gergof/SignUp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Dump everything from SVN

Browse Source
This commit is contained in:
Fándly Gergő
2019-08-08 16:40:15 +03:00
parent 7391f609d6
commit bcf29a3d4f
46 changed files with 4205 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
subs/.backend.php Normal file
View File

@ -0,0 +1,8 @@
<?php
/**
* /subs/.backend.php
* @version 1.0
* @desc backend of index. nothing, i mean NOTHING here. Just to keep integrity
* @author Fándly Gergő Zoltán
* @copy 2017 Fándly Gergő Zoltán
*/

2
subs/.htaccess Normal file
View File

@ -0,0 +1,2 @@
order allow,deny
deny from all

14
subs/.php Normal file
View File

@ -0,0 +1,14 @@
<?php
/**
* /subs/.php
* @version 1.0
* @desc index
* @author Fándly Gergő Zoltán
* @copy 2017 Fándly Gergő Zoltán
*/
?>
<div id="content">
<p><?php echo $lang['index_content'] ?></p>
</div>

44
subs/admin.backend.php Normal file
View File

@ -0,0 +1,44 @@
<?php
/**
* /subs/admin.backend.php
* @version 1.0
* @desc backend for admin site
* @author Fándly Gergő Zoltán
* @copy 2017 Fándly Gergő Zoltán
*/
if($_SESSION['accesslevel']>=3){
if(isset($_POST['ms_post'])){
if(!file_put_contents("./config/allowlogin.cnf", (isset($_POST['allow_login'])?1:0)) || !file_put_contents("./config/allowsignup.cnf", (isset($_POST['allow_signup'])?1:0))){
functions::setError(6);
if(!isset($_GET['backend'])) header("Location: ./admin");
}
else{
functions::setMessage(7);
if(!isset($_GET['backend'])) header("Location: ./admin");
}
}
if(isset($_POST['set_tsas_id'])){
$sql=$db->prepare("SELECT COUNT(id) AS count FROM time_sequences WHERE id=:id");
$sql->execute(array(":id"=>$_POST['set_tsas_id']));
$res=$sql->fetch(PDO::FETCH_ASSOC);
if($res['count']<1){
functions::setError(7);
if(!isset($_GET['backend'])) header("Location: ./admin");
}
else{
$sql=$db->prepare("UPDATE time_sequences SET allow_signup=:as WHERE id=:id");
$sql->execute(array(":as"=>(isset($_POST['set_tsas'])?1:0), ":id"=>$_POST['set_tsas_id']));
$res=$sql->rowCount();
if($res<1){
functions::setError(6);
if(!isset($_GET['backend'])) header("Location: ./admin");
}
else{
functions::setMessage(7);
if(!isset($_GET['backend'])) header("Location: ./admin");
}
}
}
}

74
subs/admin.php Normal file
View File

@ -0,0 +1,74 @@
<?php
/**
* /subs/admin.php
* @version 1.0
* @desc administrator area
* @author Fándly Gergő Zoltán
* @copy 2017 Fándly Gergő Zoltán
*/
?>
<div id="content">
<h2><?php echo $lang['admin'] ?></h2>
<br>
<div id="master_switch">
<form class="ajaxform" data-noreset="1" method="POST" action="" id="master_switch_form">
<input type="hidden" name="ms_post">
<fieldset>
<legend><?php echo $lang['masterswitch'] ?></legend>
<center>
<p><?php echo $lang['allow_login'] ?></p>
<div class="checkbox">
<input type="checkbox" name="allow_login" <?php if($config['allowlogin']) echo "checked" ?> id="o_<?php echo $oid ?>" onchange="$('#master_switch_form').submit()">
<label for="o_<?php echo $oid; $oid++ ?>"></label>
</div>
<br>
<br>
<p><?php echo $lang['allow_signup'] ?></p>
<div class="checkbox">
<input type="checkbox" name="allow_signup" <?php if($config['allowsignup']) echo "checked" ?> id="o_<?php echo $oid ?>" onchange="$('#master_switch_form').submit()">
<label for="o_<?php echo $oid; $oid++ ?>"></label>
</div>
</center>
</fieldset>
</form>
</div>
<hr class="placeholder">
<fieldset>
<legend><?php echo $lang['allow_signup_timesequence'] ?></legend>
<center>
<table>
<thead>
<tr>
<td data-breakpoints="xs"><?php echo $lang['id'] ?></td>
<td><?php echo $lang['timesequence'] ?></td>
<td data-breakpoints="xs sm"><?php echo $lang['actions'] ?></td>
</tr>
</thead>
<tbody>
<?php
$sql=$db->prepare("SELECT id, name, allow_signup FROM time_sequences ORDER BY id ASC");
$sql->execute();
while($row=$sql->fetch(PDO::FETCH_ASSOC)){
echo "<tr>";
echo "<td>".$row['id']."</td>";
echo "<td>".$row['name']."</td>";
echo "<td>";
echo "<form class=\"ajaxform\" data-noreset=\"1\" method=\"POST\" action=\"\" id=\"f_".$oid."\">";
echo "<input type=\"hidden\" name=\"set_tsas_id\" value=\"".$row['id']."\">";
echo "<div class=\"checkbox\">";
echo "<input type=\"checkbox\" name=\"set_tsas\" ".($row['allow_signup']==1?"checked":"")." id=\"o_".$oid."\" onchange=\"$('#f_".$oid."').submit()\">";
echo "<label for=\"o_".$oid."\"></label>";
echo "</div>";
echo "</form>";
echo "</td>";
echo "</tr>";
$oid++;
}
?>
</tbody>
</table>
</center>
</fieldset>
</div>

