Merge branch 'Bug557-Ayoub' of http://118.25.96.118:3000/mrlan/LRR into Bug557-Ayoub

2023-12-23 17:17:27 +08:00 · 2023-12-23 17:17:27 +08:00 · 1c560589ba
parent 8d30ecc584 5a82c91304
commit 1c560589ba
1 changed files with 39 additions and 40 deletions
--- a/Script.php
+++ b/Script.php
@ -36,6 +36,45 @@ function is_valid_student_number($student_id)
 // ############################### SIGN UP ##################################
 if (!empty($_POST["form_signup"])) {
    $student_id = trim(mysqli_real_escape_string($con, $_POST["user_student_id"]));
+    $email = mysqli_real_escape_string($con, $_POST["email"]);
+    $password = mysqli_real_escape_string($con, $_POST["password"]);
+    $confirmpassword = mysqli_real_escape_string($con, $_POST["confirmpassword"]);
+
+    $upperLetter     = preg_match('@[A-Z]@',    $password);
+    $smallLetter     = preg_match('@[a-z]@',    $password);
+    $containsDigit   = preg_match('@[0-9]@',    $password);
+    $containsSpecial = preg_match('@[^\w]@',    $password);
+    $containsAll = $upperLetter && $smallLetter && $containsDigit && $containsSpecial;
+
+    // check for strong password
+    if (!$containsAll) {
+        $_SESSION['info_signup'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and special characters (e.g., !?.,*^).";
+        header("Location: signup.php");
+        return;
+    }
+
+    // Check confirmed password
+    if (strcasecmp($password, $confirmpassword) != 0) {
+        $_SESSION['info_signup'] = "Password confirmation failed.";       
+        header("Location: signup.php");
+        return;
+    }
+
+    // validate email
+    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+        $_SESSION['info_signup'] = "Invalid email address.";
+        header("Location: signup.php");
+        return;
+    }
+
+    // check if email is taken
+    $result = mysqli_query($con, "SELECT * FROM users_table WHERE email='$email'");
+    if (mysqli_num_rows($result) != 0) {
+        $_SESSION["info_signup"] = "Email address " . $email . "  is already in use.";
+        $_SESSION['user_fullname'] = null;
+        header("Location: signup.php");
+        return;
+    }

    // validate student number
    if (!is_valid_student_number($student_id)) {
@ -67,51 +106,11 @@ if (!empty($_POST["form_signup"])) {
 if (!empty($_POST["form_signup"])) {
    $fullname = mysqli_real_escape_string($con, $_POST["fullname"]);
    $student_id = mysqli_real_escape_string($con, $_POST["user_student_id"]);
-    $email = mysqli_real_escape_string($con, $_POST["email"]);
-    $password = mysqli_real_escape_string($con, $_POST["password"]);
-    $confirmpassword = mysqli_real_escape_string($con, $_POST["confirmpassword"]);
    $_SESSION['user_fullname'] = $fullname;
    $_SESSION['user_type'] = "Student";
    $_SESSION['user_email'] = $email;
    $_SESSION['user_student_id'] = $student_id;

-    // check confirmed password
-    if (strcasecmp($password, $confirmpassword) != 0) {
-        $_SESSION['info_signup'] = "Password confirmation failed.";
-        $_SESSION['user_fullname'] = null;  // such that Header.php do not show the header information.        
-        header("Location: signup.php");
-        return;
-    }
-
-    // validate email
-    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
-        $_SESSION['info_signup'] = "Invalid email address.";
-        header("Location: signup.php");
-        return;
-    }
-
-    $upperLetter     = preg_match('@[A-Z]@',    $password);
-    $smallLetter     = preg_match('@[a-z]@',    $password);
-    $containsDigit   = preg_match('@[0-9]@',    $password);
-    $containsSpecial = preg_match('@[^\w]@',    $password);
-    $containsAll = $upperLetter && $smallLetter && $containsDigit && $containsSpecial;
-
-    // check for strong password
-    if (!$containsAll) {
-        $_SESSION['info_signup'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and special characters (e.g., !?.,*^).";
-        header("Location: signup.php");
-        return;
-    }
-
-    // check if email is taken
-    $result = mysqli_query($con, "SELECT * FROM users_table WHERE email='$email'");
-    if (mysqli_num_rows($result) != 0) {
-        $_SESSION["info_signup"] = "Email address " . $email . "  is already in use.";
-        $_SESSION['user_fullname'] = null;
-        header("Location: signup.php");
-        return;
-    }
-
    // apply password_hash()
    $password_hash = password_hash($password, PASSWORD_DEFAULT);
    $sql = "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`, `Student_ID`) VALUES "