2828#***************************************************************************************
2929
3030session_start ();
31- !empty ($ _SESSION ['USERNAME ' ]) or die ('Access denied! ' );
31+ // !empty($_SESSION['PROFILE_ID ']) or die('Access denied!');
3232
3333include "functions/ParamLibFnc.php " ;
3434echo '<script type="text/javascript" src="assets/js/pages/components_popups.js"></script> ' ;
9999if ($ url === FALSE ) {
100100 header ('Location: index.php ' );
101101}
102- error_reporting (E_ERROR );
103102$ isajax = "ajax " ;
104103$ start_time = time ();
105104include 'Warehouse.php ' ;
106105array_rwalk ($ _REQUEST , 'strip_tags ' );
107106$ title_set = '' ;
108107
109- if (UserStudentID () && User ('PROFILE ' ) != 'parent ' && User ('PROFILE ' ) != 'student ' && substr (clean_param ($ _REQUEST ['modname ' ], PARAM_NOTAGS ), 0 , 5 ) != 'Atten ' && substr (clean_param ($ _REQUEST ['modname ' ], PARAM_NOTAGS ), 0 , 5 ) != 'users ' && clean_param ($ _REQUEST ['modname ' ], PARAM_NOTAGS ) != 'students/AddUsers.php ' && $ _REQUEST ['modname ' ]!= 'tools/Backup.php ' && (substr (clean_param ($ _REQUEST ['modname ' ], PARAM_NOTAGS ), 0 , 10 ) != 'attendance ' || clean_param ($ _REQUEST ['modname ' ], PARAM_NOTAGS ) == 'attendance/StudentSummary.php ' || clean_param ($ _REQUEST ['modname ' ], PARAM_NOTAGS ) == 'attendance/DailySummary.php ' || clean_param ($ _REQUEST ['modname ' ], PARAM_NOTAGS ) == 'attendance/AddAbsences.php ' )) {
108+ if (UserStudentID () && User ('PROFILE ' ) != 'parent ' && User ('PROFILE ' ) != 'student ' && substr (clean_param ($ _REQUEST ['modname ' ], PARAM_NOTAGS ), 0 , 5 ) != 'Atten ' && substr (clean_param ($ _REQUEST ['modname ' ], PARAM_NOTAGS ), 0 , 5 ) != 'users ' && clean_param ($ _REQUEST ['modname ' ], PARAM_NOTAGS ) != 'students/AddUsers.php ' && $ _REQUEST ['modname ' ] != 'tools/Backup.php ' && (substr (clean_param ($ _REQUEST ['modname ' ], PARAM_NOTAGS ), 0 , 10 ) != 'attendance ' || clean_param ($ _REQUEST ['modname ' ], PARAM_NOTAGS ) == 'attendance/StudentSummary.php ' || clean_param ($ _REQUEST ['modname ' ], PARAM_NOTAGS ) == 'attendance/DailySummary.php ' || clean_param ($ _REQUEST ['modname ' ], PARAM_NOTAGS ) == 'attendance/AddAbsences.php ' )) {
110109 $ RET = DBGet (DBQuery ("SELECT FIRST_NAME,LAST_NAME,MIDDLE_NAME,NAME_SUFFIX FROM students WHERE STUDENT_ID=' " . UserStudentID () . "' " ));
111110 $ count_student_RET = DBGet (DBQuery ("SELECT COUNT(*) AS NUM FROM students " ));
112111
125124 'students/EnrollmentReport.php ' ,
126125 // For Scheduling
127126 // 'scheduling/Schedule.php',
128- 'scheduling/ViewSchedule.php ' ,
129- 'scheduling/Requests.php ' ,
127+ 'scheduling/ViewSchedule.php ' ,
128+ 'scheduling/Requests.php ' ,
130129 // 'scheduling/MassSchedule.php',
131130 // 'scheduling/MassRequests.php',
132131 'scheduling/PrintSchedules.php ' ,
141140 'grades/AdminProgressReports.php ' ,
