<?php
/*
* This Contains the main Server-side scripts for the project
* session_destroy();
*
*
*/
session_start();
date_default_timezone_set('Asia/Shanghai');
// CONNeCTION
$con=mysqli_connect("localhost","username","password","lrr");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// else
// {
// echo "Connected";
// }
error_reporting(0);
if (!empty($_POST["frm_signup_1"])) {
$student_id = mysqli_real_escape_string($con,$_POST["student_id"]);
$passport = mysqli_real_escape_string($con,$_POST["passport"]);
// validate student number
if (strlen($student_id) != 12 || is_numeric($student_id) == FALSE) {
$_SESSION["info_signup1"] = "Invalid student number.";
header("Location: index.php");
return;
}
// passport should be empty (not used)
if (strcmp(trim($passport), '') != 0) {
$_SESSION["info_signup1"] = "Passport is disused. Please leave it empty.";
header("Location: index.php");
return;
}
$result = mysqli_query($con,
"SELECT * FROM `students_data` WHERE Student_ID='$student_id'");
// Just removed this condition from the above command and (Passport_Number='$passport' or Passport_Number = '')
if(mysqli_num_rows($result)==0)
{
$_SESSION["info_signup1"]="Student number could not be verified! Please contact Student Management Office (lanhui at zjnu.edu.cn). Thanks.";
header("Location: index.php");
return;
}
$result98 = mysqli_query($con,
"SELECT * FROM `users_table` WHERE Student_ID='$student_id'");
if(mysqli_num_rows($result98)==0)
{
$_SESSION['user_passport']=$passport;
$_SESSION['user_student_id']=$student_id;
header("Location: signup.php");
return;
}
else
{
$_SESSION["info_signup1"]="Student ID already in use! Please contact Student Management Office (lanhui at zjnu.edu.cn).";
header("Location: index.php");
return;
}
}
// ############################### CREATE STUDENT USER ##################################
if (!empty($_POST["frm_signup_2"])) {
$email = mysqli_real_escape_string($con,$_POST["email"]);
$password = mysqli_real_escape_string($con,$_POST["password"]);
$confirmpassword = mysqli_real_escape_string($con,$_POST["confirmpassword"]);
$fullname = mysqli_real_escape_string($con,$_POST["fullname"]);
$student_id = $_SESSION['user_student_id'];
$passport = $_SESSION['user_passport'];
$_SESSION['user_fullname'] = $fullname;
$_SESSION['user_type'] = "Student";
$_SESSION['user_email'] = $email;
// check confirmed password
if ( strcasecmp( $password, $confirmpassword ) != 0 ){
$_SESSION['info_signup2']="Password confirmation failed.";
$_SESSION['user_fullname'] = null;
$_SESSION['user_type'] = null;
header("Location: signup.php");
return;
}
// validate email
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$_SESSION['info_signup2']="Invalid email address.";
header("Location: signup.php");
return;
}
$upperLetter = preg_match('@[A-Z]@', $password);
$smallLetter = preg_match('@[a-z]@', $password);
$containsDigit = preg_match('@[0-9]@', $password);
$containsSpecial = preg_match('@[^\w]@', $password);
$containsAll = $upperLetter && $smallLetter && $containsDigit && $containsSpecial;
// check for strong password
if(! $containsAll) {
$_SESSION['info_signup2'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and sepcial characters (e.g., !?.,*^).";
header("Location: signup.php");
return;
}
// check if email is taked
$result = mysqli_query($con,
"SELECT * FROM Users_Table WHERE email='$email'");
if(mysqli_num_rows($result)!=0)
{
$_SESSION["info_signup2"]="Email adress ".$email." already in use.";
$_SESSION['user_fullname'] = null;
$_SESSION['user_type'] = null;
header("Location: signup.php");
return;
}
//applying password_hash()
$password_hash = password_hash($password, PASSWORD_DEFAULT);
$sql= "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`, `Student_ID`, `Passport_Number`) VALUES "
. "('$email','$password_hash','$fullname','Student','$student_id','$passport')";
if ($con->query($sql) === TRUE) {
header("Location: Courses.php");
} else {
// echo "Error: " . $sql . "<br>" . $con->error;
echo "Something really bad happend during sign up.";
}
}
// ################################ LOGIN #####################################
if (!empty($_POST["frm_login"])) {
$user=mysqli_real_escape_string($con,$_POST["user"]);
$is_student_number = 0;
// Validate student number
if (is_numeric($user) && strlen($user) != 12) {
$_SESSION["info_login"] = "Invalid student number:"."$user";
header("Location: index.php");
return;
} else {
$is_student_number = 1;
}
if ($is_student_number == 0 && !filter_var($user, FILTER_VALIDATE_EMAIL)) {
$_SESSION["info_login"] = "Invalid email address: "."$user";
header("Location: index.php");
return;
}
$password=mysqli_real_escape_string($con,$_POST["password"]);
// $hashed_password=hash('sha512', $password); Not necessary in the login
$result = mysqli_query($con, "SELECT * FROM users_table WHERE (Student_ID='$user') OR (Email='$user')");
if(mysqli_num_rows($result)==0)
{
$_SESSION["info_login"]="Inavlid login information.";
echo $_SESSION["info_login"];
header("Location: index.php");
}
else
{
while($row = mysqli_fetch_assoc($result)) {
// verify the hashed password and unhashed password
$sha512pass = hash('sha512', $password); // for backward compatibility. Old passwords were hashed using SHA512 algorithm.
