Added user logic & minimal bug fixes

home.php

 	include_once 'header.php';
 	
 	// RETRIEVE USER'S NAME AND PICTURE
-	$query1 = "SELECT * FROM `researcher` WHERE `email` = '" . $_SESSION['email'] . "';";
-	$result1 = mysqli_query($connection, $query1);
-	$dbUserData = mysqli_fetch_assoc($result1);
+// 	$query1 = "SELECT * FROM `researcher` WHERE `email` = '" . $_SESSION['dbUserData']['email'] . "';";
+// 	$result1 = mysqli_query($connection, $query1);
+// 	$dbUserData = mysqli_fetch_assoc($result1);
+	$dbUserData = $_SESSION['dbUserData'];
 	
+// 	var_dump($_SESSION);
+// 	exit();
+		
 	// IF USER NOT IN DATABASE, EXIT
-	if($result1->num_rows !== 1) {
+	if(!$dbUserData) {
 		exit();
 	}
 	
             	<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
         	</a>
         	<div id="account">
-        	    <a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
+            	<?php if($_SESSION['dbUserData']['admin'] === '1'): ?>
+            	<a class="nav-link" href="./users.php">Manage Researchers</a>
+            	<?php endif; ?>
         	    <a class="sign-out" href="./processes/logout.php">Sign Out</a>
         	</div>
     	</header>
             	</div>
 
 <?php
-	// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher`='".$dbUserData['id_researcher']."';"
-	$query2 = "SELECT * FROM `experience`;";
+	// CHANGE QUERY DEPENDING ON IF USER IS ADMIN OR NOT
+	if($_SESSION['dbUserData']['admin'] === '1') {
+		$query2 = "SELECT * FROM `experience`;";
+	} else {
+		$query2 = "SELECT * FROM `experience` WHERE id IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "');";
+	}
 	$result2 = mysqli_query($connection, $query2);
 	
 	// IF USER HAS EXPERIENCES, SHOW ALL OF THEM

js/handleSubmit.js

 			fullURI += "updateQuestion.php";
 			break;
 			
+		// users.php
+		case "addUser":
+			fullURI += "addUser.php";
+			break
+			
 
 		
 		default:
 			submitButton.disabled = false;
 					
 			// Display alert
-			alertContainer.style.display = "initial";
+			alertContainer.style.display = "block";
 
 		});
 // 		.always(function(data, textStatus, errorThrown) {

processes/addUser.php

+<?php
+
+	require_once 'config.php';
+	require_once 'dbh.inc.php';
+	require_once 'checkLogin.php';
+	
+
+	// EXAMPLE INPUT...
+	// array(3) { ["name"]=> string(0) "" ["email"]=> string(0) "" ["addUser"]=> string(0) "" }
+
+
+	if(isset($_POST['addUser'])) {
+
+		$name = mysqli_real_escape_string($connection, trim($_POST['name']));
+		$email = mysqli_real_escape_string($connection, trim($_POST['email']));
+		
+		// Check if name is not an empty string
+		if($name === '') {
+			http_response_code(400);
+			echo json_encode(array("error" => "Must specify name."));
+			exit();
+		}
+		
+		
+		// Check if email is not an empty string
+		// And that email is valid email
+		// And that email is from UPR
+		// And that email is not already registered
+		if($email === '') {
+			http_response_code(400);
+			echo json_encode(array("error" => "Must specify email."));
+			exit();
+		} else if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+			http_response_code(400);
+			echo json_encode(array("error" => "Invalid email."));
+			exit();
+		} else if(explode("@", $email)[1] !== "upr.edu") {
+			http_response_code(400);
+			echo json_encode(array("error" => "Email has to be from UPR."));
+			exit();
+		} else if(mysqli_query($connection, "SELECT * FROM researcher WHERE email = '$email';")->num_rows !== 0) {
+			http_response_code(400);
+			echo json_encode(array("error" => "Given email already registered."));
+			exit();
+		}
+		
+		// Insert user
+		$queryUser = "INSERT INTO researcher (`name`, `email`) VALUES ('$name', '$email');";
+		mysqli_query($connection, $queryUser) or die("Error: " . mysqli_error($connection));
+		
+		header("Location: ../users.php");
+
+	}

processes/callback.php

 			Lista completa de scopes: https://developers.google.com/identity/protocols/googlescopes
 	*/
 	
+	
 	require_once 'dbh.inc.php';
 	
-	$query = 'SELECT * FROM `researcher` WHERE `email` = "'.$userData['email'].'";';
+	
+	$query = 'SELECT * FROM researcher WHERE email = "' . $userData['email'] . '";';
 	$result = mysqli_query($connection, $query);
 	$dbUserData = mysqli_fetch_assoc($result);
 	
-	$_SESSION['result'] = $result;
 	
 	// IF DB CAN'T FETCH USER DATA, IT MUST BE BECAUSE USER IS UNAUTHORIZED
-	// ELSE KEEP RETRIEVING USER DATA FROM DB
-	if($dbUserData == NULL) {
+	if($dbUserData === NULL) {
 		$_SESSION['error'] = 'unauthorized';
+		header('Location: ../unauthorized.php');
+		exit();
 	}
-	else {
 	
-		// NECESSARY FOR RETRIEVING DATA FROM DB ON LATER PAGES
-		$_SESSION['email'] = $userData['email'];
-		
-		//### OPTIONAL ###
-		$_SESSION['newUser'] = false;
+
+	// FIRST ASSUME USER IS NOT NEW
+	$_SESSION['newUser'] = false;
 	
-		// IF USER IS NEW, UPDATE DB WITH USER INFO FROM GOOGLE
-		if($dbUserData['name'] == NULL && $dbUserData['picture'] == NULL) {
-			$query = 'UPDATE `researcher` SET `name`="'.$userData['name'].'", `picture`="'.$userData['picture'].'" WHERE `email`="'.$userData['email'].'";';
-			mysqli_query($connection, $query);
-			
-			//### OPTIONAL ###
-			$_SESSION['newUser'] = true;
-		}
-		
+	
+	// IF USER IS NEW, UPDATE DB WITH USER INFO FROM GOOGLE
+	// AND SET 'newUser' SESSION VARIABLE TO TRUE
+	if($dbUserData['picture'] == NULL) { //$dbUserData['name'] == NULL && 
+		$query = 'UPDATE researcher SET name = "' . $userData['name'] . '", picture = "' . $userData['picture'] . '" WHERE email = "' . $userData['email'] . '";';
+		mysqli_query($connection, $query);
+		$_SESSION['newUser'] = true;
 	}
+	
+	
+	// REFETCH INFO FROM DATABASE AND STORE IN SESSION
+	$result = mysqli_query($connection, $query);
+	$dbUserData = mysqli_fetch_assoc($result);
+	$_SESSION['dbUserData'] = $dbUserData;
+	
 
 	//### FOR DEBUGGING ###
-	$_SESSION['dbUserData'] = $dbUserData;
+// 	$_SESSION['result'] = $result;
 	$_SESSION['error_set'] = isset($_SESSION['error']);
 	//### FOR DEBUGGING ###
 	

processes/checkLogin.php

 		header('Location: https://tania.uprrp.edu/admin_nuevo/error.php');
 		exit();
 	}
-	else if(!empty($_SESSION) && (isset($_SESSION['error']) && $_SESSION['error'] == 'unauthorized')) {
+	else if(isset($_SESSION['error']) && $_SESSION['error'] === 'unauthorized') {
 		header('Location: https://tania.uprrp.edu/admin_nuevo/unauthorized.php');
 		exit();
 	}

processes/importQuestionnaire.php

 <?php
 include "/var/www/html/funciones.php";
-include "/var/www/html/conection_test.php";
+// include "/var/www/html/conection_test.php";
+	require_once 'config.php';
+	require_once 'dbh.inc.php';
+	require_once 'checkLogin.php';
+	
+	
 
-print_r($_FILES);
+// print_r($_FILES);
+// print_r($_SERVER);
 // print_r($_POST);
 // print_r($_GET);
-
-//exit();
+// 
+// exit();
 // $archivo="Cuestionario perfecto.xlsx";
-// $id_experience= mysqli_real_escape_string($dbconnection, trim($_POST['experience']));
-$id_experience= 1000;
+$id_experience= mysqli_real_escape_string($connection, trim($_POST['id_experience']));
+// $id_experience= mysqli_real_escape_string($connection, $_GET['id_experience']);;
+
 $archivo=$_FILES["import"]["tmp_name"];
 $archivoOut="uploaderTemp";
 exec("ssconvert -S  '$archivo' ../temp/$archivoOut-%s.csv");
 // print "ssconvert -S -D ../temp '$archivo' $archivoOut-%s.csv";print"<br>";
-print getcwd();
+// print getcwd();
 $q_title=explode(".", $_FILES["import"]["name"])[0];
 $data_dir="../temp/";
 $archivosCSV=glob("$data_dir$archivoOut*.csv");
 $row = 1;
 if (($handle = fopen($filename, "r")) !== FALSE) 
 {
-	print $filename."\n";
+// 	print $filename."\n";
 	$j=0;
 	while (($data = fgetcsv($handle)) !== FALSE) 
 	{
 			GetSQLValueString($q_title,"text"),
 			GetSQLValueString($descripcion,"text")
 		);
-			mysqli_query($dbconnection, $sql);
-			$id_cuestionario=mysqli_insert_id($dbconnection);
+			mysqli_query($connection, $sql);
+			$id_cuestionario=mysqli_insert_id($connection);
+			$sql=sprintf("INSERT INTO `experience_questionnair`(`id_experience`, `id_questionnair`) VALUES (%s, %s)
+			",
+			GetSQLValueString($id_experience,"int"),
+			GetSQLValueString($id_cuestionario,"int")
+			);		
+			mysqli_query($connection, $sql);
 		}
 
 		if($j>1)
 	GetSQLValueString($cat["catText"],"text"),
 	GetSQLValueString($id_cuestionario,"int")
 	);
-	print($sql);print "\n";
-	mysqli_query($dbconnection, $sql);
-	$id_cat_db=mysqli_insert_id($dbconnection);
+// 	print($sql);print "\n";
+	mysqli_query($connection, $sql);
+	$id_cat_db=mysqli_insert_id($connection);
 	$cat["id_cat_db"]=$id_cat_db;
 // 	$id_cat_db++;
 }
 	GetSQLValueString($subcat["subcat"],"text"),
 	GetSQLValueString($id_cat_db,"int")
 	);
-	print($sql);print "\n";
-	mysqli_query($dbconnection, $sql);
-	$id_subcat_db=mysqli_insert_id($dbconnection);
+// 	print($sql);print "\n";
+	mysqli_query($connection, $sql);
+	$id_subcat_db=mysqli_insert_id($connection);
 	$subcat["id_subcat_db"]=$id_subcat_db;
 // 	$id_subcat_db++;
 }
 	$sql=sprintf("insert into reference (referencia) values (%s)",
 	GetSQLValueString($ref["refTexto"],"text")
 	);
-	print($sql);print "\n";
-	mysqli_query($dbconnection, $sql);
-	$id_ref_db=mysqli_insert_id($dbconnection);
+// 	print($sql);print "\n";
+	mysqli_query($connection, $sql);
+	$id_ref_db=mysqli_insert_id($connection);
 	$ref["id_ref_db"]=$id_ref_db;
 // 	$id_ref_db++;
 }
 	GetSQLValueString($id_ref_db,"int")
 	);
 // 	print($sql);print "\n";
-	mysqli_query($dbconnection, $sql);
-	$id_q_db=mysqli_insert_id($dbconnection);
+	mysqli_query($connection, $sql);
+	$id_q_db=mysqli_insert_id($connection);
 	$q[$k]["id_q_db"]=$id_q_db;
 	if($preg[4]==1)
 	{
 			GetSQLValueString($preg[8],"text")
 		); 
 // 		print($sql);print "\n";
-		mysqli_query($dbconnection, $sql);
+		mysqli_query($connection, $sql);
+
 	}
+	$sql=sprintf("INSERT INTO `questionnair_question`(`id_questionnair`, `id_question`) VALUES (%s, %s)
+		",
+		GetSQLValueString($id_cuestionario,"int"),
+		GetSQLValueString($id_q_db,"int")
+		);		
+		mysqli_query($connection, $sql);
 // 	$id_q_db++;
 	
 }
 // 	GetSQLValueString($pretest_date,"text")				
 // );
 // print($sql);print "\n";
-// 	mysqli_query($dbconnection, $sql);
-// 	$id_subq=mysqli_insert_id($dbconnection);
+// 	mysqli_query($connection, $sql);
+// 	$id_subq=mysqli_insert_id($connection);
 // $sql=sprintf("INSERT INTO `experience_subquestionnair`( `id_experience`, `id_subquestionnair`) VALUES (%s,%s)",
 // 	GetSQLValueString($id_experience,"int"),
 // 	GetSQLValueString($id_subq,"int")
 // );
-// 	mysqli_query($dbconnection, $sql);
+// 	mysqli_query($connection, $sql);
 // // print_r($q);
 // // exit();
 // $n=count($q);
 // 		GetSQLValueString($q[$k]["id_q_db"],"int")
 // 	);
 // 	print($sql);print "\n";
-// 		mysqli_query($dbconnection, $sql);
+// 		mysqli_query($connection, $sql);
 // }
 // exit();
 // $id_subq++;
 		$title=explode(".",explode("-", $filename)[1])[0];
 		if (($handle = fopen($filename, "r")) !== FALSE) 
 		{
-			print $filename."\n";
+// 			print $filename."\n";
 			$j=0;
 			while (($data = fgetcsv($handle)) !== FALSE) 
 			{
-				if($j==2)print_r($data);print"<br>";
+// 				if($j==2)print_r($data);print"<br>";
 				if($j==0)
 				{
 					$descripcion=$data[1];
 						GetSQLValueString($id_cuestionario,"int"),
 						GetSQLValueString($fecha,"text")				
 					);
-					print($sql);print "\n";
-						mysqli_query($dbconnection, $sql);
-						$id_subq=mysqli_insert_id($dbconnection);
+// 					print($sql);print "\n";
+						mysqli_query($connection, $sql);
+						$id_subq=mysqli_insert_id($connection);
 					$sql=sprintf("INSERT INTO `experience_subquestionnair`( `id_experience`, `id_subquestionnair`) VALUES (%s,%s)",
 						GetSQLValueString($id_experience,"int"),
 						GetSQLValueString($id_subq,"int")
 					);
-						mysqli_query($dbconnection, $sql);
+						mysqli_query($connection, $sql);
 				
