3279308836
/
LRR
forked from mrlan/LRR
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[Refactoring] Particularly make the SQL statement that shows new assigmments in Coruse.php less messy.

SIMPLICITY_link
Hui Lan 2020-10-02 17:02:20 +08:00
parent 25a1431ba8
commit ada55d3394
12 changed files with 2357 additions and 2987 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Admin.php
View File

@ -1,3 +1,8 @@
<?php
include 'NoDirectPhpAcess.php';
?>
<?php
$page="admin";
include 'Header.php';
@ -32,7 +37,7 @@ if ($_SESSION['user_type'] != "Lecturer") {
<hr>
-->
<div class="col-md-6">
<h4> User account Management </h4><hr>
<h4> User Account Management </h4><hr>
<b>Lecturer / TA Accounts </b><br>

258
Course.php
View File

@ -1,3 +1,8 @@
<?php
include 'NoDirectPhpAcess.php';
?>
<?php
$page='Courses+';
include 'Header.php';
@ -5,6 +10,7 @@ include 'Header.php';
$group_id = $_SESSION["user_group_id"];
$c_date = date("Y-m-d H:i");
if(!empty($_GET["url"]))
{
$course_url = $_GET["url"];
@ -13,9 +19,11 @@ include 'Header.php';
. " , users_table.Full_Name FROM `courses_table` INNER JOIN users_table"
. " ON users_table.User_ID=courses_table.Lecturer_User_ID where URL='$course_url' ");
if(mysqli_num_rows($result)==0)
{echo "should not be here";} else {
if(mysqli_num_rows($result)==0) {
echo "No course matching the given course URL: ".$course_url;
} else {
while($row = mysqli_fetch_assoc($result)) {
$name = $row['Course_Name'];
$code = $row['Course_Code'];
@ -24,19 +32,27 @@ include 'Header.php';
$academic = $row['Academic_Year'];
$url = $row['URL'];
$course_id = $row['Course_ID'];
$id2=$row['Course_ID'];
// also get teaching assistant names(if any)
$ta_result = mysqli_query($con, "SELECT Full_Name FROM users_table where User_ID in (select TA from course_ta where Course_ID='$course_id');");
if (mysqli_num_rows($ta_result) == 0) {
echo " <div class='alert' style='margin-left:20px;border-bottom:2px solid #1D91EF;'> <a href='~\..\Courses.php?course=$url'>
Courses > $name ($code) > Lab Reports
<br> <span style='font-size:8pt'>Faculty: $faculty | Year: $academic | Lecturer: $lecturer </span>
</a></div>
";
}}
Courses > $name ($code) > Lab Reports <br> <span style='font-size:8pt'>Faculty: $faculty | Year: $academic | Lecturer: $lecturer </span>
</a></div> ";
} else {
$ta_name = "";
while ($row = mysqli_fetch_assoc($ta_result)) {
$ta_name = $ta_name.$row['Full_Name']." ";
}
$ta_name = trim ($ta_name);
echo " <div class='alert' style='margin-left:20px;border-bottom:2px solid #1D91EF;'> <a href='~\..\Courses.php?course=$url'>
Courses > $name ($code) > Lab Reports <br> <span style='font-size:8pt'>Faculty: $faculty | Year: $academic | Lecturer: $lecturer | Teaching Assistant: $ta_name </span>
</a></div> ";
}
}
}
}
?>
<div class="row" style='margin-left:20px;float:left'>
<?php
@ -61,31 +77,27 @@ include 'Header.php';
if( $_SESSION['user_type'] == "Student")
{
?>
<hr>
<div class="row" style="width:95%;margin:auto; text-align:left;">
<div class="col-md-9">
<!-- Nav tabs -->
<ul class="nav nav-tabs" role="tablist">
<li class="nav-item">
<a class="nav-link active" data-toggle="tab" href="#menu1">New Lab Reports</a>
<a class="nav-link active" data-toggle="tab" href="#menu1">New</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="tab" href="#menu2">Missed Lab Reports </a>
<a class="nav-link" data-toggle="tab" href="#menu2">Missed</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="tab" href="#menu3">Submitted Lab Reports</a>
<a class="nav-link" data-toggle="tab" href="#menu3">Submitted</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="tab" href="#menu4">Marked Submissions</a>
<a class="nav-link" data-toggle="tab" href="#menu4">Marked</a>
</li>
</ul>
@ -95,40 +107,41 @@ if( $_SESSION['user_type']=="Student")
<?php
// Get groups of this students
$sql="SELECT course_group_members_table.Course_Group_id
FROM course_group_members_table inner join
course_groups_table on course_group_members_table.Course_Group_id = course_groups_table.Course_Group_id
WHERE course_group_members_table.Student_ID=$student_id and course_groups_table.Course_id=$course_id";
$sql="SELECT course_group_members_table.Course_Group_id FROM course_group_members_table INNER JOIN course_groups_table ON course_group_members_table.Course_Group_id = course_groups_table.Course_Group_id WHERE course_group_members_table.Student_ID=$student_id and course_groups_table.Course_id=$course_id";
$resultx1 = mysqli_query($con, $sql);
while($row = mysqli_fetch_assoc($resultx1)) {$_SESSION['group_id']=$row['Course_Group_id'];}
while($row = mysqli_fetch_assoc($resultx1))
{
$_SESSION['group_id'] = $row['Course_Group_id'];
}
$group_id = $_SESSION['group_id'];
if($group_id==""){$group_id=-1;}
if($group_id == "")
{
$group_id = 0; // no group. If the student has a group, the group number should be greater than 0.
}
$var="SELECT Type,Lab_Report_ID,Marks, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, lab_reports_table.Title, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`
FROM `lab_reports_table` WHERE Course_ID=$course_id "
. ""
. "and (Deadline > '$c_date' or Lab_Report_ID in (SELECT `Lab_Report_ID` FROM `extended_deadlines_table`"
. " WHERE Lab_Report_ID in (select Lab_Report_ID from lab_reports_table where Course_ID=$course_id) and Student_ID=$student_id and Extended_Deadline_Date > '$c_date') ) "
. ""
. ""
. ""
. ""
. "and Lab_Report_ID not in (select Lab_Report_ID from lab_report_submissions"
. " where (Student_id=$student_id or Course_Group_id=$group_id) and Course_ID=$course_id)"
. ""
. " ORDER by Lab_Report_ID DESC";
// Show the assignment iff the following conditions are met: (1)
// Before the deadline (2) Before the students' extended deadline (if any)
// (3) none of the student's group members have already submitted
// the assignment.
$var = "SELECT Type, Lab_Report_ID, Marks, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, lab_reports_table.Title, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`".
" FROM `lab_reports_table`".
" WHERE Course_ID=$course_id".
" AND (Deadline > '$c_date' OR Lab_Report_ID IN (SELECT `Lab_Report_ID` FROM `extended_deadlines_table` WHERE Student_ID=$student_id AND Extended_Deadline_Date > '$c_date' AND Lab_Report_ID IN (SELECT Lab_Report_ID FROM lab_reports_table WHERE Course_ID=$course_id)))".
" AND Lab_Report_ID NOT IN (SELECT Lab_Report_ID FROM lab_report_submissions WHERE Course_Group_id IN (SELECT Course_Group_id FROM course_group_members_table WHERE Student_ID=$student_id))".
