Bladeren bron

Added user logic & minimal bug fixes

Victor Hernandez 4 jaren geleden
bovenliggende
commit
8452fc02c6

+ 17
- 7
home.php Bestand weergeven

@@ -6,12 +6,16 @@
6 6
 	include_once 'header.php';
7 7
 	
8 8
 	// RETRIEVE USER'S NAME AND PICTURE
9
-	$query1 = "SELECT * FROM `researcher` WHERE `email` = '" . $_SESSION['email'] . "';";
10
-	$result1 = mysqli_query($connection, $query1);
11
-	$dbUserData = mysqli_fetch_assoc($result1);
9
+// 	$query1 = "SELECT * FROM `researcher` WHERE `email` = '" . $_SESSION['dbUserData']['email'] . "';";
10
+// 	$result1 = mysqli_query($connection, $query1);
11
+// 	$dbUserData = mysqli_fetch_assoc($result1);
12
+	$dbUserData = $_SESSION['dbUserData'];
12 13
 	
14
+// 	var_dump($_SESSION);
15
+// 	exit();
16
+		
13 17
 	// IF USER NOT IN DATABASE, EXIT
14
-	if($result1->num_rows !== 1) {
18
+	if(!$dbUserData) {
15 19
 		exit();
16 20
 	}
17 21
 	
@@ -25,7 +29,9 @@
25 29
             	<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
26 30
         	</a>
27 31
         	<div id="account">
28
-        	    <a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
32
+            	<?php if($_SESSION['dbUserData']['admin'] === '1'): ?>
33
+            	<a class="nav-link" href="./users.php">Manage Researchers</a>
34
+            	<?php endif; ?>
29 35
         	    <a class="sign-out" href="./processes/logout.php">Sign Out</a>
30 36
         	</div>
31 37
     	</header>
@@ -54,8 +60,12 @@
54 60
             	</div>
55 61
 
56 62
 <?php
57
-	// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher`='".$dbUserData['id_researcher']."';"
58
-	$query2 = "SELECT * FROM `experience`;";
63
+	// CHANGE QUERY DEPENDING ON IF USER IS ADMIN OR NOT
64
+	if($_SESSION['dbUserData']['admin'] === '1') {
65
+		$query2 = "SELECT * FROM `experience`;";
66
+	} else {
67
+		$query2 = "SELECT * FROM `experience` WHERE id IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "');";
68
+	}
59 69
 	$result2 = mysqli_query($connection, $query2);
60 70
 	
61 71
 	// IF USER HAS EXPERIENCES, SHOW ALL OF THEM

+ 6
- 1
js/handleSubmit.js Bestand weergeven

@@ -82,6 +82,11 @@ function handleSubmit(event, formName) {
82 82
 			fullURI += "updateQuestion.php";
83 83
 			break;
84 84
 			
85
+		// users.php
86
+		case "addUser":
87
+			fullURI += "addUser.php";
88
+			break
89
+			
85 90
 
86 91
 		
87 92
 		default:
@@ -160,7 +165,7 @@ function handleSubmit(event, formName) {
160 165
 			submitButton.disabled = false;
161 166
 					
162 167
 			// Display alert
163
-			alertContainer.style.display = "initial";
168
+			alertContainer.style.display = "block";
164 169
 
165 170
 		});
166 171
 // 		.always(function(data, textStatus, errorThrown) {

+ 53
- 0
processes/addUser.php Bestand weergeven

@@ -0,0 +1,53 @@
1
+<?php
2
+
3
+	require_once 'config.php';
4
+	require_once 'dbh.inc.php';
5
+	require_once 'checkLogin.php';
6
+	
7
+
8
+	// EXAMPLE INPUT...
9
+	// array(3) { ["name"]=> string(0) "" ["email"]=> string(0) "" ["addUser"]=> string(0) "" }
10
+
11
+
12
+	if(isset($_POST['addUser'])) {
13
+
14
+		$name = mysqli_real_escape_string($connection, trim($_POST['name']));
15
+		$email = mysqli_real_escape_string($connection, trim($_POST['email']));
16
+		
17
+		// Check if name is not an empty string
18
+		if($name === '') {
19
+			http_response_code(400);
20
+			echo json_encode(array("error" => "Must specify name."));
21
+			exit();
22
+		}
23
+		
24
+		
25
+		// Check if email is not an empty string
26
+		// And that email is valid email
27
+		// And that email is from UPR
28
+		// And that email is not already registered
29
+		if($email === '') {
30
+			http_response_code(400);
31
+			echo json_encode(array("error" => "Must specify email."));
32
+			exit();
33
+		} else if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
34
+			http_response_code(400);
35
+			echo json_encode(array("error" => "Invalid email."));
36
+			exit();
37
+		} else if(explode("@", $email)[1] !== "upr.edu") {
38
+			http_response_code(400);
39
+			echo json_encode(array("error" => "Email has to be from UPR."));
40
+			exit();
41
+		} else if(mysqli_query($connection, "SELECT * FROM researcher WHERE email = '$email';")->num_rows !== 0) {
42
+			http_response_code(400);
43
+			echo json_encode(array("error" => "Given email already registered."));
44
+			exit();
45
+		}
46
+		
47
+		// Insert user
48
+		$queryUser = "INSERT INTO researcher (`name`, `email`) VALUES ('$name', '$email');";
49
+		mysqli_query($connection, $queryUser) or die("Error: " . mysqli_error($connection));
50
+		
51
+		header("Location: ../users.php");
52
+
53
+	}

+ 24
- 20
processes/callback.php Bestand weergeven

@@ -44,40 +44,44 @@
44 44
 			Lista completa de scopes: https://developers.google.com/identity/protocols/googlescopes
45 45
 	*/
46 46
 	
47
+	
47 48
 	require_once 'dbh.inc.php';
48 49
 	
49
-	$query = 'SELECT * FROM `researcher` WHERE `email` = "'.$userData['email'].'";';
50
+	
51
+	$query = 'SELECT * FROM researcher WHERE email = "' . $userData['email'] . '";';
50 52
 	$result = mysqli_query($connection, $query);
51 53
 	$dbUserData = mysqli_fetch_assoc($result);
52 54
 	
53
-	$_SESSION['result'] = $result;
54 55
 	
55 56
 	// IF DB CAN'T FETCH USER DATA, IT MUST BE BECAUSE USER IS UNAUTHORIZED
56
-	// ELSE KEEP RETRIEVING USER DATA FROM DB
57
-	if($dbUserData == NULL) {
57
+	if($dbUserData === NULL) {
58 58
 		$_SESSION['error'] = 'unauthorized';
59
+		header('Location: ../unauthorized.php');
60
+		exit();
59 61
 	}
60
-	else {
61 62
 	
62
-		// NECESSARY FOR RETRIEVING DATA FROM DB ON LATER PAGES
63
-		$_SESSION['email'] = $userData['email'];
64
-		
65
-		//### OPTIONAL ###
66
-		$_SESSION['newUser'] = false;
63
+
64
+	// FIRST ASSUME USER IS NOT NEW
65
+	$_SESSION['newUser'] = false;
67 66
 	
68
-		// IF USER IS NEW, UPDATE DB WITH USER INFO FROM GOOGLE
69
-		if($dbUserData['name'] == NULL && $dbUserData['picture'] == NULL) {
70
-			$query = 'UPDATE `researcher` SET `name`="'.$userData['name'].'", `picture`="'.$userData['picture'].'" WHERE `email`="'.$userData['email'].'";';
71
-			mysqli_query($connection, $query);
72
-			
73
-			//### OPTIONAL ###
74
-			$_SESSION['newUser'] = true;
75
-		}
76
-		
67
+	
68
+	// IF USER IS NEW, UPDATE DB WITH USER INFO FROM GOOGLE
69
+	// AND SET 'newUser' SESSION VARIABLE TO TRUE
70
+	if($dbUserData['picture'] == NULL) { //$dbUserData['name'] == NULL && 
71
+		$query = 'UPDATE researcher SET name = "' . $userData['name'] . '", picture = "' . $userData['picture'] . '" WHERE email = "' . $userData['email'] . '";';
72
+		mysqli_query($connection, $query);
73
+		$_SESSION['newUser'] = true;
77 74
 	}
75
+	
76
+	
77
+	// REFETCH INFO FROM DATABASE AND STORE IN SESSION
78
+	$result = mysqli_query($connection, $query);
79
+	$dbUserData = mysqli_fetch_assoc($result);
80
+	$_SESSION['dbUserData'] = $dbUserData;
81
+	
78 82
 
79 83
 	//### FOR DEBUGGING ###
80
-	$_SESSION['dbUserData'] = $dbUserData;
84
+// 	$_SESSION['result'] = $result;
81 85
 	$_SESSION['error_set'] = isset($_SESSION['error']);
82 86
 	//### FOR DEBUGGING ###
83 87
 	

+ 1
- 1
processes/checkLogin.php Bestand weergeven

@@ -7,7 +7,7 @@
7 7
 		header('Location: https://tania.uprrp.edu/admin_nuevo/error.php');
8 8
 		exit();
9 9
 	}
10
-	else if(!empty($_SESSION) && (isset($_SESSION['error']) && $_SESSION['error'] == 'unauthorized')) {
10
+	else if(isset($_SESSION['error']) && $_SESSION['error'] === 'unauthorized') {
11 11
 		header('Location: https://tania.uprrp.edu/admin_nuevo/unauthorized.php');
12 12
 		exit();
13 13
 	}

+ 59
- 38
processes/importQuestionnaire.php Bestand weergeven

@@ -1,20 +1,27 @@
1 1
 <?php
2 2
 include "/var/www/html/funciones.php";
3
-include "/var/www/html/conection_test.php";
3
+// include "/var/www/html/conection_test.php";
4
+	require_once 'config.php';
5
+	require_once 'dbh.inc.php';
6
+	require_once 'checkLogin.php';
7
+	
8
+	
4 9
 
5
-print_r($_FILES);
10
+// print_r($_FILES);
11
+// print_r($_SERVER);
6 12
 // print_r($_POST);
7 13
 // print_r($_GET);
8
-
9
-//exit();
14
+// 
15
+// exit();
10 16
 // $archivo="Cuestionario perfecto.xlsx";
11
-// $id_experience= mysqli_real_escape_string($dbconnection, trim($_POST['experience']));
12
-$id_experience= 1000;
17
+$id_experience= mysqli_real_escape_string($connection, trim($_POST['id_experience']));
18
+// $id_experience= mysqli_real_escape_string($connection, $_GET['id_experience']);;
19
+
13 20
 $archivo=$_FILES["import"]["tmp_name"];
14 21
 $archivoOut="uploaderTemp";
15 22
 exec("ssconvert -S  '$archivo' ../temp/$archivoOut-%s.csv");
16 23
 // print "ssconvert -S -D ../temp '$archivo' $archivoOut-%s.csv";print"<br>";
17
-print getcwd();
24
+// print getcwd();
18 25
 $q_title=explode(".", $_FILES["import"]["name"])[0];
19 26
 $data_dir="../temp/";
20 27
 $archivosCSV=glob("$data_dir$archivoOut*.csv");
@@ -34,7 +41,7 @@ $filename="$data_dir$archivoOut-questions.csv";
34 41
 $row = 1;
35 42
 if (($handle = fopen($filename, "r")) !== FALSE) 
36 43
 {
37
-	print $filename."\n";
44
+// 	print $filename."\n";
38 45
 	$j=0;
39 46
 	while (($data = fgetcsv($handle)) !== FALSE) 
40 47
 	{
@@ -48,8 +55,14 @@ if (($handle = fopen($filename, "r")) !== FALSE)
48 55
 			GetSQLValueString($q_title,"text"),
49 56
 			GetSQLValueString($descripcion,"text")
50 57
 		);
51
-			mysqli_query($dbconnection, $sql);
52
-			$id_cuestionario=mysqli_insert_id($dbconnection);
58
+			mysqli_query($connection, $sql);
59
+			$id_cuestionario=mysqli_insert_id($connection);
60
+			$sql=sprintf("INSERT INTO `experience_questionnair`(`id_experience`, `id_questionnair`) VALUES (%s, %s)
61
+			",
62
+			GetSQLValueString($id_experience,"int"),
63
+			GetSQLValueString($id_cuestionario,"int")
64
+			);		
65
+			mysqli_query($connection, $sql);
53 66
 		}
54 67
 