 				}
 				if($j>1)
 						GetSQLValueString($id_subq,"int"),
 						GetSQLValueString($q[$data[0]]["id_q_db"],"int")
 					);
-					print($sql);print "\n";
-						mysqli_query($dbconnection, $sql);
+// 					print($sql);print "\n";
+						mysqli_query($connection, $sql);
 	// 				$q[$data[0]]		
 				}
 				$j++;
 // 	GetSQLValueString($pretest_date,"text")				
 // );
 // print($sql);print "\n";
-// 	mysqli_query($dbconnection, $sql);
-// 	$id_subq=mysqli_insert_id($dbconnection);
+// 	mysqli_query($connection, $sql);
+// 	$id_subq=mysqli_insert_id($connection);
 // $sql=sprintf("INSERT INTO `experience_subquestionnair`( `id_experience`, `id_subquestionnair`) VALUES (%s,%s)",
 // 	GetSQLValueString($id_experience,"int"),
 // 	GetSQLValueString($id_subq,"int")
 // );
-// 	mysqli_query($dbconnection, $sql);
+// 	mysqli_query($connection, $sql);
 // 
 // 
 // $n=count($q);
 // 		GetSQLValueString($q[$k]["id_q_db"],"int")
 // 	);
 // 	print($sql);print "\n";
-// 		mysqli_query($dbconnection, $sql);
+// 		mysqli_query($connection, $sql);
 // }
 foreach($archivosCSV as $filename)
 {
 	exec("rm '$filename'");
 }
+header("Location: ".$_SERVER['HTTP_REFERER']."#questionnaires");
 ?>

processes/insertExperience.php

 		if(!mysqli_query($connection, $queryHookExperienceToInstitution)) die("Error: ".mysqli_error($connection));
 		
 		
+		// ASOCIAR LA EXPERIENCIA NUEVA CON EL USUARIO
+		$queryHookExperienceToUser = "INSERT INTO `researcher_experience` (`id_researcher`, `id_experience`) VALUES ('" . $_SESSION['dbUserData']['id_researcher'] . "', '$id_experience')";
+		if(!mysqli_query($connection, $queryHookExperienceToUser)) die("Error: ".mysqli_error($connection));
+		
 		// MAKE IT CLIENT SIDE!!!!!!!! HAVE TO SEND IT IN SERVER RESPONSE!!!!!!!
 // 		header('Location: ../viewExperience.php?view=$id_experience');
 // 		exit();

processes/makeManager.php

+<?php
+
+	require_once 'config.php';
+	require_once 'dbh.inc.php';
+	require_once 'checkLogin.php';
+	
+
+	// EXAMPLE INPUT...
+	// array(1) { ["researcherID"]=> string(1) "3" }
+
+	$researcherID = mysqli_real_escape_string($connection, trim($_POST['researcherID']));
+		
+	// Check if name is not an empty string
+	if($researcherID === '') {
+		http_response_code(400);
+		echo json_encode(array("error" => "Must specify researcher ID."));
+		exit();
+	}
+		
+	// Insert user
+	$queryManager = "UPDATE researcher SET admin = '1' WHERE id_researcher = '$researcherID';";
+	mysqli_query($connection, $queryManager) or die("Error: " . mysqli_error($connection));
+	

processes/removeQuestionFromMoment.php

 		// Check that question ID is not empty string
 		// And that it's registered in the database
 		// And that it belongs to the Questionnaire the Moment belongs to
-		// And that it isn't a duplicate inside the Moment
 		if($questionID === "") {
 			http_response_code(400);
 			echo json_encode(array("error" => "Please specify question ID."));
 			http_response_code(400);
 			echo json_encode(array("error" => "Given question ID ($questionID) is outside the Moment's corresponding Questionnair's scope."));
 			exit();
-		} else if(mysqli_query($connection, "SELECT * FROM subquestionnair_question WHERE id_question = '$questionID' AND id_subquestionnair = '$momentID';")->num_rows === 0) {
+		}
+		
+		
+		// Check that the moment hasn't been answered yet
+		if(mysqli_query($connection, "SELECT * FROM student_subquestionnair WHERE id_subquestionnair = '$momentID';")->num_rows !== 0) {
 			http_response_code(400);
-			echo json_encode(array("error" => "Question is already removed from moment."));
+			echo json_encode(array("error" => "Moment already active, deletion denied."));
 			exit();
 		}
 

questionnaires.php

 	
 	// Description: DISPLAY THE USER'S QUESTIONNAIRES
 	
+	echo "This page is no longer in use.";
+	exit();
+	exit();
+	exit();
+	exit();
+	exit();
+	
 	require_once 'processes/config.php';
 	require_once 'processes/dbh.inc.php';
 	require_once 'processes/checkLogin.php';
 	include_once 'header.php';
 
 	// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher`='".$dbUserData['id_researcher']."';"
-	$query1 = "SELECT * FROM `questionnair`;";
+	if($_SESSION['dbUserData']['admin'] === '1') {
+		$query1 = "SELECT * FROM `questionnair`;";
+	} else {
+		$query1 = "SELECT * FROM `questionnair` WHERE id IN (SELECT id_questionnair FROM experience_questionnair WHERE id_experience IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "'));";
+	}
+	
 	$result1 = mysqli_query($connection, $query1);
 	
 ?>
             		<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
         		</a>
         		<div id="account">
-        		    <a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
         		    <a class="sign-out" href="./processes/logout.php">Sign Out</a>
         		</div>
     		</header>
 							<select class="form-control text-center" id="toExperienceID" name="toExperienceID" style="text-align-last:center;" required>
 								<?php 
 								
-									// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher`='".$dbUserData['id_researcher']."';"
-									$queryExperience2 = "SELECT * FROM `experience`;";
+									// CHANGE QUERY DEPENDING ON IF USER IS ADMIN OR NOT
+									if($_SESSION['dbUserData']['admin'] === '1') {
+										$queryExperience2 = "SELECT * FROM `experience` WHERE id != '$experienceID';";
+									} else {
+										$queryExperience2 = "SELECT * FROM `experience` WHERE id != '$experienceID' AND id IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "');";
+									}	
+								
 									$resultExperience2 = mysqli_query($connection, $queryExperience2);
 									
 									while($rowExperience2 = mysqli_fetch_assoc($resultExperience2)):

respuestas.php

             	<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
         	</a>
         	<div id="account">
-            	<a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
             	<a class="sign-out" href="./processes/logout.php">Sign Out</a>
         	</div>
     	</header>

test.php

 // 	echo "This is result: $result<br>";
 	
 	if($result === "") {
-		echo "Result is empty string";
+// 		echo "Result is empty string";
 	} else {
-		echo "Result isn't empty string";
+// 		echo "Result isn't empty string";
 	}
 