142141 'grades/ProgressReports.php ' ,
143142 // 'grades/HonorRoll.php',
144- 'grades/EditReportCardGrades.php ' ,
143+ 'grades/EditReportCardGrades.php ' ,
145144 // 'grades/GraduationProgress.php',
146145 // For Attendance
147146 'attendance/AddAbsences.php ' ,
156155
157156 $ allow_back_to_student_list = array (
158157 // For Students
159- 'students/Student.php ' ,
158+ 'students/Student.php ' ,
160159 // For Scheduling
161160 // 'scheduling/Schedule.php',
162- 'scheduling/ViewSchedule.php ' ,
163- 'scheduling/Requests.php ' ,
161+ 'scheduling/ViewSchedule.php ' ,
162+ 'scheduling/Requests.php ' ,
164163 // For Grades
165- 'grades/EditReportCardGrades.php ' ,
164+ 'grades/EditReportCardGrades.php ' ,
166165 // For Eligibility
167166 'eligibility/Student.php '
168167 );
169-
168+
170169 if ($ count_student_RET [1 ]['NUM ' ] > 1 ) {
171170 $ title_set = 'y ' ;
172171
173- if (in_array ($ _REQUEST ['modname ' ], $ allow_buffer_list ))
174- {
175- if (in_array ($ _REQUEST ['modname ' ], $ allow_back_to_student_list ))
176- {
177- DrawHeaderHome ('<div class="panel"><div class="panel-heading"><h6 class="panel-title"> ' ._selectedStudent.' : ' . $ RET [1 ]['FIRST_NAME ' ] . ' ' . ($ RET [1 ]['MIDDLE_NAME ' ] ? $ RET [1 ]['MIDDLE_NAME ' ] . ' ' : '' ) . $ RET [1 ]['LAST_NAME ' ] . ' ' . $ RET [1 ]['NAME_SUFFIX ' ] . '</h6> <div class="heading-elements clearfix"><span class="heading-text"><A HREF=Modules.php?modname= ' . clean_param ($ _REQUEST ['modname ' ], PARAM_NOTAGS ) . '&search_modfunc=list&next_modname=Students/Student.php&ajax=true&bottom_back=true&return_session=true target=body><i class="icon-square-left"></i> ' ._backToStudentList.'</A></span><div class="btn-group heading-btn"><A HREF=SideForStudent.php?student_id=new&modcat= ' . clean_param ($ _REQUEST ['modcat ' ], PARAM_NOTAGS ) . '&modname= ' . $ _REQUEST ['modname ' ] . ' class="btn btn-danger btn-xs"> ' ._deselect.'</A></div></div></div></div> ' );
178- }
179- else
180- {
181- DrawHeaderHome ('<div class="panel"><div class="panel-heading"><h6 class="panel-title"> ' ._selectedStudent.' : ' . $ RET [1 ]['FIRST_NAME ' ] . ' ' . ($ RET [1 ]['MIDDLE_NAME ' ] ? $ RET [1 ]['MIDDLE_NAME ' ] . ' ' : '' ) . $ RET [1 ]['LAST_NAME ' ] . ' ' . $ RET [1 ]['NAME_SUFFIX ' ] . '</h6> <div class="heading-elements clearfix"><div class="btn-group heading-btn"><A HREF=SideForStudent.php?student_id=new&modcat= ' . clean_param ($ _REQUEST ['modcat ' ], PARAM_NOTAGS ) . '&modname= ' . $ _REQUEST ['modname ' ] . ' class="btn btn-danger btn-xs"> ' ._deselect.'</A></div></div></div></div> ' );
172+ if (in_array ($ _REQUEST ['modname ' ], $ allow_buffer_list )) {
173+ if (in_array ($ _REQUEST ['modname ' ], $ allow_back_to_student_list )) {
174+ DrawHeaderHome ('<div class="panel"><div class="panel-heading"><h6 class="panel-title"> ' . _selectedStudent . ' : ' . $ RET [1 ]['FIRST_NAME ' ] . ' ' . ($ RET [1 ]['MIDDLE_NAME ' ] ? $ RET [1 ]['MIDDLE_NAME ' ] . ' ' : '' ) . $ RET [1 ]['LAST_NAME ' ] . ' ' . $ RET [1 ]['NAME_SUFFIX ' ] . '</h6> <div class="heading-elements clearfix"><span class="heading-text"><A HREF=Modules.php?modname= ' . clean_param ($ _REQUEST ['modname ' ], PARAM_NOTAGS ) . '&search_modfunc=list&next_modname=Students/Student.php&ajax=true&bottom_back=true&return_session=true target=body><i class="icon-square-left"></i> ' . _backToStudentList . '</A></span><div class="btn-group heading-btn"><A HREF=SideForStudent.php?student_id=new&modcat= ' . clean_param ($ _REQUEST ['modcat ' ], PARAM_NOTAGS ) . '&modname= ' . $ _REQUEST ['modname ' ] . ' class="btn btn-danger btn-xs"> ' . _deselect . '</A></div></div></div></div> ' );
175+ } else {
176+ DrawHeaderHome ('<div class="panel"><div class="panel-heading"><h6 class="panel-title"> ' . _selectedStudent . ' : ' . $ RET [1 ]['FIRST_NAME ' ] . ' ' . ($ RET [1 ]['MIDDLE_NAME ' ] ? $ RET [1 ]['MIDDLE_NAME ' ] . ' ' : '' ) . $ RET [1 ]['LAST_NAME ' ] . ' ' . $ RET [1 ]['NAME_SUFFIX ' ] . '</h6> <div class="heading-elements clearfix"><div class="btn-group heading-btn"><A HREF=SideForStudent.php?student_id=new&modcat= ' . clean_param ($ _REQUEST ['modcat ' ], PARAM_NOTAGS ) . '&modname= ' . $ _REQUEST ['modname ' ] . ' class="btn btn-danger btn-xs"> ' . _deselect . '</A></div></div></div></div> ' );
182177 }
183178 }
184179 } else if ($ count_student_RET [1 ]['NUM ' ] == 1 ) {
185180 $ title_set = 'y ' ;
186181
187- if (in_array ($ _REQUEST ['modname ' ], $ allow_buffer_list ))
188- {
189- DrawHeaderHome ('<div class="panel"><div class="panel-heading"><h6 class="panel-title"> ' ._selectedStudent.' : ' . $ RET [1 ]['FIRST_NAME ' ] . ' ' . ($ RET [1 ]['MIDDLE_NAME ' ] ? $ RET [1 ]['MIDDLE_NAME ' ] . ' ' : '' ) . $ RET [1 ]['LAST_NAME ' ] . ' ' . $ RET [1 ]['NAME_SUFFIX ' ] . '</h6> <div class="heading-elements clearfix"><A HREF=SideForStudent.php?student_id=new&modcat= ' . clean_param ($ _REQUEST ['modcat ' ], PARAM_NOTAGS ) . '&modname= ' . $ _REQUEST ['modname ' ] . ' class="btn btn-danger btn-xs"> ' ._deselect.'</A></div></div></div> ' );
182+ if (in_array ($ _REQUEST ['modname ' ], $ allow_buffer_list )) {
183+ DrawHeaderHome ('<div class="panel"><div class="panel-heading"><h6 class="panel-title"> ' . _selectedStudent . ' : ' . $ RET [1 ]['FIRST_NAME ' ] . ' ' . ($ RET [1 ]['MIDDLE_NAME ' ] ? $ RET [1 ]['MIDDLE_NAME ' ] . ' ' : '' ) . $ RET [1 ]['LAST_NAME ' ] . ' ' . $ RET [1 ]['NAME_SUFFIX ' ] . '</h6> <div class="heading-elements clearfix"><A HREF=SideForStudent.php?student_id=new&modcat= ' . clean_param ($ _REQUEST ['modcat ' ], PARAM_NOTAGS ) . '&modname= ' . $ _REQUEST ['modname ' ] . ' class="btn btn-danger btn-xs"> ' . _deselect . '</A></div></div></div> ' );
190184 }
191185 }
192186}
199193 if ($ _REQUEST ['modname ' ] != 'users/User.php ' ) {
200194 $ RET = DBGet (DBQuery ("SELECT FIRST_NAME,LAST_NAME FROM staff WHERE STAFF_ID=' " . UserStaffID () . "' " ));
