Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require_once(__DIR__ . "/../Warehouse.php");
- call_user_func(function() {
- if(!Authenticate::isLoggedIn()) {
- throw new Exception('Permission denied');
- }
- $methods = array(
- 'getOptions' => function($request) {
- $type = $request['type'];
- $sql = array();
- if(!is_array($type)) {
- $type = [$type];
- }
- $linked_usernames = Authenticate::getLinkedUsernames(null, true);
- $usernames = implode("','", $linked_usernames);
- $user_where = ["1=1"];
- $student_where = ["1=1"];
- if(User('PROFILE') !== 'admin') {
- // Disallow all except linked users
- $user_where[] = "1=2";
- $student_where[] = "1=2";
- }
- else {
- $user_class = $_SESSION['USER_CLASS'];
- $user_class_id = $_SESSION['USER_CLASS_ID'];
- $user = new $user_class($user_class_id);
- if(!$user->isSuperUser(Package::is('SIS'))) {
- if(!Permissions::hasPermission('SIS:UserLoginAs')) {
- $user_where[] = "1=2";
- $student_where[] = "1=2";
- }
- else {
- $school = UserSchool();
- $user_where[] = "concat(',',ue.schools,',') LIKE concat('%',{$school},'%'";
- $student_where[] = "enrollment.school = {$school}";
- }
- }
- }
- $user_where = "(" . implode(" AND ", $user_where) . ")";
- $student_where = "(" . implode(" AND ", $student_where) . ")";
- //options -rayb
- $options = [];
- // Add users
- if(in_array('user', $type)) {
- $tmp = "
- SELECT
- u.username as value,
- CONCAT(u.last_name, ', ', u.first_name, ' ', u.middle_name, ' - ', u.staff_id) as text,
- ue.profiles
- FROM
- users u
- INNER JOIN user_enrollment ue
- ON ue.staff_id = u.staff_id
- WHERE
- '{$today}' BETWEEN COALESCE(ue.start_date, '1800-01-01') AND COALESCE(ue.end_date, '9999-01-01') AND
- u.username IS NOT NULL AND
- u.first_name IS NOT NULL AND
- u.last_name IS NOT NULL AND
- (u.username IN ('{$usernames}') OR {$user_where})
- ";
- $target = Database::get($tmp);
- if($target) {
- $staffInfo = [];
- foreach($target as $record) {
- $profile_ids = explode(',',$record['PROFILES']);
- foreach ($profile_ids as $index => $id) {
- if(empty($id)) {
- unset($profile_ids[$index]);
- }
- }
- $staffInfo[] = [
- 'value' => $record['VALUE'],
- 'text' => $record['TEXT'],
- 'profile_ids' => $profile_ids
- ];
- }
- }
- $tmp = Database::get(
- "SELECT id,title FROM user_profiles
- ");
- $profiles = [];
- foreach($tmp as $profile) {
- $profiles[$profile['ID']] = $profile['TITLE'];
- }
- if($staffInfo) {
- foreach($staffInfo as $staffMember) {
- $profileTitles = [];
- foreach($staffMember['profile_ids'] as $profile_id) {
- if($profiles[$profile_id]) {
- $profileTitles[] = $profiles[$profile_id];
- }
- }
- $profileTitles = implode(', ', $profileTitles);
- if($profileTitles) {
- $staffMember['text'] .= " ({$profileTitles})";
- $options[$staffMember['value']] = $staffMember['text'];
- } else {
- $staffMember['text'] .= " (Unknown)";
- $options[$staffMember['value']] = $staffMember['text'];
- }
- }
- }
- }
- // Add students
- if(in_array('student', $type)) {
- $syear = UserSYear();
- $date = date('Y-m-d');
- $studentSql = "
- SELECT
- username as value,
- CONCAT(last_name, ', ', first_name, ' ', middle_name, ' - ', student_id, ' (student)') as text
- FROM
- students
- JOIN
- student_enrollment enrollment
- ON
- enrollment.student_id = students.student_id
- WHERE
- username IS NOT NULL AND
- first_name IS NOT NULL AND
- last_name IS NOT NULL AND
- enrollment.syear = '{$syear}' AND
- '{$date}' BETWEEN COALESCE(enrollment.start_date, '{$date}') AND COALESCE(enrollment.end_date, '{$date}') AND
- (username IN ('{$usernames}') OR {$student_where})
- ";
- $tmp = Database::get($studentSql);
- foreach($tmp as $record) {
- $options[$record['VALUE']] = $record['TEXT'];
- }
- }
- return array(
- 'options' => $options,
- 'current' => Authenticate::getCurrentUsername(),
- );
- },
- 'login' => function($request) {
- session_start();
- $username = strtolower($request['username']);
- $error = null;
- $tmp_session = $_SESSION;
- $type = Authenticate::getLoginType();
- try {
- if(User('PROFILE') !== 'admin') {
- $linked_usernames = array_map('strtolower', Authenticate::getLinkedUsernames(null, true));
- if(!in_array($username, $linked_usernames)) {
- throw new Exception('Permission denied');
- }
- }
- Authenticate::login($type, $username, true);
- }
- catch(Exception $e) {
- $error = $e->getMessage();
- $_SESSION = $tmp_session;
- }
- return [
- 'error' => $error,
- 'result' => empty($error)
- ];
- },
- );
- $data = $_POST['data'];
- $action = $data['action'];
- if(empty($methods[$action])) {
- throw new Exception("Invalid action: {$action}");
- }
- $response = call_user_func_array($methods[$action], [$data]);
- echo json_encode($response);
- exit;
- });
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement