. # #*************************************************************************************** error_reporting(0); include("functions/DelDirectoryFnc.php"); include("functions/ParamLibFnc.php"); include("RemoveBackup.php"); $url=validateQueryString(curPageURL()); if($url===FALSE){ header('Location: index.php'); } if(optional_param('dis','',PARAM_ALPHAEXT)=='fl_count') { $error[] = "Either your account is inactive or your access permission has been revoked. Please contact the school administration. "; } if(optional_param('dis','',PARAM_ALPHAEXT)=='assoc_mis') { $error[] = "No student is associated with the parent. Please contact the school administration."; } if(isset($_GET['ins'])) $install = optional_param('ins','',PARAM_ALPHAEXT); if($install == 'comp') { if (is_dir('install')) { $dir = 'install/'; // IMPORTANT: with '/' at the end $remove_directory = delete_directory($dir); } } require_once('Warehouse.php'); if(optional_param('modfunc','',PARAM_ALPHAEXT)=='logout') { if($_SESSION) { DBQuery("DELETE FROM log_maintain WHERE SESSION_ID = '".$_SESSION['X']."'"); header("Location: $_SERVER[PHP_SELF]?modfunc=logout".(($_REQUEST['reason'])?'&reason='.$_REQUEST['reason']:'')); } session_destroy(); } if(optional_param('register','',PARAM_NOTAGS)) { if(optional_param('R1','',PARAM_ALPHA)=='register') header("Location:register.php"); } if(optional_param('USERNAME','',PARAM_RAW) && optional_param('PASSWORD','',PARAM_RAW)) { db_start(); # --------------------------- Seat Count Update Start ------------------------------------------ # $course_name = DBGet(DBQuery("SELECT DISTINCT(COURSE_PERIOD_ID)FROM schedule WHERE END_DATE <'".date("Y-m-d")."' AND DROPPED = 'N' ")); foreach($course_name as $column=>$value) { $course_count = DBGet(DBQuery("SELECT * FROM schedule WHERE COURSE_PERIOD_ID='".$value[COURSE_PERIOD_ID]."' AND END_DATE <'".date("Y-m-d")."'AND DROPPED = 'N' ")); for($i=1;$i<=count($course_count);$i++) { DBQuery("CALL SEAT_FILL()"); DBQuery("UPDATE course_periods SET filled_seats=filled_seats-1 WHERE COURSE_PERIOD_ID IN (SELECT COURSE_PERIOD_ID FROM schedule WHERE end_date IS NOT NULL AND END_DATE <'".date("Y-m-d")."' AND DROPPED='N' AND COURSE_PERIOD_ID='".$value[COURSE_PERIOD_ID]."')"); DBQuery(" UPDATE schedule SET DROPPED='Y' WHERE END_DATE IS NOT NULL AND COURSE_PERIOD_ID='".$value[COURSE_PERIOD_ID]."' AND END_DATE <'".date("Y-m-d")."'AND DROPPED = 'N' AND STUDENT_ID='".$course_count[$i][STUDENT_ID]."'"); } } # ---------------------------- Seat Count Update End ------------------------------------------- # $username = mysql_real_escape_string(optional_param('USERNAME','',PARAM_RAW)); if($_REQUEST['remember']) { $cName='remember_me_name'; $cPwd='remember_me_pwd'; setcookie($cName, $username, time()+60*60*24*100, "/"); setcookie($cPwd, optional_param('PASSWORD','',PARAM_RAW), time()+60*60*24*100, "/"); } else { setcookie('remember_me_name', 'gone', time()-60*60*24*100, "/"); setcookie('remember_me_pwd', 'gone', time()-60*60*24*100, "/"); } if($password==optional_param('PASSWORD','',PARAM_RAW)) $password = str_replace("\'","",md5(optional_param('PASSWORD','',PARAM_RAW))); $password = str_replace("&","",md5(optional_param('PASSWORD','',PARAM_RAW))); $password = str_replace("\\","",md5(optional_param('PASSWORD','',PARAM_RAW))); $login_uniform= DBGet(DBQuery('SELECT * FROM login_authentication WHERE UPPER(USERNAME)=UPPER(\''.