mrlan
/
LRR
3
0
Fork 2
Code Issues Pull Requests 7 Projects Releases Wiki Activity

Merge pull request '“修改了部分bug”' (#36) from LiangLigang into master 

Reviewed-on: http://121.4.94.30:3000/mrlan/LRR/pulls/36
SMP-ZAYID-468-FEATURE
梁立港 2022-05-23 14:54:09 +08:00
parent 5fa0c1e040 eb532d10af
commit 15a96c1b68
6 changed files with 1358 additions and 1160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

304
Course.php
View File

@ -2,6 +2,7 @@
include 'NoDirectPhpAcess.php';
?>
<?php
$page='Courses+';
include 'Header.php';
@ -9,8 +10,10 @@ $student_id = $_SESSION["user_student_id"];
$group_id = $_SESSION["user_group_id"];
$c_date = date("Y-m-d H:i");
if (!empty($_GET["url"])) {
$course_url = $_GET["url"];
if(!empty($_GET["url"]))
{
$course_url = mysqli_real_escape_string($con, $_GET["url"]);
$result = mysqli_query($con,"SELECT `Course_ID`, `Course_Name`, `Academic_Year`, `Faculty`,"
. " `Lecturer_User_ID`, `TA_User_ID`, `Course_Code`, `URL`, `Verify_New_Members` "
. " , users_table.Full_Name FROM `courses_table` INNER JOIN users_table"
@ -19,6 +22,7 @@ if (!empty($_GET["url"])) {
if(mysqli_num_rows($result)==0) {
echo "No course matching the given course URL: ".$course_url;
} else {
while($row = mysqli_fetch_assoc($result)) {
$name = $row['Course_Name'];
@ -66,9 +70,12 @@ if (!empty($_GET["url"])) {
</div>
<?php
if ($_SESSION['user_type'] == "Student") {
if( $_SESSION['user_type'] == "Student")
{
?>
<hr>
@ -90,88 +97,7 @@ if ($_SESSION['user_type'] == "Student") {
<a class="nav-link" data-toggle="tab" href="#menu3">Submitted</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="tab" href="#menu4" id="marked_tab">Marked</a>
</li>
<!----------Delete Course Button----------->
<li>
<html>
<body>
<div class="modal fade" id="delcourse">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h2 class="modal-title">Please confirm!</h2>
<button type="button" class="close red" data-dismiss="modal">
<span>&times;</span>
</button>
</div>
<div class="modal-body">
<p>Are you sure about deleting this course? This action can not be reversed!</p>
</div>
<div class="modal-footer">
<form method="POST" action="">
<button type="button" class="btn action-button blue" data-dismiss="modal">Cancel</button>
<input type="submit" name="submit" class="btn action-button red" value="Delete" />
</form>
</div>
</div>
</div>
</div>
</div>
<div class="row">
<div class="col">
<button type="button" class="btn action-button red" data-toggle="modal" data-target="#delcourse">Delete Course</button>
</div>
</div>
</div>
</div>
<?php
// Connect to MySQL database
$con = mysqli_connect("localhost", $mysql_username, $mysql_password, "lrr");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if (isset($_POST['submit'])) {
header("Location: Courses.php");
$result = mysqli_query($con, "DELETE FROM course_students_table WHERE Course_ID='$course_id'");
}
?>
<script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script>
<style>
/*--------------------[ Delete Course Button ]*/
.action-button {
font-family: 'Pacifico', cursive;
font-size: 18px;
color: #FFF;
text-decoration: none;
}
.red {
background-color: #E74C3C;
border-bottom: 5px solid #BD3E31;
text-shadow: 0px -2px #BD3E31;
}
.blue {
background-color: #4d4dff;
border-bottom: 5px solid #4d4dff;
text-shadow: 0px -2px #4d4dff;
}
</style>
</body>
</html>
<a class="nav-link" data-toggle="tab" href="#menu4">Marked</a>
</li>
</ul>
@ -184,13 +110,15 @@ if ($_SESSION['user_type'] == "Student") {
$sql="SELECT course_group_members_table.Course_Group_id FROM course_group_members_table INNER JOIN course_groups_table ON course_group_members_table.Course_Group_id = course_groups_table.Course_Group_id WHERE course_group_members_table.Student_ID=$student_id and course_groups_table.Course_id=$course_id";
$resultx1 = mysqli_query($con, $sql);
while ($row = mysqli_fetch_assoc($resultx1)) {
while($row = mysqli_fetch_assoc($resultx1))
{
$_SESSION['group_id'] = $row['Course_Group_id'];
}
$group_id = $_SESSION['group_id'];
if ($group_id == "") {
if($group_id == "")
{
$group_id = 0; // no group. If the student has a group, the group number should be greater than 0.
}
@ -199,16 +127,17 @@ if ($_SESSION['user_type'] == "Student") {
// (3) none of the student's group members have already submitted
// the assignment.
$var = "SELECT Type, Lab_Report_ID, Marks, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, lab_reports_table.Title, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`" .
$sql_stmt = "SELECT Type, Lab_Report_ID, Marks, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, lab_reports_table.Title, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`".
" FROM `lab_reports_table`".
" WHERE Course_ID=$course_id".
" AND (Deadline > '$c_date' OR Lab_Report_ID IN (SELECT `Lab_Report_ID` FROM `extended_deadlines_table` WHERE Student_ID=$student_id AND Extended_Deadline_Date > '$c_date' AND Lab_Report_ID IN (SELECT Lab_Report_ID FROM lab_reports_table WHERE Course_ID=$course_id)))".
" AND Lab_Report_ID NOT IN (SELECT Lab_Report_ID FROM lab_report_submissions WHERE Course_Group_id IN (SELECT Course_Group_id FROM course_group_members_table WHERE Student_ID=$student_id))".
" ORDER BY Lab_Report_ID DESC";
$result1 = mysqli_query($con, $var);
$result1 = mysqli_query($con, $sql_stmt);
if (mysqli_num_rows($result1) == 0) {
if(mysqli_num_rows($result1)==0)
{
echo "No active assignments for this course so far.";
} else {
@ -239,22 +168,23 @@ if ($_SESSION['user_type'] == "Student") {
}
echo " <k href='#'> <div class='btn btn-default break-word' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'>
$title ($type) <br> <span style='font-size:8pt'> $ins</span>
<br> <span style='font-size:8pt'>Posted : $posted &nbsp;&nbsp;&nbsp;&nbsp; Deadline : $deadline &nbsp;&nbsp;&nbsp;&nbsp;($Marks Marks) &nbsp; &nbsp;&nbsp;&nbsp; &nbsp;<a href='~\..\SubmitLab.php?id=$labid&url=$url' class='btn-sm btn-info' style='margin-left:50px;' id='submit_lab_report_btn'> Submit Lab Report</a><br> Attachments : $full_link </span>
<br> <span style='font-size:8pt'>Posted : $posted &nbsp;&nbsp;&nbsp;&nbsp; Deadline : $deadline &nbsp;&nbsp;&nbsp;&nbsp;($Marks Marks) &nbsp; &nbsp;&nbsp;&nbsp; &nbsp;<a href='~\..\SubmitLab.php?id=$labid&url=$url' class='btn-sm btn-info' style='margin-left:50px;'> Submit Lab Report</a><br> Attachments : $full_link </span>
</div></k>";
}
}
}}
echo "";
?>
</div>
<div id="menu2" class="container tab-pane"><br>
<?php
$group_id=$_SESSION['group_id'];
if ($group_id == "") {
$group_id = -1;
} // Individual assignment does not require the student to have a group id. Therefore, the group is an empty string. To make the following SQL statement work properly, initialize the group id to -1.
if($group_id == ""){$group_id = -1;} // Individual assignment does not require the student to have a group id. Therefore, the group is an empty string. To make the following SQL statement work properly, initialize the group id to -1.
