mrlan
/
LRR
3
0
Fork 2
Code Issues Pull Requests 7 Projects Releases Wiki Activity

Compare commits

base: mrlan:master
Branches Tags
mrlan:Hui-Organize
mrlan:Bug193-Martha
mrlan:Bug430-Eden
mrlan:Bug486-Nartey
mrlan:Nartey-Testscript
mrlan:Eden-Testscript
mrlan:BUG352-NEIL2
mrlan:Bug352-Neil-Revised
mrlan:Bug418-Yaaqob
mrlan:update-MPIANA-tests
mrlan:Bug418-YAAQOB-MPIANA
mrlan:Bug557-Ayoub
mrlan:BUG352-NEIL
mrlan:Bug430-Eden2
mrlan:nar
mrlan:master
mrlan:Hui-improve-README.md
mrlan:Bug469-Hui
mrlan:Bug519-Hui
mrlan:Refactor-Moyo
mrlan:Bug469-kingsley
mrlan:Bug457-YAAQOB
mrlan:Bug510-Abdulai
mrlan:Bug485-Abdulai
mrlan:Xuxuan
mrlan:Bug196-Ward
mrlan:Bug404-Edson
mrlan:niweicong-bug-458-revised
mrlan:Bug34-Lamashevskyi
mrlan:Bug418-Lamashevskyi
mrlan:Bug37-Dmytro
mrlan:Bug_461_Martha
mrlan:niweicong-bug-458&459
mrlan:SPM-Zayid-468
mrlan:Bug23-Haji
mrlan:bug23-Haaji
mrlan:SMP-ZAYID-468-FEATURE
mrlan:LiangLigang
mrlan:Bug256-Umar
mrlan:Bug246-Petros
mrlan:AutoTesting-Golden
mrlan:IDVerificationBug-Golden
mrlan:Bug200-Ward
mrlan:SeleniumIbrahim-Ibrahim
mrlan:SeleniumIbrahimUpdate-Ibrahim
mrlan:bug231-Ibrahim
mrlan:bug312-Golden
mrlan:Bug203-Hui
mrlan:Hui-UserDoc
mrlan:Hui-DeleteUnnecessaryImages
mrlan:ProjectHomePage
mrlan:Hui-Bug330
mrlan:Hui-CodeIndentation
mrlan:Hui-Bug29
mrlan:Hui-Bug337
mrlan:SIMPLICITY_link
mrlan:Hui-IndentCode
mrlan:Mabasa-bugfix-199
mrlan:Mabasa-readmefix
mrlan:Mvondo-bugfix-21
mrlan:Hui-LecturerEmail
mrlan:SIMPLICITY_Bug-189_Course_Delete_btn
mrlan:sunflower
..
compare: mrlan:AutoTesting-Golden
Branches Tags
mrlan:Hui-Organize
mrlan:Bug193-Martha
mrlan:Bug430-Eden
mrlan:Bug486-Nartey
mrlan:Nartey-Testscript
mrlan:Eden-Testscript
mrlan:BUG352-NEIL2
mrlan:Bug352-Neil-Revised
mrlan:Bug418-Yaaqob
mrlan:update-MPIANA-tests
mrlan:Bug418-YAAQOB-MPIANA
mrlan:Bug557-Ayoub
mrlan:BUG352-NEIL
mrlan:Bug430-Eden2
mrlan:nar
mrlan:master
mrlan:Hui-improve-README.md
mrlan:Bug469-Hui
mrlan:Bug519-Hui
mrlan:Refactor-Moyo
mrlan:Bug469-kingsley
mrlan:Bug457-YAAQOB
mrlan:Bug510-Abdulai
mrlan:Bug485-Abdulai
mrlan:Xuxuan
mrlan:Bug196-Ward
mrlan:Bug404-Edson
mrlan:niweicong-bug-458-revised
mrlan:Bug34-Lamashevskyi
mrlan:Bug418-Lamashevskyi
mrlan:Bug37-Dmytro
mrlan:Bug_461_Martha
mrlan:niweicong-bug-458&459
mrlan:SPM-Zayid-468
mrlan:Bug23-Haji
mrlan:bug23-Haaji
mrlan:SMP-ZAYID-468-FEATURE
mrlan:LiangLigang
mrlan:Bug256-Umar
mrlan:Bug246-Petros
mrlan:AutoTesting-Golden
mrlan:IDVerificationBug-Golden
mrlan:Bug200-Ward
mrlan:SeleniumIbrahim-Ibrahim
mrlan:SeleniumIbrahimUpdate-Ibrahim
mrlan:bug231-Ibrahim
mrlan:bug312-Golden
mrlan:Bug203-Hui
mrlan:Hui-UserDoc
mrlan:Hui-DeleteUnnecessaryImages
mrlan:ProjectHomePage
mrlan:Hui-Bug330
mrlan:Hui-CodeIndentation
mrlan:Hui-Bug29
mrlan:Hui-Bug337
mrlan:SIMPLICITY_link
mrlan:Hui-IndentCode
mrlan:Mabasa-bugfix-199
mrlan:Mabasa-readmefix
mrlan:Mvondo-bugfix-21
mrlan:Hui-LecturerEmail
mrlan:SIMPLICITY_Bug-189_Course_Delete_btn
mrlan:sunflower

1 Commits
master ... AutoTestin

Author SHA1 Message Date
Goldenbwuoy 8ed955e32f create a test script to automate newly signup students searching for a course 2021-12-26 17:02:55 +08:00
22 changed files with 1310 additions and 1669 deletions
Show Stats Expand all files Collapse all files

1
.htaccess
View File

@ -1 +0,0 @@
allow from all

80
Admin.php
View File

@ -7,15 +7,14 @@ $page = "admin";
include 'Header.php'; include 'Header.php';
?> ?>
<?php <?php
// Only Lecturer or Admin could access this page if ($_SESSION['user_type'] != "Lecturer") {
if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") { $_SESSION["info_login"] = "You must log in first.";
die("Sorry. Nothing to see here."); echo $_SESSION["info_login"];
header("Location: index.php");
} }
?> ?>
<style> <style>
.col-md-4 { .col-md-4 {
border-right: 1px solid skyblue; border-right: 1px solid skyblue;
@ -37,21 +36,10 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
<hr> <hr>
--> -->
<div class="col-md-6"> <div class="col-md-6">
<h4> User Account Management </h4>
<hr>
<?php <b>Lecturer / TA Accounts </b><br>
if ($_SESSION['user_type'] == "Lecturer") {
echo " <h4> TA Account Management </h4>
<hr> " ;
echo "<b>TA Accounts </b><br>" ;
}
else if($_SESSION['user_type'] == "Admin"){
echo " <h4> Lecturer Account Management </h4>
<hr> ";
echo "<b>Lecturer Accounts </b><br>";
}
?>
<div class="container"> <div class="container">
@ -77,45 +65,20 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
<div id="home" class="container tab-pane active"><br> <div id="home" class="container tab-pane active"><br>
<?php <b>Create Lecturer/TA Accounts </b>
if ($_SESSION['user_type'] == "Lecturer") {
echo "<b>Create TA Accounts </b>";
}
else if($_SESSION['user_type'] == "Admin"){
echo "<b>Create Lecturer Accounts </b>";
}
?>
<form method="post" action="Script.php" id="create_account_form"> <form method="post" action="Script.php" id="create_account_form">
<input type="hidden" name="frm_createlecturrer" value="true" required="" /> <input type="hidden" name="frm_createlecturrer" value="true" required="" />
Full Name Full_Name
<input type="text" name="fullname" placeholder="Full Name" class="form-control" required=""> <input type="text" name="fullname" placeholder="Full Name" class="form-control" required="">
Email Email
<input type="text" name="email" placeholder="Email / Student Number" class="form-control" required=""> <input type="text" name="email" placeholder="Email / Student Number" class="form-control" required="">
Passport Number / ID (Used as Initial Password) Passport_Number / ID (Used as Intial Password)
<input type="text" class="form-control" name="passport" placeholder="Passport No./ID" required=""> <input type="text" class="form-control" name="passport" placeholder="Passport No./ID" required="">
<br> User Type : <br> User Type :
<input type="radio" name="type" value="Lecturer" required="" id="role_lecturer"> Lecturer
<?php <input type="radio" name="type" value="TA" required="" id="role_TA"> T/A
if ($_SESSION['user_type'] == "Lecturer") {
echo ' <input type="radio" name="type" value="TA" required="" id="role_TA"> TA (Teaching Assistant) ';
}
else if($_SESSION['user_type'] == "Admin"){
echo " <input type='radio' name = 'type' value = 'Lecturer' required = '' id='role_lecturer' > Lecturer ";
}
?>
<input type="submit" class="btn btn-primary" value="Create" id="create_btn"><br> <input type="submit" class="btn btn-primary" value="Create" id="create_btn"><br>
<?php <?php
error_reporting(E_ALL); error_reporting(E_ALL);
@ -149,21 +112,10 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
</tr> </tr>
<?php <?php
if ($_SESSION['user_type'] == "Lecturer") { $result = mysqli_query(
$con,
$result = mysqli_query( "SELECT * FROM Users_Table WHERE UserType in ('Lecturer','TA')"
$con, );
"SELECT * FROM Users_Table WHERE UserType in ('TA')"
);
}
else if($_SESSION['user_type'] == "Admin"){
$result = mysqli_query(
$con,
"SELECT * FROM Users_Table WHERE UserType in ('Lecturer')"
);
}
while ($row = mysqli_fetch_assoc($result)) { while ($row = mysqli_fetch_assoc($result)) {
$pass = $row['Passport_Number']; $pass = $row['Passport_Number'];
$btn = "<button class='btn-primary' onclick=\"updatePass(" . $row['User_ID'] . ",'$pass')\">Reset</button>"; $btn = "<button class='btn-primary' onclick=\"updatePass(" . $row['User_ID'] . ",'$pass')\">Reset</button>";

1111
Course.php
View File

File diff suppressed because it is too large Load Diff

1140
Courses.php
View File

File diff suppressed because it is too large Load Diff

7
Download.php
View File

@ -7,11 +7,6 @@ session_start();
// 修改这一行设置你的文件下载目录 // 修改这一行设置你的文件下载目录
// IMPORTANT: Do not delete the following conditional test
if (strpos($_GET['file'], "../") !== false) { // 检查是否有 ../,防止用户构造路径,访问某个他不应该访问的目录
die("Sorry. Nothing to download.");
}
$file = "./../../lrr_submission".$_GET['file']; $file = "./../../lrr_submission".$_GET['file'];
$filename = basename($file); $filename = basename($file);
@ -25,7 +20,7 @@ $type = filetype($file);
$today = date("F j, Y, g:i a"); $today = date("F j, Y, g:i a");
$time = time(); $time = time();
if ((isset($_SESSION["user_student_id"]) && strpos($file, $_SESSION["user_student_id"]) > 0) || $_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "TA" ) { if ( (isset($_SESSION["user_student_id"]) && strpos($file, $_SESSION["user_student_id"])) || $_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "TA") {
// 发送文件头部 // 发送文件头部
header("Content-type: $type"); header("Content-type: $type");
header('Content-Disposition: attachment;filename="'.urldecode($filename).'"'); header('Content-Disposition: attachment;filename="'.urldecode($filename).'"');

6
Header.php
View File

@ -22,12 +22,6 @@ if (mysqli_connect_errno()) {
<link href="./css/bootstrap.min.css" rel="stylesheet" type="text/css" /> <link href="./css/bootstrap.min.css" rel="stylesheet" type="text/css" />
<link href="./font-awesome/css/font-awesome.min.css" rel="stylesheet" type="text/css" /> <link href="./font-awesome/css/font-awesome.min.css" rel="stylesheet" type="text/css" />
<link href="./css/bootstrap.min.css" rel="stylesheet" type="text/css" /> <link href="./css/bootstrap.min.css" rel="stylesheet" type="text/css" />
<!-- *this css file can be used across all the websites
and any new css class can be added there.
* The reason is to make the css code reusable.
* the css file is used by submissions.php
-->
<link href = "./css/main.css" rel = "stylesheet" type = "text/css" />
<script src="./css/jquery.min.js" type="text/javascript"></script> <script src="./css/jquery.min.js" type="text/javascript"></script>
<script src="./css/bootsrap.min.js" type="text/javascript"></script> <script src="./css/bootsrap.min.js" type="text/javascript"></script>

2
NoDirectPhpAcess.php
View File

@ -2,6 +2,6 @@
// https://stackoverflow.com/questions/33999475/prevent-direct-url-access-to-php-file // https://stackoverflow.com/questions/33999475/prevent-direct-url-access-to-php-file
if (!isset($_SERVER['HTTP_REFERER']) ) { if (!isset($_SERVER['HTTP_REFERER']) ) {
/* choose the appropriate page to redirect users */ /* choose the appropriate page to redirect users */
die( header( 'location: logout.php' ) ); die( header( 'location: index.php' ) );
} }
?> ?>

56
README.md
View File

@ -18,17 +18,15 @@ Our mission is to make the experience of submitting assignments great for tens o
# Installation Instructions # Installation Instructions
## Hui steps ## Hui's steps
I spent about two hours installing LRR to a bare, remote Ubuntu server (Ubuntu 20.04 LTS). I spent about two hours installing LRR to a bare, remote Ubuntu server (Ubuntu 20.04 LTS).
LRR needs Apache and MySQL to run. I followed [How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-20-04) to set up these server applications. [How to install and configure PHP](https://ubuntu.com/server/docs/programming-php) is also a good guide. LRR needs Apache and MySQL to run. I followed [How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-20-04) to set up these server applications.
LRR uses a database called `lrr`. So create this database using MySQL root account. Open MySQL's prompt using `sudo mysql`. Create the database using command `CREATE DATABASE lrr;`, and grant all privileges to MySQL user `lrr` using command `GRANT ALL PRIVILEGES ON lrr.* TO 'mnc'@'localhost' WITH GRANT OPTION;`. If MySQL user mnc does not exist, create it using command `CREATE USER 'mnc'@'localhost' IDENTIFIED BY 'password'`. LRR uses a database called `lrr`. I need to export the existing `lrr` to a plain text file (including many sql commands) and import that text file to the newly created `lrr` database on the new server.
The command for exporting the database is `mysqldump -u mnc -p lrr > lrr_database_dump.txt`.
To facilitate data migration, I need to export the existing `lrr` to a plain text file (including many sql commands) and import that text file to the newly created `lrr` database on the new server. The command for importing is `mysql -u mnc -p lrr < lrr_database_dump.txt`. Read [How to Import and Export MySQL Databases in Linux](https://phoenixnap.com/kb/import-and-export-mysql-database) for more detail.
The command for exporting the database is `mysqldump -u mnc -p lrr > lrr_database_dump.txt`, where mnc after -u is MySQL's username, and lrr after -p is the database name.
The command for importing is `mysql -u mnc -p lrr < lrr_database_dump.txt`. Read [How to Import and Export MySQL Databases in Linux](https://phoenixnap.com/kb/import-and-export-mysql-database) for more detail. Do not have lrr_database_dump.txt? You can use lrr_database.sql in this repo instead.
LRR also needs to store assignment submissions. We store them in a folder called `../../lrr_submission`. Note that `lrr_submission` is two levels above the project folder (where many PHP files reside). I copied this folder from the existing one. I think it is also OK if you create an empty folder. LRR also needs to store assignment submissions. We store them in a folder called `../../lrr_submission`. Note that `lrr_submission` is two levels above the project folder (where many PHP files reside). I copied this folder from the existing one. I think it is also OK if you create an empty folder.
We need to set a proper owner and accessibility for `lrr_submission` using the following two commands: We need to set a proper owner and accessibility for `lrr_submission` using the following two commands:
@ -51,7 +49,7 @@ Enable the site lrr: `sudo a2ensite lrr`. Restart the apache server: `sudo syst
Visit the LRR application by entering this URL in a web browser: http://121.4.94.30/. Visit the LRR application by entering this URL in a web browser: http://121.4.94.30/.
## Enock steps ## Enock's steps
Enock, a graduate student here, has made a tutorial about how he deployed LRR to a remote server (http://lanlab.org/course/2021s/spm/PuTTY-Server.txt). Enock, a graduate student here, has made a tutorial about how he deployed LRR to a remote server (http://lanlab.org/course/2021s/spm/PuTTY-Server.txt).
@ -173,49 +171,49 @@ We can also communicate through pull requests. You make a pull request, I revie
GitHub Account - Full Name - Student number GitHub Account - Full Name - Student number
CODEwithZAKI - Omar Mohamud Mohamed - 2020041 CODEwithZAKI - Omar Mohamud Mohamed - 202025800041
BloudYoussef - Khayat Youssef - 2020042 BloudYoussef - Khayat Youssef - 202025800042
TanakaMichelle - Tanaka Michelle Sandati - 2017134 TanakaMichelle - Tanaka Michelle Sandati - 201732120134
WhyteAsamoah - Yeboah Martha Asamoah - 2017135 WhyteAsamoah - Yeboah Martha Asamoah - 201732120135
xiaoyusoil - ZhengXiaoyu - 2017110 xiaoyusoil - ZhengXiaoyu - 201732120110
Benny123-cell - ZhangBin - 2017127 Benny123-cell - ZhangBin - 201732120127
421281726 - LiJiaxing - 2017118 421281726 - LiJiaxing - 201732120118
zhenghongyu-david - ZhengHongyu - 2017128 zhenghongyu-david - ZhengHongyu - 201732120128
wkytz - YeHantao - 2017125 wkytz - YeHantao - 201732120125
zego000 - GaoZeng - 2017117 zego000 - GaoZeng - 201732120117
Richard1427 - XieJiacong - 2017123 Richard1427 - XieJiacong - 201732120123
yutengYing - YingYuteng - 2017126 yutengYing - YingYuteng - 201732120126
Samrusike - Samantha Rusike - 2016140 Samrusike - Samantha Rusike - 201632120140
*enockkays* <enockkhondowe94@yahoo.com> *enockkays* <enockkhondowe94@yahoo.com>
*Teecloudy* - Ashly Tafadzwa Dhani - 201150 *Teecloudy* - Ashly Tafadzwa Dhani - 201632120150
GuedaliaBonheurSPM - Guedalia Youma - 2019221 GuedaliaBonheurSPM - Guedalia Youma - 201925800221
ACorneille - Alimasi Corneille - 2019168 ACorneille - Alimasi Corneille - 201925800168
Tabithakipanga - Kipanga Dorcas - 2019170 Tabithakipanga - Kipanga Dorcas - 201925800170
Mary-AK - Mary Akussah Doe - 2019173 Mary-AK - Mary Akussah Doe - 201925800173
pkkumson - Kumson Princewill Kum - 2019166 pkkumson - Kumson Princewill Kum - 201925800166
Twizere - Twizere Pacifique - 2019174 Twizere - Twizere Pacifique - 201925800174
Nicole-Rutagengwa - Nicole Rutagengwa - 2019169 Nicole-Rutagengwa - Nicole Rutagengwa - 201925800169
*hema-001* - Ibrahim Mohamed Ibrahim Ismail - omitted *hema-001* - Ibrahim Mohamed Ibrahim Ismail - omitted

