<?php require_once "header.php"; $userInfo = checkLogin("instructor"); printHeader("Assignments"); printInstructorInfo(); $classId = $db->escape_string($_REQUEST['class']); $class = $db->query("SELECT * FROM Class NATURAL JOIN Teaches WHERE classId='{$classId}' AND userId='" . $userInfo['userId'] . "'"); if ($class->num_rows == 0) { echo "This class does not exist or you are not assigned to teach it."; } $classInfo = $class->fetch_array(MYSQLI_ASSOC); echo "<h2>Assignments for " . $classInfo['className'] . " (" . $classInfo['classNum'] . ")</h2>"; if (isset($_POST['assignmentName']) && isset($_POST['points']) && $classInfo['open'] == true) { // New assignment! $assignmentName = $db->escape_string($_POST['assignmentName']); $points = $db->escape_string($_POST['points']); $db->query("INSERT INTO Assignment (classId, assignmentName, numPoints) VALUES ('{$classId}','{$assignmentName}','{$points}')"); echo "<p class='notice'>The assignment has been added.</p>"; } else { if (isset($_GET['remove']) && $classInfo['open'] == true) { $name = $db->escape_string($_GET['remove']); $db->query("DELETE FROM Assignment WHERE classId='{$classId}' AND assignmentName='{$name}'"); $db->query("DELETE FROM AssignmentGrade WHERE classId='{$classId}' AND assignmentName='{$name}'"); echo "<p class='notice'>The assignment has been removed.</p>"; } else { if (isset($_POST['oldName'])) { $oldName = $db->escape_string($_POST['oldName']); $newName = $db->escape_string($_POST['newName']); $points = $db->escape_string($_POST['points']); $db->query("UPDATE Assignment SET assignmentName='" . $newName . "', numPoints='" . $points . "' WHERE assignmentName='" . $oldName . "' AND classId='" . $classId . "'");
<?php require_once "header.php"; $userInfo = checkLogin("instructor"); printHeader("Assignment Grades"); $userId = printInstructorInfo(); $classId = $db->escape_string($_REQUEST['class']); $class = $db->query("SELECT * FROM Class NATURAL JOIN Teaches WHERE classId='{$classId}' AND userId='" . $userInfo['userId'] . "'"); if ($class->num_rows == 0) { echo "This class does not exist or you are not assigned to teach it."; die; } $classInfo = $class->fetch_array(MYSQLI_ASSOC); $assignmentName = $db->escape_string($_REQUEST['assignment']); $assignment = $db->query("SELECT * FROM Assignment WHERE classId='{$classId}' AND assignmentName='{$assignmentName}'"); if ($assignment->num_rows == 0) { echo "This assignment does not exist."; die; } $assignmentInfo = $assignment->fetch_array(MYSQLI_ASSOC); echo "<h2>Grades for " . $assignmentInfo['assignmentName'] . "</h2>"; if (isset($_POST['editpoints']) && $classInfo['open'] == true) { $student = $db->escape_string($_POST['student']); $points = $db->escape_string($_POST['editpoints']); $db->query("UPDATE AssignmentGrade SET points='{$points}' WHERE studentId='{$student}' AND assignmentName='{$assignmentName}'"); } else { if (isset($_POST['student']) && $classInfo['open'] == true) { $student = $db->escape_string($_POST['student']); $points = $db->escape_string($_POST['points']); $db->query("INSERT INTO AssignmentGrade (classId, studentId, assignmentName, points) VALUES ('{$classId}','{$student}','{$assignmentName}','{$points}')"); echo "<p class='notice'>Grade added.</p>";