From 7a41dbbbdf3a7b72c547e4b338c775c6db52f161 Mon Sep 17 00:00:00 2001 From: rubenwardy Date: Wed, 9 Apr 2014 15:56:22 +0000 Subject: [PATCH] Hello --- admin.php | 75 ++++++++++++++++++++++++++++++++++++++++ common/common.php | 2 +- common/database/user.php | 55 +++++++++++++++-------------- index.php | 17 +++++++-- login.php | 17 ++++----- logout.php | 4 ++- profile.php | 65 ++++++++++++++++++++++++++++------ test/view.php | 45 ++++++++++++++++-------- users.php | 12 ++++--- 9 files changed, 221 insertions(+), 71 deletions(-) create mode 100644 admin.php diff --git a/admin.php b/admin.php new file mode 100644 index 0000000..4bee559 --- /dev/null +++ b/admin.php @@ -0,0 +1,75 @@ +username = $_POST['username']; + $user->firstname = $_POST['first']; + $user->surname = $_POST['sur']; + $user->password = md5($_POST['pass']); + $user->rank = $_POST['rank']; + $user->year = $_POST['year']; + $user->group = $_POST['group']; + $user->save(); + header("location: admin.php"); + die(""); +} + +if ($_GET['id']=="increase"){ + if ($_GET['con']==1){ + $all_users = User::all(); + foreach ($all_users as $user){ + if (is_numeric($user->year)){ + $user->year = $user->year + 1; + $user->save(); + } + } + header("location: admin.php"); + die(""); + }else{ + showHeader("Are you sure?");?> +

Are you sure?

+ +

+ This will increase all pupils years by 1. +

+ + Increase all years Cancel + +

Admin Settings

+ +

Please be careful in this section!

+ +
+Danger Zone +Increase years +
+ +
+
+Add User +* - required
+* Firstname:
+* Surname:
+* Username:
+* Password:
+* Rank:
+Year:
+Group:

+ +
+
\ No newline at end of file diff --git a/common/common.php b/common/common.php index 41542b6..261712d 100644 --- a/common/common.php +++ b/common/common.php @@ -64,7 +64,7 @@ function getAuthLabel($level){ return "pupil"; else if ($level == AUTH_STAFF) return "staff"; - else if ($level == AUTH_STAFF) + else if ($level == AUTH_ADMIN) return "admin"; else return "lvl($level)"; diff --git a/common/database/user.php b/common/database/user.php index 6442c85..e3a99a9 100644 --- a/common/database/user.php +++ b/common/database/user.php @@ -42,6 +42,26 @@ class User { return "{$res}"; } + // Update existing record + private function update($id, $col, $value, $int=false){ + // Update a field in an existing record + global $handle; + $res = ""; + if ($int){ + // Update integer field + if (!is_numeric($value)){ + echo "

inputed value is not numeric! ($id, $col, $value, $int)

"; + return; + } + $res = "UPDATE user SET $col = $value WHERE userID = $id"; + }else{ + // Update string field + $res = "UPDATE user SET $col = '$value' WHERE userID = $id"; + } + // Run update query + $handle->query($res) or die("

Query Error: ".mysqli_error($handle)); + } + // Save the record public function save(){ global $handle; @@ -55,35 +75,14 @@ class User { $h->close(); $this->id = $handle->insert_id; }else{ - // Update existing record - function update($id, $col, $value, $int=false){ - // Update a field in an existing record - global $handle; - $res = ""; - if ($int){ - // Update integer field - if (!is_numeric($value)){ - echo "

inputed value is not numeric! ($id, $col, $value, $int)

"; - return; - } - $res = "UPDATE user SET $col = $value WHERE userID = $id"; - }else{ - // Update string field - $res = "UPDATE user SET $col = '$value' WHERE userID = $id"; - } - - // Run update query - $handle->query($res) or die("

Query Error: ".mysqli_error($handle)); - } - // Update each field using the function above - update($this->id,"username",$this->username,false); - update($this->id,"password",$this->password,false); - update($this->id,"firstname",$this->firstname,false); - update($this->id,"surname",$this->surname,false); - update($this->id,"year",$this->year,true); - update($this->id,"ugroup",$this->group,false); - update($this->id,"rank",$this->rank,true); + $this->update($this->id,"username",$this->username,false); + $this->update($this->id,"password",$this->password,false); + $this->update($this->id,"firstname",$this->firstname,false); + $this->update($this->id,"surname",$this->surname,false); + $this->update($this->id,"year",$this->year,true); + $this->update($this->id,"ugroup",$this->group,false); + $this->update($this->id,"rank",$this->rank,true); } } diff --git a/index.php b/index.php index 3803947..7e7fda5 100644 --- a/index.php +++ b/index.php @@ -1,10 +1,14 @@
@@ -12,18 +16,25 @@ if ($_GET['404']==1){