" ORDER BY Lab_Report_ID DESC";
$result1 = mysqli_query($con, $var);
if(mysqli_num_rows($result1)==0)
{
echo "No Active assignments for this course so far.";
} else { while($row = mysqli_fetch_assoc($result1)) {
echo "No active assignments for this course so far.";
} else {
while($row = mysqli_fetch_assoc($result1)) {
$title=$row['Title'];
$type=$row['Type'];
$Marks=$row['Marks'];
@ -164,6 +177,9 @@ if(mysqli_num_rows($result1)==0)
</div>
<div id="menu2" class="container tab-pane"><br>
<?php
$group_id=$_SESSION['group_id'];
@ -190,9 +206,10 @@ Lab_Report_ID not in
if(mysqli_num_rows($result)==0)
{
echo "You Missed no Lab reports in this course";
echo "You missed no lab reports in this course.";
} else { while($row = mysqli_fetch_assoc($result)) {
} else {
while($row = mysqli_fetch_assoc($result)) {
$title=$row['Title'];
$marks=$row['Marks'];
$ins=$row['Instructions'];
@ -240,16 +257,20 @@ $group_id = $_SESSION['group_id'];
if($group_id==""){$group_id=-1;} // This fixes "Submitted report not shown" http://118.25.96.118/bugzilla/show_bug.cgi?id=176
$resultx = mysqli_query($con,"SELECT Lab_Report_ID,Marks, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, lab_reports_table.Title, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`
$sql_stmt = "SELECT Lab_Report_ID, Marks, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, lab_reports_table.Title, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`
FROM `lab_reports_table`
WHERE Lab_Report_ID in (select Lab_Report_ID from lab_report_submissions"
. " where Status='Pending' and (Student_id=$student_id or Course_Group_id=$group_id) and Course_ID=$course_id) ORDER by Lab_Report_ID DESC";
$resultx = mysqli_query($con, $sql_stmt);
where Lab_Report_ID in (select Lab_Report_ID from lab_report_submissions"
. " where Status='Pending' and (Student_id=$student_id or Course_Group_id=$group_id) and Course_ID=$course_id) ORDER by Lab_Report_ID DESC");
if(mysqli_num_rows($resultx)==0)
{
echo "You have no lab report submissions in this course.";
} else { while($row = mysqli_fetch_assoc($resultx)) {
} else {
while($row = mysqli_fetch_assoc($resultx)) {
$lab_repo_id=$row['Lab_Report_ID'];
$title=$row['Title'];
$marks=$row['Marks'];
@ -261,13 +282,9 @@ if(mysqli_num_rows($resultx)==0)
$att3=$row['Attachment_link_3'];
$att4=$row['Attachment_link_4'];
$id = $row['Lab_Report_ID'];
if( $c_date < $deadline)
{
$submittedx="<a href='~\..\SubmitLab.php?id=$id' class='btn-sm btn-default'><i class='fa fa-check-circle'></i> Re-Submit </a>";
}
else {
$submittedx="<a href='~\..\SubmitLab.php?id=$id&url=$url' class='btn-sm btn-default'><i class='fa fa-check-circle'></i> Re-Submit </a>";
}
$full_link = "<a href='~\..\Lab_Report_Assignments\\$att1'>$att1</a>";
@ -282,12 +299,11 @@ if(mysqli_num_rows($resultx)==0)
if($att4!=""){
$full_link= $full_link."| <a href='~\..\Lab_Report_Assignments\\$att4'>$att4</a>";
}
;
echo " <k href='#'> <div class='btn btn-default break-word' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'>
$title <br> <span style='font-size:8pt'> $ins</span>
<br> <span style='font-size:8pt'>Posted : $posted Deadline : $deadline ($marks Marks) &nbsp; &nbsp; $submittedx&nbsp; <span class='btn-sm btn-success' style='margin-left:50px;'><i class='fa fa-Edit-circle'></i> Submitted </span><br> Assignment Attachments : $full_link
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<br> Submission Files :";
<br> <span style='font-size:8pt'>Posted : $posted Deadline : $deadline ($marks Marks) &nbsp; &nbsp; $submittedx&nbsp; <span class='btn-sm btn-success' style='margin-left:50px;'><i class='fa fa-Edit-circle'></i> Submitted </span>
<br> Submitted files: ";
$Sub_result = mysqli_query($con,"SELECT `Submission_ID`, `Submission_Date`, lab_report_submissions.Lab_Report_ID,
@ -298,29 +314,34 @@ FROM `lab_report_submissions`
Left JOIN users_table on users_table.Student_ID=lab_report_submissions.Student_id
left JOIN course_group_members_table on course_group_members_table.Course_Group_id=lab_report_submissions.Course_Group_id
where Lab_Report_ID=$lab_repo_id and (lab_report_submissions.Student_id='$student_id')");
// or lab_report_submissions.Course_Group_id='$group_id'
if(mysqli_num_rows($Sub_result) == 0)
{
echo "No Attachments found.";
} else { while($row = mysqli_fetch_assoc($Sub_result)) {
} else {
while($row = mysqli_fetch_assoc($Sub_result)) {
$at1=$row['Attachment1'];
$at2=$row['Attachment2'];
$at3=$row['Attachment3'];
$at4=$row['Attachment4'];
$full_link="<a href='~\..\Lab_Report_Submisions\\$at1'>$at1</a>";
$base_at1 = basename($at1);
$base_at2 = basename($at2);
$base_at3 = basename($at3);
$base_at4 = basename($at4);
$full_link = "<a href='~\..\Download.php?file=$at1&attachment=1'>$base_at1</a>"; // prevent students from directly accessing their classmates' submissions
if($at2!=""){
$full_link= $full_link."| <a href='~\..\Lab_Report_Submisions\\$at2'>$at2</a>";
$full_link= $full_link." | <a href='~\..\Download.php?file=$at2&attachment=2'>$base_at2</a>";
}
if($at3!=""){
$full_link= $full_link."| <a href='~\..\Lab_Report_Submisions\\$at3'>$at3</a>";
$full_link= $full_link." | <a href='~\..\Download.php?file=$at3&attachment=3'>$base_at3</a>";
}
if($at4!=""){
$full_link= $full_link."| <a href='~\..\Lab_Report_Submisions\\$at4'>$at4</a>";
$full_link= $full_link." | <a href='~\..\Download.php?file=$at4&attachment=4'>$base_at4</a>";
}
echo $full_link;
@ -384,7 +405,7 @@ $resultx = mysqli_query($con,"SELECT `Submission_ID`, `Submission_Date`, lab_re
if(mysqli_num_rows($resultx)==0)
{
echo "You have No Marked submissions in this course";
echo "You have no marked submissions in this course";
} else { while($row = mysqli_fetch_assoc($resultx)) {
$title=$row['Lab_Title'];
@ -469,58 +490,8 @@ if(mysqli_num_rows($resultx)==0)
</div>
</div>
</div>
<div class="col-md-3">
@ -596,58 +567,11 @@ where course_group_members_table.Course_Group_id=$id");
</div>
</div>
<?php
}
include 'Footer.php';
@ -659,6 +583,7 @@ where course_group_members_table.Course_Group_id=$id");
<link rel="stylesheet" href="./css/jquery-ui.css" />
<script>
function CreateGroup() {
@ -729,7 +654,6 @@ where course_group_members_table.Course_Group_id=$id");
function accept(id,val) {
try
{
@ -763,7 +687,7 @@ where course_group_members_table.Course_Group_id=$id");
function remarking(data)
{
var details=prompt("Please enter Remarking Reason","");
var details = prompt("Please enter your remarking reasons","");
window.location.href = data+"&details="+details;
}

