arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity
science-ation/admin/schools.php

432 lines
18 KiB
PHP
Raw Blame History

<?
/*
* This file is part of the Science-ation project
* Science-ation Website: https://science-ation.ca
*
* This file was part of the 'Science Fair In A Box' project
*
*
* Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
* Copyright (C) 2005 James Grant <james@lightbox.org>
* Copyright (C) 2024 AlgoLibre Inc. <science-ation@algolibre.io>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public
* License as published by the Free Software Foundation, version 2.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; see the file COPYING. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
* Boston, MA 02111-1307, USA.
*/
?>
<?
require ('../common.inc.php');
require_once ('../user.inc.php');
user_auth_required('committee', 'admin');
if (get_value_from_array($_POST, 'save') == 'edit' || get_value_from_array($_POST, 'save') == 'add') {
if (get_value_from_array($_POST, 'save') == 'add') {
$q = $pdo->prepare('INSERT INTO schools (year) VALUES (?)');
$q->execute([$config['FAIRYEAR']]);
$id = $pdo->lastInsertId();
} else
$id = intval(get_value_from_array($_POST, 'id'));
$atrisk = get_value_from_array($_POST, 'atrisk') == 'yes' ? 'yes' : 'no';
/*
* "sciencehead='".mysql_escape_string(stripslashes($_POST['sciencehead']))."', ".
* "scienceheadphone='".mysql_escape_string(stripslashes($_POST['scienceheadphone']))."', ".
* "scienceheademail='".mysql_escape_string(stripslashes($_POST['scienceheademail']))."', ".
* "principal='".mysql_escape_string(stripslashes($_POST['principal']))."', ".
*/
/* Get the uids for principal/science head */
$q = $pdo->prepare('SELECT principal_uid,sciencehead_uid FROM schools WHERE id=?');
$q->execute([$id]);
$i = $q->fetch(PDO::FETCH_ASSOC);
$principal_update = '';
$sciencehead_update = '';
// list($first, $last)
$split = explode(' ', get_value_from_array($_POST, 'principal') ?? '', 2);
if (count($split) === 2) {
list($first, $last) = $split;
} else {
$first = $split[0];
$last = '';
}
/*
* Load existing entry if it exists, else make an entry if
* there is data, else, do nothing
*/
if (get_value_from_array($i, 'principal_uid') > 0)
$pl = user_load_by_uid($i['principal_uid']);
else if ($first != '' && $last != '') {
$pl = user_create('principal', "*$first$last" . generatePassword());
$principal_update = "principal_uid='{$pl['uid']}',";
} else
$pl = false;
$em = get_value_from_array($_POST, 'principalemail');
/*
* If we loaded or created an entry, either
* update and save, or purge it
*/
if (is_array($pl)) {
if ($first == '' && $last == '') {
user_purge($pl, 'principal');
$principal_update = 'principal_uid=NULL,';
} else {
$pl['firstname'] = $first;
$pl['lastname'] = $last;
$pl['email'] = $em;
user_save($pl);
}
}
/* Get info about science head */
// FIX ME
$split = explode(' ', get_value_from_array($_POST, 'principal') ?? '', 2);
if (count($split) === 2) {
list($first, $last) = $split;
} else {
$first = $split[0];
$last = '';
}
$em = get_value_from_array($_POST, 'scienceheademail');
if ($em == '' && ($first != '' || $last != ''))
$em = "*$first$last" . generatePassword();
/*
* Load existing record, or create new if there's something
* to insert
*/
$sh = false;
if ($i['sciencehead_uid'] > 0) {
$sh = user_load_by_uid($i['sciencehead_uid']);
/*
* It's possile for sh to be false now, happens when the user is
* deleted outside the school editor, this condition needs to be
* fixed. If we let it go, the saving the teacher info will
* silently fail. So let's just create a new teacher
*/
if (is_array($sh) && ($em != $sh['email'] || $em == '')) {
/*
* If the emails don't match we have no way of knowing if we're creating a different
* user, or doing a correction, assume it's a different user
*/
user_purge($sh, 'teacher');
$sh = false;
}
}
/*
* If there was no teacher loaded, or if we just purged it, create a new one
* if there's an email address
*/
if ($sh == false && $em != '') {
$sh = user_create('teacher', $em);
$sciencehead_update = "sciencehead_uid='{$sh['uid']}',";
}
/* If we have a record update it */
if (is_array($sh)) {
$sh['firstname'] = $first;
$sh['lastname'] = $last;
$sh['phonework'] = $_POST['scienceheadphone'];
$sh['email'] = $em;
$sh['username'] = $em;
user_save($sh);
}
$exec = 'UPDATE schools SET
school=?,
schoollang=?,
designate=?,
schoollevel=?,
board=?,
district=?,
address=?,
city=?,
province_code=?,
postalcode=?,
schoolemail=?,
phone=?,
fax=?,
registration_password=?,
projectlimit=?,
projectlimitper=?,
accesscode=?,
sciencehead=?,
principal=?,
atrisk=?