$result = mysqli_query($con,"SELECT Lab_Report_ID,Marks, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, lab_reports_table.Title, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`
FROM `lab_reports_table`
WHERE
@ -267,8 +197,12 @@ Lab_Report_ID not in (select Lab_Report_ID from lab_report_submissions where (St
. ""
. "ORDER by Lab_Report_ID DESC");
if (mysqli_num_rows($result) == 0) {
if(mysqli_num_rows($result)==0)
{
echo "You missed no lab reports in this course.";
} else {
while($row = mysqli_fetch_assoc($result)) {
$title=$row['Title'];
@ -282,6 +216,9 @@ Lab_Report_ID not in (select Lab_Report_ID from lab_report_submissions where (St
$att4=$row['Attachment_link_4'];
$id=$row['Lab_Report_ID'];
$full_link="<a href='~\..\Lab_Report_Assignments\\$att1'>$att1</a>";
if($att2!=""){
@ -293,25 +230,28 @@ Lab_Report_ID not in (select Lab_Report_ID from lab_report_submissions where (St
if($att4!=""){
$full_link= $full_link."| <a href='~\..\Lab_Report_Assignments\\$att4'>$att4</a>";
};
}
;
echo "<div class='btn btn-default break-word' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'><span class='btn-sm btn-warning' style='margin-left:0px;'>MISSED</span> $title ($marks Marks) <br> <span style='font-size:8pt'> $ins</span>
<br> <span style='font-size:8pt'>Posted: $posted<br> Deadline: $deadline &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<br> Attachments : $full_link </span>
</div>";
}
}
}}
echo "";
?>
</div>
<div id="menu3" class="container tab-pane"><br>
<?php
$group_id = $_SESSION['group_id'];
if ($group_id == "") {
$group_id = -1;
} // This fixes "Submitted report not shown" http://118.25.96.118/bugzilla/show_bug.cgi?id=176
if($group_id==""){$group_id=-1;} // This fixes "Submitted report not shown" http://118.25.96.118/bugzilla/show_bug.cgi?id=176
$sql_stmt = "SELECT Lab_Report_ID, Marks, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, lab_reports_table.Title, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`
FROM `lab_reports_table`
@ -320,8 +260,11 @@ Lab_Report_ID not in (select Lab_Report_ID from lab_report_submissions where (St
$resultx = mysqli_query($con, $sql_stmt);
if (mysqli_num_rows($resultx) == 0) {
if(mysqli_num_rows($resultx)==0)
{
echo "You have no lab report submissions in this course.";
} else {
while($row = mysqli_fetch_assoc($resultx)) {
$lab_repo_id=$row['Lab_Report_ID'];
@ -335,7 +278,8 @@ Lab_Report_ID not in (select Lab_Report_ID from lab_report_submissions where (St
$att3=$row['Attachment_link_3'];
$att4=$row['Attachment_link_4'];
$id = $row['Lab_Report_ID'];
if ($c_date < $deadline) {
if( $c_date < $deadline)
{
$submittedx="<a href='~\..\SubmitLab.php?id=$id&url=$url' class='btn-sm btn-default'><i class='fa fa-check-circle'></i> Re-Submit </a>";
}
@ -357,6 +301,7 @@ Lab_Report_ID not in (select Lab_Report_ID from lab_report_submissions where (St
<br> <span style='font-size:8pt'>Posted : $posted Deadline : $deadline ($marks Marks) &nbsp; &nbsp; $submittedx&nbsp; <span class='btn-sm btn-success' style='margin-left:50px;'><i class='fa fa-Edit-circle'></i> Submitted </span>
<br> Submitted files: ";
$Sub_result = mysqli_query($con,"SELECT `Submission_ID`, `Submission_Date`, lab_report_submissions.Lab_Report_ID,
lab_report_submissions.Student_id sub_std, lab_report_submissions.Course_Group_id, `Attachment1`,
`Notes`, `Attachment2`, `Attachment3`, `Attachment4`, `Marks`, lab_report_submissions.Status,
@ -366,8 +311,10 @@ Left JOIN users_table on users_table.Student_ID=lab_report_submissions.Student_
left JOIN course_group_members_table on course_group_members_table.Course_Group_id=lab_report_submissions.Course_Group_id
where Lab_Report_ID=$lab_repo_id and (lab_report_submissions.Student_id='$student_id')");
if (mysqli_num_rows($Sub_result) == 0) {
if(mysqli_num_rows($Sub_result) == 0)
{
echo "No Attachments found.";
} else {
while($row = mysqli_fetch_assoc($Sub_result)) {
$at1=$row['Attachment1'];
@ -394,21 +341,32 @@ where Lab_Report_ID=$lab_repo_id and (lab_report_submissions.Student_id='$studen
}
echo $full_link;
}
}
echo "</span></div></k>";
}
}
}}
echo "";
?>
</div>
<?php
$sqli=mysqli_query($con, "SELECT * from course_groups_table WHERE Course_Group_id=$group_id and Course_id=$course_id");
while ($row = mysqli_fetch_assoc($sqli)) {
$Group_Leader = $row['Group_Leader'];
while($row = mysqli_fetch_assoc($sqli))
{ $Group_Leader=$row['Group_Leader'];
$Group_Member=$row['Group_Member'];
$Group_Member2=$row['Group_Member2'];
$Group_Member3=$row['Group_Member3'];
@ -416,6 +374,8 @@ where Lab_Report_ID=$lab_repo_id and (lab_report_submissions.Student_id='$studen
}
?>
<div id="menu4" class="container tab-pane"><br>
<?php
$resultx = mysqli_query($con,"SELECT `Submission_ID`, `Submission_Date`, lab_reports_table.`Lab_Report_ID`, `Student_id`, "
@ -436,10 +396,14 @@ where Lab_Report_ID=$lab_repo_id and (lab_report_submissions.Student_id='$studen
. " lab_reports_table.Lab_Report_ID in (select Lab_Report_ID from lab_report_submissions"
. " where (Status='Marked' or Status='Remarking') and (Student_id=$student_id or Course_Group_id=$group_id) and Course_ID=$course_id) ORDER by Submission_ID DESC");
if (mysqli_num_rows($resultx) == 0) {
if(mysqli_num_rows($resultx)==0)
{
echo "You have no marked submissions in this course";
} else {
while ($row = mysqli_fetch_assoc($resultx)) {
} else { while($row = mysqli_fetch_assoc($resultx)) {
$title=$row['Lab_Title'];
$marks=$row['Marks'];
$Originalmarks=$row['Original_marks'];
@ -455,17 +419,23 @@ where Lab_Report_ID=$lab_repo_id and (lab_report_submissions.Student_id='$studen
$notes=$row['Notes'];
$status= $row['Status'];
$remarking_reason=$row['Remarking_Reason'];
if ($status == 'Marked') {
if($status=='Marked')
{
$rm_data="\Script.php?remarking=yes&id=$Submission_ID&url=$url&status=Remarking";
$remarking = "<button onclick='remarking(\"$rm_data\")' class='btn-sm btn-success' id='request_remarking_btn'> Request Remarking </button>";
$remarking="<button onclick='remarking(\"$rm_data\")' class='btn-sm btn-success'> Request Remarking </button>";
}
if ($status == 'Remarking') {
if($status=='Remarking')
{
$remarking="<span style='color:orange'><i class='fa fa-info-circle'></i> Remarking Request sent </span> <br> Remarking Reason:<i>$remarking_reason </i> <br>";
}
echo " <k href='#'> <div class='btn btn-default break-word' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'>
$title <b> ($marks Marks out of $Originalmarks)</b><br><small> Lecturer Feedback : $notes </small> &nbsp; $remarking <br> Submission files :";
$Sub_result = mysqli_query($con,"SELECT `Submission_ID`, `Submission_Date`, lab_report_submissions.Lab_Report_ID,
lab_report_submissions.Student_id sub_std, lab_report_submissions.Course_Group_id, `Attachment1`,
`Notes`, `Attachment2`, `Attachment3`, `Attachment4`, `Marks`, lab_report_submissions.Status,
@ -475,10 +445,11 @@ where Lab_Report_ID=$lab_repo_id and (lab_report_submissions.Student_id='$studen
left JOIN course_group_members_table on course_group_members_table.Course_Group_id=lab_report_submissions.Course_Group_id
where Lab_Report_ID=$id and lab_report_submissions.Student_id='$student_id'");
if (mysqli_num_rows($Sub_result) == 0) {
if(mysqli_num_rows($Sub_result)==0)
{
echo "No Attachments found.";
