include "common.inc.php";
if($_POST['schoolid'] && $_POST['accesscode'])
{
$q=mysql_query("SELECT * FROM schools WHERE id='".$_POST['schoolid']."' AND accesscode='".$_POST['accesscode']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q)==1)
{
$_SESSION['schoolid']=$_POST['schoolid'];
$_SESSION['schoolaccesscode']=$_POST['accesscode'];
mysql_query("UPDATE schools SET lastlogin=NOW() WHERE id='".$_POST['schoolid']."'");
}
else
$errormsg="Invalid School ID or Access Code";
}
if($_GET['action']=="logout")
{
unset($_SESSION['schoolid']);
unset($_SESSION['schoolaccesscode']);
$happymsg=i18n("You have been logged out from the school access page");
}
send_header("School Access");
if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
{
$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
echo mysql_error();
$school=mysql_fetch_object($q);
if($school)
{
if($_POST['action']=="save")
{
mysql_query("UPDATE schools SET
school='".mysql_escape_string(stripslashes($_POST['school']))."',
address='".mysql_escape_string(stripslashes($_POST['address']))."',
city='".mysql_escape_string(stripslashes($_POST['city']))."',
province_code='".mysql_escape_string(stripslashes($_POST['province_code']))."',
postalcode='".mysql_escape_string(stripslashes($_POST['postalcode']))."',
phone='".mysql_escape_string(stripslashes($_POST['phone']))."',
fax='".mysql_escape_string(stripslashes($_POST['fax']))."',
sciencehead='".mysql_escape_string(stripslashes($_POST['sciencehead']))."',
scienceheademail='".mysql_escape_string(stripslashes($_POST['scienceheademail']))."',
scienceheadphone='".mysql_escape_string(stripslashes($_POST['scienceheadphone']))."'
WHERE id='$school->id'");
if(mysql_error())
echo error(i18n("An Error occured trying to save the school information"));
else
echo happy(i18n("School information successfully updated"));
//and reselect it
$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
echo mysql_error();
$school=mysql_fetch_object($q);
}
/*
if($_POST['action']=="numbers")
{
mysql_query("UPDATE schools SET
junior='".$_POST['junior']."',
intermediate='".$_POST['intermediate']."',
senior='".$_POST['senior']."'
WHERE id='$school->id'");
echo mysql_error();
$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."'");
echo "Participation Information Successfully Updated
\n";
$school=mysql_fetch_object($q);
}
*/
if($_POST['action']=="feedback")
{
$body="";
$body.=date("r")."\n";
$body.=$_SERVER['REMOTE_ADDR']." (".$_SERVER['REMOTE_HOST'].")\n";
$body.="School ID: $school->id\n";
$body.="School Name: $school->school\n";
if($school->sciencehead) $body.="Science Teacher: $school->sciencehead\n";
if($school->scienceheadphone) $body.="Science Teacher Phone: $school->scienceheadphone\n";
if($school->scienceheademail) $body.="Science Teacher Email: $school->scienceheademail\n";
$body.="\nFeedback:\n".stripslashes($_POST['feedbacktext'])."\n";
$returnEmailAddress = $school->scienceheademail;
mail($config['fairmanageremail'],"School Feedback",$body,"From: ". $returnEmailAddress."\nReply-To: ".$returnEmailAddress."\nReturn-Path: ".$returnEmailAddress);
echo happy(i18n("Your feedback has been sent"));
}
echo "