299
subs/programs.backend.php Normal file
View File

@ -0,0 +1,299 @@
<?php
/**
* /subs/programs.backend.php
* @version 1.0
* @desc backend for programs
* @author Fándly Gergő Zoltán 2017
* @copy 2017 Fándly Gergő Zoltán
*/
//cat decider
$where="";
if($_SESSION['accesslevel']<2){
preg_match("/[0-9]+/", $_SESSION['class'], $match);
$class=$match[0];
if($class==0){
$cat1=0;
$cat2=10;
}
else if($class==1 || $class==2){
$cat1=1;
$cat2=10;
}
else if($class==3 || $class==4){
$cat1=2;
$cat2=10;
}
else if($class==5 || $class==6){
$cat1=3;
$cat2=11;
}
else if($class==7 || $class==8){
$cat1=4;
$cat2=11;
}
else if($class==9 || $class==10){
$cat1=5;
$cat2=12;
}
else if($class==11 || $class==12){
$cat1=6;
$cat2=12;
}
$cat3=20;
$where="WHERE ts.allow_signup=1 and (p.category=".$cat1." or p.category=".$cat2." or p.category=".$cat3.")";
}
if($_SESSION['accesslevel']>=2){ //just for elevated users
/*
* Add new entries
*/
if(isset($_POST['nts_name'])){
$sql=$db->prepare("SELECT COUNT(id) AS count FROM time_sequences WHERE name=:name");
$sql->execute(array(":name"=>$_POST['nts_name']));
$res=$sql->fetch(PDO::FETCH_ASSOC);
if($res['count']>0){
functions::setError(5);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
else{
$sql=$db->prepare("INSERT INTO time_sequences (name) VALUES (:name)");
$sql->execute(array(":name"=>$_POST['nts_name']));
$res=$sql->rowCount();
if($res<1){
functions::setError(6);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
else{
functions::setMessage(3);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
}
}
if(isset($_POST['ntb_name']) && isset($_POST['ntb_timesequence'])){
$sql=$db->prepare("SELECT COUNT(id) AS count FROM time_blocks WHERE name=:name and sequence=:seq");
$sql->execute(array(":name"=>$_POST['ntb_name'], ":seq"=>$_POST['ntb_timesequence']));
$res=$sql->fetch(PDO::FETCH_ASSOC);
if($res['count']>0){
functions::setError(5);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
else{
$sql=$db->prepare("INSERT INTO time_blocks (name, sequence) VALUES (:name, :seq)");
$sql->execute(array(":name"=>$_POST['ntb_name'], ":seq"=>$_POST['ntb_timesequence']));
$res=$sql->rowCount();
if($res<1){
functions::setError(6);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
else{
functions::setMessage(3);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
}
}
if(isset($_POST['n_name']) && isset($_POST['n_description']) && isset($_POST['n_instructor']) && isset($_POST['n_location']) && isset($_POST['n_category']) && isset($_POST['n_timeblock']) && isset($_POST['n_maxpart'])){
$sql=$db->prepare("INSERT INTO programs (name, description, instructor, location, category, time_block, max_participants) VALUES (:name, :desc, :inst, :loc, :cat, :tb, :maxpart)");
$sql->execute(array(":name"=>$_POST['n_name'], ":desc"=>$_POST['n_description'], ":inst"=>$_POST['n_instructor'], ":loc"=>$_POST['n_location'], ":cat"=>$_POST['n_category'], ":tb"=>$_POST['n_timeblock'], ":maxpart"=>$_POST['n_maxpart']));
$res=$sql->rowCount();
if($res<1){
functions::setError(6);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
else{
functions::setMessage(3);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
}
/*
* delete entry
*/
if(isset($_GET['ts_delete'])){
$sql=$db->prepare("DELETE FROM time_sequences WHERE id=:id");
$sql->execute(array(":id"=>$_GET['ts_delete']));
$res=$sql->rowCount();
if($res<1){
functions::setError(6);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
else{
functions::setMessage(4);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
}
if(isset($_GET['tb_delete'])){
$sql=$db->prepare("DELETE FROM time_blocks WHERE id=:id");
$sql->execute(array(":id"=>$_GET['tb_delete']));
$res=$sql->rowCount();
if($res<1){
functions::setError(6);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
else{
functions::setMessage(4);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
}
if(isset($_GET['delete'])){
$sql=$db->prepare("DELETE FROM programs WHERE id=:id");
$sql->execute(array(":id"=>$_GET['delete']));
$res=$sql->rowCount();
if($res<1){
functions::setError(6);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
else{
functions::setMessage(4);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
}
}
/*
* Subscribe/unsubscribe
*/
if($_SESSION['accesslevel']==0){ //only they need it
if(isset($_GET['sub'])){
if((!$config['allowsignup'] && $_SESSION['except_signup']!=1) || $_SESSION['except_signup']==2){ //check if signup allowed
functions::setError(11);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
else{
$sql=$db->prepare("SELECT COUNT(p.id) AS count, p.category, p.time_block, p.max_participants, (SELECT COUNT(r.id) FROM registrations AS r WHERE r.program=p.id) AS cur_participants, ts.allow_signup FROM programs AS p INNER JOIN time_blocks AS tb ON (tb.id=p.time_block) INNER JOIN time_sequences AS ts ON (ts.id=tb.sequence) WHERE p.id=:id");
$sql->execute(array(":id"=>$_GET['sub']));
$prog=$sql->fetch(PDO::FETCH_ASSOC);
if($prog['count']<1){ //check if exists
functions::setError(7);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
else{
if($prog['cur_participants']>=$prog['max_participants']){ //check if not full
functions::setError(8);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
else{
$sql=$db->prepare("SELECT COUNT(r.id) AS count FROM registrations AS r INNER JOIN programs AS p ON (p.id=r.program) WHERE r.user=:uid and p.time_block=:tb");
$sql->execute(array(":uid"=>$_SESSION['id'], ":tb"=>$prog['time_block']));
$res=$sql->fetch(PDO::FETCH_ASSOC);
if($res['count']>0){ //check if not occupied on that time
functions::setError(9);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
else{
if($prog['category']!=$cat1 && $prog['category']!=$cat2 && $prog['category']!=$cat3){ //check if category coresponds
functions::setError(10);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
else{
if($prog['allow_signup']!=1){ //check if it is actually possible to sign up to this
functions::setError(13);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
else{
//subscribe
$sql=$db->prepare("INSERT INTO registrations(user, program) VALUES (:uid, :pid)");
$sql->execute(array(":uid"=>$_SESSION['id'], ":pid"=>$_GET['sub']));
$res=$sql->rowCount();
if($res<1){
functions::setError(6);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
else{
//add to history
$sql=$db->prepare("INSERT INTO registration_log (user, date, action, program) VALUES (:uid, :date, :act, :pid)");
$sql->execute(array(":uid"=>$_SESSION['id'], ":date"=>date("Y-m-d H:i:s"), ":act"=>1, ":pid"=>$_GET['sub']));
functions::setMessage(5);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
}
}
}
}
}
}
}
if(isset($_GET['unsub'])){
if((!$config['allowsignup'] && $_SESSION['except_signup']!=1) || $_SESSION['except_signup']==2){ //check if signup allowed
functions::setError(11);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
else{
$sql=$db->prepare("SELECT COUNT(id) AS count FROM registrations WHERE user=:uid and program=:pid");
$sql->execute(array(":uid"=>$_SESSION['id'], ":pid"=>$_GET['unsub']));
$res=$sql->fetch(PDO::FETCH_ASSOC);
if($res['count']<1){ //check if signed up
functions::setError(7);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
else{
$sql=$db->prepare("SELECT ts.allow_signup FROM registrations AS r INNER JOIN programs AS p ON (p.id=r.program) INNER JOIN time_blocks AS tb ON (tb.id=p.time_block) INNER JOIN time_sequences AS ts ON (ts.id=tb.sequence) WHERE user=:uid and program=:pid");
$sql->execute(array(":uid"=>$_SESSION['id'], ":pid"=>$_GET['unsub']));
$res=$sql->fetch(PDO::FETCH_ASSOC);
if($res['allow_signup']!=1){ //check if signup/down allowed
functions::setError(13);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
else{
//unsubscribe
$sql=$db->prepare("DELETE FROM registrations WHERE user=:uid and program=:pid");
$sql->execute(array(":uid"=>$_SESSION['id'], ":pid"=>$_GET['unsub']));
$res=$sql->rowCount();
if($res<1){
functions::setError(6);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
else{
//add to history
$sql=$db->prepare("INSERT INTO registration_log (user, date, action, program) VALUES (:uid, :date, :act, :pid)");
$sql->execute(array(":uid"=>$_SESSION['id'], ":date"=>date("Y-m-d H:i:s"), ":act"=>0, ":pid"=>$_GET['unsub']));
functions::setMessage(6);
if(!isset($_GET['backend'])) header("Location: ./programs");
}
}
}
}
}
}
/*
* Main query
*/
$msql=$db->prepare("SELECT p.id, p.name, p.description, p.instructor, p.location, p.category, tb.name AS time_block, ts.name AS time_sequence, p.max_participants, (SELECT COUNT(r.id) FROM registrations AS r WHERE r.program=p.id) AS cur_participants FROM programs AS p INNER JOIN time_blocks AS tb ON (tb.id=p.time_block) INNER JOIN time_sequences AS ts ON (ts.id=tb.sequence) ".$where." GROUP BY(p.id) ORDER BY p.name ASC");
$msql->execute();
/*
* EXPORT
*/
if(isset($_GET['export'])){
$csv=$BOM;
$csv.=$config['general']['org']."\n".$config['general']['title']."\n\n";
$csv.=$lang['id'].";".$lang['name'].";".$lang['description'].";".$lang['instructor'].";".$lang['location'].";".$lang['category'].";".$lang['timeblock'].";".$lang['maxpart'].";".$lang['curpart']."\n";
while($row=$msql->fetch(PDO::FETCH_ASSOC)){
$csv.=$row['id'].";".$row['name'].";".$row['description'].";".$row['instructor'].";".$row['location'].";".$lang['cat'][$row['category']].";".$row['time_sequence']."/".$row['time_block'].";".$row['max_participants'].";".$row['cur_participants']."\n";
}
//print
header("Content-type: application/octet-stream");
//header("Content-length: ".mb_strlen($csv));
header("Content-disposition: attachment; filename='".$config['general']['title']."_programs_export_".date("Y-m-d H-i-s").".csv'");
echo $csv;
die();
}