55 68
 		if($j>1)
@@ -115,9 +128,9 @@ foreach($categoria as &$cat)
115 128
 	GetSQLValueString($cat["catText"],"text"),
116 129
 	GetSQLValueString($id_cuestionario,"int")
117 130
 	);
118
-	print($sql);print "\n";
119
-	mysqli_query($dbconnection, $sql);
120
-	$id_cat_db=mysqli_insert_id($dbconnection);
131
+// 	print($sql);print "\n";
132
+	mysqli_query($connection, $sql);
133
+	$id_cat_db=mysqli_insert_id($connection);
121 134
 	$cat["id_cat_db"]=$id_cat_db;
122 135
 // 	$id_cat_db++;
123 136
 }
@@ -129,9 +142,9 @@ foreach($subcategoria as &$subcat)
129 142
 	GetSQLValueString($subcat["subcat"],"text"),
130 143
 	GetSQLValueString($id_cat_db,"int")
131 144
 	);
132
-	print($sql);print "\n";
133
-	mysqli_query($dbconnection, $sql);
134
-	$id_subcat_db=mysqli_insert_id($dbconnection);
145
+// 	print($sql);print "\n";
146
+	mysqli_query($connection, $sql);
147
+	$id_subcat_db=mysqli_insert_id($connection);
135 148
 	$subcat["id_subcat_db"]=$id_subcat_db;
136 149
 // 	$id_subcat_db++;
137 150
 }
@@ -141,9 +154,9 @@ foreach($referencias as &$ref)
141 154
 	$sql=sprintf("insert into reference (referencia) values (%s)",
142 155
 	GetSQLValueString($ref["refTexto"],"text")
143 156
 	);
144
-	print($sql);print "\n";
145
-	mysqli_query($dbconnection, $sql);
146
-	$id_ref_db=mysqli_insert_id($dbconnection);
157
+// 	print($sql);print "\n";
158
+	mysqli_query($connection, $sql);
159
+	$id_ref_db=mysqli_insert_id($connection);
147 160
 	$ref["id_ref_db"]=$id_ref_db;
148 161
 // 	$id_ref_db++;
149 162
 }
@@ -163,8 +176,8 @@ foreach($q as $k=>$preg)
163 176
 	GetSQLValueString($id_ref_db,"int")
164 177
 	);
165 178
 // 	print($sql);print "\n";
166
-	mysqli_query($dbconnection, $sql);
167
-	$id_q_db=mysqli_insert_id($dbconnection);
179
+	mysqli_query($connection, $sql);
180
+	$id_q_db=mysqli_insert_id($connection);
168 181
 	$q[$k]["id_q_db"]=$id_q_db;
169 182
 	if($preg[4]==1)
170 183
 	{
@@ -187,8 +200,15 @@ foreach($q as $k=>$preg)
187 200
 			GetSQLValueString($preg[8],"text")
188 201
 		); 
189 202
 // 		print($sql);print "\n";
190
-		mysqli_query($dbconnection, $sql);
203
+		mysqli_query($connection, $sql);
204
+
191 205
 	}
206
+	$sql=sprintf("INSERT INTO `questionnair_question`(`id_questionnair`, `id_question`) VALUES (%s, %s)
207
+		",
208
+		GetSQLValueString($id_cuestionario,"int"),
209
+		GetSQLValueString($id_q_db,"int")
210
+		);		
211
+		mysqli_query($connection, $sql);
192 212
 // 	$id_q_db++;
193 213
 	
194 214
 }
@@ -204,13 +224,13 @@ foreach($q as $k=>$preg)
204 224
 // 	GetSQLValueString($pretest_date,"text")				
205 225
 // );
206 226
 // print($sql);print "\n";
207
-// 	mysqli_query($dbconnection, $sql);
208
-// 	$id_subq=mysqli_insert_id($dbconnection);
227
+// 	mysqli_query($connection, $sql);
228
+// 	$id_subq=mysqli_insert_id($connection);
209 229
 // $sql=sprintf("INSERT INTO `experience_subquestionnair`( `id_experience`, `id_subquestionnair`) VALUES (%s,%s)",
210 230
 // 	GetSQLValueString($id_experience,"int"),
211 231
 // 	GetSQLValueString($id_subq,"int")
212 232
 // );
213
-// 	mysqli_query($dbconnection, $sql);
233
+// 	mysqli_query($connection, $sql);
214 234
 // // print_r($q);
215 235
 // // exit();
216 236
 // $n=count($q);
@@ -223,7 +243,7 @@ foreach($q as $k=>$preg)
223 243
 // 		GetSQLValueString($q[$k]["id_q_db"],"int")
224 244
 // 	);
225 245
 // 	print($sql);print "\n";
226
-// 		mysqli_query($dbconnection, $sql);
246
+// 		mysqli_query($connection, $sql);
227 247
 // }
228 248
 // exit();
229 249
 // $id_subq++;
@@ -235,11 +255,11 @@ foreach($archivosCSV as $filename)
235 255
 		$title=explode(".",explode("-", $filename)[1])[0];
236 256
 		if (($handle = fopen($filename, "r")) !== FALSE) 
237 257
 		{
238
-			print $filename."\n";
258
+// 			print $filename."\n";
239 259
 			$j=0;
240 260
 			while (($data = fgetcsv($handle)) !== FALSE) 
241 261
 			{
242
-				if($j==2)print_r($data);print"<br>";
262
+// 				if($j==2)print_r($data);print"<br>";
243 263
 				if($j==0)
244 264
 				{
245 265
 					$descripcion=$data[1];
@@ -250,14 +270,14 @@ foreach($archivosCSV as $filename)
250 270
 						GetSQLValueString($id_cuestionario,"int"),
251 271
 						GetSQLValueString($fecha,"text")				
252 272
 					);
253
-					print($sql);print "\n";
254
-						mysqli_query($dbconnection, $sql);
255
-						$id_subq=mysqli_insert_id($dbconnection);
273
+// 					print($sql);print "\n";
274
+						mysqli_query($connection, $sql);
275
+						$id_subq=mysqli_insert_id($connection);
256 276
 					$sql=sprintf("INSERT INTO `experience_subquestionnair`( `id_experience`, `id_subquestionnair`) VALUES (%s,%s)",
257 277
 						GetSQLValueString($id_experience,"int"),
258 278
 						GetSQLValueString($id_subq,"int")
259 279
 					);
260
-						mysqli_query($dbconnection, $sql);
280
+						mysqli_query($connection, $sql);
261 281
 				
262 282
 				}
263 283
 				if($j>1)
@@ -268,8 +288,8 @@ foreach($archivosCSV as $filename)
268 288
 						GetSQLValueString($id_subq,"int"),
269 289
 						GetSQLValueString($q[$data[0]]["id_q_db"],"int")
270 290
 					);
271
-					print($sql);print "\n";
272
-						mysqli_query($dbconnection, $sql);
291
+// 					print($sql);print "\n";
292
+						mysqli_query($connection, $sql);
273 293
 	// 				$q[$data[0]]		
274 294
 				}
275 295
 				$j++;
@@ -288,13 +308,13 @@ foreach($archivosCSV as $filename)
288 308
 // 	GetSQLValueString($pretest_date,"text")				
289 309
 // );
290 310
 // print($sql);print "\n";
291
-// 	mysqli_query($dbconnection, $sql);
292
-// 	$id_subq=mysqli_insert_id($dbconnection);
311
+// 	mysqli_query($connection, $sql);
312
+// 	$id_subq=mysqli_insert_id($connection);
293 313
 // $sql=sprintf("INSERT INTO `experience_subquestionnair`( `id_experience`, `id_subquestionnair`) VALUES (%s,%s)",
294 314
 // 	GetSQLValueString($id_experience,"int"),
295 315
 // 	GetSQLValueString($id_subq,"int")
296 316
 // );
297
-// 	mysqli_query($dbconnection, $sql);
317
+// 	mysqli_query($connection, $sql);
298 318
 // 
299 319
 // 
300 320
 // $n=count($q);
@@ -306,10 +326,11 @@ foreach($archivosCSV as $filename)
306 326
 // 		GetSQLValueString($q[$k]["id_q_db"],"int")
307 327
 // 	);
308 328
 // 	print($sql);print "\n";
309
-// 		mysqli_query($dbconnection, $sql);
329
+// 		mysqli_query($connection, $sql);
310 330
 // }
311 331
 foreach($archivosCSV as $filename)
312 332
 {
313 333
 	exec("rm '$filename'");
314 334
 }
335
+header("Location: ".$_SERVER['HTTP_REFERER']."#questionnaires");
315 336
 ?>

+ 4
- 0
processes/insertExperience.php Bestand weergeven

@@ -171,6 +171,10 @@
171 171
 		if(!mysqli_query($connection, $queryHookExperienceToInstitution)) die("Error: ".mysqli_error($connection));
172 172
 		
173 173
 		
174
+		// ASOCIAR LA EXPERIENCIA NUEVA CON EL USUARIO
175
+		$queryHookExperienceToUser = "INSERT INTO `researcher_experience` (`id_researcher`, `id_experience`) VALUES ('" . $_SESSION['dbUserData']['id_researcher'] . "', '$id_experience')";
176
+		if(!mysqli_query($connection, $queryHookExperienceToUser)) die("Error: ".mysqli_error($connection));
177
+		
174 178
 		// MAKE IT CLIENT SIDE!!!!!!!! HAVE TO SEND IT IN SERVER RESPONSE!!!!!!!
175 179
 // 		header('Location: ../viewExperience.php?view=$id_experience');
176 180
 // 		exit();

+ 23
- 0
processes/makeManager.php Bestand weergeven

@@ -0,0 +1,23 @@
1
+<?php
2
+
3
+	require_once 'config.php';
4
+	require_once 'dbh.inc.php';
5
+	require_once 'checkLogin.php';
6
+	
7
+
8
+	// EXAMPLE INPUT...
9
+	// array(1) { ["researcherID"]=> string(1) "3" }
10
+
11
+	$researcherID = mysqli_real_escape_string($connection, trim($_POST['researcherID']));
12
+		
13
+	// Check if name is not an empty string
14
+	if($researcherID === '') {
15
+		http_response_code(400);
16
+		echo json_encode(array("error" => "Must specify researcher ID."));
17
+		exit();
18
+	}
19
+		
20
+	// Insert user
21
+	$queryManager = "UPDATE researcher SET admin = '1' WHERE id_researcher = '$researcherID';";
22
+	mysqli_query($connection, $queryManager) or die("Error: " . mysqli_error($connection));
23
+	

+ 6
- 3
processes/removeQuestionFromMoment.php Bestand weergeven

@@ -35,7 +35,6 @@
35 35
 		// Check that question ID is not empty string
36 36
 		// And that it's registered in the database
37 37
 		// And that it belongs to the Questionnaire the Moment belongs to
38
-		// And that it isn't a duplicate inside the Moment
39 38
 		if($questionID === "") {
40 39
 			http_response_code(400);
41 40
 			echo json_encode(array("error" => "Please specify question ID."));
@@ -48,9 +47,13 @@
48 47
 			http_response_code(400);
49 48
 			echo json_encode(array("error" => "Given question ID ($questionID) is outside the Moment's corresponding Questionnair's scope."));
50 49
 			exit();
51
-		} else if(mysqli_query($connection, "SELECT * FROM subquestionnair_question WHERE id_question = '$questionID' AND id_subquestionnair = '$momentID';")->num_rows === 0) {
50
+		}
51
+		
52
+		
53
+		// Check that the moment hasn't been answered yet
54
+		if(mysqli_query($connection, "SELECT * FROM student_subquestionnair WHERE id_subquestionnair = '$momentID';")->num_rows !== 0) {
52 55
 			http_response_code(400);
53
-			echo json_encode(array("error" => "Question is already removed from moment."));
56
+			echo json_encode(array("error" => "Moment already active, deletion denied."));
54 57
 			exit();
55 58
 		}
56 59
 

+ 20
- 4
questionnaires.php Bestand weergeven

@@ -2,13 +2,25 @@
2 2
 	
3 3
 	// Description: DISPLAY THE USER'S QUESTIONNAIRES
4 4
 	
5
+	echo "This page is no longer in use.";
6
+	exit();
7
+	exit();
8
+	exit();
9
+	exit();
10
+	exit();
11
+	
5 12
 	require_once 'processes/config.php';
6 13
 	require_once 'processes/dbh.inc.php';
7 14
 	require_once 'processes/checkLogin.php';
8 15
 	include_once 'header.php';
9 16
 
10 17
 	// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher`='".$dbUserData['id_researcher']."';"
11
-	$query1 = "SELECT * FROM `questionnair`;";
18
+	if($_SESSION['dbUserData']['admin'] === '1') {
19
+		$query1 = "SELECT * FROM `questionnair`;";
20
+	} else {
21
+		$query1 = "SELECT * FROM `questionnair` WHERE id IN (SELECT id_questionnair FROM experience_questionnair WHERE id_experience IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "'));";
22
+	}
23
+	
12 24
 	$result1 = mysqli_query($connection, $query1);
13 25
 	
14 26
 ?>
@@ -21,7 +33,6 @@
21 33
             		<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
22 34
         		</a>
23 35
         		<div id="account">
24
-        		    <a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
25 36
         		    <a class="sign-out" href="./processes/logout.php">Sign Out</a>
26 37
         		</div>
27 38
     		</header>
@@ -189,8 +200,13 @@
189 200
 							<select class="form-control text-center" id="toExperienceID" name="toExperienceID" style="text-align-last:center;" required>
190 201
 								<?php 
191 202
 								
192
-									// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher`='".$dbUserData['id_researcher']."';"
193
-									$queryExperience2 = "SELECT * FROM `experience`;";
203
+									// CHANGE QUERY DEPENDING ON IF USER IS ADMIN OR NOT
204
+									if($_SESSION['dbUserData']['admin'] === '1') {
205
+										$queryExperience2 = "SELECT * FROM `experience` WHERE id != '$experienceID';";
206
+									} else {
207
+										$queryExperience2 = "SELECT * FROM `experience` WHERE id != '$experienceID' AND id IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "');";
208
+									}	
209
+								
194 210
 									$resultExperience2 = mysqli_query($connection, $queryExperience2);
195 211
 									
196 212
 									while($rowExperience2 = mysqli_fetch_assoc($resultExperience2)):

+ 0
- 1
respuestas.php Bestand weergeven

@@ -71,7 +71,6 @@
71 71
             	<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
72 72
         	</a>
73 73
         	<div id="account">
74
-            	<a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
75 74
             	<a class="sign-out" href="./processes/logout.php">Sign Out</a>
76 75
         	</div>
77 76
     	</header>

+ 2
- 2
test.php Bestand weergeven

@@ -61,9 +61,9 @@
61 61
 // 	echo "This is result: $result<br>";
62 62
 	
63 63
 	if($result === "") {
64
-		echo "Result is empty string";
64
+// 		echo "Result is empty string";
65 65
 	} else {
66
-		echo "Result isn't empty string";
66
+// 		echo "Result isn't empty string";
67 67
 	}
68 68
 
