2020-10-02 17:02:20 +08:00
< ? php
2021-10-18 23:37:47 +08:00
include 'NoDirectPhpAcess.php' ;
2020-10-02 17:02:20 +08:00
?>
2020-03-16 15:23:14 +08:00
< ? php
/*
2020-10-02 17:02:20 +08:00
* This file contains the main Server - side scripts for the project .
2020-03-16 15:23:14 +08:00
*/
session_start ();
2021-04-17 15:31:41 +08:00
2020-10-02 17:02:20 +08:00
date_default_timezone_set ( 'Asia/Shanghai' );
// Connect to MySQL database
2020-10-02 23:02:27 +08:00
include " get_mysql_credentials.php " ;
$con = mysqli_connect ( " localhost " , $mysql_username , $mysql_password , " lrr " );
2020-10-02 17:02:20 +08:00
2020-03-16 15:23:14 +08:00
// Check connection
2021-10-18 23:37:47 +08:00
if ( mysqli_connect_errno ()) {
2020-10-02 17:02:20 +08:00
echo " Failed to connect to MySQL: " . mysqli_connect_error ();
}
2020-03-16 15:23:14 +08:00
2020-10-02 17:02:20 +08:00
error_reporting ( 0 );
2020-03-16 15:23:14 +08:00
2020-10-02 17:02:20 +08:00
// #### FUNCTION CHECK FILE TYPES ////
2020-03-16 15:23:14 +08:00
2021-10-18 23:37:47 +08:00
function is_valid_student_number ( $student_id )
{
2020-10-02 17:02:20 +08:00
// zjnu student number has 12 digits, and starts with 20
if ( strlen ( $student_id ) == 12 && is_numeric ( $student_id ) == TRUE && substr ( $student_id , 0 , 2 ) == " 20 " )
return TRUE ;
return FALSE ;
}
// ############################### SIGN UP ##################################
2021-12-13 12:00:06 +08:00
if ( ! empty ( $_POST [ " form_signup " ])) {
$student_id = trim ( mysqli_real_escape_string ( $con , $_POST [ " user_student_id " ]));
2020-09-26 20:08:39 +08:00
// validate student number
2021-10-18 23:37:47 +08:00
if ( ! is_valid_student_number ( $student_id )) {
2021-12-13 12:00:06 +08:00
$_SESSION [ " info_signup " ] = " Invalid student number. " ;
header ( " Location: signup.php " );
2021-10-18 23:37:47 +08:00
return ;
2020-09-26 20:08:39 +08:00
}
2020-10-02 17:02:20 +08:00
// Check if this student number is a legal one
2021-10-18 23:37:47 +08:00
$result = mysqli_query ( $con , " SELECT * FROM `students_data` WHERE Student_ID=' $student_id ' " );
if ( mysqli_num_rows ( $result ) == 0 ) {
2021-12-13 12:00:06 +08:00
$_SESSION [ " info_signup " ] = " Your entered student number could not be verified. Please contact Student Management Office <lanhui at zjnu.edu.cn>. Thanks. " ;
header ( " Location: signup.php " );
2021-10-18 23:37:47 +08:00
return ;
2020-03-16 15:23:14 +08:00
}
2021-10-18 23:37:47 +08:00
2022-05-19 12:35:27 +08:00
2021-12-13 12:00:06 +08:00
// Check if the student number isn't already registered
$student_result = mysqli_query ( $con , " SELECT * FROM `users_table` WHERE Student_ID=' $student_id ' " );
if ( mysqli_num_rows ( $student_result ) > 0 ) {
2022-05-19 12:35:27 +08:00
$_SESSION [ " info_signup " ] = " This Student ID is already in use! Please contact Student Management Office <lanhui at zjnu.edu.cn> for help. " ;
2020-10-02 17:02:20 +08:00
header ( " Location: signup.php " );
return ;
2021-10-18 23:37:47 +08:00
}
2020-10-02 17:02:20 +08:00
}
2020-03-16 15:23:14 +08:00
2020-10-02 17:02:20 +08:00
// ############################### CREATE STUDENT USER ##################################
2022-05-19 12:35:27 +08:00
if ( ! empty ( $_POST [ " form_signup " ])) {
2020-12-25 22:21:40 +08:00
$fullname = mysqli_real_escape_string ( $con , $_POST [ " fullname " ]);
2021-10-18 23:37:47 +08:00
$student_id = mysqli_real_escape_string ( $con , $_POST [ " user_student_id " ]);
2020-10-02 17:02:20 +08:00
$email = mysqli_real_escape_string ( $con , $_POST [ " email " ]);
$password = mysqli_real_escape_string ( $con , $_POST [ " password " ]);
$confirmpassword = mysqli_real_escape_string ( $con , $_POST [ " confirmpassword " ]);
$_SESSION [ 'user_fullname' ] = $fullname ;
$_SESSION [ 'user_type' ] = " Student " ;
$_SESSION [ 'user_email' ] = $email ;
2021-11-24 02:55:08 +08:00
$_SESSION [ 'user_student_id' ] = $student_id ;
2020-09-29 17:38:14 +08:00
2020-03-16 15:23:14 +08:00
// check confirmed password
2021-10-18 23:37:47 +08:00
if ( strcasecmp ( $password , $confirmpassword ) != 0 ) {
2021-12-13 12:00:06 +08:00
$_SESSION [ 'info_signup' ] = " Password confirmation failed. " ;
2020-10-02 17:02:20 +08:00
$_SESSION [ 'user_fullname' ] = null ; // such that Header.php do not show the header information.
2020-09-26 20:08:39 +08:00
header ( " Location: signup.php " );
return ;
2020-03-16 15:23:14 +08:00
}
2020-09-26 20:08:39 +08:00
2020-10-02 17:02:20 +08:00
// validate email
if ( ! filter_var ( $email , FILTER_VALIDATE_EMAIL )) {
2021-12-13 12:00:06 +08:00
$_SESSION [ 'info_signup' ] = " Invalid email address. " ;
2020-10-02 17:02:20 +08:00
header ( " Location: signup.php " );
return ;
}
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
$upperLetter = preg_match ( '@[A-Z]@' , $password );
$smallLetter = preg_match ( '@[a-z]@' , $password );
$containsDigit = preg_match ( '@[0-9]@' , $password );
$containsSpecial = preg_match ( '@[^\w]@' , $password );
$containsAll = $upperLetter && $smallLetter && $containsDigit && $containsSpecial ;
// check for strong password
2021-10-18 23:37:47 +08:00
if ( ! $containsAll ) {
2021-12-13 12:00:06 +08:00
$_SESSION [ 'info_signup' ] = " Password must have at least characters that include lowercase letters, uppercase letters, numbers and sepcial characters (e.g., !?.,*^). " ;
2020-10-02 17:02:20 +08:00
header ( " Location: signup.php " );
return ;
}
// check if email is taken
$result = mysqli_query ( $con , " SELECT * FROM users_table WHERE email=' $email ' " );
if ( mysqli_num_rows ( $result ) != 0 )
2020-03-16 15:23:14 +08:00
{
2021-12-13 12:00:06 +08:00
$_SESSION [ " info_signup " ] = " Email address " . $email . " is already in use. " ;
2020-10-02 17:02:20 +08:00
$_SESSION [ 'user_fullname' ] = null ;
2021-10-18 23:37:47 +08:00
header ( " Location: signup.php " );
return ;
2020-03-16 15:23:14 +08:00
}
2020-10-02 17:02:20 +08:00
// apply password_hash()
2020-03-16 15:23:14 +08:00
$password_hash = password_hash ( $password , PASSWORD_DEFAULT );
2021-10-18 23:37:47 +08:00
$sql = " INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`, `Student_ID`) VALUES "
2020-12-25 22:21:40 +08:00
. " (' $email ',' $password_hash ',' $fullname ','Student',' $student_id ') " ;
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
if ( $con -> query ( $sql ) === TRUE ) {
2021-10-18 23:37:47 +08:00
header ( " Location: Courses.php " );
2020-10-02 17:02:20 +08:00
} else {
2021-04-29 08:53:17 +08:00
echo " Something really bad (SQL insertion error) happened during sign up. " ;
2020-10-02 17:02:20 +08:00
}
2020-03-16 15:23:14 +08:00
}
2020-10-02 17:02:20 +08:00
2020-03-16 15:23:14 +08:00
// ################################ LOGIN #####################################
if ( ! empty ( $_POST [ " frm_login " ])) {
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
$user = mysqli_real_escape_string ( $con , $_POST [ " user " ]); // user could be a 12-digit student number or an email address
$is_student_number = 0 ;
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
// Validate student number
2021-10-18 23:37:47 +08:00
if ( is_valid_student_number ( $user )) {
$is_student_number = 1 ;
2020-10-02 17:02:20 +08:00
}
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
// Validate email address if what provided is not a student number
2021-10-18 23:37:47 +08:00
if ( ! $is_student_number && ! filter_var ( $user , FILTER_VALIDATE_EMAIL )) {
2020-10-02 17:02:20 +08:00
$_SESSION [ " info_login " ] = " Invalid email address: " . " $user " ;
header ( " Location: index.php " );
return ;
}
$password = mysqli_real_escape_string ( $con , $_POST [ " password " ]);
$result = mysqli_query ( $con , " SELECT * FROM users_table WHERE (Student_ID=' $user ') OR (Email=' $user ') " );
2021-10-18 23:37:47 +08:00
if ( mysqli_num_rows ( $result ) == 0 ) {
2020-10-02 17:02:20 +08:00
$_SESSION [ " info_login " ] = " Inavlid user name information. " ;
echo $_SESSION [ " info_login " ];
2021-10-18 23:37:47 +08:00
header ( " Location: index.php " );
} else {
while ( $row = mysqli_fetch_assoc ( $result )) {
2020-10-02 17:02:20 +08:00
// verify the hashed password and unhashed password
$sha512pass = hash ( 'sha512' , $password ); // for backward compatibility. Old passwords were hashed using SHA512 algorithm.
2021-10-18 23:37:47 +08:00
if ( password_verify ( $password , $row [ " Password " ]) or $sha512pass == $row [ " HashPassword " ]) {
2020-10-02 17:02:20 +08:00
$_SESSION [ 'user_id' ] = $row [ 'User_ID' ];
$_SESSION [ 'user_email' ] = $row [ 'Email' ];
$_SESSION [ 'user_student_id' ] = $row [ 'Student_ID' ];
$_SESSION [ 'user_type' ] = $row [ 'UserType' ];
$_SESSION [ 'user_fullname' ] = $row [ 'Full_Name' ];
2021-10-18 23:37:47 +08:00
if ( $_SESSION [ 'user_type' ] == " Student " ) {
2020-10-02 17:02:20 +08:00
header ( " Location: Courses.php " );
2021-10-18 23:37:47 +08:00
}
2020-10-02 17:02:20 +08:00
2021-10-18 23:37:47 +08:00
if ( $_SESSION [ 'user_type' ] == " Lecturer " ) {
2020-10-02 17:02:20 +08:00
header ( " Location: Courses.php " );
}
2021-10-18 23:37:47 +08:00
if ( $_SESSION [ 'user_type' ] == " TA " ) {
2020-10-02 17:02:20 +08:00
header ( " Location: Courses.php " );
}
2021-10-18 23:37:47 +08:00
if ( $_SESSION [ 'user_type' ] == " Admin " ) {
2020-10-02 17:02:20 +08:00
header ( " Location: Admin.php " );
}
2021-10-18 23:37:47 +08:00
// report wrong pass if not correct
2020-10-02 17:02:20 +08:00
} else {
$_SESSION [ " wrong_pass " ] = " Wrong Password. " ;
2021-10-18 23:37:47 +08:00
header ( " Location: index.php " );
2020-10-02 17:02:20 +08:00
}
}
2020-03-16 15:23:14 +08:00
}
}
// ################################ Recover Password #####################################
if ( ! empty ( $_POST [ " frm_recover_password " ])) {
2021-10-18 23:37:47 +08:00
$student_id = mysqli_real_escape_string ( $con , $_POST [ " sno " ]);
$email = mysqli_real_escape_string ( $con , $_POST [ " email " ]);
2020-10-02 17:02:20 +08:00
// validate student number
if ( strlen ( $student_id ) != 12 || is_numeric ( $student_id ) == FALSE ) {
2021-10-18 23:37:47 +08:00
$_SESSION [ " info_recover_password " ] = " Invalid student number. " ;
2020-12-25 22:36:45 +08:00
#echo "Invalid student number.";
header ( " Location: recover_password.php " );
2021-10-18 23:37:47 +08:00
return ;
2020-10-02 17:02:20 +08:00
}
// validate email
if ( ! filter_var ( $email , FILTER_VALIDATE_EMAIL )) {
2021-10-18 23:37:47 +08:00
$_SESSION [ " info_recover_password " ] = " Invalid email address. " ;
2020-12-25 22:36:45 +08:00
// echo "Invalid email address.";
header ( " Location: recover_password.php " );
2020-10-02 17:02:20 +08:00
return ;
}
$result = mysqli_query ( $con , " SELECT * FROM users_table WHERE Email=' $email ' and Student_ID=' $student_id ' " );
2021-10-18 23:37:47 +08:00
if ( mysqli_num_rows ( $result ) == 0 ) {
$_SESSION [ " info_recover_password " ] = " Email address is not recognised. " ;
2020-10-02 17:02:20 +08:00
$_SESSION [ " info_recover_password " ] = " Identity not recognized. Try again or send an inquiry email message to lanhui at zjnu.edu.cn. " ;
2021-10-18 23:37:47 +08:00
header ( " Location: recover_password.php " );
} else {
2020-10-02 17:02:20 +08:00
$result = mysqli_query ( $con , " DELETE FROM users_table WHERE Email=' $email ' and Student_ID=' $student_id ' " );
2020-12-25 22:36:45 +08:00
header ( " Location: signup.php " );
2020-10-02 17:02:20 +08:00
}
2020-09-26 20:08:39 +08:00
}
2020-03-16 15:23:14 +08:00
// ################################ RESET Password #####################################
if ( ! empty ( $_POST [ " frm_reset_password " ])) {
2021-10-18 23:37:47 +08:00
$password = mysqli_real_escape_string ( $con , $_POST [ " password " ]);
$token = mysqli_real_escape_string ( $con , $_POST [ " token " ]);
$email = mysqli_real_escape_string ( $con , $_POST [ " email " ]);
$result = mysqli_query (
$con ,
" SELECT * FROM Users_Table WHERE email=' $email ' "
);
if ( mysqli_num_rows ( $result ) == 0 ) {
2020-10-02 17:02:20 +08:00
echo " invalid email " ;
return ;
2021-10-18 23:37:47 +08:00
} else {
while ( $row = mysqli_fetch_assoc ( $result )) {
2020-03-16 15:23:14 +08:00
2021-10-18 23:37:47 +08:00
$userid = $row [ 'User_ID' ];
2020-03-16 15:23:14 +08:00
2021-10-18 23:37:47 +08:00
$email = $row [ 'Email' ];
$id = $row [ 'Student_ID' ];
$user_token = $userid * $userid * $userid + $userid * 0.00343 ;
if ( $user_token == $token ) {
2020-10-02 17:02:20 +08:00
// Password Update
2020-03-16 15:23:14 +08:00
2020-10-02 17:02:20 +08:00
// Password Update
2021-10-18 23:37:47 +08:00
$hashed_password = hash ( 'sha512' , $password );
2022-11-08 15:24:36 +08:00
$sql = " UPDATE users_table set HashPassword=' $hashed_password ' where User_ID=' $userid '; " ;
2020-10-02 17:02:20 +08:00
if ( $con -> query ( $sql ) === TRUE ) {
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
error_reporting ( 0 );
2020-03-16 15:23:14 +08:00
2021-10-18 23:37:47 +08:00
$_SESSION [ " info_login " ] = " Password changed successfully , you can login now with your new password " ;
2020-10-02 17:02:20 +08:00
header ( " Location: index.php " );
2021-10-18 23:37:47 +08:00
} else {
2020-10-02 17:02:20 +08:00
echo " Error: " . $sql . " <br> " . $con -> error ;
}
2021-10-18 23:37:47 +08:00
} else {
2020-10-02 17:02:20 +08:00
echo " Invalid Token " ;
}
}
2020-03-16 15:23:14 +08:00
}
2020-10-02 17:02:20 +08:00
}
2020-03-16 15:23:14 +08:00
2020-10-02 17:02:20 +08:00
// ############################### CREATE Lecturer/TA USER ##################################
if ( ! empty ( $_POST [ " frm_createlecturrer " ])) {
2021-10-18 23:37:47 +08:00
$email = mysqli_real_escape_string ( $con , $_POST [ " email " ]);
$fullname = mysqli_real_escape_string ( $con , $_POST [ " fullname " ]);
$type = mysqli_real_escape_string ( $con , $_POST [ " type " ]);
2022-05-19 12:35:27 +08:00
$password = mysqli_real_escape_string ( $con , $_POST [ " passport " ]);
2020-10-02 17:02:20 +08:00
// check if email is taken
$result = mysqli_query ( $con ,
" SELECT * FROM Users_Table WHERE email=' $email ' " );
if ( mysqli_num_rows ( $result ) != 0 )
2020-03-16 15:23:14 +08:00
{
2021-10-18 21:57:52 +08:00
$_SESSION [ " info_Admin_Users " ] = " Email address : " . $email . " is already in use. " ;
2020-03-16 15:23:14 +08:00
header ( " Location: Admin.php " );
}
2022-12-11 18:46:43 +08:00
$password_hash = password_hash ( " $password - $salt " , PASSWORD_DEFAULT );
2020-12-25 22:41:35 +08:00
$sql = " INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`) VALUES "
2022-11-27 19:57:50 +08:00
. " (' $email ',' $password_hash ',' $fullname ',' $type ') " ;
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
if ( $con -> query ( $sql ) === TRUE ) {
2022-12-11 18:46:43 +08:00
$_SESSION [ " info_Admin_Users " ] = $type . " user created successfully. Use email " . $email . " as account name and $password - $salt as password. " ;
2021-10-18 23:37:47 +08:00
header ( " Location: Admin.php " );
2020-10-02 17:02:20 +08:00
} else {
echo " Error: " . $sql . " <br> " . $con -> error ;
}
2020-03-16 15:23:14 +08:00
}
2021-10-18 23:37:47 +08:00
// #### FUNCTION CHECK FILE TYPES ////
2020-03-16 15:23:14 +08:00
2021-10-18 23:37:47 +08:00
function is_valid_file_format ( $file )
{
2020-03-16 15:23:14 +08:00
2021-10-18 23:37:47 +08:00
$allowed = array (
'pdf' , 'rtf' , 'jpg' , 'png' , 'doc' , 'docx' , 'xls' , 'xlsx' , 'sql' , 'txt' , 'md' , 'py' , 'css' , 'html' ,
'cvc' , 'c' , 'class' , 'cpp' , 'h' , 'java' , 'sh' , 'swift' , 'zip' , 'rar' , 'ods' , 'xlr' , 'bak' , 'ico' , 'swf'
);
2020-03-16 15:23:14 +08:00
2022-05-19 12:35:27 +08:00
$filename = $_FILES [ $file ][ 'name' ];
2020-10-02 17:02:20 +08:00
$ext = pathinfo ( $filename , PATHINFO_EXTENSION );
2021-10-18 23:37:47 +08:00
$result = in_array ( $ext , $allowed );
2020-10-02 17:02:20 +08:00
return $result ;
}
2020-03-16 15:23:14 +08:00
2020-10-02 17:02:20 +08:00
// #### FUNCTION CREATE DIRECTORIES ////
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
function Create_dir ( $upPath )
{
try {
// full path
$tags = explode ( '/' , $upPath ); // explode the full path
$mkDir = " " ;
2021-10-18 23:37:47 +08:00
foreach ( $tags as $folder ) {
$mkDir = $mkDir . $folder . " / " ; // make one directory join one other for the nest directory to make
echo '"' . $mkDir . '"<br/>' ; // this will show the directory created each time
if ( ! is_dir ( $mkDir )) { // check if directory exist or not
2020-10-02 17:02:20 +08:00
mkdir ( $mkDir , 0777 ); // if not exist then make the directory
}
2021-10-18 23:37:47 +08:00
}
} catch ( Exception $e ) {
2020-10-02 17:02:20 +08:00
return FALSE ;
}
return $upPath ;
}
2020-03-16 15:23:14 +08:00
2020-10-02 17:02:20 +08:00
function mkdirs ( $path )
{
if ( file_exists ( $path ))
return $path ;
$result = mkdir ( $path , 0777 , true );
if ( $result ) {
return $path ;
}
return $result ;
}
2020-03-16 15:23:14 +08:00
// ############################### #Post Assignment ##################################
2020-10-02 17:02:20 +08:00
if ( ! empty ( $_POST [ " frm_uploadlab " ])) {
2021-10-18 23:37:47 +08:00
$course_id = mysqli_real_escape_string ( $con , $_POST [ " course_id " ]);
$deadlinedate = $_POST [ " deadlinedate " ];
$deadlinetime = $_POST [ " deadlinetime " ];
$instructions = mysqli_real_escape_string ( $con , $_POST [ " instructions " ]);
$title = mysqli_real_escape_string ( $con , $_POST [ " title " ]);
$marks = mysqli_real_escape_string ( $con , $_POST [ " marks " ]);
2020-10-02 17:02:20 +08:00
// $url=mysqli_real_escape_string($con,$_POST["url"]);
$url = $_SESSION [ 'url' ]; //using real_escape_string was failing to redirect to the main page
$type = mysqli_real_escape_string ( $con , $_POST [ " type " ]);
2021-10-18 23:37:47 +08:00
$deadline = $deadlinedate . " " . $deadlinetime ;
2021-07-22 09:43:36 +08:00
$date = date ( " Y-m-d H:i:s " );
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
// GET UPLOADED FILES
2021-10-18 23:37:47 +08:00
$target_dir = Create_dir ( " Lab_Report_Assignments/ " . $title . " / " );
$rnd = rand ( 10 , 1000 );
$rnd = " " ; // no more required , creating folder for each lab
$targetfile = $target_dir . $rnd . $_FILES [ 'attachment1' ][ 'name' ];
$targetfile2 = $target_dir . $rnd . $_FILES [ 'attachment2' ][ 'name' ];
$targetfile3 = $target_dir . $rnd . $_FILES [ 'attachment3' ][ 'name' ];
$targetfile4 = $target_dir . $rnd . $_FILES [ 'attachment4' ][ 'name' ];
$count = 0 ;
if ( ! is_valid_file_format ( " attachment1 " ) && $_FILES [ " attachment1 " ][ " name " ] != " " ) {
2020-10-02 17:02:20 +08:00
echo " Invalid File Type for Attachment 1 " ;
return ;
}
2021-10-18 23:37:47 +08:00
if ( ! is_valid_file_format ( " attachment2 " ) && $_FILES [ " attachment2 " ][ " name " ] != " " ) {
2020-10-02 17:02:20 +08:00
echo " Invalid File Type for Attachment 2 " ;
return ;
}
2021-10-18 23:37:47 +08:00
if ( ! is_valid_file_format ( " attachment3 " ) && $_FILES [ " attachment3 " ][ " name " ] != " " ) {
2020-10-02 17:02:20 +08:00
echo " Invalid File Type for Attachment 3 " ;
return ;
}
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
// use 4 for missing file
2020-03-16 15:23:14 +08:00
2020-10-02 17:02:20 +08:00
if ( move_uploaded_file ( $_FILES [ 'attachment1' ][ 'tmp_name' ], $targetfile )) {
$count ++ ;
2021-10-18 23:37:47 +08:00
} else {
2020-10-02 17:02:20 +08:00
echo $_FILES [ 'attachment1' ][ 'error' ];
}
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
if ( move_uploaded_file ( $_FILES [ 'attachment2' ][ 'tmp_name' ], $targetfile2 )) {
$count ++ ;
2021-10-18 23:37:47 +08:00
} else {
2020-10-02 17:02:20 +08:00
echo $_FILES [ 'attachment2' ][ 'error' ];
}
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
if ( move_uploaded_file ( $_FILES [ 'attachment3' ][ 'tmp_name' ], $targetfile3 )) {
$count ++ ;
2021-10-18 23:37:47 +08:00
} else {
2020-10-02 17:02:20 +08:00
echo $_FILES [ 'attachment3' ][ 'error' ];
}
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
if ( move_uploaded_file ( $_FILES [ 'attachment4' ][ 'tmp_name' ], $targetfile4 )) {
$count ++ ;
2021-10-18 23:37:47 +08:00
} else {
2020-10-02 17:02:20 +08:00
echo $_FILES [ 'attachment4' ][ 'error' ];
}
2021-10-18 23:37:47 +08:00
echo $count . " File(s) uploaded " ;
2020-10-02 17:02:20 +08:00
//CLEAN
2021-10-18 23:37:47 +08:00
$targetfile = " " ;
$targetfile2 = " " ;
$targetfile3 = " " ;
$targetfile4 = " " ;
if ( $_FILES [ 'attachment1' ][ 'name' ] != " " ) {
$targetfile = " / " . $title . " / " . $_FILES [ 'attachment1' ][ 'name' ];
}
if ( $_FILES [ 'attachment2' ][ 'name' ] != " " ) {
$targetfile2 = " / " . $title . " / " . $_FILES [ 'attachment2' ][ 'name' ];
}
if ( $_FILES [ 'attachment3' ][ 'name' ] != " " ) {
$targetfile3 = " / " . $title . " / " . $_FILES [ 'attachment3' ][ 'name' ];