245
subs/programs.php Normal file
View File

@ -0,0 +1,245 @@
<?php
/**
* /subs/programs.php
* @version 1.0
* @desc programs
* @author Fándly Gergő Zoltán
* @copy 2017 Fándly Gergő Zoltán
*/
$oid=0;
?>
<div id="content">
<?php if($_SESSION['accesslevel']>=2): ?>
<div id="admintools">
<div id="tool_newprogram">
<form class="ajaxform" method="POST" action="" id="newprogram">
<fieldset>
<legend><?php echo $lang['newprogram'] ?></legend>
<center>
<table>
<tr>
<td><?php echo $lang['name'].": " ?></td>
<td><input type="text" name="n_name" placeholder="<?php echo $lang['name']."..." ?>" required></td>
</tr>
<tr>
<td><?php echo $lang['description'].": " ?></td>
<td><textarea name="n_description" placeholder="<?php echo $lang['description']."..." ?>" rows=10 cols=40></textarea></td>
</tr>
<tr>
<td><?php echo $lang['instructor'].": " ?></td>
<td><input type="text" name="n_instructor" placeholder="<?php echo $lang['instructor']."..." ?>" required></td>
</tr>
<tr>
<td><?php echo $lang['location'].": " ?></td>
<td><input type="text" name="n_location" placeholder="<?php echo $lang['location']."..." ?>" required></td>
</tr>
<tr>
<td><?php echo $lang['category'].": " ?></td>
<td>
<input type="radio" name="n_category" value="100" id="o_<?php echo $oid ?>" required><label for="o_<?php echo $oid; $oid++ ?>"><?php echo $lang['cat'][100] ?></label><br>
<input type="radio" name="n_category" value="0" id="o_<?php echo $oid ?>" required><label for="o_<?php echo $oid; $oid++ ?>"><?php echo $lang['cat'][0] ?></label><br>
<input type="radio" name="n_category" value="1" id="o_<?php echo $oid ?>" required><label for="o_<?php echo $oid; $oid++ ?>"><?php echo $lang['cat'][1] ?></label><br>
<input type="radio" name="n_category" value="2" id="o_<?php echo $oid ?>" required><label for="o_<?php echo $oid; $oid++ ?>"><?php echo $lang['cat'][2] ?></label><br>
<input type="radio" name="n_category" value="3" id="o_<?php echo $oid ?>" required><label for="o_<?php echo $oid; $oid++ ?>"><?php echo $lang['cat'][3] ?></label><br>
<input type="radio" name="n_category" value="4" id="o_<?php echo $oid ?>" required><label for="o_<?php echo $oid; $oid++ ?>"><?php echo $lang['cat'][4] ?></label><br>
<input type="radio" name="n_category" value="5" id="o_<?php echo $oid ?>" required><label for="o_<?php echo $oid; $oid++ ?>"><?php echo $lang['cat'][5] ?></label><br>
<input type="radio" name="n_category" value="6" id="o_<?php echo $oid ?>" required><label for="o_<?php echo $oid; $oid++ ?>"><?php echo $lang['cat'][6] ?></label><br>
<input type="radio" name="n_category" value="10" id="o_<?php echo $oid ?>" required><label for="o_<?php echo $oid; $oid++ ?>"><?php echo $lang['cat'][10] ?></label><br>
<input type="radio" name="n_category" value="11" id="o_<?php echo $oid ?>" required><label for="o_<?php echo $oid; $oid++ ?>"><?php echo $lang['cat'][11] ?></label><br>
<input type="radio" name="n_category" value="12" id="o_<?php echo $oid ?>" required><label for="o_<?php echo $oid; $oid++ ?>"><?php echo $lang['cat'][12] ?></label><br>
<input type="radio" name="n_category" value="20" id="o_<?php echo $oid ?>" required><label for="o_<?php echo $oid; $oid++ ?>"><?php echo $lang['cat'][20] ?></label>
</td>
</tr>
<tr>
<td><?php echo $lang['timeblock'].": " ?></td>
<td>
<?php
$sql=$db->prepare("SELECT tb.id, ts.name AS ts_name, tb.name AS tb_name FROM time_blocks AS tb INNER JOIN time_sequences AS ts ON (ts.id=tb.sequence)");
$sql->execute();
while($row=$sql->fetch(PDO::FETCH_ASSOC)){
echo "<input type=\"radio\" name=\"n_timeblock\" value=\"".$row['id']."\" id=\"o_".$oid."\" required><label for=\"o_".$oid."\">".$row['ts_name']."/".$row['tb_name']."</label><br>";
$oid++;
}
?>
</td>
</tr>
<tr>
<td><?php echo $lang['maxpart'].": " ?></td>
<td><input type="number" name="n_maxpart" placeholder="<?php echo $lang['maxpart']."..." ?>" required min=1></td>
</tr>
</table>
<br>
<br>
<button type="submit" form="newprogram"><?php echo $lang['ok'] ?></button>
</center>
</fieldset>
</form>
</div>
<br>
<div id="tool_newtimesequence">
<form class="ajaxform" method="POST" action="" id="newtimesequence" autocomplete="off">
<fieldset>
<legend><?php echo $lang['newtimesequence'] ?></legend>
<center>
<table>
<tr>
<td><?php echo $lang['name'].": " ?></td>
<td><input type="text" name="nts_name" placeholder="<?php echo $lang['name']."..." ?>" required></td>
</tr>
</table>
<br>
<br>
<button type="submit" form="newtimesequence"><?php echo $lang['ok'] ?></button>
</center>
</fieldset>
</form>
<br>
<table class="table" id="ts_table">
<thead>
<tr>
<th><?php echo $lang['id'] ?></th>
<th><?php echo $lang['name'] ?></th>
<th><?php echo $lang['actions'] ?></th>
</tr>
</thead>
<tbody>
<?php
$sql=$db->prepare("SELECT id, name FROM time_sequences ORDER BY name ASC");
$sql->execute();
while($row=$sql->fetch(PDO::FETCH_ASSOC)){
echo "<tr>";
echo "<td>".$row['id']."</td>";
echo "<td>".$row['name']."</td>";
echo "<td>";
echo "<button class=\"ajaxbutton\" type=\"button\" data-confirm=\"".$lang['qdelete']."\" data-url=\"./programs?ts_delete=".$row['id']."\">".$lang['delete']."</button>";
echo "</td>";
echo "</tr>";
}
?>
</tbody>
</table>
</div>
<br>
<div id="tool_newtimeblock">
<form class="ajaxform" method="POST" action="" id="newtimeblock" autocomplete="off">
<fieldset>
<legend><?php echo $lang['newtimeblock'] ?></legend>
<center>
<table>
<tr>
<td>
<?php echo $lang['name'].": " ?>
<br>
<span style="font-size: 0.8em"><?php echo $lang['time_block_disclaimer'] ?></span>
</td>
<td><input type="text" name="ntb_name" placeholder="<?php echo $lang['name']."..." ?>" required></td>
</tr>
<tr>
<td><?php echo $lang['timesequence'].": " ?></td>
<td>
<?php
$sql=$db->prepare("SELECT id, name FROM time_sequences ORDER BY name ASC");
$sql->execute();
while($row=$sql->fetch(PDO::FETCH_ASSOC)){
echo "<input type=\"radio\" name=\"ntb_timesequence\" value=\"".$row['id']."\" id=\"o_".$oid."\" required><label for=\"o_".$oid."\">".$row['name']."</label><br>";
$oid++;
}
?>
</td>
</tr>
</table>
<br>
<br>
<button type="submit" form="newtimeblock"><?php echo $lang['ok'] ?></button>
</center>
</fieldset>
</form>
<br>
<table class="table" id="tb_table">
<thead>
<tr>
<th><?php echo $lang['id'] ?></th>
<th><?php echo $lang['timesequence'] ?></th>
<th><?php echo $lang['name'] ?></th>
<th><?php echo $lang['actions'] ?></th>
</tr>
</thead>
<tbody>
<?php
$sql=$db->prepare("SELECT tb.id, tb.name, ts.name AS time_sequence FROM time_blocks AS tb INNER JOIN time_sequences AS ts ON (ts.id=tb.sequence) ORDER BY ts.name ASC, tb.name ASC");
$sql->execute();
while($row=$sql->fetch(PDO::FETCH_ASSOC)){
echo "<tr>";
echo "<td>".$row['id']."</td>";
echo "<td>".$row['time_sequence']."</td>";
echo "<td>".$row['name']."</td>";
echo "<td>";
echo "<button class=\"ajaxbutton\" type=\"button\" data-confirm=\"".$lang['qdelete']."\" data-url=\"./programs?tb_delete=".$row['id']."\">".$lang['delete']."</button>";
echo "</td>";
echo "</tr>";
}
?>
</tbody>
</table>
</div>
</div>
<hr class="placeholder">
<?php endif ?>
<h2><?php echo $lang['programs_content'] ?></h2>
<br>
<table class="table">
<thead>
<tr>
<th data-breakpoints="xs sm"><?php echo $lang['id'] ?></th>
<th><?php echo $lang['name'] ?></th>
<th data-breakpoints="xs sm md"><?php echo $lang['description'] ?></th>
<th data-breakpoints="xs sm"><?php echo $lang['instructor'] ?></th>
<th data-breakpoints="xs sm"><?php echo $lang['location'] ?></th>
<th data-breakpoints="xs"><?php echo $lang['category'] ?></th>
<th><?php echo $lang['timeblock'] ?></th>
<th data-breakpoints="xs sm"><?php echo $lang['maxpart'] ?></th>
<th data-breakpoints="xs sm"><?php echo $lang['curpart'] ?></th>
<th data-breakpoints="xs"><?php echo $lang['actions'] ?></th>
</tr>
</thead>
<tbody>
<?php
while($row=$msql->fetch(PDO::FETCH_ASSOC)){
echo "<tr>";
echo "<td>".$row['id']."</td>";
echo "<td>".$row['name']."</td>";
echo "<td>".$row['description']."</td>";
echo "<td>".$row['instructor']."</td>";
echo "<td>".$row['location']."</td>";
echo "<td>".$lang['cat'][$row['category']]."</td>";
echo "<td>".$row['time_sequence']."/".$row['time_block']."</td>";
echo "<td>".$row['max_participants']."</td>";
echo "<td>".$row['cur_participants']."</td>";
echo "<td>";
if($_SESSION['accesslevel']<1){
if($row['cur_participants']<$row['max_participants']){
echo "<button class=\"ajaxbutton\" type=\"button\" data-url=\"./programs?sub=".$row['id']."\">".$lang['subscribe']."</button>";
}
else{
echo "-";
}
}
else if($_SESSION['accesslevel']>=2){
echo "<button class=\"ajaxbutton\" type=\"button\" data-confirm=\"".$lang['qdelete']."\" data-url=\"./programs?delete=".$row['id']."\">".$lang['delete']."</button>";
}
else{
echo "-";
}
echo "</td>";
echo "</tr>";
}
?>
</tbody>
</table>
<hr class="placeholder">
<button type="button" onclick="window.location='./programs?export'"><?php echo $lang['export'] ?></button>
</div>

292
subs/timetable.backend.php Normal file
View File

@ -0,0 +1,292 @@
<?php
/**
* /subs/timetable.backend.php
* @version 1.0
* @desc Timetable sub backend
* @author Fándly Gergő Zoltán
* @copy 2017 Fándly Gergő Zoltán
*/
if($_SESSION['accesslevel']>=2){
if(isset($_GET['delete'])){
$sql=$db->prepare("SELECT COUNT(id) AS count, user, program FROM registrations WHERE id=:id");
$sql->execute(array(":id"=>$_GET['delete']));
$reg=$sql->fetch(PDO::FETCH_ASSOC);
if($reg['count']<1){
functions::setError(7);
if(!isset($_GET['backend'])) header("Location: ./timetable");
}
else{
$sql=$db->prepare("DELETE FROM registrations WHERE id=:id");
$sql->execute(array(":id"=>$_GET['delete']));
$res=$sql->rowCount();
if($res<1){
functions::setError(6);
if(!isset($_GET['backend'])) header("Location: ./timetable");
}
else{
//keep history integrity
$sql=$db->prepare("INSERT INTO registration_log (user, date, action, program) VALUES (:uid, :date, :act, :pid)");
$sql->execute(array(":uid"=>$reg['user'], ":date"=>date("Y-m-d H:i:s"), ":act"=>10, ":pid"=>$reg['program']));
functions::setMessage(4);
if(!isset($_GET['backend'])) header("Location: ./timetable");
}
}
}
//force add
if(isset($_POST['fa_user']) && isset($_POST['fa_program'])){
$sql=$db->prepare("SELECT COUNT(id) AS count FROM users WHERE id=:uid");
$sql->execute(array(":uid"=>$_POST['fa_user']));
$res=$sql->fetch(PDO::FETCH_ASSOC);
if($res['count']<1){ //check if user exists
functions::setError(7);
if(!isset($_GET['backend'])) header("Location: ./timetable");
}
else{
$sql=$db->prepare("SELECT COUNT(id) AS count, time_block FROM programs WHERE id=:pid");
$sql->execute(array(":pid"=>$_POST['fa_program']));
$prog=$sql->fetch(PDO::FETCH_ASSOC);
if($prog['count']<1){ //check if program exists
functions::setError(7);
if(!isset($_GET['backend'])) header("Location: ./timetable");
}
else{
$sql=$db->prepare("SELECT COUNT(r.id) AS count FROM registrations AS r INNER JOIN programs AS p ON (p.id=r.program) WHERE r.user=:uid and p.time_block=:tb");
$sql->execute(array(":uid"=>$_POST['fa_user'], ":tb"=>$prog['time_block']));
$res=$sql->fetch(PDO::FETCH_ASSOC);
if($res['count']>0){ //check if not occupied
functions::setError(12);
if(!isset($_GET['backend'])) header("Location: ./timetable");
}
else{ //do this!
$sql=$db->prepare("INSERT INTO registrations (user, program) VALUES (:uid, :pid)");
$sql->execute(array(":uid"=>$_POST['fa_user'], ":pid"=>$_POST['fa_program']));
$res=$sql->rowCount();
if($res<1){ //check insert failure
functions::setError(6);
if(!isset($_GET['backend'])) header("Location: ./timetable");
}
else{
//keep history integrity
$sql=$db->prepare("INSERT INTO registration_log (user, date, action, program) VALUES (:uid, :date, :act, :pid)");
$sql->execute(array(":uid"=>$_POST['fa_user'], ":date"=>date("Y-m-d H:i:s"), ":act"=>11, ":pid"=>$_POST['fa_program']));
functions::setMessage(3);
if(!isset($_GET['backend'])) header("Location: ./timetable");
}
}
}
}
}
if(isset($_POST['fa_class']) && isset($_POST['fa_program'])){
$sql=$db->prepare("SELECT COUNT(id) AS count FROM users WHERE class=:c");
$sql->execute(array(":c"=>$_POST['fa_class']));
$res=$sql->fetch(PDO::FETCH_ASSOC);
if($res['count']<1){ //check if class exists
functions::setError(7);
if(!isset($_GET['backend'])) header("Location: ./timetable");
}
else{
$sql=$db->prepare("SELECT COUNT(id) AS count, time_block FROM programs WHERE id=:pid");
$sql->execute(array(":pid"=>$_POST['fa_program']));
$prog=$sql->fetch(PDO::FETCH_ASSOC);
if($prog['count']<1){ //check if program exists
functions::setError(7);
if(!isset($_GET['backend'])) header("Location: ./timetable");
}
else{
$sql=$db->prepare("SELECT COUNT(r.id) AS count, r.id FROM registrations AS r INNER JOIN programs AS p ON (p.id=r.program) INNER JOIN users AS u ON (u.id=r.user) WHERE u.class=:c and u.accesslevel=0 and p.time_block=:tb");
$sql->execute(array(":c"=>$_POST['fa_class'], ":tb"=>$prog['time_block']));
$res=$sql->fetch(PDO::FETCH_ASSOC);
if($res['count']>0){ //check if not occupied
functions::setError(12);
if(!isset($_GET['backend'])) header("Location: ./timetable");
}
else{ //do this!
$sql=$db->prepare("INSERT INTO registrations (user, program) SELECT id, :pid FROM users WHERE class=:c and accesslevel=0");
$sql->execute(array(":c"=>$_POST['fa_class'], ":pid"=>$_POST['fa_program']));
$res=$sql->rowCount();
if($res<1){ //check insert failure
functions::setError(6);
if(!isset($_GET['backend'])) header("Location: ./timetable");
}
else{
//keep history integrity
$sql=$db->prepare("INSERT INTO registration_log (user, date, action, program) SELECT id, :date, :act, :pid FROM users WHERE class=:c and accesslevel=0");
$sql->execute(array(":c"=>$_POST['fa_class'], ":date"=>date("Y-m-d H:i:s"), ":act"=>11, ":pid"=>$_POST['fa_program']));
functions::setMessage(3);
if(!isset($_GET['backend'])) header("Location: ./timetable");
}
}
}
}
}
$msql=$db->prepare("SELECT id, name, class FROM users WHERE id<>1 and accesslevel=0 ORDER BY class ASC, name ASC");
$msql->execute();
}
if($_SESSION['accesslevel']==1){
$msql=$db->prepare("SELECT id, name, class FROM users WHERE id<>1 and accesslevel=0 and class=:class ORDER BY name ASC");
