Fix Bug 557
parent
244af4c11b
commit
5a82c91304
79
Script.php
79
Script.php
|
@ -36,6 +36,45 @@ function is_valid_student_number($student_id)
|
||||||
// ############################### SIGN UP ##################################
|
// ############################### SIGN UP ##################################
|
||||||
if (!empty($_POST["form_signup"])) {
|
if (!empty($_POST["form_signup"])) {
|
||||||
$student_id = trim(mysqli_real_escape_string($con, $_POST["user_student_id"]));
|
$student_id = trim(mysqli_real_escape_string($con, $_POST["user_student_id"]));
|
||||||
|
$email = mysqli_real_escape_string($con, $_POST["email"]);
|
||||||
|
$password = mysqli_real_escape_string($con, $_POST["password"]);
|
||||||
|
$confirmpassword = mysqli_real_escape_string($con, $_POST["confirmpassword"]);
|
||||||
|
|
||||||
|
$upperLetter = preg_match('@[A-Z]@', $password);
|
||||||
|
$smallLetter = preg_match('@[a-z]@', $password);
|
||||||
|
$containsDigit = preg_match('@[0-9]@', $password);
|
||||||
|
$containsSpecial = preg_match('@[^\w]@', $password);
|
||||||
|
$containsAll = $upperLetter && $smallLetter && $containsDigit && $containsSpecial;
|
||||||
|
|
||||||
|
// check for strong password
|
||||||
|
if (!$containsAll) {
|
||||||
|
$_SESSION['info_signup'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and special characters (e.g., !?.,*^).";
|
||||||
|
header("Location: signup.php");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check confirmed password
|
||||||
|
if (strcasecmp($password, $confirmpassword) != 0) {
|
||||||
|
$_SESSION['info_signup'] = "Password confirmation failed.";
|
||||||
|
header("Location: signup.php");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// validate email
|
||||||
|
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
||||||
|
$_SESSION['info_signup'] = "Invalid email address.";
|
||||||
|
header("Location: signup.php");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// check if email is taken
|
||||||
|
$result = mysqli_query($con, "SELECT * FROM users_table WHERE email='$email'");
|
||||||
|
if (mysqli_num_rows($result) != 0) {
|
||||||
|
$_SESSION["info_signup"] = "Email address " . $email . " is already in use.";
|
||||||
|
$_SESSION['user_fullname'] = null;
|
||||||
|
header("Location: signup.php");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
// validate student number
|
// validate student number
|
||||||
if (!is_valid_student_number($student_id)) {
|
if (!is_valid_student_number($student_id)) {
|
||||||
|
@ -67,51 +106,11 @@ if (!empty($_POST["form_signup"])) {
|
||||||
if (!empty($_POST["form_signup"])) {
|
if (!empty($_POST["form_signup"])) {
|
||||||
$fullname = mysqli_real_escape_string($con, $_POST["fullname"]);
|
$fullname = mysqli_real_escape_string($con, $_POST["fullname"]);
|
||||||
$student_id = mysqli_real_escape_string($con, $_POST["user_student_id"]);
|
$student_id = mysqli_real_escape_string($con, $_POST["user_student_id"]);
|
||||||
$email = mysqli_real_escape_string($con, $_POST["email"]);
|
|
||||||
$password = mysqli_real_escape_string($con, $_POST["password"]);
|
|
||||||
$confirmpassword = mysqli_real_escape_string($con, $_POST["confirmpassword"]);
|
|
||||||
$_SESSION['user_fullname'] = $fullname;
|
$_SESSION['user_fullname'] = $fullname;
|
||||||
$_SESSION['user_type'] = "Student";
|
$_SESSION['user_type'] = "Student";
|
||||||
$_SESSION['user_email'] = $email;
|
$_SESSION['user_email'] = $email;
|
||||||
$_SESSION['user_student_id'] = $student_id;
|
$_SESSION['user_student_id'] = $student_id;
|
||||||
|
|
||||||
// check confirmed password
|
|
||||||
if (strcasecmp($password, $confirmpassword) != 0) {
|
|
||||||
$_SESSION['info_signup'] = "Password confirmation failed.";
|
|
||||||
$_SESSION['user_fullname'] = null; // such that Header.php do not show the header information.
|
|
||||||
header("Location: signup.php");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// validate email
|
|
||||||
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
|
||||||
$_SESSION['info_signup'] = "Invalid email address.";
|
|
||||||
header("Location: signup.php");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
$upperLetter = preg_match('@[A-Z]@', $password);
|
|
||||||
$smallLetter = preg_match('@[a-z]@', $password);
|
|
||||||
$containsDigit = preg_match('@[0-9]@', $password);
|
|
||||||
$containsSpecial = preg_match('@[^\w]@', $password);
|
|
||||||
$containsAll = $upperLetter && $smallLetter && $containsDigit && $containsSpecial;
|
|
||||||
|
|
||||||
// check for strong password
|
|
||||||
if (!$containsAll) {
|
|
||||||
$_SESSION['info_signup'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and special characters (e.g., !?.,*^).";
|
|
||||||
header("Location: signup.php");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// check if email is taken
|
|
||||||
$result = mysqli_query($con, "SELECT * FROM users_table WHERE email='$email'");
|
|
||||||
if (mysqli_num_rows($result) != 0) {
|
|
||||||
$_SESSION["info_signup"] = "Email address " . $email . " is already in use.";
|
|
||||||
$_SESSION['user_fullname'] = null;
|
|
||||||
header("Location: signup.php");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// apply password_hash()
|
// apply password_hash()
|
||||||
$password_hash = password_hash($password, PASSWORD_DEFAULT);
|
$password_hash = password_hash($password, PASSWORD_DEFAULT);
|
||||||
$sql = "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`, `Student_ID`) VALUES "
|
$sql = "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`, `Student_ID`) VALUES "
|
||||||
|
|
Loading…
Reference in New Issue