Hello
parent
b4fc06db87
commit
7a41dbbbdf
|
@ -0,0 +1,75 @@
|
|||
<?php
|
||||
// Include shared subprograms
|
||||
require "common/common.php";
|
||||
|
||||
// Only allow admins to view this page
|
||||
auth(AUTH_ADMIN);
|
||||
|
||||
if ($_GET['id']=="user"){
|
||||
$user = new User(null);
|
||||
$user->username = $_POST['username'];
|
||||
$user->firstname = $_POST['first'];
|
||||
$user->surname = $_POST['sur'];
|
||||
$user->password = md5($_POST['pass']);
|
||||
$user->rank = $_POST['rank'];
|
||||
$user->year = $_POST['year'];
|
||||
$user->group = $_POST['group'];
|
||||
$user->save();
|
||||
header("location: admin.php");
|
||||
die("");
|
||||
}
|
||||
|
||||
if ($_GET['id']=="increase"){
|
||||
if ($_GET['con']==1){
|
||||
$all_users = User::all();
|
||||
foreach ($all_users as $user){
|
||||
if (is_numeric($user->year)){
|
||||
$user->year = $user->year + 1;
|
||||
$user->save();
|
||||
}
|
||||
}
|
||||
header("location: admin.php");
|
||||
die("");
|
||||
}else{
|
||||
showHeader("Are you sure?");?>
|
||||
<h2>Are you sure?</h2>
|
||||
|
||||
<p>
|
||||
This will increase all pupils years by 1.
|
||||
</p>
|
||||
|
||||
<a class="button" href="admin.php?id=increase&con=1">Increase all years</a> <a class="button" href="admin.php">Cancel</a>
|
||||
<?php die("");
|
||||
}
|
||||
}
|
||||
|
||||
// Show admin settings page
|
||||
showHeader("Admin Settings");
|
||||
?>
|
||||
<h2>Admin Settings</h2>
|
||||
|
||||
<p>Please be careful in this section!</p>
|
||||
|
||||
<fieldset>
|
||||
<legend>Danger Zone</legend>
|
||||
<a href="admin.php?id=increase">Increase years</a>
|
||||
</fieldset>
|
||||
|
||||
<form action="admin.php?id=user" method="post">
|
||||
<fieldset>
|
||||
<legend>Add User</legend>
|
||||
<i>* - required</i><br>
|
||||
* Firstname: <input type="text" name="first" required><br>
|
||||
* Surname: <input type="text" name="sur" required><br>
|
||||
* Username: <input type="text" name="username" required><br>
|
||||
* Password: <input type="text" name="pass" value="password" required><br>
|
||||
* Rank: <select name="rank">
|
||||
<option value="1" selected>Pupil</option>";
|
||||
<option value="2">Staff</option>";
|
||||
<option value="3">Admin</option>";
|
||||
</select><br>
|
||||
Year: <input type="number" name="year" min=3 max=6 /><br>
|
||||
Group: <input type="text" name="group" size=1 /><br><br>
|
||||
<input type="submit" value="Create" />
|
||||
</fieldset>
|
||||
</form>
|
|
@ -64,7 +64,7 @@ function getAuthLabel($level){
|
|||
return "pupil";
|
||||
else if ($level == AUTH_STAFF)
|
||||
return "staff";
|
||||
else if ($level == AUTH_STAFF)
|
||||
else if ($level == AUTH_ADMIN)
|
||||
return "admin";
|
||||
else
|
||||
return "lvl($level)";
|
||||
|
|
|
@ -42,21 +42,8 @@ class User {
|
|||
return "{$res}";
|
||||
}
|
||||
|
||||
// Save the record
|
||||
public function save(){
|
||||
global $handle;
|
||||
if ($this->id == -1){
|
||||
// Create SQL query
|
||||
$h = $handle->prepare("INSERT INTO user(username,password,firstname,surname,year,ugroup,rank) VALUES (?, ?, ?, ?, ?, ?, ?)") or die("SQL Prepare: ".mysqli_error($handle));
|
||||
$h->bind_param('ssssisi',$this->username,$this->password,$this->firstname,$this->surname,$this->year,$this->group,$this->rank) or die("SQL Param: ".mysqli_error($handle));
|
||||
|
||||
// Insert the new record into the table
|
||||
$h->execute() or die("<br><br>SQL Execute: ".mysqli_error($handle));
|