201195 echo '<div class="panel panel-default"> ' ;
202- DrawHeader ('' . _selectedStaff. ' : ' . $ RET [1 ]['FIRST_NAME ' ] . ' ' . $ RET [1 ]['LAST_NAME ' ], '<span class="heading-text"><A HREF=Modules.php?modname= ' . clean_param ($ _REQUEST ['modname ' ], PARAM_NOTAGS ) . '&search_modfunc=list&next_modname=users/User.php&ajax=true&bottom_back=true&return_session=true target=body><i class="icon-square-left"></i> ' . _backToUserList. '</A></span><div class="btn-group heading-btn"><A HREF=Side.php?staff_id=new&modcat= ' . clean_param ($ _REQUEST ['modcat ' ], PARAM_NOTAGS ) . ' class="btn btn-danger btn-xs"> ' . _deselect. '</A></div> ' );
196+ DrawHeader ('' . _selectedStaff . ' : ' . $ RET [1 ]['FIRST_NAME ' ] . ' ' . $ RET [1 ]['LAST_NAME ' ], '<span class="heading-text"><A HREF=Modules.php?modname= ' . clean_param ($ _REQUEST ['modname ' ], PARAM_NOTAGS ) . '&search_modfunc=list&next_modname=users/User.php&ajax=true&bottom_back=true&return_session=true target=body><i class="icon-square-left"></i> ' . _backToUserList . '</A></span><div class="btn-group heading-btn"><A HREF=Side.php?staff_id=new&modcat= ' . clean_param ($ _REQUEST ['modcat ' ], PARAM_NOTAGS ) . ' class="btn btn-danger btn-xs"> ' . _deselect . '</A></div> ' );
203197 echo '</div> ' ;
204198 }
205199 }
208202if (!isset ($ _REQUEST ['_openSIS_PDF ' ])) {
209203 Warehouse ('header ' );
210204
211- // if (strpos(clean_param($_REQUEST['modname'], PARAM_NOTAGS), 'miscellaneous/') === false)
212- // echo '<script language="JavaScript">if(window == top && (!window.opener || window.opener.location.href.substring(0,(window.opener.location.href.indexOf("&")!=-1?window.opener.location.href.indexOf("&"):window.opener.location.href.replace("#","").length))!=window.location.href.substring(0,(window.location.href.indexOf("&")!=-1?window.location.href.indexOf("&"):window.location.href.replace("#","").length)))) window.location.href = "index.php";</script>';
213- echo "<BODY marginwidth=0 leftmargin=0 border=0 onload='doOnload();' background=assets/bg.gif> " ;
214- echo '<DIV id="Migoicons" style="visibility:hidden;position:absolute;z-index:1000;top:-100"></DIV> ' ;
205+ if (strpos (clean_param ($ _REQUEST ['modname ' ], PARAM_NOTAGS ), 'miscellaneous/ ' ) === false )
206+ echo '<script language="JavaScript">if(window == top && (!window.opener || window.opener.location.href.substring(0,(window.opener.location.href.indexOf("&")!=-1?window.opener.location.href.indexOf("&"):window.opener.location.href.replace("#","").length))!=window.location.href.substring(0,(window.location.href.indexOf("&")!=-1?window.location.href.indexOf("&"):window.location.href.replace("#","").length)))) window.location.href = "index.php";</script> ' ;
207+ // echo "<BODY marginwidth=0 leftmargin=0 border=0 onload='doOnload();' background=assets/bg.gif>";
208+ // echo '<DIV id="Migoicons" style="visibility:hidden;position:absolute;z-index:1000;top:-100"></DIV>';