 ?>

users.php

+<?php
+
+	require_once 'processes/config.php';
+	require_once 'processes/dbh.inc.php';
+	require_once 'processes/checkLogin.php';
+	
+	
+	// IF USER IS DOESN'T HAVE ADMINISTRATOR PERMISIONS, EXIT
+	if($_SESSION['dbUserData']['admin'] !== '1') {
+		echo "You are unauthorized to view this page.";
+		exit();
+	}
+	
+	include_once 'header.php';
+
+?>
+
+	<!--START OF users.php -->
+	<body>
+	
+    	<header id="main-header">
+        	<a id="logo" href=".">
+				TANIA
+            	<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
+        	</a>
+        	<div id="account">
+            	<a class="nav-link" href="#" onclick="location='home.php'">Go Back</a>
+            	<a class="sign-out" href="./processes/logout.php">Sign Out</a>
+        	</div>
+    	</header>
+        
+        <div class="container" style="margin-top: 8rem; min-height: calc(100vh - 8rem - 8rem);">
+        		
+        	<br>
+        		
+        	<div class="row">
+        		<div class="col-sm-12">
+        			<h2 class="text-muted"><?php echo $_SESSION['dbUserData']['name']; ?></h2>
+<!--     	    		<p>Add new users, view their info and manage permissions!</p> -->
+        	    </div>
+        	</div>
+        	
+        	<hr>
+        	
+        	<div class="row">
+        		<div class="col-sm-12">
+        			<h3>Add Researcher</h3>
+        		</div>
+        	</div>
+        	
+        	<form id="addUser" class="form-horizontal" method="POST" action="processes/addUser.php" onsubmit="addUser(event)">
+        	
+        		<div class="form-group">
+        			<label class="col-sm-2 control-label" for="exampleInputEmail1">Name</label>
+        			<div class="col-sm-10">
+						<input type="text" name="name" class="form-control text-center" placeholder="i.e. Juan del Pueblo Villa" required autocomplete="off">
+					</div>
+				</div>
+        		
+        		<div class="form-group">
+	        		<label class="col-sm-2 control-label for="exampleInputEmail1">Email</label>
+	        		<div class="col-sm-10">
+						<input type="email" name="email" class="form-control text-center" placeholder="i.e. juan.delpueblo@upr.edu" required autocomplete="off">
+					</div>
+				</div>
+				
+				<div class="row">
+				<div class="col-sm-4 col-sm-offset-5">
+					<button type="submit" name="addUser" class="btn btn-primary btn-block">Add User</button>
+				</div>
+				</div>
+        		
+        	</form>
+        	
+        	<br>
+        	
+        	<!-- ERROR ALERT FOR USER -->			
+			<div id="error-addUser" class="row" style="display: none;">
+				<div class="col-sm-10 col-sm-offset-2">
+					<div class="alert alert-danger mb-1" role="alert">
+						<h4 class="error-lead">Error!</h4>
+						<p class="error-description"></p>
+					</div>
+				</div>
+			</div>
+        	
+        	
+        	<br>
+        
+        	<div class="row">
+        		
+        		<div class="col-sm-12">
+	        		<h3>Researchers</h3>
+        		</div>
+        	
+				
+				<div class="col-sm-12">
+					<table class="table table-hover table-striped table-responsive">
+  						<thead>
+  							<tr>
+  								<th style="text-align: center;"><h4>Name</h4></th>
+  								<th style="text-align: center;"><h4>Email</h4></th>
+  								<th style="text-align: center;"><h4>Manage</h4></th>
+  							</tr>
+  						</thead>
+  						<tbody>
+  							<?php 
+  								$queryResearchers = "SELECT * FROM researcher;";
+								$resultResearchers = mysqli_query($connection, $queryResearchers);
+													
+  								while($rowResearchers = mysqli_fetch_assoc($resultResearchers)):
+  							?>
+  							<tr>
+  								<td style="text-align: center;"><h5><?php echo $rowResearchers['name']; ?></h5></td>
+  								<td style="text-align: center;"><h5><a class="email" href="mailto:<?php echo $rowResearchers['email']; ?>"><?php echo $rowResearchers['email']; ?></a></h5></td>
+  								<td style="text-align: center;">
+  									<?php if($rowResearchers['admin'] === '1'): ?>
+  									<h5><sm class="text-muted">Already manager...</sm></h5>
+  									<?php else: ?>
+  									<button class="btn btn-sm btn-default" data-researcher="<?php echo $rowResearchers['id_researcher']; ?>" onclick="makeManager(event)">Make Manager</button>
+  									<?php endif; ?>
+  								</td>
+  							</tr>
+  							<?php endwhile; ?>
+						</tbody>
+  					</table>
+  				</div><!--col-->
+	
+        	</div><!--row-->
+        	
+        	<br><br><br>
+        			
+        </div><!--container-->
+        			
+        			
+        			
+        			
+        	<style>
+        	.email {
+        		color: #333;
+        		transition: color 300ms ease;
+        	}
+        	
+        	.email:hover {
+        		color: #999;
+        	}
+        	</style>
+    
+    
+    
+        	
+			<script src="js/handleSubmit.js"></script>
+        	
+        	<script>
+        	
+        	
+			["addUser"].forEach(function(formName) {
+			
+				var form = document.getElementById(formName);
+			
+				if(form) {
+					form.addEventListener('submit', function(e) {
+						handleSubmit(e, formName);
+					});
+				}
+			
+			});
+
+
+
+        	
+        	function foo(e) {
+        		e.preventDefault();
+        		console.log(e.srcElement);
+        		return false;
+        	}
+        	
+        	
+        	function makeManager(e) {
+        	
+        		let button = e.currentTarget;
+        		let researcherID = button.getAttribute('data-researcher');
+        		
+        		// Create loader
+        		let loader = document.createElement('div');
+        		loader.style.display = "flex";
+        		loader.style.alignItems = "center";
+        		loader.style.justifyContent = "center";
+        		loader.style.height = "35px";
+        		let span = document.createElement('span');
+        		span.classList.add('loader');
+        		loader.appendChild(span);
+        		
+        		// Insert loader and remove button
+        		button.insertAdjacentElement('afterend', loader);
+        		button.remove();
+
+        		let URL = document.location.protocol + "//tania.uprrp.edu/admin_nuevo/processes/makeManager.php";
+        		let fields = {
+        			researcherID: researcherID
+        		};
+        		
+        		$.post(URL, fields)
+        			.done(function(data, text) {
+        			
+        				// Create Done!
+        				let h5 = document.createElement('h5');
+        				let sm = document.createElement('sm');
+        				sm.classList.add('text-success');
+        				sm.innerText = "Done!";
+        				h5.appendChild(sm);
+        			
+        				// Insert Done! and remove loader
+        				loader.insertAdjacentElement('afterend', h5);
+						loader.remove();
+        				
+        			})
+        			.fail(function(request, status, error) {
+        			
+        				// Create Retry
+        				let retry = document.createElement('button');
+        				retry.className = "btn btn-sm btn-primary";
+        				retry.setAttribute('data-researcher', researcherID);
+        				retry.setAttribute('onclick', 'makeManager(event)');
+        				retry.innerText = "Retry";
+        			
+        				// Insert Retry and remove loader
+        				loader.insertAdjacentElement('afterend', retry);
+        				loader.remove();
+        				
+        			});
+        		
+        	}
+        	
+        	</script>
+        	
+        		
+	<!-- END OF users.php -->
+
+<?php include_once 'footer.php'; ?>