WHERE id=?';
$stmt = $pdo->prepare($exec);
$stmt->execute([
get_value_from_array($_POST, 'school'),
get_value_from_array($_POST, 'schoollang'),
get_value_from_array($_POST, 'designate'), // FIXED: Corrected key name
get_value_from_array($_POST, 'schoollevel'),
get_value_from_array($_POST, 'board'),
get_value_from_array($_POST, 'district'),
get_value_from_array($_POST, 'address'),
get_value_from_array($_POST, 'city'),
get_value_from_array($_POST, 'province_code'),
get_value_from_array($_POST, 'postalcode'),
get_value_from_array($_POST, 'schoolemail'),
get_value_from_array($_POST, 'phone'),
get_value_from_array($_POST, 'fax'),
get_value_from_array($_POST, 'registration_password'),
get_value_from_array($_POST, 'projectlimit'),
get_value_from_array($_POST, 'projectlimitper'),
get_value_from_array($_POST, 'accesscode'),
get_value_from_array($_POST, 'sciencehead'), // FIXED: Using function for consistency
get_value_from_array($_POST, 'principal'),
get_value_from_array($_POST, 'atrisk'),
get_value_from_array($_POST, 'id')
]);
show_pdo_errors_if_any($pdo);
if (get_value_from_array($_POST, 'save') == 'add')
$notice = 'added';
else
$notice = 'saved';
}
if (get_value_from_array($_GET, 'action') == 'delete' && get_value_from_array($_GET, 'delete', '')) {
$stmt = $pdo->prepare('DELETE FROM schools WHERE id=?');
$stmt->execute([$_GET['delete']]);
$notice = 'deleted';
}
if (get_value_from_array($_GET, 'action') == 'clearaccesscodes') {
$stmt = $pdo->prepare("UPDATE schools SET accesscode='' WHERE year=?");
$stmt->execute([$config['FAIRYEAR']]);
$notice = 'clearaccess';
}
if (get_value_from_array($_GET, 'action') == 'makeaccesscodes') {
$q = $pdo->prepare("SELECT id FROM schools WHERE year=? AND (accesscode IS NULL OR accesscode='')");
$q->execute([$config['FAIRYEAR']]);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$ac = generatePassword(5);
$stmt = $pdo->prepare('UPDATE schools SET accesscode=? WHERE id=? AND year=?');
$stmt->execute([$ac, $r->id, $config['FAIRYEAR']]);
}
$notice = 'makeaccess';
}
if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GET, 'action') == 'add') {
send_header(get_value_from_array($_GET, 'action') == 'edit' ? 'Edit School' : 'Add New School',
array('Committee Main' => 'committee_main.php',
'Administration' => 'admin/index.php',
'School Management' => 'admin/schools.php'),
'schools_management');
if (get_value_from_array($_GET, 'action') == 'edit') {
$buttontext = 'Save School';
$q = $pdo->prepare('SELECT * FROM schools WHERE id=?');
$q->execute([get_value_from_array($_GET, 'edit', '')]);
$r = $q->fetch(PDO::FETCH_OBJ);
} else if (get_value_from_array($_GET, 'action') == 'add') {
$buttontext = 'Add School';
}
$buttontext = i18n($buttontext);
echo "<form method=\"post\" action=\"schools.php\">\n";
echo '<input type="hidden" name="save" value="' . get_value_from_array($_GET, 'action') . "\">\n";
if (get_value_from_array($_GET, 'action') == 'edit')
echo '<input type="hidden" name="id" value="' . get_value_from_array($_GET, 'edit', '') . "\">\n";
echo "<table>\n";
echo '<tr><td>' . i18n('School Name') . '</td><td><input type="text" name="school" value="' . htmlspecialchars(get_value_property_or_default($r, 'school', '')) . "\" size=\"60\" maxlength=\"64\" /></td></tr>\n";
