$quest = $_POST['q']; $gtotal = $_POST['gtotal']; $logid = $_SESSION['logid']; $sql = ""; //LAST PIECE OF PROTECTION FROM EDITS function preventEdit($con, $logid, $evtype, $quest) { $sql = "SELECT faculty_results.id FROM faculty_results JOIN users ON users.id=faculty_results.evaluator WHERE users.logid='{$logid}' AND evtype='{$evtype}' AND {$quest} > 0"; $query = mysqli_query($con, $sql); $numrows = mysqli_num_rows($query); if ($numrows > 0) { echo "That evaluation was completed"; exit; } } preventEdit($con, $logid, $evtype, $quest); if ($eval == 'self') { $sql = "SELECT faculty_results.id FROM faculty_results JOIN users ON users.id=faculty_results.evaluator AND users.id=faculty_results.toevaluate WHERE users.logid='{$logid}';"; } //OPTIMIZED FOR FACULTY //~ $sql = "SELECT faculty.id FROM faculty JOIN users ON users.id=faculty.userkey WHERE users.logid='$logid';"; //~ $sql = "SELECT faculty_results.id FROM faculty_results JOIN users ON users.id=faculty. WHERE users.logid='$logid';"; $query = mysqli_query($con, $sql); $numrows = mysqli_num_rows($query); if ($numrows == 0) { echo "Don't try to hack"; exit; } else { $row = mysqli_fetch_row($query); $sql = "UPDATE faculty_results SET {$quest}='" . $gtotal . "' WHERE faculty_results.id='{$row['0']}';"; $query = mysqli_query($con, $sql);
if ($numrows > 0) { return true; } echo "ERROR"; exit; } //ONLY OPTIMIZED FOR FACULTY; PLEASE CHANGE LATER ACCORDINGLY E.G. ADD CHECKS FOR UTYPE if (!isset($_GET['evtype']) or !isset($_GET['eval']) or !isset($_GET['q'])) { echo "ERROR"; exit; } $evtype = mysqli_real_escape_string($con, $_GET['evtype']); $eval = mysqli_real_escape_string($con, $_GET['eval']); $quest = mysqli_real_escape_string($con, $_GET['q']); if (validUrl($con, $evtype, $eval, $quest)) { preventEdit($con, $_SESSION['logid'], $evtype, $quest); } $sql = "SELECT percent, content FROM {$quest}"; $query = mysqli_query($con, $sql); $numrows = mysqli_num_rows($query); if ($numrows == 0) { echo "No questions"; exit; } $category = ""; $count = 0; $eval = urlencode($eval); $putbackbtn = 0; while ($row = mysqli_fetch_array($query)) { if ($row[0] > 0) { if ($row[1] != $category) {
$numrows = mysqli_num_rows($query); if ($numrows > 0) { return true; } echo "ERROR"; exit; } //ONLY OPTIMIZED FOR FACULTY; PLEASE CHANGE LATER ACCORDINGLY E.G. ADD CHECKS FOR UTYPE if (!isset($_GET['sub']) or !isset($_GET['st'])) { echo "ERROR"; exit; } $sub = mysqli_real_escape_string($con, $_GET['sub']); $st = mysqli_real_escape_string($con, $_GET['st']); if (invalidUrl($con, $_SESSION['logid'], $sub, $st)) { preventEdit($con, $_SESSION['logid'], $sub, $st); } $sql = "SELECT percent, content FROM st_evaluation"; $query = mysqli_query($con, $sql); $numrows = mysqli_num_rows($query); if ($numrows == 0) { echo "No questions"; exit; } echo "id is " . $_SESSION['userid']; $category = ""; $count = 0; $eval = urlencode($eval); $putbackbtn = 0; //~ $numrows=mysqli_num_rows($query); $numrows = 4;