documentation/index/index.php

   1 <?php\r
   2 require(dirname(__FILE__) .'/../common/vitals.inc.php');\r
   3 \r
   4 // using 401 authentication\r
   5 if (isset($_GET['login'])) {\r
   6         if (!isset($_SERVER['PHP_AUTH_USER'])) {\r
   7                 header('WWW-Authenticate: Basic realm="Administrator Login"');\r
   8                 header('HTTP/1.0 401 Unauthorized');\r
   9                 echo 'Wrong username/password combination.';\r
  10                 exit;\r
  11         } else {\r
  12                 $_POST['username'] = $_SERVER['PHP_AUTH_USER'];\r
  13                 $_POST['password'] = $_SERVER['PHP_AUTH_PW'];\r
  14                 $_POST['submit']   = true;\r
  15         }\r
  16         unset($_SERVER['PHP_AUTH_USER']);\r
  17         unset($_SERVER['PHP_AUTH_PW']);\r
  18 }\r
  19 \r
  20 $config_location = '../../include/config.inc.php';\r
  21 if (is_file($config_location) && is_readable($config_location)) {\r
  22         require($config_location);\r
  23         $db = mysql_connect(DB_HOST . ':' . DB_PORT, DB_USER, DB_PASSWORD);\r
  24         mysql_select_db(DB_NAME, $db);\r
  25 \r
  26         // check atutor config table to see if handbook notes is enabled.\r
  27         $sql    = "SELECT value FROM ".TABLE_PREFIX."config WHERE name='user_notes'";\r
  28         $result = @mysql_query($sql, $db);\r
  29         if (($row = mysql_fetch_assoc($result)) && $row['value']) {\r
  30                 define('AT_HANDBOOK_ENABLE', true);\r
  31                 $enable_user_notes = true;\r
  32         }\r
  33         define('AT_HANDBOOK_DB_TABLE_PREFIX', TABLE_PREFIX);\r
  34 \r
  35         if (isset($_POST['submit'])) {\r
  36                 // try to validate $_POST\r
  37                 // authenticate against the ATutor database if a connection can be made\r
  38                 $_POST['username'] = addslashes($_POST['username']);\r
  39                 $_POST['password'] = addslashes($_POST['password']);\r
  40                         \r
  41                 if (!$db) {\r
  42                         $db = @mysql_connect(AT_HANDBOOK_DB_HOST . ':' . AT_HANDBOOK_DB_PORT, AT_HANDBOOK_DB_USER, AT_HANDBOOK_DB_PASSWORD);\r
  43                         if (@mysql_select_db(AT_HANDBOOK_DB_DATABASE, $db)) {\r
  44                                 $enable_user_notes = true;\r
  45                         }\r
  46                 }\r
  47                         \r
  48                 // check if it's an admin login.\r
  49                 $sql = "SELECT login, `privileges` FROM ".TABLE_PREFIX."admins WHERE login='$_POST[username]' AND PASSWORD(password)=PASSWORD('$_POST[password]') AND `privileges`>0";\r
  50                 $result = mysql_query($sql, $db);\r
  51                 if ($row = mysql_fetch_assoc($result)) {\r
  52                         $_SESSION['handbook_admin'] = true;\r
  53                         header('Location: '.$_SERVER['PHP_SELF']);\r
  54                         exit;\r
  55                 }\r
  56         } else if (isset($_GET['logout'])) {\r
  57                 header('WWW-Authenticate: Basic realm="Administrator Login"');\r
  58                 header('HTTP/1.0 401 Unauthorized');\r
  59 \r
  60                 unset($_SERVER['PHP_AUTH_USER']);\r
  61                 unset($_SERVER['PHP_AUTH_PW']);\r
  62                 unset($_SESSION['handbook_admin']);\r
  63                 session_write_close();\r
  64                 header('Location: '.$_SERVER['PHP_SELF']);\r
  65                 exit;\r
  66         }\r
  67 }\r
  68 \r
  69 if (!defined('AT_HANDBOOK_ENABLE')) {\r
  70         // use local config file\r
  71         require('../config.inc.php');\r
  72 \r
  73         if (isset($_POST['submit'])) {\r
  74                 // try to validate $_POST\r
  75                 if (($_POST['username'] == AT_HANDBOOK_ADMIN_USERNAME) && ($_POST['password'] == AT_HANDBOOK_ADMIN_PASSWORD)) {\r
  76                         $_SESSION['handbook_admin'] = true;\r
  77                         header('Location: '.$_SERVER['PHP_SELF']);\r
  78                         exit;\r
  79                 }\r
  80         } else if (key($_GET) == 'logout') {\r
  81                 header('WWW-Authenticate: Basic realm="Administrator Login"');\r
  82                 header('HTTP/1.0 401 Unauthorized');\r
  83 \r
  84                 unset($_SERVER['PHP_AUTH_USER']);\r
  85                 unset($_SERVER['PHP_AUTH_PW']);\r
  86                 unset($_SESSION['handbook_admin']);\r
  87                 session_write_close();\r
  88                 header('Location: '.$_SERVER['PHP_SELF']);\r
  89                 exit;\r
  90         }\r
  91 }\r
  92 \r
  93 if (!$db && defined('AT_HANDBOOK_ENABLE') && AT_HANDBOOK_ENABLE) {\r
  94         $db = @mysql_connect(AT_HANDBOOK_DB_HOST . ':' . AT_HANDBOOK_DB_PORT, AT_HANDBOOK_DB_USER, AT_HANDBOOK_DB_PASSWORD);\r
  95         @mysql_select_db(AT_HANDBOOK_DB_DATABASE, $db);\r
  96         $enable_user_notes = true;\r
  97 }\r
  98 ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict //EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">\r
  99 <html lang="<?php if ($req_lang) { echo $req_lang; } else { echo 'dp'; } ?>">\r
 100 <head>\r
 101         <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />\r
 102         <title><?php get_text('doc_title'); ?></title>\r
 103         <link rel="stylesheet" href="../common/styles.css" type="text/css" />\r
 104 </head>\r
 105 <body>\r
 106 <?php if ($missing_lang): ?>\r
 107         <div style="margin: 20px auto; border: 1px solid #aaf; padding: 4px; text-align: center; background-color: #eef;">\r
 108                 <?php get_text('page_not_translated'); ?>\r
 109         </div>\r
 110 <?php endif; ?>\r
 111 \r
 112 <h1><?php get_text('doc_title'); ?></h1>\r
 113 <p><?php get_text('doc_welcome'); ?></p>\r
 114 \r
 115         <ol>\r
 116                 <li><a href="../general/index.php?<?php echo $req_lang; ?>"><?php get_text('doc_user'); ?></a></li>\r
 117                 <li><a href="../admin/index.php?<?php echo $req_lang; ?>"><?php get_text('doc_admin'); ?></a></li>\r
 118                 <li><a href="../instructor/index.php?<?php echo $req_lang; ?>"><?php get_text('doc_instructor'); ?></a></li>\r
 119                 <li><a href="../developer/guidelines.html"><?php get_text('doc_dev'); ?></a></li>\r
 120                 <li><a href="../developer/modules.html"><?php get_text('doc_mods'); ?></a></li>\r
 121                 <li><a href="../developer/themes.html"><?php get_text('doc_themes'); ?></a></li>\r
 122         </ol>\r
 123 \r
 124         <ol>\r
 125                 <li><a href="http://www.atutor.ca" target="new">atutor.ca</a></li>\r
 126                 <li><a href="http://www.atutor.ca/forums/" target="new">atutor.ca/forums/</a></li>\r
 127                 <li><a href="http://www.atutor.ca/atutor/docs/index.php" target="new">atutor.ca/atutor/docs/</a></li>\r
 128         </ol>\r
 129 \r
 130 <?php if ($enable_user_notes && (!isset($_SESSION['handbook_admin']) || (isset($_SESSION['handbook_admin']) && !$_SESSION['handbook_admin']))): ?>\r
 131         <div style="text-align: right;">\r
 132                 <p><?php get_text('doc_notes_enabled');  ?></p>\r
 133         </div>\r
 134 <?php elseif ($enable_user_notes): ?>\r
 135 \r
 136         <p><?php get_text('doc_logged_in'); ?></p>\r
 137 \r
 138         <?php\r
 139                 $sql = "SELECT note_id, date, section, page, email, note FROM ".AT_HANDBOOK_DB_TABLE_PREFIX."handbook_notes WHERE approved=0 ORDER BY date DESC";\r
 140                 $result = mysql_query($sql, $db);\r
 141         ?>\r
 142         <div class="add-note">\r
 143                 <h3><?php get_text('doc_unapproved_notes'); ?></h3>\r
 144         </div>\r
 145 \r
 146         <?php if ($result && (mysql_num_rows($result) > 0)): ?>\r
 147                 <?php while ($row = mysql_fetch_assoc($result)): ?>\r
 148                         <div class="note">\r
 149                                 <h5><?php echo $row['date']; ?>\r
 150                                         <a href="../approve_note.php?id=<?php echo $row['note_id']; ?>" onclick="return confirm('<?php echo get_text('doc_approved_confirm'); ?>');"><?php  get_text('doc_approve'); ?></a> | \r
 151                                         <a href="../delete_note.php?id=<?php echo $row['note_id']; ?>" onclick="return confirm('<?php echo get_text('doc_delete_confirm'); ?>');"><?php get_text('doc_delete'); ?></a>\r
 152                                 </h5>\r
 153                                 <h4><?php echo $row['email'];?></h4>\r
 154                                 <p><?php echo nl2br($row['note']); ?></p>\r
 155                         </div>\r
 156                 <?php endwhile; ?>\r
 157         <?php else: ?>\r
 158                 <div class="note"><?php get_text('doc_no_notes'); ?></div>\r
 159         <?php endif; ?>\r
 160 \r
 161 <?php endif; ?>\r
 162 \r
 163 </body>\r
 164 </html>