echo '<tr><td>' . i18n('School Language') . '</td><td>';
echo '<select name="schoollang">';
echo '<option value="">' . i18n('Choose') . "</option>\n";
foreach ($config['languages'] AS $k => $l) {
echo "<option $sel value=\"$k\">" . i18n($l) . "</option>\n";
}
echo '</select>';
echo "</td></tr>\n";
echo '<tr><td>' . i18n('School Designation') . '</td><td>';
$des = array('' => 'Choose', 'public' => 'Public',
'independent' => 'Independent/Private',
'home' => 'Home School');
echo '<select name="schooldesignate">';
foreach ($des as $k => $v) {
$sel = ($r->designate == $k) ? 'selected="selected"' : '';
echo "<option $sel value=\"$k\">" . i18n($v) . "</option>\n";
}
echo "</select></td></tr>\n";
echo '<tr><td>' . i18n('School Level') . '</td><td><input type="text" name="schoollevel" value="' . htmlspecialchars(get_value_property_or_default($r, 'schoollevel', '')) . "\" size=\"32\" maxlength=\"32\" /></td></tr>\n";
echo '<tr><td>' . i18n('School Board') . '</td><td><input type="text" name="board" value="' . htmlspecialchars(get_value_property_or_default($r, 'board', '')) . "\" size=\"60\" maxlength=\"64\" /></td></tr>\n";
echo '<tr><td>' . i18n('School District') . '</td><td><input type="text" name="district" value="' . htmlspecialchars(get_value_property_or_default($r, 'district', '')) . "\" size=\"60\" maxlength=\"64\" /></td></tr>\n";
echo '<tr><td>' . i18n('Address') . '</td><td><input type="text" name="address" value="' . htmlspecialchars(get_value_property_or_default($r, 'address', '')) . "\" size=\"60\" maxlength=\"64\" /></td></tr>\n";
echo '<tr><td>' . i18n('City') . '</td><td><input type="text" name="city" value="' . htmlspecialchars(get_value_property_or_default($r, 'city', '')) . "\" size=\"32\" maxlength=\"32\" /></td></tr>\n";
echo '<tr><td>' . i18n($config['provincestate']) . '</td><td>';
emit_province_selector('province_code', get_value_property_or_default($r, 'province_code', ''));
echo "</td></tr>\n";
echo '<tr><td>' . i18n($config['postalzip']) . '</td><td><input type="text" name="postalcode" value="' . get_value_property_or_default($r, 'postalcode') . "\" size=\"8\" maxlength=\"7\" /></td></tr>\n";
echo '<tr><td>' . i18n('Phone') . '</td><td><input type="text" name="phone" value="' . htmlspecialchars(get_value_property_or_default($r, 'phone', '')) . "\" size=\"16\" maxlength=\"16\" /></td></tr>\n";
echo '<tr><td>' . i18n('Fax') . '</td><td><input type="text" name="fax" value="' . htmlspecialchars(get_value_property_or_default($r, 'fax', '')) . "\" size=\"16\" maxlength=\"16\" /></td></tr>\n";
if (get_value_property_or_default($r, 'principal_uid') > 0)
$pl = user_load_by_uid(get_value_property_or_default($r, 'principal_uid'));
else
$pl = array();
/* Don't show autogenerated emails */
$e = get_value_from_array($pl, 'email', 0) == '*' ? '' : get_value_from_array($pl, 'email');
echo '<tr><td>' . i18n('Principal') . '</td><td><input type="text" name="principal" value="' . htmlspecialchars(get_value_from_array($pl, 'name', '')) . "\" size=\"60\" maxlength=\"64\" /></td></tr>\n";
echo '<tr><td>' . i18n('Principal Email') . '</td><td><input type="text" name="principalemail" value="' . htmlspecialchars(get_value_or_default($e, '')) . "\" size=\"60\" maxlength=\"128\" /></td></tr>\n";
