Marle
/
webAdministracion
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Added user logic & minimal bug fixes

Victor Hernandez 4 years ago
parent
e24c9e7c11
commit
8452fc02c6
16 changed files with 532 additions and 102 deletions
Split View Show Diff Stats
  1. 17
    7
      home.php
  2. 6
    1
      js/handleSubmit.js
  3. 53
    0
      processes/addUser.php
  4. 24
    20
      processes/callback.php
  5. 1
    1
      processes/checkLogin.php
  6. 59
    38
      processes/importQuestionnaire.php
  7. 4
    0
      processes/insertExperience.php
  8. 23
    0
      processes/makeManager.php
  9. 6
    3
      processes/removeQuestionFromMoment.php
  10. 20
    4
      questionnaires.php
  11. 0
    1
      respuestas.php
  12. 2
    2
      test.php
  13. 240
    0
      users.php
  14. 51
    21
      viewExperience.php
  15. 13
    2
      viewMoment.php
  16. 13
    2
      viewQuestionnaire.php

+ 17
- 7
home.php View File 

@@ -6,12 +6,16 @@
6 6 
 	include_once 'header.php';
7 7
8 8 
 	// RETRIEVE USER'S NAME AND PICTURE
9 
-	$query1 = "SELECT * FROM `researcher` WHERE `email` = '" . $_SESSION['email'] . "';";
10 
-	$result1 = mysqli_query($connection, $query1);
11 
-	$dbUserData = mysqli_fetch_assoc($result1);
9 
+// 	$query1 = "SELECT * FROM `researcher` WHERE `email` = '" . $_SESSION['dbUserData']['email'] . "';";
10 
+// 	$result1 = mysqli_query($connection, $query1);
11 
+// 	$dbUserData = mysqli_fetch_assoc($result1);
12 
+	$dbUserData = $_SESSION['dbUserData'];
12 13
14 
+// 	var_dump($_SESSION);
15 
+// 	exit();
16 
+
13 17 
 	// IF USER NOT IN DATABASE, EXIT
14 
-	if($result1->num_rows !== 1) {
18 
+	if(!$dbUserData) {
15 19 
 		exit();
16 20 
 	}
17 21 
 	
@@ -25,7 +29,9 @@
25 29 
             	<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
26 30 
         	</a>
27 31 
         	<div id="account">
28 
-        	    <a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
32 
+            	<?php if($_SESSION['dbUserData']['admin'] === '1'): ?>
33 
+            	<a class="nav-link" href="./users.php">Manage Researchers</a>
34 
+            	<?php endif; ?>
29 35 
         	    <a class="sign-out" href="./processes/logout.php">Sign Out</a>
30 36 
         	</div>
31 37 
     	</header>
 
@@ -54,8 +60,12 @@
54 60 
             	</div>
55 61
56 62 
 <?php
57 
-	// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher`='".$dbUserData['id_researcher']."';"
58 
-	$query2 = "SELECT * FROM `experience`;";
63 
+	// CHANGE QUERY DEPENDING ON IF USER IS ADMIN OR NOT
64 
+	if($_SESSION['dbUserData']['admin'] === '1') {
65 
+		$query2 = "SELECT * FROM `experience`;";
66 
+	} else {
67 
+		$query2 = "SELECT * FROM `experience` WHERE id IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "');";
68 
+	}
59 69 
 	$result2 = mysqli_query($connection, $query2);
60 70
61 71 
 	// IF USER HAS EXPERIENCES, SHOW ALL OF THEM

+ 6
- 1
js/handleSubmit.js View File 

@@ -82,6 +82,11 @@ function handleSubmit(event, formName) {
82 82 
 			fullURI += "updateQuestion.php";
83 83 
 			break;
84 84
85 
+		// users.php
86 
+		case "addUser":
87 
+			fullURI += "addUser.php";
88 
+			break
89 
+
85 90
86 91
87 92 
 		default:
 
@@ -160,7 +165,7 @@ function handleSubmit(event, formName) {
160 165 
 			submitButton.disabled = false;
161 166
162 167 
 			// Display alert
163 
-			alertContainer.style.display = "initial";
168 
+			alertContainer.style.display = "block";
164 169
165 170 
 		});
166 171 
 // 		.always(function(data, textStatus, errorThrown) {

+ 53
- 0
processes/addUser.php View File 

@@ -0,0 +1,53 @@
1 
+<?php
2 
+
3 
+	require_once 'config.php';
4 
+	require_once 'dbh.inc.php';
5 
+	require_once 'checkLogin.php';
6 
+
7 
+
8 
+	// EXAMPLE INPUT...
9 
+	// array(3) { ["name"]=> string(0) "" ["email"]=> string(0) "" ["addUser"]=> string(0) "" }
10 
+
11 
+
12 
+	if(isset($_POST['addUser'])) {
13 
+
14 
+		$name = mysqli_real_escape_string($connection, trim($_POST['name']));
15 
+		$email = mysqli_real_escape_string($connection, trim($_POST['email']));
16 
+
17 
+		// Check if name is not an empty string
18 
+		if($name === '') {
19 
+			http_response_code(400);
20 
+			echo json_encode(array("error" => "Must specify name."));
21 
+			exit();
22 
+		}
23 
+
24 
+
25 
+		// Check if email is not an empty string
26 
+		// And that email is valid email
27 
+		// And that email is from UPR
28 
+		// And that email is not already registered
29 
+		if($email === '') {
30 
+			http_response_code(400);
31 
+			echo json_encode(array("error" => "Must specify email."));
32 
+			exit();
33 
+		} else if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
34 
+			http_response_code(400);
35 
+			echo json_encode(array("error" => "Invalid email."));
36 
+			exit();
37 
+		} else if(explode("@", $email)[1] !== "upr.edu") {
38 
+			http_response_code(400);
39 
+			echo json_encode(array("error" => "Email has to be from UPR."));
40 
+			exit();
41 
+		} else if(mysqli_query($connection, "SELECT * FROM researcher WHERE email = '$email';")->num_rows !== 0) {
42 
+			http_response_code(400);
43 
+			echo json_encode(array("error" => "Given email already registered."));
44 
+			exit();
45 
+		}
46 
+
47 
+		// Insert user
48 
+		$queryUser = "INSERT INTO researcher (`name`, `email`) VALUES ('$name', '$email');";
49 
+		mysqli_query($connection, $queryUser) or die("Error: " . mysqli_error($connection));
50 
+
51 
+		header("Location: ../users.php");
52 
+
53 
+	}