176
Courses.php
View File

@ -1,3 +1,8 @@
<?php
include 'NoDirectPhpAcess.php';
?>
<?php
@ -6,15 +11,6 @@ include 'Header.php';
$user_d = $_SESSION['user_id'];
if( $_SESSION['user_type']=="Lecturer" || $_SESSION['user_type']=="TA")
{
?>
@ -280,7 +276,7 @@ if (isset($_SESSION['info_courses'])) {
if( $_SESSION['user_type']=="TA")
{
echo "<b style='color:orange'>* Only Lecturers can Post new Lab report Assignments </b><br>";
echo "<b style='color:gray'>*Only Lecturer can post a new lab report assignment</b><br>";
}
if(mysqli_num_rows($result)==0)
{
@ -372,46 +368,6 @@ WHERE Course_ID=$course_id");
<div class="col-md-8">
<?php
@ -567,94 +523,6 @@ Verify Joining Students
{
?>
<!--STUDENT CODE-->
<div class="row" style="width:80%;margin:auto; text-align:left;">
<div class="col-md-6">
@ -712,7 +580,9 @@ if(!empty($_GET["search"]) || !empty($_GET["faculty"]))
{
echo "No results found for your Search <hr>";
} else { while($row = mysqli_fetch_assoc($result)) {
} else {
while($row = mysqli_fetch_assoc($result)) {
$name=$row['Course_Name'];
$code=$row['Course_Code'];
$faculty=$row['Faculty'];
@ -721,34 +591,21 @@ echo "No results found for your Search <hr>";
$url=$row['URL'];
$id=$row['Course_ID'];
$v=$row['Verify_New_Members'];
$msg2="Join this Course";
$msg2="Join Course";
if($v>0)
{
$msg="<i class='fa fa-exclamation-circle'></i> Lecturer Verification required";
$msg="<i class='fa fa-exclamation-circle'></i> Lecturer verification required";
$msg2="Send Joining Request";
}
echo "<div class='btn btn-default' style='word-wrap:break-word'>
($code) - $name <br>($url) <br> <a href='~\..\Script.php?JoinCourse=y&id=$id&std=$student_id&joining=$v' class='btn-sm btn-success' onclick=return confirm(\"are you sure to join this course?\")' > $msg2 </a>
<br> <span style='font-size:8pt'>Faculty : $faculty Year : $academic Lecturer :$lecturer </span><br>$msg</div>
[$code] $name <br>($url) <br> <a href='~\..\Script.php?JoinCourse=y&id=$id&std=$student_id&joining=$v' class='btn-sm btn-success' onclick=return confirm(\"Are you sure to join this course?\")' > $msg2 </a>
<br> <span style='font-size:10pt'>Faculty: $faculty | Year: $academic | Lecturer: $lecturer </span><br>$msg</div>
";
}
}
}
echo "<h4> My Courses </h4>";
$result = mysqli_query($con,"SELECT users_table.Full_Name, course_students_table.Status, courses_table.Course_ID, `Course_Name`, `Academic_Year`, `Faculty`, `Lecturer_User_ID`, `TA_User_ID`, `Course_Code`, `URL`, `Verify_New_Members` FROM `courses_table`
INNER JOIN users_table
@ -761,7 +618,8 @@ INNER JOIN course_students_table on course_students_table.Course_ID=courses_tabl
if(mysqli_num_rows($result)==0)
{
echo "<i class='fa fa-exclamation-circle'></i> You are not Enrolled in any Course";
} else { while($row = mysqli_fetch_assoc($result)) {
} else {
while($row = mysqli_fetch_assoc($result)) {
$name=$row['Course_Name'];
$code=$row['Course_Code'];
$faculty=$row['Faculty'];
@ -785,10 +643,6 @@ INNER JOIN course_students_table on course_students_table.Course_ID=courses_tabl
<br> <span style='font-size:8pt'>Faculty : $faculty Year : $academic Lecturer :$lecturer </span></div>
";
}
}
}

37
Download.php Normal file
View File

@ -0,0 +1,37 @@
<?php
session_start();
// Allow legal person to download files instead of using direct URL access
// Adapted from https://www.runoob.com/w3cnote/php-download-file.html
// 修改这一行设置你的文件下载目录
$file = "./../../lrr_submission".$_GET['file'];
$filename = basename($file);
// 判断文件是否存在
if(!file_exists($file)) die("File does not exist.");
// 文件类型,作为头部发送给浏览器
$type = filetype($file);
// 获取时间和日期
$today = date("F j, Y, g:i a");
$time = time();
if ( (isset($_SESSION["user_student_id"]) && strpos($file, $_SESSION["user_student_id"])) || $_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "TA") {
// 发送文件头部
header("Content-type: $type");
header("Content-Disposition: attachment;filename=$filename");
header("Content-Transfer-Encoding: binary");
header('Pragma: no-cache');
header('Expires: 0');
// 发送文件内容
set_time_limit(0);
readfile($file);
} else {
echo "Nothing to download. Contact lanhui _at_ zjnu.edu.cn if you think otherwise.";
}
?>

49
Header.php
View File

@ -1,22 +1,14 @@
<?php
session_start();
error_reporting(0);
date_default_timezone_set('Asia/Shanghai');
$con = mysqli_connect("localhost","username","password","lrr");
// Check connection
if (mysqli_connect_errno())
{
// Check database connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
else
{
}
?>
@ -24,30 +16,22 @@ else
<!DOCTYPE html>
<html>
<header>
<header>
<link href="./css/bootstrap.min.css" rel="stylesheet" type="text/css"/>
<link href="./font-awesome/css/font-awesome.min.css" rel="stylesheet" type="text/css"/>
<link href="./css/bootstrap.min.css" rel="stylesheet" type="text/css"/>
<script src="./css/jquery.min.js" type="text/javascript"></script>
<script src="./css/bootsrap.min.js" type="text/javascript"></script>
<link href="./css/bootstrap.min.css" rel="stylesheet" type="text/css"/>
<script src="./css/jquery.datetimepicker.min.js" type="text/javascript"></script>
</header>
<body>
<?php
$curDateTime = date("Y-m-d H:i");
include 'connect.php';
?>
<nav class="navbar navbar-expand-lg navbar-dark bg-dark" style="padding-left:150px;padding-right:150px;margin:auto;">
<a class="navbar-brand" href="~\..\index.php"> <img src="logo.png" style="width:30px;heigh:30px;"> LRRS</a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarColor02" aria-controls="navbarColor02" aria-expanded="false" aria-label="Toggle navigation">
@ -66,20 +50,18 @@ else
{
echo " <a class='nav-link' href='~\..\Courses.php'><i class='fa fa-book'></i> Courses <span class='sr-only'>(current)</span></a>";
?>
</li>
</ul>
<form class="form-inline my-2 my-lg-0" style="color:#fff;">
Welcome &nbsp; <b> <?php echo $_SESSION['user_fullname'];
?> </b> &nbsp;
Welcome &nbsp; <b> <?php echo $_SESSION['user_fullname']; ?> </b> &nbsp;
<?php
$c_date= date("Y-m-d H:i");
if (isset( $_SESSION['user_student_id']))
echo "(". $_SESSION['user_type'] . " - " . $_SESSION['user_student_id'] .") ";
else
echo "(". $_SESSION['user_type'] .") ";
?>
<?php
@ -88,10 +70,8 @@ if ($_SESSION['user_type'] == "Lecturer") {
}
?>
&nbsp;&nbsp;&nbsp; <i class="fa fa-user" style="color:#fff;"> </i>
&nbsp;<a href="#" style='color:#fff !important' onclick="updatePass(<?php echo $_SESSION['user_id'];?>)">Update password</a>
&nbsp;&nbsp;&nbsp; <i class="fa fa-lock" style="color:#fff;"> </i> &nbsp;<a style='color:#fff !important' href="~\..\logout.php">Logout </a>
<?php
@ -156,9 +136,6 @@ if ($_SESSION['user_type'] == "Lecturer") {
.ui-button{ background: #03488B; color:white }
</style>
@ -167,9 +144,9 @@ if ($_SESSION['user_type'] == "Lecturer") {
function updatePass(id)
{
var pass= prompt("Enter your new password : ", "...");
var pass = prompt("Enter your new password : ", "Enter a strong password");
if(!confirm('Are you sure to reset your password?'))
if(!confirm('Are you sure you want to reset your password?'))
{
return;
}
@ -179,7 +156,7 @@ if ($_SESSION['user_type'] == "Lecturer") {
function blockUser(id,status)
{
if(!confirm('Are you to change User Status'))
if(!confirm('Are you sure you want to change user status?'))
{
return;
}

