science-ation/schoolaccess.php

215 lines
7.9 KiB
PHP
Raw Normal View History

<?
include "common.inc.php";
if($_POST['schoolid'] && $_POST['accesscode'])
{
$q=mysql_query("SELECT * FROM schools WHERE id='".$_POST['schoolid']."' AND accesscode='".$_POST['accesscode']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q)==1)
{
$_SESSION['schoolid']=$_POST['schoolid'];
$_SESSION['schoolaccesscode']=$_POST['accesscode'];
mysql_query("UPDATE schools SET lastlogin=NOW() WHERE id='".$_POST['schoolid']."'");
}
else
$errormsg="Invalid School ID or Access Code";
}
send_header(i18n("School Access"));
if($_GET['action']=="logout")
{
unset($_SESSION['schoolid']);
unset($_SESSION['schoolaccesscode']);
echo happy(i18n("You have been logged out from the school access page"));
}
if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
{
$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
echo mysql_error();
$school=mysql_fetch_object($q);
if($school)
{
if($_POST['action']=="save")
{
mysql_query("UPDATE schools SET
school='".mysql_escape_string(stripslashes($_POST['school']))."',
address='".mysql_escape_string(stripslashes($_POST['address']))."',
city='".mysql_escape_string(stripslashes($_POST['city']))."',
province_code='".mysql_escape_string(stripslashes($_POST['province_code']))."',
postalcode='".mysql_escape_string(stripslashes($_POST['postalcode']))."',
phone='".mysql_escape_string(stripslashes($_POST['phone']))."',
fax='".mysql_escape_string(stripslashes($_POST['fax']))."',
sciencehead='".mysql_escape_string(stripslashes($_POST['sciencehead']))."',
scienceheademail='".mysql_escape_string(stripslashes($_POST['scienceheademail']))."',
scienceheadphone='".mysql_escape_string(stripslashes($_POST['scienceheadphone']))."'
WHERE id='$school->id'");
if(mysql_error())
echo error(i18n("An Error occured trying to save the school information"));
else
echo happy(i18n("School information successfully updated"));
//and reselect it
$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
echo mysql_error();
$school=mysql_fetch_object($q);
}
/*
if($_POST['action']=="numbers")
{
mysql_query("UPDATE schools SET
junior='".$_POST['junior']."',
intermediate='".$_POST['intermediate']."',
senior='".$_POST['senior']."'
WHERE id='$school->id'");
echo mysql_error();
$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."'");
echo "<font color=blue><b>Participation Information Successfully Updated</b></font><br>\n";
$school=mysql_fetch_object($q);
}
*/
if($_POST['action']=="feedback")
{
$body="";
$body.=$_SERVER['REMOTE_ADDR']." (".$_SERVER['REMOTE_HOST'].")\n";
$body.=date("r")."\n";
$body.="School ID: $school->id\n";
$body.="School Name: $school->school\n";
$body.="Feedback:\n".$_POST['feedbacktext']."\n";
echo "mailing ".$config['fairmanageremail'];
mail($config['fairmanageremail'],"School Feedback",$body,"From: webpage@".$_SERVER['SERVER_NAME']);
echo happy(i18n("Thanks for your feedback!"));
}
echo "<h3>$school->school</h3>";
echo "<h4>School Information</h4>";
echo "Please make sure your school contact information is correct, make any necessary changes:";
echo "<form method=POST action=\"schoolaccess.php\">";
echo "<input type=hidden name=action value=\"save\">";
echo "<table border=0 cellspacing=0 cellpadding=3>";
echo "<tr><td>School Name</td><td><input value=\"$school->school\" type=text name=school size=40></td></tr>";
echo "<tr><td>Address</td><td><input value=\"$school->address\" type=text name=address size=40></td></tr>";
echo "<tr><td>City</td><td><input value=\"$school->city\" type=text name=city size=30></td></tr>";
echo "<tr><td>".i18n("Province")."</td><td>";
emit_province_selector("province_code",$school->province_code);
echo "</td></tr>\n";
echo "<tr><td>Postalcode</td><td><input value=\"$school->postalcode\" type=text name=postalcode size=10></td></tr>";
echo "<tr><td>Phone Number</td><td><input value=\"$school->phone\" type=text name=phone size=30></td></tr>";
echo "<tr><td>Fax Number</td><td><input value=\"$school->fax\" type=text name=fax size=30></td></tr>";
echo "<tr><td>Science Teacher</td><td><input value=\"$school->sciencehead\" type=text name=sciencehead size=40></td></tr>";
echo "<tr><td>Science Teacher Email</td><td><input value=\"$school->scienceheademail\" type=text name=scienceheademail size=40></td></tr>";
echo "<tr><td>Science Teacher Phone <br><font size=1>(If different than above)</font></td><td><input value=\"$school->scienceheadphone\" type=text name=scienceheadphone size=30></td></tr>";
echo "</table>";
echo "<input type=submit value=\"Save Changes\">";
echo "</form>";
echo "<br>";
/*
//the participation section needs to be updated to handle the age categories as specified
//in the categories table and the numbers from configuration, for now, lets just not do it.
//this code is copied from the ORSF schoolaccess page, thats why its here, but just commented out.
echo "<h4>Participation Information</h4>";
echo "Please select the number of <b>projects</b> you anticipate on sending to the fair in each of the age categories";
echo "<form method=POST action=\"schoolaccess.php\">";
echo "<input type=hidden name=action value=\"numbers\">";
echo "<table border=0 cellspacing=0 cellpadding=3>";
echo "<tr><td>Junior (Grades 7-8)</td><td>";
echo "<select name=junior>";
for($x=0;$x<=12;$x++)
{
if($school->junior==$x) $sel="selected"; else $sel="";
echo "<option $sel value=\"$x\">$x</option>\n";
}
echo "</select>";
echo "</td></tr>";
echo "<tr><td>Intermediate (Grades 9-10)</td><td>";
echo "<select name=intermediate>";
for($x=0;$x<=12;$x++)
{
if($school->intermediate==$x) $sel="selected"; else $sel="";
echo "<option $sel value=\"$x\">$x</option>\n";
}
echo "</select>";
echo "</td></tr>";
echo "<tr><td>Senior (Grades 11-12)</td><td>";
echo "<select name=senior>";
for($x=0;$x<=12;$x++)
{
if($school->senior==$x) $sel="selected"; else $sel="";
echo "<option $sel value=\"$x\">$x</option>\n";
}
echo "</select>";
echo "</td></tr>";
echo "</table>";
echo "<input type=submit value=\"Save Participation Numbers\">";
echo "<br>Please note, these numbers are only an <b>estimate</b> to help us plan the fair. Choosing small numbers here in <b>no way</b> limits your actual participation.<br>\n";
echo "</form>";
*/
echo "<br>";
echo "<h4>School Feedback / Questions</h4>";
echo "<form method=POST action=\"schoolaccess.php\">";
echo "<input type=hidden name=action value=\"feedback\">";
echo "We are always welcome to any feedback (both positive and constructive crisicism!), or any questions you may have. Please use the following box to communicate with us!";
echo "<br><textarea name=feedbacktext rows=8 cols=60></textarea><br>";
echo "<input type=submit value=\"Send Feedback\">";
echo "</form>";
}
else
{
echo "Invalid School ID or Access Code (2)";
}
}
else
{
if($errormsg) echo "<font color=red><b>$errormsg</b></font>";
?>
<form method=POST action="schoolaccess.php">
Welcome to the School Access Page. This page allows your school to provide several key pieces of information for the fair, as well as feedback about the schools experience with/at the fair.
<br><br>
Please login below using the <b>School ID</b> and <b>Access Code</b> that you received in your package.
<br><br>
<table border=0 cellspacing=0 cellpadding=5>
<tr><td>School ID</td><td><input type=text name=schoolid></td></tr>
<tr><td>Access Code</td><td><input type=text name=accesscode></td></tr>
<tr><td align=center><input type=submit value="Login"></td></tr>
</table>
</form>
<br><br>
<?
}
send_footer();
?>