if(password_verify($password, $row["Password"]) or $sha512pass == $row["HashPassword"]) {
$_SESSION['user_id']=$row['User_ID'];
$_SESSION['user_email']=$row['Email'];
$_SESSION['user_student_id']=$row['Student_ID'];
$_SESSION['user_type']=$row['UserType'];
$_SESSION['user_fullname']=$row['Full_Name'];
if( $_SESSION['user_type']=="Student")
{
header("Location: Courses.php");
}
if( $_SESSION['user_type']=="Lecturer")
{
header("Location: Courses.php");
}
if( $_SESSION['user_type']=="TA")
{
header("Location: Courses.php");
}
if( $_SESSION['user_type']=="Admin")
{
header("Location: Admin.php");
}
// report wrong pass if not correct
}else{
$_SESSION["wrong_pass"]="Wrong Password.";
echo $_SESSION["wrong_pass"];
header("Location: index.php");
}
}
}
}
// ################################ Recover Password #####################################
if (!empty($_POST["frm_recover_password"])) {
$student_id = mysqli_real_escape_string($con,$_POST["sno"]);
$email = mysqli_real_escape_string($con,$_POST["email"]);
// validate student number
if (strlen($student_id) != 12 || is_numeric($student_id) == FALSE) {
echo "Invalid student number.";
return;
}
// validate email
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo "Invalid email address.";
return;
}
$result = mysqli_query($con, "SELECT * FROM users_table WHERE Email='$email' and Student_ID='$student_id'");
if(mysqli_num_rows($result)==0)
{
$_SESSION["info_recover_password"]="Email address is not recognised.";
$_SESSION["info_recover_password"] = "Identity not recognized. Try again or send an inquiry email message to lanhui at zjnu.edu.cn.";
header("Location: recover_password.php");
} else
{
$result = mysqli_query($con, "DELETE FROM users_table WHERE Email='$email' and Student_ID='$student_id'");
$_SESSION["info_recover_password"] = "<b>Reset done. Please go to the sign up page and sign up again</b>.";
header("Location: recover_password.php");
}
}
// ################################ RESET Password #####################################
if (!empty($_POST["frm_reset_password"])) {
$password=mysqli_real_escape_string($con,$_POST["password"]);
$token=mysqli_real_escape_string($con,$_POST["token"]);
$email=mysqli_real_escape_string($con,$_POST["email"]);
$result = mysqli_query($con,
"SELECT * FROM Users_Table WHERE email='$email'");
if(mysqli_num_rows($result)==0)
{
echo "invalid email";
return;
}
else
{
while($row = mysqli_fetch_assoc($result)) {
$userid=$row['User_ID'];
$email=$row['Email'];
$id=$row['Student_ID'];
$user_token=$userid*$userid*$userid+$userid*0.00343;
if($user_token==$token)
{
// Password Update
// Password Update
$hashed_password=hash('sha512', $password);
$sql= "UPDATE users_table set HashPassword='$hashed_password' where User_ID=$userid;";
if ($con->query($sql) === TRUE) {
error_reporting(0);
$_SESSION["info_login"]=" Password changed successfully , you can login now with your new password ";
header("Location: index.php");
}
else {
echo "Error: " . $sql . "<br>" . $con->error;
}
} else
{
echo "Invalid Token ";
}
}
}
}
// ############################### CREATE Lecturer/TA USER ##################################
if (!empty($_POST["frm_createlecturrer"])) {
$email=mysqli_real_escape_string($con,$_POST["email"]);
$passport=mysqli_real_escape_string($con,$_POST["passport"]);
$fullname=mysqli_real_escape_string($con,$_POST["fullname"]);
$type=mysqli_real_escape_string($con,$_POST["type"]);
$password=$passport;
// check if email is taken
$result = mysqli_query($con,
"SELECT * FROM Users_Table WHERE email='$email'");
if(mysqli_num_rows($result)!=0)
{
$_SESSION["info_Admin_Users"]="Email adress : ".$email." is already in use.";
