socket_
/
Noodle


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687
							<?php
$root = $_SERVER['DOCUMENT_ROOT'];
include($root . "/util/session.php");
include($root . "/util/privilege_check.php");
checkPrivilege("admin");

if ($_SERVER["REQUEST_METHOD"] == "POST") {
	$degreeID = mysqli_real_escape_string($db, $_POST['degreeID']);
	$subjectID = mysqli_real_escape_string($db, $_POST['subjectID']);
	$sql_query = "select * from subjects where degreeID = '$degreeID' and subjectID='$subjectID'";
	$result = mysqli_query($db, $sql_query);
	//check if user exists
	if (mysqli_num_rows($result) == 0) {
		$error = "Subject in that degree doesn't exist";
	} else {
		$description = mysqli_real_escape_string($db, $_POST['description']);
		$subjectID = mysqli_real_escape_string($db, $_POST['subjectID']);
		$subjectName = mysqli_real_escape_string($db, $_POST['subjectName']);
		$description = mysqli_real_escape_string($db, $_POST['description']);
		$coordinator = mysqli_real_escape_string($db, $_POST['coordinatorID']);
		$sql_query = "UPDATE subjects SET subjectName = '$subjectName', description = '$description', coordinatorID='$coordinator' where subjectID='$subjectID' and degreeID='$degreeID'";
		$result = mysqli_query($db, $sql_query);
		if ($result) {
			header("Location: /admin/admin.php?msg=Subject Modified");
		}
	}
} else {
	$degreeID = mysqli_real_escape_string($db, $_GET['degreeID']);
	$subjectID = mysqli_real_escape_string($db, $_GET['subjectID']);
	$query = "SELECT * FROM subjects where degreeID='$degreeID' and subjectID='$subjectID'";
	$result = mysqli_query($db, $query);
	if (mysqli_num_rows($result) == 0) {
		$error = "No such degree";
		exit;
	} else {
		$row = mysqli_fetch_assoc($result);
	}
}
?>
<head>
		<title>Modify a degree</title>
		<link rel="stylesheet" type="text/css" href="adminStyle.css">
	</head>

<?php
		include($root . "/admin/header.php");
		?>
<main>
	<html>
	<body>
		
		<li><a href="/admin/subjectList.php?degreeID=<?php echo $row['degreeID'] ?>">Back</a></li>
		<form action="/admin/subjectMod.php" method="post" id="subjectForm">
			<label for="degreeID">ID of Degree subject belongs to:</label><br>
			<input type="text" id="degreeID" name="degreeID" value="<?php echo $row['degreeID'] ?>"><br>
			<label for="degreeID">ID of Subject to modify</label><br>
			<input type="text" id="subjectID" name="subjectID" value="<?php echo $row['subjectID'] ?>"><br>
			<label for="subjectName">New subject name:</label><br>
			<input type="text" id="subjectName" name="subjectName" value="<?php echo $row['subjectName'] ?>"><br>
			<label for="description">New description:</label><br>
			<textarea rows="4" cols="50" name="description" id="description" form="subjectForm"><?php echo $row['description'] ?></textarea><br>
			<label for="coordinatorID">Coordinator:</label><br>
			<select name="coordinatorID" id="coordinatorID" name="coordinatorID" form="subjectForm">
				<?php
				$tSQL = "select * from users join user_info on users.username=user_info.login where usertype='teacher'";
				$tResult = mysqli_query($db, $tSQL);
				while ($teacher = mysqli_fetch_assoc($tResult)) {
					if ($row['coordinatorID'] == $teacher['username']) {
						echo '<option selected="" value="' . $teacher['username'] . '">' . $teacher['full_name'] . '</option>';
					} else {
						echo '<option value="' . $teacher['username'] . '">' . $teacher['full_name'] . '</option>';
					}
				}
				?>
			</select>
			<input type="submit" value="Submit">
		</form>
		<div style="font-size:11px; color:#cc0000; margin-top:10px"><?php if (isset($error)) {
																		echo $error;
																	} ?></div>

		
	</body>

	</html>
</main>