malango
/
LRR
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: malango:e8bbce386a4f4a72081ec7369a112a90195086fc
Branches Tags
malango:Bug460-Malango
...
compare: malango:0c81e0c6cb3b02319397281625c255fa4fe7660c
Branches Tags
malango:Bug460-Malango

10 Commits
e8bbce386a ... 0c81e0c6cb

Author SHA1 Message Date
LUSAJO ANDE MALANG 0c81e0c6cb Fix Bug #460 - Group Assignment Attachment Issues in Course.php 
This commit resolves two critical issues in group assignment attachments:

1. Duplicate Filename Issue:
- Implemented $attachments array to track unique files
- Added filtering logic using implode() to prevent redundant display

2. Attachment Visibility Issue:
- Modified SQL query to retrieve attachments by group ID
- All group members can now view all submitted attachments

Testing:
- Verified duplicate filenames are properly deduplicated
- Confirmed all group members can access attachments

Affected Components:
- course.php
- Database queries for group submissions

Contributors:
- Malango Lusajo Ande (202420781744)
- Godswill Bassey Udotung (202420781746)
 2025-05-01 16:06:43 +08:00
Lan Hui 21918cf883 Extend assignment due date so that it can pass my tests 2025-02-22 10:08:41 +08:00
Lan Hui 62966c82fa Script.php: remove RESET Password stuff because there is no form with ID 'form_reset_password' 2024-10-26 09:46:29 +08:00
Lan Hui bc77fa1aa4 Update starter DB data so that the course_sutdents_table contains duplicate student-course info. 2024-10-26 09:38:44 +08:00
Lan Hui 9a4a8d2818 Courses.php: Fix Bug 36 2024-10-26 09:32:16 +08:00
Lan Hui 07ba57eebb Fix bug 195. 2024-10-10 15:35:00 +08:00
Lan Hui 1f602e3db2 Fix bug 204: use better parameter name. 2024-10-08 09:41:45 +08:00
Lan Hui 5ce55c3f1e Fix bug 204 2024-10-08 09:34:09 +08:00
Lan Hui 9d170fea87 Fix bug 484 2024-10-07 07:52:22 +08:00
Lan Hui 0f42a68461 Fix bug 558 2024-10-06 09:39:58 +08:00
7 changed files with 160 additions and 150 deletions
Show Stats Expand all files Collapse all files

22
Admin.php
View File

@ -30,7 +30,7 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
<ul class="nav nav-tabs" id="myTab">
<li class="nav-item">
<a class="nav-link active" href="#tab-student-accounts" id="batch_tab">Create student accounts</a>
<a class="nav-link active" href="#tab-student-accounts" id="batch_tab">Enter student numbers</a>
</li>
<li class="nav-item">
@ -113,10 +113,21 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
<?php
if ($_SESSION['user_type'] == "Lecturer") {
$user_id = $_SESSION['user_id'];
echo "<script>console.log('here {$user_id}');</script>"; // debug trick
// find the TAs in the courses taught by this instructor
$ta_result = mysqli_query(
$con,
"SELECT TA FROM course_ta INNER JOIN courses_table ON course_ta.Course_ID=courses_table.Course_ID WHERE courses_table.Lecturer_User_ID=$user_id"
);
$ta_ids = array(-1); // -1 is non-existent ID
while ($row = mysqli_fetch_assoc($ta_result)) {
array_push($ta_ids, $row['TA']);
}
$ta_ids2 = implode(', ', $ta_ids);
$result = mysqli_query(
$con,
"SELECT * FROM users_table WHERE UserType in ('TA')"
"SELECT * FROM users_table WHERE UserType in ('TA') and User_ID in ($ta_ids2)"
);
}
@ -127,6 +138,7 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
);
}
$num_rows = 0;
while ($row = mysqli_fetch_assoc($result)) {
$pass = $row['Password'];
$btn = "<button class='btn btn-warning' onclick=\"updatePassword(" . $row['User_ID'] . ",'$pass')\">Reset</button>";
@ -139,6 +151,10 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
}
echo "<tr><td>" . $row['User_ID'] . "</td><td>" . $row['Full_Name'] . "</td><td>" . $row['Email'] . "</td><td>$btn</td><td>$btnBlock</td></tr>";
$num_rows += 1;
}
if ($num_rows == 0) {
echo "<p>No TA</p>";
}
?>
</table>

204
Course.php
View File

@ -194,13 +194,34 @@ include 'Header.php';
$group_id = -1;
}
$result = mysqli_query($con,"SELECT Lab_Report_ID, Marks, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, lab_reports_table.Title, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4` FROM `lab_reports_table` WHERE Lab_Report_ID not in (select Lab_Report_ID from lab_report_submissions where (Student_id=$student_id or Course_Group_id=$group_id)) and Course_ID=$course_id and Deadline < '$c_date' ORDER by Lab_Report_ID DESC");
$submitted_query = "SELECT Lab_Report_ID FROM lab_report_submissions WHERE (Student_id = $student_id OR Course_Group_id = $group_id)";
$submitted_result = mysqli_query($con, $submitted_query);
if(mysqli_num_rows($result) == 0)
{
echo '<br><div class="alert alert-warning">You missed no lab reports.</div>';
if (!$submitted_result) {
die('Query failed: ' . mysqli_error($con));
}
} else {
// We initialized an empty array to hold the Lab_Report_IDs
$submitted_lab_report_ids = [];
// Then we fetched all Lab_Report_IDs and stored them in the array
while ($row = mysqli_fetch_assoc($submitted_result)) {
$submitted_lab_report_ids[] = $row['Lab_Report_ID'];
}
// We converted the array to a comma-separated string, for use in the main query
$submitted_lab_report_ids_list = implode(',', $submitted_lab_report_ids);
// Check if the list is empty and handle it
if (empty($submitted_lab_report_ids_list)) {
$submitted_lab_report_ids_list = 'NULL'; // Handle appropriately
}
// Now, we use the variable in our main query
$result = mysqli_query($con, "SELECT Lab_Report_ID, Marks, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, lab_reports_table.Title, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4` FROM `lab_reports_table` WHERE Lab_Report_ID NOT IN ($submitted_lab_report_ids_list) AND Course_ID = $course_id AND Deadline < '$c_date' ORDER BY Lab_Report_ID DESC");
if(mysqli_num_rows($result) == 0) {
echo '<br><div class="alert alert-warning">You missed no lab reports.</div>';
} else {
while($row = mysqli_fetch_assoc($result)) {
$title = $row['Title'];
$marks = $row['Marks'];
@ -251,108 +272,101 @@ include 'Header.php';
<div id="menu3" class="tab-pane <?php if ($_GET['tab'] == 'Submitted') echo 'active'; ?>">
<?php
<div id="menu3" class="tab-pane <?php if ($_GET['tab'] == 'Submitted') echo 'active'; ?>">
<?php
$group_id = $_SESSION['group_id'];
if ($group_id == "") {
$group_id = -1;
} // This fixes "Submitted report not shown" http://118.25.96.118/bugzilla/show_bug.cgi?id=176
$group_id = $_SESSION['group_id'];
if($group_id == "") {
$group_id = -1;
} // This fixes "Submitted report not shown" http://118.25.96.118/bugzilla/show_bug.cgi?id=176
$sql_stmt = "SELECT Lab_Report_ID, Marks, Course_ID, Posted_Date, Deadline, Instructions, lab_reports_table.Title, Attachment_link_1, Attachment_link_2, Attachment_link_3, Attachment_link_4
FROM lab_reports_table
WHERE Lab_Report_ID IN
(
SELECT Lab_Report_ID
FROM lab_report_submissions
WHERE Status='Pending' AND (Student_id=$student_id OR Course_Group_id=$group_id) AND Course_ID=$course_id
)
ORDER BY Lab_Report_ID DESC";
$sql_stmt = "SELECT Lab_Report_ID, Marks, Course_ID, Posted_Date, Deadline, Instructions, lab_reports_table.Title, Attachment_link_1, Attachment_link_2, Attachment_link_3, Attachment_link_4