header("Location: Admin.php");
}
$sql= "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`, `Passport_Number`) VALUES "
. "('$email','$password','$fullname','$type','$passport')";
if ($con->query($sql) === TRUE) {
$_SESSION["info_Admin_Users"]=$type." user Created successfully : email ".$email." and $password as Password.";
header("Location: Admin.php");
} else {
echo "Error: " . $sql . "<br>" . $con->error;
}
}
// #### FUNCTION CHECK FILE TYPES ////
function is_valid($file) {
$allowed = array('pdf', 'rtf', 'jpg','png', 'doc', 'docx', 'xls', 'xlsx','sql','txt','md','py','css','html',
'cvc','c','class','cpp','h','java','sh','swift','zip','rar','ods','xlr','bak','ico','swf');
$filename = $_FILES[$file]['name'];
$ext = pathinfo($filename, PATHINFO_EXTENSION);
$result=in_array($ext,$allowed);
return $result;
}
// #### FUNCTION CREATE DIRECTORIES ////
function Create_dir($upPath)
{
try {
// full path
$tags = explode('/' ,$upPath); // explode the full path
$mkDir = "";
foreach($tags as $folder) {
$mkDir = $mkDir . $folder ."/"; // make one directory join one other for the nest directory to make
// echo '"'.$mkDir.'"<br/>'; // this will show the directory created each time
if(!is_dir($mkDir)) { // check if directory exist or not
mkdir($mkDir, 0777); // if not exist then make the directory
}
}
}
catch (Exception $e) {
}
return $upPath;
}
// ############################### #Post Assignment ##################################
if (!empty($_POST["frm_uploadlab"])) {
$course_id=mysqli_real_escape_string($con,$_POST["course_id"]);
$deadlinedate=$_POST["deadlinedate"];
$deadlinetime=$_POST["deadlinetime"];
$instructions=mysqli_real_escape_string($con,$_POST["instructions"]);
$title=mysqli_real_escape_string($con,$_POST["title"]);
$marks=mysqli_real_escape_string($con,$_POST["marks"]);
// $url=mysqli_real_escape_string($con,$_POST["url"]);
$url=$_SESSION['url']; //using real_escape_string was failing to redirect to the main page
$type=mysqli_real_escape_string($con,$_POST["type"]);
$deadline=$deadlinedate." ".$deadlinetime;
$date= date("Y-m-d H:i");
// GET UPLOADED FILES
$target_dir =Create_dir("Lab_Report_Assignments/".$title."/");
$rnd=rand(10,1000);
$rnd=""; // no more required , creating folder for each lab
$targetfile = $target_dir.$rnd.$_FILES['attachment1']['name'];
$targetfile2 = $target_dir.$rnd.$_FILES['attachment2']['name'];
$targetfile3 = $target_dir.$rnd.$_FILES['attachment3']['name'];
$targetfile4 = $target_dir.$rnd.$_FILES['attachment4']['name'];
$count=0;
if(!is_valid("attachment1") && $_FILES["attachment1"]["name"]!="")
{
echo "Invalid File Type for Attachment 1";
return;
}
if(!is_valid("attachment2") && $_FILES["attachment2"]["name"]!="")
{
echo "Invalid File Type for Attachment 2";
return;
}
if(!is_valid("attachment3") && $_FILES["attachment3"]["name"]!="")
{
echo "Invalid File Type for Attachment 3";
return;
}
//if($_FILES["attachment1"]["error"] != 0) {
// echo "Error uploading the file ";
//return;
//}
// use 4 for missing file
if (move_uploaded_file($_FILES['attachment1']['tmp_name'], $targetfile)) {
$count++;
} else {
echo $_FILES['attachment1']['error'];
}
if (move_uploaded_file($_FILES['attachment2']['tmp_name'], $targetfile2)) {
$count++;
} else {
echo $_FILES['attachment2']['error'];
}
if (move_uploaded_file($_FILES['attachment3']['tmp_name'], $targetfile3)) {
$count++;
} else {
echo $_FILES['attachment3']['error'];
}
if (move_uploaded_file($_FILES['attachment4']['tmp_name'], $targetfile4)) {
$count++;
} else {
echo $_FILES['attachment4']['error'];
}
//}
echo $count." File(s) uploaded";
//CLEAN
$targetfile="";
$targetfile2="";
$targetfile3="";
$targetfile4="";
