/**
* Logs a person in after the login information has checked out.
*
* @since 6.2.0
* @param string $login Person's username or email address.
* @param string $password Person's password.
* @param string $rememberme Whether to remember the person.
*/
function etsis_authenticate($login, $password, $rememberme)
{
$app = \Liten\Liten::getInstance();
$person = $app->db->person()->select('person.personID,person.uname,person.password')->_join('staff', 'person.personID = staff.staffID')->_join('student', 'person.personID = student.stuID')->where('(person.uname = ? OR person.email = ?)', [$login, $login])->_and_()->where('(staff.status = "A" OR student.status = "A")')->findOne();
if (false == $person) {
$app->flash('error_message', sprintf(_t('Your account is not active. <a href="%s">More info.</a>'), 'https://www.edutracsis.com/manual/troubleshooting/#Your_Account_is_Deactivated'));
redirect($app->req->server['HTTP_REFERER']);
return;
}
$ll = $app->db->person();
$ll->LastLogin = $ll->NOW();
$ll->where('personID = ?', _h($person->personID))->update();
/**
* Filters the authentication cookie.
*
* @since 6.2.0
* @param object $person Person data object.
* @param string $rememberme Whether to remember the person.
*/
$app->hook->apply_filter('etsis_auth_cookie', $person, $rememberme);
etsis_logger_activity_log_write('Authentication', 'Login', get_name(_h($person->personID)), _h($person->uname));
redirect(get_base_url());
}
$clone->courseShortTitle = $crse->courseShortTitle;
$clone->preReq = $crse->preReq;
$clone->allowAudit = $crse->allowAudit;
$clone->allowWaitlist = $crse->allowWaitlist;
$clone->minEnroll = $crse->minEnroll;
$clone->seatCap = $crse->seatCap;
$clone->startDate = $crse->startDate;
$clone->currStatus = $crse->currStatus;
$clone->statusDate = $app->db->NOW();
$clone->approvedDate = $app->db->NOW();
$clone->approvedBy = get_persondata('personID');
if ($clone->save()) {
$ID = $clone->lastInsertId();
etsis_cache_flush_namespace('crse');
$app->flash('success_message', $flashNow->notice(200));
etsis_logger_activity_log_write('New Record', 'Cloned Course', $crse->courseCode, get_persondata('uname'));
redirect(get_base_url() . 'crse' . '/' . (int) $ID . '/');
} else {
$app->flash('error_message', $flashNow->notice(409));
redirect($app->req->server['HTTP_REFERER']);
}
});
$app->post('/dept/', function () use($app) {
etsis_cache_flush_namespace('dept');
$dept = $app->db->department();
foreach ($_POST as $k => $v) {
$dept->{$k} = $v;
}
$dept->save();
$ID = $dept->lastInsertId();
$department = $app->db->department()->where('deptID = ?', $ID);
/**
* If user is logged in and the lockscreen cookie is set,
* redirect user to the lock screen until he/she enters
* his/her password to gain access.
*/
if (isset($_COOKIE['SCREENLOCK'])) {
redirect(get_base_url() . 'lock' . '/');
}
});
$app->match('GET|POST', '/templates/', function () use($app) {
$css = ['css/admin/module.admin.page.form_elements.min.css', 'css/admin/module.admin.page.tables.min.css'];
$js = ['components/modules/admin/forms/elements/bootstrap-select/assets/lib/js/bootstrap-select.js?v=v2.1.0', 'components/modules/admin/forms/elements/bootstrap-select/assets/custom/js/bootstrap-select.init.js?v=v2.1.0', 'components/modules/admin/forms/elements/select2/assets/lib/js/select2.js?v=v2.1.0', 'components/modules/admin/forms/elements/select2/assets/custom/js/select2.init.js?v=v2.1.0', 'components/modules/admin/forms/elements/bootstrap-datepicker/assets/lib/js/bootstrap-datepicker.js?v=v2.1.0', 'components/modules/admin/forms/elements/bootstrap-datepicker/assets/custom/js/bootstrap-datepicker.init.js?v=v2.1.0', 'components/modules/admin/forms/editors/wysihtml5/assets/lib/js/wysihtml5-0.3.0_rc2.min.js?v=v2.1.0', 'components/modules/admin/forms/editors/wysihtml5/assets/lib/js/bootstrap-wysihtml5-0.0.2.js?v=v2.1.0', 'components/modules/admin/forms/editors/wysihtml5/assets/custom/wysihtml5.init.js?v=v2.1.0'];
if ($app->req->isPost()) {
$options = ['coa_form_text', 'reset_password_text', 'room_request_text', 'room_booking_confirmation_text', 'student_acceptance_letter', 'person_login_details', 'update_username'];