}
if ( $_FILES [ 'attachment4' ][ 'name' ] != " " ) {
$targetfile4 = " / " . $title . " / " . $_FILES [ 'attachment4' ][ 'name' ];
}
$sql = " INSERT INTO `lab_reports_table`(`Course_ID`, `Posted_Date`, `Deadline`, `Instructions`,
2020-03-16 15:23:14 +08:00
`Title` , `Attachment_link_1` , `Attachment_link_2` , `Attachment_link_3` , `Attachment_link_4` , Marks , Type )
2022-11-08 15:24:36 +08:00
VALUES ( '$course_id' , '$date' , '$deadline' , '$instructions' , '$title' , '$targetfile' , '$targetfile2' , '$targetfile3' , '$targetfile3' , '$marks' , '$type' ) " ;
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
if ( $con -> query ( $sql ) === TRUE ) {
2021-10-18 23:37:47 +08:00
$_SESSION [ " info_courses " ] = $type . " lab report assignment posted successfully. " ;
header ( " Location: Courses.php?course= " . $url );
2020-10-02 17:02:20 +08:00
} else {
echo " Error: " . $sql . " <br> " . $con -> error ;
}
}
function checksize ( $file )
{
2021-10-18 23:37:47 +08:00
$result = $_FILES [ " $file " ][ 'size' ] / ( 1024 * 1024 );
if ( $result > 1 ) {
2020-10-02 17:02:20 +08:00
return FALSE ;
}
return TRUE ;
2020-03-16 15:23:14 +08:00
}
2021-10-18 23:37:47 +08:00
2020-04-06 23:45:30 +08:00
// ############################### Submit Assignment ##################################
if ( ! empty ( $_POST [ " frm_submitlab " ])) {
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
$lab_id = mysqli_real_escape_string ( $con , $_POST [ " lab_id " ]);
$student_id = $_POST [ " student_id " ];
$group_id = $_POST [ " group_id " ];
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
$instructions = mysqli_real_escape_string ( $con , $_POST [ " instructions " ]);
$title = mysqli_real_escape_string ( $con , $_POST [ " title " ]);
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
$url = mysqli_real_escape_string ( $con , $_POST [ " url " ]);
2021-10-18 23:37:47 +08:00
$deadline = $deadlinedate . " " . $deadlinetime ;
2021-07-22 09:43:36 +08:00
$date = date ( " Y-m-d H:i:s " );
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
// GET UPLOADED FILES
2022-11-08 15:24:36 +08:00
$labName = mysqli_query ( $con , " SELECT * FROM `lab_reports_table` WHERE Lab_Report_ID=' $lab_id ' " );
2021-10-18 23:37:47 +08:00
while ( $row = mysqli_fetch_assoc ( $labName )) {
2020-10-02 17:02:20 +08:00
$lab_name = $row [ 'Title' ];
$_SESSION [ 'Sub_Type' ] = $row [ 'Type' ]; // submission type, either Individual or Group
2021-10-18 23:37:47 +08:00
}
2020-03-16 15:23:14 +08:00
2020-10-02 17:02:20 +08:00
$upload_folder = " Lab_Report_Submisions " ; // old place for storing students' submissions
$upload_folder = " ./../../lrr_submission " ;
2021-10-18 23:37:47 +08:00
$target_dir = mkdirs ( $upload_folder . " / " . $student_id . " / " . $url . " / " . $lab_name . " / " ); # url is actually course code plus academic year, e.g., CSC3122020
$targetfile = $target_dir . $_FILES [ 'attachment1' ][ 'name' ];
$targetfile2 = $target_dir . $_FILES [ 'attachment2' ][ 'name' ];
$targetfile3 = $target_dir . $_FILES [ 'attachment3' ][ 'name' ];
$targetfile4 = $target_dir . $_FILES [ 'attachment4' ][ 'name' ];
2020-10-02 17:02:20 +08:00
$count = 0 ;
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
//check zise
2021-10-18 23:37:47 +08:00
if ( ! checksize ( " attachment1 " )) {
2020-10-02 17:02:20 +08:00
echo " 1 MB is the maximum file size allowed " ;
return ;
}
2021-10-18 23:37:47 +08:00
if ( ! checksize ( " attachment2 " ) && $_FILES [ " attachment2 " ][ " name " ] != " " ) {
2020-10-02 17:02:20 +08:00
echo " 1 MB is the maximum file size allowed " ;
return ;
}
2021-10-18 23:37:47 +08:00
if ( ! checksize ( " attachment3 " ) && $_FILES [ " attachment3 " ][ " name " ] != " " ) {
2020-10-02 17:02:20 +08:00
echo " 1 MB is the maximum file size allowed " ;
return ;
}
2020-03-16 15:23:14 +08:00
2021-10-18 23:37:47 +08:00
if ( ! is_valid_file_format ( " attachment1 " )) {
2020-10-02 17:02:20 +08:00
echo " Invalid File Type for Attachment 1 " ;
return ;
}
2021-10-18 23:37:47 +08:00
if ( ! is_valid_file_format ( " attachment2 " ) && $_FILES [ " attachment2 " ][ " name " ] != " " ) {
2020-10-02 17:02:20 +08:00
echo " Invalid File Type for Attachment 2 " ;
return ;
}
2021-10-18 23:37:47 +08:00
if ( ! is_valid_file_format ( " attachment3 " ) && $_FILES [ " attachment3 " ][ " name " ] != " " ) {
2020-10-02 17:02:20 +08:00
echo " Invalid File Type for Attachment 3 " ;
return ;
}
2020-04-06 23:45:30 +08:00
2021-10-18 23:37:47 +08:00
if ( $_FILES [ " attachment1 " ][ " error " ] != 0 ) {
2020-10-02 17:02:20 +08:00
echo " Error when uploading the file. " ;
return ;
2021-10-18 23:37:47 +08:00
}
2020-04-06 23:45:30 +08:00
2020-10-02 17:02:20 +08:00
// use 4 for missing file
2020-04-06 23:45:30 +08:00
2020-10-02 17:02:20 +08:00
if ( move_uploaded_file ( $_FILES [ 'attachment1' ][ 'tmp_name' ], $targetfile )) {
$count ++ ;
2021-10-18 23:37:47 +08:00
} else {
2020-10-02 17:02:20 +08:00
echo $_FILES [ 'attachment1' ][ 'error' ];
}
2020-04-06 23:45:30 +08:00
2020-10-02 17:02:20 +08:00
if ( move_uploaded_file ( $_FILES [ 'attachment2' ][ 'tmp_name' ], $targetfile2 )) {
$count ++ ;
2021-10-18 23:37:47 +08:00
} else {
2020-10-02 17:02:20 +08:00
echo $_FILES [ 'attachment2' ][ 'error' ];
}
2020-04-06 23:45:30 +08:00
2020-10-02 17:02:20 +08:00
if ( move_uploaded_file ( $_FILES [ 'attachment3' ][ 'tmp_name' ], $targetfile3 )) {
$count ++ ;
2021-10-18 23:37:47 +08:00
} else {
2020-10-02 17:02:20 +08:00
echo $_FILES [ 'attachment3' ][ 'error' ];
}
2020-04-06 23:45:30 +08:00
2020-10-02 17:02:20 +08:00
if ( move_uploaded_file ( $_FILES [ 'attachment4' ][ 'tmp_name' ], $targetfile4 )) {
$count ++ ;
2021-10-18 23:37:47 +08:00
} else {
2020-10-02 17:02:20 +08:00
echo $_FILES [ 'attachment4' ][ 'error' ];
}
2020-04-06 23:45:30 +08:00
2021-10-18 23:37:47 +08:00
echo $count . " File(s) uploaded " ;
2020-04-06 23:45:30 +08:00
2020-10-02 17:02:20 +08:00
//CLEAN
$targetfile1 = " " ;
$targetfile2 = " " ;
2021-10-18 23:37:47 +08:00
$targetfile3 = " " ;
2020-10-02 17:02:20 +08:00
$targetfile4 = " " ;
2020-04-06 23:45:30 +08:00
2021-10-18 23:37:47 +08:00
if ( strlen ( $_FILES [ 'attachment1' ][ 'name' ]) > 2 ) { // why greater than 2???
2022-05-19 12:35:27 +08:00
$targetfile = " / " . $student_id . " / " . $url . " / " . $lab_name . " / " . rawurlencode ( $_FILES [ 'attachment1' ][ 'name' ]);
2020-10-02 17:02:20 +08:00
}
2021-10-18 23:37:47 +08:00
if ( strlen ( $_FILES [ 'attachment2' ][ 'name' ]) > 2 ) {
2022-05-19 12:35:27 +08:00
$targetfile2 = " / " . $student_id . " / " . $url . " / " . $lab_name . " / " . rawurlencode ( $_FILES [ 'attachment2' ][ 'name' ]);
2020-10-02 17:02:20 +08:00
}
2021-10-18 23:37:47 +08:00
if ( strlen ( $_FILES [ 'attachment3' ][ 'name' ]) > 2 ) {
2022-05-19 12:35:27 +08:00
$targetfile3 = " / " . $student_id . " / " . $url . " / " . $lab_name . " / " . rawurlencode ( $_FILES [ 'attachment3' ][ 'name' ]);
2021-10-18 23:37:47 +08:00
}
if ( strlen ( $_FILES [ 'attachment4' ][ 'name' ]) > 2 ) {
2022-05-19 12:35:27 +08:00
$targetfile4 = " / " . $student_id . " / " . $url . " / " . $lab_name . " / " . rawurlencode ( $_FILES [ 'attachment4' ][ 'name' ]);
2020-10-02 17:02:20 +08:00
}
2020-04-21 20:48:13 +08:00
// When $group_id is not properly initialized, use integer 0 as its value.
// This temporarily fixed the "Students unable to submit assignment after a recent change" bug at http://118.25.96.118/bugzilla/show_bug.cgi?id=65
2020-04-23 10:10:58 +08:00
if ( trim ( $group_id ) === '' ) { // when $group_id is an empty string or contains only whitespace characters.
2020-10-02 17:02:20 +08:00
$group_id = 0 ; // FIXME
}
2022-11-08 15:24:36 +08:00
$sql1 = " DELETE FROM lab_report_submissions where Lab_Report_ID=' $lab_id ' and Student_id=' $student_id ' and Course_Group_id=' $group_id ' " ;
2020-10-02 17:02:20 +08:00
if ( $con -> query ( $sql1 ) === TRUE ) {
2020-04-21 20:48:13 +08:00
}
2020-10-02 17:02:20 +08:00
2021-10-18 23:37:47 +08:00
$sql = " INSERT INTO `lab_report_submissions`(`Submission_Date`, `Lab_Report_ID`, `Student_id`, "
2020-10-02 17:02:20 +08:00
. " `Course_Group_id`, `Attachment1`, `Notes`, `Attachment2`, `Attachment3`, `Attachment4`, `Status`, `Title`,`Remarking_Reason`) "
2022-11-08 15:24:36 +08:00
. " VALUES (' $date ',' $lab_id ',' $student_id ',' $group_id ',' $targetfile ',' $instructions ',' $targetfile2 ',' $targetfile3 ',' $targetfile4 ', "
2020-10-02 17:02:20 +08:00
. " 'Pending',' $title ','') " ;
if ( $con -> query ( $sql ) === TRUE ) {
2021-10-18 23:37:47 +08:00
if ( $_SESSION [ 'Sub_Type' ] == 'Individual' ) {
2020-10-02 17:02:20 +08:00
$con -> query ( $sql = " UPDATE `lab_report_submissions` SET `Course_Group_id` = '0' WHERE `lab_report_submissions`.`Lab_Report_ID` = ' $lab_id ' " );
}
2020-04-06 23:45:30 +08:00
2021-10-18 23:37:47 +08:00
$_SESSION [ " info_courses " ] = " Thanks. Your lab report assignment is submitted successfully. " ;
header ( " Location: Course.php?url= " . $url );
2020-04-16 14:46:43 +08:00
} else {
2020-10-02 17:02:20 +08:00
echo " Error: <br> " . $con -> error ;
}
2020-04-06 23:45:30 +08:00
}
2020-10-02 17:02:20 +08:00
// JOIN COURSE
if ( ! empty ( $_GET [ " JoinCourse " ])) {
2021-10-18 23:37:47 +08:00
2022-05-19 12:35:27 +08:00
$id = mysqli_real_escape_string ( $con , $_GET [ " id " ]);
$student_id = mysqli_real_escape_string ( $con , $_GET [ " std " ]);
$joining = mysqli_real_escape_string ( $con , $_GET [ " joining " ]);
2020-10-02 17:02:20 +08:00
$status = " Pending " ;
2021-10-18 23:37:47 +08:00
if ( $joining == 0 ) {
$status = " Joined " ;
}
$sql = " INSERT INTO `course_students_table`(`Course_ID`, `Student_ID`,`Status`) VALUES (' $id ',' $student_id ',' $status ') " ;
2020-10-02 17:02:20 +08:00
if ( $con -> query ( $sql ) === TRUE ) {
2021-10-18 23:37:47 +08:00
if ( $joining == 0 ) {
2020-10-02 17:02:20 +08:00
$_SESSION [ " info_Courses_student " ] = " You enrolled in this course successfully. " ;
2021-10-18 23:37:47 +08:00
} else {
2020-10-02 17:02:20 +08:00
$_SESSION [ " info_Courses_student " ] = " Course enrollment request was sent to the lecturer. " ;
}
2021-10-18 23:37:47 +08:00
header ( " Location: Courses.php " );
2020-10-02 17:02:20 +08:00
} else {
echo " Error: " . $sql . " <br> " . $con -> error ;
}
}
#MARK LAB REPORT
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
if ( ! empty ( $_GET [ " savemarks " ])) {
2021-10-18 23:37:47 +08:00
2022-05-19 12:35:27 +08:00
$id = mysqli_real_escape_string ( $con , $_GET [ " id " ]);
$marks = mysqli_real_escape_string ( $con , $_GET [ " marks " ]);
$total = mysqli_real_escape_string ( $con , $_GET [ " total " ]);
$feedback = mysqli_real_escape_string ( $con , $_GET [ " feedback " ]);
$header = mysqli_real_escape_string ( $con , $_GET [ " header " ]);
$labid = mysqli_real_escape_string ( $con , $_GET [ " labid " ]);
2021-10-18 23:37:47 +08:00
$status = " Marked " ;
if ( $marks > $total ) {
2020-10-02 17:02:20 +08:00
echo " Marks could not be greater than total " ;
return ;
}
2021-10-18 23:37:47 +08:00
$date = date ( " Y-m-d H:i:s " );
$feedback = " <br>@ $date : " . $feedback ;
$sql = " UPDATE `lab_report_submissions` SET `Marks`=' $marks ',`Status`=' $status ', "
2020-10-02 17:02:20 +08:00
. " "
. " Notes=if(Notes is null, ' ', concat(Notes, ' $feedback ')) "
. " "
. " WHERE Submission_ID= $id
2020-03-16 15:23:14 +08:00
" ;
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
if ( $con -> query ( $sql ) === TRUE ) {
2021-10-18 23:37:47 +08:00
$_SESSION [ " info_Marking " ] = " Lab Report Submission Marked " ;
header ( " Location: Submissions.php?id= " . $labid . " &header= " . $header . " &total= " . $total );
2020-10-02 17:02:20 +08:00
} else {
echo " Error: " . $sql . " <br> " . $con -> error ;
}
}
#Update Report Visibility
if ( ! empty ( $_GET [ " updatevisibility " ])) {
2021-10-18 23:37:47 +08:00
2022-05-19 12:35:27 +08:00
$id = mysqli_real_escape_string ( $con , $_GET [ " id " ]);
$marks = mysqli_real_escape_string ( $con , $_GET [ " marks " ]);
$total = mysqli_real_escape_string ( $con , $_GET [ " total " ]);
$status = mysqli_real_escape_string ( $con , $_GET [ " status " ]);
$header = mysqli_real_escape_string ( $con , $_GET [ " header " ]);
$labid = mysqli_real_escape_string ( $con , $_GET [ " labid " ]);
2021-10-18 23:37:47 +08:00
2022-11-08 15:24:36 +08:00
$sql = " UPDATE `lab_report_submissions` SET `Visibility`=' $status ' WHERE Submission_ID=' $id '
2020-03-16 15:23:14 +08:00
" ;
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
if ( $con -> query ( $sql ) === TRUE ) {
2021-10-18 23:37:47 +08:00
$_SESSION [ " info_Marking " ] = " Lab Report Visibility Updated " ;
header ( " Location: Submissions.php?id= " . $labid . " &header= " . $header . " &total= " . $total );
2020-10-02 17:02:20 +08:00
} else {
echo " Error: " . $sql . " <br> " . $con -> error ;
}
}
2021-10-18 23:37:47 +08:00
#Remarking Request
2020-10-02 17:02:20 +08:00
2021-10-18 23:37:47 +08:00
if ( ! empty ( $_GET [ " remarking " ])) {
2020-10-02 17:02:20 +08:00
2022-11-08 15:24:36 +08:00
$id = htmlspecialchars ( mysqli_real_escape_string ( $con , $_GET [ " id " ]));
$url = htmlspecialchars ( mysqli_real_escape_string ( $con , $_GET [ " url " ]));
2020-10-02 17:02:20 +08:00
2022-11-08 15:24:36 +08:00
$status = htmlspecialchars ( mysqli_real_escape_string ( $con , $_GET [ " status " ]));
$details = htmlspecialchars ( mysqli_real_escape_string ( $con , $_GET [ " details " ]));
2020-10-02 17:02:20 +08:00
2022-11-08 15:24:36 +08:00
$sql = " UPDATE `lab_report_submissions` SET `Status`='Remarking',Remarking_Reason=' $details ' WHERE Submission_ID=' $id '
2020-03-16 15:23:14 +08:00
" ;
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
if ( $con -> query ( $sql ) === TRUE ) {
2021-10-18 23:37:47 +08:00
$_SESSION [ " info_ReMarking " ] = " Remarking Request Sent " ;
header ( " Location: Course.php?url= " . $url );
2020-10-02 17:02:20 +08:00
} else {
echo " Error: " . $sql . " <br> " . $con -> error ;
}
}
2021-10-18 23:37:47 +08:00
#Create Group Request
2020-10-02 17:02:20 +08:00
2021-10-18 23:37:47 +08:00
if ( ! empty ( $_GET [ " creategroup " ])) {
2020-10-02 17:02:20 +08:00
2022-05-19 12:35:27 +08:00
$student_id = mysqli_real_escape_string ( $con , $_GET [ " student_id " ]);
$url = mysqli_real_escape_string ( $con , $_GET [ " url " ]);
$id = mysqli_real_escape_string ( $con , $_GET [ " id " ]);
$name = mysqli_real_escape_string ( $con , $_GET [ " name " ]);
2020-10-02 17:02:20 +08:00
2021-10-18 23:37:47 +08:00
$sql = " INSERT INTO `course_groups_table`(`Group_Name`,
2022-11-08 15:24:36 +08:00
`Group_Leader` , `Course_id` ) VALUES ( '$name' , '$student_id' , '$id' ) " ;
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
if ( $con -> query ( $sql ) === TRUE ) {
2021-10-18 23:37:47 +08:00
$resultx1 = mysqli_query ( $con , " Select Max(Course_Group_id) as cnt from course_groups_table " );
while ( $row = mysqli_fetch_assoc ( $resultx1 )) {
$gid = $row [ 'cnt' ];
}
$sql = " INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`)
2022-11-08 15:24:36 +08:00
VALUES ( '$gid' , '$student_id' , 'Created' ) " ;
2020-10-02 17:02:20 +08:00
if ( $con -> query ( $sql ) === TRUE ) {
2021-10-18 23:37:47 +08:00
$_SESSION [ " info_ReMarking " ] = " Course group Created " ;
header ( " Location: Course.php?url= " . $url );
2020-10-02 17:02:20 +08:00
} else {
echo " Error: " . $sql . " <br> " . $con -> error ;
}
} else {
echo " Error: " . $sql . " <br> " . $con -> error ;
}
2021-10-18 23:37:47 +08:00
}
2020-10-02 17:02:20 +08:00
2021-10-18 23:37:47 +08:00
//---------------------------------------Invite Group Request and add a new member into the database------------------------------------
2020-10-02 17:02:20 +08:00
2021-10-18 23:37:47 +08:00
if ( ! empty ( $_GET [ " groupinvite " ])) {
2020-10-02 17:02:20 +08:00
2022-05-19 12:35:27 +08:00
$student_id = mysqli_real_escape_string ( $con , $_GET [ " student_id " ]);
$url = mysqli_real_escape_string ( $con , $_GET [ " url " ]);
$courseid = mysqli_real_escape_string ( $con , $_GET [ " courseid " ]);
$groupid = mysqli_real_escape_string ( $con , $_GET [ " groupid " ]);
2020-10-02 17:02:20 +08:00
2021-10-18 23:37:47 +08:00
$result = mysqli_query ( $con , " SELECT * FROM course_group_members_table where Course_Group_id = ' $groupid ' and Student_ID = ' $student_id ' " );
if ( mysqli_num_rows ( $result ) > 0 ) {
$_SESSION [ " info_ReMarking " ] = $student_id . " has already been invited " ;
header ( " Location: Course.php?url= " . $url );
} else {
$sql = " INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`)
2022-11-08 15:24:36 +08:00
VALUES ( '$groupid' , '$student_id' , 'Invited' ) " ;
2021-04-17 15:31:41 +08:00
}
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
if ( $con -> query ( $sql ) === TRUE ) {
2021-10-18 23:37:47 +08:00
$resultx1 = mysqli_query ( $con , " SELECT * FROM course_groups_table where Course_Group_id =' $groupid ' " );
while ( $row = mysqli_fetch_assoc ( $resultx1 )) {
$Group_Member = $row [ 'Group_Member' ];
$Group_Member4 = $row [ 'Group_Member4' ];
$Group_Member2 = $row [ 'Group_Member2' ];
$Group_Member3 = $row [ 'Group_Member3' ];
$_SESSION [ 'Group_Member4' ] = $Group_Member4 ;
$_SESSION [ 'Group_Member3' ] = $Group_Member3 ;
$_SESSION [ 'Group_Member2' ] = $Group_Member2 ;
$_SESSION [ 'Group_Member' ] = $Group_Member ;
if ( $Group_Member == '0' ) {
mysqli_query ( $con , " UPDATE `course_groups_table` SET `Group_Member` = (' " . $student_id . " ') WHERE `course_groups_table`.`Course_Group_id` = ' $groupid ' " );
$_SESSION [ " info_ReMarking " ] = $student_id . " was invited to the group " ;
header ( " Location: Course.php?url= " . $url );
} elseif ( $Group_Member2 == '0' ) {
mysqli_query ( $con , " UPDATE `course_groups_table` SET `Group_Member2` = (' " . $student_id . " ') WHERE `course_groups_table`.`Course_Group_id` = ' $groupid ' " );
$_SESSION [ " info_ReMarking " ] = $student_id . " was invited to the group " ;
header ( " Location: Course.php?url= " . $url );
} elseif ( $Group_Member3 == '0' ) {
mysqli_query ( $con , " UPDATE `course_groups_table` SET `Group_Member3` = (' " . $student_id . " ') WHERE `course_groups_table`.`Course_Group_id` = ' $groupid ' " );
$_SESSION [ " info_ReMarking " ] = $student_id . " was invited to the group " ;
header ( " Location: Course.php?url= " . $url );
} elseif ( $Group_Member4 == '0' ) {
mysqli_query ( $con , " UPDATE `course_groups_table` SET `Group_Member4` = (' " . $student_id . " ') WHERE `course_groups_table`.`Course_Group_id` = ' $groupid ' " );
$_SESSION [ " info_ReMarking " ] = $student_id . " was invited to the group " ;
header ( " Location: Course.php?url= " . $url );
} else {
$_SESSION [ " info_ReMarking " ] = " You cant add any more members " ;
header ( " Location: Course.php?url= " . $url );
2020-10-02 17:02:20 +08:00
}
2021-10-18 23:37:47 +08:00
}
$_SESSION [ " info_ReMarking " ] = $student_id . " was invited to the group " ;
header ( " Location: Course.php?url= " . $url );
2021-04-17 15:31:41 +08:00
} else {
echo " Error: " . $sql . " <br> " . $con -> error ;
2020-04-06 23:45:30 +08:00
}
2020-10-02 17:02:20 +08:00
}
2020-04-06 23:45:30 +08:00
2020-10-02 17:02:20 +08:00
