Browse Source

Added user logic & minimal bug fixes

Victor Hernandez 4 years ago
parent
commit
8452fc02c6

+ 17
- 7
home.php View File

6
 	include_once 'header.php';
6
 	include_once 'header.php';
7
 	
7
 	
8
 	// RETRIEVE USER'S NAME AND PICTURE
8
 	// RETRIEVE USER'S NAME AND PICTURE
9
-	$query1 = "SELECT * FROM `researcher` WHERE `email` = '" . $_SESSION['email'] . "';";
10
-	$result1 = mysqli_query($connection, $query1);
11
-	$dbUserData = mysqli_fetch_assoc($result1);
9
+// 	$query1 = "SELECT * FROM `researcher` WHERE `email` = '" . $_SESSION['dbUserData']['email'] . "';";
10
+// 	$result1 = mysqli_query($connection, $query1);
11
+// 	$dbUserData = mysqli_fetch_assoc($result1);
12
+	$dbUserData = $_SESSION['dbUserData'];
12
 	
13
 	
14
+// 	var_dump($_SESSION);
15
+// 	exit();
16
+		
13
 	// IF USER NOT IN DATABASE, EXIT
17
 	// IF USER NOT IN DATABASE, EXIT
14
-	if($result1->num_rows !== 1) {
18
+	if(!$dbUserData) {
15
 		exit();
19
 		exit();
16
 	}
20
 	}
17
 	
21
 	
25
             	<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
29
             	<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
26
         	</a>
30
         	</a>
27
         	<div id="account">
31
         	<div id="account">
28
-        	    <a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
32
+            	<?php if($_SESSION['dbUserData']['admin'] === '1'): ?>
33
+            	<a class="nav-link" href="./users.php">Manage Researchers</a>
34
+            	<?php endif; ?>
29
         	    <a class="sign-out" href="./processes/logout.php">Sign Out</a>
35
         	    <a class="sign-out" href="./processes/logout.php">Sign Out</a>
30
         	</div>
36
         	</div>
31
     	</header>
37
     	</header>
54
             	</div>
60
             	</div>
55
 
61
 
56
 <?php
62
 <?php
57
-	// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher`='".$dbUserData['id_researcher']."';"
58
-	$query2 = "SELECT * FROM `experience`;";
63
+	// CHANGE QUERY DEPENDING ON IF USER IS ADMIN OR NOT
64
+	if($_SESSION['dbUserData']['admin'] === '1') {
65
+		$query2 = "SELECT * FROM `experience`;";
66
+	} else {
67
+		$query2 = "SELECT * FROM `experience` WHERE id IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "');";
68
+	}
59
 	$result2 = mysqli_query($connection, $query2);
69
 	$result2 = mysqli_query($connection, $query2);
60
 	
70
 	
61
 	// IF USER HAS EXPERIENCES, SHOW ALL OF THEM
71
 	// IF USER HAS EXPERIENCES, SHOW ALL OF THEM

+ 6
- 1
js/handleSubmit.js View File

82
 			fullURI += "updateQuestion.php";
82
 			fullURI += "updateQuestion.php";
83
 			break;
83
 			break;
84
 			
84
 			
85
+		// users.php
86
+		case "addUser":
87
+			fullURI += "addUser.php";
88
+			break
89
+			
85
 
90
 
86
 		
91
 		
87
 		default:
92
 		default:
160
 			submitButton.disabled = false;
165
 			submitButton.disabled = false;
161
 					
166
 					
162
 			// Display alert
167
 			// Display alert
163
-			alertContainer.style.display = "initial";
168
+			alertContainer.style.display = "block";
164
 
169
 
165
 		});
170
 		});
166
 // 		.always(function(data, textStatus, errorThrown) {
171
 // 		.always(function(data, textStatus, errorThrown) {

+ 53
- 0
processes/addUser.php View File

1
+<?php
2
+
3
+	require_once 'config.php';
4
+	require_once 'dbh.inc.php';
5
+	require_once 'checkLogin.php';
6
+	
7
+
8
+	// EXAMPLE INPUT...
9
+	// array(3) { ["name"]=> string(0) "" ["email"]=> string(0) "" ["addUser"]=> string(0) "" }
10
+
11
+
12
+	if(isset($_POST['addUser'])) {
13
+
14
+		$name = mysqli_real_escape_string($connection, trim($_POST['name']));
15
+		$email = mysqli_real_escape_string($connection, trim($_POST['email']));
16
+		
17
+		// Check if name is not an empty string
18
+		if($name === '') {
19
+			http_response_code(400);
20
+			echo json_encode(array("error" => "Must specify name."));
21
+			exit();
22
+		}
23
+		
24
+		
25
+		// Check if email is not an empty string
26
+		// And that email is valid email
27
+		// And that email is from UPR
28
+		// And that email is not already registered
29
+		if($email === '') {
30
+			http_response_code(400);
31
+			echo json_encode(array("error" => "Must specify email."));
32
+			exit();
33
+		} else if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
34
+			http_response_code(400);
35
+			echo json_encode(array("error" => "Invalid email."));
36
+			exit();
37
+		} else if(explode("@", $email)[1] !== "upr.edu") {
38
+			http_response_code(400);
39
+			echo json_encode(array("error" => "Email has to be from UPR."));
40
+			exit();
41
+		} else if(mysqli_query($connection, "SELECT * FROM researcher WHERE email = '$email';")->num_rows !== 0) {
42
+			http_response_code(400);
43
+			echo json_encode(array("error" => "Given email already registered."));
44
+			exit();
45
+		}
46
+		
47
+		// Insert user
48
+		$queryUser = "INSERT INTO researcher (`name`, `email`) VALUES ('$name', '$email');";
49
+		mysqli_query($connection, $queryUser) or die("Error: " . mysqli_error($connection));
50
+		
51
+		header("Location: ../users.php");
52
+
53
+	}

+ 24
- 20
processes/callback.php View File

44
 			Lista completa de scopes: https://developers.google.com/identity/protocols/googlescopes
44
 			Lista completa de scopes: https://developers.google.com/identity/protocols/googlescopes
45
 	*/
45
 	*/
46
 	
46
 	
47
+	
47
 	require_once 'dbh.inc.php';
48
 	require_once 'dbh.inc.php';
48
 	
49
 	
49
-	$query = 'SELECT * FROM `researcher` WHERE `email` = "'.$userData['email'].'";';
50
+	
51
+	$query = 'SELECT * FROM researcher WHERE email = "' . $userData['email'] . '";';
50
 	$result = mysqli_query($connection, $query);
52
 	$result = mysqli_query($connection, $query);
51
 	$dbUserData = mysqli_fetch_assoc($result);
53
 	$dbUserData = mysqli_fetch_assoc($result);
52
 	