foreach ($options as $option_name) {
if (!isset($_POST[$option_name])) {
continue;
}
$value = $_POST[$option_name];
update_option($option_name, $value);
}
// Update more options here
$app->hook->do_action('update_options');
/* Write to logs */
etsis_logger_activity_log_write('Update', 'Settings', 'Email Templates', get_persondata('uname'));
}
$app->view->display('setting/templates', ['title' => 'Email Templates', 'cssArray' => $css, 'jsArray' => $js]);
});
$app->setError(function () use($app) {
$app->view->display('error/404', ['title' => '404 Error']);
});
*/
if (isset($_COOKIE['SCREENLOCK'])) {
redirect(get_base_url() . 'lock' . '/');
}
});
$app->match('GET|POST', '/grade-scale/(\\d+)/', function ($id) use($app, $css, $js, $flashNow) {
if ($app->req->isPost()) {
$gs = $app->db->grade_scale();
foreach ($_POST as $k => $v) {
$gs->{$k} = $v;
}
$gs->where('ID = ?', $id);
if ($gs->update()) {
etsis_cache_flush_namespace('grsc');
$app->flash('success_message', $flashNow->notice(200));
etsis_logger_activity_log_write('Update Record', 'Grade Scale', _filter_input_string(INPUT_POST, 'grade'), get_persondata('uname'));
} else {
$app->flash('error_message', $flashNow->notice(409));
}
redirect($app->req->server['HTTP_REFERER']);
}
$gs = $app->db->grade_scale()->where('ID = ?', $id);
$q = etsis_cache_get($id, 'grsc');
if (empty($q)) {
$q = $gs->find(function ($data) {
$array = [];
foreach ($data as $d) {
$array[] = $d;
}
return $array;
});
echo $app->hook->has_filter('sidebar_menu') ? 'col-md-12' : 'col-md-10';
?>
">
<div class="widget-body">
<!-- Table -->
<?php
if (strstra(strtolower($_POST['qtext']), forbidden_keyword())) {
$app->flash('error_message', 'Your query contains a forbidden keywork, please try again.');
redirect($app->req->server['HTTP_REFERER']);
exit;
}
if ($type == "query") {
$qtext2 = str_replace("\\", " ", $qtext);
/* Write to activity log table. */
etsis_logger_activity_log_write("Query", "SQL Interface", $qtext2, get_persondata('uname'));
if ($result = $pdo->query("{$qtext2}")) {
echo _t("Successly Executed - ");
} else {
echo "<font color=red>Not able to execute the query<br>Either the \n\t\t\t\t\t\t\t\ttable does not exist or the query is malformed.</font><br><br>";
}
echo _t("Query is : ");
echo "<font color=blue>" . _escape($qtext2) . "</font>\n";
echo "<table class=\"dynamicTable tableTools table table-striped table-bordered table-condensed table-white\">\n\t\t\t\t\t\t<thead>\n\t\t\t\t\t\t<tr>\n";
foreach (range(0, $result->columnCount() - 1) as $column_index) {
$meta[] = $result->getColumnMeta($column_index);
echo "<th>" . $meta[$column_index]['name'] . "</th>";
}
echo "</tr>\n</thead>\n";
$vv = true;
while ($row = $result->fetch(\PDO::FETCH_NUM)) {
$prog->specCode = $_POST['specCode'];
$prog->acadLevelCode = $_POST['acadLevelCode'];
$prog->cipCode = $_POST['cipCode'];
$prog->locationCode = $_POST['locationCode'];
/**
* Fires during the saving/creating of an academic program.
*
* @since 6.1.10
* @param array $prog Academic program object.
*/
$app->hook->do_action('save_acad_program_db_table', $prog);
if ($prog->save()) {
$ID = $prog->lastInsertId();
etsis_cache_flush_namespace('prog');
$app->flash('success_message', $flashNow->notice(200));
etsis_logger_activity_log_write('New Record', 'Acad Program', $_POST['acadProgCode'], get_persondata('uname'));
redirect(get_base_url() . 'program' . '/' . $ID . '/');
} else {
$app->flash('error_message', $flashNow->notice(409));
redirect($app->req->server['HTTP_REFERER']);
}
}
$app->view->display('program/add', ['title' => 'Add Academic Program', 'cssArray' => $css, 'jsArray' => $js]);
});
$app->post('/year/', function () use($app) {
etsis_cache_flush_namespace('ayr');
$year = $app->db->acad_year();
foreach ($_POST as $k => $v) {
$year->{$k} = $v;
}
$year->save();
/**
* Fires after a student has been registered into
* a course by a staff member.
*
* @since 6.1.07
* @param array $sacd Student Academic Credit detail data object.
*/
$app->hook->do_action('post_rgn_stu_crse_reg', $sacd);
if (function_exists('financial_module')) {
/**
* Generate bill and/or add fees.