$msql->execute(array(":class"=>$_SESSION['class']));
}
if($_SESSION['accesslevel']<1){
$msql=$db->prepare("SELECT p.id, p.name, p.description, p.instructor, p.location, tb.name AS time_block, ts.name AS time_sequence FROM registrations AS r INNER JOIN programs AS p ON (p.id=r.program) INNER JOIN time_blocks AS tb ON (tb.id=p.time_block) INNER JOIN time_sequences AS ts ON (ts.id=tb.sequence) WHERE r.user=:uid ORDER BY ts.id ASC, tb.name ASC, p.name ASC");
$msql->execute(array(":uid"=>$_SESSION['id']));
}
/*
* EXPORT
*/
if(isset($_GET['export']) && $_SESSION['accesslevel']>=1){
$csv=$BOM;
$csv.=$config['general']['org']."\n".$config['general']['title']."\n\n";
$prog="";
$sql=$db->prepare("SELECT tb.id, ts.name AS time_sequence, tb.name AS time_block FROM time_blocks AS tb INNER JOIN time_sequences AS ts ON (ts.id=tb.sequence) ORDER BY ts.id ASC, tb.name ASC");
$sql->execute();
$tbs=array();
while($row=$sql->fetch(PDO::FETCH_ASSOC)){
$prog.=$row['time_sequence']."/".$row['time_block'].";";
array_push($tbs, $row['id']);
}
$prog=rtrim($prog, ";");
$csv.=$lang['uid'].";".$lang['name'].";".$lang['class'].";".$prog."\n";
while($row=$msql->fetch(PDO::FETCH_ASSOC)){
$i=0;
$prog="";
$sql=$db->prepare("SELECT r.id AS regid, tb.id AS time_block, p.name FROM registrations AS r INNER JOIN programs AS p ON (p.id=r.program) INNER JOIN time_blocks AS tb ON (tb.id=p.time_block) WHERE r.user=:uid ORDER BY tb.sequence ASC, tb.name ASC");
$sql->execute(array(":uid"=>$row['id']));
while($row2=$sql->fetch(PDO::FETCH_ASSOC)){
while($row2['time_block']!=$tbs[$i]){
$prog.="-;";
$i++;
}
$prog.=$row2['name'].";";
$i++;
}
for(;$i<count($tbs); $i++){
$prog.="-;";
}
$prog=rtrim($prog, ";");
$csv.=$row['id'].";".$row['name'].";".$row['class'].";".$prog."\n";
}
//print
header("Content-type: application/octet-stream");
//header("Content-length: ".mb_strlen($csv));
header("Content-disposition: attachment; filename='".$config['general']['title']."_timetable_export_".date("Y-m-d H-i-s").".csv'");
echo $csv;
die();
}
/*
* PRINT STUDENT CARD
*/
if(isset($_GET['studentcard'])){
if($_SESSION['accesslevel']<1){
$html="";
$html.="<table style=\"page-break-after: always; page-break-inside: avoid; height: 100%; width: 100%; text-align: center; border-spacing: 0.4em\">";
$html.="<tr>";
$html.="<td style=\"padding: 1em; border: 1px solid rgb(0,0,0); height: 45%; vertical-align: top\">";
$html.="<h3>".$config['general']['title']."</h3>";
$html.="<h3><i>".$config['general']['org']."</i></h3>";
$html.="<hr>";
$html.="<p>".$lang['name'].": ".$_SESSION['name']." | ".$lang['class'].": ".$_SESSION['class']." | ".$lang['studentprinted']."</p>";
$html.="<table style=\"width: 95%; font-size: 0.9em\" border=\"1\">";
$html.="<tr>";
$html.="<th>".$lang['timeblock']."</th>";
$html.="<th>".$lang['progname']."</th>";
$html.="<th>".$lang['instructor']."</th>";
$html.="<th>".$lang['signature']."</th>";
$html.="</tr>";
while($row=$msql->fetch(PDO::FETCH_ASSOC)){
$html.="<tr>";
$html.="<td>".$row['time_sequence']."<br>".$row['time_block']."</td>";
$html.="<td>".$row['name']."</td>";
$html.="<td>".$row['instructor']."</td>";
$html.="<td></td>";
$html.="</tr>";
}
$html.="</table>";
$html.="</td>";
$html.="</tr>";
$html.="</table>";
echo "<html><body><center>".$html."</center><script>window.print()</script></body></html>";
die();
}
else{
$html="";
$second=false;
while($row=$msql->fetch(PDO::FETCH_ASSOC)){
//header
if(!$second){
$html.="<table style=\"page-break-after: always; page-break-inside: avoid; height: 100%; width: 100%; text-align: center; border-spacing: 0.4em\">";
}
//content
$html.="<tr>";
$html.="<td style=\"padding: 1em; border: 1px solid rgb(0,0,0); height: 45%; vertical-align: top\">";
$html.="<h3>".$config['general']['title']."</h3>";
$html.="<h3><i>".$config['general']['org']."</i></h3>";
$html.="<hr>";
$html.="<p>".$lang['name'].": ".$row['name']." | ".$lang['class'].": ".$row['class']."</p>";
//programs
$html.="<table style=\"width: 95%; font-size: 0.9em\" border=\"1\">";
$html.="<tr>";
$html.="<th>".$lang['timeblock']."</th>";
$html.="<th>".$lang['progname']."</th>";
$html.="<th>".$lang['instructor']."</th>";
$html.="<th>".$lang['signature']."</th>";
$html.="</tr>";
//subquerry
$sql=$db->prepare("SELECT tb.name AS time_block, ts.name AS time_sequence, p.instructor, p.name FROM registrations AS r INNER JOIN programs AS p ON (p.id=r.program) INNER JOIN time_blocks AS tb ON (tb.id=p.time_block) INNER JOIN time_sequences AS ts ON (ts.id=tb.sequence) WHERE r.user=:uid ORDER BY ts.id ASC, tb.name ASC");
$sql->execute(array(":uid"=>$row['id']));
while($row2=$sql->fetch(PDO::FETCH_ASSOC)){
$html.="<tr>";
$html.="<td>".$row2['time_sequence']."<br>".$row2['time_block']."</td>";
$html.="<td>".$row2['name']."</td>";
$html.="<td>".$row2['instructor']."</td>";
$html.="<td></td>";
$html.="</tr>";
}
$html.="</table>";
$html.="</td>";
$html.="</tr>";
if($second){
$html.="</table>";
}
$second=!$second;
}
echo "<html><body><center>".$html."</center><script>window.print()</script></body></html>";
die();
}
}

186
subs/timetable.php Normal file
View File

@ -0,0 +1,186 @@
<?php
/**
* /subs/timetable.php
* @version 1.0
* @desc Timetable sub
* @author Fándly Gergő Zoltán
* @copy 2017 Fándly Gergő Zoltán
*/
?>
<div id="content">
<?php if($_SESSION['accesslevel']>=2): ?>
<div id="forceadddiv">
<form class="ajaxform" method="POST" action="" id="forceadd" autocomplete="off">
<fieldset>
<legend><?php echo $lang['forceadd'] ?></legend>
<center>
<p><?php echo $lang['forceadddisc'] ?></p>
<table>
<tr>
<td><?php echo $lang['user'].": " ?></td>
<td>
<select name="fa_user" required>
<option value="-1" selected disabled><?php echo $lang['pleaseselect'] ?></option>
<?php
$sql=$db->prepare("SELECT id, name, class FROM users WHERE accesslevel=0 and id<>1 ORDER BY class ASC, name ASC");
$sql->execute();
while($row=$sql->fetch(PDO::FETCH_ASSOC)){
echo "<option value=\"".$row['id']."\">".$row['class']." :: ".$row['name']."</option>";
}
?>
</select>
</td>
</tr>
<tr>
<td><?php echo "<b>".$lang['orthis']."</b> ".$lang['class'].": " ?></td>
<td>
<select name="fa_class">
<option value="-1" selected disabled><?php echo $lang['pleaseselect'] ?></option>
<?php
$sql=$db->prepare("SELECT DISTINCT class FROM users WHERE accesslevel=0 and id<>1 ORDER BY class ASC");
$sql->execute();
while($row=$sql->fetch(PDO::FETCH_ASSOC)){
echo "<option value=\"".$row['class']."\">".$row['class']."</option>";
}
?>
</select>
</td>
</tr>
<tr>
<td><?php echo $lang['program'].": " ?></td>
<td>
<select name="fa_program" required>
<option value="-1" selected disabled><?php echo $lang['pleaseselect'] ?></option>
<?php
$sql=$db->prepare("SELECT p.id, p.name, ts.name AS time_sequence, tb.name AS time_block FROM programs AS p INNER JOIN time_blocks AS tb ON (tb.id=p.time_block) INNER JOIN time_sequences AS ts ON (ts.id=tb.sequence) ORDER BY ts.id ASC, tb.name ASC, p.name ASC");
$sql->execute();
while($row=$sql->fetch(PDO::FETCH_ASSOC)){
echo "<option value=\"".$row['id']."\">".$row['time_sequence']."/".$row['time_block']." :: ".$row['name']."</option>";
}
?>
</select>
</td>
</tr>
</table>
<br>
<br>
<button type="submit" form="forceadd"><?php echo $lang['ok'] ?></button>
</center>
</fieldset>
</form>
</div>
<hr class="placeholder">
<?php endif ?>
<h2><?php echo $lang['timetable'] ?></h2>
<br>
<?php if($_SESSION['accesslevel']<1): ?>
<table class="table">
<thead>
<tr>
<th data-breakpoints="xs sm"><?php echo $lang['id'] ?></th>
<th><?php echo $lang['name'] ?></th>
<th data-breakpoints="xs sm md"><?php echo $lang['description'] ?></th>
<th data-breakpoints="xs sm"><?php echo $lang['instructor'] ?></th>
<th data-breakpoints="xs sm"><?php echo $lang['location'] ?></th>
<th><?php echo $lang['timeblock'] ?></th>
<th data-breakpoints="xs"><?php echo $lang['actions'] ?></th>
</tr>
</thead>
<tbody>
<?php
while($row=$msql->fetch(PDO::FETCH_ASSOC)){
echo "<tr>";
echo "<td>".$row['id']."</td>";
echo "<td>".$row['name']."</td>";
echo "<td>".$row['description']."</td>";
echo "<td>".$row['instructor']."</td>";
echo "<td>".$row['location']."</td>";
echo "<td>".$row['time_sequence']."/".$row['time_block']."</td>";
echo "<td><button class=\"ajaxbutton\" type=\"button\" data-confirm=\"".$lang['qunsubscribe']."\" data-url=\"./programs?unsub=".$row['id']."\">".$lang['unsubscribe']."</button></td>";
echo "</tr>";
}
?>
</tbody>
</table>
<?php elseif($_SESSION['accesslevel']>=1): ?>
<table class="table">
<thead>
<tr>
<th data-breakpoints="xs sm"><?php echo $lang['uid'] ?></th>
<th><?php echo $lang['name'] ?></th>
<th><?php echo $lang['class'] ?></th>
<?php
$sql=$db->prepare("SELECT tb.id, ts.name AS time_sequence, tb.name AS time_block FROM time_blocks AS tb INNER JOIN time_sequences AS ts ON (ts.id=tb.sequence) ORDER BY ts.id ASC, tb.name ASC");
$sql->execute();
$tbs=array();
while($row=$sql->fetch(PDO::FETCH_ASSOC)){
echo "<th data-breakpoints=\"xs sm\">".$row['time_sequence']."<br>".$row['time_block']."</th>";
array_push($tbs, $row['id']);
}
?>
</tr>
</thead>
<tbody>
<?php
while($row=$msql->fetch(PDO::FETCH_ASSOC)){
echo "<tr>";
echo "<td>".$row['id']."</td>";
echo "<td>".$row['name']."</td>";
echo "<td>".$row['class']."</td>";
$i=0;
$sql=$db->prepare("SELECT r.id AS regid, tb.id AS time_block, p.name FROM registrations AS r INNER JOIN programs AS p ON (p.id=r.program) INNER JOIN time_blocks AS tb ON (tb.id=p.time_block) WHERE r.user=:uid ORDER BY tb.sequence ASC, tb.name ASC");
$sql->execute(array(":uid"=>$row['id']));
while($row2=$sql->fetch(PDO::FETCH_ASSOC)){
while($row2['time_block']!=$tbs[$i]){
echo "<td>-</td>";
$i++;
}
echo "<td>";
echo $row2['name'];
if($_SESSION['accesslevel']>=2){
echo "<button class=\"ajaxbutton\" type=\"button\" data-confirm=\"".$lang['qdelete']."\" data-url=\"./timetable?delete=".$row2['regid']."\">".$lang['delete']."</button>";
}
echo "</td>";
$i++;
}
for(;$i<count($tbs); $i++){
echo "<td>-</td>";
}
echo "</tr>";
}
?>
</tbody>
</table>
<?php endif ?>
<hr class="placeholder">
<button type="button" onclick="window.location='./timetable?export'"><?php echo $lang['export'] ?></button>
<?php if($_SESSION['accesslevel']>=2 && $config['general']['programs_needed']!=0): ?>
<hr class="placeholder">
<h2><?php echo $lang['notcomplete'] ?></h2>
<table class="table">
<thead>
<tr>
<th data-breakpoints="xs sm"><?php echo $lang['uid'] ?></th>
<th><?php echo $lang['name'] ?></th>
<th><?php echo $lang['progcount'] ?></th>
</tr>
</thead>
<tbody>
<?php
$sql=$db->prepare("SELECT u.id, u.name, u.class, (SELECT COUNT(r.id) AS count FROM registrations AS r WHERE r.user=u.id) AS progcount FROM users AS u WHERE u.accesslevel=0 and u.id<>1 and (SELECT COUNT(r.id) AS count FROM registrations AS r WHERE r.user=u.id)<:pc GROUP BY (u.id)");
$sql->execute(array(":pc"=>$config['general']['programs_needed']));
while($row=$sql->fetch(PDO::FETCH_ASSOC)){
echo "<tr>";
echo "<td>".$row['id']."</td>";
echo "<td>".$row['name']."</td>";
echo "<td>".$row['class']."</td>";
echo "<td>".$row['progcount']."</td>";
echo "</tr>";
}
?>
</tbody>
</table>
<?php endif ?>
</div>

