Skip to content

Commit 81799fd

Browse files
committed
Version 9.0 release
Older version shifted to branch: Version_8.0
1 parent 381a1ad commit 81799fd

File tree

1,875 files changed

+379204
-36307
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

1,875 files changed

+379204
-36307
lines changed

Diff for: Ajax.php

+35-41
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@
2828
#***************************************************************************************
2929

3030
session_start();
31-
!empty($_SESSION['USERNAME']) or die('Access denied!');
31+
//!empty($_SESSION['PROFILE_ID']) or die('Access denied!');
3232

3333
include "functions/ParamLibFnc.php";
3434
echo '<script type="text/javascript" src="assets/js/pages/components_popups.js"></script>';
@@ -99,14 +99,13 @@
9999
if ($url === FALSE) {
100100
header('Location: index.php');
101101
}
102-
error_reporting(E_ERROR);
103102
$isajax = "ajax";
104103
$start_time = time();
105104
include 'Warehouse.php';
106105
array_rwalk($_REQUEST, 'strip_tags');
107106
$title_set = '';
108107

109-
if (UserStudentID() && User('PROFILE') != 'parent' && User('PROFILE') != 'student' && substr(clean_param($_REQUEST['modname'], PARAM_NOTAGS), 0, 5) != 'Atten' && substr(clean_param($_REQUEST['modname'], PARAM_NOTAGS), 0, 5) != 'users' && clean_param($_REQUEST['modname'], PARAM_NOTAGS) != 'students/AddUsers.php' && $_REQUEST['modname']!= 'tools/Backup.php' && (substr(clean_param($_REQUEST['modname'], PARAM_NOTAGS), 0, 10) != 'attendance' || clean_param($_REQUEST['modname'], PARAM_NOTAGS) == 'attendance/StudentSummary.php' || clean_param($_REQUEST['modname'], PARAM_NOTAGS) == 'attendance/DailySummary.php' || clean_param($_REQUEST['modname'], PARAM_NOTAGS) == 'attendance/AddAbsences.php')) {
108+
if (UserStudentID() && User('PROFILE') != 'parent' && User('PROFILE') != 'student' && substr(clean_param($_REQUEST['modname'], PARAM_NOTAGS), 0, 5) != 'Atten' && substr(clean_param($_REQUEST['modname'], PARAM_NOTAGS), 0, 5) != 'users' && clean_param($_REQUEST['modname'], PARAM_NOTAGS) != 'students/AddUsers.php' && $_REQUEST['modname'] != 'tools/Backup.php' && (substr(clean_param($_REQUEST['modname'], PARAM_NOTAGS), 0, 10) != 'attendance' || clean_param($_REQUEST['modname'], PARAM_NOTAGS) == 'attendance/StudentSummary.php' || clean_param($_REQUEST['modname'], PARAM_NOTAGS) == 'attendance/DailySummary.php' || clean_param($_REQUEST['modname'], PARAM_NOTAGS) == 'attendance/AddAbsences.php')) {
110109
$RET = DBGet(DBQuery("SELECT FIRST_NAME,LAST_NAME,MIDDLE_NAME,NAME_SUFFIX FROM students WHERE STUDENT_ID='" . UserStudentID() . "'"));
111110
$count_student_RET = DBGet(DBQuery("SELECT COUNT(*) AS NUM FROM students"));
112111

@@ -125,8 +124,8 @@
125124
'students/EnrollmentReport.php',
126125
// For Scheduling
127126
// 'scheduling/Schedule.php',
128-
'scheduling/ViewSchedule.php',
129-
'scheduling/Requests.php',
127+
'scheduling/ViewSchedule.php',
128+
'scheduling/Requests.php',
130129
// 'scheduling/MassSchedule.php',
131130
// 'scheduling/MassRequests.php',
132131
'scheduling/PrintSchedules.php',
@@ -141,7 +140,7 @@
141140
'grades/AdminProgressReports.php',
142141
'grades/ProgressReports.php',
143142
// 'grades/HonorRoll.php',
144-
'grades/EditReportCardGrades.php',
143+
'grades/EditReportCardGrades.php',
145144
// 'grades/GraduationProgress.php',
146145
// For Attendance
147146
'attendance/AddAbsences.php',
@@ -156,37 +155,32 @@
156155