*/
generate_stu_bill($sect->termCode, $_POST['stuID'], $sect->courseSecID);
}
$app->flash('success_message', $flashNow->notice(200));
etsis_logger_activity_log_write('New Record', 'Course Registration Via Staff', get_name($_POST['stuID']) . ' - ' . $sect->secShortTitle, get_persondata('uname'));
} else {
$app->flash('error_message', $flashNow->notice(409));
}
redirect(get_base_url() . 'sect/rgn' . '/');
}
$app->view->display('section/register', ['title' => 'Course Registration', 'cssArray' => $css, 'jsArray' => $js]);
});
/**
* Before route check.
*/
$app->before('GET|POST', '/sros.*', function () {
if (!hasPermission('access_stu_roster_screen')) {
redirect(get_base_url() . 'dashboard' . '/');
}
});
*
* @since 6.1.07
*/
$pass = [];
$pass['pass'] = $pass;
$pass['personID'] = $id;
$pass['uname'] = $person->uname;
$pass['fname'] = $person->fname;
$pass['lname'] = $person->lname;
$pass['email'] = $person->email;
/**
* Fires after successful reset of person's password.
*
* @since 6.1.07
* @param array $pass
* Plaintext password.
* @param string $uname
* Person's username
*/
$app->hook->do_action('post_reset_password', $pass);
etsis_desktop_notify(_t('Reset Password'), _t('Password reset; new email sent to queue.'), 'false');
etsis_logger_activity_log_write(_t('Update Record'), _t('Reset Password'), get_name($id), get_persondata('uname'));
} else {
$app->flash('error_message', $flashNow->notice(409));
}
redirect($app->req->server['HTTP_REFERER']);
});
});
$app->setError(function () use($app) {
$app->view->display('error/404', ['title' => '404 Error']);
});
$app->flash('error_message', $flashNow->notice(409));
redirect($app->req->server['HTTP_REFERER']);
}
}
$app->view->display('application/add-inst', ['title' => 'Add Institution', 'cssArray' => $css, 'jsArray' => $js]);
});
$app->match('GET|POST', '/inst/(\\d+)/', function ($id) use($app, $css, $js, $json_url, $flashNow) {
if ($app->req->isPost()) {
$inst = $app->db->institution();
foreach ($_POST as $k => $v) {
$inst->{$k} = $v;
}
$inst->where('institutionID = ?', $id);
if ($inst->update()) {
$app->flash('success_message', $flashNow->notice(200));
etsis_logger_activity_log_write('Update Record', 'Institution', _filter_input_string(INPUT_POST, 'instName'), get_persondata('uname'));
} else {
$app->flash('error_message', $flashNow->notice(409));
}
redirect($app->req->server['HTTP_REFERER']);
}
$inst = $app->db->institution()->where('institutionID = ?', (int) $id)->findOne();
$app->view->display('application/view-inst', ['title' => $inst->instName, 'cssArray' => $css, 'jsArray' => $js, 'inst' => $inst]);
});
$app->get('/applications/', function () use($app, $json_url) {
$css = ['css/admin/module.admin.page.alt.form_elements.min.css', 'css/admin/module.admin.page.alt.tables.min.css'];
$js = ['components/modules/admin/forms/elements/bootstrap-select/assets/lib/js/bootstrap-select.js?v=v2.1.0', 'components/modules/admin/forms/elements/bootstrap-select/assets/custom/js/bootstrap-select.init.js?v=v2.1.0', 'components/modules/admin/forms/elements/select2/assets/lib/js/select2.js?v=v2.1.0', 'components/modules/admin/forms/elements/select2/assets/custom/js/select2.init.js?v=v2.1.0', 'components/modules/admin/forms/elements/bootstrap-datepicker/assets/lib/js/bootstrap-datepicker.js?v=v2.1.0', 'components/modules/admin/forms/elements/bootstrap-datepicker/assets/custom/js/bootstrap-datepicker.init.js?v=v2.1.0', 'components/modules/admin/forms/elements/bootstrap-timepicker/assets/lib/js/bootstrap-timepicker.js?v=v2.1.0', 'components/modules/admin/forms/elements/bootstrap-timepicker/assets/custom/js/bootstrap-timepicker.init.js?v=v2.1.0'];
$appl = $app->db->application()->where('personID = ?', (int) get_persondata('personID'));
$q = $appl->find(function ($data) {
$array = [];
foreach ($data as $d) {
} elseif (count($q[0]['staffID']) <= 0) {
$app->view->display('error/404', ['title' => '404 Error']);
} else {
$app->view->display('hr/add', ['title' => 'Add Position', 'cssArray' => $css, 'jsArray' => $js, 'job' => $q]);
}
});
$app->match('GET|POST', '/positions/(\\d+)/', function ($id) use($app, $css, $js, $flashNow) {
if ($app->req->isPost()) {