215209}
216210
217211$ ajax_to_sign_in = "" ;
261255
262256 if (preg_match ('/\.\./ ' , $ modname ) !== 1 )
263257 include 'modules/ ' . $ modname ;
264- }
265- else {
258+ } else {
266259 if (User ('USERNAME ' )) {
267260
268261
273266 }
274267
275268
276- echo "" . _youReNotAllowedToUseThisProgram. "! " . _thisAttemptedViolationHasBeenLoggedAndYourIpAddressWasCaptured. ". " ;
269+ echo "" . _youReNotAllowedToUseThisProgram . "! " . _thisAttemptedViolationHasBeenLoggedAndYourIpAddressWasCaptured . ". " ;
277270 DBQuery ("INSERT INTO hacking_log (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values(' $ _SERVER [SERVER_NAME ]',' $ ip',' " . date ('Y-m-d ' ) . "',' $ openSISVersion',' $ _SERVER [PHP_SELF ]',' $ _SERVER [DOCUMENT_ROOT ]',' $ _SERVER [SCRIPT_NAME ]',' $ _REQUEST [modname]',' " . User ('USERNAME ' ) . "') " );
278271 Warehouse ('footer ' );
279272 if ($ openSISNotifyAddress )
302295 echo '</HTML> ' ;
303296}
304297
305- function decode_unicode_url ($ str ) {
298+ function decode_unicode_url ($ str )
299+ {
306300 $ res = '' ;
307301
308302 $ i = 0 ;
@@ -317,11 +311,11 @@ function decode_unicode_url($str) {
317311 $ character = chr ($ value );
318312 else if ($ value < 0x0800 ) // 2 bytes: 110xxxxx 10xxxxxx
319313 $ character = chr ((($ value & 0x07c0 ) >> 6 ) | 0xc0 )
320- . chr (($ value & 0x3f ) | 0x80 );
314+ . chr (($ value & 0x3f ) | 0x80 );
321315 else // 3 bytes: 1110xxxx 10xxxxxx 10xxxxxx
322316 $ character = chr ((($ value & 0xf000 ) >> 12 ) | 0xe0 )
323- . chr ((($ value & 0x0fc0 ) >> 6 ) | 0x80 )
324- . chr (($ value & 0x3f ) | 0x80 );
317+ . chr ((($ value & 0x0fc0 ) >> 6 ) | 0x80 )
318+ . chr (($ value & 0x3f ) | 0x80 );
325319 } else
326320 $ i ++;
327321
@@ -331,21 +325,23 @@ function decode_unicode_url($str) {
331325 return $ res . substr ($ str , $ i );
332326}
333327
334- function code2utf ($ num ) {
328+ function code2utf ($ num )
329+ {
335330 if ($ num < 128 )
336331 return chr ($ num );
337332 if ($ num < 1024 )
338333 return chr (($ num >> 6 ) + 192 ) . chr (($ num & 63 ) + 128 );
339334 if ($ num < 32768 )
340335 return chr (($ num >> 12 ) + 224 ) . chr ((($ num >> 6 ) & 63 ) + 128 )
341- . chr (($ num & 63 ) + 128 );
336+ . chr (($ num & 63 ) + 128 );
342337 if ($ num < 2097152 )
343338 return chr (($ num >> 18 ) + 240 ) . chr ((($ num >> 12 ) & 63 ) + 128 )
344- . chr ((($ num >> 6 ) & 63 ) + 128 ) . chr (($ num & 63 ) + 128 );
339+ . chr ((($ num >> 6 ) & 63 ) + 128 ) . chr (($ num & 63 ) + 128 );
345340 return '' ;
346341}
347342
348- function unescape ($ strIn , $ iconv_to = 'UTF-8 ' ) {
343+ function unescape ($ strIn , $ iconv_to = 'UTF-8 ' )
344+ {
349345 $ strOut = '' ;
350346 $ iPos = 0 ;
351347 $ len = strlen ($ strIn );
@@ -382,5 +378,3 @@ function unescape($strIn, $iconv_to = 'UTF-8') {
382378 }
383379 return $ strOut ;
384380}
385-
386- ?>
0 commit comments