echo '<tr><td>' . i18n('School Email') . '</td><td><input type="text" name="schoolemail" value="' . htmlspecialchars(get_value_property_or_default($r, 'schoolemail', '')) . "\" size=\"60\" maxlength=\"128\" /></td></tr>\n";
echo '<tr><td>' . i18n('Access Code') . '</td><td><input type="text" name="accesscode" value="' . htmlspecialchars(get_value_property_or_default($r, 'accesscode', '')) . "\" size=\"32\" maxlength=\"32\" /></td></tr>\n";
echo '<tr><td colspan=2><br /><b>' . i18n('Science head/teacher or science fair contact at school') . '</b></td></tr>';
if (get_value_property_or_default($r, 'sciencehead_uid', '') > 0)
$sh = user_load_by_uid(get_value_property_or_default($r, 'sciencehead_uid', ''));
else
$sh = array();
/* Don't show autogenerated emails */
$e = get_value_from_2d_array($sh, 'email', 0, '') == '*' ? '' : get_value_from_2d_array($sh, 'email', '');
echo '<tr><td>' . i18n('Email') . '</td><td><input type="text" name="scienceheademail" value="' . htmlspecialchars(get_value_or_default($e, '')) . "\" size=\"60\" maxlength=\"128\" /></td></tr>\n";
echo '<tr><td>' . i18n('Name') . '</td><td><input type="text" name="sciencehead" value="' . htmlspecialchars(get_value_from_array($sh, 'name', '')) . "\" size=\"60\" maxlength=\"64\" /></td></tr>\n";
echo '<tr><td>' . i18n('Phone') . '</td><td><input type="text" name="scienceheadphone" value="' . htmlspecialchars(get_value_property_or_default($sh, 'phonework', '')) . "\" size=\"16\" maxlength=\"16\" /></td></tr>\n";
if ($config['participant_registration_type'] == 'schoolpassword') {
echo '<tr><td colspan=2><br /><b>' . i18n('Participant Registration Password') . '</b></td></tr>';
echo '<tr><td>' . i18n('Password') . '</td><td><input type="text" name="registration_password" value="' . htmlspecialchars($r->registration_password) . "\" size=\"32\" maxlength=\"32\" /></td></tr>\n";
}
echo '<tr><td colspan=2><br /><b>' . i18n('Participant Registration Limits') . '</b></td></tr>';
if ($config['participant_registration_type'] == 'invite') {
echo '<tr><td colspan=2>' . i18n('Set to 0 to have no registration limit') . '</td></tr>';
echo '<tr><td colspan=2>' . i18n('Maximum of') . '&nbsp;';
echo '<input type="text" name="projectlimit" value="' . htmlspecialchars($r->projectlimit) . '" size="4" maxlength="4" />';
echo '&nbsp;';
echo i18n('projects');
echo '&nbsp;';
echo '<select name="projectlimitper">';
if ($r->projectlimitper == 'total')
$sel = 'selected="selected"';
else
$sel = '';
echo "<option $sel value=\"total\">" . i18n('total') . "</option>\n";
if ($r->projectlimitper == 'agecategory')
$sel = 'selected="selected"';
else
$sel = '';
echo "<option $sel value=\"agecategory\">" . i18n('per age category') . "</option>\n";
echo '</select>';
echo "</td></tr>\n";
} else {
echo '<tr><td colspan=2>' . i18n("Participant registration limits are currently disabled. In order to use participant registration limits for schools, the participant registration type must be set to 'invite' in Configuration / Configuration Variables") . '</td></tr>';
}
echo '<tr><td colspan=2><br /><b>' . i18n('Demographic Information') . '</b></td></tr>';
