Updated UserDoc.md to add a section for increasing session duration

Updated UserDoc.md to include information about increasing the session duration
2022-04-20 16:31:14 +08:00 · 2022-04-06 07:59:30 +01:00
18 changed files with 1265 additions and 1658 deletions
--- a/.htaccess
+++ b/.htaccess
@ -1 +0,0 @@
 allow from all
--- a/Admin.php
+++ b/Admin.php
@ -7,15 +7,14 @@ $page = "admin";
 include 'Header.php';
 ?>
 <?php
-// Only Lecturer or Admin could access this page
+if ($_SESSION['user_type'] != "Lecturer") {
-if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
+  $_SESSION["info_login"] = "You must log in first.";
-    die("Sorry.  Nothing to see here.");
+  echo $_SESSION["info_login"];
  header("Location: index.php");
 }
 ?>
 <style>
  .col-md-4 {
    border-right: 1px solid skyblue;
@ -37,21 +36,10 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
        <hr>
    -->
  <div class="col-md-6">
    <h4> User Account Management </h4>
    <hr>
-  <?php 
+    <b>Lecturer / TA Accounts </b><br>
  if ($_SESSION['user_type'] == "Lecturer") {
        echo " <h4> TA Account Management </h4> 
        <hr> " ;
        echo    "<b>TA Accounts </b><br>" ;
      }
  else if($_SESSION['user_type'] == "Admin"){
        echo " <h4> Lecturer Account Management </h4> 
        <hr> ";
        echo "<b>Lecturer Accounts </b><br>";
    }
  ?>
    <div class="container">
@ -77,45 +65,20 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
        <div id="home" class="container tab-pane active"><br>
-      <?php 
+          <b>Create Lecturer/TA Accounts </b>
        if ($_SESSION['user_type'] == "Lecturer") {
            echo "<b>Create TA Accounts </b>";
          }
        else if($_SESSION['user_type'] == "Admin"){
           echo "<b>Create Lecturer Accounts </b>";
          }
      ?>
          <form method="post" action="Script.php" id="create_account_form">
            <input type="hidden" name="frm_createlecturrer" value="true" required="" />
-            Full Name
+            Full_Name
            <input type="text" name="fullname" placeholder="Full Name" class="form-control" required="">
            Email
            <input type="text" name="email" placeholder="Email / Student Number" class="form-control" required="">
-            Passport Number / ID (Used as Initial Password)
+            Passport_Number / ID (Used as Intial Password)
            <input type="text" class="form-control" name="passport" placeholder="Passport No./ID" required="">
            <br> User Type :
-
+            <input type="radio" name="type" value="Lecturer" required="" id="role_lecturer"> Lecturer
-          <?php 
+            <input type="radio" name="type" value="TA" required="" id="role_TA"> T/A
              if ($_SESSION['user_type'] == "Lecturer") {
                    echo ' <input type="radio" name="type" value="TA" required="" id="role_TA"> TA (Teaching Assistant) ';
                }
              else if($_SESSION['user_type'] == "Admin"){
                    echo " <input type='radio' name = 'type' value = 'Lecturer' required = '' id='role_lecturer' > Lecturer ";
                }
            ?>  
            <input type="submit" class="btn btn-primary" value="Create" id="create_btn"><br>
            <?php
            error_reporting(E_ALL);
@ -149,21 +112,10 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
            </tr>
            <?php
          if ($_SESSION['user_type'] == "Lecturer") {
            $result = mysqli_query(
              $con,
-                  "SELECT * FROM Users_Table  WHERE UserType in ('TA')"
+              "SELECT * FROM Users_Table  WHERE UserType in ('Lecturer','TA')"
            );
            }
          else if($_SESSION['user_type'] == "Admin"){
                $result = mysqli_query(
                  $con,
                  "SELECT * FROM Users_Table  WHERE UserType in ('Lecturer')"
                );
            }
            while ($row = mysqli_fetch_assoc($result)) {
              $pass = $row['Passport_Number'];
              $btn = "<button class='btn-primary' onclick=\"updatePass(" . $row['User_ID'] . ",'$pass')\">Reset</button>";
--- a/Course.php
+++ b/Course.php
@ -2,7 +2,6 @@
 include 'NoDirectPhpAcess.php';
 ?>
 <?php
 $page = 'Courses+';
 include 'Header.php';
@ -10,10 +9,8 @@ $student_id = $_SESSION["user_student_id"];
 $group_id = $_SESSION["user_group_id"];
 $c_date = date("Y-m-d H:i");
-
+if (!empty($_GET["url"])) {
-if(!empty($_GET["url"]))
+    $course_url = $_GET["url"];
 {
    $course_url = mysqli_real_escape_string($con, $_GET["url"]);
    $result = mysqli_query($con, "SELECT `Course_ID`, `Course_Name`, `Academic_Year`, `Faculty`,"
        . " `Lecturer_User_ID`, `TA_User_ID`, `Course_Code`, `URL`, `Verify_New_Members`  "
        . " , users_table.Full_Name  FROM `courses_table` INNER JOIN users_table"
@ -22,7 +19,6 @@ if(!empty($_GET["url"]))
    if (mysqli_num_rows($result) == 0) {
        echo "No course matching the given course URL: " . $course_url;
    } else {
        while ($row = mysqli_fetch_assoc($result)) {
            $name = $row['Course_Name'];
@ -57,9 +53,9 @@ if(!empty($_GET["url"]))
    <?php
-if (isset($_SESSION['info_general'])) {
+    if (isset($_SESSION['info_ReMarking'])) {
-    echo '<hr><div class="alert alert-info" role="alert" style="float:left;">' . $_SESSION['info_general'] . '</div>';
+        echo '<hr><div class="alert alert-info" role="alert" style="float:left;">' . $_SESSION['info_ReMarking'] . '</div>';
-    $_SESSION['info_general']=null;
+        $_SESSION['info_ReMarking'] = null;
    }
    if (isset($_SESSION['info_courses'])) {
@ -70,12 +66,9 @@ if (isset($_SESSION['info_courses'])) {
 </div>
 <?php
-if( $_SESSION['user_type'] == "Student")
+if ($_SESSION['user_type'] == "Student") {
 {
 ?>
    <hr>
@ -97,7 +90,88 @@ if( $_SESSION['user_type'] == "Student")
                    <a class="nav-link" data-toggle="tab" href="#menu3">Submitted</a>
                </li>
                <li class="nav-item">
-    <a class="nav-link" data-toggle="tab" href="#menu4">Marked</a>
+                    <a class="nav-link" data-toggle="tab" href="#menu4" id="marked_tab">Marked</a>
                </li>
                <!----------Delete Course Button----------->
                <li>
                    <html>
                    <body>
                        <div class="modal fade" id="delcourse">
                            <div class="modal-dialog">
                                <div class="modal-content">
                                    <div class="modal-header">
                                        <h2 class="modal-title">Please confirm!</h2>
                                        <button type="button" class="close red" data-dismiss="modal">
                                            <span>&times;</span>
                                        </button>
                                    </div>
                                    <div class="modal-body">
                                        <p>Are you sure about deleting this course? This action can not be reversed!</p>
                                    </div>
                                    <div class="modal-footer">
                                        <form method="POST" action="">
                                            <button type="button" class="btn action-button blue" data-dismiss="modal">Cancel</button>
                                            <input type="submit" name="submit" class="btn action-button red" value="Delete" />
                                        </form>
                                    </div>
                                </div>
                            </div>
                        </div>
        </div>
        <div class="row">
            <div class="col">
                <button type="button" class="btn action-button red" data-toggle="modal" data-target="#delcourse">Delete Course</button>
            </div>
        </div>
    </div>
    </div>
    <?php
    // Connect to MySQL database
    $con = mysqli_connect("localhost",  $mysql_username, $mysql_password, "lrr");
    // Check connection
    if (mysqli_connect_errno()) {
        echo "Failed to connect to MySQL: " . mysqli_connect_error();
    }
    if (isset($_POST['submit'])) {
        header("Location: Courses.php");
        $result = mysqli_query($con, "DELETE FROM course_students_table WHERE Course_ID='$course_id'");
    }
    ?>
    <script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script>
    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script>
    <style>
        /*--------------------[ Delete Course Button ]*/
        .action-button {
            font-family: 'Pacifico', cursive;
            font-size: 18px;
            color: #FFF;
            text-decoration: none;
        }
        .red {
            background-color: #E74C3C;
            border-bottom: 5px solid #BD3E31;
            text-shadow: 0px -2px #BD3E31;
        }
        .blue {
            background-color: #4d4dff;
            border-bottom: 5px solid #4d4dff;
            text-shadow: 0px -2px #4d4dff;
        }
    </style>
    </body>
    </html>
    </li>
    </ul>
@ -110,15 +184,13 @@ if( $_SESSION['user_type'] == "Student")
            $sql = "SELECT course_group_members_table.Course_Group_id FROM course_group_members_table INNER JOIN course_groups_table ON course_group_members_table.Course_Group_id = course_groups_table.Course_Group_id WHERE course_group_members_table.Student_ID=$student_id and course_groups_table.Course_id=$course_id";
            $resultx1 = mysqli_query($con, $sql);
-    while($row = mysqli_fetch_assoc($resultx1))
+            while ($row = mysqli_fetch_assoc($resultx1)) {
    {
                $_SESSION['group_id'] = $row['Course_Group_id'];
            }
            $group_id = $_SESSION['group_id'];
-    if($group_id == "")
+            if ($group_id == "") {
    {
                $group_id = 0; // no group.  If the student has a group, the group number should be greater than 0.
            }
@ -127,17 +199,16 @@ if( $_SESSION['user_type'] == "Student")
            // (3) none of the student's group members have already submitted
            // the assignment.
-    $sql_stmt = "SELECT Type, Lab_Report_ID, Marks, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, lab_reports_table.Title, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`".
+            $var = "SELECT Type, Lab_Report_ID, Marks, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, lab_reports_table.Title, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`" .
                " FROM `lab_reports_table`" .
                " WHERE Course_ID=$course_id" .
                " AND (Deadline > '$c_date' OR Lab_Report_ID IN (SELECT `Lab_Report_ID` FROM `extended_deadlines_table` WHERE Student_ID=$student_id AND Extended_Deadline_Date > '$c_date' AND Lab_Report_ID IN (SELECT Lab_Report_ID FROM lab_reports_table WHERE Course_ID=$course_id)))" .
                " AND Lab_Report_ID NOT IN (SELECT Lab_Report_ID FROM lab_report_submissions WHERE Course_Group_id IN (SELECT Course_Group_id FROM course_group_members_table WHERE Student_ID=$student_id))" .
                " ORDER BY Lab_Report_ID DESC";
-    $result1 = mysqli_query($con, $sql_stmt);
+            $result1 = mysqli_query($con, $var);
-    if(mysqli_num_rows($result1)==0)
+            if (mysqli_num_rows($result1) == 0) {
    {
                echo "No active assignments for this course so far.";
            } else {
@ -168,23 +239,22 @@ if( $_SESSION['user_type'] == "Student")
                    }
                    echo "   <k href='#'>   <div class='btn btn-default break-word' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'>
  $title ($type) <br> <span style='font-size:8pt'> $ins</span> 
-   <br> <span style='font-size:8pt'>Posted : $posted &nbsp;&nbsp;&nbsp;&nbsp; Deadline :   $deadline   &nbsp;&nbsp;&nbsp;&nbsp;($Marks Marks)  &nbsp; &nbsp;&nbsp;&nbsp; &nbsp;<a href='~\..\SubmitLab.php?id=$labid&url=$url' class='btn-sm btn-info' style='margin-left:50px;'> Submit Lab Report</a><br> Attachments : $full_link </span>  
+   <br> <span style='font-size:8pt'>Posted : $posted &nbsp;&nbsp;&nbsp;&nbsp; Deadline :   $deadline   &nbsp;&nbsp;&nbsp;&nbsp;($Marks Marks)  &nbsp; &nbsp;&nbsp;&nbsp; &nbsp;<a href='~\..\SubmitLab.php?id=$labid&url=$url' class='btn-sm btn-info' style='margin-left:50px;' id='submit_lab_report_btn'> Submit Lab Report</a><br> Attachments : $full_link </span>  
 </div></k>";
-                
+                }
-        }}
+            }
            echo "";
            ?>
        </div>
        <div id="menu2" class="container tab-pane"><br>
            <?php
            $group_id = $_SESSION['group_id'];
-    if($group_id == ""){$group_id = -1;} // Individual assignment does not require the student to have a group id.  Therefore, the group is an empty string. To make the following SQL statement work properly, initialize the group id to -1.
+            if ($group_id == "") {
                $group_id = -1;
            } // Individual assignment does not require the student to have a group id.  Therefore, the group is an empty string. To make the following SQL statement work properly, initialize the group id to -1.
