From aed70f3056cd37e3db26014c94c6a1d5263fc1a3 Mon Sep 17 00:00:00 2001
From: Lan Hui <lanhui@zjnu.edu.cn>
Date: Sun, 20 Aug 2023 22:03:33 +0800
Subject: [PATCH] Admin.php: fix a bug that prevents Lecturer from
 blocking/activating a TA

---
 Admin.php  | 8 ++++----
 Header.php | 7 -------
 Script.php | 3 +--
 3 files changed, 5 insertions(+), 13 deletions(-)

diff --git a/Admin.php b/Admin.php
index 9e4864a..19566e7 100644
--- a/Admin.php
+++ b/Admin.php
@@ -71,8 +71,8 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
 			<input type="text" name="fullname" placeholder="Full Name" class="form-control" required=""> <br>
 			Email
 			<input type="text" name="email" placeholder="Email / Student Number" class="form-control" required=""> <br>
-			Passport number/ID (used as the initial password)
-			<input type="text" class="form-control" name="passport" placeholder="Passport No./ID" required=""> <br>
+			Passport No. (used as the initial password)
+			<input type="text" class="form-control" name="passport" placeholder="Passport No" required=""> <br>
 			User type:
 			<?php
 			if ($_SESSION['user_type'] == "Lecturer") {
@@ -131,7 +131,7 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
 
 			while ($row = mysqli_fetch_assoc($result)) {
 			    $pass = $row['Passport_Number'];
-			    $btn = "<button class='btn btn-warning' onclick=\"updatePass(" . $row['User_ID'] . ",'$pass')\">Reset</button>";
+			    $btn = "<button class='btn btn-warning' onclick=\"updatePassword(" . $row['User_ID'] . ",'$pass')\">Reset</button>";
 			    if ($row['Status'] == "Active") {
 				$newstatus = "Blocked";
 				$btnBlock = "<button class='btn btn-danger' onclick=\"blockUser(" . $row['User_ID'] . ",'$newstatus')\" id=\"block_account_1\">Block</button>";
@@ -224,7 +224,7 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
 <?php include 'Footer.php';?>
 
 <script>
- function updatePass(id, pass) {
+ function updatePassword(id, pass) {
      if (!confirm('Are you sure to reset user password?')) {
          return;
      }
diff --git a/Header.php b/Header.php
index 4e5666e..1150a8d 100644
--- a/Header.php
+++ b/Header.php
@@ -190,11 +190,4 @@ if (mysqli_connect_errno()) {
 	     window.location.href = "\Script.php\?action=passchange&uid=" + id + "&pass=" + pass;
 	 }
 
-	 function blockUser(id, status) {
-	     if (!confirm('Are you sure you want to change user status?')) {
-		 return;
-	     }
-	     window.location.href = "\Script.php\?action=statuschange&uid=" + id + "&status=" + status;
-	 }
-
 	</script>
diff --git a/Script.php b/Script.php
index 2ea70af..8bc2d67 100644
--- a/Script.php
+++ b/Script.php
@@ -987,13 +987,12 @@ if (!empty($_GET["action"])) {
         }
     }
 
-    if ($action == "statuschange" && $_SESSION['user_id'] == $uid && ($_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "Admin")) {
+    if ($action == "statuschange" && ($_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "Admin")) {
         $sql = "UPDATE users_table set Status='$status' where User_ID='$uid';";
         if ($con->query($sql) === TRUE) {
             $_SESSION["info_Admin_Users"] = $type . " user  Status updated successfully ";
             header("Location: Admin.php");
         } else {
-            // echo "Error: " . $sql . "<br>" . $con->error;
             echo "Something really bad happened while changing status.  Contact lanhui at zjnu.edu.cn.  Thanks!";
         }
     }