54
 	
53
-	$_SESSION['result'] = $result;
54
 	
55
 	
55
 	// IF DB CAN'T FETCH USER DATA, IT MUST BE BECAUSE USER IS UNAUTHORIZED
56
 	// IF DB CAN'T FETCH USER DATA, IT MUST BE BECAUSE USER IS UNAUTHORIZED
56
-	// ELSE KEEP RETRIEVING USER DATA FROM DB
57
-	if($dbUserData == NULL) {
57
+	if($dbUserData === NULL) {
58
 		$_SESSION['error'] = 'unauthorized';
58
 		$_SESSION['error'] = 'unauthorized';
59
+		header('Location: ../unauthorized.php');
60
+		exit();
59
 	}
61
 	}
60
-	else {
61
 	
62
 	
62
-		// NECESSARY FOR RETRIEVING DATA FROM DB ON LATER PAGES
63
-		$_SESSION['email'] = $userData['email'];
64
-		
65
-		//### OPTIONAL ###
66
-		$_SESSION['newUser'] = false;
63
+
64
+	// FIRST ASSUME USER IS NOT NEW
65
+	$_SESSION['newUser'] = false;
67
 	
66
 	
68
-		// IF USER IS NEW, UPDATE DB WITH USER INFO FROM GOOGLE
69
-		if($dbUserData['name'] == NULL && $dbUserData['picture'] == NULL) {
70
-			$query = 'UPDATE `researcher` SET `name`="'.$userData['name'].'", `picture`="'.$userData['picture'].'" WHERE `email`="'.$userData['email'].'";';
71
-			mysqli_query($connection, $query);
72
-			
73
-			//### OPTIONAL ###
74
-			$_SESSION['newUser'] = true;
75
-		}
76
-		
67
+	
68
+	// IF USER IS NEW, UPDATE DB WITH USER INFO FROM GOOGLE
69
+	// AND SET 'newUser' SESSION VARIABLE TO TRUE
70
+	if($dbUserData['picture'] == NULL) { //$dbUserData['name'] == NULL && 
71
+		$query = 'UPDATE researcher SET name = "' . $userData['name'] . '", picture = "' . $userData['picture'] . '" WHERE email = "' . $userData['email'] . '";';
72
+		mysqli_query($connection, $query);
73
+		$_SESSION['newUser'] = true;
77
 	}
74
 	}
75
+	
76
+	
77
+	// REFETCH INFO FROM DATABASE AND STORE IN SESSION
78
+	$result = mysqli_query($connection, $query);
79
+	$dbUserData = mysqli_fetch_assoc($result);
80
+	$_SESSION['dbUserData'] = $dbUserData;
81
+	
78
 
82
 
79
 	//### FOR DEBUGGING ###
83
 	//### FOR DEBUGGING ###
80
-	$_SESSION['dbUserData'] = $dbUserData;
84
+// 	$_SESSION['result'] = $result;
81
 	$_SESSION['error_set'] = isset($_SESSION['error']);
85
 	$_SESSION['error_set'] = isset($_SESSION['error']);
82
 	//### FOR DEBUGGING ###
86
 	//### FOR DEBUGGING ###
83
 	
87
 	

+ 1
- 1
processes/checkLogin.php View File

7
 		header('Location: https://tania.uprrp.edu/admin_nuevo/error.php');
7
 		header('Location: https://tania.uprrp.edu/admin_nuevo/error.php');
8
 		exit();
8
 		exit();
9
 	}
9
 	}
10
-	else if(!empty($_SESSION) && (isset($_SESSION['error']) && $_SESSION['error'] == 'unauthorized')) {
10
+	else if(isset($_SESSION['error']) && $_SESSION['error'] === 'unauthorized') {
11
 		header('Location: https://tania.uprrp.edu/admin_nuevo/unauthorized.php');
11
 		header('Location: https://tania.uprrp.edu/admin_nuevo/unauthorized.php');
12
 		exit();
12
 		exit();
13
 	}
13
 	}

+ 59
- 38
processes/importQuestionnaire.php View File

1
 <?php
1
 <?php
2
 include "/var/www/html/funciones.php";
2
 include "/var/www/html/funciones.php";
3
-include "/var/www/html/conection_test.php";
3
+// include "/var/www/html/conection_test.php";
4
+	require_once 'config.php';
5
+	require_once 'dbh.inc.php';
6
+	require_once 'checkLogin.php';
7
+	
8
+	
4
 
9
 
5
-print_r($_FILES);
10
+// print_r($_FILES);
11
+// print_r($_SERVER);
6
 // print_r($_POST);
12
 // print_r($_POST);
7
 // print_r($_GET);
13
 // print_r($_GET);
8
-
9
-//exit();
14
+// 
15
+// exit();
10
 // $archivo="Cuestionario perfecto.xlsx";
16
 // $archivo="Cuestionario perfecto.xlsx";
11
-// $id_experience= mysqli_real_escape_string($dbconnection, trim($_POST['experience']));
12
-$id_experience= 1000;
17
+$id_experience= mysqli_real_escape_string($connection, trim($_POST['id_experience']));
18
+// $id_experience= mysqli_real_escape_string($connection, $_GET['id_experience']);;
19
+
13
 $archivo=$_FILES["import"]["tmp_name"];
20
 $archivo=$_FILES["import"]["tmp_name"];
14
 $archivoOut="uploaderTemp";
21
 $archivoOut="uploaderTemp";
15
 exec("ssconvert -S  '$archivo' ../temp/$archivoOut-%s.csv");
22
 exec("ssconvert -S  '$archivo' ../temp/$archivoOut-%s.csv");
16
 // print "ssconvert -S -D ../temp '$archivo' $archivoOut-%s.csv";print"<br>";
23
 // print "ssconvert -S -D ../temp '$archivo' $archivoOut-%s.csv";print"<br>";
17
-print getcwd();
24
+// print getcwd();
18
 $q_title=explode(".", $_FILES["import"]["name"])[0];
25
 $q_title=explode(".", $_FILES["import"]["name"])[0];
19
 $data_dir="../temp/";
26
 $data_dir="../temp/";
20
 $archivosCSV=glob("$data_dir$archivoOut*.csv");
27
 $archivosCSV=glob("$data_dir$archivoOut*.csv");
34
 $row = 1;
41
 $row = 1;
35
 if (($handle = fopen($filename, "r")) !== FALSE) 
42
 if (($handle = fopen($filename, "r")) !== FALSE) 
36
 {
43
 {
37
-	print $filename."\n";
44
+// 	print $filename."\n";
38
 	$j=0;
45
 	$j=0;
39
 	while (($data = fgetcsv($handle)) !== FALSE) 
46
 	while (($data = fgetcsv($handle)) !== FALSE) 
40
 	{
47
 	{
48
 			GetSQLValueString($q_title,"text"),
55
 			GetSQLValueString($q_title,"text"),
49
 			GetSQLValueString($descripcion,"text")
56
 			GetSQLValueString($descripcion,"text")
50
 		);
57
 		);
51
-			mysqli_query($dbconnection, $sql);
52
-			$id_cuestionario=mysqli_insert_id($dbconnection);
58
+			mysqli_query($connection, $sql);
59
+			$id_cuestionario=mysqli_insert_id($connection);
60
+			$sql=sprintf("INSERT INTO `experience_questionnair`(`id_experience`, `id_questionnair`) VALUES (%s, %s)
61
+			",
62
+			GetSQLValueString($id_experience,"int"),
63
+			GetSQLValueString($id_cuestionario,"int")
64
+			);		
65
+			mysqli_query($connection, $sql);
53
 		}
66
 		}
54
 
