Hello

2014-04-09 15:56:22 +00:00 · 2014-04-09 15:56:22 +00:00 · 7a41dbbbdf
parent b4fc06db87
commit 7a41dbbbdf
9 changed files with 221 additions and 71 deletions
--- a/admin.php
+++ b/admin.php
@ -0,0 +1,75 @@
+<?php
+// Include shared subprograms
+require "common/common.php";
+
+// Only allow admins to view this page
+auth(AUTH_ADMIN);
+
+if ($_GET['id']=="user"){
+	$user = new User(null);
+	$user->username = $_POST['username'];
+	$user->firstname = $_POST['first'];
+	$user->surname = $_POST['sur'];
+	$user->password = md5($_POST['pass']);
+	$user->rank = $_POST['rank'];
+	$user->year = $_POST['year'];
+	$user->group = $_POST['group'];
+	$user->save();
+	header("location: admin.php");
+	die("");
+}
+
+if ($_GET['id']=="increase"){
+	if ($_GET['con']==1){
+		$all_users = User::all();
+		foreach ($all_users as $user){
+			if (is_numeric($user->year)){
+				$user->year = $user->year + 1;
+				$user->save();
+			}
+		}
+		header("location: admin.php");
+		die("");
+	}else{
+		showHeader("Are you sure?");?>
+		<h2>Are you sure?</h2>
+		
+		<p>
+			This will increase all pupils years by 1.
+		</p>
+		
+		<a class="button" href="admin.php?id=increase&con=1">Increase all years</a> <a class="button" href="admin.php">Cancel</a>
+		<?php die("");
+	}
+}
+
+// Show admin settings page
+showHeader("Admin Settings");
+?>
+<h2>Admin Settings</h2>
+
+<p>Please be careful in this section!</p>
+
+<fieldset>
+<legend>Danger Zone</legend>
+<a href="admin.php?id=increase">Increase years</a>
+</fieldset>
+
+<form action="admin.php?id=user" method="post">
+<fieldset>
+<legend>Add User</legend>
+<i>* - required</i><br>
+* Firstname: <input type="text" name="first" required><br>
+* Surname: <input type="text" name="sur" required><br>
+* Username: <input type="text" name="username" required><br>
+* Password: <input type="text" name="pass" value="password" required><br>
+* Rank: <select name="rank">
+<option value="1" selected>Pupil</option>";
+<option value="2">Staff</option>";
+<option value="3">Admin</option>";
+</select><br>
+Year: <input type="number" name="year" min=3 max=6 /><br>
+Group: <input type="text" name="group" size=1 /><br><br>
+<input type="submit" value="Create" />
+</fieldset>
+</form>
--- a/common/common.php
+++ b/common/common.php
@ -64,7 +64,7 @@ function getAuthLabel($level){
 		return "pupil";
 	else if ($level == AUTH_STAFF)
 		return "staff";
-	else if ($level == AUTH_STAFF)
+	else if ($level == AUTH_ADMIN)
 		return "admin";
 	else
 		return "lvl($level)";
--- a/common/database/user.php
+++ b/common/database/user.php
@ -42,6 +42,26 @@ class User {
 		return "{$res}";
 	}
 	
+	// Update existing record
+	private function update($id, $col, $value, $int=false){
+		// Update a field in an existing record
+		global $handle;
+		$res = "";
+		if ($int){
+			// Update integer field
+			if (!is_numeric($value)){
+				echo "<p>inputed value is not numeric! ($id, $col, $value, $int) </p>";
+				return;
+			}
+			$res = "UPDATE user SET $col = $value WHERE userID = $id";
+		}else{
+			// Update string field
+			$res = "UPDATE user SET $col = '$value' WHERE userID = $id";
+		}
+		// Run update query
+		$handle->query($res) or die("<br><br>Query Error: ".mysqli_error($handle));
+	}
+	
 	// Save the record
 	public function save(){
 		global $handle;
@ -55,35 +75,14 @@ class User {
 			$h->close();
 			$this->id = $handle->insert_id;
 		}else{
-			// Update existing record
-			function update($id, $col, $value, $int=false){
-				// Update a field in an existing record
-				global $handle;
-				$res = "";
-				if ($int){
-					// Update integer field
-					if (!is_numeric($value)){
-						echo "<p>inputed value is not numeric! ($id, $col, $value, $int) </p>";
-						return;
-					}
-					$res = "UPDATE user SET $col = $value WHERE userID = $id";
-				}else{
-					// Update string field
-					$res = "UPDATE user SET $col = '$value' WHERE userID = $id";
-				}
-
-				// Run update query
-				$handle->query($res) or die("<br><br>Query Error: ".mysqli_error($handle));
-			}
-			
 			// Update each field using the function above
-			update($this->id,"username",$this->username,false);
-			update($this->id,"password",$this->password,false);
-			update($this->id,"firstname",$this->firstname,false);
-			update($this->id,"surname",$this->surname,false);
-			update($this->id,"year",$this->year,true);
-			update($this->id,"ugroup",$this->group,false);
-			update($this->id,"rank",$this->rank,true);
+			$this->update($this->id,"username",$this->username,false);
+			$this->update($this->id,"password",$this->password,false);
+			$this->update($this->id,"firstname",$this->firstname,false);
+			$this->update($this->id,"surname",$this->surname,false);
+			$this->update($this->id,"year",$this->year,true);
+			$this->update($this->id,"ugroup",$this->group,false);
+			$this->update($this->id,"rank",$this->rank,true);
 		}
 	}
 	
