From f76cc2eb4907a4113fbb6f89203d59eef5b9fc8e Mon Sep 17 00:00:00 2001 From: kingsley Date: Thu, 22 Dec 2022 05:50:32 +0800 Subject: [PATCH] add confirm ID and student valid ID --- Script.php | 44 ++++++++++++++++++++++++++------------------ 1 file changed, 26 insertions(+), 18 deletions(-) diff --git a/Script.php b/Script.php index 56d963d..ccabd3b 100644 --- a/Script.php +++ b/Script.php @@ -57,14 +57,14 @@ if (!empty($_POST["form_signup"])) { $student_result = mysqli_query($con, "SELECT * FROM `users_table` WHERE Student_ID='$student_id'"); if (mysqli_num_rows($student_result) > 0) { - $_SESSION["info_signup"] = "This Student ID is already in use! Please contact Student Management Office for help."; + $_SESSION["info_signup"] = "This Student ID is already in use! Please contact Student Management Office for help."; header("Location: signup.php"); return; } } // ############################### CREATE STUDENT USER ################################## -if (!empty($_POST["form_signup"])) { +if (!empty($_POST["form_signup"])) { $fullname = mysqli_real_escape_string($con, $_POST["fullname"]); $student_id = mysqli_real_escape_string($con, $_POST["user_student_id"]); $email = mysqli_real_escape_string($con, $_POST["email"]); @@ -105,9 +105,8 @@ if (!empty($_POST["form_signup"])) { // check if email is taken $result = mysqli_query($con, "SELECT * FROM users_table WHERE email='$email'"); - if(mysqli_num_rows($result) != 0) - { - $_SESSION["info_signup"]="Email address ".$email." is already in use."; + if (mysqli_num_rows($result) != 0) { + $_SESSION["info_signup"] = "Email address " . $email . " is already in use."; $_SESSION['user_fullname'] = null; header("Location: signup.php"); return; @@ -272,15 +271,16 @@ if (!empty($_POST["frm_createlecturrer"])) { $type = mysqli_real_escape_string($con, $_POST["type"]); $password = mysqli_real_escape_string($con, $_POST["passport"]); // check if email is taken - $result = mysqli_query($con, - "SELECT * FROM Users_Table WHERE email='$email'"); - if(mysqli_num_rows($result)!=0) - { - $_SESSION["info_Admin_Users"]="Email address : ".$email." is already in use."; - header("Location: Admin.php"); + $result = mysqli_query( + $con, + "SELECT * FROM Users_Table WHERE email='$email'" + ); + if (mysqli_num_rows($result) != 0) { + $_SESSION["info_Admin_Users"] = "Email address : " . $email . " is already in use."; + header("Location: Admin.php"); } $password_hash = password_hash("$password", PASSWORD_DEFAULT); - $sql= "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`) VALUES " + $sql = "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`) VALUES " . "('$email','$password_hash','$fullname','$type')"; if ($con->query($sql) === TRUE) { @@ -741,13 +741,21 @@ if (!empty($_GET["groupinvite"])) { $courseid = mysqli_real_escape_string($con, $_GET["courseid"]); $groupid = mysqli_real_escape_string($con, $_GET["groupid"]); - $result = mysqli_query($con, "SELECT * FROM course_group_members_table where Course_Group_id = '$groupid' and Student_ID = '$student_id'"); - if (mysqli_num_rows($result) > 0) { - $_SESSION["info_ReMarking"] = $student_id . " has already been invited"; - header("Location: Course.php?url=" . $url); + $student = mysqli_query($con, "SELECT * FROM students_data WHERE Student_ID = '$student_id' "); + + if (mysqli_num_rows($student) > 0) { + + $result = mysqli_query($con, "SELECT * FROM course_group_members_table where Course_Group_id = '$groupid' and Student_ID = '$student_id'"); + if (mysqli_num_rows($result) > 0) { + $_SESSION["Reflect"] = $student_id . " has already been invited"; + header("Location: Course.php?url=" . $url); + } else { + $sql = "INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`) + VALUES ('$groupid','$student_id','Invited')"; + } } else { - $sql = "INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`) - VALUES ('$groupid','$student_id','Invited')"; + $_SESSION["Reflect"] = $student_id . " Invalid Student Number "; + header("Location: Course.php?url=" . $url); } if ($con->query($sql) === TRUE) {