} else {
while ($row = mysqli_fetch_assoc($Sub_result)) {
} else { while($row = mysqli_fetch_assoc($Sub_result)) {
$at1=$row['Attachment1'];
$at2=$row['Attachment2'];
$at3=$row['Attachment3'];
@ -498,13 +469,21 @@ where Lab_Report_ID=$lab_repo_id and (lab_report_submissions.Student_id='$studen
}
echo $full_link;
}
}
}
}
}}
echo "</div></k>";
?>
</div>
</div>
@ -516,14 +495,15 @@ where Lab_Report_ID=$lab_repo_id and (lab_report_submissions.Student_id='$studen
<?php
$resultx1 = mysqli_query($con,"SELECT `Course_Group_id` FROM `course_groups_table` WHERE Course_id=$course_id");
while ($row = mysqli_fetch_assoc($resultx1)) {
$count_groups = $row['Course_Group_id'];
}
while($row = mysqli_fetch_assoc($resultx1)) {$count_groups=$row['Course_Group_id'];}
echo " <button onclick='CreateGroup()' class='btn btn-primary' id='create_group_btn'> Create Group</button>";
echo " <button onclick='CreateGroup()' class='btn btn-primary'> Create Group</button>";
?>
<hr>
<?php
@ -532,19 +512,22 @@ where Lab_Report_ID=$lab_repo_id and (lab_report_submissions.Student_id='$studen
FROM `course_group_members_table` INNER JOIN course_groups_table on
course_groups_table.Course_Group_id=course_group_members_table.Course_Group_id WHERE Student_id=$student_id and course_groups_table.Course_id=$course_id");
if (mysqli_num_rows($result) == 0) {
if(mysqli_num_rows($result)==0)
{
echo "You have no Group in this Course";
} else {
while ($row = mysqli_fetch_assoc($result)) {
} else { while($row = mysqli_fetch_assoc($result)) {
$name=$row['Group_Name'];
$id=$row['Course_Group_id'];
$status=$row['Status'];
$extra=" - <a href='#' class='' onclick='invite($id)'> Invite Others</a></small>";
if ($status == "Invited") {
if($status=="Invited")
{
$extra2=" <a href='#' class='' onclick='accept($id,1)'>Accept</a></small>";
$extra3=" <a href='#' class='' onclick='accept($id,0)'>Decline</a></small>";
}
echo "<div class='btn-default'><small> $name ($status) $extra $extra2 $extra3</small></div>";
@ -559,32 +542,53 @@ where course_group_members_table.Course_Group_id=$id");
$status=$row['Status'];
$Student_ID=$row['Student_ID'];
echo "<li><small> $name-$Student_ID ($status)</small></li>";
}
}
}
?>
</div>
</div>
<?php
}
include 'Footer.php';
?>
<script src="./css/jquery-1.11.1.min.js"></script>
<script src="./css/jquery-ui.min.js"></script>
<link rel="stylesheet" href="./css/jquery-ui.css" />
<script>
function CreateGroup() {
try {
try
{
$('<form id="frm" method="get" action="Script.php"><input type="hidden" name="creategroup" value="true">\n\
<input type="hidden" name="student_id" value="<?php echo $student_id; ?>" > Group Name <input type="text" name="name" id="group_name">\n\
<input type="hidden" name="student_id" value="<?php echo $student_id; ?>" > Group Name <input type="text" name="name">\n\
<input type="hidden" name="url" value="<?php echo $url; ?>"> <input type="hidden" name="id" value="<?php echo $course_id; ?>"> </form>').dialog({
modal: true,
title:'Create Group',
@ -602,14 +606,18 @@ include 'Footer.php';
}
});
} catch (e) {
alert(e);
}
} catch(e){ alert(e); }
}
function invite(id) {
try {
try
{
$('<form id="frm" method="get" action="Script.php"><input type="hidden" name="groupinvite" value="true">\n\
<input type="hidden" name="groupid" value="'+id+'" > Enter Student_ID to Invite <input type="text" name="student_id">\n\
@ -630,14 +638,21 @@ include 'Footer.php';
}
});
} catch (e) {
alert(e);
}
} catch(e){ alert(e); }
}
function accept(id,val) {
try {
try
{
$('<form id="frm" method="get" action="Script.php"><input type="hidden" name="acceptinvite" value="true">\n\
<input type="hidden" name="groupid" value="'+id+'" > \n\ <input type="hidden" name="action" value="'+val+'" > \n\
@ -660,15 +675,18 @@ include 'Footer.php';
}
});
} catch (e) {
alert(e);
}
} catch(e){ alert(e); }
}
function remarking(data) {
function remarking(data)
{
var details = prompt("Please enter your remarking reasons","");
window.location.href = data+"&details="+details;
}
</script>

341
Courses.php
View File

@ -2,37 +2,49 @@
include 'NoDirectPhpAcess.php';
?>
<?php
$page='Courses';
include 'Header.php';
$user_d = $_SESSION['user_id'];
if ($_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "TA") {
if( $_SESSION['user_type']=="Lecturer" || $_SESSION['user_type']=="TA")
{
?>
<!-- FOR LECTURER-->
<div class="row" style="width:80%;margin:auto; text-align:left;">
<script src="./css/jquery-1.11.1.min.js"></script>
<script src="./css/jquery-ui.min.js"></script>
<link rel="stylesheet" href="./css/jquery-ui.css" />
<script>
function extend_deadline(id) {
var dropstudents=$("#dropstudents").html();
try {
try
{
$('<form id="frm" method="get" action="Script.php">\n\
<input type="hidden" name="extenddeadline" value="true" >\n\
<input type="hidden" name="id" value="'+id+'" > \n\
New Date/Time <br><input type="date" name="date" required="" id="new_date"> <input type="time" name="time" required=""> \n\
New Date/Time <br><input type="date" name="date" required=""> <input type="time" name="time" required=""> \n\
\n\
<br><input type="radio" value="1" name="type" required="" id="extend_for_all"> Extend for All<hr> \n\
<br><input type="radio" value="1" name="type" required=""> Extend for All<hr> \n\
<input type="radio" value="2" name="type" required=""> Extend for these Individual Students \n\
'+dropstudents+' \n\
</form>').dialog({
@ -52,23 +64,23 @@ New Date/Time <br><input type="date" name="date" required="" id="new_date"> <inp
}
});
} catch (e) {
alert(e);
}
}catch(e){ alert(e); }
}
</script>
<?php
if (!empty($_GET["course"])) {
$course_url = $_GET["course"];
if(!empty($_GET["course"]))
{
$course_url = mysqli_real_escape_string($con, $_GET["course"]);
$result = mysqli_query($con,"SELECT `Course_ID`, `Course_Name`, `Academic_Year`, `Faculty`,"
. " `Lecturer_User_ID`, `TA_User_ID`, `Course_Code`, `URL`, `Verify_New_Members` "
. " , users_table.Full_Name FROM `courses_table` INNER JOIN users_table"
. " ON users_table.User_ID=courses_table.Lecturer_User_ID where URL='$course_url' ");
if (mysqli_num_rows($result) == 0) {
} else {
while ($row = mysqli_fetch_assoc($result)) {
if(mysqli_num_rows($result)==0)
{} else { while($row = mysqli_fetch_assoc($result)) {
$name=$row['Course_Name'];
$code=$row['Course_Code'];
$faculty=$row['Faculty'];
@ -91,8 +103,9 @@ New Date/Time <br><input type="date" name="date" required="" id="new_date"> <inp
// ------------------------------Editing Lab Assignment by Lecturer ------------------------------------
if($_GET['act']=="edit"){
$getid = $_GET["cid"];
$getid = mysqli_real_escape_string($con, $_GET["cid"]);
$result1 = mysqli_query($con, "SELECT * from lab_reports_table WHERE Lab_Report_ID = '$getid'");
while($row1 = mysqli_fetch_assoc($result1)) {
@ -106,18 +119,19 @@ New Date/Time <br><input type="date" name="date" required="" id="new_date"> <inp
}
if(isset($_POST['frm_uploadlab'])){
$deadlinedate = trim($_POST["deadlinedate"]); // remove spaces
$deadlinetime = trim($_POST["deadlinetime"]); // remove spaces
$instructions = $_POST["instructions"];
$title = $_POST["title"];
$marks = $_POST["marks"];
$type = $_POST["type"];
$deadlinedate = trim(mysqli_real_escape_string($con, $_POST["deadlinedate"])); // remove spaces
$deadlinetime = trim(mysqli_real_escape_string($con, $_POST["deadlinetime"])); // remove spaces
$instructions = mysqli_real_escape_string($con, $_POST["instructions"]);
$title = mysqli_real_escape_string($con, $_POST["title"]);
$marks = mysqli_real_escape_string($con, $_POST["marks"]);
$type = mysqli_real_escape_string($con, $_POST["type"]);
$Deadline = $deadlinedate." ".$deadlinetime;
$date = date("Y-m-d H:i");
$sql = "UPDATE `lab_reports_table` SET `Deadline` = ('" . $Deadline . "'), `Instructions` = ('" . $instructions . "'), `Title` = ('" . $title . "'), `Marks` = ('" . $marks . "'), `Type` = ('" . $type . "') WHERE `lab_reports_table`.`Lab_Report_ID` = '$getid'";
if ($con->query($sql) === TRUE) {
$_SESSION["info_Updated"]="Assignment information updated successfully.";
} else {
// echo "Error: " . $sql . "<br>" . $con->error;
echo "Serious error happened whiling updating assignment information.";
@ -160,24 +174,25 @@ New Date/Time <br><input type="date" name="date" required="" id="new_date"> <inp
Attachment 3
<input type='file' name='attachment3' placeholder='Attachment 1' class='form-control' >
Attachment 4
<input type='file' name='attachment4' placeholder='Attachment 4' class='form-control' >
<br>
<?php
if ($Type == "Individual") {
echo "Submission Type <input type='radio' name='type' value='Individual' checked /> Individual <input type='radio' name='type' value='Group' /> Group";
echo "Submission Type <input type='radio' name='type' value='Individual' checked /> Invidual <input type='radio' name='type' value='Group' /> Group";
} else {
echo "Submission Type <input type='radio' name='type' value='Individual' /> Individual <input type='radio' name='type' value='Group' checked> Group";
echo "Submission Type <input type='radio' name='type' value='Individual' /> Invidual <input type='radio' name='type' value='Group' checked> Group";
}
?>
<hr>
<input type='submit' class='btn btn-primary' value='Post Lab Assignment'><br>
</form><br><br><br><br>
<?php
}
} else {
}}else{
// ------------------------------Posting New Lab Assignment------------------------------------
@ -190,7 +205,7 @@ New Date/Time <br><input type="date" name="date" required="" id="new_date"> <inp
<h3> Post new Lab Assignment </a></h3>
<form method='post' enctype='multipart/form-data' action='Script.php' id="newlab_form">
<form method='post' enctype='multipart/form-data' action='Script.php'>
<?php
$_SESSION['url']=$url;
?>
@ -205,11 +220,11 @@ New Date/Time <br><input type="date" name="date" required="" id="new_date"> <inp
</div>
Title
<input type='text' name='title' placeholder='Ttle' class='form-control' required='' value="" id="lab_title">
<input type='text' name='title' placeholder='Ttle' class='form-control' required='' value="">
Instructions
<textarea name='instructions' placeholder='Assignment Instructions' class='form-control' required='' value="" id="lab_instructor"></textarea>
<textarea name='instructions' placeholder='Assignment Instructions' class='form-control' required='' value=""></textarea>
Marks
<input type='text' name='marks' placeholder='Marks' class='form-control' required='' value="" id="lab_mark">
<input type='text' name='marks' placeholder='Marks' class='form-control' required='' value="">
Attachment 1
<input type='file' name='attachment1' placeholder='Attachment 1' class='form-control'>
@ -219,18 +234,20 @@ New Date/Time <br><input type="date" name="date" required="" id="new_date"> <inp
Attachment 3
<input type='file' name='attachment3' placeholder='Attachment 1' class='form-control' >
Attachment 4
<input type='file' name='attachment4' placeholder='Attachment 4' class='form-control' >
<br>
Submission Type <input type='radio' name='type' value='Individual' required='' id="lab_individual"> Individual
Submission Type <input type='radio' name='type' value='Individual' required=''> Invidual
<input type='radio' name='type' value='Group' required='' id="lab_group"> Group
<input type='radio' name='type' value='Group' required=''> Group
<hr>
<input type='submit' class='btn btn-primary' value='Post Lab Assignment' id="submit_btn"><br>
<input type='submit' class='btn btn-primary' value='Post Lab Assignment'><br>
</form><br><br><br><br>
<?php
}
}
}
echo "</div>";
@ -250,17 +267,22 @@ New Date/Time <br><input type="date" name="date" required="" id="new_date"> <inp
$_SESSION['info_courses']=null;
}
$result = mysqli_query($con," SELECT `Lab_Report_ID`,Type,Marks, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, `Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, "
. "`Attachment_link_4` FROM `lab_reports_table` WHERE Course_ID=$id ORDER by Lab_Report_ID DESC");
if ($_SESSION['user_type'] == "TA") {
if( $_SESSION['user_type']=="TA")
{
echo "<b style='color:gray'>*Only Lecturer can post a new lab report assignment</b><br>";
}
if (mysqli_num_rows($result) == 0) {
if(mysqli_num_rows($result)==0)
{
echo "No assignments posted so far.";
} else {
$counter = 0;
while ($row = mysqli_fetch_assoc($result)) {
} else { while($row = mysqli_fetch_assoc($result)) {
$marks=$row['Marks'];
$title=$row['Title'];
$ins=$row['Instructions'];
@ -274,7 +296,6 @@ New Date/Time <br><input type="date" name="date" required="" id="new_date"> <inp
$cours_id=$row['Course_ID'];
$as_type=$row['Type'];
$full_link="<a href='~\..\Lab_Report_Assignments\\$att1'>$att1</a>";
$counter += 1;
if($att2!=""){
$full_link= $full_link." &nbsp|&nbsp <a href='~\..\Lab_Report_Assignments\\$att2'>$att2</a>";
@ -287,19 +308,15 @@ New Date/Time <br><input type="date" name="date" required="" id="new_date"> <inp
$full_link= $full_link." &nbsp; | &nbsp <a href='~\..\Lab_Report_Assignments\\$att4'>$att4</a>";
}
$resultx1 = mysqli_query($con,"Select Count(*) as cnt from lab_report_submissions where lab_report_submissions.Lab_Report_ID=$id");
while ($row = mysqli_fetch_assoc($resultx1)) {
$count_subs = $row['cnt'];
}
while($row = mysqli_fetch_assoc($resultx1)) {$count_subs=$row['cnt'];}
$resultx2 = mysqli_query($con,"Select COUNT(*) as cnt from lab_report_submissions where lab_report_submissions.Lab_Report_ID=$id and Marks is not null");
if (mysqli_num_rows($resultx2) == 0) {
$count_marked = 0;
} else {
while ($row = mysqli_fetch_assoc($resultx2)) {
$count_marked = $row['cnt'];
}
}
if(mysqli_num_rows($resultx2)==0){$count_marked=0;} else { while($row = mysqli_fetch_assoc($resultx2)) {$count_marked =$row['cnt'];}}
$header="Courses > ".$name."($code) > Assignments > ".$title;
@ -309,20 +326,28 @@ New Date/Time <br><input type="date" name="date" required="" id="new_date"> <inp
<br> <span style='font-size:8pt'>Posted : $posted Deadline : <b> $deadline </b> &nbsp; ($marks Marks) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; "
. "<br>"
. "<span class='btn-default'> &nbsp;&nbsp; $count_subs Submissions ( $count_marked Marked ) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href='Courses.php?course=" . $url . "&act=edit&cid=" . $id . "'>Edit</a>&nbsp;&nbsp; |&nbsp;&nbsp;<a href='~\..\Submissions.php?id=$id&header=$header&total=$marks' onclick='' id='view_submissions_link_$counter'> View </a> &nbsp;&nbsp; |&nbsp;&nbsp; <a href='#' onclick='extend_deadline($id)' id='extend_deadline_link'> Extend Deadline </a> </span> <hr> Attachments : $full_link </span>"
