if (count($subjects) > 0) { echo '<table class="tableLeft">'; foreach ($subjects as $sub) { if ($userData['rol'] != 'student') { //Geen link echo '<tr><td>' . $sub['vaknaam'] . '</td></tr>'; } else { //Wel link echo '<tr><td><a href="viewnotes.php?student=' . $targetUser . '&subject=' . $sub['vakId'] . '">' . $sub['vaknaam'] . '</a></td></tr>'; } } echo '</table>'; } else { echo '<p>Geen vakken gevonden!</p>'; } if (portfolio_user_is_of_type(array('admin'))) { echo '<hr>'; echo '<p></p>'; echo '<h3>Voeg vak toe aan gebruiker</h3>'; $allSubjects = portfolio_get_subjects(); if (count($allSubjects) > 0) { echo '<table class="tableLeft">'; foreach ($allSubjects as $sub) { echo '<tr><td><a href="addsubjecttouser.php?user='******'&subject=' . $sub['vakId'] . '" target="_blank">' . $sub['vaknaam'] . '</a></td></tr>'; } echo '</table>'; } } } else { echo '<p>Gebruiker niet gevonden!</p>'; }
?> </div> </div> <div id="content"> <?php if (isset($_SESSION['user'])) { //Alles echo "<h2>Welkom " . $_SESSION['user']['voornaam'] . " " . $_SESSION['user']['achternaam'] . "</h2>"; //Als een student ingelogd is, dan is targetUser de student. Anders pakken we hem via GET $targetUser = portfolio_user_is_of_type(array('student')) ? $_SESSION['user']['gebruikersId'] : filter_input(INPUT_GET, 'student', FILTER_VALIDATE_INT); if ($targetUser) { $mats = portfolio_get_user_materials($targetUser); $userData = portfolio_get_user_details($targetUser); if ($userData) { echo '<h2>Materialen van ' . $userData['voornaam'] . ' ' . $userData['achternaam'] . '</h2>'; if (!portfolio_user_is_of_type(array('student'))) { echo '<p><a href="students.php">Terug naar studentenoverzicht</a></p>'; } else { echo '<p><a href="upload.php">Upload nieuw materiaal</a></p>'; } echo '<hr>'; } if (count($mats) > 0) { echo '<table class="tableLeft">'; foreach ($mats as $mat) { echo '<tr><td><a href="viewmaterial.php?material=' . $mat['materiaalId'] . '">' . $mat['naam'] . '</a></td></tr>'; } echo '</table>'; } else { echo '<p>Geen materialen gevonden!</p>'; }
<div id="content"> <?php if (isset($_SESSION['user'])) { //$matId = filter_input(INPUT_GET, 'material', FILTER_VALIDATE_INT); $matId = filter_input(INPUT_GET, 'material', FILTER_VALIDATE_INT); if ($matId) { //Alles echo "<h2>Welkom " . $_SESSION['user']['voornaam'] . " " . $_SESSION['user']['achternaam'] . "</h2>"; $matData = portfolio_get_material($matId); $noteData = portfolio_get_note($matId); if ($matData && $noteData) { echo '<h2>Verwijder cijfer voor ' . $matData['naam'] . '</h2>'; /* * Checks + verwijderen van materiaal. */ if (portfolio_user_is_of_type(array('admin')) || $_SESSION['user']['gebruikersId'] == $noteData['beoordelaarId']) { $pwCorrect = false; $deleted = false; if (isset($_POST['submit']) && isset($_SESSION['user']) && $matId) { $userId = $_SESSION['user']['gebruikersId']; $userPass = filter_input(INPUT_POST, 'userPass'); $link = portfolio_connect(); if ($link) { $sql = "SELECT * FROM " . TABLE_USER . " WHERE gebruikersId='" . mysqli_real_escape_string($link, $userId) . "'"; $result = mysqli_query($link, $sql); if ($result !== false) { if (($array = mysqli_fetch_assoc($result)) != null) { if (password_verify($userPass, $array['wachtwoord'])) { $pwCorrect = true; $deleted = portfolio_delete_note($matId); }
</div> <div id="content"> <?php if (isset($_SESSION['user'])) { //$msgId = filter_input(INPUT_GET, 'material', FILTER_VALIDATE_INT); $msgId = filter_input(INPUT_GET, 'message', FILTER_VALIDATE_INT); if ($msgId) { //Alles echo "<h2>Welkom " . $_SESSION['user']['voornaam'] . " " . $_SESSION['user']['achternaam'] . "</h2>"; $msgData = portfolio_get_guestbook_message($msgId); if ($msgData) { echo '<h2>Verwijderen gastenboek bericht</h2>'; /* * Checks + verwijderen van materiaal. */ if ($_SESSION['user']['gebruikersId'] === $msgData['ontvangerId'] || portfolio_user_is_of_type(array('admin'))) { if (portfolio_delete_guestbook_message($msgId)) { echo '<p>Bericht verwijderd</p>'; } else { echo '<p>Kon bericht niet verwijderen</p>'; } } else { echo '<p>U bent niet gemachtigd dit bericht te verwijderen</p>'; } } else { echo '<p>Bericht niet gevonden!</p>'; } } } else { echo "<h2>Log eerst in!</h2>"; echo '<p><a href="login.php">Klik hier om in te loggen</a></p>';
