<?php

include_once('header_footer.php');
include_once('login_funcs.php');

siteHeader();
if ($LOGGED_IN = user_isloggedin()) {

	if (!empty($_POST['id'])) {
		$id=$_POST['id'];
	} else {
		$id=$_GET['id'];
	}

	if (!empty($_POST['course'])) {
		$course=$_POST['course'];
	} else {
		$course=$_GET['course'];
	}

	if (!empty($_POST['grade'])) {
		$currentgrade=$_POST['grade'];
	} else {
		$currentgrade=$_GET['grade'];
	}

	if ($debugattack) {
		echo "DEBUG Cookie user_name: " . $_COOKIE['user_name'] . "<br/>";
		echo "DEBUG Parameter id: ". $id . "<br/>";
		echo "DEBUG Parameter course: ". $course . "<br/>";
		echo "DEBUG Parameter grade: ". $currentgrade . "<br/>";
	}

	// Steve is faculty member and therefore can edit any student grades
	if (strcmp($_COOKIE['user_name'],"steve")==0) {

		echo "<p>The current grade for student " . $id . " in course " . $course . " is " . $currentgrade . "<br/>";
		echo "Select the new grade:</p>";
		echo "<a href=\"updategrade.php?id=" . $id . "&amp;course=" . $course . "&amp;newgrade=HD\">HD</a> ";
		echo "<a href=\"updategrade.php?id=" . $id . "&amp;course=" . $course . "&amp;newgrade=D\">D</a> ";
		echo "<a href=\"updategrade.php?id=" . $id . "&amp;course=" . $course . "&amp;newgrade=C\">C</a> ";
		echo "<a href=\"updategrade.php?id=" . $id . "&amp;course=" . $course . "&amp;newgrade=P\">P</a> ";
		echo "<a href=\"updategrade.php?id=" . $id . "&amp;course=" . $course . "&amp;newgrade=F\">F</a> ";

		echo "<br/>or<br/>";

		echo "<a href=\"updategrade.php?id=" . $id . "&amp;course=" . $course . "&amp;newgrade=A\">A</a> ";
		echo "<a href=\"updategrade.php?id=" . $id . "&amp;course=" . $course . "&amp;newgrade=B%2B\">B+</a> ";
		echo "<a href=\"updategrade.php?id=" . $id . "&amp;course=" . $course . "&amp;newgrade=B\">B</a> ";
		echo "<a href=\"updategrade.php?id=" . $id . "&amp;course=" . $course . "&amp;newgrade=C%2B\">C+</a> ";
		echo "<a href=\"updategrade.php?id=" . $id . "&amp;course=" . $course . "&amp;newgrade=C\">C</a> ";
		echo "<a href=\"updategrade.php?id=" . $id . "&amp;course=" . $course . "&amp;newgrade=D%2B\">D+</a> ";
		echo "<a href=\"updategrade.php?id=" . $id . "&amp;course=" . $course . "&amp;newgrade=D\">D</a> ";
		echo "<a href=\"updategrade.php?id=" . $id . "&amp;course=" . $course . "&amp;newgrade=F\">F</a> ";

	} else {
		echo "<p>You are not allowed to edit grades.</p>";
	}

	echo "<p><a href=\"query.php\">View/edit more grades</a></p>";
	echo "<p><a href=\"index.php\">Return home</a></p>";

} else {
	header("Location: index.php");
}

siteFooter();

?>