// Student is trying to hack into another students userID on the URL. header("HTTP/1.0 404 Not Found"); $msg = sprintf($string['furtherassistance'], $configObject->get('support_email'), $configObject->get('support_email')); $notice->display_notice_and_exit($mysqli, $string['pagenotfound'], $msg, $string['pagenotfound'], '../artwork/page_not_found.png', '#C00000', true, true); } } else { $userID = $userObject->get_user_ID(); } $old_q_id = 0; $old_screen = 0; echo $top_table_html; echo '<tr><td><div class="paper">' . $propertyObj->get_paper_title() . '</div></td>'; echo $logo_html; echo '</table>'; // Get any marking override for the paper $overrides = array(); $sql = "SELECT m.q_id, title, surname, date_marked, new_mark_type, adjmark\n FROM marking_override m INNER JOIN users u ON m.marker_id = u.id\n INNER JOIN log{$log_type} l ON m.log_id = l.id\n WHERE user_id = ? AND paper_id = ?"; $result = $mysqli->prepare($sql); $result->bind_param('ii', $userID, $paperID); $result->execute(); $result->store_result(); $result->bind_result($o_q_id, $o_title, $o_surname, $o_date_marked, $o_new_mark_type, $o_adjmark); while ($result->fetch()) { $overrides[$o_q_id] = array('q_id' => $o_q_id, 'title' => $o_title, 'surname' => $o_surname, 'date_marked' => $o_date_marked, 'new_mark_type' => $o_new_mark_type, 'adjmark' => $o_adjmark); } $result->close(); $status_array = QuestionStatus::get_all_statuses($mysqli, $string, true); display_feedback($propertyObj, $userID, $log_type, $userObject, $log_metadata, $mysqli, $status_array, $overrides, $preview_q_id); echo "</body>\n</html>"; $mysqli->close(); ob_end_flush();
} if ($page != $lastpage) { echo "<li><a href='?{$next}'>Next →</a></li>"; } else { echo "<li class='disabled'><a>Next →</a></li>"; } } else { echo "<script>show_error('No notifications found');</script>"; } echo <<<next \t\t\t\t\t\t</ul> \t\t\t\t\t\t</div> \t\t\t\t\t\t \t\t\t\t\t\t\t next; } else { echo "<center><p>No complaints/suggestions found.</p></center>"; } echo "</div></div><div class='span3'>"; go_home(); sidepanel(); echo "</div></div>"; display_footer(); echo "\n</body>\n</html>"; } else { echo "<script type='text/javascript'>document.location.href='404.php';</script>"; } } } display_feedback("Admin - Feedback");