Location: PHPKode > projects > Echelon - A Writing Center Portal > echelon-1.0.0/dbaccess/getdata.php
<?php
/* getdata.php -- Provides DB access to non Admin-only pages using AJAX */

require_once("../include/user.php");
require_once("../include/config.php");
require_once("../include/sql_manip.php");
require_once("../include/util.php");

session_start();
/* Following snippet of code to prevent caching is from W3Schools.com */
header("Cache-Control: no-cache, must-revalidate");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");	// Date in the past

if (!check_auth($_SESSION))
{
	session_destroy();
	die();
}

if (($_GET['action'] == 'classlist') && isset($_GET['deptid']))
{
	require_once("../include/classdata.php");

	global $DATABASE;

	$tmpsql = new SQL_manip();
	$query = 'SELECT id,name,teacher_id FROM ' . $DATABASE['prefix'] . 'classdata WHERE department_id=' . $_GET['deptid'];
	$tmpsql->query($query);
	
	$output_html = '<select id="class_id" name="class_id" onchange="loadGoalTemplate(this.selectedIndex, 1)">' . "\n";
	$output_html .= '<option value="-1" selected="selected">&lt;Please make a choice&gt;</option>' . "\n";
	while ($row = $tmpsql->fetch_assoc())
	{
		$tmpclass = new DO_ClassData();
		$tmpclass->get((int) $row['id']);
		
		$output_html .= '<option value="' . $row['id'] . '">' . $tmpclass->get_fullname() . "</option>\n";
	}
	
	$output_html .= '</select>';
	println($output_html);
	exit();
}

if (($_GET['action'] == 'goaltemplate') && isset($_GET['classid']))
{
	require_once("../include/classdata.php");
	require_once("../include/goaltemplate.php");
	
	$tmpclass = new DO_ClassData();
	$tmpclass->get((int) $_GET['classid']);

	$tmpgoaltemp = new DO_GoalTemplate();
	$tmpgoaltemp->load_template_arr($tmpclass->get_goaltemplate_id());

	$temparr = $tmpgoaltemp->get_template_arr();

	$output_html = '<span class="GoalsTitle">Choose <span style="text-decoration: underline;">one</span> of the following as your <span style="text-decoration: underline;">main</span> goal for the session:</span><br />';
	$output_html .= '<table id="GoalsSectionTable">';
	foreach ($temparr as $key => $value)
	{
		$output_html .= '<tr><td><span class="FieldName">' . $value['title'] . "</span></td>\n";
		$output_html .= '<td><select name="GT_' . $value['varname'] . '">' . "\n";
		$output_html .= '<option value="-1" selected="selected">&lt;Please make a choice&gt;</option>' . "\n";
		for ($i = 0; $i < count($value['options']); $i++)
		{
			$output_html .= '<option>' . $value['options'][$i] . "</option>\n";
		}
		$output_html .= "</select></td></tr>\n";
	}
	$output_html .= "</table><br />\n";
	$output_html .=<<<EOD
	<span class="FieldName">Other Issues (please leave the box empty if none):</span><br />
<textarea name="other_issues" rows="5" cols="43"></textarea>
EOD;
	println($output_html);
	exit();
}

if (($_GET['action'] == 'meetingsessions') && isset($_GET['year']) && isset($_GET['month']) && isset($_GET['day']))
{
	if (illegal_date($_GET))
	{
		exit();
	}

	require_once("../include/globalconfig.php");
	require_once("../include/schedule.php");

	$gblconf_id = get_globalconf_id();
	$gblconf = new DO_GlobalConfig();
	$gblconf->get((int) $gblconf_id);

	$cursched_id = $gblconf->get_current_schedule_id();
	$cursched = new DO_Schedule();
	$cursched->load_schedule((int) $cursched_id);

	$day_str = date("l", mktime(0, 0, 0, $_GET['month'], $_GET['day'], $_GET['year']));

	if (!$cursched->is_legal_day($day_str))
	{
		exit();
	}

	$session_arr = $cursched->get_all_sessions();
	$output_html = '<select id="meeting_session" name="meeting_session">' . "\n";

	for ($i = 0; $i < count($session_arr); $i++)
	{
		$output_html .= '<option>' . $session_arr[$i] . "</option>\n";
	}	