67
 
55
 		if($j>1)
68
 		if($j>1)
115
 	GetSQLValueString($cat["catText"],"text"),
128
 	GetSQLValueString($cat["catText"],"text"),
116
 	GetSQLValueString($id_cuestionario,"int")
129
 	GetSQLValueString($id_cuestionario,"int")
117
 	);
130
 	);
118
-	print($sql);print "\n";
119
-	mysqli_query($dbconnection, $sql);
120
-	$id_cat_db=mysqli_insert_id($dbconnection);
131
+// 	print($sql);print "\n";
132
+	mysqli_query($connection, $sql);
133
+	$id_cat_db=mysqli_insert_id($connection);
121
 	$cat["id_cat_db"]=$id_cat_db;
134
 	$cat["id_cat_db"]=$id_cat_db;
122
 // 	$id_cat_db++;
135
 // 	$id_cat_db++;
123
 }
136
 }
129
 	GetSQLValueString($subcat["subcat"],"text"),
142
 	GetSQLValueString($subcat["subcat"],"text"),
130
 	GetSQLValueString($id_cat_db,"int")
143
 	GetSQLValueString($id_cat_db,"int")
131
 	);
144
 	);
132
-	print($sql);print "\n";
133
-	mysqli_query($dbconnection, $sql);
134
-	$id_subcat_db=mysqli_insert_id($dbconnection);
145
+// 	print($sql);print "\n";
146
+	mysqli_query($connection, $sql);
147
+	$id_subcat_db=mysqli_insert_id($connection);
135
 	$subcat["id_subcat_db"]=$id_subcat_db;
148
 	$subcat["id_subcat_db"]=$id_subcat_db;
136
 // 	$id_subcat_db++;
149
 // 	$id_subcat_db++;
137
 }
150
 }
141
 	$sql=sprintf("insert into reference (referencia) values (%s)",
154
 	$sql=sprintf("insert into reference (referencia) values (%s)",
142
 	GetSQLValueString($ref["refTexto"],"text")
155
 	GetSQLValueString($ref["refTexto"],"text")
143
 	);
156
 	);
144
-	print($sql);print "\n";
145
-	mysqli_query($dbconnection, $sql);
146
-	$id_ref_db=mysqli_insert_id($dbconnection);
157
+// 	print($sql);print "\n";
158
+	mysqli_query($connection, $sql);
159
+	$id_ref_db=mysqli_insert_id($connection);
147
 	$ref["id_ref_db"]=$id_ref_db;
160
 	$ref["id_ref_db"]=$id_ref_db;
148
 // 	$id_ref_db++;
161
 // 	$id_ref_db++;
149
 }
162
 }
163
 	GetSQLValueString($id_ref_db,"int")
176
 	GetSQLValueString($id_ref_db,"int")
164
 	);
177
 	);
165
 // 	print($sql);print "\n";
178
 // 	print($sql);print "\n";
166
-	mysqli_query($dbconnection, $sql);
167
-	$id_q_db=mysqli_insert_id($dbconnection);
179
+	mysqli_query($connection, $sql);
180
+	$id_q_db=mysqli_insert_id($connection);
168
 	$q[$k]["id_q_db"]=$id_q_db;
181
 	$q[$k]["id_q_db"]=$id_q_db;
169
 	if($preg[4]==1)
182
 	if($preg[4]==1)
170
 	{
183
 	{
187
 			GetSQLValueString($preg[8],"text")
200
 			GetSQLValueString($preg[8],"text")
188
 		); 
201
 		); 
189
 // 		print($sql);print "\n";
202
 // 		print($sql);print "\n";
190
-		mysqli_query($dbconnection, $sql);
203
+		mysqli_query($connection, $sql);
204
+
191
 	}
205
 	}
206
+	$sql=sprintf("INSERT INTO `questionnair_question`(`id_questionnair`, `id_question`) VALUES (%s, %s)
207
+		",
208
+		GetSQLValueString($id_cuestionario,"int"),
209
+		GetSQLValueString($id_q_db,"int")
210
+		);		
211
+		mysqli_query($connection, $sql);
192
 // 	$id_q_db++;
212
 // 	$id_q_db++;
193
 	
213
 	
194
 }
214
 }
204
 // 	GetSQLValueString($pretest_date,"text")				
224
 // 	GetSQLValueString($pretest_date,"text")				
205
 // );
225
 // );
206
 // print($sql);print "\n";
226
 // print($sql);print "\n";
207
-// 	mysqli_query($dbconnection, $sql);
208
-// 	$id_subq=mysqli_insert_id($dbconnection);
227
+// 	mysqli_query($connection, $sql);
228
+// 	$id_subq=mysqli_insert_id($connection);
209
 // $sql=sprintf("INSERT INTO `experience_subquestionnair`( `id_experience`, `id_subquestionnair`) VALUES (%s,%s)",
229
 // $sql=sprintf("INSERT INTO `experience_subquestionnair`( `id_experience`, `id_subquestionnair`) VALUES (%s,%s)",
210
 // 	GetSQLValueString($id_experience,"int"),
230
 // 	GetSQLValueString($id_experience,"int"),
211
 // 	GetSQLValueString($id_subq,"int")
231
 // 	GetSQLValueString($id_subq,"int")
212
 // );
232
 // );
213
-// 	mysqli_query($dbconnection, $sql);
233
+// 	mysqli_query($connection, $sql);
214
 // // print_r($q);
234
 // // print_r($q);
215
 // // exit();
235
 // // exit();
216
 // $n=count($q);
236
 // $n=count($q);
223
 // 		GetSQLValueString($q[$k]["id_q_db"],"int")
243
 // 		GetSQLValueString($q[$k]["id_q_db"],"int")
224
 // 	);
244
 // 	);
225
 // 	print($sql);print "\n";
245
 // 	print($sql);print "\n";
226
-// 		mysqli_query($dbconnection, $sql);
246
+// 		mysqli_query($connection, $sql);
227
 // }
247
 // }
228
 // exit();
248
 // exit();
229
 // $id_subq++;
249
 // $id_subq++;
235
 		$title=explode(".",explode("-", $filename)[1])[0];
255
 		$title=explode(".",explode("-", $filename)[1])[0];
236
 		if (($handle = fopen($filename, "r")) !== FALSE) 
256
 		if (($handle = fopen($filename, "r")) !== FALSE) 
237
 		{
257
 		{
238
-			print $filename."\n";
258
+// 			print $filename."\n";
239
 			$j=0;
259
 			$j=0;
240
 			while (($data = fgetcsv($handle)) !== FALSE) 
260
 			while (($data = fgetcsv($handle)) !== FALSE) 
241
 			{
261
 			{
242
-				if($j==2)print_r($data);print"<br>";
262
+// 				if($j==2)print_r($data);print"<br>";
243
 				if($j==0)
263
 				if($j==0)
244
 				{
264
 				{
245
 					$descripcion=$data[1];
265
 					$descripcion=$data[1];
250
 						GetSQLValueString($id_cuestionario,"int"),
270
 						GetSQLValueString($id_cuestionario,"int"),
251
 						GetSQLValueString($fecha,"text")				
271
 						GetSQLValueString($fecha,"text")				
252
 					);
272
 					);
253
-					print($sql);print "\n";
254
-						mysqli_query($dbconnection, $sql);
255
-						$id_subq=mysqli_insert_id($dbconnection);
273
+// 					print($sql);print "\n";
274
+						mysqli_query($connection, $sql);
275
+						$id_subq=mysqli_insert_id($connection);
256
 					$sql=sprintf("INSERT INTO `experience_subquestionnair`( `id_experience`, `id_subquestionnair`) VALUES (%s,%s)",
276
 					$sql=sprintf("INSERT INTO `experience_subquestionnair`( `id_experience`, `id_subquestionnair`) VALUES (%s,%s)",
257
 						GetSQLValueString($id_experience,"int"),
277
 						GetSQLValueString($id_experience,"int"),
258
 						GetSQLValueString($id_subq,"int")
278
 						GetSQLValueString($id_subq,"int")
259
 					);
279
 					);
260
-						mysqli_query($dbconnection, $sql);
280
+						mysqli_query($connection, $sql);
261
 				