Dashboard

isPupil()){ + // Show pupil dash board echo ""; - $ass = $current_user->tests(); + // Get all assignments this pupil has + $ass = $current_user->tests(); foreach ($ass as $a){ + // Look for submitted results from this pupil, for the test. + // ie: see if the pupil has done this test yet $res = Score::getfromusertest($current_user->id,$a->testID); echo ""; } }else if ($current_user->isStaff()){ + // Show staff dash board ?>
@@ -42,7 +54,8 @@ if ($current_user->isPupil()){
  • ">Pupils
  • My Tests
  • Admin Tools"; + if ($current_user->isAdmin()) + echo "\t\t\t
  • Admin Tools
  • "; ?> diff --git a/login.php b/login.php index 437406d..b343b7a 100644 --- a/login.php +++ b/login.php @@ -1,38 +1,33 @@ password){ + // Log user in $_SESSION['user'] = $user->username; header("location: index.php"); } } } +// Show page showHeader("Log in"); ?>
    Wrong username / password
    "; } - ?> Username:
    Password:
    - -

    - Admins: aw
    - Staff: ad
    - Pupils: to, rt, mp - -

    - Password: pass -

    -

    diff --git a/logout.php b/logout.php index df2c7aa..e1a81da 100644 --- a/logout.php +++ b/logout.php @@ -1,5 +1,7 @@ id == $_GET['id']){ $user = $current_user; @@ -15,26 +16,70 @@ if (!$_GET['id'] || $current_user->id == $_GET['id']){ msgscrn("User not found","The user does not exist.","","rc"); } +// Change the user's password, if requested. +if ( ($_GET['edit']==1) && ($_POST['submitted']==1) && ($user->id == $current_user->id || $current_user->isAdmin()) ){ + // Check that the old password given is correct. + // Admins editing other user's passwords do not need this + if ($current_user->id == $user->id){ + $hashed = md5($_POST['old']); + if ($user->password != $hashed){ + // Show error page + header("location: profile.php?id={$user->id}&edit=1&failed=1"); + die(""); + } + } + // Check that the new passwords match + if ($_POST['new'] == $_POST['confirm'] && $_POST['new']!=""){ + // Change password + $user->password = md5($_POST["new"]); + $user->save(); + + // Go back to the profile page + header("location: profile.php?id={$user->id}"); + die(""); + } + // Show error page + header("location: profile.php?id={$user->id}&edit=1&failed=1"); + die(""); +} + // Show test player page showHeader($user->firstname." ".$user->surname." - Profile"); - - ?>

    firstname;?> surname;?>

    \n"; +// This function is an easy way of outputing the user's details +function profile_row($name,$value){ + if ($value) + echo "$name: $value
    \n"; } -prof("Username", $user->username); -prof("Year", $user->year); -prof("Group", $user->group); +profile_row("Username", $user->username); +profile_row("Year", $user->year); +profile_row("Group", $user->group); echo "

    "; -if ($user->id == $current_user->id || $current_user->isAdmin()) - echo "id}&edit=1\">Edit"; +if ($user->id == $current_user->id || $current_user->isAdmin()){ +if ($_GET['edit']==1){ + ?> +
    id}&edit=1";?>" method="post"> + + Failed to change password.

    "; + if ($current_user->id == $user->id){ ?> + Old password:
    + + New password:
    + Confirm new password:
    + + +

    + id}&edit=1\">Edit"; +} +} + if ($user->isPupil()) echo " id}\">View Report"; echo "

    "; diff --git a/test/view.php b/test/view.php index a4b232a..ccc41f3 100644 --- a/test/view.php +++ b/test/view.php @@ -8,36 +8,43 @@ auth(AUTH_PUPIL); // Load Test details from database $test = Test::get($_GET['id']); +// Check that test exists if (!$test) msgscrn("Test not found","Test could not be found","",""); +// Get author of test $author = User::get($test->userID); - - -// Show test player page +// Show page showHeader($test->title." - Results"); - echo "

    ".$test->title."

    "; - echo "

    Created on ".$test->datecreated; - if ($author) echo " by ".$author->firstname ." ". $author->surname; - echo "

    "; // Show user test submissions if ($current_user->rank == 1 || $_GET['user']){ + // Get the id of the pupil whose results we are looking at $search_id = ($current_user->rank == 1) ? $current_user->id : $_GET['user']; - $me = Score::_search("WHERE userID = $search_id AND testID = {$test->id} ORDER BY scoreID desc"); - if (count($me)<1){ - echo ($search_id == $current_user->id) ? "You have not taken this test yet.":"The pupil has not taken this test yet."; + + // Get results + $myres = Score::_search("WHERE userID = $search_id AND testID = {$test->id} ORDER BY scoreID desc"); + + if (count($myres)<1){ + // They have not taken this test yet, display message + if ($search_id == $current_user->id) + echo "You have not taken this test yet."; + else + echo "The pupil has not taken this test yet."; + + // Show appropriate buttons if($current_user->rank > 1) echo "

    id}\" class=\"button\">Back

    "; else echo "

    id}\" class=\"button\">Take test

    "; }else{ + // Display messages, and table start echo "

    Each row in this table is an attempt at the test. The latest attempt is at the top

    "; if ($_GET['latest']==1){ ?> @@ -51,8 +58,12 @@ if ($current_user->rank == 1 || $_GET['user']){ } echo "
    ".$a->test()->title.""; + // Show correct button - retake or take. if (!$res || count($res)==0) echo "test()->id)."\">Take"; else @@ -32,6 +43,7 @@ if ($current_user->isPupil()){ echo "
    "; echo ""; - foreach($me as $s){ + + // Loop through scores + foreach($myres as $s){ echo "
    ScoreIncorrect words
    {$s->score}"; + + // Get the words they got wrong, and print them. $ww = $s->wrongWords(); if ($ww){ echo ""; @@ -61,7 +72,7 @@ if ($current_user->rank == 1 || $_GET['user']){ if ($comma) echo ", "; - echo $w->word; + echo "'".$w->word."'"; $comma = true; } echo ""; @@ -72,28 +83,33 @@ if ($current_user->rank == 1 || $_GET['user']){ } echo "
    "; + // Display appropriate buttons if($current_user->rank > 1) echo "

    id}\" class=\"button\">Back"; else echo "

    id}\" class=\"button\">Retake test"; - echo "View Report

    "; } }else if($current_user->rank > 1){ + // Get users that this test applies to $users = $test->users(); if (!$users || count($users)<1){ + // Display message echo "No pupils are to take this test
    "; }else{ + // Display table head echo ""; echo ""; + + // Loop through users foreach($users as $u){ echo ""; + // Declare score here, so it is in the correct scope $score = -1; // Load score submissions $scr = Score::_search("WHERE userID = {$u->id} AND testID = {$test->id}"); - if ($scr){ foreach ($scr as $s){ if ($s->score > $score || $score == -1){ @@ -102,6 +118,7 @@ if ($current_user->rank == 1 || $_GET['user']){ } } + // Display score and attempts if (!$scr || count($scr)<1){ echo ""; }else{ diff --git a/users.php b/users.php index feadde9..f5f8bf0 100644 --- a/users.php +++ b/users.php @@ -12,16 +12,18 @@ $rank = $_GET['rank']; if (($year!=null && !is_numeric($year)) || ($rank!=null && !is_numeric($rank))) msgscrn("Query blocked","Your search terms are invalid.","",""); -$q = ""; +$query = ""; +// Add surname filter to query if ($surname) - $q .= "surname LIKE '$surname'"; + $query .= "surname LIKE '$surname'"; +// Add rank filter to query if ($rank) - $q .= (($q!="")?" AND ":"") . "rank = $rank"; // The ? here adds ' AND ' if there was a previous condition + $query .= (($query!="")?" AND ":"") . "rank = $rank"; // The ? here adds ' AND ' if there was a previous condition // Get tests -$users = User::_search( ($q!="")? "WHERE $q" : "" ); // The ? here adds 'WHERE' if there is a query +$users = User::_search( ($query!="")? "WHERE $query" : "" ); // The ? here adds 'WHERE' if there is a query // Show test player page showHeader("User Search"); @@ -40,8 +42,10 @@ echo "
    \n"; echo ""; echo "
    \n"; +// Display table head echo "
    UserScoreAttempts
    {$u->surname} {$u->firstname}Test not taken yet!
    \n"; +// Loop through users foreach ($users as $u){ echo "\n"; }
    NameYearGroupControls
    {$u->surname}, {$u->firstname}{$u->year}{$u->group}id}\" class=\"button\">Profile