-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.php
208 lines (199 loc) · 10.2 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
<?php
error_reporting(1);
require_once('Warehouse.php');
if($_REQUEST['modfunc']=='logout')
{
if($_SESSION)
{
//modif Francois: set logout page to old session locale
$old_session_locale = $_SESSION['locale'];
session_destroy();
//modif Francois: fix error Firefox has detected that the server is redirecting the request
// header("Location: $_SERVER[PHP_SELF]?modfunc=logout".(($_REQUEST['reason'])?'&reason='.$_REQUEST['reason']:''));
// header("Location: ".$_SERVER['PHP_SELF'].(($_REQUEST['reason'])?'&reason='.$_REQUEST['reason']:''));
header("Location: ".$_SERVER['PHP_SELF'].'?locale='.$old_session_locale.(($_REQUEST['reason'])?'&reason='.$_REQUEST['reason']:''));
}
}
elseif($_REQUEST['modfunc']=='create_account')
{
if(!$ShowCreateAccount)
unset($_REQUEST['modfunc']);
}
if($_REQUEST['USERNAME'] && $_REQUEST['PASSWORD'])
{
$_REQUEST['USERNAME'] = DBEscapeString($_REQUEST['USERNAME']);
//$_REQUEST['PASSWORD'] = DBEscapeString($_REQUEST['PASSWORD']);
//modif Francois: add password encryption
// $login_RET = DBGet(DBQuery("SELECT USERNAME,PROFILE,STAFF_ID,LAST_LOGIN,FAILED_LOGIN FROM STAFF WHERE SYEAR='$DefaultSyear' AND UPPER(USERNAME)=UPPER('$_REQUEST[USERNAME]') AND UPPER(PASSWORD)=UPPER('$_REQUEST[PASSWORD]')"));
//modif Francois: add WHERE PROFILE<>'admin' to restrict admin login to $RosarioAdmins list
$login_RET = DBGet(DBQuery("SELECT USERNAME,PROFILE,STAFF_ID,LAST_LOGIN,FAILED_LOGIN,PASSWORD FROM STAFF WHERE PROFILE<>'admin' AND SYEAR='".Config('SYEAR')."' AND UPPER(USERNAME)=UPPER('$_REQUEST[USERNAME]')"));
if ($login_RET && match_password($login_RET[1]['PASSWORD'], $_REQUEST['PASSWORD']))
$_REQUEST['PASSWORD'] = '';
else
$login_RET = false;
if(!$login_RET)
{
// $student_RET = DBGet(DBQuery("SELECT s.USERNAME,s.STUDENT_ID,s.LAST_LOGIN,s.FAILED_LOGIN FROM STUDENTS s,STUDENT_ENROLLMENT se WHERE UPPER(s.USERNAME)=UPPER('$_REQUEST[USERNAME]') AND UPPER(s.PASSWORD)=UPPER('$_REQUEST[PASSWORD]') AND se.STUDENT_ID=s.STUDENT_ID AND se.SYEAR='$DefaultSyear' AND CURRENT_DATE>=se.START_DATE AND (CURRENT_DATE<=se.END_DATE OR se.END_DATE IS NULL)"));
$student_RET = DBGet(DBQuery("SELECT s.USERNAME,s.STUDENT_ID,s.LAST_LOGIN,s.FAILED_LOGIN,s.PASSWORD FROM STUDENTS s,STUDENT_ENROLLMENT se WHERE UPPER(s.USERNAME)=UPPER('$_REQUEST[USERNAME]') AND se.STUDENT_ID=s.STUDENT_ID AND se.SYEAR='".Config('SYEAR')."' AND CURRENT_DATE>=se.START_DATE AND (CURRENT_DATE<=se.END_DATE OR se.END_DATE IS NULL)"));
if ($student_RET && match_password($student_RET[1]['PASSWORD'], $_REQUEST['PASSWORD']))
$_REQUEST['PASSWORD'] = '';
else
$student_RET = false;
}
if(!$login_RET && !$student_RET && $RosarioAdmins)
{
// $admin_RET = DBGet(DBQuery("SELECT STAFF_ID FROM STAFF WHERE PROFILE='admin' AND SYEAR='$DefaultSyear' AND STAFF_ID IN ($RosarioAdmins) AND UPPER(PASSWORD)=UPPER('$_REQUEST[PASSWORD]')"));
$admin_RET = DBGet(DBQuery("SELECT STAFF_ID,PASSWORD FROM STAFF WHERE PROFILE='admin' AND SYEAR='".Config('SYEAR')."' AND STAFF_ID IN ($RosarioAdmins) AND UPPER(USERNAME)=UPPER('$_REQUEST[USERNAME]')"));
if ($admin_RET && match_password($admin_RET[1]['PASSWORD'], $_REQUEST['PASSWORD']))
{
$_REQUEST['PASSWORD'] = '';
$login_RET = DBGet(DBQuery("SELECT USERNAME,PROFILE,STAFF_ID,LAST_LOGIN,FAILED_LOGIN FROM STAFF WHERE SYEAR='".Config('SYEAR')."' AND STAFF_ID='".$admin_RET[1]['STAFF_ID']."'"));
