From 0b36f20e86d2485a5cd05f7c9b838e4c69cf887d Mon Sep 17 00:00:00 2001 From: Armanveer Gill Date: Sun, 19 Jan 2025 22:44:42 -0500 Subject: [PATCH] Fixed errors and bugs with school login and school information update. --- helper.inc.php | 6 ++++++ schoolaccess.php | 17 ++++++++++------- user_new.php | 4 ++-- 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/helper.inc.php b/helper.inc.php index d2a44390..36d2b99b 100644 --- a/helper.inc.php +++ b/helper.inc.php @@ -50,6 +50,12 @@ function show_pdo_errors_if_any($pdo) } } +function check_for_pdo_errors($pdo){ + $errorInfo = $pdo->errorInfo(); + if ($errorInfo[0] != '00000') return true; + else return false; +} + function add_or_initialize(mixed $ar, mixed $key, mixed $increment = 1, mixed $initial = 0) : mixed { return isset($ar[$key]) ? ($ar[$key] += $increment) : $initial; } diff --git a/schoolaccess.php b/schoolaccess.php index 8599fb47..56f601d0 100644 --- a/schoolaccess.php +++ b/schoolaccess.php @@ -2,7 +2,10 @@ require_once('common.inc.php'); require_once('user.inc.php'); -if($_POST['schoolid'] && $_POST['accesscode']) +$happymsg = null; +$errormsg = null; + +if(get_value_from_array($_POST, 'schoolid') && get_value_from_array($_POST, 'accesscode')) { $q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_POST['schoolid']."' AND accesscode='".$_POST['accesscode']."' AND year='".$config['FAIRYEAR']."'"); $q->execute(); @@ -18,7 +21,7 @@ if($_POST['schoolid'] && $_POST['accesscode']) $errormsg="Invalid School ID or Access Code"; } -if($_GET['action']=="logout") +if(get_value_from_array($_GET, 'action')=="logout") { unset($_SESSION['schoolid']); unset($_SESSION['schoolaccesscode']); @@ -28,14 +31,14 @@ send_header("School Access"); -if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode']) +if(get_value_from_array($_SESSION, 'schoolid') && $_SESSION['schoolaccesscode']) { $q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'"); $q->execute(); show_pdo_errors_if_any($pdo); $school=$q->fetch(PDO::FETCH_OBJ); if($school) { - if($_POST['action']=="save") { + if(get_value_from_array($_POST, 'action')=="save") { /* Get info about science head */ $sciencehead_update = ''; @@ -81,7 +84,7 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode']) $stmt->execute(); show_pdo_errors_if_any($pdo); - if($pdo->errorInfo()) + if(check_for_pdo_errors($pdo)) echo error(i18n("An Error occured trying to save the school information")); else echo happy(i18n("School information successfully updated")); @@ -116,11 +119,11 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode']) $sh = array(); $sh_email = ($sh['email'] != '' && $sh['email'][0] != '*') ? $sh['email'] : ''; - if($_POST['action']=="feedback") + if(get_value_from_array($_POST, 'action')=="feedback") { $body=""; $body.=date("r")."\n"; - $body.=$_SERVER['REMOTE_ADDR']." (".$_SERVER['REMOTE_HOST'].")\n"; + $body.=get_value_from_array($_SERVER,'REMOTE_ADDR')." (".get_value_from_array($_SERVER, 'REMOTE_HOST').")\n"; $body.="School ID: $school->id\n"; $body.="School Name: $school->school\n"; if($sh['name']) $body.="Science Teacher: {$sh['name']}\n"; diff --git a/user_new.php b/user_new.php index 1d6d1255..d8d69334 100644 --- a/user_new.php +++ b/user_new.php @@ -34,8 +34,8 @@ exit; } - $action = $_GET['action']; - if($action == '') $action = $_POST['action']; + $action = get_value_from_array($_GET, 'action'); + if($action == '') $action = get_value_from_array($_POST, 'action'); switch($type) { case 'volunteer':