Copyright (C) 2005 James Grant This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; see the file COPYING. If not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ ?> "; echo i18n("Name").": "; echo $user['firstname']." ".$user['lastname']."
"; if($user['phonework'] || $user['phonehome'] || $user['phonecell']) { echo i18n("Phone").": "; if($user['phonework']) echo "(W)".$user['phonework']." "; if($user['phonehome']) echo "(H)".$user['phonehome']." "; if($user['phonecell']) echo "(C)".$user['phonecell']." "; echo "
"; } } if($_POST['action']=="removeuser") { $schoolid=intval($_POST['schoolid']); if($_POST['role']=="principal") { $f="principal_uid"; } else if($_POST['role']=="teacher") { $f="sciencehead_uid"; } if($f) { mysql_query("UPDATE schools SET $f=NULL WHERE id='$schoolid'"); } echo "ok"; exit; } else if($_POST['action']=="adduser") { /* we have the following to work with: accounts_id, conferenceid, field, role, username, users_id */ //if accounts_id is 0, it means its a new user $accounts_id=intval($_POST['accounts_id']); $conferenceid=intval($_POST['conferenceid']); $schoolid=intval($_POST['schoolid']); if($accounts_id==0) { $a=account_create($_POST['username']); if(isEmailAddress($_POST['username'])) account_set_email($a['id'],$_POST['username']); //and load it again, just so we have the most up-to-date $a=account_load($a['id']); } else $a=account_load($accounts_id); //now lets add the role -- this fails gracefully if they already have the role, or if its added, in both cases it returns 'ok' $ret=account_add_role($a['id'],$_POST['role'],$conferenceid); //we still need the user id $u=user_load_by_accounts_id($a['id']); if($ret=='ok' && $u['id']) { mysql_query("UPDATE schools SET `".mysql_real_escape_string($_POST['field'])."`='{$u['id']}' WHERE id='$schoolid'"); echo mysql_error(); //and update the users schools_id, yes, maybe we should use the user object and user_save() but the single query here is easier and probably waaaaaay faster mysql_query("UPDATE users SET schools_id='$schoolid' WHERE id='{$u['id']}'"); echo mysql_error(); echo "ok"; } else { echo "error\n"; echo "ret=$ret\n"; echo "u="; print_r($u); //error ? } exit; } if($_GET['action']=='loaduser') { $schoolid=intval($_GET['schoolid']); $role=$_GET['role']; if($role=="principal") { $f="principal_uid"; } else if($role=="teacher") { $f="sciencehead_uid"; } $q=mysql_query("SELECT $f AS userid FROM schools WHERE id='$schoolid'"); $r=mysql_fetch_object($q); if($r->userid > 0) { //we already have one, so just display teh details, with the option to remove or edit echo ""; echo "userid); return false;\" href=\"#\">"; echo " "; echo ""; echo ""; output_user_summary($r->userid); echo ""; echo ""; } else { echo "".i18n("Email/username")." "; echo ""; emit_user_selector($f,$conference['id'],$role); echo ""; } exit; } function emit_user_selector($name,$conferenceid,$role,$allowcreate=true) { echo "\n"; echo ""; echo ""; echo ""; echo "\n"; } if($_POST['save']=="edit" || $_POST['save']=="add") { if($_POST['save']=="add") { $q=mysql_query("INSERT INTO schools (conferences_id) VALUES ('".$conference['id']."')"); $id=mysql_insert_id(); } else $id=intval($_POST['id']); $atrisk = $_POST['atrisk'] == 'yes' ? 'yes' : 'no'; $exec="UPDATE schools SET ". "school='".mysql_escape_string(stripslashes($_POST['school']))."', ". "schoollang='".mysql_escape_string(stripslashes($_POST['schoollang']))."', ". "designate='".mysql_escape_string(stripslashes($_POST['schooldesignate']))."', ". "schoollevel='".mysql_escape_string(stripslashes($_POST['schoollevel']))."', ". "school='".mysql_escape_string(stripslashes($_POST['school']))."', ". "board='".mysql_escape_string(stripslashes($_POST['board']))."', ". "district='".mysql_escape_string(stripslashes($_POST['district']))."', ". "address='".mysql_escape_string(stripslashes($_POST['address']))."', ". "city='".mysql_escape_string(stripslashes($_POST['city']))."', ". "province_code='".mysql_escape_string(stripslashes($_POST['province_code']))."', ". "postalcode='".mysql_escape_string(stripslashes($_POST['postalcode']))."', ". "schoolemail='".mysql_escape_string(stripslashes($_POST['schoolemail']))."', ". "phone='".mysql_escape_string(stripslashes($_POST['phone']))."', ". "fax='".mysql_escape_string(stripslashes($_POST['fax']))."', ". "registration_password='".mysql_escape_string(stripslashes($_POST['registration_password']))."', ". "projectlimit='".mysql_escape_string(stripslashes($_POST['projectlimit']))."', ". "projectlimitper='".mysql_escape_string(stripslashes($_POST['projectlimitper']))."', ". "accesscode='".mysql_escape_string(stripslashes($_POST['accesscode']))."', ". "atrisk='$atrisk' ". "WHERE id='$id'"; mysql_query($exec); echo mysql_error(); if($_POST['save']=="add") $notice = 'added'; else $notice = 'saved'; } else if($_POST['action'] == "save_participation") { // update the schools' participation in fairs an olympics to reflect the settings submitted $olympicSet = array(); $fairSet = array(); foreach($_POST as $idx => $value){ if(preg_match('/_olympics$/', $idx)){ $parts = explode('_', $idx); $olympicSet[] = $parts[0]; }else if(preg_match('/_fairs$/', $idx)){ $parts = explode('_', $idx); $fairSet[] = $parts[0]; } } $fairString = '(' . implode(',', $fairSet) . ')'; $olympicString = '(' . implode(',', $olympicSet) . ')'; mysql_query("UPDATE schools SET include_fairs = TRUE WHERE id IN $fairString"); mysql_query("UPDATE schools SET include_fairs = FALSE WHERE id NOT IN $fairString"); mysql_query("UPDATE schools SET include_olympics = TRUE WHERE id IN $olympicString"); mysql_query("UPDATE schools SET include_olympics = FALSE WHERE id NOT IN $olympicString"); } else if($_POST['action']=="copy") { $oldConfId=intval($_POST['copyconference']); $newConfId=intval($conference['id']); if($oldConfId && $newConfId) { $q=mysql_query("SELECT * FROM schools WHERE conferences_id=$oldConfId"); while($r=mysql_fetch_object($q)) { //FIXME: we need to roll the userid's to new ones for the new conference, if we use the same ones its not gonna work //nobody should be copying for now, so we should be safe for a few months //2011-02-22 $puid = ($r->principal_uid == null) ? 'NULL' : ("'".intval($r->principal_uid)."'"); $shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'".intval($r->sciencehead_uid)."'"); mysql_query("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,conferences_id) VALUES ( '".mysql_real_escape_string($r->school)."', '".mysql_real_escape_string($r->schoollang)."', '".mysql_real_escape_string($r->schoollevel)."', '".mysql_real_escape_string($r->board)."', '".mysql_real_escape_string($r->district)."', '".mysql_real_escape_string($r->phone)."', '".mysql_real_escape_string($r->fax)."', '".mysql_real_escape_string($r->address)."', '".mysql_real_escape_string($r->city)."', '".mysql_real_escape_string($r->province_code)."', '".mysql_real_escape_string($r->postalcode)."',$puid, '".mysql_real_escape_string($r->schoolemail)."',$shuid, '".mysql_real_escape_string($r->accesscode)."', NULL, '".mysql_real_escape_string($r->junior)."', '".mysql_real_escape_string($r->intermediate)."', '".mysql_real_escape_string($r->senior)."', '".mysql_real_escape_string($r->registration_password)."', '".mysql_real_escape_string($r->projectlimit)."', '".mysql_real_escape_string($r->projectlimitper)."', '".mysql_real_escape_string($newConfId)."')"); } $notice="copied"; } } if($_GET['action']=="delete" && $_GET['delete']) { mysql_query("DELETE FROM schools WHERE id='".$_GET['delete']."'"); $notice = 'deleted'; } if($_GET['action']=="clearaccesscodes") { mysql_query("UPDATE schools SET accesscode=NULL WHERE conferences_id='{$conference['id']}'"); $notice = 'clearaccess'; } if($_GET['action']=="makeaccesscodes") { $q=mysql_query("SELECT id FROM schools WHERE conferences_id='{$conference['id']}' AND (accesscode IS NULL OR accesscode='')"); while($r=mysql_fetch_object($q)) { $ac=generatePassword(5); mysql_query("UPDATE schools SET accesscode='$ac' WHERE id='$r->id' AND conferences_id='{$conference['id']}'"); } $notice = 'makeaccess'; } if($_GET['action']=="edit" || $_GET['action']=="add") { send_header(($_GET['action']=='edit') ? "Edit School" : "Add New School", array('Committee Main' => 'committee_main.php', 'Administration' => 'admin/index.php', 'School Management' => 'admin/schools.php'), "schools_management" ); $schoolid=intval($_GET['edit']); ?> \n"; echo "\n"; if($_GET['action']=="edit") echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo ""; echo ""; //this gets filled in by javascript/jquery echo ""; echo ""; echo ""; //this gets filled in by javascript/jquery echo ""; if($config['participant_registration_type']=="schoolpassword") { echo ""; echo "\n"; } echo ""; if($config['participant_registration_type']=="invite") { echo ""; echo "\n"; } else { echo ""; } echo ""; $ch = ($r->atrisk) == 'yes' ? 'checked="checked"' : ''; echo "\n"; echo ""; echo "\n"; echo "

