Skip to content

Commit

Permalink
Version 9.0 release
Browse files Browse the repository at this point in the history 
Older version shifted to branch: Version_8.0
  • Loading branch information
@sarika0lal
sarika0lal committed Dec 31, 2022
1 parent 381a1ad commit 81799fd
Show file tree
Hide file tree
Showing 1,875 changed files with 379,204 additions and 36,307 deletions.
76 changes: 35 additions & 41 deletions Ajax.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
#***************************************************************************************

session_start();
!empty($_SESSION['USERNAME']) or die('Access denied!');
//!empty($_SESSION['PROFILE_ID']) or die('Access denied!');

include "functions/ParamLibFnc.php";
echo '<script type="text/javascript" src="assets/js/pages/components_popups.js"></script>';
Expand Down Expand Up @@ -99,14 +99,13 @@
if ($url === FALSE) {
header('Location: index.php');
}
error_reporting(E_ERROR);
$isajax = "ajax";
$start_time = time();
include 'Warehouse.php';
array_rwalk($_REQUEST, 'strip_tags');
$title_set = '';

if (UserStudentID() && User('PROFILE') != 'parent' && User('PROFILE') != 'student' && substr(clean_param($_REQUEST['modname'], PARAM_NOTAGS), 0, 5) != 'Atten' && substr(clean_param($_REQUEST['modname'], PARAM_NOTAGS), 0, 5) != 'users' && clean_param($_REQUEST['modname'], PARAM_NOTAGS) != 'students/AddUsers.php' && $_REQUEST['modname']!= 'tools/Backup.php' && (substr(clean_param($_REQUEST['modname'], PARAM_NOTAGS), 0, 10) != 'attendance' || clean_param($_REQUEST['modname'], PARAM_NOTAGS) == 'attendance/StudentSummary.php' || clean_param($_REQUEST['modname'], PARAM_NOTAGS) == 'attendance/DailySummary.php' || clean_param($_REQUEST['modname'], PARAM_NOTAGS) == 'attendance/AddAbsences.php')) {
if (UserStudentID() && User('PROFILE') != 'parent' && User('PROFILE') != 'student' && substr(clean_param($_REQUEST['modname'], PARAM_NOTAGS), 0, 5) != 'Atten' && substr(clean_param($_REQUEST['modname'], PARAM_NOTAGS), 0, 5) != 'users' && clean_param($_REQUEST['modname'], PARAM_NOTAGS) != 'students/AddUsers.php' && $_REQUEST['modname'] != 'tools/Backup.php' && (substr(clean_param($_REQUEST['modname'], PARAM_NOTAGS), 0, 10) != 'attendance' || clean_param($_REQUEST['modname'], PARAM_NOTAGS) == 'attendance/StudentSummary.php' || clean_param($_REQUEST['modname'], PARAM_NOTAGS) == 'attendance/DailySummary.php' || clean_param($_REQUEST['modname'], PARAM_NOTAGS) == 'attendance/AddAbsences.php')) {
$RET = DBGet(DBQuery("SELECT FIRST_NAME,LAST_NAME,MIDDLE_NAME,NAME_SUFFIX FROM students WHERE STUDENT_ID='" . UserStudentID() . "'"));
$count_student_RET = DBGet(DBQuery("SELECT COUNT(*) AS NUM FROM students"));

Expand All @@ -125,8 +124,8 @@
'students/EnrollmentReport.php',
// For Scheduling
// 'scheduling/Schedule.php',
'scheduling/ViewSchedule.php',
'scheduling/Requests.php',
'scheduling/ViewSchedule.php',
'scheduling/Requests.php',
// 'scheduling/MassSchedule.php',
// 'scheduling/MassRequests.php',
'scheduling/PrintSchedules.php',
Expand All @@ -141,7 +140,7 @@
'grades/AdminProgressReports.php',
'grades/ProgressReports.php',
// 'grades/HonorRoll.php',
'grades/EditReportCardGrades.php',
'grades/EditReportCardGrades.php',
// 'grades/GraduationProgress.php',
// For Attendance
'attendance/AddAbsences.php',
Expand All @@ -156,37 +155,32 @@

$allow_back_to_student_list = array(
// For Students
'students/Student.php',
'students/Student.php',
// For Scheduling
// 'scheduling/Schedule.php',
'scheduling/ViewSchedule.php',
'scheduling/Requests.php',
'scheduling/ViewSchedule.php',
'scheduling/Requests.php',
// For Grades
'grades/EditReportCardGrades.php',
'grades/EditReportCardGrades.php',
// For Eligibility
'eligibility/Student.php'
);

if ($count_student_RET[1]['NUM'] > 1) {
$title_set = 'y';

if(in_array($_REQUEST['modname'], $allow_buffer_list))
{
if(in_array($_REQUEST['modname'], $allow_back_to_student_list))
{
DrawHeaderHome('<div class="panel"><div class="panel-heading"><h6 class="panel-title">'._selectedStudent.' : ' . $RET[1]['FIRST_NAME'] . '&nbsp;' . ($RET[1]['MIDDLE_NAME'] ? $RET[1]['MIDDLE_NAME'] . ' ' : '') . $RET[1]['LAST_NAME'] . '&nbsp;' . $RET[1]['NAME_SUFFIX'] . '</h6> <div class="heading-elements clearfix"><span class="heading-text"><A HREF=Modules.php?modname=' . clean_param($_REQUEST['modname'], PARAM_NOTAGS) . '&search_modfunc=list&next_modname=Students/Student.php&ajax=true&bottom_back=true&return_session=true target=body><i class="icon-square-left"></i> '._backToStudentList.'</A></span><div class="btn-group heading-btn"><A HREF=SideForStudent.php?student_id=new&modcat=' . clean_param($_REQUEST['modcat'], PARAM_NOTAGS) . '&modname=' . $_REQUEST['modname'] . ' class="btn btn-danger btn-xs">'._deselect.'</A></div></div></div></div>');
}
else
{
DrawHeaderHome('<div class="panel"><div class="panel-heading"><h6 class="panel-title">'._selectedStudent.' : ' . $RET[1]['FIRST_NAME'] . '&nbsp;' . ($RET[1]['MIDDLE_NAME'] ? $RET[1]['MIDDLE_NAME'] . ' ' : '') . $RET[1]['LAST_NAME'] . '&nbsp;' . $RET[1]['NAME_SUFFIX'] . '</h6> <div class="heading-elements clearfix"><div class="btn-group heading-btn"><A HREF=SideForStudent.php?student_id=new&modcat=' . clean_param($_REQUEST['modcat'], PARAM_NOTAGS) . '&modname=' . $_REQUEST['modname'] . ' class="btn btn-danger btn-xs">'._deselect.'</A></div></div></div></div>');
if (in_array($_REQUEST['modname'], $allow_buffer_list)) {
if (in_array($_REQUEST['modname'], $allow_back_to_student_list)) {
DrawHeaderHome('<div class="panel"><div class="panel-heading"><h6 class="panel-title">' . _selectedStudent . ' : ' . $RET[1]['FIRST_NAME'] . '&nbsp;' . ($RET[1]['MIDDLE_NAME'] ? $RET[1]['MIDDLE_NAME'] . ' ' : '') . $RET[1]['LAST_NAME'] . '&nbsp;' . $RET[1]['NAME_SUFFIX'] . '</h6> <div class="heading-elements clearfix"><span class="heading-text"><A HREF=Modules.php?modname=' . clean_param($_REQUEST['modname'], PARAM_NOTAGS) . '&search_modfunc=list&next_modname=Students/Student.php&ajax=true&bottom_back=true&return_session=true target=body><i class="icon-square-left"></i> ' . _backToStudentList . '</A></span><div class="btn-group heading-btn"><A HREF=SideForStudent.php?student_id=new&modcat=' . clean_param($_REQUEST['modcat'], PARAM_NOTAGS) . '&modname=' . $_REQUEST['modname'] . ' class="btn btn-danger btn-xs">' . _deselect . '</A></div></div></div></div>');
} else {
DrawHeaderHome('<div class="panel"><div class="panel-heading"><h6 class="panel-title">' . _selectedStudent . ' : ' . $RET[1]['FIRST_NAME'] . '&nbsp;' . ($RET[1]['MIDDLE_NAME'] ? $RET[1]['MIDDLE_NAME'] . ' ' : '') . $RET[1]['LAST_NAME'] . '&nbsp;' . $RET[1]['NAME_SUFFIX'] . '</h6> <div class="heading-elements clearfix"><div class="btn-group heading-btn"><A HREF=SideForStudent.php?student_id=new&modcat=' . clean_param($_REQUEST['modcat'], PARAM_NOTAGS) . '&modname=' . $_REQUEST['modname'] . ' class="btn btn-danger btn-xs">' . _deselect . '</A></div></div></div></div>');
}
}
} else if ($count_student_RET[1]['NUM'] == 1) {
$title_set = 'y';

