Merge pull request '“修改了部分bug”' (#36) from LiangLigang into master

Reviewed-on: http://121.4.94.30:3000/mrlan/LRR/pulls/36
SMP-ZAYID-468-FEATURE
梁立港 2022-05-23 14:54:09 +08:00
commit 15a96c1b68
6 changed files with 1358 additions and 1160 deletions

1040
Course.php

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -7,6 +7,11 @@ session_start();
// 修改这一行设置你的文件下载目录 // 修改这一行设置你的文件下载目录
// IMPORTANT: Do not delete the following conditional test
if (strpos($_GET['file'], "../") != false) { // 检查是否有 ../,防止用户构造路径,访问某个他不应该访问的目录
die("Sorry. Nothing to download.");
}
$file = "./../../lrr_submission".$_GET['file']; $file = "./../../lrr_submission".$_GET['file'];
$filename = basename($file); $filename = basename($file);
@ -20,7 +25,7 @@ $type = filetype($file);
$today = date("F j, Y, g:i a"); $today = date("F j, Y, g:i a");
$time = time(); $time = time();
if ( (isset($_SESSION["user_student_id"]) && strpos($file, $_SESSION["user_student_id"])) || $_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "TA") { if ((isset($_SESSION["user_student_id"]) && strpos($file, $_SESSION["user_student_id"]) > 0) || $_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "TA" ) {
// 发送文件头部 // 发送文件头部
header("Content-type: $type"); header("Content-type: $type");
header('Content-Disposition: attachment;filename="'.urldecode($filename).'"'); header('Content-Disposition: attachment;filename="'.urldecode($filename).'"');

View File

@ -35,7 +35,6 @@ function is_valid_student_number($student_id)
// ############################### SIGN UP ################################## // ############################### SIGN UP ##################################
if (!empty($_POST["form_signup"])) { if (!empty($_POST["form_signup"])) {
$student_id = trim(mysqli_real_escape_string($con, $_POST["user_student_id"])); $student_id = trim(mysqli_real_escape_string($con, $_POST["user_student_id"]));
// validate student number // validate student number
@ -53,18 +52,19 @@ if (!empty($_POST["form_signup"])) {
return; return;
} }
// Check if the student number isn't already registered // Check if the student number isn't already registered
$student_result = mysqli_query($con, "SELECT * FROM `users_table` WHERE Student_ID='$student_id'"); $student_result = mysqli_query($con, "SELECT * FROM `users_table` WHERE Student_ID='$student_id'");
if (mysqli_num_rows($student_result) > 0) { if (mysqli_num_rows($student_result) > 0) {
$_SESSION["info_signup"] = "This Student ID is already in use! Please contact Student Management Office <lanhui at zjnu.edu.cn> for help."; $_SESSION["info_signup"] = "This Student ID is already in use! Please contact Student Management Office <lanhui at zjnu.edu.cn> for help.";
header("Location: signup.php"); header("Location: signup.php");
return; return;
} }
} }
// ############################### CREATE STUDENT USER ################################## // ############################### CREATE STUDENT USER ##################################
if (!empty($_POST["form_signup"])) { if (!empty($_POST["form_signup"])) {
$fullname = mysqli_real_escape_string($con, $_POST["fullname"]); $fullname = mysqli_real_escape_string($con, $_POST["fullname"]);
$student_id = mysqli_real_escape_string($con, $_POST["user_student_id"]); $student_id = mysqli_real_escape_string($con, $_POST["user_student_id"]);
$email = mysqli_real_escape_string($con, $_POST["email"]); $email = mysqli_real_escape_string($con, $_POST["email"]);
@ -270,7 +270,7 @@ if (!empty($_POST["frm_createlecturrer"])) {
$email = mysqli_real_escape_string($con, $_POST["email"]); $email = mysqli_real_escape_string($con, $_POST["email"]);
$fullname = mysqli_real_escape_string($con, $_POST["fullname"]); $fullname = mysqli_real_escape_string($con, $_POST["fullname"]);
$type = mysqli_real_escape_string($con, $_POST["type"]); $type = mysqli_real_escape_string($con, $_POST["type"]);
$password = $passport; $password = mysqli_real_escape_string($con, $_POST["passport"]);
// check if email is taken // check if email is taken
$result = mysqli_query($con, $result = mysqli_query($con,
"SELECT * FROM Users_Table WHERE email='$email'"); "SELECT * FROM Users_Table WHERE email='$email'");
@ -300,7 +300,7 @@ function is_valid_file_format($file)
'cvc', 'c', 'class', 'cpp', 'h', 'java', 'sh', 'swift', 'zip', 'rar', 'ods', 'xlr', 'bak', 'ico', 'swf' 'cvc', 'c', 'class', 'cpp', 'h', 'java', 'sh', 'swift', 'zip', 'rar', 'ods', 'xlr', 'bak', 'ico', 'swf'
); );
utf8_encode($filename = $_FILES[$file]['name']); $filename = $_FILES[$file]['name'];
$ext = pathinfo($filename, PATHINFO_EXTENSION); $ext = pathinfo($filename, PATHINFO_EXTENSION);
$result = in_array($ext, $allowed); $result = in_array($ext, $allowed);
return $result; return $result;
@ -452,10 +452,8 @@ function checksize($file)
} }
// ############################### Submit Assignment ################################## // ############################### Submit Assignment ##################################
if (!empty($_POST["frm_submitlab"])) { if (!empty($_POST["frm_submitlab"])) {
/* Posting values to database */
$lab_id = mysqli_real_escape_string($con, $_POST["lab_id"]); $lab_id = mysqli_real_escape_string($con, $_POST["lab_id"]);
$student_id = $_POST["student_id"]; $student_id = $_POST["student_id"];
$group_id = $_POST["group_id"]; $group_id = $_POST["group_id"];
@ -552,19 +550,19 @@ if (!empty($_POST["frm_submitlab"])) {
$targetfile4 = ""; $targetfile4 = "";
if (strlen($_FILES['attachment1']['name']) > 2) { // why greater than 2??? if (strlen($_FILES['attachment1']['name']) > 2) { // why greater than 2???
$targetfile = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . $_FILES['attachment1']['name']; $targetfile = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment1']['name']);
} }
if (strlen($_FILES['attachment2']['name']) > 2) { if (strlen($_FILES['attachment2']['name']) > 2) {
$targetfile2 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . $_FILES['attachment2']['name']; $targetfile2 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment2']['name']);
} }
if (strlen($_FILES['attachment3']['name']) > 2) { if (strlen($_FILES['attachment3']['name']) > 2) {
$targetfile3 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . $_FILES['attachment3']['name']; $targetfile3 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment3']['name']);
} }
if (strlen($_FILES['attachment4']['name']) > 2) { if (strlen($_FILES['attachment4']['name']) > 2) {
$targetfile4 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . $_FILES['attachment4']['name']; $targetfile4 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment4']['name']);
} }
// When $group_id is not properly initialized, use integer 0 as its value. // When $group_id is not properly initialized, use integer 0 as its value.
