$tussenvoegsel = filter_var($_POST['tussenvoegsel'], FILTER_SANITIZE_STRING);
//tussenvoegsel mag spatie bevatten
$emailadres = filter_var(trim($_POST['emailadres']), FILTER_VALIDATE_EMAIL);
$leerling_id = filter_var(trim($_POST['leerling_id']), FILTER_SANITIZE_STRING);
$gebruiker_id = intval($_POST['gebruiker_id']);
if (!$emailadres) {
$_SESSION['message'] = 'Voer een geldig e-mailadres in.';
} else {
$gegevens = ["voornaam" => $voornaam, "tussenvoegsel" => $tussenvoegsel, "achternaam" => $achternaam, "emailadres" => $emailadres, "leerling_id" => $leerling_id];
updateStudent($gegevens, $gebruiker_id);
}
}
}
if (isset($_POST["submit_verwijder_leerling"])) {
$gebruiker_id = intval($_POST['gebruiker_id']);
deleteStudent($gebruiker_id);
}
}
}
$leerlingen = getLeerlingenKlas($klas);
$pagename = "klassen";
?>
<?php
include ROOT_PATH . "includes/templates/header.php";
?>
<div class="wrapper">
<?php
include ROOT_PATH . "includes/templates/sidebar-admin.php";
?>
*/
/** Required Files */
require '../model/db.php';
require 'define.php';
if ($_SERVER["REQUEST_METHOD"] != "POST") {
/** @Link 404 Page */
header('Location: ' . SERVER . '/404');
return;
}
if (!isset($_POST['dltBtn'])) {
/** @Link 404 Page */
header('Location: ' . SERVER . '/404');
return;
}
/**
* @var int $cid Course ID
* @var int $sid Student ID
*/
$cid = $_GET['id1'];
$sid = $_GET['id2'];
/**
* Removing Students from all the Records
*/
deleteStudent($cid, $sid);
deleteStudentAttendence($cid, $sid);
removeStudentExam($cid, $sid);
removeStudentQuizTerm($cid, $sid);
echo '<script language="javascript">
alert("Successfully Removed !!");
window.location="' . SERVER . '/course/' . $cid . '/students";
</script>';
}
}
// If all is good, insert the new student into the database //
$query = mysql_query("INSERT INTO students VALUES('', '{$_POST['username']}', '{$_POST['fname']}', '{$_POST['mi']}', '{$_POST['lname']}')") or die("ManageStudents.php: Unable to insert new student - " . mysql_error());
}
}
// Edit the student if one is being edited //
if ($_POST["editstudent"] == 1 && $_POST["username"] != "" && $_POST["fname"] != "" && $_POST["mi"] != "" && $_POST["lname"] != "") {
$query = mysql_query("UPDATE `students` SET `userid`='{$_POST['username']}', `fname`='{$_POST['fname']}', `mi`='{$_POST['mi']}', `lname`='{$_POST['lname']}' WHERE `studentid`='{$_POST['studentid']}' LIMIT 1") or die("ManageStudents.php: Unable to update the student information - " . mysql_error());
}
// Delete the student(s) that the student has requested as well as the classes belonging to those students //
if ($_POST["deletestudent"] == 1) {
require_once "DeleteFunctions.php";
$delete = $_POST["delete"];
for ($i = 0; $i < sizeof($delete); $i++) {
deleteStudent($delete[$i]);
}
}
print "<script language='JavaScript'>\n\n // Function to make sure the student wants to delete the student(s) //\n function validate()\n {\n if( document.students.selectstudent.value > 0 )\n {\n\tvar confirmed = confirm(\"Are you sure you want to delete this student?\");\n\n\tif( confirmed == true )\n\t{\n\t document.students.submit();\n\t}\n }\n else\n {\n\talert('You must select a student to delete.');\n }\n }\n\n\n // Function to make sure only one checkbox has been selected //\n function checkboxes()\n {\n if( document.students.selectstudent.value == 1 )\n {\n\tdocument.students.submit();\n }\n else\n {\n\tif( document.students.selectstudent.value > 1 )\n\t{\n\t alert('You can only edit one student at a time.');\n\t}\n\telse\n\t{\n\t alert('You must select a student to edit.');\n\t}\n }\n }\n\n\n // Function to keep track of how many checkboxes are checked //\n function updateboxes(row)\n {\n row = row + 2;\n if(document.students.elements[row].checked)\n {\n\tdocument.students.selectstudent.value = Math.round(document.students.selectstudent.value) + 1;\n }\n else\n {\n\tdocument.students.selectstudent.value = Math.round(document.students.selectstudent.value) - 1;\n }\n }\n </script>\n\n <h1>Manage Students</h1>\n <br><br>\n <table align='center' width='425' cellspacing='0' cellpadding='0' border='0'>\n <tr>\n <td>\n <form name='students' action='./index.php' method='POST'>\n <input type='button' value='Add' onClick='document.students.page2.value=20;document.students.submit();'>\n <input type='button' value='Edit' onClick='document.students.page2.value=21;checkboxes();'>\n <input type='button' value='Delete' onClick='document.students.deletestudent.value=1;validate();'>\n <br><br>\n <table cellspacing='0' width='425' cellpadding='8' class='dynamiclist'>\n <tr class='header'>\n\t<td> </td>\n\t<th>First Name</th>\n\t<th>Middle Initial</th>\n\t<th>Last Name</th>\n\t<th>Username</th>\n </tr>";
// Get the total number of students to know how many pages to have //
$query = mysql_query("SELECT COUNT(*) FROM students") or die("Managestudents.php: Unable to retrieve total number of students - " . mysql_error());
$numrows = mysql_result($query, 0);
$numpages = ceil($numrows / 25);
if ($_POST["onpage"] == "") {
$_POST["onpage"] = 1;
}
// Get and display the students //
$query = mysql_query("SELECT s.studentid,s.fname,s.mi,s.lname,u.username FROM students s, users u WHERE s.userid = u.userid");
$row = 0;
$actualrow = 0;
while ($student = mysql_fetch_row($query)) {
} else {
echo "No proper data";
}
break;
case 1:
if (isset($_POST['group'])) {
echo removeGroup($_POST['group']);
} else {
echo "No proper data";
}
break;
case 2:
if (isset($_POST['task'])) {
echo removeTask($_POST['task']);
} else {
echo "No proper data";
}
break;
case 3:
if (isset($_POST['student']) and isset($_POST['group'])) {
echo deleteStudent($_POST['student'], $_POST['group']);
} else {
echo "No proper data";
}
break;
default:
echo "No proper data";
}
} else {
echo "No proper data";
}
function deleteUser($userid)
{
$query = mysql_query("SELECT type FROM users WHERE userid = {$userid}");
$type = @mysql_result($query, 0);
$query = mysql_query("DELETE FROM users WHERE userid = {$userid} LIMIT 1") or die("DeleteFunction.php: Unable to delete selected User(s) - " . mysql_error());
switch ($type) {
case "Teacher":
// Get the list of teachers/substitutes that will also be deleted and delete them //
$query = mysql_query("SELECT teacherid FROM teachers WHERE userid = {$userid}") or die("DeleteFunctions.php: Unable to get list of teachers to delete for deleteUser() - " . mysql_error());
while ($teacherid = mysql_fetch_row($query)) {
deleteTeacher($teacherid[0]);
}
break;
case "Student":
// Get the list of students that will also be deleted and delete them //
$query = mysql_query("SELECT studentid FROM students WHERE userid = {$userid}") or die("DeleteFunctions.php: Unable to get list of students to delete for deleteUser() - " . mysql_error());
while ($studentid = @mysql_result($query, 0)) {
deleteStudent($studentid);
}
break;
case "Parent":
// Get the list of parents that will also be deleted and delete them //
$query = mysql_query("SELECT parentid FROM parents WHERE userid = {$userid}") or die("DeleteFunctions.php: Unable to get list of parents to delete for deleteUser() - " . mysql_error());
while ($parentid = @mysql_result($query, 0)) {
deleteParent($parentid);
}
break;
case "Admin":
// Get the list of administration staff that will also be deleted and delete them //
$query = mysql_query("SELECT adminid FROM adminstaff WHERE userid = {$userid}") or die("DeleteFunctions.php: Unable to get list of admins to delete for deleteUser() - " . mysql_error());
while ($adminid = @mysql_result($query, 0)) {
deleteAdmin($adminid);
}
break;
}
}
<?php
include_once "database.php";
$inputJSON = file_get_contents('php://input');
$student = json_decode($inputJSON, TRUE);
//convert JSON into array
deleteStudent($student["student_id"]);
