/**
* Sets meta information about the student
*
* Collects any meta information for the student from the meta database table, so that it can
* be shown on the box at the top of the window. This information is stored in an array, which
* can be accessed as and when by the getMeta function
*
* @see getMeta
* @param int $studentID The ID of the student passed to this file
* @param mixed $databaseConnection A link to the current database connection
* @returns array An array of student meta information
*/
function setMeta($studentID, $databaseConnection)
{
// Array to hold the information about the student, which is returned when the function ends
$metaInformation = array();
// Making sure that there is an ID for the student passed
if (!empty($studentID)) {
// Sanitising the query
$studentID = $databaseConnection->real_escape_string($studentID);
$metaInformation["studentID"] = $studentID;
// Getting the name of the student
$sqlStudentName = "SELECT StudentForename, StudentSurname FROM `sen_info`.`tbl_students` WHERE (studentID = {$studentID})";
$queryResultStudentName = dbSelect($sqlStudentName, $databaseConnection);
// Seeing if any results were found, and filling in the meta information array
if (dbSelectCountRows($queryResultStudentName) > 0) {
foreach (dbSelectGetRows($queryResultStudentName) as $row) {
$metaInformation["studentForename"] = $row['StudentForename'];
$metaInformation["studentSurname"] = $row['StudentSurname'];
}
}
// Getting additional meta information about the student
$sqlStudentMeta = "SELECT * FROM `sen_info`.`tbl_student_meta` WHERE (studentID = {$studentID})";
$queryResultStudentMeta = dbSelect($sqlStudentMeta, $databaseConnection);
// Seeing if any results were found, and filling in the meta information array
if (dbSelectCountRows($queryResultStudentMeta) > 0) {
foreach (dbSelectGetRows($queryResultStudentMeta) as $row) {
$metaInformation["yearGroup"] = $row['YearGroup'];
$metaInformation["house"] = $row['House'];
$metaInformation["form"] = $row['Form'];
$metaInformation["dob"] = $row['DoB'];
$metaInformation["comment"] = $row['Comment'];
// Note: Any additional rows added to the meta table should be added here
}
}
}
// Return any meta information that has been collected
return $metaInformation;
}
}
}
}
} else {
// Seeing if there wasn't a username and/or password passed to this file
if (!empty($_POST['username']) && !empty($_POST['password'])) {
// Sanitising the username and password
$username = $databaseConnection->real_escape_string($_POST['username']);
$password = $databaseConnection->real_escape_string($_POST['password']);
// Generating the search query and running it
$sql = "SELECT StaffPassword FROM `sen_info`.`tbl_staff` WHERE (StaffUsername = '******')";
$queryResult = dbSelect($sql, $databaseConnection);
// Checking to see if there were any rows returned
if (dbSelectCountRows($queryResult) > 0) {
// Checking to see if the password typed matches what is in the database
$tableRows = dbSelectGetRows($queryResult);
// Seeing if we should try logging the user in with a request
// to a LDAP server, or just against what is stored in the
// staff database table
if ($CFG['LDAP_Enabled'] && $tableRows[0]['StaffPassword'] == "ldap") {
ldapLogin($username, $password, $CFG['LDAP_Server'], $CFG['LDAP_UPN'], $CFG['LDAP_DN'], $CFG['LDAP_StaffGroups'], $databaseConnection, false);
} else {
if (password_verify($password, $tableRows[0]['StaffPassword'])) {
// Updating the sessions table and cookie
setSessionInformation($username, $databaseConnection);
echo 'success';
} else {
echo 'The password is incorrect';
}
}
} else {
// return 'no results found'
if (isset($_POST['query'])) {
// Sanitising the query
$searchQuery = $databaseConnection->real_escape_string($_POST['query']);
// Splitting the search query on spaces, if they exist
$searchTerms = explode(" ", $searchQuery);
// Seeing if there's anything in searchTerms[1]. If not, make it the same as
// searchTerms[0], to prevent undefined offset errors.
if (strpos($searchQuery, ' ') === FALSE) {
$searchTerms[1] = $searchTerms[0];
}
$studentResults = array();
// Generating the search query and running it
// Note: searchTerms[0] should be the forename, searchTerms[1] the surname
$sql = "SELECT * FROM `sen_info`.`tbl_students` WHERE (studentForename LIKE '%{$searchTerms['0']}%') OR (studentSurname LIKE '%{$searchTerms['1']}%')";
$queryResult = dbSelect($sql, $databaseConnection);
// Seeing if any results were found
if (dbSelectCountRows($queryResult) > 0) {
echo createDetailLink(dbSelectGetRows($queryResult));
} else {
echo "No results found";
}
// Showing the add button, with the name parts filled in
echo addStudentButton($searchTerms[0], $searchTerms[1]);
} else {
echo "No results found";
// Showing the add button, without the name parts filled in
echo addStudentButton();
}
// Closing the connection to the database
dbClose($databaseConnection);
// Sanitising all POSTS to this page
$sessionID = $databaseConnection->real_escape_string($_POST['cookie']);
$messageID = $databaseConnection->real_escape_string($_POST['messageID']);
// Generating a list of comments relevant to this message thread
// and displaying them for the user to see
$sqlMessageThread = "SELECT * FROM `sen_info`.`tbl_comments` WHERE (MessageID = " . $messageID . ")";
$queryResultMessageThread = dbSelect($sqlMessageThread, $databaseConnection);
if (dbSelectCountRows($queryResultMessageThread) > 0) {
// Saving the results of the comment thread to a variable,
// which is returned once the comment thread has been created
$commentThreadHtml = '';
foreach (dbSelectGetRows($queryResultMessageThread) as $comment) {
// Getting the name of the staff member who wrote the comment
$sqlStaffFullName = "SELECT StaffForename, StaffSurname FROM `sen_info`.`tbl_staff` WHERE (StaffUsername = '******'StaffUsername'] . "')";
$queryResultStaffFullname = dbSelect($sqlStaffFullName, $databaseConnection);
$tableRows = dbSelectGetRows($queryResultStaffFullname);
$staffForename = $tableRows[0]['StaffForename'];
$staffSurname = $tableRows[0]['StaffSurname'];
$staffFullName = $staffForename . " " . $staffSurname;
// Creating the comment thread HTML code, to pass back to the AJAX call
$commentThreadHtml .= '<div class="modal--comment_thread--comment-div" id="modal--comment_thread--comment-id_' . $comment['CommentID'] . '">';
$commentThreadHtml .= '<p class="modal--comment_thread--comment-text">' . nl2br($comment['Comment']) . '</p>';
$commentThreadHtml .= '<span class="modal--comment_thread--comment-meta pull-right">' . $staffFullName . ' — ' . substr($comment['CommentDate'], 0, 10) . '</span>';
$commentThreadHtml .= '</div>';
}
// Scrolling the user to the bottom of the message thread,
// as they'll probably want the newest messages first
// See: http://stackoverflow.com/a/22232328
$commentThreadHtml .= '<script>';
$commentThreadHtml .= '$(function () {';
$commentThreadHtml .= ' $("#modal-textfield--comments").scrollTop(1E10);';