if(in_array($_REQUEST['modname'], $allow_buffer_list))
{
DrawHeaderHome('<div class="panel"><div class="panel-heading"><h6 class="panel-title">'._selectedStudent.' : ' . $RET[1]['FIRST_NAME'] . '&nbsp;' . ($RET[1]['MIDDLE_NAME'] ? $RET[1]['MIDDLE_NAME'] . ' ' : '') . $RET[1]['LAST_NAME'] . '&nbsp;' . $RET[1]['NAME_SUFFIX'] . '</h6> <div class="heading-elements clearfix"><A HREF=SideForStudent.php?student_id=new&modcat=' . clean_param($_REQUEST['modcat'], PARAM_NOTAGS) . '&modname=' . $_REQUEST['modname'] . ' class="btn btn-danger btn-xs">'._deselect.'</A></div></div></div>');
if (in_array($_REQUEST['modname'], $allow_buffer_list)) {
DrawHeaderHome('<div class="panel"><div class="panel-heading"><h6 class="panel-title">' . _selectedStudent . ' : ' . $RET[1]['FIRST_NAME'] . '&nbsp;' . ($RET[1]['MIDDLE_NAME'] ? $RET[1]['MIDDLE_NAME'] . ' ' : '') . $RET[1]['LAST_NAME'] . '&nbsp;' . $RET[1]['NAME_SUFFIX'] . '</h6> <div class="heading-elements clearfix"><A HREF=SideForStudent.php?student_id=new&modcat=' . clean_param($_REQUEST['modcat'], PARAM_NOTAGS) . '&modname=' . $_REQUEST['modname'] . ' class="btn btn-danger btn-xs">' . _deselect . '</A></div></div></div>');
}
}
}
Expand All @@ -199,7 +193,7 @@
if ($_REQUEST['modname'] != 'users/User.php') {
$RET = DBGet(DBQuery("SELECT FIRST_NAME,LAST_NAME FROM staff WHERE STAFF_ID='" . UserStaffID() . "'"));
echo '<div class="panel panel-default">';
DrawHeader(''._selectedStaff.' : ' . $RET[1]['FIRST_NAME'] . '&nbsp;' . $RET[1]['LAST_NAME'], '<span class="heading-text"><A HREF=Modules.php?modname=' . clean_param($_REQUEST['modname'], PARAM_NOTAGS) . '&search_modfunc=list&next_modname=users/User.php&ajax=true&bottom_back=true&return_session=true target=body><i class="icon-square-left"></i> '._backToUserList.'</A></span><div class="btn-group heading-btn"><A HREF=Side.php?staff_id=new&modcat=' . clean_param($_REQUEST['modcat'], PARAM_NOTAGS) . ' class="btn btn-danger btn-xs">'._deselect.'</A></div>');
DrawHeader('' . _selectedStaff . ' : ' . $RET[1]['FIRST_NAME'] . '&nbsp;' . $RET[1]['LAST_NAME'], '<span class="heading-text"><A HREF=Modules.php?modname=' . clean_param($_REQUEST['modname'], PARAM_NOTAGS) . '&search_modfunc=list&next_modname=users/User.php&ajax=true&bottom_back=true&return_session=true target=body><i class="icon-square-left"></i> ' . _backToUserList . '</A></span><div class="btn-group heading-btn"><A HREF=Side.php?staff_id=new&modcat=' . clean_param($_REQUEST['modcat'], PARAM_NOTAGS) . ' class="btn btn-danger btn-xs">' . _deselect . '</A></div>');
echo '</div>';
}
}
Expand All @@ -208,10 +202,10 @@
if (!isset($_REQUEST['_openSIS_PDF'])) {
Warehouse('header');