4
Reset_password.php
View File

@ -8,8 +8,8 @@
include 'Header.php'; include 'Header.php';
$token = htmlspecialchars($_GET['token']); $token=$_GET['token'];
$email = htmlspecialchars($_GET['email']); $email=$_GET['email'];
?> ?>
<div class="row"> <div class="row">

269
Script.php
View File

@ -35,6 +35,7 @@ function is_valid_student_number($student_id)
// ############################### SIGN UP ################################## // ############################### SIGN UP ##################################
if (!empty($_POST["form_signup"])) { if (!empty($_POST["form_signup"])) {
$student_id = trim(mysqli_real_escape_string($con, $_POST["user_student_id"])); $student_id = trim(mysqli_real_escape_string($con, $_POST["user_student_id"]));
// validate student number // validate student number
@ -52,7 +53,6 @@ if (!empty($_POST["form_signup"])) {
return; return;
} }
// Check if the student number isn't already registered // Check if the student number isn't already registered
$student_result = mysqli_query($con, "SELECT * FROM `users_table` WHERE Student_ID='$student_id'"); $student_result = mysqli_query($con, "SELECT * FROM `users_table` WHERE Student_ID='$student_id'");
@ -98,15 +98,16 @@ if (!empty($_POST["form_signup"])) {
// check for strong password // check for strong password
if (!$containsAll) { if (!$containsAll) {
$_SESSION['info_signup'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and special characters (e.g., !?.,*^)."; $_SESSION['info_signup'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and sepcial characters (e.g., !?.,*^).";
header("Location: signup.php"); header("Location: signup.php");
return; return;
} }
// check if email is taken // check if email is taken
$result = mysqli_query($con, "SELECT * FROM users_table WHERE email='$email'"); $result = mysqli_query($con, "SELECT * FROM users_table WHERE email='$email'");
if (mysqli_num_rows($result) != 0) { if(mysqli_num_rows($result) != 0)
$_SESSION["info_signup"] = "Email address " . $email . " is already in use."; {
$_SESSION["info_signup"]="Email address ".$email." is already in use.";
$_SESSION['user_fullname'] = null; $_SESSION['user_fullname'] = null;
header("Location: signup.php"); header("Location: signup.php");
return; return;
@ -146,7 +147,7 @@ if (!empty($_POST["frm_login"])) {
$password = mysqli_real_escape_string($con, $_POST["password"]); $password = mysqli_real_escape_string($con, $_POST["password"]);
$result = mysqli_query($con, "SELECT * FROM users_table WHERE (Student_ID='$user') OR (Email='$user')"); $result = mysqli_query($con, "SELECT * FROM users_table WHERE (Student_ID='$user') OR (Email='$user')");
if (mysqli_num_rows($result) == 0) { if (mysqli_num_rows($result) == 0) {
$_SESSION["info_login"] = "Invalid user name information."; $_SESSION["info_login"] = "Inavlid user name information.";
echo $_SESSION["info_login"]; echo $_SESSION["info_login"];
header("Location: index.php"); header("Location: index.php");
} else { } else {
@ -195,6 +196,7 @@ if (!empty($_POST["frm_recover_password"])) {
// validate student number // validate student number
if (strlen($student_id) != 12 || is_numeric($student_id) == FALSE) { if (strlen($student_id) != 12 || is_numeric($student_id) == FALSE) {
$_SESSION["info_recover_password"] = "Invalid student number."; $_SESSION["info_recover_password"] = "Invalid student number.";
#echo "Invalid student number.";
header("Location: recover_password.php"); header("Location: recover_password.php");
return; return;
} }
@ -246,7 +248,7 @@ if (!empty($_POST["frm_reset_password"])) {
// Password Update // Password Update
$hashed_password = hash('sha512', $password); $hashed_password = hash('sha512', $password);
$sql = "UPDATE users_table set HashPassword='$hashed_password' where User_ID='$userid';"; $sql = "UPDATE users_table set HashPassword='$hashed_password' where User_ID=$userid;";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
error_reporting(0); error_reporting(0);
@ -268,22 +270,20 @@ if (!empty($_POST["frm_createlecturrer"])) {
$email = mysqli_real_escape_string($con, $_POST["email"]); $email = mysqli_real_escape_string($con, $_POST["email"]);
$fullname = mysqli_real_escape_string($con, $_POST["fullname"]); $fullname = mysqli_real_escape_string($con, $_POST["fullname"]);
$type = mysqli_real_escape_string($con, $_POST["type"]); $type = mysqli_real_escape_string($con, $_POST["type"]);
$password = mysqli_real_escape_string($con, $_POST["passport"]); $password = $passport;
// check if email is taken // check if email is taken
$result = mysqli_query( $result = mysqli_query($con,
$con, "SELECT * FROM Users_Table WHERE email='$email'");
"SELECT * FROM Users_Table WHERE email='$email'" if(mysqli_num_rows($result)!=0)
); {
if (mysqli_num_rows($result) != 0) { $_SESSION["info_Admin_Users"]="Email address : ".$email." is already in use.";
$_SESSION["info_Admin_Users"] = "Email address : " . $email . " is already in use."; header("Location: Admin.php");
header("Location: Admin.php");
} }
$password_hash = password_hash("$password", PASSWORD_DEFAULT); $sql= "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`) VALUES "
$sql = "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`) VALUES " . "('$email','$password','$fullname','$type')";
. "('$email','$password_hash','$fullname','$type')";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
$_SESSION["info_Admin_Users"] = $type . " user created successfully. Use email " . $email . " as account name and $password as password."; $_SESSION["info_Admin_Users"] = $type . " user Created successfully : email " . $email . " and $password as Password.";
header("Location: Admin.php"); header("Location: Admin.php");
} else { } else {
echo "Error: " . $sql . "<br>" . $con->error; echo "Error: " . $sql . "<br>" . $con->error;
@ -300,7 +300,7 @@ function is_valid_file_format($file)
'cvc', 'c', 'class', 'cpp', 'h', 'java', 'sh', 'swift', 'zip', 'rar', 'ods', 'xlr', 'bak', 'ico', 'swf' 'cvc', 'c', 'class', 'cpp', 'h', 'java', 'sh', 'swift', 'zip', 'rar', 'ods', 'xlr', 'bak', 'ico', 'swf'
); );
$filename = $_FILES[$file]['name']; utf8_encode($filename = $_FILES[$file]['name']);
$ext = pathinfo($filename, PATHINFO_EXTENSION); $ext = pathinfo($filename, PATHINFO_EXTENSION);
$result = in_array($ext, $allowed); $result = in_array($ext, $allowed);
return $result; return $result;
@ -430,7 +430,7 @@ if (!empty($_POST["frm_uploadlab"])) {
$sql = "INSERT INTO `lab_reports_table`(`Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, $sql = "INSERT INTO `lab_reports_table`(`Course_ID`, `Posted_Date`, `Deadline`, `Instructions`,
`Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`,Marks,Type) `Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`,Marks,Type)
VALUES ('$course_id','$date','$deadline','$instructions','$title','$targetfile','$targetfile2','$targetfile3','$targetfile3','$marks','$type')"; VALUES ('$course_id','$date','$deadline','$instructions','$title','$targetfile','$targetfile2','$targetfile3','$targetfile3',$marks,'$type')";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
@ -452,8 +452,10 @@ function checksize($file)
} }
// ############################### Submit Assignment ################################## // ############################### Submit Assignment ##################################
if (!empty($_POST["frm_submitlab"])) { if (!empty($_POST["frm_submitlab"])) {
/* Posting values to database */
$lab_id = mysqli_real_escape_string($con, $_POST["lab_id"]); $lab_id = mysqli_real_escape_string($con, $_POST["lab_id"]);
$student_id = $_POST["student_id"]; $student_id = $_POST["student_id"];
$group_id = $_POST["group_id"]; $group_id = $_POST["group_id"];
@ -467,7 +469,7 @@ if (!empty($_POST["frm_submitlab"])) {
$date = date("Y-m-d H:i:s"); $date = date("Y-m-d H:i:s");
// GET UPLOADED FILES // GET UPLOADED FILES
$labName = mysqli_query($con, "SELECT * FROM `lab_reports_table` WHERE Lab_Report_ID='$lab_id'"); $labName = mysqli_query($con, "SELECT * FROM `lab_reports_table` WHERE Lab_Report_ID=$lab_id");
while ($row = mysqli_fetch_assoc($labName)) { while ($row = mysqli_fetch_assoc($labName)) {
$lab_name = $row['Title']; $lab_name = $row['Title'];
$_SESSION['Sub_Type'] = $row['Type']; // submission type, either Individual or Group $_SESSION['Sub_Type'] = $row['Type']; // submission type, either Individual or Group
@ -550,19 +552,19 @@ if (!empty($_POST["frm_submitlab"])) {
$targetfile4 = ""; $targetfile4 = "";
if (strlen($_FILES['attachment1']['name']) > 2) { // why greater than 2??? if (strlen($_FILES['attachment1']['name']) > 2) { // why greater than 2???
$targetfile = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment1']['name']); $targetfile = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . $_FILES['attachment1']['name'];
} }
if (strlen($_FILES['attachment2']['name']) > 2) { if (strlen($_FILES['attachment2']['name']) > 2) {
$targetfile2 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment2']['name']); $targetfile2 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . $_FILES['attachment2']['name'];
} }
if (strlen($_FILES['attachment3']['name']) > 2) { if (strlen($_FILES['attachment3']['name']) > 2) {
$targetfile3 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment3']['name']); $targetfile3 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . $_FILES['attachment3']['name'];
} }
if (strlen($_FILES['attachment4']['name']) > 2) { if (strlen($_FILES['attachment4']['name']) > 2) {
$targetfile4 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment4']['name']); $targetfile4 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . $_FILES['attachment4']['name'];
} }