157156
$allow_back_to_student_list = array(
158157
// For Students
159-
'students/Student.php',
158+
'students/Student.php',
160159
// For Scheduling
161160
// 'scheduling/Schedule.php',
162-
'scheduling/ViewSchedule.php',
163-
'scheduling/Requests.php',
161+
'scheduling/ViewSchedule.php',
162+
'scheduling/Requests.php',
164163
// For Grades
165-
'grades/EditReportCardGrades.php',
164+
'grades/EditReportCardGrades.php',
166165
// For Eligibility
167166
'eligibility/Student.php'
168167
);
169-
168+
170169
if ($count_student_RET[1]['NUM'] > 1) {
171170
$title_set = 'y';
172171

173-
if(in_array($_REQUEST['modname'], $allow_buffer_list))
174-
{
175-
if(in_array($_REQUEST['modname'], $allow_back_to_student_list))
176-
{
177-
DrawHeaderHome('<div class="panel"><div class="panel-heading"><h6 class="panel-title">'._selectedStudent.' : ' . $RET[1]['FIRST_NAME'] . '&nbsp;' . ($RET[1]['MIDDLE_NAME'] ? $RET[1]['MIDDLE_NAME'] . ' ' : '') . $RET[1]['LAST_NAME'] . '&nbsp;' . $RET[1]['NAME_SUFFIX'] . '</h6> <div class="heading-elements clearfix"><span class="heading-text"><A HREF=Modules.php?modname=' . clean_param($_REQUEST['modname'], PARAM_NOTAGS) . '&search_modfunc=list&next_modname=Students/Student.php&ajax=true&bottom_back=true&return_session=true target=body><i class="icon-square-left"></i> '._backToStudentList.'</A></span><div class="btn-group heading-btn"><A HREF=SideForStudent.php?student_id=new&modcat=' . clean_param($_REQUEST['modcat'], PARAM_NOTAGS) . '&modname=' . $_REQUEST['modname'] . ' class="btn btn-danger btn-xs">'._deselect.'</A></div></div></div></div>');
178-
}
179-
else
180-
{
181-
DrawHeaderHome('<div class="panel"><div class="panel-heading"><h6 class="panel-title">'._selectedStudent.' : ' . $RET[1]['FIRST_NAME'] . '&nbsp;' . ($RET[1]['MIDDLE_NAME'] ? $RET[1]['MIDDLE_NAME'] . ' ' : '') . $RET[1]['LAST_NAME'] . '&nbsp;' . $RET[1]['NAME_SUFFIX'] . '</h6> <div class="heading-elements clearfix"><div class="btn-group heading-btn"><A HREF=SideForStudent.php?student_id=new&modcat=' . clean_param($_REQUEST['modcat'], PARAM_NOTAGS) . '&modname=' . $_REQUEST['modname'] . ' class="btn btn-danger btn-xs">'._deselect.'</A></div></div></div></div>');
172+
if (in_array($_REQUEST['modname'], $allow_buffer_list)) {
173+
if (in_array($_REQUEST['modname'], $allow_back_to_student_list)) {
174+
DrawHeaderHome('<div class="panel"><div class="panel-heading"><h6 class="panel-title">' . _selectedStudent . ' : ' . $RET[1]['FIRST_NAME'] . '&nbsp;' . ($RET[1]['MIDDLE_NAME'] ? $RET[1]['MIDDLE_NAME'] . ' ' : '') . $RET[1]['LAST_NAME'] . '&nbsp;' . $RET[1]['NAME_SUFFIX'] . '</h6> <div class="heading-elements clearfix"><span class="heading-text"><A HREF=Modules.php?modname=' . clean_param($_REQUEST['modname'], PARAM_NOTAGS) . '&search_modfunc=list&next_modname=Students/Student.php&ajax=true&bottom_back=true&return_session=true target=body><i class="icon-square-left"></i> ' . _backToStudentList . '</A></span><div class="btn-group heading-btn"><A HREF=SideForStudent.php?student_id=new&modcat=' . clean_param($_REQUEST['modcat'], PARAM_NOTAGS) . '&modname=' . $_REQUEST['modname'] . ' class="btn btn-danger btn-xs">' . _deselect . '</A></div></div></div></div>');
175+
} else {
176+
DrawHeaderHome('<div class="panel"><div class="panel-heading"><h6 class="panel-title">' . _selectedStudent . ' : ' . $RET[1]['FIRST_NAME'] . '&nbsp;' . ($RET[1]['MIDDLE_NAME'] ? $RET[1]['MIDDLE_NAME'] . ' ' : '') . $RET[1]['LAST_NAME'] . '&nbsp;' . $RET[1]['NAME_SUFFIX'] . '</h6> <div class="heading-elements clearfix"><div class="btn-group heading-btn"><A HREF=SideForStudent.php?student_id=new&modcat=' . clean_param($_REQUEST['modcat'], PARAM_NOTAGS) . '&modname=' . $_REQUEST['modname'] . ' class="btn btn-danger btn-xs">' . _deselect . '</A></div></div></div></div>');
182177
}
183178
}
184179
} else if ($count_student_RET[1]['NUM'] == 1) {
185180
$title_set = 'y';
186181