7
NoDirectPhpAcess.php Normal file
View File

@ -0,0 +1,7 @@
<?php
// https://stackoverflow.com/questions/33999475/prevent-direct-url-access-to-php-file
if (!isset($_SERVER['HTTP_REFERER']) ) {
/* choose the appropriate page to redirect users */
die( header( 'location: index.php' ) );
}
?>

526
Script.php
View File

@ -1,105 +1,97 @@
<?php
include 'NoDirectPhpAcess.php';
?>
<?php
/*
* This Contains the main Server-side scripts for the project
* session_destroy();
*
*
* This file contains the main Server-side scripts for the project.
*/
session_start();
date_default_timezone_set('Asia/Shanghai');
// CONNeCTION
// Connect to MySQL database
$con = mysqli_connect("localhost","username","password","lrr");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// else
// {
// echo "Connected";
// }
error_reporting(0);
// #### FUNCTION CHECK FILE TYPES ////
function is_valid_student_number($student_id) {
// zjnu student number has 12 digits, and starts with 20
if (strlen($student_id) == 12 && is_numeric($student_id) == TRUE && substr($student_id, 0, 2) == "20")
return TRUE;
return FALSE;
}
// ############################### SIGN UP ##################################
if (!empty($_POST["frm_signup_1"])) {
$student_id = mysqli_real_escape_string($con,$_POST["student_id"]);
$passport = mysqli_real_escape_string($con,$_POST["passport"]);
$student_id = trim( mysqli_real_escape_string($con, $_POST["student_id"]) );
$passport = trim( mysqli_real_escape_string($con, $_POST["passport"]) );
// validate student number
if (strlen($student_id) != 12 || is_numeric($student_id) == FALSE) {
if (! is_valid_student_number($student_id)) {
$_SESSION["info_signup1"] = "Invalid student number.";
header("Location: index.php");
return;
}
// passport should be empty (not used)
if (strcmp(trim($passport), '') != 0) {
if (strcmp($passport, '') != 0) {
$_SESSION["info_signup1"] = "Passport is disused. Please leave it empty.";
header("Location: index.php");
return;
}
$result = mysqli_query($con,
"SELECT * FROM `students_data` WHERE Student_ID='$student_id'");
// Just removed this condition from the above command and (Passport_Number='$passport' or Passport_Number = '')
// Check if this student number is a legal one
$result = mysqli_query($con, "SELECT * FROM `students_data` WHERE Student_ID='$student_id'");
if(mysqli_num_rows($result) == 0)
{
$_SESSION["info_signup1"]="Student number could not be verified! Please contact Student Management Office (lanhui at zjnu.edu.cn). Thanks.";
$_SESSION["info_signup1"] = "Your entered student number could not be verified. Please contact Student Management Office <lanhui at zjnu.edu.cn>. Thanks.";
header("Location: index.php");
return;
}
$result98 = mysqli_query($con,
"SELECT * FROM `users_table` WHERE Student_ID='$student_id'");
$result98 = mysqli_query($con, "SELECT * FROM `users_table` WHERE Student_ID='$student_id'");
if(mysqli_num_rows($result98) == 0)
{
$_SESSION['user_passport']=$passport;
$_SESSION['user_student_id'] = $student_id;
$_SESSION['user_passport'] = $passport;
header("Location: signup.php");
return;
}
else
{
$_SESSION["info_signup1"]="Student ID already in use! Please contact Student Management Office (lanhui at zjnu.edu.cn).";
$_SESSION["info_signup1"] = "This Student ID is already in use! Please contact Student Management Office <lanhui at zjnu.edu.cn> for help.";
header("Location: index.php");
return;
}
}
// ############################### CREATE STUDENT USER ##################################
if (!empty($_POST["frm_signup_2"])) {
$fullname = mysqli_real_escape_string($con, $_POST["fullname"]);
$email = mysqli_real_escape_string($con, $_POST["email"]);
$password = mysqli_real_escape_string($con, $_POST["password"]);
$confirmpassword = mysqli_real_escape_string($con, $_POST["confirmpassword"]);
$fullname = mysqli_real_escape_string($con,$_POST["fullname"]);
$student_id = $_SESSION['user_student_id'];
$passport = $_SESSION['user_passport'];
$_SESSION['user_fullname'] = $fullname;
@ -109,8 +101,7 @@ if (!empty($_POST["frm_signup_1"])) {
// check confirmed password
if ( strcasecmp( $password, $confirmpassword ) != 0 ){
$_SESSION['info_signup2'] = "Password confirmation failed.";
$_SESSION['user_fullname'] = null;
$_SESSION['user_type'] = null;
$_SESSION['user_fullname'] = null; // such that Header.php do not show the header information.
header("Location: signup.php");
return;
}
@ -134,18 +125,18 @@ if (!empty($_POST["frm_signup_1"])) {
header("Location: signup.php");
return;
}
// check if email is taked
$result = mysqli_query($con,
"SELECT * FROM Users_Table WHERE email='$email'");
// check if email is taken
$result = mysqli_query($con, "SELECT * FROM users_table WHERE email='$email'");
if(mysqli_num_rows($result) != 0)
{
$_SESSION["info_signup2"]="Email adress ".$email." already in use.";
$_SESSION["info_signup2"]="Email adress ".$email." is already in use.";
$_SESSION['user_fullname'] = null;
$_SESSION['user_type'] = null;
header("Location: signup.php");
return;
}
//applying password_hash()
// apply password_hash()
$password_hash = password_hash($password, PASSWORD_DEFAULT);
$sql= "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`, `Student_ID`, `Passport_Number`) VALUES "
. "('$email','$password_hash','$fullname','Student','$student_id','$passport')";
@ -154,44 +145,39 @@ if (!empty($_POST["frm_signup_1"])) {
header("Location: Courses.php");
} else {
// echo "Error: " . $sql . "<br>" . $con->error;
echo "Something really bad happend during sign up.";
echo "Something really bad (SQL insertion error) happend during sign up.";
}
}
// ################################ LOGIN #####################################
if (!empty($_POST["frm_login"])) {
$user=mysqli_real_escape_string($con,$_POST["user"]);
$user = mysqli_real_escape_string($con, $_POST["user"]); // user could be a 12-digit student number or an email address
$is_student_number = 0;
// Validate student number
if (is_numeric($user) && strlen($user) != 12) {
$_SESSION["info_login"] = "Invalid student number:"."$user";
header("Location: index.php");
return;
} else {
if ( is_valid_student_number($user) ) {
$is_student_number = 1;
}
if ($is_student_number == 0 && !filter_var($user, FILTER_VALIDATE_EMAIL)) {
// Validate email address if what provided is not a student number
if (! $is_student_number && !filter_var($user, FILTER_VALIDATE_EMAIL)) {
$_SESSION["info_login"] = "Invalid email address: " . "$user";
header("Location: index.php");
return;
}
$password = mysqli_real_escape_string($con, $_POST["password"]);
// $hashed_password=hash('sha512', $password); Not necessary in the login
$result = mysqli_query($con, "SELECT * FROM users_table WHERE (Student_ID='$user') OR (Email='$user')");
if(mysqli_num_rows($result) == 0)
{
$_SESSION["info_login"]="Inavlid login information.";
$_SESSION["info_login"] = "Inavlid user name information.";
echo $_SESSION["info_login"];
header("Location: index.php");
}
else
@ -200,6 +186,7 @@ if(mysqli_num_rows($result)==0)
// verify the hashed password and unhashed password
$sha512pass = hash('sha512', $password); // for backward compatibility. Old passwords were hashed using SHA512 algorithm.
if(password_verify($password, $row["Password"]) or $sha512pass == $row["HashPassword"]) {
$_SESSION['user_id'] = $row['User_ID'];
$_SESSION['user_email'] = $row['Email'];
$_SESSION['user_student_id'] = $row['Student_ID'];
@ -228,13 +215,8 @@ if(mysqli_num_rows($result)==0)
// report wrong pass if not correct
} else {
$_SESSION["wrong_pass"] = "Wrong Password.";
echo $_SESSION["wrong_pass"];
header("Location: index.php");
}
}
}
}
@ -243,9 +225,6 @@ if(mysqli_num_rows($result)==0)
// ################################ Recover Password #####################################
if (!empty($_POST["frm_recover_password"])) {
@ -283,6 +262,7 @@ if (!empty($_POST["frm_recover_password"])) {
// ################################ RESET Password #####################################
if (!empty($_POST["frm_reset_password"])) {
@ -343,31 +323,6 @@ if($user_token==$token)
// ############################### CREATE Lecturer/TA USER ##################################
if (!empty($_POST["frm_createlecturrer"])) {
$email=mysqli_real_escape_string($con,$_POST["email"]);
@ -399,96 +354,58 @@ if($user_token==$token)
// #### FUNCTION CHECK FILE TYPES ////
function is_valid($file) {
function is_valid_file_format($file) {
$allowed = array('pdf', 'rtf', 'jpg','png', 'doc', 'docx', 'xls', 'xlsx','sql','txt','md','py','css','html',
'cvc','c','class','cpp','h','java','sh','swift','zip','rar','ods','xlr','bak','ico','swf');
$filename = $_FILES[$file]['name'];
$ext = pathinfo($filename, PATHINFO_EXTENSION);
$result = in_array($ext,$allowed);
return $result;
}
// #### FUNCTION CREATE DIRECTORIES ////
function Create_dir($upPath)
{
try {
// full path
$tags = explode('/', $upPath); // explode the full path
$mkDir = "";
foreach($tags as $folder) {
$mkDir = $mkDir . $folder ."/"; // make one directory join one other for the nest directory to make
// echo '"'.$mkDir.'"<br/>'; // this will show the directory created each time
echo '"'.$mkDir.'"<br/>'; // this will show the directory created each time
if(!is_dir($mkDir)) { // check if directory exist or not
mkdir($mkDir, 0777); // if not exist then make the directory
}
}
}
catch (Exception $e) {
return FALSE;
}
return $upPath;
}
function mkdirs($path)
{
if (file_exists($path))
return $path;
$result = mkdir($path, 0777, true);
if ($result) {
return $path;
}
return $result;
}
@ -530,33 +447,24 @@ $mkDir = "";
$count=0;
if(!is_valid("attachment1") && $_FILES["attachment1"]["name"]!="")
if(!is_valid_file_format("attachment1") && $_FILES["attachment1"]["name"]!="")
{
echo "Invalid File Type for Attachment 1";
return;
}
if(!is_valid("attachment2") && $_FILES["attachment2"]["name"]!="")
if(!is_valid_file_format("attachment2") && $_FILES["attachment2"]["name"]!="")
{
echo "Invalid File Type for Attachment 2";
return;
}
if(!is_valid("attachment3") && $_FILES["attachment3"]["name"]!="")
if(!is_valid_file_format("attachment3") && $_FILES["attachment3"]["name"]!="")
{
echo "Invalid File Type for Attachment 3";
return;
}
//if($_FILES["attachment1"]["error"] != 0) {
// echo "Error uploading the file ";
//return;
//}
// use 4 for missing file
if (move_uploaded_file($_FILES['attachment1']['tmp_name'], $targetfile)) {
$count++;
} else {
@ -580,9 +488,6 @@ $mkDir = "";
} else {
echo $_FILES['attachment4']['error'];
}
//}
echo $count." File(s) uploaded";
@ -598,13 +503,6 @@ $targetfile2="";
if($_FILES['attachment3']['name']!=""){ $targetfile3 = "/".$title."/".$_FILES['attachment3']['name']; }
if($_FILES['attachment4']['name']!=""){ $targetfile4 = "/".$title."/".$_FILES['attachment4']['name']; }
// return;
$sql="INSERT INTO `lab_reports_table`(`Course_ID`, `Posted_Date`, `Deadline`, `Instructions`,
`Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`,Marks,Type)
VALUES ('$course_id','$date','$deadline','$instructions','$title','$targetfile','$targetfile2','$targetfile3','$targetfile3',$marks,'$type')";
@ -613,7 +511,7 @@ $targetfile2="";
if ($con->query($sql) === TRUE) {
$_SESSION["info_courses"]=$type." Lab Report Assignment posted successfully.";
$_SESSION["info_courses"] = $type." lab report assignment posted successfully.";
header("Location: Courses.php?course=".$url);
} else {
@ -625,31 +523,11 @@ $targetfile2="";
function checksize($file)
{
$filename = $_FILES[$file]['name'];
$result = $_FILES["$file"]['size']/(1024*1024);
$result=$_FILES["$file"]['size']/1024/1024;
//$max_upload = (int)(ini_get('upload_max_filesize'));
//$max_post = (int)(ini_get('post_max_size'));
//$memory_limit = (int)(ini_get('memory_limit'));
//$upload_mb = min($max_upload, $max_post, $memory_limit);
if($result>20)
if($result > 1)
{
return FALSE;
}
@ -661,112 +539,78 @@ if($result>20)
// ############################### Submit Assignment ##################################
if (!empty($_POST["frm_submitlab"])) {
$lab_id = mysqli_real_escape_string($con, $_POST["lab_id"]);
$student_id = $_POST["student_id"];
$group_id = $_POST["group_id"];
$instructions = mysqli_real_escape_string($con, $_POST["instructions"]);
$title = mysqli_real_escape_string($con, $_POST["title"]);
$url = mysqli_real_escape_string($con, $_POST["url"]);
$deadline = $deadlinedate." ".$deadlinetime;
$date = date("Y-m-d H:i");
// GET UPLOADED FILES
$labName = mysqli_query($con,"SELECT * FROM `lab_reports_table` WHERE Lab_Report_ID=$lab_id");
while($row = mysqli_fetch_assoc($labName))
{$lab_name=$row['Title'];
$_SESSION['Sub_Type']=$row['Type'];
{
$lab_name = $row['Title'];
$_SESSION['Sub_Type'] = $row['Type']; // submission type, either Individual or Group
}
$target_dir =Create_dir("Lab_Report_Submisions/".$student_id."/".$lab_name."/");
$upload_folder = "Lab_Report_Submisions"; // old place for storing students' submissions
$upload_folder = "./../../lrr_submission";
$target_dir = mkdirs($upload_folder."/".$student_id."/".$url."/".$lab_name."/"); # url is actually course code plus academic year, e.g., CSC3122020
$targetfile = $target_dir.$_FILES['attachment1']['name'];
$targetfile2 = $target_dir.$_FILES['attachment2']['name'];
$targetfile3 = $target_dir.$_FILES['attachment3']['name'];
$targetfile4 = $target_dir.$_FILES['attachment4']['name'];
//$curDateTime = date("Y-m-d H:i");
//$myDate = date("Y-m-d H:i", strtotime("2017-12-28 18:01"));
//if($curDateTime <= $myDate ){
// echo "active ".+$curDateTime." mydate= ".$myDate;
//
//}else{
// echo "inactive c=".$curDateTime;
//}
//
$count = 0;
//check zise
if(!checksize("attachment1"))
{
echo "2 MB is the maximum file size allowed";
echo "1 MB is the maximum file size allowed";
return;
}
if(!checksize("attachment2") && $_FILES["attachment2"]["name"] != "")
{
echo "2 MB is the maximum file size allowed";
echo "1 MB is the maximum file size allowed";
return;
}
if(!checksize("attachment3") && $_FILES["attachment3"]["name"] != "")
{
echo "2 MB is the maximum file size allowed";
echo "1 MB is the maximum file size allowed";
return;
}
if(!is_valid("attachment1"))
if(!is_valid_file_format("attachment1"))
{
echo "Invalid File Type for Attachment 1";
return;
}
if(!is_valid("attachment2") && $_FILES["attachment2"]["name"]!="")
if(!is_valid_file_format("attachment2") && $_FILES["attachment2"]["name"] != "")
{
echo "Invalid File Type for Attachment 2";
return;
}
if(!is_valid("attachment3") && $_FILES["attachment3"]["name"]!="")
if(!is_valid_file_format("attachment3") && $_FILES["attachment3"]["name"] != "")
{
echo "Invalid File Type for Attachment 3";
return;
}
if($_FILES["attachment1"]["error"] != 0) {
echo "Error uploading the file ";
echo "Error when uploading the file.";
return;
}
// use 4 for missing file
if (move_uploaded_file($_FILES['attachment1']['tmp_name'], $targetfile)) {
$count++;
} else {
@ -790,9 +634,6 @@ if (move_uploaded_file($_FILES['attachment3']['tmp_name'], $targetfile3)) {
} else {
echo $_FILES['attachment4']['error'];
}
//}
echo $count." File(s) uploaded";
@ -803,31 +644,31 @@ $targetfile1="";
$targetfile3 = "";
$targetfile4 = "";
if(strlen($_FILES['attachment1']['name']) > 2 ) {
$targetfile="/".$student_id."/".$lab_name."/".$_FILES['attachment1']['name'];
if(strlen($_FILES['attachment1']['name']) > 2 ) { // why greater than 2???
$targetfile = "/".$student_id."/".$url."/".$lab_name."/".$_FILES['attachment1']['name'];
}
if(strlen($_FILES['attachment2']['name']) > 2 ) {
$targetfile2="/".$student_id."/".$lab_name."/".$_FILES['attachment2']['name']; }
$targetfile2 = "/".$student_id."/".$url."/".$lab_name."/".$_FILES['attachment2']['name']; }
if(strlen($_FILES['attachment3']['name']) > 2 ) {
$targetfile3= "/".$student_id."/".$lab_name."/".$_FILES['attachment3']['name'];}
$targetfile3 = "/".$student_id."/".$url."/".$lab_name."/".$_FILES['attachment3']['name'];}
if(strlen($_FILES['attachment4']['name']) > 2 ) {
$targetfile4= "/".$student_id."/".$lab_name."/".$_FILES['attachment4']['name'];
$targetfile4 = "/".$student_id."/".$url."/".$lab_name."/".$_FILES['attachment4']['name'];
}
$sql1="Delete from lab_report_submissions where Lab_Report_ID=$lab_id and Student_id=$student_id and Course_Group_id=$group_id";
if ($con->query($sql1) === TRUE) {
}
// When $group_id is not properly initialized, use integer 0 as its value.
// This temporarily fixed the "Students unable to submit assignment after a recent change" bug at http://118.25.96.118/bugzilla/show_bug.cgi?id=65
if (trim($group_id) === '') { // when $group_id is an empty string or contains only whitespace characters.
$group_id = 0; // FIXME
}
$sql1 = "DELETE FROM lab_report_submissions where Lab_Report_ID=$lab_id and Student_id=$student_id and Course_Group_id=$group_id";
if ($con->query($sql1) === TRUE) {
}
$sql="INSERT INTO `lab_report_submissions`(`Submission_Date`, `Lab_Report_ID`, `Student_id`,"
. " `Course_Group_id`, `Attachment1`, `Notes`, `Attachment2`, `Attachment3`, `Attachment4`, `Status`, `Title`,`Remarking_Reason`)"
. " VALUES ('$date',$lab_id,$student_id,$group_id,'$targetfile','$instructions','$targetfile2','$targetfile3','$targetfile4',"
@ -835,15 +676,11 @@ if(strlen($_FILES['attachment1']['name']) > 2 ) {
if ($con->query($sql) === TRUE) {
if($_SESSION['Sub_Type']=='Individual')
// {
// // $con->query($sql = "UPDATE `lab_report_submissions` SET `Student_id` = ('".$student_id."') WHERE `lab_report_submissions`.`Course_Group_id` = '$group_id'");
// }
// else
{
$con->query($sql = "UPDATE `lab_report_submissions` SET `Course_Group_id` = '0' WHERE `lab_report_submissions`.`Lab_Report_ID` = '$lab_id'");
}
$_SESSION["info_courses"]=$type." Lab Report Assignment Submitted successfully.";
$_SESSION["info_courses"] = "Thanks. Your lab report assignment is submitted successfully.";
header("Location: Course.php?url=".$url);
} else {
@ -852,57 +689,23 @@ header("Location: Course.php?url=".$url);
}
// JOIN COURSE
if (!empty($_GET["JoinCourse"])) {
$id = $_GET["id"];
$student_id = $_GET["std"];
$joining = $_GET["joining"];
$status = "Pending";
if($joining == 0){ $status = "Joined";}
$sql="INSERT INTO `course_students_table`(`Course_ID`, `Student_ID`,`Status`) VALUES
('$id','$student_id','$status')";
$sql="INSERT INTO `course_students_table`(`Course_ID`, `Student_ID`,`Status`) VALUES ('$id','$student_id','$status')";
if ($con->query($sql) === TRUE) {
if($joining==0)
{
$_SESSION["info_Courses_student"]="You enroll in this Course successfully.";
$_SESSION["info_Courses_student"] = "You enrolled in this course successfully.";
}
else {
$_SESSION["info_Courses_student"] = "Course enrollment request was sent to the lecturer.";
@ -911,8 +714,6 @@ header("Location: Course.php?url=".$url);
header("Location: Courses.php");
} else {
echo "Error: " . $sql . "<br>" . $con->error;
}
@ -923,12 +724,6 @@ header("Location: Course.php?url=".$url);
#MARK LAB REPORT
if (!empty($_GET["savemarks"])) {
@ -1002,6 +797,8 @@ header("Location: Course.php?url=".$url);
#Remarking Request
if (!empty($_GET["remarking"])) {
@ -1030,6 +827,8 @@ header("Location: Course.php?url=".$url);
#Create Group Request
if (!empty($_GET["creategroup"])) {
@ -1072,7 +871,6 @@ header("Location: Course.php?url=".$url);
//---------------------------------------Invite Group Request and add a new member into the database------------------------------------
if (!empty($_GET["groupinvite"])) {
@ -1122,14 +920,8 @@ header("Location: Course.php?url=".$url);
}
}
// }
} }
}
}
@ -1168,13 +960,6 @@ header("Location: Course.php?url=".$url);
#Extend Deadline
if (!empty($_GET["extenddeadline"])) {
@ -1189,13 +974,6 @@ header("Location: Course.php?url=".$url);
$url =$_GET["url"];
$deadline=$date." ".$time;
if($type==1)
{
}
if($type==1)
{
@ -1208,12 +986,9 @@ header("Location: Course.php?url=".$url);
. "`Lab_Report_ID`, `Extended_Deadline_Date`,"
. " `ReasonsForExtension`) VALUES ($stdid,$id,'$deadline','$reason')";
}
if ($con->query($sql) === TRUE) {
@ -1230,19 +1005,6 @@ header("Location: Course.php?url=".$url);
#IGNORE Remarking Request
if (!empty($_GET["ignoreremarking"])) {
@ -1277,13 +1039,6 @@ header("Location: Course.php?url=".$url);
#Assign TA
if (!empty($_GET["assignTA"])) {
@ -1316,13 +1071,6 @@ header("Location: Course.php?url=".$url);
//ACCEPT STUDNTS JOINING COURSSS
if (!empty($_GET["AcceptStudent"])) {
@ -1350,12 +1098,8 @@ header("Location: Course.php?url=".$url);
$_SESSION["info_courses"]="Course Joining request Declined & Removed.";
}
header("Location: Courses.php");
}
else {
echo "Error: " . $sql . "<br>" . $con->error;
@ -1367,31 +1111,6 @@ header("Location: Course.php?url=".$url);
//action=passchange&uid=1&pass=1929
if (!empty($_GET["action"])) {
@ -1447,32 +1166,6 @@ if (!empty($_GET["action"])) {
// ############################### CREATE STUDENT USER ##################################
if (!empty($_POST["frm_createCourse"])) {
$name=mysqli_real_escape_string($con,$_POST["name"]);
@ -1530,9 +1223,7 @@ if (!empty($_GET["action"])) {
//exportgrade
// Export grade
if (!empty($_GET["exportgrade"])) {
@ -1599,11 +1290,4 @@ header("Pragma: no-cache");
header("Expires: 0");
print "$header\n$data";
}

138
Submissions.php
View File

@ -1,3 +1,6 @@
<?php
include 'NoDirectPhpAcess.php';
?>
<?php
$page='Courses+';
@ -11,6 +14,7 @@ include 'Header.php';
$id = $_GET["id"];
$course_id = $id;
}
if(!empty($_GET["header"]))
{
$header = $_GET["header"];
@ -27,13 +31,9 @@ include 'Header.php';
$resultx1 = mysqli_query($con,"SELECT `Lab_Report_ID`,Title, `Course_ID`, `Posted_Date`, `Deadline`, `Marks`, `Type` FROM `lab_reports_table` WHERE Lab_Report_ID=$id");
while($row = mysqli_fetch_assoc($resultx1)) {
$Report_Type = $row['Type'];
$c_id = $row['Course_ID'];
$Report_Title = $row['Title'];
}
@ -52,7 +52,7 @@ echo "<div class='alert' style='margin-left:20px;border-bottom:2px solid #1D91EF
<!-- Lecture CODE-->
<!-- Lecturer CODE-->
<?php
if( $_SESSION['user_type']=="Lecturer" || $_SESSION['user_type']=="TA")
@ -147,10 +147,10 @@ if(mysqli_num_rows($result1)==0)
{
echo "No Un-Marked Submissions for this Lab Report.";
} else { while($row = mysqli_fetch_assoc($result1)) {
} else {
while($row = mysqli_fetch_assoc($result1)) {
$title=$row['Title'];
$Marks=$row['Marks'];
//$ins=$row['Notes'];
$posted=$row['Submission_Date'];
$deadline=$row['Deadline'];
$att1=$row['Attachment1'];
@ -173,24 +173,32 @@ if(mysqli_num_rows($result1)==0)
$submitted_by="<i>(GROUP)</i> $groupname" ;
}
$full_link="<a href='~\..\Lab_Report_Submisions\\$att1'>$att1</a>";
$base_att1 = basename($att1);
$base_att2 = basename($att2);
$base_att3 = basename($att3);
$base_att4 = basename($att4);
$full_link = "<a href='~\..\Download.php?file=$att1&attachment=1'>$base_att1</a>"; // prevent students from directly accessing their classmates' submissions
if($att2!=""){
$full_link= $full_link."| <a href='~\..\Lab_Report_Submisions\\$att2'>$att2</a>";
$full_link= $full_link." | <a href='~\..\Download.php?file=$att2&attachment=2'>$base_att2</a>";
}
if($att3!=""){
$full_link= $full_link."| <a href='~\..\Lab_Report_Submisions\\$att3'>$att3</a>";
$full_link= $full_link." | <a href='~\..\Download.php?file=$att3&attachment=3'>$base_att3</a>";
}
if($att4!=""){
$full_link= $full_link."| <a href='~\..\Lab_Report_Submisions\\$att4'>$att4</a>";
$full_link= $full_link." | <a href='~\..\Download.php?file=$att4&attachment=4'>$base_att4</a>";
}
echo " <k href='#'> <div class='btn btn-default break-word' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'>
$title <br> by: <b> $submitted_by </b>
<br> <span style='font-size:8pt'>Submitted : $posted <button class='btn-sm btn-info' style='margin-left:50px;' onclick='mark($Submission_ID,\"$title\",$total)'> Mark Submission</button><br> Attachments : $full_link </span>
<br> <span style='font-size:8pt'>Submitted at $posted <button class='btn-sm btn-info' style='margin-left:50px;' onclick='mark($Submission_ID,\"$title\",$total)'> Mark Submission</button><br> Attachments : $full_link </span>
</div></k>";
}}
}
}
echo "";
?>
@ -452,98 +460,8 @@ where course_group_members_table.Course_Group_id=$id");
</div>
</div>
</div>
<?php
@ -552,16 +470,15 @@ where course_group_members_table.Course_Group_id=$id");
?>
<script src="./css/jquery-1.11.1.min.js"></script>
<script src="./css/jquery-ui.min.js"></script>
<link rel="stylesheet" href="./css/jquery-ui.css" />
<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
<script src="https://code.jquery.com/ui/1.11.1/jquery-ui.min.js"></script>
<link rel="stylesheet" href="https://code.jquery.com/ui/1.11.1/themes/smoothness/jquery-ui.css" />
<script>
function mark(id,title,marks) {
@ -595,7 +512,8 @@ where course_group_members_table.Course_Group_id=$id");
function updatev(id) {
function updatev(id)
{
try

