Skip to content
Permalink
Browse files
User reported defect fixes
Many defects were fixed. Installation files updated to use ethnicity codes from database. If you use this build, then do a fresh install.
  • Loading branch information
openSISAdmin committed Jan 16, 2020
1 parent e40d935 commit 28f9cbc943422d76ab2730f18ee279557be6b1c7
Show file tree
Hide file tree
Showing 33 changed files with 5,690 additions and 941 deletions.
@@ -26,6 +26,8 @@
#
#***************************************************************************************
error_reporting(0);
include("functions/ParamLibFnc.php");
require_once("Data.php");
include "./Warehouse.php";
$url=validateQueryString(curPageURL());
if($url===FALSE)
@@ -35,12 +37,16 @@

if(clean_param($_REQUEST['modfunc'],PARAM_ALPHA)=='print')
{
$connection = new mysqli($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName);
$_REQUEST = $_SESSION['_REQUEST_vars'];
$_REQUEST['_openSIS_PDF'] = true;
$_REQUEST['_openSIS_PDF'] = mysqli_real_escape_string($connection,optional_param('_openSIS_PDF', '', PARAM_RAW));
$_REQUEST['modname'] = mysqli_real_escape_string($connection,optional_param('modname', '', PARAM_RAW));
$_REQUEST['failed_login'] = mysqli_real_escape_string($connection,optional_param('failed_login', '', PARAM_RAW));
if(strpos($_REQUEST['modname'],'?')!==false)
$modname = substr($_REQUEST['modname'],0,strpos($_REQUEST['modname'],'?'));
$modname = substr(mysqli_real_escape_string($connection,optional_param('modname', '', PARAM_RAW)),0,strpos(mysqli_real_escape_string($connection,optional_param('modname', '', PARAM_RAW)),'?'));
else
$modname = $_REQUEST['modname'];
$modname = mysqli_real_escape_string($connection,optional_param('modname', '', PARAM_RAW));
ob_start();
include('modules/'.$modname);
if($htmldocPath)
@@ -1,5 +1,6 @@
<?php

include("functions/ParamLibFnc.php");
require_once("Data.php");
include('RedirectRootInc.php');
include'ConfigInc.php';
include 'Warehouse.php';
@@ -10,8 +11,8 @@
*/

//----------------------- modal for event start---------------------//


$connection = new mysqli($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName);
$_REQUEST['event_id'] = mysqli_real_escape_string($connection,optional_param('event_id', '', PARAM_DATA));
if (($_REQUEST['event_id'] || !isset($_REQUEST['event_id'])) && !isset($_REQUEST[assignment_id])) {
if ($_REQUEST['event_id'] != 'new' && isset($_REQUEST['event_id'])) {
$RET = DBGet(DBQuery("SELECT TITLE,DESCRIPTION,SCHOOL_DATE,CALENDAR_ID FROM calendar_events WHERE ID='$_REQUEST[event_id]'"));
@@ -0,0 +1,8 @@
<?php
$DatabaseType = 'mysqli';
$DatabaseServer = 'localhost';
$DatabaseUsername = 'root';
$DatabasePassword = 'Ge0rg1a30097%go';
$DatabaseName = 'bobtest';
$DatabasePort = '3306';
?>
@@ -0,0 +1,97 @@
<?php

#**************************************************************************
# openSIS is a free student information system for public and non-public
# schools from Open Solutions for Education, Inc. web: www.os4ed.com
#
# openSIS is web-based, open source, and comes packed with features that
# include student demographic info, scheduling, grade book, attendance,
# report cards, eligibility, transcripts, parent portal,
# student portal and more.
#
# Visit the openSIS web site at http://www.opensis.com to learn more.
# If you have question regarding this system or the license, please send
# an email to info@os4ed.com.
#
# This program is released under the terms of the GNU General Public License as
# published by the Free Software Foundation, version 2 of the License.
# See license.txt.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#***************************************************************************************

include('RedirectRootInc.php');
include('Warehouse.php');

ini_set('memory_limit', '1200000000M');
ini_set('max_execution_time', '500000');


if($_POST['ADDR_CONT_USRN'] != "" && $_POST['ADDR_CONT_PSWD'] != "")
{
$qry_one = DBGet(DBQuery('SELECT * FROM login_authentication WHERE username = "'.$_POST['ADDR_CONT_USRN'].'" AND password = "'.$_POST['ADDR_CONT_PSWD'].'"'));