".i18n("School Name")."	school)."\" size=\"60\" maxlength=\"64\" />
".i18n("School Language")."	"; echo ""; echo "".i18n("Choose")."\n"; foreach($config['languages'] AS $k=>$l) { if($r->schoollang==$k) $sel="selected=\"selected\""; else $sel=""; echo "".i18n($l)."\n"; } echo ""; echo "
".i18n("School Designation")."	"; $des = array('' => 'Choose', 'public' => 'Public', 'independent' => 'Independent/Private', 'home' => 'Home School'); echo ""; foreach($des as $k=>$v) { $sel=($r->designate == $k) ?'selected="selected"' : ''; echo "".i18n($v)."\n"; } echo "
".i18n("School Level")."	schoollevel)."\" size=\"32\" maxlength=\"32\" />
".i18n("School Board")."	board)."\" size=\"60\" maxlength=\"64\" />
".i18n("School District")."	district)."\" size=\"60\" maxlength=\"64\" />
".i18n("Address")."	address)."\" size=\"60\" maxlength=\"64\" />
".i18n("City")."	city)."\" size=\"32\" maxlength=\"32\" />
".i18n($config['provincestate'])."	"; emit_province_selector("province_code",$r->province_code); echo "
".i18n($config['postalzip'])."	postalcode\" size=\"8\" maxlength=\"7\" />
".i18n("Phone")."	phone)."\" size=\"16\" maxlength=\"16\" />
".i18n("Fax")."	fax)."\" size=\"16\" maxlength=\"16\" />
".i18n("School Email")."	schoolemail)."\" size=\"60\" maxlength=\"128\" />
".i18n("Access Code")."	accesscode)."\" size=\"32\" maxlength=\"32\" />
".i18n("Principal")."
".i18n("Science head/teacher or science fair contact at school")."
".i18n("Participant Registration Password")."
".i18n("Password")."	registration_password)."\" size=\"32\" maxlength=\"32\" />
".i18n("Participant Registration Limits")."
".i18n("Set to 0 to have no registration limit")."
".i18n("Maximum of")." "; echo "projectlimit)."\" size=\"4\" maxlength=\"4\" />"; echo " "; echo i18n("projects"); echo " "; echo ""; if($r->projectlimitper=="total") $sel="selected=\"selected\""; else $sel=""; echo "".i18n("total")."\n"; if($r->projectlimitper=="agecategory") $sel="selected=\"selected\""; else $sel=""; echo "".i18n("per age category")."\n"; echo ""; echo "
".i18n("Participant registration limits are currently disabled. In order to use participant registration limits for schools, the participant registration type must be set to 'invite' in Configuration / Configuration Variables")."
".i18n("Demographic Information")."
	".i18n("Inner City or At-Risk school")."

\n"; echo "\n"; } else if($_GET['action'] == 'participation') { send_header( "Conference Participation", array( 'Committee Main' => 'committee_main.php', 'Administration' => 'admin/index.php', 'School Management' => 'admin/schools.php' ), "participation" ); echo "

\n"; echo ""; echo ""; echo " "; echo " "; echo "\n"; $query = mysql_query("SELECT id, school, include_fairs, include_olympics FROM schools WHERE conferences_id='".$conference['id']."' ORDER BY school"); while($record = mysql_fetch_array($query)){ echo ""; echo ""; } echo "\n"; echo "

".i18n("School")."	".i18n("Participation")."
" . $record['school'] . "	"; echo ' " . i18n("fairs") . ""; echo ""; echo ' " . i18n("olympics") . ""; echo "

\n"; echo '' . "\n"; echo "

\n"; } else if($_GET['action']=="copy") { send_header("School Management", array('Committee Main' => 'committee_main.php', 'Administration' => 'admin/index.php'), "schools_management" ); echo "

"; echo "\n"; echo i18n("Choose a conference to copy schools from"); echo "
"; $q=mysql_query("SELECT * FROM conferences WHERE id!='{$conference['id']}' ORDER BY id DESC"); echo mysql_error(); echo ""; echo "".i18n("Choose a Conference")."\n"; while($r=mysql_fetch_object($q)) { $numq=mysql_query("SELECT COUNT(*) AS c FROM schools WHERE conferences_id='{$r->id}'"); $numr=mysql_fetch_object($numq); echo "id}\">{$r->name} ($numr->c schools)\n"; } echo "\n"; echo ""; echo "

\n"; } else { send_header("School Management", array('Committee Main' => 'committee_main.php', 'Administration' => 'admin/index.php'), "schools_management" ); switch($notice) { case 'added': echo happy(i18n("School successfully added")); break; case 'saved': echo happy(i18n("Successfully saved changes to school")); break; case 'deleted': echo happy(i18n("School successfully deleted")); break; case 'clearaccess': echo happy(i18n("Access Codes successfully cleared from all schools")); break; case 'makeaccess': echo happy(i18n("Access Codes successfully set for schools that didn't have one")); break; case 'copied': echo happy(i18n("Schools successfully copied from other conference")); break; } echo "
"; echo "".i18n("Add new school")."\n"; echo "
"; echo "".i18n("Copy schools from a difference conference")."\n"; echo "
"; echo "".i18n("Import schools from CSV")."\n"; echo "
"; echo "".i18n("Create Access Code for any school without one")."\n"; echo "
"; echo "".i18n("Remove Access Codes from all schools")."\n"; echo "
"; // we only need to see this option if we are managing both types of conferences $q = mysql_fetch_array(mysql_query('SELECT COUNT(DISTINCT(`type`)) as taly FROM conferences')); if($q['tally'] > 1){ echo "".i18n("Set SFIAB/SOIAB participation")."\n"; echo "
"; } echo ""; echo ""; echo " "; echo " "; echo " "; echo " "; echo " "; if($config['participant_registration_type']=="schoolpassword") echo " "; echo " "; echo " "; echo "\n"; $q=mysql_query("SELECT * FROM schools WHERE conferences_id='".$conference['id']."' ORDER BY school"); while($r=mysql_fetch_object($q)) { echo "\n"; echo " \n"; echo " \n"; echo " \n"; $sciencehead = ''; $scienceheademail = ''; if($r->sciencehead_uid > 0) { $sh = user_load($r->sciencehead_uid); $sciencehead = $sh['name']; if(!$sciencehead) $sciencehead="no name set"; // print_r($sh); $sha=account_load($sh['accounts_id']); if($sha['email']) { $scienceheademail=$sha['email']; $pending=""; } else { $scienceheademail=$sha['pendingemail']; $pending="(unconfirmed)"; } } echo " \n"; echo " \n"; if($config['participant_registration_type']=="schoolpassword") echo " \n"; echo " \n"; echo " \n"; echo "\n"; } echo "

".i18n("School")."	".i18n("Address")."	".i18n("Phone")."	".i18n("Science Head")."	".i18n("Science Head Email")."	".i18n("Reg Pass")."	".i18n("Access Code")."	".i18n("Action")."
$r->school	$r->address, $r->city, $r->postalcode	$r->phone	$sciencehead	$scienceheademail $pending	$r->registration_password	$r->accesscode	"; echo "id\">"; echo " "; echo "id\">"; echo "

\n"; } send_footer(); ?>