@ -597,9 +595,9 @@ if (!empty($_POST["frm_submitlab"])) {
// JOIN COURSE // JOIN COURSE
if (!empty($_GET["JoinCourse"])) { if (!empty($_GET["JoinCourse"])) {
$id = $_GET["id"]; $id = mysqli_real_escape_string($con, $_GET["id"]);
$student_id = $_GET["std"]; $student_id = mysqli_real_escape_string($con, $_GET["std"]);
$joining = $_GET["joining"]; $joining = mysqli_real_escape_string($con, $_GET["joining"]);
$status = "Pending"; $status = "Pending";
if ($joining == 0) { if ($joining == 0) {
@ -626,12 +624,12 @@ if (!empty($_GET["JoinCourse"])) {
if (!empty($_GET["savemarks"])) { if (!empty($_GET["savemarks"])) {
$id = $_GET["id"]; $id = mysqli_real_escape_string($con, $_GET["id"]);
$marks = $_GET["marks"]; $marks = mysqli_real_escape_string($con, $_GET["marks"]);
$total = $_GET["total"]; $total = mysqli_real_escape_string($con, $_GET["total"]);
$feedback = $_GET["feedback"]; $feedback = mysqli_real_escape_string($con, $_GET["feedback"]);
$header = $_GET["header"]; $header = mysqli_real_escape_string($con, $_GET["header"]);
$labid = $_GET["labid"]; $labid = mysqli_real_escape_string($con, $_GET["labid"]);
$status = "Marked"; $status = "Marked";
if ($marks > $total) { if ($marks > $total) {
@ -660,12 +658,12 @@ if (!empty($_GET["savemarks"])) {
#Update Report Visibility #Update Report Visibility
if (!empty($_GET["updatevisibility"])) { if (!empty($_GET["updatevisibility"])) {
$id = $_GET["id"]; $id = mysqli_real_escape_string($con, $_GET["id"]);
$marks = $_GET["marks"]; $marks = mysqli_real_escape_string($con, $_GET["marks"]);
$total = $_GET["total"]; $total = mysqli_real_escape_string($con, $_GET["total"]);
$status = $_GET["status"]; $status = mysqli_real_escape_string($con, $_GET["status"]);
$header = $_GET["header"]; $header = mysqli_real_escape_string($con, $_GET["header"]);
$labid = $_GET["labid"]; $labid = mysqli_real_escape_string($con, $_GET["labid"]);
$sql = "UPDATE `lab_report_submissions` SET `Visibility`='$status' WHERE Submission_ID=$id $sql = "UPDATE `lab_report_submissions` SET `Visibility`='$status' WHERE Submission_ID=$id
"; ";
@ -683,11 +681,11 @@ if (!empty($_GET["updatevisibility"])) {
if (!empty($_GET["remarking"])) { if (!empty($_GET["remarking"])) {
$id = $_GET["id"]; $id = mysqli_real_escape_string($con, $_GET["id"]);
$url = $_GET["url"]; $url = mysqli_real_escape_string($con, $_GET["url"]);
$status = $_GET["status"]; $status = mysqli_real_escape_string($con, $_GET["status"]);
$details = $_GET["details"]; $details = mysqli_real_escape_string($con, $_GET["details"]);
$sql = "UPDATE `lab_report_submissions` SET `Status`='Remarking',Remarking_Reason='$details' WHERE Submission_ID=$id $sql = "UPDATE `lab_report_submissions` SET `Status`='Remarking',Remarking_Reason='$details' WHERE Submission_ID=$id
"; ";
@ -705,10 +703,10 @@ if (!empty($_GET["remarking"])) {
if (!empty($_GET["creategroup"])) { if (!empty($_GET["creategroup"])) {
$student_id = $_GET["student_id"]; $student_id = mysqli_real_escape_string($con, $_GET["student_id"]);
$url = $_GET["url"]; $url = mysqli_real_escape_string($con, $_GET["url"]);
$id = $_GET["id"]; $id = mysqli_real_escape_string($con, $_GET["id"]);
$name = $_GET["name"]; $name = mysqli_real_escape_string($con, $_GET["name"]);
$sql = "INSERT INTO `course_groups_table`(`Group_Name`, $sql = "INSERT INTO `course_groups_table`(`Group_Name`,
`Group_Leader`, `Course_id`) VALUES ('$name',$student_id,$id)"; `Group_Leader`, `Course_id`) VALUES ('$name',$student_id,$id)";
