2 require(dirname(__FILE__) .'/../common/vitals.inc.php');
\r
4 // using 401 authentication
\r
5 if (isset($_GET['login'])) {
\r
6 if (!isset($_SERVER['PHP_AUTH_USER'])) {
\r
7 header('WWW-Authenticate: Basic realm="Administrator Login"');
\r
8 header('HTTP/1.0 401 Unauthorized');
\r
9 echo 'Wrong username/password combination.';
\r
12 $_POST['username'] = $_SERVER['PHP_AUTH_USER'];
\r
13 $_POST['password'] = $_SERVER['PHP_AUTH_PW'];
\r
14 $_POST['submit'] = true;
\r
16 unset($_SERVER['PHP_AUTH_USER']);
\r
17 unset($_SERVER['PHP_AUTH_PW']);
\r
20 $config_location = '../../include/config.inc.php';
\r
21 if (is_file($config_location) && is_readable($config_location)) {
\r
22 require($config_location);
\r
23 $db = mysql_connect(DB_HOST . ':' . DB_PORT, DB_USER, DB_PASSWORD);
\r
24 mysql_select_db(DB_NAME, $db);
\r
26 // check atutor config table to see if handbook notes is enabled.
\r
27 $sql = "SELECT value FROM ".TABLE_PREFIX."config WHERE name='user_notes'";
\r
28 $result = @mysql_query($sql, $db);
\r
29 if (($row = mysql_fetch_assoc($result)) && $row['value']) {
\r
30 define('AT_HANDBOOK_ENABLE', true);
\r
31 $enable_user_notes = true;
\r
33 define('AT_HANDBOOK_DB_TABLE_PREFIX', TABLE_PREFIX);
\r
35 if (isset($_POST['submit'])) {
\r
36 // try to validate $_POST
\r
37 // authenticate against the ATutor database if a connection can be made
\r
38 $_POST['username'] = addslashes($_POST['username']);
\r
39 $_POST['password'] = addslashes($_POST['password']);
\r
42 $db = @mysql_connect(AT_HANDBOOK_DB_HOST . ':' . AT_HANDBOOK_DB_PORT, AT_HANDBOOK_DB_USER, AT_HANDBOOK_DB_PASSWORD);
\r
43 if (@mysql_select_db(AT_HANDBOOK_DB_DATABASE, $db)) {
\r
44 $enable_user_notes = true;
\r
48 // check if it's an admin login.
\r
49 $sql = "SELECT login, `privileges` FROM ".TABLE_PREFIX."admins WHERE login='$_POST[username]' AND PASSWORD(password)=PASSWORD('$_POST[password]') AND `privileges`>0";
\r
50 $result = mysql_query($sql, $db);
\r
51 if ($row = mysql_fetch_assoc($result)) {
\r
52 $_SESSION['handbook_admin'] = true;
\r
53 header('Location: '.$_SERVER['PHP_SELF']);
\r
56 } else if (isset($_GET['logout'])) {
\r
57 header('WWW-Authenticate: Basic realm="Administrator Login"');
\r
58 header('HTTP/1.0 401 Unauthorized');
\r
60 unset($_SERVER['PHP_AUTH_USER']);
\r
61 unset($_SERVER['PHP_AUTH_PW']);
\r
62 unset($_SESSION['handbook_admin']);
\r
63 session_write_close();
\r
64 header('Location: '.$_SERVER['PHP_SELF']);
\r
69 if (!defined('AT_HANDBOOK_ENABLE')) {
\r
70 // use local config file
\r
71 require('../config.inc.php');
\r
73 if (isset($_POST['submit'])) {
\r
74 // try to validate $_POST
\r
75 if (($_POST['username'] == AT_HANDBOOK_ADMIN_USERNAME) && ($_POST['password'] == AT_HANDBOOK_ADMIN_PASSWORD)) {
\r
76 $_SESSION['handbook_admin'] = true;
\r
77 header('Location: '.$_SERVER['PHP_SELF']);
\r
80 } else if (key($_GET) == 'logout') {
\r
81 header('WWW-Authenticate: Basic realm="Administrator Login"');
\r
82 header('HTTP/1.0 401 Unauthorized');
\r
84 unset($_SERVER['PHP_AUTH_USER']);
\r
85 unset($_SERVER['PHP_AUTH_PW']);
\r
86 unset($_SESSION['handbook_admin']);
\r
87 session_write_close();
\r
88 header('Location: '.$_SERVER['PHP_SELF']);
\r
93 if (!$db && defined('AT_HANDBOOK_ENABLE') && AT_HANDBOOK_ENABLE) {
\r
94 $db = @mysql_connect(AT_HANDBOOK_DB_HOST . ':' . AT_HANDBOOK_DB_PORT, AT_HANDBOOK_DB_USER, AT_HANDBOOK_DB_PASSWORD);
\r
95 @mysql_select_db(AT_HANDBOOK_DB_DATABASE, $db);
\r
96 $enable_user_notes = true;
\r
98 ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict //EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
\r
99 <html lang="<?php if ($req_lang) { echo $req_lang; } else { echo 'dp'; } ?>">
\r
101 <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
\r
102 <title><?php get_text('doc_title'); ?></title>
\r
103 <link rel="stylesheet" href="../common/styles.css" type="text/css" />
\r
106 <?php if ($missing_lang): ?>
\r
107 <div style="margin: 20px auto; border: 1px solid #aaf; padding: 4px; text-align: center; background-color: #eef;">
\r
108 <?php get_text('page_not_translated'); ?>
\r
112 <h1><?php get_text('doc_title'); ?></h1>
\r
113 <p><?php get_text('doc_welcome'); ?></p>
\r
116 <li><a href="../general/index.php?<?php echo $req_lang; ?>"><?php get_text('doc_user'); ?></a></li>
\r
117 <li><a href="../admin/index.php?<?php echo $req_lang; ?>"><?php get_text('doc_admin'); ?></a></li>
\r
118 <li><a href="../instructor/index.php?<?php echo $req_lang; ?>"><?php get_text('doc_instructor'); ?></a></li>
\r
119 <li><a href="../developer/guidelines.html"><?php get_text('doc_dev'); ?></a></li>
\r
120 <li><a href="../developer/modules.html"><?php get_text('doc_mods'); ?></a></li>
\r
121 <li><a href="../developer/themes.html"><?php get_text('doc_themes'); ?></a></li>
\r
125 <li><a href="http://www.atutor.ca" target="new">atutor.ca</a></li>
\r
126 <li><a href="http://www.atutor.ca/forums/" target="new">atutor.ca/forums/</a></li>
\r
127 <li><a href="http://www.atutor.ca/atutor/docs/index.php" target="new">atutor.ca/atutor/docs/</a></li>
\r
130 <?php if ($enable_user_notes && (!isset($_SESSION['handbook_admin']) || (isset($_SESSION['handbook_admin']) && !$_SESSION['handbook_admin']))): ?>
\r
131 <div style="text-align: right;">
\r
132 <p><?php get_text('doc_notes_enabled'); ?></p>
\r
134 <?php elseif ($enable_user_notes): ?>
\r
136 <p><?php get_text('doc_logged_in'); ?></p>
\r
139 $sql = "SELECT note_id, date, section, page, email, note FROM ".AT_HANDBOOK_DB_TABLE_PREFIX."handbook_notes WHERE approved=0 ORDER BY date DESC";
\r
140 $result = mysql_query($sql, $db);
\r
142 <div class="add-note">
\r
143 <h3><?php get_text('doc_unapproved_notes'); ?></h3>
\r
146 <?php if ($result && (mysql_num_rows($result) > 0)): ?>
\r
147 <?php while ($row = mysql_fetch_assoc($result)): ?>
\r
149 <h5><?php echo $row['date']; ?>
\r
150 <a href="../approve_note.php?id=<?php echo $row['note_id']; ?>" onclick="return confirm('<?php echo get_text('doc_approved_confirm'); ?>');"><?php get_text('doc_approve'); ?></a> |
\r
151 <a href="../delete_note.php?id=<?php echo $row['note_id']; ?>" onclick="return confirm('<?php echo get_text('doc_delete_confirm'); ?>');"><?php get_text('doc_delete'); ?></a>
\r
153 <h4><?php echo $row['email'];?></h4>
\r
154 <p><?php echo nl2br($row['note']); ?></p>
\r
158 <div class="note"><?php get_text('doc_no_notes'); ?></div>
\r