--- a/index.php
+++ b/index.php
@ -1,10 +1,14 @@
 <?php
 require "common/common.php";

+// Require log in
 auth(AUTH_PUPIL);

+// Display page
 showHeader("Dashboard");

+
+// Display 404 - page not found message if necessary
 if ($_GET['404']==1){
 ?>
 <div style="background:red;color:white;padding:1em;margin:0.5em;margin-bottom:1em;border-radius:2px;">
@ -12,18 +16,25 @@ if ($_GET['404']==1){
 </div>
 <?php
 }
+
+// Show the dashboard
 ?>
 <h2>Dashboard</h2>

 <?php
 if ($current_user->isPupil()){
+	// Show pupil dash board
 	echo "<table id=\"testlist\">";
-	$ass = $current_user->tests();
 	
+	// Get all assignments this pupil has
+	$ass = $current_user->tests();
 	foreach ($ass as $a){
+		// Look for submitted results from this pupil, for the test.
+		// ie: see if the pupil has done this test yet
 		$res = Score::getfromusertest($current_user->id,$a->testID);
 		echo "<tr><td>".$a->test()->title."</td><td class=\"take\" style=\"width:120px;\">";
 		
+		// Show correct button - retake or take.
 		if (!$res || count($res)==0)
 			echo "<a class=\"button\" href=\"".burl("test/take.php?id=".$a->test()->id)."\">Take</a>";
 		else
@ -32,6 +43,7 @@ if ($current_user->isPupil()){
 		echo "</td></tr>";
 	}
 }else if ($current_user->isStaff()){
+	// Show staff dash board
 ?>
 <div class="dashbox">
 	<div class="dashbox_title">
@ -42,7 +54,8 @@ if ($current_user->isPupil()){
 			<li><a href="<?php echo burl("users.php?rank=1");?>">Pupils</a></li>
 			<li><a href="<?php echo burl("test/?user=".$current_user->id);?>">My Tests</a></li>
 			<?php 
-				echo "\t\t\t<li><a href=\"".burl("admin.php")."\">Admin Tools</a></li>";
+				if ($current_user->isAdmin())
+					echo "\t\t\t<li><a href=\"".burl("admin.php")."\">Admin Tools</a></li>";
 			?>
 			
 		</ul>
--- a/login.php
+++ b/login.php
@ -1,38 +1,33 @@
 <?php
 require "common/common.php";

+// Check for submissions
 if ($_POST['submitted']=="true"){
+	// Check username and password
 	$user = User::getUsername($_POST['username']);
 	if ($user){
+		// hash password to be checked against database
 		$hash = md5($_POST['password']);
 		if ($hash == $user->password){
+			// Log user in
 			$_SESSION['user'] = $user->username;
 			header("location: index.php");
 		}
 	}
 }

+// Show page
 showHeader("Log in");
 ?>
 <form action="login.php" method="post">
 	<input type="hidden" name="submitted" value="true" />
 	<?php
 		if ($_POST['submitted']=="true"){
+			// Show wrong username / password message
 			echo "<span style=\"color:red;\">Wrong username / password</span><br>";
 		}
-	
 	?>
 	Username: <input type="test" name="username"><br>
 	Password: <input type="password" name="password"><br>
 	<input type="submit" value="Log in">
-	
-	<p>
-		<b>Admins:</b> aw<br />
-		<b>Staff:</b> ad<br />
-		<b>Pupils:</b> to, rt, mp
-		
-		<p>
-			<b>Password:</b> pass
-		</p>
-	</p>
 </form>
--- a/logout.php
+++ b/logout.php
@ -1,5 +1,7 @@
 <?php
+// Log user out
 session_start();
 session_destroy();

-header("location: index.php");
+// Redirect to the login page
+header("location: login.php");
--- a/profile.php
+++ b/profile.php
@ -2,6 +2,7 @@
 // Include shared subprograms
 require "common/common.php";