@ -737,10 +735,10 @@ if (!empty($_GET["creategroup"])) {
if (!empty($_GET["groupinvite"])) { if (!empty($_GET["groupinvite"])) {
$student_id = $_GET["student_id"]; $student_id = mysqli_real_escape_string($con, $_GET["student_id"]);
$url = $_GET["url"]; $url = mysqli_real_escape_string($con, $_GET["url"]);
$courseid = $_GET["courseid"]; $courseid = mysqli_real_escape_string($con, $_GET["courseid"]);
$groupid = $_GET["groupid"]; $groupid = mysqli_real_escape_string($con, $_GET["groupid"]);
$result = mysqli_query($con, "SELECT * FROM course_group_members_table where Course_Group_id = '$groupid' and Student_ID = '$student_id'"); $result = mysqli_query($con, "SELECT * FROM course_group_members_table where Course_Group_id = '$groupid' and Student_ID = '$student_id'");
if (mysqli_num_rows($result) > 0) { if (mysqli_num_rows($result) > 0) {
@ -796,10 +794,10 @@ if (!empty($_GET["groupinvite"])) {
if (!empty($_GET["acceptinvite"])) { if (!empty($_GET["acceptinvite"])) {
$student_id = $_GET["student_id"]; $student_id = mysqli_real_escape_string($con, $_GET["student_id"]);
$url = $_GET["url"]; $url = mysqli_real_escape_string($con, $_GET["url"]);
$action = $_GET["action"]; $action = mysqli_real_escape_string($con, $_GET["action"]);
$groupid = $_GET["groupid"]; $groupid = mysqli_real_escape_string($con, $_GET["groupid"]);
if ($action == 1) { if ($action == 1) {
$sql = "Update `course_group_members_table` set Status='Joined' where Course_Group_id =$groupid and student_id=$student_id $sql = "Update `course_group_members_table` set Status='Joined' where Course_Group_id =$groupid and student_id=$student_id
@ -821,14 +819,14 @@ if (!empty($_GET["acceptinvite"])) {
if (!empty($_GET["extenddeadline"])) { if (!empty($_GET["extenddeadline"])) {
$id = $_GET["id"]; $id = mysqli_real_escape_string($con, $_GET["id"]);
$date = $_GET["date"]; $date = mysqli_real_escape_string($con, $_GET["date"]);
$time = $_GET["time"]; $time = mysqli_real_escape_string($con, $_GET["time"]);
$type = $_GET["type"]; $type = mysqli_real_escape_string($con, $_GET["type"]);
$stdid = $_GET["stdid"]; $stdid = mysqli_real_escape_string($con, $_GET["stdid"]);
$reason = $_GET["reason"]; $reason = mysqli_real_escape_string($con, $_GET["reason"]);
$url = $_GET["url"]; $url = mysqli_real_escape_string($con, $_GET["url"]);
$deadline = $date . " " . $time; $deadline = $date . " " . $time;
if ($type == 1) { if ($type == 1) {
@ -852,11 +850,11 @@ if (!empty($_GET["extenddeadline"])) {
if (!empty($_GET["ignoreremarking"])) { if (!empty($_GET["ignoreremarking"])) {
$id = $_GET["id"]; $id = mysqli_real_escape_string($con, $_GET["id"]);
$total = $_GET["total"]; $total = mysqli_real_escape_string($con, $_GET["total"]);
$header = $_GET["header"]; $header = mysqli_real_escape_string($con, $_GET["header"]);
$subid = $_GET["subid"]; $subid = mysqli_real_escape_string($con, $_GET["subid"]);
$sql = "UPDATE lab_report_submissions SET Status='Marked' WHERE Submission_ID=$subid"; $sql = "UPDATE lab_report_submissions SET Status='Marked' WHERE Submission_ID=$subid";
@ -873,8 +871,8 @@ if (!empty($_GET["ignoreremarking"])) {
if (!empty($_GET["assignTA"])) { if (!empty($_GET["assignTA"])) {
$id = $_GET["id"]; $id = mysqli_real_escape_string($con, $_GET["id"]);
$ta = $_GET["ta"]; $ta = mysqli_real_escape_string($con, $_GET["ta"]);
$sql = "INSERT INTO `course_ta`(`Course_ID`, `TA`) VALUES ($id,$ta)"; $sql = "INSERT INTO `course_ta`(`Course_ID`, `TA`) VALUES ($id,$ta)";
