' . $user_picture . '

' . User('NAME') . '

' . ucwords(User('PROFILE')) . '

" . "Home" . "
" . _home . "
" . _schoolInfo . ""; } elseif (User('PROFILE') != 'admin' && $modcat == "users") { echo "
" . _myInfo . ""; } elseif (User('PROFILE') == 'student' && $modcat == "students") { echo "
" . _myInfo . ""; } elseif (User('PROFILE') == 'student' && $modcat == "scheduling") { echo "
" . _schedule . ""; } elseif ($modcat == 'payments') { echo "
" . _payments . ""; } elseif ($modcat == 'settings') { echo "
" . _settings . ""; } elseif ($modcat == "messaging") { echo "
" . _messaging . ""; } else { if ($modcat == 'eligibility') { echo "
" . _extracurricular . ""; } elseif ($modcat == 'schoolsetup') echo "
" . _schoolSetup . ""; else { echo "
" . ucfirst(str_replace('_', ' ', constant('_' . $modcat))) . ""; } } /* * Submenu */ echo '
- $title"; elseif (substr($file, 0, 7) == 'HTTP://') echo "
- $title"; elseif (!is_numeric($file)) if (User('PROFILE') == 'student' && $title == "Student Info") { echo "
- My Info"; } elseif (User('PROFILE') == 'student' && $title == "Schedule") { echo "
- My Schedule"; } elseif (User('PROFILE') == 'student' && $title == "Student Requests") { echo "
- My Requests"; } else { if ($modcat == 'eligibility') echo "
- $title"; else { if (User('PROFILE_ID') != 0 && User('PROFILE') == 'admin') { if ($modcat == 'tools' && $title != 'Backup Database') echo "
- $title"; if ($modcat != 'tools') echo "
- " . "$title\"' onmouseup=\"document.getElementById('cframe').src='Bottom.php?modname=" . str_replace('&', '?', $file) . "';\">$title"; } else echo "
- " . $title . "\");' onmouseup=\"$('#cframe').attr('src','Bottom.php?modname=" . str_replace('&', '?', $file) . "');\">$title"; } } elseif ($keys[$key_index + 1] && !is_numeric($keys[$key_index + 1])) { $mm = $mm + 1; if (User('PROFILE_ID') != 0 && User('PROFILE') == 'admin') { if ($modcat == 'tools' && $title != 'Reports') { echo '
- ' . $title . '
  - ' . $title . '
    - ' . $title . '
      - $title"; elseif (substr($file, 0, 7) == 'HTTP://') echo "
      - $title"; elseif (!is_numeric($file)) { if ($modcat == 'eligibility') echo "
      - $title"; else { if (User('PROFILE_ID') != 0 && User('PROFILE') == 'admin') { if ($modcat == 'tools' && $title != 'At a Glance' && $title != 'Institute Reports' && $title != 'Institute Custom Field Reports') echo "
      - $title"; // if ($modcat != 'tools') { echo "
      - " . "$title\"' onmouseup=\"document.getElementById('cframe').src='Bottom.php?modname=" . $file . "';\">$title"; } } else echo "
      - " . "$title\"' onmouseup=\"document.getElementById('cframe').src='Bottom.php?modname=" . $file . "';\">$title"; } } elseif ($keys[$key_index + 1] && !is_numeric($keys[$key_index + 1])) { $mm = $mm + 1; echo '
    - ' . $title . '
      '; $child2 = 0; } $i = $i + 1; echo '
    '; echo '

'; $append = ''; if ($_REQUEST['page_display']) $append = '?page_display=' . $_REQUEST['page_display']; if ($_REQUEST['include'] && $_REQUEST['modname'] == 'students/Student.php') $append = '?include=' . $_REQUEST['include']; echo "

"; if (User('PROFILE') == 'admin') { $admin_COMMON_FROM = " FROM students s, student_address a,student_enrollment ssm "; $admin_COMMON_WHERE = " WHERE s.STUDENT_ID=ssm.STUDENT_ID AND a.STUDENT_ID=s.STUDENT_ID AND a.TYPE='Home Address' AND ssm.SYEAR=" . UserSyear() . " AND ssm.SCHOOL_ID=" . UserSchool() . " "; if (optional_param('mp_comment', '', PARAM_NOTAGS) || $_SESSION['smc']) { $admin_COMMON_FROM .= " ,student_mp_comments smc"; $admin_COMMON_WHERE .= " AND smc.STUDENT_ID=s.STUDENT_ID "; $_SESSION['smc'] = '1'; } if (optional_param('goal_description', '', PARAM_NOTAGS) || optional_param('goal_title', '', PARAM_NOTAGS) || $_SESSION['g']) { $admin_COMMON_FROM .= " ,student_goal g "; $admin_COMMON_WHERE .= " AND g.STUDENT_ID=s.STUDENT_ID "; $_SESSION['g'] = '1'; } if (optional_param('progress_name', '', PARAM_NOTAGS) || optional_param('progress_description', '', PARAM_NOTAGS) || $_SESSION['p']) { $admin_COMMON_FROM .= " ,student_goal_progress p "; $admin_COMMON_WHERE .= " AND p.STUDENT_ID=s.STUDENT_ID "; $_SESSION['p'] = '1'; } if (optional_param('doctors_note_comments', '', PARAM_NOTAGS) || optional_param('med_day', '', PARAM_NOTAGS) || optional_param('med_month', '', PARAM_NOTAGS) || optional_param('med_year', '', PARAM_NOTAGS) || $_SESSION['smn']) { $admin_COMMON_FROM .= " ,student_medical_notes smn "; $admin_COMMON_WHERE .= " AND smn.STUDENT_ID=s.STUDENT_ID "; $_SESSION['smn'] = '1'; } if (optional_param('type', '', PARAM_NOTAGS) || optional_param('imm_comments', '', PARAM_NOTAGS) || optional_param('imm_day', '', PARAM_NOTAGS) || optional_param('imm_month', '', PARAM_NOTAGS) || optional_param('imm_year', '', PARAM_NOTAGS) || $_SESSION['sm']) { $admin_COMMON_FROM .= " ,student_immunization sm "; $admin_COMMON_WHERE .= " AND sm.STUDENT_ID=s.STUDENT_ID "; $_SESSION['sm'] = '1'; } if (optional_param('ma_day', '', PARAM_NOTAGS) || optional_param('ma_month', '', PARAM_NOTAGS) || optional_param('ma_year', '', PARAM_NOTAGS) || optional_param('med_alrt_title', '', PARAM_NOTAGS) || $_SESSION['sma']) { $admin_COMMON_FROM .= " ,student_medical_alerts sma "; $admin_COMMON_WHERE .= " AND sma.STUDENT_ID=s.STUDENT_ID "; $_SESSION['sma'] = '1'; } if (optional_param('nv_day', '', PARAM_NOTAGS) || optional_param('nv_month', '', PARAM_NOTAGS) || optional_param('nv_year', '', PARAM_NOTAGS) || optional_param('reason', '', PARAM_NOTAGS) || optional_param('result', '', PARAM_NOTAGS) || optional_param('med_vist_comments', '', PARAM_NOTAGS) || $_SESSION['smv']) { $admin_COMMON_FROM .= " ,student_medical_visits smv "; $admin_COMMON_WHERE .