+// Get the user whose profile we are going to show
 $user = 0;
 if (!$_GET['id'] || $current_user->id == $_GET['id']){
 	$user = $current_user;
@ -15,26 +16,70 @@ if (!$_GET['id'] || $current_user->id == $_GET['id']){
 		msgscrn("User not found","The user does not exist.","","rc");
 }

+// Change the user's password, if requested.
+if ( ($_GET['edit']==1) && ($_POST['submitted']==1) && ($user->id == $current_user->id || $current_user->isAdmin()) ){
+	// Check that the old password given is correct.
+	// Admins editing other user's passwords do not need this
+	if ($current_user->id == $user->id){
+		$hashed = md5($_POST['old']);
+		if ($user->password != $hashed){
+			// Show error page
+			header("location: profile.php?id={$user->id}&edit=1&failed=1");
+			die("");
+		}
+	}
+	// Check that the new passwords match
+	if ($_POST['new'] == $_POST['confirm'] && $_POST['new']!=""){
+		// Change password
+		$user->password = md5($_POST["new"]);
+		$user->save();
+		
+		// Go back to the profile page
+		header("location: profile.php?id={$user->id}");
+		die("");
+	}
+	// Show error page
+	header("location: profile.php?id={$user->id}&edit=1&failed=1");
+	die("");
+}
+
 // Show test player page
 showHeader($user->firstname." ".$user->surname." - Profile");
-
-
 ?>
 <h1><?php echo $user->firstname;?> <?php echo $user->surname;?></h1>
 <?php

-function prof($one,$two){
-	if ($two)
-		echo "$one: $two<br />\n";
+// This function is an easy way of outputing the user's details
+function profile_row($name,$value){
+	if ($value)
+		echo "$name: $value<br />\n";
 }

-prof("Username", $user->username);
-prof("Year", $user->year);
-prof("Group", $user->group);
+profile_row("Username", $user->username);
+profile_row("Year", $user->year);
+profile_row("Group", $user->group);

 echo "<p>";
-if ($user->id == $current_user->id || $current_user->isAdmin())
-	echo "<a class=\"button\" href=\"profile.php?id={$user->id}&edit=1\">Edit</a>";
+if ($user->id == $current_user->id || $current_user->isAdmin()){
+if ($_GET['edit']==1){
+	?>
+	<form action="<?php echo "profile.php?id={$user->id}&edit=1";?>" method="post">
+		<input type="hidden" value="1" name="submitted" />
+		<?php if ($_GET['failed']==1) echo "<p style=\"color:red;\">Failed to change password.</p>";
+		if ($current_user->id == $user->id){ ?>
+		Old password: <input type="password" name="old" /><br>
+		<?php } ?>
+		New password: <input type="password" name="new" /><br>
+		Confirm new password: <input type="password" name="confirm" /><br>
+		<input type="submit" value="Save">
+	</form>
+	</p><p>
+	<?php
+}else{
+		echo "<a class=\"button\" href=\"profile.php?id={$user->id}&edit=1\">Edit</a>";
+}
+}
+	
 if ($user->isPupil())
 	echo " <a class=\"button\" href=\"report.php?id={$user->id}\">View Report</a>";
 echo "</p>";
--- a/test/view.php
+++ b/test/view.php
@ -8,36 +8,43 @@ auth(AUTH_PUPIL);
 // Load Test details from database
 $test = Test::get($_GET['id']);

+// Check that test exists
 if (!$test)
 	msgscrn("Test not found","Test could not be found","","");
 	
+// Get author of test
 $author = User::get($test->userID);

-
-
-// Show test player page
+// Show page
 showHeader($test->title." - Results");
-
 echo "<h2>".$test->title."</h2>";
-
 echo "<p>Created on ".$test->datecreated;
-
 if ($author)
 	echo " by ".$author->firstname ." ". $author->surname;
-	
 echo "</p>";

 // Show user test submissions
 if ($current_user->rank == 1 || $_GET['user']){
+	// Get the id of the pupil whose results we are looking at
 	$search_id = ($current_user->rank == 1) ? $current_user->id : $_GET['user'];
-	$me = Score::_search("WHERE userID = $search_id AND testID = {$test->id} ORDER BY scoreID desc");
-	if (count($me)<1){
-		echo ($search_id == $current_user->id) ? "You have not taken this test yet.":"The pupil has not taken this test yet.";
+	
+	// Get results
+	$myres = Score::_search("WHERE userID = $search_id AND testID = {$test->id} ORDER BY scoreID desc");
+	
+	if (count($myres)<1){
+		// They have not taken this test yet, display message
+		if ($search_id == $current_user->id)
+			echo "You have not taken this test yet.";
+		else
+			echo "The pupil has not taken this test yet.";
+			
+		// Show appropriate buttons
 		if($current_user->rank > 1)
 			echo "<p><a href=\"view.php?id={$test->id}\" class=\"button\">Back</a></p>";
 		else
 			echo "<p><a href=\"take.php?id={$test->id}\" class=\"button\">Take test</a></p>";
 	}else{
+		//	Display messages, and table start
 		echo "<p>Each row in this table is an attempt at the test. The latest attempt is at the top</p>";
 		if ($_GET['latest']==1){
 			?>
@ -51,8 +58,12 @@ if ($current_user->rank == 1 || $_GET['user']){
 		}
 		echo "<table class=\"resultTable\">";
 		echo "<tr><th>Score</th><th>Incorrect words</th></tr>";
-		foreach($me as $s){
+		
+		// Loop through scores
+		foreach($myres as $s){
 			echo "<tr><td>{$s->score}</td><td>";
+			
+			// Get the words they got wrong, and print them.
 			$ww = $s->wrongWords();
 			if ($ww){
 				echo "<span style=\"color:red\">";
@ -61,7 +72,7 @@ if ($current_user->rank == 1 || $_GET['user']){
 					if ($comma)
 						echo ", ";
 						
-					echo $w->word;
+					echo "'".$w->word."'";
 					$comma = true;
 				}
 				echo "</span>";
@ -72,28 +83,33 @@ if ($current_user->rank == 1 || $_GET['user']){
 		}
 		echo "</table>";
 		
+		// Display appropriate buttons
 		if($current_user->rank > 1)
 			echo "<p><a href=\"view.php?id={$test->id}\" class=\"button\">Back</a>";
 		else
 			echo "<p><a href=\"take.php?id={$test->id}\" class=\"button\">Retake test</a>";
-			
 		echo "<a href=\"../report.php?id=$search_id\" class=\"button\">View Report</a></p>";
 	}
 }else if($current_user->rank > 1){
+	// Get users that this test applies to
 	$users = $test->users();
 	if (!$users || count($users)<1){
+		// Display message
 		echo "No pupils are to take this test<br>";
 	}else{
+		// Display table head
 		echo "<table class=\"resultTable\">";
 		echo "<tr><th>User</th><th>Score</th><th>Attempts</td><th></th></tr>";
+		
+		// Loop through users
 		foreach($users as $u){
 			echo "<tr><td>{$u->surname} {$u->firstname}</td>";
 			
+			// Declare score here, so it is in the correct scope
 			$score = -1;
 			
 			// Load score submissions
 			$scr = Score::_search("WHERE userID = {$u->id} AND testID = {$test->id}");
-			
 			if ($scr){
 				foreach ($scr as $s){
 					if ($s->score > $score || $score == -1){
@ -102,6 +118,7 @@ if ($current_user->rank == 1 || $_GET['user']){
 				}
 			}
 			
+			// Display score and attempts
 			if (!$scr || count($scr)<1){
 				echo "<td style=\"background:red;color:white;\" colspan=2>Test not taken yet!</td>";
 			}else{
--- a/users.php
+++ b/users.php
@ -12,16 +12,18 @@ $rank = $_GET['rank'];
 if (($year!=null && !is_numeric($year)) || ($rank!=null && !is_numeric($rank)))
 	msgscrn("Query blocked","Your search terms are invalid.","","");

-$q = "";
+$query = "";

+// Add surname filter to query
 if ($surname)
-	$q .= "surname LIKE '$surname'";	
+	$query .= "surname LIKE '$surname'";	

+// Add rank filter to query
 if ($rank)
-	$q .= (($q!="")?" AND ":"") . "rank = $rank"; // The ? here adds ' AND ' if there was a previous condition
+	$query .= (($query!="")?" AND ":"") . "rank = $rank"; // The ? here adds ' AND ' if there was a previous condition

 // Get tests
-$users = User::_search( ($q!="")? "WHERE $q" : "" ); // The ? here adds 'WHERE' if there is a query
+$users = User::_search( ($query!="")? "WHERE $query" : "" ); // The ? here adds 'WHERE' if there is a query

 // Show test player page
 showHeader("User Search");
@ -40,8 +42,10 @@ echo "</select><br>\n";
 echo "<input type=\"submit\" value=\"Filter\">";
 echo "</fieldset></form><br>\n";

+// Display table head
 echo "<table class=\"resultTable\"><tr><th width=\"50%\">Name</th><th style=\"width: 10%;\">Year</th><th style=\"width:10%;\">Group</th><th style=\"width:30%;\">Controls</th></tr>\n";

+// Loop through users
 foreach ($users as $u){
 	echo "<tr><td>{$u->surname}, {$u->firstname}</td><td>{$u->year}</td><td>{$u->group}</td><td><a href=\"profile.php?id={$u->id}\" class=\"button\">Profile</a></td></tr>\n";
 }