mrlan
/
LRR
3
0
Fork 2
Code Issues Pull Requests 7 Projects Releases Wiki Activity

Resolve merge conflict( probably due to overlapping changes made in branch Bug557-Ayoub

Bug430-Eden
ADMASU EDEN SOLOMON 2024-01-12 02:24:45 +08:00
parent adc9daef98 fde44f7600
commit 64ffc3af1c
5 changed files with 439 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
Admin.php
View File

@ -9,7 +9,7 @@ include 'Header.php';
<?php
// Only Lecturer or Admin could access this page
//Only Lecturer or Admin could access this page
if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
die("Sorry. Nothing to see here.");
}
@ -34,7 +34,7 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
</li>
<li class="nav-item">
<a class="nav-link" href="#tab-ins-accounts">Create instructor account</a>
<a class="nav-link" href="#tab-ins-accounts" id="tab_ins_accounts">Create instructor account</a>
</li>
<li class="nav-item">
@ -65,33 +65,36 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
}
?>
<form method="post" action="Script.php" id="create_account_form">
<form method="post" action="Script.php" id="create_account_form">
<input type="hidden" name="form_createlecturrer" value="true" required="" />
Full name
<input type="text" name="fullname" placeholder="Full Name" class="form-control" required=""> <br>
Email
<input type="text" name="email" placeholder="Email / Student Number" class="form-control" required=""> <br>
Passport No. (used as the initial password)
<input type="text" class="form-control" name="passport" placeholder="Passport No" required=""> <br>
<input type="text" name="email" placeholder="Email / Student Number" class="form-control" > <br>
Initial password (Enter a strong password or leave it empty to let LRR generate one)
<input type="password" class="form-control" name="password" minlength="8" placeholder="Initial password" > <br>
User type:
<?php
if ($_SESSION['user_type'] == "Lecturer") {
echo ' <input type="radio" name="type" value="TA" required="" id="role_TA"> TA (Teaching Assistant) ';
} else if ($_SESSION['user_type'] == "Admin"){
echo " <input type='radio' name='type' value='Lecturer' required='' id='role_lecturer'> Lecturer ";
}
?>
<?php
if ($_SESSION['user_type'] == "Lecturer") {
echo ' <input type="radio" name="type" value="TA" required="" id="role_TA"> TA (Teaching Assistant) ';
} else if ($_SESSION['user_type'] == "Admin"){
echo " <input type='radio' name='type' value='Lecturer' required='' id='role_lecturer'> Lecturer ";
}
?>
<br><br>
<button type="submit" class="btn btn-primary" id="create_btn">Create</button>
<button type="submit" class="btn btn-primary" name="create_btn">Create</button>
<?php
error_reporting(E_ALL);
if (isset($_SESSION['info_Admin_Users'])) {
echo '<hr><div class="alert alert-info" role="alert">' . $_SESSION['info_Admin_Users'] . '</div>';
echo '<hr><div class="alert alert-warning" role="alert">' . $_SESSION['info_Admin_Users'] . '</div>';
$_SESSION['info_Admin_Users'] = null;
}
if (isset($_SESSION['info_Admin_Users'])) {
echo '<hr><div class="alert alert-info" role="alert">' . $_SESSION['info_Admin_Users'] . '</div>';
echo '<hr><div class="alert alert-warning" role="alert">' . $_SESSION['info_Admin_Users'] . '</div>';
$_SESSION['info_Admin_Users'] = null;
}
?>
@ -108,7 +111,6 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
<th>ID</th>
<th>Name</th>
<th>Email</th>
<th>Passport / ID </th>
<th>Reset password </th>
<th>Block/Activate </th>
</tr>
@ -130,7 +132,7 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
}
while ($row = mysqli_fetch_assoc($result)) {
$pass = $row['Passport_Number'];
$pass = $row['Password'];
$btn = "<button class='btn btn-warning' onclick=\"updatePassword(" . $row['User_ID'] . ",'$pass')\">Reset</button>";
if ($row['Status'] == "Active") {
$newstatus = "Blocked";
@ -140,7 +142,7 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
$btnBlock = "<button class='btn btn-success' onclick=\"blockUser(" . $row['User_ID'] . ",'$newstatus')\" id=\"activate_account_1\">Activate</button>";
}
echo "<tr><td>" . $row['User_ID'] . "</td><td>" . $row['Full_Name'] . "</td><td>" . $row['Email'] . "</td> <td>" . $row['Passport_Number'] . "</td><td>$btn</td><td>$btnBlock</td></tr>";
echo "<tr><td>" . $row['User_ID'] . "</td><td>" . $row['Full_Name'] . "</td><td>" . $row['Email'] . "</td><td>$btn</td><td>$btnBlock</td></tr>";
}
?>
</table>

