mrlan
/
LRR
3
0
Fork 2
Code Issues Pull Requests 7 Projects Releases Wiki Activity

Compare commits

base: mrlan:master
Branches Tags
mrlan:Bug197-Zayid
mrlan:Hui-Organize
mrlan:Bug193-Martha
mrlan:Bug430-Eden
mrlan:Bug486-Nartey
mrlan:Nartey-Testscript
mrlan:Eden-Testscript
mrlan:BUG352-NEIL2
mrlan:Bug352-Neil-Revised
mrlan:Bug418-Yaaqob
mrlan:update-MPIANA-tests
mrlan:Bug418-YAAQOB-MPIANA
mrlan:Bug557-Ayoub
mrlan:BUG352-NEIL
mrlan:Bug430-Eden2
mrlan:nar
mrlan:master
mrlan:Hui-improve-README.md
mrlan:Bug469-Hui
mrlan:Bug519-Hui
mrlan:Refactor-Moyo
mrlan:Bug469-kingsley
mrlan:Bug457-YAAQOB
mrlan:Bug510-Abdulai
mrlan:Bug485-Abdulai
mrlan:Xuxuan
mrlan:Bug196-Ward
mrlan:Bug404-Edson
mrlan:niweicong-bug-458-revised
mrlan:Bug34-Lamashevskyi
mrlan:Bug418-Lamashevskyi
mrlan:Bug37-Dmytro
mrlan:Bug_461_Martha
mrlan:niweicong-bug-458&459
mrlan:SPM-Zayid-468
mrlan:Bug23-Haji
mrlan:bug23-Haaji
mrlan:SMP-ZAYID-468-FEATURE
mrlan:LiangLigang
mrlan:Bug256-Umar
mrlan:Bug246-Petros
mrlan:AutoTesting-Golden
mrlan:IDVerificationBug-Golden
mrlan:Bug200-Ward
mrlan:SeleniumIbrahim-Ibrahim
mrlan:SeleniumIbrahimUpdate-Ibrahim
mrlan:bug231-Ibrahim
mrlan:bug312-Golden
mrlan:Bug203-Hui
mrlan:Hui-UserDoc
mrlan:Hui-DeleteUnnecessaryImages
mrlan:ProjectHomePage
mrlan:Hui-Bug330
mrlan:Hui-CodeIndentation
mrlan:Hui-Bug29
mrlan:Hui-Bug337
mrlan:SIMPLICITY_link
mrlan:Hui-IndentCode
mrlan:Mabasa-bugfix-199
mrlan:Mabasa-readmefix
mrlan:Mvondo-bugfix-21
mrlan:Hui-LecturerEmail
mrlan:SIMPLICITY_Bug-189_Course_Delete_btn
mrlan:sunflower
..
compare: mrlan:Bug256-Umar
Branches Tags
mrlan:Bug197-Zayid
mrlan:Hui-Organize
mrlan:Bug193-Martha
mrlan:Bug430-Eden
mrlan:Bug486-Nartey
mrlan:Nartey-Testscript
mrlan:Eden-Testscript
mrlan:BUG352-NEIL2
mrlan:Bug352-Neil-Revised
mrlan:Bug418-Yaaqob
mrlan:update-MPIANA-tests
mrlan:Bug418-YAAQOB-MPIANA
mrlan:Bug557-Ayoub
mrlan:BUG352-NEIL
mrlan:Bug430-Eden2
mrlan:nar
mrlan:master
mrlan:Hui-improve-README.md
mrlan:Bug469-Hui
mrlan:Bug519-Hui
mrlan:Refactor-Moyo
mrlan:Bug469-kingsley
mrlan:Bug457-YAAQOB
mrlan:Bug510-Abdulai
mrlan:Bug485-Abdulai
mrlan:Xuxuan
mrlan:Bug196-Ward
mrlan:Bug404-Edson
mrlan:niweicong-bug-458-revised
mrlan:Bug34-Lamashevskyi
mrlan:Bug418-Lamashevskyi
mrlan:Bug37-Dmytro
mrlan:Bug_461_Martha
mrlan:niweicong-bug-458&459
mrlan:SPM-Zayid-468
mrlan:Bug23-Haji
mrlan:bug23-Haaji
mrlan:SMP-ZAYID-468-FEATURE
mrlan:LiangLigang
mrlan:Bug256-Umar
mrlan:Bug246-Petros
mrlan:AutoTesting-Golden
mrlan:IDVerificationBug-Golden
mrlan:Bug200-Ward
mrlan:SeleniumIbrahim-Ibrahim
mrlan:SeleniumIbrahimUpdate-Ibrahim
mrlan:bug231-Ibrahim
mrlan:bug312-Golden
mrlan:Bug203-Hui
mrlan:Hui-UserDoc
mrlan:Hui-DeleteUnnecessaryImages
mrlan:ProjectHomePage
mrlan:Hui-Bug330
mrlan:Hui-CodeIndentation
mrlan:Hui-Bug29
mrlan:Hui-Bug337
mrlan:SIMPLICITY_link
mrlan:Hui-IndentCode
mrlan:Mabasa-bugfix-199
mrlan:Mabasa-readmefix
mrlan:Mvondo-bugfix-21
mrlan:Hui-LecturerEmail
mrlan:SIMPLICITY_Bug-189_Course_Delete_btn
mrlan:sunflower

2 Commits
master ... Bug256-Uma

Author SHA1 Message Date
HAYATU UMAR FARUQ faa7b7314e Updated UserDoc.md to add a section for increasing session duration 2022-04-20 16:31:14 +08:00
HAYATU UMAR FARUQ ae6677d142 Updated UserDoc.md to include information about increasing the session duration 2022-04-06 07:59:30 +01:00
18 changed files with 1265 additions and 1658 deletions
Show Stats Expand all files Collapse all files

1
.htaccess
View File

@ -1 +0,0 @@
allow from all

80
Admin.php
View File

@ -7,15 +7,14 @@ $page = "admin";
include 'Header.php'; include 'Header.php';
?> ?>
<?php <?php
// Only Lecturer or Admin could access this page if ($_SESSION['user_type'] != "Lecturer") {
if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") { $_SESSION["info_login"] = "You must log in first.";
die("Sorry. Nothing to see here."); echo $_SESSION["info_login"];
header("Location: index.php");
} }
?> ?>
<style> <style>
.col-md-4 { .col-md-4 {
border-right: 1px solid skyblue; border-right: 1px solid skyblue;
@ -37,21 +36,10 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
<hr> <hr>
--> -->
<div class="col-md-6"> <div class="col-md-6">
<h4> User Account Management </h4>
<hr>
<?php <b>Lecturer / TA Accounts </b><br>
if ($_SESSION['user_type'] == "Lecturer") {
echo " <h4> TA Account Management </h4>
<hr> " ;
echo "<b>TA Accounts </b><br>" ;
}
else if($_SESSION['user_type'] == "Admin"){
echo " <h4> Lecturer Account Management </h4>
<hr> ";
echo "<b>Lecturer Accounts </b><br>";
}
?>
<div class="container"> <div class="container">
@ -77,45 +65,20 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
<div id="home" class="container tab-pane active"><br> <div id="home" class="container tab-pane active"><br>
<?php <b>Create Lecturer/TA Accounts </b>
if ($_SESSION['user_type'] == "Lecturer") {
echo "<b>Create TA Accounts </b>";
}
else if($_SESSION['user_type'] == "Admin"){
echo "<b>Create Lecturer Accounts </b>";
}
?>
<form method="post" action="Script.php" id="create_account_form"> <form method="post" action="Script.php" id="create_account_form">
<input type="hidden" name="frm_createlecturrer" value="true" required="" /> <input type="hidden" name="frm_createlecturrer" value="true" required="" />
Full Name Full_Name
<input type="text" name="fullname" placeholder="Full Name" class="form-control" required=""> <input type="text" name="fullname" placeholder="Full Name" class="form-control" required="">
Email Email
<input type="text" name="email" placeholder="Email / Student Number" class="form-control" required=""> <input type="text" name="email" placeholder="Email / Student Number" class="form-control" required="">
Passport Number / ID (Used as Initial Password) Passport_Number / ID (Used as Intial Password)
<input type="text" class="form-control" name="passport" placeholder="Passport No./ID" required=""> <input type="text" class="form-control" name="passport" placeholder="Passport No./ID" required="">
<br> User Type : <br> User Type :
<input type="radio" name="type" value="Lecturer" required="" id="role_lecturer"> Lecturer
<?php <input type="radio" name="type" value="TA" required="" id="role_TA"> T/A
if ($_SESSION['user_type'] == "Lecturer") {
echo ' <input type="radio" name="type" value="TA" required="" id="role_TA"> TA (Teaching Assistant) ';
}
else if($_SESSION['user_type'] == "Admin"){
echo " <input type='radio' name = 'type' value = 'Lecturer' required = '' id='role_lecturer' > Lecturer ";
}
?>
<input type="submit" class="btn btn-primary" value="Create" id="create_btn"><br> <input type="submit" class="btn btn-primary" value="Create" id="create_btn"><br>
<?php <?php
error_reporting(E_ALL); error_reporting(E_ALL);
@ -149,21 +112,10 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
</tr> </tr>
<?php <?php
if ($_SESSION['user_type'] == "Lecturer") { $result = mysqli_query(
$con,
$result = mysqli_query( "SELECT * FROM Users_Table WHERE UserType in ('Lecturer','TA')"
$con, );
"SELECT * FROM Users_Table WHERE UserType in ('TA')"
);
}
else if($_SESSION['user_type'] == "Admin"){
$result = mysqli_query(
$con,
"SELECT * FROM Users_Table WHERE UserType in ('Lecturer')"
);
}
while ($row = mysqli_fetch_assoc($result)) { while ($row = mysqli_fetch_assoc($result)) {
$pass = $row['Passport_Number']; $pass = $row['Passport_Number'];
$btn = "<button class='btn-primary' onclick=\"updatePass(" . $row['User_ID'] . ",'$pass')\">Reset</button>"; $btn = "<button class='btn-primary' onclick=\"updatePass(" . $row['User_ID'] . ",'$pass')\">Reset</button>";

1015
Course.php
View File

File diff suppressed because it is too large Load Diff

1070
Courses.php
View File

File diff suppressed because it is too large Load Diff

7
Download.php
View File

@ -7,11 +7,6 @@ session_start();
// 修改这一行设置你的文件下载目录 // 修改这一行设置你的文件下载目录
// IMPORTANT: Do not delete the following conditional test
if (strpos($_GET['file'], "../") !== false) { // 检查是否有 ../,防止用户构造路径,访问某个他不应该访问的目录
die("Sorry. Nothing to download.");
}
$file = "./../../lrr_submission".$_GET['file']; $file = "./../../lrr_submission".$_GET['file'];
$filename = basename($file); $filename = basename($file);
@ -25,7 +20,7 @@ $type = filetype($file);
$today = date("F j, Y, g:i a"); $today = date("F j, Y, g:i a");
$time = time(); $time = time();
if ((isset($_SESSION["user_student_id"]) && strpos($file, $_SESSION["user_student_id"]) > 0) || $_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "TA" ) { if ( (isset($_SESSION["user_student_id"]) && strpos($file, $_SESSION["user_student_id"])) || $_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "TA") {
// 发送文件头部 // 发送文件头部
header("Content-type: $type"); header("Content-type: $type");
header('Content-Disposition: attachment;filename="'.urldecode($filename).'"'); header('Content-Disposition: attachment;filename="'.urldecode($filename).'"');

6
Header.php
View File

@ -22,12 +22,6 @@ if (mysqli_connect_errno()) {
<link href="./css/bootstrap.min.css" rel="stylesheet" type="text/css" /> <link href="./css/bootstrap.min.css" rel="stylesheet" type="text/css" />
<link href="./font-awesome/css/font-awesome.min.css" rel="stylesheet" type="text/css" /> <link href="./font-awesome/css/font-awesome.min.css" rel="stylesheet" type="text/css" />
<link href="./css/bootstrap.min.css" rel="stylesheet" type="text/css" /> <link href="./css/bootstrap.min.css" rel="stylesheet" type="text/css" />
<!-- *this css file can be used across all the websites
and any new css class can be added there.
* The reason is to make the css code reusable.
* the css file is used by submissions.php
-->
<link href = "./css/main.css" rel = "stylesheet" type = "text/css" />
<script src="./css/jquery.min.js" type="text/javascript"></script> <script src="./css/jquery.min.js" type="text/javascript"></script>
<script src="./css/bootsrap.min.js" type="text/javascript"></script> <script src="./css/bootsrap.min.js" type="text/javascript"></script>

2
NoDirectPhpAcess.php
View File

@ -2,6 +2,6 @@
// https://stackoverflow.com/questions/33999475/prevent-direct-url-access-to-php-file // https://stackoverflow.com/questions/33999475/prevent-direct-url-access-to-php-file
if (!isset($_SERVER['HTTP_REFERER']) ) { if (!isset($_SERVER['HTTP_REFERER']) ) {
/* choose the appropriate page to redirect users */ /* choose the appropriate page to redirect users */
die( header( 'location: logout.php' ) ); die( header( 'location: index.php' ) );
} }
?> ?>

56
README.md
View File

@ -18,17 +18,15 @@ Our mission is to make the experience of submitting assignments great for tens o
# Installation Instructions # Installation Instructions
## Hui steps ## Hui's steps
I spent about two hours installing LRR to a bare, remote Ubuntu server (Ubuntu 20.04 LTS). I spent about two hours installing LRR to a bare, remote Ubuntu server (Ubuntu 20.04 LTS).
LRR needs Apache and MySQL to run. I followed [How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-20-04) to set up these server applications. [How to install and configure PHP](https://ubuntu.com/server/docs/programming-php) is also a good guide. LRR needs Apache and MySQL to run. I followed [How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-20-04) to set up these server applications.
LRR uses a database called `lrr`. So create this database using MySQL root account. Open MySQL's prompt using `sudo mysql`. Create the database using command `CREATE DATABASE lrr;`, and grant all privileges to MySQL user `lrr` using command `GRANT ALL PRIVILEGES ON lrr.* TO 'mnc'@'localhost' WITH GRANT OPTION;`. If MySQL user mnc does not exist, create it using command `CREATE USER 'mnc'@'localhost' IDENTIFIED BY 'password'`. LRR uses a database called `lrr`. I need to export the existing `lrr` to a plain text file (including many sql commands) and import that text file to the newly created `lrr` database on the new server.
The command for exporting the database is `mysqldump -u mnc -p lrr > lrr_database_dump.txt`.
To facilitate data migration, I need to export the existing `lrr` to a plain text file (including many sql commands) and import that text file to the newly created `lrr` database on the new server. The command for importing is `mysql -u mnc -p lrr < lrr_database_dump.txt`. Read [How to Import and Export MySQL Databases in Linux](https://phoenixnap.com/kb/import-and-export-mysql-database) for more detail.
The command for exporting the database is `mysqldump -u mnc -p lrr > lrr_database_dump.txt`, where mnc after -u is MySQL's username, and lrr after -p is the database name.
The command for importing is `mysql -u mnc -p lrr < lrr_database_dump.txt`. Read [How to Import and Export MySQL Databases in Linux](https://phoenixnap.com/kb/import-and-export-mysql-database) for more detail. Do not have lrr_database_dump.txt? You can use lrr_database.sql in this repo instead.
LRR also needs to store assignment submissions. We store them in a folder called `../../lrr_submission`. Note that `lrr_submission` is two levels above the project folder (where many PHP files reside). I copied this folder from the existing one. I think it is also OK if you create an empty folder. LRR also needs to store assignment submissions. We store them in a folder called `../../lrr_submission`. Note that `lrr_submission` is two levels above the project folder (where many PHP files reside). I copied this folder from the existing one. I think it is also OK if you create an empty folder.
We need to set a proper owner and accessibility for `lrr_submission` using the following two commands: We need to set a proper owner and accessibility for `lrr_submission` using the following two commands:
@ -51,7 +49,7 @@ Enable the site lrr: `sudo a2ensite lrr`. Restart the apache server: `sudo syst
Visit the LRR application by entering this URL in a web browser: http://121.4.94.30/. Visit the LRR application by entering this URL in a web browser: http://121.4.94.30/.
## Enock steps ## Enock's steps
Enock, a graduate student here, has made a tutorial about how he deployed LRR to a remote server (http://lanlab.org/course/2021s/spm/PuTTY-Server.txt). Enock, a graduate student here, has made a tutorial about how he deployed LRR to a remote server (http://lanlab.org/course/2021s/spm/PuTTY-Server.txt).
@ -173,49 +171,49 @@ We can also communicate through pull requests. You make a pull request, I revie
GitHub Account - Full Name - Student number GitHub Account - Full Name - Student number
CODEwithZAKI - Omar Mohamud Mohamed - 2020041 CODEwithZAKI - Omar Mohamud Mohamed - 202025800041
BloudYoussef - Khayat Youssef - 2020042 BloudYoussef - Khayat Youssef - 202025800042
TanakaMichelle - Tanaka Michelle Sandati - 2017134 TanakaMichelle - Tanaka Michelle Sandati - 201732120134
WhyteAsamoah - Yeboah Martha Asamoah - 2017135 WhyteAsamoah - Yeboah Martha Asamoah - 201732120135
xiaoyusoil - ZhengXiaoyu - 2017110 xiaoyusoil - ZhengXiaoyu - 201732120110
Benny123-cell - ZhangBin - 2017127 Benny123-cell - ZhangBin - 201732120127
421281726 - LiJiaxing - 2017118 421281726 - LiJiaxing - 201732120118
zhenghongyu-david - ZhengHongyu - 2017128 zhenghongyu-david - ZhengHongyu - 201732120128
wkytz - YeHantao - 2017125 wkytz - YeHantao - 201732120125
zego000 - GaoZeng - 2017117 zego000 - GaoZeng - 201732120117
Richard1427 - XieJiacong - 2017123 Richard1427 - XieJiacong - 201732120123
yutengYing - YingYuteng - 2017126 yutengYing - YingYuteng - 201732120126
Samrusike - Samantha Rusike - 2016140 Samrusike - Samantha Rusike - 201632120140
*enockkays* <enockkhondowe94@yahoo.com> *enockkays* <enockkhondowe94@yahoo.com>
*Teecloudy* - Ashly Tafadzwa Dhani - 201150 *Teecloudy* - Ashly Tafadzwa Dhani - 201632120150
GuedaliaBonheurSPM - Guedalia Youma - 2019221 GuedaliaBonheurSPM - Guedalia Youma - 201925800221
ACorneille - Alimasi Corneille - 2019168 ACorneille - Alimasi Corneille - 201925800168
Tabithakipanga - Kipanga Dorcas - 2019170 Tabithakipanga - Kipanga Dorcas - 201925800170
Mary-AK - Mary Akussah Doe - 2019173 Mary-AK - Mary Akussah Doe - 201925800173
pkkumson - Kumson Princewill Kum - 2019166 pkkumson - Kumson Princewill Kum - 201925800166
Twizere - Twizere Pacifique - 2019174 Twizere - Twizere Pacifique - 201925800174
Nicole-Rutagengwa - Nicole Rutagengwa - 2019169 Nicole-Rutagengwa - Nicole Rutagengwa - 201925800169
*hema-001* - Ibrahim Mohamed Ibrahim Ismail - omitted *hema-001* - Ibrahim Mohamed Ibrahim Ismail - omitted

4
Reset_password.php
View File

@ -8,8 +8,8 @@
include 'Header.php'; include 'Header.php';
$token = htmlspecialchars($_GET['token']); $token=$_GET['token'];
$email = htmlspecialchars($_GET['email']); $email=$_GET['email'];
?> ?>
<div class="row"> <div class="row">

267
Script.php
View File

@ -35,6 +35,7 @@ function is_valid_student_number($student_id)
// ############################### SIGN UP ################################## // ############################### SIGN UP ##################################
if (!empty($_POST["form_signup"])) { if (!empty($_POST["form_signup"])) {
$student_id = trim(mysqli_real_escape_string($con, $_POST["user_student_id"])); $student_id = trim(mysqli_real_escape_string($con, $_POST["user_student_id"]));
// validate student number // validate student number
@ -52,7 +53,6 @@ if (!empty($_POST["form_signup"])) {
return; return;
} }
// Check if the student number isn't already registered // Check if the student number isn't already registered
$student_result = mysqli_query($con, "SELECT * FROM `users_table` WHERE Student_ID='$student_id'"); $student_result = mysqli_query($con, "SELECT * FROM `users_table` WHERE Student_ID='$student_id'");
@ -98,15 +98,16 @@ if (!empty($_POST["form_signup"])) {
// check for strong password // check for strong password
if (!$containsAll) { if (!$containsAll) {
$_SESSION['info_signup'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and special characters (e.g., !?.,*^)."; $_SESSION['info_signup'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and sepcial characters (e.g., !?.,*^).";
header("Location: signup.php"); header("Location: signup.php");
return; return;
} }
// check if email is taken // check if email is taken
$result = mysqli_query($con, "SELECT * FROM users_table WHERE email='$email'"); $result = mysqli_query($con, "SELECT * FROM users_table WHERE email='$email'");
if (mysqli_num_rows($result) != 0) { if(mysqli_num_rows($result) != 0)
$_SESSION["info_signup"] = "Email address " . $email . " is already in use."; {
$_SESSION["info_signup"]="Email address ".$email." is already in use.";
$_SESSION['user_fullname'] = null; $_SESSION['user_fullname'] = null;
header("Location: signup.php"); header("Location: signup.php");
return; return;
@ -146,7 +147,7 @@ if (!empty($_POST["frm_login"])) {
$password = mysqli_real_escape_string($con, $_POST["password"]); $password = mysqli_real_escape_string($con, $_POST["password"]);
$result = mysqli_query($con, "SELECT * FROM users_table WHERE (Student_ID='$user') OR (Email='$user')"); $result = mysqli_query($con, "SELECT * FROM users_table WHERE (Student_ID='$user') OR (Email='$user')");
if (mysqli_num_rows($result) == 0) { if (mysqli_num_rows($result) == 0) {
$_SESSION["info_login"] = "Invalid user name information."; $_SESSION["info_login"] = "Inavlid user name information.";
echo $_SESSION["info_login"]; echo $_SESSION["info_login"];
header("Location: index.php"); header("Location: index.php");
} else { } else {
@ -195,6 +196,7 @@ if (!empty($_POST["frm_recover_password"])) {
// validate student number // validate student number
if (strlen($student_id) != 12 || is_numeric($student_id) == FALSE) { if (strlen($student_id) != 12 || is_numeric($student_id) == FALSE) {
$_SESSION["info_recover_password"] = "Invalid student number."; $_SESSION["info_recover_password"] = "Invalid student number.";
#echo "Invalid student number.";
header("Location: recover_password.php"); header("Location: recover_password.php");
return; return;
} }
@ -246,7 +248,7 @@ if (!empty($_POST["frm_reset_password"])) {
// Password Update // Password Update
$hashed_password = hash('sha512', $password); $hashed_password = hash('sha512', $password);
$sql = "UPDATE users_table set HashPassword='$hashed_password' where User_ID='$userid';"; $sql = "UPDATE users_table set HashPassword='$hashed_password' where User_ID=$userid;";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
error_reporting(0); error_reporting(0);
@ -268,22 +270,20 @@ if (!empty($_POST["frm_createlecturrer"])) {
$email = mysqli_real_escape_string($con, $_POST["email"]); $email = mysqli_real_escape_string($con, $_POST["email"]);
$fullname = mysqli_real_escape_string($con, $_POST["fullname"]); $fullname = mysqli_real_escape_string($con, $_POST["fullname"]);
$type = mysqli_real_escape_string($con, $_POST["type"]); $type = mysqli_real_escape_string($con, $_POST["type"]);
$password = mysqli_real_escape_string($con, $_POST["passport"]); $password = $passport;
// check if email is taken // check if email is taken
$result = mysqli_query( $result = mysqli_query($con,
$con, "SELECT * FROM Users_Table WHERE email='$email'");
"SELECT * FROM Users_Table WHERE email='$email'" if(mysqli_num_rows($result)!=0)
); {
if (mysqli_num_rows($result) != 0) { $_SESSION["info_Admin_Users"]="Email address : ".$email." is already in use.";
$_SESSION["info_Admin_Users"] = "Email address : " . $email . " is already in use.";
header("Location: Admin.php"); header("Location: Admin.php");
} }
$password_hash = password_hash("$password", PASSWORD_DEFAULT); $sql= "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`) VALUES "
$sql = "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`) VALUES " . "('$email','$password','$fullname','$type')";
. "('$email','$password_hash','$fullname','$type')";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
$_SESSION["info_Admin_Users"] = $type . " user created successfully. Use email " . $email . " as account name and $password as password."; $_SESSION["info_Admin_Users"] = $type . " user Created successfully : email " . $email . " and $password as Password.";
header("Location: Admin.php"); header("Location: Admin.php");
} else { } else {
echo "Error: " . $sql . "<br>" . $con->error; echo "Error: " . $sql . "<br>" . $con->error;
@ -300,7 +300,7 @@ function is_valid_file_format($file)
'cvc', 'c', 'class', 'cpp', 'h', 'java', 'sh', 'swift', 'zip', 'rar', 'ods', 'xlr', 'bak', 'ico', 'swf' 'cvc', 'c', 'class', 'cpp', 'h', 'java', 'sh', 'swift', 'zip', 'rar', 'ods', 'xlr', 'bak', 'ico', 'swf'
); );
$filename = $_FILES[$file]['name']; utf8_encode($filename = $_FILES[$file]['name']);
$ext = pathinfo($filename, PATHINFO_EXTENSION); $ext = pathinfo($filename, PATHINFO_EXTENSION);
$result = in_array($ext, $allowed); $result = in_array($ext, $allowed);
return $result; return $result;
@ -430,7 +430,7 @@ if (!empty($_POST["frm_uploadlab"])) {
$sql = "INSERT INTO `lab_reports_table`(`Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, $sql = "INSERT INTO `lab_reports_table`(`Course_ID`, `Posted_Date`, `Deadline`, `Instructions`,
`Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`,Marks,Type) `Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`,Marks,Type)
VALUES ('$course_id','$date','$deadline','$instructions','$title','$targetfile','$targetfile2','$targetfile3','$targetfile3','$marks','$type')"; VALUES ('$course_id','$date','$deadline','$instructions','$title','$targetfile','$targetfile2','$targetfile3','$targetfile3',$marks,'$type')";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
@ -452,8 +452,10 @@ function checksize($file)
} }
// ############################### Submit Assignment ################################## // ############################### Submit Assignment ##################################
if (!empty($_POST["frm_submitlab"])) { if (!empty($_POST["frm_submitlab"])) {
/* Posting values to database */
$lab_id = mysqli_real_escape_string($con, $_POST["lab_id"]); $lab_id = mysqli_real_escape_string($con, $_POST["lab_id"]);
$student_id = $_POST["student_id"]; $student_id = $_POST["student_id"];
$group_id = $_POST["group_id"]; $group_id = $_POST["group_id"];
@ -467,7 +469,7 @@ if (!empty($_POST["frm_submitlab"])) {
$date = date("Y-m-d H:i:s"); $date = date("Y-m-d H:i:s");
// GET UPLOADED FILES // GET UPLOADED FILES
$labName = mysqli_query($con, "SELECT * FROM `lab_reports_table` WHERE Lab_Report_ID='$lab_id'"); $labName = mysqli_query($con, "SELECT * FROM `lab_reports_table` WHERE Lab_Report_ID=$lab_id");
while ($row = mysqli_fetch_assoc($labName)) { while ($row = mysqli_fetch_assoc($labName)) {
$lab_name = $row['Title']; $lab_name = $row['Title'];
$_SESSION['Sub_Type'] = $row['Type']; // submission type, either Individual or Group $_SESSION['Sub_Type'] = $row['Type']; // submission type, either Individual or Group
@ -550,19 +552,19 @@ if (!empty($_POST["frm_submitlab"])) {
$targetfile4 = ""; $targetfile4 = "";
if (strlen($_FILES['attachment1']['name']) > 2) { // why greater than 2??? if (strlen($_FILES['attachment1']['name']) > 2) { // why greater than 2???
$targetfile = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment1']['name']); $targetfile = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . $_FILES['attachment1']['name'];
} }
if (strlen($_FILES['attachment2']['name']) > 2) { if (strlen($_FILES['attachment2']['name']) > 2) {
$targetfile2 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment2']['name']); $targetfile2 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . $_FILES['attachment2']['name'];
} }
if (strlen($_FILES['attachment3']['name']) > 2) { if (strlen($_FILES['attachment3']['name']) > 2) {
$targetfile3 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment3']['name']); $targetfile3 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . $_FILES['attachment3']['name'];
} }
if (strlen($_FILES['attachment4']['name']) > 2) { if (strlen($_FILES['attachment4']['name']) > 2) {
$targetfile4 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment4']['name']); $targetfile4 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . $_FILES['attachment4']['name'];
} }
// When $group_id is not properly initialized, use integer 0 as its value. // When $group_id is not properly initialized, use integer 0 as its value.
@ -571,13 +573,13 @@ if (!empty($_POST["frm_submitlab"])) {
$group_id = 0; // FIXME $group_id = 0; // FIXME
} }
$sql1 = "DELETE FROM lab_report_submissions where Lab_Report_ID='$lab_id' and Student_id='$student_id' and Course_Group_id='$group_id'"; $sql1 = "DELETE FROM lab_report_submissions where Lab_Report_ID=$lab_id and Student_id=$student_id and Course_Group_id=$group_id";
if ($con->query($sql1) === TRUE) { if ($con->query($sql1) === TRUE) {
} }
$sql = "INSERT INTO `lab_report_submissions`(`Submission_Date`, `Lab_Report_ID`, `Student_id`," $sql = "INSERT INTO `lab_report_submissions`(`Submission_Date`, `Lab_Report_ID`, `Student_id`,"
. " `Course_Group_id`, `Attachment1`, `Notes`, `Attachment2`, `Attachment3`, `Attachment4`, `Status`, `Title`,`Remarking_Reason`)" . " `Course_Group_id`, `Attachment1`, `Notes`, `Attachment2`, `Attachment3`, `Attachment4`, `Status`, `Title`,`Remarking_Reason`)"
. " VALUES ('$date','$lab_id','$student_id','$group_id','$targetfile','$instructions','$targetfile2','$targetfile3','$targetfile4'," . " VALUES ('$date',$lab_id,$student_id,$group_id,'$targetfile','$instructions','$targetfile2','$targetfile3','$targetfile4',"
. "'Pending','$title','')"; . "'Pending','$title','')";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
@ -595,9 +597,9 @@ if (!empty($_POST["frm_submitlab"])) {
// JOIN COURSE // JOIN COURSE
if (!empty($_GET["JoinCourse"])) { if (!empty($_GET["JoinCourse"])) {
$id = mysqli_real_escape_string($con, $_GET["id"]); $id = $_GET["id"];
$student_id = mysqli_real_escape_string($con, $_GET["std"]); $student_id = $_GET["std"];
$joining = mysqli_real_escape_string($con, $_GET["joining"]); $joining = $_GET["joining"];
$status = "Pending"; $status = "Pending";
if ($joining == 0) { if ($joining == 0) {
@ -624,12 +626,12 @@ if (!empty($_GET["JoinCourse"])) {
if (!empty($_GET["savemarks"])) { if (!empty($_GET["savemarks"])) {
$id = mysqli_real_escape_string($con, $_GET["id"]); $id = $_GET["id"];
$marks = mysqli_real_escape_string($con, $_GET["marks"]); $marks = $_GET["marks"];
$total = mysqli_real_escape_string($con, $_GET["total"]); $total = $_GET["total"];
$feedback = mysqli_real_escape_string($con, $_GET["feedback"]); $feedback = $_GET["feedback"];
$header = mysqli_real_escape_string($con, $_GET["header"]); $header = $_GET["header"];
$labid = mysqli_real_escape_string($con, $_GET["labid"]); $labid = $_GET["labid"];
$status = "Marked"; $status = "Marked";
if ($marks > $total) { if ($marks > $total) {
@ -658,14 +660,14 @@ if (!empty($_GET["savemarks"])) {
#Update Report Visibility #Update Report Visibility
if (!empty($_GET["updatevisibility"])) { if (!empty($_GET["updatevisibility"])) {
$id = mysqli_real_escape_string($con, $_GET["id"]); $id = $_GET["id"];
$marks = mysqli_real_escape_string($con, $_GET["marks"]); $marks = $_GET["marks"];
$total = mysqli_real_escape_string($con, $_GET["total"]); $total = $_GET["total"];
$status = mysqli_real_escape_string($con, $_GET["status"]); $status = $_GET["status"];
$header = mysqli_real_escape_string($con, $_GET["header"]); $header = $_GET["header"];
$labid = mysqli_real_escape_string($con, $_GET["labid"]); $labid = $_GET["labid"];
$sql = "UPDATE `lab_report_submissions` SET `Visibility`='$status' WHERE Submission_ID='$id' $sql = "UPDATE `lab_report_submissions` SET `Visibility`='$status' WHERE Submission_ID=$id
"; ";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
@ -681,18 +683,18 @@ if (!empty($_GET["updatevisibility"])) {
if (!empty($_GET["remarking"])) { if (!empty($_GET["remarking"])) {
$id = htmlspecialchars(mysqli_real_escape_string($con, $_GET["id"])); $id = $_GET["id"];
$url = htmlspecialchars(mysqli_real_escape_string($con, $_GET["url"])); $url = $_GET["url"];
$status = htmlspecialchars(mysqli_real_escape_string($con, $_GET["status"])); $status = $_GET["status"];
$details = htmlspecialchars(mysqli_real_escape_string($con, $_GET["details"])); $details = $_GET["details"];
$sql = "UPDATE `lab_report_submissions` SET `Status`='Remarking',Remarking_Reason='$details' WHERE Submission_ID='$id' $sql = "UPDATE `lab_report_submissions` SET `Status`='Remarking',Remarking_Reason='$details' WHERE Submission_ID=$id
"; ";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
$_SESSION["info_general"] = "Remarking Request Sent"; $_SESSION["info_ReMarking"] = "Remarking Request Sent";
header("Location: Course.php?url=" . $url); header("Location: Course.php?url=" . $url);
} else { } else {
echo "Error: " . $sql . "<br>" . $con->error; echo "Error: " . $sql . "<br>" . $con->error;
@ -703,13 +705,13 @@ if (!empty($_GET["remarking"])) {
if (!empty($_GET["creategroup"])) { if (!empty($_GET["creategroup"])) {
$student_id = mysqli_real_escape_string($con, $_GET["student_id"]); $student_id = $_GET["student_id"];
$url = mysqli_real_escape_string($con, $_GET["url"]); $url = $_GET["url"];
$id = mysqli_real_escape_string($con, $_GET["id"]); $id = $_GET["id"];
$name = mysqli_real_escape_string($con, $_GET["name"]); $name = $_GET["name"];
$sql = "INSERT INTO `course_groups_table`(`Group_Name`, $sql = "INSERT INTO `course_groups_table`(`Group_Name`,
`Group_Leader`, `Course_id`) VALUES ('$name','$student_id','$id')"; `Group_Leader`, `Course_id`) VALUES ('$name',$student_id,$id)";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
@ -719,9 +721,9 @@ if (!empty($_GET["creategroup"])) {
} }
$sql = "INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`) $sql = "INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`)
VALUES ('$gid','$student_id','Created')"; VALUES ($gid,$student_id,'Created')";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
$_SESSION["info_general"] = "Course group Created"; $_SESSION["info_ReMarking"] = "Course group Created";
header("Location: Course.php?url=" . $url); header("Location: Course.php?url=" . $url);
} else { } else {
echo "Error: " . $sql . "<br>" . $con->error; echo "Error: " . $sql . "<br>" . $con->error;
@ -735,25 +737,18 @@ if (!empty($_GET["creategroup"])) {
if (!empty($_GET["groupinvite"])) { if (!empty($_GET["groupinvite"])) {
$student_id = mysqli_real_escape_string($con, $_GET["student_id"]); $student_id = $_GET["student_id"];
$url = mysqli_real_escape_string($con, $_GET["url"]); $url = $_GET["url"];
$courseid = mysqli_real_escape_string($con, $_GET["courseid"]); $courseid = $_GET["courseid"];
$groupid = mysqli_real_escape_string($con, $_GET["groupid"]); $groupid = $_GET["groupid"];
$student = mysqli_query($con, "SELECT * FROM students_data WHERE Student_ID = '$student_id' ");
if (mysqli_num_rows($student) > 0) { $result = mysqli_query($con, "SELECT * FROM course_group_members_table where Course_Group_id = '$groupid' and Student_ID = '$student_id'");
if (mysqli_num_rows($result) > 0) {
$result = mysqli_query($con, "SELECT * FROM course_group_members_table where Course_Group_id = '$groupid' and Student_ID = '$student_id'"); $_SESSION["info_ReMarking"] = $student_id . " has already been invited";
if (mysqli_num_rows($result) > 0) {
$_SESSION["info_general"] = $student_id . " has already been invited.";
header("Location: Course.php?url=" . $url);
} else {
$sql = "INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`)
VALUES ('$groupid','$student_id','Invited')";
}
} else {
$_SESSION["info_general"] = $student_id . " is an invalid student number.";
header("Location: Course.php?url=" . $url); header("Location: Course.php?url=" . $url);
} else {
$sql = "INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`)
VALUES ($groupid,$student_id,'Invited')";
} }
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
@ -771,26 +766,26 @@ if (!empty($_GET["groupinvite"])) {
if ($Group_Member == '0') { if ($Group_Member == '0') {
mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'"); mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'");
$_SESSION["info_general"] = $student_id . " was invited to the group."; $_SESSION["info_ReMarking"] = $student_id . " was invited to the group";
header("Location: Course.php?url=" . $url); header("Location: Course.php?url=" . $url);
} elseif ($Group_Member2 == '0') { } elseif ($Group_Member2 == '0') {
mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member2` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'"); mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member2` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'");
$_SESSION["info_general"] = $student_id . " was invited to the group."; $_SESSION["info_ReMarking"] = $student_id . " was invited to the group";
header("Location: Course.php?url=" . $url); header("Location: Course.php?url=" . $url);
} elseif ($Group_Member3 == '0') { } elseif ($Group_Member3 == '0') {
mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member3` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'"); mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member3` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'");
$_SESSION["info_general"] = $student_id . " was invited to the group."; $_SESSION["info_ReMarking"] = $student_id . " was invited to the group";
header("Location: Course.php?url=" . $url); header("Location: Course.php?url=" . $url);
} elseif ($Group_Member4 == '0') { } elseif ($Group_Member4 == '0') {
mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member4` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'"); mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member4` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'");
$_SESSION["info_general"] = $student_id . " was invited to the group."; $_SESSION["info_ReMarking"] = $student_id . " was invited to the group";
header("Location: Course.php?url=" . $url); header("Location: Course.php?url=" . $url);
} else { } else {
$_SESSION["info_general"] = " You cannot add any more members"; $_SESSION["info_ReMarking"] = " You cant add any more members";
header("Location: Course.php?url=" . $url); header("Location: Course.php?url=" . $url);
} }
} }
$_SESSION["info_general"] = $student_id . " was invited to the group."; $_SESSION["info_ReMarking"] = $student_id . " was invited to the group";
header("Location: Course.php?url=" . $url); header("Location: Course.php?url=" . $url);
} else { } else {
echo "Error: " . $sql . "<br>" . $con->error; echo "Error: " . $sql . "<br>" . $con->error;
@ -801,57 +796,21 @@ if (!empty($_GET["groupinvite"])) {
if (!empty($_GET["acceptinvite"])) { if (!empty($_GET["acceptinvite"])) {
$student_id = mysqli_real_escape_string($con, $_GET["student_id"]); $student_id = $_GET["student_id"];
$url = mysqli_real_escape_string($con, $_GET["url"]); $url = $_GET["url"];
$action = mysqli_real_escape_string($con, $_GET["action"]); $action = $_GET["action"];
$groupid = mysqli_real_escape_string($con, $_GET["groupid"]); $groupid = $_GET["groupid"];
if ($action == 1) { if ($action == 1) {
$sql = "Update `course_group_members_table` set Status='Joined' where Course_Group_id ='$groupid' and student_id='$student_id' $sql = "Update `course_group_members_table` set Status='Joined' where Course_Group_id =$groupid and student_id=$student_id
"; ";
} else { } else {
$sql = "Delete from `course_group_members_table` where Course_Group_id ='$groupid' and student_id='$student_id' $sql = "Delete from `course_group_members_table` where Course_Group_id =$groupid and student_id=$student_id
"; ";
} }
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
$_SESSION["info_general"] = " Group Invite Updated"; $_SESSION["info_ReMarking"] = " Group Invite Updated";
header("Location: Course.php?url=" . $url);
} else {
echo "Error: " . $sql . "<br>" . $con->error;
}
}
#Remove a member from group
if (!empty($_GET["removemember"])) {
$student_id = mysqli_real_escape_string($con, $_GET["student_id"]);
$group_id = mysqli_real_escape_string($con, $_GET["group_id"]);
$url = mysqli_real_escape_string($con, $_GET["url"]);
$sql = "Delete from `course_group_members_table` where student_id=$student_id and Course_Group_id=$group_id";
if ($con->query($sql) === TRUE) {
$_SESSION["info_general"] = " Member " . $student_id . " removed from the group";
header("Location: Course.php?url=" . $url);
} else {
echo "Error: " . $sql . "<br>" . $con->error;
}
}
#Delete a whole group
if (!empty($_GET["deletegroup"])) {
$group_id = mysqli_real_escape_string($con, $_GET["group_id"]);
$url = mysqli_real_escape_string($con, $_GET["url"]);
$sql1 = "Delete from `course_group_members_table` where Course_Group_id=$group_id";
$sql2 = "Delete from `course_groups_table` where Course_Group_id=$group_id";
if ($con->query($sql1) === TRUE && $con->query($sql2) === TRUE) {
$_SESSION["info_general"] = " Group has been deleted successfully. ";
header("Location: Course.php?url=" . $url); header("Location: Course.php?url=" . $url);
} else { } else {
echo "Error: " . $sql . "<br>" . $con->error; echo "Error: " . $sql . "<br>" . $con->error;
@ -862,22 +821,22 @@ if (!empty($_GET["deletegroup"])) {
if (!empty($_GET["extenddeadline"])) { if (!empty($_GET["extenddeadline"])) {
$id = mysqli_real_escape_string($con, $_GET["id"]); $id = $_GET["id"];
$date = mysqli_real_escape_string($con, $_GET["date"]); $date = $_GET["date"];
$time = mysqli_real_escape_string($con, $_GET["time"]); $time = $_GET["time"];
$type = mysqli_real_escape_string($con, $_GET["type"]); $type = $_GET["type"];
$stdid = mysqli_real_escape_string($con, $_GET["stdid"]); $stdid = $_GET["stdid"];
$reason = mysqli_real_escape_string($con, $_GET["reason"]); $reason = $_GET["reason"];
$url = mysqli_real_escape_string($con, $_GET["url"]); $url = $_GET["url"];
$deadline = $date . " " . $time; $deadline = $date . " " . $time;
if ($type == 1) { if ($type == 1) {
$sql = "UPDATE `lab_reports_table` SET `Deadline`='$deadline' WHERE Lab_Report_ID='$id'"; $sql = "UPDATE `lab_reports_table` SET `Deadline`='$deadline' WHERE Lab_Report_ID=$id";
} else { } else {
$sql = "INSERT INTO `extended_deadlines_table`(`Student_ID`, " $sql = "INSERT INTO `extended_deadlines_table`(`Student_ID`, "
. "`Lab_Report_ID`, `Extended_Deadline_Date`," . "`Lab_Report_ID`, `Extended_Deadline_Date`,"
. " `ReasonsForExtension`) VALUES ('$stdid','$id','$deadline','$reason')"; . " `ReasonsForExtension`) VALUES ($stdid,$id,'$deadline','$reason')";
} }
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
@ -893,13 +852,13 @@ if (!empty($_GET["extenddeadline"])) {
if (!empty($_GET["ignoreremarking"])) { if (!empty($_GET["ignoreremarking"])) {
$id = mysqli_real_escape_string($con, $_GET["id"]); $id = $_GET["id"];
$total = mysqli_real_escape_string($con, $_GET["total"]); $total = $_GET["total"];
$header = mysqli_real_escape_string($con, $_GET["header"]); $header = $_GET["header"];
$subid = mysqli_real_escape_string($con, $_GET["subid"]); $subid = $_GET["subid"];
$sql = "UPDATE lab_report_submissions SET Status='Marked' WHERE Submission_ID='$subid'"; $sql = "UPDATE lab_report_submissions SET Status='Marked' WHERE Submission_ID=$subid";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
@ -914,10 +873,10 @@ if (!empty($_GET["ignoreremarking"])) {
if (!empty($_GET["assignTA"])) { if (!empty($_GET["assignTA"])) {
$id = mysqli_real_escape_string($con, $_GET["id"]); $id = $_GET["id"];
$ta = mysqli_real_escape_string($con, $_GET["ta"]); $ta = $_GET["ta"];
$sql = "INSERT INTO `course_ta`(`Course_ID`, `TA`) VALUES ('$id','$ta')"; $sql = "INSERT INTO `course_ta`(`Course_ID`, `TA`) VALUES ($id,$ta)";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
@ -932,13 +891,13 @@ if (!empty($_GET["assignTA"])) {
if (!empty($_GET["AcceptStudent"])) { if (!empty($_GET["AcceptStudent"])) {
$id = mysqli_real_escape_string($con, $_GET["id"]); $id = $_GET["id"];
$rs = mysqli_real_escape_string($con, $_GET["rs"]); $rs = $_GET["rs"];
if ($rs == "yes") { if ($rs == "yes") {
$sql = "Update course_students_table set Status='Joined' Where ID='$id'"; $sql = "Update course_students_table set Status='Joined' Where ID=$id";
} else { } else {
$sql = "Delete FROM course_students_table Where ID='$id'"; $sql = "Delete FROM course_students_table Where ID=$id";
} }
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
@ -960,12 +919,12 @@ if (!empty($_GET["AcceptStudent"])) {
if (!empty($_GET["action"])) { if (!empty($_GET["action"])) {
$action = $_GET["action"]; $action = $_GET["action"];
$uid = mysqli_real_escape_string($con, $_GET["uid"]); $uid = $_GET["uid"];
$pass = mysqli_real_escape_string($con, $_GET["pass"]); $pass = $_GET["pass"];
$pass = password_hash($pass, PASSWORD_DEFAULT); $pass = password_hash($pass, PASSWORD_DEFAULT);
$status = mysqli_real_escape_string($con, $_GET["status"]); $status = $_GET["status"];
// validate uid // validate uid
if (intval($uid) < 0) { if (intval($uid) < 0) {
@ -973,12 +932,12 @@ if (!empty($_GET["action"])) {
return; return;
} }
if ($action == "passchange" && $_SESSION['user_id'] == $uid) { if ($action == "passchange") {
$sql = "UPDATE users_table set Password='$pass' where User_ID='$uid';"; $sql = "UPDATE users_table set Password='$pass' where User_ID=$uid;";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
error_reporting(0); error_reporting(0);
echo "Password has been changed"; echo "Password has been changed";
//return; // return;
$_SESSION["infoChangePassword"] = $type . " User password was changed successfully."; $_SESSION["infoChangePassword"] = $type . " User password was changed successfully.";
header("Location: index.php"); header("Location: index.php");
} else { } else {
@ -987,8 +946,8 @@ if (!empty($_GET["action"])) {
} }
} }
if ($action == "statuschange" && $_SESSION['user_id'] == $uid && ($_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "Admin")) { if ($action == "statuschange") {
$sql = "UPDATE users_table set Status='$status' where User_ID='$uid';"; $sql = "UPDATE users_table set Status='$status' where User_ID=$uid;";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
$_SESSION["info_Admin_Users"] = $type . " user Status updated successfully "; $_SESSION["info_Admin_Users"] = $type . " user Status updated successfully ";
header("Location: Admin.php"); header("Location: Admin.php");
@ -1048,8 +1007,8 @@ if (!empty($_POST["frm_createCourse"])) {
if (!empty($_GET["exportgrade"])) { if (!empty($_GET["exportgrade"])) {
$lab = mysqli_real_escape_string($con, $_GET["lab"]); $lab = $_GET["lab"];
$lab_name = mysqli_real_escape_string($con, $_GET["lab_name"]); $lab_name = $_GET["lab_name"];
error_reporting(0); error_reporting(0);
@ -1061,7 +1020,7 @@ INNER JOIN lab_reports_table on lab_reports_table.Lab_Report_ID=lab_report_submi
INNER JOIN users_table on users_table.Student_ID=lab_report_submissions.Student_id INNER JOIN users_table on users_table.Student_ID=lab_report_submissions.Student_id
WHERE lab_report_submissions.Lab_Report_ID='$lab'"; WHERE lab_report_submissions.Lab_Report_ID=$lab";
$export = mysqli_query($con, $select); $export = mysqli_query($con, $select);
@ -1091,7 +1050,7 @@ WHERE lab_report_submissions.Lab_Report_ID='$lab'";
} }
header("Content-type: application/octet-stream"); header("Content-type: application/octet-stream");
header("Content-Disposition: attachment; filename=$lab_name Grade Sheet.xls"); header("Content-Disposition: attachment; filename=$lab_name Garde Sheet.xls");
header("Pragma: no-cache"); header("Pragma: no-cache");
header("Expires: 0"); header("Expires: 0");
print "$header\n$data"; print "$header\n$data";

2
Student.php
View File

@ -9,7 +9,7 @@ include 'Header.php';
<div class="row" style="width:80%;margin:auto;"> <div class="row" style="width:80%;margin:auto;">
<div class="col-md-6"> <div class="col-md-6">
<h1> Student Account Created. Now you can Browse Course Portals </h1> <h1> STUEDNT Account Created , Now you can Browse Course Portals </h1>
</div> </div>
</div> </div>

25
Submissions.php
View File

@ -10,7 +10,7 @@ $group_id = $_SESSION["user_group_id"];
$c_date = date("Y-m-d H:i"); $c_date = date("Y-m-d H:i");
if (!empty($_GET["id"])) { if (!empty($_GET["id"])) {
$id = mysqli_real_escape_string($con, $_GET["id"]); $id = $_GET["id"];
$course_id = $id; $course_id = $id;
} }
@ -139,6 +139,7 @@ where Lab_Report_ID=$id and lab_report_submissions.Status='Pending' order by Sub
if (mysqli_num_rows($result1) == 0) { if (mysqli_num_rows($result1) == 0) {
echo "No Un-Marked Submissions for this Lab Report."; echo "No Un-Marked Submissions for this Lab Report.";
} else { } else {
$mark_submission_btn_counter = 0;
while ($row = mysqli_fetch_assoc($result1)) { while ($row = mysqli_fetch_assoc($result1)) {
$title = $row['Title']; $title = $row['Title'];
$Marks = $row['Marks']; $Marks = $row['Marks'];
@ -157,6 +158,7 @@ where Lab_Report_ID=$id and lab_report_submissions.Status='Pending' order by Sub
$groupname = $row['Group_Name']; $groupname = $row['Group_Name'];
$groupleader = $row['Group_Leader']; $groupleader = $row['Group_Leader'];
$student_id = $row['sub_std']; $student_id = $row['sub_std'];
$mark_submission_btn_counter += 1;
if ($submitted_group == 0) { if ($submitted_group == 0) {
$submitted_by = $student_name . "(" . $student_id . ")"; $submitted_by = $student_name . "(" . $student_id . ")";
@ -183,8 +185,8 @@ where Lab_Report_ID=$id and lab_report_submissions.Status='Pending' order by Sub
} }
echo " <k href='#'> <div class='btn btn-default break-word' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'> echo " <k href='#'> <div class='btn btn-default break-word' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'>
$title <br> by: <b> <span class = 'text-selectable'>$submitted_by </span> </b> $title <br> by: <b> $submitted_by </b>
<br> <span style='font-size:8pt'>Submitted : $posted <button class='btn-sm btn-info' style='margin-left:50px;' onclick='mark($Submission_ID,\"$title\",$total)'> Mark Submission</button><br> Attachments : $full_link </span> <br> <span style='font-size:8pt'>Submitted : $posted <button class='btn-sm btn-info' style='margin-left:50px;' onclick='mark($Submission_ID,\"$title\",$total)' id='mark_submission_btn_$mark_submission_btn_counter'> Mark Submission</button><br> Attachments : $full_link </span>
</div></k>"; </div></k>";
} }
} }
@ -262,13 +264,8 @@ where Lab_Report_ID=$id and lab_report_submissions.Status='Marked' Order by lab
if ($att4 != "") { if ($att4 != "") {
$full_link = $full_link . "| <a href='~\..\Lab_Report_Submisions\\$att4'>$att4</a>"; $full_link = $full_link . "| <a href='~\..\Lab_Report_Submisions\\$att4'>$att4</a>";
} }
// you will notice why i used span here to wrap the $submitted_by variable echo " <k href='#'> <div class='btn btn-default break-word' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'>
// because if we wrap with span , the css class text-selectable can be used only by the submittedBy variable $title <br> by : <b> $submitted_by &nbsp; &nbsp;&nbsp;&nbsp;&nbsp; [ Marked $Marks ] </b> &nbsp; Visibility : <b>$Visibility </b> <button class='btn-sm btn-success' style='margin-left:50px;' onclick='updatev($Submission_ID)'>Update visibility</button>
// if you want to use text-selectable class on whole div, just call the css class
echo " <k href='#'> <div class='btn btn-default break-word ' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'>
$title <br> by : <b> <span class = 'text-selectable'>$submitted_by </span> &nbsp; &nbsp;&nbsp;&nbsp;&nbsp; [ Marked $Marks ] </b> &nbsp; Visibility : <b>$Visibility </b> <button class='btn-sm btn-success' style='margin-left:50px;' onclick='updatev($Submission_ID)'>Update visibility</button>
<hr> Lecturer/TA notes : $notes<br> <span style='font-size:8pt'>Submitted : $posted <b> </b> <button class='btn-sm btn-info' style='margin-left:50px;' onclick='mark($Submission_ID,\"$title\",$total)'> Re-Mark Submission</button><br> Attachments : $full_link </span> <hr> Lecturer/TA notes : $notes<br> <span style='font-size:8pt'>Submitted : $posted <b> </b> <button class='btn-sm btn-info' style='margin-left:50px;' onclick='mark($Submission_ID,\"$title\",$total)'> Re-Mark Submission</button><br> Attachments : $full_link </span>
</div></k>"; </div></k>";
} }
@ -346,8 +343,8 @@ where Lab_Report_ID=$id and lab_report_submissions.Status='Remarking'");
if ($att4 != "") { if ($att4 != "") {
$full_link = $full_link . "| <a href='~\..\Lab_Report_Submisions\\$att4'>$att4</a>"; $full_link = $full_link . "| <a href='~\..\Lab_Report_Submisions\\$att4'>$att4</a>";
} }
echo " <k href='#'> <div class='btn btn-default break-word ' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'> echo " <k href='#'> <div class='btn btn-default break-word' style='dislay:block; word-wrap: break-word; border: 1px solid #F0F0F0;border-left: 4px solid #03407B;'>
$title <br> by : <b> <span class = 'text-selectable'>$submitted_by </span> &nbsp; &nbsp;&nbsp;&nbsp;&nbsp; [ Marked $Marks ] </b> <br> Remarking Reason : <b>$remarking_reason </b> $title <br> by : <b> $submitted_by &nbsp; &nbsp;&nbsp;&nbsp;&nbsp; [ Marked $Marks ] </b> <br> Remarking Reason : <b>$remarking_reason </b>
<hr> <span style='font-size:8pt'>Submitted : $posted <b> </b> " <hr> <span style='font-size:8pt'>Submitted : $posted <b> </b> "
. "<button class='btn-sm btn-info' style='margin-left:50px;' onclick='mark($Submission_ID,\"$title\",$total)'> Re-Mark Submission</button>" . "<button class='btn-sm btn-info' style='margin-left:50px;' onclick='mark($Submission_ID,\"$title\",$total)'> Re-Mark Submission</button>"
. " &nbsp; &nbsp;&nbsp;&nbsp;<a href='~\..\Script.php?ignoreremarking=yes&id=$id&subid=$Submission_ID&header=$header&total=$total&status=Marked' class='btn-sm btn-warning'> Ignore Request </a>" . " &nbsp; &nbsp;&nbsp;&nbsp;<a href='~\..\Script.php?ignoreremarking=yes&id=$id&subid=$Submission_ID&header=$header&total=$total&status=Marked' class='btn-sm btn-warning'> Ignore Request </a>"
@ -424,8 +421,8 @@ where course_group_members_table.Course_Group_id=$id");
try { try {
$('<form id="submit-form" method="get" action="Script.php">' + title + '(' + marks + ' marks) <input type="hidden" name="savemarks" value="true">\n\ $('<form id="submit-form" method="get" action="Script.php">' + title + '(' + marks + ' marks) <input type="hidden" name="savemarks" value="true">\n\
<input type="hidden" name="total" value="' + marks + '" > <input type="hidden" name="id" value="' + id + '" ><br> Marks <input type="text" name="marks">\n\ <input type="hidden" name="total" value="' + marks + '" > <input type="hidden" name="id" value="' + id + '" ><br> Marks <input type="text" name="marks" id="marks">\n\
Comments <textarea name="feedback"></textarea> \n\ Comments <textarea name="feedback" id="feedback"></textarea> \n\
<input type="hidden" name="labid" value="<?php echo $course_id; ?>"> <input type="hidden" name="header" value="<?php echo $header; ?>"> </form>').dialog({ <input type="hidden" name="labid" value="<?php echo $course_id; ?>"> <input type="hidden" name="header" value="<?php echo $header; ?>"> </form>').dialog({
modal: true, modal: true,
title: 'Mark Submission', title: 'Mark Submission',