// When $group_id is not properly initialized, use integer 0 as its value. // When $group_id is not properly initialized, use integer 0 as its value.
@ -571,13 +573,13 @@ if (!empty($_POST["frm_submitlab"])) {
$group_id = 0; // FIXME $group_id = 0; // FIXME
} }
$sql1 = "DELETE FROM lab_report_submissions where Lab_Report_ID='$lab_id' and Student_id='$student_id' and Course_Group_id='$group_id'"; $sql1 = "DELETE FROM lab_report_submissions where Lab_Report_ID=$lab_id and Student_id=$student_id and Course_Group_id=$group_id";
if ($con->query($sql1) === TRUE) { if ($con->query($sql1) === TRUE) {
} }
$sql = "INSERT INTO `lab_report_submissions`(`Submission_Date`, `Lab_Report_ID`, `Student_id`," $sql = "INSERT INTO `lab_report_submissions`(`Submission_Date`, `Lab_Report_ID`, `Student_id`,"
. " `Course_Group_id`, `Attachment1`, `Notes`, `Attachment2`, `Attachment3`, `Attachment4`, `Status`, `Title`,`Remarking_Reason`)" . " `Course_Group_id`, `Attachment1`, `Notes`, `Attachment2`, `Attachment3`, `Attachment4`, `Status`, `Title`,`Remarking_Reason`)"
. " VALUES ('$date','$lab_id','$student_id','$group_id','$targetfile','$instructions','$targetfile2','$targetfile3','$targetfile4'," . " VALUES ('$date',$lab_id,$student_id,$group_id,'$targetfile','$instructions','$targetfile2','$targetfile3','$targetfile4',"
. "'Pending','$title','')"; . "'Pending','$title','')";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
@ -595,9 +597,9 @@ if (!empty($_POST["frm_submitlab"])) {
// JOIN COURSE // JOIN COURSE
if (!empty($_GET["JoinCourse"])) { if (!empty($_GET["JoinCourse"])) {
$id = mysqli_real_escape_string($con, $_GET["id"]); $id = $_GET["id"];
$student_id = mysqli_real_escape_string($con, $_GET["std"]); $student_id = $_GET["std"];
$joining = mysqli_real_escape_string($con, $_GET["joining"]); $joining = $_GET["joining"];
$status = "Pending"; $status = "Pending";
if ($joining == 0) { if ($joining == 0) {
@ -624,12 +626,12 @@ if (!empty($_GET["JoinCourse"])) {
if (!empty($_GET["savemarks"])) { if (!empty($_GET["savemarks"])) {
$id = mysqli_real_escape_string($con, $_GET["id"]); $id = $_GET["id"];
$marks = mysqli_real_escape_string($con, $_GET["marks"]); $marks = $_GET["marks"];
$total = mysqli_real_escape_string($con, $_GET["total"]); $total = $_GET["total"];
$feedback = mysqli_real_escape_string($con, $_GET["feedback"]); $feedback = $_GET["feedback"];
$header = mysqli_real_escape_string($con, $_GET["header"]); $header = $_GET["header"];
$labid = mysqli_real_escape_string($con, $_GET["labid"]); $labid = $_GET["labid"];
$status = "Marked"; $status = "Marked";
if ($marks > $total) { if ($marks > $total) {
@ -658,14 +660,14 @@ if (!empty($_GET["savemarks"])) {
#Update Report Visibility #Update Report Visibility
if (!empty($_GET["updatevisibility"])) { if (!empty($_GET["updatevisibility"])) {
$id = mysqli_real_escape_string($con, $_GET["id"]); $id = $_GET["id"];
$marks = mysqli_real_escape_string($con, $_GET["marks"]); $marks = $_GET["marks"];
$total = mysqli_real_escape_string($con, $_GET["total"]); $total = $_GET["total"];
$status = mysqli_real_escape_string($con, $_GET["status"]); $status = $_GET["status"];
$header = mysqli_real_escape_string($con, $_GET["header"]); $header = $_GET["header"];
$labid = mysqli_real_escape_string($con, $_GET["labid"]); $labid = $_GET["labid"];
$sql = "UPDATE `lab_report_submissions` SET `Visibility`='$status' WHERE Submission_ID='$id' $sql = "UPDATE `lab_report_submissions` SET `Visibility`='$status' WHERE Submission_ID=$id
"; ";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
@ -681,18 +683,18 @@ if (!empty($_GET["updatevisibility"])) {
if (!empty($_GET["remarking"])) { if (!empty($_GET["remarking"])) {
$id = htmlspecialchars(mysqli_real_escape_string($con, $_GET["id"])); $id = $_GET["id"];
$url = htmlspecialchars(mysqli_real_escape_string($con, $_GET["url"])); $url = $_GET["url"];
$status = htmlspecialchars(mysqli_real_escape_string($con, $_GET["status"])); $status = $_GET["status"];
$details = htmlspecialchars(mysqli_real_escape_string($con, $_GET["details"])); $details = $_GET["details"];
$sql = "UPDATE `lab_report_submissions` SET `Status`='Remarking',Remarking_Reason='$details' WHERE Submission_ID='$id' $sql = "UPDATE `lab_report_submissions` SET `Status`='Remarking',Remarking_Reason='$details' WHERE Submission_ID=$id
"; ";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
$_SESSION["info_general"] = "Remarking Request Sent"; $_SESSION["info_ReMarking"] = "Remarking Request Sent";
header("Location: Course.php?url=" . $url); header("Location: Course.php?url=" . $url);
} else { } else {
echo "Error: " . $sql . "<br>" . $con->error; echo "Error: " . $sql . "<br>" . $con->error;
@ -703,13 +705,13 @@ if (!empty($_GET["remarking"])) {
if (!empty($_GET["creategroup"])) { if (!empty($_GET["creategroup"])) {
$student_id = mysqli_real_escape_string($con, $_GET["student_id"]); $student_id = $_GET["student_id"];
$url = mysqli_real_escape_string($con, $_GET["url"]); $url = $_GET["url"];
$id = mysqli_real_escape_string($con, $_GET["id"]); $id = $_GET["id"];
$name = mysqli_real_escape_string($con, $_GET["name"]); $name = $_GET["name"];
$sql = "INSERT INTO `course_groups_table`(`Group_Name`, $sql = "INSERT INTO `course_groups_table`(`Group_Name`,
`Group_Leader`, `Course_id`) VALUES ('$name','$student_id','$id')"; `Group_Leader`, `Course_id`) VALUES ('$name',$student_id,$id)";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
@ -719,9 +721,9 @@ if (!empty($_GET["creategroup"])) {
} }
$sql = "INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`) $sql = "INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`)
VALUES ('$gid','$student_id','Created')"; VALUES ($gid,$student_id,'Created')";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
$_SESSION["info_general"] = "Course group Created"; $_SESSION["info_ReMarking"] = "Course group Created";
header("Location: Course.php?url=" . $url); header("Location: Course.php?url=" . $url);
} else { } else {
echo "Error: " . $sql . "<br>" . $con->error; echo "Error: " . $sql . "<br>" . $con->error;
@ -735,25 +737,18 @@ if (!empty($_GET["creategroup"])) {
if (!empty($_GET["groupinvite"])) { if (!empty($_GET["groupinvite"])) {
$student_id = mysqli_real_escape_string($con, $_GET["student_id"]); $student_id = $_GET["student_id"];
$url = mysqli_real_escape_string($con, $_GET["url"]); $url = $_GET["url"];
$courseid = mysqli_real_escape_string($con, $_GET["courseid"]); $courseid = $_GET["courseid"];
$groupid = mysqli_real_escape_string($con, $_GET["groupid"]); $groupid = $_GET["groupid"];
$student = mysqli_query($con, "SELECT * FROM students_data WHERE Student_ID = '$student_id' ");
if (mysqli_num_rows($student) > 0) { $result = mysqli_query($con, "SELECT * FROM course_group_members_table where Course_Group_id = '$groupid' and Student_ID = '$student_id'");
if (mysqli_num_rows($result) > 0) {
$result = mysqli_query($con, "SELECT * FROM course_group_members_table where Course_Group_id = '$groupid' and Student_ID = '$student_id'"); $_SESSION["info_ReMarking"] = $student_id . " has already been invited";
if (mysqli_num_rows($result) > 0) {
$_SESSION["info_general"] = $student_id . " has already been invited.";
header("Location: Course.php?url=" . $url);
} else {
$sql = "INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`)
VALUES ('$groupid','$student_id','Invited')";
}
} else {
$_SESSION["info_general"] = $student_id . " is an invalid student number.";
header("Location: Course.php?url=" . $url); header("Location: Course.php?url=" . $url);
} else {
$sql = "INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`)
VALUES ($groupid,$student_id,'Invited')";
} }
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
@ -771,26 +766,26 @@ if (!empty($_GET["groupinvite"])) {
if ($Group_Member == '0') { if ($Group_Member == '0') {
mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'"); mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'");
$_SESSION["info_general"] = $student_id . " was invited to the group."; $_SESSION["info_ReMarking"] = $student_id . " was invited to the group";
header("Location: Course.php?url=" . $url); header("Location: Course.php?url=" . $url);
} elseif ($Group_Member2 == '0') { } elseif ($Group_Member2 == '0') {
mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member2` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'"); mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member2` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'");
$_SESSION["info_general"] = $student_id . " was invited to the group."; $_SESSION["info_ReMarking"] = $student_id . " was invited to the group";
header("Location: Course.php?url=" . $url); header("Location: Course.php?url=" . $url);
} elseif ($Group_Member3 == '0') { } elseif ($Group_Member3 == '0') {
mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member3` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'"); mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member3` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'");
$_SESSION["info_general"] = $student_id . " was invited to the group."; $_SESSION["info_ReMarking"] = $student_id . " was invited to the group";
header("Location: Course.php?url=" . $url); header("Location: Course.php?url=" . $url);
} elseif ($Group_Member4 == '0') { } elseif ($Group_Member4 == '0') {
mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member4` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'"); mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member4` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'");
$_SESSION["info_general"] = $student_id . " was invited to the group."; $_SESSION["info_ReMarking"] = $student_id . " was invited to the group";
header("Location: Course.php?url=" . $url); header("Location: Course.php?url=" . $url);
} else { } else {
$_SESSION["info_general"] = " You cannot add any more members"; $_SESSION["info_ReMarking"] = " You cant add any more members";
header("Location: Course.php?url=" . $url); header("Location: Course.php?url=" . $url);
} }
} }
$_SESSION["info_general"] = $student_id . " was invited to the group."; $_SESSION["info_ReMarking"] = $student_id . " was invited to the group";
header("Location: Course.php?url=" . $url); header("Location: Course.php?url=" . $url);
} else { } else {
echo "Error: " . $sql . "<br>" . $con->error; echo "Error: " . $sql . "<br>" . $con->error;
@ -801,57 +796,21 @@ if (!empty($_GET["groupinvite"])) {
if (!empty($_GET["acceptinvite"])) { if (!empty($_GET["acceptinvite"])) {
$student_id = mysqli_real_escape_string($con, $_GET["student_id"]); $student_id = $_GET["student_id"];
$url = mysqli_real_escape_string($con, $_GET["url"]); $url = $_GET["url"];
$action = mysqli_real_escape_string($con, $_GET["action"]); $action = $_GET["action"];
$groupid = mysqli_real_escape_string($con, $_GET["groupid"]); $groupid = $_GET["groupid"];
if ($action == 1) { if ($action == 1) {
$sql = "Update `course_group_members_table` set Status='Joined' where Course_Group_id ='$groupid' and student_id='$student_id' $sql = "Update `course_group_members_table` set Status='Joined' where Course_Group_id =$groupid and student_id=$student_id
"; ";
} else { } else {
$sql = "Delete from `course_group_members_table` where Course_Group_id ='$groupid' and student_id='$student_id' $sql = "Delete from `course_group_members_table` where Course_Group_id =$groupid and student_id=$student_id
"; ";
} }
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
$_SESSION["info_general"] = " Group Invite Updated"; $_SESSION["info_ReMarking"] = " Group Invite Updated";
header("Location: Course.php?url=" . $url);
} else {
echo "Error: " . $sql . "<br>" . $con->error;
}
}
#Remove a member from group
if (!empty($_GET["removemember"])) {
$student_id = mysqli_real_escape_string($con, $_GET["student_id"]);
$group_id = mysqli_real_escape_string($con, $_GET["group_id"]);
$url = mysqli_real_escape_string($con, $_GET["url"]);
$sql = "Delete from `course_group_members_table` where student_id=$student_id and Course_Group_id=$group_id";
if ($con->query($sql) === TRUE) {
$_SESSION["info_general"] = " Member " . $student_id . " removed from the group";
header("Location: Course.php?url=" . $url);
} else {
echo "Error: " . $sql . "<br>" . $con->error;
}
}
#Delete a whole group
if (!empty($_GET["deletegroup"])) {
$group_id = mysqli_real_escape_string($con, $_GET["group_id"]);
$url = mysqli_real_escape_string($con, $_GET["url"]);
$sql1 = "Delete from `course_group_members_table` where Course_Group_id=$group_id";
$sql2 = "Delete from `course_groups_table` where Course_Group_id=$group_id";
if ($con->query($sql1) === TRUE && $con->query($sql2) === TRUE) {
$_SESSION["info_general"] = " Group has been deleted successfully. ";
header("Location: Course.php?url=" . $url); header("Location: Course.php?url=" . $url);
} else { } else {
echo "Error: " . $sql . "<br>" . $con->error; echo "Error: " . $sql . "<br>" . $con->error;
@ -862,22 +821,22 @@ if (!empty($_GET["deletegroup"])) {
if (!empty($_GET["extenddeadline"])) { if (!empty($_GET["extenddeadline"])) {
$id = mysqli_real_escape_string($con, $_GET["id"]); $id = $_GET["id"];
$date = mysqli_real_escape_string($con, $_GET["date"]); $date = $_GET["date"];
$time = mysqli_real_escape_string($con, $_GET["time"]); $time = $_GET["time"];
$type = mysqli_real_escape_string($con, $_GET["type"]); $type = $_GET["type"];
$stdid = mysqli_real_escape_string($con, $_GET["stdid"]); $stdid = $_GET["stdid"];
$reason = mysqli_real_escape_string($con, $_GET["reason"]); $reason = $_GET["reason"];
$url = mysqli_real_escape_string($con, $_GET["url"]); $url = $_GET["url"];
$deadline = $date . " " . $time; $deadline = $date . " " . $time;
if ($type == 1) { if ($type == 1) {
$sql = "UPDATE `lab_reports_table` SET `Deadline`='$deadline' WHERE Lab_Report_ID='$id'"; $sql = "UPDATE `lab_reports_table` SET `Deadline`='$deadline' WHERE Lab_Report_ID=$id";
} else { } else {
$sql = "INSERT INTO `extended_deadlines_table`(`Student_ID`, " $sql = "INSERT INTO `extended_deadlines_table`(`Student_ID`, "
. "`Lab_Report_ID`, `Extended_Deadline_Date`," . "`Lab_Report_ID`, `Extended_Deadline_Date`,"
. " `ReasonsForExtension`) VALUES ('$stdid','$id','$deadline','$reason')"; . " `ReasonsForExtension`) VALUES ($stdid,$id,'$deadline','$reason')";
} }
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
@ -893,13 +852,13 @@ if (!empty($_GET["extenddeadline"])) {
if (!empty($_GET["ignoreremarking"])) { if (!empty($_GET["ignoreremarking"])) {
$id = mysqli_real_escape_string($con, $_GET["id"]); $id = $_GET["id"];
$total = mysqli_real_escape_string($con, $_GET["total"]); $total = $_GET["total"];
$header = mysqli_real_escape_string($con, $_GET["header"]); $header = $_GET["header"];
$subid = mysqli_real_escape_string($con, $_GET["subid"]); $subid = $_GET["subid"];
$sql = "UPDATE lab_report_submissions SET Status='Marked' WHERE Submission_ID='$subid'"; $sql = "UPDATE lab_report_submissions SET Status='Marked' WHERE Submission_ID=$subid";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
@ -914,10 +873,10 @@ if (!empty($_GET["ignoreremarking"])) {
if (!empty($_GET["assignTA"])) { if (!empty($_GET["assignTA"])) {
$id = mysqli_real_escape_string($con, $_GET["id"]); $id = $_GET["id"];
$ta = mysqli_real_escape_string($con, $_GET["ta"]); $ta = $_GET["ta"];
$sql = "INSERT INTO `course_ta`(`Course_ID`, `TA`) VALUES ('$id','$ta')"; $sql = "INSERT INTO `course_ta`(`Course_ID`, `TA`) VALUES ($id,$ta)";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
@ -932,13 +891,13 @@ if (!empty($_GET["assignTA"])) {
if (!empty($_GET["AcceptStudent"])) { if (!empty($_GET["AcceptStudent"])) {
$id = mysqli_real_escape_string($con, $_GET["id"]); $id = $_GET["id"];
$rs = mysqli_real_escape_string($con, $_GET["rs"]); $rs = $_GET["rs"];
if ($rs == "yes") { if ($rs == "yes") {
$sql = "Update course_students_table set Status='Joined' Where ID='$id'"; $sql = "Update course_students_table set Status='Joined' Where ID=$id";
} else { } else {
$sql = "Delete FROM course_students_table Where ID='$id'"; $sql = "Delete FROM course_students_table Where ID=$id";
} }
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
@ -960,12 +919,12 @@ if (!empty($_GET["AcceptStudent"])) {
if (!empty($_GET["action"])) { if (!empty($_GET["action"])) {
$action = $_GET["action"]; $action = $_GET["action"];
$uid = mysqli_real_escape_string($con, $_GET["uid"]); $uid = $_GET["uid"];
$pass = mysqli_real_escape_string($con, $_GET["pass"]); $pass = $_GET["pass"];
$pass = password_hash($pass, PASSWORD_DEFAULT); $pass = password_hash($pass, PASSWORD_DEFAULT);
$status = mysqli_real_escape_string($con, $_GET["status"]); $status = $_GET["status"];
// validate uid // validate uid
if (intval($uid) < 0) { if (intval($uid) < 0) {
@ -973,12 +932,12 @@ if (!empty($_GET["action"])) {
return; return;
} }
if ($action == "passchange" && $_SESSION['user_id'] == $uid) { if ($action == "passchange") {
$sql = "UPDATE users_table set Password='$pass' where User_ID='$uid';"; $sql = "UPDATE users_table set Password='$pass' where User_ID=$uid;";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
error_reporting(0); error_reporting(0);
echo "Password has been changed"; echo "Password has been changed";
//return; // return;
$_SESSION["infoChangePassword"] = $type . " User password was changed successfully."; $_SESSION["infoChangePassword"] = $type . " User password was changed successfully.";
header("Location: index.php"); header("Location: index.php");
} else { } else {
@ -987,8 +946,8 @@ if (!empty($_GET["action"])) {
} }
} }
if ($action == "statuschange" && $_SESSION['user_id'] == $uid && ($_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "Admin")) { if ($action == "statuschange") {
$sql = "UPDATE users_table set Status='$status' where User_ID='$uid';"; $sql = "UPDATE users_table set Status='$status' where User_ID=$uid;";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
$_SESSION["info_Admin_Users"] = $type . " user Status updated successfully "; $_SESSION["info_Admin_Users"] = $type . " user Status updated successfully ";
header("Location: Admin.php"); header("Location: Admin.php");
@ -1048,8 +1007,8 @@ if (!empty($_POST["frm_createCourse"])) {
if (!empty($_GET["exportgrade"])) { if (!empty($_GET["exportgrade"])) {
$lab = mysqli_real_escape_string($con, $_GET["lab"]); $lab = $_GET["lab"];
$lab_name = mysqli_real_escape_string($con, $_GET["lab_name"]); $lab_name = $_GET["lab_name"];
error_reporting(0); error_reporting(0);
@ -1061,7 +1020,7 @@ INNER JOIN lab_reports_table on lab_reports_table.Lab_Report_ID=lab_report_submi
INNER JOIN users_table on users_table.Student_ID=lab_report_submissions.Student_id INNER JOIN users_table on users_table.Student_ID=lab_report_submissions.Student_id
WHERE lab_report_submissions.Lab_Report_ID='$lab'"; WHERE lab_report_submissions.Lab_Report_ID=$lab";
$export = mysqli_query($con, $select); $export = mysqli_query($con, $select);
@ -1091,7 +1050,7 @@ WHERE lab_report_submissions.Lab_Report_ID='$lab'";
} }
header("Content-type: application/octet-stream"); header("Content-type: application/octet-stream");
header("Content-Disposition: attachment; filename=$lab_name Grade Sheet.xls"); header("Content-Disposition: attachment; filename=$lab_name Garde Sheet.xls");
header("Pragma: no-cache"); header("Pragma: no-cache");
header("Expires: 0"); header("Expires: 0");
print "$header\n$data"; print "$header\n$data";

2
Student.php
View File

@ -9,7 +9,7 @@ include 'Header.php';
<div class="row" style="width:80%;margin:auto;"> <div class="row" style="width:80%;margin:auto;">
<div class="col-md-6"> <div class="col-md-6">
<h1> Student Account Created. Now you can Browse Course Portals </h1> <h1> STUEDNT Account Created , Now you can Browse Course Portals </h1>
</div> </div>
</div> </div>

27
Submissions.php
View File

@ -10,7 +10,7 @@ $group_id = $_SESSION["user_group_id"];
$c_date = date("Y-m-d H:i"); $c_date = date("Y-m-d H:i");
if (!empty($_GET["id"])) { if (!empty($_GET["id"])) {
$id = mysqli_real_escape_string($con, $_GET["id"]); $id = $_GET["id"];
$course_id = $id; $course_id = $id;
} }
@ -139,6 +139,7 @@ where Lab_Report_ID=$id and lab_report_submissions.Status='Pending' order by Sub
if (mysqli_num_rows($result1) == 0) { if (mysqli_num_rows($result1) == 0) {
echo "No Un-Marked Submissions for this Lab Report."; echo "No Un-Marked Submissions for this Lab Report.";
} else { } else {
$mark_submission_btn_counter = 0;
while ($row = mysqli_fetch_assoc($result1)) { while ($row = mysqli_fetch_assoc($result1)) {
$title = $row['Title']; $title = $row['Title'];
$Marks = $row['Marks']; $Marks = $row['Marks'];
@ -157,6 +158,7 @@ where Lab_Report_ID=$id and lab_report_submissions.Status='Pending' order by Sub
$groupname = $row['Group_Name']; $groupname = $row['Group_Name'];
$groupleader = $row['Group_Leader']; $groupleader = $row['Group_Leader'];
$student_id = $row['sub_std']; $student_id = $row['sub_std'];
$mark_submission_btn_counter += 1;
if ($submitted_group == 0) { if ($submitted_group == 0) {
$submitted_by = $student_name . "(" . $student_id . ")"; $submitted_by = $student_name . "(" . $student_id . ")";
@ -183,8 +185,8 @@ where Lab_Report_ID=$id and lab_report_submissions.Status='Pending' order by Sub
} }
echo " <k href='#'> <div class='btn btn-default break-word' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'> echo " <k href='#'> <div class='btn btn-default break-word' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'>
$title <br> by: <b> <span class = 'text-selectable'>$submitted_by </span> </b> $title <br> by: <b> $submitted_by </b>
<br> <span style='font-size:8pt'>Submitted : $posted <button class='btn-sm btn-info' style='margin-left:50px;' onclick='mark($Submission_ID,\"$title\",$total)'> Mark Submission</button><br> Attachments : $full_link </span> <br> <span style='font-size:8pt'>Submitted : $posted <button class='btn-sm btn-info' style='margin-left:50px;' onclick='mark($Submission_ID,\"$title\",$total)' id='mark_submission_btn_$mark_submission_btn_counter'> Mark Submission</button><br> Attachments : $full_link </span>
</div></k>"; </div></k>";
} }
} }
@ -262,13 +264,8 @@ where Lab_Report_ID=$id and lab_report_submissions.Status='Marked' Order by lab
if ($att4 != "") { if ($att4 != "") {
$full_link = $full_link . "| <a href='~\..\Lab_Report_Submisions\\$att4'>$att4</a>"; $full_link = $full_link . "| <a href='~\..\Lab_Report_Submisions\\$att4'>$att4</a>";
} }
// you will notice why i used span here to wrap the $submitted_by variable echo " <k href='#'> <div class='btn btn-default break-word' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'>
// because if we wrap with span , the css class text-selectable can be used only by the submittedBy variable $title <br> by : <b> $submitted_by &nbsp; &nbsp;&nbsp;&nbsp;&nbsp; [ Marked $Marks ] </b> &nbsp; Visibility : <b>$Visibility </b> <button class='btn-sm btn-success' style='margin-left:50px;' onclick='updatev($Submission_ID)'>Update visibility</button>
// if you want to use text-selectable class on whole div, just call the css class
echo " <k href='#'> <div class='btn btn-default break-word ' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'>
$title <br> by : <b> <span class = 'text-selectable'>$submitted_by </span> &nbsp; &nbsp;&nbsp;&nbsp;&nbsp; [ Marked $Marks ] </b> &nbsp; Visibility : <b>$Visibility </b> <button class='btn-sm btn-success' style='margin-left:50px;' onclick='updatev($Submission_ID)'>Update visibility</button>
<hr> Lecturer/TA notes : $notes<br> <span style='font-size:8pt'>Submitted : $posted <b> </b> <button class='btn-sm btn-info' style='margin-left:50px;' onclick='mark($Submission_ID,\"$title\",$total)'> Re-Mark Submission</button><br> Attachments : $full_link </span> <hr> Lecturer/TA notes : $notes<br> <span style='font-size:8pt'>Submitted : $posted <b> </b> <button class='btn-sm btn-info' style='margin-left:50px;' onclick='mark($Submission_ID,\"$title\",$total)'> Re-Mark Submission</button><br> Attachments : $full_link </span>
</div></k>"; </div></k>";
} }
@ -346,8 +343,8 @@ where Lab_Report_ID=$id and lab_report_submissions.Status='Remarking'");
if ($att4 != "") { if ($att4 != "") {
$full_link = $full_link . "| <a href='~\..\Lab_Report_Submisions\\$att4'>$att4</a>"; $full_link = $full_link . "| <a href='~\..\Lab_Report_Submisions\\$att4'>$att4</a>";
} }
echo " <k href='#'> <div class='btn btn-default break-word ' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'> echo " <k href='#'> <div class='btn btn-default break-word' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'>
$title <br> by : <b> <span class = 'text-selectable'>$submitted_by </span> &nbsp; &nbsp;&nbsp;&nbsp;&nbsp; [ Marked $Marks ] </b> <br> Remarking Reason : <b>$remarking_reason </b> $title <br> by : <b> $submitted_by &nbsp; &nbsp;&nbsp;&nbsp;&nbsp; [ Marked $Marks ] </b> <br> Remarking Reason : <b>$remarking_reason </b>
<hr> <span style='font-size:8pt'>Submitted : $posted <b> </b> " <hr> <span style='font-size:8pt'>Submitted : $posted <b> </b> "
. "<button class='btn-sm btn-info' style='margin-left:50px;' onclick='mark($Submission_ID,\"$title\",$total)'> Re-Mark Submission</button>" . "<button class='btn-sm btn-info' style='margin-left:50px;' onclick='mark($Submission_ID,\"$title\",$total)'> Re-Mark Submission</button>"
. " &nbsp; &nbsp;&nbsp;&nbsp;<a href='~\..\Script.php?ignoreremarking=yes&id=$id&subid=$Submission_ID&header=$header&total=$total&status=Marked' class='btn-sm btn-warning'> Ignore Request </a>" . " &nbsp; &nbsp;&nbsp;&nbsp;<a href='~\..\Script.php?ignoreremarking=yes&id=$id&subid=$Submission_ID&header=$header&total=$total&status=Marked' class='btn-sm btn-warning'> Ignore Request </a>"
@ -424,8 +421,8 @@ where course_group_members_table.Course_Group_id=$id");
try { try {
$('<form id="submit-form" method="get" action="Script.php">' + title + '(' + marks + ' marks) <input type="hidden" name="savemarks" value="true">\n\ $('<form id="submit-form" method="get" action="Script.php">' + title + '(' + marks + ' marks) <input type="hidden" name="savemarks" value="true">\n\
<input type="hidden" name="total" value="' + marks + '" > <input type="hidden" name="id" value="' + id + '" ><br> Marks <input type="text" name="marks">\n\ <input type="hidden" name="total" value="' + marks + '" > <input type="hidden" name="id" value="' + id + '" ><br> Marks <input type="text" name="marks" id="marks">\n\
Comments <textarea name="feedback"></textarea> \n\ Comments <textarea name="feedback" id="feedback"></textarea> \n\
<input type="hidden" name="labid" value="<?php echo $course_id; ?>"> <input type="hidden" name="header" value="<?php echo $header; ?>"> </form>').dialog({ <input type="hidden" name="labid" value="<?php echo $course_id; ?>"> <input type="hidden" name="header" value="<?php echo $header; ?>"> </form>').dialog({
modal: true, modal: true,
title: 'Mark Submission', title: 'Mark Submission',
@ -475,4 +472,4 @@ Update Visibility<br><select name="status"> <option> Public </option><option>Pri
alert(e); alert(e);
} }
} }
</script> </script>