if($_FILES['attachment1']['name']!=""){ $targetfile="/".$title."/".$_FILES['attachment1']['name']; }
if($_FILES['attachment2']['name']!=""){ $targetfile2="/".$title."/".$_FILES['attachment2']['name']; }
if($_FILES['attachment3']['name']!=""){ $targetfile3= "/".$title."/".$_FILES['attachment3']['name']; }
if($_FILES['attachment4']['name']!=""){ $targetfile4= "/".$title."/".$_FILES['attachment4']['name']; }
// return;
$sql="INSERT INTO `lab_reports_table`(`Course_ID`, `Posted_Date`, `Deadline`, `Instructions`,
`Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`,Marks,Type)
VALUES ('$course_id','$date','$deadline','$instructions','$title','$targetfile','$targetfile2','$targetfile3','$targetfile3',$marks,'$type')";
if ($con->query($sql) === TRUE) {
$_SESSION["info_courses"]=$type." Lab Report Assignment posted successfully.";
header("Location: Courses.php?course=".$url);
} else {
echo "Error: " . $sql . "<br>" . $con->error;
}
}
function checksize($file)
{
$filename = $_FILES[$file]['name'];
$result=$_FILES["$file"]['size']/1024/1024;
//$max_upload = (int)(ini_get('upload_max_filesize'));
//$max_post = (int)(ini_get('post_max_size'));
//$memory_limit = (int)(ini_get('memory_limit'));
//$upload_mb = min($max_upload, $max_post, $memory_limit);
if($result>20)
{
return FALSE;
}
return TRUE;
}
// ############################### Submit Assignment ##################################
if (!empty($_POST["frm_submitlab"])) {
$lab_id=mysqli_real_escape_string($con,$_POST["lab_id"]);
$student_id=$_POST["student_id"];
$group_id=$_POST["group_id"];
$instructions=mysqli_real_escape_string($con,$_POST["instructions"]);
$title=mysqli_real_escape_string($con,$_POST["title"]);
$url=mysqli_real_escape_string($con,$_POST["url"]);
$deadline=$deadlinedate." ".$deadlinetime;
$date= date("Y-m-d H:i");
// GET UPLOADED FILES
$labName = mysqli_query($con,"SELECT * FROM `lab_reports_table` WHERE Lab_Report_ID=$lab_id");
while($row = mysqli_fetch_assoc($labName))
{$lab_name=$row['Title'];
$_SESSION['Sub_Type']=$row['Type'];
}
$target_dir =Create_dir("Lab_Report_Submisions/".$student_id."/".$lab_name."/");
$targetfile = $target_dir.$_FILES['attachment1']['name'];
$targetfile2 = $target_dir.$_FILES['attachment2']['name'];
$targetfile3 = $target_dir.$_FILES['attachment3']['name'];
$targetfile4 = $target_dir.$_FILES['attachment4']['name'];
//$curDateTime = date("Y-m-d H:i");
//$myDate = date("Y-m-d H:i", strtotime("2017-12-28 18:01"));
//if($curDateTime <= $myDate ){
// echo "active ".+$curDateTime." mydate= ".$myDate;
//
//}else{
// echo "inactive c=".$curDateTime;
//}
//
$count=0;
//check zise
if(!checksize("attachment1"))
{
echo "2 MB is the maximum file size allowed";
return;
}
if(!checksize("attachment2") && $_FILES["attachment2"]["name"]!="")
{
echo "2 MB is the maximum file size allowed";
return;
}
if(!checksize("attachment3") && $_FILES["attachment3"]["name"]!="")
{
echo "2 MB is the maximum file size allowed";
return;
}
if(!is_valid("attachment1"))
{
echo "Invalid File Type for Attachment 1";
return;
}
if(!is_valid("attachment2") && $_FILES["attachment2"]["name"]!="")
{
echo "Invalid File Type for Attachment 2";
return;
}
if(!is_valid("attachment3") && $_FILES["attachment3"]["name"]!="")
{
echo "Invalid File Type for Attachment 3";
return;
}
if($_FILES["attachment1"]["error"] != 0) {
echo "Error uploading the file ";
return;
}
// use 4 for missing file
if (move_uploaded_file($_FILES['attachment1']['tmp_name'], $targetfile)) {
$count++;
} else {
echo $_FILES['attachment1']['error'];
}
if (move_uploaded_file($_FILES['attachment2']['tmp_name'], $targetfile2)) {
$count++;
} else {
echo $_FILES['attachment2']['error'];