+ 24
- 20
processes/callback.php View File 

@@ -44,40 +44,44 @@
44 44 
 			Lista completa de scopes: https://developers.google.com/identity/protocols/googlescopes
45 45 
 	*/
46 46
47 
+
47 48 
 	require_once 'dbh.inc.php';
48 49
49 
-	$query = 'SELECT * FROM `researcher` WHERE `email` = "'.$userData['email'].'";';
50 
+
51 
+	$query = 'SELECT * FROM researcher WHERE email = "' . $userData['email'] . '";';
50 52 
 	$result = mysqli_query($connection, $query);
51 53 
 	$dbUserData = mysqli_fetch_assoc($result);
52 54
53 
-	$_SESSION['result'] = $result;
54 55
55 56 
 	// IF DB CAN'T FETCH USER DATA, IT MUST BE BECAUSE USER IS UNAUTHORIZED
56 
-	// ELSE KEEP RETRIEVING USER DATA FROM DB
57 
-	if($dbUserData == NULL) {
57 
+	if($dbUserData === NULL) {
58 58 
 		$_SESSION['error'] = 'unauthorized';
59 
+		header('Location: ../unauthorized.php');
60 
+		exit();
59 61 
 	}
60 
-	else {
61 62
62 
-		// NECESSARY FOR RETRIEVING DATA FROM DB ON LATER PAGES
63 
-		$_SESSION['email'] = $userData['email'];
64 
-
65 
-		//### OPTIONAL ###
66 
-		$_SESSION['newUser'] = false;
63 
+
64 
+	// FIRST ASSUME USER IS NOT NEW
65 
+	$_SESSION['newUser'] = false;
67 66
68 
-		// IF USER IS NEW, UPDATE DB WITH USER INFO FROM GOOGLE
69 
-		if($dbUserData['name'] == NULL && $dbUserData['picture'] == NULL) {
70 
-			$query = 'UPDATE `researcher` SET `name`="'.$userData['name'].'", `picture`="'.$userData['picture'].'" WHERE `email`="'.$userData['email'].'";';
71 
-			mysqli_query($connection, $query);
72 
-
73 
-			//### OPTIONAL ###
74 
-			$_SESSION['newUser'] = true;
75 
-		}
76 
-
67 
+
68 
+	// IF USER IS NEW, UPDATE DB WITH USER INFO FROM GOOGLE
69 
+	// AND SET 'newUser' SESSION VARIABLE TO TRUE
70 
+	if($dbUserData['picture'] == NULL) { //$dbUserData['name'] == NULL &&
71 
+		$query = 'UPDATE researcher SET name = "' . $userData['name'] . '", picture = "' . $userData['picture'] . '" WHERE email = "' . $userData['email'] . '";';
72 
+		mysqli_query($connection, $query);
73 
+		$_SESSION['newUser'] = true;
77 74 
 	}
75 
+
76 
+
77 
+	// REFETCH INFO FROM DATABASE AND STORE IN SESSION
78 
+	$result = mysqli_query($connection, $query);
79 
+	$dbUserData = mysqli_fetch_assoc($result);
80 
+	$_SESSION['dbUserData'] = $dbUserData;
81 
+
78 82
79 83 
 	//### FOR DEBUGGING ###
80 
-	$_SESSION['dbUserData'] = $dbUserData;
84 
+// 	$_SESSION['result'] = $result;
81 85 
 	$_SESSION['error_set'] = isset($_SESSION['error']);
82 86 
 	//### FOR DEBUGGING ###
83 87

+ 1
- 1
processes/checkLogin.php View File 

@@ -7,7 +7,7 @@
7 7 
 		header('Location: https://tania.uprrp.edu/admin_nuevo/error.php');
8 8 
 		exit();
9 9 
 	}
10 
-	else if(!empty($_SESSION) && (isset($_SESSION['error']) && $_SESSION['error'] == 'unauthorized')) {
10 
+	else if(isset($_SESSION['error']) && $_SESSION['error'] === 'unauthorized') {
11 11 
 		header('Location: https://tania.uprrp.edu/admin_nuevo/unauthorized.php');
12 12 
 		exit();
13 13 
 	}

+ 59
- 38
processes/importQuestionnaire.php View File 

@@ -1,20 +1,27 @@
1 1 
 <?php
2 2 
 include "/var/www/html/funciones.php";
3 
-include "/var/www/html/conection_test.php";
3 
+// include "/var/www/html/conection_test.php";
4 
+	require_once 'config.php';
5 
+	require_once 'dbh.inc.php';
6 
+	require_once 'checkLogin.php';
7 
+
8 
+
4 9
5 
-print_r($_FILES);
10 
+// print_r($_FILES);
11 
+// print_r($_SERVER);
6 12 
 // print_r($_POST);
7 13 
 // print_r($_GET);
8 
-
9 
-//exit();
14 
+//
15 
+// exit();
10 16 
 // $archivo="Cuestionario perfecto.xlsx";
11 
-// $id_experience= mysqli_real_escape_string($dbconnection, trim($_POST['experience']));
12 
-$id_experience= 1000;
17 
+$id_experience= mysqli_real_escape_string($connection, trim($_POST['id_experience']));
18 
+// $id_experience= mysqli_real_escape_string($connection, $_GET['id_experience']);;
19 
+
13 20 
 $archivo=$_FILES["import"]["tmp_name"];
14 21 
 $archivoOut="uploaderTemp";
15 22 
 exec("ssconvert -S  '$archivo' ../temp/$archivoOut-%s.csv");
16 23 
 // print "ssconvert -S -D ../temp '$archivo' $archivoOut-%s.csv";print"<br>";
17 
-print getcwd();
24 
+// print getcwd();
18 25 
 $q_title=explode(".", $_FILES["import"]["name"])[0];
19 26 
 $data_dir="../temp/";
20 27 
 $archivosCSV=glob("$data_dir$archivoOut*.csv");
 
