← Back to branch summary

~julian-lam/maccms/trunk 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

<?php 

	session_start();
	
	# Variables
	$prefix = "..";				# Prefix for relative links
	$title = "Administration Panel";	# Title of the page
	
	# Including includes
	include "$prefix/config/config.php";	# General configuration file for all pages
	include "$prefix/includes/db.inc";	# DB access
	include "$prefix/includes/other.inc";	# Other scripts
	include "$prefix/includes/header.inc";	# Including HTML headers, etc
	include "$prefix/includes/js.inc";	# Javascript access

	# Check for Login and Privileges
	if (isset($_POST['username']) && isset($_POST['password'])) {
		$result = login_admin($_POST['username'],$_POST['password']);
		if ($result == 0) {
			messagebox(error,error,'Error 3: You are either not logged in, or do not have the permissions to access this page<br /><br /><a href="/">Home</a>',true);
		}
	}
	elseif ($_SESSION['type'] == "admin" || $_SESSION['type'] == "superuser");
	else messagebox(error,error,'Error 3: You are either not logged in, or do not have the permissions to access this page<br /><br /><a href="/">Home</a>',true);

?>

					<p class="blurb">
						The Administration panel allows you to modify permissions and instrument contracts. From here, you can
						also modify registered users and manage the database system.
					<p> 
					<hr />
				</td>
			</tr>
			<?php
				if ($_SESSION['type'] == "superuser") {
					db_connect();
					$countpending = mysql_fetch_row(mysql_query("SELECT COUNT(id) FROM contracts WHERE status='pending'"));
					$today = strtotime('today');
					$aweekfromtoday = $today + 604800; # Does not account for leap years (see bug #537046), but this does not require that kind of precision
					$countexpiring = mysql_fetch_row(mysql_query("SELECT COUNT(id) FROM contracts WHERE dateto BETWEEN '$today' AND '$aweekfromtoday' AND status<>'returned'"));
					$listexpiring = mysql_query("SELECT name, instrument FROM authz, contracts WHERE authz.studentno = contracts.studentno AND dateto BETWEEN 'today' AND '$aweekfromtoday' AND status<>'returned'");
					$countoverdue = mysql_fetch_row(mysql_query("SELECT COUNT(id) FROM contracts WHERE (status='out' AND dateto<'$today')"));
					db_close();
					if ($countpending[0] > 0) {
						echo '<tr><td colspan="2">';
						if ($countpending[0] == 1) messagebox(notice,folder_yellow,'<b>Message to Cage Manager</b><br />There is ' . $countpending[0] . ' new instrument request to be processed',false);
						else messagebox(notice,folder_yellow,'<b>Message to Cage Manager</b><br />There are ' . $countpending[0] . ' new instrument requests to be processed',false);
						echo '</td></tr>';
					}
					if ($countexpiring[0] > 0) {
						# Make the list of students
						for ($x=0;$x<$countexpiring[0];$x++) {
							$row = mysql_fetch_row($listexpiring);
							$list = $list . $row[0] . ' (' . ucwords($row[1]) . ')<br />';
						}
						echo '<tr><td colspan="2">';
						if ($countexpiring[0] == 1) messagebox(notice,folder_yellow,'<b>Message to Cage Manager</b><br />There is ' . $countexpiring[0] . ' instrument contract expiring within 7 days<br /><a onClick="toggle_visibility(\'expiring\')" style="cursor: pointer;">Click for More Information</a><span id="expiring" name="list" style="display: none;"><br />The aforementioned students:<br />' . stripslashes($list) . '</span>',false);
						else messagebox(notice,folder_yellow,'<b>Message to Cage Manager</b><br />There are ' . $countexpiring[0] . ' instrument contracts expiring within 7 days<br /><a onClick="toggle_visibility(\'cleared\')" style="cursor: pointer;">Click for More Information</a><span id="cleared" name="list" style="display: none;"><br />The aforementioned students:<br />' . stripslashes($list) . '</span>',false);
						echo '</td></tr>';
					}
					if ($countoverdue[0] > 0) {
						echo '<tr><td colspan="2">';
						if ($countoverdue[0] == 1) messagebox(error,folder_red,'<b>Message to Cage Manager</b><br />There is ' . $countoverdue[0] . ' student with an <u>overdue</u> instrument!',false);
						else messagebox(error,folder_red,'<b>Message to Cage Manager</b><br />There are ' . $countoverdue[0] . ' students with <u>overdue</u> instruments!',false);
						echo '</td></tr>';
					}
				}
			?>
			<tr>
				<td class="left">
					<div class="admin_menu_option" onClick="window.location='./contracts.php';">
						<img src="/images/contracts.png" title="" />
						<p>Add/View Instrument Contracts</p>
					</div>
					<div class="admin_menu_option" onClick="window.location='./users.php';">
						<img src="/images/user.png" title="" />
						<p>Add/View Registered Users</p>
					</div>
					<?php
						db_connect();
						$check_locker_enabled = mysql_fetch_row(mysql_query("SELECT value FROM meta WHERE `option`='lockers_enabled'"));
						db_close();
						if ($check_locker_enabled[0] == 1) echo '
							<div class="admin_menu_option" onClick="window.location=\'/modules/lockers/index.php\';">
								<img src="/images/lockers.png" title="" />
								<p>Locker Assignments</p>
							</div>
						';
					?>
					<div class="admin_menu_option" onClick="window.location='./stats.php';">
						<img src="/images/summary.png" title="" />
						<p>Statistics and Summaries</p>
					</div>
				</td>
				<td class="right">
					<div class="admin_menu_option" onClick="window.location='./permissions.php';">
						<img src="/images/permissions.png" title="" />
						<p>Add/View Permissions</p>
					</div>
					<div class="admin_menu_option" onClick="window.location='./inventory.php';">
						<img src="/images/inventory.png" title="" />
						<p>Instrument Inventory</p>
					</div>
					<?php
						db_connect();
						$check_accessories_enabled = mysql_fetch_row(mysql_query("SELECT value FROM meta WHERE `option`='accessories_enabled'"));
						db_close();
						if ($check_accessories_enabled[0] == 1) echo '
							<div class="admin_menu_option" onClick="window.location=\'/modules/accessories/index.php\';">
								<img src="/images/accessories.png" title="" />
								<p>Accessories Management</p>
							</div>
						';
					?>
					<div class="admin_menu_option" onClick="window.location='./system.php';">
						<img src="/images/db.png" title="" />
						<p>System Options</p>
					</div>
				</td>
			</tr>
			<tr>
				<td colspan="2" align="center">
					<div class="buttons" style="display: table; margin: auto;">
						<a href="/index.php?action=logout" class="negative">
							<img src="/images/logoff.png" title="" />
							Log out
						</a>
					</div>
					<span id="displaylogin">Current logged in as <strong><?=$_SESSION['name']?></strong></span>
				</td>
			</tr>
		</table>

<?php

	# Including includes
	include "$prefix/includes/footer.inc";

?>