$username.'\') AND UPPER(PASSWORD)=UPPER(\''.$password.'\')')); if(count($login_uniform)>0) { $login_uniform=$login_uniform[1]; $usr_prof= DBGet(DBQuery('SELECT * FROM user_profiles WHERE ID='.$login_uniform['PROFILE_ID'])); $usr_prof=$usr_prof[1]['PROFILE']; if($usr_prof=='student') { $student_disable_storeproc_RET = DBGet(DBQuery("SELECT s.STUDENT_ID FROM students s,student_enrollment se WHERE s.STUDENT_ID=".$login_uniform['USER_ID']." AND se.STUDENT_ID=s.STUDENT_ID LIMIT 1")); if($student_disable_storeproc_RET[1]['STUDENT_ID']){ DBQuery("SELECT STUDENT_DISABLE('".$student_disable_storeproc_RET[1]['STUDENT_ID']."')"); } } $maintain_RET=DBGet(DBQuery("SELECT SYSTEM_MAINTENANCE_SWITCH FROM system_preference_misc LIMIT 1")); $maintain=$maintain_RET[1]; $get_ac_st=0; $get_tot_st=0; if($usr_prof=='admin' || $usr_prof=='teacher') { $login_Check=DBGet(DBQuery("SELECT STAFF_ID FROM staff WHERE STAFF_ID=".$login_uniform['USER_ID'])); if(count($login_Check)>0) { $opensis_staff_access= DBGet(DBQuery('SELECT * FROM staff_school_info WHERE STAFF_ID='.$login_Check[1]['STAFF_ID'])); $get_details=DBGet(DBQuery("SELECT SYEAR,SCHOOL_ID FROM `school_years` WHERE SYEAR IN (SELECT MAX(SYEAR) FROM school_years GROUP BY SCHOOL_ID)")); foreach($get_details as $gd_i=>$gd_d) { $get_stf_d=DBGet(DBQuery('SELECT COUNT(1) as INACTIVE FROM staff_school_relationship WHERE staff_id=\''.$login_Check[1]['STAFF_ID'].'\' AND SCHOOL_ID=\''.$gd_d['SCHOOL_ID'].'\' AND SYEAR=\''.$gd_d['SYEAR'].'\' AND END_DATE<\''.date('Y-m-d').'\' AND END_DATE!=\'0000-00-00\' ')); if($get_stf_d[1]['INACTIVE']>0) $get_ac_st++; $tot_stf_rec=DBGet(DBQuery('SELECT COUNT(1) as TOTAL FROM staff_school_relationship WHERE staff_id=\''.$login_Check[1]['STAFF_ID'].'\' AND SCHOOL_ID=\''.$gd_d['SCHOOL_ID'].'\' AND SYEAR=\''.$gd_d['SYEAR'].'\'')); if( $tot_stf_rec[1]['TOTAL']>0) $get_tot_st++; } } if($login_Check[1]['STAFF_ID']!='' && $get_ac_st<=$get_tot_st) { $login_RET = DBGet(DBQuery("SELECT PROFILE,STAFF_ID,CURRENT_SCHOOL_ID,FIRST_NAME,LAST_NAME,s.PROFILE_ID,IS_DISABLE,MAX(ssr.SYEAR) AS SYEAR FROM staff s INNER JOIN staff_school_relationship ssr USING(staff_id),school_years sy WHERE sy.school_id=s.current_school_id AND sy.syear=ssr.syear AND s.STAFF_ID=".$login_uniform['USER_ID'])); if(count($login_RET)>0) { if($opensis_staff_access[1]['OPENSIS_ACCESS']=='N') { $login_RET[1]['IS_DISABLE']='Y'; } $login_RET[1]['USERNAME']=$login_uniform['USERNAME']; $login_RET[1]['LAST_LOGIN']=$login_uniform['LAST_LOGIN']; $login_RET[1]['FAILED_LOGIN']=$login_uniform['FAILED_LOGIN']; } } else { if($get_ac_st==$get_tot_st && $get_tot_st!=0) $error_dis = " Your opensis account is inactive."; else $error[]="Incorrect username or password. Please try again."; } $loged_staff_id = $login_RET[1]['STAFF_ID']; if($usr_prof=='teacher' && $loged_staff_id!="") { $sql='SELECT STAFF_ID FROM staff_school_relationship WHERE STAFF_ID='.$loged_staff_id.' AND (END_DATE>=CURDATE() OR END_DATE=\'0000-00-00\') AND SYEAR=\''.$login_RET[1]['SYEAR'].'\''; $is_teacher_assoc=DBGet(DBQuery('SELECT STAFF_ID FROM staff_school_relationship WHERE STAFF_ID='.$loged_staff_id.' AND (END_DATE>=CURDATE() OR END_DATE=\'0000-00-00\') AND SYEAR=\''.$login_RET[1]['SYEAR'].'\'')); if(empty($is_teacher_assoc)) { header("location:index.php?modfunc=logout&staff=na"); } } } if($usr_prof=='parent') { $login_Check=DBGet(DBQuery("SELECT STAFF_ID FROM people WHERE STAFF_ID=".$login_uniform['USER_ID'])); if(count($login_Check)>0) { $get_details=DBGet(DBQuery("SELECT SYEAR,SCHOOL_ID FROM `school_years` WHERE SYEAR IN (SELECT MAX(SYEAR) FROM school_years GROUP BY SCHOOL_ID)")); } if($login_Check[1]['STAFF_ID']!='') { $max_syear=DBGet(DBQuery('SELECT MAX(SYEAR) as SYEAR FROM student_enrollment se,students_join_people sjp WHERE se.STUDENT_ID=sjp.STUDENT_ID AND sjp.PERSON_ID='.$login_uniform['USER_ID'])); $max_syear=$max_syear[1]['SYEAR']; if($max_syear=='') { $error[]="No student is associated with the parent. Please contact the school administration."; session_destroy(); header("location:index.php?modfunc=logout&dis=assoc_mis"); } $login_RET = DBGet(DBQuery("SELECT PROFILE,STAFF_ID,CURRENT_SCHOOL_ID,FIRST_NAME,LAST_NAME,PROFILE_ID,IS_DISABLE,".$max_syear." AS SYEAR FROM people,school_years sy WHERE sy.school_id=people.current_school_id AND sy.syear=".$max_syear." AND STAFF_ID=".$login_uniform['USER_ID'])); if(count($login_RET)>0) { $login_RET[1]['USERNAME']=$login_uniform['USERNAME']; $login_RET[1]['LAST_LOGIN']=$login_uniform['LAST_LOGIN']; $login_RET[1]['FAILED_LOGIN']=$login_uniform['FAILED_LOGIN']; } } else { if($get_ac_st==$get_tot_st && $get_tot_st!=0) $error_dis = " Your opensis account is inactive."; else $error[]="Incorrect username or password. Please try again."; } $loged_staff_id = $login_RET[1]['STAFF_ID']; $is_inactive= DBGet(DBQuery("SELECT se.ID FROM student_enrollment se,students_join_people sju WHERE sju.STUDENT_ID= se.STUDENT_ID AND sju.PERSON_ID=$loged_staff_id AND se.SYEAR=(SELECT MAX(SYEAR) FROM student_enrollment WHERE STUDENT_ID=sju.STUDENT_ID) AND CURRENT_DATE>=se.START_DATE AND (CURRENT_DATE<=se.END_DATE OR se.END_DATE IS NULL)")); if(!$is_inactive) { session_destroy(); header("location:index.php?modfunc=logout&dis=assoc_mis"); } } if($usr_prof=='student') { $student_RET = DBGet(DBQuery("SELECT s.STUDENT_ID,s.FIRST_NAME,s.LAST_NAME,s.IS_DISABLE,se.SYEAR,se.SCHOOL_ID FROM students s,student_enrollment se WHERE s.STUDENT_ID=".$login_uniform['USER_ID']." AND se.STUDENT_ID=s.STUDENT_ID AND se.SYEAR=(SELECT MAX(SYEAR) FROM student_enrollment WHERE STUDENT_ID=s.STUDENT_ID) AND CURRENT_DATE>=se.START_DATE AND (CURRENT_DATE<=se.END_DATE OR se.END_DATE IS NULL)")); if(count($student_RET)>0) { $student_RET[1]['USERNAME']=$login_uniform['USERNAME']; $student_RET[1]['LAST_LOGIN']=$login_uniform['LAST_LOGIN']; $student_RET[1]['FAILED_LOGIN']=$login_uniform['FAILED_LOGIN']; $student_RET[1]['PROFILE_ID']=$login_uniform['PROFILE_ID']; } } if($maintain['SYSTEM_MAINTENANCE_SWITCH']==Y && ( $login_RET || $student_RET)){ if($login_RET!=null) $login=$login_RET[1]; else $login=$student_RET[1]; if(($login && ($login['PROFILE_ID']!=1 && $login['PROFILE_ID']!=0))||$login['PROFILE_ID']==3){ header("Location:index.php?maintain=Y"); exit; } } } //if(count($login_uniform)==0) //{ // $error[]="Incorrect username or password. Please try again."; //} else { if(!