@ -891,8 +889,8 @@ if (!empty($_GET["assignTA"])) {
if (!empty($_GET["AcceptStudent"])) { if (!empty($_GET["AcceptStudent"])) {
$id = $_GET["id"]; $id = mysqli_real_escape_string($con, $_GET["id"]);
$rs = $_GET["rs"]; $rs = mysqli_real_escape_string($con, $_GET["rs"]);
if ($rs == "yes") { if ($rs == "yes") {
$sql = "Update course_students_table set Status='Joined' Where ID=$id"; $sql = "Update course_students_table set Status='Joined' Where ID=$id";
@ -919,12 +917,12 @@ if (!empty($_GET["AcceptStudent"])) {
if (!empty($_GET["action"])) { if (!empty($_GET["action"])) {
$action = $_GET["action"]; $action = $_GET["action"];
$uid = $_GET["uid"]; $uid = mysqli_real_escape_string($con, $_GET["uid"]);
$pass = $_GET["pass"]; $pass = mysqli_real_escape_string($con, $_GET["pass"]);
$pass = password_hash($pass, PASSWORD_DEFAULT); $pass = password_hash($pass, PASSWORD_DEFAULT);
$status = $_GET["status"]; $status = mysqli_real_escape_string($con, $_GET["status"]);
// validate uid // validate uid
if (intval($uid) < 0) { if (intval($uid) < 0) {
@ -932,12 +930,12 @@ if (!empty($_GET["action"])) {
return; return;
} }
if ($action == "passchange") { if ($action == "passchange" && $_SESSION['user_id'] == $uid) {
$sql = "UPDATE users_table set Password='$pass' where User_ID=$uid;"; $sql = "UPDATE users_table set Password='$pass' where User_ID=$uid;";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
error_reporting(0); error_reporting(0);
echo "Password has been changed"; echo "Password has been changed";
// return; //return;
$_SESSION["infoChangePassword"] = $type . " User password was changed successfully."; $_SESSION["infoChangePassword"] = $type . " User password was changed successfully.";
header("Location: index.php"); header("Location: index.php");
} else { } else {
@ -946,7 +944,7 @@ if (!empty($_GET["action"])) {
} }
} }
if ($action == "statuschange") { if ($action == "statuschange" && $_SESSION['user_id'] == $uid && ($_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "Admin")) {
$sql = "UPDATE users_table set Status='$status' where User_ID=$uid;"; $sql = "UPDATE users_table set Status='$status' where User_ID=$uid;";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
$_SESSION["info_Admin_Users"] = $type . " user Status updated successfully "; $_SESSION["info_Admin_Users"] = $type . " user Status updated successfully ";
@ -1007,8 +1005,8 @@ if (!empty($_POST["frm_createCourse"])) {
if (!empty($_GET["exportgrade"])) { if (!empty($_GET["exportgrade"])) {
$lab = $_GET["lab"]; $lab = mysqli_real_escape_string($con, $_GET["lab"]);
$lab_name = $_GET["lab_name"]; $lab_name = mysqli_real_escape_string($con, $_GET["lab_name"]);
error_reporting(0); error_reporting(0);

View File

@ -10,7 +10,7 @@ $group_id = $_SESSION["user_group_id"];
$c_date = date("Y-m-d H:i"); $c_date = date("Y-m-d H:i");
if (!empty($_GET["id"])) { if (!empty($_GET["id"])) {
$id = $_GET["id"]; $id = mysqli_real_escape_string($con, $_GET["id"]);
$course_id = $id; $course_id = $id;
} }
@ -139,7 +139,6 @@ where Lab_Report_ID=$id and lab_report_submissions.Status='Pending' order by Sub
if (mysqli_num_rows($result1) == 0) { if (mysqli_num_rows($result1) == 0) {
echo "No Un-Marked Submissions for this Lab Report."; echo "No Un-Marked Submissions for this Lab Report.";
} else { } else {
$mark_submission_btn_counter = 0;
while ($row = mysqli_fetch_assoc($result1)) { while ($row = mysqli_fetch_assoc($result1)) {
