[ PHPXref.com ] [ Generated: Sun Jul 20 17:52:21 2008 ] [ Focus/SIS 1.0 ]
[ Index ]     [ Variables ]     [ Functions ]     [ Classes ]     [ Constants ]     [ Statistics ]

title

Body

[close]

/ -> Modules.php (source)

   1  <?
   2  /**
   3  * @file Modules.php 2006-04-17 andrew $
   4  * @package Focus/SIS
   5  * @copyright Copyright (C) 2006 Andrew Schmadeke. All rights reserved.
   6  * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.txt
   7  * Focus/SIS is free software. This version may have been modified pursuant
   8  * to the GNU General Public License, and as distributed it includes or
   9  * is derivative of works licensed under the GNU General Public License or
  10  * other free or open source software licenses.
  11  * See COPYRIGHT.txt for copyright notices and details.
  12  */
  13  
  14  //error_reporting(1);
  15  error_reporting(E_ERROR);
  16  $start_time = time();
  17  include  'Warehouse.php';
  18  array_rwalk($_REQUEST,'strip_tags');
  19  
  20  if(!isset($_REQUEST['_FOCUS_PDF']))
  21  {
  22      Warehouse('header');
  23  
  24      //if(strpos($_REQUEST['modname'],'misc/')===false && $_REQUEST['modname']!='Students/Student.php' && $_REQUEST['modname']!='School_Setup/Calendar.php' && $_REQUEST['modname']!='Scheduling/Schedule.php' && $_REQUEST['modname']!='Attendance/Percent.php' && $_REQUEST['modname']!='Attendance/Percent.php?list_by_day=true' && $_REQUEST['modname']!='Scheduling/MassRequests.php' && $_REQUEST['modname']!='Scheduling/MassSchedule.php' && $_REQUEST['modname']!='Student_Billing/Fees.php')
  25      if(strpos($_REQUEST['modname'],'misc/')===false)
  26          echo '<script language="JavaScript">if(window == top  && (!window.opener || window.opener.location.href.substring(0,(window.opener.location.href.indexOf("&")!=-1?window.opener.location.href.indexOf("&"):window.opener.location.href.replace("#","").length))!=window.location.href.substring(0,(window.location.href.indexOf("&")!=-1?window.location.href.indexOf("&"):window.location.href.replace("#","").length)))) window.location.href = "index.php";</script>';
  27      echo "<BODY marginwidth=0 leftmargin=0 border=0 onload='doOnload();' background=assets/bg.gif>";
  28      echo '<DIV id="Migoicons" style="visibility:hidden;position:absolute;z-index:1000;top:-100"></DIV><SCRIPT language="JavaScript1.2"  type="text/javascript">var TipId="Migoicons";var FiltersEnabled = 1;mig_clay();</SCRIPT>';
  29      echo "<TABLE width=100% height=100% border=0 cellpadding=0><TR><TD valign=top>";
  30  }
  31  
  32  if($_REQUEST['modname'])
  33  {
  34      if($_REQUEST['_FOCUS_PDF']=='true')
  35          ob_start();
  36      if(strpos($_REQUEST['modname'],'?')!==false)
  37      {
  38          $vars = substr($_REQUEST['modname'],(strpos($_REQUEST['modname'],'?')+1));
  39          $modname = substr($_REQUEST['modname'],0,strpos($_REQUEST['modname'],'?'));
  40          
  41          $vars = explode('?',$vars);
  42          foreach($vars as $code)
  43          {
  44              $code = "\$_REQUEST['".str_replace('=',"']='",$code)."';";
  45              eval($code);
  46          }
  47      }
  48      else
  49          $modname = $_REQUEST['modname'];
  50      
  51      if($_REQUEST['LO_save']!='1' && !isset($_REQUEST['_FOCUS_PDF']) && (strpos($modname,'misc/')===false || $modname=='misc/Registration.php' || $modname=='misc/Export.php'))
  52          $_SESSION['_REQUEST_vars'] = $_REQUEST;
  53      
  54      $allowed = false;
  55      include  'Menu.php';
  56      foreach($_FOCUS['Menu'] as $modcat=>$programs)
  57      {
  58          if($_REQUEST['modname']==$modcat.'/Search.php')
  59          {
  60              $allowed = true;
  61              break;
  62          }
  63          foreach($programs as $program=>$title)
  64          {
  65              if($_REQUEST['modname']==$program)
  66              {
  67                  $allowed = true;
  68                  break;
  69              }
  70          }
  71      }
  72      if(substr($_REQUEST['modname'],0,5)=='misc/')
  73          $allowed = true;
  74      
  75      if($allowed)
  76      {
  77          if(Preferences('SEARCH')!='Y')
  78              $_REQUEST['search_modfunc'] = 'list';
  79          include('languages/English/'.$modname);
  80          include('modules/'.$modname);
  81      }
  82      else
  83      {
  84          if(User('USERNAME'))
  85          {
  86              echo "You're not allowed to use this program! This attempted violation has been logged and your IP address was captured.";
  87              Warehouse('footer');
  88              mail('focus@focus-sis.org','HACKING ATTEMPT',"INSERT INTO HACKING_LOG (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('$_SERVER[SERVER_NAME]','$_SERVER[REMOTE_ADDR]','".date('Y-m-d')."','2.0','$_SERVER[PHP_SELF]','$_SERVER[DOCUMENT_ROOT]','$_SERVER[SCRIPT_NAME]','$_REQUEST[modname]','".User('USERNAME')."')");
  89          }
  90          exit;
  91      }
  92      
  93      if($_SESSION['unset_student'])
  94      {
  95          unset($_SESSION['unset_student']);
  96          unset($_SESSION['staff_id']);
  97      }
  98  }
  99  
 100  
 101  if(!isset($_REQUEST['_FOCUS_PDF']))
 102  {
 103      echo '</TD></TR></TABLE>';
 104      for($i=1;$i<=$_FOCUS['PrepareDate'];$i++)
 105      {
 106          echo '<script type="text/javascript">
 107      Calendar.setup({
 108          monthField     :    "monthSelect'.$i.'",
 109          dayField       :    "daySelect'.$i.'",
 110          yearField      :    "yearSelect'.$i.'",
 111          ifFormat       :    "%d-%b-%y",
 112          button         :    "trigger'.$i.'",
 113          align          :    "Tl",
 114          singleClick    :    true
 115      });
 116  </script>';
 117      }
 118      echo '</BODY>';
 119      echo '</HTML>';
 120  }
 121  ?>


[ Powered by PHPXref - Served by Debian GNU/Linux ]