FROM lab_reports_table
WHERE Lab_Report_ID IN
(
SELECT Lab_Report_ID
FROM lab_report_submissions
WHERE Status='Pending' AND (Student_id=$student_id OR Course_Group_id=$group_id) AND Course_ID=$course_id
)
ORDER BY Lab_Report_ID DESC";
$resultx = mysqli_query($con, $sql_stmt);
if (mysqli_num_rows($resultx) == 0) {
echo '<br><div class="alert alert-warning">You have no unmarked submissions. Check the Marked tab for your marked submissions (if any).</div>';
} else {
while ($row = mysqli_fetch_assoc($resultx)) {
$lab_repo_id = $row['Lab_Report_ID'];
$title = $row['Title'];
$marks = $row['Marks'];
$ins = $row['Instructions'];
$posted = $row['Posted_Date'];
$deadline = $row['Deadline'];
$att1 = $row['Attachment_link_1'];
$att2 = $row['Attachment_link_2'];
$att3 = $row['Attachment_link_3'];
$att4 = $row['Attachment_link_4'];
$id = $row['Lab_Report_ID'];
$resultx = mysqli_query($con, $sql_stmt);
if(mysqli_num_rows($resultx) == 0) {
echo '<br><div class="alert alert-warning">You have no unmarked submissions. Check the Marked tab for your marked submissions (if any).</div>';
} else {
while($row = mysqli_fetch_assoc($resultx)) {
$lab_repo_id = $row['Lab_Report_ID'];
$title = $row['Title'];
$marks = $row['Marks'];
$ins = $row['Instructions'];
$posted = $row['Posted_Date'];
$deadline = $row['Deadline'];
$att1 = $row['Attachment_link_1'];
$att2 = $row['Attachment_link_2'];
$att3 = $row['Attachment_link_3'];
$att4 = $row['Attachment_link_4'];
$id = $row['Lab_Report_ID'];
if ($c_date < $deadline) {
$submittedx = "<a href='~\..\SubmitLab.php?id=$id&url=$url' class='btn btn-sm btn-light'>Re-submit</a>";
}
if ($c_date < $deadline) {
$submittedx = "<a href='~\..\SubmitLab.php?id=$id&url=$url' class='btn btn-sm btn-light'>Re-submit</a>";
}
echo "<div class='btn btn-default break-word' style='dislay:block; word-wrap:break-word; border:1px solid #F0F0F0; border-left:1px solid #eee;'>
$title ($marks Marks) &nbsp; <i class='fa fa-check-circle'></i>SUBMITTED<br>
<span style='font-size:8pt'> $ins </span> <br>
<small>Posted: $posted &nbsp; Deadline: $deadline</small> &nbsp;&nbsp;&nbsp; $submittedx &nbsp; <br>
<small>Submitted files: ";
$full_link = "<a href='~\..\Lab_Report_Assignments\\$att1'>$att1</a>";
$Sub_result = mysqli_query($con, "
SELECT Submission_ID, Submission_Date, lab_report_submissions.Lab_Report_ID,
lab_report_submissions.Student_id AS sub_std, lab_report_submissions.Course_Group_id,
Attachment1, Notes, Attachment2, Attachment3, Attachment4, Marks,
lab_report_submissions.Status, Title, users_table.Full_Name
FROM lab_report_submissions
LEFT JOIN users_table ON users_table.Student_ID = lab_report_submissions.Student_id
WHERE Lab_Report_ID = $lab_repo_id
AND (lab_report_submissions.Student_id = '$student_id'OR lab_report_submissions.Course_Group_id = $group_id)");
if ($att2 != "") {
$full_link = $full_link."| <a href='~\..\Lab_Report_Assignments\\$att2'>$att2</a>";
}
if (mysqli_num_rows($Sub_result) == 0) {
echo "No Attachments found.";
} else {
// An array for tracking displayed attachments
$attachments = [];
if ($att3 != "") {
$full_link = $full_link."| <a href='~\..\Lab_Report_Assignments\\$att3'>$att3</a>";
}
while ($row = mysqli_fetch_assoc($Sub_result)) {
