();
}
$s .= "<row id='" . $schooluser->id . "'>";
$s .= "<cell></cell>";
$s .= "<cell>" . $schooluser->id . "</cell>";
$s .= "<cell>" . $school->id . "</cell>";
$s .= "<cell>" . $school->name . "</cell>";
$s .= "<cell>" . $user->id . "</cell>";
$s .= "<cell>" . $user->username . "</cell>";
$s .= "<cell>" . $schooluser->level . "</cell>";
$s .= "<cell>" . $schooluser->date . "</cell>";
$s .= "<cell>" . $schooluser->pending . "</cell>";
$s .= "<cell>" . $schooluser->enabled . "</cell>";
$s .= "<cell></cell>";
$response = "error";
global $session;
if (!$session->is_logged_in()) {
die("not logged in");
}
if ($what == "user") {
foreach ($ids as $id) {
User::get_by_id($id)->delete();
}
$log = new Log($session->userid, $clientip, "WEB", "DELETED MULTIPLE USERS");
$log->create();
$response = "success";
} else {
if ($what == "school") {
foreach ($ids as $id) {
$school = School::get_by_id($id);
$folder_path = "../../public/schools/" . $school->id;
if (file_exists($folder_path) && $folder_path != "../../public/schools/") {
rrmdir($folder_path);
}
//===================SECTION=============================//
SectionUser::delete_all_by_schoolid($school->id);
Section::delete_all_by_schoolid($school->id);
//===================BATCH=============================//
BatchUser::delete_all_by_schoolid($school->id);
Batch::delete_all_by_schoolid($school->id);
//===================SCHOOL=============================//
SchoolUser::delete_all_by_schoolid($school->id);
$school->delete();
}
$log = new Log($session->userid, $clientip, "WEB", "DELETED MULTIPLE SCHOOLS");
<div class="span1"></div>
<div class="span9">
<form id="theform" class="form-horizontal" method="post" action="#" enctype="multipart/form-data">
<fieldset>
<legend>
Create a Section
</legend>
<!-- <div class="control-group">
<label class="control-label" for="name">School</label>
<div class="controls">
<select name="schoolselect" id="schoolselect">
<?php
if (count($schoolusers) > 0) {
foreach ($schoolusers as $schooluser) {
echo "<option value='" . $schooluser->schoolid . "'>" . School::get_by_id($schooluser->schoolid)->name . "</option>";
}
} else {
echo "<option value='0'>NO SCHOOLS YET</option>";
}
?>
</select>
</div>
</div> -->
<div class="control-group">
<label class="control-label" for="name">Batch</label>
<div class="controls">
<select name="batchselect" id="batchselect">
<?php
// if(count($schoolusers) > 0)
<?php
require_once "../initialize.php";
$accordion = "";
if (isset($_GET["batchid"])) {
$school = School::get_by_id($_GET["schoolid"]);
$batch = Batch::get_by_id($_GET["batchid"]);
$pages_folder = '../../public/schools/' . $school->id . '/yearbooks/' . $batch->id . '/pages/';
$pages = glob($pages_folder . '*html');
$pages_folder2 = 'public/schools/' . $school->id . '/yearbooks/' . $batch->id . '/pages/';
if (count($pages) > 0) {
$index = 0;
foreach ($pages as $page) {
$index++;
$page_filename = basename($page);
ob_start();
include $pages_folder . $page_filename;
$output = ob_get_clean();
$accordion .= '
<div class="accordion-heading">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion2" href="#accordionID' . $index . '">
<span class="page_filename">' . $page_filename . '</span>
</a>
</div>
<div id="accordionID' . $index . '" class="accordion-body collapse">
<div class="accordion-inner">
' . $output . '
</div>
</div>
<?php
require_once "../initialize.php";
$message = "";
if (isset($_POST['schoolid']) && $_POST['schoolid'] != "" && isset($_POST['name']) && $_POST['name'] != "" && isset($_POST['address']) && $_POST['address'] != "") {
$object = School::get_by_id($_POST['schoolid']);
$name_exists = false;
if ($_POST['name'] != $object->name) {
$name_exists = School::name_exists($_POST['name']);
}
if ($name_exists) {
$log = new Log($session->user_id, $clientip, "WEB", "UPDATE SCHOOL ALREADY EXISTS");
$log->create();
$message .= "Sorry, the School Name: <i><b>" . $_POST['name'] . '</b></i> is already taken.';
}
$file = new File($_FILES['logo']);
if ($file->valid) {
$object->logo = $file->data;
} else {
$object->logo = base64_decode($object->logo);
}
$file = new File($_FILES['picture']);
if ($file->valid) {
$object->picture = $file->data;
} else {
$object->picture = base64_decode($object->picture);
}
if ($message == "") {
$object->name = $_POST['name'];
$object->about = $_POST['about'];
$object->email = $_POST['email'];
if ($user->is_super_admin()) {
echo '
<ul class="nav">
<li id="myschoolsdropdown" class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">
<i class="icon-large icon-book"></i> Schools (' . count($schoolsimin) . ')
<b class="caret"></b>
</a>
<ul class="dropdown-menu">
';
if (count($schoolsimin) > 0) {
foreach ($schoolsimin as $schoolimin) {
$school = School::get_by_id($schoolimin->schoolid);
echo '
<li class="dropdown-submenu">
<a tabindex="-1" href="school.php?id=' . $school->id . '">' . School::get_by_id($school->id)->name . '</a>
<ul class="dropdown-menu">
<li><a href="school.php?id=' . $school->id . '"><i class="icon-large icon-play"></i> View</a></li>
';
if (SchoolUser::amIAdmin($session->user_id, $schoolimin->schoolid) || $user->is_super_admin()) {
echo '
<li><a href="updateschool.php?id=' . $school->id . '"><i class="icon-large icon-pencil"></i> Edit</a></li>
</ul>
</li>
';
} else {
echo '
</ul>
</li>
';
}