. "<span class='btn-default'> &nbsp;&nbsp; $count_subs Submissions ( $count_marked Marked ) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href='Courses.php?course=".$url."&act=edit&cid=".$id."'>Edit</a>&nbsp;&nbsp; |&nbsp;&nbsp;<a href='~\..\Submissions.php?id=$id&header=$header&total=$marks' onclick=''> View </a> &nbsp;&nbsp; |&nbsp;&nbsp; <a href='#' onclick='extend_deadline($id)'> Extend Deadline </a> </span> <hr> Attachments : $full_link </span>"
. "&nbsp;&nbsp;</div>
";
}
}
}}
echo "</div>";
$resultx1 = mysqli_query($con,"SELECT course_students_table.Student_ID,users_table.Full_Name FROM
`course_students_table`
INNER JOIN users_table on users_table.Student_ID=course_students_table.Student_ID
WHERE Course_ID=$course_id");
echo "<span id='dropstudents' style='display:none;'> <select name='stdid'>";
while ($row = mysqli_fetch_assoc($resultx1)) {
while($row = mysqli_fetch_assoc($resultx1))
{
$stdid=$row['Student_ID'];
$stdname=$row['Full_Name'];
@ -332,11 +357,17 @@ WHERE Course_ID=$course_id");
. "<input type='hidden' name='url' value='$course_url'>"
. " </span>";
return;
}
?>
<div class="col-md-8">
<?php
@ -348,20 +379,23 @@ WHERE Course_ID=$course_id");
</a></div>
";
$result = mysqli_query($con,"SELECT `Course_ID`, `Course_Name`, `Academic_Year`, `Faculty`, "
. "`Lecturer_User_ID`, `TA_User_ID`, `Course_Code`, `URL`, `Verify_New_Members` , users_table.Full_Name FROM `courses_table` INNER JOIN users_table ON users_table.User_ID=courses_table.Lecturer_User_ID where courses_table.Lecturer_User_ID=$user_d");
if ($_SESSION['user_type'] == "TA") {
if($_SESSION['user_type']=="TA")
{
$result = mysqli_query($con,"SELECT course_ta.Course_ID, `Course_Name`,
`Academic_Year`, `Faculty`, `Lecturer_User_ID`, `TA_User_ID`, `Course_Code`, `URL`, `Verify_New_Members` FROM `courses_table`
INNER JOIN
course_ta ON course_ta.Course_ID=courses_table.Course_ID where course_ta.TA=$user_d");
}
// $result = mysqli_query($con,"SELECT `Course_ID`, `Course_Name`, `Academic_Year`, `Faculty`, `Lecturer_User_ID`, `TA_User_ID`, `Course_Code`, `URL`, `Verify_New_Members` , users_table.Full_Name FROM `courses_table` INNER JOIN users_table ON users_table.User_ID=courses_table.Lecturer_User_ID");
if (mysqli_num_rows($result) == 0) {
} else {
while ($row = mysqli_fetch_assoc($result)) {
if(mysqli_num_rows($result)==0)
{} else { while($row = mysqli_fetch_assoc($result)) {
$id=$row['Course_ID'];
$name=$row['Course_Name'];
$code=$row['Course_Code'];
@ -379,6 +413,8 @@ where course_ta.Course_ID=$id");
$ta=$ta." - ".$rowTA['TA_NAME'];
}
echo"
<a href='~\..\Courses.php?course=$url'> <div class='btn btn-default'>
@ -386,13 +422,15 @@ where course_ta.Course_ID=$id");
<br> <span style='font-size:8pt'>Faculty : $faculty &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Year : $academic &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Lecturer :$lecturer &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; TA:$ta </span>
</div></a>
";
}
} ?>
}}?>
</div>
<div class="col-md-4">
<br>
<b> Course Joining Requests </b>
<?php
$lecturer_id= $_SESSION['user_id'];
$result = mysqli_query($con,"SELECT course_students_table.ID,users_table.Full_Name, courses_table.Course_ID, `Course_Name`, `Academic_Year`, `Faculty`, `Lecturer_User_ID`, `TA_User_ID`, `Course_Code`, `URL`, `Verify_New_Members` FROM `courses_table`
@ -400,11 +438,11 @@ INNER JOIN course_students_table on course_students_table.Course_ID=courses_tab
INNER JOIN users_table on users_table.Student_ID=course_students_table.Student_ID
WHERE Lecturer_User_ID=$lecturer_id and course_students_table.Status='Pending'");
if (mysqli_num_rows($result) == 0) {
if(mysqli_num_rows($result)==0)
{
echo "<br> <i class='fa fa-info-circle'></i> No Course joining request so far for all your courses <hr>";
} else {
while ($row = mysqli_fetch_assoc($result)) {
} else { while($row = mysqli_fetch_assoc($result)) {
$id=$row['ID'];
$name=$row['Course_Name'];
@ -417,12 +455,21 @@ WHERE Lecturer_User_ID=$lecturer_id and course_students_table.Status='Pending'"
$std_name is Requesting to join <br> [($code) - $name ] &nbsp;&nbsp;&nbsp;&nbsp; <br><a href='~\..\Script.php?AcceptStudent=y&id=$id&rs=yes' class='btn-sm btn-success' onclick=return confirm(\"are you sure to join this course?\")' > Accept </a>
&nbsp;&nbsp;<a href='~\..\Script.php?AcceptStudent=y&id=$id&rs=no' class='btn-sm btn-danger' onclick=return confirm(\"are you sure to join this course?\")' > Decline </a>
</div>";
}
}
?>
<?php
if ($_SESSION['user_type'] == "TA") {
if( $_SESSION['user_type']=="TA")
{
echo "<center>Only Lecturers can Post new Lab report Assignments</center>";
}
if( $_SESSION['user_type']=="Lecturer"){ ?>
@ -433,28 +480,30 @@ WHERE Lecturer_User_ID=$lecturer_id and course_students_table.Status='Pending'"
<input type="hidden" name="frm_createCourse" value="true" required=""/>
<input type="hidden" name="l" value="l" required=""/>
Course Name
<input type="text" name="name" placeholder="Course Name" class="form-control" required="" id="course_name">
<input type="text" name="name" placeholder="Course Name" class="form-control" required="">
Course Code
<input type="text" name="code" placeholder="Course Code" class="form-control" required="" id="course_code">
<input type="text" name="code" placeholder="Course Code" class="form-control" required="">
URL (Leave blank to use Course Code & Year)
<input type="text" name="url" placeholder="Choose Custom URL " class="form-control">
Academic Year
<input type="text" name="academic" placeholder="Academic Year" class="form-control" required="" id="academic_year">
<input type="text" name="academic" placeholder="Academic Year" class="form-control" required="">
Faculty <br>
<input type="text" name="faculty" placeholder="Faculty" class="form-control" required="" id="faculty">
<input type="text" name="faculty" placeholder="Faculty" class="form-control" required="">
<input type="hidden" name="lecturer" value="<?php echo $_SESSION['user_id']; ?>">
Verify Joining Students
<input type="radio" name="verify" value="1" id="join_yes"> Yes
<input type="radio" name="verify" value="0" checked="" id="join_no"> No
<input type="radio" name="verify" value="1"> Yes
<input type="radio" name="verify" value="0" checked=""> No
<br>
<input type="submit" class="btn btn-primary" value="Create Portal" id="portal_btn"><br>
<input type="submit" class="btn btn-primary" value="Create Portal"><br>
</form>
@ -462,12 +511,16 @@ WHERE Lecturer_User_ID=$lecturer_id and course_students_table.Status='Pending'"
</div>
<!-- END LECTURER -->
<?php
}
if ($_SESSION['user_type'] == "Student") {
if( $_SESSION['user_type']=="Student")
{
?>
<!--STUDENT CODE-->
@ -487,23 +540,34 @@ if ($_SESSION['user_type'] == "Student") {
<div class="col-md-6"></div>
</div>
<div class="row" style="width:80%;margin:auto; text-align:left;">
<div class="col-md-6">
<?php
error_reporting(0);
$student_id= $_SESSION['user_student_id'];
if (!empty($_GET["search"]) || !empty($_GET["faculty"])) {
$search = trim($_GET["search"]);
$faculty = $_GET["faculty"];
if(!empty($_GET["search"]) || !empty($_GET["faculty"]))
{
$search = trim(mysqli_real_escape_string($con, $_GET["search"]));
$faculty = mysqli_real_escape_string($con, $_GET["faculty"]);
if ($faculty == "") {
if($faculty=="")
{
echo "<h4> Search Results for Course Code $search</h4><hr>";
$result = mysqli_query($con,"SELECT `Course_ID`, `Course_Name`, `Academic_Year`, `Faculty`,"
. " `Lecturer_User_ID`, `TA_User_ID`, `Course_Code`, `URL`, `Verify_New_Members` "
. " , users_table.Full_Name FROM `courses_table` INNER JOIN users_table"
. " ON users_table.User_ID=courses_table.Lecturer_User_ID where Course_Code like '%{$search}%' and courses_table.Course_ID not in (select course_id from course_students_table where Student_ID=$student_id)");
} else {
}
else
{
echo "<h3> Find Courses under faculty $faculty</h3>";
$result = mysqli_query($con,"SELECT `Course_ID`, `Course_Name`, `Academic_Year`, `Faculty`,
`Lecturer_User_ID`, `TA_User_ID`, `Course_Code`, `URL`, `Verify_New_Members`
@ -511,8 +575,11 @@ if ($_SESSION['user_type'] == "Student") {
ON users_table.User_ID=courses_table.Lecturer_User_ID where Faculty='$faculty' and courses_table.Course_ID not in (select course_id from course_students_table where Student_ID=$student_id)");
}
if (mysqli_num_rows($result) == 0) {
if(mysqli_num_rows($result)==0)
{
echo "No results found for your Search <hr>";
} else {
while($row = mysqli_fetch_assoc($result)) {
@ -525,13 +592,14 @@ if ($_SESSION['user_type'] == "Student") {
$id=$row['Course_ID'];
$v=$row['Verify_New_Members'];
$msg2="Join Course";
if ($v > 0) {
if($v>0)
{
$msg="<i class='fa fa-exclamation-circle'></i> Lecturer verification required";
$msg2="Send Joining Request";
}
echo "<div class='btn btn-default' style='word-wrap:break-word'>
[$code] $name <br>($url) <br> <a href='~\..\Script.php?JoinCourse=y&id=$id&std=$student_id&joining=$v' class='btn-sm btn-success' onclick=return confirm(\"Are you sure to join this course?\")' id='join_btn'> $msg2 </a>
[$code] $name <br>($url) <br> <a href='~\..\Script.php?JoinCourse=y&id=$id&std=$student_id&joining=$v' class='btn-sm btn-success' onclick=return confirm(\"Are you sure to join this course?\")' > $msg2 </a>
<br> <span style='font-size:10pt'>Faculty: $faculty | Year: $academic | Lecturer: $lecturer </span><br>$msg</div>
";
}
@ -547,7 +615,8 @@ INNER JOIN course_students_table on course_students_table.Course_ID=courses_tabl
where course_students_table.Student_ID=$student_id");
if (mysqli_num_rows($result) == 0) {
if(mysqli_num_rows($result)==0)
{
echo "<i class='fa fa-exclamation-circle'></i> You are not Enrolled in any Course";
} else {
while($row = mysqli_fetch_assoc($result)) {
@ -560,12 +629,15 @@ INNER JOIN course_students_table on course_students_table.Course_ID=courses_tabl
$id=$row['Course_ID'];
$Status=$row['Status'];
if ($Status == "Joined") {
if($Status=="Joined")
{
echo "<a href='~\..\Course.php?url=$url'> <div class='btn btn-default' style='word-wrap:break-word'>
($code) - $name <br>($url) &nbsp;&nbsp;&nbsp; <i class='fa fa-check-circle'></i> $Status &nbsp;&nbsp;&nbsp;&nbsp; <a href='~\..\Course.php?url=$url' class='btn-sm btn-primary'> Open</a>
<br> <span style='font-size:8pt'>Faculty : $faculty Year : $academic Lecturer :$lecturer </span></div></a>
";
} else {
}
else
{
echo "<div class='btn btn-default'>
($code) - $name <i class='btn-sm btn-danger'> $Status</i>
<br> <span style='font-size:8pt'>Faculty : $faculty Year : $academic Lecturer :$lecturer </span></div>
@ -574,45 +646,142 @@ INNER JOIN course_students_table on course_students_table.Course_ID=courses_tabl
}
}
echo "</div><div class='col-md-6'>
<form method='get' action='Courses.php'>
<div class='row'>
<div class='col-md-10'>
<div class='row'><div class='col-md-6'> Find course by Code
<input type='text' class='form-control' name='search' placeholder='Enter Course Code' id='search_field'>
<input type='text' class='form-control' name='search' placeholder='Enter Course Code'>
</div><div class='col-md-6'>
List courses by faculty
<select name='faculty' class='form-control'>";
$result = mysqli_query($con,"SELECT DISTINCT(Faculty) as Faculty FROM `courses_table`");
if (mysqli_num_rows($result) == 0) {
} else {
while ($row = mysqli_fetch_assoc($result)) {
if(mysqli_num_rows($result)==0)
{} else { while($row = mysqli_fetch_assoc($result)) {
$fname=$row['Faculty'];
echo "<option value=''> Search by faculty </option> <option value='$fname'> $fname </option>";
}
}
}}
echo "</select></div></div>
</div>
<div class='col-md-1'> <br>
<input type='submit' class='btn btn-primary' value='Find' id='find_btn'>
<input type='submit' class='btn btn-primary' value='Find'>
</div>
</div>
</form>
</div></div>";
}
?>
<style>
.form-control{
padding-top: 1px;
padding-bottom:1px;
}
</style>

7
Download.php
View File

@ -7,6 +7,11 @@ session_start();
// 修改这一行设置你的文件下载目录
// IMPORTANT: Do not delete the following conditional test
if (strpos($_GET['file'], "../") != false) { // 检查是否有 ../,防止用户构造路径,访问某个他不应该访问的目录
die("Sorry. Nothing to download.");
}
$file = "./../../lrr_submission".$_GET['file'];
$filename = basename($file);
@ -20,7 +25,7 @@ $type = filetype($file);
$today = date("F j, Y, g:i a");
$time = time();
if ( (isset($_SESSION["user_student_id"]) && strpos($file, $_SESSION["user_student_id"])) || $_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "TA") {
if ((isset($_SESSION["user_student_id"]) && strpos($file, $_SESSION["user_student_id"]) > 0) || $_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "TA" ) {
// 发送文件头部
header("Content-type: $type");
header('Content-Disposition: attachment;filename="'.urldecode($filename).'"');

122
Script.php
View File

@ -35,7 +35,6 @@ function is_valid_student_number($student_id)
// ############################### SIGN UP ##################################
if (!empty($_POST["form_signup"])) {
$student_id = trim(mysqli_real_escape_string($con, $_POST["user_student_id"]));
// validate student number
@ -53,6 +52,7 @@ if (!empty($_POST["form_signup"])) {
return;
}
// Check if the student number isn't already registered
$student_result = mysqli_query($con, "SELECT * FROM `users_table` WHERE Student_ID='$student_id'");
@ -270,7 +270,7 @@ if (!empty($_POST["frm_createlecturrer"])) {
$email = mysqli_real_escape_string($con, $_POST["email"]);
$fullname = mysqli_real_escape_string($con, $_POST["fullname"]);
$type = mysqli_real_escape_string($con, $_POST["type"]);
$password = $passport;
$password = mysqli_real_escape_string($con, $_POST["passport"]);
// check if email is taken
$result = mysqli_query($con,
"SELECT * FROM Users_Table WHERE email='$email'");
@ -300,7 +300,7 @@ function is_valid_file_format($file)
'cvc', 'c', 'class', 'cpp', 'h', 'java', 'sh', 'swift', 'zip', 'rar', 'ods', 'xlr', 'bak', 'ico', 'swf'
);
utf8_encode($filename = $_FILES[$file]['name']);
$filename = $_FILES[$file]['name'];
$ext = pathinfo($filename, PATHINFO_EXTENSION);
$result = in_array($ext, $allowed);
return $result;
@ -452,10 +452,8 @@ function checksize($file)
}
// ############################### Submit Assignment ##################################
if (!empty($_POST["frm_submitlab"])) {
/* Posting values to database */
$lab_id = mysqli_real_escape_string($con, $_POST["lab_id"]);
$student_id = $_POST["student_id"];
$group_id = $_POST["group_id"];
@ -552,19 +550,19 @@ if (!empty($_POST["frm_submitlab"])) {
$targetfile4 = "";
if (strlen($_FILES['attachment1']['name']) > 2) { // why greater than 2???