13
subs/timetable_programs.backend.php Normal file
View File

@ -0,0 +1,13 @@
<?php
/**
* /subs/timetable_programs.backend.php
* @version 1.0
* @desc timetable based on programs backend
* @author Fándly Gergő Zoltán
* @copy 2017 Fándly Gergő Zoltán
*/
$whereand="";
if($_SESSION['accesslevel']<2){
$whereand="and u.class='".$_SESSION['class']."' ";
}

78
subs/timetable_programs.php Normal file
View File

@ -0,0 +1,78 @@
<?php
/**
* /subs/timetable_programs.php
* @version 1.0
* @desc timetable based on programs
* @author Fándly Gergő Zoltán 2017
* @copy 2017 Fándly Gergő Zoltán
*/
?>
<div id="content">
<h2><?php echo $lang['timetable_programs'] ?></h2>
<hr class="placeholder">
<div id="printarea" style="width: 100%">
<center>
<div id="programs">
<?php
$sql=$db->prepare("SELECT p.id, p.name, p.instructor, p.location, ts.name AS time_sequence, tb.name AS time_block FROM programs AS p INNER JOIN time_blocks AS tb ON (tb.id=p.time_block) INNER JOIN time_sequences AS ts ON (ts.id=tb.sequence) ORDER BY p.name ASC, ts.id ASC, tb.name ASC");
$sql->execute();
while($row=$sql->fetch(PDO::FETCH_ASSOC)){
echo "<div style=\"page-break-after: always; page-break-inside: avoid; margin-bottom: 5em\">";
echo "<h3>".$row['name']."</h3>";
echo "<hr>";
echo "<p style=\"font-size: 0.8em\">".$lang['instructor'].": ".$row['instructor']." | ".$lang['location'].": ".$row['location']." | ".$lang['timeblock'].": ".$row['time_sequence']."/".$row['time_block']."</p>";
echo "<br>";
echo "<table class=\"table\">";
echo "<thead>";
echo "<tr>";
echo "<th data-breakpoints=\"xs sm\">".$lang['num']."</th>";
echo "<th>".$lang['name']."</th>";
echo "<th>".$lang['class']."</th>";
echo "</tr>";
echo "</thead>";
echo "<tbody>";
$num=1;
$sql2=$db->prepare("SELECT u.name, u.class FROM registrations AS r INNER JOIN users AS u ON (u.id=r.user) WHERE r.program=:pid ".$whereand." ORDER BY u.name ASC");
$sql2->execute(array(":pid"=>$row['id']));
while($row2=$sql2->fetch(PDO::FETCH_ASSOC)){
echo "<tr>";
echo "<td>".$num."</td>";
echo "<td>".$row2['name']."</td>";
echo "<td>".$row2['class']."</td>";
echo "</tr>";
}
echo "</tbody>";
echo "</table>";
echo "</div>";
}
?>
</div>
</center>
</div>
<hr class="placeholder">
<button type="button" onclick="window.location='./timetable_programs?print'"><?php echo $lang['print'] ?></button>
<?php if(isset($_GET['print'])): ?>
<style id="print">
body *{
visibility: hidden;
}
#printarea{
position: absolute;
left: 0;
top: 0;
}
#printarea, #printarea *{
visibility: visible;
}
</style>
<script>
setTimeout(function(){
window.print();
}, 2000);
</script>
<?php endif ?>
</div>

144
subs/users.backend.php Normal file
View File

@ -0,0 +1,144 @@
<?php
/**
* /subs/users.backend.php
* @version 1.0
* @desc backend for users managemant
* @author Fándly Gergő Zoltán
* @copy 2017 Fándly Gergő Zoltán
*/
if($_SESSION['accesslevel']>=3){
if(isset($_POST['n_name']) && isset($_POST['n_class']) && isset($_POST['n_al']) && isset($_POST['n_password'])){
$sql=$db->prepare("INSERT INTO users (name, class, accesslevel, password) VALUES (:name, :class, :al, :passwd)");
$sql->execute(array(":name"=>$_POST['n_name'], ":class"=>$_POST['n_class'], ":al"=>$_POST['n_al'], ":passwd"=>\Defuse\Crypto\Crypto::encrypt($_POST['n_password'], $crypto)));
$res=$sql->rowCount();
if($res<1){
functions::setError(6);
if(!isset($_GET['backend'])) header("Location: ./users");
}
else{
functions::setMessage(3);
if(!isset($_GET['backend'])) header("Location: ./users");
}
}
if(isset($_GET['all'])){
set_time_limit(120);
if($_GET['all']=="passwd"){
$sql=$db->prepare("SELECT id FROM users WHERE id<>1 and accesslevel<2");
$sql->execute();
while($row=$sql->fetch(PDO::FETCH_ASSOC)){
$sql2=$db->prepare("UPDATE users SET password=:passwd WHERE id=:id");
$sql2->execute(array(":passwd"=>\Defuse\Crypto\Crypto::encrypt(functions::randomString(6, functions::RAND_SMALL), $crypto), ":id"=>$row['id']));
}
functions::setMessage(7);
if(!isset($_GET['backend'])) header("Location: ./users");
}
else if($_GET['all']=="reset"){
$sql=$db->prepare("UPDATE users SET except_login=0, except_signup=0 WHERE id<>1");
$sql->execute();
functions::setMessage(7);
if(!isset($_GET['backend'])) header("Location: ./users");
}
}
if(isset($_GET['delete'])){
$sql=$db->prepare("SELECT COUNT(id) AS count FROM users WHERE id=:id");
$sql->execute(array(":id"=>$_GET['delete']));
$res=$sql->fetch(PDO::FETCH_ASSOC);
if($res['count']<1){
functions::setError(7);
if(!isset($_GET['backend'])) header("Location: ./users");
}
else{
$sql=$db->prepare("DELETE FROM users WHERE id=:id");
$sql->execute(array(":id"=>$_GET['delete']));
$res=$sql->rowCount();
if($res<1){
functions::setError(6);
if(!isset($_GET['backend'])) header("Location: ./users");
}
else{
functions::setMessage(4);
if(!isset($_GET['backend'])) header("Location: ./users");
}
}
}
if(isset($_GET['np_uid']) && isset($_GET['np_passwd'])){
$sql=$db->prepare("UPDATE users SET password=:passwd WHERE id=:uid");
$sql->execute(array(":passwd"=>\Defuse\Crypto\Crypto::encrypt($_GET['np_passwd'], $crypto), ":uid"=>$_GET['np_uid']));
$res=$sql->rowCount();
if($res<1){
functions::setError(6);
if(!isset($_GET['backend'])) header("Location: ./users");
}
else{
functions::setMessage(7);
if(!isset($_GET['backend'])) header("Location: ./users");
}
}
if(isset($_GET['el_uid']) && isset($_GET['el_param'])){
$sql=$db->prepare("UPDATE users SET except_login=:el WHERE id=:uid");
$sql->execute(array(":el"=>$_GET['el_param'], ":uid"=>$_GET['el_uid']));
$res=$sql->rowCount();
if($res<1){
functions::setError(6);
if(!isset($_GET['backend'])) header("Location: ./users");
}
else{
functions::setMessage(7);
if(!isset($_GET['backend'])) header("Location: ./users");
}
}
if(isset($_GET['es_uid']) && isset($_GET['es_param'])){
$sql=$db->prepare("UPDATE users SET except_signup=:es WHERE id=:uid");
$sql->execute(array(":es"=>$_GET['es_param'], ":uid"=>$_GET['es_uid']));
$res=$sql->rowCount();
if($res<1){
functions::setError(6);
if(!isset($_GET['backend'])) header("Location: ./users");
}
else{
functions::setMessage(7);
if(!isset($_GET['backend'])) header("Location: ./users");
}
}
}
$msql=$db->prepare("SELECT id, name, class, accesslevel, password, except_login, except_signup FROM users WHERE id<>1 ORDER BY class ASC, accesslevel DESC, name ASC");
$msql->execute();
/*
* Export
*/
if(isset($_GET['export'])){
$csv=$BOM;
$csv.=$config['general']['org']."\n".$config['general']['title']."\n\n";
if($_SESSION['accesslevel']==2){
$csv.=$lang['id'].";".$lang['name'].";".$lang['class'].";".$lang['accesslevel']."\n";
}
else{
$csv.=$lang['id'].";".$lang['name'].";".$lang['class'].";".$lang['accesslevel'].";".$lang['password'].";".$lang['except_login'].";".$lang['except_signup']."\n";
}
while($row=$msql->fetch(PDO::FETCH_ASSOC)){
if($_SESSION['accesslevel']==2){
$csv.=$row['id'].";".$row['name'].";".$row['class'].";".$lang['al'][$row['accesslevel']]."\n";
}
else{
$csv.=$row['id'].";".$row['name'].";".$row['class'].";".$lang['al'][$row['accesslevel']].";".\Defuse\Crypto\Crypto::decrypt($row['password'], $crypto).";".$row['except_login'].";".$row['except_signup']."\n";
}
}
//print
header("Content-type: application/octet-stream");
//header("Content-length: ".mb_strlen($csv));
header("Content-disposition: attachment; filename='".$config['general']['title']."_users_export_".date("Y-m-d H-i-s").".csv'");
echo $csv;
die();
}

