diff --git a/Script.php b/Script.php index 2b95a6f..3db0e5f 100644 --- a/Script.php +++ b/Script.php @@ -76,9 +76,17 @@ if (!empty($_POST["form_signup"])) { return; } + $_SESSION['user_fullname'] = $_POST["fullname"]; + $_SESSION['user_fullname_temp'] = $_POST["fullname"]; + $_SESSION['user_email'] = $_POST["email"]; + $_SESSION['user_student_id_temp'] = $_POST["user_student_id"]; + + + // validate student number if (!is_valid_student_number($student_id)) { $_SESSION["info_signup"] = "Invalid student number."; + $_SESSION['user_fullname'] = null; header("Location: signup.php"); return; } @@ -87,6 +95,10 @@ if (!empty($_POST["form_signup"])) { $result = mysqli_query($con, "SELECT * FROM `students_data` WHERE Student_ID='$student_id'"); if (mysqli_num_rows($result) == 0) { $_SESSION["info_signup"] = "Your entered student number could not be verified. Please contact Student Management Office . Thanks."; + $_SESSION['user_fullname'] = null; + + + header("Location: signup.php"); return; } @@ -97,6 +109,7 @@ if (!empty($_POST["form_signup"])) { $student_result = mysqli_query($con, "SELECT * FROM `users_table` WHERE Student_ID='$student_id'"); if (mysqli_num_rows($student_result) > 0) { $_SESSION["info_signup"] = "This Student ID is already in use! Please contact Student Management Office for help."; + $_SESSION['user_fullname'] = null; header("Location: signup.php"); return; } @@ -106,7 +119,56 @@ if (!empty($_POST["form_signup"])) { if (!empty($_POST["form_signup"])) { $fullname = mysqli_real_escape_string($con, $_POST["fullname"]); $student_id = mysqli_real_escape_string($con, $_POST["user_student_id"]); - $_SESSION['user_fullname'] = $fullname; + + $email = mysqli_real_escape_string($con, $_POST["email"]); + $password = mysqli_real_escape_string($con, $_POST["password"]); + $confirmpassword = mysqli_real_escape_string($con, $_POST["confirmpassword"]); + + $_SESSION['user_student_id'] = $_POST["student_id"]; + $_SESSION['user_type'] = "Student"; + + // check confirmed password + if (strcasecmp($password, $confirmpassword) != 0) { + $_SESSION['info_signup'] = "Password confirmation failed."; + $_SESSION['user_fullname'] = null; // such that Header.php do not show the header information. + header("Location: signup.php"); + return; + } + + // validate email + if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { + $_SESSION['info_signup'] = "Invalid email address."; + $_SESSION['user_fullname'] = null; + + header("Location: signup.php"); + return; + } + + $upperLetter = preg_match('@[A-Z]@', $password); + $smallLetter = preg_match('@[a-z]@', $password); + $containsDigit = preg_match('@[0-9]@', $password); + $containsSpecial = preg_match('@[^\w]@', $password); + $containsAll = $upperLetter && $smallLetter && $containsDigit && $containsSpecial; + + // check for strong password + if (!$containsAll) { + $_SESSION['info_signup'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and special characters (e.g., !?.,*^)."; + $_SESSION['user_fullname'] = null; + + header("Location: signup.php"); + return; + } + + // check if email is taken + $result = mysqli_query($con, "SELECT * FROM users_table WHERE email='$email'"); + if (mysqli_num_rows($result) != 0) { + $_SESSION["info_signup"] = "Email address " . $email . " is already in use."; + $_SESSION['user_fullname'] = null; + header("Location: signup.php"); + return; + } + + $_SESSION['user_type'] = "Student"; $_SESSION['user_email'] = $email; $_SESSION['user_student_id'] = $student_id; @@ -115,6 +177,9 @@ if (!empty($_POST["form_signup"])) { $password_hash = password_hash($password, PASSWORD_DEFAULT); $sql = "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`, `Student_ID`) VALUES " . "('$email','$password_hash','$fullname','Student','$student_id')"; + + + $_SESSION['user_fullname'] =$_SESSION['user_fullname_temp']; if ($con->query($sql) === TRUE) { header("Location: Courses.php"); @@ -130,11 +195,15 @@ if (!empty($_POST["form_login"])) { $user = mysqli_real_escape_string($con, $_POST["user"]); // user could be a 12-digit student number or an email address $is_student_number = 0; + $_SESSION["failed_login_user"] = $user; // Save the entered username in a session variable + echo "Failed login user: " . $_SESSION["failed_login_user"]; + // Validate student number if (is_valid_student_number($user)) { $is_student_number = 1; } + // Validate email address if what provided is not a student number if (!$is_student_number && !filter_var($user, FILTER_VALIDATE_EMAIL)) { $_SESSION["info_login"] = "Invalid email address: " . "$user"; @@ -176,10 +245,19 @@ if (!empty($_POST["form_login"])) { header("Location: Admin.php"); } // report wrong pass if not correct - } else { + return; + + } else { + $_SESSION["wrong_pass"] = "Wrong Password."; + echo $_SESSION["wrong_pass"]; // Optional: Display the error message for debugging + header("Location: index.php"); + exit(); // Add this line to prevent further execution after redirect } + // Add the following line to reset the session variable when needed + unset($_SESSION["failed_login_user"]); + } } } diff --git a/index.php b/index.php index 6aaf75a..7204502 100644 --- a/index.php +++ b/index.php @@ -30,7 +30,7 @@ if (isset($_SESSION["user_fullname"])) { Sign in - +
diff --git a/signup.php b/signup.php index 3e45d0c..5763947 100644 --- a/signup.php +++ b/signup.php @@ -22,10 +22,10 @@ include 'Header.php'; Full Name -
- +
+ Student ID -
+
Email