281
 				
262
 				}
282
 				}
263
 				if($j>1)
283
 				if($j>1)
268
 						GetSQLValueString($id_subq,"int"),
288
 						GetSQLValueString($id_subq,"int"),
269
 						GetSQLValueString($q[$data[0]]["id_q_db"],"int")
289
 						GetSQLValueString($q[$data[0]]["id_q_db"],"int")
270
 					);
290
 					);
271
-					print($sql);print "\n";
272
-						mysqli_query($dbconnection, $sql);
291
+// 					print($sql);print "\n";
292
+						mysqli_query($connection, $sql);
273
 	// 				$q[$data[0]]		
293
 	// 				$q[$data[0]]		
274
 				}
294
 				}
275
 				$j++;
295
 				$j++;
288
 // 	GetSQLValueString($pretest_date,"text")				
308
 // 	GetSQLValueString($pretest_date,"text")				
289
 // );
309
 // );
290
 // print($sql);print "\n";
310
 // print($sql);print "\n";
291
-// 	mysqli_query($dbconnection, $sql);
292
-// 	$id_subq=mysqli_insert_id($dbconnection);
311
+// 	mysqli_query($connection, $sql);
312
+// 	$id_subq=mysqli_insert_id($connection);
293
 // $sql=sprintf("INSERT INTO `experience_subquestionnair`( `id_experience`, `id_subquestionnair`) VALUES (%s,%s)",
313
 // $sql=sprintf("INSERT INTO `experience_subquestionnair`( `id_experience`, `id_subquestionnair`) VALUES (%s,%s)",
294
 // 	GetSQLValueString($id_experience,"int"),
314
 // 	GetSQLValueString($id_experience,"int"),
295
 // 	GetSQLValueString($id_subq,"int")
315
 // 	GetSQLValueString($id_subq,"int")
296
 // );
316
 // );
297
-// 	mysqli_query($dbconnection, $sql);
317
+// 	mysqli_query($connection, $sql);
298
 // 
318
 // 
299
 // 
319
 // 
300
 // $n=count($q);
320
 // $n=count($q);
306
 // 		GetSQLValueString($q[$k]["id_q_db"],"int")
326
 // 		GetSQLValueString($q[$k]["id_q_db"],"int")
307
 // 	);
327
 // 	);
308
 // 	print($sql);print "\n";
328
 // 	print($sql);print "\n";
309
-// 		mysqli_query($dbconnection, $sql);
329
+// 		mysqli_query($connection, $sql);
310
 // }
330
 // }
311
 foreach($archivosCSV as $filename)
331
 foreach($archivosCSV as $filename)
312
 {
332
 {
313
 	exec("rm '$filename'");
333
 	exec("rm '$filename'");
314
 }
334
 }
335
+header("Location: ".$_SERVER['HTTP_REFERER']."#questionnaires");
315
 ?>
336
 ?>

+ 4
- 0
processes/insertExperience.php View File

171
 		if(!mysqli_query($connection, $queryHookExperienceToInstitution)) die("Error: ".mysqli_error($connection));
171
 		if(!mysqli_query($connection, $queryHookExperienceToInstitution)) die("Error: ".mysqli_error($connection));
172
 		
172
 		
173
 		
173
 		
174
+		// ASOCIAR LA EXPERIENCIA NUEVA CON EL USUARIO
175
+		$queryHookExperienceToUser = "INSERT INTO `researcher_experience` (`id_researcher`, `id_experience`) VALUES ('" . $_SESSION['dbUserData']['id_researcher'] . "', '$id_experience')";
176
+		if(!mysqli_query($connection, $queryHookExperienceToUser)) die("Error: ".mysqli_error($connection));
177
+		
174
 		// MAKE IT CLIENT SIDE!!!!!!!! HAVE TO SEND IT IN SERVER RESPONSE!!!!!!!
178
 		// MAKE IT CLIENT SIDE!!!!!!!! HAVE TO SEND IT IN SERVER RESPONSE!!!!!!!
175
 // 		header('Location: ../viewExperience.php?view=$id_experience');
179
 // 		header('Location: ../viewExperience.php?view=$id_experience');
176
 // 		exit();
180
 // 		exit();

+ 23
- 0
processes/makeManager.php View File

1
+<?php
2
+
3
+	require_once 'config.php';
4
+	require_once 'dbh.inc.php';
5
+	require_once 'checkLogin.php';
6
+	
7
+
8
+	// EXAMPLE INPUT...
9
+	// array(1) { ["researcherID"]=> string(1) "3" }
10
+
11
+	$researcherID = mysqli_real_escape_string($connection, trim($_POST['researcherID']));
12
+		
13
+	// Check if name is not an empty string
14
+	if($researcherID === '') {
15
+		http_response_code(400);
16
+		echo json_encode(array("error" => "Must specify researcher ID."));
17
+		exit();
18
+	}
19
+		
20
+	// Insert user
21
+	$queryManager = "UPDATE researcher SET admin = '1' WHERE id_researcher = '$researcherID';";
22
+	mysqli_query($connection, $queryManager) or die("Error: " . mysqli_error($connection));
23
+	

+ 6
- 3
processes/removeQuestionFromMoment.php View File

35
 		// Check that question ID is not empty string
35
 		// Check that question ID is not empty string
36
 		// And that it's registered in the database
36
 		// And that it's registered in the database
37
 		// And that it belongs to the Questionnaire the Moment belongs to
37
 		// And that it belongs to the Questionnaire the Moment belongs to
38
-		// And that it isn't a duplicate inside the Moment
39
 		if($questionID === "") {
38
 		if($questionID === "") {
40
 			http_response_code(400);
39
 			http_response_code(400);
41
 			echo json_encode(array("error" => "Please specify question ID."));
40
 			echo json_encode(array("error" => "Please specify question ID."));
48
 			http_response_code(400);
47
 			http_response_code(400);
49
 			echo json_encode(array("error" => "Given question ID ($questionID) is outside the Moment's corresponding Questionnair's scope."));
48
 			echo json_encode(array("error" => "Given question ID ($questionID) is outside the Moment's corresponding Questionnair's scope."));
50
 			exit();
49
 			exit();
51
-		} else if(mysqli_query($connection, "SELECT * FROM subquestionnair_question WHERE id_question = '$questionID' AND id_subquestionnair = '$momentID';")->num_rows === 0) {
50
+		}
51
+		
52
+		
53
+		// Check that the moment hasn't been answered yet
54
+		if(mysqli_query($connection, "SELECT * FROM student_subquestionnair WHERE id_subquestionnair = '$momentID';")->num_rows !== 0) {
52
 			http_response_code(400);
55
 			http_response_code(400);
53
-			echo json_encode(array("error" => "Question is already removed from moment."));
56
+			echo json_encode(array("error" => "Moment already active, deletion denied."));
54
 			exit();
57
 			exit();
55
 		}
58
 		}
56
 
59
 

+ 20
- 4
questionnaires.php View File

2
 	
2
 	
3
 	// Description: DISPLAY THE USER'S QUESTIONNAIRES
3
 	// Description: DISPLAY THE USER'S QUESTIONNAIRES
4
 	
4
 	
5
+	echo "This page is no longer in use.";
6
+	exit();
7
+	exit();
8
+	exit();
9
+	exit();
10
+	exit();
11
+	
5
 	require_once 'processes/config.php';
12
 	require_once 'processes/config.php';
6
 	require_once 'processes/dbh.inc.php';
13
 	require_once 'processes/dbh.inc.php';
7
 	require_once 'processes/checkLogin.php';
14
 	require_once 'processes/checkLogin.php';
8
 	include_once 'header.php';
15
 	include_once 'header.php';
9
 
16
 
10
 	// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher`='".$dbUserData['id_researcher']."';"
17
 	// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher`='".$dbUserData['id_researcher']."';"
11
-	$query1 = "SELECT * FROM `questionnair`;";
18
+	if($_SESSION['dbUserData']['admin'] === '1') {
19
+		$query1 = "SELECT * FROM `questionnair`;";
20
+	} else {
21
+		$query1 = "SELECT * FROM `questionnair` WHERE id IN (SELECT id_questionnair FROM experience_questionnair WHERE id_experience IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "'));";
22
+	}
23
+	
12
 	$result1 = mysqli_query($connection, $query1);
24
 	$result1 = mysqli_query($connection, $query1);
13
 	
25
 	
14
 ?>
26
 ?>
21
             		<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
33
             		<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
22
         		</a>
34
         		</a>
23
         		<div id="account">
35
         		<div id="account">
24
-        		    <a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
25
         		    <a class="sign-out" href="./processes/logout.php">Sign Out</a>
36
         		    <a class="sign-out" href="./processes/logout.php">Sign Out</a>
26
         		</div>
37
         		</div>
27
     		</header>
38
     		</header>
189
 							<select class="form-control text-center" id="toExperienceID" name="toExperienceID" style="text-align-last:center;" required>
200
 							<select class="form-control text-center" id="toExperienceID" name="toExperienceID" style="text-align-last:center;" required>
190
 								<?php 
201
 								<?php 
191
 								
202
 								
192
-									// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher`='".$dbUserData['id_researcher']."';"
193
-									$queryExperience2 = "SELECT * FROM `experience`;";
203
+									// CHANGE QUERY DEPENDING ON IF USER IS ADMIN OR NOT
204
+									if($_SESSION['dbUserData']['admin'] === '1') {
205
+										$queryExperience2 = "SELECT * FROM `experience` WHERE id != '$experienceID';";
206
+									} else {
207
+										$queryExperience2 = "SELECT * FROM `experience` WHERE id != '$experienceID' AND id IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "');";
208
+									}	
209
+								
194
 									$resultExperience2 = mysqli_query($connection, $queryExperience2);
210
 									$resultExperience2 = mysqli_query($connection, $queryExperience2);
195
 									
211
 									
196
 									while($rowExperience2 = mysqli_fetch_assoc($resultExperience2)):
212
 									while($rowExperience2 = mysqli_fetch_assoc($resultExperience2)):

+ 0
- 1
respuestas.php View File

71
             	<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
71
             	<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
72
         	</a>
72
         	</a>
73
         	<div id="account">
73
         	<div id="account">
74
-            	<a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
75
             	<a class="sign-out" href="./processes/logout.php">Sign Out</a>
74
             	<a class="sign-out" href="./processes/logout.php">Sign Out</a>
76
         	</div>
75
         	</div>
77
     	</header>
76
     	</header>

+ 2
- 2
test.php View File

61
 // 	echo "This is result: $result<br>";
61
 // 	echo "This is result: $result<br>";
62
 	
62
 	
63
 	if($result === "") {
63
 	if($result === "") {
64
-		echo "Result is empty string";
64
+// 		echo "Result is empty string";
65
 	} else {
65
 	} else {
66
-		echo "Result isn't empty string";
66
+// 		echo "Result isn't empty string";
67
 	}
67
 	}
68
 
68
 
69
 ?>
69
 ?>

+ 240
- 0
users.php View File

1
+<?php
2
+
3
+	require_once 'processes/config.php';
4
+	require_once 'processes/dbh.inc.php';
5
+	require_once 'processes/checkLogin.php';
6
+	
7
+	
8
+	// IF USER IS DOESN'T HAVE ADMINISTRATOR PERMISIONS, EXIT
9
+	if($_SESSION['dbUserData']['admin'] !== '1') {
10
+		echo "You are unauthorized to view this page.";
11
+		exit();
12
+	}
13
+	
14
+	include_once 'header.php';
15
+
16
+?>
17
+
18
+	<!--START OF users.php -->
19
+	<body>
20
+	
21
+    	<header id="main-header">
22
+        	<a id="logo" href=".">
23
+				TANIA
24
+            	<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
25
+        	</a>
26
+        	<div id="account">
27
+            	<a class="nav-link" href="#" onclick="location='home.php'">Go Back</a>
28
+            	<a class="sign-out" href="./processes/logout.php">Sign Out</a>
29
+        	</div>
30
+    	</header>
31
+        
32
+        <div class="container" style="margin-top: 8rem; min-height: calc(100vh - 8rem - 8rem);">
33
+        		
34
+        	<br>
35
+        		
36
+        	<div class="row">
37
+        		<div class="col-sm-12">
38
+        			<h2 class="text-muted"><?php echo $_SESSION['dbUserData']['name']; ?></h2>
39
+<!--     	    		<p>Add new users, view their info and manage permissions!</p> -->
40
+        	    </div>
41
+        	</div>
42
+        	
43
+        	<hr>
44
+        	
45
+        	<div class="row">
46
+        		<div class="col-sm-12">
47
+        			<h3>Add Researcher</h3>
48
+        		</div>
49
+        	</div>
50
+        	
51
+        	<form id="addUser" class="form-horizontal" method="POST" action="processes/addUser.php" onsubmit="addUser(event)">
52
+        	
53
+        		<div class="form-group">
54
+        			<label class="col-sm-2 control-label" for="exampleInputEmail1">Name</label>
55
+        			<div class="col-sm-10">
56
+						<input type="text" name="name" class="form-control text-center" placeholder="i.e. Juan del Pueblo Villa" required autocomplete="off">
57
+					</div>
58
+				</div>
59
+        		
60
+        		<div class="form-group">
61
+	        		<label class="col-sm-2 control-label for="exampleInputEmail1">Email</label>
62
+	        		<div class="col-sm-10">
63
+						<input type="email" name="email" class="form-control text-center" placeholder="i.e. juan.delpueblo@upr.edu" required autocomplete="off">
64
+					</div>
65
+				</div>
66
+				
67
+				<div class="row">
68
+				<div class="col-sm-4 col-sm-offset-5">
69
+					<button type="submit" name="addUser" class="btn btn-primary btn-block">Add User</button>
70
+				</div>
71
+				</div>
72
+        		
73
+        	</form>
74
+        	
75
+        	<br>
76
+        	
77
+        	<!-- ERROR ALERT FOR USER -->			
78
+			<div id="error-addUser" class="row" style="display: none;">
79
+				<div class="col-sm-10 col-sm-offset-2">
80
+					<div class="alert alert-danger mb-1" role="alert">
81
+						<h4 class="error-lead">Error!</h4>
82
+						<p class="error-description"></p>
83
+					</div>
84
+				</div>
85
+			</div>
86
+        	
87
+        	
88
+        	<br>
89
+        
90
+        	<div class="row">
91
+        		
92
+        		<div class="col-sm-12">
93
+	        		<h3>Researchers</h3>
94
+        		</div>
95
+        	
96
+				
97
+				<div class="col-sm-12">
98
+					<table class="table table-hover table-striped table-responsive">
99
+  						<thead>
100
+  							<tr>
101
+  								<th style="text-align: center;"><h4>Name</h4></th>
102
+  								<th style="text-align: center;"><h4>Email</h4></th>
103
+  								<th style="text-align: center;"><h4>Manage</h4></th>
104
+  							</tr>
105
+  						</thead>
106
+  						<tbody>
107
+  							<?php 
108
+  								$queryResearchers = "SELECT * FROM researcher;";
109
+								$resultResearchers = mysqli_query($connection, $queryResearchers);
110
+													
111
+  								while($rowResearchers = mysqli_fetch_assoc($resultResearchers)):
112
+  							?>
113
+  							<tr>
114
+  								<td style="text-align: center;"><h5><?php echo $rowResearchers['name']; ?></h5></td>
115
+  								<td style="text-align: center;"><h5><a class="email" href="mailto:<?php echo $rowResearchers['email']; ?>"><?php echo $rowResearchers['email']; ?></a></h5></td>
116
+  								<td style="text-align: center;">
117
+  									<?php if($rowResearchers['admin'] === '1'): ?>
118
+  									<h5><sm class="text-muted">Already manager...</sm></h5>
119
+  									<?php else: ?>
120
+  									<button class="btn btn-sm btn-default" data-researcher="<?php echo $rowResearchers['id_researcher']; ?>" onclick="makeManager(event)">Make Manager</button>
121
+  									<?php endif; ?>
122
+  								</td>
123
+  							</tr>
124
+  							<?php endwhile; ?>
125
+						</tbody>
126
+  					</table>
127
+  				</div><!--col-->
128
+	
129
+        	</div><!--row-->
130
+        	
131
+        	<br><br><br>
132
+        			
133
+        </div><!--container-->
134
+        			
135
+        			
136
+        			
137
+        			
138
+        	<style>
139
+        	.email {
140
+        		color: #333;
141
+        		transition: color 300ms ease;
142
+        	}
143
+        	
144
+        	.email:hover {
145
+        		color: #999;
146
+        	}
147
+        	</style>
148
+    
149
+    
150
+    
151
+        	
152
+			<script src="js/handleSubmit.js"></script>
153
+        	
154
+        	<script>
155
+        	
156
+        	
157
+			["addUser"].forEach(function(formName) {
158
+			
159
+				var form = document.getElementById(formName);
160
+			
161
+				if(form) {
162
+					form.addEventListener('submit', function(e) {
163
+						handleSubmit(e, formName);
164
+					});
165
+				}
166
+			
167
+			});
168
+
169
+
170
+
171
+        	
172
+        	function foo(e) {
173
+        		e.preventDefault();
174
+        		console.log(e.srcElement);
175
+        		return false;
176
+        	}
177
+        	
178
+        	
179
+        	function makeManager(e) {
180
+        	
181
+        		let button = e.currentTarget;
182
+        		let researcherID = button.getAttribute('data-researcher');
183
+        		
184
+        		// Create loader
185
+        		let loader = document.createElement('div');
186
+        		loader.style.display = "flex";
187
+        		loader.style.alignItems = "center";
188
+        		loader.style.justifyContent = "center";
189
+        		loader.style.height = "35px";
190
+        		let span = document.createElement('span');
191
+        		span.classList.add('loader');
192
+        		loader.appendChild(span);
193
+        		
194
+        		// Insert loader and remove button
195
+        		button.insertAdjacentElement('afterend', loader);
196
+        		button.remove();
197
+
198
+        		let URL = document.location.protocol + "//tania.uprrp.edu/admin_nuevo/processes/makeManager.php";
199
+        		let fields = {
200
+        			researcherID: researcherID
201
+        		};
202
+        		
203
+        		$.post(URL, fields)
204
+        			.done(function(data, text) {
205
+        			
206
+        				// Create Done!
207
+        				let h5 = document.createElement('h5');
208
+        				let sm = document.createElement('sm');
209
+        				sm.classList.add('text-success');
210
+        				sm.innerText = "Done!";
211
+        				h5.appendChild(sm);
212
+        			
213
+        				// Insert Done! and remove loader
214
+        				loader.insertAdjacentElement('afterend', h5);
215
+						loader.remove();
216
+        				
217
+        			})
218
+        			.fail(function(request, status, error) {
219
+        			
220
+        				// Create Retry
221
+        				let retry = document.createElement('button');
222
+        				retry.className = "btn btn-sm btn-primary";
223
+        				retry.setAttribute('data-researcher', researcherID);
224
+        				retry.setAttribute('onclick', 'makeManager(event)');
225
+        				retry.innerText = "Retry";
226
+        			
227
+        				// Insert Retry and remove loader
228
+        				loader.insertAdjacentElement('afterend', retry);
229
+        				loader.remove();
230
+        				
231
+        			});
232
+        		
233
+        	}
234
+        	
235
+        	</script>
236
+        	
237
+        		
238
+	<!-- END OF users.php -->
239
+
240
+<?php include_once 'footer.php'; ?>

+ 51
- 21
viewExperience.php View File

11
 		exit();
11
 		exit();
12
 	}
12
 	}
13
 
13
 
14
-	// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher`='".$dbUserData['id_researcher']."';"
14
+	// FETCH EXPERIENCE
15
 	$experienceID = mysqli_real_escape_string($connection, trim($_GET['view'])); 
15
 	$experienceID = mysqli_real_escape_string($connection, trim($_GET['view'])); 
16
 	$query1 = "SELECT * FROM `experience` WHERE `id` = '$experienceID';";
16
 	$query1 = "SELECT * FROM `experience` WHERE `id` = '$experienceID';";
17
 	$result1 = mysqli_query($connection, $query1) or die("Error: ".mysqli_error($connection));
17
 	$result1 = mysqli_query($connection, $query1) or die("Error: ".mysqli_error($connection));
19
 	
19
 	
20
 	// IF EXPERIENCE NOT IN DATABASE, EXIT
20
 	// IF EXPERIENCE NOT IN DATABASE, EXIT
21
 	if($result1->num_rows !== 1) {
21
 	if($result1->num_rows !== 1) {
22
+		echo "Requested experience does not exist.";
22
 		exit();
23
 		exit();
23
 	}
24
 	}
25
+	
26
+	// IF EXPERIENCE DOESN'T BELONG TO USER (WHO IS NOT AN ADMIN), EXIT
27
+	if($_SESSION['dbUserData']['admin'] !== '1') {
28
+	
29
+		$queryCheckUser = "SELECT id FROM experience WHERE id = '$experienceID' AND id IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "');";
30
+		if(mysqli_query($connection, $queryCheckUser)->num_rows === 0) {
31
+			echo "You are not authorized to view this experience.";
32
+			exit();
33
+		}
34
+		
35
+	}
36
+
24
 
37
 
25
 	include_once 'header.php';
38
 	include_once 'header.php';
26
 	
39
 	
34
             	<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
47
             	<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
35
         	</a>
48
         	</a>
36
         	<div id="account">
49
         	<div id="account">
37
-            	<a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
38
             	<a class="sign-out" href="./processes/logout.php">Sign Out</a>
50
             	<a class="sign-out" href="./processes/logout.php">Sign Out</a>
39
         	</div>
51
         	</div>
40
     	</header>
52
     	</header>
994
 							
1006
 							
995
 							<!-- FROM QUESTIONNAIRE -->
1007
 							<!-- FROM QUESTIONNAIRE -->
996
 							<label for="fromQuestionnaireID">Which Questionnaire:</label>
1008
 							<label for="fromQuestionnaireID">Which Questionnaire:</label>
997
-							<select class="form-control text-center" id="fromQuestionnaireID" name="fromQuestionnaireID" style="text-align-last:center;" required>
998
-								<?php
1009
+							<?php
1010
+								// FIRST ASSUME FALSE
1011
+								$errorDuplicate = false;
999
 								
1012
 								
1000
-									$queryQuestionnaires = "SELECT * FROM `questionnair` WHERE id IN (SELECT id_questionnair FROM experience_questionnair WHERE id_experience = '$experienceID');";
1001
-									$resultQuestionnaires = mysqli_query($connection, $queryQuestionnaires);
1002
-
1003
-									while($rowQuestionnaires = mysqli_fetch_assoc($resultQuestionnaires)):
1004
-									
1005
-								?>
1013
+								$queryQuestionnaires = "SELECT * FROM `questionnair` WHERE id IN (SELECT id_questionnair FROM experience_questionnair WHERE id_experience = '$experienceID');";
1014
+								$resultQuestionnaires = mysqli_query($connection, $queryQuestionnaires);
1015
+								
1016
+								if($resultQuestionnaires->num_rows > 0):
1017
+							?>
1018
+							<select class="form-control text-center" id="fromQuestionnaireID" name="fromQuestionnaireID" style="text-align-last:center;" required>
1019
+								<?php while($rowQuestionnaires = mysqli_fetch_assoc($resultQuestionnaires)): ?>
1006
 									<option value="<?php echo $rowQuestionnaires['id']; ?>"><?php echo $rowQuestionnaires['q_title']; ?></option>
1020
 									<option value="<?php echo $rowQuestionnaires['id']; ?>"><?php echo $rowQuestionnaires['q_title']; ?></option>
1007
 								<?php endwhile; ?>
1021
 								<?php endwhile; ?>
1008
 							</select>
1022
 							</select>
1023
+							<?php
1024
+								else:							
1025
+									$errorDuplicate = true;
1026
+							?>
1027
+							<h3 class="text-center"><small>It seems you still haven't added any questionnaires to this experience...</small></h3>
1028
+							<?php endif; ?>
1009
 							
1029
 							
1010
 							<br>
1030
 							<br>
1011
 							
1031
 							
1012
 							<!-- TO EXPERIENCE -->
1032
 							<!-- TO EXPERIENCE -->
1013
 							<label for="toExperienceID">To What Experience:</label>
1033
 							<label for="toExperienceID">To What Experience:</label>
1014
-							<select class="form-control text-center" id="toExperienceID" name="toExperienceID" style="text-align-last:center;" required>
1015
-								<?php 
1016
-								
1017
-									// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher`='".$dbUserData['id_researcher']."';"
1034
+							<?php
1035
+
1036
+								// CHANGE QUERY DEPENDING ON IF USER IS ADMIN OR NOT
1037
+								if($_SESSION['dbUserData']['admin'] === '1') {
1018
 									$queryExperience2 = "SELECT * FROM `experience` WHERE id != '$experienceID';";
1038
 									$queryExperience2 = "SELECT * FROM `experience` WHERE id != '$experienceID';";
1019
-									$resultExperience2 = mysqli_query($connection, $queryExperience2);
1020
-									
1021
-									while($rowExperience2 = mysqli_fetch_assoc($resultExperience2)):
1022
-									
1023
-								?>
1039
+								} else {
1040
+									$queryExperience2 = "SELECT * FROM `experience` WHERE id != '$experienceID' AND id IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "');";
1041
+								}							
1042
+							
1043
+								$resultExperience2 = mysqli_query($connection, $queryExperience2);
1044
+								
1045
+								if($resultExperience2->num_rows > 0):
1046
+							?>
1047
+							<select class="form-control text-center" id="toExperienceID" name="toExperienceID" style="text-align-last:center;" required>
1048
+								<?php while($rowExperience2 = mysqli_fetch_assoc($resultExperience2)): ?>
1024
 								<option value="<?php echo $rowExperience2['id']; ?>"><?php echo $rowExperience2['title']; ?></option>
1049
 								<option value="<?php echo $rowExperience2['id']; ?>"><?php echo $rowExperience2['title']; ?></option>
1025
 								<?php endwhile; ?>
1050
 								<?php endwhile; ?>
1026
 							</select>							
1051
 							</select>							
1027
-							
1052
+							<?php
1053
+								else:
1054
+									$errorDuplicate = true;	
1055
+							?>
1056
+							<h3 class="text-center"><small>You don't have another experience to duplicate to...</small></h3>
1057
+							<?php endif; ?>
1028
 							