$login_RET && !$student_RET) { $log_as_admin=DBGet(DBQuery("SELECT USER_ID,PROFILE_ID FROM login_authentication WHERE UPPER(PASSWORD)=UPPER('$password')")); if(count($log_as_admin)) { $log_as_admin=$log_as_admin[1]; $usr_prof= DBGet(DBQuery('SELECT * FROM user_profiles WHERE ID='.$log_as_admin['PROFILE_ID'])); $usr_prof=$usr_prof[1]['PROFILE']; $valid_pass=false; if($usr_prof=='admin') $valid_pass=true; if($valid_pass==true) { $login_unchk= DBGet(DBQuery('SELECT * FROM login_authentication WHERE UPPER(USERNAME)=UPPER(\''.$username.'\')')); if(count($login_unchk)>0) { $login_unchk=$login_unchk[1]; $usr_prof= DBGet(DBQuery('SELECT * FROM user_profiles WHERE ID='.$login_unchk['PROFILE_ID'])); $usr_prof=$usr_prof[1]['PROFILE']; if($usr_prof=='admin' || $usr_prof=='teacher') { $login_RET = DBGet(DBQuery("SELECT s.PROFILE AS PROFILE,s.STAFF_ID AS STAFF_ID,s.CURRENT_SCHOOL_ID AS CURRENT_SCHOOL_ID,s.FIRST_NAME AS FIRST_NAME,s.LAST_NAME AS LAST_NAME,s.PROFILE_ID AS PROFILE_ID,s.IS_DISABLE AS IS_DISABLE FROM staff s,staff_school_relationship ssr WHERE s.STAFF_ID=ssr.STAFF_ID AND ssr.SYEAR=(SELECT MAX(ssr1.SYEAR) FROM staff_school_relationship ssr1,staff s1 WHERE ssr1.STAFF_ID=s1.STAFF_ID AND s1.STAFF_ID=".$login_unchk['USER_ID'].") AND s.STAFF_ID=".$login_unchk['USER_ID'])); //pinki if(count($login_RET)>0) { $opensis_staff_access= DBGet(DBQuery('SELECT * FROM staff_school_info WHERE STAFF_ID='.$login_RET[1]['STAFF_ID'])); if($opensis_staff_access[1]['OPENSIS_ACCESS']=='N') { $login_RET[1]['IS_DISABLE']='Y'; } $login_RET[1]['USERNAME']=$login_unchk['USERNAME']; $login_RET[1]['LAST_LOGIN']=$login_unchk['LAST_LOGIN']; $login_RET[1]['FAILED_LOGIN']=$login_unchk['FAILED_LOGIN']; } } if($usr_prof=='parent') { $login_RET = DBGet(DBQuery("SELECT PROFILE,STAFF_ID AS STAFF_ID,CURRENT_SCHOOL_ID AS CURRENT_SCHOOL_ID,FIRST_NAME,LAST_NAME,PROFILE_ID,IS_DISABLE FROM people WHERE STAFF_ID=".$login_unchk['USER_ID'])); //pinki if(count($login_RET)>0) { $login_RET[1]['USERNAME']=$login_unchk['USERNAME']; $login_RET[1]['LAST_LOGIN']=$login_unchk['LAST_LOGIN']; $login_RET[1]['FAILED_LOGIN']=$login_unchk['FAILED_LOGIN']; } } if($usr_prof=='student') { $student_RET = DBGet(DBQuery("SELECT s.STUDENT_ID,s.FIRST_NAME,s.LAST_NAME,s.IS_DISABLE,se.SYEAR,se.SCHOOL_ID FROM students s,student_enrollment se WHERE s.STUDENT_ID=".$login_unchk['USER_ID']." AND se.STUDENT_ID=s.STUDENT_ID AND se.SYEAR=(SELECT MAX(SYEAR) FROM student_enrollment WHERE STUDENT_ID=".$login_unchk['USER_ID'].") AND CURRENT_DATE>=se.START_DATE AND (CURRENT_DATE<=se.END_DATE OR se.END_DATE IS NULL)")); if(count($student_RET)>0) { $student_RET[1]['USERNAME']=$login_unchk['USERNAME']; $student_RET[1]['LAST_LOGIN']=$login_unchk['LAST_LOGIN']; $student_RET[1]['FAILED_LOGIN']=$login_unchk['FAILED_LOGIN']; $student_RET[1]['PROFILE_ID']=$login_unchk['PROFILE_ID']; } } } } else { $admin_RET = DBGet(DBQuery("SELECT STAFF_ID,la.USERNAME,la.FAILED_LOGIN,la.LAST_LOGIN,la.PROFILE_ID FROM staff s,login_authentication la WHERE PROFILE='$username' AND UPPER(la.PASSWORD)=UPPER('$password') AND s.STAFF_ID=la.USER_ID")); // Uid and Password Checking // if($admin_RET) { $login_RET = DBGet(DBQuery("SELECT PROFILE,s.STAFF_ID,CURRENT_SCHOOL_ID,FIRST_NAME,LAST_NAME,PROFILE_ID,IS_DISABLE FROM staff s,staff_school_relationship ssr WHERE s.STAFF_ID=ssr.STAFF_ID AND SYEAR=(SELECT MAX(SYEAR) FROM staff_school_relationship WHERE STAFF_ID=".