#Accept deny Group Invite
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
if ( ! empty ( $_GET [ " acceptinvite " ])) {
2021-10-18 23:37:47 +08:00
2022-05-19 12:35:27 +08:00
$student_id = mysqli_real_escape_string ( $con , $_GET [ " student_id " ]);
$url = mysqli_real_escape_string ( $con , $_GET [ " url " ]);
$action = mysqli_real_escape_string ( $con , $_GET [ " action " ]);
$groupid = mysqli_real_escape_string ( $con , $_GET [ " groupid " ]);
2021-10-18 23:37:47 +08:00
if ( $action == 1 ) {
2022-11-08 15:24:36 +08:00
$sql = " Update `course_group_members_table` set Status='Joined' where Course_Group_id =' $groupid ' and student_id=' $student_id '
2021-10-18 23:37:47 +08:00
" ;
} else {
2022-11-08 15:24:36 +08:00
$sql = " Delete from `course_group_members_table` where Course_Group_id =' $groupid ' and student_id=' $student_id '
2021-10-18 23:37:47 +08:00
" ;
2020-10-02 17:02:20 +08:00
}
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
if ( $con -> query ( $sql ) === TRUE ) {
2021-10-18 23:37:47 +08:00
$_SESSION [ " info_ReMarking " ] = " Group Invite Updated " ;
header ( " Location: Course.php?url= " . $url );
2020-10-02 17:02:20 +08:00
} else {
echo " Error: " . $sql . " <br> " . $con -> error ;
}
2020-03-16 15:23:14 +08:00
}
2021-10-18 23:37:47 +08:00
#Extend Deadline
2020-03-16 15:23:14 +08:00
2021-10-18 23:37:47 +08:00
if ( ! empty ( $_GET [ " extenddeadline " ])) {
2020-03-16 15:23:14 +08:00
2022-05-19 12:35:27 +08:00
$id = mysqli_real_escape_string ( $con , $_GET [ " id " ]);
$date = mysqli_real_escape_string ( $con , $_GET [ " date " ]);
$time = mysqli_real_escape_string ( $con , $_GET [ " time " ]);
$type = mysqli_real_escape_string ( $con , $_GET [ " type " ]);
2020-03-16 15:23:14 +08:00
2022-05-19 12:35:27 +08:00
$stdid = mysqli_real_escape_string ( $con , $_GET [ " stdid " ]);
$reason = mysqli_real_escape_string ( $con , $_GET [ " reason " ]);
$url = mysqli_real_escape_string ( $con , $_GET [ " url " ]);
2021-10-18 23:37:47 +08:00
$deadline = $date . " " . $time ;
2020-03-16 15:23:14 +08:00
2021-10-18 23:37:47 +08:00
if ( $type == 1 ) {
2022-11-08 15:24:36 +08:00
$sql = " UPDATE `lab_reports_table` SET `Deadline`=' $deadline ' WHERE Lab_Report_ID=' $id ' " ;
2021-10-18 23:37:47 +08:00
} else {
$sql = " INSERT INTO `extended_deadlines_table`(`Student_ID`, "
2020-10-02 17:02:20 +08:00
. " `Lab_Report_ID`, `Extended_Deadline_Date`, "
2022-11-08 15:24:36 +08:00
. " `ReasonsForExtension`) VALUES (' $stdid ',' $id ',' $deadline ',' $reason ') " ;
2020-10-02 17:02:20 +08:00
}
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
if ( $con -> query ( $sql ) === TRUE ) {
2021-10-18 23:37:47 +08:00
$_SESSION [ " info_courses " ] = " Lab Report Deadline extended successfully. " ;
header ( " Location: Courses.php?course= " . $url );
2020-10-02 17:02:20 +08:00
} else {
echo " Error: " . $sql . " <br> " . $con -> error ;
}
2020-03-16 15:23:14 +08:00
}
2021-10-18 23:37:47 +08:00
#IGNORE Remarking Request
2020-03-16 15:23:14 +08:00
2021-10-18 23:37:47 +08:00
if ( ! empty ( $_GET [ " ignoreremarking " ])) {
2020-03-16 15:23:14 +08:00
2022-05-19 12:35:27 +08:00
$id = mysqli_real_escape_string ( $con , $_GET [ " id " ]);
$total = mysqli_real_escape_string ( $con , $_GET [ " total " ]);
$header = mysqli_real_escape_string ( $con , $_GET [ " header " ]);
2020-03-16 15:23:14 +08:00
2022-05-19 12:35:27 +08:00
$subid = mysqli_real_escape_string ( $con , $_GET [ " subid " ]);
2020-03-16 15:23:14 +08:00
2022-11-08 15:24:36 +08:00
$sql = " UPDATE lab_report_submissions SET Status='Marked' WHERE Submission_ID=' $subid ' " ;
2020-03-16 15:23:14 +08:00
2020-10-02 17:02:20 +08:00
if ( $con -> query ( $sql ) === TRUE ) {
2020-03-16 15:23:14 +08:00
2021-10-18 23:37:47 +08:00
$_SESSION [ " info_Marking " ] = " Remarking Request Ignored , Submission Updated to 'Marked' status " ;
header ( " Location: Submissions.php?id= " . $id . " &header= " . $header . " &total= " . $total );
2020-10-02 17:02:20 +08:00
} else {
echo " Error: " . $sql . " <br> " . $con -> error ;
}
}
2021-10-18 23:37:47 +08:00
#Assign TA
2020-10-02 17:02:20 +08:00
2021-10-18 23:37:47 +08:00
if ( ! empty ( $_GET [ " assignTA " ])) {
2020-10-02 17:02:20 +08:00
2022-05-19 12:35:27 +08:00
$id = mysqli_real_escape_string ( $con , $_GET [ " id " ]);
$ta = mysqli_real_escape_string ( $con , $_GET [ " ta " ]);
2020-10-02 17:02:20 +08:00
2022-11-08 15:24:36 +08:00
$sql = " INSERT INTO `course_ta`(`Course_ID`, `TA`) VALUES (' $id ',' $ta ') " ;
2020-10-02 17:02:20 +08:00
if ( $con -> query ( $sql ) === TRUE ) {
2020-03-16 15:23:14 +08:00
2021-10-18 23:37:47 +08:00
$_SESSION [ " info_Admin_Courses " ] = $type . " Course TA Assigned " ;
header ( " Location: Admin.php " );
2020-10-02 17:02:20 +08:00
} else {
echo " Error: " . $sql . " <br> " . $con -> error ;
}
}
2021-10-18 23:37:47 +08:00
//ACCEPT STUDNTS JOINING COURSSS
2020-10-02 17:02:20 +08:00
2021-10-18 23:37:47 +08:00
if ( ! empty ( $_GET [ " AcceptStudent " ])) {
2020-10-02 17:02:20 +08:00
2022-05-19 12:35:27 +08:00
$id = mysqli_real_escape_string ( $con , $_GET [ " id " ]);
$rs = mysqli_real_escape_string ( $con , $_GET [ " rs " ]);
2020-10-02 17:02:20 +08:00
2021-10-18 23:37:47 +08:00
if ( $rs == " yes " ) {
2022-11-08 15:24:36 +08:00
$sql = " Update course_students_table set Status='Joined' Where ID=' $id ' " ;
2020-10-02 17:02:20 +08:00
} else {
2022-11-08 15:24:36 +08:00
$sql = " Delete FROM course_students_table Where ID=' $id ' " ;
2020-10-02 17:02:20 +08:00
}
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
if ( $con -> query ( $sql ) === TRUE ) {
2021-10-18 23:37:47 +08:00
if ( $rs == " yes " ) {
$_SESSION [ " info_courses " ] = " Course Joining request Approved. " ;
} else {
$_SESSION [ " info_courses " ] = " Course Joining request Declined & Removed. " ;
2020-10-02 17:02:20 +08:00
}
2021-10-18 23:37:47 +08:00
header ( " Location: Courses.php " );
} else {
2020-10-02 17:02:20 +08:00
echo " Error: " . $sql . " <br> " . $con -> error ;
}
2020-03-16 15:23:14 +08:00
}
2020-10-02 17:02:20 +08:00
//action=passchange&uid=1&pass=1929
2021-10-18 23:37:47 +08:00
2020-09-26 20:08:39 +08:00
if ( ! empty ( $_GET [ " action " ])) {
2021-10-18 23:37:47 +08:00
$action = $_GET [ " action " ];
2022-05-19 12:35:27 +08:00
$uid = mysqli_real_escape_string ( $con , $_GET [ " uid " ]);
2021-10-18 23:37:47 +08:00
2022-05-19 12:35:27 +08:00
$pass = mysqli_real_escape_string ( $con , $_GET [ " pass " ]);
2020-09-26 20:08:39 +08:00
$pass = password_hash ( $pass , PASSWORD_DEFAULT );
2022-05-19 12:35:27 +08:00
$status = mysqli_real_escape_string ( $con , $_GET [ " status " ]);
2020-09-26 20:08:39 +08:00
// validate uid
if ( intval ( $uid ) < 0 ) {
2020-10-02 17:02:20 +08:00
header ( " Location: index.php " );
2021-10-18 23:37:47 +08:00
return ;
2020-09-26 20:08:39 +08:00
}
2022-05-19 12:35:27 +08:00
if ( $action == " passchange " && $_SESSION [ 'user_id' ] == $uid ) {
2022-11-08 15:24:36 +08:00
$sql = " UPDATE users_table set Password=' $pass ' where User_ID=' $uid '; " ;
2020-10-02 17:02:20 +08:00
if ( $con -> query ( $sql ) === TRUE ) {
2020-09-26 20:08:39 +08:00
error_reporting ( 0 );
echo " Password has been changed " ;
2022-05-19 12:35:27 +08:00
//return;
2021-10-18 23:37:47 +08:00
$_SESSION [ " infoChangePassword " ] = $type . " User password was changed successfully. " ;
2020-09-26 20:08:39 +08:00
header ( " Location: index.php " );
2020-10-02 17:02:20 +08:00
} else {
2020-09-26 20:08:39 +08:00
// echo "Error: " . $sql . "<br>" . $con->error;
2020-10-02 17:02:20 +08:00
echo " Something really bad happened while changing password. Contact lanhui at zjnu.edu.cn. Thanks! " ;
2020-09-26 20:08:39 +08:00
}
}
2022-05-19 12:35:27 +08:00
if ( $action == " statuschange " && $_SESSION [ 'user_id' ] == $uid && ( $_SESSION [ 'user_type' ] == " Lecturer " || $_SESSION [ 'user_type' ] == " Admin " )) {
2022-11-08 15:24:36 +08:00
$sql = " UPDATE users_table set Status=' $status ' where User_ID=' $uid '; " ;
2020-10-02 17:02:20 +08:00
if ( $con -> query ( $sql ) === TRUE ) {
2021-10-18 23:37:47 +08:00
$_SESSION [ " info_Admin_Users " ] = $type . " user Status updated successfully " ;
2020-10-02 17:02:20 +08:00
header ( " Location: Admin.php " );
} else {
// echo "Error: " . $sql . "<br>" . $con->error;
2021-10-18 23:37:47 +08:00
echo " Something really bad happened while changing status. Contact lanhui at zjnu.edu.cn. Thanks! " ;
}
2020-10-02 17:02:20 +08:00
}
}
// ############################### CREATE STUDENT USER ##################################
if ( ! empty ( $_POST [ " frm_createCourse " ])) {
2021-10-18 23:37:47 +08:00
$name = mysqli_real_escape_string ( $con , $_POST [ " name " ]);
$academic = mysqli_real_escape_string ( $con , $_POST [ " academic " ]);
$lecturer = mysqli_real_escape_string ( $con , $_POST [ " lecturer " ]);
$ta = mysqli_real_escape_string ( $con , $_POST [ " ta " ]);
$faculty = mysqli_real_escape_string ( $con , $_POST [ " faculty " ]);
$code = mysqli_real_escape_string ( $con , $_POST [ " code " ]);
$url = mysqli_real_escape_string ( $con , $_POST [ " url " ]);
$verify = mysqli_real_escape_string ( $con , $_POST [ " verify " ]);
$who = mysqli_real_escape_string ( $con , $_POST [ " l " ]);
2020-10-02 17:02:20 +08:00
2021-10-18 23:37:47 +08:00
if ( $url == " " ) {
$url = $code . $academic ;
2020-10-02 17:02:20 +08:00
}
2021-10-18 23:37:47 +08:00
if ( $ta == " " ) {
$ta = 0 ;
2020-10-02 17:02:20 +08:00
}
// check if email is taked
// $result = mysqli_query($con,
// "SELECT * FROM courses_table WHERE Course_Name='$name'");
// if(mysqli_num_rows($result)!=0)
// {
// $_SESSION["info_Admin_Courses"]="Course Name : ".$name." already used.";
// header("Location: Admin.php");
// }
//
2021-10-18 23:37:47 +08:00
$sql = " INSERT INTO `courses_table`(`Course_Name`, `Academic_Year`, `Faculty`, `Lecturer_User_ID`, `TA_User_ID`, `Course_Code`, `URL`, `Verify_New_Members`)
2020-03-16 15:23:14 +08:00
VALUES ( '$name' , '$academic' , '$faculty' , '$lecturer' , '$ta' , '$code' , '$url' , '$verify' ) " ;
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
if ( $con -> query ( $sql ) === TRUE ) {
2021-10-18 23:37:47 +08:00
$_SESSION [ " info_Admin_Courses " ] = " Course portal was Created successfully. " ;
if ( $who == " l " ) {
header ( " Location: Courses.php " );
} else {
header ( " Location: Admin.php " );
2020-10-02 17:02:20 +08:00
}
} else {
echo " Error: " . $sql . " <br> " . $con -> error ;
}
2020-03-16 15:23:14 +08:00
}
2020-10-02 17:02:20 +08:00
2021-10-18 23:37:47 +08:00
// Export grade
2020-10-02 17:02:20 +08:00
2021-10-18 23:37:47 +08:00
if ( ! empty ( $_GET [ " exportgrade " ])) {
2020-10-02 17:02:20 +08:00
2022-05-19 12:35:27 +08:00
$lab = mysqli_real_escape_string ( $con , $_GET [ " lab " ]);
$lab_name = mysqli_real_escape_string ( $con , $_GET [ " lab_name " ]);
2020-10-02 17:02:20 +08:00
error_reporting ( 0 );
2021-10-18 23:37:47 +08:00
2020-10-02 17:02:20 +08:00
$select = " SELECT lab_reports_table.Title as 'LAB_Report', lab_reports_table.Marks as Lab_Marks,
2020-03-16 15:23:14 +08:00
`Submission_Date` , lab_report_submissions . Student_id , users_table . Full_Name as Student_Name , lab_report_submissions . Marks , `Notes`
FROM `lab_report_submissions`
INNER JOIN lab_reports_table on lab_reports_table . Lab_Report_ID = lab_report_submissions . Lab_Report_ID
INNER JOIN users_table on users_table . Student_ID = lab_report_submissions . Student_id
2022-11-08 15:24:36 +08:00
WHERE lab_report_submissions . Lab_Report_ID = '$lab' " ;
2020-03-16 15:23:14 +08:00
2021-10-18 23:37:47 +08:00
$export = mysqli_query ( $con , $select );
2020-03-16 15:23:14 +08:00
2021-10-18 23:37:47 +08:00
$fields = mysqli_num_fields ( $export );
2020-03-16 15:23:14 +08:00
2021-10-18 23:37:47 +08:00
for ( $i = 0 ; $i < $fields ; $i ++ ) {
$header .= mysqli_fetch_field_direct ( $export , $i ) -> name . " \t " ;
2020-10-02 17:02:20 +08:00
}
2020-03-16 15:23:14 +08:00
2021-10-18 23:37:47 +08:00
while ( $row = mysqli_fetch_row ( $export )) {
2020-10-02 17:02:20 +08:00
$line = '' ;
2021-10-18 23:37:47 +08:00
foreach ( $row as $value ) {
if (( ! isset ( $value )) || ( $value == " " )) {
2020-10-02 17:02:20 +08:00
$value = " \t " ;
2021-10-18 23:37:47 +08:00
} else {
$value = str_replace ( '"' , '""' , $value );
2020-10-02 17:02:20 +08:00
$value = '"' . $value . '"' . " \t " ;
}
$line .= $value ;
2020-03-16 15:23:14 +08:00
}
2021-10-18 23:37:47 +08:00
$data .= trim ( $line ) . " \n " ;
2020-03-16 15:23:14 +08:00
}
2021-10-18 23:37:47 +08:00
$data = str_replace ( " \r " , " " , $data );
2020-03-16 15:23:14 +08:00
2021-10-18 23:37:47 +08:00
if ( $data == " " ) {
$data = " \n (0) Records Found! \n " ;
2020-10-02 17:02:20 +08:00
}
2020-03-16 15:23:14 +08:00
2020-10-02 17:02:20 +08:00
header ( " Content-type: application/octet-stream " );
header ( " Content-Disposition: attachment; filename= $lab_name Garde Sheet.xls " );
header ( " Pragma: no-cache " );
header ( " Expires: 0 " );
print " $header\n $data " ;
}