99
subs/users.php Normal file
View File

@ -0,0 +1,99 @@
<?php
/**
* /subs/users.php
* @version 1.0
* @desc user managemant
* @author Fándly Gergő Zoltán
* @copy 2017 Fándly Gergő Zoltán
*/
$oid=0;
?>
<div id="content">
<?php if($_SESSION['accesslevel']>=3): ?>
<div id="newdiv">
<form class="ajaxform" method="POST" action="" id="new" autocomplete="off">
<fieldset>
<legend><?php echo $lang['newuser'] ?></legend>
<center>
<table>
<tr>
<td><?php echo $lang['name'].": " ?></td>
<td><input type="text" name="n_name" placeholder="<?php echo $lang['name']."..." ?>" required></td>
</tr>
<tr>
<td><?php echo $lang['class'].": " ?></td>
<td><input type="text" name="n_class" placeholder="<?php echo $lang['class']."..." ?>"></td>
</tr>
<tr>
<td><?php echo $lang['accesslevel'].": " ?></td>
<td>
<?php
for($i=0; $i<=3; $i++){
echo "<input type=\"radio\" name=\"n_al\" value=\"".$i."\" id=\"o_".$oid."\"><label for=\"o_".$oid."\">".$lang['al'][$i]."</label><br>";
$oid++;
}
?>
</td>
</tr>
<tr>
<td><?php echo $lang['password'].": " ?></td>
<td><input type="text" name="n_password" placeholder="<?php echo $lang['password']."..." ?>" required></td>
</tr>
</table>
<br>
<br>
<button type="submit" form="new"><?php echo $lang['ok'] ?></button>
</center>
</fieldset>
</form>
</div>
<hr class="placeholder">
<div id="utils">
<button class="ajaxbutton" type="button" data-keep="1" data-confirm="<?php echo $lang['qproceed'] ?>" data-url="./users?all=passwd"><?php echo $lang['newpassword4all'] ?></button>
<button class="ajaxbutton" type="button" data-keep="\" data-confirm="<?php echo $lang['qproceed'] ?>" data-url="./users?all=reset"><?php echo $lang['resetall'] ?></button>
</div>
<hr class="placeholder">
<?php endif ?>
<h2><?php echo $lang['users'] ?></h2>
<br>
<table class="table">
<thead>
<tr>
<th data-breakpoints="xs sm"><?php echo $lang['id'] ?></th>
<th><?php echo $lang['name'] ?></th>
<th><?php echo $lang['class'] ?></th>
<th data-breakpoints="xs sm"><?php echo $lang['accesslevel'] ?></th>
<?php if($_SESSION['accesslevel']>=3): ?><th data-breakpoints="xs sm md"><?php echo $lang['password'] ?></th><?php endif ?>
<?php if($_SESSION['accesslevel']>=3): ?><th data-breakpoints="xs sm md"><?php echo $lang['except_login'] ?></th><?php endif ?>
<?php if($_SESSION['accesslevel']>=3): ?><th data-breakpoints="xs sm md"><?php echo $lang['except_signup'] ?></th><?php endif ?>
<?php if($_SESSION['accesslevel']>=3): ?><th data-breakpoints="xs sm"><?php echo $lang['actions'] ?></th><?php endif ?>
</tr>
</thead>
<tbody>
<?php
while($row=$msql->fetch(PDO::FETCH_ASSOC)){
echo "<tr>";
echo "<td>".$row['id']."</td>";
echo "<td>".$row['name']."</td>";
echo "<td>".$row['class']."</td>";
echo "<td>".$lang['al'][$row['accesslevel']]."</td>";
if($_SESSION['accesslevel']>=3){
echo "<td><span class=\"password\">".\Defuse\Crypto\Crypto::decrypt($row['password'], $crypto)."</span></td>";
echo "<td>".$row['except_login']."</td>";
echo "<td>".$row['except_signup']."</td>";
echo "<td>";
echo "<button class=\"ajaxbutton\" type=\"button\" data-confirm=\"".$lang['qdelete']."\" data-url=\"./users?delete=".$row['id']."\">".$lang['delete']."</button>";
echo "<button class=\"ajaxbutton\" type=\"button\" data-keep=\"1\" data-prompt=\"".$lang['qnewpassword'].functions::randomString(6, functions::RAND_SMALL)."\" data-url=\"./users?np_uid=".$row['id']."&np_passwd=\">".$lang['newpassword']."</button>";
echo "<button class=\"ajaxbutton\" type=\"button\" data-keep=\"1\" data-prompt=\"".$lang['qexceptlogin']."\" data-url=\"./users?el_uid=".$row['id']."&el_param=\">".$lang['except_login']."</button>";
echo "<button class=\"ajaxbutton\" type=\"button\" data-keep=\"1\" data-prompt=\"".$lang['qexceptsignup']."\" data-url=\"./users?es_uid=".$row['id']."&es_param=\">".$lang['except_signup']."</button>";
}
echo "</tr>";
}
?>
</tbody>
</table>
<hr class="placeholder">
<button type="button" onclick="window.location='./users?export'"><?php echo $lang['export'] ?></button>
</div>