. Thanks."; $_SESSION['user_fullname'] = null; header("Location: signup.php"); return; } // Check if the student number isn't already registered $student_result = mysqli_query($con, "SELECT * FROM `users_table` WHERE Student_ID='$student_id'"); if (mysqli_num_rows($student_result) > 0) { $_SESSION["info_signup"] = "This Student ID is already in use! Please contact Student Management Office for help."; $_SESSION['user_fullname'] = null; header("Location: signup.php"); return; } } // ############################### CREATE STUDENT USER ################################## if (!empty($_POST["form_signup"])) { $fullname = mysqli_real_escape_string($con, $_POST["fullname"]); $student_id = mysqli_real_escape_string($con, $_POST["user_student_id"]); $email = mysqli_real_escape_string($con, $_POST["email"]); $password = mysqli_real_escape_string($con, $_POST["password"]); $confirmpassword = mysqli_real_escape_string($con, $_POST["confirmpassword"]); $_SESSION['user_student_id'] = $_POST["student_id"]; $_SESSION['user_type'] = "Student"; // check confirmed password if (strcasecmp($password, $confirmpassword) != 0) { $_SESSION['info_signup'] = "Password confirmation failed."; $_SESSION['user_fullname'] = null; // such that Header.php do not show the header information. header("Location: signup.php"); return; } // validate email if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $_SESSION['info_signup'] = "Invalid email address."; $_SESSION['user_fullname'] = null; header("Location: signup.php"); return; } $upperLetter = preg_match('@[A-Z]@', $password); $smallLetter = preg_match('@[a-z]@', $password); $containsDigit = preg_match('@[0-9]@', $password); $containsSpecial = preg_match('@[^\w]@', $password); $containsAll = $upperLetter && $smallLetter && $containsDigit && $containsSpecial; // check for strong password if (!$containsAll) { $_SESSION['info_signup'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and special characters (e.g., !?.,*^)."; $_SESSION['user_fullname'] = null; header("Location: signup.php"); return; } // check if email is taken $result = mysqli_query($con, "SELECT * FROM users_table WHERE email='$email'"); if(mysqli_num_rows($result) != 0) { $_SESSION["info_signup"]="Email address ".$email." is already in use. Do you have an old LRR account?"; } $_SESSION['user_type'] = "Student"; $_SESSION['user_email'] = $email; $_SESSION['user_student_id'] = $student_id; // apply password_hash() $password_hash = password_hash($password, PASSWORD_DEFAULT); $sql = "INSERT INTO `users_table`(`Email`, `Password`, `HashPassword`, `Full_Name`, `UserType`, `Student_ID`) VALUES " . "('$email','$password_hash','','$fullname','Student','$student_id')"; $_SESSION['user_fullname'] =$_SESSION['user_fullname_temp']; if ($con->query($sql) === TRUE) { header("Location: Courses.php"); } else { echo "Something really bad (SQL insertion error) happened during sign up."; } } // ################################ LOGIN ##################################### if (!empty($_POST["form_login"])) { $user = mysqli_real_escape_string($con, $_POST["user"]); // user could be a 12-digit student number or an email address $is_student_number = 0; $_SESSION["failed_login_user"] = $user; // Save the entered username in a session variable echo "Failed login user: " . $_SESSION["failed_login_user"]; // Validate student number if (is_valid_student_number($user)) { $is_student_number = 1; } // Validate email address if what provided is not a student number if (!$is_student_number && !filter_var($user, FILTER_VALIDATE_EMAIL)) { $_SESSION["info_login"] = "Invalid email address: " . "$user"; header("Location: index.php"); return; } $password = mysqli_real_escape_string($con, $_POST["password"]); $result = mysqli_query($con, "SELECT * FROM users_table WHERE (Student_ID='$user') OR (Email='$user')"); if (mysqli_num_rows($result) == 0) { $_SESSION["info_login"] = "Invalid user name information."; echo $_SESSION["info_login"]; header("Location: index.php"); } else { while ($row = mysqli_fetch_assoc($result)) { // verify the hashed password and unhashed password $sha512pass = hash('sha512', $password); // for backward compatibility. Old passwords were hashed using SHA512 algorithm. if (password_verify($password, $row["Password"]) or $sha512pass == $row["HashPassword"]) { $_SESSION['user_id'] = $row['User_ID']; $_SESSION['user_email'] = $row['Email']; $_SESSION['user_student_id'] = $row['Student_ID']; $_SESSION['user_type'] = $row['UserType']; $_SESSION['user_fullname'] = $row['Full_Name']; if ($_SESSION['user_type'] == "Student") { header("Location: Courses.php"); } if ($_SESSION['user_type'] == "Lecturer") { header("Location: Courses.php"); } if ($_SESSION['user_type'] == "TA") { header("Location: Courses.php"); } if ($_SESSION['user_type'] == "Admin") { header("Location: Admin.php"); } // report wrong pass if not correct return; } else { $_SESSION["wrong_pass"] = "Wrong Password."; echo $_SESSION["wrong_pass"]; // Optional: Display the error message for debugging header("Location: index.php"); exit(); // Add this line to prevent further