$quest = $_POST['q'];
$gtotal = $_POST['gtotal'];
$logid = $_SESSION['logid'];
$sql = "";
//LAST PIECE OF PROTECTION FROM EDITS
function preventEdit($con, $logid, $evtype, $quest)
{
$sql = "SELECT faculty_results.id FROM faculty_results JOIN users ON users.id=faculty_results.evaluator WHERE users.logid='{$logid}' AND evtype='{$evtype}' AND {$quest} > 0";
$query = mysqli_query($con, $sql);
$numrows = mysqli_num_rows($query);
if ($numrows > 0) {
echo "That evaluation was completed";
exit;
}
}
preventEdit($con, $logid, $evtype, $quest);
if ($eval == 'self') {
$sql = "SELECT faculty_results.id FROM faculty_results JOIN users ON users.id=faculty_results.evaluator AND users.id=faculty_results.toevaluate WHERE users.logid='{$logid}';";
}
//OPTIMIZED FOR FACULTY
//~ $sql = "SELECT faculty.id FROM faculty JOIN users ON users.id=faculty.userkey WHERE users.logid='$logid';";
//~ $sql = "SELECT faculty_results.id FROM faculty_results JOIN users ON users.id=faculty. WHERE users.logid='$logid';";
$query = mysqli_query($con, $sql);
$numrows = mysqli_num_rows($query);
if ($numrows == 0) {
echo "Don't try to hack";
exit;
} else {
$row = mysqli_fetch_row($query);
$sql = "UPDATE faculty_results SET {$quest}='" . $gtotal . "' WHERE faculty_results.id='{$row['0']}';";
$query = mysqli_query($con, $sql);
if ($numrows > 0) {
return true;
}
echo "ERROR";
exit;
}
//ONLY OPTIMIZED FOR FACULTY; PLEASE CHANGE LATER ACCORDINGLY E.G. ADD CHECKS FOR UTYPE
if (!isset($_GET['evtype']) or !isset($_GET['eval']) or !isset($_GET['q'])) {
echo "ERROR";
exit;
}
$evtype = mysqli_real_escape_string($con, $_GET['evtype']);
$eval = mysqli_real_escape_string($con, $_GET['eval']);
$quest = mysqli_real_escape_string($con, $_GET['q']);
if (validUrl($con, $evtype, $eval, $quest)) {
preventEdit($con, $_SESSION['logid'], $evtype, $quest);
}
$sql = "SELECT percent, content FROM {$quest}";
$query = mysqli_query($con, $sql);
$numrows = mysqli_num_rows($query);
if ($numrows == 0) {
echo "No questions";
exit;
}
$category = "";
$count = 0;
$eval = urlencode($eval);
$putbackbtn = 0;
while ($row = mysqli_fetch_array($query)) {
if ($row[0] > 0) {
if ($row[1] != $category) {
$numrows = mysqli_num_rows($query);
if ($numrows > 0) {
return true;
}
echo "ERROR";
exit;
}
//ONLY OPTIMIZED FOR FACULTY; PLEASE CHANGE LATER ACCORDINGLY E.G. ADD CHECKS FOR UTYPE
if (!isset($_GET['sub']) or !isset($_GET['st'])) {
echo "ERROR";
exit;
}
$sub = mysqli_real_escape_string($con, $_GET['sub']);
$st = mysqli_real_escape_string($con, $_GET['st']);
if (invalidUrl($con, $_SESSION['logid'], $sub, $st)) {
preventEdit($con, $_SESSION['logid'], $sub, $st);
}
$sql = "SELECT percent, content FROM st_evaluation";
$query = mysqli_query($con, $sql);
$numrows = mysqli_num_rows($query);
if ($numrows == 0) {
echo "No questions";
exit;
}
echo "id is " . $_SESSION['userid'];
$category = "";
$count = 0;
$eval = urlencode($eval);
$putbackbtn = 0;
//~ $numrows=mysqli_num_rows($query);
$numrows = 4;