$title = $row['Title']; $title = $row['Title'];
$Marks = $row['Marks']; $Marks = $row['Marks'];
@ -158,7 +157,6 @@ where Lab_Report_ID=$id and lab_report_submissions.Status='Pending' order by Sub
$groupname = $row['Group_Name']; $groupname = $row['Group_Name'];
$groupleader = $row['Group_Leader']; $groupleader = $row['Group_Leader'];
$student_id = $row['sub_std']; $student_id = $row['sub_std'];
$mark_submission_btn_counter += 1;
if ($submitted_group == 0) { if ($submitted_group == 0) {
$submitted_by = $student_name . "(" . $student_id . ")"; $submitted_by = $student_name . "(" . $student_id . ")";
@ -186,7 +184,7 @@ where Lab_Report_ID=$id and lab_report_submissions.Status='Pending' order by Sub
echo " <k href='#'> <div class='btn btn-default break-word' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'> echo " <k href='#'> <div class='btn btn-default break-word' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'>
$title <br> by: <b> $submitted_by </b> $title <br> by: <b> $submitted_by </b>
<br> <span style='font-size:8pt'>Submitted : $posted <button class='btn-sm btn-info' style='margin-left:50px;' onclick='mark($Submission_ID,\"$title\",$total)' id='mark_submission_btn_$mark_submission_btn_counter'> Mark Submission</button><br> Attachments : $full_link </span> <br> <span style='font-size:8pt'>Submitted : $posted <button class='btn-sm btn-info' style='margin-left:50px;' onclick='mark($Submission_ID,\"$title\",$total)'> Mark Submission</button><br> Attachments : $full_link </span>
</div></k>"; </div></k>";
} }
} }
@ -421,8 +419,8 @@ where course_group_members_table.Course_Group_id=$id");
try { try {
$('<form id="submit-form" method="get" action="Script.php">' + title + '(' + marks + ' marks) <input type="hidden" name="savemarks" value="true">\n\ $('<form id="submit-form" method="get" action="Script.php">' + title + '(' + marks + ' marks) <input type="hidden" name="savemarks" value="true">\n\
<input type="hidden" name="total" value="' + marks + '" > <input type="hidden" name="id" value="' + id + '" ><br> Marks <input type="text" name="marks" id="marks">\n\ <input type="hidden" name="total" value="' + marks + '" > <input type="hidden" name="id" value="' + id + '" ><br> Marks <input type="text" name="marks">\n\
Comments <textarea name="feedback" id="feedback"></textarea> \n\ Comments <textarea name="feedback"></textarea> \n\
<input type="hidden" name="labid" value="<?php echo $course_id; ?>"> <input type="hidden" name="header" value="<?php echo $header; ?>"> </form>').dialog({ <input type="hidden" name="labid" value="<?php echo $course_id; ?>"> <input type="hidden" name="header" value="<?php echo $header; ?>"> </form>').dialog({
modal: true, modal: true,
title: 'Mark Submission', title: 'Mark Submission',
@ -472,4 +470,4 @@ Update Visibility<br><select name="status"> <option> Public </option><option>Pri
alert(e); alert(e);
} }
} }
</script> </script>

View File

@ -3,123 +3,133 @@ include 'NoDirectPhpAcess.php';
?> ?>
<?php <?php
$page = 'Submit LAB+'; $page='Submit LAB+';
include 'Header.php'; include 'Header.php';
?> ?>
<div class='row' style='width:80%;margin:auto;'> <div class='row' style='width:80%;margin:auto;'>
<?php
$c_date = date("Y-m-d H:i"); <?php
$student_id = $_SESSION["user_student_id"];
if (!empty($_GET["id"])) { $c_date = date("Y-m-d H:i");
$id = $_GET["id"]; $student_id = $_SESSION["user_student_id"];