execution after redirect } // Add the following line to reset the session variable when needed unset($_SESSION["failed_login_user"]); } } } // ################################ Recover Password ##################################### if (!empty($_POST["form_recover_password"])) { $student_id = trim(mysqli_real_escape_string($con, $_POST["sno"])); $email = trim(mysqli_real_escape_string($con, $_POST["email"])); // validate student number if (strlen($student_id) != 12 || !is_numeric($student_id)) { // Basic validation $_SESSION["info_recover_password"] = "Invalid student number format."; header("Location: recover_password.php"); exit; } // validate email if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $_SESSION["info_recover_password"] = "Invalid email address format."; header("Location: recover_password.php"); exit; } // Check if user exists and get User_ID $user_check_query = mysqli_query($con, "SELECT User_ID FROM users_table WHERE Email='$email' and Student_ID='$student_id'"); if (mysqli_num_rows($user_check_query) == 0) { $_SESSION["info_recover_password"] = "Student ID or Email not found in our records. Please check your details or contact support."; header("Location: recover_password.php"); exit; } else { $user_data = mysqli_fetch_assoc($user_check_query); $user_id = $user_data['User_ID']; // Check daily request limit (max 5 tokens per day for this user_id) $today_start = date("Y-m-d 00:00:00"); $today_end = date("Y-m-d 23:59:59"); $limit_query_str = "SELECT COUNT(*) as count FROM password_reset_tokens WHERE user_id='$user_id' AND created_at BETWEEN '$today_start' AND '$today_end'"; $limit_query = mysqli_query($con, $limit_query_str); if (!$limit_query) { // Log error: mysqli_error($con) $_SESSION["info_recover_password"] = "Server error checking request limit. Please try again later."; header("Location: recover_password.php"); exit; } $limit_row = mysqli_fetch_assoc($limit_query); if ($limit_row['count'] >= 5) { $_SESSION["info_recover_password"] = "You have reached the maximum number of password reset requests for today (5). Please try again tomorrow."; header("Location: recover_password.php"); exit; } // Generate a unique token try { $token = bin2hex(random_bytes(32)); // PHP 7+ } catch (Exception $e) { // Fallback for older PHP if random_bytes is not available (less secure) $token = bin2hex(openssl_random_pseudo_bytes(32)); } $expires_at = date('Y-m-d H:i:s', strtotime('+10 minutes')); // Store the token $insert_token_sql = "INSERT INTO password_reset_tokens (user_id, token, expires_at, created_at) VALUES ('$user_id', '$token', '$expires_at', NOW())"; if (mysqli_query($con, $insert_token_sql)) { // Send email with the reset link $reset_link = "http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/reset_password_form.php?token=" . $token; $mail = new PHPMailer(true); try { //Server settings // $mail->SMTPDebug = SMTP::DEBUG_SERVER; // Enable verbose debug output for troubleshooting $mail->isSMTP(); $mail->Host = 'smtp.163.com'; $mail->SMTPAuth = true; $mail->Username = '13175521169@163.com'; // IMPORTANT: Replace with your 163.com email $mail->Password = 'VAwKtaNiZCUQzmPv'; // IMPORTANT: Replace with your 163.com password or authorization code $mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS; // Enable SSL encryption $mail->Port = 465; // TCP port to connect to for SSL (common for 163.com) // Or use PHPMailer::ENCRYPTION_STARTTLS and Port 587/25 if SMTPS doesn't work //Recipients $mail->setFrom('13175521169@163.com', 'LRR Password Recovery'); // IMPORTANT: Replace with your 163.com email $mail->addAddress($email); // Add a recipient // Content $mail->isHTML(true); $mail->Subject = 'Password Reset Request - LRR'; $mail_body_html = "Hello,

"; $mail_body_html .= "You (or someone else) requested a password reset for your LRR account associated with this email address.
"; $mail_body_html .= "If this was you, please click the following link to reset your password. This link is valid for 10 minutes:
"; $mail_body_html .= "" . $reset_link . "

"; $mail_body_html .= "If you did not request this password reset, please ignore this email. Your account is still secure.

"; $mail_body_html .= "Thanks,
The LRR Team"; $mail->Body = $mail_body_html; $mail_body_alt = "Hello,\n\n"; $mail_body_alt .= "You (or someone else) requested a password reset for your LRR account associated with this email address.\n"; $mail_body_alt .= "If this was you, please copy and paste the following link into your browser to reset your password. This link is valid for 10 minutes:\n"; $mail_body_alt .= $reset_link . "\n\n"; $mail_body_alt .= "If you did not request this password reset, please ignore this email. Your account is still secure.\n\n"; $mail_body_alt .= "Thanks,\nThe LRR Team"; $mail->AltBody = $mail_body_alt; $mail->send(); $_SESSION["info_recover_password"] = "Success! A password reset link has been sent to your email address (" . htmlspecialchars($email) . "). Please check your inbox and spam folder. The link will expire in 10 minutes."; } catch (Exception $e) { $_SESSION["info_recover_password"] = "Message could not be sent. Mailer Error: " . $mail->ErrorInfo . ". Please contact support or try again later."; // Log the detailed error for server-side review error_log("PHPMailer Error for " . $email . ": " . $mail->ErrorInfo); } header("Location: recover_password.php"); exit; } else { $_SESSION["info_recover_password"] = "Could not process your request due to a server error (token storage failed: " . mysqli_error($con) . "). Please try again later."; error_log("LRR Password Recovery: DB error storing token - " . mysqli_error($con)); // Log DB error header("Location: recover_password.php"); exit; } } } // ################################ PROCESS PASSWORD RESET FORM ###################################### if (!empty($_POST["form_reset_password"])) { $token = mysqli_real_escape_string($con, $_POST["token"]); $new_password = mysqli_real_escape_string($con, $_POST["new_password"]); $confirm_password = mysqli_real_escape_string($con, $_POST["confirm_password"]); // Password validation if ($new_password !== $confirm_password) { $_SESSION["info_reset_password"] = "Password and confirm password do not match. Please try again."; header("Location: reset_password_form.php?token=" . htmlspecialchars($token)); exit; } // Check if token is valid and get associated user_id $token_check_sql = "SELECT user_id, expires_at FROM password_reset_tokens WHERE token='$token' AND used=0"; $token_check_result = mysqli_query($con, $token_check_sql); if (!$token_check_result || mysqli_num_rows($token_check_result) === 0) { $_SESSION["info_reset_password"] = "Invalid or expired token. Please request a new password reset link."; header("Location: reset_password_form.php?token=" . htmlspecialchars($token)); exit; } $token_data = mysqli_fetch_assoc($token_check_result); $user_id = $token_data['user_id']; $expires_at = $token_data['expires_at']; // Check if token has expired if (strtotime($expires_at) <= strtotime(date('Y-m-d H:i:s'))) { $_SESSION["info_reset_password"] = "This password reset link has expired. Please request a new one."; header("Location: reset_password_form.php?token=" . htmlspecialchars($token)); exit; } // Hash the new password $hashed_password = password_hash($new_password, PASSWORD_DEFAULT); // Update the user's password in the users_table $update_password_sql = "UPDATE users_table SET Password = '$hashed_password' WHERE User_ID = '$user_id'"; if (mysqli_query($con, $update_password_sql)) { // Mark the token as used in password_reset_tokens table $mark_used_sql = "UPDATE password_reset_tokens SET used = 1 WHERE token = '$token'"; mysqli_query($con, $mark_used_sql); // Important to mark as used $_SESSION["info_login"] = "Success! Your password has been reset successfully. You can now log in with your new password."; unset($_SESSION['info_recover_password']); // Clear any old messages header("Location: index.php"); // Redirect to sign-in page for immediate login exit; } else { error_log("LRR Password Reset: DB error updating password - " . mysqli_error($con)); $_SESSION["info_reset_password"] = "An error occurred while updating your password. Please try again."; header("Location: reset_password_form.php?token=" . htmlspecialchars($token)); exit; } } // ############################### CREATE Lecturer/TA USER ################################## if (!empty($_POST["form_createlecturer"])){ $email = mysqli_real_escape_string($con, $_POST["email"]); $fullname = mysqli_real_escape_string($con, $_POST["fullname"]); $type = mysqli_real_escape_string($con, $_POST["type"]); $password = mysqli_real_escape_string($con, $_POST["password"]); $pass_len = strlen($password); if ($pass_len == 0) { $password = generateStrongPassword(); } $result = mysqli_query( $con, "SELECT * FROM users_table WHERE email='$email'" ); if (mysqli_num_rows($result) != 0) { $_SESSION["info_Admin_Users"] = "Email address : " . $email . " is already in use."; header("Location: Admin.php"); exit; } $password_hash = password_hash("$password", PASSWORD_DEFAULT); $sql = "INSERT INTO `users_table`(`Email`, `Password`, `HashPassword`, `Full_Name`, `UserType`) VALUES ('$email','$password_hash','','$fullname','$type')"; try { $result = mysqli_query($con, $sql); $_SESSION["info_Admin_Users"] = $type . " user created successfully. Use email " . $email . " as account name and ". $password ." as password."; header("Location: Admin.php?tacreated"); } catch (Exception $ex) { echo "$ex"; } } // ### FUNCTION TO GENERATE INITIAL PASSWORDS ###// function generateStrongPassword() { $characters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_'; $password_length = 12; $gen_password = ''; for ($i = 0; $i < $password_length; $i++) { $random_index = mt_rand(0, strlen($characters) - 1); $gen_password .= $characters[$random_index]; } // Return the generated password return $gen_password; } // #### FUNCTION CHECK FILE TYPES //// function is_valid_file_format($file) { $allowed = array( 'pdf', 'rtf', 'jpg', 'png', 'doc', 'docx', 'xls', 'xlsx', 'sql', 'txt', 'md', 'py', 'css', 'html', 'cvc', 'c', 'class', 'cpp', 'h', 'java', 'sh', 'swift', 'zip', 'rar', 'ods', 'xlr', 'bak', 'ico', 'swf' ); $filename = $_FILES[$file]['name']; $ext = pathinfo($filename, PATHINFO_EXTENSION); $result = in_array($ext, $allowed); return $result; } // #### FUNCTION CREATE DIRECTORIES //// function Create_dir($upPath) { try { // full path $tags = explode('/', $upPath); // explode the full path $mkDir = ""; foreach ($tags as $folder) { $mkDir = $mkDir . $folder . "/"; // make one directory join one other for the nest directory to make echo '"' . $mkDir . '"
'; // this will show the directory created each time if (!is_dir($mkDir)) { // check if directory exist or not mkdir($mkDir, 0777); // if not exist then make the directory } } } catch (Exception $e) { return FALSE; } return $upPath; } function mkdirs($path) { if (file_exists($path)) return $path; $result = mkdir($path, 0777, true); if ($result) { return $path; } return $result; } // ############################### #Post Assignment ################################## if (!empty($_POST["form_uploadlab"])) { $course_id = mysqli_real_escape_string($con, $_POST["course_id"]); $deadlinedate = $_POST["deadlinedate"]; $deadlinetime = $_POST["deadlinetime"]; $instructions = mysqli_real_escape_string($con, $_POST["instructions"]); $title = mysqli_real_escape_string($con, $_POST["title"]); $marks = mysqli_real_escape_string($con, $_POST["marks"]); // $url=mysqli_real_escape_string($con,$_POST["url"]); $url = $_SESSION['url']; //using real_escape_string was failing to redirect to the main page $type = mysqli_real_escape_string($con, $_POST["type"]); $deadline = $deadlinedate . " " . $deadlinetime; $date = date("Y-m-d H:i:s"); // GET UPLOADED FILES $target_dir = Create_dir("./../../lrr_submission/Lab_Report_Assignments/$course_id/" . $title . "/"); $rnd = rand(10, 1000); $rnd = ""; // no more required , creating folder for each lab $targetfile = $target_dir . $rnd . $_FILES['attachment1']['name']; $targetfile2 = $target_dir . $rnd . $_FILES['attachment2']['name']; $targetfile3 = $target_dir . $rnd . $_FILES['attachment3']['name']; $targetfile4 = $target_dir . $rnd . $_FILES['attachment4']['name']; $count = 0; if (!is_valid_file_format("attachment1") && $_FILES["attachment1"]["name"] != "") { echo "Invalid File Type for Attachment 1"; return; } if (!is_valid_file_format("attachment2") && $_FILES["attachment2"]["name"] != "") { echo "Invalid File Type for Attachment 2"; return; } if (!is_valid_file_format("attachment3") && $_FILES["attachment3"]["name"] != "") { echo "Invalid File Type for Attachment 3"; return; } // use 4 for missing file if (move_uploaded_file($_FILES['attachment1']['tmp_name'], $targetfile)) { $count++; } else { echo $_FILES['attachment1']['error']; } if (move_uploaded_file($_FILES['attachment2']['tmp_name'], $targetfile2)) { $count++; } else { echo $_FILES['attachment2']['error']; } if (move_uploaded_file($_FILES['attachment3']['tmp_name'], $targetfile3)) { $count++; } else { echo $_FILES['attachment3']['error']; } if (move_uploaded_file($_FILES['attachment4']['tmp_name'], $targetfile4)) { $count++; } else { echo $_FILES['attachment4']['error']; } echo $count . " File(s) uploaded"; //CLEAN $targetfile = ""; $targetfile2 = ""; $targetfile3 = ""; $targetfile4 = ""; if ($_FILES['attachment1']['name'] != "") { $targetfile = "/Lab_Report_Assignments/$course_id/" . $title . "/" . $_FILES['attachment1']['name']; } if ($_FILES['attachment2']['name'] != "") { $targetfile2 = "/Lab_Report_Assignments/$course_id" . $title . "/" . $_FILES['attachment2']['name']; } if ($_FILES['attachment3']['name'] != "") { $targetfile3 = "/Lab_Report_Assignments/$course_id" . $title . "/" . $_FILES['attachment3']['name']; } if ($_FILES['attachment4']['name'] != "") { $targetfile4 = "/Lab_Report_Assignments/$course_id" . $title . "/" . $_FILES['attachment4']['name']; } $sql = "INSERT INTO `lab_reports_table`(`Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, `Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`,Marks,Type) VALUES ('$course_id','$date','$deadline','$instructions','$title','$targetfile','$targetfile2','$targetfile3','$targetfile3','$marks','$type')"; if ($con->query($sql) === TRUE) { $_SESSION["info_courses"] = $type . " lab report assignment posted successfully. "; header("Location: Courses.php?course=" . $url); } else { echo "Error: " . $sql . "
" . $con->error; } } function checksize($file) { $result = $_FILES["$file"]['size'] / (1024 * 1024); if ($result > 1) { return FALSE; } return TRUE; } // ############################### Submit Assignment ################################## if (!empty($_POST["form_submitlab"])) { $lab_id = mysqli_real_escape_string($con, $_POST["lab_id"]); $student_id = $_POST["student_id"]; $group_id = $_POST["group_id"]; $instructions = mysqli_real_escape_string($con, $_POST["instructions"]); $title = mysqli_real_escape_string($con, $_POST["title"]); $url = mysqli_real_escape_string($con, $_POST["url"]); $deadline = $deadlinedate . " " . $deadlinetime; $date = date("Y-m-d H:i:s"); // GET UPLOADED FILES $labName = mysqli_query($con, "SELECT * FROM `lab_reports_table` WHERE Lab_Report_ID='$lab_id'"); while ($row = mysqli_fetch_assoc($labName)) { $lab_name = $row['Title']; $_SESSION['Sub_Type'] = $row['Type']; // submission type, either Individual or Group } $upload_folder = "Lab_Report_Submisions"; // old place for storing students' submissions $upload_folder = "./../../lrr_submission"; $target_dir = mkdirs($upload_folder . "/" . $student_id . "/" . $url . "/" . $lab_name . "/"); # url is actually course code plus academic year, e.g., CSC3122020 $targetfile = $target_dir . $_FILES['attachment1']['name']; $targetfile2 = $target_dir . $_FILES['attachment2']['name']; $targetfile3 = $target_dir . $_FILES['attachment3']['name']; $targetfile4 = $target_dir . $_FILES['attachment4']['name']; $count = 0; //check zise if (!checksize("attachment1")) { echo "1 MB is the maximum file size allowed"; return; } if (!checksize("attachment2") && $_FILES["attachment2"]["name"] != "") { echo "1 MB is the maximum file size allowed"; return; } if (!checksize("attachment3") && $_FILES["attachment3"]["name"] != "") { echo "1 MB is the maximum file size allowed"; return; } if (!is_valid_file_format("attachment1")) { echo "Invalid File Type for Attachment 1"; return; } if (!is_valid_file_format("attachment2") && $_FILES["attachment2"]["name"] != "") { echo "Invalid File Type for Attachment 2"; return; } if (!is_valid_file_format("attachment3") && $_FILES["attachment3"]["name"] != "") { echo "Invalid File Type for Attachment 3"; return; } if ($_FILES["attachment1"]["error"] != 0) { echo "Error when uploading the file."; return; } // use 4 for missing file if (move_uploaded_file($_FILES['attachment1']['tmp_name'], $targetfile)) { $count++; } else { echo $_FILES['attachment1']['error']; } if (move_uploaded_file($_FILES['attachment2']['tmp_name'], $targetfile2)) { $count++; } else { echo $_FILES['attachment2']['error']; } if (move_uploaded_file($_FILES['attachment3']['tmp_name'], $targetfile3)) { $count++; } else { echo $_FILES['attachment3']['error']; } if (move_uploaded_file($_FILES['attachment4']['tmp_name'], $targetfile4)) { $count++; } else { echo $_FILES['attachment4']['error']; } echo $count . " File(s) uploaded"; //CLEAN $targetfile1 = ""; $targetfile2 = ""; $targetfile3 = ""; $targetfile4 = ""; if (strlen($_FILES['attachment1']['name']) > 2) { // why greater than 2??? $targetfile = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment1']['name']); } if (strlen($_FILES['attachment2']['name']) > 2) { $targetfile2 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment2']['name']); } if (strlen($_FILES['attachment3']['name']) > 2) { $targetfile3 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment3']['name']); } if (strlen($_FILES['attachment4']['name']) > 2) { $targetfile4 = "/" . $student_id . "/" . $url . "/" . $lab_name . "/" . rawurlencode($_FILES['attachment4']['name']); } // When $group_id is not properly initialized, use integer 0 as its value. // This temporarily fixed the "Students unable to submit assignment after a recent change" bug at http://118.25.96.118/bugzilla/show_bug.cgi?id=65 if (trim($group_id) === '') { // when $group_id is an empty string or contains only whitespace characters. $group_id = 0; // FIXME } $sql1 = "DELETE FROM lab_report_submissions where Lab_Report_ID='$lab_id' and Student_id='$student_id' and Course_Group_id='$group_id'"; if ($con->query($sql1) === TRUE) { } $sql = "INSERT INTO `lab_report_submissions`(`Submission_Date`, `Lab_Report_ID`, `Student_id`," . " `Course_Group_id`, `Attachment1`, `Notes`, `Attachment2`, `Attachment3`, `Attachment4`, `Status`, `Title`,`Remarking_Reason`)" . " VALUES ('$date','$lab_id','$student_id','$group_id','$targetfile','$instructions','$targetfile2','$targetfile3','$targetfile4'," . "'Pending','$title','')"; if ($con->query($sql) === TRUE) { if ($_SESSION['Sub_Type'] == 'Individual') { $con->query($sql = "UPDATE `lab_report_submissions` SET `Course_Group_id` = '0' WHERE `lab_report_submissions`.`Lab_Report_ID` = '$lab_id'"); } $_SESSION["info_courses"] = "Thanks. You have successfully submitted your assignment."; header("Location: Course.php?url=" . $url); } else { echo "Error:
" . $con->error; } } // JOIN COURSE if (!empty($_GET["JoinCourse"])) { $id = mysqli_real_escape_string($con, $_GET["id"]); $student_id = mysqli_real_escape_string($con, $_GET["std"]); $joining = mysqli_real_escape_string($con, $_GET["joining"]); $status = "Pending"; if ($joining == 0) { $status = "Joined"; } $sql = "INSERT INTO `course_students_table`(`Course_ID`, `Student_ID`,`Status`) VALUES ('$id','$student_id','$status')"; if ($con->query($sql) === TRUE) { if ($joining == 0) { $_SESSION["info_Courses_student"] = "You enrolled in this course successfully."; } else { $_SESSION["info_Courses_student"] = "Course enrollment request was sent to the lecturer."; } header("Location: Courses.php"); } else { echo "Error: " . $sql . "
" . $con->error; } } #MARK LAB REPORT if (!empty($_GET["savemarks"])) { $id = mysqli_real_escape_string($con, $_GET["id"]); $marks = mysqli_real_escape_string($con, $_GET["marks"]); $total = mysqli_real_escape_string($con, $_GET["total"]); $feedback = mysqli_real_escape_string($con, $_GET["feedback"]); $header = mysqli_real_escape_string($con, $_GET["header"]); $labid = mysqli_real_escape_string($con, $_GET["labid"]); $status = "Marked"; if ($marks > $total) { echo " Marks could not be greater than total"; return; } $date = date("Y-m-d H:i:s"); $feedback = "
@$date : " . $feedback; $sql = "UPDATE `lab_report_submissions` SET `Marks`='$marks',`Status`='$status'," . "" . "Notes=if(Notes is null, ' ', concat(Notes, '$feedback'))" . "" . " WHERE Submission_ID=$id "; if ($con->query($sql) === TRUE) { $_SESSION["info_Marking"] = "Assignment marked"; header("Location: Submissions.php?id=" . $labid . "&header=" . $header . "&total=" . $total); } else { echo "Error: " . $sql . "
" . $con->error; } } #Update Report Visibility if (!empty($_GET["updatevisibility"])) { $id = mysqli_real_escape_string($con, $_GET["id"]); $marks = mysqli_real_escape_string($con, $_GET["marks"]); $total = mysqli_real_escape_string($con, $_GET["total"]); $status = mysqli_real_escape_string($con, $_GET["status"]); $header = mysqli_real_escape_string($con, $_GET["header"]); $labid = mysqli_real_escape_string($con, $_GET["labid"]); $sql = "UPDATE `lab_report_submissions` SET `Visibility`='$status' WHERE Submission_ID='$id' "; if ($con->query($sql) === TRUE) { $_SESSION["info_Marking"] = "Lab Report Visibility Updated"; header("Location: Submissions.php?id=" . $labid . "&header=" . $header . "&total=" . $total); } else { echo "Error: " . $sql . "
" . $con->error; } } #Remarking Request if (!empty($_GET["remarking"])) { $id = htmlspecialchars(mysqli_real_escape_string($con, $_GET["id"])); $url = htmlspecialchars(mysqli_real_escape_string($con, $_GET["url"])); $status = htmlspecialchars(mysqli_real_escape_string($con, $_GET["status"])); $details = htmlspecialchars(mysqli_real_escape_string($con, $_GET["details"])); $sql = "UPDATE `lab_report_submissions` SET `Status`='Remarking',Remarking_Reason='$details' WHERE Submission_ID='$id' "; if ($con->query($sql) === TRUE) { $_SESSION["info_general"] = "Remarking Request Sent"; header("Location: Course.php?url=" . $url . "&tab=Marked"); } else { echo "Error: " . $sql . "
" . $con->error; } } #Create Group Request if (!empty($_GET["creategroup"])) { $student_id = mysqli_real_escape_string($con, $_GET["student_id"]); $url = mysqli_real_escape_string($con, $_GET["url"]); $id = mysqli_real_escape_string($con, $_GET["id"]); $name = mysqli_real_escape_string($con, $_GET["name"]); $sql = "INSERT INTO `course_groups_table`(`Group_Name`, `Group_Leader`, `Course_id`) VALUES ('$name','$student_id','$id')"; if ($con->query($sql) === TRUE) { $resultx1 = mysqli_query($con, "Select Max(Course_Group_id) as cnt from course_groups_table"); while ($row = mysqli_fetch_assoc($resultx1)) { $gid = $row['cnt']; } $sql = "INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`) VALUES ('$gid','$student_id','Created')"; if ($con->query($sql) === TRUE) { $_SESSION["info_general"] = "Course group Created"; header("Location: Course.php?url=" . $url); } else { echo "Error: " . $sql . "
" . $con->error; } } else { echo "Error: " . $sql . "
" . $con->error; } } //---------------------------------------Invite Group Request and add a new member into the database------------------------------------ if (!empty($_GET["groupinvite"])) { $student_id = mysqli_real_escape_string($con, $_GET["student_id"]); $url = mysqli_real_escape_string($con, $_GET["url"]); $courseid = mysqli_real_escape_string($con, $_GET["courseid"]); $groupid = mysqli_real_escape_string($con, $_GET["groupid"]); $student = mysqli_query($con, "SELECT * FROM students_data WHERE Student_ID = '$student_id' "); if (mysqli_num_rows($student) > 0) { $result = mysqli_query($con, "SELECT * FROM course_group_members_table where Course_Group_id = '$groupid' and Student_ID = '$student_id'"); if (mysqli_num_rows($result) > 0) { $_SESSION["info_general"] = $student_id . " has already been invited."; header("Location: Course.php?url=" . $url); } else { $sql = "INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`) VALUES ('$groupid','$student_id','Invited')"; } } else { $_SESSION["info_general"] = $student_id . " is an invalid student number."; header("Location: Course.php?url=" . $url); } if ($con->query($sql) === TRUE) { $resultx1 = mysqli_query($con, "SELECT * FROM course_groups_table where Course_Group_id ='$groupid'"); while ($row = mysqli_fetch_assoc($resultx1)) { $Group_Member = $row['Group_Member']; $Group_Member4 = $row['Group_Member4']; $Group_Member2 = $row['Group_Member2']; $Group_Member3 = $row['Group_Member3']; $_SESSION['Group_Member4'] = $Group_Member4; $_SESSION['Group_Member3'] = $Group_Member3; $_SESSION['Group_Member2'] = $Group_Member2; $_SESSION['Group_Member'] = $Group_Member; if ($Group_Member == '0') { mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'"); $_SESSION["info_general"] = $student_id . " was invited to the group."; header("Location: Course.php?url=" . $url); } elseif ($Group_Member2 == '0') { mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member2` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'"); $_SESSION["info_general"] = $student_id . " was invited to the group."; header("Location: Course.php?url=" . $url); } elseif ($Group_Member3 == '0') { mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member3` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'"); $_SESSION["info_general"] = $student_id . " was invited to the group."; header("Location: Course.php?url=" . $url); } elseif ($Group_Member4 == '0') { mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member4` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'"); $_SESSION["info_general"] = $student_id . " was invited to the group."; header("Location: Course.php?url=" . $url); } else { $_SESSION["info_general"] = " You cannot add any more members"; header("Location: Course.php?url=" . $url); } } $_SESSION["info_general"] = $student_id . " was invited to the group."; header("Location: Course.php?url=" . $url); } else { echo "Error: " . $sql . "
" . $con->error; } } #Accept deny Group Invite if (!empty($_GET["acceptinvite"])) { $student_id = mysqli_real_escape_string($con, $_GET["student_id"]); $url = mysqli_real_escape_string($con, $_GET["url"]); $action = mysqli_real_escape_string($con, $_GET["action"]); $groupid = mysqli_real_escape_string($con, $_GET["groupid"]); if ($action == 1) { $sql = "Update `course_group_members_table` set Status='Joined' where Course_Group_id ='$groupid' and student_id='$student_id' "; } else { $sql = "Delete from `course_group_members_table` where Course_Group_id ='$groupid' and student_id='$student_id' "; } if ($con->query($sql) === TRUE) { $_SESSION["info_general"] = " Group invitation status updated"; header("Location: Course.php?url=" . $url); } else { echo "Error: " . $sql . "
" . $con->error; } } #Remove a member from group if (!empty($_GET["removemember"])) { $student_id = mysqli_real_escape_string($con, $_GET["student_id"]); $group_id = mysqli_real_escape_string($con, $_GET["group_id"]); $url = mysqli_real_escape_string($con, $_GET["url"]); $sql = "Delete from `course_group_members_table` where student_id=$student_id and Course_Group_id=$group_id"; if ($con->query($sql) === TRUE) { $_SESSION["info_general"] = " Member " . $student_id . " is gone."; header("Location: Course.php?url=" . $url); } else { echo "Error: " . $sql . "
" . $con->error; } } #Delete a whole group if (!empty($_GET["deletegroup"])) { $group_id = mysqli_real_escape_string($con, $_GET["group_id"]); $url = mysqli_real_escape_string($con, $_GET["url"]); $sql1 = "Delete from `course_group_members_table` where Course_Group_id=$group_id"; $sql2 = "Delete from `course_groups_table` where Course_Group_id=$group_id"; if ($con->query($sql1) === TRUE && $con->query($sql2) === TRUE) { $_SESSION["info_general"] = " Group has been deleted successfully. "; header("Location: Course.php?url=" . $url); } else { echo "Error: " . $sql . "
" . $con->error; } } #Extend Deadline if (!empty($_GET["extenddeadline"])) { $id = mysqli_real_escape_string($con, $_GET["id"]); $date = mysqli_real_escape_string($con, $_GET["date"]); $time = mysqli_real_escape_string($con, $_GET["time"]); $type = mysqli_real_escape_string($con, $_GET["type"]); $studentid = mysqli_real_escape_string($con, $_GET["studentid"]); $reason = mysqli_real_escape_string($con, $_GET["reason"]); $url = mysqli_real_escape_string($con, $_GET["url"]); $deadline = $date . " " . $time; if ($type == 1) { $sql = "UPDATE `lab_reports_table` SET `Deadline`='$deadline' WHERE Lab_Report_ID='$id'"; } else { $sql = "INSERT INTO `extended_deadlines_table`(`Student_ID`, " . "`Lab_Report_ID`, `Extended_Deadline_Date`," . " `ReasonsForExtension`) VALUES ('$studentid','$id','$deadline','$reason')"; } if ($con->query($sql) === TRUE) { $_SESSION["info_courses"] = " Assignment deadline extended successfully."; header("Location: Courses.php?course=" . $url); } else { echo "Error: " . $sql . "
" . $con->error; } } #IGNORE Remarking Request if (!empty($_GET["ignoreremarking"])) { $id = mysqli_real_escape_string($con, $_GET["id"]); $total = mysqli_real_escape_string($con, $_GET["total"]); $header = mysqli_real_escape_string($con, $_GET["header"]); $subid = mysqli_real_escape_string($con, $_GET["subid"]); $sql = "UPDATE lab_report_submissions SET Status='Marked' WHERE Submission_ID='$subid'"; if ($con->query($sql) === TRUE) { $_SESSION["info_Marking"] = "Remarking request ignored."; header("Location: Submissions.php?id=" . $id . "&header=" . $header . "&total=" . $total); } else { echo "Error: " . $sql . "
" . $con->error; } } #Assign TA if (!empty($_GET["assignTA"])) { $id = mysqli_real_escape_string($con, $_GET["id"]); $ta = mysqli_real_escape_string($con, $_GET["ta"]); // Check if the TA is already assigned to the course $check_sql = "SELECT * FROM course_ta WHERE Course_ID='$id' AND TA='$ta'"; $check_result = $con->query($check_sql); if ($check_result->num_rows > 0) { // Alert user about the duplicate assignment echo ""; } else { // Proceed with the TA assignment $sql = "INSERT INTO course_ta(Course_ID, TA) VALUES ('$id','$ta')"; if ($con->query($sql) === TRUE) { $_SESSION["info_Admin_Courses"] = $type . " Course TA Assigned "; header("Location: Admin.php"); } else { echo ""; } } } //ACCEPT STUDNTS JOINING COURSSS if (!empty($_GET["AcceptStudent"])) { $id = mysqli_real_escape_string($con, $_GET["id"]); $rs = mysqli_real_escape_string($con, $_GET["rs"]); if ($rs == "yes") { $sql = "Update course_students_table set Status='Joined' Where ID='$id'"; } else { $sql = "Delete FROM course_students_table Where ID='$id'"; } if ($con->query($sql) === TRUE) { if ($rs == "yes") { $_SESSION["info_courses"] = "Course Joining request Approved."; } else { $_SESSION["info_courses"] = "Course Joining request Declined & Removed."; } header("Location: Courses.php"); } else { echo "Error: " . $sql . "
" . $con->error; } } //action=passchange&uid=1&pass=1929 if (!empty($_GET["action"])) { $action = $_GET["action"]; $uid = mysqli_real_escape_string($con, $_GET["uid"]); $pass = mysqli_real_escape_string($con, $_GET["pass"]); $pass = password_hash($pass, PASSWORD_DEFAULT); $status = mysqli_real_escape_string($con, $_GET["status"]); // validate uid if (intval($uid) < 0) { header("Location: index.php"); return; } if ($action == "passchange" && $_SESSION['user_id'] == $uid) { $sql = "UPDATE users_table set Password='$pass' where User_ID='$uid';"; if ($con->query($sql) === TRUE) { error_reporting(0); echo "Password has been changed"; //return; $_SESSION["infoChangePassword"] = $type . " User password was changed successfully."; header("Location: index.php"); } else { // echo "Error: " . $sql . "
" . $con->error; echo "Something really bad happened while changing password. Contact lanhui at zjnu.edu.cn. Thanks!"; } } if ($action == "statuschange" && ($_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "Admin")) { $sql = "UPDATE users_table set Status='$status' where User_ID='$uid';"; if ($con->query($sql) === TRUE) { $_SESSION["info_Admin_Users"] = $type . " user Status updated successfully "; header("Location: Admin.php"); } else { echo "Something really bad happened while changing status. Contact lanhui at zjnu.edu.cn. Thanks!"; } } } // ############################### CREATE STUDENT USER ################################## if (!empty($_POST["form_createCourse"])) { $name = mysqli_real_escape_string($con, $_POST["name"]); $academic = mysqli_real_escape_string($con, $_POST["academic"]); $lecturer = mysqli_real_escape_string($con, $_POST["lecturer"]); $ta = mysqli_real_escape_string($con, $_POST["ta"]); $faculty = mysqli_real_escape_string($con, $_POST["faculty"]); $code = mysqli_real_escape_string($con, $_POST["code"]); $url = mysqli_real_escape_string($con, $_POST["url"]); $verify = mysqli_real_escape_string($con, $_POST["verify"]); $who = mysqli_real_escape_string($con, $_POST["l"]); if ($url == "") { $url = $code . $academic; } if ($ta == "") { $ta = 0; } // check if email is taked // $result = mysqli_query($con, // "SELECT * FROM courses_table WHERE Course_Name='$name'"); // if(mysqli_num_rows($result)!=0) // { // $_SESSION["info_Admin_Courses"]="Course Name : ".$name." already used."; // header("Location: Admin.php"); // } // $sql = "INSERT INTO `courses_table`(`Course_Name`, `Academic_Year`, `Faculty`, `Lecturer_User_ID`, `TA_User_ID`, `Course_Code`, `URL`, `Verify_New_Members`) VALUES ('$name','$academic','$faculty','$lecturer','$ta','$code','$url','$verify')"; if ($con->query($sql) === TRUE) { $_SESSION["info_Admin_Courses"] = "Course portal was Created successfully."; if ($who == "l") { header("Location: Courses.php"); } else { header("Location: Admin.php"); } } else { echo "Error: " . $sql . "
" . $con->error; } } // Export grade if (!empty($_GET["exportgrade"])) { $lab = mysqli_real_escape_string($con, $_GET["lab"]); $lab_name = mysqli_real_escape_string($con, $_GET["lab_name"]); error_reporting(0); $select = "SELECT lab_reports_table.Title as 'LAB_Report', lab_reports_table.Marks as Lab_Marks, `Submission_Date`, lab_report_submissions.Student_id, users_table.Full_Name as Student_Name, lab_report_submissions.Marks,`Notes` FROM `lab_report_submissions` INNER JOIN lab_reports_table on lab_reports_table.Lab_Report_ID=lab_report_submissions.Lab_Report_ID INNER JOIN users_table on users_table.Student_ID=lab_report_submissions.Student_id WHERE lab_report_submissions.Lab_Report_ID='$lab'"; $export = mysqli_query($con, $select); $fields = mysqli_num_fields($export); for ($i = 0; $i < $fields; $i++) { $header .= mysqli_fetch_field_direct($export, $i)->name . "\t"; } while ($row = mysqli_fetch_row($export)) { $line = ''; foreach ($row as $value) { if ((!isset($value)) || ($value == "")) { $value = "\t"; } else { $value = str_replace('"', '""', $value); $value = '"' . $value . '"' . "\t"; } $line .= $value; } $data .= trim($line) . "\n"; } $data = str_replace("\r", "", $data); if ($data == "") { $data = "\n(0) Records Found!\n"; } header("Content-type: application/octet-stream"); header("Content-Disposition: attachment; filename=$lab_name Grade Sheet.xls"); header("Pragma: no-cache"); header("Expires: 0"); print "$header\n$data"; } ?>