            $result  = mysqli_query($con, "SELECT Lab_Report_ID,Marks, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, lab_reports_table.Title, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`
          FROM `lab_reports_table`
          WHERE 
@ -197,12 +267,8 @@ Lab_Report_ID not in (select Lab_Report_ID from lab_report_submissions where (St
                . ""
                . "ORDER by Lab_Report_ID DESC");
-
+            if (mysqli_num_rows($result) == 0) {
    if(mysqli_num_rows($result)==0)
    {
                echo "You missed no lab reports in this course.";
            } else {
                while ($row = mysqli_fetch_assoc($result)) {
                    $title = $row['Title'];
@ -216,9 +282,6 @@ Lab_Report_ID not in (select Lab_Report_ID from lab_report_submissions where (St
                    $att4 = $row['Attachment_link_4'];
                    $id = $row['Lab_Report_ID'];
                    $full_link = "<a href='~\..\Lab_Report_Assignments\\$att1'>$att1</a>";
                    if ($att2 != "") {
@ -230,28 +293,25 @@ Lab_Report_ID not in (select Lab_Report_ID from lab_report_submissions where (St
                    if ($att4 != "") {
                        $full_link = $full_link . "| <a href='~\..\Lab_Report_Assignments\\$att4'>$att4</a>";
-            }
+                    };
            ;   
                    echo "<div class='btn btn-default break-word' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'><span class='btn-sm btn-warning' style='margin-left:0px;'>MISSED</span> $title ($marks Marks) <br> <span style='font-size:8pt'> $ins</span> 
   <br> <span style='font-size:8pt'>Posted: $posted<br> Deadline: $deadline  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<br> Attachments : $full_link </span>
 </div>";
-                
+                }
-        }}
+            }
            echo "";
            ?>
        </div>
        <div id="menu3" class="container tab-pane"><br>
            <?php
            $group_id = $_SESSION['group_id'];
-    if($group_id==""){$group_id=-1;}  // This fixes "Submitted report not shown" http://118.25.96.118/bugzilla/show_bug.cgi?id=176
+            if ($group_id == "") {
-
+                $group_id = -1;
            }  // This fixes "Submitted report not shown" http://118.25.96.118/bugzilla/show_bug.cgi?id=176
            $sql_stmt = "SELECT Lab_Report_ID, Marks, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, lab_reports_table.Title, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`
         FROM `lab_reports_table`
@ -260,11 +320,8 @@ Lab_Report_ID not in (select Lab_Report_ID from lab_report_submissions where (St
            $resultx  = mysqli_query($con, $sql_stmt);
-
+            if (mysqli_num_rows($resultx) == 0) {
    if(mysqli_num_rows($resultx)==0)
    {
                echo "You have no lab report submissions in this course.";
            } else {
                while ($row = mysqli_fetch_assoc($resultx)) {
                    $lab_repo_id = $row['Lab_Report_ID'];
@ -278,8 +335,7 @@ Lab_Report_ID not in (select Lab_Report_ID from lab_report_submissions where (St
                    $att3 = $row['Attachment_link_3'];
                    $att4 = $row['Attachment_link_4'];
                    $id = $row['Lab_Report_ID'];
-            if( $c_date < $deadline)
+                    if ($c_date < $deadline) {
            {
                        $submittedx = "<a  href='~\..\SubmitLab.php?id=$id&url=$url' class='btn-sm btn-default'><i class='fa fa-check-circle'></i> Re-Submit </a>";
                    }
@ -301,7 +357,6 @@ Lab_Report_ID not in (select Lab_Report_ID from lab_report_submissions where (St
   <br> <span style='font-size:8pt'>Posted : $posted  Deadline :   $deadline  ($marks Marks) &nbsp; &nbsp;  $submittedx&nbsp; <span class='btn-sm btn-success' style='margin-left:50px;'><i class='fa fa-Edit-circle'></i>  Submitted </span>
 <br> Submitted files: ";
                    $Sub_result = mysqli_query($con, "SELECT `Submission_ID`, `Submission_Date`, lab_report_submissions.Lab_Report_ID,
 lab_report_submissions.Student_id sub_std, lab_report_submissions.Course_Group_id, `Attachment1`,
 `Notes`, `Attachment2`, `Attachment3`, `Attachment4`, `Marks`, lab_report_submissions.Status, 
@ -311,10 +366,8 @@ Left JOIN users_table  on users_table.Student_ID=lab_report_submissions.Student_
 left JOIN course_group_members_table on course_group_members_table.Course_Group_id=lab_report_submissions.Course_Group_id
 where Lab_Report_ID=$lab_repo_id and (lab_report_submissions.Student_id='$student_id')");
-            if(mysqli_num_rows($Sub_result) == 0)
+                    if (mysqli_num_rows($Sub_result) == 0) {
            {
                        echo "No Attachments found.";
                    } else {
                        while ($row = mysqli_fetch_assoc($Sub_result)) {
                            $at1 = $row['Attachment1'];
@ -341,32 +394,21 @@ where Lab_Report_ID=$lab_repo_id and (lab_report_submissions.Student_id='$studen
                            }
                            echo $full_link;
                        }
                    }
                    echo "</span></div></k>";
-
+                }
-  
+            }
        }}
            echo "";
            ?>
        </div>
        <?php
        $sqli = mysqli_query($con, "SELECT * from course_groups_table WHERE Course_Group_id=$group_id and Course_id=$course_id");
-    while($row = mysqli_fetch_assoc($sqli)) 
+        while ($row = mysqli_fetch_assoc($sqli)) {
-    { $Group_Leader=$row['Group_Leader'];
+            $Group_Leader = $row['Group_Leader'];
            $Group_Member = $row['Group_Member'];
            $Group_Member2 = $row['Group_Member2'];
            $Group_Member3 = $row['Group_Member3'];
@ -374,8 +416,6 @@ where Lab_Report_ID=$lab_repo_id and (lab_report_submissions.Student_id='$studen
        }
        ?>
        <div id="menu4" class="container tab-pane"><br>
            <?php
            $resultx  = mysqli_query($con, "SELECT `Submission_ID`, `Submission_Date`, lab_reports_table.`Lab_Report_ID`, `Student_id`, "
@ -396,14 +436,10 @@ where Lab_Report_ID=$lab_repo_id and (lab_report_submissions.Student_id='$studen
                . " lab_reports_table.Lab_Report_ID  in (select Lab_Report_ID from lab_report_submissions"
                . " where  (Status='Marked' or Status='Remarking') and (Student_id=$student_id or Course_Group_id=$group_id)  and Course_ID=$course_id) ORDER by Submission_ID DESC");
-    
+            if (mysqli_num_rows($resultx) == 0) {
    if(mysqli_num_rows($resultx)==0)
    {
                echo "You have no marked submissions in this course";
-     
+            } else {
-    } else { while($row = mysqli_fetch_assoc($resultx)) {
+                while ($row = mysqli_fetch_assoc($resultx)) {
                    $title = $row['Lab_Title'];
                    $marks = $row['Marks'];
                    $Originalmarks = $row['Original_marks'];
@ -419,23 +455,17 @@ where Lab_Report_ID=$lab_repo_id and (lab_report_submissions.Student_id='$studen
                    $notes = $row['Notes'];
                    $status = $row['Status'];
                    $remarking_reason = $row['Remarking_Reason'];
-            if($status=='Marked')
+                    if ($status == 'Marked') {
            {
                        $rm_data = "\Script.php?remarking=yes&id=$Submission_ID&url=$url&status=Remarking";
-                $remarking="<button  onclick='remarking(\"$rm_data\")' class='btn-sm btn-success'>  Request Remarking </button>";
+                        $remarking = "<button  onclick='remarking(\"$rm_data\")' class='btn-sm btn-success' id='request_remarking_btn'>  Request Remarking </button>";
                    }
-            if($status=='Remarking')
+                    if ($status == 'Remarking') {
            {
                        $remarking = "<span  style='color:orange'><i class='fa fa-info-circle'></i> Remarking Request sent </span> <br> Remarking Reason:<i>$remarking_reason </i> <br>";
                    }
                    echo "   <k href='#'>   <div class='btn btn-default break-word' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'>
  $title  <b> ($marks Marks out of $Originalmarks)</b><br><small> Lecturer Feedback : $notes </small> &nbsp; $remarking   <br> Submission files :";
                    $Sub_result = mysqli_query($con, "SELECT `Submission_ID`, `Submission_Date`, lab_report_submissions.Lab_Report_ID,
  lab_report_submissions.Student_id sub_std, lab_report_submissions.Course_Group_id, `Attachment1`,
  `Notes`, `Attachment2`, `Attachment3`, `Attachment4`, `Marks`, lab_report_submissions.Status, 
@ -445,11 +475,10 @@ where Lab_Report_ID=$lab_repo_id and (lab_report_submissions.Student_id='$studen
  left JOIN course_group_members_table on course_group_members_table.Course_Group_id=lab_report_submissions.Course_Group_id
  where Lab_Report_ID=$id and lab_report_submissions.Student_id='$student_id'");
-            if(mysqli_num_rows($Sub_result)==0)
+                    if (mysqli_num_rows($Sub_result) == 0) {
            {
                        echo "No Attachments found.";
-       
+                    } else {
-            } else { while($row = mysqli_fetch_assoc($Sub_result)) {
+                        while ($row = mysqli_fetch_assoc($Sub_result)) {
                            $at1 = $row['Attachment1'];
                            $at2 = $row['Attachment2'];
                            $at3 = $row['Attachment3'];
@ -469,21 +498,13 @@ where Lab_Report_ID=$lab_repo_id and (lab_report_submissions.Student_id='$studen
                            }
                            echo $full_link;
                        }
                    }
-
+                }
-
+            }
        }}
            echo "</div></k>";
            ?>
        </div>
    </div>
@ -495,15 +516,14 @@ where Lab_Report_ID=$lab_repo_id and (lab_report_submissions.Student_id='$studen
        <?php
        $resultx1 = mysqli_query($con, "SELECT `Course_Group_id`  FROM `course_groups_table` WHERE  Course_id=$course_id");
-    while($row = mysqli_fetch_assoc($resultx1)) {$count_groups=$row['Course_Group_id'];} 
+        while ($row = mysqli_fetch_assoc($resultx1)) {
            $count_groups = $row['Course_Group_id'];
        }
-     
+        echo " <button onclick='CreateGroup()' class='btn btn-primary' id='create_group_btn'> Create Group</button>";
    echo " <button onclick='CreateGroup()' class='btn btn-primary'> Create Group</button>";
        ?>
        <hr>
        <?php
@ -512,99 +532,59 @@ where Lab_Report_ID=$lab_repo_id and (lab_report_submissions.Student_id='$studen
 FROM `course_group_members_table`  INNER JOIN course_groups_table on 
 course_groups_table.Course_Group_id=course_group_members_table.Course_Group_id WHERE Student_id=$student_id and course_groups_table.Course_id=$course_id");
-    if(mysqli_num_rows($result)==0)
+        if (mysqli_num_rows($result) == 0) {
    {
            echo "You have no Group in this Course";
-    } else { while($row = mysqli_fetch_assoc($result)) {
+        } else {
            while ($row = mysqli_fetch_assoc($result)) {
                $name = $row['Group_Name'];
                $id = $row['Course_Group_id'];
                $status = $row['Status'];
                $extra = " -  <a href='#' class='' onclick='invite($id)'> Invite Others</a></small>";
-            if($status=="Invited")
+                if ($status == "Invited") {
            {
                    $extra2 = "   <a href='#' class='' onclick='accept($id,1)'>Accept</a></small>";
                    $extra3 = "   <a href='#' class='' onclick='accept($id,0)'>Decline</a></small>";
                }
-
+                echo "<div  class='btn-default'><small> $name ($status)  $extra  $extra2  $extra3</small></div>";
            # Add "delete group" button and allow only group creator to delete it
            $extra4 = "<button onclick='delete_group($id)' class='btn btn-danger' style='height: 25px; width: 90px; 
                        line-height: 10px; font-size: 10px'>DELETE GROUP</button>";
            echo "<div  class='btn-default'><small> $name ($status)  $extra  $extra2  $extra3" . 