$att1 = $row['Attachment1'];
$att2 = $row['Attachment2'];
$att3 = $row['Attachment3'];
$att4 = $row['Attachment4'];
if ($att4 != "") {
$full_link = $full_link."| <a href='~\..\Lab_Report_Assignments\\$att4'>$att4</a>";
}
// Check and add attachments to the array if not already added
if ($att1 != "" && !in_array($att1, $attachments)) {
$attachments[] = "<a href='~\..\Download.php?file=$att1&attachment=1'>" . basename($att1) . "</a>";
}
if ($att2 != "" && !in_array($att2, $attachments)) {
$attachments[] = "<a href='~\..\Download.php?file=$att2&attachment=2'>" . basename($att2) . "</a>";
}
if ($att3 != "" && !in_array($att3, $attachments)) {
$attachments[] = "<a href='~\..\Download.php?file=$att3&attachment=3'>" . basename($att3) . "</a>";
}
if ($att4 != "" && !in_array($att4, $attachments)) {
$attachments[] = "<a href='~\..\Download.php?file=$att4&attachment=4'>" . basename($att4) . "</a>";
}
}
echo "<div class='btn btn-default break-word' style='dislay:block; word-wrap:break-word; border:1px solid #F0F0F0; border-left:1px solid #eee;'>
$title ($marks Marks) &nbsp; <i class='fa fa-check-circle'></i>SUBMITTED<br>
<span style='font-size:8pt'> $ins </span> <br>
<small>Posted: $posted &nbsp; Deadline: $deadline</small> &nbsp;&nbsp;&nbsp; $submittedx &nbsp; <br>
<small>Submitted files: ";
// Remove duplicates from attachments array
$attachments = array_unique($attachments);
$Sub_result = mysqli_query($con,"SELECT Submission_ID, Submission_Date, lab_report_submissions.Lab_Report_ID, lab_report_submissions.Student_id sub_std, lab_report_submissions.Course_Group_id, Attachment1, Notes, Attachment2, Attachment3, Attachment4, Marks, lab_report_submissions.Status, Title,users_table.Full_Name, course_group_members_table.Student_ID
FROM lab_report_submissions
LEFT JOIN users_table ON users_table.Student_ID=lab_report_submissions.Student_id
LEFT JOIN course_group_members_table ON course_group_members_table.Course_Group_id=lab_report_submissions.Course_Group_id
WHERE Lab_Report_ID=$lab_repo_id AND lab_report_submissions.Student_id='$student_id'");
// Create a string from the array for display
$full_links = implode(" | ", $attachments);
if(mysqli_num_rows($Sub_result) == 0) {
echo "No Attachments found.";
} else {
while($row = mysqli_fetch_assoc($Sub_result)) {
$att1 = $row['Attachment1'];
$att2 = $row['Attachment2'];
$att3 = $row['Attachment3'];
$att4 = $row['Attachment4'];
$base_att1 = basename(rawurldecode($att1));
$base_att2 = basename(rawurldecode($att2));
$base_att3 = basename(rawurldecode($att3));
$base_att4 = basename(rawurldecode($att4));
// Display submitted files
echo $full_links;
}
$full_link = "<a href='~\..\Download.php?file=$att1&attachment=1'>$base_att1</a>"; // prevent students from directly accessing their classmates' submissions
if ($att2 != "") {
$full_link= $full_link." | <a href='~\..\Download.php?file=$att2&attachment=2'>$base_att2</a>";
}
if ($att3 != "") {
$full_link= $full_link." | <a href='~\..\Download.php?file=$att3&attachment=3'>$base_att3</a>";
}
if ($att4 != "") {
$full_link= $full_link." | <a href='~\..\Download.php?file=$att4&attachment=4'>$base_att4</a>";
}
echo $full_link;
}
}
echo "</small></div>";
}
}
echo "";
?>
echo "</small></div>";
}
}
?>
</div>