188
SubmitLab.php
View File

@ -3,133 +3,123 @@ include 'NoDirectPhpAcess.php';
?> ?>
<?php <?php
$page='Submit LAB+'; $page = 'Submit LAB+';
include 'Header.php'; include 'Header.php';
?> ?>
<div class='row' style='width:80%;margin:auto;'> <div class='row' style='width:80%;margin:auto;'>
<?php
<?php $c_date = date("Y-m-d H:i");
$student_id = $_SESSION["user_student_id"];
$c_date = date("Y-m-d H:i"); if (!empty($_GET["id"])) {
$student_id = $_SESSION["user_student_id"]; $id = $_GET["id"];
$url = $_GET["url"];
if(!empty($_GET["id"]))
{ $result1 = mysqli_query($con, " SELECT `Type`, `Lab_Report_ID`, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, `Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4` FROM `lab_reports_table` WHERE Lab_Report_ID=$id and Deadline > '$c_date' ORDER by Lab_Report_ID DESC");
$id = mysqli_real_escape_string($con, $_GET["id"]); if (mysqli_num_rows($result1) == 0) {
$url = mysqli_real_escape_string($con, $_GET["url"]); echo "No active assignments for this course so far.";
} else {
$result1 = mysqli_query($con," SELECT `Type`, `Lab_Report_ID`, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, `Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4` FROM `lab_reports_table` WHERE Lab_Report_ID=$id and Deadline > '$c_date' ORDER by Lab_Report_ID DESC");
if(mysqli_num_rows($result1) == 0) while ($row = mysqli_fetch_assoc($result1)) {
{
echo "No active assignments for this course so far."; $Course_ID = $row['Course_ID'];
$title = $row['Title'];
} else { $ins = $row['Instructions'];
$posted = $row['Posted_Date'];
while($row = mysqli_fetch_assoc($result1)) { $deadline = $row['Deadline'];
$att1 = $row['Attachment_link_1'];
$Course_ID = $row['Course_ID']; $att2 = $row['Attachment_link_2'];
$title = $row['Title']; $att3 = $row['Attachment_link_3'];
$ins = $row['Instructions']; $att4 = $row['Attachment_link_4'];
$posted = $row['Posted_Date']; $labid = $row['Lab_Report_ID'];
$deadline = $row['Deadline']; $type = $row['Type'];
$att1 = $row['Attachment_link_1'];
$att2 = $row['Attachment_link_2']; //----------------------------------Giving both the Group Admin and Group Members same priviledges to submit assignment--------------------------------------
$att3 = $row['Attachment_link_3']; if ($type == "Group") {
$att4 = $row['Attachment_link_4']; $resultx1 = mysqli_query($con, "SELECT Course_Group_id FROM `course_groups_table` WHERE (Course_id=$Course_ID) and ((Group_Member=$student_id ) or (Group_Member2=$student_id ) or (Group_Member3=$student_id ) or (Group_Member4=$student_id ) or (Group_Leader=$student_id))");
$labid = $row['Lab_Report_ID']; while ($row = mysqli_fetch_assoc($resultx1)) {
$type = $row['Type']; $_SESSION["Group_ID"] = $row['Course_Group_id'];
}
//----------------------------------Giving both the Group Admin and Group Members same priviledges to submit assignment--------------------------------------
if($type=="Group"){ if ($_SESSION["Group_ID"] < 1) {
$resultx1 = mysqli_query($con,"SELECT Course_Group_id FROM `course_groups_table` WHERE (Course_id=$Course_ID) and ((Group_Member=$student_id ) or (Group_Member2=$student_id ) or (Group_Member3=$student_id ) or (Group_Member4=$student_id ) or (Group_Leader=$student_id))"); echo " <center><h3> This Lab report can only be submitted by Group Admin </h3> </center> ";
while($row = mysqli_fetch_assoc($resultx1)) { return;
$_SESSION["Group_ID"] = $row['Course_Group_id']; }
}
if($_SESSION["Group_ID"] < 1)
{
echo" <center><h3> This Lab report can only be submitted by Group Admin </h3> </center> ";
return;
} }
}
$full_link = "<a href='~\..\Lab_Report_Assignments\\$att1'>$att1</a>";
$full_link="<a href='~\..\Lab_Report_Assignments\\$att1'>$att1</a>"; if ($att2 != "") {
$full_link = $full_link . "| <a href='~\..\Lab_Report_Assignments\\$att2'>$att2</a>";
if($att2!=""){ }
$full_link = $full_link."| <a href='~\..\Lab_Report_Assignments\\$att2'>$att2</a>"; if ($att3 != "") {
} $full_link = $full_link . "| <a href='~\..\Lab_Report_Assignments\\$att3'>$att3</a>";
if($att3!=""){ }
$full_link = $full_link."| <a href='~\..\Lab_Report_Assignments\\$att3'>$att3</a>";
} if ($att4 != "") {
$full_link = $full_link . "| <a href='~\..\Lab_Report_Assignments\\$att4'>$att4</a>";
if($att4!=""){ }
$full_link = $full_link."| <a href='~\..\Lab_Report_Assignments\\$att4'>$att4</a>";
} echo " <div class='alert' style='margin-left:20px;border-bottom:2px solid #1D91EF;'> <a href='~\..\Courses.php?course=$url'>
echo " <div class='alert' style='margin-left:20px;border-bottom:2px solid #1D91EF;'> <a href='~\..\Courses.php?course=$url'>
Courses > $url > Submlit Lab Report > $title Courses > $url > Submlit Lab Report > $title
<br> <br>
</a></div> </a></div>
"; ";
echo ""; echo "";
}
} }
} }
}
$Group_ID = $_SESSION["Group_ID"]; $Group_ID = $_SESSION["Group_ID"];
?> ?>
</div> </div>
<div style="width:80%;margin:auto;"> <div style="width:80%;margin:auto;">
<h3> Submit Lab Report Assignment </h3> <h3> Submit Lab Report Assignment </h3>
<hr> <hr>
<div class="row"> <div class="row">
<div class="col-md-6">
<form method='post' enctype='multipart/form-data' action='Script.php'> <div class="col-md-6">
<input type='hidden' name='frm_submitlab' value='true' required=''/>
<input type='hidden' name='lab_id' value='<?php echo $id; ?>' required=''/>
<input type='hidden' name='student_id' value='<?php echo $student_id; ?>' required=''/>
<input type='hidden' name='group_id' value='<?php echo $Group_ID; ?>' required=''/>
<input type='hidden' name='url' value='<?php echo $url; ?>' required=''/>
Title
<input type='text' name='title' placeholder='Ttle' class='form-control' required=''>
Attachment 1 <form method='post' enctype='multipart/form-data' action='Script.php' id="submit_lab_report_form">
<input type='file' name='attachment1' placeholder='Attachment 1' class='form-control' required=''> <input type='hidden' name='frm_submitlab' value='true' required='' />
<input type='hidden' name='lab_id' value='<?php echo $id; ?>' required='' />
<input type='hidden' name='student_id' value='<?php echo $student_id; ?>' required='' />
<input type='hidden' name='group_id' value='<?php echo $Group_ID; ?>' required='' />
<input type='hidden' name='url' value='<?php echo $url; ?>' required='' />
Attachment 2 Title
<input type='file' name='attachment2' placeholder='Attachment 2' class='form-control'> <input type='text' name='title' placeholder='Ttle' class='form-control' required='' id="title">
</div> Attachment 1
<input type='file' name='attachment1' placeholder='Attachment 1' class='form-control' required='' id="attachment1">
<div class="col-md-6"> Attachment 2
<input type='file' name='attachment2' placeholder='Attachment 2' class='form-control'>
Attachment 3 </div>
<input type='file' name='attachment3' placeholder='Attachment 3' class='form-control' >
Attachment 4 <div class="col-md-6">
<input type='file' name='attachment4' placeholder='Attachment 4' class='form-control' >
<br>
<input type='submit' class='btn btn-primary' value='Submit Lab Assignment'><br>
</form>
</div>
</div> Attachment 3
<input type='file' name='attachment3' placeholder='Attachment 3' class='form-control'>
</div>
Attachment 4
<input type='file' name='attachment4' placeholder='Attachment 4' class='form-control'>
<br>
<input type='submit' class='btn btn-primary' value='Submit Lab Assignment' id="submit_lab_assignment_btn"><br>
</form>
</div>
</div>
</div>