}
if (move_uploaded_file($_FILES['attachment3']['tmp_name'], $targetfile3)) {
$count++;
} else {
echo $_FILES['attachment3']['error'];
}
if (move_uploaded_file($_FILES['attachment4']['tmp_name'], $targetfile4)) {
$count++;
} else {
echo $_FILES['attachment4']['error'];
}
//}
echo $count." File(s) uploaded";
//CLEAN
$targetfile1="";
$targetfile2="";
$targetfile3="";
$targetfile4="";
if(strlen($_FILES['attachment1']['name']) > 2 ) {
$targetfile="/".$student_id."/".$lab_name."/".$_FILES['attachment1']['name'];
}
if(strlen($_FILES['attachment2']['name']) > 2 ) {
$targetfile2="/".$student_id."/".$lab_name."/".$_FILES['attachment2']['name']; }
if(strlen($_FILES['attachment3']['name']) > 2 ) {
$targetfile3= "/".$student_id."/".$lab_name."/".$_FILES['attachment3']['name'];}
if(strlen($_FILES['attachment4']['name']) > 2 ) {
$targetfile4= "/".$student_id."/".$lab_name."/".$_FILES['attachment4']['name'];
}
$sql1="Delete from lab_report_submissions where Lab_Report_ID=$lab_id and Student_id=$student_id and Course_Group_id=$group_id";
if ($con->query($sql1) === TRUE) {
}
// When $group_id is not properly initialized, use integer 0 as its value.
// This temporarily fixed the "Students unable to submit assignment after a recent change" bug at http://118.25.96.118/bugzilla/show_bug.cgi?id=65
if (trim($group_id) === '') { // when $group_id is an empty string or contains only whitespace characters.
$group_id = 0; // FIXME
}
$sql="INSERT INTO `lab_report_submissions`(`Submission_Date`, `Lab_Report_ID`, `Student_id`,"
. " `Course_Group_id`, `Attachment1`, `Notes`, `Attachment2`, `Attachment3`, `Attachment4`, `Status`, `Title`,`Remarking_Reason`)"
. " VALUES ('$date',$lab_id,$student_id,$group_id,'$targetfile','$instructions','$targetfile2','$targetfile3','$targetfile4',"
. "'Pending','$title','')";
if ($con->query($sql) === TRUE) {
if($_SESSION['Sub_Type']=='Individual')
// {
// // $con->query($sql = "UPDATE `lab_report_submissions` SET `Student_id` = ('".$student_id."') WHERE `lab_report_submissions`.`Course_Group_id` = '$group_id'");
// }
// else
{
$con->query($sql = "UPDATE `lab_report_submissions` SET `Course_Group_id` = '0' WHERE `lab_report_submissions`.`Lab_Report_ID` = '$lab_id'");
}
$_SESSION["info_courses"]=$type." Lab Report Assignment Submitted successfully.";
header("Location: Course.php?url=".$url);
} else {
echo "Error: <br>" . $con->error;
}
}
// JOIN COURSE
if (!empty($_GET["JoinCourse"])) {
$id=$_GET["id"];
$student_id=$_GET["std"];
$joining=$_GET["joining"];
$status="Pending";
if($joining==0){ $status="Joined";}
$sql="INSERT INTO `course_students_table`(`Course_ID`, `Student_ID`,`Status`) VALUES
('$id','$student_id','$status')";
if ($con->query($sql) === TRUE) {
if($joining==0)
{
$_SESSION["info_Courses_student"]="You enroll in this Course successfully.";
}
else {
$_SESSION["info_Courses_student"]="Course enrollment request was sent to the lecturer.";
}
header("Location: Courses.php");
} else {
echo "Error: " . $sql . "<br>" . $con->error;
}
}
#MARK LAB REPORT
if (!empty($_GET["savemarks"])) {
$id=$_GET["id"];
$marks=$_GET["marks"];
$total=$_GET["total"];
$feedback=$_GET["feedback"];
$header=$_GET["header"];
$labid=$_GET["labid"];
$status="Marked";
if($marks>$total)
{
echo " Marks could not be greater than total";
return;
}
$date= date("Y-m-d H:i");
$feedback="<br>@$date : ".$feedback;
$sql="UPDATE `lab_report_submissions` SET `Marks`='$marks',`Status`='$status',"
. ""
. "Notes=if(Notes is null, ' ', concat(Notes, '$feedback'))"
. ""
. " WHERE Submission_ID=$id
";
if ($con->query($sql) === TRUE) {
$_SESSION["info_Marking"]="Lab Report Submission Marked";
header("Location: Submissions.php?id=".$labid."&header=".$header."&total=".$total);
} else {
echo "Error: " . $sql . "<br>" . $con->error;
}
}
#Update Report Visibility
if (!empty($_GET["updatevisibility"])) {
$id=$_GET["id"];
$marks=$_GET["marks"];
$total=$_GET["total"];
$status=$_GET["status"];
$header=$_GET["header"];
$labid=$_GET["labid"];
$sql="UPDATE `lab_report_submissions` SET `Visibility`='$status' WHERE Submission_ID=$id
";
if ($con->query($sql) === TRUE) {
$_SESSION["info_Marking"]="Lab Report Visibility Updated";
header("Location: Submissions.php?id=".$labid."&header=".$header."&total=".$total);
} else {
echo "Error: " . $sql . "<br>" . $con->error;
}
}
#Remarking Request
if (!empty($_GET["remarking"])) {
$id=$_GET["id"];
$url=$_GET["url"];
$status= $_GET["status"];
$details=$_GET["details"];
$sql="UPDATE `lab_report_submissions` SET `Status`='Remarking',Remarking_Reason='$details' WHERE Submission_ID=$id
";
if ($con->query($sql) === TRUE) {
$_SESSION["info_ReMarking"]="Remarking Request Sent";
header("Location: Course.php?url=".$url);
} else {
echo "Error: " . $sql . "<br>" . $con->error;
}
}
#Create Group Request
if (!empty($_GET["creategroup"])) {
$student_id=$_GET["student_id"];
$url=$_GET["url"];
$id=$_GET["id"];
$name= $_GET["name"];
$sql="INSERT INTO `course_groups_table`(`Group_Name`,
`Group_Leader`, `Course_id`) VALUES ('$name',$student_id,$id)";
if ($con->query($sql) === TRUE) {
$resultx1 = mysqli_query($con,"Select Max(Course_Group_id) as cnt from course_groups_table");
while($row = mysqli_fetch_assoc($resultx1)) {$gid=$row['cnt'];}
$sql="INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`)
VALUES ($gid,$student_id,'Created')";
if ($con->query($sql) === TRUE) {
$_SESSION["info_ReMarking"]="Course group Created";
header("Location: Course.php?url=".$url);
} else {
echo "Error: " . $sql . "<br>" . $con->error;
}
} else {
echo "Error: " . $sql . "<br>" . $con->error;
}
}
//---------------------------------------Invite Group Request and add a new member into the database------------------------------------
if (!empty($_GET["groupinvite"])) {
$student_id=$_GET["student_id"];
$url=$_GET["url"];
$courseid=$_GET["courseid"];
$groupid=$_GET["groupid"];
// if(($_SESSION['Group_Member4']=='0') or ($_SESSION['Group_Member3']=='0') or ($_SESSION['Group_Member2']=='0') or ($_SESSION['Group_Member']=='0')){
$sql="INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`)
VALUES ($groupid,$student_id,'Invited')";
if ($con->query($sql) === TRUE) {
$resultx1 = mysqli_query($con,"SELECT * FROM course_groups_table where Course_Group_id ='$groupid'");
while($row = mysqli_fetch_assoc($resultx1))
{
$Group_Member=$row['Group_Member'];
$Group_Member4=$row['Group_Member4'];
$Group_Member2=$row['Group_Member2'];
$Group_Member3=$row['Group_Member3'];
$_SESSION['Group_Member4']=$Group_Member4;
$_SESSION['Group_Member3']=$Group_Member3;
$_SESSION['Group_Member2']=$Group_Member2;
$_SESSION['Group_Member']=$Group_Member;
if($Group_Member=='0'){
mysqli_query($con,"UPDATE `course_groups_table` SET `Group_Member` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'");
$_SESSION["info_ReMarking"]=$student_id . " was invited to the group";
header("Location: Course.php?url=".$url);
}elseif($Group_Member2=='0'){
mysqli_query($con,"UPDATE `course_groups_table` SET `Group_Member2` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'");
$_SESSION["info_ReMarking"]=$student_id . " was invited to the group";
header("Location: Course.php?url=".$url);
}elseif($Group_Member3=='0'){
mysqli_query($con,"UPDATE `course_groups_table` SET `Group_Member3` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'");
$_SESSION["info_ReMarking"]=$student_id . " was invited to the group";
header("Location: Course.php?url=".$url);
}elseif($Group_Member4=='0'){
mysqli_query($con,"UPDATE `course_groups_table` SET `Group_Member4` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'");
$_SESSION["info_ReMarking"]=$student_id . " was invited to the group";
header("Location: Course.php?url=".$url);
} else {
$_SESSION["info_ReMarking"]= " You cant add any more members";
header("Location: Course.php?url=".$url);
}
}
// }
} }
#Accept deny Group Invite
if (!empty($_GET["acceptinvite"])) {
$student_id=$_GET["student_id"];
$url=$_GET["url"];
$action=$_GET["action"];
$groupid=$_GET["groupid"];
if($action==1)
{
$sql="Update `course_group_members_table` set Status='Joined' where Course_Group_id =$groupid and student_id=$student_id
";
}
else
{
$sql="Delete from `course_group_members_table` where Course_Group_id =$groupid and student_id=$student_id
";
}
if ($con->query($sql) === TRUE) {
$_SESSION["info_ReMarking"]=" Group Invite Updated";
header("Location: Course.php?url=".$url);
} else {
echo "Error: " . $sql . "<br>" . $con->error;
}
}
#Extend Deadline
if (!empty($_GET["extenddeadline"])) {
$id=$_GET["id"];
$date=$_GET["date"];
$time=$_GET["time"];
$type=$_GET["type"];
$stdid=$_GET["stdid"];
$reason =$_GET["reason"];
$url =$_GET["url"];
$deadline=$date." ".$time;
if($type==1)
{
}
if($type==1)
{
$sql="UPDATE `lab_reports_table` SET `Deadline`='$deadline' WHERE Lab_Report_ID=$id";
}
else
{
$sql="INSERT INTO `extended_deadlines_table`(`Student_ID`, "
. "`Lab_Report_ID`, `Extended_Deadline_Date`,"
. " `ReasonsForExtension`) VALUES ($stdid,$id,'$deadline','$reason')";
}
if ($con->query($sql) === TRUE) {
$_SESSION["info_courses"]=" Lab Report Deadline extended successfully.";
header("Location: Courses.php?course=".$url);
} else {
echo "Error: " . $sql . "<br>" . $con->error;
}
}
#IGNORE Remarking Request
if (!empty($_GET["ignoreremarking"])) {
$id=$_GET["id"];
$total=$_GET["total"];
$header=$_GET["header"];
$subid=$_GET["subid"];
$sql="UPDATE lab_report_submissions SET Status='Marked' WHERE Submission_ID=$subid";
if ($con->query($sql) === TRUE) {
$_SESSION["info_Marking"]="Remarking Request Ignored , Submission Updated to 'Marked' status";
header("Location: Submissions.php?id=".$id."&header=".$header."&total=".$total);
} else {
echo "Error: " . $sql . "<br>" . $con->error;
}
}
#Assign TA
if (!empty($_GET["assignTA"])) {
$id=$_GET["id"];
$ta=$_GET["ta"];
$sql="INSERT INTO `course_ta`(`Course_ID`, `TA`) VALUES ($id,$ta)";
if ($con->query($sql) === TRUE) {
$_SESSION["info_Admin_Courses"]=$type." Course TA Assigned ";
header("Location: Admin.php");
} else {
echo "Error: " . $sql . "<br>" . $con->error;
}
}
//ACCEPT STUDNTS JOINING COURSSS
if (!empty($_GET["AcceptStudent"])) {
$id=$_GET["id"];
$rs=$_GET["rs"];
if($rs=="yes")
{
$sql="Update course_students_table set Status='Joined' Where ID=$id";
} else {
$sql="Delete FROM course_students_table Where ID=$id";
}
if ($con->query($sql) === TRUE) {
if($rs=="yes")
{
$_SESSION["info_courses"]="Course Joining request Approved.";
}
else {
$_SESSION["info_courses"]="Course Joining request Declined & Removed.";
}
header("Location: Courses.php");
}
else {
echo "Error: " . $sql . "<br>" . $con->error;
}
}
//action=passchange&uid=1&pass=1929
if (!empty($_GET["action"])) {
$action=$_GET["action"];
$uid=$_GET["uid"];
$pass = $_GET["pass"];
$pass = password_hash($pass, PASSWORD_DEFAULT);
$status=$_GET["status"];
// validate uid
if (intval($uid) < 0) {
header("Location: index.php");
return;
}
if($action=="passchange")
{
$sql= "UPDATE users_table set Password='$pass' where User_ID=$uid;";