<div id="header"> <?php include 'inc/header.php'; ?> </div> <div id="content"> <?php if (isset($_SESSION['user'])) { $targetId = filter_input(INPUT_GET, 'student', FILTER_VALIDATE_INT); $targetSubject = filter_input(INPUT_GET, 'subject', FILTER_VALIDATE_INT); if ($targetId) { //Alles echo "<h2>Welkom " . $_SESSION['user']['voornaam'] . " " . $_SESSION['user']['achternaam'] . "</h2>"; $targetData = portfolio_get_user_details($targetId); if ($targetData) { if ($targetData['rol'] === 'student' && portfolio_user_is_of_type(array('slb', 'docent')) || portfolio_user_is_of_type(array('admin')) || $targetId == $_SESSION['user']['gebruikersId']) { echo '<h2>' . $targetData['voornaam'] . ' ' . $targetData['achternaam'] . '</h2>'; $targetSubjectData = portfolio_get_subject($targetSubject); if ($targetSubjectData) { echo '<h3>Cijfers voor vak ' . $targetSubjectData['vaknaam'] . '</h3>'; } else { echo '<h3>Cijfers</h3>'; $targetSubject = 0; } $notes = portfolio_get_student_notes_ext($targetId, $targetSubject); if (count($notes) > 0) { echo '<table class="tableLeft">'; echo '<tr><th rel="col">naam materiaal</th><th rel="col">verbonden vakken</th><th rel="col">cijfer</th></tr>'; foreach ($notes as $n) { $v = portfolio_get_material_subjects($n['materiaalId']); echo '<tr>';
<div id="container"> <div id="header"> <?php include 'inc/header.php'; ?> </div> <div id="content"> <?php if (isset($_SESSION['user'])) { $targetId = filter_input(INPUT_GET, 'material', FILTER_VALIDATE_INT); if ($targetId) { //Alles echo "<h2>Welkom " . $_SESSION['user']['voornaam'] . " " . $_SESSION['user']['achternaam'] . "</h2>"; $targetData = portfolio_get_material($targetId); if ($targetData) { if ($_SESSION['user']['gebruikersId'] === $targetData['eigenaarId'] || portfolio_user_is_of_type(array('admin'))) { echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'] . '">'; echo '<h2>' . $targetData['naam'] . '</h2>'; //HIER SUBMIT TROEP if (isset($_POST['submit'])) { $naam = filter_input(INPUT_POST, 'naam'); $isPublic = filter_input(INPUT_POST, 'isOpenbaar'); if (!empty($naam)) { switch ($isPublic) { case 0: $isPublic = 0; break; case 1: $isPublic = 1; break; default:
<link href="css/admin.css" rel="stylesheet" type="text/css"> </head> <body> <div id="container"> <div id="header"> <?php include 'inc/header.php'; ?> </div> <div id="content"> <?php if (isset($_SESSION['user'])) { $targetId = filter_input(INPUT_GET, 'user', FILTER_VALIDATE_INT); if ($targetId) { if (portfolio_user_is_of_type(array('student')) && $_SESSION['user']['gebruikersId'] == $targetId || portfolio_user_is_of_type(array('admin'))) { $usrData = portfolio_get_user_details($targetId); if ($usrData) { $msgData = portfolio_get_guestbook_messages($targetId); echo "<h2>Welkom " . $_SESSION['user']['voornaam'] . " " . $_SESSION['user']['achternaam'] . "</h2>"; echo '<h2>Gastenboek van ' . $usrData['voornaam'] . ' ' . $usrData['achternaam'] . '</h2>'; echo '<h3>Lijst berichten</h3>'; if (count($msgData) > 0) { echo '<table class="tableLeft">'; echo '<tr><th rel="col">naam</th><th rel="col">mail</th><th rel="col">bericht</th><th rel="col">verwijder</th></tr>'; foreach ($msgData as $msg) { echo '<tr>' . '<td>' . $msg['zendernaam'] . '</td>' . '<td>' . $msg['email'] . '</td>' . '<td>' . $msg['bericht'] . '</td>' . '<td><a href="removeguestbook.php?message=' . $msg['berichtId'] . '" target="_blank">verwijder</a></td>' . '</tr>'; } echo '</table>'; } else { echo '<p>Er zijn geen berichten gevonden</p>';
function portfolio_delete_mail_message($mailId) { $link = portfolio_connect(); if ($link) { $msgData = portfolio_get_message($mailId); if ($msgData) { if (portfolio_user_is_of_type(array('student', 'slb', 'docent')) && $_SESSION['user']['gebruikersId'] == $msgData['zenderId'] || portfolio_user_is_of_type(array('student', 'slb', 'docent')) && $_SESSION['user']['gebruikersId'] == $msgData['ontvangerId'] || portfolio_user_is_of_type(array('admin'))) { $sql = "DELETE FROM " . TABLE_MESSAGE . " \n\t\t\t\t\t\tWHERE berichtId=" . mysqli_real_escape_string($link, $mailId); return mysqli_query($link, $sql); } else { portfolio_set_error(PORTFOLIO_ERROR_UNAUTHORIZED); } } else { portfolio_set_error(PORTFOLIO_ERROR_NOT_FOUND); } } return null; }