viewExperience.php

 		exit();
 	}
 
-	// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher`='".$dbUserData['id_researcher']."';"
+	// FETCH EXPERIENCE
 	$experienceID = mysqli_real_escape_string($connection, trim($_GET['view'])); 
 	$query1 = "SELECT * FROM `experience` WHERE `id` = '$experienceID';";
 	$result1 = mysqli_query($connection, $query1) or die("Error: ".mysqli_error($connection));
 	
 	// IF EXPERIENCE NOT IN DATABASE, EXIT
 	if($result1->num_rows !== 1) {
+		echo "Requested experience does not exist.";
 		exit();
 	}
+	
+	// IF EXPERIENCE DOESN'T BELONG TO USER (WHO IS NOT AN ADMIN), EXIT
+	if($_SESSION['dbUserData']['admin'] !== '1') {
+	
+		$queryCheckUser = "SELECT id FROM experience WHERE id = '$experienceID' AND id IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "');";
+		if(mysqli_query($connection, $queryCheckUser)->num_rows === 0) {
+			echo "You are not authorized to view this experience.";
+			exit();
+		}
+		
+	}
+
 
 	include_once 'header.php';
 	
             	<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
         	</a>
         	<div id="account">
-            	<a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
             	<a class="sign-out" href="./processes/logout.php">Sign Out</a>
         	</div>
     	</header>
 							
 							<!-- FROM QUESTIONNAIRE -->
 							<label for="fromQuestionnaireID">Which Questionnaire:</label>
-							<select class="form-control text-center" id="fromQuestionnaireID" name="fromQuestionnaireID" style="text-align-last:center;" required>
-								<?php
+							<?php
+								// FIRST ASSUME FALSE
+								$errorDuplicate = false;
 								
-									$queryQuestionnaires = "SELECT * FROM `questionnair` WHERE id IN (SELECT id_questionnair FROM experience_questionnair WHERE id_experience = '$experienceID');";
-									$resultQuestionnaires = mysqli_query($connection, $queryQuestionnaires);
-
-									while($rowQuestionnaires = mysqli_fetch_assoc($resultQuestionnaires)):
-									
-								?>
+								$queryQuestionnaires = "SELECT * FROM `questionnair` WHERE id IN (SELECT id_questionnair FROM experience_questionnair WHERE id_experience = '$experienceID');";
+								$resultQuestionnaires = mysqli_query($connection, $queryQuestionnaires);
+								
+								if($resultQuestionnaires->num_rows > 0):
+							?>
+							<select class="form-control text-center" id="fromQuestionnaireID" name="fromQuestionnaireID" style="text-align-last:center;" required>
+								<?php while($rowQuestionnaires = mysqli_fetch_assoc($resultQuestionnaires)): ?>
 									<option value="<?php echo $rowQuestionnaires['id']; ?>"><?php echo $rowQuestionnaires['q_title']; ?></option>
 								<?php endwhile; ?>
 							</select>
+							<?php
+								else:							
+									$errorDuplicate = true;
+							?>
+							<h3 class="text-center"><small>It seems you still haven't added any questionnaires to this experience...</small></h3>
+							<?php endif; ?>
 							
 							<br>
 							
 							<!-- TO EXPERIENCE -->
 							<label for="toExperienceID">To What Experience:</label>
-							<select class="form-control text-center" id="toExperienceID" name="toExperienceID" style="text-align-last:center;" required>
-								<?php 
-								
-									// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher`='".$dbUserData['id_researcher']."';"
+							<?php
+
+								// CHANGE QUERY DEPENDING ON IF USER IS ADMIN OR NOT
+								if($_SESSION['dbUserData']['admin'] === '1') {
 									$queryExperience2 = "SELECT * FROM `experience` WHERE id != '$experienceID';";
-									$resultExperience2 = mysqli_query($connection, $queryExperience2);
-									
-									while($rowExperience2 = mysqli_fetch_assoc($resultExperience2)):
-									
-								?>
+								} else {
+									$queryExperience2 = "SELECT * FROM `experience` WHERE id != '$experienceID' AND id IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "');";
+								}							
+							
+								$resultExperience2 = mysqli_query($connection, $queryExperience2);
+								
+								if($resultExperience2->num_rows > 0):
+							?>
+							<select class="form-control text-center" id="toExperienceID" name="toExperienceID" style="text-align-last:center;" required>
+								<?php while($rowExperience2 = mysqli_fetch_assoc($resultExperience2)): ?>
 								<option value="<?php echo $rowExperience2['id']; ?>"><?php echo $rowExperience2['title']; ?></option>
 								<?php endwhile; ?>
 							</select>							
-							
+							<?php
+								else:
+									$errorDuplicate = true;	
+							?>
+							<h3 class="text-center"><small>You don't have another experience to duplicate to...</small></h3>
+							<?php endif; ?>
 							