}
}
if($login_RET && ($login_RET[1]['PROFILE']=='admin' || $login_RET[1]['PROFILE']=='teacher' || $login_RET[1]['PROFILE']=='parent'))
{
$_SESSION['STAFF_ID'] = $login_RET[1]['STAFF_ID'];
$_SESSION['LAST_LOGIN'] = $login_RET[1]['LAST_LOGIN'];
$failed_login = $login_RET[1]['FAILED_LOGIN'];
DBQuery("UPDATE STAFF SET LAST_LOGIN=CURRENT_TIMESTAMP,FAILED_LOGIN=NULL WHERE STAFF_ID='".$login_RET[1]['STAFF_ID']."'");
if(Config('LOGIN')=='No')
{
Warehouse('header');
echo '</HEAD><BODY><FORM action="index.php" method="POST"><INPUT type="hidden" name="USERNAME" value="'.$_REQUEST['USERNAME'].'"><INPUT type="hidden" name="PASSWORD" value="'.$_REQUEST['PASSWORD'].'"><BR />';
PopTable('header',_('Confirm Successful Installation'));
echo '<span class="center">';
echo '<h4>'.sprintf(_('You have successfully installed %s.'), ParseMLField(Config('TITLE'))).'</h4><BR />';
echo '<BR /><INPUT type="submit" name="submit" value="'._('OK').'" />';
echo '</span>';
PopTable('footer');
echo '</FORM>';
Warehouse('footer_plain');
DBQuery("UPDATE CONFIG SET CONFIG_VALUE='Yes' WHERE TITLE='LOGIN'");
exit;
}
}
elseif($login_RET && $login_RET[1]['PROFILE']=='none')
$error[] = _('Your account has not yet been activated.').' '._('You will be notified when it has been verified by a school administrator.');
elseif($student_RET)
{
$_SESSION['STUDENT_ID'] = $student_RET[1]['STUDENT_ID'];
$_SESSION['LAST_LOGIN'] = $student_RET[1]['LAST_LOGIN'];
$failed_login = $student_RET[1]['FAILED_LOGIN'];
DBQuery("UPDATE STUDENTS SET LAST_LOGIN=CURRENT_TIMESTAMP,FAILED_LOGIN=NULL WHERE STUDENT_ID='".$student_RET[1]['STUDENT_ID']."'");
}
else
{
DBQuery("UPDATE STAFF SET FAILED_LOGIN=".db_case(array('FAILED_LOGIN',"''",'1','FAILED_LOGIN+1'))." WHERE UPPER(USERNAME)=UPPER('$_REQUEST[USERNAME]') AND SYEAR='".Config('SYEAR')."'");
DBQuery("UPDATE STUDENTS SET FAILED_LOGIN=".db_case(array('FAILED_LOGIN',"''",'1','FAILED_LOGIN+1'))." WHERE UPPER(USERNAME)=UPPER('$_REQUEST[USERNAME]')");
$error[] = _('Incorrect username or password.').' '._('Please try logging in again.');
}
}
if($_REQUEST['modfunc']=='create_account')
{
Warehouse('header');
$_ROSARIO['allow_edit'] = true;
if(!$_REQUEST['staff']['USERNAME'])
{
$_REQUEST['staff_id'] = 'new';
include('modules/Users/User.php');
Warehouse('footer_plain');
}
else
{
$_REQUEST['modfunc'] = 'update';
include('modules/Users/User.php');
$note[] = _('Your account has been created.').' '._('You will be notified when it has been verified by a school administrator.').' '._('You will then be able to log in.');
session_destroy();
}
}
if(!$_SESSION['STAFF_ID'] && !$_SESSION['STUDENT_ID'] && $_REQUEST['modfunc']!='create_account')
{
Warehouse('header');
?>
<script type="text/javascript">
if(parent.frames.length > 0)
parent.location.href = 'index.php?modfunc=logout';
</script>
<meta name="robots" content="noindex,nofollow" />
<link REL="SHORTCUT ICON" HREF="favicon.ico">
</HEAD>
<BODY onLoad="document.loginform.USERNAME.focus()">
<BR /><BR />
<?php
PopTable("header",_('RosarioSIS Login'), "width=55%", "5");
// echo '<span class="center">';
if($_REQUEST['reason'])
$note[] = _('You must have javascript enabled to use RosarioSIS.');
echo ErrorMessage($error);
echo ErrorMessage($note,'note');
// echo '</span>';
echo '<TABLE>
<tr>
<TD style="text-align:right"><img src="assets/themes/'.Preferences('THEME').'/logo.png" /></td>
