diff --git a/Credentials/CHANGEDB.php b/Credentials/CHANGEDB.php index 632d011..11721d3 100644 --- a/Credentials/CHANGEDB.php +++ b/Credentials/CHANGEDB.php @@ -27,3 +27,20 @@ ++$count; $sql[$count][0] = '1.0.04'; $sql[$count][1] = ''; + +//v2.0.00 +++$count; +$sql[$count][0] = '2.0.00'; +$sql[$count][1] = " +ALTER TABLE `credentialsCredential` DROP `title`, DROP `url`;end +ALTER TABLE `credentialsCredential` ADD `credentialsWebsiteID` INT(4) UNSIGNED ZEROFILL NULL DEFAULT NULL AFTER `credentialsCredentialID`;end +ALTER TABLE `credentialsCredential` ADD `notes` TEXT NOT NULL AFTER `password`;end +CREATE TABLE `credentialsWebsite` (`credentialsWebsiteID` int(4) unsigned zerofill NOT NULL AUTO_INCREMENT, `title` varchar(100) NOT NULL, `active` enum('Y','N') NOT NULL DEFAULT 'Y', `url` varchar(255) NOT NULL, `logo` varchar(255) NOT NULL, `notes` text NOT NULL, `gibbonPersonIDCreator` int(10) unsigned zerofill NOT NULL, `timestampCreator` datetime NOT NULL, PRIMARY KEY (`credentialsWebsiteID`)) ENGINE=MyISAM DEFAULT CHARSET=utf8;end +INSERT INTO `gibbonAction` (`gibbonModuleID`, `name`, `precedence`, `category`, `description`, `URLList`, `entryURL`, `entrySidebar`, `menuShow`, `defaultPermissionAdmin`, `defaultPermissionTeacher`, `defaultPermissionStudent`, `defaultPermissionParent`, `defaultPermissionSupport`, `categoryPermissionStaff`, `categoryPermissionStudent`, `categoryPermissionParent`, `categoryPermissionOther`) VALUES ((SELECT gibbonModuleID FROM gibbonModule WHERE name='Credentials'), 'Manage Websites', 0, 'Websites', 'Allows privileged users to manage website details.', 'websites.php, websites_add.php, websites_edit.php, websites_delete.php', 'websites.php', 'Y', 'Y', 'Y', 'N', 'N', 'N', 'N', 'Y', 'N', 'N', 'N') ;end +INSERT INTO `gibbonPermission` (`permissionID` ,`gibbonRoleID` ,`gibbonActionID`) VALUES (NULL , '1', (SELECT gibbonActionID FROM gibbonAction JOIN gibbonModule ON (gibbonAction.gibbonModuleID=gibbonModule.gibbonModuleID) WHERE gibbonModule.name='Credentials' AND gibbonAction.name='Manage Websites'));end +UPDATE gibbonAction SET category='Credentials' WHERE (name='Manage Credentials' OR name='Import Credentials') AND gibbonModuleID=(SELECT gibbonModuleID FROM gibbonModule WHERE name='Credentials');end +INSERT INTO `gibbonAction` (`gibbonModuleID`, `name`, `precedence`, `category`, `description`, `URLList`, `entryURL`, `entrySidebar`, `menuShow`, `defaultPermissionAdmin`, `defaultPermissionTeacher`, `defaultPermissionStudent`, `defaultPermissionParent`, `defaultPermissionSupport`, `categoryPermissionStaff`, `categoryPermissionStudent`, `categoryPermissionParent`, `categoryPermissionOther`) VALUES ((SELECT gibbonModuleID FROM gibbonModule WHERE name='Credentials'), 'View Credentials in Parent Dashboard', 0, '', 'Allows parents to see login details, including passwords, for their children in their family.', 'hook_parentDashboard_credentials.php', '', 'Y', 'N', 'N', 'N', 'N', 'Y', 'N', 'N', 'N', 'Y', 'N') ;end +INSERT INTO `gibbonPermission` (`permissionID` ,`gibbonRoleID` ,`gibbonActionID`) VALUES (NULL , '4', (SELECT gibbonActionID FROM gibbonAction JOIN gibbonModule ON (gibbonAction.gibbonModuleID=gibbonModule.gibbonModuleID) WHERE gibbonModule.name='Credentials' AND gibbonAction.name='View Credentials in Parent Dashboard'));end +INSERT INTO `gibbonHook` (`gibbonHookID`, `name`, `type`, `options`, gibbonModuleID) VALUES (NULL, 'Credentials', 'Parental Dashboard', 'a:3:{s:16:\"sourceModuleName\";s:11:\"Credentials\";s:18:\"sourceModuleAction\";s:36:\"View Credentials in Parent Dashboard\";s:19:\"sourceModuleInclude\";s:36:\"hook_parentDashboard_credentials.php\";}', (SELECT gibbonModuleID FROM gibbonModule WHERE name='Credentials'));end + +"; diff --git a/Credentials/CHANGELOG.txt b/Credentials/CHANGELOG.txt index 9058eda..1b63c41 100644 --- a/Credentials/CHANGELOG.txt +++ b/Credentials/CHANGELOG.txt @@ -1,5 +1,12 @@ CHANGELOG ========= +v2.0.00 +------- +Added predefinition of sites for easier data entry +Added visual grid layout to credential list +Added hook to parent dashboard +Not directly upgradable from v1.0.04 + v1.0.04 ------- Fixed indentation in beautified PHP code diff --git a/Credentials/credentials_student.php b/Credentials/credentials_student.php index 76fa18d..5f92cf9 100755 --- a/Credentials/credentials_student.php +++ b/Credentials/credentials_student.php @@ -73,7 +73,11 @@ try { $data = array('gibbonPersonID' => $gibbonPersonID); - $sql = 'SELECT * FROM credentialsCredential WHERE gibbonPersonID=:gibbonPersonID ORDER BY title'; + $sql = 'SELECT * + FROM credentialsCredential + JOIN credentialsWebsite ON (credentialsCredential.credentialsWebsiteID=credentialsWebsite.credentialsWebsiteID) + WHERE gibbonPersonID=:gibbonPersonID + ORDER BY title'; $result = $connection2->prepare($sql); $result->execute($data); } catch (PDOException $e) { diff --git a/Credentials/credentials_student_add.php b/Credentials/credentials_student_add.php index a0e949e..5814753 100755 --- a/Credentials/credentials_student_add.php +++ b/Credentials/credentials_student_add.php @@ -84,27 +84,30 @@ - - - - @@ -124,6 +127,12 @@ + + +
