From 5a82c9130497c441e3f4e69ea3d2afc4cf7639ff Mon Sep 17 00:00:00 2001 From: Ayoub Rbahi Date: Wed, 20 Dec 2023 03:52:29 +0800 Subject: [PATCH] Fix Bug 557 --- Script.php | 79 +++++++++++++++++++++++++++--------------------------- 1 file changed, 39 insertions(+), 40 deletions(-) diff --git a/Script.php b/Script.php index c0bfd7e..be77f28 100644 --- a/Script.php +++ b/Script.php @@ -36,6 +36,45 @@ function is_valid_student_number($student_id) // ############################### SIGN UP ################################## if (!empty($_POST["form_signup"])) { $student_id = trim(mysqli_real_escape_string($con, $_POST["user_student_id"])); + $email = mysqli_real_escape_string($con, $_POST["email"]); + $password = mysqli_real_escape_string($con, $_POST["password"]); + $confirmpassword = mysqli_real_escape_string($con, $_POST["confirmpassword"]); + + $upperLetter = preg_match('@[A-Z]@', $password); + $smallLetter = preg_match('@[a-z]@', $password); + $containsDigit = preg_match('@[0-9]@', $password); + $containsSpecial = preg_match('@[^\w]@', $password); + $containsAll = $upperLetter && $smallLetter && $containsDigit && $containsSpecial; + + // check for strong password + if (!$containsAll) { + $_SESSION['info_signup'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and special characters (e.g., !?.,*^)."; + header("Location: signup.php"); + return; + } + + // Check confirmed password + if (strcasecmp($password, $confirmpassword) != 0) { + $_SESSION['info_signup'] = "Password confirmation failed."; + header("Location: signup.php"); + return; + } + + // validate email + if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { + $_SESSION['info_signup'] = "Invalid email address."; + header("Location: signup.php"); + return; + } + + // check if email is taken + $result = mysqli_query($con, "SELECT * FROM users_table WHERE email='$email'"); + if (mysqli_num_rows($result) != 0) { + $_SESSION["info_signup"] = "Email address " . $email . " is already in use."; + $_SESSION['user_fullname'] = null; + header("Location: signup.php"); + return; + } // validate student number if (!is_valid_student_number($student_id)) { @@ -67,51 +106,11 @@ if (!empty($_POST["form_signup"])) { if (!empty($_POST["form_signup"])) { $fullname = mysqli_real_escape_string($con, $_POST["fullname"]); $student_id = mysqli_real_escape_string($con, $_POST["user_student_id"]); - $email = mysqli_real_escape_string($con, $_POST["email"]); - $password = mysqli_real_escape_string($con, $_POST["password"]); - $confirmpassword = mysqli_real_escape_string($con, $_POST["confirmpassword"]); $_SESSION['user_fullname'] = $fullname; $_SESSION['user_type'] = "Student"; $_SESSION['user_email'] = $email; $_SESSION['user_student_id'] = $student_id; - // check confirmed password - if (strcasecmp($password, $confirmpassword) != 0) { - $_SESSION['info_signup'] = "Password confirmation failed."; - $_SESSION['user_fullname'] = null; // such that Header.php do not show the header information. - header("Location: signup.php"); - return; - } - - // validate email - if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { - $_SESSION['info_signup'] = "Invalid email address."; - header("Location: signup.php"); - return; - } - - $upperLetter = preg_match('@[A-Z]@', $password); - $smallLetter = preg_match('@[a-z]@', $password); - $containsDigit = preg_match('@[0-9]@', $password); - $containsSpecial = preg_match('@[^\w]@', $password); - $containsAll = $upperLetter && $smallLetter && $containsDigit && $containsSpecial; - - // check for strong password - if (!$containsAll) { - $_SESSION['info_signup'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and special characters (e.g., !?.,*^)."; - header("Location: signup.php"); - return; - } - - // check if email is taken - $result = mysqli_query($con, "SELECT * FROM users_table WHERE email='$email'"); - if (mysqli_num_rows($result) != 0) { - $_SESSION["info_signup"] = "Email address " . $email . " is already in use."; - $_SESSION['user_fullname'] = null; - header("Location: signup.php"); - return; - } - // apply password_hash() $password_hash = password_hash($password, PASSWORD_DEFAULT); $sql = "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`, `Student_ID`) VALUES "