$ch = get_value_property_or_default($r, 'atrisk', '') == 'yes' ? 'checked="checked"' : '';
echo "<tr><td align=\"right\"><input type=\"checkbox\" name=\"atrisk\" value=\"yes\" $ch /></td><td>" . i18n('Inner City or At-Risk school') . "</td></tr>\n";
echo '<tr><td colspan="2">&nbsp;</td></tr>';
echo "<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" value=\"$buttontext\" /></td></tr>\n";
echo "</table>\n";
echo "</form>\n";
} else {
send_header('School Management',
array('Committee Main' => 'committee_main.php',
'Administration' => 'admin/index.php'),
'schools_management');
global $notice;
switch ($notice) {
case 'added':
echo happy('School successfully added');
break;
case 'saved':
echo happy('Successfully saved changes to school');
break;
case 'deleted':
echo happy('School successfully deleted');
break;
case 'clearaccess':
echo happy('Access Codes successfully cleared from all schools');
break;
case 'makeaccess':
echo happy("Access Codes successfully set for schools that didn't have one");
break;
}
echo '<br />';
echo '<a href="schools.php?action=add">' . i18n('Add new school') . "</a>\n";
echo '<br />';
echo '<a href="schoolsimport.php?action=add">' . i18n('Import schools from CSV') . "</a>\n";
echo '<br />';
echo '<a href="schools.php?action=makeaccesscodes">' . i18n('Create Access Code for any school without one') . "</a>\n";
echo '<br />';
echo '<a onclick="return confirmClick(\'' . i18n('Are you sure you want to remove all access codes from all schools?') . '\')" href="schools.php?action=clearaccesscodes">' . i18n('Remove Access Codes from all schools') . "</a>\n";
echo '<br />';
echo '<table class="tableview">';
echo '<thead><tr>';
echo ' <th>' . i18n('School') . '</th>';
echo ' <th>' . i18n('Address') . '</th>';
echo ' <th>' . i18n('Phone') . '</th>';
echo ' <th>' . i18n('Contact') . '</th>';
if ($config['participant_registration_type'] == 'schoolpassword')
echo ' <th>' . i18n('Reg Pass') . '</th>';
echo ' <th>' . i18n('Access Code') . '</th>';
echo ' <th>' . i18n('Action') . '</th>';
echo "</tr></thead>\n";
$q = $pdo->prepare('SELECT * FROM schools WHERE year=? ORDER BY school');
$q->execute([$config['FAIRYEAR']]);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
echo "<tr>\n";
echo " <td>$r->school</td>\n";
echo " <td>$r->address, $r->city, $r->postalcode</td>\n";
echo " <td>$r->phone</td>\n";
$sciencehead = '';
if ($r->sciencehead_uid > 0) {
$sh = user_load_by_uid($r->sciencehead_uid);
$sciencehead = $sh['name'];
}
echo " <td>$sciencehead</td>\n";
if ($config['participant_registration_type'] == 'schoolpassword')
echo " <td>$r->registration_password</td>\n";
echo " <td>$r->accesscode</td>\n";
echo ' <td align="center">';
echo "<a href=\"schools.php?action=edit&edit=$r->id\"><img border=\"0\" src=\"" . $config['SFIABDIRECTORY'] . '/images/16/edit.' . $config['icon_extension'] . '"></a>';
echo '&nbsp;';
echo "<a onclick=\"return confirmClick('Are you sure you want to remove this school?')\" href=\"schools.php?action=delete&delete=$r->id\"><img border=0 src=\"" . $config['SFIABDIRECTORY'] . '/images/16/button_cancel.' . $config['icon_extension'] . '"></a>';
echo " </td>\n";
echo "</tr>\n";
}
echo "</table>\n";
}
send_footer();
?>
View Git Blame Copy Permalink