$targetfile = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . $_FILES['attachment1']['name'];
$targetfile = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment1']['name']);
}
if (strlen($_FILES['attachment2']['name']) > 2) {
$targetfile2 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . $_FILES['attachment2']['name'];
$targetfile2 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment2']['name']);
}
if (strlen($_FILES['attachment3']['name']) > 2) {
$targetfile3 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . $_FILES['attachment3']['name'];
$targetfile3 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment3']['name']);
}
if (strlen($_FILES['attachment4']['name']) > 2) {
$targetfile4 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . $_FILES['attachment4']['name'];
$targetfile4 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment4']['name']);
}
// When $group_id is not properly initialized, use integer 0 as its value.
@ -597,9 +595,9 @@ if (!empty($_POST["frm_submitlab"])) {
// JOIN COURSE
if (!empty($_GET["JoinCourse"])) {
$id = $_GET["id"];
$student_id = $_GET["std"];
$joining = $_GET["joining"];
$id = mysqli_real_escape_string($con, $_GET["id"]);
$student_id = mysqli_real_escape_string($con, $_GET["std"]);
$joining = mysqli_real_escape_string($con, $_GET["joining"]);
$status = "Pending";
if ($joining == 0) {
@ -626,12 +624,12 @@ if (!empty($_GET["JoinCourse"])) {
if (!empty($_GET["savemarks"])) {
$id = $_GET["id"];
$marks = $_GET["marks"];
$total = $_GET["total"];
$feedback = $_GET["feedback"];
$header = $_GET["header"];
$labid = $_GET["labid"];
$id = mysqli_real_escape_string($con, $_GET["id"]);
$marks = mysqli_real_escape_string($con, $_GET["marks"]);
$total = mysqli_real_escape_string($con, $_GET["total"]);
$feedback = mysqli_real_escape_string($con, $_GET["feedback"]);
$header = mysqli_real_escape_string($con, $_GET["header"]);
$labid = mysqli_real_escape_string($con, $_GET["labid"]);
$status = "Marked";
if ($marks > $total) {
@ -660,12 +658,12 @@ if (!empty($_GET["savemarks"])) {
#Update Report Visibility
if (!empty($_GET["updatevisibility"])) {
$id = $_GET["id"];
$marks = $_GET["marks"];
$total = $_GET["total"];
$status = $_GET["status"];
$header = $_GET["header"];
$labid = $_GET["labid"];
$id = mysqli_real_escape_string($con, $_GET["id"]);
$marks = mysqli_real_escape_string($con, $_GET["marks"]);
$total = mysqli_real_escape_string($con, $_GET["total"]);
$status = mysqli_real_escape_string($con, $_GET["status"]);
$header = mysqli_real_escape_string($con, $_GET["header"]);
$labid = mysqli_real_escape_string($con, $_GET["labid"]);
$sql = "UPDATE `lab_report_submissions` SET `Visibility`='$status' WHERE Submission_ID=$id
";
@ -683,11 +681,11 @@ if (!empty($_GET["updatevisibility"])) {
if (!empty($_GET["remarking"])) {
$id = $_GET["id"];
$url = $_GET["url"];
$id = mysqli_real_escape_string($con, $_GET["id"]);
$url = mysqli_real_escape_string($con, $_GET["url"]);
$status = $_GET["status"];
$details = $_GET["details"];
$status = mysqli_real_escape_string($con, $_GET["status"]);
$details = mysqli_real_escape_string($con, $_GET["details"]);
$sql = "UPDATE `lab_report_submissions` SET `Status`='Remarking',Remarking_Reason='$details' WHERE Submission_ID=$id
";
@ -705,10 +703,10 @@ if (!empty($_GET["remarking"])) {
if (!empty($_GET["creategroup"])) {
$student_id = $_GET["student_id"];
$url = $_GET["url"];
$id = $_GET["id"];
$name = $_GET["name"];
$student_id = mysqli_real_escape_string($con, $_GET["student_id"]);
$url = mysqli_real_escape_string($con, $_GET["url"]);
$id = mysqli_real_escape_string($con, $_GET["id"]);
$name = mysqli_real_escape_string($con, $_GET["name"]);
$sql = "INSERT INTO `course_groups_table`(`Group_Name`,
`Group_Leader`, `Course_id`) VALUES ('$name',$student_id,$id)";
@ -737,10 +735,10 @@ if (!empty($_GET["creategroup"])) {
if (!empty($_GET["groupinvite"])) {
$student_id = $_GET["student_id"];
$url = $_GET["url"];
$courseid = $_GET["courseid"];
$groupid = $_GET["groupid"];
$student_id = mysqli_real_escape_string($con, $_GET["student_id"]);
$url = mysqli_real_escape_string($con, $_GET["url"]);
$courseid = mysqli_real_escape_string($con, $_GET["courseid"]);
$groupid = mysqli_real_escape_string($con, $_GET["groupid"]);
$result = mysqli_query($con, "SELECT * FROM course_group_members_table where Course_Group_id = '$groupid' and Student_ID = '$student_id'");
if (mysqli_num_rows($result) > 0) {
@ -796,10 +794,10 @@ if (!empty($_GET["groupinvite"])) {
if (!empty($_GET["acceptinvite"])) {
$student_id = $_GET["student_id"];
$url = $_GET["url"];
$action = $_GET["action"];
$groupid = $_GET["groupid"];
$student_id = mysqli_real_escape_string($con, $_GET["student_id"]);
$url = mysqli_real_escape_string($con, $_GET["url"]);
$action = mysqli_real_escape_string($con, $_GET["action"]);
$groupid = mysqli_real_escape_string($con, $_GET["groupid"]);
if ($action == 1) {
$sql = "Update `course_group_members_table` set Status='Joined' where Course_Group_id =$groupid and student_id=$student_id
@ -821,14 +819,14 @@ if (!empty($_GET["acceptinvite"])) {
if (!empty($_GET["extenddeadline"])) {
$id = $_GET["id"];
$date = $_GET["date"];
$time = $_GET["time"];
$type = $_GET["type"];
$id = mysqli_real_escape_string($con, $_GET["id"]);
$date = mysqli_real_escape_string($con, $_GET["date"]);
$time = mysqli_real_escape_string($con, $_GET["time"]);
$type = mysqli_real_escape_string($con, $_GET["type"]);
$stdid = $_GET["stdid"];
$reason = $_GET["reason"];
$url = $_GET["url"];
$stdid = mysqli_real_escape_string($con, $_GET["stdid"]);
$reason = mysqli_real_escape_string($con, $_GET["reason"]);
$url = mysqli_real_escape_string($con, $_GET["url"]);
$deadline = $date . " " . $time;
if ($type == 1) {
@ -852,11 +850,11 @@ if (!empty($_GET["extenddeadline"])) {
if (!empty($_GET["ignoreremarking"])) {
$id = $_GET["id"];
$total = $_GET["total"];
$header = $_GET["header"];
$id = mysqli_real_escape_string($con, $_GET["id"]);
$total = mysqli_real_escape_string($con, $_GET["total"]);
$header = mysqli_real_escape_string($con, $_GET["header"]);
$subid = $_GET["subid"];
$subid = mysqli_real_escape_string($con, $_GET["subid"]);
$sql = "UPDATE lab_report_submissions SET Status='Marked' WHERE Submission_ID=$subid";
@ -873,8 +871,8 @@ if (!empty($_GET["ignoreremarking"])) {
if (!empty($_GET["assignTA"])) {
$id = $_GET["id"];
$ta = $_GET["ta"];
$id = mysqli_real_escape_string($con, $_GET["id"]);
$ta = mysqli_real_escape_string($con, $_GET["ta"]);
$sql = "INSERT INTO `course_ta`(`Course_ID`, `TA`) VALUES ($id,$ta)";
@ -891,8 +889,8 @@ if (!empty($_GET["assignTA"])) {
if (!empty($_GET["AcceptStudent"])) {
$id = $_GET["id"];
$rs = $_GET["rs"];
$id = mysqli_real_escape_string($con, $_GET["id"]);
$rs = mysqli_real_escape_string($con, $_GET["rs"]);
if ($rs == "yes") {
$sql = "Update course_students_table set Status='Joined' Where ID=$id";
@ -919,12 +917,12 @@ if (!empty($_GET["AcceptStudent"])) {
if (!empty($_GET["action"])) {
$action = $_GET["action"];
$uid = $_GET["uid"];
$uid = mysqli_real_escape_string($con, $_GET["uid"]);
$pass = $_GET["pass"];
$pass = mysqli_real_escape_string($con, $_GET["pass"]);
$pass = password_hash($pass, PASSWORD_DEFAULT);
$status = $_GET["status"];
$status = mysqli_real_escape_string($con, $_GET["status"]);
// validate uid
if (intval($uid) < 0) {
@ -932,7 +930,7 @@ if (!empty($_GET["action"])) {
return;
}
if ($action == "passchange") {
if ($action == "passchange" && $_SESSION['user_id'] == $uid) {
$sql = "UPDATE users_table set Password='$pass' where User_ID=$uid;";
if ($con->query($sql) === TRUE) {
error_reporting(0);
@ -946,7 +944,7 @@ if (!empty($_GET["action"])) {
}
}
if ($action == "statuschange") {
if ($action == "statuschange" && $_SESSION['user_id'] == $uid && ($_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "Admin")) {
$sql = "UPDATE users_table set Status='$status' where User_ID=$uid;";
if ($con->query($sql) === TRUE) {
$_SESSION["info_Admin_Users"] = $type . " user Status updated successfully ";
@ -1007,8 +1005,8 @@ if (!empty($_POST["frm_createCourse"])) {
if (!empty($_GET["exportgrade"])) {
$lab = $_GET["lab"];
$lab_name = $_GET["lab_name"];
$lab = mysqli_real_escape_string($con, $_GET["lab"]);
$lab_name = mysqli_real_escape_string($con, $_GET["lab_name"]);
error_reporting(0);

10
Submissions.php
View File

@ -10,7 +10,7 @@ $group_id = $_SESSION["user_group_id"];
$c_date = date("Y-m-d H:i");
if (!empty($_GET["id"])) {
$id = $_GET["id"];
$id = mysqli_real_escape_string($con, $_GET["id"]);
$course_id = $id;
}
@ -139,7 +139,6 @@ where Lab_Report_ID=$id and lab_report_submissions.Status='Pending' order by Sub
if (mysqli_num_rows($result1) == 0) {
echo "No Un-Marked Submissions for this Lab Report.";
} else {
$mark_submission_btn_counter = 0;
while ($row = mysqli_fetch_assoc($result1)) {
$title = $row['Title'];
$Marks = $row['Marks'];
@ -158,7 +157,6 @@ where Lab_Report_ID=$id and lab_report_submissions.Status='Pending' order by Sub
$groupname = $row['Group_Name'];
$groupleader = $row['Group_Leader'];
$student_id = $row['sub_std'];
$mark_submission_btn_counter += 1;
if ($submitted_group == 0) {
$submitted_by = $student_name . "(" . $student_id . ")";
@ -186,7 +184,7 @@ where Lab_Report_ID=$id and lab_report_submissions.Status='Pending' order by Sub
echo " <k href='#'> <div class='btn btn-default break-word' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'>
$title <br> by: <b> $submitted_by </b>
<br> <span style='font-size:8pt'>Submitted : $posted <button class='btn-sm btn-info' style='margin-left:50px;' onclick='mark($Submission_ID,\"$title\",$total)' id='mark_submission_btn_$mark_submission_btn_counter'> Mark Submission</button><br> Attachments : $full_link </span>
<br> <span style='font-size:8pt'>Submitted : $posted <button class='btn-sm btn-info' style='margin-left:50px;' onclick='mark($Submission_ID,\"$title\",$total)'> Mark Submission</button><br> Attachments : $full_link </span>
</div></k>";
}
}
@ -421,8 +419,8 @@ where course_group_members_table.Course_Group_id=$id");
try {
$('<form id="submit-form" method="get" action="Script.php">' + title + '(' + marks + ' marks) <input type="hidden" name="savemarks" value="true">\n\
<input type="hidden" name="total" value="' + marks + '" > <input type="hidden" name="id" value="' + id + '" ><br> Marks <input type="text" name="marks" id="marks">\n\
Comments <textarea name="feedback" id="feedback"></textarea> \n\
<input type="hidden" name="total" value="' + marks + '" > <input type="hidden" name="id" value="' + id + '" ><br> Marks <input type="text" name="marks">\n\
Comments <textarea name="feedback"></textarea> \n\
<input type="hidden" name="labid" value="<?php echo $course_id; ?>"> <input type="hidden" name="header" value="<?php echo $header; ?>"> </form>').dialog({
modal: true,
title: 'Mark Submission',

28
SubmitLab.php
View File

@ -9,18 +9,22 @@ include 'Header.php';
<div class='row' style='width:80%;margin:auto;'>
<?php
$c_date = date("Y-m-d H:i");
$student_id = $_SESSION["user_student_id"];
if (!empty($_GET["id"])) {
$id = $_GET["id"];
$url = $_GET["url"];
if(!empty($_GET["id"]))
{
$id = mysqli_real_escape_string($con, $_GET["id"]);
$url = mysqli_real_escape_string($con, $_GET["url"]);
$result1 = mysqli_query($con," SELECT `Type`, `Lab_Report_ID`, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, `Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4` FROM `lab_reports_table` WHERE Lab_Report_ID=$id and Deadline > '$c_date' ORDER by Lab_Report_ID DESC");
if (mysqli_num_rows($result1) == 0) {
if(mysqli_num_rows($result1) == 0)
{
echo "No active assignments for this course so far.";
} else {
while($row = mysqli_fetch_assoc($result1)) {
@ -44,12 +48,14 @@ include 'Header.php';
$_SESSION["Group_ID"] = $row['Course_Group_id'];
}
if ($_SESSION["Group_ID"] < 1) {
if($_SESSION["Group_ID"] < 1)
{
echo" <center><h3> This Lab report can only be submitted by Group Admin </h3> </center> ";
return;
}
}
$full_link="<a href='~\..\Lab_Report_Assignments\\$att1'>$att1</a>";
if($att2!=""){
@ -80,6 +86,9 @@ include 'Header.php';
</div>
<div style="width:80%;margin:auto;">
<h3> Submit Lab Report Assignment </h3>
@ -88,7 +97,8 @@ include 'Header.php';
<div class="col-md-6">
<form method='post' enctype='multipart/form-data' action='Script.php' id="submit_lab_report_form">
<form method='post' enctype='multipart/form-data' action='Script.php'>
<input type='hidden' name='frm_submitlab' value='true' required=''/>
<input type='hidden' name='lab_id' value='<?php echo $id; ?>' required=''/>
<input type='hidden' name='student_id' value='<?php echo $student_id; ?>' required=''/>
@ -96,10 +106,10 @@ include 'Header.php';
<input type='hidden' name='url' value='<?php echo $url; ?>' required=''/>
Title
<input type='text' name='title' placeholder='Ttle' class='form-control' required='' id="title">
<input type='text' name='title' placeholder='Ttle' class='form-control' required=''>
Attachment 1
<input type='file' name='attachment1' placeholder='Attachment 1' class='form-control' required='' id="attachment1">
<input type='file' name='attachment1' placeholder='Attachment 1' class='form-control' required=''>
Attachment 2
<input type='file' name='attachment2' placeholder='Attachment 2' class='form-control'>
@ -115,7 +125,7 @@ include 'Header.php';
<input type='file' name='attachment4' placeholder='Attachment 4' class='form-control' >
<br>
<input type='submit' class='btn btn-primary' value='Submit Lab Assignment' id="submit_lab_assignment_btn"><br>
<input type='submit' class='btn btn-primary' value='Submit Lab Assignment'><br>
</form>
</div>