$counted = count($qry_one);

if($counted > 0)
{
$this_password = $qry_one[1]['PASSWORD'];
}
else
{
$this_password = md5($_POST['ADDR_CONT_PSWD']);
}
}
else
{
$this_password = "";
}


$addressHoldSet = array(
"ADDR_PRIM_L1" => $_POST['ADDR_PRIM_L1'],
"ADDR_PRIM_L2" => $_POST['ADDR_PRIM_L2'],
"ADDR_PRIM_CITY" => $_POST['ADDR_PRIM_CITY'],
"ADDR_PRIM_STATE" => $_POST['ADDR_PRIM_STATE'],
"ADDR_PRIM_ZIP" => $_POST['ADDR_PRIM_ZIP'],
"ADDR_PRIM_BUSNO" => $_POST['ADDR_PRIM_BUSNO'],
"ADDR_PRIM_BPU" => $_POST['ADDR_PRIM_BPU'],
"ADDR_PRIM_BDO" => $_POST['ADDR_PRIM_BDO'],
"ADDR_SAME_HOME" => $_POST['ADDR_SAME_HOME'],
"ADDR_SAME_AS" => $_POST['ADDR_SAME_AS'],
"ADDR_MAIL_L1" => $_POST['ADDR_MAIL_L1'],
"ADDR_MAIL_L2" => $_POST['ADDR_MAIL_L2'],
"ADDR_MAIL_CITY" => $_POST['ADDR_MAIL_CITY'],
"ADDR_MAIL_STATE" => $_POST['ADDR_MAIL_STATE'],
"ADDR_MAIL_ZIP" => $_POST['ADDR_MAIL_ZIP'],
"ADDR_CONT_RSHIP" => $_POST['ADDR_CONT_RSHIP'],
"ADDR_CONT_FIRST" => $_POST['ADDR_CONT_FIRST'],
"ADDR_CONT_LAST" => $_POST['ADDR_CONT_LAST'],
"ADDR_CONT_HOME" => $_POST['ADDR_CONT_HOME'],
"ADDR_CONT_WORK" => $_POST['ADDR_CONT_WORK'],
"ADDR_CONT_CELL" => $_POST['ADDR_CONT_CELL'],
"ADDR_CONT_MAIL" => $_POST['ADDR_CONT_MAIL'],
"ADDR_CONT_PORTAL" => $_POST['ADDR_CONT_PORTAL'],
"ADDR_CONT_USRN" => $_POST['ADDR_CONT_USRN'],
"ADDR_CONT_PSWD" => $this_password,
"ADDR_CONT_SAHA" => $_POST['ADDR_CONT_SAHA'],
"ADDR_CONT_ADNA" => $_POST['ADDR_CONT_ADNA'],
"ADDR_CONT_LIN1" => $_POST['ADDR_CONT_LIN1'],
"ADDR_CONT_LIN2" => $_POST['ADDR_CONT_LIN2'],
"ADDR_CONT_CITY" => $_POST['ADDR_CONT_CITY'],
"ADDR_CONT_STAT" => $_POST['ADDR_CONT_STAT'],
"ADDR_CONT_ZIP" => $_POST['ADDR_CONT_ZIP'],
);

$_SESSION["HOLD_ADDR_DATA"] = $addressHoldSet;

print_r($addressHoldSet);