||||
$h->close();
|
||||
$this->id = $handle->insert_id;
|
||||
}else{
|
||||
// Update existing record
|
||||
function update($id, $col, $value, $int=false){
|
||||
private function update($id, $col, $value, $int=false){
|
||||
// Update a field in an existing record
|
||||
global $handle;
|
||||
$res = "";
|
||||
|
@ -71,19 +58,31 @@ class User {
|
|||
// Update string field
|
||||
$res = "UPDATE user SET $col = '$value' WHERE userID = $id";
|
||||
}
|
||||
|
||||
// Run update query
|
||||
$handle->query($res) or die("<br><br>Query Error: ".mysqli_error($handle));
|
||||
}
|
||||
|
||||
// Save the record
|
||||
public function save(){
|
||||
global $handle;
|
||||
if ($this->id == -1){
|
||||
// Create SQL query
|
||||
$h = $handle->prepare("INSERT INTO user(username,password,firstname,surname,year,ugroup,rank) VALUES (?, ?, ?, ?, ?, ?, ?)") or die("SQL Prepare: ".mysqli_error($handle));
|
||||
$h->bind_param('ssssisi',$this->username,$this->password,$this->firstname,$this->surname,$this->year,$this->group,$this->rank) or die("SQL Param: ".mysqli_error($handle));
|
||||
|
||||
// Insert the new record into the table
|
||||
$h->execute() or die("<br><br>SQL Execute: ".mysqli_error($handle));
|
||||
$h->close();
|
||||
$this->id = $handle->insert_id;
|
||||
}else{
|
||||
// Update each field using the function above
|
||||
update($this->id,"username",$this->username,false);
|
||||
update($this->id,"password",$this->password,false);
|
||||
update($this->id,"firstname",$this->firstname,false);
|
||||
update($this->id,"surname",$this->surname,false);
|
||||
update($this->id,"year",$this->year,true);
|
||||
update($this->id,"ugroup",$this->group,false);
|
||||
update($this->id,"rank",$this->rank,true);
|
||||
$this->update($this->id,"username",$this->username,false);
|
||||
$this->update($this->id,"password",$this->password,false);
|
||||
$this->update($this->id,"firstname",$this->firstname,false);
|
||||
$this->update($this->id,"surname",$this->surname,false);
|
||||
$this->update($this->id,"year",$this->year,true);
|
||||
$this->update($this->id,"ugroup",$this->group,false);
|
||||
$this->update($this->id,"rank",$this->rank,true);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
15
index.php
15
index.php
|
@ -1,10 +1,14 @@
|
|||
<?php
|
||||
require "common/common.php";
|
||||
|
||||
// Require log in
|
||||
auth(AUTH_PUPIL);
|
||||
|
||||
// Display page
|
||||
showHeader("Dashboard");
|
||||
|
||||
|
||||
// Display 404 - page not found message if necessary
|
||||
if ($_GET['404']==1){
|
||||
?>
|
||||
<div style="background:red;color:white;padding:1em;margin:0.5em;margin-bottom:1em;border-radius:2px;">
|
||||
|
@ -12,18 +16,25 @@ if ($_GET['404']==1){
|
|||
</div>
|
||||
<?php
|
||||
}
|
||||
|
||||
// Show the dashboard
|
||||
?>
|
||||
<h2>Dashboard</h2>
|
||||
|
||||
<?php
|
||||
if ($current_user->isPupil()){
|
||||
// Show pupil dash board
|
||||
echo "<table id=\"testlist\">";
|
||||
$ass = $current_user->tests();
|
||||
|
||||
// Get all assignments this pupil has
|
||||
$ass = $current_user->tests();
|
||||
foreach ($ass as $a){
|
||||
// Look for submitted results from this pupil, for the test.
|
||||
// ie: see if the pupil has done this test yet
|
||||
$res = Score::getfromusertest($current_user->id,$a->testID);
|
||||
echo "<tr><td>".$a->test()->title."</td><td class=\"take\" style=\"width:120px;\">";
|
||||
|
||||
// Show correct button - retake or take.