 							
       					</div><!--modal-body-->
       					<!-- SUBMIT OR CANCEL -->
      					<div class='modal-footer'>
        						<button type='button' class='btn btn-default' data-dismiss='modal'>Cancel</button>
-        					<button type='submit' class='btn btn-primary' name='duplicateQuestionnaire'>Confirm</button>
+        					<button type='submit' class='btn btn-primary' name='duplicateQuestionnaire' <?php if($errorDuplicate === true) echo "disabled"; ?>>Confirm</button>
       					</div>
       					
     				</div><!--modal-content-->

viewMoment.php

 		exit();
 	}
 	
-	// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher` = '".$dbUserData['id_researcher']."';"
+	// FETCH MOMENT
 	$momentID = mysqli_real_escape_string($connection, trim($_GET['view']));
 	$query1 = "SELECT * FROM subquestionnair WHERE id = '$momentID';";
 	$result1 = mysqli_query($connection, $query1) or die("Error: ".mysqli_error($connection));
 
 	// IF MOMENT NOT IN DATABASE, EXIT
 	if($result1->num_rows !== 1) {
+		echo "Requested experience does not exist.";
 		exit();
 	}
 	
+	// IF MOMENT DOESN'T BELONG TO USER (WHO IS NOT AN ADMIN), EXIT
+	if($_SESSION['dbUserData']['admin'] !== '1') {
+	
+		$queryCheckUser = "SELECT id FROM subquestionnair WHERE id = '$momentID' AND id IN (SELECT id_subquestionnair FROM experience_subquestionnair WHERE id_experience IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "'));";
+		if(mysqli_query($connection, $queryCheckUser)->num_rows === 0) {
+			echo "You are not authorized to view this moment.";
+			exit();
+		}
+		
+	}
+	
 	// EXTRACT & DISPLAY THE NUMBER OF QUESTIONS IN THE MOMENT
 	$queryNumQuestions = "SELECT * FROM question WHERE id IN (SELECT id_question FROM subquestionnair_question WHERE id_subquestionnair = '$momentID');";
 	$resultNumQuestions = mysqli_query($connection, $queryNumQuestions);
             		<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
         		</a>
         		<div id="account">
-        		    <a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
         		    <a class="sign-out" href="./processes/logout.php">Sign Out</a>
         		</div>
     		</header>

viewQuestionnaire.php

 		exit();
 	}
 
-	// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher` = '".$dbUserData['id_researcher']."';"
+	// FETCH QUESTIONNAIRE
 	$questionnaireID = mysqli_real_escape_string($connection, trim($_GET['view']));
 	$query1 = "SELECT * FROM questionnair WHERE id = '$questionnaireID';";
 	$result1 = mysqli_query($connection, $query1) or die("Error: ".mysqli_error($connection));
 		
 	// IF QUESTIONNAIRE NOT IN DATABASE, EXIT
 	if($result1->num_rows !== 1) {
+		echo "Requested questionnaire does not exist.";
 		exit();
 	}
+	
+	// IF QUESTIONNAIRE DOESN'T BELONG TO USER (WHO IS NOT AN ADMIN), EXIT
+	if($_SESSION['dbUserData']['admin'] !== '1') {
+	
+		$queryCheckUser = "SELECT id FROM questionnair WHERE id = '$questionnaireID' AND id IN (SELECT id_questionnair FROM experience_questionnair WHERE id_experience IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "'));";
+		if(mysqli_query($connection, $queryCheckUser)->num_rows === 0) {
+			echo "You are not authorized to view this questionnaire.";
+			exit();
+		}
+		
+	}
 		
 	// EXTRACT & DISPLAY THE NUMBER OF QUESTIONS IN THE QUESTIONNAIRE	
 	$queryNumQuestions = "SELECT * FROM question WHERE id IN (SELECT id_question FROM questionnair_question WHERE id_questionnair = '$questionnaireID');";
             		<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
         		</a>
         		<div id="account">
-        		    <a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
         		    <a class="sign-out" href="./processes/logout.php">Sign Out</a>
         		</div>
     		</header>