5
batch_insert.php
View File

@ -19,7 +19,7 @@ if (!$conn) {
} }
//获得用户名数据 //获得用户名数据
$source = mysqli_real_escape_string($conn,$_POST['users']); $source = $_POST['users'];
//如有多个空格,删除剩一个空格 //如有多个空格,删除剩一个空格
$source1 = preg_replace('/\s\s+/', ' ', $source); $source1 = preg_replace('/\s\s+/', ' ', $source);
@ -31,12 +31,13 @@ $source2 = trim($source1);
//根据空格拆分 //根据空格拆分
$user = explode(' ', $source2); $user = explode(' ', $source2);
//插入数据 //插入数据
for($index=0; $index < count($user); $index++) { for($index=0; $index < count($user); $index++) {
$result = mysqli_query($conn, "SELECT * FROM `students_data` WHERE Student_ID='$user[$index]'"); $result = mysqli_query($conn, "SELECT * FROM `students_data` WHERE Student_ID='$user[$index]'");
if (mysqli_num_rows($result) < 1) { if (mysqli_num_rows($result) < 1) {
if (! mysqli_query($conn, "REPLACE INTO `students_data`(`Student_ID`, `Passport_Number`) VALUES('$user[$index]', '')" ) ) { if (! mysqli_query($conn, "REPLACE INTO `students_data`(`Student_ID`, `Passport_Number`) VALUES('$user[$index]', '')" ) ) {
echo "SQL Error: " . $sql_stmt . "<br>" .htmlspecialchars(mysqli_error($conn)); echo "SQL Error: " . $sql_stmt . "<br>" . mysqli_error($conn);
} else { } else {
echo "<p>Student number $user[$index] added.</p>"; echo "<p>Student number $user[$index] added.</p>";
} }

11
css/main.css
View File

@ -1,11 +0,0 @@
/* this css class is used to enable copying in text with the mouse. */
.text-selectable {
-webkit-user-select: text;
-moz-user-select: text;
-ms-user-select: text;
user-select: text;
cursor:auto
}

7
doc/UserDoc.md
View File

@ -17,10 +17,5 @@ After that, issue the following commands in the mysql prompt.
The first one uses a database called lrr in MySQL. The second one deletes a record from `users_table` where the student number is 201131129138. The first one uses a database called lrr in MySQL. The second one deletes a record from `users_table` where the student number is 201131129138.
Increasing session duration
-------------------
By default, the session duration in PHP is set to 1,440 seconds (24 minutes). However, this is not convenient in most software systems. Therefore, we may need to increase the duration to allow users to have more session time. To increase the session duration, we need to edit the variable *session.gc_maxlifetime* in **php.ini**. We can increase its default value to whatever we want (e.g., 7200). *Last modified on 1 June 2020 by Hui*
On Ubuntu, the file is located at */etc/php/7.2/apache2/php.ini*. On XAMPP, the file is located at */xampp/php/php.ini*.
*Last modified on 20 April 2022 by Umar*

2
index.php
View File

@ -82,7 +82,7 @@ if (isset($_SESSION["user_fullname"])) {
<div id="footer"> <div id="footer">
LRR was originally developed as a <a href="http://lanlab.org/course/2018f/se/homepage.html" style="color:white;">software engineering course project</a> by Mohamed Nor and Elmahdi Houzi. Please submit your suggestions or bug reports to lanhui. Last updated on 18/04/2020 by Ashly. <a href="./homepage" style="color:white;">More information ...</a> LRR was originally developed as a <a href="http://lanlab.org/course/2018f/se/homepage.html" style="color:white;">software engineering course project</a> by Mohamed Nor and Elmahdi Houzi. Please submit your suggestions or bug reports to lanhui _at_ zjnu.edu.cn. Last updated on 18/04/2020 by Ashly. <a href="./homepage" style="color:white;">More information ...</a>
</div> </div>
</body> </body>

6
logout.php
View File

@ -1,11 +1,11 @@
<?php <?php
// Start a new session
session_start();
// Destory sessions & redirect to index // Destory sessions & redirect to index
session_destroy(); session_destroy();
session_unset(); session_unset();
// Start a new session
session_start();
// Generate a new session ID // Generate a new session ID
session_regenerate_id(true); session_regenerate_id(true);

6
recover_password.php
View File

@ -27,9 +27,9 @@ include 'Header.php';
<div class="panel-body"> <div class="panel-body">
<form method="post" action="Script.php"> <form method="post" action="Script.php">
<input type="hidden" name="frm_recover_password" value="true"/> <input type="hidden" name="frm_recover_password" value="true"/>
Student number <input type="text" name="sno" placeholder="Enter your student number" class="form-control" required="required" value="<?php echo htmlspecialchars($_SESSION['student_number']); ?>"> Student number <input type="text" name="sno" placeholder="Enter your student number" class="form-control" required="required" value="<?php echo $_SESSION['student_number']; ?>">
<br/> <br/>
Email <input type="text" name="email" placeholder="Enter your email address" class="form-control" required="required" value="<?php echo htmlspecialchars($_SESSION['user_email']); ?>"> Email <input type="text" name="email" placeholder="Enter your email address" class="form-control" required="required" value="<?php echo $_SESSION['user_email']; ?>">
<br/> <br/>
<input type="submit" class="btn-primary" value="Recover"> <input type="submit" class="btn-primary" value="Recover">
@ -38,7 +38,7 @@ include 'Header.php';
<?php <?php
if(isset($_SESSION['info_recover_password'])) { if(isset($_SESSION['info_recover_password'])) {
echo '<hr><div class="alert alert-danger" role="alert">'.htmlspecialchars($_SESSION['info_recover_password']).'</div>'; echo '<hr><div class="alert alert-danger" role="alert">'.$_SESSION['info_recover_password'].'</div>';
$_SESSION['info_recover_password']=null; $_SESSION['info_recover_password']=null;
} }

38
test/SeleniumIbrahim/test_kit/student.py
View File

@ -196,4 +196,40 @@ class Student(Actor):
return 1 return 1
def join_course_group(self): def join_course_group(self):
pass pass
def search_course_after_signup(self, name, email, password):
""" This method automates student searching for a course after signing up.
Returns:
- 0: on success
- 1 on failure to complete case execution.
"""
try:
#Signup first.
driver = self.utility.signup(name, email, password)
#Search for course by its code.
wait = WebDriverWait(driver, 10)
course_code_field = wait.until(EC.presence_of_element_located((By.ID, "search_field")))
course_code = self.utility.getCourseCode()
course_code_field.send_keys(course_code)
find_btn = driver.find_element(By.ID, "find_btn")
find_btn.click()
#Wait until the course is found (i.e The join button will appear when the course is found)
join_btn = WebDriverWait(driver, 10).until(EC.presence_of_element_located((By.ID, "join_btn")))
return 0
#Else, if an exception occurs, log the error and abort.
except:
print("There was a problem executing this test case")
print("Error in \"search_course_after_signup()\" method, see error_log.txt for more details")
err_msg = traceback.format_exc()
self.utility.log_error(err_msg)
print("Treminating session")
self.utility.killSession(driver)
return 1

7
test/SeleniumIbrahim/test_kit/test_suite.py
View File

@ -35,7 +35,7 @@ from instructor import Instructor
from student import Student from student import Student
from admin import Admin from admin import Admin
utility = MyUtility("http://127.0.0.1/edsa-LRR3/") utility = MyUtility("http://127.0.0.1/LRR/")
instructor = Instructor("aA124536!","202032070221", utility) instructor = Instructor("aA124536!","202032070221", utility)
student = Student("aA124536!", "202032070222", utility) student = Student("aA124536!", "202032070222", utility)
admin = Admin("aA124536!","202032070221", utility) admin = Admin("aA124536!","202032070221", utility)
@ -95,4 +95,7 @@ def test_case_15():
student.create_course_group() == cond student.create_course_group() == cond
def test_case_16(): def test_case_16():
admin.assign_TA() == cond admin.assign_TA() == cond
def test_case_17():
student.search_course_after_signup(f_name+' '+l_name, l_name+'@testing.com', 'aA124536!') == cond

4
test/SeleniumIbrahim/test_kit/utility.py
View File

@ -96,7 +96,7 @@ class MyUtility:
- password: student password string. - password: student password string.
Returns: Returns:
0 on success driver: selenium.webdriver object.
1 on failure to complete case execution. 1 on failure to complete case execution.
""" """
@ -135,7 +135,7 @@ class MyUtility:
#Sign up new student #Sign up new student
submit = signup_form.find_element(By.ID, "signup_btn") submit = signup_form.find_element(By.ID, "signup_btn")
submit.click() submit.click()
return 0 return driver
except: except:
print("There was a problem executing this test case") print("There was a problem executing this test case")