$url = $_GET["url"];
if(!empty($_GET["id"]))
$result1 = mysqli_query($con, " SELECT `Type`, `Lab_Report_ID`, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, `Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4` FROM `lab_reports_table` WHERE Lab_Report_ID=$id and Deadline > '$c_date' ORDER by Lab_Report_ID DESC"); {
if (mysqli_num_rows($result1) == 0) { $id = mysqli_real_escape_string($con, $_GET["id"]);
echo "No active assignments for this course so far."; $url = mysqli_real_escape_string($con, $_GET["url"]);
} else {
$result1 = mysqli_query($con," SELECT `Type`, `Lab_Report_ID`, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, `Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4` FROM `lab_reports_table` WHERE Lab_Report_ID=$id and Deadline > '$c_date' ORDER by Lab_Report_ID DESC");
while ($row = mysqli_fetch_assoc($result1)) { if(mysqli_num_rows($result1) == 0)
{
$Course_ID = $row['Course_ID']; echo "No active assignments for this course so far.";
$title = $row['Title'];
$ins = $row['Instructions']; } else {
$posted = $row['Posted_Date'];
$deadline = $row['Deadline']; while($row = mysqli_fetch_assoc($result1)) {
$att1 = $row['Attachment_link_1'];
$att2 = $row['Attachment_link_2']; $Course_ID = $row['Course_ID'];
$att3 = $row['Attachment_link_3']; $title = $row['Title'];
$att4 = $row['Attachment_link_4']; $ins = $row['Instructions'];
$labid = $row['Lab_Report_ID']; $posted = $row['Posted_Date'];
$type = $row['Type']; $deadline = $row['Deadline'];
$att1 = $row['Attachment_link_1'];
//----------------------------------Giving both the Group Admin and Group Members same priviledges to submit assignment-------------------------------------- $att2 = $row['Attachment_link_2'];
if ($type == "Group") { $att3 = $row['Attachment_link_3'];
$resultx1 = mysqli_query($con, "SELECT Course_Group_id FROM `course_groups_table` WHERE (Course_id=$Course_ID) and ((Group_Member=$student_id ) or (Group_Member2=$student_id ) or (Group_Member3=$student_id ) or (Group_Member4=$student_id ) or (Group_Leader=$student_id))"); $att4 = $row['Attachment_link_4'];
while ($row = mysqli_fetch_assoc($resultx1)) { $labid = $row['Lab_Report_ID'];
$_SESSION["Group_ID"] = $row['Course_Group_id']; $type = $row['Type'];
}
//----------------------------------Giving both the Group Admin and Group Members same priviledges to submit assignment--------------------------------------
if ($_SESSION["Group_ID"] < 1) { if($type=="Group"){
echo " <center><h3> This Lab report can only be submitted by Group Admin </h3> </center> "; $resultx1 = mysqli_query($con,"SELECT Course_Group_id FROM `course_groups_table` WHERE (Course_id=$Course_ID) and ((Group_Member=$student_id ) or (Group_Member2=$student_id ) or (Group_Member3=$student_id ) or (Group_Member4=$student_id ) or (Group_Leader=$student_id))");
return; while($row = mysqli_fetch_assoc($resultx1)) {
} $_SESSION["Group_ID"] = $row['Course_Group_id'];
}
if($_SESSION["Group_ID"] < 1)
{
echo" <center><h3> This Lab report can only be submitted by Group Admin </h3> </center> ";
return;
} }
}
$full_link = "<a href='~\..\Lab_Report_Assignments\\$att1'>$att1</a>";
if ($att2 != "") { $full_link="<a href='~\..\Lab_Report_Assignments\\$att1'>$att1</a>";
$full_link = $full_link . "| <a href='~\..\Lab_Report_Assignments\\$att2'>$att2</a>";
} if($att2!=""){
if ($att3 != "") { $full_link = $full_link."| <a href='~\..\Lab_Report_Assignments\\$att2'>$att2</a>";