?>
@@ -20,73 +20,101 @@
//echo $_REQUEST['USERINFO_FIRST_NAME'];
//echo '<br>';
//echo $_REQUEST['USERINFO_LAST_NAME'];
if ($_REQUEST['USERINFO_FIRST_NAME'] || $_REQUEST['USERINFO_LAST_NAME'] || $_REQUEST['USERINFO_EMAIL'] || $_REQUEST['USERINFO_MOBILE'] || $_REQUEST['USERINFO_SADD'] || $_REQUEST['USERINFO_CITY'] || $_REQUEST['USERINFO_STATE'] || $_REQUEST['USERINFO_ZIP']) {
$stf_ids = '';
$sql = 'SELECT distinct stf.STAFF_ID AS BUTTON , stf.STAFF_ID,CONCAT(stf.FIRST_NAME," ",stf.LAST_NAME) AS FULLNAME, CONCAT(s.FIRST_NAME," ",s.LAST_NAME) AS STUFULLNAME,stf.PROFILE,stf.EMAIL FROM people stf';
$sql_where = 'WHERE stf.PROFILE_ID=4 AND s.STUDENT_ID!=' . UserStudentID() . ' ';
if ($_REQUEST['USERINFO_FIRST_NAME'] || $_REQUEST['USERINFO_LAST_NAME'] || $_REQUEST['USERINFO_EMAIL'] || $_REQUEST['USERINFO_MOBILE']) {
if ($_REQUEST['USERINFO_FIRST_NAME']!='')
$sql_where.= 'AND LOWER(stf.FIRST_NAME) LIKE \'' . str_replace("'", "''", strtolower(trim($_REQUEST['USERINFO_FIRST_NAME']))) . '%\' ';
if ($_REQUEST['USERINFO_LAST_NAME']!='')
$sql_where.= 'AND LOWER(stf.LAST_NAME) LIKE \'' . str_replace("'", "''", strtolower(trim($_REQUEST['USERINFO_LAST_NAME']))) . '%\' ';
if ($_REQUEST['USERINFO_EMAIL']!='')
$sql_where.= 'AND LOWER(stf.EMAIL) = \'' . str_replace("'", "''", strtolower(trim($_REQUEST['USERINFO_EMAIL']))) . '\' ';
if ($_REQUEST['USERINFO_MOBILE']!='')
$sql_where.= 'AND stf.CELL_PHONE = \'' . str_replace("'", "''", trim($_REQUEST['USERINFO_MOBILE'])) . '\' ';
}
if ($_REQUEST['USERINFO_SADD'] || $_REQUEST['USERINFO_CITY'] || $_REQUEST['USERINFO_STATE'] || $_REQUEST['USERINFO_ZIP']) {
$sql.=' LEFT OUTER JOIN student_address sa on sa.PEOPLE_ID=stf.STAFF_ID';
$sql_where.=' AND sa.TYPE IN (\'Primary\',\'Secondary\',\'Other\') ';
if ($_REQUEST['USERINFO_SADD']!='')
$sql_where.= ' AND LOWER(STREET_ADDRESS_1) LIKE \'' . str_replace("'", "''", strtolower(trim($_REQUEST['USERINFO_SADD']))) . '%\' ';
if ($_REQUEST['USERINFO_CITY']!='')
$sql_where.= ' AND LOWER(CITY) LIKE \'' . str_replace("'", "''", strtolower(trim($_REQUEST['USERINFO_CITY']))) . '%\' ';
if ($_REQUEST['USERINFO_STATE']!='')
$sql_where.= ' AND LOWER(STATE) LIKE \'' . str_replace("'", "''", strtolower(trim($_REQUEST['USERINFO_STATE']))) . '%\' ';
if ($_REQUEST['USERINFO_ZIP']!='')
$sql_where.= ' AND ZIPCODE = \'' . str_replace("'", "''", trim($_REQUEST['USERINFO_ZIP'])) . '\' ';
}

$sql.=' Left outer join students_join_people sju on stf.STAFF_ID=sju.PERSON_ID Left outer join students s on s.STUDENT_ID = sju.STUDENT_ID ';
$sql_where.= ' AND LOWER(stf.FIRST_NAME)<>\'\' AND LOWER(stf.LAST_NAME)<>\'\' AND sju.PERSON_ID NOT IN (SELECT PERSON_ID FROM students_join_people WHERE STUDENT_ID=' . UserStudentID() . ') GROUP BY sju.PERSON_ID';

$searched_staffs = DBGet(DBQuery($sql . $sql_where), array('BUTTON' => 'makeChooseCheckbox'));
foreach ($searched_staffs as $key => $value) {
$stf_usrname = DBGet(DBQuery('SELECT USERNAME FROM login_authentication WHERE USER_ID=' . $value['STAFF_ID'] . ' AND PROFILE_ID=4'));
$searched_staffs[$key]['USERNAME'] = $stf_usrname[1]['USERNAME'];
}
} else {