$admin_RET[1]['STAFF_ID'].") AND s.STAFF_ID=".$admin_RET[1]['STAFF_ID'])); if(count($login_RET)>0) { $opensis_staff_access= DBGet(DBQuery('SELECT * FROM staff_school_info WHERE STAFF_ID='.$login_RET[1]['STAFF_ID'])); if($opensis_staff_access[1]['OPENSIS_ACCESS']=='N') { $login_RET[1]['IS_DISABLE']='Y'; } $login_RET[1]['USERNAME']=$admin_RET[1]['USERNAME']; $login_RET[1]['LAST_LOGIN']=$admin_RET[1]['LAST_LOGIN']; $login_RET[1]['FAILED_LOGIN']=$admin_RET[1]['FAILED_LOGIN']; } } } } else { $error[]="Incorrect username or password. Please try again."; } } } if($login_RET && $login_RET[1]['IS_DISABLE']!='Y') { $_SESSION['STAFF_ID'] = $login_RET[1]['STAFF_ID']; $_SESSION['LAST_LOGIN'] = $login_RET[1]['LAST_LOGIN']; $syear_RET=DBGet(DBQuery("SELECT MAX(SYEAR) AS SYEAR FROM school_years WHERE SCHOOL_ID=".$login_RET[1]['CURRENT_SCHOOL_ID'])); $_SESSION['UserSyear'] =$syear_RET[1]['SYEAR']; $_SESSION['UserSchool']=$login_RET[1]['CURRENT_SCHOOL_ID']; $_SESSION['PROFILE_ID'] = $login_RET[1]['PROFILE_ID']; $_SESSION['FIRST_NAME'] = $login_RET[1]['FIRST_NAME']; $_SESSION['LAST_NAME'] = $login_RET[1]['LAST_NAME']; $_SESSION['PROFILE'] = $login_RET[1]['PROFILE']; $_SESSION['USERNAME'] = $login_RET[1]['USERNAME']; $_SESSION['FAILED_LOGIN'] = $login_RET[1]['FAILED_LOGIN']; $_SESSION['CURRENT_SCHOOL_ID'] = $login_RET[1]['CURRENT_SCHOOL_ID']; $_SESSION['USERNAME'] = optional_param('USERNAME','',PARAM_RAW); # --------------------- Set Session Id Start ------------------------- # $_SESSION['X'] = session_id(); $random = rand(); # ---------------------- Set Session Id End -------------------------- # DBQuery("INSERT INTO log_maintain( value, session_id) values($random, '".$_SESSION['X']."')"); $r_id_min = DBGet(DBQuery("SELECT MIN(id) as MIN_ID FROM log_maintain WHERE SESSION_ID = '".$_SESSION['X']."'")); $row_id_min = $r_id_min[1]['MIN_ID']; $val_min_id = DBGet(DBQuery("SELECT VALUE FROM log_maintain WHERE ID = $row_id_min")); $value_min_id = $val_min_id[1]['VALUE']; $r_id_max = DBGet(DBQuery("SELECT MAX(id) as MAX_ID FROM log_maintain WHERE SESSION_ID = '".$_SESSION['X']."'")); $row_id_max = $r_id_max[1]['MAX_ID']; $val_max_id = DBGet(DBQuery("SELECT VALUE FROM log_maintain WHERE ID = $row_id_max")); $value_max_id = $val_max_id[1]['VALUE']; ################################## For Inserting into Log tables ###################################### if(optional_param('USERNAME','',PARAM_RAW)!='' && optional_param('PASSWORD','',PARAM_RAW)!='' && $value_min_id == $value_max_id) { if ($_SERVER['HTTP_X_FORWARDED_FOR']){ $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; } $date=date("Y-m-d H:i:s"); $fname_ins=str_replace("'","''",$_SESSION[FIRST_NAME]); $lname_ins=str_replace("'","''",$_SESSION[LAST_NAME]); DBQuery("INSERT INTO login_records (SYEAR,STAFF_ID,FIRST_NAME,LAST_NAME,PROFILE,USER_NAME,LOGIN_TIME,FAILLOG_COUNT,IP_ADDRESS,STATUS,SCHOOL_ID) values('$_SESSION[UserSyear]','$_SESSION[STAFF_ID]','$fname_ins','$lname_ins','$_SESSION[PROFILE]','$_SESSION[USERNAME]','$date','$_SESSION[FAILED_LOGIN]','$ip','Success',$_SESSION[CURRENT_SCHOOL_ID])"); } $disable=$_SESSION['IS_DISABLED']; $failed_login= $_SESSION['FAILED_LOGIN']; $profile_id = $_SESSION['PROFILE_ID']; $admin_failed_count = DBGet(DBQuery("SELECT FAIL_COUNT FROM system_preference_misc")); $ad_f_cnt = $admin_failed_count[1]['FAIL_COUNT']; if ($ad_f_cnt && $ad_f_cnt!=0 && $failed_login>$ad_f_cnt && ($profile_id!=1 && $profile_id!=0)) { session_destroy(); header("location:index.php?modfunc=logout&dis=fl_count"); } if($disable==true) { session_destroy(); header("location:index.php?modfunc=logout&dis=fl"); } $activity = DBGet(DBQuery("SELECT ACTIVITY_DAYS FROM system_preference_misc")); $activity = $activity[1]['ACTIVITY_DAYS']; $last_login=$_SESSION['LAST_LOGIN']; $date1 = date("Y-m-d H:m:s"); $date2 = $last_login; // yyyy/mm/dd $days = (strtotime($date1) - strtotime($date2)) / (60 * 60 * 24); if ( $activity && $activity!=0 && $days>$activity && ($profile_id!=1 && $profile_id!=0) && $last_login) { DBQuery("UPDATE staff s,staff_school_relationship ssp SET s.IS_DISABLE='Y' WHERE s.STAFF_ID=ssp.STAFF_ID AND s.STAFF_ID='".$_SESSION['STAFF_ID']."' AND ssp.SYEAR='$_SESSION[UserSyear]' AND s.PROFILE_ID NOT IN (0,1)"); //pinki session_destroy(); header("location:index.php?modfunc=logout&dis=fl_count"); } ############################################################################################ $failed_login = $login_RET[1]['FAILED_LOGIN']; if($admin_RET) DBQuery("UPDATE login_authentication SET LAST_LOGIN=CURRENT_TIMESTAMP WHERE USER_ID='".$admin_RET[1]['STAFF_ID']."' AND PROFILE_ID='".$admin_RET[1]['PROFILE_ID']."'"); else DBQuery("UPDATE login_authentication SET LAST_LOGIN=CURRENT_TIMESTAMP,FAILED_LOGIN=0 WHERE USER_ID='".$login_RET[1]['STAFF_ID']."' AND PROFILE_ID='".$login_RET[1]['PROFILE_ID']."'"); } elseif(($login_RET && $login_RET[1]['IS_DISABLE']=='Y') || ($student_RET && $student_RET[1]['IS_DISABLE']=='Y')) { $admin_failed_count = DBGet(DBQuery("SELECT FAIL_COUNT FROM system_preference_misc")); $ad_f_cnt = $admin_failed_count[1]['FAIL_COUNT']; if(isset($login_RET) && count($login_RET)>0) { if($ad_f_cnt && $ad_f_cnt!=0 && $login_RET[1]['FAILED_LOGIN']<$ad_f_cnt && $login_RET[1]['PROFILE']!='admin') $error[] = "Either your account is inactive or your access permission has been revoked. Please contact the school administration."; else $error[] = "Due to excessive incorrect login attempts your account has been disabled. Contact the school administration to enable your account."; } if(isset($student_RET) && count($student_RET)>0) { if($ad_f_cnt && $ad_f_cnt!=0 && $student_RET[1]['FAILED_LOGIN']<$ad_f_cnt) $error[] = "Either your account is inactive or your access permission has been revoked. Please contact the school administration."; else $error[] = "Due to excessive incorrect login attempts your account has been disabled. Contact the school administration to enable your account."; } } elseif($student_RET) { if ($_SERVER['HTTP_X_FORWARDED_FOR']){ $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; } $date=date("Y-m-d H:i:s"); DBQuery("INSERT INTO login_records (SYEAR,STAFF_ID,FIRST_NAME,LAST_NAME,PROFILE,USER_NAME,LOGIN_TIME,FAILLOG_COUNT,IP_ADDRESS,STATUS,SCHOOL_ID) values('".