Move team management to teacher interface

schoolteams.php

@@ -3,11 +3,14 @@ require_once('common.inc.php');
 require_once('user.inc.php');
 require_once("so_teams.inc.php");
 
-if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'] && $conference['type'] == 'scienceolympics'){
+user_auth_required("teacher");
+$schoolid=user_field_required("schools_id","user_edit.php?tab=school");
+
+if($conference['type'] == 'scienceolympics'){
 	switch($_GET['action']){
-		case 'saveNew':
+		case 'add':
-			$teamName = mysql_real_escape_string($_POST['teamname']);
+			$success = so_team_add($schoolid, $conference['id'], $_POST['teamname']);
-			$success = so_team_add($_SESSION['schoolid'], $conference['id'], $teamName);
+			echo mysql_Error();
 			draw_page();
 			break;
 		case 'save':
@@ -16,12 +19,12 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'] && $conference['type']
 			$teamName = mysql_real_escape_string($_POST['teamname']);
 			// a quick check to make sure the team being updated does indeed belong
 			// to this school
-			$query = 'SELECT COUNT(*) AS tally FROM so_teams WHERE schools_id=' . $_SESSION['schoolid'] . ' AND id=' . $teamId;
+			$query = 'SELECT COUNT(*) AS tally FROM so_teams WHERE schools_id=' . $schoolid . ' AND id=' . $teamId;
 			$testResults = mysql_fetch_array(mysql_query($query));
 			if($testResults['tally'] == 1){
 				// ok, the team belongs to the school that this session belongs to.  We can
 				// can go ahead and save the changes.
-				$success=so_team_edit($_SESSION['schoolid'],$teamId,$teamName);
+				$success=so_team_edit($schoolid,$teamId,$teamName);
 			}
 			if($success){
 				happy_("Team successfully updated");
@@ -37,12 +40,12 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'] && $conference['type']
 			$teamName = mysql_real_escape_string($_POST['teamname']);
 			// a quick check to make sure the team being updated does indeed belong
 			// to this school
-			$query = 'SELECT COUNT(*) AS tally FROM so_teams WHERE schools_id=' . $_SESSION['schoolid'] . ' AND id=' . $teamId;
+			$query = 'SELECT COUNT(*) AS tally FROM so_teams WHERE schools_id=' . $schoolid . ' AND id=' . $teamId;
 			$testResults = mysql_fetch_array(mysql_query($query));
 			if($testResults['tally'] == 1){
 				// ok, the team belongs to the school that this session belongs to.  We can
 				// can go ahead and save the changes.
-				$success=so_team_delete($_SESSION['schoolid'],$teamId);
+				$success=so_team_delete($schoolid,$teamId);
 			}
 			if($success){
 				happy_("Team successfully deleted");
@@ -62,8 +65,9 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'] && $conference['type']
 
 function draw_page(){
 	global $conference;
+	global $schoolid;
 	$title = i18n("Manage Teams");
-	send_header($title, array("School Home" => "schoolaccess.php"));
+	send_header($title, array("Teacher" => "schoolaccess.php"));
 ?>
 	<script type="text/javascript">
 		$(document).ready(function() {
@@ -91,8 +95,8 @@ function draw_page(){
 		}
 	</script>
 <?php
-	echo '<div id="teamaccordion" style="width:40em; visibility:hidden;">';
+	echo '<div id="teamaccordion" style="width:40em; visibility: hidden; margin-left: 250px; ">';
-	$teamList = mysql_query("SELECT * FROM so_teams WHERE schools_id = " . $_SESSION['schoolid'] . " AND conferences_id = " . $conference['id']);
+	$teamList = mysql_query("SELECT * FROM so_teams WHERE schools_id = " . $schoolid . " AND conferences_id = " . $conference['id']);
 	while($teamList && $team = mysql_fetch_array($teamList)){
 		echo '<h3 id="teamHeader_' . $team['id'] . '"><a href="#">' . $team['name'] . "</a></h3>\n";
 		echo '<div id="team_' . $team['id'] . '">' . "\n";
@@ -119,7 +123,7 @@ function draw_page(){
 	}
 	echo '<h3><a href="#">' . i18n("New Team") . '</a></h3>';
 	echo '<div id="newTeam">';
-	echo '<form method="POST" action="schoolteams.php?action=saveNew">';
+	echo '<form method="POST" action="schoolteams.php?action=add">';
 	echo '<label>' . i18n('Name') . '</label><input type="text" style="width:100%" name="teamname"></input>' . "\n";
 	echo '<div style="height:1em;"></div>';
 	echo '<input type="submit" value="' . i18n("Save") . '"></input>';

so_teams.inc.php

@@ -1,11 +1,7 @@
 <?
 function so_team_add($schools_id, $conferences_id, $name) {
 	$schools_id=intval($schools_id);
-	$query = "INSERT INTO so_teams (schools_id, conferences_id, name) VALUES (
+	$query = "INSERT INTO so_teams (`schools_id`, `conferences_id`, `name`) VALUES ({$schools_id},{$conferences_id},'".mysql_real_escape_string($name)."')";
-		".$schools_id.",
-		".$conference['id'].",
-		".mysql_real_escape_string($name)."'";
-
 	return mysql_query($query);
 }
 
@@ -22,8 +18,10 @@ function so_team_edit($schools_id, $team_id, $name) {
 function so_team_delete($schools_id,$team_id) {
 	$schools_id=intval($schools_id);
 	$team_id=intval($team_id);
-	$query = "DELETE FROM so_teams WHERE schools_id='".$schools_id."'. AND id=".$team_id."'";
+	$query = "DELETE FROM so_teams WHERE schools_id=$schools_id AND id=$team_id";
-	return mysql_query($query);
+	mysql_query($query);
+	if(!$mysql_error) return true;
+	else return false;
 }
 
 

user.inc.php

@@ -693,6 +693,16 @@ function user_fields_required($role)
 	return $ret;
 }
 
+//this function checks if $field is set in the user record, if it is, it returns it, otherwise, it returns false __AND__ redirects to the redirect page.
+function user_field_required($field,$redirect) {
+	$u=user_load($_SESSION['users_id']);
+	if($u[$field])
+		return $u[$field];
+	else {
+		header("Location: $redirect");
+	}
+
+}
 
 /* user_{$role}_login() is called with a full $u loaded */