158
SubmitLab.php
View File

@ -3,133 +3,123 @@ include 'NoDirectPhpAcess.php';
?> ?>
<?php <?php
$page='Submit LAB+'; $page = 'Submit LAB+';
include 'Header.php'; include 'Header.php';
?> ?>
<div class='row' style='width:80%;margin:auto;'> <div class='row' style='width:80%;margin:auto;'>
<?php
<?php $c_date = date("Y-m-d H:i");
$student_id = $_SESSION["user_student_id"];
$c_date = date("Y-m-d H:i"); if (!empty($_GET["id"])) {
$student_id = $_SESSION["user_student_id"]; $id = $_GET["id"];
$url = $_GET["url"];
if(!empty($_GET["id"])) $result1 = mysqli_query($con, " SELECT `Type`, `Lab_Report_ID`, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, `Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4` FROM `lab_reports_table` WHERE Lab_Report_ID=$id and Deadline > '$c_date' ORDER by Lab_Report_ID DESC");
{ if (mysqli_num_rows($result1) == 0) {
$id = mysqli_real_escape_string($con, $_GET["id"]); echo "No active assignments for this course so far.";
$url = mysqli_real_escape_string($con, $_GET["url"]); } else {
$result1 = mysqli_query($con," SELECT `Type`, `Lab_Report_ID`, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, `Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4` FROM `lab_reports_table` WHERE Lab_Report_ID=$id and Deadline > '$c_date' ORDER by Lab_Report_ID DESC"); while ($row = mysqli_fetch_assoc($result1)) {
if(mysqli_num_rows($result1) == 0)
{
echo "No active assignments for this course so far.";
} else { $Course_ID = $row['Course_ID'];
$title = $row['Title'];
$ins = $row['Instructions'];
$posted = $row['Posted_Date'];
$deadline = $row['Deadline'];
$att1 = $row['Attachment_link_1'];
$att2 = $row['Attachment_link_2'];
$att3 = $row['Attachment_link_3'];
$att4 = $row['Attachment_link_4'];
$labid = $row['Lab_Report_ID'];
$type = $row['Type'];
while($row = mysqli_fetch_assoc($result1)) { //----------------------------------Giving both the Group Admin and Group Members same priviledges to submit assignment--------------------------------------
if ($type == "Group") {
$resultx1 = mysqli_query($con, "SELECT Course_Group_id FROM `course_groups_table` WHERE (Course_id=$Course_ID) and ((Group_Member=$student_id ) or (Group_Member2=$student_id ) or (Group_Member3=$student_id ) or (Group_Member4=$student_id ) or (Group_Leader=$student_id))");
while ($row = mysqli_fetch_assoc($resultx1)) {
$_SESSION["Group_ID"] = $row['Course_Group_id'];
}
$Course_ID = $row['Course_ID']; if ($_SESSION["Group_ID"] < 1) {
$title = $row['Title']; echo " <center><h3> This Lab report can only be submitted by Group Admin </h3> </center> ";
$ins = $row['Instructions']; return;
$posted = $row['Posted_Date']; }
$deadline = $row['Deadline'];
$att1 = $row['Attachment_link_1'];
$att2 = $row['Attachment_link_2'];
$att3 = $row['Attachment_link_3'];
$att4 = $row['Attachment_link_4'];
$labid = $row['Lab_Report_ID'];
$type = $row['Type'];
//----------------------------------Giving both the Group Admin and Group Members same priviledges to submit assignment--------------------------------------
if($type=="Group"){
$resultx1 = mysqli_query($con,"SELECT Course_Group_id FROM `course_groups_table` WHERE (Course_id=$Course_ID) and ((Group_Member=$student_id ) or (Group_Member2=$student_id ) or (Group_Member3=$student_id ) or (Group_Member4=$student_id ) or (Group_Leader=$student_id))");
while($row = mysqli_fetch_assoc($resultx1)) {
$_SESSION["Group_ID"] = $row['Course_Group_id'];
} }
if($_SESSION["Group_ID"] < 1) $full_link = "<a href='~\..\Lab_Report_Assignments\\$att1'>$att1</a>";
{
echo" <center><h3> This Lab report can only be submitted by Group Admin </h3> </center> "; if ($att2 != "") {
return; $full_link = $full_link . "| <a href='~\..\Lab_Report_Assignments\\$att2'>$att2</a>";
}
if ($att3 != "") {
$full_link = $full_link . "| <a href='~\..\Lab_Report_Assignments\\$att3'>$att3</a>";
} }
}
if ($att4 != "") {
$full_link = $full_link . "| <a href='~\..\Lab_Report_Assignments\\$att4'>$att4</a>";
}
$full_link="<a href='~\..\Lab_Report_Assignments\\$att1'>$att1</a>"; echo " <div class='alert' style='margin-left:20px;border-bottom:2px solid #1D91EF;'> <a href='~\..\Courses.php?course=$url'>
if($att2!=""){
$full_link = $full_link."| <a href='~\..\Lab_Report_Assignments\\$att2'>$att2</a>";
}
if($att3!=""){
$full_link = $full_link."| <a href='~\..\Lab_Report_Assignments\\$att3'>$att3</a>";
}
if($att4!=""){
$full_link = $full_link."| <a href='~\..\Lab_Report_Assignments\\$att4'>$att4</a>";
}
echo " <div class='alert' style='margin-left:20px;border-bottom:2px solid #1D91EF;'> <a href='~\..\Courses.php?course=$url'>
Courses > $url > Submlit Lab Report > $title Courses > $url > Submlit Lab Report > $title
<br> <br>
</a></div> </a></div>
"; ";
echo ""; echo "";
}
} }
} }
}
$Group_ID = $_SESSION["Group_ID"]; $Group_ID = $_SESSION["Group_ID"];
?> ?>
</div> </div>
<div style="width:80%;margin:auto;"> <div style="width:80%;margin:auto;">
<h3> Submit Lab Report Assignment </h3> <h3> Submit Lab Report Assignment </h3>
<hr> <hr>
<div class="row"> <div class="row">
<div class="col-md-6"> <div class="col-md-6">
<form method='post' enctype='multipart/form-data' action='Script.php' id="submit_lab_report_form">
<input type='hidden' name='frm_submitlab' value='true' required='' />
<input type='hidden' name='lab_id' value='<?php echo $id; ?>' required='' />
<input type='hidden' name='student_id' value='<?php echo $student_id; ?>' required='' />
<input type='hidden' name='group_id' value='<?php echo $Group_ID; ?>' required='' />
<input type='hidden' name='url' value='<?php echo $url; ?>' required='' />
<form method='post' enctype='multipart/form-data' action='Script.php'> Title
<input type='hidden' name='frm_submitlab' value='true' required=''/> <input type='text' name='title' placeholder='Ttle' class='form-control' required='' id="title">
<input type='hidden' name='lab_id' value='<?php echo $id; ?>' required=''/>
<input type='hidden' name='student_id' value='<?php echo $student_id; ?>' required=''/>
