Script.php: better info message.

Admin.php: use a better label for TA
2022-12-01 21:51:51 +08:00 · 2022-12-01 21:19:44 +08:00 · 2022-12-01 20:57:58 +08:00 · 2022-12-01 20:55:57 +08:00 · 2022-12-01 20:41:18 +08:00 · 2022-12-01 20:26:27 +08:00
3 changed files with 68 additions and 16 deletions
--- a/Admin.php
+++ b/Admin.php
@ -8,10 +8,9 @@ include 'Header.php';
 ?>

 <?php
-if ($_SESSION['user_type'] != "Lecturer") {
-  $_SESSION["info_login"] = "You must log in first.";
-  echo $_SESSION["info_login"];
-  header("Location: index.php");
+// Only Lecturer or Admin could access this page
+if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
+    die("Sorry.  Nothing to see here.");
 }
 ?>

@ -36,10 +35,23 @@ if ($_SESSION['user_type'] != "Lecturer") {
        <hr>
    -->
  <div class="col-md-6">
-    <h4> User Account Management </h4>
-    <hr>

-    <b>Lecturer / TA Accounts </b><br>
+  <?php 
+  if ($_SESSION['user_type'] == "Lecturer") {
+           
+        echo " <h4> TA Account Management </h4> 
+        <hr> " ;
+        echo    "<b>TA Accounts </b><br>" ;
+      }
+
+  else if($_SESSION['user_type'] == "Admin"){
+         
+        echo " <h4> Lecturer Account Management </h4> 
+        <hr> ";
+        echo "<b>Lecturer Accounts </b><br>";
+    }
+    
+  ?>

    <div class="container">

@ -65,7 +77,19 @@ if ($_SESSION['user_type'] != "Lecturer") {

        <div id="home" class="container tab-pane active"><br>

-          <b>Create Lecturer/TA Accounts </b>
+      <?php 
+        if ($_SESSION['user_type'] == "Lecturer") {
+                
+            echo "<b>Create TA Accounts </b>";
+             
+          }
+
+        else if($_SESSION['user_type'] == "Admin"){
+              
+           echo "<b>Create Lecturer Accounts </b>";
+          }
+    
+      ?>
          <form method="post" action="Script.php" id="create_account_form">
            <input type="hidden" name="frm_createlecturrer" value="true" required="" />
            Full_Name
@ -76,9 +100,25 @@ if ($_SESSION['user_type'] != "Lecturer") {
            Passport_Number / ID (Used as Intial Password)
            <input type="text" class="form-control" name="passport" placeholder="Passport No./ID" required="">
            <br> User Type :
-            <input type="radio" name="type" value="Lecturer" required="" id="role_lecturer"> Lecturer
-            <input type="radio" name="type" value="TA" required="" id="role_TA"> T/A
+
+          <?php 
+
+              if ($_SESSION['user_type'] == "Lecturer") {
+                      
+                    echo ' <input type="radio" name="type" value="TA" required="" id="role_TA"> TA (Teaching Assistant) ';
+
+                }
+
+              else if($_SESSION['user_type'] == "Admin"){
+                    
+                    echo " <input type='radio' name = 'type' value = 'Lecturer' required = '' id='role_lecturer' > Lecturer ";
+                  
+                }
+
+            ?>  
+
            <input type="submit" class="btn btn-primary" value="Create" id="create_btn"><br>
+            
            <?php

            error_reporting(E_ALL);
@ -112,10 +152,22 @@ if ($_SESSION['user_type'] != "Lecturer") {
            </tr>
            <?php

-            $result = mysqli_query(
-              $con,
-              "SELECT * FROM Users_Table  WHERE UserType in ('Lecturer','TA')"
-            );
+          if ($_SESSION['user_type'] == "Lecturer") {
+                                  
+                $result = mysqli_query(
+                  $con,
+                  "SELECT * FROM Users_Table  WHERE UserType in ('TA')"
+                );
+            }
+
+          else if($_SESSION['user_type'] == "Admin"){
+                
+                $result = mysqli_query(
+                  $con,
+                  "SELECT * FROM Users_Table  WHERE UserType in ('Lecturer')"
+                );
+            }
+
            while ($row = mysqli_fetch_assoc($result)) {
              $pass = $row['Passport_Number'];
              $btn = "<button class='btn-primary' onclick=\"updatePass(" . $row['User_ID'] . ",'$pass')\">Reset</button>";
--- a/NoDirectPhpAcess.php
+++ b/NoDirectPhpAcess.php
@ -2,6 +2,6 @@
    // https://stackoverflow.com/questions/33999475/prevent-direct-url-access-to-php-file
    if (!isset($_SERVER['HTTP_REFERER']) ) {
        /* choose the appropriate page to redirect users */
-        die( header( 'location: index.php' ) );
+        die( header( 'location: logout.php' ) );
    }
 ?>
--- a/Script.php
+++ b/Script.php
@ -283,7 +283,7 @@ if (!empty($_POST["frm_createlecturrer"])) {
        . "('$email','$password','$fullname','$type')";

    if ($con->query($sql) === TRUE) {
-        $_SESSION["info_Admin_Users"] = $type . " user Created successfully : email " . $email . " and $password as Password.";
+        $_SESSION["info_Admin_Users"] = $type . " user created successfully. Use email " . $email . " as account name and $password as password.";
        header("Location: Admin.php");
    } else {
        echo "Error: " . $sql . "<br>" . $con->error;
Author	SHA1	Message	Date
Hui Lan	31c3acc864	Script.php: better info message.	2022-12-01 21:51:51 +08:00
Hui Lan	97e659b0d8	Script.php: better info message.	2022-12-01 21:19:44 +08:00
Hui Lan	b685ce73d4	Admin.php: use a better label for TA	2022-12-01 20:57:58 +08:00
Hui Lan	a753bdbafa	NoDirectPhpAcess.php: logout user when he tries direct url access to a php file	2022-12-01 20:55:57 +08:00
Hui Lan	12520a603f	Admin.php: fix logic error	2022-12-01 20:41:18 +08:00
Hui Lan	ce4a9b76c7	Admin.php: remove redundant parenthese	2022-12-01 20:26:27 +08:00
Hui Lan	2230bf4222	Admin.php: check privilege first	2022-12-01 20:25:42 +08:00
YAKUBU ABDULAI	67647de04a	Admin.php - Fixed Bug 485 Lecturer should not have the administration panel that allows him to create other Lecturer accounts	2022-11-19 21:48:07 +08:00