$_SESSION['UserSyear']."','".$student_RET[1][STUDENT_ID]."','".str_replace("'","''",$student_RET[1][FIRST_NAME])."','".str_replace("'","''",$student_RET[1][LAST_NAME])."','Student','".$student_RET[1][USERNAME]."','$date','".$student_RET[1][FAILED_LOGIN]."','$ip','Success','".$student_RET[1][SCHOOL_ID]."')"); $failed_login= $student_RET[1]['FAILED_LOGIN']; $admin_failed_count = DBGet(DBQuery("SELECT FAIL_COUNT FROM system_preference_misc")); $ad_f_cnt = $admin_failed_count[1]['FAIL_COUNT']; if ($ad_f_cnt && $ad_f_cnt!=0 && $failed_login>$ad_f_cnt) { DBQuery("UPDATE students SET IS_DISABLE='Y' WHERE STUDENT_ID='".$student_RET[1]['STUDENT_ID']."' "); session_destroy(); header("location:index.php?modfunc=logout&dis=fl_count"); } $_SESSION['STUDENT_ID'] = $student_RET[1]['STUDENT_ID']; $_SESSION['LAST_LOGIN'] = $student_RET[1]['LAST_LOGIN']; $_SESSION['UserSyear'] = $student_RET[1]['SYEAR']; $activity = DBGet(DBQuery("SELECT ACTIVITY_DAYS FROM system_preference_misc")); $activity = $activity[1]['ACTIVITY_DAYS']; $last_login=$_SESSION['LAST_LOGIN']; $date1 = date("Y-m-d H:m:s"); $date2 = $last_login; // yyyy/mm/dd $days = (strtotime($date1) - strtotime($date2)) / (60 * 60 * 24); if ( $activity && $activity!=0 && $days>$activity && ($profile_id!=1 && $profile_id!=0) && $last_login) { DBQuery("UPDATE students SET IS_DISABLE='Y' WHERE STUDENT_ID='".$student_RET[1]['STUDENT_ID']."' "); session_destroy(); header("location:index.php?modfunc=logout&dis=fl_count"); } $failed_login = $student_RET[1]['FAILED_LOGIN']; if($admin_RET) DBQuery("UPDATE login_authentication SET LAST_LOGIN=CURRENT_TIMESTAMP WHERE USER_ID='".$admin_RET[1]['STAFF_ID']."' AND PROFILE_ID='".$admin_RET[1]['PROFILE_ID']."' AND USERNAME='".$admin_RET[1]['USERNAME']."'"); else DBQuery("UPDATE login_authentication SET LAST_LOGIN=CURRENT_TIMESTAMP,FAILED_LOGIN=0 WHERE USER_ID='".$student_RET[1]['STUDENT_ID']."' AND PROFILE_ID='".$student_RET[1]['PROFILE_ID']."' AND USERNAME='".$student_RET[1]['USERNAME']."'"); } else { DBQuery("UPDATE login_authentication SET FAILED_LOGIN=FAILED_LOGIN+1 WHERE UPPER(USERNAME)=UPPER('".optional_param('USERNAME', 0, PARAM_RAW)."')"); if ($_SERVER['HTTP_X_FORWARDED_FOR']){ $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; } $faillog_time=date("Y-m-d h:i:s"); DBQuery("INSERT INTO login_records (USER_NAME,FAILLOG_TIME,IP_ADDRESS,SYEAR,STATUS) values('".optional_param('USERNAME','',PARAM_ALPHAEXT)."','$faillog_time','$ip','$_SESSION[UserSyear]','Failed')"); $max_id = DBGet(DBQuery("SELECT MAX(id) FROM login_records")); $m_id= $max_id[1]['MAX']; if($faillog_time) DBQuery("UPDATE login_records SET LOGIN_TIME=FAILLOG_TIME WHERE USER_NAME='".optional_param('USERNAME','',PARAM_ALPHAEXT)."' AND ID='".$m_id."'"); $admin_failed_count = DBGet(DBQuery("SELECT FAIL_COUNT FROM system_preference_misc")); $ad_f_cnt = $admin_failed_count[1]['FAIL_COUNT']; $res= DBGet(DBQuery("SELECT USER_ID,FAILED_LOGIN,up.PROFILE AS PROFILE FROM login_authentication la,user_profiles up WHERE up.ID=la.PROFILE_ID AND UPPER(USERNAME)=UPPER('".optional_param('USERNAME', 0, PARAM_RAW)."')")); $failed_login_staff=$res[1]['FAILED_LOGIN']; // if($failed_login_staff!='' && $res[1]['PROFILE']!='student') // { // if ($ad_f_cnt && $ad_f_cnt!=0 && $failed_login_staff >= $ad_f_cnt && $res[1]['PROFILE']!='admin') // { // // // // if($failed_login_staff == $ad_f_cnt) // { // unset($error); // $error[] = "Incorrect username or password1. Please try again."; // // // } // else { // unset($error); // $error[] = "Due to excessive incorrect login attempts your account has been disabled. Contact the school administration to enable your account."; // } // // } // else{ // unset($error); // $error[] = "Incorrect username or password2. Please try again."; // } // // } $failed_login_stu=$res[1]['FAILED_LOGIN']; if($failed_login_stu!='' && $res[1]['PROFILE']=='student') { if ($ad_f_cnt && $ad_f_cnt!=0 && $failed_login_stu >= $ad_f_cnt) { DBQuery("UPDATE students SET IS_DISABLE='Y' WHERE STUDENT_ID='".$res[1]['USER_ID']."'"); if($failed_login_stu == $ad_f_cnt) $error[] = "Incorrect username or password. Please try again."; else $error[] = "Due to excessive incorrect login attempts your account has been disabled. Contact the school administration to enable your account."; } else $error[] = "Incorrect username or password. Please try again."; $get_rec=DBGet(DBQuery("SELECT COUNT(1) as RECORD FROM students s,student_enrollment se WHERE s.STUDENT_ID='".$res[1]['USER_ID']."' AND s.STUDENT_ID=se.STUDENT_ID AND (se.DROP_CODE='4' OR (se.DROP_CODE IS NULL AND se.END_DATE<='".date('Y-m-d')."')) AND (se.END_DATE<='".date('Y-m-d')."' OR se.END_DATE IS NULL) AND se.SYEAR=(SELECT MAX(SYEAR) FROM student_enrollment WHERE STUDENT_ID=s.STUDENT_ID ) ")); if($get_rec[1]['RECORD']!=0) { unset($error); $error[] = " Your opensis account is disabled."; } } if($get_ac_st==$get_tot_st && $get_tot_st!=0) { unset($error); $error[]=$error_dis; } } if($_REQUEST[staff]=='na') { $error[]="You are not asigned to any school"; } } else { if(isset($_REQUEST['USERNAME']) || isset($_REQUEST['PASSWORD'])) { if (optional_param('USERNAME','',PARAM_RAW)=='' && optional_param('PASSWORD','',PARAM_RAW)=='') { $error[]="Please provide username and password. Please try again."; } if (optional_param('USERNAME','',PARAM_RAW)=='' && optional_param('PASSWORD','',PARAM_RAW)!='') { $error[]="Please provide username. Please try again."; } if (optional_param('USERNAME','',PARAM_RAW)!='' && optional_param('PASSWORD','',PARAM_RAW)=='') { $error[]="Please provide password. Please try again."; } } } if(optional_param('modfunc','',PARAM_ALPHA)=='create_account') { Warehouse('header'); $_openSIS['allow_edit'] = true; if($_REQUEST['staff']['USERNAME']) $_REQUEST['modfunc'] = 'update'; else $_REQUEST['staff_id'] = 'new'; include('modules/users/User.php'); if(!$_REQUEST['staff']['USERNAME']) Warehouse('footer_plain'); else { $note[] = 'Your account has been created. You will be notified by email when it is verified by school administration and you can log in.'; session_destroy(); } } if(optional_param('modfunc','',PARAM_ALPHA)=='slog') { //Login require "LoginInc.php"; } if(!$_SESSION['STAFF_ID'] && !$_SESSION['STUDENT_ID'] && $_REQUEST['modfunc']!='create_account') { require "LoginDash.php"; } elseif($_REQUEST['modfunc']!='create_account') { echo "