|
||||
if (!$res || count($res)==0)
|
||||
echo "<a class=\"button\" href=\"".burl("test/take.php?id=".$a->test()->id)."\">Take</a>";
|
||||
else
|
||||
|
@ -32,6 +43,7 @@ if ($current_user->isPupil()){
|
|||
echo "</td></tr>";
|
||||
}
|
||||
}else if ($current_user->isStaff()){
|
||||
// Show staff dash board
|
||||
?>
|
||||
<div class="dashbox">
|
||||
<div class="dashbox_title">
|
||||
|
@ -42,6 +54,7 @@ if ($current_user->isPupil()){
|
|||
<li><a href="<?php echo burl("users.php?rank=1");?>">Pupils</a></li>
|
||||
<li><a href="<?php echo burl("test/?user=".$current_user->id);?>">My Tests</a></li>
|
||||
<?php
|
||||
if ($current_user->isAdmin())
|
||||
echo "\t\t\t<li><a href=\"".burl("admin.php")."\">Admin Tools</a></li>";
|
||||
?>
|
||||
|
||||
|
|
17
login.php
17
login.php
|
@ -1,38 +1,33 @@
|
|||
<?php
|
||||
require "common/common.php";
|
||||
|
||||
// Check for submissions
|
||||
if ($_POST['submitted']=="true"){
|
||||
// Check username and password
|
||||
$user = User::getUsername($_POST['username']);
|
||||
if ($user){
|
||||
// hash password to be checked against database
|
||||
$hash = md5($_POST['password']);
|
||||
if ($hash == $user->password){
|
||||
// Log user in
|
||||
$_SESSION['user'] = $user->username;
|
||||
header("location: index.php");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Show page
|
||||
showHeader("Log in");
|
||||
?>
|
||||
<form action="login.php" method="post">
|
||||
<input type="hidden" name="submitted" value="true" />
|
||||
<?php
|
||||
if ($_POST['submitted']=="true"){
|
||||
// Show wrong username / password message
|
||||
echo "<span style=\"color:red;\">Wrong username / password</span><br>";
|
||||
}
|
||||
|
||||
?>
|
||||
Username: <input type="test" name="username"><br>
|
||||
Password: <input type="password" name="password"><br>
|
||||
<input type="submit" value="Log in">
|
||||
|
||||
<p>
|
||||
<b>Admins:</b> aw<br />
|
||||
<b>Staff:</b> ad<br />
|
||||
<b>Pupils:</b> to, rt, mp
|
||||
|
||||
<p>
|
||||
<b>Password:</b> pass
|
||||
</p>
|
||||
</p>
|
||||
</form>
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
<?php
|
||||
// Log user out
|
||||
session_start();
|
||||
session_destroy();
|
||||
|
||||
header("location: index.php");
|
||||
// Redirect to the login page
|
||||
header("location: login.php");
|
63
profile.php
63
profile.php
|
@ -2,6 +2,7 @@
|
|||
// Include shared subprograms
|
||||
require "common/common.php";
|
||||
|
||||
// Get the user whose profile we are going to show
|
||||
$user = 0;
|
||||
if (!$_GET['id'] || $current_user->id == $_GET['id']){
|
||||
$user = $current_user;
|
||||
|
@ -15,26 +16,70 @@ if (!$_GET['id'] || $current_user->id == $_GET['id']){
|
|||
msgscrn("User not found","The user does not exist.","","rc");
|
||||
}
|
||||
|
||||
// Change the user's password, if requested.
|
||||
if ( ($_GET['edit']==1) && ($_POST['submitted']==1) && ($user->id == $current_user->id || $current_user->isAdmin()) ){
|
||||
// Check that the old password given is correct.
|
||||
// Admins editing other user's passwords do not need this
|
||||
if ($current_user->id == $user->id){
|
||||
$hashed = md5($_POST['old']);
|
||||
if ($user->password != $hashed){
|
||||
// Show error page
|
||||
header("location: profile.php?id={$user->id}&edit=1&failed=1");
|
||||
die("");
|
||||
}
|
||||
}
|
||||
// Check that the new passwords match
|
||||
if ($_POST['new'] == $_POST['confirm'] && $_POST['new']!=""){
|
||||
// Change password
|
||||
$user->password = md5($_POST["new"]);
|
||||
$user->save();
|
||||
|
||||
// Go back to the profile page
|
||||
header("location: profile.php?id={$user->id}");
|
||||
die("");
|
||||
}
|
||||
// Show error page
|
||||
header("location: profile.php?id={$user->id}&edit=1&failed=1");
|
||||
die("");
|
||||
}
|
||||
|
||||
// Show test player page
|
||||
showHeader($user->firstname." ".$user->surname." - Profile");
|
||||
|
||||
|
||||
?>
|
||||
<h1><?php echo $user->firstname;?> <?php echo $user->surname;?></h1>
|
||||
<?php
|