2
Courses.php
View File

@ -324,7 +324,7 @@ include 'Header.php';
}
echo "</div>";
$resultx1 = mysqli_query($con, "SELECT course_students_table.Student_ID, users_table.Full_Name
$resultx1 = mysqli_query($con, "SELECT DISTINCT course_students_table.Student_ID, users_table.Full_Name
FROM course_students_table
INNER JOIN users_table on users_table.Student_ID=course_students_table.Student_ID
WHERE Course_ID=$course_id");

9
Header.php
View File

@ -4,11 +4,16 @@ error_reporting(0);
date_default_timezone_set('Asia/Shanghai');
include "get_mysql_credentials.php";
$con = mysqli_connect("localhost", $mysql_username, $mysql_password, "lrr");
try {
$con = mysqli_connect("localhost", $mysql_username, $mysql_password, "lrr");
} catch (mysqli_sql_exception $e) {
echo $e->getMessage();
}
// Check database connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
echo " Error number: ".mysqli_connect_errno();
exit();
}
?>

45
Script.php
View File

@ -290,51 +290,6 @@ if (!empty($_POST["form_recover_password"])) {
}
}
// ################################ RESET Password #####################################
if (!empty($_POST["form_reset_password"])) {
$password = mysqli_real_escape_string($con, $_POST["password"]);
$token = mysqli_real_escape_string($con, $_POST["token"]);
$email = mysqli_real_escape_string($con, $_POST["email"]);
$result = mysqli_query(
$con,
"SELECT * FROM Users_Table WHERE email='$email'"
);
if (mysqli_num_rows($result) == 0) {
echo "invalid email";
return;
} else {
while ($row = mysqli_fetch_assoc($result)) {
$userid = $row['User_ID'];
$email = $row['Email'];
$id = $row['Student_ID'];
$user_token = $userid * $userid * $userid + $userid * 0.00343;
if ($user_token == $token) {
// Password Update
// Password Update
$hashed_password = hash('sha512', $password);
$sql = "UPDATE users_table set HashPassword='$hashed_password' where User_ID='$userid';";
if ($con->query($sql) === TRUE) {
error_reporting(0);
$_SESSION["info_login"] = " Password changed successfully , you can login now with your new password ";
header("Location: index.php");
} else {
echo "Error: " . $sql . "<br>" . $con->error;
}
} else {
echo "Invalid Token ";
}
}
}
}
// ############################### CREATE Lecturer/TA USER ##################################
if (!empty($_POST["form_createlecturer"])){
$email = mysqli_real_escape_string($con, $_POST["email"]);

5
lrr_database.sql
View File

@ -136,7 +136,7 @@ INSERT INTO `course_students_table` (`Course_ID`, `Student_ID`, `ID`, `Status`)
(10, '201825800050', 13, 'Joined'),
(10, '201825800054', 14, 'Joined'),
(12, '201632120150', 15, 'Joined'),
(12, '2016321201502', 16, 'Joined'),
(12, '201632120150', 16, 'Joined'),
(12, '201825800050', 17, 'Joined');
-- --------------------------------------------------------
@ -200,7 +200,7 @@ CREATE TABLE `lab_reports_table` (
INSERT INTO `lab_reports_table` (`Lab_Report_ID`, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, `Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`, `Marks`, `Type`) VALUES
(1, 10, '2019-01-11 16:52', '2019-02-11 17:00', 'Description of the lab....', 'Reading 1', '700IMPORTANT WORDS.txt', '', '', '', '4', 'Individual'),
(2, 10, '2024-09-29 11:12', '2024-12-30 23:59', 'Read this paper http://sunnyday.mit.edu/16.355/budgen-david.pdf', 'Reading 2', '586LRR-Test-caseS.pdf', '', '', '', '6', 'Individual'),
(2, 10, '2024-09-29 11:12', '2025-07-30 23:59', 'Read this paper http://sunnyday.mit.edu/16.355/budgen-david.pdf', 'Reading 2', '586LRR-Test-caseS.pdf', '', '', '', '6', 'Individual'),
(3, 12, '2020-04-05 02:48', '2020-04-12 ', 'Do this assignment in time for testing', 'First Assignment Testing', '', '', '', '', '3', 'Group'),
(4, 12, '2020-04-05 05:36', '2020-04-06 ', 'We are testing to see if the instructor can be able to modify the work', 'Second Assignment Testing', '', '', '', '', '3', 'Individual'),
(5, 12, '2020-04-05 05:51', '2020-04-08 ', 'ASQDASDASCDD', 'Third Assignment Testingas', '', '', '', '', '3', 'Individual'),
@ -286,6 +286,7 @@ CREATE TABLE `users_table` (
INSERT INTO `users_table` (`User_ID`, `Email`, `Password`, `HashPassword`, `Full_Name`, `UserType`, `Student_ID`, `Passport_Number`, `Status`) VALUES
(3, 'admin@qq.com', '$2y$10$8GCG6lTo1LFRD3bOkAyKYeOMOrFSBUgrTxaPLS5ynWN1bYDHf89pO', '', 'Kamal', 'Admin', '0', NULL, 'Active'),
(7, 'peter@qq.com', '$2y$10$8GCG6lTo1LFRD3bOkAyKYeOMOrFSBUgrTxaPLS5ynWN1bYDHf89pO', '', 'Peter', 'Lecturer', NULL, '123', 'Active'),
(8, 'lanhui@qq.com', '$2y$10$8GCG6lTo1LFRD3bOkAyKYeOMOrFSBUgrTxaPLS5ynWN1bYDHf89pO', '', 'Lanhui', 'Lecturer', NULL, '123', 'Active'),
(9, 'mohamed@qq.com', '$2y$10$8GCG6lTo1LFRD3bOkAyKYeOMOrFSBUgrTxaPLS5ynWN1bYDHf89pO', '', 'Mohamed', 'Student', '201825800050', 'P00581929', 'Active'),
(10, 'mark@qq.com', '123', '', 'Mark ', 'TA', NULL, '123', 'Active'),

23
test/SeleniumHui/test_lrr.py
View File

@ -68,8 +68,10 @@ def test_lecturer_can_post_assignment(driver, url, restore_database):
login(driver, url, 'lanhui@qq.com', '123')
# Create an assignment called Take-home quiz 1 for course (CSC1111) - Project Management
elems = driver.find_elements(By.CLASS_NAME, 'btn-default')
elems[1].click()
elem = WebDriverWait(driver, 10).until(
EC.element_to_be_clickable((By.XPATH, '//div[@class="col-md-8"]/a[1]/div'))
)
elem.click()
elem = driver.find_element(By.NAME, 'deadlinedate')
elem.send_keys('002024/12/30')
elem = driver.find_element(By.NAME, 'deadlinetime')
@ -331,3 +333,20 @@ def test_lecturer_can_mark_assignment(driver, url, restore_database):
elems[1].click()
elem = driver.find_element(By.XPATH, "//div[@id='menu2']/div/b")
assert 'Reading 1 submission' in elem.text
def test_lecturer_cannot_see_tas_not_from_his_course(driver, url, restore_database):
# Lecturer lanhui@qq.com logs in
driver.maximize_window()
login(driver, url, 'peter@qq.com', '123')
elem = driver.find_element(By.ID, 'admin_tab')
elem.click()
tab = driver.find_element(By.ID, 'existing_accounts_tab')
tab.click()
elem = driver.find_element(By.ID, 'tab-existing-accounts')
assert 'No TA' in elem.text
# Logout
logout(driver)
driver.quit()