// if (strpos(clean_param($_REQUEST['modname'], PARAM_NOTAGS), 'miscellaneous/') === false)
// echo '<script language="JavaScript">if(window == top && (!window.opener || window.opener.location.href.substring(0,(window.opener.location.href.indexOf("&")!=-1?window.opener.location.href.indexOf("&"):window.opener.location.href.replace("#","").length))!=window.location.href.substring(0,(window.location.href.indexOf("&")!=-1?window.location.href.indexOf("&"):window.location.href.replace("#","").length)))) window.location.href = "index.php";</script>';
echo "<BODY marginwidth=0 leftmargin=0 border=0 onload='doOnload();' background=assets/bg.gif>";
echo '<DIV id="Migoicons" style="visibility:hidden;position:absolute;z-index:1000;top:-100"></DIV>';
if (strpos(clean_param($_REQUEST['modname'], PARAM_NOTAGS), 'miscellaneous/') === false)
echo '<script language="JavaScript">if(window == top && (!window.opener || window.opener.location.href.substring(0,(window.opener.location.href.indexOf("&")!=-1?window.opener.location.href.indexOf("&"):window.opener.location.href.replace("#","").length))!=window.location.href.substring(0,(window.location.href.indexOf("&")!=-1?window.location.href.indexOf("&"):window.location.href.replace("#","").length)))) window.location.href = "index.php";</script>';
// echo "<BODY marginwidth=0 leftmargin=0 border=0 onload='doOnload();' background=assets/bg.gif>";
// echo '<DIV id="Migoicons" style="visibility:hidden;position:absolute;z-index:1000;top:-100"></DIV>';
}

$ajax_to_sign_in = "";
Expand Down Expand Up @@ -261,8 +255,7 @@

if (preg_match('/\.\./', $modname) !== 1)
include 'modules/' . $modname;
}
else {
} else {
if (User('USERNAME')) {


Expand All @@ -273,7 +266,7 @@
}


echo ""._youReNotAllowedToUseThisProgram."! "._thisAttemptedViolationHasBeenLoggedAndYourIpAddressWasCaptured.".";
echo "" . _youReNotAllowedToUseThisProgram . "! " . _thisAttemptedViolationHasBeenLoggedAndYourIpAddressWasCaptured . ".";
DBQuery("INSERT INTO hacking_log (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('$_SERVER[SERVER_NAME]','$ip','" . date('Y-m-d') . "','$openSISVersion','$_SERVER[PHP_SELF]','$_SERVER[DOCUMENT_ROOT]','$_SERVER[SCRIPT_NAME]','$_REQUEST[modname]','" . User('USERNAME') . "')");
Warehouse('footer');
if ($openSISNotifyAddress)
Expand Down Expand Up @@ -302,7 +295,8 @@
echo '</HTML>';
}

function decode_unicode_url($str) {
function decode_unicode_url($str)
{
$res = '';

$i = 0;
Expand All @@ -317,11 +311,11 @@ function decode_unicode_url($str) {
$character = chr($value);
else if ($value < 0x0800) // 2 bytes: 110xxxxx 10xxxxxx
$character = chr((($value & 0x07c0) >> 6) | 0xc0)
. chr(($value & 0x3f) | 0x80);
. chr(($value & 0x3f) | 0x80);
else // 3 bytes: 1110xxxx 10xxxxxx 10xxxxxx
$character = chr((($value & 0xf000) >> 12) | 0xe0)
. chr((($value & 0x0fc0) >> 6) | 0x80)
. chr(($value & 0x3f) | 0x80);
. chr((($value & 0x0fc0) >> 6) | 0x80)
. chr(($value & 0x3f) | 0x80);
} else
$i++;

Expand All @@ -331,21 +325,23 @@ function decode_unicode_url($str) {
return $res . substr($str, $i);
}

function code2utf($num) {
function code2utf($num)
{
if ($num < 128)
return chr($num);
if ($num < 1024)
return chr(($num >> 6) + 192) . chr(($num & 63) + 128);
if ($num < 32768)
return chr(($num >> 12) + 224) . chr((($num >> 6) & 63) + 128)
. chr(($num & 63) + 128);
. chr(($num & 63) + 128);
if ($num < 2097152)
return chr(($num >> 18) + 240) . chr((($num >> 12) & 63) + 128)
. chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128);
. chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128);
return '';
}

function unescape($strIn, $iconv_to = 'UTF-8') {
function unescape($strIn, $iconv_to = 'UTF-8')
{
$strOut = '';
$iPos = 0;
$len = strlen($strIn);
Expand Down Expand Up @@ -382,5 +378,3 @@ function unescape($strIn, $iconv_to = 'UTF-8') {
}
return $strOut;
}

?>
2 changes: 1 addition & 1 deletion Bottom.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#***************************************************************************************
error_reporting(0);
error_reporting(0);
include("functions/ParamLibFnc.php");
require_once("Data.php");
include "./Warehouse.php";
Expand Down
1 change: 1 addition & 0 deletions CalculateGpaProcess.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
#***************************************************************************************
error_reporting(0);


include('RedirectRootInc.php');
include 'Warehouse.php';
include 'Data.php';
Expand Down
1 change: 1 addition & 0 deletions CalculateMissingAttendance.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
#
#***************************************************************************************
error_reporting(0);

include('RedirectRootInc.php');
include 'Warehouse.php';
include 'Data.php';
Expand Down
7 changes: 5 additions & 2 deletions CalendarModal.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
include('RedirectRootInc.php');
include'ConfigInc.php';
include 'Warehouse.php';

/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
Expand All @@ -13,7 +14,9 @@
//----------------------- modal for event start---------------------//
// $connection = new mysqli($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName);
$_REQUEST['event_id'] = mysqli_real_escape_string($connection,optional_param('event_id', '', PARAM_DATA));
if (($_REQUEST['event_id'] || !isset($_REQUEST['event_id'])) && !isset($_REQUEST[assignment_id])) {
$_REQUEST['assignment_id'] = sqlSecurityFilter($_REQUEST['assignment_id']);

if (($_REQUEST['event_id'] || !isset($_REQUEST['event_id'])) && !isset($_REQUEST['assignment_id'])) {
if ($_REQUEST['event_id'] != 'new' && isset($_REQUEST['event_id'])) {
$RET = DBGet(DBQuery("SELECT TITLE,DESCRIPTION,SCHOOL_DATE,CALENDAR_ID FROM calendar_events WHERE ID='$_REQUEST[event_id]'"));
$title = $RET[1]['TITLE'];
Expand All @@ -27,7 +30,7 @@
}
echo "<FORM name=popform class=\"m-b-0\" id=popform action=Modules.php?modname=schoolsetup/Calendar.php&dd=$_REQUEST[school_date]&modfunc=detail&event_id=$_REQUEST[event_id]&calendar_id=$calendar_id&month=$_REQUEST[month]&year=$_REQUEST[year] METHOD=POST>";
} else {
$RET = DBGet(DBQuery('SELECT TITLE,STAFF_ID,DATE_FORMAT(DUE_DATE,\'%d-%b-%y\') AS SCHOOL_DATE,ASSIGNED_DATE,DUE_DATE,DESCRIPTION FROM gradebook_assignments WHERE ASSIGNMENT_ID=\'' . $_REQUEST[assignment_id] . '\''));
$RET = DBGet(DBQuery('SELECT TITLE,STAFF_ID,DATE_FORMAT(DUE_DATE,\'%d-%b-%y\') AS SCHOOL_DATE,ASSIGNED_DATE,DUE_DATE,DESCRIPTION FROM gradebook_assignments WHERE ASSIGNMENT_ID=\'' . $_REQUEST['assignment_id'] . '\''));
$title = $RET[1]['TITLE'];
$RET[1]['STAFF_ID'] = GetTeacher($RET[1]['STAFF_ID']);
}
Expand Down
37 changes: 37 additions & 0 deletions CheckUrlWs.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
<?php
$url = $_REQUEST['url'];
$data = array();
$exists = '';
$file_headers = '';
$s = empty($_SERVER["HTTPS"]) ? '' : ($_SERVER["HTTPS"] == "on") ? "s" : "";
$sp = strtolower($_SERVER["SERVER_PROTOCOL"]);
$protocol = substr($sp, 0, strpos($sp, "/")) . $s;
$out=$protocol . "://" . $url;
$file_headers = @get_headers($out);

if(count($file_headers)>1)
{
if($file_headers[0]!='' && strpos($file_headers[0], '404')) {
$exists = 0;
}
else {
$exists = 1;
}
}
else
{
$exists = 0;
}
if($exists==1)
{
$data['success']=1;
$data['msg']=_validUrl;
$data['host'] = $out;
}
else
{
$data['success']=0;
$data['msg']=_invalidUrl;
$data['host'] = $out;
}
echo json_encode($data);
2 changes: 1 addition & 1 deletion ChooseCP.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/

session_start();
include('RedirectRootInc.php');
include'ConfigInc.php';
include 'Warehouse.php';
Expand Down
Loading

0 comments on commit 81799fd

Please sign in to comment.