111
Script.php
View File

@ -2,6 +2,7 @@
include 'NoDirectPhpAcess.php';
?>
<?php
/*
@ -12,7 +13,6 @@ session_start();
date_default_timezone_set('Asia/Shanghai');
// Connect to MySQL database
include "get_mysql_credentials.php";
$con = mysqli_connect("localhost", $mysql_username, $mysql_password, "lrr");
@ -36,6 +36,45 @@ function is_valid_student_number($student_id)
// ############################### SIGN UP ##################################
if (!empty($_POST["form_signup"])) {
$student_id = trim(mysqli_real_escape_string($con, $_POST["user_student_id"]));
$email = mysqli_real_escape_string($con, $_POST["email"]);
$password = mysqli_real_escape_string($con, $_POST["password"]);
$confirmpassword = mysqli_real_escape_string($con, $_POST["confirmpassword"]);
$upperLetter = preg_match('@[A-Z]@', $password);
$smallLetter = preg_match('@[a-z]@', $password);
$containsDigit = preg_match('@[0-9]@', $password);
$containsSpecial = preg_match('@[^\w]@', $password);
$containsAll = $upperLetter && $smallLetter && $containsDigit && $containsSpecial;
// check for strong password
if (!$containsAll) {
$_SESSION['info_signup'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and special characters (e.g., !?.,*^).";
header("Location: signup.php");
return;
}
// Check confirmed password
if (strcasecmp($password, $confirmpassword) != 0) {
$_SESSION['info_signup'] = "Password confirmation failed.";
header("Location: signup.php");
return;
}
// validate email
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$_SESSION['info_signup'] = "Invalid email address.";
header("Location: signup.php");
return;
}
// check if email is taken
$result = mysqli_query($con, "SELECT * FROM users_table WHERE email='$email'");
if (mysqli_num_rows($result) != 0) {
$_SESSION["info_signup"] = "Email address " . $email . " is already in use.";
$_SESSION['user_fullname'] = null;
header("Location: signup.php");
return;
}
$_SESSION['user_fullname'] = $_POST["fullname"];
$_SESSION['user_fullname_temp'] = $_POST["fullname"];
@ -80,6 +119,7 @@ if (!empty($_POST["form_signup"])) {
if (!empty($_POST["form_signup"])) {
$fullname = mysqli_real_escape_string($con, $_POST["fullname"]);
$student_id = mysqli_real_escape_string($con, $_POST["user_student_id"]);
<<<<<<< HEAD
$email = mysqli_real_escape_string($con, $_POST["email"]);
$password = mysqli_real_escape_string($con, $_POST["password"]);
$confirmpassword = mysqli_real_escape_string($con, $_POST["confirmpassword"]);
@ -128,6 +168,13 @@ if (!empty($_POST["form_signup"])) {
return;
}
=======
$_SESSION['user_fullname'] = $fullname;
$_SESSION['user_type'] = "Student";
$_SESSION['user_email'] = $email;
$_SESSION['user_student_id'] = $student_id;
>>>>>>> fde44f76006082d6bda9431727d06cbd23a134be
// apply password_hash()
$password_hash = password_hash($password, PASSWORD_DEFAULT);
$sql = "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`, `Student_ID`) VALUES "
@ -296,30 +343,52 @@ if (!empty($_POST["form_reset_password"])) {
}
// ############################### CREATE Lecturer/TA USER ##################################