@@ -34,7 +41,7 @@ $filename="$data_dir$archivoOut-questions.csv";
34 41 
 $row = 1;
35 42 
 if (($handle = fopen($filename, "r")) !== FALSE)
36 43 
 {
37 
-	print $filename."\n";
44 
+// 	print $filename."\n";
38 45 
 	$j=0;
39 46 
 	while (($data = fgetcsv($handle)) !== FALSE)
40 47 
 	{
 
@@ -48,8 +55,14 @@ if (($handle = fopen($filename, "r")) !== FALSE)
48 55 
 			GetSQLValueString($q_title,"text"),
49 56 
 			GetSQLValueString($descripcion,"text")
50 57 
 		);
51 
-			mysqli_query($dbconnection, $sql);
52 
-			$id_cuestionario=mysqli_insert_id($dbconnection);
58 
+			mysqli_query($connection, $sql);
59 
+			$id_cuestionario=mysqli_insert_id($connection);
60 
+			$sql=sprintf("INSERT INTO `experience_questionnair`(`id_experience`, `id_questionnair`) VALUES (%s, %s)
61 
+			",
62 
+			GetSQLValueString($id_experience,"int"),
63 
+			GetSQLValueString($id_cuestionario,"int")
64 
+			);
65 
+			mysqli_query($connection, $sql);
53 66 
 		}
54 67
55 68 
 		if($j>1)
 
@@ -115,9 +128,9 @@ foreach($categoria as &$cat)
115 128 
 	GetSQLValueString($cat["catText"],"text"),
116 129 
 	GetSQLValueString($id_cuestionario,"int")
117 130 
 	);
118 
-	print($sql);print "\n";
119 
-	mysqli_query($dbconnection, $sql);
120 
-	$id_cat_db=mysqli_insert_id($dbconnection);
131 
+// 	print($sql);print "\n";
132 
+	mysqli_query($connection, $sql);
133 
+	$id_cat_db=mysqli_insert_id($connection);
121 134 
 	$cat["id_cat_db"]=$id_cat_db;
122 135 
 // 	$id_cat_db++;
123 136 
 }
 
@@ -129,9 +142,9 @@ foreach($subcategoria as &$subcat)
129 142 
 	GetSQLValueString($subcat["subcat"],"text"),
130 143 
 	GetSQLValueString($id_cat_db,"int")
131 144 
 	);
132 
-	print($sql);print "\n";
133 
-	mysqli_query($dbconnection, $sql);
134 
-	$id_subcat_db=mysqli_insert_id($dbconnection);
145 
+// 	print($sql);print "\n";
146 
+	mysqli_query($connection, $sql);
147 
+	$id_subcat_db=mysqli_insert_id($connection);
135 148 
 	$subcat["id_subcat_db"]=$id_subcat_db;
136 149 
 // 	$id_subcat_db++;
137 150 
 }
 
@@ -141,9 +154,9 @@ foreach($referencias as &$ref)
141 154 
 	$sql=sprintf("insert into reference (referencia) values (%s)",
142 155 
 	GetSQLValueString($ref["refTexto"],"text")
143 156 
 	);
144 
-	print($sql);print "\n";
145 
-	mysqli_query($dbconnection, $sql);
146 
-	$id_ref_db=mysqli_insert_id($dbconnection);
157 
+// 	print($sql);print "\n";
158 
+	mysqli_query($connection, $sql);
159 
+	$id_ref_db=mysqli_insert_id($connection);
147 160 
 	$ref["id_ref_db"]=$id_ref_db;
148 161 
 // 	$id_ref_db++;
149 162 
 }
 
@@ -163,8 +176,8 @@ foreach($q as $k=>$preg)
163 176 
 	GetSQLValueString($id_ref_db,"int")
164 177 
 	);
165 178 
 // 	print($sql);print "\n";
166 
-	mysqli_query($dbconnection, $sql);
167 
-	$id_q_db=mysqli_insert_id($dbconnection);
179 
+	mysqli_query($connection, $sql);
180 
+	$id_q_db=mysqli_insert_id($connection);
168 181 
 	$q[$k]["id_q_db"]=$id_q_db;
169 182 
 	if($preg[4]==1)
170 183 
 	{
 
@@ -187,8 +200,15 @@ foreach($q as $k=>$preg)
187 200 
 			GetSQLValueString($preg[8],"text")
188 201 
 		);
189 202 
 // 		print($sql);print "\n";
190 
-		mysqli_query($dbconnection, $sql);
203 
+		mysqli_query($connection, $sql);
204 
+
191 205 
 	}
206 
+	$sql=sprintf("INSERT INTO `questionnair_question`(`id_questionnair`, `id_question`) VALUES (%s, %s)
207 
+		",
208 
+		GetSQLValueString($id_cuestionario,"int"),
209 
+		GetSQLValueString($id_q_db,"int")
210 
+		);
211 
+		mysqli_query($connection, $sql);
192 212 
 // 	$id_q_db++;
193 213
194 214 
 }
 
@@ -204,13 +224,13 @@ foreach($q as $k=>$preg)
204 224 
 // 	GetSQLValueString($pretest_date,"text")
205 225 
 // );
206 226 
 // print($sql);print "\n";
207 
-// 	mysqli_query($dbconnection, $sql);
208 
-// 	$id_subq=mysqli_insert_id($dbconnection);
227 
+// 	mysqli_query($connection, $sql);
228 
+// 	$id_subq=mysqli_insert_id($connection);
209 229 
 // $sql=sprintf("INSERT INTO `experience_subquestionnair`( `id_experience`, `id_subquestionnair`) VALUES (%s,%s)",
210 230 
 // 	GetSQLValueString($id_experience,"int"),
211 231 
 // 	GetSQLValueString($id_subq,"int")
212 232 
 // );
213 
-// 	mysqli_query($dbconnection, $sql);
233 
+// 	mysqli_query($connection, $sql);
214 234 
 // // print_r($q);
215 235 
 // // exit();
216 236 
 // $n=count($q);
 
@@ -223,7 +243,7 @@ foreach($q as $k=>$preg)
223 243 
 // 		GetSQLValueString($q[$k]["id_q_db"],"int")
224 244 
 // 	);
225 245 
 // 	print($sql);print "\n";
226 
-// 		mysqli_query($dbconnection, $sql);
246 
+// 		mysqli_query($connection, $sql);
227 247 
 // }
228 248 
 // exit();
229 249 
 // $id_subq++;
 
@@ -235,11 +255,11 @@ foreach($archivosCSV as $filename)
235 255 
 		$title=explode(".",explode("-", $filename)[1])[0];
236 256 
 		if (($handle = fopen($filename, "r")) !== FALSE)
237 257 
 		{
238 
-			print $filename."\n";
258 
+// 			print $filename."\n";
239 259 
 			$j=0;
240 260 
 			while (($data = fgetcsv($handle)) !== FALSE)
241 261 
 			{
242 
-				if($j==2)print_r($data);print"<br>";
262 
+// 				if($j==2)print_r($data);print"<br>";
243 263 
 				if($j==0)
244 264 
 				{
245 265 
 					$descripcion=$data[1];
 
@@ -250,14 +270,14 @@ foreach($archivosCSV as $filename)
250 270 
 						GetSQLValueString($id_cuestionario,"int"),
251 271 
 						GetSQLValueString($fecha,"text")
252 272 
 					);
253 
-					print($sql);print "\n";
254 
-						mysqli_query($dbconnection, $sql);
255 
-						$id_subq=mysqli_insert_id($dbconnection);
273 
+// 					print($sql);print "\n";
274 
+						mysqli_query($connection, $sql);
275 
+						$id_subq=mysqli_insert_id($connection);
256 276 
 					$sql=sprintf("INSERT INTO `experience_subquestionnair`( `id_experience`, `id_subquestionnair`) VALUES (%s,%s)",
257 277 
 						GetSQLValueString($id_experience,"int"),
258 278 
 						GetSQLValueString($id_subq,"int")
259 279 
 					);
260 
-						mysqli_query($dbconnection, $sql);
280 
+						mysqli_query($connection, $sql);
261 281
262 282 
 				}
263 283 
 				if($j>1)
 
@@ -268,8 +288,8 @@ foreach($archivosCSV as $filename)
268 288 
 						GetSQLValueString($id_subq,"int"),
269 289 
 						GetSQLValueString($q[$data[0]]["id_q_db"],"int")
270 290 
 					);
271 
-					print($sql);print "\n";
272 
-						mysqli_query($dbconnection, $sql);
291 
+// 					print($sql);print "\n";
292 
+						mysqli_query($connection, $sql);
273 293 
 	// 				$q[$data[0]]
274 294 
 				}
275 295 
 				$j++;
 
@@ -288,13 +308,13 @@ foreach($archivosCSV as $filename)
288 308 
 // 	GetSQLValueString($pretest_date,"text")
289 309 
 // );
290 310 
 // print($sql);print "\n";
291 
-// 	mysqli_query($dbconnection, $sql);
292 
-// 	$id_subq=mysqli_insert_id($dbconnection);
311 
+// 	mysqli_query($connection, $sql);
312 
+// 	$id_subq=mysqli_insert_id($connection);
293 313 
 // $sql=sprintf("INSERT INTO `experience_subquestionnair`( `id_experience`, `id_subquestionnair`) VALUES (%s,%s)",
294 314 
 // 	GetSQLValueString($id_experience,"int"),
295 315 
 // 	GetSQLValueString($id_subq,"int")
296 316 
 // );
297 
-// 	mysqli_query($dbconnection, $sql);
317 
+// 	mysqli_query($connection, $sql);
298 318 
 //
299 319 
 //
300 320 
 // $n=count($q);
 
@@ -306,10 +326,11 @@ foreach($archivosCSV as $filename)
306 326 
 // 		GetSQLValueString($q[$k]["id_q_db"],"int")
307 327 
 // 	);
308 328 
 // 	print($sql);print "\n";
309 
-// 		mysqli_query($dbconnection, $sql);
329 
+// 		mysqli_query($connection, $sql);
310 330 
 // }
311 331 
 foreach($archivosCSV as $filename)
312 332 
 {
313 333 
 	exec("rm '$filename'");
314 334 
 }
335 
+header("Location: ".$_SERVER['HTTP_REFERER']."#questionnaires");
315 336 
 ?>

+ 4
- 0
processes/insertExperience.php View File 

@@ -171,6 +171,10 @@
171 171 
 		if(!mysqli_query($connection, $queryHookExperienceToInstitution)) die("Error: ".mysqli_error($connection));
172 172
173 173
174 
+		// ASOCIAR LA EXPERIENCIA NUEVA CON EL USUARIO
175 
+		$queryHookExperienceToUser = "INSERT INTO `researcher_experience` (`id_researcher`, `id_experience`) VALUES ('" . $_SESSION['dbUserData']['id_researcher'] . "', '$id_experience')";
176 
+		if(!mysqli_query($connection, $queryHookExperienceToUser)) die("Error: ".mysqli_error($connection));
177 
+
174 178 
 		// MAKE IT CLIENT SIDE!!!!!!!! HAVE TO SEND IT IN SERVER RESPONSE!!!!!!!
175 179 
 // 		header('Location: ../viewExperience.php?view=$id_experience');
176 180 
 // 		exit();

+ 23
- 0
processes/makeManager.php View File 

@@ -0,0 +1,23 @@
1 
+<?php
2 
+
3 
+	require_once 'config.php';
4 
+	require_once 'dbh.inc.php';
5 
+	require_once 'checkLogin.php';
6 
+
7 
+
8 
+	// EXAMPLE INPUT...
9 
+	// array(1) { ["researcherID"]=> string(1) "3" }
10 
+
11 
+	$researcherID = mysqli_real_escape_string($connection, trim($_POST['researcherID']));
12 
+
13 
+	// Check if name is not an empty string
14 
+	if($researcherID === '') {
15 
+		http_response_code(400);
16 
+		echo json_encode(array("error" => "Must specify researcher ID."));
17 
+		exit();
18 
+	}
19 
+
20 
+	// Insert user
21 
+	$queryManager = "UPDATE researcher SET admin = '1' WHERE id_researcher = '$researcherID';";
22 
+	mysqli_query($connection, $queryManager) or die("Error: " . mysqli_error($connection));
23 
+

+ 6
- 3
processes/removeQuestionFromMoment.php View File 

@@ -35,7 +35,6 @@
35 35 
 		// Check that question ID is not empty string
36 36 
 		// And that it's registered in the database
37 37 
 		// And that it belongs to the Questionnaire the Moment belongs to
38 
-		// And that it isn't a duplicate inside the Moment
39 38 
 		if($questionID === "") {
40 39 
 			http_response_code(400);
41 40 
 			echo json_encode(array("error" => "Please specify question ID."));
 
@@ -48,9 +47,13 @@
48 47 
 			http_response_code(400);
49 48 
 			echo json_encode(array("error" => "Given question ID ($questionID) is outside the Moment's corresponding Questionnair's scope."));
50 49 
 			exit();
51 
-		} else if(mysqli_query($connection, "SELECT * FROM subquestionnair_question WHERE id_question = '$questionID' AND id_subquestionnair = '$momentID';")->num_rows === 0) {
50 
+		}
51 
+
52 
+
53 
+		// Check that the moment hasn't been answered yet
54 
+		if(mysqli_query($connection, "SELECT * FROM student_subquestionnair WHERE id_subquestionnair = '$momentID';")->num_rows !== 0) {
52 55 
 			http_response_code(400);
53 
-			echo json_encode(array("error" => "Question is already removed from moment."));
56 
+			echo json_encode(array("error" => "Moment already active, deletion denied."));
54 57 
 			exit();
55 58 
 		}
56 59

+ 20
- 4
questionnaires.php View File 

@@ -2,13 +2,25 @@
2 2
3 3 
 	// Description: DISPLAY THE USER'S QUESTIONNAIRES
4 4
5 
+	echo "This page is no longer in use.";
6 
+	exit();
7 
+	exit();
8 
+	exit();
9 
+	exit();
10 
+	exit();
11 
+
5 12 
 	require_once 'processes/config.php';
6 13 
 	require_once 'processes/dbh.inc.php';
7 14 
 	require_once 'processes/checkLogin.php';
8 15 
 	include_once 'header.php';
9 16
10 17 
 	// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher`='".$dbUserData['id_researcher']."';"
11 
-	$query1 = "SELECT * FROM `questionnair`;";
18 
+	if($_SESSION['dbUserData']['admin'] === '1') {
19 
+		$query1 = "SELECT * FROM `questionnair`;";
20 
+	} else {
21 
+		$query1 = "SELECT * FROM `questionnair` WHERE id IN (SELECT id_questionnair FROM experience_questionnair WHERE id_experience IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "'));";
22 
+	}
23 
+
12 24 
 	$result1 = mysqli_query($connection, $query1);
13 25
14 26 
 ?>
 
@@ -21,7 +33,6 @@
21 33 
             		<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
22 34 
         		</a>
23 35 
         		<div id="account">
24 
-        		    <a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
25 36 
         		    <a class="sign-out" href="./processes/logout.php">Sign Out</a>
26 37 
         		</div>
27 38 
     		</header>
 
@@ -189,8 +200,13 @@
189 200 
 							<select class="form-control text-center" id="toExperienceID" name="toExperienceID" style="text-align-last:center;" required>
190 201 
 								<?php
191 202
192 
-									// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher`='".$dbUserData['id_researcher']."';"
193 
-									$queryExperience2 = "SELECT * FROM `experience`;";
203 
+									// CHANGE QUERY DEPENDING ON IF USER IS ADMIN OR NOT
204 
+									if($_SESSION['dbUserData']['admin'] === '1') {
205 
+										$queryExperience2 = "SELECT * FROM `experience` WHERE id != '$experienceID';";
206 
+									} else {
207 
+										$queryExperience2 = "SELECT * FROM `experience` WHERE id != '$experienceID' AND id IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "');";
208 
+									}
209 
+
194 210 
 									$resultExperience2 = mysqli_query($connection, $queryExperience2);
195 211
196 212 
 									while($rowExperience2 = mysqli_fetch_assoc($resultExperience2)):

+ 0
- 1
respuestas.php View File 

@@ -71,7 +71,6 @@
71 71 
             	<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
72 72 
         	</a>
73 73 
         	<div id="account">
74 
-            	<a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
75 74 
             	<a class="sign-out" href="./processes/logout.php">Sign Out</a>
76 75 
         	</div>
77 76 
     	</header>

+ 2
- 2
test.php View File 

@@ -61,9 +61,9 @@
61 61 
 // 	echo "This is result: $result<br>";
62 62
63 63 
 	if($result === "") {
64 
-		echo "Result is empty string";
64 
+// 		echo "Result is empty string";
65 65 
 	} else {
66 
-		echo "Result isn't empty string";
66 
+// 		echo "Result isn't empty string";
67 67 
 	}
68 68
69 69 
 ?>