<TD class="center"><form name="loginform" method="post" action="index.php" class="login">
<h4>'.ParseMLField(Config('TITLE')).' </h4>
<TABLE class="cellpadding-2 cellspacing-0" style="margin:0 auto;">';
// ng - choose language
if (sizeof($RosarioLocales) > 1) {
echo '<tr style="text-align:right"><TD style="text-align:right"><b>'._('Language').'</b></td>';
echo '<td style="text-align:left;">';
foreach ($RosarioLocales as $loc)
echo '<A href="'.$_SERVER['PHP_SELF'].'?locale='.$loc.'"><IMG src="assets/flags/'.$loc.'.png" height="20" /></A> ';
echo '</TD>';
}
echo '<tr>
<TD style="text-align:right"><label for="USERNAME"><b>'._('Username').'</b></label></td>
<td style="text-align:left;"><input type="text" name="USERNAME" id="USERNAME" size="25" maxlength="42" required /></td>
</tr>
<tr>
<TD style="text-align:right"><label for="PASSWORD"><b>'._('Password').'</b></label></td>
<td style="text-align:left;"><input type="password" name="PASSWORD" id="PASSWORD" size="25" maxlength="42" required /></td>
</tr>
</table>
<p><INPUT type="submit" value="'._('Login').'" class="button-primary" /></p>';
if($ShowCreateAccount)
echo '<span class="size-1; text-align:center;">[ <A HREF="index.php?modfunc=create_account">'._('Create Account').'</A> ]</span>';
echo '</form>
</td></tr>';
// System disclaimer.
echo '
<tr><td colspan="2">
<span class="size-3">'.
sprintf(_('This is a restricted network. Use of this network, its equipment, and resources is monitored at all times and requires explicit permission from the network administrator and %s. If you do not have this permission in writing, you are violating the regulations of this network and can and will be prosecuted to the full extent of the law. By continuing into this system, you are acknowledging that you are aware of and agree to these terms.'),ParseMLField(Config('TITLE')))
.'</span>
<BR /><BR />
</td></tr>
</table>';
echo '<span class="center">RosarioSIS '.sprintf(_('version %s'),$RosarioVersion);
echo '<BR />© 2004-2009 <A HREF="http://www.miller-group.net">The Miller Group, Inc</A>';
echo '<br />© 2009 <a href="http://www.glenn-abbey.com">Glenn Abbey Software, Inc</a>';
echo '<br />© 2009 <a href="http://www.centresis.org">Learners Circle, LLC</a>';
echo '<br />© 2012-2014 <a href="http://www.rosariosis.org">François Jacquet</a>';
echo '</span>';
PopTable("footer");
echo "<BR />";
Warehouse("footer");
}
elseif($_REQUEST['modfunc']!='create_account')
{
//modif Francois: fix bug Internet Explorer Quirks Mode, add DOCTYPE
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
<HTML lang="<?php echo mb_substr($locale,0,2); ?>" <?php echo (mb_substr($locale,0,2)=='he' || mb_substr($locale,0,2)=='ar'?' dir="RTL"':''); ?>>
<HEAD>
<TITLE><?php echo ParseMLField(Config('TITLE')); ?></TITLE>
<meta charset="UTF-8" />
<noscript><META http-equiv="REFRESH" content="0;url=index.php?modfunc=logout&reason=javascript" /></noscript>
<link REL="SHORTCUT ICON" HREF="favicon.ico" />
</HEAD>
<frameset id="mainframeset" rows="*,30" border="0" framespacing="0">
<frameset cols="205,*" border="0">
<frame name="side" src="Side.php" frameborder="0" />
<frame name="body" src="Modules.php?modname=<?php echo ($_REQUEST['modname']='misc/Portal.php'); ?>&failed_login=<?php echo $failed_login; ?>" frameborder="0" />
</frameset>
<frame name="help" src="Bottom.php" frameborder="0" />
</frameset>
</HTML>
<?php
}
?>