69 69
 ?>

+ 240
- 0
users.php Bestand weergeven

@@ -0,0 +1,240 @@
1
+<?php
2
+
3
+	require_once 'processes/config.php';
4
+	require_once 'processes/dbh.inc.php';
5
+	require_once 'processes/checkLogin.php';
6
+	
7
+	
8
+	// IF USER IS DOESN'T HAVE ADMINISTRATOR PERMISIONS, EXIT
9
+	if($_SESSION['dbUserData']['admin'] !== '1') {
10
+		echo "You are unauthorized to view this page.";
11
+		exit();
12
+	}
13
+	
14
+	include_once 'header.php';
15
+
16
+?>
17
+
18
+	<!--START OF users.php -->
19
+	<body>
20
+	
21
+    	<header id="main-header">
22
+        	<a id="logo" href=".">
23
+				TANIA
24
+            	<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
25
+        	</a>
26
+        	<div id="account">
27
+            	<a class="nav-link" href="#" onclick="location='home.php'">Go Back</a>
28
+            	<a class="sign-out" href="./processes/logout.php">Sign Out</a>
29
+        	</div>
30
+    	</header>
31
+        
32
+        <div class="container" style="margin-top: 8rem; min-height: calc(100vh - 8rem - 8rem);">
33
+        		
34
+        	<br>
35
+        		
36
+        	<div class="row">
37
+        		<div class="col-sm-12">
38
+        			<h2 class="text-muted"><?php echo $_SESSION['dbUserData']['name']; ?></h2>
39
+<!--     	    		<p>Add new users, view their info and manage permissions!</p> -->
40
+        	    </div>
41
+        	</div>
42
+        	
43
+        	<hr>
44
+        	
45
+        	<div class="row">
46
+        		<div class="col-sm-12">
47
+        			<h3>Add Researcher</h3>
48
+        		</div>
49
+        	</div>
50
+        	
51
+        	<form id="addUser" class="form-horizontal" method="POST" action="processes/addUser.php" onsubmit="addUser(event)">
52
+        	
53
+        		<div class="form-group">
54
+        			<label class="col-sm-2 control-label" for="exampleInputEmail1">Name</label>
55
+        			<div class="col-sm-10">
56
+						<input type="text" name="name" class="form-control text-center" placeholder="i.e. Juan del Pueblo Villa" required autocomplete="off">
57
+					</div>
58
+				</div>
59
+        		
60
+        		<div class="form-group">
61
+	        		<label class="col-sm-2 control-label for="exampleInputEmail1">Email</label>
62
+	        		<div class="col-sm-10">
63
+						<input type="email" name="email" class="form-control text-center" placeholder="i.e. juan.delpueblo@upr.edu" required autocomplete="off">
64
+					</div>
65
+				</div>
66
+				
67
+				<div class="row">
68
+				<div class="col-sm-4 col-sm-offset-5">
69
+					<button type="submit" name="addUser" class="btn btn-primary btn-block">Add User</button>
70
+				</div>
71
+				</div>
72
+        		
73
+        	</form>
74
+        	
75
+        	<br>
76
+        	
77
+        	<!-- ERROR ALERT FOR USER -->			
78
+			<div id="error-addUser" class="row" style="display: none;">
79
+				<div class="col-sm-10 col-sm-offset-2">
80
+					<div class="alert alert-danger mb-1" role="alert">
81
+						<h4 class="error-lead">Error!</h4>
82
+						<p class="error-description"></p>
83
+					</div>
84
+				</div>
85
+			</div>
86
+        	
87
+        	
88
+        	<br>
89
+        
90
+        	<div class="row">
91
+        		
92
+        		<div class="col-sm-12">
93
+	        		<h3>Researchers</h3>
94
+        		</div>
95
+        	
96
+				
97
+				<div class="col-sm-12">
98
+					<table class="table table-hover table-striped table-responsive">
99
+  						<thead>
100
+  							<tr>
101
+  								<th style="text-align: center;"><h4>Name</h4></th>
102
+  								<th style="text-align: center;"><h4>Email</h4></th>
103
+  								<th style="text-align: center;"><h4>Manage</h4></th>
104
+  							</tr>
105
+  						</thead>
106
+  						<tbody>
107
+  							<?php 
108
+  								$queryResearchers = "SELECT * FROM researcher;";
109
+								$resultResearchers = mysqli_query($connection, $queryResearchers);
110
+													
111
+  								while($rowResearchers = mysqli_fetch_assoc($resultResearchers)):
112
+  							?>
113
+  							<tr>
114
+  								<td style="text-align: center;"><h5><?php echo $rowResearchers['name']; ?></h5></td>
115
+  								<td style="text-align: center;"><h5><a class="email" href="mailto:<?php echo $rowResearchers['email']; ?>"><?php echo $rowResearchers['email']; ?></a></h5></td>
116
+  								<td style="text-align: center;">
117
+  									<?php if($rowResearchers['admin'] === '1'): ?>
118
+  									<h5><sm class="text-muted">Already manager...</sm></h5>
119
+  									<?php else: ?>
120
+  									<button class="btn btn-sm btn-default" data-researcher="<?php echo $rowResearchers['id_researcher']; ?>" onclick="makeManager(event)">Make Manager</button>
121
+  									<?php endif; ?>
122
+  								</td>
123
+  							</tr>
124
+  							<?php endwhile; ?>
125
+						</tbody>
126
+  					</table>
127
+  				</div><!--col-->
128
+	
129
+        	</div><!--row-->
130
+        	
131
+        	<br><br><br>
132
+        			
133
+        </div><!--container-->
134
+        			
135
+        			
136
+        			
137
+        			
138
+        	<style>
139
+        	.email {
140
+        		color: #333;
141
+        		transition: color 300ms ease;
142
+        	}
143
+        	
144
+        	.email:hover {
145
+        		color: #999;
146
+        	}
147
+        	</style>
148
+    
149
+    
150
+    
151
+        	
152
+			<script src="js/handleSubmit.js"></script>
153
+        	
154
+        	<script>
155
+        	
156
+        	
157
+			["addUser"].forEach(function(formName) {
158
+			
159
+				var form = document.getElementById(formName);
160
+			
161
+				if(form) {
162
+					form.addEventListener('submit', function(e) {
163
+						handleSubmit(e, formName);
164
+					});
165
+				}
166
+			
167
+			});
168
+
169
+
170
+
171
+        	
172
+        	function foo(e) {
173
+        		e.preventDefault();
174
+        		console.log(e.srcElement);
175
+        		return false;
176
+        	}
177
+        	
178
+        	
179
+        	function makeManager(e) {
180
+        	
181
+        		let button = e.currentTarget;
182
+        		let researcherID = button.getAttribute('data-researcher');
183
+        		
184
+        		// Create loader
185
+        		let loader = document.createElement('div');
186
+        		loader.style.display = "flex";
187
+        		loader.style.alignItems = "center";
188
+        		loader.style.justifyContent = "center";
189
+        		loader.style.height = "35px";
190
+        		let span = document.createElement('span');
191
+        		span.classList.add('loader');
192
+        		loader.appendChild(span);
193
+        		
194
+        		// Insert loader and remove button
195
+        		button.insertAdjacentElement('afterend', loader);
196
+        		button.remove();
197
+
198
+        		let URL = document.location.protocol + "//tania.uprrp.edu/admin_nuevo/processes/makeManager.php";
199
+        		let fields = {
200
+        			researcherID: researcherID
201
+        		};
202
+        		
203
+        		$.post(URL, fields)
204
+        			.done(function(data, text) {
205
+        			
206
+        				// Create Done!
207
+        				let h5 = document.createElement('h5');
208
+        				let sm = document.createElement('sm');
209
+        				sm.classList.add('text-success');
210
+        				sm.innerText = "Done!";
211
+        				h5.appendChild(sm);
212
+        			
213
+        				// Insert Done! and remove loader
214
+        				loader.insertAdjacentElement('afterend', h5);
215
+						loader.remove();
216
+        				
217
+        			})
218
+        			.fail(function(request, status, error) {
219
+        			
220
+        				// Create Retry
221
+        				let retry = document.createElement('button');
222
+        				retry.className = "btn btn-sm btn-primary";
223
+        				retry.setAttribute('data-researcher', researcherID);
224
+        				retry.setAttribute('onclick', 'makeManager(event)');
225
+        				retry.innerText = "Retry";
226
+        			
227
+        				// Insert Retry and remove loader
228
+        				loader.insertAdjacentElement('afterend', retry);
229
+        				loader.remove();
230
+        				
231
+        			});
232
+        		
233
+        	}
234
+        	
235
+        	</script>
236
+        	
237
+        		
238
+	<!-- END OF users.php -->
239
+
240
+<?php include_once 'footer.php'; ?>

+ 51
- 21
viewExperience.php Bestand weergeven

@@ -11,7 +11,7 @@
11 11
 		exit();
12 12
 	}
13 13
 
14
-	// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher`='".$dbUserData['id_researcher']."';"
14
+	// FETCH EXPERIENCE
15 15
 	$experienceID = mysqli_real_escape_string($connection, trim($_GET['view'])); 
16 16
 	$query1 = "SELECT * FROM `experience` WHERE `id` = '$experienceID';";
17 17
 	$result1 = mysqli_query($connection, $query1) or die("Error: ".mysqli_error($connection));
@@ -19,8 +19,21 @@
19 19
 	
20 20
 	// IF EXPERIENCE NOT IN DATABASE, EXIT
21 21
 	if($result1->num_rows !== 1) {
22
+		echo "Requested experience does not exist.";
22 23
 		exit();
23 24
 	}
25
+	
26
+	// IF EXPERIENCE DOESN'T BELONG TO USER (WHO IS NOT AN ADMIN), EXIT
27
+	if($_SESSION['dbUserData']['admin'] !== '1') {
28
+	
29
+		$queryCheckUser = "SELECT id FROM experience WHERE id = '$experienceID' AND id IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "');";
30
+		if(mysqli_query($connection, $queryCheckUser)->num_rows === 0) {
31
+			echo "You are not authorized to view this experience.";
32
+			exit();
33
+		}
34
+		
35
+	}
36
+
24 37
 
25 38
 	include_once 'header.php';
26 39
 	
@@ -34,7 +47,6 @@
34 47
             	<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
35 48
         	</a>
36 49
         	<div id="account">
37
-            	<a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
38 50
             	<a class="sign-out" href="./processes/logout.php">Sign Out</a>
39 51
         	</div>
40 52
     	</header>
@@ -994,37 +1006,55 @@
994 1006
 							
995 1007
 							<!-- FROM QUESTIONNAIRE -->
996 1008
 							<label for="fromQuestionnaireID">Which Questionnaire:</label>
997
-							<select class="form-control text-center" id="fromQuestionnaireID" name="fromQuestionnaireID" style="text-align-last:center;" required>
998
-								<?php
1009
+							<?php
1010
+								// FIRST ASSUME FALSE
1011
+								$errorDuplicate = false;
999 1012
 								
1000
-									$queryQuestionnaires = "SELECT * FROM `questionnair` WHERE id IN (SELECT id_questionnair FROM experience_questionnair WHERE id_experience = '$experienceID');";
1001
-									$resultQuestionnaires = mysqli_query($connection, $queryQuestionnaires);
1002
-
1003
-									while($rowQuestionnaires = mysqli_fetch_assoc($resultQuestionnaires)):
1004
-									
1005
-								?>
1013
+								$queryQuestionnaires = "SELECT * FROM `questionnair` WHERE id IN (SELECT id_questionnair FROM experience_questionnair WHERE id_experience = '$experienceID');";
1014
+								$resultQuestionnaires = mysqli_query($connection, $queryQuestionnaires);
1015
+								
1016
+								if($resultQuestionnaires->num_rows > 0):
1017
+							?>
1018
+							<select class="form-control text-center" id="fromQuestionnaireID" name="fromQuestionnaireID" style="text-align-last:center;" required>
1019
+								<?php while($rowQuestionnaires = mysqli_fetch_assoc($resultQuestionnaires)): ?>
1006 1020
 									<option value="<?php echo $rowQuestionnaires['id']; ?>"><?php echo $rowQuestionnaires['q_title']; ?></option>
1007 1021
 								<?php endwhile; ?>
1008 1022
 							</select>
1023
+							<?php
1024
+								else:							
1025
+									$errorDuplicate = true;
1026
+							?>
1027
+							<h3 class="text-center"><small>It seems you still haven't added any questionnaires to this experience...</small></h3>
1028
+							<?php endif; ?>
1009 1029
 							
1010 1030
 							<br>
1011 1031
 							
1012 1032
 							<!-- TO EXPERIENCE -->
1013 1033
 							<label for="toExperienceID">To What Experience:</label>
1014
-							<select class="form-control text-center" id="toExperienceID" name="toExperienceID" style="text-align-last:center;" required>
1015
-								<?php 
1016
-								
1017
-									// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher`='".$dbUserData['id_researcher']."';"
1034
+							<?php
1035
+
1036
+								// CHANGE QUERY DEPENDING ON IF USER IS ADMIN OR NOT
1037
+								if($_SESSION['dbUserData']['admin'] === '1') {
1018 1038
 									$queryExperience2 = "SELECT * FROM `experience` WHERE id != '$experienceID';";
1019
-									$resultExperience2 = mysqli_query($connection, $queryExperience2);
1020
-									
1021
-									while($rowExperience2 = mysqli_fetch_assoc($resultExperience2)):
1022
-									
1023
-								?>
1039
+								} else {
1040
+									$queryExperience2 = "SELECT * FROM `experience` WHERE id != '$experienceID' AND id IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "');";
1041
+								}							
1042
+							
1043
+								$resultExperience2 = mysqli_query($connection, $queryExperience2);
1044
+								
1045
+								if($resultExperience2->num_rows > 0):
1046
+							?>
1047
+							<select class="form-control text-center" id="toExperienceID" name="toExperienceID" style="text-align-last:center;" required>
1048
+								<?php while($rowExperience2 = mysqli_fetch_assoc($resultExperience2)): ?>
1024 1049
 								<option value="<?php echo $rowExperience2['id']; ?>"><?php echo $rowExperience2['title']; ?></option>
1025 1050
 								<?php endwhile; ?>
1026 1051
 							</select>							
1027
-							
1052
+							<?php
1053
+								else:
1054
+									$errorDuplicate = true;	
1055
+							?>
1056
+							<h3 class="text-center"><small>You don't have another experience to duplicate to...</small></h3>
1057
+							<?php endif; ?>
1028 1058
 							