- *
+ *
 - - -
-
- 		- - + +
+ + +
* diff --git a/Credentials/credentials_student_addProcess.php b/Credentials/credentials_student_addProcess.php index e58bc58..44d03eb 100755 --- a/Credentials/credentials_student_addProcess.php +++ b/Credentials/credentials_student_addProcess.php @@ -55,9 +55,9 @@ } else { //Proceed! //Validate Inputs - $title = $_POST['title']; - $url = $_POST['url']; + $credentialsWebsiteID = $_POST['credentialsWebsiteID']; $username = $_POST['username']; + $notes = $_POST['notes']; //Encrypt password $passwordFinal = null; @@ -78,15 +78,15 @@ $passwordFinal = base64_encode($initVector).ENCRYPTION_DIVIDER_TOKEN.base64_encode($encrypted); } - if ($title == '') { + if ($credentialsWebsiteID == '') { //Fail 3 $URL .= '&return=error3'; header("Location: {$URL}"); } else { //Write to database try { - $data = array('gibbonPersonID' => $gibbonPersonID, 'title' => $title, 'url' => $url, 'username' => $username, 'password' => $passwordFinal, 'gibbonPersonID' => $gibbonPersonID, 'gibbonPersonIDCreator' => $_SESSION[$guid]['gibbonPersonID'], 'timestampCreator' => date('Y-m-d H:i:s', time())); - $sql = 'INSERT INTO credentialsCredential SET title=:title, url=:url, username=:username, password=:password, gibbonPersonID=:gibbonPersonID, gibbonPersonIDCreator=:gibbonPersonIDCreator, timestampCreator=:timestampCreator'; + $data = array('gibbonPersonID' => $gibbonPersonID, 'credentialsWebsiteID' => $credentialsWebsiteID, 'username' => $username, 'password' => $passwordFinal, 'notes' => $notes, 'gibbonPersonID' => $gibbonPersonID, 'gibbonPersonIDCreator' => $_SESSION[$guid]['gibbonPersonID'], 'timestampCreator' => date('Y-m-d H:i:s', time())); + $sql = 'INSERT INTO credentialsCredential SET credentialsWebsiteID=:credentialsWebsiteID, username=:username, password=:password, notes=:notes, gibbonPersonID=:gibbonPersonID, gibbonPersonIDCreator=:gibbonPersonIDCreator, timestampCreator=:timestampCreator'; $result = $connection2->prepare($sql); $result->execute($data); } catch (PDOException $e) { diff --git a/Credentials/credentials_student_edit.php b/Credentials/credentials_student_edit.php index 6193b42..b37d5ef 100755 --- a/Credentials/credentials_student_edit.php +++ b/Credentials/credentials_student_edit.php @@ -101,27 +101,33 @@ - - - - @@ -142,7 +148,7 @@ $passwordPrint = ''; if ($row['password'] != '') { //Defines - define('SAFETY_CIPHER', MCRYPT_RIJNDAEL_256); + define('SAFETY_CIPHER', MCRYPT_RIJNDAEL_256); define('SAFETY_MODE', MCRYPT_MODE_CFB); define('APPLICATION_WIDE_PASSPHRASE', $guid); define('ENCRYPTION_DIVIDER_TOKEN', '$$'); @@ -157,6 +163,12 @@ + + +
- *
+ *
 - - -
-
- 		- - + +
+ + +
* diff --git a/Credentials/credentials_student_editProcess.php b/Credentials/credentials_student_editProcess.php index 1055943..93cd36e 100755 --- a/Credentials/credentials_student_editProcess.php +++ b/Credentials/credentials_student_editProcess.php @@ -74,9 +74,9 @@ header("Location: {$URL}"); } else { //Validate Inputs - $title = $_POST['title']; - $url = $_POST['url']; + $credentialsWebsiteID = $_POST['credentialsWebsiteID']; $username = $_POST['username']; + $notes = $_POST['notes']; //Encrypt password $passwordFinal = null; @@ -97,15 +97,15 @@ $passwordFinal = base64_encode($initVector).ENCRYPTION_DIVIDER_TOKEN.base64_encode($encrypted); } - if ($title == '') { + if ($credentialsWebsiteID == '') { //Fail 3 $URL .= '&return=error3'; header("Location: {$URL}"); } else { //Write to database try { - $data = array('gibbonPersonID' => $gibbonPersonID, 'title' => $title, 'url' => $url, 'username' => $username, 'password' => $passwordFinal, 'gibbonPersonID' => $gibbonPersonID, 'credentialsCredentialID' => $credentialsCredentialID); - $sql = 'UPDATE credentialsCredential SET title=:title, url=:url, username=:username, password=:password, gibbonPersonID=:gibbonPersonID WHERE credentialsCredentialID=:credentialsCredentialID'; + $data = array('gibbonPersonID' => $gibbonPersonID, 'credentialsWebsiteID' => $credentialsWebsiteID, 'username' => $username, 'password' => $passwordFinal, 'notes' => $notes, 'gibbonPersonID' => $gibbonPersonID, 'credentialsCredentialID' => $credentialsCredentialID); + $sql = 'UPDATE credentialsCredential SET credentialsWebsiteID=:credentialsWebsiteID, username=:username, password=:password, notes=:notes, gibbonPersonID=:gibbonPersonID WHERE credentialsCredentialID=:credentialsCredentialID'; $result = $connection2->prepare($sql); $result->execute($data); } catch (PDOException $e) { diff --git a/Credentials/hook_parentDashboard_credentials.php b/Credentials/hook_parentDashboard_credentials.php new file mode 100644 index 0000000..44ebad6 --- /dev/null +++ b/Credentials/hook_parentDashboard_credentials.php @@ -0,0 +1,45 @@ +. +*/ + +@session_start(); + +$returnInt = null; + +//Module includes +$included = false; +$includes = get_included_files(); +foreach ($includes as $include) { + if (strpos(str_replace('\\', '/', $include), '/modules/Credentials/moduleFunctions.php') !== false) { + $included = true; + } +} +if ($included == false) { + require $_SESSION[$guid]['absolutePath'].'/modules/Credentials/moduleFunctions.php'; +} + +if (isActionAccessible($guid, $connection2, '/modules/Credentials/hook_parentDashboard_credentials.php') == false) { + //Acess denied + $returnInt .= "
"; + $returnInt .= 'You do not have access to this action.'; + $returnInt .= '
'; +} else { + $returnInt .= getCredentialGrid($guid, $connection2, $gibbonPersonID, true); +} + +return $returnInt; diff --git a/Credentials/hook_studentProfile_credentials.php b/Credentials/hook_studentProfile_credentials.php index 3962002..dac6a44 100644 --- a/Credentials/hook_studentProfile_credentials.php +++ b/Credentials/hook_studentProfile_credentials.php @@ -28,70 +28,5 @@ echo 'You do not have access to this action.'; echo ''; } else { - try { - $data = array('gibbonPersonID' => $gibbonPersonID); - $sql = 'SELECT * FROM credentialsCredential WHERE gibbonPersonID=:gibbonPersonID ORDER BY title'; - $result = $connection2->prepare($sql); - $result->execute($data); - } catch (PDOException $e) { echo "
".$e->getMessage().'
'; - } - - if ($result->rowCount() < 1) { echo "
"; - echo __($guid, 'There are no records to display.'); - echo '
'; - } else { - echo ""; - echo ""; - echo ''; - echo ''; - echo ''; - echo ''; - - //Decryption defines - define('SAFETY_CIPHER', MCRYPT_RIJNDAEL_256); - define('SAFETY_MODE', MCRYPT_MODE_CFB); - define('APPLICATION_WIDE_PASSPHRASE', $guid); - define('ENCRYPTION_DIVIDER_TOKEN', '$$'); - - $count = 0; - $rowNum = 'odd'; - while ($row = $result->fetch()) { - if ($count % 2 == 0) { - $rowNum = 'even'; - } else { - $rowNum = 'odd'; - } - ++$count; - - //COLOR ROW BY STATUS! - echo ""; - echo ''; - echo ''; - echo ''; - echo ''; - } - echo '
'; - echo __($guid, 'Title').'
'; - echo '		'; - echo __($guid, 'Username'); - echo ''; - echo __($guid, 'Password').'
'; - echo '
'; - if ($row['url'] != '') { - echo "".$row['title'].''; - } else { - echo $row['title']; - } - echo ''; - echo $row['username']; - echo ''; - if ($row['password'] != '') { - //Key, etc. - $key = substr(md5(APPLICATION_WIDE_PASSPHRASE), 0, mcrypt_get_key_size(SAFETY_CIPHER, SAFETY_MODE)); - - //Decrypt - echo mcrypt_decrypt(SAFETY_CIPHER, $key, base64_decode(substr($row['password'], (strpos($row['password'], '$$') + 2))), SAFETY_MODE, base64_decode(substr($row['password'], 0, strpos($row['password'], '$$')))).'
'; - } - echo '
'; - } + print getCredentialGrid($guid, $connection2, $gibbonPersonID); } diff --git a/Credentials/manifest.php b/Credentials/manifest.php index 91310a2..f886131 100644 --- a/Credentials/manifest.php +++ b/Credentials/manifest.php @@ -25,27 +25,39 @@ $entryURL = 'credentials.php'; $type = 'Additional'; $category = 'Admin'; -$version = '1.0.04'; +$version = '2.0.00'; $author = 'Ross Parker'; $url = 'http://rossparker.org'; //Module tables $moduleTables[0] = 'CREATE TABLE `credentialsCredential` ( `credentialsCredentialID` int(12) unsigned zerofill NOT NULL AUTO_INCREMENT, + `credentialsWebsiteID` int(4) unsigned zerofill DEFAULT NULL, `gibbonPersonID` int(10) unsigned zerofill NOT NULL, - `title` varchar(100) NOT NULL, - `url` varchar(255) NOT NULL, `username` varchar(50) NOT NULL, `password` varchar(255) NULL DEFAULT NULL, + `notes` text NOT NULL, `gibbonPersonIDCreator` int(10) unsigned zerofill NOT NULL, `timestampCreator` datetime NOT NULL, PRIMARY KEY (`credentialsCredentialID`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8;'; +$moduleTables[1] = 'CREATE TABLE `credentialsWebsite` ( +`credentialsWebsiteID` int(4) unsigned zerofill NOT NULL AUTO_INCREMENT, + `title` varchar(100) NOT NULL, + `active` enum(\'Y\',\'N\') NOT NULL DEFAULT \'Y\', + `url` varchar(255) NOT NULL, + `logo` varchar(255) NOT NULL, + `notes` text NOT NULL, + `gibbonPersonIDCreator` int(10) unsigned zerofill NOT NULL, + `timestampCreator` datetime NOT NULL, + PRIMARY KEY (`credentialsWebsiteID`) +) ENGINE=MyISAM DEFAULT CHARSET=utf8;'; + //Action rows $actionRows[0]['name'] = 'Manage Credentials'; $actionRows[0]['precedence'] = '0'; -$actionRows[0]['category'] = ''; +$actionRows[0]['category'] = 'Credentials'; $actionRows[0]['description'] = 'Allows privileged users to view and manage credentials by student.'; $actionRows[0]['URLList'] = 'credentials.php, credentials_student.php, credentials_student_add.php, credentials_student_edit.php, credentials_student_delete.php'; $actionRows[0]['entryURL'] = 'credentials.php'; @@ -77,7 +89,7 @@ $actionRows[2]['name'] = 'Import Credentials'; $actionRows[2]['precedence'] = '0'; -$actionRows[2]['category'] = ''; +$actionRows[2]['category'] = 'Credentials'; $actionRows[2]['description'] = 'Allows users with access to import credentials for one or more users.'; $actionRows[2]['URLList'] = 'import_credentials.php'; $actionRows[2]['entryURL'] = 'import_credentials.php'; @@ -91,8 +103,43 @@ $actionRows[2]['categoryPermissionParent'] = 'N'; $actionRows[2]['categoryPermissionOther'] = 'N'; +$actionRows[3]['name'] = 'Manage Websites'; +$actionRows[3]['precedence'] = '0'; +$actionRows[3]['category'] = 'Websites'; +$actionRows[3]['description'] = 'Allows privileged users to manage website details.'; +$actionRows[3]['URLList'] = 'websites.php, websites_add.php, websites_edit.php, websites_delete.php'; +$actionRows[3]['entryURL'] = 'websites.php'; +$actionRows[3]['defaultPermissionAdmin'] = 'Y'; +$actionRows[3]['defaultPermissionTeacher'] = 'N'; +$actionRows[3]['defaultPermissionStudent'] = 'N'; +$actionRows[3]['defaultPermissionParent'] = 'N'; +$actionRows[3]['defaultPermissionSupport'] = 'N'; +$actionRows[3]['categoryPermissionStaff'] = 'Y'; +$actionRows[3]['categoryPermissionStudent'] = 'N'; +$actionRows[3]['categoryPermissionParent'] = 'N'; +$actionRows[3]['categoryPermissionOther'] = 'N'; + +$actionRows[4]['name'] = 'View Credentials in Parent Dashboard'; +$actionRows[4]['precedence'] = '0'; +$actionRows[4]['category'] = ''; +$actionRows[4]['description'] = 'Allows parents to see login details, including passwords, for their children in their family.'; +$actionRows[4]['URLList'] = 'hook_parentDashboard_credentials.php'; +$actionRows[4]['entryURL'] = ''; +$actionRows[4]['defaultPermissionAdmin'] = 'N'; +$actionRows[4]['defaultPermissionTeacher'] = 'N'; +$actionRows[4]['defaultPermissionStudent'] = 'N'; +$actionRows[4]['defaultPermissionParent'] = 'Y'; +$actionRows[4]['defaultPermissionSupport'] = 'N'; +$actionRows[4]['categoryPermissionStaff'] = 'N'; +$actionRows[4]['categoryPermissionStudent'] = 'N'; +$actionRows[4]['categoryPermissionParent'] = 'Y'; +$actionRows[4]['categoryPermissionOther'] = 'N'; + $array = array(); $array['sourceModuleName'] = 'Credentials'; $array['sourceModuleAction'] = 'View Credentials in Student Profile'; $array['sourceModuleInclude'] = 'hook_studentProfile_credentials.php'; $hooks[0] = "INSERT INTO `gibbonHook` (`gibbonHookID`, `name`, `type`, `options`, gibbonModuleID) VALUES (NULL, 'Credentials', 'Student Profile', '".serialize($array)."', (SELECT gibbonModuleID FROM gibbonModule WHERE name='$name'));"; +$array['sourceModuleAction'] = 'View Credentials in Parent Dashboard'; +$array['sourceModuleInclude'] = 'hook_parentDashboard_credentials.php'; +$hooks[1] = "INSERT INTO `gibbonHook` (`gibbonHookID`, `name`, `type`, `options`, gibbonModuleID) VALUES (NULL, 'Credentials', 'Parental Dashboard', '".serialize($array)."', (SELECT gibbonModuleID FROM gibbonModule WHERE name='$name'));"; diff --git a/Credentials/moduleFunctions.php b/Credentials/moduleFunctions.php index 190415f..eb864be 100755 --- a/Credentials/moduleFunctions.php +++ b/Credentials/moduleFunctions.php @@ -16,3 +16,126 @@ You should have received a copy of the GNU General Public License along with this program. If not, see . */; + +function getCredentialGrid($guid, $connection2, $gibbonPersonID, $mini = false) +{ + $return = null; + + try { + $data = array('gibbonPersonID' => $gibbonPersonID); + $sql = 'SELECT logo, title, url, username, password, credentialsCredential.notes AS credentialNotes, credentialsWebsite.notes AS websiteNotes + FROM credentialsCredential + JOIN credentialsWebsite ON (credentialsCredential.credentialsWebsiteID=credentialsWebsite.credentialsWebsiteID) + WHERE gibbonPersonID=:gibbonPersonID + ORDER BY title'; + $result = $connection2->prepare($sql); + $result->execute($data); + } catch (PDOException $e) { $return .= "
".$e->getMessage().'
'; + } + + if ($result->rowCount() < 1) { $return .= "
"; + $return .= __($guid, 'There are no records to display.'); + $return .= '
'; + } else { + $return .= ""; + $return .= ""; + $return .= ''; + $return .= ''; + $return .= ''; + $return .= ''; + $return .= ''; + $return .= ''; + + //Decryption defines + define('SAFETY_CIPHER', MCRYPT_RIJNDAEL_256); + define('SAFETY_MODE', MCRYPT_MODE_CFB); + define('APPLICATION_WIDE_PASSPHRASE', $guid); + define('ENCRYPTION_DIVIDER_TOKEN', '$$'); + + $count = 0; + $rowNum = 'odd'; + while ($row = $result->fetch()) { + if ($count % 2 == 0) { + $rowNum = 'even'; + } else { + $rowNum = 'odd'; + } + ++$count; + + //COLOR ROW BY STATUS! + $return .= ""; + $return .= ''; + $return .= ''; + $return .= ''; + $return .= ''; + $return .= ''; + $return .= ''; + if ($row['credentialNotes'] != '' or $row['websiteNotes'] != '') { + $return .= ""; + $return .= "'; + $return .= ''; + } + } + $return .= '
'; + $return .= __($guid, 'Logo').'
'; + $return .= '		'; + $return .= __($guid, 'Website').'
'; + $return .= '		'; + $return .= __($guid, 'Username').'
'; + $return .= '		'; + $return .= __($guid, 'Password').'
'; + $return .= '		'; + $return .= __($guid, 'Action').'
'; + $return .= '
'; + $size = '150px' ; + if ($mini) { + $size = '75px' ; + } + if ($row['logo'] != '') { + $return .= ""; + } else { + $return .= ""; + } + $return .= ''; + if ($row['url'] != '') { + $return .= "".$row['title'].''; + } else { + $return .= $row['title']; + } + $return .= ''; + $return .= $row['username']; + $return .= ''; + if ($row['password'] != '') { + //Key, etc. + $key = substr(md5(APPLICATION_WIDE_PASSPHRASE), 0, mcrypt_get_key_size(SAFETY_CIPHER, SAFETY_MODE)); + + //Decrypt + $return .= mcrypt_decrypt(SAFETY_CIPHER, $key, base64_decode(substr($row['password'], (strpos($row['password'], '$$') + 2))), SAFETY_MODE, base64_decode(substr($row['password'], 0, strpos($row['password'], '$$')))).'
'; + } + $return .= '		'; + $return .= "'; + if ($row['credentialNotes'] != '' or $row['websiteNotes'] != '') { + $return.= "".__($guid, "; + } + echo '
"; + if ($row['credentialNotes'] != '') { + $return .= ''.__($guid, 'Student Notes').'
'; + $return .= nl2brr($row['credentialNotes']).'

'; + } + if ($row['websiteNotes'] != '') { + $return .= ''.__($guid, 'Website Notes').'
'; + $return .= nl2brr($row['websiteNotes']).'

'; + } + $return .= '
'; + } + + return $return; +} diff --git a/Credentials/version.php b/Credentials/version.php index 0d64008..2ad8e4a 100755 --- a/Credentials/version.php +++ b/Credentials/version.php @@ -20,4 +20,4 @@ /** * Sets version information. */ -$moduleVersion = '1.0.04'; +$moduleVersion = '2.0.00'; diff --git a/Credentials/websites.php b/Credentials/websites.php new file mode 100755 index 0000000..cd82b54 --- /dev/null +++ b/Credentials/websites.php @@ -0,0 +1,121 @@ +. +*/ + +@session_start(); + +//Set timezone from session variable +date_default_timezone_set($_SESSION[$guid]['timezone']); + +if (isActionAccessible($guid, $connection2, '/modules/Credentials/websites.php') == false) { + //Acess denied + echo "
"; + echo __($guid, 'You do not have access to this action.'); + echo '
'; +} else { + echo "
"; + echo "
".__($guid, 'Home')." > ".__($guid, getModuleName($_GET['q']))." >
".__($guid, 'Manage Websites').'
'; + echo '
'; + + if (isset($_GET['return'])) { + returnProcess($guid, $_GET['return'], null, null); + } + + try { + $data = array(); + $sql = 'SELECT * FROM credentialsWebsite ORDER BY title'; + $result = $connection2->prepare($sql); + $result->execute($data); + } catch (PDOException $e) { + echo "
".$e->getMessage().'
'; + } + + echo "
"; + echo "".__($guid, 'Add').""; + echo '
'; + + if ($result->rowCount() < 1) { + echo "
"; + echo __($guid, 'There are no records to display.'); + echo '
'; + } else { + echo ""; + echo ""; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + + //Decryption defines + define('SAFETY_CIPHER', MCRYPT_RIJNDAEL_256); + define('SAFETY_MODE', MCRYPT_MODE_CFB); + define('APPLICATION_WIDE_PASSPHRASE', $guid); + define('ENCRYPTION_DIVIDER_TOKEN', '$$'); + + $count = 0; + $rowNum = 'odd'; + while ($row = $result->fetch()) { + if ($count % 2 == 0) { + $rowNum = 'even'; + } else { + $rowNum = 'odd'; + } + + if($row['active']=='N') { + $rowNum = 'error'; + } + + ++$count; + + //COLOR ROW BY STATUS! + echo ""; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + } + echo '
'; + echo __($guid, 'Logo').'
'; + echo '		'; + echo __($guid, 'Website').'
'; + echo '		'; + echo __($guid, 'Notes').'
'; + echo '		'; + echo __($guid, 'Actions'); + echo '
'; + if ($row['logo'] != '') { + echo ""; + } else { + echo ""; + } + echo ''; + if ($row['url'] != '') { + echo "".$row['title'].''; + } else { + echo $row['title']; + } + echo ''; + echo $row['notes']; + echo ''; + echo " "; + echo " "; + echo '
'; + } +} diff --git a/Credentials/websites_add.php b/Credentials/websites_add.php new file mode 100755 index 0000000..3755d23 --- /dev/null +++ b/Credentials/websites_add.php @@ -0,0 +1,114 @@ +. +*/ + +@session_start(); + +if (isActionAccessible($guid, $connection2, '/modules/Credentials/websites_add.php') == false) { + //Acess denied + echo "
"; + echo __($guid, 'You do not have access to this action.'); + echo '
'; +} else { + //Proceed! + echo "
"; + echo "
".__($guid, 'Home')." > ".__($guid, getModuleName($_GET['q']))." > ".__($guid, 'Manage Websites')." >
".__($guid, 'Add Website').'
'; + echo '
'; + + $returns = array(); + $editLink = ''; + if (isset($_GET['editID'])) { + $editLink = $_SESSION[$guid]['absoluteURL'].'/index.php?q=/modules/Credentials/websites_edit.php&credentialsWebsiteID='.$_GET['editID']; + } + if (isset($_GET['return'])) { + returnProcess($guid, $_GET['return'], $editLink, $returns); + } + ?> +
" enctype="multipart/form-data"> + + + + + + + + + + + + + + + + + + + + + + + + + +
+ *
+ + 		+ + +
+ *
+ 		+ +
+
+ 		+ + +
+
+ 		+

+ +
+ + +
+ * + + + +
+
+ diff --git a/Credentials/websites_addProcess.php b/Credentials/websites_addProcess.php new file mode 100755 index 0000000..717a17e --- /dev/null +++ b/Credentials/websites_addProcess.php @@ -0,0 +1,106 @@ +. +*/ + +include '../../functions.php'; +include '../../config.php'; + +//New PDO DB connection +try { + $connection2 = new PDO("mysql:host=$databaseServer;dbname=$databaseName;charset=utf8", $databaseUsername, $databasePassword); + $connection2->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + $connection2->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); +} catch (PDOException $e) { + echo $e->getMessage(); +} + +@session_start(); + +//Set timezone from session variable +date_default_timezone_set($_SESSION[$guid]['timezone']); + +$URL = $_SESSION[$guid]['absoluteURL'].'/index.php?q=/modules/'.getModuleName($_POST['address'])."/websites_add.php"; + +if (isActionAccessible($guid, $connection2, '/modules/Credentials/websites_add.php') == false) { + //Fail 0 + $URL .= '&return=error0'; + header("Location: {$URL}"); +} else { + //Proceed! + //Validate Inputs + $title = $_POST['title']; + $active = $_POST['active']; + $url = $_POST['url']; + $notes = $_POST['notes']; + + if ($title == '' or $active == '' or $url == '') { + //Fail 3 + $URL .= '&return=error3'; + header("Location: {$URL}"); + } else { + //Deal with file upload + $logo = ''; + $imageFail = false; + if ($_FILES['file1']['tmp_name'] != '') { + $time = time(); + //Check for folder in uploads based on today's date + $path = $_SESSION[$guid]['absolutePath']; + if (is_dir($path.'/uploads/'.date('Y', $time).'/'.date('m', $time)) == false) { + mkdir($path.'/uploads/'.date('Y', $time).'/'.date('m', $time), 0777, true); + } + $unique = false; + $count = 0; + while ($unique == false and $count < 100) { + $suffix = randomPassword(16); + if ($count == 0) { + $logo = 'uploads/'.date('Y', $time).'/'.date('m', $time).'/'.$title."_$suffix".strrchr($_FILES['file1']['name'], '.'); + } else { + $logo = 'uploads/'.date('Y', $time).'/'.date('m', $time).'/'.$title."_$suffix"."_$count".strrchr($_FILES['file1']['name'], '.'); + } + + if (!(file_exists($path.'/'.$logo))) { + $unique = true; + } + ++$count; + } + if (!(move_uploaded_file($_FILES['file1']['tmp_name'], $path.'/'.$logo))) { + $logo = ''; + $imageFail = true; + } + } + + //Write to database + try { + $data = array('title' => $title, 'active' => $active, 'url' => $url, 'logo' => $logo, 'notes' => $notes, 'gibbonPersonIDCreator' => $_SESSION[$guid]['gibbonPersonID'], 'timestampCreator' => date('Y-m-d H:i:s', time())); + $sql = 'INSERT INTO credentialsWebsite SET title=:title, active=:active, url=:url, logo=:logo, notes=:notes, gibbonPersonIDCreator=:gibbonPersonIDCreator, timestampCreator=:timestampCreator'; + $result = $connection2->prepare($sql); + $result->execute($data); + } catch (PDOException $e) { + //Fail 2 + $URL .= '&return=error2'; + header("Location: {$URL}"); + exit(); + } + + $AI = str_pad($connection2->lastInsertID(), 4, '0', STR_PAD_LEFT); + + //Success 0 + $URL .= '&return=success0&editID='.$AI; + header("Location: {$URL}"); + } +} diff --git a/Credentials/websites_delete.php b/Credentials/websites_delete.php new file mode 100755 index 0000000..a56257e --- /dev/null +++ b/Credentials/websites_delete.php @@ -0,0 +1,86 @@ +. +*/ + +@session_start(); + +if (isActionAccessible($guid, $connection2, '/modules/Credentials/websites_delete.php') == false) { + //Acess denied + echo "
"; + echo __($guid, 'You do not have access to this action.'); + echo '
'; +} else { + //Proceed! + echo "
"; + echo "
".__($guid, 'Home')." > ".__($guid, getModuleName($_GET['q']))." > ".__($guid, 'Manage Websites')." >
".__($guid, 'Delete Website').'
'; + echo '
'; + + if (isset($_GET['return'])) { + returnProcess($guid, $_GET['return'], null, null); + } + + $credentialsWebsiteID = $_GET['credentialsWebsiteID']; + if ($credentialsWebsiteID == '') { + echo "
"; + echo __($guid, 'You have not specified one or more required parameters.'); + echo '
'; + } else { + try { + $data = array('credentialsWebsiteID' => $credentialsWebsiteID); + $sql = 'SELECT * FROM credentialsWebsite WHERE credentialsWebsiteID=:credentialsWebsiteID'; + $result = $connection2->prepare($sql); + $result->execute($data); + } catch (PDOException $e) { + echo "
".$e->getMessage().'
'; + } + + if ($result->rowCount() != 1) { + echo "
"; + echo __($guid, 'The specified record cannot be found.'); + echo '
'; + } else { + //Let's go! + $row = $result->fetch(); + ?> +
"> + + + + + + + + + +
+
+ + 		+ +
+ + + + +
+
+ diff --git a/Credentials/websites_deleteProcess.php b/Credentials/websites_deleteProcess.php new file mode 100755 index 0000000..dcd1a2c --- /dev/null +++ b/Credentials/websites_deleteProcess.php @@ -0,0 +1,94 @@ +. +*/ + +include '../../functions.php'; +include '../../config.php'; + +//New PDO DB connection +try { + $connection2 = new PDO("mysql:host=$databaseServer;dbname=$databaseName;charset=utf8", $databaseUsername, $databasePassword); + $connection2->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + $connection2->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); +} catch (PDOException $e) { + echo $e->getMessage(); +} + +@session_start(); + +//Set timezone from session variable +date_default_timezone_set($_SESSION[$guid]['timezone']); + +$credentialsWebsiteID = $_GET['credentialsWebsiteID']; +$URL = $_SESSION[$guid]['absoluteURL'].'/index.php?q=/modules/'.getModuleName($_POST['address'])."/websites_delete.php&credentialsWebsiteID=".$credentialsWebsiteID; +$URLDelete = $_SESSION[$guid]['absoluteURL'].'/index.php?q=/modules/'.getModuleName($_POST['address'])."/websites.php"; + +if (isActionAccessible($guid, $connection2, '/modules/Credentials/websites_delete.php') == false) { + //Fail 0 + $URL .= '&return=error0'; + header("Location: {$URL}"); +} else { + //Proceed! + //Check if note specified + if ($credentialsWebsiteID == '') { + echo 'Fatal error loading this page!'; + } else { + try { + $data = array('credentialsWebsiteID' => $credentialsWebsiteID); + $sql = 'SELECT * FROM credentialsWebsite WHERE credentialsWebsiteID=:credentialsWebsiteID'; + $result = $connection2->prepare($sql); + $result->execute($data); + } catch (PDOException $e) { + //Fail2 + $URL .= '&return=error2'; + header("Location: {$URL}"); + exit(); + } + + if ($result->rowCount() != 1) { + //Fail 2 + $URL .= '&return=error2'; + header("Location: {$URL}"); + } else { + //Write to database + try { + $data = array('credentialsWebsiteID' => $credentialsWebsiteID); + $sql = 'DELETE FROM credentialsWebsite WHERE credentialsWebsiteID=:credentialsWebsiteID'; + $result = $connection2->prepare($sql); + $result->execute($data); + } catch (PDOException $e) { + //Fail2 + $URL .= '&return=error2'; + header("Location: {$URL}"); + exit(); + } + + //Attempt to delete student credentials based on this website + try { + $data = array('credentialsWebsiteID' => $credentialsWebsiteID); + $sql = 'DELETE FROM credentialsCredential WHERE credentialsWebsiteID=:credentialsWebsiteID'; + $result = $connection2->prepare($sql); + $result->execute($data); + } catch (PDOException $e) { } + + //Success 0 + $URLDelete = $URLDelete.'&return=success0'; + header("Location: {$URLDelete}"); + } + } +} diff --git a/Credentials/websites_edit.php b/Credentials/websites_edit.php new file mode 100755 index 0000000..a0fb398 --- /dev/null +++ b/Credentials/websites_edit.php @@ -0,0 +1,141 @@ +. +*/ + +@session_start(); + +if (isActionAccessible($guid, $connection2, '/modules/Credentials/websites_edit.php') == false) { + //Acess denied + echo "
"; + echo __($guid, 'You do not have access to this action.'); + echo '
'; +} else { + //Proceed! + echo "
"; + echo "
".__($guid, 'Home')." > ".__($guid, getModuleName($_GET['q']))." > ".__($guid, 'Manage Websites')." >
".__($guid, 'Edit Website').'
'; + echo '
'; + + if (isset($_GET['return'])) { + returnProcess($guid, $_GET['return'], null, null); + } + + //Check if school year specified + $credentialsWebsiteID = $_GET['credentialsWebsiteID']; + if ($credentialsWebsiteID == '') { + echo "
"; + echo __($guid, 'You have not specified one or more required parameters.'); + echo '
'; + } else { + try { + $data = array('credentialsWebsiteID' => $credentialsWebsiteID); + $sql = 'SELECT * FROM credentialsWebsite WHERE credentialsWebsiteID=:credentialsWebsiteID'; + $result = $connection2->prepare($sql); + $result->execute($data); + } catch (PDOException $e) { + echo "
".$e->getMessage().'
'; + } + + if ($result->rowCount() != 1) { + echo "
"; + echo __($guid, 'The specified record cannot be found.'); + echo '
'; + } else { + //Let's go! + $row = $result->fetch(); + ?> +
" enctype="multipart/form-data"> + + + + + + + + + + + + + + + + + + + + + + + + + +
+ *
+ + 		+ + +
+ *
+ 		+ +
+
+ 		+ + +
+
+ 		+ ".$row['logo']."

"; + } + ?> +

+ '> + +
+ + +
+ * + + + +
+
+ diff --git a/Credentials/websites_editProcess.php b/Credentials/websites_editProcess.php new file mode 100755 index 0000000..6fb60e7 --- /dev/null +++ b/Credentials/websites_editProcess.php @@ -0,0 +1,133 @@ +. +*/ + +include '../../functions.php'; +include '../../config.php'; + +//New PDO DB connection +try { + $connection2 = new PDO("mysql:host=$databaseServer;dbname=$databaseName;charset=utf8", $databaseUsername, $databasePassword); + $connection2->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + $connection2->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); +} catch (PDOException $e) { + echo $e->getMessage(); +} + +@session_start(); + +//Set timezone from session variable +date_default_timezone_set($_SESSION[$guid]['timezone']); + +$credentialsWebsiteID = $_GET['credentialsWebsiteID']; +$URL = $_SESSION[$guid]['absoluteURL'].'/index.php?q=/modules/'.getModuleName($_POST['address'])."/websites_edit.php&credentialsWebsiteID=$credentialsWebsiteID"; + +if (isActionAccessible($guid, $connection2, '/modules/Credentials/websites_edit.php') == false) { + //Fail 0 + $URL .= '&return=error0'; + header("Location: {$URL}"); +} else { + //Proceed! + //Check if note specified + if ($credentialsWebsiteID == '') { + echo 'Fatal error loading this page!'; + } else { + try { + $data = array('credentialsWebsiteID' => $credentialsWebsiteID); + $sql = 'SELECT * FROM credentialsWebsite WHERE credentialsWebsiteID=:credentialsWebsiteID'; + $result = $connection2->prepare($sql); + $result->execute($data); + } catch (PDOException $e) { + //Fail2 + $URL .= '&return=error2'; + header("Location: {$URL}"); + exit(); + } + + if ($result->rowCount() != 1) { + //Fail 2 + $URL .= '&return=error2'; + header("Location: {$URL}"); + } else { + $row = $result->fetch(); + + //Validate Inputs + $title = $_POST['title']; + $active = $_POST['active']; + $url = $_POST['url']; + $notes = $_POST['notes']; + + if ($title == '' or $active == '' or $url == '') { + //Fail 3 + $URL .= '&return=error3'; + header("Location: {$URL}"); + } else { + //Sort out logo + $imageFail = false; + $logo = $row['logo']; + if ($_FILES['file1']['tmp_name'] != '') { + $time = time(); + //Check for folder in uploads based on today's date + $path = $_SESSION[$guid]['absolutePath']; + if (is_dir($path.'/uploads/'.date('Y', $time).'/'.date('m', $time)) == false) { + mkdir($path.'/uploads/'.date('Y', $time).'/'.date('m', $time), 0777, true); + } + + $unique = false; + $count = 0; + while ($unique == false and $count < 100) { + $suffix = randomPassword(16); + if ($count == 0) { + $logo = 'uploads/'.date('Y', $time).'/'.date('m', $time).'/'.$title."_$suffix".strrchr($_FILES['file1']['name'], '.'); + } else { + $logo = 'uploads/'.date('Y', $time).'/'.date('m', $time).'/'.$title."_$suffix"."_$count".strrchr($_FILES['file1']['name'], '.'); + } + + if (!(file_exists($path.'/'.$logo))) { + $unique = true; + } + ++$count; + } + if (!(move_uploaded_file($_FILES['file1']['tmp_name'], $path.'/'.$logo))) { + $logo = ''; + $imageFail = true; + } + } + + //Write to database + try { + $data = array('title' => $title, 'active' => $active, 'url' => $url, 'logo' => $logo, 'notes' => $notes, 'credentialsWebsiteID' => $credentialsWebsiteID); + $sql = 'UPDATE credentialsWebsite SET title=:title, active=:active, url=:url, logo=:logo, notes=:notes WHERE credentialsWebsiteID=:credentialsWebsiteID'; + $result = $connection2->prepare($sql); + $result->execute($data); + } catch (PDOException $e) { + echo $e->getMessage(); + exit(); + //Fail 2 + $URL .= '&return=error2'; + header("Location: {$URL}"); + exit(); + } + + //Success 0 + $URL .= '&return=success0'; + header("Location: {$URL}"); + } + } + } +} diff --git a/Credentials/websites_edit_photoDeleteProcess.php b/Credentials/websites_edit_photoDeleteProcess.php new file mode 100755 index 0000000..fe1873a --- /dev/null +++ b/Credentials/websites_edit_photoDeleteProcess.php @@ -0,0 +1,80 @@ +. +*/ + +//Gibbon system-wide includes +include '../../functions.php'; +include '../../config.php'; + +//Module includes +include './moduleFunctions.php'; + +//New PDO DB connection +$pdo = new Gibbon\sqlConnection(); +$connection2 = $pdo->getConnection(); + +@session_start(); + +//Set timezone from session variable +date_default_timezone_set($_SESSION[$guid]['timezone']); + +$credentialsWebsiteID = $_GET['credentialsWebsiteID']; +$URL = $_SESSION[$guid]['absoluteURL']."/index.php?q=/modules/Credentials/websites_edit.php&credentialsWebsiteID=$credentialsWebsiteID"; + +if (isActionAccessible($guid, $connection2, '/modules/Credentials/websites_edit.php') == false) { + $URL .= '&return=error0'; + header("Location: {$URL}"); +} else { + //Proceed! + //Check if planner specified + if ($credentialsWebsiteID == '') { + $URL .= '&return=error1'; + header("Location: {$URL}"); + } else { + try { + $data = array('credentialsWebsiteID' => $credentialsWebsiteID); + $sql = 'SELECT * FROM credentialsWebsite WHERE credentialsWebsiteID=:credentialsWebsiteID'; + $result = $connection2->prepare($sql); + $result->execute($data); + } catch (PDOException $e) { + $URL .= '&return=error2'; + header("Location: {$URL}"); + exit(); + } + + if ($result->rowCount() != 1) { + $URL .= '&return=error2'; + header("Location: {$URL}"); + } else { + //UPDATE + try { + $data = array('credentialsWebsiteID' => $credentialsWebsiteID); + $sql = "UPDATE credentialsWebsite SET logo='' WHERE credentialsWebsiteID=:credentialsWebsiteID"; + $result = $connection2->prepare($sql); + $result->execute($data); + } catch (PDOException $e) { + $URL .= '&return=error2'; + header("Location: {$URL}"); + exit(); + } + + $URL .= '&return=success0'; + header("Location: {$URL}"); + } + } +}