require_once('common.inc.php');
require_once('user.inc.php');
if($_POST['schoolid'] && $_POST['accesscode'])
{
$q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_POST['schoolid']."' AND accesscode='".$_POST['accesscode']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
if($q->rowCount()==1)
{
$_SESSION['schoolid']=$_POST['schoolid'];
$_SESSION['schoolaccesscode']=$_POST['accesscode'];
$stmt = $pdo->prepare("UPDATE schools SET lastlogin=NOW() WHERE id='".$_POST['schoolid']."'");
$stmt->execute();
}
else
$errormsg="Invalid School ID or Access Code";
}
if($_GET['action']=="logout")
{
unset($_SESSION['schoolid']);
unset($_SESSION['schoolaccesscode']);
$happymsg=i18n("You have been logged out from the school access page");
}
send_header("School Access");
if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
{
$q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
echo $pdo->errorInfo();
$school=$q->fetch(PDO::FETCH_OBJ);
if($school) {
if($_POST['action']=="save") {
/* Get info about science head */
$sciencehead_update = '';
list($first, $last) = explode(' ', $_POST['sciencehead'], 2);
$em = $_POST['scienceheademail'];
if($em == '' && ($first != '' || $last != '')) $em = "*$first$last".user_generate_password();
/* Load existing record, or create new if there's something
* to insert */
if($school->sciencehead_uid > 0)
$sh = user_load_by_uid($school->sciencehead_uid);
else if($em != '') {
$sh = user_create('teacher', $em);
$sciencehead_update = "sciencehead_uid='{$sh['uid']}',";
} else
$sh = false;
/* If we have a record, either delete it or update it */
if(is_array($sh)) {
if($em == '') {
user_purge($sh, 'teacher');
$sciencehead_update = 'sciencehead_uid=NULL,';
} else {
$sh['firstname'] = $first;
$sh['lastname'] = $last;
$sh['phonework'] = $_POST['scienceheadphone'];
$sh['email'] = $em;
$sh['username'] = $em;
user_save($sh);
}
}
$stmt = $pdo->prepare("UPDATE schools SET
school='".stripslashes($_POST['school'])."',
address='".stripslashes($_POST['address'])."',
city='".stripslashes($_POST['city'])."',
province_code='".stripslashes($_POST['province_code'])."',
postalcode='".stripslashes($_POST['postalcode'])."',
phone='".stripslashes($_POST['phone'])."',
$sciencehead_update
fax='".stripslashes($_POST['fax'])."'
WHERE id='$school->id'");
$stmt->execute();
echo $pdo->errorInfo();
if($pdo->errorInfo())
echo error(i18n("An Error occured trying to save the school information"));
else
echo happy(i18n("School information successfully updated"));
//and reselect it
$q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
echo $pdo->errorInfo();
$school=$q->fetch(PDO::FETCH_OBJ);
}
/*
if($_POST['action']=="numbers")
{
mysql_query("UPDATE schools SET
junior='".$_POST['junior']."',
intermediate='".$_POST['intermediate']."',
senior='".$_POST['senior']."'
WHERE id='$school->id'");
echo $pdo->errorInfo();
$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."'");
echo "Participation Information Successfully Updated
\n";
$school=$q->fetch(PDO::FETCH_OBJ);
}
*/
if($school->sciencehead_uid > 0)
$sh = user_load_by_uid($school->sciencehead_uid);
else
$sh = array();
$sh_email = ($sh['email'] != '' && $sh['email'][0] != '*') ? $sh['email'] : '';
if($_POST['action']=="feedback")
{
$body="";
$body.=date("r")."\n";
$body.=$_SERVER['REMOTE_ADDR']." (".$_SERVER['REMOTE_HOST'].")\n";
$body.="School ID: $school->id\n";
$body.="School Name: $school->school\n";
if($sh['name']) $body.="Science Teacher: {$sh['name']}\n";
if($sh['phonework']) $body.="Science Teacher Phone: {$sh['phonework']}\n";
if($sh_email) $body.="Science Teacher Email: $sh_email\n";
$body.="\nFeedback:\n".stripslashes($_POST['feedbacktext'])."\n";
$returnEmailAddress = $sh_email;
mail($config['fairmanageremail'],"School Feedback",$body,"From: ". $returnEmailAddress."\nReply-To: ".$returnEmailAddress."\nReturn-Path: ".$returnEmailAddress);
echo happy(i18n("Your feedback has been sent"));
}
echo "