$ttl

\n" . "Please contact the site owner mentioning the " . "following condition code:\n

\n" . SAS_VERSION . '/' . $conditioncode . "\n

\n" . "Thank you for your cooperation!\n\n\n"; exit; } /* error_exit() */ // SANITY CHECK #1 - is there an existing installation at the location we expect? if (!file_exists($cmsdir . '/configuration/database.inc.php')) { error_exit('010'); } // SANITY CHECK #2 - do we have a connection to a working database? include ($cmsdir . '/configuration/database.inc.php'); if (!($db = mysql_connect($db_server, $db_username, $db_password))) { error_exit('020'); } // SANITY CHECK #3 - do we have access to our own database? if (!mysql_select_db($db_name)) { error_exit('030'); } /* * Still here? Must have valid database in our hands then. Carry on... */ error_reporting($old_error_reporting); // switch on error reporting after sanity checks include ($cmsdir . "/core/common.inc.php"); //include common functions require ($cmsdir . "/core/session.php"); //build a session unset ($sas_config); $query = "SELECT config_key,config_value FROM $table_configuration WHERE config_key NOT LIKE 'agenda%'"; //read all the configuration items $result = mysql_query($query); while ($config_list = mysql_fetch_array($result)) { $sas_config[$config_list[0]] = $config_list[1]; //put them in the config array } // SANITY CHECK #4 - do we have the correct version of the database? $old_error_reporting = error_reporting(0); // switch off error reporting during sanity check if ($sas_config['sas_version'] . '.' . $sas_config['sas_patch_version'] != SAS_VERSION) { error_exit('040'); } // SANITY CHECK #5 - do we have a template value? if ($sas_config['theme'] == "") //if theme config value is empty, there is a problem with the site. { error_exit('050'); } error_reporting($old_error_reporting); // switch on error reporting after sanity check // setting variables to global if (IsSet ($_GET['page'])) { $page = intval($_GET['page']); } if (IsSet ($_GET['section'])) { $section = intval($_GET['section']); } if (IsSet ($_GET['category'])) { $category = $_GET['category']; } if (IsSet ($_GET['logout'])) { $logout = $_GET['logout']; } if (IsSet ($_GET['site'])) // we get protected or public via the URL link { $website = $_GET['site']; // unset session variable in case we want to go to public area unset ($_SESSION['site']); if ($website == "protected") { //if user wants to go to protected area set it in the session variable. $_SESSION['site'] = $website; } } elseif (IsSet ($_SESSION['site'])) { $website = $_SESSION['site']; } else { $website = ""; } if (IsSet ($logout)) // logging out, destroying session data { mysql_query("UPDATE $table_studentpages SET approved = '' WHERE approved = $_SESSION[userid]"); //clear approved for pages which might be in use by pupil/teacher session_unset(); session_destroy(); if ($website == "protected") { //if we go back to normal site we don't know page and section header("Location: index.php"); } } if (IsSet ($_SESSION['usertype'])) { $sas_usertype = $_SESSION['usertype']; } else { $sas_usertype = ""; } if (IsSet ($_SESSION['userid']) AND ($sas_usertype == "teacher" OR $_SESSION['user_type'] > 19) AND $_SESSION['site'] == "protected") //are we allowed to get intranet access, then switch to the protected tables { $table_sections = $dbprefix . "prot_sections"; $table_pages = $dbprefix . "prot_pages"; $_SESSION['site'] = $website; $themelocation = $sas_config['protected_theme']; //set the protected theme } else { $themelocation = $sas_config['theme']; //set normal theme } $sitename = $sas_config['sitename']; //selecting the title of the site $check_sessioncode = $sas_config['sessioncode']; //selecting the sessioncode, can be used for security $userpath = $sas_config['user_path']; //get the directoryname of the cms if (substr($userpath, 0, 1) == "/") { $userpath = substr($userpath, 1); //strip first slash } $serverpath = $sas_config['serverpath']; //get the document root of the site $media = $sas_config['media_dir']; //media directory $studentpages = $sas_config['studentpages_dir']; //pupilpages directory if (strrpos($serverpath, '/') != strlen($serverpath) - 1) { $serverpath .= '/'; //add last slash if not present } $serverpath = $serverpath . $userpath; $site_url = $sas_config['url']; //select the URL, used for images, downloads, links etc. $language = $sas_config['language']; //select the language, used for module language files load_language($cmsdir . '/', '/'); //load language file if ((!IsSet ($section)) OR ($section == 0)) //select startsection if no section was selected { if ($website == "protected") { $section = $sas_config['protected_startsection']; } else { $section = $sas_config['startsection']; } } if ((!IsSet ($page)) OR ($page == 0)) //select startpage of section if no page was selected { $query = "SELECT frontpage FROM $table_sections WHERE id = '" . $section . "'"; $result = mysql_query($query) or die_script($query, mysql_error()); $page = mysql_result($result, 0); unset ($query); unset ($result); } $query = "SELECT name FROM $table_sections WHERE id = '" . $section . "'"; //selecting the title of the section $result = mysql_query($query) or die_script($query, mysql_error()); $sectiontitle = mysql_result($result, 0); unset ($query); unset ($result); $query = "SELECT name FROM $table_pages WHERE id = '" . $page . "'"; //selecting the title of the page $result = mysql_query($query) or die_script($query, mysql_error()); if (!@ $pagetitle = mysql_result($result, 0)) { print "No page was set as startpage for this section of the site"; exit; } $ip = $_SERVER["REMOTE_ADDR"]; //log the ip address $d = date("Y-m-d"); $ipfilter = explode(",", $sas_config['stats_ip_filter']); $table_stats = $dbprefix . "stats"; //update or insert into the stats table if (IsSet ($site) AND ($site == "protected")) { $table_pages = $dbprefix . "prot_pages"; mysql_query("UPDATE $table_pages SET count=count+1, lastvisitdate='$d' WHERE id = '" . $page . "'"); $query2 = "SELECT ip FROM $table_stats WHERE ip = '$ip' AND pageid = '" . $page . "' AND sectionid = $section AND public = 1"; $result2 = mysql_query($query2) or die_script($query, mysql_error()); $RecordCount = mysql_num_rows($result2); if ($RecordCount > 0) { $results = mysql_query("UPDATE $table_stats SET count = count + 1, public = 1 WHERE ip = '$ip' AND pageid = $page AND sectionid = '" . $section . "' AND public = 1"); } else { $results = mysql_query("INSERT INTO $table_stats(ip,received,pageid,sectionid,count,public) VALUES('$ip',now(),$page,$section,'1','1')"); } } else { //if (array_search($ip, $ipfilter) === FALSE) //{ mysql_query("UPDATE $table_pages SET count=count+1, lastvisitdate='$d' WHERE id = $page"); //} $query2 = "SELECT ip FROM $table_stats WHERE ip = '$ip' AND pageid = $page AND sectionid = '" . $section . "' AND public = 0"; $result2 = mysql_query($query2) or die_script($query, mysql_error()); $RecordCount = mysql_num_rows($result2); if ($RecordCount > 0) { $results = mysql_query("UPDATE $table_stats SET count = count + 1, public = 0 WHERE ip = '$ip' AND pageid = $page AND sectionid = '" . $section . "' AND public = 0"); } else { $results = mysql_query("INSERT INTO $table_stats(ip,received,pageid,sectionid,count,public) VALUES('$ip',now(),$page,$section,'1','0')"); } } unset ($query); unset ($result); //do we have print flag on? if (isset ($_GET['print']) AND ($_GET['print'] == "yes")) { print "