+ 240
- 0
users.php View File 

@@ -0,0 +1,240 @@
1 
+<?php
2 
+
3 
+	require_once 'processes/config.php';
4 
+	require_once 'processes/dbh.inc.php';
5 
+	require_once 'processes/checkLogin.php';
6 
+
7 
+
8 
+	// IF USER IS DOESN'T HAVE ADMINISTRATOR PERMISIONS, EXIT
9 
+	if($_SESSION['dbUserData']['admin'] !== '1') {
10 
+		echo "You are unauthorized to view this page.";
11 
+		exit();
12 
+	}
13 
+
14 
+	include_once 'header.php';
15 
+
16 
+?>
17 
+
18 
+	<!--START OF users.php -->
19 
+	<body>
20 
+
21 
+    	<header id="main-header">
22 
+        	<a id="logo" href=".">
23 
+				TANIA
24 
+            	<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
25 
+        	</a>
26 
+        	<div id="account">
27 
+            	<a class="nav-link" href="#" onclick="location='home.php'">Go Back</a>
28 
+            	<a class="sign-out" href="./processes/logout.php">Sign Out</a>
29 
+        	</div>
30 
+    	</header>
31 
+
32 
+        <div class="container" style="margin-top: 8rem; min-height: calc(100vh - 8rem - 8rem);">
33 
+
34 
+        	<br>
35 
+
36 
+        	<div class="row">
37 
+        		<div class="col-sm-12">
38 
+        			<h2 class="text-muted"><?php echo $_SESSION['dbUserData']['name']; ?></h2>
39 
+<!--     	    		<p>Add new users, view their info and manage permissions!</p> -->
40 
+        	    </div>
41 
+        	</div>
42 
+
43 
+        	<hr>
44 
+
45 
+        	<div class="row">
46 
+        		<div class="col-sm-12">
47 
+        			<h3>Add Researcher</h3>
48 
+        		</div>
49 
+        	</div>
50 
+
51 
+        	<form id="addUser" class="form-horizontal" method="POST" action="processes/addUser.php" onsubmit="addUser(event)">
52 
+
53 
+        		<div class="form-group">
54 
+        			<label class="col-sm-2 control-label" for="exampleInputEmail1">Name</label>
55 
+        			<div class="col-sm-10">
56 
+						<input type="text" name="name" class="form-control text-center" placeholder="i.e. Juan del Pueblo Villa" required autocomplete="off">
57 
+					</div>
58 
+				</div>
59 
+
60 
+        		<div class="form-group">
61 
+	        		<label class="col-sm-2 control-label for="exampleInputEmail1">Email</label>
62 
+	        		<div class="col-sm-10">
63 
+						<input type="email" name="email" class="form-control text-center" placeholder="i.e. juan.delpueblo@upr.edu" required autocomplete="off">
64 
+					</div>
65 
+				</div>
66 
+
67 
+				<div class="row">
68 
+				<div class="col-sm-4 col-sm-offset-5">
69 
+					<button type="submit" name="addUser" class="btn btn-primary btn-block">Add User</button>
70 
+				</div>
71 
+				</div>
72 
+
73 
+        	</form>
74 
+
75 
+        	<br>
76 
+
77 
+        	<!-- ERROR ALERT FOR USER -->
78 
+			<div id="error-addUser" class="row" style="display: none;">
79 
+				<div class="col-sm-10 col-sm-offset-2">
80 
+					<div class="alert alert-danger mb-1" role="alert">
81 
+						<h4 class="error-lead">Error!</h4>
82 
+						<p class="error-description"></p>
83 
+					</div>
84 
+				</div>
85 
+			</div>
86 
+
87 
+
88 
+        	<br>
89 
+
90 
+        	<div class="row">
91 
+
92 
+        		<div class="col-sm-12">
93 
+	        		<h3>Researchers</h3>
94 
+        		</div>
95 
+
96 
+
97 
+				<div class="col-sm-12">
98 
+					<table class="table table-hover table-striped table-responsive">
99 
+  						<thead>
100 
+  							<tr>
101 
+  								<th style="text-align: center;"><h4>Name</h4></th>
102 
+  								<th style="text-align: center;"><h4>Email</h4></th>
103 
+  								<th style="text-align: center;"><h4>Manage</h4></th>
104 
+  							</tr>
105 
+  						</thead>
106 
+  						<tbody>
107 
+  							<?php
108 
+  								$queryResearchers = "SELECT * FROM researcher;";
109 
+								$resultResearchers = mysqli_query($connection, $queryResearchers);
110 
+
111 
+  								while($rowResearchers = mysqli_fetch_assoc($resultResearchers)):
112 
+  							?>
113 
+  							<tr>
114 
+  								<td style="text-align: center;"><h5><?php echo $rowResearchers['name']; ?></h5></td>
115 
+  								<td style="text-align: center;"><h5><a class="email" href="mailto:<?php echo $rowResearchers['email']; ?>"><?php echo $rowResearchers['email']; ?></a></h5></td>
116 
+  								<td style="text-align: center;">
117 
+  									<?php if($rowResearchers['admin'] === '1'): ?>
118 
+  									<h5><sm class="text-muted">Already manager...</sm></h5>
119 
+  									<?php else: ?>
120 
+  									<button class="btn btn-sm btn-default" data-researcher="<?php echo $rowResearchers['id_researcher']; ?>" onclick="makeManager(event)">Make Manager</button>
121 
+  									<?php endif; ?>
122 
+  								</td>
123 
+  							</tr>
124 
+  							<?php endwhile; ?>
125 
+						</tbody>
126 
+  					</table>
127 
+  				</div><!--col-->
128 
+
129 
+        	</div><!--row-->
130 
+
131 
+        	<br><br><br>
132 
+
133 
+        </div><!--container-->
134 
+
135 
+
136 
+
137 
+
138 
+        	<style>
139 
+        	.email {
140 
+        		color: #333;
141 
+        		transition: color 300ms ease;
142 
+        	}
143 
+
144 
+        	.email:hover {
145 
+        		color: #999;
146 
+        	}
147 
+        	</style>
148 
+
149 
+
150 
+
151 
+
152 
+			<script src="js/handleSubmit.js"></script>
153 
+
154 
+        	<script>
155 
+
156 
+
157 
+			["addUser"].forEach(function(formName) {
158 
+
159 
+				var form = document.getElementById(formName);
160 
+
161 
+				if(form) {
162 
+					form.addEventListener('submit', function(e) {
163 
+						handleSubmit(e, formName);
164 
+					});
165 
+				}
166 
+
167 
+			});
168 
+
169 
+
170 
+
171 
+
172 
+        	function foo(e) {
173 
+        		e.preventDefault();
174 
+        		console.log(e.srcElement);
175 
+        		return false;
176 
+        	}
177 
+
178 
+
179 
+        	function makeManager(e) {
180 
+
181 
+        		let button = e.currentTarget;
182 
+        		let researcherID = button.getAttribute('data-researcher');
183 
+
184 
+        		// Create loader
185 
+        		let loader = document.createElement('div');
186 
+        		loader.style.display = "flex";
187 
+        		loader.style.alignItems = "center";
188 
+        		loader.style.justifyContent = "center";
189 
+        		loader.style.height = "35px";
190 
+        		let span = document.createElement('span');
191 
+        		span.classList.add('loader');
192 
+        		loader.appendChild(span);
193 
+
194 
+        		// Insert loader and remove button
195 
+        		button.insertAdjacentElement('afterend', loader);
196 
+        		button.remove();
197 
+
198 
+        		let URL = document.location.protocol + "//tania.uprrp.edu/admin_nuevo/processes/makeManager.php";
199 
+        		let fields = {
200 
+        			researcherID: researcherID
201 
+        		};
202 
+
203 
+        		$.post(URL, fields)
204 
+        			.done(function(data, text) {
205 
+
206 
+        				// Create Done!
207 
+        				let h5 = document.createElement('h5');
208 
+        				let sm = document.createElement('sm');
209 
+        				sm.classList.add('text-success');
210 
+        				sm.innerText = "Done!";
211 
+        				h5.appendChild(sm);
212 
+
213 
+        				// Insert Done! and remove loader
214 
+        				loader.insertAdjacentElement('afterend', h5);
215 
+						loader.remove();
216 
+
217 
+        			})
218 
+        			.fail(function(request, status, error) {
219 
+
220 
+        				// Create Retry
221 
+        				let retry = document.createElement('button');
222 
+        				retry.className = "btn btn-sm btn-primary";
223 
+        				retry.setAttribute('data-researcher', researcherID);
224 
+        				retry.setAttribute('onclick', 'makeManager(event)');
225 
+        				retry.innerText = "Retry";
226 
+
227 
+        				// Insert Retry and remove loader
228 
+        				loader.insertAdjacentElement('afterend', retry);
229 
+        				loader.remove();
230 
+
231 
+        			});
232 
+
233 
+        	}
234 
+
235 
+        	</script>
236 
+
237 
+
238 
+	<!-- END OF users.php -->
239 
+
240 
+<?php include_once 'footer.php'; ?>