82
SubmitLab.php
View File

@ -1,15 +1,18 @@
<?php
include 'NoDirectPhpAcess.php';
?>
<?php
$page='Submit LAB+';
include 'Header.php';
?>
<div class='row' style='width:80%;margin:auto;'>
<?php
$c_date = date("Y-m-d H:i");
$student_id=$_SESSION["user_student_id"];
$student_id = $_SESSION["user_student_id"];
if(!empty($_GET["id"]))
@ -17,13 +20,14 @@ include 'Header.php';
$id = $_GET["id"];
$url = $_GET["url"];
$result1 = mysqli_query($con," SELECT Type, `Lab_Report_ID`, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, `Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, "
. "`Attachment_link_4` FROM `lab_reports_table` WHERE Lab_Report_ID=$id and deadline > '$c_date' ORDER by Lab_Report_ID DESC");
$result1 = mysqli_query($con," SELECT `Type`, `Lab_Report_ID`, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, `Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4` FROM `lab_reports_table` WHERE Lab_Report_ID=$id and Deadline > '$c_date' ORDER by Lab_Report_ID DESC");
if(mysqli_num_rows($result1) == 0)
{
echo "No Active assignments for this course so far.";
echo "No active assignments for this course so far.";
} else { while($row = mysqli_fetch_assoc($result1)) {
} else {
while($row = mysqli_fetch_assoc($result1)) {
$Course_ID = $row['Course_ID'];
$title = $row['Title'];
@ -35,14 +39,14 @@ if(mysqli_num_rows($result1)==0)
$att3 = $row['Attachment_link_3'];
$att4 = $row['Attachment_link_4'];
$labid = $row['Lab_Report_ID'];
$type = $row['Type'];
//----------------------------------Giving both Group Admin and Group Members same priviledges to submit assignment--------------------------------------
//----------------------------------Giving both the Group Admin and Group Members same priviledges to submit assignment--------------------------------------
if($type=="Group"){
$resultx1 = mysqli_query($con,"SELECT Course_Group_id FROM `course_groups_table` WHERE (Course_id=$Course_ID) and ((Group_Member=$student_id ) or (Group_Member2=$student_id ) or (Group_Member3=$student_id ) or (Group_Member4=$student_id ) or (Group_Leader=$student_id))");
while($row = mysqli_fetch_assoc($resultx1)) {
$_SESSION["Group_ID"]=$row['Course_Group_id'];}
$_SESSION["Group_ID"] = $row['Course_Group_id'];
}
if($_SESSION["Group_ID"] < 1)
{
@ -52,8 +56,6 @@ if(mysqli_num_rows($result1)==0)
}
$full_link="<a href='~\..\Lab_Report_Assignments\\$att1'>$att1</a>";
if($att2!=""){
@ -67,45 +69,26 @@ if(mysqli_num_rows($result1)==0)
$full_link = $full_link."| <a href='~\..\Lab_Report_Assignments\\$att4'>$att4</a>";
}
echo " <div class='alert' style='margin-left:20px;border-bottom:2px solid #1D91EF;'> <a href='~\..\Courses.php?course=$url'>
Courses > $url > Submlit Lab Report > $title
<br>
</a></div>
";
// echo " <k href='#'> <div class='btn btn-default break-word' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;width:100%;'>
// $title <br> <span style='font-size:8pt'> $ins</span>
// <br> <span style='font-size:8pt'>Posted : $posted Deadline : $deadline &nbsp; &nbsp; &nbsp;<br> Attachments : $full_link </span>
//</div></k>";
echo "";
}}
}
}
}
$Group_ID = $_SESSION["Group_ID"];
?>
</div>
<div style="width:80%;margin:auto;">
<h3> Submit Lab Report Assignment </h3>
@ -115,43 +98,38 @@ if(mysqli_num_rows($result1)==0)
<div class="col-md-6">
<form method='post' enctype='multipart/form-data' action='Script.php'>
<input type='hidden' name='frm_submitlab' value='true' required=''/>
<input type='hidden' name='lab_id' value='<?php echo $id; ?>' required=''/>
<input type='hidden' name='student_id' value='<?php echo $student_id; ?>' required=''/>
<input type='hidden' name='group_id' value='<?php echo $Group_ID; ?>' required=''/>
<input type='hidden' name='url' value='<?php echo $url; ?>' required=''/>
Title
<input type='text' name='title' placeholder='Ttle' class='form-control' required=''>
Attachment 1
<input type='file' name='attachment1' placeholder='Attachment 1' class='form-control' required=''>
Attachment 2
<input type='file' name='attachment2' placeholder='Attachment 1' class='form-control'>
<input type='file' name='attachment2' placeholder='Attachment 2' class='form-control'>
</div>
<div class="col-md-6">
Attachment 3
<input type='file' name='attachment3' placeholder='Attachment 1' class='form-control' >
<input type='file' name='attachment3' placeholder='Attachment 3' class='form-control' >
Attachment 4
<input type='file' name='attachment4' placeholder='Attachment 4' class='form-control' >
<br>
<input type='submit' class='btn btn-primary' value='Submit Lab Assignment'><br>
</form>
</div>
</div>
</div>
</div>

47
index.php
View File

@ -1,16 +1,15 @@
<?php
$page='Home';
include 'Header.php';
session_start();
?>
<?php
// if the user has already logged in, then clicking the LRRS icon should not display the login page (i.e., index.php).
if (isset($_SESSION["user_fullname"])) {
header("Location: Courses.php");
}
?>
<br><br><br>
<div class="row" style="width:80%;margin:auto;">
@ -18,12 +17,11 @@ session_start();
<div class="col-md-4">
<br><br>
<img src="logo_text.png" style="width">
<h1> Lab Report Repository System </h1>
<h1> Lab Report Repository </h1>
<br><br>
</div>
<div class="col-md-4 list-group">
<br>
@ -32,6 +30,8 @@ session_start();
<div class="list-group-item">
<div class="panel-body">
<form method="post" action="Script.php" name="frm_login">
<input type="hidden" name="frm_login" value="true"/>
Student ID / Email
@ -40,7 +40,8 @@ Student ID / Email
Password
<input type="password" class="form-control" name="password" placeholder="password" required="required" />
<br>
<input type="submit" class="btn btn-primary" value="Login"><br> <a href="recover_password.php" style="font-weight:normal;color:orange">Reset my password</a>
<input type="submit" class="btn btn-primary" value="Login"><br> <a href="recover_password.php" style="font-weight:normal;color:gray">Reset my password</a>
<?php
@ -66,18 +67,18 @@ if(isset($_SESSION['infoChangePassword'])) {
?>
</form>
</div>
</div>
</div>
</div>
</div>
<div class="col-md-4 list-group">
<br>
<h4 class="list-group-item active"> Student sign up </h4>
<h4 class="list-group-item active"> Sign up </h4>
<div class="list-group-item">
<form method="post" action="Script.php" name="frm_signup_1">
@ -90,6 +91,8 @@ Your Passport / National ID
<input type="text" class="form-control" name="passport" placeholder="(Optional)">
<br>
<input type="submit" name="frm_signup_1" class="btn btn-primary" value="Next"> <br> Click Next to set up password
<?php
error_reporting(E_ALL);
@ -102,23 +105,12 @@ if(isset($_SESSION['info_signup1'])) {
</div>
</form>
</div>
</div>
</div>
<hr>
<div style="" id="footer">
@ -139,4 +131,3 @@ width:100%;
}
</style>
</html>

4
recover_password.php
View File

@ -1,3 +1,7 @@
<?php
include 'NoDirectPhpAcess.php';
?>
<?php
/*

21
signup.php
View File

@ -1,13 +1,10 @@
<?php
include 'NoDirectPhpAcess.php';
?>
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
<?php
include 'Header.php';
?>
<div class="row">
@ -16,7 +13,7 @@ include 'Header.php';
<br>
<h4 class="list-group-item active"> Sign Up </h4>
<h4 class="list-group-item active"> Please fill in each field below </h4>
<div class="list-group-item">
<div class="panel-body">
@ -30,7 +27,7 @@ include 'Header.php';
Email
<input type="text" name="email" placeholder="Email" class="form-control" value="<?php echo $_SESSION['user_email']; ?>" required="required" />
Password
Password (<i>must include uppercase and lowercase letters, digits and special characters</i>)
<input type="password" class="form-control" name="password" placeholder="password" required="required" />
Confirm Password
@ -38,22 +35,16 @@ include 'Header.php';
<br>
<input type="submit" class="btn btn-primary" value="Sign up">
<?php
error_reporting(E_ALL);
if(isset($_SESSION['info_signup2'])) {
echo '<hr><div class="alert alert-danger" role="alert">'.$_SESSION['info_signup2'].'</div>';
$_SESSION['info_signup2'] = null;
}
?>
</form>
</div>
</div>
</div>
</div>
</form>
</div>
</div>