if ($con->query($sql) === TRUE) {
error_reporting(0);
echo "Password has been changed";
// return;
$_SESSION["infoChangePassword"]=$type." User password was changed successfully.";
header("Location: index.php");
} else {
// echo "Error: " . $sql . "<br>" . $con->error;
echo "Something really bad happened while changing password. Contact lanhui at zjnu.edu.cn. Thanks!";
}
}
if($action=="statuschange")
{
$sql= "UPDATE users_table set Status='$status' where User_ID=$uid;";
if ($con->query($sql) === TRUE) {
$_SESSION["info_Admin_Users"]=$type." user Status updated successfully ";
header("Location: Admin.php");
} else {
// echo "Error: " . $sql . "<br>" . $con->error;
echo "Something really bad happened while changing status. Contact lanhui at zjnu.edu.cn. Thanks!";
}
}
}
// ############################### CREATE STUDENT USER ##################################
if (!empty($_POST["frm_createCourse"])) {
$name=mysqli_real_escape_string($con,$_POST["name"]);
$academic=mysqli_real_escape_string($con,$_POST["academic"]);
$lecturer=mysqli_real_escape_string($con,$_POST["lecturer"]);
$ta=mysqli_real_escape_string($con,$_POST["ta"]);
$faculty=mysqli_real_escape_string($con,$_POST["faculty"]);
$code=mysqli_real_escape_string($con,$_POST["code"]);
$url=mysqli_real_escape_string($con,$_POST["url"]);
$verify=mysqli_real_escape_string($con,$_POST["verify"]);
$who=mysqli_real_escape_string($con,$_POST["l"]);
if($url=="")
{
$url= $code.$academic;
}
if($ta=="")
{
$ta=0;
}
// check if email is taked
// $result = mysqli_query($con,
// "SELECT * FROM courses_table WHERE Course_Name='$name'");
// if(mysqli_num_rows($result)!=0)
// {
// $_SESSION["info_Admin_Courses"]="Course Name : ".$name." already used.";
// header("Location: Admin.php");
// }
//
$sql="INSERT INTO `courses_table`(`Course_Name`, `Academic_Year`, `Faculty`, `Lecturer_User_ID`, `TA_User_ID`, `Course_Code`, `URL`, `Verify_New_Members`)
VALUES ('$name','$academic','$faculty','$lecturer','$ta','$code','$url','$verify')";
if ($con->query($sql) === TRUE) {
$_SESSION["info_Admin_Courses"]="Course portal was Created successfully.";
if($who=="l")
{
header("Location: Courses.php");
} else
{
header("Location: Admin.php");
}
} else {
echo "Error: " . $sql . "<br>" . $con->error;
}
}
//exportgrade
if (!empty($_GET["exportgrade"])) {
$lab=$_GET["lab"];
$lab_name=$_GET["lab_name"];
error_reporting(0);
$select = "SELECT lab_reports_table.Title as 'LAB_Report', lab_reports_table.Marks as Lab_Marks,
`Submission_Date`, lab_report_submissions.Student_id, users_table.Full_Name as Student_Name, lab_report_submissions.Marks,`Notes`
FROM `lab_report_submissions`
INNER JOIN lab_reports_table on lab_reports_table.Lab_Report_ID=lab_report_submissions.Lab_Report_ID
INNER JOIN users_table on users_table.Student_ID=lab_report_submissions.Student_id
WHERE lab_report_submissions.Lab_Report_ID=$lab";
$export = mysqli_query($con,$select);
$fields = mysqli_num_fields ( $export );
for ( $i = 0; $i < $fields; $i++ )
{
$header .= mysqli_fetch_field_direct( $export , $i )->name. "\t";
}
while( $row = mysqli_fetch_row( $export ) )
{
$line = '';
foreach( $row as $value )
{
if ( ( !isset( $value ) ) || ( $value == "" ) )
{
$value = "\t";
}
else
{
$value = str_replace( '"' , '""' , $value );
$value = '"' . $value . '"' . "\t";
}
$line .= $value;
}
$data .= trim( $line ) . "\n";
}
$data = str_replace( "\r" , "" , $data );
if ( $data == "" )
{
$data = "\n(0) Records Found!\n";
}
header("Content-type: application/octet-stream");
header("Content-Disposition: attachment; filename=$lab_name Garde Sheet.xls");
header("Pragma: no-cache");
header("Expires: 0");
print "$header\n$data";
}