if (!empty($_POST["form_createlecturrer"])) {
if (!empty($_POST["form_createlecturrer"])){
$email = mysqli_real_escape_string($con, $_POST["email"]);
$fullname = mysqli_real_escape_string($con, $_POST["fullname"]);
$type = mysqli_real_escape_string($con, $_POST["type"]);
$password = mysqli_real_escape_string($con, $_POST["passport"]);
// check if email is taken
$password = mysqli_real_escape_string($con, $_POST["password"]);
$pass_len = strlen($password);
if ($pass_len == 0) {
$password = generateStrongPassword();
}
$result = mysqli_query(
$con,
"SELECT * FROM Users_Table WHERE email='$email'"
"SELECT * FROM users_table WHERE email='$email'"
);
if (mysqli_num_rows($result) != 0) {
$_SESSION["info_Admin_Users"] = "Email address : " . $email . " is already in use.";
header("Location: Admin.php");
exit;
}
$password_hash = password_hash("$password", PASSWORD_DEFAULT);
$sql = "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`) VALUES "
. "('$email','$password_hash','$fullname','$type')";
if ($con->query($sql) === TRUE) {
$_SESSION["info_Admin_Users"] = $type . " user created successfully. Use email " . $email . " as account name and $password as password.";
$_SESSION["info_Admin_Users"] = $type . " user created successfully. Use email " . $email . " as account name and ". $password ." as password.";
header("Location: Admin.php");
} else {
echo "Error: " . $sql . "<br>" . $con->error;
alert("Error: " . $sql . "<br>" . $con->error);
}
}
// ### FUNCTION TO GENERATE INITIAL PASSWORDS ###//
function generateStrongPassword() {
$characters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_';
$password_length = 12;
$gen_password = '';
for ($i = 0; $i < $password_length; $i++) {
$random_index = mt_rand(0, strlen($characters) - 1);
$gen_password .= $characters[$random_index];
}
// Return the generated password
return $gen_password;
}
// #### FUNCTION CHECK FILE TYPES ////
@ -945,18 +1014,32 @@ if (!empty($_GET["ignoreremarking"])) {
#Assign TA
if (!empty($_GET["assignTA"])) {
$id = mysqli_real_escape_string($con, $_GET["id"]);
$ta = mysqli_real_escape_string($con, $_GET["ta"]);
$sql = "INSERT INTO `course_ta`(`Course_ID`, `TA`) VALUES ('$id','$ta')";
// Check if the TA is already assigned to the course
$check_sql = "SELECT * FROM course_ta WHERE Course_ID='$id' AND TA='$ta'";
$check_result = $con->query($check_sql);
if ($con->query($sql) === TRUE) {
$_SESSION["info_Admin_Courses"] = $type . " Course TA Assigned ";
header("Location: Admin.php");
if ($check_result->num_rows > 0) {
// Alert user about the duplicate assignment
echo "<script>
alert('The selected TA is already assigned to this course.');
window.location.href='Admin.php';
</script>";
} else {
echo "Error: " . $sql . "<br>" . $con->error;
// Proceed with the TA assignment
$sql = "INSERT INTO course_ta(Course_ID, TA) VALUES ('$id','$ta')";
if ($con->query($sql) === TRUE) {
$_SESSION["info_Admin_Courses"] = $type . " Course TA Assigned ";
header("Location: Admin.php");
} else {
echo "<script>
alert('You must select a TA first!.');
window.location.href='Admin.php';
</script>";
}
}
}

125
test/SeleniumMpiana/test_assign_ta.py Normal file
View File

@ -0,0 +1,125 @@
import pytest
from selenium import webdriver
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import Select
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
from selenium.common.exceptions import NoSuchElementException, UnexpectedAlertPresentException
from selenium.webdriver.common.keys import Keys
# New instance of the Chrome driver
driver = webdriver.Chrome()
# Open the login page
driver.get("http://localhost/lrr/admin.php")
# Credentials for login
username = "lanhui@qq.com"
password = "admin123"
def login(driver, username, password):
try:
# Fill in the login form
user_input = WebDriverWait(driver, 10).until(
EC.element_to_be_clickable((By.ID, "user_name"))
)
user_input.send_keys(username)
password_input = WebDriverWait(driver, 10).until(
EC.element_to_be_clickable((By.ID, "user_password"))
)
password_input.send_keys(password)
# Click the login button
login_button = WebDriverWait(driver, 10).until(
EC.element_to_be_clickable((By.ID, "login_btn"))
)
login_button.click()
# Wait for the admin_tab to become clickable
admin_tab = WebDriverWait(driver, 10).until(
EC.element_to_be_clickable((By.ID, "admin_tab"))
)
return True
except (NoSuchElementException, UnexpectedAlertPresentException) as e:
return f"Error: {str(e)}"
# Call the login function
login_result = login(driver, username, password)
# Click on admin_tab after successful login
if login_result:
admin_tab = WebDriverWait(driver, 10).until(
EC.element_to_be_clickable((By.ID, "admin_tab"))
)
admin_tab.click()
# Optionally, wait for the Admin.php page to load
admin_url = "http://localhost/lrr/Admin.php"
WebDriverWait(driver, 15).until(
EC.url_to_be(admin_url)
)
print(login_result)
def assign_ta(driver, course_id, ta_name):
try:
# Locate the form and select the TA
ta_form = WebDriverWait(driver, 15).until(
EC.presence_of_element_located((By.XPATH, f"//form[@id='drop_menu_form_{course_id}']"))
)
ta_dropdown = Select(ta_form.find_element(By.XPATH, ".//select[@name='ta']"))
ta_dropdown.select_by_visible_text(ta_name)
# Submit the form using JavaScript
driver.execute_script("arguments[0].submit();", ta_form)
# Wait for an expected alert and accept it
WebDriverWait(driver, 10).until(EC.alert_is_present())
alert = driver.switch_to.alert
alert_text = alert.text
alert.accept()
return alert_text
except UnexpectedAlertPresentException as e:
# Unexpected alert, handle it as an error
return f"Error: Unexpected alert - {str(e)}"
except (NoSuchElementException, Exception) as e:
return f"Error: {str(e)}"
# The courses and test cases to test
courses_to_test = [
{"id": 1, "name": "Teecloudy - Ashly Course Testing", "ta_assignments": {"JAMES": "Ta assigned successfully."}},
{"id": 2, "name": "P.M2019 - Project Management", "ta_assignments": {"JAMES": "The selected TA is already assigned to this course."}},
]
# Execute the tests
@pytest.mark.parametrize("course", courses_to_test)
def test_assign_ta(course):
for ta_name, expected_result in course["ta_assignments"].items():
alert_text = assign_ta(driver, course["id"], ta_name)
# ----- ---- Print the raw strings for debugging ----- ---- ---
test_case_number = courses_to_test.index(course) + 1
print(f"Test Case {test_case_number} - {course['name']} -- {ta_name}: Expected Result={expected_result}, Actual Alert Text={alert_text}")
# Determine the result based on the comparison
if expected_result.lower() in alert_text.lower():
result = "Passed"
else:
result = "Failed"
# Write the result to a test file with test case number ---
with open("test_results.txt", "a") as file:
file.write(f"Test Case {test_case_number} - {course['name']} -- {ta_name}: Result={result}, Expected Result={expected_result}, Actual Alert Text={alert_text}\n")
# Print the result to the console ---
print(f"Test Case {test_case_number} - {course['name']} -- {ta_name}: Result={result}, Expected Result={expected_result}, Actual Alert Text={alert_text}")
assert result == "Passed", f"Test Case {test_case_number} failed: Result={result}, Expected Result={expected_result}, Actual Alert Text={alert_text}"

2
test/SeleniumMpiana/test_results.txt Normal file
View File

@ -0,0 +1,2 @@
Test Case 1 - Teecloudy - Ashly Course Testing -- JAMES: Result=Passed, Expected Result=Ta assigned successfully., Actual Alert Text=TA assigned successfully.
Test Case 2 - P.M2019 - Project Management -- DIEGO: Result=Passed, Expected Result=The selected TA is already assigned to this course., Actual Alert Text=The selected TA is already assigned to this course.

194
test/SeleniumNeil/test_cases.py Normal file
View File

@ -0,0 +1,194 @@
# Each time you run the test script reset the database.
# For this test script you won't need it since it changes
# the Ta's email and name automatically
import re
import time
import pytest
from faker import Faker
from selenium import webdriver
from selenium.webdriver.common.by import By
from selenium.webdriver.support.wait import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
faker = Faker()
@pytest.mark.skip(reason="function to be used in the test_scripts")
def createTA(driver, TA_name, emails, password):
full_name = driver.find_element('name', 'fullname')
full_name.send_keys(TA_name)
email = driver.find_element('name', 'email')
email.send_keys(emails)
pas = driver.find_element('name', 'password')
pas.send_keys(password)
usr_type = driver.find_element('name', 'type')
usr_type.click()
click_create = driver.find_element('name', 'create_btn')
click_create.click()
def login_lecturer(drivers):
# Open the website
drivers.get("http://localhost/lrr/")
drivers.maximize_window()
username_input = drivers.find_element('name', "user")
password_input = drivers.find_element('name', "password")
login_button = drivers.find_element('id', "login_btn")
# login as a Lecturer
username_input.send_keys("lanhui@qq.com")
password_input.send_keys("nil1234H@")
# Click the login button
time.sleep(5)
login_button.click()
admin_tab = drivers.find_element('id', 'admin_tab')
admin_tab.click()
cte_instructor = drivers.find_element('id', 'tab_ins_accounts')
cte_instructor.click()
time.sleep(25)
def test_createTA():
driver_open = webdriver.Chrome()
driver_open.maximize_window()
login_lecturer(driver_open)
try:
fullname = faker.name()
email = faker.email()
password = "new1452345678"
createTA(driver_open, fullname, email,password) # CREATE A TA WITH FULLNAME lanhuitest email lanhuitest@test.com password lanhui12345678
get_output = WebDriverWait(driver_open, 10).until(
EC.element_to_be_clickable((By.ID, "tab_ins_accounts"))
)
get_output.click()
get_output_msg = driver_open.find_element(By.CLASS_NAME, "alert-warning")
txt_alert = get_output_msg.text
time.sleep(20)
if txt_alert.find("TA user created successfully") == 0:
logout_button = WebDriverWait(driver_open, 15).until(
EC.element_to_be_clickable(
(By.XPATH, "//a[contains(@class, 'nav-link') and contains(@href, 'logout.php')]"))
)
time.sleep(5)
logout_button.click()
time.sleep(10)
username_input = driver_open.find_element('name', "user")
password_input = driver_open.find_element('name', "password")
login_button = driver_open.find_element('id', "login_btn")
# login as the new TA
username_input.send_keys(email) # login with credentials of the created TA
password_input.send_keys(password)
# Click the login button
time.sleep(20)
login_button.click()
time.sleep(20)
elif txt_alert.find("Email address ") == 0:
time.sleep(22)
driver_open.quit()
else:
driver_open.quit()
time.sleep(5)
finally:
driver_open.quit()
def test_generate_password():
driver_open = webdriver.Chrome()
login_lecturer(driver_open)
try:
fullname = faker.name()
email = faker.email()
password = ""
createTA(driver_open, fullname, email,
password) # CREATE A TA WITH FULLNAME lanhuitest email lanhuitest@test.com password lanhui12345678
get_output = WebDriverWait(driver_open, 5).until(
EC.element_to_be_clickable((By.ID, "tab_ins_accounts"))
)
get_output.click()
get_output_msg = driver_open.find_element(By.CLASS_NAME, "alert-warning")
txt_alert = get_output_msg.text
time.sleep(20)
if txt_alert.find("TA user created successfully") == 0:
time.sleep(20)
email_pattern = r"Use email (\S+) as account name"
password_pattern = r" (\S+)\ as password."
email_match = re.search(email_pattern, txt_alert)
password_match = re.search(password_pattern, txt_alert)
if email_match and password_match:
# Extract email and password from the matches
email = email_match.group(1)
password = password_match.group(1)
logout_button = WebDriverWait(driver_open, 10).until(
EC.element_to_be_clickable(
(By.XPATH, "//a[contains(@class, 'nav-link') and contains(@href, 'logout.php')]"))
)
logout_button.click()
time.sleep(15)
username_input = driver_open.find_element('name', "user")
password_input = driver_open.find_element('name', "password")
login_button = driver_open.find_element('id', "login_btn")
# login as the new TA
username_input.send_keys(email) # login with credentials of the created TA
password_input.send_keys(password)
# Click the login button
time.sleep(20)
login_button.click()
time.sleep(20)
elif txt_alert.find("Email address ") == 0:
time.sleep(22)
driver_open.quit()
else:
driver_open.quit()
time.sleep(5)
finally:
driver_open.quit()
def test_existingTA():
driver_open = webdriver.Chrome()
login_lecturer(driver_open)
try:
# Use email nreyes@example.com as account name and new1452345678 as password.
fullname = "Maria"
email = "nreyes@example.com"
password = "new1452345678"
createTA(driver_open, fullname, email,
password) # CREATE A TA WITH FULLNAME lanhuitest email lanhuitest@test.com password lanhui12345678
get_output = WebDriverWait(driver_open, 5).until(
EC.element_to_be_clickable((By.ID, "tab_ins_accounts"))
)
get_output.click()
get_output_msg = driver_open.find_element(By.CLASS_NAME, "alert-warning")
txt_alert = get_output_msg.text
time.sleep(20)
if txt_alert.find("TA user created successfully") == 0:
time.sleep(20)
elif txt_alert.find("Email address ") == 0:
time.sleep(22)
driver_open.quit()
else:
driver_open.quit()
time.sleep(5)
finally:
driver_open.quit()