            (($status == "Created")? "$extra4": "")
            ."</small></div>";
                $rs2 = mysqli_query($con, "SELECT `ID`, `Course_Group_id`, course_group_members_table.Student_ID, 
                            course_group_members_table.`Status`,users_table.Full_Name FROM `course_group_members_table` 
 INNER JOIN users_table on users_table.Student_ID=course_group_members_table.Student_ID
 where course_group_members_table.Course_Group_id=$id");
            #Check whether the current user in session is the creator of the group
            $rs3 = mysqli_query($con, "SELECT `Status` from course_group_members_table where Student_ID = $student_id");
            $flag = mysqli_fetch_assoc($rs3)['Status'] == "Created";
                while ($row = mysqli_fetch_assoc($rs2)) {
                    $name = $row['Full_Name'];
                    $id = $row['Course_Group_id'];
                    $status = $row['Status'];
                    $Student_ID = $row['Student_ID'];
-                #Show group members + remove button next to each member except the creator of the group
+                    echo "<li><small> $name-$Student_ID ($status)</small></li>";
                if($flag){
                    echo "<li><small> $name-$Student_ID ($status)</small>".(($status != "Created")?"<button onclick='remove_member($Student_ID, $id)' 
                class='btn btn-danger' style='height: 25px; width: 80px; line-height: 10px;'>remove</button>":"")."</li>";
                }else{
                    echo "<li><small> $name-$Student_ID ($status)</small>";
                }
            }
            }
        }
        ?>
    </div>
    </div>
 <?php
 }
 include 'Footer.php';
 ?>
 <script src="./css/jquery-1.11.1.min.js"></script>
 <script src="./css/jquery-ui.min.js"></script>
 <link rel="stylesheet" href="./css/jquery-ui.css" />
 <script>
    function CreateGroup() {
-    
+        try {
    try
    {
            $('<form id="frm" method="get" action="Script.php"><input type="hidden" name="creategroup" value="true">\n\
- <input type="hidden" name="student_id" value="<?php echo $student_id; ?>" > Group Name  <input type="text" name="name">\n\
+ <input type="hidden" name="student_id" value="<?php echo $student_id; ?>" > Group Name  <input type="text" name="name" id="group_name">\n\
 <input type="hidden" name="url" value="<?php echo $url; ?>">  <input type="hidden" name="id" value="<?php echo $course_id; ?>">    </form>').dialog({
                modal: true,
                title: 'Create Group',
@ -622,18 +602,14 @@ function CreateGroup() {
                }
            });
-    } catch(e){ alert(e); }
+        } catch (e) {
            alert(e);
        }
    }
    function invite(id) {
-    
+        try {
    try
    {
            $('<form id="frm" method="get" action="Script.php"><input type="hidden" name="groupinvite" value="true">\n\
 <input type="hidden" name="groupid" value="' + id + '" > Enter Student_ID to Invite  <input type="text" name="student_id">\n\
@ -654,21 +630,14 @@ function invite(id) {
                }
            });
-    } catch(e){ alert(e); }
+        } catch (e) {
            alert(e);
        }
    }
    function accept(id, val) {
-    try
+        try {
    {
            $('<form id="frm" method="get" action="Script.php"><input type="hidden" name="acceptinvite" value="true">\n\
 <input type="hidden" name="groupid" value="' + id + '" > \n\  <input type="hidden" name="action" value="' + val + '" > \n\
@ -691,75 +660,15 @@ function accept(id,val) {
                }
            });
-    } catch(e){ alert(e); }
+        } catch (e) {
            alert(e);
        }
    }
-
+    function remarking(data) {
 function remarking(data)
 {
        var details = prompt("Please enter your remarking reasons", "");
        window.location.href = data + "&details=" + details;
    }
 function remove_member(student_id, group_id) {
    try
    {
        $('<form id="frm" method="get" action="Script.php"><input type="hidden" name="removemember" value="true">\n\
 <input type="hidden" name="student_id" value="'+student_id+'" > \n\
 <input type="hidden" name="group_id" value="'+group_id+'">\n\
 <input type="hidden" name="url" value="<?php echo $url; ?>"></form>').dialog({
    modal: true,
    title:'Remove '+student_id+'?',
    buttons: {
        'Confirm': function () {
            $('#frm').submit();
            $(this).dialog('close');
        },
        'X': function () {
            $(this).dialog('close');
        }
    }
 });
    } catch(e){ alert(e); }
 }
 function delete_group(id) {
    try
    {
        $('<form id="frm" method="get" action="Script.php"><input type="hidden" name="deletegroup" value="true">\n\
 <input type="hidden" name="group_id" value="'+id+'" > \n\
 <input type="hidden" name="url" value="<?php echo $url; ?>"></form>').dialog({
    modal: true,
    title:'Delete this group?',
    buttons: {
        'Confirm': function () {
            $('#frm').submit();
            $(this).dialog('close');
        },
        'X': function () {
            $(this).dialog('close');
        }
    }
 });
    } catch(e){ alert(e); }
 }
 </script>
--- a/Courses.php
+++ b/Courses.php
@ -2,49 +2,37 @@
 include 'NoDirectPhpAcess.php';
 ?>
 <?php
 $page = 'Courses';
 include 'Header.php';
 $user_d = $_SESSION['user_id'];
-if( $_SESSION['user_type']=="Lecturer" || $_SESSION['user_type']=="TA")
+if ($_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "TA") {
 {
 ?>
    <!--    FOR LECTURER-->
    <div class="row" style="width:80%;margin:auto; text-align:left;">
        <script src="./css/jquery-1.11.1.min.js"></script>
        <script src="./css/jquery-ui.min.js"></script>
        <link rel="stylesheet" href="./css/jquery-ui.css" />
        <script>
            function extend_deadline(id) {
                var dropstudents = $("#dropstudents").html();
-        try
+                try {
        {
                    $('<form id="frm" method="get" action="Script.php">\n\
    <input type="hidden" name="extenddeadline" value="true" >\n\
   <input type="hidden" name="id" value="' + id + '" > \n\
-New Date/Time <br><input type="date" name="date" required=""> <input type="time" name="time" required=""> \n\
+New Date/Time <br><input type="date" name="date" required="" id="new_date"> <input type="time" name="time" required=""> \n\
  \n\
-<br><input type="radio" value="1" name="type" required=""> Extend for All<hr>  \n\
+<br><input type="radio" value="1" name="type" required="" id="extend_for_all"> Extend for All<hr>  \n\
 <input type="radio" value="2" name="type" required=""> Extend for these Individual Students \n\
 ' + dropstudents + '   \n\
 </form>').dialog({
@ -64,23 +52,23 @@ New Date/Time <br><input type="date" name="date" required=""> <input type="time"
                        }
                    });
-        }catch(e){ alert(e); }
+                } catch (e) {
                    alert(e);
                }
            }
        </script>
        <?php
-    if(!empty($_GET["course"]))
+        if (!empty($_GET["course"])) {
-    {
+            $course_url = $_GET["course"];
        $course_url = mysqli_real_escape_string($con, $_GET["course"]);
            $result = mysqli_query($con, "SELECT `Course_ID`, `Course_Name`, `Academic_Year`, `Faculty`,"
                . " `Lecturer_User_ID`, `TA_User_ID`, `Course_Code`, `URL`, `Verify_New_Members`  "
                . " , users_table.Full_Name  FROM `courses_table` INNER JOIN users_table"
                . " ON users_table.User_ID=courses_table.Lecturer_User_ID where URL='$course_url' ");
-        if(mysqli_num_rows($result)==0)
+            if (mysqli_num_rows($result) == 0) {
-        {} else { while($row = mysqli_fetch_assoc($result)) {
+            } else {
                while ($row = mysqli_fetch_assoc($result)) {
                    $name = $row['Course_Name'];
                    $code = $row['Course_Code'];
                    $faculty = $row['Faculty'];
@ -103,9 +91,8 @@ New Date/Time <br><input type="date" name="date" required=""> <input type="time"
                // ------------------------------Editing Lab Assignment by Lecturer ------------------------------------
                if ($_GET['act'] == "edit") {
-                $getid = mysqli_real_escape_string($con, $_GET["cid"]);
+                    $getid = $_GET["cid"];
                    $result1 = mysqli_query($con, "SELECT * from lab_reports_table WHERE Lab_Report_ID = '$getid'");
                    while ($row1 = mysqli_fetch_assoc($result1)) {
@ -119,19 +106,18 @@ New Date/Time <br><input type="date" name="date" required=""> <input type="time"
                    }
                    if (isset($_POST['frm_uploadlab'])) {
-                    $deadlinedate = trim(mysqli_real_escape_string($con, $_POST["deadlinedate"])); // remove spaces
+                        $deadlinedate = trim($_POST["deadlinedate"]); // remove spaces
-                    $deadlinetime = trim(mysqli_real_escape_string($con, $_POST["deadlinetime"])); // remove spaces
+                        $deadlinetime = trim($_POST["deadlinetime"]); // remove spaces
-                    $instructions = mysqli_real_escape_string($con, $_POST["instructions"]);
+                        $instructions = $_POST["instructions"];
-                    $title = mysqli_real_escape_string($con, $_POST["title"]);
+                        $title = $_POST["title"];
-                    $marks = mysqli_real_escape_string($con, $_POST["marks"]);
+                        $marks = $_POST["marks"];
-                    $type  = mysqli_real_escape_string($con, $_POST["type"]);
+                        $type  = $_POST["type"];
                        $Deadline = $deadlinedate . " " . $deadlinetime;
                        $date =  date("Y-m-d H:i");
                        $sql = "UPDATE `lab_reports_table` SET `Deadline` = ('" . $Deadline . "'), `Instructions` = ('" . $instructions . "'), `Title` = ('" . $title . "'), `Marks` = ('" . $marks . "'), `Type` = ('" . $type . "') WHERE `lab_reports_table`.`Lab_Report_ID` = '$getid'";
                        if ($con->query($sql) === TRUE) {
                            $_SESSION["info_Updated"] = "Assignment information updated successfully.";
                        } else {
                            // echo "Error: " . $sql . "<br>" . $con->error;
                            echo "Serious error happened whiling updating assignment information.";
@ -153,14 +139,14 @@ New Date/Time <br><input type="date" name="date" required=""> <input type="time"
                            <input type='hidden' name='course_id' value='<?php echo "$id" ?>' required='' />
                            <input type='hidden' name='url' value='<?php echo ".$course_url." ?>' required='' />
-                    Deadline Date/Time
+                            Dealine Date/Time
                            <div class='row'>
                                <div class='col-md-7'><input type='date' id='date' name='deadlinedate' placeholder='' class='form-control' required='' value="<?php echo isset($_GET['act']) && $_GET['act'] == "edit" ? $Date : ""; ?>"> </div>
                                <div class='col-md-5'> <input type='text' id='time' class='form-control' name='deadlinetime' value="<?php echo isset($_GET['act']) && $_GET['act'] == "edit" ? $Time : ""; ?>"> </div>
                            </div>
                            Title
-                        <input type='text'  name='title' placeholder='Title' class='form-control' required='' value="<?php echo isset($_GET['act']) && $_GET['act']=="edit" ? $Title : ""; ?>">
+                            <input type='text' name='title' placeholder='Ttle' class='form-control' required='' value="<?php echo isset($_GET['act']) && $_GET['act'] == "edit" ? $Title : ""; ?>">
                            Instructions
                            <textarea name='instructions' placeholder='Assignment Instructions' class='form-control' required=''><?php echo isset($_GET['act']) && $_GET['act'] == 'edit' ? $Instructions : ''; ?></textarea>
                            Marks
@ -174,7 +160,6 @@ New Date/Time <br><input type="date" name="date" required=""> <input type="time"
                            Attachment 3
                            <input type='file' name='attachment3' placeholder='Attachment 1' class='form-control'>
                            Attachment 4
                            <input type='file' name='attachment4' placeholder='Attachment 4' class='form-control'>
                            <br>
@ -187,12 +172,12 @@ New Date/Time <br><input type="date" name="date" required=""> <input type="time"
                            }
                            ?>
                            <hr>
                            <input type='submit' class='btn btn-primary' value='Post Lab Assignment'><br>
                        </form><br><br><br><br>
                    <?php
-                }}else{
+                    }
                } else {
                    // ------------------------------Posting New Lab Assignment------------------------------------
@ -205,7 +190,7 @@ New Date/Time <br><input type="date" name="date" required=""> <input type="time"
                        <h3> Post new Lab Assignment </a></h3>
-                    <form method='post'   enctype='multipart/form-data' action='Script.php'>
+                        <form method='post' enctype='multipart/form-data' action='Script.php' id="newlab_form">
                            <?php
                            $_SESSION['url'] = $url;
                            ?>
@ -213,18 +198,18 @@ New Date/Time <br><input type="date" name="date" required=""> <input type="time"
                            <input type='hidden' name='course_id' value='<?php echo "$id" ?>' required='' />
                            <input type='hidden' name='url' value='<?php echo ".$course_url." ?>' required='' />
-                    Deadline Date/Time
+                            Dealine Date/Time
                            <div class='row'>
                                <div class='col-md-7'><input type='date' id='date' name='deadlinedate' placeholder='' class='form-control' required='' value=""> </div>
                                <div class='col-md-5'> <input type='time' class='form-control' name='deadlinetime' value=""> </div>
                            </div>
                            Title
-                        <input type='text'  name='title' placeholder='Title' class='form-control' required='' value="">
+                            <input type='text' name='title' placeholder='Ttle' class='form-control' required='' value="" id="lab_title">
                            Instructions
-                        <textarea  name='instructions' placeholder='Assignment Instructions' class='form-control' required='' value=""></textarea>
+                            <textarea name='instructions' placeholder='Assignment Instructions' class='form-control' required='' value="" id="lab_instructor"></textarea>
                            Marks
-                        <input type='text'  name='marks' placeholder='Marks' class='form-control' required='' value="">
+                            <input type='text' name='marks' placeholder='Marks' class='form-control' required='' value="" id="lab_mark">
                            Attachment 1
                            <input type='file' name='attachment1' placeholder='Attachment 1' class='form-control'>
@ -234,20 +219,18 @@ New Date/Time <br><input type="date" name="date" required=""> <input type="time"
                            Attachment 3
                            <input type='file' name='attachment3' placeholder='Attachment 1' class='form-control'>
                            Attachment 4
                            <input type='file' name='attachment4' placeholder='Attachment 4' class='form-control'>
                            <br>
-                    Submission Type  <input type='radio' name='type' value='Individual' required=''> Individual
+                            Submission Type <input type='radio' name='type' value='Individual' required='' id="lab_individual"> Individual
-                                                <input type='radio' name='type' value='Group' required=''> Group
+                            <input type='radio' name='type' value='Group' required='' id="lab_group"> Group
                            <hr>
-                    <input type='submit' class='btn btn-primary' value='Post Lab Assignment'><br>
+                            <input type='submit' class='btn btn-primary' value='Post Lab Assignment' id="submit_btn"><br>
                        </form><br><br><br><br>
        <?php
                    }
                }
            }
            echo "</div>";
@ -267,22 +250,17 @@ New Date/Time <br><input type="date" name="date" required=""> <input type="time"
                $_SESSION['info_courses'] = null;
            }
            $result = mysqli_query($con, " SELECT `Lab_Report_ID`,Type,Marks, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, `Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, "
                . "`Attachment_link_4` FROM `lab_reports_table` WHERE Course_ID=$id ORDER by Lab_Report_ID DESC");
-           
+            if ($_SESSION['user_type'] == "TA") {
        if( $_SESSION['user_type']=="TA")
        {
                echo "<b style='color:gray'>*Only Lecturer can post a new lab report assignment</b><br>";
            }
-        if(mysqli_num_rows($result)==0)
+            if (mysqli_num_rows($result) == 0) {
        {
                echo "No assignments posted so far.";
-     
+            } else {
-        } else { while($row = mysqli_fetch_assoc($result)) {
+                $counter = 0;
                while ($row = mysqli_fetch_assoc($result)) {
                    $marks = $row['Marks'];
                    $title = $row['Title'];
                    $ins = $row['Instructions'];
@ -296,6 +274,7 @@ New Date/Time <br><input type="date" name="date" required=""> <input type="time"
                    $cours_id = $row['Course_ID'];
                    $as_type = $row['Type'];
                    $full_link = "<a href='~\..\Lab_Report_Assignments\\$att1'>$att1</a>";
                    $counter += 1;
                    if ($att2 != "") {
                        $full_link = $full_link . " &nbsp|&nbsp <a href='~\..\Lab_Report_Assignments\\$att2'>$att2</a>";
@ -308,15 +287,19 @@ New Date/Time <br><input type="date" name="date" required=""> <input type="time"
                        $full_link = $full_link . " &nbsp; | &nbsp <a href='~\..\Lab_Report_Assignments\\$att4'>$att4</a>";
                    }
                    $resultx1 = mysqli_query($con, "Select Count(*) as cnt from lab_report_submissions where lab_report_submissions.Lab_Report_ID=$id");
-                while($row = mysqli_fetch_assoc($resultx1)) {$count_subs=$row['cnt'];}    
+                    while ($row = mysqli_fetch_assoc($resultx1)) {
                        $count_subs = $row['cnt'];
                    }
                    $resultx2 = mysqli_query($con, "Select COUNT(*) as cnt from lab_report_submissions where lab_report_submissions.Lab_Report_ID=$id and Marks is not null");
-                if(mysqli_num_rows($resultx2)==0){$count_marked=0;} else { while($row = mysqli_fetch_assoc($resultx2)) {$count_marked =$row['cnt'];}}     
+                    if (mysqli_num_rows($resultx2) == 0) {
-                            
+                        $count_marked = 0;
                    } else {
                        while ($row = mysqli_fetch_assoc($resultx2)) {
                            $count_marked = $row['cnt'];
                        }
                    }
                    $header = "Courses > " . $name . "($code) > Assignments > " . $title;
@ -326,28 +309,20 @@ New Date/Time <br><input type="date" name="date" required=""> <input type="time"
   <br> <span style='font-size:8pt'>Posted : $posted  Deadline :  <b> $deadline </b> &nbsp; ($marks Marks)      &nbsp;    &nbsp; &nbsp; &nbsp; &nbsp;   "
                        . "<br>"
-                      . "<span class='btn-default'> &nbsp;&nbsp; $count_subs Submissions ( $count_marked Marked ) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href='Courses.php?course=".$url."&act=edit&cid=".$id."'>Edit</a>&nbsp;&nbsp; |&nbsp;&nbsp;<a href='~\..\Submissions.php?id=$id&header=$header&total=$marks' onclick=''> View </a>     &nbsp;&nbsp; |&nbsp;&nbsp;         <a href='#'  onclick='extend_deadline($id)'> Extend Deadline </a>  </span>         <hr> Attachments : $full_link </span>"
+                        . "<span class='btn-default'> &nbsp;&nbsp; $count_subs Submissions ( $count_marked Marked ) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href='Courses.php?course=" . $url . "&act=edit&cid=" . $id . "'>Edit</a>&nbsp;&nbsp; |&nbsp;&nbsp;<a href='~\..\Submissions.php?id=$id&header=$header&total=$marks' onclick='' id='view_submissions_link_$counter'> View </a>     &nbsp;&nbsp; |&nbsp;&nbsp;         <a href='#'  onclick='extend_deadline($id)' id='extend_deadline_link'> Extend Deadline </a>  </span>         <hr> Attachments : $full_link </span>"
                        . "&nbsp;&nbsp;</div>
                        ";
-                
+                }
-               
+            }
            }}
            echo "</div>";
            $resultx1 = mysqli_query($con, "SELECT course_students_table.Student_ID,users_table.Full_Name FROM 
 `course_students_table`
 INNER JOIN users_table on users_table.Student_ID=course_students_table.Student_ID
 WHERE Course_ID=$course_id");
            echo "<span id='dropstudents' style='display:none;'> <select name='stdid'>";
-        while($row = mysqli_fetch_assoc($resultx1)) 
+            while ($row = mysqli_fetch_assoc($resultx1)) {
        {
                $stdid = $row['Student_ID'];
                $stdname = $row['Full_Name'];
@ -357,17 +332,11 @@ WHERE Course_ID=$course_id");
                . "<input type='hidden' name='url' value='$course_url'>"
                . " </span>";
            return;
        }
        ?>
        <div class="col-md-8">
            <?php
@ -379,23 +348,20 @@ WHERE Course_ID=$course_id");
 </a></div>
 ";
            $result = mysqli_query($con, "SELECT `Course_ID`, `Course_Name`, `Academic_Year`, `Faculty`, "
                . "`Lecturer_User_ID`, `TA_User_ID`, `Course_Code`, `URL`, `Verify_New_Members`   , users_table.Full_Name  FROM `courses_table` INNER JOIN users_table ON users_table.User_ID=courses_table.Lecturer_User_ID where courses_table.Lecturer_User_ID=$user_d");
-    if($_SESSION['user_type']=="TA")
+            if ($_SESSION['user_type'] == "TA") {
    {
                $result = mysqli_query($con, "SELECT course_ta.Course_ID, `Course_Name`, 
          `Academic_Year`, `Faculty`, `Lecturer_User_ID`, `TA_User_ID`, `Course_Code`, `URL`, `Verify_New_Members`   FROM `courses_table` 
 INNER JOIN 
 course_ta ON course_ta.Course_ID=courses_table.Course_ID where course_ta.TA=$user_d");
            }
            // $result = mysqli_query($con,"SELECT `Course_ID`, `Course_Name`, `Academic_Year`, `Faculty`, `Lecturer_User_ID`, `TA_User_ID`, `Course_Code`, `URL`, `Verify_New_Members`   , users_table.Full_Name  FROM `courses_table` INNER JOIN users_table ON users_table.User_ID=courses_table.Lecturer_User_ID");
- 
+            if (mysqli_num_rows($result) == 0) {
-    if(mysqli_num_rows($result)==0)
+            } else {
-    {} else { while($row = mysqli_fetch_assoc($result)) {
+                while ($row = mysqli_fetch_assoc($result)) {
                    $id = $row['Course_ID'];
                    $name = $row['Course_Name'];
                    $code = $row['Course_Code'];
@ -413,8 +379,6 @@ where course_ta.Course_ID=$id");
                        $ta = $ta . "  - " . $rowTA['TA_NAME'];
                    }
                    echo "  
                         <a href='~\..\Courses.php?course=$url'>   <div class='btn btn-default'>
@ -422,15 +386,13 @@ where course_ta.Course_ID=$id");
   <br> <span style='font-size:8pt'>Faculty : $faculty &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Year :  $academic  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;  Lecturer  :$lecturer  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;  TA:$ta </span>
 </div></a>
                        ";
-   
+                }
-        }}?>
+            } ?>
        </div>
        <div class="col-md-4">
            <br>
            <b> Course Joining Requests </b>
            <?php
            $lecturer_id = $_SESSION['user_id'];
            $result = mysqli_query($con, "SELECT  course_students_table.ID,users_table.Full_Name,  courses_table.Course_ID, `Course_Name`, `Academic_Year`, `Faculty`, `Lecturer_User_ID`, `TA_User_ID`, `Course_Code`, `URL`, `Verify_New_Members` FROM `courses_table` 
@ -438,11 +400,11 @@ INNER JOIN course_students_table on  course_students_table.Course_ID=courses_tab
 INNER JOIN users_table on users_table.Student_ID=course_students_table.Student_ID
 WHERE  Lecturer_User_ID=$lecturer_id and course_students_table.Status='Pending'");
-    if(mysqli_num_rows($result)==0)
+            if (mysqli_num_rows($result) == 0) {
    {
                echo "<br>  <i class='fa fa-info-circle'></i> No Course joining request so far for all your courses <hr>";
-    } else { while($row = mysqli_fetch_assoc($result)) {
+            } else {
                while ($row = mysqli_fetch_assoc($result)) {
                    $id = $row['ID'];
                    $name = $row['Course_Name'];
@ -455,21 +417,12 @@ WHERE  Lecturer_User_ID=$lecturer_id and course_students_table.Status='Pending'"
 $std_name is Requesting to join <br> [($code) - $name ] &nbsp;&nbsp;&nbsp;&nbsp; <br><a href='~\..\Script.php?AcceptStudent=y&id=$id&rs=yes' class='btn-sm btn-success' onclick=return confirm(\"are you sure to join this course?\")' > Accept </a>
 &nbsp;&nbsp;<a href='~\..\Script.php?AcceptStudent=y&id=$id&rs=no' class='btn-sm btn-danger' onclick=return confirm(\"are you sure to join this course?\")' > Decline </a>                     
 </div>";
                }
            }
            ?>
            <?php
-    if( $_SESSION['user_type']=="TA")
+            if ($_SESSION['user_type'] == "TA") {
    {
                echo "<center>Only Lecturers can Post new Lab report Assignments</center>";
            }
            if ($_SESSION['user_type'] == "Lecturer") { ?>
@ -480,30 +433,28 @@ WHERE  Lecturer_User_ID=$lecturer_id and course_students_table.Status='Pending'"
                    <input type="hidden" name="frm_createCourse" value="true" required="" />
                    <input type="hidden" name="l" value="l" required="" />
                    Course Name
-            <input type="text" name="name" placeholder="Course Name" class="form-control" required="">
+                    <input type="text" name="name" placeholder="Course Name" class="form-control" required="" id="course_name">
                    Course Code
-            <input type="text" name="code" placeholder="Course Code" class="form-control" required="">
+                    <input type="text" name="code" placeholder="Course Code" class="form-control" required="" id="course_code">
                    URL (Leave blank to use Course Code & Year)
                    <input type="text" name="url" placeholder="Choose Custom URL " class="form-control">
                    Academic Year
-            <input type="text" name="academic" placeholder="Academic Year" class="form-control" required="">
+                    <input type="text" name="academic" placeholder="Academic Year" class="form-control" required="" id="academic_year">
                    Faculty <br>
-        <input type="text" name="faculty" placeholder="Faculty" class="form-control" required="">
+                    <input type="text" name="faculty" placeholder="Faculty" class="form-control" required="" id="faculty">
                    <input type="hidden" name="lecturer" value="<?php echo $_SESSION['user_id'];  ?>">
                    Verify Joining Students
-            <input type="radio" name="verify" value="1"> Yes
+                    <input type="radio" name="verify" value="1" id="join_yes"> Yes
-        <input type="radio" name="verify" value="0" checked=""> No
+                    <input type="radio" name="verify" value="0" checked="" id="join_no"> No
                    <br>
-        <input type="submit" class="btn btn-primary" value="Create Portal"><br>
+                    <input type="submit" class="btn btn-primary" value="Create Portal" id="portal_btn"><br>
                </form>
@ -511,16 +462,12 @@ WHERE  Lecturer_User_ID=$lecturer_id and course_students_table.Status='Pending'"
        </div>
        <!--   END LECTURER   -->
    <?php
 }
-       
+if ($_SESSION['user_type'] == "Student") {
 if( $_SESSION['user_type']=="Student")
 {
    ?>
        <!--STUDENT CODE-->
@ -540,51 +487,32 @@ if( $_SESSION['user_type']=="Student")
            <div class="col-md-6"></div>
        </div>
        <div class="row" style="width:80%;margin:auto; text-align:left;">
            <div class="col-md-6">
            <?php
            error_reporting(0);
            $student_id = $_SESSION['user_student_id'];
-    // current academic year - i.e 2021 - 2022 , so we will show in search result:
+            if (!empty($_GET["search"]) || !empty($_GET["faculty"])) {
-    // course containing either 2021 or 2022 as academic year.