||||
|
||||
function prof($one,$two){
|
||||
if ($two)
|
||||
echo "$one: $two<br />\n";
|
||||
// This function is an easy way of outputing the user's details
|
||||
function profile_row($name,$value){
|
||||
if ($value)
|
||||
echo "$name: $value<br />\n";
|
||||
}
|
||||
|
||||
prof("Username", $user->username);
|
||||
prof("Year", $user->year);
|
||||
prof("Group", $user->group);
|
||||
profile_row("Username", $user->username);
|
||||
profile_row("Year", $user->year);
|
||||
profile_row("Group", $user->group);
|
||||
|
||||
echo "<p>";
|
||||
if ($user->id == $current_user->id || $current_user->isAdmin())
|
||||
if ($user->id == $current_user->id || $current_user->isAdmin()){
|
||||
if ($_GET['edit']==1){
|
||||
?>
|
||||
<form action="<?php echo "profile.php?id={$user->id}&edit=1";?>" method="post">
|
||||
<input type="hidden" value="1" name="submitted" />
|
||||
<?php if ($_GET['failed']==1) echo "<p style=\"color:red;\">Failed to change password.</p>";
|
||||
if ($current_user->id == $user->id){ ?>
|
||||
Old password: <input type="password" name="old" /><br>
|
||||
<?php } ?>
|
||||
New password: <input type="password" name="new" /><br>
|
||||
Confirm new password: <input type="password" name="confirm" /><br>
|
||||
<input type="submit" value="Save">
|
||||
</form>
|
||||
</p><p>
|
||||
<?php
|
||||
}else{
|
||||
echo "<a class=\"button\" href=\"profile.php?id={$user->id}&edit=1\">Edit</a>";
|
||||
}
|
||||
}
|
||||
|
||||
if ($user->isPupil())
|
||||
echo " <a class=\"button\" href=\"report.php?id={$user->id}\">View Report</a>";
|
||||
echo "</p>";
|
||||
|
|
|
@ -8,36 +8,43 @@ auth(AUTH_PUPIL);
|
|||
// Load Test details from database
|
||||
$test = Test::get($_GET['id']);
|
||||
|
||||
// Check that test exists
|
||||
if (!$test)
|
||||
msgscrn("Test not found","Test could not be found","","");
|
||||
|
||||
// Get author of test
|
||||
$author = User::get($test->userID);
|
||||
|
||||
|
||||
|
||||
// Show test player page
|
||||
// Show page
|
||||
showHeader($test->title." - Results");
|
||||
|
||||
echo "<h2>".$test->title."</h2>";
|
||||
|
||||
echo "<p>Created on ".$test->datecreated;
|
||||
|
||||
if ($author)
|
||||
echo " by ".$author->firstname ." ". $author->surname;
|
||||
|
||||
echo "</p>";
|
||||
|
||||
// Show user test submissions
|
||||
if ($current_user->rank == 1 || $_GET['user']){
|
||||
// Get the id of the pupil whose results we are looking at
|
||||
$search_id = ($current_user->rank == 1) ? $current_user->id : $_GET['user'];
|
||||
$me = Score::_search("WHERE userID = $search_id AND testID = {$test->id} ORDER BY scoreID desc");
|
||||
if (count($me)<1){
|
||||
echo ($search_id == $current_user->id) ? "You have not taken this test yet.":"The pupil has not taken this test yet.";
|
||||
|
||||
// Get results
|
||||
$myres = Score::_search("WHERE userID = $search_id AND testID = {$test->id} ORDER BY scoreID desc");
|
||||
|
||||
if (count($myres)<1){
|
||||
// They have not taken this test yet, display message
|
||||
if ($search_id == $current_user->id)
|
||||
echo "You have not taken this test yet.";
|
||||
else
|
||||
echo "The pupil has not taken this test yet.";
|
||||
|
||||
// Show appropriate buttons
|
||||
if($current_user->rank > 1)
|
||||
echo "<p><a href=\"view.php?id={$test->id}\" class=\"button\">Back</a></p>";
|
||||
else
|
||||
echo "<p><a href=\"take.php?id={$test->id}\" class=\"button\">Take test</a></p>";
|
||||
}else{
|
||||
// Display messages, and table start
|
||||
echo "<p>Each row in this table is an attempt at the test. The latest attempt is at the top</p>";
|
||||
if ($_GET['latest']==1){
|
||||
?>
|
||||
|
@ -51,8 +58,12 @@ if ($current_user->rank == 1 || $_GET['user']){
|
|||
}
|
||||
echo "<table class=\"resultTable\">";
|
||||
echo "<tr><th>Score</th><th>Incorrect words</th></tr>";
|
||||
foreach($me as $s){
|
||||
|
||||
// Loop through scores
|
||||
foreach($myres as $s){
|
||||
echo "<tr><td>{$s->score}</td><td>";
|
||||
|
||||
// Get the words they got wrong, and print them.
|
||||
$ww = $s->wrongWords();
|
||||
if ($ww){
|
||||
echo "<span style=\"color:red\">";
|
||||
|
@ -61,7 +72,7 @@ if ($current_user->rank == 1 || $_GET['user']){
|
|||
if ($comma)
|
||||
echo ", ";
|
||||
|
||||
echo $w->word;
|
||||
echo "'".$w->word."'";
|
||||
$comma = true;
|
||||
}
|
||||
echo "</span>";
|
||||
|
@ -72,28 +83,33 @@ if ($current_user->rank == 1 || $_GET['user']){
|
|||
}
|
||||
echo "</table>";
|
||||
|
||||
// Display appropriate buttons
|
||||
if($current_user->rank > 1)
|
||||
echo "<p><a href=\"view.php?id={$test->id}\" class=\"button\">Back</a>";
|
||||
else
|
||||
echo "<p><a href=\"take.php?id={$test->id}\" class=\"button\">Retake test</a>";
|
||||
|
||||
echo "<a href=\"../report.php?id=$search_id\" class=\"button\">View Report</a></p>";
|
||||
}
|
||||
}else if($current_user->rank > 1){
|
||||
// Get users that this test applies to
|
||||
$users = $test->users();
|
||||
if (!$users || count($users)<1){
|
||||
// Display message
|
||||
echo "No pupils are to take this test<br>";
|
||||
}else{
|
||||
// Display table head
|
||||
echo "<table class=\"resultTable\">";
|
||||
echo "<tr><th>User</th><th>Score</th><th>Attempts</td><th></th></tr>";
|
||||
|
||||
// Loop through users
|
||||
foreach($users as $u){
|
||||
echo "<tr><td>{$u->surname} {$u->firstname}</td>";
|
||||
|
||||
// Declare score here, so it is in the correct scope
|
||||
$score = -1;
|
||||
|
||||
// Load score submissions
|
||||
$scr = Score::_search("WHERE userID = {$u->id} AND testID = {$test->id}");
|
||||
|
||||
if ($scr){
|
||||
foreach ($scr as $s){
|
||||
if ($s->score > $score || $score == -1){
|
||||
|
@ -102,6 +118,7 @@ if ($current_user->rank == 1 || $_GET['user']){
|
|||
}
|
||||
}
|
||||
|
||||
// Display score and attempts
|
||||
if (!$scr || count($scr)<1){
|
||||
echo "<td style=\"background:red;color:white;\" colspan=2>Test not taken yet!</td>";
|
||||
}else{
|
||||
|
|
12
users.php
12
users.php
|
@ -12,16 +12,18 @@ $rank = $_GET['rank'];
|
|||
if (($year!=null && !is_numeric($year)) || ($rank!=null && !is_numeric($rank)))
|
||||
msgscrn("Query blocked","Your search terms are invalid.","","");
|
||||
|
||||
$q = "";
|
||||
$query = "";
|
||||
|
||||
// Add surname filter to query
|
||||
if ($surname)
|
||||
$q .= "surname LIKE '$surname'";
|
||||
$query .= "surname LIKE '$surname'";
|
||||
|
||||
// Add rank filter to query
|
||||
if ($rank)
|
||||
$q .= (($q!="")?" AND ":"") . "rank = $rank"; // The ? here adds ' AND ' if there was a previous condition
|
||||
$query .= (($query!="")?" AND ":"") . "rank = $rank"; // The ? here adds ' AND ' if there was a previous condition
|
||||
|
||||
// Get tests
|
||||
$users = User::_search( ($q!="")? "WHERE $q" : "" ); // The ? here adds 'WHERE' if there is a query
|
||||
$users = User::_search( ($query!="")? "WHERE $query" : "" ); // The ? here adds 'WHERE' if there is a query
|
||||
|
||||
// Show test player page
|
||||
showHeader("User Search");
|
||||
|
@ -40,8 +42,10 @@ echo "</select><br>\n";
|
|||
echo "<input type=\"submit\" value=\"Filter\">";
|
||||
echo "</fieldset></form><br>\n";
|
||||
|
||||
// Display table head
|
||||
echo "<table class=\"resultTable\"><tr><th width=\"50%\">Name</th><th style=\"width: 10%;\">Year</th><th style=\"width:10%;\">Group</th><th style=\"width:30%;\">Controls</th></tr>\n";
|
||||
|
||||
// Loop through users
|
||||
foreach ($users as $u){
|
||||
echo "<tr><td>{$u->surname}, {$u->firstname}</td><td>{$u->year}</td><td>{$u->group}</td><td><a href=\"profile.php?id={$u->id}\" class=\"button\">Profile</a></td></tr>\n";
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue