cust_die("Which class's assignments would you like to view? Make sure you follow the correct links.");
}
$class_id = escape_string($_GET['id']);
if (!isset($_GET['gp']) or $_GET['gp'] == "" or is_numeric($_GET['gp'] == FALSE)) {
$grading_period = current_semester;
} else {
$grading_period = escape_string($_GET['gp']);
}
// see if the class is valid, and if so, if user may access the class
connect_sql();
// see if it's a valid class
$valid_class = @query("SELECT 1 FROM `classes` WHERE `ID`='{$class_id}'") or die("Error checking the database.");
if (num_rows($valid_class) == 0) {
cust_die("That is not a valid class.");
}
if (teacher_teaches($_SESSION['id'], $class_id) == FALSE) {
cust_die("You may not view that class's grades.");
}
print "<table id=\"spreadsheet\">";
// get the assignments for the current (or specified) semester
$assignment_info = @query("SELECT `assign_number` FROM `grades` WHERE `class_id`='{$class_id}' AND `grading_period`='{$grading_period}'");
$assignments_to_use = array();
while ($assignments = result($assignment_info)) {
if (in_array($assignments->assign_number, $assignments_to_use) == FALSE) {
$assignments_to_use[] = $assignments->assign_number;
}
}
print "<tr class=\"spreadheader\"><td></td>";
// get each assignment's name
foreach ($assignments_to_use as $assignment) {
$the_name = @query("SELECT `assign_name` FROM `grades` WHERE `assign_number`='{$assignment}' LIMIT 1");
if (!isset($_POST['categoryname']) or $_POST['categoryname'] == "") {
cust_die("You must submit the category's name.");
}
if (strlen($_POST['categoryname']) > 50) {
cust_die("Your category's name must be 50 characters or fewer.");
}
$categoryname = escape_string(htmlspecialchars($_POST['categoryname']));
if (!isset($_POST['classid']) or $_POST['classid'] == "") {
cust_die("You must submit the class's ID.");
}
if (is_numeric($_POST['classid']) == FALSE) {
cus_die("Invalid class ID.");
}
$classid = escape_string(htmlspecialchars($_POST['classid']));
// make sure the user teachers the class
if (teacher_teaches($teacherid, $classid) == FALSE) {
cust_die("You do not teach that class.");
}
if (!isset($_POST['categoryid']) or $_POST['categoryid'] == "") {
cust_die("You must submit the category's ID.");
}
if (is_numeric($_POST['categoryid']) == FALSE) {
cus_die("Invalid category ID.");
}
$categoryid = escape_string(htmlspecialchars($_POST['categoryid']));
// make sure it's valid
$occurance = @query("SELECT 1 FROM `categories` WHERE `ID`='{$categoryid}' AND `class`='{$classid}' LIMIT 1") or die("Error checking the database.");
if (num_rows($occurance) == 0) {
cust_die("Invalid category ID.");
}
if (!isset($_POST['categoryweight']) or $_POST['categoryweight'] == "") {
if (!isset($_GET['id']) or $_GET['id'] == "" or is_numeric($_GET['id']) != "true") {
cust_die("You must submit the news post you'd like to delete.");
}
if ($_GET['id'] == "NULL") {
cust_die("Please select the post you'd like to delete, not the class.");
}
$id = escape_string($_GET['id']);
connect_sql();
// see if they're able to delete the post: if they're an admin, they don't check
if (user_type() == "teacher") {
$teacher_id = $_SESSION['id'];
// see if they can delete it
$class_id = @query("SELECT `class` FROM `news` WHERE `ID`='{$id}'") or die("Error checking the database.");
$result = result($class_id);
$class_id = $result->class;
if (teacher_teaches($teacher_id, $class_id) == "FALSE") {
cust_die("You can't delete that news post.");
}
}
@query("DELETE FROM `news` WHERE `ID`='{$id}' LIMIT 1") or die("Error deleting the post.");
disconnect_sql();
print "The post has been deleted.";
} elseif (isset($_POST['addnews'])) {
if (user_type() == "user") {
cust_die("You may not add news.");
}
if (!isset($_POST['class']) or $_POST['class'] == "" or is_numeric($_POST['class']) != "true") {
cust_die("Don't mess with the class ID. ;D");
}
$class_id = escape_string($_POST['class']);
if (!isset($_POST['subject']) or $_POST['subject'] == "") {