$full_link = $full_link . "| <a href='~\..\Lab_Report_Assignments\\$att3'>$att3</a>"; }
} if($att3!=""){
$full_link = $full_link."| <a href='~\..\Lab_Report_Assignments\\$att3'>$att3</a>";
if ($att4 != "") { }
$full_link = $full_link . "| <a href='~\..\Lab_Report_Assignments\\$att4'>$att4</a>";
} if($att4!=""){
$full_link = $full_link."| <a href='~\..\Lab_Report_Assignments\\$att4'>$att4</a>";
echo " <div class='alert' style='margin-left:20px;border-bottom:2px solid #1D91EF;'> <a href='~\..\Courses.php?course=$url'> }
echo " <div class='alert' style='margin-left:20px;border-bottom:2px solid #1D91EF;'> <a href='~\..\Courses.php?course=$url'>
Courses > $url > Submlit Lab Report > $title Courses > $url > Submlit Lab Report > $title
<br> <br>
</a></div> </a></div>
"; ";
echo ""; echo "";
}
} }
} }
}
$Group_ID = $_SESSION["Group_ID"]; $Group_ID = $_SESSION["Group_ID"];
?> ?>
</div> </div>
<div style="width:80%;margin:auto;"> <div style="width:80%;margin:auto;">
<h3> Submit Lab Report Assignment </h3> <h3> Submit Lab Report Assignment </h3>
<hr> <hr>
<div class="row"> <div class="row">
<div class="col-md-6">
<div class="col-md-6"> <form method='post' enctype='multipart/form-data' action='Script.php'>
<input type='hidden' name='frm_submitlab' value='true' required=''/>
<input type='hidden' name='lab_id' value='<?php echo $id; ?>' required=''/>
<input type='hidden' name='student_id' value='<?php echo $student_id; ?>' required=''/>
<input type='hidden' name='group_id' value='<?php echo $Group_ID; ?>' required=''/>
<input type='hidden' name='url' value='<?php echo $url; ?>' required=''/>
Title
<input type='text' name='title' placeholder='Ttle' class='form-control' required=''>
<form method='post' enctype='multipart/form-data' action='Script.php' id="submit_lab_report_form"> Attachment 1
<input type='hidden' name='frm_submitlab' value='true' required='' /> <input type='file' name='attachment1' placeholder='Attachment 1' class='form-control' required=''>
<input type='hidden' name='lab_id' value='<?php echo $id; ?>' required='' />
<input type='hidden' name='student_id' value='<?php echo $student_id; ?>' required='' />
<input type='hidden' name='group_id' value='<?php echo $Group_ID; ?>' required='' />
<input type='hidden' name='url' value='<?php echo $url; ?>' required='' />
Title Attachment 2
<input type='text' name='title' placeholder='Ttle' class='form-control' required='' id="title"> <input type='file' name='attachment2' placeholder='Attachment 2' class='form-control'>
Attachment 1 </div>
<input type='file' name='attachment1' placeholder='Attachment 1' class='form-control' required='' id="attachment1">
Attachment 2 <div class="col-md-6">
<input type='file' name='attachment2' placeholder='Attachment 2' class='form-control'>
</div> Attachment 3
<input type='file' name='attachment3' placeholder='Attachment 3' class='form-control' >
<div class="col-md-6"> Attachment 4
<input type='file' name='attachment4' placeholder='Attachment 4' class='form-control' >
<br>
<input type='submit' class='btn btn-primary' value='Submit Lab Assignment'><br>
</form>
</div>
Attachment 3 </div>
<input type='file' name='attachment3' placeholder='Attachment 3' class='form-control'>
</div>
Attachment 4
<input type='file' name='attachment4' placeholder='Attachment 4' class='form-control'>
<br>
<input type='submit' class='btn btn-primary' value='Submit Lab Assignment' id="submit_lab_assignment_btn"><br>
</form>
</div>
</div>
</div>