malango
/
LRR
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: malango:0c81e0c6cb3b02319397281625c255fa4fe7660c
Branches Tags
malango:Bug460-Malango
..
compare: malango:e8bbce386a4f4a72081ec7369a112a90195086fc
Branches Tags
malango:Bug460-Malango

No commits in common. "0c81e0c6cb3b02319397281625c255fa4fe7660c" and "e8bbce386a4f4a72081ec7369a112a90195086fc" have entirely different histories.
0c81e0c6cb ... e8bbce386a

7 changed files with 150 additions and 160 deletions
Show Stats Expand all files Collapse all files

22
Admin.php
View File

@ -30,7 +30,7 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
<ul class="nav nav-tabs" id="myTab">
<li class="nav-item">
<a class="nav-link active" href="#tab-student-accounts" id="batch_tab">Enter student numbers</a>
<a class="nav-link active" href="#tab-student-accounts" id="batch_tab">Create student accounts</a>
</li>
<li class="nav-item">
@ -113,21 +113,10 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
<?php
if ($_SESSION['user_type'] == "Lecturer") {
$user_id = $_SESSION['user_id'];
echo "<script>console.log('here {$user_id}');</script>"; // debug trick
// find the TAs in the courses taught by this instructor
$ta_result = mysqli_query(
$con,
"SELECT TA FROM course_ta INNER JOIN courses_table ON course_ta.Course_ID=courses_table.Course_ID WHERE courses_table.Lecturer_User_ID=$user_id"
);
$ta_ids = array(-1); // -1 is non-existent ID
while ($row = mysqli_fetch_assoc($ta_result)) {
array_push($ta_ids, $row['TA']);
}
$ta_ids2 = implode(', ', $ta_ids);
$result = mysqli_query(
$con,
"SELECT * FROM users_table WHERE UserType in ('TA') and User_ID in ($ta_ids2)"
"SELECT * FROM users_table WHERE UserType in ('TA')"
);
}
@ -138,7 +127,6 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
);
}
$num_rows = 0;
while ($row = mysqli_fetch_assoc($result)) {
$pass = $row['Password'];
$btn = "<button class='btn btn-warning' onclick=\"updatePassword(" . $row['User_ID'] . ",'$pass')\">Reset</button>";
@ -151,10 +139,6 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
}
echo "<tr><td>" . $row['User_ID'] . "</td><td>" . $row['Full_Name'] . "</td><td>" . $row['Email'] . "</td><td>$btn</td><td>$btnBlock</td></tr>";
$num_rows += 1;
}
if ($num_rows == 0) {
echo "<p>No TA</p>";
}
?>
</table>

204
Course.php
View File

@ -194,34 +194,13 @@ include 'Header.php';
$group_id = -1;
}
$submitted_query = "SELECT Lab_Report_ID FROM lab_report_submissions WHERE (Student_id = $student_id OR Course_Group_id = $group_id)";
$submitted_result = mysqli_query($con, $submitted_query);
$result = mysqli_query($con,"SELECT Lab_Report_ID, Marks, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, lab_reports_table.Title, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4` FROM `lab_reports_table` WHERE Lab_Report_ID not in (select Lab_Report_ID from lab_report_submissions where (Student_id=$student_id or Course_Group_id=$group_id)) and Course_ID=$course_id and Deadline < '$c_date' ORDER by Lab_Report_ID DESC");
if (!$submitted_result) {
die('Query failed: ' . mysqli_error($con));
}
if(mysqli_num_rows($result) == 0)
{
echo '<br><div class="alert alert-warning">You missed no lab reports.</div>';
// We initialized an empty array to hold the Lab_Report_IDs
$submitted_lab_report_ids = [];
// Then we fetched all Lab_Report_IDs and stored them in the array
while ($row = mysqli_fetch_assoc($submitted_result)) {
$submitted_lab_report_ids[] = $row['Lab_Report_ID'];
}
// We converted the array to a comma-separated string, for use in the main query
$submitted_lab_report_ids_list = implode(',', $submitted_lab_report_ids);
// Check if the list is empty and handle it
if (empty($submitted_lab_report_ids_list)) {
$submitted_lab_report_ids_list = 'NULL'; // Handle appropriately
}
// Now, we use the variable in our main query
$result = mysqli_query($con, "SELECT Lab_Report_ID, Marks, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, lab_reports_table.Title, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4` FROM `lab_reports_table` WHERE Lab_Report_ID NOT IN ($submitted_lab_report_ids_list) AND Course_ID = $course_id AND Deadline < '$c_date' ORDER BY Lab_Report_ID DESC");
if(mysqli_num_rows($result) == 0) {
echo '<br><div class="alert alert-warning">You missed no lab reports.</div>';
} else {
} else {
while($row = mysqli_fetch_assoc($result)) {
$title = $row['Title'];
$marks = $row['Marks'];
@ -272,101 +251,108 @@ if(mysqli_num_rows($result) == 0) {
<div id="menu3" class="tab-pane <?php if ($_GET['tab'] == 'Submitted') echo 'active'; ?>">
<?php
$group_id = $_SESSION['group_id'];
if ($group_id == "") {
$group_id = -1;
} // This fixes "Submitted report not shown" http://118.25.96.118/bugzilla/show_bug.cgi?id=176
<div id="menu3" class="tab-pane <?php if ($_GET['tab'] == 'Submitted') echo 'active'; ?>">
<?php
$sql_stmt = "SELECT Lab_Report_ID, Marks, Course_ID, Posted_Date, Deadline, Instructions, lab_reports_table.Title, Attachment_link_1, Attachment_link_2, Attachment_link_3, Attachment_link_4
FROM lab_reports_table
WHERE Lab_Report_ID IN
(
SELECT Lab_Report_ID
FROM lab_report_submissions
WHERE Status='Pending' AND (Student_id=$student_id OR Course_Group_id=$group_id) AND Course_ID=$course_id
)
ORDER BY Lab_Report_ID DESC";
$group_id = $_SESSION['group_id'];
if($group_id == "") {
$group_id = -1;
} // This fixes "Submitted report not shown" http://118.25.96.118/bugzilla/show_bug.cgi?id=176
$resultx = mysqli_query($con, $sql_stmt);
if (mysqli_num_rows($resultx) == 0) {
echo '<br><div class="alert alert-warning">You have no unmarked submissions. Check the Marked tab for your marked submissions (if any).</div>';
} else {
while ($row = mysqli_fetch_assoc($resultx)) {
$lab_repo_id = $row['Lab_Report_ID'];
$title = $row['Title'];
$marks = $row['Marks'];
$ins = $row['Instructions'];
$posted = $row['Posted_Date'];
$deadline = $row['Deadline'];
$att1 = $row['Attachment_link_1'];
$att2 = $row['Attachment_link_2'];
$att3 = $row['Attachment_link_3'];
$att4 = $row['Attachment_link_4'];
$id = $row['Lab_Report_ID'];
$sql_stmt = "SELECT Lab_Report_ID, Marks, Course_ID, Posted_Date, Deadline, Instructions, lab_reports_table.Title, Attachment_link_1, Attachment_link_2, Attachment_link_3, Attachment_link_4
FROM lab_reports_table
WHERE Lab_Report_ID IN
(
SELECT Lab_Report_ID
FROM lab_report_submissions
WHERE Status='Pending' AND (Student_id=$student_id OR Course_Group_id=$group_id) AND Course_ID=$course_id
)
ORDER BY Lab_Report_ID DESC";
if ($c_date < $deadline) {
$submittedx = "<a href='~\..\SubmitLab.php?id=$id&url=$url' class='btn btn-sm btn-light'>Re-submit</a>";
}
$resultx = mysqli_query($con, $sql_stmt);
if(mysqli_num_rows($resultx) == 0) {
echo '<br><div class="alert alert-warning">You have no unmarked submissions. Check the Marked tab for your marked submissions (if any).</div>';
} else {
while($row = mysqli_fetch_assoc($resultx)) {
$lab_repo_id = $row['Lab_Report_ID'];
$title = $row['Title'];
$marks = $row['Marks'];
$ins = $row['Instructions'];
$posted = $row['Posted_Date'];
$deadline = $row['Deadline'];
$att1 = $row['Attachment_link_1'];
$att2 = $row['Attachment_link_2'];
$att3 = $row['Attachment_link_3'];
$att4 = $row['Attachment_link_4'];
$id = $row['Lab_Report_ID'];
echo "<div class='btn btn-default break-word' style='dislay:block; word-wrap:break-word; border:1px solid #F0F0F0; border-left:1px solid #eee;'>
$title ($marks Marks) &nbsp; <i class='fa fa-check-circle'></i>SUBMITTED<br>
<span style='font-size:8pt'> $ins </span> <br>
<small>Posted: $posted &nbsp; Deadline: $deadline</small> &nbsp;&nbsp;&nbsp; $submittedx &nbsp; <br>
<small>Submitted files: ";
if ($c_date < $deadline) {
$submittedx = "<a href='~\..\SubmitLab.php?id=$id&url=$url' class='btn btn-sm btn-light'>Re-submit</a>";
}
$Sub_result = mysqli_query($con, "
SELECT Submission_ID, Submission_Date, lab_report_submissions.Lab_Report_ID,
lab_report_submissions.Student_id AS sub_std, lab_report_submissions.Course_Group_id,
Attachment1, Notes, Attachment2, Attachment3, Attachment4, Marks,
lab_report_submissions.Status, Title, users_table.Full_Name
FROM lab_report_submissions
LEFT JOIN users_table ON users_table.Student_ID = lab_report_submissions.Student_id
WHERE Lab_Report_ID = $lab_repo_id
AND (lab_report_submissions.Student_id = '$student_id'OR lab_report_submissions.Course_Group_id = $group_id)");
$full_link = "<a href='~\..\Lab_Report_Assignments\\$att1'>$att1</a>";
if (mysqli_num_rows($Sub_result) == 0) {
echo "No Attachments found.";
} else {
// An array for tracking displayed attachments
$attachments = [];
if ($att2 != "") {
$full_link = $full_link."| <a href='~\..\Lab_Report_Assignments\\$att2'>$att2</a>";
}
while ($row = mysqli_fetch_assoc($Sub_result)) {
$att1 = $row['Attachment1'];
$att2 = $row['Attachment2'];
$att3 = $row['Attachment3'];
$att4 = $row['Attachment4'];
if ($att3 != "") {
$full_link = $full_link."| <a href='~\..\Lab_Report_Assignments\\$att3'>$att3</a>";
}
// Check and add attachments to the array if not already added
if ($att1 != "" && !in_array($att1, $attachments)) {
$attachments[] = "<a href='~\..\Download.php?file=$att1&attachment=1'>" . basename($att1) . "</a>";
}
if ($att2 != "" && !in_array($att2, $attachments)) {
$attachments[] = "<a href='~\..\Download.php?file=$att2&attachment=2'>" . basename($att2) . "</a>";
}
if ($att3 != "" && !in_array($att3, $attachments)) {
$attachments[] = "<a href='~\..\Download.php?file=$att3&attachment=3'>" . basename($att3) . "</a>";
}
if ($att4 != "" && !in_array($att4, $attachments)) {
$attachments[] = "<a href='~\..\Download.php?file=$att4&attachment=4'>" . basename($att4) . "</a>";
}
}
if ($att4 != "") {
$full_link = $full_link."| <a href='~\..\Lab_Report_Assignments\\$att4'>$att4</a>";
}
// Remove duplicates from attachments array
$attachments = array_unique($attachments);
echo "<div class='btn btn-default break-word' style='dislay:block; word-wrap:break-word; border:1px solid #F0F0F0; border-left:1px solid #eee;'>
$title ($marks Marks) &nbsp; <i class='fa fa-check-circle'></i>SUBMITTED<br>
<span style='font-size:8pt'> $ins </span> <br>
<small>Posted: $posted &nbsp; Deadline: $deadline</small> &nbsp;&nbsp;&nbsp; $submittedx &nbsp; <br>
<small>Submitted files: ";
// Create a string from the array for display
$full_links = implode(" | ", $attachments);
$Sub_result = mysqli_query($con,"SELECT Submission_ID, Submission_Date, lab_report_submissions.Lab_Report_ID, lab_report_submissions.Student_id sub_std, lab_report_submissions.Course_Group_id, Attachment1, Notes, Attachment2, Attachment3, Attachment4, Marks, lab_report_submissions.Status, Title,users_table.Full_Name, course_group_members_table.Student_ID
FROM lab_report_submissions
LEFT JOIN users_table ON users_table.Student_ID=lab_report_submissions.Student_id
LEFT JOIN course_group_members_table ON course_group_members_table.Course_Group_id=lab_report_submissions.Course_Group_id
WHERE Lab_Report_ID=$lab_repo_id AND lab_report_submissions.Student_id='$student_id'");
// Display submitted files
echo $full_links;
}
if(mysqli_num_rows($Sub_result) == 0) {
echo "No Attachments found.";
} else {
while($row = mysqli_fetch_assoc($Sub_result)) {
$att1 = $row['Attachment1'];
$att2 = $row['Attachment2'];
$att3 = $row['Attachment3'];
$att4 = $row['Attachment4'];
$base_att1 = basename(rawurldecode($att1));
$base_att2 = basename(rawurldecode($att2));
$base_att3 = basename(rawurldecode($att3));
$base_att4 = basename(rawurldecode($att4));
echo "</small></div>";
}
}
?>
$full_link = "<a href='~\..\Download.php?file=$att1&attachment=1'>$base_att1</a>"; // prevent students from directly accessing their classmates' submissions
if ($att2 != "") {
$full_link= $full_link." | <a href='~\..\Download.php?file=$att2&attachment=2'>$base_att2</a>";
}
if ($att3 != "") {
$full_link= $full_link." | <a href='~\..\Download.php?file=$att3&attachment=3'>$base_att3</a>";
}
if ($att4 != "") {
$full_link= $full_link." | <a href='~\..\Download.php?file=$att4&attachment=4'>$base_att4</a>";
}
echo $full_link;
}
}
echo "</small></div>";
}
}
echo "";
?>
</div>