+ 51
- 21
viewExperience.php View File 

@@ -11,7 +11,7 @@
11 11 
 		exit();
12 12 
 	}
13 13
14 
-	// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher`='".$dbUserData['id_researcher']."';"
14 
+	// FETCH EXPERIENCE
15 15 
 	$experienceID = mysqli_real_escape_string($connection, trim($_GET['view']));
16 16 
 	$query1 = "SELECT * FROM `experience` WHERE `id` = '$experienceID';";
17 17 
 	$result1 = mysqli_query($connection, $query1) or die("Error: ".mysqli_error($connection));
 
@@ -19,8 +19,21 @@
19 19
20 20 
 	// IF EXPERIENCE NOT IN DATABASE, EXIT
21 21 
 	if($result1->num_rows !== 1) {
22 
+		echo "Requested experience does not exist.";
22 23 
 		exit();
23 24 
 	}
25 
+
26 
+	// IF EXPERIENCE DOESN'T BELONG TO USER (WHO IS NOT AN ADMIN), EXIT
27 
+	if($_SESSION['dbUserData']['admin'] !== '1') {
28 
+
29 
+		$queryCheckUser = "SELECT id FROM experience WHERE id = '$experienceID' AND id IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "');";
30 
+		if(mysqli_query($connection, $queryCheckUser)->num_rows === 0) {
31 
+			echo "You are not authorized to view this experience.";
32 
+			exit();
33 
+		}
34 
+
35 
+	}
36 
+
24 37
25 38 
 	include_once 'header.php';
26 39 
 	
@@ -34,7 +47,6 @@
34 47 
             	<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
35 48 
         	</a>
36 49 
         	<div id="account">
37 
-            	<a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
38 50 
             	<a class="sign-out" href="./processes/logout.php">Sign Out</a>
39 51 
         	</div>
40 52 
     	</header>
 
@@ -994,37 +1006,55 @@
994 1006
995 1007 
 							<!-- FROM QUESTIONNAIRE -->
996 1008 
 							<label for="fromQuestionnaireID">Which Questionnaire:</label>
997 
-							<select class="form-control text-center" id="fromQuestionnaireID" name="fromQuestionnaireID" style="text-align-last:center;" required>
998 
-								<?php
1009 
+							<?php
1010 
+								// FIRST ASSUME FALSE
1011 
+								$errorDuplicate = false;
999 1012
1000 
-									$queryQuestionnaires = "SELECT * FROM `questionnair` WHERE id IN (SELECT id_questionnair FROM experience_questionnair WHERE id_experience = '$experienceID');";
1001 
-									$resultQuestionnaires = mysqli_query($connection, $queryQuestionnaires);
1002 
-
1003 
-									while($rowQuestionnaires = mysqli_fetch_assoc($resultQuestionnaires)):
1004 
-
1005 
-								?>
1013 
+								$queryQuestionnaires = "SELECT * FROM `questionnair` WHERE id IN (SELECT id_questionnair FROM experience_questionnair WHERE id_experience = '$experienceID');";
1014 
+								$resultQuestionnaires = mysqli_query($connection, $queryQuestionnaires);
1015 
+
1016 
+								if($resultQuestionnaires->num_rows > 0):
1017 
+							?>
1018 
+							<select class="form-control text-center" id="fromQuestionnaireID" name="fromQuestionnaireID" style="text-align-last:center;" required>
1019 
+								<?php while($rowQuestionnaires = mysqli_fetch_assoc($resultQuestionnaires)): ?>
1006 1020 
 									<option value="<?php echo $rowQuestionnaires['id']; ?>"><?php echo $rowQuestionnaires['q_title']; ?></option>
1007 1021 
 								<?php endwhile; ?>
1008 1022 
 							</select>
1023 
+							<?php
1024 
+								else:
1025 
+									$errorDuplicate = true;
1026 
+							?>
1027 
+							<h3 class="text-center"><small>It seems you still haven't added any questionnaires to this experience...</small></h3>
1028 
+							<?php endif; ?>
1009 1029
1010 1030 
 							<br>
1011 1031
1012 1032 
 							<!-- TO EXPERIENCE -->
1013 1033 
 							<label for="toExperienceID">To What Experience:</label>
1014 
-							<select class="form-control text-center" id="toExperienceID" name="toExperienceID" style="text-align-last:center;" required>
1015 
-								<?php
1016 
-
1017 
-									// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher`='".$dbUserData['id_researcher']."';"
1034 
+							<?php
1035 
+
1036 
+								// CHANGE QUERY DEPENDING ON IF USER IS ADMIN OR NOT
1037 
+								if($_SESSION['dbUserData']['admin'] === '1') {
1018 1038 
 									$queryExperience2 = "SELECT * FROM `experience` WHERE id != '$experienceID';";
1019 
-									$resultExperience2 = mysqli_query($connection, $queryExperience2);
1020 
-
1021 
-									while($rowExperience2 = mysqli_fetch_assoc($resultExperience2)):
1022 
-
1023 
-								?>
1039 
+								} else {
1040 
+									$queryExperience2 = "SELECT * FROM `experience` WHERE id != '$experienceID' AND id IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "');";
1041 
+								}
1042 
+
1043 
+								$resultExperience2 = mysqli_query($connection, $queryExperience2);
1044 
+
1045 
+								if($resultExperience2->num_rows > 0):
1046 
+							?>
1047 
+							<select class="form-control text-center" id="toExperienceID" name="toExperienceID" style="text-align-last:center;" required>
1048 
+								<?php while($rowExperience2 = mysqli_fetch_assoc($resultExperience2)): ?>
1024 1049 
 								<option value="<?php echo $rowExperience2['id']; ?>"><?php echo $rowExperience2['title']; ?></option>
1025 1050 
 								<?php endwhile; ?>
1026 1051 
 							</select>
1027 
-
1052 
+							<?php
1053 
+								else:
1054 
+									$errorDuplicate = true;
1055 
+							?>
1056 
+							<h3 class="text-center"><small>You don't have another experience to duplicate to...</small></h3>
1057 
+							<?php endif; ?>
1028 1058
1029 1059
1030 1060 
       					</div><!--modal-body-->
 
@@ -1032,7 +1062,7 @@
1032 1062 
       					<!-- SUBMIT OR CANCEL -->
1033 1063 
      					<div class='modal-footer'>
1034 1064 
        						<button type='button' class='btn btn-default' data-dismiss='modal'>Cancel</button>
1035 
-        					<button type='submit' class='btn btn-primary' name='duplicateQuestionnaire'>Confirm</button>
1065 
+        					<button type='submit' class='btn btn-primary' name='duplicateQuestionnaire' <?php if($errorDuplicate === true) echo "disabled"; ?>>Confirm</button>
1036 1066 
       					</div>
1037 1067
1038 1068 
     				</div><!--modal-content-->

+ 13
- 2
viewMoment.php View File 

@@ -11,7 +11,7 @@
11 11 
 		exit();
12 12 
 	}
13 13
14 
-	// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher` = '".$dbUserData['id_researcher']."';"
14 
+	// FETCH MOMENT
15 15 
 	$momentID = mysqli_real_escape_string($connection, trim($_GET['view']));
16 16 
 	$query1 = "SELECT * FROM subquestionnair WHERE id = '$momentID';";
17 17 
 	$result1 = mysqli_query($connection, $query1) or die("Error: ".mysqli_error($connection));
 
@@ -19,9 +19,21 @@
19 19
20 20 
 	// IF MOMENT NOT IN DATABASE, EXIT
21 21 
 	if($result1->num_rows !== 1) {
22 
+		echo "Requested experience does not exist.";
22 23 
 		exit();
23 24 
 	}
24 25
26 
+	// IF MOMENT DOESN'T BELONG TO USER (WHO IS NOT AN ADMIN), EXIT
27 
+	if($_SESSION['dbUserData']['admin'] !== '1') {
28 
+
29 
+		$queryCheckUser = "SELECT id FROM subquestionnair WHERE id = '$momentID' AND id IN (SELECT id_subquestionnair FROM experience_subquestionnair WHERE id_experience IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "'));";
30 
+		if(mysqli_query($connection, $queryCheckUser)->num_rows === 0) {
31 
+			echo "You are not authorized to view this moment.";
32 
+			exit();
33 
+		}
34 
+
35 
+	}
36 
+
25 37 
 	// EXTRACT & DISPLAY THE NUMBER OF QUESTIONS IN THE MOMENT
26 38 
 	$queryNumQuestions = "SELECT * FROM question WHERE id IN (SELECT id_question FROM subquestionnair_question WHERE id_subquestionnair = '$momentID');";
27 39 
 	$resultNumQuestions = mysqli_query($connection, $queryNumQuestions);
 
@@ -40,7 +52,6 @@
40 52 
             		<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
41 53 
         		</a>
42 54 
         		<div id="account">
43 
-        		    <a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
44 55 
         		    <a class="sign-out" href="./processes/logout.php">Sign Out</a>
45 56 
         		</div>
46 57 
     		</header>

+ 13
- 2
viewQuestionnaire.php View File 

@@ -11,7 +11,7 @@
11 11 
 		exit();
12 12 
 	}
13 13
14 
-	// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher` = '".$dbUserData['id_researcher']."';"
14 
+	// FETCH QUESTIONNAIRE
15 15 
 	$questionnaireID = mysqli_real_escape_string($connection, trim($_GET['view']));
16 16 
 	$query1 = "SELECT * FROM questionnair WHERE id = '$questionnaireID';";
17 17 
 	$result1 = mysqli_query($connection, $query1) or die("Error: ".mysqli_error($connection));
 
@@ -19,8 +19,20 @@
19 19
20 20 
 	// IF QUESTIONNAIRE NOT IN DATABASE, EXIT
21 21 
 	if($result1->num_rows !== 1) {
22 
+		echo "Requested questionnaire does not exist.";
22 23 
 		exit();
23 24 
 	}
25 
+
26 
+	// IF QUESTIONNAIRE DOESN'T BELONG TO USER (WHO IS NOT AN ADMIN), EXIT
27 
+	if($_SESSION['dbUserData']['admin'] !== '1') {
28 
+
29 
+		$queryCheckUser = "SELECT id FROM questionnair WHERE id = '$questionnaireID' AND id IN (SELECT id_questionnair FROM experience_questionnair WHERE id_experience IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "'));";
30 
+		if(mysqli_query($connection, $queryCheckUser)->num_rows === 0) {
31 
+			echo "You are not authorized to view this questionnaire.";
32 
+			exit();
33 
+		}
34 
+
35 
+	}
24 36
25 37 
 	// EXTRACT & DISPLAY THE NUMBER OF QUESTIONS IN THE QUESTIONNAIRE
26 38 
 	$queryNumQuestions = "SELECT * FROM question WHERE id IN (SELECT id_question FROM questionnair_question WHERE id_questionnair = '$questionnaireID');";
 
@@ -40,7 +52,6 @@
40 52 
             		<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
41 53 
         		</a>
42 54 
         		<div id="account">
43 
-        		    <a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
44 55 
         		    <a class="sign-out" href="./processes/logout.php">Sign Out</a>
45 56 
         		</div>
46 57 
     		</header>