From adc9daef98c2d0d49fa1cda298f4f7db5789ca7d Mon Sep 17 00:00:00 2001 From: Eden Date: Wed, 27 Dec 2023 03:15:49 +0800 Subject: [PATCH 1/2] Fix Bug 430 --- Script.php | 42 +++++++++++++++++++++++++++++++++++++----- index.php | 2 +- signup.php | 6 +++--- 3 files changed, 41 insertions(+), 9 deletions(-) diff --git a/Script.php b/Script.php index f664eee..4c3b76c 100644 --- a/Script.php +++ b/Script.php @@ -37,9 +37,17 @@ function is_valid_student_number($student_id) if (!empty($_POST["form_signup"])) { $student_id = trim(mysqli_real_escape_string($con, $_POST["user_student_id"])); + $_SESSION['user_fullname'] = $_POST["fullname"]; + $_SESSION['user_fullname_temp'] = $_POST["fullname"]; + $_SESSION['user_email'] = $_POST["email"]; + $_SESSION['user_student_id_temp'] = $_POST["user_student_id"]; + + + // validate student number if (!is_valid_student_number($student_id)) { $_SESSION["info_signup"] = "Invalid student number."; + $_SESSION['user_fullname'] = null; header("Location: signup.php"); return; } @@ -48,6 +56,10 @@ if (!empty($_POST["form_signup"])) { $result = mysqli_query($con, "SELECT * FROM `students_data` WHERE Student_ID='$student_id'"); if (mysqli_num_rows($result) == 0) { $_SESSION["info_signup"] = "Your entered student number could not be verified. Please contact Student Management Office . Thanks."; + $_SESSION['user_fullname'] = null; + + + header("Location: signup.php"); return; } @@ -58,6 +70,7 @@ if (!empty($_POST["form_signup"])) { $student_result = mysqli_query($con, "SELECT * FROM `users_table` WHERE Student_ID='$student_id'"); if (mysqli_num_rows($student_result) > 0) { $_SESSION["info_signup"] = "This Student ID is already in use! Please contact Student Management Office for help."; + $_SESSION['user_fullname'] = null; header("Location: signup.php"); return; } @@ -70,11 +83,10 @@ if (!empty($_POST["form_signup"])) { $email = mysqli_real_escape_string($con, $_POST["email"]); $password = mysqli_real_escape_string($con, $_POST["password"]); $confirmpassword = mysqli_real_escape_string($con, $_POST["confirmpassword"]); - $_SESSION['user_fullname'] = $fullname; - $_SESSION['user_type'] = "Student"; - $_SESSION['user_email'] = $email; - $_SESSION['user_student_id'] = $student_id; + $_SESSION['user_student_id'] = $_POST["student_id"]; + $_SESSION['user_type'] = "Student"; + // check confirmed password if (strcasecmp($password, $confirmpassword) != 0) { $_SESSION['info_signup'] = "Password confirmation failed."; @@ -86,6 +98,8 @@ if (!empty($_POST["form_signup"])) { // validate email if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $_SESSION['info_signup'] = "Invalid email address."; + $_SESSION['user_fullname'] = null; + header("Location: signup.php"); return; } @@ -99,6 +113,8 @@ if (!empty($_POST["form_signup"])) { // check for strong password if (!$containsAll) { $_SESSION['info_signup'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and special characters (e.g., !?.,*^)."; + $_SESSION['user_fullname'] = null; + header("Location: signup.php"); return; } @@ -116,6 +132,9 @@ if (!empty($_POST["form_signup"])) { $password_hash = password_hash($password, PASSWORD_DEFAULT); $sql = "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`, `Student_ID`) VALUES " . "('$email','$password_hash','$fullname','Student','$student_id')"; + + + $_SESSION['user_fullname'] =$_SESSION['user_fullname_temp']; if ($con->query($sql) === TRUE) { header("Location: Courses.php"); @@ -131,11 +150,15 @@ if (!empty($_POST["form_login"])) { $user = mysqli_real_escape_string($con, $_POST["user"]); // user could be a 12-digit student number or an email address $is_student_number = 0; + $_SESSION["failed_login_user"] = $user; // Save the entered username in a session variable + echo "Failed login user: " . $_SESSION["failed_login_user"]; + // Validate student number if (is_valid_student_number($user)) { $is_student_number = 1; } + // Validate email address if what provided is not a student number if (!$is_student_number && !filter_var($user, FILTER_VALIDATE_EMAIL)) { $_SESSION["info_login"] = "Invalid email address: " . "$user"; @@ -177,10 +200,19 @@ if (!empty($_POST["form_login"])) { header("Location: Admin.php"); } // report wrong pass if not correct - } else { + return; + + } else { + $_SESSION["wrong_pass"] = "Wrong Password."; + echo $_SESSION["wrong_pass"]; // Optional: Display the error message for debugging + header("Location: index.php"); + exit(); // Add this line to prevent further execution after redirect } + // Add the following line to reset the session variable when needed + unset($_SESSION["failed_login_user"]); + } } } diff --git a/index.php b/index.php index 6aaf75a..7204502 100644 --- a/index.php +++ b/index.php @@ -30,7 +30,7 @@ if (isset($_SESSION["user_fullname"])) { Sign in - +
diff --git a/signup.php b/signup.php index 3e45d0c..5763947 100644 --- a/signup.php +++ b/signup.php @@ -22,10 +22,10 @@ include 'Header.php'; Full Name -
- +
+ Student ID -
+
Email
From 5bbd812189c92b4128aa4c6f97a7a2a26bafd28e Mon Sep 17 00:00:00 2001 From: Lan Hui Date: Sun, 15 Sep 2024 16:02:40 +0800 Subject: [PATCH 2/2] Fix bug 430 --- Script.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/Script.php b/Script.php index 93a798f..3db0e5f 100644 --- a/Script.php +++ b/Script.php @@ -119,7 +119,7 @@ if (!empty($_POST["form_signup"])) { if (!empty($_POST["form_signup"])) { $fullname = mysqli_real_escape_string($con, $_POST["fullname"]); $student_id = mysqli_real_escape_string($con, $_POST["user_student_id"]); -<<<<<<< HEAD + $email = mysqli_real_escape_string($con, $_POST["email"]); $password = mysqli_real_escape_string($con, $_POST["password"]); $confirmpassword = mysqli_real_escape_string($con, $_POST["confirmpassword"]); @@ -168,13 +168,11 @@ if (!empty($_POST["form_signup"])) { return; } -======= - $_SESSION['user_fullname'] = $fullname; + $_SESSION['user_type'] = "Student"; $_SESSION['user_email'] = $email; $_SESSION['user_student_id'] = $student_id; ->>>>>>> fde44f76006082d6bda9431727d06cbd23a134be // apply password_hash() $password_hash = password_hash($password, PASSWORD_DEFAULT); $sql = "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`, `Student_ID`) VALUES "