= " AND smv.STUDENT_ID=s.STUDENT_ID "; $_SESSION['smv'] = '1'; } $admin_COMMON = $admin_COMMON_FROM . $admin_COMMON_WHERE; } if (User('PROFILE') == 'teacher') { $teacher_COMMON_FROM = " FROM students s, student_enrollment ssm, course_periods cp, schedule ss,student_address a "; $teacher_COMMON_WHERE = " WHERE a.STUDENT_ID=s.STUDENT_ID AND a.TYPE='Home Address' AND s.STUDENT_ID=ssm.STUDENT_ID AND ssm.STUDENT_ID=ss.STUDENT_ID AND ssm.SYEAR=cp.SYEAR AND ssm.SYEAR=ss.SYEAR AND cp.COURSE_ID=ss.COURSE_ID AND cp.COURSE_PERIOD_ID=ss.COURSE_PERIOD_ID AND ss.MARKING_PERIOD_ID IN (" . GetAllMP('', $queryMP) . ") AND (cp.TEACHER_ID='" . User('STAFF_ID') . "' OR cp.SECONDARY_TEACHER_ID='" . User('STAFF_ID') . "') AND cp.COURSE_PERIOD_ID='" . UserCoursePeriod() . "' AND (ssm.START_DATE IS NOT NULL AND ('" . DBDate() . "'<=ssm.END_DATE OR ssm.END_DATE IS NULL)) AND ssm.SYEAR=" . UserSyear() . " AND ssm.SCHOOL_ID=" . UserSchool() . " "; if (optional_param('mp_comment', '', PARAM_SPCL) || $_SESSION['smc']) { $teacher_COMMON_FROM .= " ,student_mp_comments smc"; $teacher_COMMON_WHERE .= " AND smc.STUDENT_ID=s.STUDENT_ID "; $_SESSION['smc'] = '1'; } if (optional_param('goal_description', '', PARAM_SPCL) || optional_param('goal_title', '', PARAM_SPCL) || $_SESSION['g']) { $teacher_COMMON_FROM .= " ,student_goal g "; $teacher_COMMON_WHERE .= " AND g.STUDENT_ID=s.STUDENT_ID "; $_SESSION['g'] = '1'; } if (optional_param('progress_name', '', PARAM_NOTAGS) || optional_param('progress_description', '', PARAM_NOTAGS) || $_SESSION['p']) { $teacher_COMMON_FROM .= " ,student_goal_progress p "; $teacher_COMMON_WHERE .= " AND p.STUDENT_ID=s.STUDENT_ID "; $_SESSION['p'] = '1'; } if (optional_param('doctors_note_comments', '', PARAM_NOTAGS) || optional_param('med_day', '', PARAM_NOTAGS) || optional_param('med_month', '', PARAM_NOTAGS) || optional_param('med_year', '', PARAM_NOTAGS) || $_SESSION['smn']) { $teacher_COMMON_FROM .= " ,student_medical_notes smn "; $teacher_COMMON_WHERE .= " AND smn.STUDENT_ID=s.STUDENT_ID "; $_SESSION['smn'] = '1'; } if (optional_param('type', '', PARAM_NOTAGS) || optional_param('imm_comments', '', PARAM_NOTAGS) || optional_param('imm_day', '', PARAM_NOTAGS) || optional_param('imm_month', '', PARAM_NOTAGS) || optional_param('imm_year', '', PARAM_NOTAGS) || $_SESSION['sm']) { $teacher_COMMON_FROM .= " ,student_immunization sm "; $teacher_COMMON_WHERE .= " AND sm.STUDENT_ID=s.STUDENT_ID "; $_SESSION['sm'] = '1'; } if (optional_param('ma_day', '', PARAM_NOTAGS) || optional_param('ma_month', '', PARAM_NOTAGS) || optional_param('ma_year', '', PARAM_NOTAGS) || optional_param('med_alrt_title', '', PARAM_NOTAGS) || $_SESSION['sma']) { $teacher_COMMON_FROM .= " ,student_medical_alerts sma "; $teacher_COMMON_WHERE .= " AND sma.STUDENT_ID=s.STUDENT_ID "; $_SESSION['sma'] = '1'; } if (optional_param('nv_day', '', PARAM_NOTAGS) || optional_param('nv_month', '', PARAM_NOTAGS) || optional_param('nv_year', '', PARAM_NOTAGS) || optional_param('reason', '', PARAM_NOTAGS) || optional_param('result', '', PARAM_NOTAGS) || optional_param('med_vist_comments', '', PARAM_NOTAGS) || $_SESSION['smv']) { $teacher_COMMON_FROM .= " ,student_medical_visits smv "; $teacher_COMMON_WHERE .= " AND smv.STUDENT_ID=s.STUDENT_ID "; $_SESSION['smv'] = '1'; } $teacher_COMMON = $teacher_COMMON_FROM . $teacher_COMMON_WHERE; } //===================== End ============================================= // echo "