1058
 							
1029
 							
1059
 							
1030
       					</div><!--modal-body-->
1060
       					</div><!--modal-body-->
1032
       					<!-- SUBMIT OR CANCEL -->
1062
       					<!-- SUBMIT OR CANCEL -->
1033
      					<div class='modal-footer'>
1063
      					<div class='modal-footer'>
1034
        						<button type='button' class='btn btn-default' data-dismiss='modal'>Cancel</button>
1064
        						<button type='button' class='btn btn-default' data-dismiss='modal'>Cancel</button>
1035
-        					<button type='submit' class='btn btn-primary' name='duplicateQuestionnaire'>Confirm</button>
1065
+        					<button type='submit' class='btn btn-primary' name='duplicateQuestionnaire' <?php if($errorDuplicate === true) echo "disabled"; ?>>Confirm</button>
1036
       					</div>
1066
       					</div>
1037
       					
1067
       					
1038
     				</div><!--modal-content-->
1068
     				</div><!--modal-content-->

+ 13
- 2
viewMoment.php View File

11
 		exit();
11
 		exit();
12
 	}
12
 	}
13
 	
13
 	
14
-	// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher` = '".$dbUserData['id_researcher']."';"
14
+	// FETCH MOMENT
15
 	$momentID = mysqli_real_escape_string($connection, trim($_GET['view']));
15
 	$momentID = mysqli_real_escape_string($connection, trim($_GET['view']));
16
 	$query1 = "SELECT * FROM subquestionnair WHERE id = '$momentID';";
16
 	$query1 = "SELECT * FROM subquestionnair WHERE id = '$momentID';";
17
 	$result1 = mysqli_query($connection, $query1) or die("Error: ".mysqli_error($connection));
17
 	$result1 = mysqli_query($connection, $query1) or die("Error: ".mysqli_error($connection));
19
 
19
 
20
 	// IF MOMENT NOT IN DATABASE, EXIT
20
 	// IF MOMENT NOT IN DATABASE, EXIT
21
 	if($result1->num_rows !== 1) {
21
 	if($result1->num_rows !== 1) {
22
+		echo "Requested experience does not exist.";
22
 		exit();
23
 		exit();
23
 	}
24
 	}
24
 	
25
 	
26
+	// IF MOMENT DOESN'T BELONG TO USER (WHO IS NOT AN ADMIN), EXIT
27
+	if($_SESSION['dbUserData']['admin'] !== '1') {
28
+	
29
+		$queryCheckUser = "SELECT id FROM subquestionnair WHERE id = '$momentID' AND id IN (SELECT id_subquestionnair FROM experience_subquestionnair WHERE id_experience IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "'));";
30
+		if(mysqli_query($connection, $queryCheckUser)->num_rows === 0) {
31
+			echo "You are not authorized to view this moment.";
32
+			exit();
33
+		}
34
+		
35
+	}
36
+	
25
 	// EXTRACT & DISPLAY THE NUMBER OF QUESTIONS IN THE MOMENT
37
 	// EXTRACT & DISPLAY THE NUMBER OF QUESTIONS IN THE MOMENT
26
 	$queryNumQuestions = "SELECT * FROM question WHERE id IN (SELECT id_question FROM subquestionnair_question WHERE id_subquestionnair = '$momentID');";
38
 	$queryNumQuestions = "SELECT * FROM question WHERE id IN (SELECT id_question FROM subquestionnair_question WHERE id_subquestionnair = '$momentID');";
27
 	$resultNumQuestions = mysqli_query($connection, $queryNumQuestions);
39
 	$resultNumQuestions = mysqli_query($connection, $queryNumQuestions);
40
             		<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
52
             		<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
41
         		</a>
53
         		</a>
42
         		<div id="account">
54
         		<div id="account">
43
-        		    <a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
44
         		    <a class="sign-out" href="./processes/logout.php">Sign Out</a>
55
         		    <a class="sign-out" href="./processes/logout.php">Sign Out</a>
45
         		</div>
56
         		</div>
46
     		</header>
57
     		</header>

+ 13
- 2
viewQuestionnaire.php View File

11
 		exit();
11
 		exit();
12
 	}
12
 	}
13
 
13
 
14
-	// WARNING: CHANGE QUERY TO INCLUDE "`id_researcher` = '".$dbUserData['id_researcher']."';"
14
+	// FETCH QUESTIONNAIRE
15
 	$questionnaireID = mysqli_real_escape_string($connection, trim($_GET['view']));
15
 	$questionnaireID = mysqli_real_escape_string($connection, trim($_GET['view']));
16
 	$query1 = "SELECT * FROM questionnair WHERE id = '$questionnaireID';";
16
 	$query1 = "SELECT * FROM questionnair WHERE id = '$questionnaireID';";
17
 	$result1 = mysqli_query($connection, $query1) or die("Error: ".mysqli_error($connection));
17
 	$result1 = mysqli_query($connection, $query1) or die("Error: ".mysqli_error($connection));
19
 		
19
 		
20
 	// IF QUESTIONNAIRE NOT IN DATABASE, EXIT
20
 	// IF QUESTIONNAIRE NOT IN DATABASE, EXIT
21
 	if($result1->num_rows !== 1) {
21
 	if($result1->num_rows !== 1) {
22
+		echo "Requested questionnaire does not exist.";
22
 		exit();
23
 		exit();
23
 	}
24
 	}
25
+	
26
+	// IF QUESTIONNAIRE DOESN'T BELONG TO USER (WHO IS NOT AN ADMIN), EXIT
27
+	if($_SESSION['dbUserData']['admin'] !== '1') {
28
+	
29
+		$queryCheckUser = "SELECT id FROM questionnair WHERE id = '$questionnaireID' AND id IN (SELECT id_questionnair FROM experience_questionnair WHERE id_experience IN (SELECT id_experience FROM researcher_experience WHERE id_researcher = '" . $_SESSION['dbUserData']['id_researcher'] . "'));";
30
+		if(mysqli_query($connection, $queryCheckUser)->num_rows === 0) {
31
+			echo "You are not authorized to view this questionnaire.";
32
+			exit();
33
+		}
34
+		
35
+	}
24
 		
36
 		
25
 	// EXTRACT & DISPLAY THE NUMBER OF QUESTIONS IN THE QUESTIONNAIRE	
37
 	// EXTRACT & DISPLAY THE NUMBER OF QUESTIONS IN THE QUESTIONNAIRE	
26
 	$queryNumQuestions = "SELECT * FROM question WHERE id IN (SELECT id_question FROM questionnair_question WHERE id_questionnair = '$questionnaireID');";
38
 	$queryNumQuestions = "SELECT * FROM question WHERE id IN (SELECT id_question FROM questionnair_question WHERE id_questionnair = '$questionnaireID');";
40
             		<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
52
             		<img src="./img/pen_800x800.png" alt="tania logo pen" width="25" height="25">
41
         		</a>
53
         		</a>
42
         		<div id="account">
54
         		<div id="account">
43
-        		    <a class="nav-link" href="./questionnaires.php">Questionnaire Collection</a>
44
         		    <a class="sign-out" href="./processes/logout.php">Sign Out</a>
55
         		    <a class="sign-out" href="./processes/logout.php">Sign Out</a>
45
         		</div>
56
         		</div>
46
     		</header>
57
     		</header>