The administration panel and web client for ParEdu
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

598 lines
31 KiB

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
//session_cache_limiter('private');session_cache_expire(0);
session_start();
if(isset($_SESSION["login"])) {
$loggedin = true;
header("Cache-Control: max-age=0");
header('Pragma: no-cache');
}else{
$loggedin = false;
}
if((isset($isadmin) && $isadmin == true) || (isset($ischat) && $ischat == true)){
$curdir = "../";
if(isset($ischat)){
$isadmin = false;
}else{
$ischat = false;
}
if(isset($_GET["fromadmin"])){
$isadmin = true;
}
}else{
$curdir = "";
$isadmin = false;
$ischat = false;
}
$openpage = basename($_SERVER['PHP_SELF']);
//$url = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://".$_SERVER['HTTP_HOST']."/paredu";
include "creds.php";
// Create connection
$conn = new mysqli($sqlserver, $sqluser, $sqlpass, $dbname);
// Check connection
if ($conn->connect_error) {
header('Content-Type: application/json');
echo json_encode(array('response' => "Database connection error (".$conn->connect_error.")"));
exit;
}
if(isset($_POST["selectedcompany"]) && $loggedin){
$_SESSION["selectedcompany"] = $_POST["selectedcompany"];
header("Location: http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
die();
}elseif(isset($_POST["selectedschool"]) && $loggedin){
$_SESSION["selectedschool"] = $_POST["selectedschool"];
header("Location: http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
die();
}
if((!isset($liteload) && $loggedin == false && $isadmin && $type != 1 && $type != 2 && $type != 3) || ($ischat && $loggedin == false)){
header("Location: ".$curdir."login.php");
die();
}else{
if($loggedin == true){
$id = $_SESSION["id"];
$sql = "SELECT * FROM `auth` WHERE `id` = '".$conn->real_escape_string($id)."'";
$result = $conn->query($sql);
if ($result == TRUE) {
if (!empty($result) && $result->num_rows > 0) {
$sqlvals = $result->fetch_assoc();
$username = $sqlvals["username"];
$userid = $sqlvals["id"];
$type = $sqlvals["type"];
if(isset($sqlvals["fullname"])){
$fullname = $sqlvals["fullname"];
}
if($type == 2){
$connctdcmps = explode(",", $sqlvals["connectedcompanyids"]);
}elseif($type == 1){
$connctdschids = array();
$viewsql = "SELECT * FROM `schools`";
$result2 = $conn->query($viewsql);
for($i = 0; $i < $result2->num_rows; $i++){
if ($result2 == TRUE) {
if (!empty($result2) && $result2->num_rows > 0) {
$vals = $result2->fetch_assoc();
$connctdschids[$i] = $vals["id"];
}
}
}
mysqli_free_result($result2);
}else{
$connctdschids = explode(",", $sqlvals["connectedschoolids"]);
}
mysqli_free_result($result);
$sql = "SELECT * FROM `acctypes` WHERE `id` = '".$type."'";
$result = $conn->query($sql);
$sqlvals = $result->fetch_assoc();
$fulltype = $sqlvals["name_hun"];
}
}
mysqli_free_result($result);
if(isset($data_upload)){
ini_set("file_uploads", 1);
if(isset($_POST["submit"])){
if($type == 2){
$modsql = "UPDATE `companies` SET `name` = '".$conn->real_escape_string($_POST['formname'])."', `type` = '".$conn->real_escape_string($_POST['formtype'])."', `postalcode` = '".$conn->real_escape_string($_POST['postcode'])."', `spec` = '".str_replace(', ', ',', preg_replace('/\s+/', ' ', trim($conn->real_escape_string($_POST['spec']))))."', `location` = '".$conn->real_escape_string($_POST['loc'])."', `locationspec` = '".$conn->real_escape_string($_POST['locspec'])."', `phonenumber` = '".$conn->real_escape_string($_POST['phnnum'])."', `emailaddress` = '".$conn->real_escape_string($_POST['email'])."' WHERE `companies`.`id` = ".substr($_SESSION["selectedcompany"], 1);
$filepath = $curdir."images/company/".substr($_SESSION["selectedcompany"], 1).".png";
}else{
$modsql = "UPDATE `schools` SET `name` = '".$conn->real_escape_string($_POST['formname'])."', `type` = '".$conn->real_escape_string($_POST['formtype'])."', `postalcode` = '".$conn->real_escape_string($_POST['postcode'])."', `spec` = '".str_replace(', ', ',', preg_replace('/\s+/', ' ', trim($conn->real_escape_string($_POST['spec']))))."', `location` = '".$conn->real_escape_string($_POST['loc'])."', `locationspec` = '".$conn->real_escape_string($_POST['locspec'])."', `phonenumber` = '".$conn->real_escape_string($_POST['phnnum'])."', `emailaddress` = '".$conn->real_escape_string($_POST['email'])."' WHERE `schools`.`id` = ".substr($_SESSION["selectedschool"], 1);
$filepath = $curdir."images/school/".substr($_SESSION["selectedschool"], 1).".png";
}
if(isset($_FILES["formfile"]) && $_FILES["formfile"]['error'] != UPLOAD_ERR_NO_FILE){
$check = getimagesize($_FILES["formfile"]["tmp_name"]);
if($check !== false) {
$filetype = $_FILES["formfile"]["type"];
if($filetype != "image/jpg" && $filetype != "image/png" && $filetype != "image/jpeg" && $filetype != "image/gif" ) {
$uploadProblem = 0;
}else{
if ($_FILES["formfile"]["size"] > 900000) {
$uploadProblem = 1;
}else{
//move_uploaded_file($_FILES["formfile"]["tmp_name"], $filepath);
copy($_FILES["formfile"]["tmp_name"], $filepath);
}
}
if(isset($uploadProblem)){
header("Location: dataupload.php?imageuploaded=".$uploadProblem);
die();
}else{
header("Location: dataupload.php?imageuploaded=2");
die();
}
}
}else{
if ($conn->query($modsql) === TRUE) {
header("Location: dataupload.php?uploaded=1");
} else {
//echo "Error: " . $modsql . "<br>" . $conn->error;
//header("Location: dataupload.php?uploaded=0&error=".$conn->error);
header("Location: dataupload.php?uploaded=0");
}
die();
}
}elseif(isset($_POST["addfaculty"]) && $_POST['formtype'] == "uni"){
$modsql = "INSERT INTO `faculties` (`schoolid`, `facultyname`, `facultyspec`, `facultyphonenumber`, `facultyemail`) VALUES ('".substr($_SESSION["selectedschool"], 1)."', '', '', '', '')";
$conn->query($modsql);
if ($conn->query($modsql) === TRUE) {
header("Location: dataupload.php?addedfaculty=1");
} else {
//echo "Error: " . $modsql . "<br>" . $conn->error;
//header("Location: dataupload.php?uploaded=0&error=".$conn->error);
header("Location: dataupload.php?addedfaculty=0");
}
die();
}
}
if($type == 2){
for($i = 0; $i<count($connctdcmps); $i++){
$viewsql = "SELECT * FROM `companies` WHERE `id` = ".$connctdcmps[$i];
$result = $conn->query($viewsql);
if ($result == TRUE) {
if(!isset($_SESSION["selectedcompany"])) {
$_SESSION["selectedcompany"] = "c".$connctdcmps[$i];
}
if (empty($result) || $result->num_rows == 0) {
$modsql = "INSERT INTO `companies` (`id`, `name`, `type`, `spec`, `postalcode`, `location`, `locationspec`, `phonenumber`, `emailaddress`) VALUES ('".$connctdcmps[$i]."', '', '', '', '', '', '', '', '')";
$conn->query($modsql);
}
}
}
}else{
for($i = 0; $i<count($connctdschids); $i++){
$viewsql = "SELECT * FROM `schools` WHERE `id` = ".$connctdschids[$i];
$result = $conn->query($viewsql);
if ($result == TRUE) {
if(!isset($_SESSION["selectedschool"])) {
$_SESSION["selectedschool"] = "s".$connctdschids[$i];
}
if (empty($result) || $result->num_rows == 0) {
$modsql = "INSERT INTO `schools` (`id`, `name`, `type`, `spec`, `postalcode`, `location`, `locationspec`, `phonenumber`, `emailaddress`) VALUES ('".$connctdschids[$i]."', '', '', '', '', '', '', '', '')";
$conn->query($modsql);
}
}
}
}
mysqli_free_result($result);
if($type == 2){
$viewsql = "SELECT * FROM `companies` WHERE `id` = ".substr($_SESSION["selectedcompany"], 1);
$result = $conn->query($viewsql);
if ($result == TRUE) {
if (!empty($result) && $result->num_rows > 0) {
$selschvals = $result->fetch_assoc();
}
//else{
//$modsql = "INSERT INTO `schools` (`id`, `name`, `type`, `spec`, `postalcode`, `location`, `locationspec`, `phonenumber`) VALUES ('".substr($_SESSION["selectedschool"], 1)."', '', '', '', '', '', '', '')";
//$conn->query($modsql);
//header("Refresh:0");
//}
}
}else{
$viewsql = "SELECT * FROM `schools` WHERE `id` = ".substr($_SESSION["selectedschool"], 1);
$result = $conn->query($viewsql);
if ($result == TRUE) {
if (!empty($result) && $result->num_rows > 0) {
$selschvals = $result->fetch_assoc();
}
//else{
//$modsql = "INSERT INTO `schools` (`id`, `name`, `type`, `spec`, `postalcode`, `location`, `locationspec`, `phonenumber`) VALUES ('".substr($_SESSION["selectedschool"], 1)."', '', '', '', '', '', '', '')";
//$conn->query($modsql);
//header("Refresh:0");
//}
}
}
mysqli_free_result($result);
}else{
$username = "Vendég";
$type = "0";
$sql = "SELECT * FROM `acctypes` WHERE `id` = '".$type."'";
$result = $conn->query($sql);
$sqlvals = $result->fetch_assoc();
$fulltype = $sqlvals["name_hun"];
mysqli_free_result($result);
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
<title>ParEdu Adminisztráció</title>
<!-- Favicon-->
<!-- Fonts -->
<link href="<?php echo $curdir; ?>css/roboto.css" rel="stylesheet" type="text/css">
<link href="<?php echo $curdir; ?>css/icon.css" rel="stylesheet" type="text/css">
<!-- Bootstrap Core Css -->
<link href="<?php echo $curdir; ?>plugins/bootstrap/css/bootstrap.css" rel="stylesheet">
<!-- Materialize Css -->
<link href="<?php echo $curdir; ?>css/materialize.css" rel="stylesheet">
<!-- Waves Effect Css -->
<link href="<?php echo $curdir; ?>plugins/node-waves/waves.css" rel="stylesheet" />
<!-- Animation Css -->
<link href="<?php echo $curdir; ?>plugins/animate-css/animate.css" rel="stylesheet" />
<!-- Morris Chart Css-->
<link href="<?php echo $curdir; ?>plugins/morrisjs/morris.css" rel="stylesheet" />
<!-- Custom Css -->
<link href="<?php echo $curdir; ?>css/style.css" rel="stylesheet">
<link href="<?php echo $curdir; ?>css/themes/theme-indigo.min.css" rel="stylesheet" />
<?php if(isset($load_inputs)){ ?>
<!-- Colorpicker Css -->
<link href="<?php echo $curdir; ?>plugins/bootstrap-colorpicker/css/bootstrap-colorpicker.css" rel="stylesheet" />
<!-- Bootstrap Select Css -->
<link href="<?php echo $curdir; ?>plugins/bootstrap-select/css/bootstrap-select.css" rel="stylesheet" />
<!-- Bootstrap Tagsinput Css -->
<link href="<?php echo $curdir; ?>plugins/bootstrap-tagsinput/bootstrap-tagsinput.css" rel="stylesheet">
<?php } ?>
<?php if(isset($load_leaflet)){ ?>
<link rel="stylesheet" href="https://unpkg.com/leaflet@1.7.1/dist/leaflet.css"
integrity="sha512-xodZBNTC5n17Xt2atTPuE1HxjVMSvLVW9ocqUKLsCC5CXdbqCmblAshOMAS6/keqq/sMZMZ19scR4PsZChSR7A=="
crossorigin=""/>
<style>
#map { height: 130px; }
</style>
<?php } ?>
<style>
.row.display-flex {
display: flex;
flex-wrap: wrap;
}
.row.display-flex > [class*='col-'] {
display: flex;
flex-direction: column;
}
</style>
<?php if(isset($ischat)){ ?>
<link href="<?php echo $curdir; ?>css/chat.css" rel="stylesheet" />">
<?php } ?>
</head>
<?php if(!isset($liteload)){ ?>
<body class="theme-indigo">
<!-- Page Loader -->
<div class="page-loader-wrapper">
<div class="loader">
<div class="preloader">
<div class="spinner-layer pl-red">
<div class="circle-clipper left">
<div class="circle"></div>
</div>
<div class="circle-clipper right">
<div class="circle"></div>
</div>
</div>
</div>
<p>Kérlek várj...</p>
</div>
</div>
<!-- #END# Page Loader -->
<!-- Overlay For Sidebars -->
<div class="overlay"></div>
<!-- #END# Overlay For Sidebars -->
<!-- Search Bar -->
<div class="search-bar">
<div class="search-icon">
<i class="material-icons">search</i>
</div>
<input type="text" placeholder="KEZDJ EL GÉPELNI...">
<div class="close-search">
<i class="material-icons">close</i>
</div>
</div>
<!-- #END# Search Bar -->
<!-- Top Bar -->
<nav class="navbar">
<div class="container-fluid">
<div class="navbar-header">
<a href="javascript:void(0);" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar-collapse" aria-expanded="false"></a>
<a href="javascript:void(0);" class="bars"></a>
<span class="navbar-brand">Par<b>Edu</b><?php if($isadmin == true){ echo " - Adminisztráció"; } ?></span>
</div>
<div class="collapse navbar-collapse" id="navbar-collapse">
<ul class="nav navbar-nav navbar-right">
<!-- Call Search -->
<li><a href="javascript:void(0);" class="js-search" data-close="true"><i class="material-icons">search</i></a></li>
<!-- #END# Call Search -->
<!-- Notifications -->
<li class="dropdown">
<a href="javascript:void(0);" class="dropdown-toggle" data-toggle="dropdown" role="button">
<i class="material-icons">notifications</i>
<span class="label-count">2</span>
</a>
<ul class="dropdown-menu">
<li class="header">ÉRTESÍTÉSEK</li>
<li class="body">
<ul class="menu">
<li>
<a href="javascript:void(0);">
<div class="icon-circle bg-blue-grey">
<i class="material-icons">edit</i>
</div>
<div class="menu-info">
<h4><b>#1</b> adatai módosítva: <b>Név</b>,<b>Cím</b></h4>
<p>
<i class="material-icons">access_time</i> 4 órája
</p>
</div>
</a>
</li>
<li>
<a href="javascript:void(0);">
<div class="icon-circle bg-purple">
<i class="material-icons">settings</i>
</div>
<div class="menu-info">
<h4>Intézmény regisztrálva</h4>
<p>
<i class="material-icons">access_time</i> Tegnap
</p>
</div>
</a>
</li>
</ul>
</li>
<li class="footer">
<a href="javascript:void(0);">További Értesítések Megtekintése</a>
</li>
</ul>
</li>
<!-- #END# Notifications -->
<!-- Tasks -->
<?php if((isset($connctdcmps) || isset($connctdschids)) && $isadmin){ ?>
<li class="dropdown">
<a href="javascript:void(0);" class="dropdown-toggle" data-toggle="dropdown" role="button">
<i class="material-icons">business</i>
</a>
<ul class="dropdown-menu">
<li class="header"><?php if($type == 2) { echo "VÁLLALATVÁLASZTÁS"; } else { echo "INTÉZMÉNYVÁLASZTÁS"; } ?></li>
<li class="body">
<ul class="menu">
<form method="POST" action="#">
<?php
if($type == 2){
$ssname = "Nincs vállalat kiválasztva";
for($i = 0; $i < count($connctdcmps); $i++){
$sql = "SELECT * FROM `companies` WHERE `id` = ".$connctdcmps[$i];
$result = $conn->query($sql);
if ($result == TRUE) {
if(!isset($_SESSION["selectedcompany"])){
$_SESSION["selectedcompany"] = "c".$sqlvals["id"];
}
if (!empty($result) && $result->num_rows > 0) {
$sqlvals = $result->fetch_assoc();
if($sqlvals["name"] == ""){
$sname = "Ismeretlen";
}else{
$sname = $sqlvals["name"];
}
if(("c".$sqlvals["id"]) == $_SESSION["selectedcompany"]){
$ssname = $sname;
$sname = "(<b>Kiválasztott</b>) ".$sname;
}
echo '<button type="submit" name="selectedcompany" value="c'.$sqlvals["id"].'" class="btn bg-transparent waves-effect" style="width: 100%; box-shadow: 0 0 0 0 !important; -webkit-border-radius: 0px;">
'.$sname.' (#'.$sqlvals["id"].')
</button>';
}else{
echo '<button type="submit" name="selectedcompany" value="c'.$connctdcmps[$i].'" class="btn bg-transparent waves-effect" style="width: 100%; box-shadow: 0 0 0 0 !important;">
Ismeretlen (#'.$connctdcmps[$i].')
</button>';
}
}
}
}else{
$ssname = "Nincs iskola kiválasztva";
for($i = 0; $i < count($connctdschids); $i++){
$sql = "SELECT * FROM `schools` WHERE `id` = ".$connctdschids[$i];
$result = $conn->query($sql);
if ($result == TRUE) {
if(!isset($_SESSION["selectedschool"])){
$_SESSION["selectedschool"] = "s".$sqlvals["id"];
}
if (!empty($result) && $result->num_rows > 0) {
$sqlvals = $result->fetch_assoc();
if($sqlvals["name"] == ""){
$sname = "Ismeretlen";
}else{
$sname = $sqlvals["name"];
}
if(("s".$sqlvals["id"]) == $_SESSION["selectedschool"]){
$ssname = $sname;
$sname = "(<b>Kiválasztott</b>) ".$sname;
}
echo '<button type="submit" name="selectedschool" value="s'.$sqlvals["id"].'" class="btn bg-transparent waves-effect" style="width: 100%; box-shadow: 0 0 0 0 !important; -webkit-border-radius: 0px;">
'.$sname.' (#'.$sqlvals["id"].')
</button>';
}else{
echo '<button type="submit" name="selectedschool" value="s'.$connctdschids[$i].'" class="btn bg-transparent waves-effect" style="width: 100%; box-shadow: 0 0 0 0 !important;">
Ismeretlen (#'.$connctdschids[$i].')
</button>';
}
}
}
}
?>
</form>
</ul>
</li>
<li class="footer">
<a href="javascript:void(0);"><?php if($type == 2) { echo "Vállalkozások kezelése"; }else{ echo "Intézmények kezelése"; } ?></a>
</li>
</ul>
</li>
<!-- #END# Tasks -->
<?php }else{
$ssname = "Nincs iskola kiválasztva";
} ?>
</ul>
</div>
</div>
</nav>
<!-- #Top Bar -->
<section>
<!-- Left Sidebar -->
<aside id="leftsidebar" class="sidebar">
<!-- User Info -->
<div class="user-info" style="background-color: #3949ab;"> <!-- indigo darken-1 -->
<div class="image">
<img src="<?php echo $curdir; ?>API/request.php?type=image&subtype=user&id=<?php echo $id; ?>" width="48" height="48" alt="User" />
</div>
<div class="info-container">
<div class="name" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"><?php if(isset($fullname)){ echo $fullname; }else {echo $username; } ?></div>
<div class="misc"><?php echo $fulltype."<br>".$ssname; ?></div>
<?php if($loggedin){ ?>
<div class="btn-group user-helper-dropdown">
<i class="material-icons" data-toggle="dropdown" aria-haspopup="true" aria-expanded="true">keyboard_arrow_down</i>
<ul class="dropdown-menu pull-right">
<li><a href="javascript:void(0);"><i class="material-icons">person</i>Profil</a></li>
<li role="separator" class="divider"></li>
<li><a href="javascript:void(0);"><i class="material-icons">settings</i>Beállítások</a></li>
<li role="separator" class="divider"></li>
<li><a href="<?php echo $curdir; ?>login.php?logout"><i class="material-icons">keyboard_tab</i>Kijelentkezés</a></li>
</ul>
</div>
<?php } ?>
</div>
</div>
<!-- #User Info -->
<!-- Menu -->
<div class="menu">
<ul class="list">
<?php if(!$isadmin){
if($type == 1 || $type == 2 || $type == 3){ #School admin and partner ?>
<li class="header">ADMINISZTRÁTOR</li>
<li>
<a href="<?php echo $curdir; ?>admin">
<i class="material-icons">admin_panel_settings</i>
<span>Adminisztráció</span>
<span class="badge bg-teal float-right">14 új</span>
</a>
</li>
<?php }} ?>
<li class="header">FŐNAVIGÁCIÓ</li>
<li <?php if($openpage == "index.php" && !$ischat){ echo 'class="active"'; } ?>>
<a href="<?php if($ischat && $isadmin){ echo $curdir."admin/"; }elseif(!$isadmin){echo $curdir; } ?>index.php">
<i class="material-icons">home</i>
<span>Kezdőlap</span>
</a>
</li>
<?php if(!$isadmin){ ?>
<li <?php if($openpage == "schools.php"){ echo 'class="active"'; } ?>>
<a href="<?php echo $curdir; ?>schools.php">
<i class="material-icons">school</i>
<span>Iskolák</span>
</a>
</li>
<li <?php if($openpage == "events.php"){ echo 'class="active"'; }?>>
<a href="<?php echo $curdir; ?>events.php">
<i class="material-icons">event</i>
<span>Események (<b>10 új esemény</b>)</span>
</a>
</li>
<?php if(!$loggedin){ ?>
<li class="header">Műveletek</li>
<li>
<a href="<?php echo $curdir; ?>login.php">
<i class="material-icons">login</i>
<span>Bejelentkezés</span>
</a>
</li>
<?php }else{ #end of login button ?>
<li <?php if($ischat){ echo 'class="active"'; }?>>
<a href="<?php echo $curdir; ?>chat/">
<i class="material-icons">chat</i>
<span>Chat</span>
</a>
</li>
<?php } }else{ ?>
<li <?php if($openpage == "dataupload.php"){ echo 'class="active"'; }?>>
<a href="<?php if($isadmin && $ischat){ echo "../admin/"; } ?>dataupload.php">
<i class="material-icons">upload</i>
<span>Adatkezelés</span>
</a>
</li>
<li <?php if($openpage == "eventupload.php"){ echo 'class="active"'; }?>>
<a href="<?php if($isadmin && $ischat){ echo "../admin/"; } ?>eventupload.php">
<i class="material-icons">event</i>
<span>Eseménykezelés</span>
</a>
</li>
<li <?php if($ischat){ echo 'class="active"'; }?>>
<a href="<?php echo $curdir; ?>chat/index.php?fromadmin">
<i class="material-icons">chat</i>
<span>Chat</span>
</a>
</li>
<li class="header">MŰVELETEK</li>
<li>
<a href="<?php echo $curdir; ?>index.php">
<i class="material-icons">arrow_back</i>
<span>Vissza</span>
</a>
</li>
<?php } ?>
</ul>
</div>
<!-- #Menu -->
<!-- Footer -->
<div class="legal">
<div class="copyright">
&copy; 2020 ParEdu
</div>
<div class="version">
<b>Verzió: </b> 1.0.0
</div>
</div>
<!-- #Footer -->
</aside>
<!-- #END# Left Sidebar -->
</section>
<?php } } if(!isset($sqldependent)){ $conn->close(); } ?>