	$output_html .= '</select>';
	println($output_html);
	exit();
}
if (($_GET['action'] == 'stats') && isset($_GET['type']) && isset($_GET['id']))
{
	if (!is_faculty($_SESSION) || !is_numeric($_GET['id']))
	{
		session_destroy();
		die();
	}
	
	$stype = trim($_GET['type']);
	if (($stype != 'class') && ($stype != 'department'))
	{
		die('Illegal Operation Attempted.');
	}
	
	$tmpuser = &$_SESSION['USER_OBJ'];
	if ($tmpuser->get_user_type() == 'depthead')
	{
		if (($stype == 'department') && ($tmpuser->get_department_id() != $_GET['id']))
		{
			die('Illegal Operation Attempted.');
		}
		if (($stype == 'class') && !($tmpuser->has_class($_GET['id'])))
		{
			die('Illegal Operation Attempted.');
		}
	}
	if ($tmpuser->get_user_type() == 'teacher')
	{
		if (($stype == 'department') && !($tmpuser->in_department($_GET['id'])))
		{
			die('Illegal Operation Attempted.');
		}
		if (($stype == 'class') && !($tmpuser->has_class($_GET['id'])))
		{
			die('Illegal Operation Attempted.');
		}
	}
	
	$statsdata = get_stats((int) $_GET['id'], $stype);
	if ($statsdata === FALSE)
	{
		die('<span class="MajorError">No data available.</span>');
	}
	
	$output_html = '<span class="StatsTotal">Total Number of Appointments = ' . $statsdata['APP_TOTAL']. "</span><br /><br />\n";
	
	$output_html .= get_statstable_html($statsdata);
	println($output_html);
	exit();
}
if (($_GET['action'] == 'classappts') && isset($_GET['id']))
{
	if (!is_faculty($_SESSION) || !is_numeric($_GET['id']))
	{
		session_destroy();
		die();
	}
	
	$tmpuser = &$_SESSION['USER_OBJ'];
	if (($tmpuser->get_user_type() != 'admin') && (!$tmpuser->has_class($_GET['id'])))
	{
		die('Illegal Operation Attempted.');
	}
	
	$output_html = get_classappts_html((int) $_GET['id']);
	println($output_html);
	exit();
}
if (($_GET['action'] == 'deptappts') && isset($_GET['id']))
{
	if (!is_admin($_SESSION) || !is_numeric($_GET['id']))
	{
		session_destroy();
		die();
	}
	
	$tmpuser = &$_SESSION['USER_OBJ'];
	if (($tmpuser->get_user_type() != 'admin') && (!$tmpuser->has_class($_GET['id'])))
	{
		die('Illegal Operation Attempted.');
	}
	
	$output_html = get_deptappts_html((int) $_GET['id']);
	println($output_html);
	exit();
}

if (($_GET['action'] == 'gtview') && is_numeric($_GET['id']))	// For Teachers and Admins
{
	require_once("../include/goaltemplate.php");
	
	$gt_id = (int) $_GET['id'];
	
	if (!is_valid_goaltemplate($gt_id))
	{
		println('<span class="NormalError">Invalid goal template specified.</span>');
		die();
	}
	
	$gt_obj = new DO_GoalTemplate();
	$gt_obj->load_template_arr($gt_id);
	$gt_arr = $gt_obj->get_template_arr();
	
	$output_html = '<table id="viewGTSelTable">';
	foreach ($gt_arr as $value)
	{
		$output_html .= get_goalfield_html($value);
	}
	$output_html .= "</table>";
	
	println($output_html);
	exit();
}

if (($_GET['action'] == 'viewclass') && isset($_GET['id']))
{
	if (!is_faculty($_SESSION) || !is_numeric($_GET['id']))
	{
		session_destroy();
		die();
	}
	
	$tmpuser = &$_SESSION['USER_OBJ'];
	if (($tmpuser->get_user_type() != 'teacher') || !$tmpuser->has_class($_GET['id']) || !is_valid_classdata($_GET['id']))
	{
		die('Illegal Operation Attempted.');
	}
	
	$output_html = get_classview_html((int) $_GET['id']);
	println($output_html);
	exit();
}
?>
Return current item: Echelon - A Writing Center Portal