mrlan
/
LRR
3
0
Fork 2
Code Issues Pull Requests 7 Projects Releases Wiki Activity

Admin.php: fix a bug that prevents Lecturer from blocking/activating a TA

Bug430-Eden2
Lan Hui 2023-08-20 22:03:33 +08:00
parent 48cff9c8d9
commit aed70f3056
3 changed files with 5 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Admin.php
View File

@ -71,8 +71,8 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
<input type="text" name="fullname" placeholder="Full Name" class="form-control" required=""> <br> <input type="text" name="fullname" placeholder="Full Name" class="form-control" required=""> <br>
Email Email
<input type="text" name="email" placeholder="Email / Student Number" class="form-control" required=""> <br> <input type="text" name="email" placeholder="Email / Student Number" class="form-control" required=""> <br>
Passport number/ID (used as the initial password) Passport No. (used as the initial password)
<input type="text" class="form-control" name="passport" placeholder="Passport No./ID" required=""> <br> <input type="text" class="form-control" name="passport" placeholder="Passport No" required=""> <br>
User type: User type:
<?php <?php
if ($_SESSION['user_type'] == "Lecturer") { if ($_SESSION['user_type'] == "Lecturer") {
@ -131,7 +131,7 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
while ($row = mysqli_fetch_assoc($result)) { while ($row = mysqli_fetch_assoc($result)) {
$pass = $row['Passport_Number']; $pass = $row['Passport_Number'];
$btn = "<button class='btn btn-warning' onclick=\"updatePass(" . $row['User_ID'] . ",'$pass')\">Reset</button>"; $btn = "<button class='btn btn-warning' onclick=\"updatePassword(" . $row['User_ID'] . ",'$pass')\">Reset</button>";
if ($row['Status'] == "Active") { if ($row['Status'] == "Active") {
$newstatus = "Blocked"; $newstatus = "Blocked";
$btnBlock = "<button class='btn btn-danger' onclick=\"blockUser(" . $row['User_ID'] . ",'$newstatus')\" id=\"block_account_1\">Block</button>"; $btnBlock = "<button class='btn btn-danger' onclick=\"blockUser(" . $row['User_ID'] . ",'$newstatus')\" id=\"block_account_1\">Block</button>";
@ -224,7 +224,7 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
<?php include 'Footer.php';?> <?php include 'Footer.php';?>
<script> <script>
function updatePass(id, pass) { function updatePassword(id, pass) {
if (!confirm('Are you sure to reset user password?')) { if (!confirm('Are you sure to reset user password?')) {
return; return;
} }

7
Header.php
View File

@ -190,11 +190,4 @@ if (mysqli_connect_errno()) {
window.location.href = "\Script.php\?action=passchange&uid=" + id + "&pass=" + pass; window.location.href = "\Script.php\?action=passchange&uid=" + id + "&pass=" + pass;
} }
function blockUser(id, status) {
if (!confirm('Are you sure you want to change user status?')) {
return;
}
window.location.href = "\Script.php\?action=statuschange&uid=" + id + "&status=" + status;
}
</script> </script>

3
Script.php
View File

@ -987,13 +987,12 @@ if (!empty($_GET["action"])) {
} }
} }
if ($action == "statuschange" && $_SESSION['user_id'] == $uid && ($_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "Admin")) { if ($action == "statuschange" && ($_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "Admin")) {
$sql = "UPDATE users_table set Status='$status' where User_ID='$uid';"; $sql = "UPDATE users_table set Status='$status' where User_ID='$uid';";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
$_SESSION["info_Admin_Users"] = $type . " user Status updated successfully "; $_SESSION["info_Admin_Users"] = $type . " user Status updated successfully ";
header("Location: Admin.php"); header("Location: Admin.php");
} else { } else {
// echo "Error: " . $sql . "<br>" . $con->error;
echo "Something really bad happened while changing status. Contact lanhui at zjnu.edu.cn. Thanks!"; echo "Something really bad happened while changing status. Contact lanhui at zjnu.edu.cn. Thanks!";
} }
} }