"; echo "

"; if (!isset($_REQUEST['_openSIS_PDF'])) { echo '

'; //echo "

"; } //print_r($_REQUEST['modname']); if ($_REQUEST['modname'] || $_GET['modname']) { /* * *****************back to list*************************** */ if ($_REQUEST['bottom_back'] && $_SESSION['staff_id']) unset($_SESSION['staff_id']); if ($_REQUEST['bottom_back'] && $_SESSION['student_id']) unset($_SESSION['student_id']); /* * ********************************************* */ if ($_REQUEST['_openSIS_PDF'] == 'true') ob_start(); if (strpos($_REQUEST['modname'], '?') !== false) { $modname = substr(optional_param('modname', '', PARAM_NOTAGS), 0, strpos(optional_param('modname', '', PARAM_NOTAGS), '?')); $vars = substr(optional_param('modname', '', PARAM_NOTAGS), (strpos(optional_param('modname', '', PARAM_NOTAGS), '?') + 1)); $vars = explode('?', $vars); foreach ($vars as $code) { $code = explode('=', $code); $_REQUEST[$code[0]] = $code[1]; } } else $modname = optional_param('modname', '', PARAM_NOTAGS); if (optional_param('LO_save', '', PARAM_INT) != '1' && !isset($_REQUEST['_openSIS_PDF']) && (strpos($modname, 'miscellaneous/') === false || $modname == 'miscellaneous/Registration.php' || $modname == 'miscellaneous/Export.php' || $modname == 'miscellaneous/Portal.php')) $_SESSION['_REQUEST_vars'] = $_REQUEST; $allowed = false; include 'Menu.php'; foreach ($_openSIS['Menu'] as $modcat => $programs) { if (optional_param('modname', '', PARAM_NOTAGS) == $modcat . '/Search.php') { $allowed = true; break; } foreach ($programs as $program => $title) { if (optional_param('modname', '', PARAM_NOTAGS) == $program) { $allowed = true; break; } } } ##### REMOVE FILES FROM ROOT - START ##### $check_backups = DBGet(DBQuery("SELECT * FROM `program_config` WHERE `program` = 'DB_BACKUP'")); if (!empty($check_backups)) { foreach ($check_backups as $each_backups) { $filename = $each_backups['TITLE'] . '.sql'; if (file_exists($filename)) { unlink($filename); DBQuery("DELETE FROM `program_config` WHERE `program` = 'DB_BACKUP' AND `value` = '" . $each_backups['VALUE'] . "'"); } } } ##### REMOVE FILES FROM ROOT - END ##### if (optional_param('modname', '', PARAM_NOTAGS) == 'users/TeacherPrograms.php?include=attendance/TakeAttendance.php') $allowed = true; if (optional_param('modname', '', PARAM_NOTAGS) == 'ParentLookup.php') $allowed = true; if (optional_param('modname', '', PARAM_NOTAGS) == 'schoolsetup/UploadLogo.php' && User('PROFILE') == 'admin') $allowed = true; if (optional_param('modname', '', PARAM_NOTAGS) == 'schoolsetup/UploadPartnerLogo.php' && User('PROFILE') == 'admin') $allowed = true; if (optional_param('modname', '', PARAM_NOTAGS) == 'users/UploadUserPhoto.php') $allowed = true; if (optional_param('modname', '', PARAM_NOTAGS) == 'users/UploadUserPhoto.php?modfunc=edit') $allowed = true; if (optional_param('modname', '', PARAM_NOTAGS) == 'accounts/paymentRequest.php') $allowed = true; if (optional_param('modname', '', PARAM_NOTAGS) == 'accounts/penality.php?modfunc=add') $allowed = true; if (optional_param('modname', '', PARAM_NOTAGS) == 'accounts/discount_settings.php?modfunc=add') $allowed = true; if (optional_param('modname', '', PARAM_NOTAGS) == 'students/Upload.php') $allowed = true; if (optional_param('modname', '', PARAM_NOTAGS) == 'students/StudentFilters.php') $allowed = true; if (optional_param('modname', '', PARAM_NOTAGS) == 'students/Upload.php?modfunc=edit') $allowed = true; if (optional_param('modname', '', PARAM_NOTAGS) == 'scheduling/Schedule.php?modfunc=cp_insert') $allowed = true; if (substr(optional_param('modname', '', PARAM_NOTAGS), 0, 14) == 'miscellaneous/' || substr(optional_param('modname', '', PARAM_NOTAGS), 0, 7) == 'grades/') $allowed = true; if (optional_param('modname', '', PARAM_NOTAGS) == 'messaging/AddMember.php') $allowed = true; if ($allowed || $_SESSION['take_mssn_attn']) { if (Preferences('SEARCH') != 'Y' && substr(clean_param($modname, PARAM_NOTAGS), 0, 6) != 'users/') $_REQUEST['search_modfunc'] = 'list'; include('modules/' . $modname); } else { if (User('USERNAME')) { echo "" . _youReNotAllowedToUseThisProgram . "! " . _thisAttemptedViolationHasBeenLoggedAndYourIpAddressWasCaptured . "."; Warehouse('footer'); if ($_SERVER['HTTP_X_FORWARDED_FOR']) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; } if ($openSISNotifyAddress) mail($openSISNotifyAddress, 'HACKING ATTEMPT', "INSERT INTO hacking_log (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('$_SERVER[SERVER_NAME]','$ip','" . date('Y-m-d') . "','$openSISVersion','$_SERVER[PHP_SELF]','$_SERVER[DOCUMENT_ROOT]','$_SERVER[SCRIPT_NAME]','$_REQUEST[modname]','" . User('USERNAME') . "')"); if (false && function_exists('query')) { if ($_SERVER['HTTP_X_FORWARDED_FOR']) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; } $connection = new mysqli('os4ed.com', 'openSIS_log', 'openSIS_log', 'openSIS_log'); $connection->query("INSERT INTO hacking_log (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('$_SERVER[SERVER_NAME]','$ip','" . date('Y-m-d') . "','$openSISVersion','$_SERVER[PHP_SELF]','$_SERVER[DOCUMENT_ROOT]','$_SERVER[SCRIPT_NAME]','" . optional_param('modname', '', PARAM_CLEAN) . "','" . User('USERNAME') . "')"); mysqli_close($link); } } exit; } if ($_SESSION['unset_student']) { unset($_SESSION['unset_student']); unset($_SESSION['staff_id']); } } /* * Demo Chart */ if (!isset($_REQUEST['_openSIS_PDF'])) { for ($i = 1; $i <= $_openSIS['PrepareDate']; $i++) { echo ''; } echo ""; echo "

"; } echo ' '; echo ""; echo ""; ?>