1029 1059
 							
1030 1060
       					</div><!--modal-body-->
@@ -1032,7 +1062,7 @@
1032 1062
       					<!-- SUBMIT OR CANCEL -->
1033 1063
      					<div class='modal-footer'>
1034 1064
        						<button type='button' class='btn btn-default' data-dismiss='modal'>Cancel</button>
1035
-        					<button type='submit' class='btn btn-primary' name='duplicateQuestionnaire'>Confirm</button>
1065
+        					<button type='submit' class='btn btn-primary' name='duplicateQuestionnaire' <?php if($errorDuplicate === true) echo "disabled"; ?>>Confirm</button>
1036 1066
       					</div>
1037 1067
       					
1038 1068
     				</div><!--modal-content-->

+ 13
- 2
viewMoment.php Bestand weergeven

@@ -11,7 +11,7 @@
11 11
 		exit();
12 12
 	}
13 13
 	
14
-	// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher` = '".$dbUserData['id_researcher']."';"
14
+	// FETCH MOMENT
15 15
 	$momentID = mysqli_real_escape_string($connection, trim($_GET['view']));
16 16
 	$query1 = "SELECT * FROM subquestionnair WHERE id = '$momentID';";
17 17
 	$result1 = mysqli_query($connection, $query1) or die("Error: ".mysqli_error($connection));
@@ -19,9 +19,21 @@
19 19
 
20 20
 	// IF MOMENT NOT IN DATABASE, EXIT
21 21
 	if($result1->num_rows !== 1) {
22
+		echo "Requested experience does not exist.";
22 23
 		exit();
23 24
 	}
24 25
 	
26
+	// IF MOMENT DOESN'T BELONG TO USER (WHO IS NOT AN ADMIN), EXIT
27
+	if($_SESSION['dbUserData']['admin'] !== '1') {
28
+	
29
+		$queryCheckUser = "SELECT id FROM subquestionnair WHERE id = '$momentID' AND id IN (SELECT id_subquestionnair FROM experience_subquestionnair WHERE id_experience IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "'));";
30
+		if(mysqli_query($connection, $queryCheckUser)->num_rows === 0) {
31
+			echo "You are not authorized to view this moment.";
32
+			exit();
33
+		}
34
+		
35
+	}
36
+	
25 37
 	// EXTRACT & DISPLAY THE NUMBER OF QUESTIONS IN THE MOMENT
26 38
 	$queryNumQuestions = "SELECT * FROM question WHERE id IN (SELECT id_question FROM subquestionnair_question WHERE id_subquestionnair = '$momentID');";
27 39
 	$resultNumQuestions = mysqli_query($connection, $queryNumQuestions);
@@ -40,7 +52,6 @@
40 52
             		<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
41 53
         		</a>
42 54
         		<div id="account">
43
-        		    <a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
44 55
         		    <a class="sign-out" href="./processes/logout.php">Sign Out</a>
45 56
         		</div>
46 57
     		</header>

+ 13
- 2
viewQuestionnaire.php Bestand weergeven

@@ -11,7 +11,7 @@
11 11
 		exit();
12 12
 	}
13 13
 
14
-	// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher` = '".$dbUserData['id_researcher']."';"
14
+	// FETCH QUESTIONNAIRE
15 15
 	$questionnaireID = mysqli_real_escape_string($connection, trim($_GET['view']));
16 16
 	$query1 = "SELECT * FROM questionnair WHERE id = '$questionnaireID';";
17 17
 	$result1 = mysqli_query($connection, $query1) or die("Error: ".mysqli_error($connection));
@@ -19,8 +19,20 @@
19 19
 		
20 20
 	// IF QUESTIONNAIRE NOT IN DATABASE, EXIT
21 21
 	if($result1->num_rows !== 1) {
22
+		echo "Requested questionnaire does not exist.";
22 23
 		exit();
23 24
 	}
25
+	
26
+	// IF QUESTIONNAIRE DOESN'T BELONG TO USER (WHO IS NOT AN ADMIN), EXIT
27
+	if($_SESSION['dbUserData']['admin'] !== '1') {
28
+	
29
+		$queryCheckUser = "SELECT id FROM questionnair WHERE id = '$questionnaireID' AND id IN (SELECT id_questionnair FROM experience_questionnair WHERE id_experience IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "'));";
30
+		if(mysqli_query($connection, $queryCheckUser)->num_rows === 0) {
31
+			echo "You are not authorized to view this questionnaire.";
32
+			exit();
33
+		}
34
+		
35
+	}
24 36
 		
25 37
 	// EXTRACT & DISPLAY THE NUMBER OF QUESTIONS IN THE QUESTIONNAIRE	
26 38
 	$queryNumQuestions = "SELECT * FROM question WHERE id IN (SELECT id_question FROM questionnair_question WHERE id_questionnair = '$questionnaireID');";
@@ -40,7 +52,6 @@
40 52
             		<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
41 53
         		</a>
42 54
         		<div id="account">
43
-        		    <a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
44 55
         		    <a class="sign-out" href="./processes/logout.php">Sign Out</a>
45 56
         		</div>
46 57
     		</header>