From ef87c1248f28ac9cd99a2bca7c8a699a9944d7b9 Mon Sep 17 00:00:00 2001 From: newtechAI Date: Wed, 6 Dec 2023 02:34:46 +0100 Subject: [PATCH 01/16] Fix Bug352 --- Admin.php | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/Admin.php b/Admin.php index 6accee9..3234bf3 100644 --- a/Admin.php +++ b/Admin.php @@ -9,7 +9,7 @@ include 'Header.php'; -
+ Full name
Email -
- Passport No. (used as the initial password) -
+
+ Initial password + + + Leave it empty to let LRR generate a strong password for you.

User type: - TA (Teaching Assistant) '; - } else if ($_SESSION['user_type'] == "Admin"){ - echo " Lecturer "; - } - ?> + + TA (Teaching Assistant) '; + } else if ($_SESSION['user_type'] == "Admin"){ + echo " Lecturer "; + } + + ?> +

- + ID Name Email - Passport / ID Reset password Block/Activate @@ -130,7 +135,7 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") { } while ($row = mysqli_fetch_assoc($result)) { - $pass = $row['Passport_Number']; + $pass = $row['Password']; $btn = ""; if ($row['Status'] == "Active") { $newstatus = "Blocked"; @@ -140,7 +145,7 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") { $btnBlock = ""; } - echo "" . $row['User_ID'] . "" . $row['Full_Name'] . "" . $row['Email'] . " " . $row['Passport_Number'] . "$btn$btnBlock"; + echo "" . $row['User_ID'] . "" . $row['Full_Name'] . "" . $row['Email'] . "$btn$btnBlock"; } ?> From f3ef8d8e5cf32e7800c685e3efc0d347403624d2 Mon Sep 17 00:00:00 2001 From: newtechAI Date: Wed, 6 Dec 2023 02:40:34 +0100 Subject: [PATCH 02/16] Fix Bug352 --- Script.php | 62 +++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 57 insertions(+), 5 deletions(-) diff --git a/Script.php b/Script.php index f664eee..16df7d3 100644 --- a/Script.php +++ b/Script.php @@ -1,7 +1,19 @@ + query($sql) === TRUE) { - $_SESSION["info_Admin_Users"] = $type . " user created successfully. Use email " . $email . " as account name and $password as password."; + // $file_name = $email.'.txt'; + $_SESSION["info_Admin_Users"] = $type . " user created successfully. Use email " . $email . " as account name and ". $password ." as password."; + // file_put_contents('./acounts/'.$file_name, $_SESSION["info_Admin_Users"]); + //downloadFile($email); header("Location: Admin.php"); + } else { - echo "Error: " . $sql . "
" . $con->error; + alert("Error: " . $sql . "
" . $con->error); } + +} + +// ### FUNCTION TO GENERATE INITIAL PASSWORDS ###// +function generateStrongPassword() { + + $characters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_'; + $password_length = 12; + $gen_password = ''; + for ($i = 0; $i < $password_length; $i++) { + $random_index = mt_rand(0, strlen($characters) - 1); + $gen_password .= $characters[$random_index]; + } + + // Return the generated password + return $gen_password; } // #### FUNCTION CHECK FILE TYPES //// From fec54998619654507e896e6a375991bf8d87a8ae Mon Sep 17 00:00:00 2001 From: newtechAI Date: Wed, 6 Dec 2023 03:02:55 +0100 Subject: [PATCH 03/16] bug352 script.php update --- Script.php | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/Script.php b/Script.php index 16df7d3..c817ac5 100644 --- a/Script.php +++ b/Script.php @@ -1,16 +1,16 @@ From 7f26ff5fc9027fac05ad6d2f0878f6879fe2463c Mon Sep 17 00:00:00 2001 From: newtechAI Date: Wed, 6 Dec 2023 03:23:42 +0100 Subject: [PATCH 04/16] bug 352 update 6-12-23 --- Admin.php | 2 +- Script.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Admin.php b/Admin.php index 3234bf3..6dc676e 100644 --- a/Admin.php +++ b/Admin.php @@ -73,7 +73,7 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
Initial password - + Leave it empty to let LRR generate a strong password for you.

User type: diff --git a/Script.php b/Script.php index c817ac5..028baf8 100644 --- a/Script.php +++ b/Script.php @@ -289,7 +289,7 @@ if (!empty($_POST["form_createlecturrer"])){ $email = mysqli_real_escape_string($con, $_POST["email"]); $fullname = mysqli_real_escape_string($con, $_POST["fullname"]); $type = mysqli_real_escape_string($con, $_POST["type"]); - $password = mysqli_real_escape_string($con, $_POST["passport"]); + $password = mysqli_real_escape_string($con, $_POST["password"]); $pass_len=strlen($password); if ($pass_len==0) { $password = generateStrongPassword(); From 71ce1e134596f1432091d6446d39bea5cd095cab Mon Sep 17 00:00:00 2001 From: newtechAI Date: Wed, 6 Dec 2023 03:36:54 +0100 Subject: [PATCH 05/16] update the sql connections --- Script.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/Script.php b/Script.php index 028baf8..f0021e7 100644 --- a/Script.php +++ b/Script.php @@ -25,11 +25,14 @@ session_start(); date_default_timezone_set('Asia/Shanghai'); +//// Connect to MySQL database +//$mysql_host= "localhost"; +//$mysql_username = "root"; +//$mysql_password = ""; +//$mysql_db = "lrr"; // Connect to MySQL database -$mysql_host= "localhost"; -$mysql_username = "root"; -$mysql_password = ""; -$mysql_db = "lrr"; +include "get_mysql_credentials.php"; +$con = mysqli_connect("localhost", $mysql_username, $mysql_password, "lrr"); // $mysql_username, $mysql_password variable declared directly $con= mysqli_connect($mysql_host,$mysql_username,$mysql_password,$mysql_db); From 12e9038decd9b32849066d77e56cde6f0c32cf4b Mon Sep 17 00:00:00 2001 From: Lan Hui Date: Tue, 12 Dec 2023 19:02:41 +0800 Subject: [PATCH 06/16] Script.php: make DB connection work. --- Script.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Script.php b/Script.php index f0021e7..cb0ffca 100644 --- a/Script.php +++ b/Script.php @@ -35,7 +35,7 @@ include "get_mysql_credentials.php"; $con = mysqli_connect("localhost", $mysql_username, $mysql_password, "lrr"); // $mysql_username, $mysql_password variable declared directly -$con= mysqli_connect($mysql_host,$mysql_username,$mysql_password,$mysql_db); +// $con= mysqli_connect($mysql_host,$mysql_username,$mysql_password,$mysql_db); //$con = mysqli_connect("localhost", "root", "", "lrr"); From 0a7d4a5afaf82e860de96f4654e9686cc0f9c939 Mon Sep 17 00:00:00 2001 From: Lan Hui Date: Tue, 12 Dec 2023 19:05:53 +0800 Subject: [PATCH 07/16] Admin.php: use a better instruction for the password --- Admin.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Admin.php b/Admin.php index 6dc676e..93db930 100644 --- a/Admin.php +++ b/Admin.php @@ -71,10 +71,10 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
Email
- Initial password + Initial password (Enter a strong password or leave it empty to let LRR generate one) - Leave it empty to let LRR generate a strong password for you.

+

User type: Date: Tue, 12 Dec 2023 19:17:53 +0800 Subject: [PATCH 08/16] Admin.php: improve indentation --- Admin.php | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/Admin.php b/Admin.php index 93db930..5ea2867 100644 --- a/Admin.php +++ b/Admin.php @@ -71,12 +71,9 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
Email
- Initial password (Enter a strong password or leave it empty to let LRR generate one) - - -

+ Initial password (Enter a strong password or leave it empty to let LRR generate one) +
User type: - Date: Tue, 12 Dec 2023 19:21:24 +0800 Subject: [PATCH 09/16] Script.php: not Users_Table, but users_table -- every letter in the table name should be in lowercase --- Script.php | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/Script.php b/Script.php index cb0ffca..32c3ffb 100644 --- a/Script.php +++ b/Script.php @@ -293,25 +293,22 @@ if (!empty($_POST["form_createlecturrer"])){ $fullname = mysqli_real_escape_string($con, $_POST["fullname"]); $type = mysqli_real_escape_string($con, $_POST["type"]); $password = mysqli_real_escape_string($con, $_POST["password"]); - $pass_len=strlen($password); - if ($pass_len==0) { - $password = generateStrongPassword(); - - } - + $pass_len = strlen($password); + if ($pass_len == 0) { + $password = generateStrongPassword(); + } // $passport_no=$password; // check if email is taken $result = mysqli_query( $con, - "SELECT * FROM Users_Table WHERE email='$email'" + "SELECT * FROM users_table WHERE email='$email'" ); if (mysqli_num_rows($result) != 0) { $_SESSION["info_Admin_Users"] = "Email address : " . $email . " is already in use."; header("Location: Admin.php"); exit; // header( "refresh:5;url=Admin.php" ); - } $password_hash = password_hash("$password", PASSWORD_DEFAULT); $sql = "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`) VALUES " From 3ee85d0bda0aded48c339ad9c2db997a529d6be0 Mon Sep 17 00:00:00 2001 From: Lan Hui Date: Tue, 12 Dec 2023 19:22:54 +0800 Subject: [PATCH 10/16] Script.php: remove unused statements --- Script.php | 30 ------------------------------ 1 file changed, 30 deletions(-) diff --git a/Script.php b/Script.php index 32c3ffb..dee89e7 100644 --- a/Script.php +++ b/Script.php @@ -1,16 +1,5 @@ @@ -24,22 +13,9 @@ session_start(); date_default_timezone_set('Asia/Shanghai'); - -//// Connect to MySQL database -//$mysql_host= "localhost"; -//$mysql_username = "root"; -//$mysql_password = ""; -//$mysql_db = "lrr"; -// Connect to MySQL database include "get_mysql_credentials.php"; $con = mysqli_connect("localhost", $mysql_username, $mysql_password, "lrr"); -// $mysql_username, $mysql_password variable declared directly -// $con= mysqli_connect($mysql_host,$mysql_username,$mysql_password,$mysql_db); -//$con = mysqli_connect("localhost", "root", "", "lrr"); - - - // Check connection if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); @@ -298,8 +274,6 @@ if (!empty($_POST["form_createlecturrer"])){ $password = generateStrongPassword(); } -// $passport_no=$password; - // check if email is taken $result = mysqli_query( $con, "SELECT * FROM users_table WHERE email='$email'" @@ -308,17 +282,13 @@ if (!empty($_POST["form_createlecturrer"])){ $_SESSION["info_Admin_Users"] = "Email address : " . $email . " is already in use."; header("Location: Admin.php"); exit; - // header( "refresh:5;url=Admin.php" ); } $password_hash = password_hash("$password", PASSWORD_DEFAULT); $sql = "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`) VALUES " . "('$email','$password_hash','$fullname','$type')"; if ($con->query($sql) === TRUE) { - // $file_name = $email.'.txt'; $_SESSION["info_Admin_Users"] = $type . " user created successfully. Use email " . $email . " as account name and ". $password ." as password."; - // file_put_contents('./acounts/'.$file_name, $_SESSION["info_Admin_Users"]); - //downloadFile($email); header("Location: Admin.php"); } else { From e6487c5d1a825a23e4b34d0caf74c9b99c5ba27c Mon Sep 17 00:00:00 2001 From: Lan Hui Date: Tue, 12 Dec 2023 20:17:44 +0800 Subject: [PATCH 11/16] Admin.php: use yellow color for warning message --- Admin.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Admin.php b/Admin.php index 5ea2867..103a480 100644 --- a/Admin.php +++ b/Admin.php @@ -34,7 +34,7 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {