#!/usr/bin/perl # Copyright 2001-2020 Leslie Richardson # This file is part of Open Admin for Schools. # Open Admin for Schools is free software; you can redistribute it # and/or modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 of # the License, or (at your option) any later version. my %lex = ('User Id' => 'User Id', 'Password' => 'Password', 'Duration' => 'Duration', 'Login' => 'Login', 'Log In' => 'Log In', 'Log Out' => 'Log Out', 'min' => 'min', 'No Userid Found' => 'No Userid Found', 'Incorrect Password' => 'Incorrect Password', 'Logged In' => 'Logged In', 'Error' => 'Error', 'Continue' => 'Continue', 'User' => 'User', 'Teacher Administration' => 'Teacher Administration', 'Announcements' => 'Announcements', 'Hover=Full View' => 'Hover on Title to see Full Text', 'View All' => 'View All', 'Logged Out' => 'Logged Out', 'Main' => 'Main', 'No Announcements' => 'No Announcements', ); my $self = 'tindex.pl'; my $defaultpage = 'teacher.html'; my $defaultpath = './'; my $textlength = 100; use DBI; use CGI; use CGI::Session; use Time::JulianDay; my $q = CGI->new; my %arr = $q->Vars; eval require "../etc/admin.conf"; if ( $@ ) { print $lex{Error}. ": $@
\n"; die $lex{Error}. ": $@\n"; } my $title = qq{$lex{'Teacher Administration'} - Open Admin $g_OpenadminVersion}; my $dsn = "DBI:mysql:dbname=$dbase"; my $dbh = DBI->connect($dsn,$user,$password); $dbh->{mysql_enable_utf8} = 1; # Start Session my $session = new CGI::Session("driver:mysql;serializer:FreezeThaw", undef,{Handle => $dbh}) or die CGI::Session->errstr; # print $session->header( -charset, $charset ); # foreach my $key ( sort keys %ENV ) { print "K:$key V:$ENV{$key}
\n"; } my $userid = $session->param('userid'); my $logged_in = $session->param('logged_in'); #print $q->header; #print "Userid:$userid
\n"; #print "Logged In:$logged_in
\n"; if ( $arr{page} == 4 ) { doLogout(); # it will halt here. } if ( $arr{page} == 3 ) { # display login form due to error print $q->header( -charset, $charset ); showLoginForm(); # this sets page=1; } if ( ( $logged_in and $userid ) or # no issues, display page. ( not $logged_in and not $userid ) or # for initial login (they got in...) ( $arr{page} == 1 ) # they have entered login values; check credentials inside. ) { displayPage(); # also had $arr{file} value; } else { # enter password and duration, session timed out. print $q->header( -charset, $charset ); showLoginForm(); # the login form. } #-------------- sub displayPage { #-------------- my $file = shift; if ( not $logged_in and $arr{page} == 1 ) { # use values passed in form from page 1 # Check password/userid against database (-1 no user, -2 wrong password ); my $error = checkPassword( $arr{userid}, $arr{password} ); if ($error == -1){ print $session->header( -charset, $charset ); print qq{

$lex{'No Userid Found'}

\n}; print qq{\n}; exit; } if ($error == -2){ print $session->header( -charset, $charset ); print qq{

$lex{'Incorrect Password'}

\n}; print qq{\n}; exit; } } my $updateflag; if ( not $userid) { $userid = $ENV{'REMOTE_USER'}; $updateflag = 1; # Check if correct case. my $sth = $dbh->prepare("select userid from staff where userid = ?"); $sth->execute($userid); if ($DBI::errstr){ print $DBI::errstr; die $DBI::errstr; } my $testid = $sth->fetchrow; if ( $testid ne $userid ) { # we have a case mismatch print $session->header( -charset, $charset ); print qq{}; print qq{

$lex{Error}: $userid does not match correct userid $testid

\n}; print qq{

[Log In ]

\n}; print qq{\n}; exit; } } elsif ( $arr{userid} and $userid ne $arr{userid} ) { # logging in as new user with diff userid; update session. $userid = $arr{userid}; $updateflag = 1; } if ( not $duration ) { my $dur; if ( $arr{duration} ) { $dur = $arr{duration}; } else { $dur = $g_SessionDuration; } $duration = checkCookieTime( $dur ); $updateflag = 1; } if ( $updateflag ) { $session->param('userid', $userid); $session->param('duration', $duration); } $session->param('logged_in', '1'); $session->expire('logged_in', $duration ); $session->flush(); print $session->header( -charset, $charset ); # Session Reset at this point. # foreach my $key ( sort keys %arr ) { print "K:$key V:$arr{$key}
\n"; } if ( not $file ) { print qq{\n}; print qq{$title\n}; print qq{\n}; print qq{\n}; print qq{\n}; print qq{\n}; print qq{

\n}; # Log In print qq{\n}; # Log Out print qq{\n}; print qq{$userid $duration

\n}; print qq{

}; print qq{$lex{'Teacher Administration'}\n}; print qq{}; print qq{Open Admin $g_OpenadminVersion

\n\n}; print qq{

\n}; $file = $defaultpage; } # end main page header my $path = "$defaultpath/$file"; open(FH,'<', $path) || die "Cannot open:\n"; my $htmlfile; { local $/; $htmlfile = ; close FH; } print $htmlfile; print qq{

\n}; viewAnnouncements(); print qq{

\n}; exit; } # end of displayPage() #-------------------- sub viewAnnouncements { #-------------------- print qq{

$lex{Announcements}

\n}; print qq{

}; print qq{$lex{'Hover=Full View'} | }; print qq{\n}; print qq{

\n}; # Load Top Announcements my $acount = 1; # announcement counter; my $topselect = "where topstay = 1"; my $sth = $dbh->prepare("select * from announce $topselect order by adate desc"); $sth->execute; if ( $DBI::errstr ) { print $DBI::errstr; die $DBI::errstr; } my %topstay = (); my $first = 1; while ( my $ref = $sth->fetchrow_hashref ) { $ref->{atopic} = qq{*}. $ref->{atopic}; # mark top my $id = $ref->{id}; $topstay{$id} = 1; # holds records already displayed. prAnnounce( $ref ); $first = 0; $acount++; } # Rest of Page Announcements if ( $select ) { $select = 'where '. $select; } # put in 'where' $sth = $dbh->prepare("select * from announce $select order by adate desc"); $sth->execute; if ( $DBI::errstr ) { print $DBI::errstr; die $DBI::errstr; } while ( my $ref = $sth->fetchrow_hashref ) { if ( $topstay{ $ref->{id} } ) { next; } # skip if already displayed on top. prAnnounce( $ref ); $first = 0; $acount++; if ( $acount > 10) { last; } } if ( $first ) { print "

$lex{'No Announcements'}

\n"; } return; } # end of viewAnnouncements #------------- sub prAnnounce { #------------- my $ref = shift; my $date = fmtdate( $ref->{adate} ); my $text = substr( $ref->{adesc}, 0, $textlength ); $text =~ m/(^.+\b)/; $text = $1; my $titleattr = $q->escapeHTML( $ref->{adesc} ); print qq{

}; print qq{$ref->{atopic}
$date

\n}; print qq{

$text ...

\n\n}; } #---------------- sub showLoginForm { #---------------- my $userid_env = $ENV{'REMOTE_USER'}; # Print Page Heading print qq{$doctype\n}; print qq{$title\n}; print qq{\n}; print qq{$chartype\n}; print qq{\n}; print qq{

$lex{User} $lex{'Log In'}

\n}; print qq{

\n}; print qq{\n}; print qq{\n}; print qq{\n}; print qq{\n}; print qq{\n}; print qq{\n}; print qq{\n}; print qq{\n}; print qq{\n}; print qq{\n}; print qq{


$lex{'User Id'}
$lex{Password}
$lex{Duration}	}; print qq{$lex{min}
\n}; print qq{

\n}; exit; } #---------------- sub checkPassword { #---------------- my ($userid, $password) = @_; if (not $userid){ return -1;} if (not $password){ return -2;} # Sanitize unless ( $password =~ m#^([\w\d.-@_+]+)$# ) { return -2; } $password = $1; #check for presence of userid my $sth = $dbh->prepare("select count(userid) from staff where userid = ?"); $sth->execute($userid); if ($DBI::errstr){ print $DBI::errstr; die $DBI::errstr; } my $count = $sth->fetchrow; # Now check for a match in case. if ( $count ) { my $sth = $dbh->prepare("select userid from staff where userid = ?"); $sth->execute($userid); if ($DBI::errstr){ print $DBI::errstr; die $DBI::errstr; } my $testid = $sth->fetchrow; if ( $testid ne $userid ) { # we have a case mis match return -1; # no userid; } } if ($count < 1){ return -1;} # no userid #check for presence of correct password and userid my $sth = $dbh->prepare("select count(userid) from staff where userid = ? and password = ?"); $sth->execute($userid, $password); if ($DBI::errstr){ print $DBI::errstr; die $DBI::errstr; } my $count = $sth->fetchrow; if ($count < 1){ return -2;} # not correct password return 0; # if all ok... } #------------------ sub checkCookieTime { #------------------ # defaults $minimumtime = 3; # minutes $maximumtime = 90; my ($duration) = @_; if ($duration) { $cookietime = $duration; } else { $cookietime = $g_SessionDuration; } $cookietime = $minimumtime if $cookietime < $minimumtime; $cookietime = $maximumtime if $cookietime > $maximumtime; $cookietime = "+".$cookietime."m"; # set format return $cookietime; } #---------- sub fmtdate { #---------- my $date = shift; my ($yr, $mo, $da) = split(/-/, $date); my $month = $month[$mo]; my $jd = julian_day( split(/-/,$date) ); my $dayindex = day_of_week( $jd )+ 1; my $day = $dow[$dayindex]; my $rv = "$day, $month $da, $yr"; return $rv; } #----------- sub doLogout { #----------- #my $session = new CGI::Session("driver:mysql;serializer:FreezeThaw", # undef,{Handle => $dbh}) or die CGI::Session->errstr; my $userid = $session->param('userid'); # $session->expire('logged_in', '1'); #alternate way to have logout done. Both work. $session->param('logged_in', '0'); $session->flush; print $q->header( -charset, $charset ); print qq{\n}; print qq{$title\n}; print qq{\n}; print qq{\n}; print qq{\n}; print qq{[ $lex{Main} ]\n}; print qq{

$lex{User} $userid $lex{'Logged Out'}

\n}; print qq{\n}; exit; }