Admin.php - Fixed Bug 485 Lecturer should not have the administration panel that allows him to create other Lecturer accounts #49
74
Admin.php
74
Admin.php
|
@ -8,10 +8,9 @@ include 'Header.php';
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
if ($_SESSION['user_type'] != "Lecturer") {
|
// Only Lecturer or Admin could access this page
|
||||||
$_SESSION["info_login"] = "You must log in first.";
|
if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
|
||||||
echo $_SESSION["info_login"];
|
die("Sorry. Nothing to see here.");
|
||||||
header("Location: index.php");
|
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
|
||||||
|
@ -36,10 +35,23 @@ if ($_SESSION['user_type'] != "Lecturer") {
|
||||||
<hr>
|
<hr>
|
||||||
-->
|
-->
|
||||||
<div class="col-md-6">
|
<div class="col-md-6">
|
||||||
<h4> User Account Management </h4>
|
|
||||||
<hr>
|
|
||||||
|
|
||||||
<b>Lecturer / TA Accounts </b><br>
|
<?php
|
||||||
|
if ($_SESSION['user_type'] == "Lecturer") {
|
||||||
|
|
||||||
|
echo " <h4> TA Account Management </h4>
|
||||||
|
<hr> " ;
|
||||||
|
echo "<b>TA Accounts </b><br>" ;
|
||||||
|
}
|
||||||
|
|
||||||
|
else if($_SESSION['user_type'] == "Admin"){
|
||||||
|
|
||||||
|
echo " <h4> Lecturer Account Management </h4>
|
||||||
|
<hr> ";
|
||||||
|
echo "<b>Lecturer Accounts </b><br>";
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
||||||
|
|
||||||
<div class="container">
|
<div class="container">
|
||||||
|
|
||||||
|
@ -65,7 +77,19 @@ if ($_SESSION['user_type'] != "Lecturer") {
|
||||||
|
|
||||||
<div id="home" class="container tab-pane active"><br>
|
<div id="home" class="container tab-pane active"><br>
|
||||||
|
|
||||||
<b>Create Lecturer/TA Accounts </b>
|
<?php
|
||||||
|
if ($_SESSION['user_type'] == "Lecturer") {
|
||||||
|
|
||||||
|
echo "<b>Create TA Accounts </b>";
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
else if($_SESSION['user_type'] == "Admin"){
|
||||||
|
|
||||||
|
echo "<b>Create Lecturer Accounts </b>";
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
||||||
<form method="post" action="Script.php" id="create_account_form">
|
<form method="post" action="Script.php" id="create_account_form">
|
||||||
<input type="hidden" name="frm_createlecturrer" value="true" required="" />
|
<input type="hidden" name="frm_createlecturrer" value="true" required="" />
|
||||||
Full_Name
|
Full_Name
|
||||||
|
@ -76,9 +100,25 @@ if ($_SESSION['user_type'] != "Lecturer") {
|
||||||
Passport_Number / ID (Used as Intial Password)
|
Passport_Number / ID (Used as Intial Password)
|
||||||
<input type="text" class="form-control" name="passport" placeholder="Passport No./ID" required="">
|
<input type="text" class="form-control" name="passport" placeholder="Passport No./ID" required="">
|
||||||
<br> User Type :
|
<br> User Type :
|
||||||
<input type="radio" name="type" value="Lecturer" required="" id="role_lecturer"> Lecturer
|
|
||||||
<input type="radio" name="type" value="TA" required="" id="role_TA"> T/A
|
<?php
|
||||||
|
|
||||||
|
if ($_SESSION['user_type'] == "Lecturer") {
|
||||||
|
|
||||||
|
echo ' <input type="radio" name="type" value="TA" required="" id="role_TA"> TA (Teaching Assistant) ';
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
else if($_SESSION['user_type'] == "Admin"){
|
||||||
|
|
||||||
|
echo " <input type='radio' name = 'type' value = 'Lecturer' required = '' id='role_lecturer' > Lecturer ";
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
||||||
|
|
||||||
<input type="submit" class="btn btn-primary" value="Create" id="create_btn"><br>
|
<input type="submit" class="btn btn-primary" value="Create" id="create_btn"><br>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
error_reporting(E_ALL);
|
error_reporting(E_ALL);
|
||||||
|
@ -112,10 +152,22 @@ if ($_SESSION['user_type'] != "Lecturer") {
|
||||||
</tr>
|
</tr>
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
if ($_SESSION['user_type'] == "Lecturer") {
|
||||||
|
|
||||||
$result = mysqli_query(
|
$result = mysqli_query(
|
||||||
$con,
|
$con,
|
||||||
"SELECT * FROM Users_Table WHERE UserType in ('Lecturer','TA')"
|
"SELECT * FROM Users_Table WHERE UserType in ('TA')"
|
||||||
);
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
else if($_SESSION['user_type'] == "Admin"){
|
||||||
|
|
||||||
|
$result = mysqli_query(
|
||||||
|
$con,
|
||||||
|
"SELECT * FROM Users_Table WHERE UserType in ('Lecturer')"
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
while ($row = mysqli_fetch_assoc($result)) {
|
while ($row = mysqli_fetch_assoc($result)) {
|
||||||
$pass = $row['Passport_Number'];
|
$pass = $row['Passport_Number'];
|
||||||
$btn = "<button class='btn-primary' onclick=\"updatePass(" . $row['User_ID'] . ",'$pass')\">Reset</button>";
|
$btn = "<button class='btn-primary' onclick=\"updatePass(" . $row['User_ID'] . ",'$pass')\">Reset</button>";
|
||||||
|
|
|
@ -2,6 +2,6 @@
|
||||||
// https://stackoverflow.com/questions/33999475/prevent-direct-url-access-to-php-file
|
// https://stackoverflow.com/questions/33999475/prevent-direct-url-access-to-php-file
|
||||||
if (!isset($_SERVER['HTTP_REFERER']) ) {
|
if (!isset($_SERVER['HTTP_REFERER']) ) {
|
||||||
/* choose the appropriate page to redirect users */
|
/* choose the appropriate page to redirect users */
|
||||||
die( header( 'location: index.php' ) );
|
die( header( 'location: logout.php' ) );
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -283,7 +283,7 @@ if (!empty($_POST["frm_createlecturrer"])) {
|
||||||
. "('$email','$password','$fullname','$type')";
|
. "('$email','$password','$fullname','$type')";
|
||||||
|
|
||||||
if ($con->query($sql) === TRUE) {
|
if ($con->query($sql) === TRUE) {
|
||||||
$_SESSION["info_Admin_Users"] = $type . " user Created successfully : email " . $email . " and $password as Password.";
|
$_SESSION["info_Admin_Users"] = $type . " user created successfully. Use email " . $email . " as accout name and $password as password.";
|
||||||
header("Location: Admin.php");
|
header("Location: Admin.php");
|
||||||
} else {
|
} else {
|
||||||
echo "Error: " . $sql . "<br>" . $con->error;
|
echo "Error: " . $sql . "<br>" . $con->error;
|
||||||
|
|
Loading…
Reference in New Issue