187-
if(in_array($_REQUEST['modname'], $allow_buffer_list))
188-
{
189-
DrawHeaderHome('<div class="panel"><div class="panel-heading"><h6 class="panel-title">'._selectedStudent.' : ' . $RET[1]['FIRST_NAME'] . '&nbsp;' . ($RET[1]['MIDDLE_NAME'] ? $RET[1]['MIDDLE_NAME'] . ' ' : '') . $RET[1]['LAST_NAME'] . '&nbsp;' . $RET[1]['NAME_SUFFIX'] . '</h6> <div class="heading-elements clearfix"><A HREF=SideForStudent.php?student_id=new&modcat=' . clean_param($_REQUEST['modcat'], PARAM_NOTAGS) . '&modname=' . $_REQUEST['modname'] . ' class="btn btn-danger btn-xs">'._deselect.'</A></div></div></div>');
182+
if (in_array($_REQUEST['modname'], $allow_buffer_list)) {
183+
DrawHeaderHome('<div class="panel"><div class="panel-heading"><h6 class="panel-title">' . _selectedStudent . ' : ' . $RET[1]['FIRST_NAME'] . '&nbsp;' . ($RET[1]['MIDDLE_NAME'] ? $RET[1]['MIDDLE_NAME'] . ' ' : '') . $RET[1]['LAST_NAME'] . '&nbsp;' . $RET[1]['NAME_SUFFIX'] . '</h6> <div class="heading-elements clearfix"><A HREF=SideForStudent.php?student_id=new&modcat=' . clean_param($_REQUEST['modcat'], PARAM_NOTAGS) . '&modname=' . $_REQUEST['modname'] . ' class="btn btn-danger btn-xs">' . _deselect . '</A></div></div></div>');
190184
}
191185
}
192186
}
@@ -199,7 +193,7 @@
199193
if ($_REQUEST['modname'] != 'users/User.php') {
200194
$RET = DBGet(DBQuery("SELECT FIRST_NAME,LAST_NAME FROM staff WHERE STAFF_ID='" . UserStaffID() . "'"));
201195
echo '<div class="panel panel-default">';
202-
DrawHeader(''._selectedStaff.' : ' . $RET[1]['FIRST_NAME'] . '&nbsp;' . $RET[1]['LAST_NAME'], '<span class="heading-text"><A HREF=Modules.php?modname=' . clean_param($_REQUEST['modname'], PARAM_NOTAGS) . '&search_modfunc=list&next_modname=users/User.php&ajax=true&bottom_back=true&return_session=true target=body><i class="icon-square-left"></i> '._backToUserList.'</A></span><div class="btn-group heading-btn"><A HREF=Side.php?staff_id=new&modcat=' . clean_param($_REQUEST['modcat'], PARAM_NOTAGS) . ' class="btn btn-danger btn-xs">'._deselect.'</A></div>');
196+
DrawHeader('' . _selectedStaff . ' : ' . $RET[1]['FIRST_NAME'] . '&nbsp;' . $RET[1]['LAST_NAME'], '<span class="heading-text"><A HREF=Modules.php?modname=' . clean_param($_REQUEST['modname'], PARAM_NOTAGS) . '&search_modfunc=list&next_modname=users/User.php&ajax=true&bottom_back=true&return_session=true target=body><i class="icon-square-left"></i> ' . _backToUserList . '</A></span><div class="btn-group heading-btn"><A HREF=Side.php?staff_id=new&modcat=' . clean_param($_REQUEST['modcat'], PARAM_NOTAGS) . ' class="btn btn-danger btn-xs">' . _deselect . '</A></div>');
203197
echo '</div>';
204198
}
205199
}
@@ -208,10 +202,10 @@
208202
if (!isset($_REQUEST['_openSIS_PDF'])) {
209203
Warehouse('header');
210204

211-
// if (strpos(clean_param($_REQUEST['modname'], PARAM_NOTAGS), 'miscellaneous/') === false)
212-
// echo '<script language="JavaScript">if(window == top && (!window.opener || window.opener.location.href.substring(0,(window.opener.location.href.indexOf("&")!=-1?window.opener.location.href.indexOf("&"):window.opener.location.href.replace("#","").length))!=window.location.href.substring(0,(window.location.href.indexOf("&")!=-1?window.location.href.indexOf("&"):window.location.href.replace("#","").length)))) window.location.href = "index.php";</script>';
213-
echo "<BODY marginwidth=0 leftmargin=0 border=0 onload='doOnload();' background=assets/bg.gif>";
214-
echo '<DIV id="Migoicons" style="visibility:hidden;position:absolute;z-index:1000;top:-100"></DIV>';
205+
if (strpos(clean_param($_REQUEST['modname'], PARAM_NOTAGS), 'miscellaneous/') === false)
206+
echo '<script language="JavaScript">if(window == top && (!window.opener || window.opener.location.href.substring(0,(window.opener.location.href.indexOf("&")!=-1?window.opener.location.href.indexOf("&"):window.opener.location.href.replace("#","").length))!=window.location.href.substring(0,(window.location.href.indexOf("&")!=-1?window.location.href.indexOf("&"):window.location.href.replace("#","").length)))) window.location.href = "index.php";</script>';
207+
// echo "<BODY marginwidth=0 leftmargin=0 border=0 onload='doOnload();' background=assets/bg.gif>";
208+
// echo '<DIV id="Migoicons" style="visibility:hidden;position:absolute;z-index:1000;top:-100"></DIV>';
215209
}
216210

217211
$ajax_to_sign_in = "";
@@ -261,8 +255,7 @@
261255

262256
if (preg_match('/\.\./', $modname) !== 1)
263257
include 'modules/' . $modname;
264-
}
265-
else {
258+
} else {
266259
if (User('USERNAME')) {
267260

268261

@@ -273,7 +266,7 @@
273266
}
274267

275268

276-
echo ""._youReNotAllowedToUseThisProgram."! "._thisAttemptedViolationHasBeenLoggedAndYourIpAddressWasCaptured.".";
269+
echo "" . _youReNotAllowedToUseThisProgram . "! " . _thisAttemptedViolationHasBeenLoggedAndYourIpAddressWasCaptured . ".";
277270
DBQuery("INSERT INTO hacking_log (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('$_SERVER[SERVER_NAME]','$ip','" . date('Y-m-d') . "','$openSISVersion','$_SERVER[PHP_SELF]','$_SERVER[DOCUMENT_ROOT]','$_SERVER[SCRIPT_NAME]','$_REQUEST[modname]','" . User('USERNAME') . "')");
278271
Warehouse('footer');
279272
if ($openSISNotifyAddress)
@@ -302,7 +295,8 @@
302295
echo '</HTML>';
303296
}
304297

