-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathreply_feedback_student.php
More file actions
103 lines (92 loc) · 3.51 KB
/
reply_feedback_student.php
File metadata and controls
103 lines (92 loc) · 3.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
<?php
session_start();
include 'connection.php';
// Authentication Check for student
if (!isset($_SESSION['student_reg_no'])) {
header("Location: student_login.php");
exit();
}
$student_reg_no = $_SESSION['student_reg_no'];
// Handle new feedback submission from student
if (isset($_POST['new_feedback_message'])) {
$new_feedback_message = trim($_POST['new_feedback_message']);
if (empty($new_feedback_message)) {
$_SESSION['error_message'] = "Feedback message cannot be empty.";
header("Location: student_inbox.php");
exit();
}
// Get student's full name from users table
$stmt_name = $db->prepare("SELECT CONCAT(first_name, ' ', last_name) FROM users WHERE registration_no = ?");
if ($stmt_name) {
$stmt_name->bind_param("s", $student_reg_no);
$stmt_name->execute();
$stmt_name->bind_result($full_name);
$stmt_name->fetch();
$stmt_name->close();
} else {
$full_name = "Student";
}
// Insert new feedback into feedback table with staff_id NULL and is_staff_only 0
$stmt_insert_feedback = $db->prepare("INSERT INTO feedback (full_name, registration_no, message, submitted_at, staff_id, is_staff_only) VALUES (?, ?, ?, NOW(), NULL, 0)");
if ($stmt_insert_feedback) {
$stmt_insert_feedback->bind_param("sss", $full_name, $student_reg_no, $new_feedback_message);
if ($stmt_insert_feedback->execute()) {
$_SESSION['success_message'] = "Feedback sent successfully.";
$stmt_insert_feedback->close();
header("Location: student_inbox.php");
exit();
} else {
$_SESSION['error_message'] = "Failed to send feedback: " . $stmt_insert_feedback->error;
$stmt_insert_feedback->close();
header("Location: student_inbox.php");
exit();
}
} else {
$_SESSION['error_message'] = "Failed to prepare feedback insert statement: " . $db->error;
header("Location: student_inbox.php");
exit();
}
}
// Handle reply to existing feedback
$feedback_id = $_POST['id'] ?? null;
if (!$feedback_id) {
header("Location: student_inbox.php");
exit();
}
// Fetch feedback details to verify ownership
$stmt = $db->prepare("SELECT registration_no FROM feedback WHERE id = ?");
$stmt->bind_param("i", $feedback_id);
$stmt->execute();
$stmt->bind_result($registration_no);
$stmt->fetch();
$stmt->close();
if ($registration_no !== $student_reg_no) {
// Prevent replying to feedback not belonging to this student
header("Location: student_inbox.php");
exit();
}
$reply_message = trim($_POST['reply_message'] ?? '');
if (empty($reply_message)) {
$_SESSION['error_message'] = "Reply message cannot be empty.";
header("Location: student_inbox.php");
exit();
}
$stmt_insert = $db->prepare("INSERT INTO student_feedback_replies (feedback_id, student_reg_no, reply_message, replied_at) VALUES (?, ?, ?, NOW())");
if ($stmt_insert === false) {
$_SESSION['error_message'] = "Failed to prepare reply statement: " . $db->error;
header("Location: student_inbox.php");
exit();
}
$stmt_insert->bind_param("iss", $feedback_id, $student_reg_no, $reply_message);
if ($stmt_insert->execute()) {
$_SESSION['success_message'] = "Reply sent successfully.";
$stmt_insert->close();
header("Location: student_inbox.php");
exit();
} else {
$_SESSION['error_message'] = "Failed to send reply: " . $stmt_insert->error;
$stmt_insert->close();
header("Location: student_inbox.php");
exit();
}
?>