2
Courses.php
View File

@ -324,7 +324,7 @@ include 'Header.php';
}
echo "</div>";
$resultx1 = mysqli_query($con, "SELECT DISTINCT course_students_table.Student_ID, users_table.Full_Name
$resultx1 = mysqli_query($con, "SELECT course_students_table.Student_ID, users_table.Full_Name
FROM course_students_table
INNER JOIN users_table on users_table.Student_ID=course_students_table.Student_ID
WHERE Course_ID=$course_id");

9
Header.php
View File

@ -4,16 +4,11 @@ error_reporting(0);
date_default_timezone_set('Asia/Shanghai');
include "get_mysql_credentials.php";
try {
$con = mysqli_connect("localhost", $mysql_username, $mysql_password, "lrr");
} catch (mysqli_sql_exception $e) {
echo $e->getMessage();
}
$con = mysqli_connect("localhost", $mysql_username, $mysql_password, "lrr");
// Check database connection
if (mysqli_connect_errno()) {
echo " Error number: ".mysqli_connect_errno();
exit();
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
?>

45
Script.php
View File

@ -290,6 +290,51 @@ if (!empty($_POST["form_recover_password"])) {
}
}
// ################################ RESET Password #####################################
if (!empty($_POST["form_reset_password"])) {
$password = mysqli_real_escape_string($con, $_POST["password"]);
$token = mysqli_real_escape_string($con, $_POST["token"]);
$email = mysqli_real_escape_string($con, $_POST["email"]);
$result = mysqli_query(
$con,
"SELECT * FROM Users_Table WHERE email='$email'"
);
if (mysqli_num_rows($result) == 0) {
echo "invalid email";
return;
} else {
while ($row = mysqli_fetch_assoc($result)) {
$userid = $row['User_ID'];
$email = $row['Email'];
$id = $row['Student_ID'];
$user_token = $userid * $userid * $userid + $userid * 0.00343;
if ($user_token == $token) {
// Password Update
// Password Update
$hashed_password = hash('sha512', $password);
$sql = "UPDATE users_table set HashPassword='$hashed_password' where User_ID='$userid';";
if ($con->query($sql) === TRUE) {
error_reporting(0);
$_SESSION["info_login"] = " Password changed successfully , you can login now with your new password ";
header("Location: index.php");
} else {
echo "Error: " . $sql . "<br>" . $con->error;
}
} else {
echo "Invalid Token ";
}
}
}
}
// ############################### CREATE Lecturer/TA USER ##################################
if (!empty($_POST["form_createlecturer"])){
$email = mysqli_real_escape_string($con, $_POST["email"]);

5
lrr_database.sql
View File

@ -136,7 +136,7 @@ INSERT INTO `course_students_table` (`Course_ID`, `Student_ID`, `ID`, `Status`)
(10, '201825800050', 13, 'Joined'),
(10, '201825800054', 14, 'Joined'),
(12, '201632120150', 15, 'Joined'),
(12, '201632120150', 16, 'Joined'),
(12, '2016321201502', 16, 'Joined'),
(12, '201825800050', 17, 'Joined');
-- --------------------------------------------------------
@ -200,7 +200,7 @@ CREATE TABLE `lab_reports_table` (
INSERT INTO `lab_reports_table` (`Lab_Report_ID`, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, `Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`, `Marks`, `Type`) VALUES
(1, 10, '2019-01-11 16:52', '2019-02-11 17:00', 'Description of the lab....', 'Reading 1', '700IMPORTANT WORDS.txt', '', '', '', '4', 'Individual'),
(2, 10, '2024-09-29 11:12', '2025-07-30 23:59', 'Read this paper http://sunnyday.mit.edu/16.355/budgen-david.pdf', 'Reading 2', '586LRR-Test-caseS.pdf', '', '', '', '6', 'Individual'),
(2, 10, '2024-09-29 11:12', '2024-12-30 23:59', 'Read this paper http://sunnyday.mit.edu/16.355/budgen-david.pdf', 'Reading 2', '586LRR-Test-caseS.pdf', '', '', '', '6', 'Individual'),
(3, 12, '2020-04-05 02:48', '2020-04-12 ', 'Do this assignment in time for testing', 'First Assignment Testing', '', '', '', '', '3', 'Group'),
(4, 12, '2020-04-05 05:36', '2020-04-06 ', 'We are testing to see if the instructor can be able to modify the work', 'Second Assignment Testing', '', '', '', '', '3', 'Individual'),
(5, 12, '2020-04-05 05:51', '2020-04-08 ', 'ASQDASDASCDD', 'Third Assignment Testingas', '', '', '', '', '3', 'Individual'),
@ -286,7 +286,6 @@ CREATE TABLE `users_table` (
INSERT INTO `users_table` (`User_ID`, `Email`, `Password`, `HashPassword`, `Full_Name`, `UserType`, `Student_ID`, `Passport_Number`, `Status`) VALUES
(3, 'admin@qq.com', '$2y$10$8GCG6lTo1LFRD3bOkAyKYeOMOrFSBUgrTxaPLS5ynWN1bYDHf89pO', '', 'Kamal', 'Admin', '0', NULL, 'Active'),
(7, 'peter@qq.com', '$2y$10$8GCG6lTo1LFRD3bOkAyKYeOMOrFSBUgrTxaPLS5ynWN1bYDHf89pO', '', 'Peter', 'Lecturer', NULL, '123', 'Active'),
(8, 'lanhui@qq.com', '$2y$10$8GCG6lTo1LFRD3bOkAyKYeOMOrFSBUgrTxaPLS5ynWN1bYDHf89pO', '', 'Lanhui', 'Lecturer', NULL, '123', 'Active'),
(9, 'mohamed@qq.com', '$2y$10$8GCG6lTo1LFRD3bOkAyKYeOMOrFSBUgrTxaPLS5ynWN1bYDHf89pO', '', 'Mohamed', 'Student', '201825800050', 'P00581929', 'Active'),
(10, 'mark@qq.com', '123', '', 'Mark ', 'TA', NULL, '123', 'Active'),

23
test/SeleniumHui/test_lrr.py
View File

@ -68,10 +68,8 @@ def test_lecturer_can_post_assignment(driver, url, restore_database):
login(driver, url, 'lanhui@qq.com', '123')
# Create an assignment called Take-home quiz 1 for course (CSC1111) - Project Management
elem = WebDriverWait(driver, 10).until(
EC.element_to_be_clickable((By.XPATH, '//div[@class="col-md-8"]/a[1]/div'))
)
elem.click()
elems = driver.find_elements(By.CLASS_NAME, 'btn-default')
elems[1].click()
elem = driver.find_element(By.NAME, 'deadlinedate')
elem.send_keys('002024/12/30')
elem = driver.find_element(By.NAME, 'deadlinetime')
@ -333,20 +331,3 @@ def test_lecturer_can_mark_assignment(driver, url, restore_database):
elems[1].click()
elem = driver.find_element(By.XPATH, "//div[@id='menu2']/div/b")
assert 'Reading 1 submission' in elem.text
def test_lecturer_cannot_see_tas_not_from_his_course(driver, url, restore_database):
# Lecturer lanhui@qq.com logs in
driver.maximize_window()
login(driver, url, 'peter@qq.com', '123')
elem = driver.find_element(By.ID, 'admin_tab')
elem.click()
tab = driver.find_element(By.ID, 'existing_accounts_tab')
tab.click()
elem = driver.find_element(By.ID, 'tab-existing-accounts')
assert 'No TA' in elem.text
# Logout
logout(driver)
driver.quit()