305-
function decode_unicode_url($str) {
298+
function decode_unicode_url($str)
299+
{
306300
$res = '';
307301

308302
$i = 0;
@@ -317,11 +311,11 @@ function decode_unicode_url($str) {
317311
$character = chr($value);
318312
else if ($value < 0x0800) // 2 bytes: 110xxxxx 10xxxxxx
319313
$character = chr((($value & 0x07c0) >> 6) | 0xc0)
320-
. chr(($value & 0x3f) | 0x80);
314+
. chr(($value & 0x3f) | 0x80);
321315
else // 3 bytes: 1110xxxx 10xxxxxx 10xxxxxx
322316
$character = chr((($value & 0xf000) >> 12) | 0xe0)
323-
. chr((($value & 0x0fc0) >> 6) | 0x80)
324-
. chr(($value & 0x3f) | 0x80);
317+
. chr((($value & 0x0fc0) >> 6) | 0x80)
318+
. chr(($value & 0x3f) | 0x80);
325319
} else
326320
$i++;
327321

@@ -331,21 +325,23 @@ function decode_unicode_url($str) {
331325
return $res . substr($str, $i);
332326
}
333327

334-
function code2utf($num) {
328+
function code2utf($num)
329+
{
335330
if ($num < 128)
336331
return chr($num);
337332
if ($num < 1024)
338333
return chr(($num >> 6) + 192) . chr(($num & 63) + 128);
339334
if ($num < 32768)
340335
return chr(($num >> 12) + 224) . chr((($num >> 6) & 63) + 128)
341-
. chr(($num & 63) + 128);
336+
. chr(($num & 63) + 128);
342337
if ($num < 2097152)
343338
return chr(($num >> 18) + 240) . chr((($num >> 12) & 63) + 128)
344-
. chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128);
339+
. chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128);
345340
return '';
346341
}
347342

348-
function unescape($strIn, $iconv_to = 'UTF-8') {
343+
function unescape($strIn, $iconv_to = 'UTF-8')
344+
{
349345
$strOut = '';
350346
$iPos = 0;
351347
$len = strlen($strIn);
@@ -382,5 +378,3 @@ function unescape($strIn, $iconv_to = 'UTF-8') {
382378
}
383379
return $strOut;
384380
}
385-
386-
?>

Diff for: Bottom.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@
2525
# along with this program. If not, see <http://www.gnu.org/licenses/>.
2626
#
2727
#***************************************************************************************
28-
error_reporting(0);
28+
error_reporting(0);
2929
include("functions/ParamLibFnc.php");
3030
require_once("Data.php");
3131
include "./Warehouse.php";

Diff for: CalculateGpaProcess.php

+1
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@
2727
#***************************************************************************************
2828
error_reporting(0);
2929

30+
3031
include('RedirectRootInc.php');
3132
include 'Warehouse.php';
3233
include 'Data.php';

Diff for: CalculateMissingAttendance.php

+1
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@
2626
#
2727
#***************************************************************************************
2828
error_reporting(0);
29+
2930
include('RedirectRootInc.php');
3031
include 'Warehouse.php';
3132
include 'Data.php';

Diff for: CalendarModal.php

+5-2
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
include('RedirectRootInc.php');
55
include'ConfigInc.php';
66
include 'Warehouse.php';
7+
78
/*
89
* To change this license header, choose License Headers in Project Properties.
910
* To change this template file, choose Tools | Templates
@@ -13,7 +14,9 @@
1314
//----------------------- modal for event start---------------------//
1415
// $connection = new mysqli($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName);
1516
$_REQUEST['event_id'] = mysqli_real_escape_string($connection,optional_param('event_id', '', PARAM_DATA));
16-
if (($_REQUEST['event_id'] || !isset($_REQUEST['event_id'])) && !isset($_REQUEST[assignment_id])) {
17+
$_REQUEST['assignment_id'] = sqlSecurityFilter($_REQUEST['assignment_id']);
18+
19+
if (($_REQUEST['event_id'] || !isset($_REQUEST['event_id'])) && !isset($_REQUEST['assignment_id'])) {
1720
if ($_REQUEST['event_id'] != 'new' && isset($_REQUEST['event_id'])) {
1821
$RET = DBGet(DBQuery("SELECT TITLE,DESCRIPTION,SCHOOL_DATE,CALENDAR_ID FROM calendar_events WHERE ID='$_REQUEST[event_id]'"));
1922
$title = $RET[1]['TITLE'];
@@ -27,7 +30,7 @@
2730
}
2831
echo "<FORM name=popform class=\"m-b-0\" id=popform action=Modules.php?modname=schoolsetup/Calendar.php&dd=$_REQUEST[school_date]&modfunc=detail&event_id=$_REQUEST[event_id]&calendar_id=$calendar_id&month=$_REQUEST[month]&year=$_REQUEST[year] METHOD=POST>";
2932
} else {
30-
$RET = DBGet(DBQuery('SELECT TITLE,STAFF_ID,DATE_FORMAT(DUE_DATE,\'%d-%b-%y\') AS SCHOOL_DATE,ASSIGNED_DATE,DUE_DATE,DESCRIPTION FROM gradebook_assignments WHERE ASSIGNMENT_ID=\'' . $_REQUEST[assignment_id] . '\''));
33+
$RET = DBGet(DBQuery('SELECT TITLE,STAFF_ID,DATE_FORMAT(DUE_DATE,\'%d-%b-%y\') AS SCHOOL_DATE,ASSIGNED_DATE,DUE_DATE,DESCRIPTION FROM gradebook_assignments WHERE ASSIGNMENT_ID=\'' . $_REQUEST['assignment_id'] . '\''));
3134
$title = $RET[1]['TITLE'];
3235
$RET[1]['STAFF_ID'] = GetTeacher($RET[1]['STAFF_ID']);
3336
}

Diff for: CheckUrlWs.php

+37
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
<?php
2+
$url = $_REQUEST['url'];
3+
$data = array();
4+
$exists = '';
5+
$file_headers = '';
6+
$s = empty($_SERVER["HTTPS"]) ? '' : ($_SERVER["HTTPS"] == "on") ? "s" : "";
7+
$sp = strtolower($_SERVER["SERVER_PROTOCOL"]);
8+
$protocol = substr($sp, 0, strpos($sp, "/")) . $s;
9+
$out=$protocol . "://" . $url;
10+
$file_headers = @get_headers($out);
11+
12+
if(count($file_headers)>1)
13+
{
14+
if($file_headers[0]!='' && strpos($file_headers[0], '404')) {
15+
$exists = 0;
16+
}
17+
else {
18+
$exists = 1;
19+
}
20+
}
21+
else
22+
{
23+
$exists = 0;
24+
}
25+
if($exists==1)
26+
{
27+
$data['success']=1;
28+
$data['msg']=_validUrl;
29+
$data['host'] = $out;
30+
}
31+
else
32+
{
33+
$data['success']=0;
34+
$data['msg']=_invalidUrl;
35+
$data['host'] = $out;
36+
}
37+
echo json_encode($data);

Diff for: ChooseCP.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
* To change this template file, choose Tools | Templates
66
* and open the template in the editor.
77
*/
8-
8+
session_start();
99
include('RedirectRootInc.php');
1010
include'ConfigInc.php';
1111
include 'Warehouse.php';

0 commit comments

Comments
 (0)