function authStud(&$response, $mst_id, array $stud_id)
{
    $faculty_id = true;
    if (Privilege_Master::is_super($_SESSION['privilege_id'])) {
        $faculty_id = false;
    }
    if (!getStudentsByMst($response, $mst_id, $faculty_id)) {
        return false;
    }
    foreach ($stud_id as $id) {
        $flag = false;
        foreach ($response['data'] as $stud) {
            if (strcmp($stud['stud_id'], $id) == 0) {
                $flag = true;
                break;
            }
        }
        if (!$flag) {
            break;
        }
    }
    if ($flag) {
        $response = true;
        return true;
    }
    $response = array('code' => HTTP_Status::FORBIDDEN, 'message' => HTTP_Status::FORBIDDEN_MSG);
    return false;
}
    echo json_encode($try);
    exit;
}
if ('POST' == $_SERVER['REQUEST_METHOD']) {
    if (!isset($_SESSION['login']) || $_SESSION['login'] !== true) {
        attd_error(HTTP_Status::UNAUTHORIZED);
    } else {
        if (!ctype_digit($_SESSION['faculty_id']) && !Privilege_Master::is_super($_SESSION['privilege_id'])) {
            attd_error(HTTP_Status::FORBIDDEN);
        }
    }
    parse_str(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY), $queries);
    if (empty($queries['mst']) || !ctype_digit($queries['mst'])) {
        attd_error(HTTP_Status::BAD_REQUEST);
    }
    if (getStudentsByMst($students, $queries['mst'])) {
        $abs_ids = array();
        if (isset($_POST['abs']) && is_array($_POST['abs'])) {
            $abs_ids = $_POST['abs'];
        }
        //var_dump($students);
        try {
            $today = new DateTime();
            $lec_date = new DateTime($_POST['date']);
            $st_date = new DateTime($students['metadata']['start_date']);
            $end_date = new DateTime($students['metadata']['end_date']);
        } catch (\Exception $e) {
            attd_error(HTTP_Status::BAD_REQUEST, "Invalid lecture date format.");
        }
        if ($lec_date < $st_date || $lec_date > $today) {
            attd_error(HTTP_Status::BAD_REQUEST, "Lecture date must be within " . $st_date->format("d-m-Y") . " to " . $today->format("d-m-Y") . ".");
    }
    $try = array("req_aborted" => true, "error" => $err, "status" => $status);
    $try = json_encode($try);
    header('Content-Length: ' . strlen($try));
    header('Content-Type: application/json');
    echo $try;
    exit;
}
if ('GET' == $_SERVER['REQUEST_METHOD']) {
    //var_dump($_GET);
    if (!isset($_SESSION['login']) || $_SESSION['login'] !== true) {
        attd_error(HTTP_Status::UNAUTHORIZED);
    } else {
        if (!ctype_digit($_SESSION['faculty_id']) && !Privilege_Master::is_super($_SESSION['privilege_id'])) {
            attd_error(HTTP_Status::FORBIDDEN);
        } else {
            if (empty($_GET['mst']) || !ctype_digit($_GET['mst'])) {
                attd_error(HTTP_Status::BAD_REQUEST);
            }
        }
    }
    $response = array();
    if (getStudentsByMst($response, $_GET['mst'])) {
        $response = json_encode($response);
        header('Content-Length: ' . strlen($response));
        header('Content-Type: application/json');
        echo $response;
    } else {
        attd_error($response['code'], isset($response['message']) ? $response['message'] : "");
    }
}