<input type='hidden' name='group_id' value='<?php echo $Group_ID; ?>' required=''/>
<input type='hidden' name='url' value='<?php echo $url; ?>' required=''/>
Title Attachment 1
<input type='text' name='title' placeholder='Ttle' class='form-control' required=''> <input type='file' name='attachment1' placeholder='Attachment 1' class='form-control' required='' id="attachment1">
Attachment 1 Attachment 2
<input type='file' name='attachment1' placeholder='Attachment 1' class='form-control' required=''> <input type='file' name='attachment2' placeholder='Attachment 2' class='form-control'>
Attachment 2 </div>
<input type='file' name='attachment2' placeholder='Attachment 2' class='form-control'>
</div> <div class="col-md-6">
<div class="col-md-6"> Attachment 3
<input type='file' name='attachment3' placeholder='Attachment 3' class='form-control'>
Attachment 3 Attachment 4
<input type='file' name='attachment3' placeholder='Attachment 3' class='form-control' > <input type='file' name='attachment4' placeholder='Attachment 4' class='form-control'>
<br>
Attachment 4 <input type='submit' class='btn btn-primary' value='Submit Lab Assignment' id="submit_lab_assignment_btn"><br>
<input type='file' name='attachment4' placeholder='Attachment 4' class='form-control' > </form>
<br>
<input type='submit' class='btn btn-primary' value='Submit Lab Assignment'><br> </div>
</form>
</div> </div>
</div>
</div> </div>

5
batch_insert.php
View File

@ -19,7 +19,7 @@ if (!$conn) {
} }
//获得用户名数据 //获得用户名数据
$source = mysqli_real_escape_string($conn,$_POST['users']); $source = $_POST['users'];
//如有多个空格,删除剩一个空格 //如有多个空格,删除剩一个空格
$source1 = preg_replace('/\s\s+/', ' ', $source); $source1 = preg_replace('/\s\s+/', ' ', $source);
@ -31,12 +31,13 @@ $source2 = trim($source1);
//根据空格拆分 //根据空格拆分
$user = explode(' ', $source2); $user = explode(' ', $source2);
//插入数据 //插入数据
for($index=0; $index < count($user); $index++) { for($index=0; $index < count($user); $index++) {
$result = mysqli_query($conn, "SELECT * FROM `students_data` WHERE Student_ID='$user[$index]'"); $result = mysqli_query($conn, "SELECT * FROM `students_data` WHERE Student_ID='$user[$index]'");
if (mysqli_num_rows($result) < 1) { if (mysqli_num_rows($result) < 1) {
if (! mysqli_query($conn, "REPLACE INTO `students_data`(`Student_ID`, `Passport_Number`) VALUES('$user[$index]', '')" ) ) { if (! mysqli_query($conn, "REPLACE INTO `students_data`(`Student_ID`, `Passport_Number`) VALUES('$user[$index]', '')" ) ) {
echo "SQL Error: " . $sql_stmt . "<br>" .htmlspecialchars(mysqli_error($conn)); echo "SQL Error: " . $sql_stmt . "<br>" . mysqli_error($conn);
} else { } else {
echo "<p>Student number $user[$index] added.</p>"; echo "<p>Student number $user[$index] added.</p>";
} }

11
css/main.css
View File

@ -1,11 +0,0 @@
/* this css class is used to enable copying in text with the mouse. */
.text-selectable {
-webkit-user-select: text;
-moz-user-select: text;
-ms-user-select: text;
user-select: text;
cursor:auto
}

2
index.php
View File

@ -82,7 +82,7 @@ if (isset($_SESSION["user_fullname"])) {
<div id="footer"> <div id="footer">
LRR was originally developed as a <a href="http://lanlab.org/course/2018f/se/homepage.html" style="color:white;">software engineering course project</a> by Mohamed Nor and Elmahdi Houzi. Please submit your suggestions or bug reports to lanhui. Last updated on 18/04/2020 by Ashly. <a href="./homepage" style="color:white;">More information ...</a> LRR was originally developed as a <a href="http://lanlab.org/course/2018f/se/homepage.html" style="color:white;">software engineering course project</a> by Mohamed Nor and Elmahdi Houzi. Please submit your suggestions or bug reports to lanhui _at_ zjnu.edu.cn. Last updated on 18/04/2020 by Ashly. <a href="./homepage" style="color:white;">More information ...</a>
</div> </div>
</body> </body>

6
logout.php
View File

@ -1,11 +1,11 @@
<?php <?php
// Start a new session
session_start();
// Destory sessions & redirect to index // Destory sessions & redirect to index
session_destroy(); session_destroy();
session_unset(); session_unset();
// Start a new session
session_start();
// Generate a new session ID // Generate a new session ID
session_regenerate_id(true); session_regenerate_id(true);

6
recover_password.php
View File

@ -27,9 +27,9 @@ include 'Header.php';
<div class="panel-body"> <div class="panel-body">
<form method="post" action="Script.php"> <form method="post" action="Script.php">
<input type="hidden" name="frm_recover_password" value="true"/> <input type="hidden" name="frm_recover_password" value="true"/>
Student number <input type="text" name="sno" placeholder="Enter your student number" class="form-control" required="required" value="<?php echo htmlspecialchars($_SESSION['student_number']); ?>"> Student number <input type="text" name="sno" placeholder="Enter your student number" class="form-control" required="required" value="<?php echo $_SESSION['student_number']; ?>">
<br/> <br/>
Email <input type="text" name="email" placeholder="Enter your email address" class="form-control" required="required" value="<?php echo htmlspecialchars($_SESSION['user_email']); ?>"> Email <input type="text" name="email" placeholder="Enter your email address" class="form-control" required="required" value="<?php echo $_SESSION['user_email']; ?>">
<br/> <br/>
<input type="submit" class="btn-primary" value="Recover"> <input type="submit" class="btn-primary" value="Recover">
@ -38,7 +38,7 @@ include 'Header.php';
<?php <?php
if(isset($_SESSION['info_recover_password'])) { if(isset($_SESSION['info_recover_password'])) {
echo '<hr><div class="alert alert-danger" role="alert">'.htmlspecialchars($_SESSION['info_recover_password']).'</div>'; echo '<hr><div class="alert alert-danger" role="alert">'.$_SESSION['info_recover_password'].'</div>';
$_SESSION['info_recover_password']=null; $_SESSION['info_recover_password']=null;
} }