$sql = 'SELECT stf.STAFF_ID AS BUTTON , stf.STAFF_ID,CONCAT(stf.FIRST_NAME," ",stf.LAST_NAME) AS FULLNAME, CONCAT(s.FIRST_NAME," ",s.LAST_NAME) AS STUFULLNAME,stf.PROFILE,stf.EMAIL FROM people stf left outer join students_join_people sju on stf.STAFF_ID=sju.PERSON_ID left outer join students s on s.STUDENT_ID = sju.STUDENT_ID WHERE s.STUDENT_ID!=' . UserStudentID() . ' AND stf.FIRST_NAME<>\'\' AND stf.LAST_NAME<>\'\' AND sju.PERSON_ID NOT IN (SELECT PERSON_ID FROM students_join_people WHERE STUDENT_ID=' . UserStudentID() . ') Group by stf.STAFF_ID';

$searched_staffs = DBGet(DBQuery($sql), array('BUTTON' => 'makeChooseCheckbox'));
foreach ($searched_staffs as $key => $value) {
$stf_usrname = DBGet(DBQuery('SELECT USERNAME FROM login_authentication WHERE USER_ID=' . $value['STAFF_ID'] . ' AND PROFILE_ID=4'));
$searched_staffs[$key]['USERNAME'] = $stf_usrname[1]['USERNAME'];
}
}
if ($_REQUEST['USERINFO_FIRST_NAME'] || $_REQUEST['USERINFO_LAST_NAME'] || $_REQUEST['USERINFO_EMAIL'] || $_REQUEST['USERINFO_MOBILE'] || $_REQUEST['USERINFO_SADD'] || $_REQUEST['USERINFO_CITY'] || $_REQUEST['USERINFO_STATE'] || $_REQUEST['USERINFO_ZIP'])
{
$stf_ids = '';

$sql = 'SELECT distinct stf.STAFF_ID AS BUTTON , stf.STAFF_ID,CONCAT(stf.FIRST_NAME," ",stf.LAST_NAME) AS FULLNAME, CONCAT(s.FIRST_NAME," ",s.LAST_NAME) AS STUFULLNAME,stf.PROFILE,stf.EMAIL FROM people stf';
$sql_where = 'WHERE stf.PROFILE_ID=4 AND s.STUDENT_ID!=' . UserStudentID() . ' ';

if ($_REQUEST['USERINFO_FIRST_NAME'] || $_REQUEST['USERINFO_LAST_NAME'] || $_REQUEST['USERINFO_EMAIL'] || $_REQUEST['USERINFO_MOBILE'])
{
if ($_REQUEST['USERINFO_FIRST_NAME']!='')
$sql_where.= 'AND LOWER(stf.FIRST_NAME) LIKE \'' . str_replace("'", "''", strtolower(trim($_REQUEST['USERINFO_FIRST_NAME']))) . '%\' ';
if ($_REQUEST['USERINFO_LAST_NAME']!='')
$sql_where.= 'AND LOWER(stf.LAST_NAME) LIKE \'' . str_replace("'", "''", strtolower(trim($_REQUEST['USERINFO_LAST_NAME']))) . '%\' ';
if ($_REQUEST['USERINFO_EMAIL']!='')
$sql_where.= 'AND LOWER(stf.EMAIL) = \'' . str_replace("'", "''", strtolower(trim($_REQUEST['USERINFO_EMAIL']))) . '\' ';
if ($_REQUEST['USERINFO_MOBILE']!='')
$sql_where.= 'AND stf.CELL_PHONE = \'' . str_replace("'", "''", trim($_REQUEST['USERINFO_MOBILE'])) . '\' ';
}


if ($_REQUEST['USERINFO_SADD'] || $_REQUEST['USERINFO_CITY'] || $_REQUEST['USERINFO_STATE'] || $_REQUEST['USERINFO_ZIP'])
{
$sql.=' LEFT OUTER JOIN student_address sa on sa.PEOPLE_ID=stf.STAFF_ID';
$sql_where.=' AND sa.TYPE IN (\'Primary\',\'Secondary\',\'Other\') ';
if ($_REQUEST['USERINFO_SADD']!='')
$sql_where.= ' AND LOWER(STREET_ADDRESS_1) LIKE \'' . str_replace("'", "''", strtolower(trim($_REQUEST['USERINFO_SADD']))) . '%\' ';
if ($_REQUEST['USERINFO_CITY']!='')
$sql_where.= ' AND LOWER(CITY) LIKE \'' . str_replace("'", "''", strtolower(trim($_REQUEST['USERINFO_CITY']))) . '%\' ';
if ($_REQUEST['USERINFO_STATE']!='')
$sql_where.= ' AND LOWER(STATE) LIKE \'' . str_replace("'", "''", strtolower(trim($_REQUEST['USERINFO_STATE']))) . '%\' ';
if ($_REQUEST['USERINFO_ZIP']!='')
$sql_where.= ' AND ZIPCODE = \'' . str_replace("'", "''", trim($_REQUEST['USERINFO_ZIP'])) . '\' ';
}

$sql.=' Left outer join students_join_people sju on stf.STAFF_ID=sju.PERSON_ID Left outer join students s on s.STUDENT_ID = sju.STUDENT_ID ';
$sql_where.= ' AND LOWER(stf.FIRST_NAME)<>\'\' AND LOWER(stf.LAST_NAME)<>\'\' AND sju.PERSON_ID NOT IN (SELECT PERSON_ID FROM students_join_people WHERE STUDENT_ID=' . UserStudentID() . ') GROUP BY sju.PERSON_ID';

$searched_staffs = DBGet(DBQuery($sql . $sql_where), array('BUTTON' => 'makeChooseCheckbox'));

foreach ($searched_staffs as $key => $value)
{
$stf_usrname = DBGet(DBQuery('SELECT USERNAME FROM login_authentication WHERE USER_ID=' . $value['STAFF_ID'] . ' AND PROFILE_ID=4'));
$searched_staffs[$key]['USERNAME'] = $stf_usrname[1]['USERNAME'];
}
}
else
{
$sql = 'SELECT stf.STAFF_ID AS BUTTON , stf.STAFF_ID,CONCAT(stf.FIRST_NAME," ",stf.LAST_NAME) AS FULLNAME, CONCAT(s.FIRST_NAME," ",s.LAST_NAME) AS STUFULLNAME,stf.PROFILE,stf.EMAIL FROM people stf left outer join students_join_people sju on stf.STAFF_ID=sju.PERSON_ID left outer join students s on s.STUDENT_ID = sju.STUDENT_ID WHERE s.STUDENT_ID!=' . UserStudentID() . ' AND stf.FIRST_NAME<>\'\' AND stf.LAST_NAME<>\'\' AND sju.PERSON_ID NOT IN (SELECT PERSON_ID FROM students_join_people WHERE STUDENT_ID=' . UserStudentID() . ') Group by stf.STAFF_ID';

$searched_staffs = DBGet(DBQuery($sql), array('BUTTON' => 'makeChooseCheckbox'));

foreach ($searched_staffs as $key => $value)
{
$stf_usrname = DBGet(DBQuery('SELECT USERNAME FROM login_authentication WHERE USER_ID=' . $value['STAFF_ID'] . ' AND PROFILE_ID=4'));

$searched_staffs[$key]['USERNAME'] = $stf_usrname[1]['USERNAME'];
}
}

$singular = 'User';
$plural = 'Users';
$options['save'] = false;
$options['print'] = false;
$options['search'] = false;

$columns = array('BUTTON' => 'Select any one', 'FULLNAME' => 'Name', 'USERNAME' => 'Username', 'EMAIL' => 'Email', 'STUFULLNAME' => 'Associated Student\'s Name');
if ($_REQUEST['add_id'] == 'new')
echo '<FORM name=sel_staff id=sel_staff action="ForWindow.php?modname=' . $_REQUEST[modname] . '&modfunc=lookup&type=' . $_REQUEST['type'] . '&func=search&nfunc=status&ajax=' . $_REQUEST['ajax'] . '&add_id=new&address_id=' . $_REQUEST['address_id'] . '" METHOD=POST>';
else
echo '<FORM name=sel_staff id=sel_staff action="ForWindow.php?modname=' . $_REQUEST[modname] . '&modfunc=lookup&type=' . $_REQUEST['type'] . '&func=search&nfunc=status&ajax=' . $_REQUEST['ajax'] . '&add_id=' . $_REQUEST['add_id'] . '&address_id=' . $_REQUEST['address_id'] . '" METHOD=POST>';
echo '<span id="sel_err" class="text-danger"></span>';
// print_r($searched_staffs);
ListOutput($searched_staffs, $columns, $singular, $plural, false, $group = false, $options, 'ForWindow');
unset($_REQUEST['func']);
if(!empty($searched_staffs))
echo '<div id="select-people-div"><input type="button" value="Select" name="button" onclick="SelectedParent(\''.$_REQUEST['address_id'].'\',\''.$_REQUEST['p_type'].'\',\''.$_REQUEST['other_p_erson_id'].'\')"></div>';
$singular = 'User';
$plural = 'Users';
$options['save'] = false;
$options['print'] = false;
$options['search'] = false;

$columns = array('BUTTON' => 'Select any one', 'FULLNAME' => 'Name', 'USERNAME' => 'Username', 'EMAIL' => 'Email', 'STUFULLNAME' => 'Associated Student\'s Name');

// echo "<pre>";
// print_r($searched_staffs);
// echo die();


if ($_REQUEST['add_id'] == 'new')
echo '<FORM name=sel_staff id=sel_staff action="ForWindow.php?modname=' . $_REQUEST[modname] . '&modfunc=lookup&type=' . $_REQUEST['type'] . '&func=search&nfunc=status&ajax=' . $_REQUEST['ajax'] . '&add_id=new&address_id=' . $_REQUEST['address_id'] . '" METHOD=POST>';
else
echo '<FORM name=sel_staff id=sel_staff action="ForWindow.php?modname=' . $_REQUEST[modname] . '&modfunc=lookup&type=' . $_REQUEST['type'] . '&func=search&nfunc=status&ajax=' . $_REQUEST['ajax'] . '&add_id=' . $_REQUEST['add_id'] . '&address_id=' . $_REQUEST['address_id'] . '" METHOD=POST>';

function makeChooseCheckbox($value, $title) {
echo '<span id="sel_err" class="text-danger"></span>';

ListOutput($searched_staffs, $columns, $singular, $plural, false, $group = false, $options, 'ForWindow');
unset($_REQUEST['func']);

// echo "<pre>";
// print_r($searched_staffs);
// echo die();

if(!empty($searched_staffs))
echo '<div id="select-people-div"><br><input type="button" class="btn btn-primary" value="Select" name="button" onclick="SelectedParent(\''.$_REQUEST['address_id'].'\',\''.$_REQUEST['p_type'].'\',\''.$_REQUEST['other_p_erson_id'].'\')"></div>';

function makeChooseCheckbox($value, $title)
{
global $THIS_RET;
if ($THIS_RET['BUTTON']) {

if ($THIS_RET['BUTTON'])
{
return "<INPUT type=radio name=staff value=" . $THIS_RET['BUTTON'] . ">";
}
}
@@ -362,11 +362,12 @@ function _makeLetterGrade($percent,$course_period_id=0,$staff_id=0,$ret='')
}
}

$connection = new mysqli($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName);

$format = mysqli_real_escape_string($connection,strtolower(optional_param('format', '', PARAM_RAW)));
$api_key= mysqli_real_escape_string($connection,optional_param('api_key', '', PARAM_RAW));
$api_secret= mysqli_real_escape_string($connection, optional_param('api_secret', '', PARAM_RAW));

$format = strtolower($_REQUEST['format']);
$api_key= $_REQUEST['api_key'];
$api_secret= $_REQUEST['api_secret'];
$validate= DBGet(DBQuery('SELECT * FROM api_info WHERE API_KEY=\''.$api_key.'\' AND API_SECRET=\''.$api_secret.'\''));
if(count($validate) > 0)
{

0 comments on commit 28f9cbc

Please sign in to comment.