$position = $app->db->staff_meta();
foreach ($_POST as $k => $v) {
$position->{$k} = $v;
}
$position->where('sMetaID = ?', _filter_input_int(INPUT_POST, 'sMetaID'));
if ($position->update()) {
$app->flash('success_message', $flashNow->notice(200));
etsis_logger_activity_log_write('Update Record', 'Job Position', get_name($id), get_persondata('uname'));
} else {
$app->flash('error_message', $flashNow->notice(409));
}
redirect($app->req->server['HTTP_REFERER']);
}
$jobs = $app->db->staff_meta()->select('staff_meta.*,b.title,b.hourly_wage')->select('b.weekly_hours,c.grade')->_join('job', 'staff_meta.jobID = b.ID', 'b')->_join('pay_grade', 'b.pay_grade = c.ID ', 'c')->where('staff_meta.staffID = ?', $id);
$q = $jobs->find(function ($data) {
$array = [];
foreach ($data as $d) {
$array[] = $d;
}
return $array;
});
/**
* If the database table doesn't exist, then it
$grad->endDate = $grad->NOW();
$grad->currStatus = 'G';
$grad->graduationDate = $_POST['gradDate'];
$grad->where('stuID = ?', $_POST['studentID'])->_and_()->where('eligible_to_graduate = "1"');
if ($grad->update()) {
$app->flash('success_message', $flashNow->notice(200));
} else {
$app->flash('error_message', $flashNow->notice(409));
}
redirect($app->req->server['HTTP_REFERER']);
} else {
$grad = $app->db->graduation_hold();
$grad->queryID = $_POST['queryID'];
$grad->gradDate = $_POST['gradDate'];
if ($grad->save()) {
etsis_logger_activity_log_write('Update Record', 'Graduation', get_name($_POST['stuID']), get_persondata('uname'));
$app->flash('success_message', $flashNow->notice(200));
} else {
$app->flash('error_message', $flashNow->notice(409));
}
redirect($app->req->server['HTTP_REFERER']);
}
}
$app->view->display('student/graduation', ['title' => 'Graduation', 'cssArray' => $css, 'jsArray' => $js]);
});
/**
* Before route check.
*/
$app->before('GET|POST', '/tran.*', function () {
if (!hasPermission('generate_transcripts')) {
redirect(get_base_url() . 'dashboard' . '/');
$file3 = $app->config('cookies.savepath') . 'cookies.' . $vars3['data'];
if (file_exists($file3)) {
unlink($file3);
}
$app->cookies->remove("SWITCH_USERNAME");
/**
* After the login as user cookies have been
* removed from the server and the browser,
* we need to set fresh cookies for the
* original logged in user.
*/
if (isset($_COOKIE['ET_REMEMBER']) && $app->cookies->getSecureCookie('ET_REMEMBER') === 'rememberme') {
$app->cookies->setSecureCookie('ET_COOKNAME', $id, _h(get_option('cookieexpire')) !== '' ? _h(get_option('cookieexpire')) : $app->config('cookie.lifetime'));
} else {
$app->cookies->setSecureCookie('ET_COOKNAME', $id, $app->config('cookie.lifetime') !== '' ? $app->config('cookie.lifetime') : 86400);
}
redirect(get_base_url() . 'dashboard' . '/');
});
$app->get('/logout/', function () {
etsis_logger_activity_log_write('Authentication', 'Logout', get_name(get_persondata('personID')), get_persondata('uname'));
/**
* This function is documented in app/functions/auth-function.php.
*
* @since 6.2.0
*/
etsis_clear_auth_cookie();
redirect(get_base_url() . 'login' . '/');
});
$app->setError(function () use($app) {
$app->view->display('error/404', ['title' => '404 Error']);
});
/**
* Is triggered after staff record has been created.
*
* @since 6.1.12
* @param mixed $staff Staff data object.
*/
$app->hook->do_action('post_save_staff', $staff);
/**
* Is triggered after staff meta data is saved.
*
* @since 6.1.12
* @param mixed $staff Staff meta data object.
*/
$app->hook->do_action('post_save_staff_meta', $meta);
$app->flash('success_message', $flashNow->notice(200));
etsis_logger_activity_log_write('New Record', 'Staff Member', get_name($id), get_persondata('uname'));
redirect(get_base_url() . 'staff' . '/' . $id);
} else {
$app->flash('error_message', $flashNow->notice(409));
redirect($app->req->server['HTTP_REFERER']);
}
}
/**
* If the database table doesn't exist, then it
* is false and a 404 should be sent.
*/
if ($p_decode == false) {
$app->view->display('error/404', ['title' => '404 Error']);
} elseif (empty($p_decode) == true) {
$app->view->display('error/404', ['title' => '404 Error']);
} elseif (count($p_decode[0]['personID']) <= 0) {