+                $search = trim($_GET["search"]);
-    $oldest_academic_year = date('Y') - 1;
+                $faculty = $_GET["faculty"];
    if(!empty($_GET["search"]) || !empty($_GET["faculty"]))
    {
        $search = trim(mysqli_real_escape_string($con, $_GET["search"]));
        $search = strtoupper($_GET['search']);
        $faculty = mysqli_real_escape_string($con, $_GET["faculty"]);
-        // the user has not entered something under "Find course by Code"
+                if ($faculty == "") {
        if($faculty=="")
        {
                    echo "<h4> Search Results for Course Code $search</h4><hr>";
                    $result = mysqli_query($con, "SELECT `Course_ID`, `Course_Name`, `Academic_Year`, `Faculty`,"
                        . " `Lecturer_User_ID`, `TA_User_ID`, `Course_Code`, `URL`, `Verify_New_Members`  "
                        . " , users_table.Full_Name  FROM `courses_table` INNER JOIN users_table"
-                                   . " ON users_table.User_ID=courses_table.Lecturer_User_ID where Academic_Year >= $oldest_academic_year and Course_Code like '%{$search}%'  and courses_table.Course_ID not in (select course_id from course_students_table where Student_ID=$student_id) order by Academic_Year desc");
+                        . " ON users_table.User_ID=courses_table.Lecturer_User_ID where Course_Code like '%{$search}%' and courses_table.Course_ID not in (select course_id from course_students_table where Student_ID=$student_id)");
-        } 
+                } else {
        // the user has entered something under "Find course by Code"
        else
        {
                    echo "<h3> Find Courses under faculty $faculty</h3>";
                    $result = mysqli_query($con, "SELECT `Course_ID`, `Course_Name`, `Academic_Year`, `Faculty`,
       `Lecturer_User_ID`, `TA_User_ID`, `Course_Code`, `URL`, `Verify_New_Members` 
         , users_table.Full_Name  FROM `courses_table` INNER JOIN users_table
-         ON users_table.User_ID=courses_table.Lecturer_User_ID where Academic_Year >= $oldest_academic_year  and Faculty='$faculty'  and courses_table.Course_ID not in (select course_id from course_students_table where Student_ID=$student_id) order by Academic_Year desc");
+         ON users_table.User_ID=courses_table.Lecturer_User_ID where Faculty='$faculty'  and courses_table.Course_ID not in (select course_id from course_students_table where Student_ID=$student_id)");
                }
-
+                if (mysqli_num_rows($result) == 0) {
        if(mysqli_num_rows($result)==0)
        {
                    echo "No results found for your Search <hr>";
                } else {
                    while ($row = mysqli_fetch_assoc($result)) {
@ -597,20 +525,19 @@ if( $_SESSION['user_type']=="Student")
                        $id = $row['Course_ID'];
                        $v = $row['Verify_New_Members'];
                        $msg2 = "Join Course";
-                if($v>0)
+                        if ($v > 0) {
                {
                            $msg = "<i class='fa fa-exclamation-circle'></i> Lecturer verification required";
                            $msg2 = "Send Joining Request";
                        }
                        echo "<div class='btn btn-default' style='word-wrap:break-word'>
-  [$code] $name <br>($url) <br>  <a href='~\..\Script.php?JoinCourse=y&id=$id&std=$student_id&joining=$v' class='btn-sm btn-success' onclick=return confirm(\"Are you sure to join this course?\")' > $msg2 </a>
+  [$code] $name <br>($url) <br>  <a href='~\..\Script.php?JoinCourse=y&id=$id&std=$student_id&joining=$v' class='btn-sm btn-success' onclick=return confirm(\"Are you sure to join this course?\")' id='join_btn'> $msg2 </a>
   <br> <span style='font-size:10pt'>Faculty: $faculty | Year: $academic | Lecturer: $lecturer </span><br>$msg</div>
                        ";
                    }
                }
            }
-    // Otherwise, list the student's joined courses (already done), in reverse chronological order
+
            echo "<h4> My Courses </h4>";
            $result = mysqli_query($con, "SELECT users_table.Full_Name, course_students_table.Status, courses_table.Course_ID, `Course_Name`, `Academic_Year`, `Faculty`, `Lecturer_User_ID`, `TA_User_ID`, `Course_Code`, `URL`, `Verify_New_Members` FROM `courses_table`
 INNER JOIN users_table
@ -618,10 +545,9 @@ INNER JOIN users_table
 INNER JOIN course_students_table on course_students_table.Course_ID=courses_table.Course_ID
-                  where course_students_table.Student_ID=$student_id order by Academic_Year desc");
+                  where course_students_table.Student_ID=$student_id");
-    if(mysqli_num_rows($result)==0)
+            if (mysqli_num_rows($result) == 0) {
    {
                echo "<i class='fa fa-exclamation-circle'></i> You are not Enrolled in any Course";
            } else {
                while ($row = mysqli_fetch_assoc($result)) {
@ -634,15 +560,12 @@ INNER JOIN course_students_table on course_students_table.Course_ID=courses_tabl
                    $id = $row['Course_ID'];
                    $Status = $row['Status'];
-            if($Status=="Joined")
+                    if ($Status == "Joined") {
            {
                        echo "<a href='~\..\Course.php?url=$url'>   <div class='btn btn-default' style='word-wrap:break-word'>
  ($code) - $name <br>($url)       &nbsp;&nbsp;&nbsp; <i class='fa fa-check-circle'></i> $Status   &nbsp;&nbsp;&nbsp;&nbsp; <a href='~\..\Course.php?url=$url' class='btn-sm btn-primary'> Open</a>
   <br> <span style='font-size:8pt'>Faculty : $faculty  Year :   $academic  Lecturer  :$lecturer </span></div></a>
                        ";
-            }
+                    } else {
            else
            {
                        echo "<div class='btn btn-default'>
  ($code) - $name  <i class='btn-sm btn-danger'> $Status</i>
   <br> <span style='font-size:8pt'>Faculty : $faculty  Year :   $academic  Lecturer  :$lecturer </span></div>
@ -651,144 +574,45 @@ INNER JOIN course_students_table on course_students_table.Course_ID=courses_tabl
                }
            }
            echo "</div><div class='col-md-6'>
        <form method='get' action='Courses.php'>
            <div class='row'> 
            <div class='col-md-10'> 
            <div class='row'><div class='col-md-6'> Find course by Code
-            <input  type='text' class='form-control' name='search' maxlength='11' placeholder='Enter Course Code'>
+            <input  type='text' class='form-control' name='search' placeholder='Enter Course Code' id='search_field'>
            </div><div class='col-md-6'>
 List courses by faculty
 <select name='faculty' class='form-control'>";
            $result = mysqli_query($con, "SELECT   DISTINCT(Faculty) as Faculty FROM `courses_table`");
            if (mysqli_num_rows($result) == 0) {
            } else {
            echo"<option value=''> Search by faculty </option>";
                while ($row = mysqli_fetch_assoc($result)) {
                    $fname = $row['Faculty'];
-                echo " <option value='$fname'> $fname </option>";
+
-            }}
+                    echo "<option value=''> Search by faculty </option> <option value='$fname'> $fname </option>";
                }
            }
            echo "</select></div></div>
 </div>
                 <div class='col-md-1'> <br>
-            <input type='submit' class='btn btn-primary' value='Find'>
+            <input type='submit' class='btn btn-primary' value='Find' id='find_btn'>
            </div>
        </div>
        </form>
    </div></div>";
        }
            ?>
            <style>
                .form-control {
                    padding-top: 1px;
                    padding-bottom: 1px;
                }
            </style>
--- a/Download.php
+++ b/Download.php
@ -7,11 +7,6 @@ session_start();
 // 修改这一行设置你的文件下载目录
 // IMPORTANT: Do not delete the following conditional test
 if (strpos($_GET['file'], "../") !== false) { // 检查是否有 ../，防止用户构造路径，访问某个他不应该访问的目录
    die("Sorry.  Nothing to download.");
 }
 $file = "./../../lrr_submission".$_GET['file'];
 $filename = basename($file);
@ -25,7 +20,7 @@ $type = filetype($file);
 $today = date("F j, Y, g:i a");
 $time = time();
-if ((isset($_SESSION["user_student_id"]) && strpos($file, $_SESSION["user_student_id"]) > 0) || $_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "TA" ) {
+if ( (isset($_SESSION["user_student_id"]) && strpos($file, $_SESSION["user_student_id"])) || $_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "TA") {
    // 发送文件头部
    header("Content-type: $type");
    header('Content-Disposition: attachment;filename="'.urldecode($filename).'"');
--- a/Header.php
+++ b/Header.php
@ -22,12 +22,6 @@ if (mysqli_connect_errno()) {
  <link href="./css/bootstrap.min.css" rel="stylesheet" type="text/css" />
  <link href="./font-awesome/css/font-awesome.min.css" rel="stylesheet" type="text/css" />
  <link href="./css/bootstrap.min.css" rel="stylesheet" type="text/css" />
  <!-- *this css file can be used across all the websites 
  and any new css class can be added there.
  * The reason is to make the css code reusable.
  * the css file is used by submissions.php
 -->
  <link href = "./css/main.css" rel = "stylesheet" type = "text/css" />
  <script src="./css/jquery.min.js" type="text/javascript"></script>
  <script src="./css/bootsrap.min.js" type="text/javascript"></script>
--- a/NoDirectPhpAcess.php
+++ b/NoDirectPhpAcess.php
@ -2,6 +2,6 @@
    // https://stackoverflow.com/questions/33999475/prevent-direct-url-access-to-php-file
    if (!isset($_SERVER['HTTP_REFERER']) ) {
        /* choose the appropriate page to redirect users */
-        die( header( 'location: logout.php' ) );
+        die( header( 'location: index.php' ) );
    }
 ?>
--- a/README.md
+++ b/README.md
@ -18,17 +18,15 @@ Our mission is to make the experience of submitting assignments great for tens o
 # Installation Instructions
-## Hui steps
+## Hui's steps
 I spent about two hours installing LRR to a bare, remote Ubuntu server (Ubuntu 20.04 LTS).
-LRR needs Apache and MySQL to run.  I followed [How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-20-04) to set up these server applications.  [How to install and configure PHP](https://ubuntu.com/server/docs/programming-php) is also a good guide.
+LRR needs Apache and MySQL to run.  I followed [How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-20-04) to set up these server applications.
-LRR uses a database called `lrr`.  So create this database using MySQL root account.  Open MySQL's prompt using `sudo mysql`.  Create the database using command `CREATE DATABASE lrr;`, and grant all privileges to MySQL user `lrr` using command `GRANT ALL PRIVILEGES ON lrr.* TO 'mnc'@'localhost' WITH GRANT OPTION;`.   If MySQL user mnc does not exist, create it using command `CREATE USER 'mnc'@'localhost' IDENTIFIED BY 'password'`.
+LRR uses a database called `lrr`.  I need to export the existing `lrr` to a plain text file (including many sql commands) and import that text file to the newly created `lrr` database on the new server.
-
+The command for exporting the database is `mysqldump -u mnc -p lrr > lrr_database_dump.txt`.
-To facilitate data migration, I need to export the existing `lrr` to a plain text file (including many sql commands) and import that text file to the newly created `lrr` database on the new server.
+The command for importing is `mysql -u mnc -p lrr < lrr_database_dump.txt`.  Read [How to Import and Export MySQL Databases in Linux](https://phoenixnap.com/kb/import-and-export-mysql-database) for more detail.
 The command for exporting the database is `mysqldump -u mnc -p lrr > lrr_database_dump.txt`, where mnc after -u is MySQL's username, and lrr after -p is the database name.
 The command for importing is `mysql -u mnc -p lrr < lrr_database_dump.txt`.  Read [How to Import and Export MySQL Databases in Linux](https://phoenixnap.com/kb/import-and-export-mysql-database) for more detail. Do not have lrr_database_dump.txt?  You can use lrr_database.sql in this repo instead.
 LRR also needs to store assignment submissions.  We store them in a folder called `../../lrr_submission`.  Note that `lrr_submission` is two levels above the project folder (where many PHP files reside).  I copied this folder from the existing one.  I think it is also OK if you create an empty folder.   
 We need to set a proper owner and accessibility for `lrr_submission` using the following two commands:
@ -51,7 +49,7 @@ Enable the site lrr: `sudo a2ensite lrr`.  Restart the apache server: `sudo syst
 Visit the LRR application by entering this URL in a web browser: http://121.4.94.30/.
-## Enock steps
+## Enock's steps
 Enock, a graduate student here, has made a tutorial about how he deployed LRR to a remote server (http://lanlab.org/course/2021s/spm/PuTTY-Server.txt).
@ -173,49 +171,49 @@ We can also communicate through pull requests.  You make a pull request, I revie
 GitHub Account - Full Name - Student number
-CODEwithZAKI - Omar Mohamud Mohamed - 2020041
+CODEwithZAKI - Omar Mohamud Mohamed - 202025800041
-BloudYoussef - Khayat Youssef - 2020042 
+BloudYoussef - Khayat Youssef - 202025800042 
-TanakaMichelle - Tanaka Michelle Sandati - 2017134
+TanakaMichelle - Tanaka Michelle Sandati - 201732120134
-WhyteAsamoah  - Yeboah Martha Asamoah   - 2017135
+WhyteAsamoah  - Yeboah Martha Asamoah   - 201732120135
-xiaoyusoil - ZhengXiaoyu - 2017110
+xiaoyusoil - ZhengXiaoyu - 201732120110
-Benny123-cell - ZhangBin - 2017127
+Benny123-cell - ZhangBin - 201732120127
-421281726 - LiJiaxing - 2017118
+421281726 - LiJiaxing - 201732120118
-zhenghongyu-david - ZhengHongyu - 2017128
+zhenghongyu-david - ZhengHongyu - 201732120128
-wkytz - YeHantao - 2017125
+wkytz - YeHantao - 201732120125
-zego000 - GaoZeng - 2017117
+zego000 - GaoZeng - 201732120117
-Richard1427 - XieJiacong - 2017123
+Richard1427 - XieJiacong - 201732120123
-yutengYing - YingYuteng - 2017126
+yutengYing - YingYuteng - 201732120126
-Samrusike  - Samantha Rusike  - 2016140
+Samrusike  - Samantha Rusike  - 201632120140
 *enockkays* <enockkhondowe94@yahoo.com>
-*Teecloudy*  - Ashly Tafadzwa Dhani - 201150
+*Teecloudy*  - Ashly Tafadzwa Dhani - 201632120150
-GuedaliaBonheurSPM - Guedalia Youma - 2019221
+GuedaliaBonheurSPM - Guedalia Youma - 201925800221
-ACorneille - Alimasi Corneille - 2019168
+ACorneille - Alimasi Corneille - 201925800168
-Tabithakipanga - Kipanga Dorcas - 2019170
+Tabithakipanga - Kipanga Dorcas - 201925800170
-Mary-AK  - Mary Akussah Doe - 2019173
+Mary-AK  - Mary Akussah Doe - 201925800173
-pkkumson  - Kumson Princewill Kum - 2019166
+pkkumson  - Kumson Princewill Kum - 201925800166
-Twizere  -  Twizere Pacifique  -  2019174
+Twizere  -  Twizere Pacifique  -  201925800174
-Nicole-Rutagengwa  - Nicole Rutagengwa  - 2019169
+Nicole-Rutagengwa  - Nicole Rutagengwa  - 201925800169
 *hema-001* - Ibrahim Mohamed Ibrahim Ismail - omitted
--- a/Reset_password.php
+++ b/Reset_password.php
@ -8,8 +8,8 @@
 include 'Header.php';
-$token = htmlspecialchars($_GET['token']);
+$token=$_GET['token'];
-$email = htmlspecialchars($_GET['email']);
+$email=$_GET['email'];
 ?>
 <div class="row">
--- a/Script.php
+++ b/Script.php
@ -35,6 +35,7 @@ function is_valid_student_number($student_id)
 // ############################### SIGN UP ##################################
 if (!empty($_POST["form_signup"])) {
    $student_id = trim(mysqli_real_escape_string($con, $_POST["user_student_id"]));
    // validate student number
@ -52,7 +53,6 @@ if (!empty($_POST["form_signup"])) {
        return;
    }
    // Check if the student number isn't already registered
    $student_result = mysqli_query($con, "SELECT * FROM `users_table` WHERE Student_ID='$student_id'");
@ -98,14 +98,15 @@ if (!empty($_POST["form_signup"])) {
    // check for strong password
    if (!$containsAll) {
-        $_SESSION['info_signup'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and special characters (e.g., !?.,*^).";
+        $_SESSION['info_signup'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and sepcial characters (e.g., !?.,*^).";
        header("Location: signup.php");
        return;
    }
    // check if email is taken
    $result = mysqli_query($con, "SELECT * FROM users_table WHERE email='$email'");
-    if (mysqli_num_rows($result) != 0) {
+    if(mysqli_num_rows($result) != 0)
    {
        $_SESSION["info_signup"]="Email address ".$email."  is already in use.";
        $_SESSION['user_fullname'] = null;
        header("Location: signup.php");
@ -146,7 +147,7 @@ if (!empty($_POST["frm_login"])) {
    $password = mysqli_real_escape_string($con, $_POST["password"]);
    $result = mysqli_query($con, "SELECT * FROM users_table WHERE (Student_ID='$user') OR (Email='$user')");
    if (mysqli_num_rows($result) == 0) {
-        $_SESSION["info_login"] = "Invalid user name information.";
+        $_SESSION["info_login"] = "Inavlid user name information.";
        echo $_SESSION["info_login"];
        header("Location: index.php");
    } else {
@ -195,6 +196,7 @@ if (!empty($_POST["frm_recover_password"])) {
    // validate student number
    if (strlen($student_id) != 12  || is_numeric($student_id) == FALSE) {
        $_SESSION["info_recover_password"] = "Invalid student number.";
        #echo "Invalid student number.";
        header("Location: recover_password.php");
        return;
    }
@ -246,7 +248,7 @@ if (!empty($_POST["frm_reset_password"])) {
                // Password Update
                $hashed_password = hash('sha512', $password);
-                $sql = "UPDATE users_table set HashPassword='$hashed_password' where User_ID='$userid';";
+                $sql = "UPDATE users_table set HashPassword='$hashed_password' where User_ID=$userid;";
                if ($con->query($sql) === TRUE) {
                    error_reporting(0);
@ -268,22 +270,20 @@ if (!empty($_POST["frm_createlecturrer"])) {
    $email = mysqli_real_escape_string($con, $_POST["email"]);
    $fullname = mysqli_real_escape_string($con, $_POST["fullname"]);
    $type = mysqli_real_escape_string($con, $_POST["type"]);
-    $password = mysqli_real_escape_string($con, $_POST["passport"]);
+    $password = $passport;
    // check if email is taken
-    $result = mysqli_query(
+    $result = mysqli_query($con,
-        $con,
+                           "SELECT * FROM Users_Table WHERE email='$email'");
-        "SELECT * FROM Users_Table WHERE email='$email'"
+    if(mysqli_num_rows($result)!=0)
-    );
+    {
    if (mysqli_num_rows($result) != 0) {
        $_SESSION["info_Admin_Users"]="Email address : ".$email." is already in use.";
        header("Location: Admin.php");        
    }
    $password_hash = password_hash("$password", PASSWORD_DEFAULT);
    $sql= "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`) VALUES "
-        . "('$email','$password_hash','$fullname','$type')";
+        . "('$email','$password','$fullname','$type')";
    if ($con->query($sql) === TRUE) {
-        $_SESSION["info_Admin_Users"] = $type . " user created successfully. Use email " . $email . " as account name and $password as password.";
+        $_SESSION["info_Admin_Users"] = $type . " user Created successfully : email " . $email . " and $password as Password.";
        header("Location: Admin.php");
    } else {
        echo "Error: " . $sql . "<br>" . $con->error;
@ -300,7 +300,7 @@ function is_valid_file_format($file)
        'cvc', 'c', 'class', 'cpp', 'h', 'java', 'sh', 'swift', 'zip', 'rar', 'ods', 'xlr', 'bak', 'ico', 'swf'
    );
-    $filename = $_FILES[$file]['name'];
+    utf8_encode($filename = $_FILES[$file]['name']);
    $ext = pathinfo($filename, PATHINFO_EXTENSION);
    $result = in_array($ext, $allowed);
    return $result;
@ -430,7 +430,7 @@ if (!empty($_POST["frm_uploadlab"])) {
    $sql = "INSERT INTO `lab_reports_table`(`Course_ID`, `Posted_Date`, `Deadline`, `Instructions`,
                     `Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`,Marks,Type) 
-                     VALUES ('$course_id','$date','$deadline','$instructions','$title','$targetfile','$targetfile2','$targetfile3','$targetfile3','$marks','$type')";
+                     VALUES ('$course_id','$date','$deadline','$instructions','$title','$targetfile','$targetfile2','$targetfile3','$targetfile3',$marks,'$type')";
    if ($con->query($sql) === TRUE) {
@ -452,8 +452,10 @@ function checksize($file)
 }
 // ############################### Submit Assignment ##################################
 if (!empty($_POST["frm_submitlab"])) {
    /* Posting values to database */
    $lab_id = mysqli_real_escape_string($con, $_POST["lab_id"]);
    $student_id = $_POST["student_id"];
    $group_id = $_POST["group_id"];
@ -467,7 +469,7 @@ if (!empty($_POST["frm_submitlab"])) {
    $date = date("Y-m-d H:i:s");
    // GET UPLOADED FILES
-    $labName = mysqli_query($con, "SELECT * FROM `lab_reports_table` WHERE Lab_Report_ID='$lab_id'");
+    $labName = mysqli_query($con, "SELECT * FROM `lab_reports_table` WHERE Lab_Report_ID=$lab_id");
    while ($row = mysqli_fetch_assoc($labName)) {
        $lab_name = $row['Title'];
        $_SESSION['Sub_Type'] = $row['Type']; // submission type, either Individual or Group
@ -550,19 +552,19 @@ if (!empty($_POST["frm_submitlab"])) {
    $targetfile4 = "";
    if (strlen($_FILES['attachment1']['name']) > 2) { // why greater than 2???
-        $targetfile = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment1']['name']);
+        $targetfile = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . $_FILES['attachment1']['name'];
    }
    if (strlen($_FILES['attachment2']['name']) > 2) {
-        $targetfile2 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment2']['name']);
+        $targetfile2 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . $_FILES['attachment2']['name'];
    }
    if (strlen($_FILES['attachment3']['name']) > 2) {
-        $targetfile3 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment3']['name']);
+        $targetfile3 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . $_FILES['attachment3']['name'];
    }
    if (strlen($_FILES['attachment4']['name']) > 2) {
-        $targetfile4 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment4']['name']);
+        $targetfile4 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . $_FILES['attachment4']['name'];
    }
    // When $group_id is not properly initialized, use integer 0 as its value.
@ -571,13 +573,13 @@ if (!empty($_POST["frm_submitlab"])) {
        $group_id = 0; // FIXME
    }
-    $sql1 = "DELETE FROM lab_report_submissions where Lab_Report_ID='$lab_id' and Student_id='$student_id' and Course_Group_id='$group_id'";
+    $sql1 = "DELETE FROM lab_report_submissions where Lab_Report_ID=$lab_id and Student_id=$student_id and Course_Group_id=$group_id";
    if ($con->query($sql1) === TRUE) {
    }
    $sql = "INSERT INTO `lab_report_submissions`(`Submission_Date`, `Lab_Report_ID`, `Student_id`,"
        . " `Course_Group_id`, `Attachment1`, `Notes`, `Attachment2`, `Attachment3`, `Attachment4`, `Status`, `Title`,`Remarking_Reason`)"
-        . " VALUES ('$date','$lab_id','$student_id','$group_id','$targetfile','$instructions','$targetfile2','$targetfile3','$targetfile4',"
+        . " VALUES ('$date',$lab_id,$student_id,$group_id,'$targetfile','$instructions','$targetfile2','$targetfile3','$targetfile4',"
        . "'Pending','$title','')";
    if ($con->query($sql) === TRUE) {
@ -595,9 +597,9 @@ if (!empty($_POST["frm_submitlab"])) {
 // JOIN COURSE
 if (!empty($_GET["JoinCourse"])) {
-    $id = mysqli_real_escape_string($con, $_GET["id"]);
+    $id = $_GET["id"];
-    $student_id = mysqli_real_escape_string($con, $_GET["std"]);
+    $student_id = $_GET["std"];
-    $joining = mysqli_real_escape_string($con, $_GET["joining"]);
+    $joining = $_GET["joining"];
    $status = "Pending";
    if ($joining == 0) {
@ -624,12 +626,12 @@ if (!empty($_GET["JoinCourse"])) {
 if (!empty($_GET["savemarks"])) {
-    $id = mysqli_real_escape_string($con, $_GET["id"]);
+    $id = $_GET["id"];
-    $marks = mysqli_real_escape_string($con, $_GET["marks"]);
+    $marks = $_GET["marks"];
-    $total = mysqli_real_escape_string($con, $_GET["total"]);
+    $total = $_GET["total"];
-    $feedback = mysqli_real_escape_string($con, $_GET["feedback"]);
+    $feedback = $_GET["feedback"];
-    $header = mysqli_real_escape_string($con, $_GET["header"]);
+    $header = $_GET["header"];
-    $labid = mysqli_real_escape_string($con, $_GET["labid"]);
+    $labid = $_GET["labid"];
    $status = "Marked";
    if ($marks > $total) {
@ -658,14 +660,14 @@ if (!empty($_GET["savemarks"])) {
 #Update Report Visibility  
 if (!empty($_GET["updatevisibility"])) {
-    $id = mysqli_real_escape_string($con, $_GET["id"]);
+    $id = $_GET["id"];
-    $marks = mysqli_real_escape_string($con, $_GET["marks"]);
+    $marks = $_GET["marks"];
-    $total = mysqli_real_escape_string($con, $_GET["total"]);
+    $total = $_GET["total"];
-    $status = mysqli_real_escape_string($con, $_GET["status"]);
+    $status = $_GET["status"];
-    $header = mysqli_real_escape_string($con, $_GET["header"]);
+    $header = $_GET["header"];
-    $labid = mysqli_real_escape_string($con, $_GET["labid"]);
+    $labid = $_GET["labid"];
-    $sql = "UPDATE `lab_report_submissions` SET `Visibility`='$status' WHERE Submission_ID='$id'
+    $sql = "UPDATE `lab_report_submissions` SET `Visibility`='$status' WHERE Submission_ID=$id
              ";
    if ($con->query($sql) === TRUE) {
@ -681,18 +683,18 @@ if (!empty($_GET["updatevisibility"])) {
 if (!empty($_GET["remarking"])) {
-    $id = htmlspecialchars(mysqli_real_escape_string($con, $_GET["id"]));
+    $id = $_GET["id"];
-    $url = htmlspecialchars(mysqli_real_escape_string($con, $_GET["url"]));
+    $url = $_GET["url"];
-    $status = htmlspecialchars(mysqli_real_escape_string($con, $_GET["status"]));
+    $status = $_GET["status"];
-    $details = htmlspecialchars(mysqli_real_escape_string($con, $_GET["details"]));
+    $details = $_GET["details"];
-    $sql = "UPDATE `lab_report_submissions` SET `Status`='Remarking',Remarking_Reason='$details' WHERE Submission_ID='$id'
+    $sql = "UPDATE `lab_report_submissions` SET `Status`='Remarking',Remarking_Reason='$details' WHERE Submission_ID=$id
              ";
    if ($con->query($sql) === TRUE) {
-        $_SESSION["info_general"] = "Remarking Request Sent";
+        $_SESSION["info_ReMarking"] = "Remarking Request Sent";
        header("Location: Course.php?url=" . $url);
    } else {
        echo "Error: " . $sql . "<br>" . $con->error;
@ -703,13 +705,13 @@ if (!empty($_GET["remarking"])) {
 if (!empty($_GET["creategroup"])) {
-    $student_id = mysqli_real_escape_string($con, $_GET["student_id"]);
+    $student_id = $_GET["student_id"];
-    $url = mysqli_real_escape_string($con, $_GET["url"]);
+    $url = $_GET["url"];
-    $id = mysqli_real_escape_string($con, $_GET["id"]);
+    $id = $_GET["id"];
-    $name = mysqli_real_escape_string($con, $_GET["name"]);
+    $name = $_GET["name"];
    $sql = "INSERT INTO `course_groups_table`(`Group_Name`, 
-                  `Group_Leader`, `Course_id`) VALUES ('$name','$student_id','$id')";
+                  `Group_Leader`, `Course_id`) VALUES ('$name',$student_id,$id)";
    if ($con->query($sql) === TRUE) {
@ -719,9 +721,9 @@ if (!empty($_GET["creategroup"])) {
        }
        $sql = "INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`) 
-                          VALUES ('$gid','$student_id','Created')";
+                          VALUES ($gid,$student_id,'Created')";
        if ($con->query($sql) === TRUE) {
-            $_SESSION["info_general"] = "Course group Created";
+            $_SESSION["info_ReMarking"] = "Course group Created";
            header("Location: Course.php?url=" . $url);
        } else {
            echo "Error: " . $sql . "<br>" . $con->error;
@ -735,25 +737,18 @@ if (!empty($_GET["creategroup"])) {
 if (!empty($_GET["groupinvite"])) {
-    $student_id = mysqli_real_escape_string($con, $_GET["student_id"]);
+    $student_id = $_GET["student_id"];
-    $url = mysqli_real_escape_string($con, $_GET["url"]);
+    $url = $_GET["url"];
-    $courseid = mysqli_real_escape_string($con, $_GET["courseid"]);
+    $courseid = $_GET["courseid"];
-    $groupid = mysqli_real_escape_string($con, $_GET["groupid"]);
+    $groupid = $_GET["groupid"];
    $student = mysqli_query($con, "SELECT * FROM students_data WHERE Student_ID = '$student_id'  ");
    if (mysqli_num_rows($student) > 0) {
    $result = mysqli_query($con, "SELECT * FROM course_group_members_table where Course_Group_id = '$groupid' and Student_ID = '$student_id'");
    if (mysqli_num_rows($result) > 0) {
-            $_SESSION["info_general"] = $student_id . " has already been invited.";
+        $_SESSION["info_ReMarking"] = $student_id . " has already been invited";
        header("Location: Course.php?url=" . $url);
    } else {
        $sql = "INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`)
-                        VALUES ('$groupid','$student_id','Invited')";
+                      VALUES ($groupid,$student_id,'Invited')";
        }
    } else {
        $_SESSION["info_general"] = $student_id . " is an invalid student number.";
        header("Location: Course.php?url=" . $url);
    }
    if ($con->query($sql) === TRUE) {
@ -771,26 +766,26 @@ if (!empty($_GET["groupinvite"])) {
            if ($Group_Member == '0') {
                mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'");
-                $_SESSION["info_general"] = $student_id . " was invited to the group.";
+                $_SESSION["info_ReMarking"] = $student_id . " was invited to the group";
                header("Location: Course.php?url=" . $url);
            } elseif ($Group_Member2 == '0') {
                mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member2` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'");
-                $_SESSION["info_general"] = $student_id . " was invited to the group.";
+                $_SESSION["info_ReMarking"] = $student_id . " was invited to the group";
                header("Location: Course.php?url=" . $url);
            } elseif ($Group_Member3 == '0') {
                mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member3` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'");
-                $_SESSION["info_general"] = $student_id . " was invited to the group.";
+                $_SESSION["info_ReMarking"] = $student_id . " was invited to the group";
                header("Location: Course.php?url=" . $url);
            } elseif ($Group_Member4 == '0') {
                mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member4` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'");
-                $_SESSION["info_general"] = $student_id . " was invited to the group.";
+                $_SESSION["info_ReMarking"] = $student_id . " was invited to the group";
                header("Location: Course.php?url=" . $url);
            } else {
-                $_SESSION["info_general"] = " You cannot add any more members";
+                $_SESSION["info_ReMarking"] = " You cant add any more members";
                header("Location: Course.php?url=" . $url);
            }
        }
-        $_SESSION["info_general"] = $student_id . " was invited to the group.";
+        $_SESSION["info_ReMarking"] = $student_id . " was invited to the group";
        header("Location: Course.php?url=" . $url);
    } else {
        echo "Error: " . $sql . "<br>" . $con->error;
@ -801,57 +796,21 @@ if (!empty($_GET["groupinvite"])) {
 if (!empty($_GET["acceptinvite"])) {
-    $student_id = mysqli_real_escape_string($con, $_GET["student_id"]);
+    $student_id = $_GET["student_id"];
-    $url = mysqli_real_escape_string($con, $_GET["url"]);
+    $url = $_GET["url"];
-    $action = mysqli_real_escape_string($con, $_GET["action"]);
+    $action = $_GET["action"];
-    $groupid = mysqli_real_escape_string($con, $_GET["groupid"]);
+    $groupid = $_GET["groupid"];
    if ($action == 1) {
-        $sql = "Update  `course_group_members_table` set Status='Joined' where  Course_Group_id ='$groupid' and student_id='$student_id' 
+        $sql = "Update  `course_group_members_table` set Status='Joined' where  Course_Group_id =$groupid and student_id=$student_id 
                         ";
    } else {
-        $sql = "Delete from  `course_group_members_table`  where  Course_Group_id ='$groupid' and student_id='$student_id' 
+        $sql = "Delete from  `course_group_members_table`  where  Course_Group_id =$groupid and student_id=$student_id 
                         ";
    }
    if ($con->query($sql) === TRUE) {
-        $_SESSION["info_general"] = " Group Invite Updated";
+        $_SESSION["info_ReMarking"] = " Group Invite Updated";
        header("Location: Course.php?url=" . $url);
    } else {
        echo "Error: " . $sql . "<br>" . $con->error;
    }
 }
 #Remove a member from group
 if (!empty($_GET["removemember"])) {
    $student_id = mysqli_real_escape_string($con, $_GET["student_id"]);
    $group_id = mysqli_real_escape_string($con, $_GET["group_id"]);
    $url = mysqli_real_escape_string($con, $_GET["url"]);
    $sql = "Delete from  `course_group_members_table`  where  student_id=$student_id and Course_Group_id=$group_id";
    if ($con->query($sql) === TRUE) {
        $_SESSION["info_general"] = " Member " . $student_id . " removed from the group";
        header("Location: Course.php?url=" . $url);
    } else {
        echo "Error: " . $sql . "<br>" . $con->error;
    }
 }
 #Delete a whole group
 if (!empty($_GET["deletegroup"])) {
    $group_id = mysqli_real_escape_string($con, $_GET["group_id"]);
    $url = mysqli_real_escape_string($con, $_GET["url"]);
    $sql1 = "Delete from  `course_group_members_table`  where  Course_Group_id=$group_id";
    $sql2 = "Delete from `course_groups_table` where Course_Group_id=$group_id";
    if ($con->query($sql1) === TRUE && $con->query($sql2) === TRUE) {
        $_SESSION["info_general"] = " Group has been deleted successfully. ";
        header("Location: Course.php?url=" . $url);
    } else {
        echo "Error: " . $sql . "<br>" . $con->error;
@ -862,22 +821,22 @@ if (!empty($_GET["deletegroup"])) {
 if (!empty($_GET["extenddeadline"])) {
-    $id = mysqli_real_escape_string($con, $_GET["id"]);
+    $id = $_GET["id"];
-    $date = mysqli_real_escape_string($con, $_GET["date"]);
+    $date = $_GET["date"];
-    $time = mysqli_real_escape_string($con, $_GET["time"]);
+    $time = $_GET["time"];
-    $type = mysqli_real_escape_string($con, $_GET["type"]);
+    $type = $_GET["type"];
-    $stdid = mysqli_real_escape_string($con, $_GET["stdid"]);
+    $stdid = $_GET["stdid"];
-    $reason = mysqli_real_escape_string($con, $_GET["reason"]);
+    $reason = $_GET["reason"];
-    $url = mysqli_real_escape_string($con, $_GET["url"]);
+    $url = $_GET["url"];
    $deadline = $date . " " . $time;
    if ($type == 1) {
-        $sql = "UPDATE `lab_reports_table` SET  `Deadline`='$deadline'  WHERE Lab_Report_ID='$id'";
+        $sql = "UPDATE `lab_reports_table` SET  `Deadline`='$deadline'  WHERE Lab_Report_ID=$id";
    } else {
        $sql = "INSERT INTO `extended_deadlines_table`(`Student_ID`, "
            . "`Lab_Report_ID`, `Extended_Deadline_Date`,"
-            . " `ReasonsForExtension`) VALUES ('$stdid','$id','$deadline','$reason')";
+            . " `ReasonsForExtension`) VALUES ($stdid,$id,'$deadline','$reason')";
    }
    if ($con->query($sql) === TRUE) {
@ -893,13 +852,13 @@ if (!empty($_GET["extenddeadline"])) {
 if (!empty($_GET["ignoreremarking"])) {
-    $id = mysqli_real_escape_string($con, $_GET["id"]);
+    $id = $_GET["id"];
-    $total = mysqli_real_escape_string($con, $_GET["total"]);
+    $total = $_GET["total"];
-    $header = mysqli_real_escape_string($con, $_GET["header"]);
+    $header = $_GET["header"];
-    $subid = mysqli_real_escape_string($con, $_GET["subid"]);
+    $subid = $_GET["subid"];
-    $sql = "UPDATE lab_report_submissions SET Status='Marked' WHERE Submission_ID='$subid'";
+    $sql = "UPDATE lab_report_submissions SET Status='Marked' WHERE Submission_ID=$subid";
    if ($con->query($sql) === TRUE) {
@ -914,10 +873,10 @@ if (!empty($_GET["ignoreremarking"])) {
 if (!empty($_GET["assignTA"])) {
-    $id = mysqli_real_escape_string($con, $_GET["id"]);
+    $id = $_GET["id"];
-    $ta = mysqli_real_escape_string($con, $_GET["ta"]);
+    $ta = $_GET["ta"];
-    $sql = "INSERT INTO `course_ta`(`Course_ID`, `TA`) VALUES ('$id','$ta')";
+    $sql = "INSERT INTO `course_ta`(`Course_ID`, `TA`) VALUES ($id,$ta)";
    if ($con->query($sql) === TRUE) {
@ -932,13 +891,13 @@ if (!empty($_GET["assignTA"])) {
 if (!empty($_GET["AcceptStudent"])) {
-    $id = mysqli_real_escape_string($con, $_GET["id"]);
+    $id = $_GET["id"];
-    $rs = mysqli_real_escape_string($con, $_GET["rs"]);
+    $rs = $_GET["rs"];
    if ($rs == "yes") {
-        $sql = "Update  course_students_table set Status='Joined' Where ID='$id'";
+        $sql = "Update  course_students_table set Status='Joined' Where ID=$id";
    } else {
-        $sql = "Delete FROM  course_students_table Where ID='$id'";
+        $sql = "Delete FROM  course_students_table Where ID=$id";
    }
    if ($con->query($sql) === TRUE) {
@ -960,12 +919,12 @@ if (!empty($_GET["AcceptStudent"])) {
 if (!empty($_GET["action"])) {
    $action = $_GET["action"];
-    $uid = mysqli_real_escape_string($con, $_GET["uid"]);
+    $uid = $_GET["uid"];
-    $pass = mysqli_real_escape_string($con, $_GET["pass"]);
+    $pass = $_GET["pass"];
    $pass = password_hash($pass, PASSWORD_DEFAULT);
-    $status = mysqli_real_escape_string($con, $_GET["status"]);
+    $status = $_GET["status"];
    // validate uid
    if (intval($uid) < 0) {
@ -973,8 +932,8 @@ if (!empty($_GET["action"])) {
        return;
    }
-    if ($action == "passchange"  && $_SESSION['user_id'] == $uid) {
+    if ($action == "passchange") {
-        $sql = "UPDATE users_table set Password='$pass' where User_ID='$uid';";
+        $sql = "UPDATE users_table set Password='$pass' where User_ID=$uid;";
        if ($con->query($sql) === TRUE) {
            error_reporting(0);
            echo "Password has been changed";
@ -987,8 +946,8 @@ if (!empty($_GET["action"])) {
        }
    }
-    if ($action == "statuschange" && $_SESSION['user_id'] == $uid && ($_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "Admin")) {
+    if ($action == "statuschange") {
-        $sql = "UPDATE users_table set Status='$status' where User_ID='$uid';";
+        $sql = "UPDATE users_table set Status='$status' where User_ID=$uid;";
        if ($con->query($sql) === TRUE) {
            $_SESSION["info_Admin_Users"] = $type . " user  Status updated successfully ";
            header("Location: Admin.php");
@ -1048,8 +1007,8 @@ if (!empty($_POST["frm_createCourse"])) {
 if (!empty($_GET["exportgrade"])) {
-    $lab = mysqli_real_escape_string($con, $_GET["lab"]);
+    $lab = $_GET["lab"];
-    $lab_name = mysqli_real_escape_string($con, $_GET["lab_name"]);
+    $lab_name = $_GET["lab_name"];
    error_reporting(0);
@ -1061,7 +1020,7 @@ INNER JOIN lab_reports_table on lab_reports_table.Lab_Report_ID=lab_report_submi
 INNER JOIN users_table on users_table.Student_ID=lab_report_submissions.Student_id
-WHERE lab_report_submissions.Lab_Report_ID='$lab'";
+WHERE lab_report_submissions.Lab_Report_ID=$lab";
    $export  = mysqli_query($con, $select);
@ -1091,7 +1050,7 @@ WHERE lab_report_submissions.Lab_Report_ID='$lab'";
    }
    header("Content-type: application/octet-stream");
-    header("Content-Disposition: attachment; filename=$lab_name Grade Sheet.xls");
+    header("Content-Disposition: attachment; filename=$lab_name Garde Sheet.xls");
    header("Pragma: no-cache");
    header("Expires: 0");
    print "$header\n$data";
--- a/Student.php
+++ b/Student.php
@ -9,7 +9,7 @@ include 'Header.php';
 <div class="row" style="width:80%;margin:auto;">
    <div class="col-md-6">
-        <h1> Student Account Created. Now you can Browse Course Portals </h1>
+        <h1> STUEDNT Account Created , Now you can Browse Course Portals </h1>
    </div>
 </div>
--- a/Submissions.php
+++ b/Submissions.php
@ -10,7 +10,7 @@ $group_id = $_SESSION["user_group_id"];
 $c_date = date("Y-m-d H:i");
 if (!empty($_GET["id"])) {
-    $id = mysqli_real_escape_string($con, $_GET["id"]);
+    $id = $_GET["id"];
    $course_id = $id;
 }
@ -139,6 +139,7 @@ where Lab_Report_ID=$id and lab_report_submissions.Status='Pending' order by Sub
                    if (mysqli_num_rows($result1) == 0) {
                        echo "No Un-Marked Submissions for this Lab Report.";
                    } else {
                        $mark_submission_btn_counter = 0;
                        while ($row = mysqli_fetch_assoc($result1)) {
                            $title = $row['Title'];
                            $Marks = $row['Marks'];
@ -157,6 +158,7 @@ where Lab_Report_ID=$id and lab_report_submissions.Status='Pending' order by Sub
                            $groupname = $row['Group_Name'];
                            $groupleader = $row['Group_Leader'];
                            $student_id = $row['sub_std'];
                            $mark_submission_btn_counter += 1;
                            if ($submitted_group == 0) {
                                $submitted_by = $student_name . "(" . $student_id . ")";
@ -183,8 +185,8 @@ where Lab_Report_ID=$id and lab_report_submissions.Status='Pending' order by Sub
                            }
                            echo "   <k href='#'>   <div class='btn btn-default break-word' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'>
-  $title  <br> by: <b> <span class = 'text-selectable'>$submitted_by </span> </b>
+  $title  <br> by: <b> $submitted_by </b>
-   <br> <span style='font-size:8pt'>Submitted : $posted   <button class='btn-sm btn-info' style='margin-left:50px;' onclick='mark($Submission_ID,\"$title\",$total)'>  Mark Submission</button><br> Attachments : $full_link </span>  
+   <br> <span style='font-size:8pt'>Submitted : $posted   <button class='btn-sm btn-info' style='margin-left:50px;' onclick='mark($Submission_ID,\"$title\",$total)' id='mark_submission_btn_$mark_submission_btn_counter'>  Mark Submission</button><br> Attachments : $full_link </span>  
 </div></k>";
                        }
                    }
@ -262,13 +264,8 @@ where Lab_Report_ID=$id and lab_report_submissions.Status='Marked'  Order by lab
                            if ($att4 != "") {
                                $full_link = $full_link . "| <a href='~\..\Lab_Report_Submisions\\$att4'>$att4</a>";
                            }
                            // you will notice why i used span here to wrap the $submitted_by variable
                            // because if we wrap with span , the css class text-selectable can be used only by the submittedBy variable
                            // if you want to use text-selectable class on whole div, just call the css class
                            echo "   <k href='#'>   <div class='btn btn-default break-word' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'>
-  $title  <br> by : <b> <span class = 'text-selectable'>$submitted_by </span> &nbsp; &nbsp;&nbsp;&nbsp;&nbsp; [ Marked $Marks ] </b>  &nbsp; Visibility : <b>$Visibility </b>  <button class='btn-sm btn-success' style='margin-left:50px;' onclick='updatev($Submission_ID)'>Update visibility</button> 
+  $title  <br> by : <b> $submitted_by  &nbsp; &nbsp;&nbsp;&nbsp;&nbsp; [ Marked $Marks ] </b>  &nbsp; Visibility : <b>$Visibility </b>  <button class='btn-sm btn-success' style='margin-left:50px;' onclick='updatev($Submission_ID)'>Update visibility</button> 
   <hr> Lecturer/TA notes : $notes<br> <span style='font-size:8pt'>Submitted : $posted        <b>  </b> <button class='btn-sm btn-info' style='margin-left:50px;' onclick='mark($Submission_ID,\"$title\",$total)'>  Re-Mark Submission</button><br> Attachments : $full_link </span>  
 </div></k>";
                        }
@ -347,7 +344,7 @@ where Lab_Report_ID=$id and lab_report_submissions.Status='Remarking'");
                                $full_link = $full_link . "| <a href='~\..\Lab_Report_Submisions\\$att4'>$att4</a>";
                            }
                            echo "   <k href='#'>   <div class='btn btn-default break-word' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'>
-  $title  <br> by : <b> <span class = 'text-selectable'>$submitted_by </span>  &nbsp; &nbsp;&nbsp;&nbsp;&nbsp; [ Marked $Marks ] </b> <br> Remarking Reason : <b>$remarking_reason </b>
+  $title  <br> by : <b> $submitted_by  &nbsp; &nbsp;&nbsp;&nbsp;&nbsp; [ Marked $Marks ] </b> <br> Remarking Reason : <b>$remarking_reason </b>
   <hr> <span style='font-size:8pt'>Submitted : $posted        <b>  </b> "
                                . "<button class='btn-sm btn-info' style='margin-left:50px;' onclick='mark($Submission_ID,\"$title\",$total)'>  Re-Mark Submission</button>"
                                . " &nbsp; &nbsp;&nbsp;&nbsp;<a href='~\..\Script.php?ignoreremarking=yes&id=$id&subid=$Submission_ID&header=$header&total=$total&status=Marked' class='btn-sm btn-warning'>  Ignore Request </a>"
@ -424,8 +421,8 @@ where course_group_members_table.Course_Group_id=$id");
        try {
            $('<form id="submit-form" method="get" action="Script.php">' + title + '(' + marks + ' marks) <input type="hidden" name="savemarks" value="true">\n\
- <input type="hidden" name="total" value="' + marks + '" > <input type="hidden" name="id" value="' + id + '" ><br> Marks <input type="text" name="marks">\n\
+ <input type="hidden" name="total" value="' + marks + '" > <input type="hidden" name="id" value="' + id + '" ><br> Marks <input type="text" name="marks" id="marks">\n\
- Comments <textarea name="feedback"></textarea>  \n\
+ Comments <textarea name="feedback" id="feedback"></textarea>  \n\
 <input type="hidden" name="labid" value="<?php echo $course_id; ?>"> <input type="hidden" name="header" value="<?php echo $header; ?>">  </form>').dialog({
                modal: true,
                title: 'Mark Submission',
--- a/SubmitLab.php
+++ b/SubmitLab.php
@ -9,22 +9,18 @@ include 'Header.php';
 <div class='row' style='width:80%;margin:auto;'>
    <?php
    $c_date =  date("Y-m-d H:i");
    $student_id = $_SESSION["user_student_id"];
-if(!empty($_GET["id"]))
+    if (!empty($_GET["id"])) {
-{
+        $id = $_GET["id"];
-    $id = mysqli_real_escape_string($con, $_GET["id"]);
+        $url = $_GET["url"];
    $url = mysqli_real_escape_string($con, $_GET["url"]);
        $result1 = mysqli_query($con, " SELECT `Type`, `Lab_Report_ID`, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, `Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4` FROM `lab_reports_table` WHERE Lab_Report_ID=$id  and Deadline > '$c_date'  ORDER by Lab_Report_ID DESC");
-    if(mysqli_num_rows($result1) == 0)
+        if (mysqli_num_rows($result1) == 0) {
    {
            echo "No active assignments for this course so far.";
        } else {
            while ($row = mysqli_fetch_assoc($result1)) {
@ -48,14 +44,12 @@ if(!empty($_GET["id"]))
                        $_SESSION["Group_ID"] = $row['Course_Group_id'];
                    }
-                if($_SESSION["Group_ID"] < 1) 
+                    if ($_SESSION["Group_ID"] < 1) {
                {
                        echo " <center><h3> This Lab report can only be submitted by Group Admin  </h3> </center> ";
                        return;
                    }
                }
                $full_link = "<a href='~\..\Lab_Report_Assignments\\$att1'>$att1</a>";
                if ($att2 != "") {
@ -86,9 +80,6 @@ $Group_ID = $_SESSION["Group_ID"];
 </div>
 <div style="width:80%;margin:auto;">
    <h3> Submit Lab Report Assignment </h3>
@ -97,8 +88,7 @@ $Group_ID = $_SESSION["Group_ID"];
        <div class="col-md-6">
-
+            <form method='post' enctype='multipart/form-data' action='Script.php' id="submit_lab_report_form">
         <form method='post' enctype='multipart/form-data' action='Script.php'>
                <input type='hidden' name='frm_submitlab' value='true' required='' />
                <input type='hidden' name='lab_id' value='<?php echo $id; ?>' required='' />
                <input type='hidden' name='student_id' value='<?php echo $student_id; ?>' required='' />
@ -106,10 +96,10 @@ $Group_ID = $_SESSION["Group_ID"];
                <input type='hidden' name='url' value='<?php echo $url; ?>' required='' />
                Title
-         <input type='text'  name='title' placeholder='Ttle' class='form-control' required=''>
+                <input type='text' name='title' placeholder='Ttle' class='form-control' required='' id="title">
                Attachment 1
-         <input type='file'  name='attachment1' placeholder='Attachment 1' class='form-control' required=''>
+                <input type='file' name='attachment1' placeholder='Attachment 1' class='form-control' required='' id="attachment1">
                Attachment 2
                <input type='file' name='attachment2' placeholder='Attachment 2' class='form-control'>
@ -125,7 +115,7 @@ $Group_ID = $_SESSION["Group_ID"];
            <input type='file' name='attachment4' placeholder='Attachment 4' class='form-control'>
            <br>
-         <input type='submit' class='btn btn-primary' value='Submit Lab Assignment'><br>
+            <input type='submit' class='btn btn-primary' value='Submit Lab Assignment' id="submit_lab_assignment_btn"><br>
            </form>
        </div>
--- a/batch_insert.php
+++ b/batch_insert.php
@ -19,7 +19,7 @@ if (!$conn) {
 }
 //获得用户名数据
-$source = mysqli_real_escape_string($conn,$_POST['users']);
+$source = $_POST['users'];
 //如有多个空格，删除剩一个空格
 $source1 = preg_replace('/\s\s+/', ' ', $source);
@ -31,12 +31,13 @@ $source2 = trim($source1);
 //根据空格拆分
 $user = explode(' ', $source2);
 //插入数据
 for($index=0; $index < count($user); $index++) {
    $result = mysqli_query($conn, "SELECT * FROM `students_data` WHERE Student_ID='$user[$index]'");    
    if (mysqli_num_rows($result) < 1) {
        if (! mysqli_query($conn, "REPLACE INTO `students_data`(`Student_ID`, `Passport_Number`) VALUES('$user[$index]', '')" ) ) {
-            echo "SQL Error: " . $sql_stmt . "<br>" .htmlspecialchars(mysqli_error($conn));
+            echo "SQL Error: " . $sql_stmt . "<br>" . mysqli_error($conn);
        } else {
            echo "<p>Student number $user[$index] added.</p>";
        }
--- a/css/main.css
+++ b/css/main.css
@ -1,11 +0,0 @@
 /* this css class is used to enable copying in text with the mouse. */
 .text-selectable {
    -webkit-user-select: text;
    -moz-user-select: text;
    -ms-user-select: text;
    user-select: text;
    cursor:auto
   }
--- a/index.php
+++ b/index.php
@ -82,7 +82,7 @@ if (isset($_SESSION["user_fullname"])) {
 <div id="footer">
-    LRR was originally developed as a <a href="http://lanlab.org/course/2018f/se/homepage.html" style="color:white;">software engineering course project</a> by Mohamed Nor and Elmahdi Houzi.  Please submit your suggestions or bug reports to  lanhui.  Last updated on 18/04/2020 by Ashly. <a href="./homepage" style="color:white;">More information ...</a>
+    LRR was originally developed as a <a href="http://lanlab.org/course/2018f/se/homepage.html" style="color:white;">software engineering course project</a> by Mohamed Nor and Elmahdi Houzi.  Please submit your suggestions or bug reports to  lanhui _at_ zjnu.edu.cn.  Last updated on 18/04/2020 by Ashly. <a href="./homepage" style="color:white;">More information ...</a>
    </div>
 </body>
--- a/logout.php
+++ b/logout.php
@ -1,11 +1,11 @@
 <?php
 // Start a new session
 session_start();
 // Destory sessions & redirect to index
 session_destroy();
 session_unset();
-
+// Start a new session
 session_start();
 // Generate a new session ID
 session_regenerate_id(true);
--- a/recover_password.php
+++ b/recover_password.php
@ -27,9 +27,9 @@ include 'Header.php';
      <div class="panel-body">
        <form method="post" action="Script.php">
        <input type="hidden" name="frm_recover_password" value="true"/>
-        Student number  <input type="text" name="sno" placeholder="Enter your student number" class="form-control" required="required" value="<?php echo htmlspecialchars($_SESSION['student_number']); ?>">
+        Student number  <input type="text" name="sno" placeholder="Enter your student number" class="form-control" required="required" value="<?php echo $_SESSION['student_number']; ?>">
 	<br/>
-        Email  <input type="text" name="email" placeholder="Enter your email address" class="form-control" required="required" value="<?php echo htmlspecialchars($_SESSION['user_email']); ?>">
+        Email  <input type="text" name="email" placeholder="Enter your email address" class="form-control" required="required" value="<?php echo $_SESSION['user_email']; ?>">
 	<br/>
        <input type="submit" class="btn-primary" value="Recover">
@ -38,7 +38,7 @@ include 'Header.php';
 <?php
 if(isset($_SESSION['info_recover_password'])) {
-  echo  '<hr><div class="alert alert-danger" role="alert">'.htmlspecialchars($_SESSION['info_recover_password']).'</div>';
+  echo  '<hr><div class="alert alert-danger" role="alert">'.$_SESSION['info_recover_password'].'</div>';
  $_SESSION['info_recover_password']=null;
 }
Author	SHA1	Message	Date
HAYATU UMAR FARUQ	faa7b7314e	Updated UserDoc.md to add a section for increasing session duration	2022-04-20 16:31:14 +08:00
HAYATU UMAR FARUQ	ae6677d142	Updated UserDoc.md to include information about increasing the session duration	2022-04-06 07:59:30 +01:00