From dd75c24a3030fb0bc9da7cd8106e953869b01664 Mon Sep 17 00:00:00 2001
From: Goldenbwuoy <mumanikidzwag@gmail.com>
Date: Mon, 13 Dec 2021 12:00:06 +0800
Subject: [PATCH] Fix the id number verification bug

---
 Script.php | 34 ++++++++++++++++------------------
 signup.php |  8 ++++----
 2 files changed, 20 insertions(+), 22 deletions(-)

diff --git a/Script.php b/Script.php
index 00fcbcf..68c3b3c 100644
--- a/Script.php
+++ b/Script.php
@@ -34,39 +34,37 @@ function is_valid_student_number($student_id)
 }
 
 // ############################### SIGN UP ##################################
-if (!empty($_POST["frm_signup_1"])) {
+if (!empty($_POST["form_signup"])) {
 
-    $student_id = trim(mysqli_real_escape_string($con, $_POST["student_id"]));
+    $student_id = trim(mysqli_real_escape_string($con, $_POST["user_student_id"]));
 
     // validate student number
     if (!is_valid_student_number($student_id)) {
-        $_SESSION["info_signup1"] = "Invalid student number.";
-        header("Location: index.php");
+        $_SESSION["info_signup"] = "Invalid student number.";
+        header("Location: signup.php");
         return;
     }
 
     // Check if this student number is a legal one
     $result = mysqli_query($con, "SELECT * FROM `students_data` WHERE Student_ID='$student_id'");
     if (mysqli_num_rows($result) == 0) {
-        $_SESSION["info_signup1"] = "Your entered student number could not be verified.  Please contact Student Management Office <lanhui at zjnu.edu.cn>.  Thanks.";
-        header("Location: index.php");
+        $_SESSION["info_signup"] = "Your entered student number could not be verified.  Please contact Student Management Office <lanhui at zjnu.edu.cn>.  Thanks.";
+        header("Location: signup.php");
         return;
     }
 
-    $result98 = mysqli_query($con, "SELECT * FROM `users_table` WHERE Student_ID='$student_id'");
-    if (mysqli_num_rows($result98) == 0) {
-        $_SESSION['user_student_id'] = $student_id;
+    // Check if the student number isn't already registered
+
+    $student_result = mysqli_query($con, "SELECT * FROM `users_table` WHERE Student_ID='$student_id'");
+    if (mysqli_num_rows($student_result) > 0) {
+        $_SESSION["info_signup"] = "This Student ID is already in use! Please contact Student Management Office <lanhui at zjnu.edu.cn> for help.";
         header("Location: signup.php");
         return;
-    } else {
-        $_SESSION["info_signup1"] = "This Student ID is already in use! Please contact Student Management Office <lanhui at zjnu.edu.cn> for help.";
-        header("Location: index.php");
-        return;
     }
 }
 
 // ############################### CREATE STUDENT USER ##################################
-if (!empty($_POST["frm_signup_2"])) {
+if (!empty($_POST["form_signup"])) {
     $fullname = mysqli_real_escape_string($con, $_POST["fullname"]);
     $student_id = mysqli_real_escape_string($con, $_POST["user_student_id"]);
     $email = mysqli_real_escape_string($con, $_POST["email"]);
@@ -79,7 +77,7 @@ if (!empty($_POST["frm_signup_2"])) {
 
     // check confirmed password
     if (strcasecmp($password, $confirmpassword) != 0) {
-        $_SESSION['info_signup2'] = "Password confirmation failed.";
+        $_SESSION['info_signup'] = "Password confirmation failed.";
         $_SESSION['user_fullname'] = null;  // such that Header.php do not show the header information.        
         header("Location: signup.php");
         return;
@@ -87,7 +85,7 @@ if (!empty($_POST["frm_signup_2"])) {
 
     // validate email
     if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
-        $_SESSION['info_signup2'] = "Invalid email address.";
+        $_SESSION['info_signup'] = "Invalid email address.";
         header("Location: signup.php");
         return;
     }
@@ -100,7 +98,7 @@ if (!empty($_POST["frm_signup_2"])) {
 
     // check for strong password
     if (!$containsAll) {
-        $_SESSION['info_signup2'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and sepcial characters (e.g., !?.,*^).";
+        $_SESSION['info_signup'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and sepcial characters (e.g., !?.,*^).";
         header("Location: signup.php");
         return;
     }
@@ -109,7 +107,7 @@ if (!empty($_POST["frm_signup_2"])) {
     $result = mysqli_query($con, "SELECT * FROM users_table WHERE email='$email'");
     if(mysqli_num_rows($result) != 0)
     {
-        $_SESSION["info_signup2"]="Email address ".$email."  is already in use.";
+        $_SESSION["info_signup"]="Email address ".$email."  is already in use.";
         $_SESSION['user_fullname'] = null;
         header("Location: signup.php");
         return;
diff --git a/signup.php b/signup.php
index 97d78b4..ae17b5e 100644
--- a/signup.php
+++ b/signup.php
@@ -18,7 +18,7 @@ include 'Header.php';
             <div class="panel-body">
 
                 <form method="post" action="Script.php" id="signup_form">
-                    <input type="hidden" name="frm_signup_2" value="true" />
+                    <input type="hidden" name="form_signup" value="true" />
                     Full Name
                     <input type="text" name="fullname" placeholder="Your full name" class="form-control" value="<?php echo $_SESSION['user_fullname']; ?>" required="required" id="full_name"/>
 
@@ -37,9 +37,9 @@ include 'Header.php';
                     <input type="submit" class="btn-primary" value="Sign up" id="signup_btn">
                     <?php
                     error_reporting(E_ALL);
-                    if (isset($_SESSION['info_signup2'])) {
-                        echo  '<hr><div class="alert alert-danger" role="alert">' . $_SESSION['info_signup2'] . '</div>';
-                        $_SESSION['info_signup2'] = null;
+                    if (isset($_SESSION['info_signup'])) {
+                        echo  '<hr><div class="alert alert-danger" role="alert">' . $_SESSION['info_signup'] . '</div>';
+                        $_SESSION['info_signup'] = null;
                     }
                     ?>
                 </form>