diff --git a/Download.php b/Download.php index 4ddeb4b..d59e90e 100644 --- a/Download.php +++ b/Download.php @@ -8,7 +8,7 @@ session_start(); // 修改这一行设置你的文件下载目录 // IMPORTANT: Do not delete the following conditional test -if (strpos($_GET['file'], "../") != false) { // 检查是否有 ../,防止用户构造路径,访问某个他不应该访问的目录 +if (strpos($_GET['file'], "../") !== false) { // 检查是否有 ../,防止用户构造路径,访问某个他不应该访问的目录 die("Sorry. Nothing to download."); } diff --git a/Reset_password.php b/Reset_password.php index 7af1740..d08d9ab 100644 --- a/Reset_password.php +++ b/Reset_password.php @@ -8,8 +8,8 @@ include 'Header.php'; -$token=$_GET['token']; -$email=$_GET['email']; +$token = htmlspecialchars($_GET['token']); +$email = htmlspecialchars($_GET['email']); ?>
diff --git a/Script.php b/Script.php index d1110ef..7191f4d 100644 --- a/Script.php +++ b/Script.php @@ -248,7 +248,7 @@ if (!empty($_POST["frm_reset_password"])) { // Password Update $hashed_password = hash('sha512', $password); - $sql = "UPDATE users_table set HashPassword='$hashed_password' where User_ID=$userid;"; + $sql = "UPDATE users_table set HashPassword='$hashed_password' where User_ID='$userid';"; if ($con->query($sql) === TRUE) { error_reporting(0); @@ -430,7 +430,7 @@ if (!empty($_POST["frm_uploadlab"])) { $sql = "INSERT INTO `lab_reports_table`(`Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, `Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`,Marks,Type) - VALUES ('$course_id','$date','$deadline','$instructions','$title','$targetfile','$targetfile2','$targetfile3','$targetfile3',$marks,'$type')"; + VALUES ('$course_id','$date','$deadline','$instructions','$title','$targetfile','$targetfile2','$targetfile3','$targetfile3','$marks','$type')"; if ($con->query($sql) === TRUE) { @@ -467,7 +467,7 @@ if (!empty($_POST["frm_submitlab"])) { $date = date("Y-m-d H:i:s"); // GET UPLOADED FILES - $labName = mysqli_query($con, "SELECT * FROM `lab_reports_table` WHERE Lab_Report_ID=$lab_id"); + $labName = mysqli_query($con, "SELECT * FROM `lab_reports_table` WHERE Lab_Report_ID='$lab_id'"); while ($row = mysqli_fetch_assoc($labName)) { $lab_name = $row['Title']; $_SESSION['Sub_Type'] = $row['Type']; // submission type, either Individual or Group @@ -571,13 +571,13 @@ if (!empty($_POST["frm_submitlab"])) { $group_id = 0; // FIXME } - $sql1 = "DELETE FROM lab_report_submissions where Lab_Report_ID=$lab_id and Student_id=$student_id and Course_Group_id=$group_id"; + $sql1 = "DELETE FROM lab_report_submissions where Lab_Report_ID='$lab_id' and Student_id='$student_id' and Course_Group_id='$group_id'"; if ($con->query($sql1) === TRUE) { } $sql = "INSERT INTO `lab_report_submissions`(`Submission_Date`, `Lab_Report_ID`, `Student_id`," . " `Course_Group_id`, `Attachment1`, `Notes`, `Attachment2`, `Attachment3`, `Attachment4`, `Status`, `Title`,`Remarking_Reason`)" - . " VALUES ('$date',$lab_id,$student_id,$group_id,'$targetfile','$instructions','$targetfile2','$targetfile3','$targetfile4'," + . " VALUES ('$date','$lab_id','$student_id','$group_id','$targetfile','$instructions','$targetfile2','$targetfile3','$targetfile4'," . "'Pending','$title','')"; if ($con->query($sql) === TRUE) { @@ -665,7 +665,7 @@ if (!empty($_GET["updatevisibility"])) { $header = mysqli_real_escape_string($con, $_GET["header"]); $labid = mysqli_real_escape_string($con, $_GET["labid"]); - $sql = "UPDATE `lab_report_submissions` SET `Visibility`='$status' WHERE Submission_ID=$id + $sql = "UPDATE `lab_report_submissions` SET `Visibility`='$status' WHERE Submission_ID='$id' "; if ($con->query($sql) === TRUE) { @@ -681,13 +681,13 @@ if (!empty($_GET["updatevisibility"])) { if (!empty($_GET["remarking"])) { - $id = mysqli_real_escape_string($con, $_GET["id"]); - $url = mysqli_real_escape_string($con, $_GET["url"]); + $id = htmlspecialchars(mysqli_real_escape_string($con, $_GET["id"])); + $url = htmlspecialchars(mysqli_real_escape_string($con, $_GET["url"])); - $status = mysqli_real_escape_string($con, $_GET["status"]); - $details = mysqli_real_escape_string($con, $_GET["details"]); + $status = htmlspecialchars(mysqli_real_escape_string($con, $_GET["status"])); + $details = htmlspecialchars(mysqli_real_escape_string($con, $_GET["details"])); - $sql = "UPDATE `lab_report_submissions` SET `Status`='Remarking',Remarking_Reason='$details' WHERE Submission_ID=$id + $sql = "UPDATE `lab_report_submissions` SET `Status`='Remarking',Remarking_Reason='$details' WHERE Submission_ID='$id' "; if ($con->query($sql) === TRUE) { @@ -709,7 +709,7 @@ if (!empty($_GET["creategroup"])) { $name = mysqli_real_escape_string($con, $_GET["name"]); $sql = "INSERT INTO `course_groups_table`(`Group_Name`, - `Group_Leader`, `Course_id`) VALUES ('$name',$student_id,$id)"; + `Group_Leader`, `Course_id`) VALUES ('$name','$student_id','$id')"; if ($con->query($sql) === TRUE) { @@ -719,7 +719,7 @@ if (!empty($_GET["creategroup"])) { } $sql = "INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`) - VALUES ($gid,$student_id,'Created')"; + VALUES ('$gid','$student_id','Created')"; if ($con->query($sql) === TRUE) { $_SESSION["info_ReMarking"] = "Course group Created"; header("Location: Course.php?url=" . $url); @@ -746,7 +746,7 @@ if (!empty($_GET["groupinvite"])) { header("Location: Course.php?url=" . $url); } else { $sql = "INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`) - VALUES ($groupid,$student_id,'Invited')"; + VALUES ('$groupid','$student_id','Invited')"; } if ($con->query($sql) === TRUE) { @@ -800,10 +800,10 @@ if (!empty($_GET["acceptinvite"])) { $groupid = mysqli_real_escape_string($con, $_GET["groupid"]); if ($action == 1) { - $sql = "Update `course_group_members_table` set Status='Joined' where Course_Group_id =$groupid and student_id=$student_id + $sql = "Update `course_group_members_table` set Status='Joined' where Course_Group_id ='$groupid' and student_id='$student_id' "; } else { - $sql = "Delete from `course_group_members_table` where Course_Group_id =$groupid and student_id=$student_id + $sql = "Delete from `course_group_members_table` where Course_Group_id ='$groupid' and student_id='$student_id' "; } @@ -830,11 +830,11 @@ if (!empty($_GET["extenddeadline"])) { $deadline = $date . " " . $time; if ($type == 1) { - $sql = "UPDATE `lab_reports_table` SET `Deadline`='$deadline' WHERE Lab_Report_ID=$id"; + $sql = "UPDATE `lab_reports_table` SET `Deadline`='$deadline' WHERE Lab_Report_ID='$id'"; } else { $sql = "INSERT INTO `extended_deadlines_table`(`Student_ID`, " . "`Lab_Report_ID`, `Extended_Deadline_Date`," - . " `ReasonsForExtension`) VALUES ($stdid,$id,'$deadline','$reason')"; + . " `ReasonsForExtension`) VALUES ('$stdid','$id','$deadline','$reason')"; } if ($con->query($sql) === TRUE) { @@ -856,7 +856,7 @@ if (!empty($_GET["ignoreremarking"])) { $subid = mysqli_real_escape_string($con, $_GET["subid"]); - $sql = "UPDATE lab_report_submissions SET Status='Marked' WHERE Submission_ID=$subid"; + $sql = "UPDATE lab_report_submissions SET Status='Marked' WHERE Submission_ID='$subid'"; if ($con->query($sql) === TRUE) { @@ -874,7 +874,7 @@ if (!empty($_GET["assignTA"])) { $id = mysqli_real_escape_string($con, $_GET["id"]); $ta = mysqli_real_escape_string($con, $_GET["ta"]); - $sql = "INSERT INTO `course_ta`(`Course_ID`, `TA`) VALUES ($id,$ta)"; + $sql = "INSERT INTO `course_ta`(`Course_ID`, `TA`) VALUES ('$id','$ta')"; if ($con->query($sql) === TRUE) { @@ -893,9 +893,9 @@ if (!empty($_GET["AcceptStudent"])) { $rs = mysqli_real_escape_string($con, $_GET["rs"]); if ($rs == "yes") { - $sql = "Update course_students_table set Status='Joined' Where ID=$id"; + $sql = "Update course_students_table set Status='Joined' Where ID='$id'"; } else { - $sql = "Delete FROM course_students_table Where ID=$id"; + $sql = "Delete FROM course_students_table Where ID='$id'"; } if ($con->query($sql) === TRUE) { @@ -931,7 +931,7 @@ if (!empty($_GET["action"])) { } if ($action == "passchange" && $_SESSION['user_id'] == $uid) { - $sql = "UPDATE users_table set Password='$pass' where User_ID=$uid;"; + $sql = "UPDATE users_table set Password='$pass' where User_ID='$uid';"; if ($con->query($sql) === TRUE) { error_reporting(0); echo "Password has been changed"; @@ -945,7 +945,7 @@ if (!empty($_GET["action"])) { } if ($action == "statuschange" && $_SESSION['user_id'] == $uid && ($_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "Admin")) { - $sql = "UPDATE users_table set Status='$status' where User_ID=$uid;"; + $sql = "UPDATE users_table set Status='$status' where User_ID='$uid';"; if ($con->query($sql) === TRUE) { $_SESSION["info_Admin_Users"] = $type . " user Status updated successfully "; header("Location: Admin.php"); @@ -1018,7 +1018,7 @@ INNER JOIN lab_reports_table on lab_reports_table.Lab_Report_ID=lab_report_submi INNER JOIN users_table on users_table.Student_ID=lab_report_submissions.Student_id -WHERE lab_report_submissions.Lab_Report_ID=$lab"; +WHERE lab_report_submissions.Lab_Report_ID='$lab'"; $export = mysqli_query($con, $select); diff --git a/batch_insert.php b/batch_insert.php index 20867af..afad832 100644 --- a/batch_insert.php +++ b/batch_insert.php @@ -19,7 +19,7 @@ if (!$conn) { } //获得用户名数据 -$source = $_POST['users']; +$source = mysqli_real_escape_string($conn,$_POST['users']); //如有多个空格,删除剩一个空格 $source1 = preg_replace('/\s\s+/', ' ', $source); @@ -31,13 +31,12 @@ $source2 = trim($source1); //根据空格拆分 $user = explode(' ', $source2); - //插入数据 for($index=0; $index < count($user); $index++) { $result = mysqli_query($conn, "SELECT * FROM `students_data` WHERE Student_ID='$user[$index]'"); if (mysqli_num_rows($result) < 1) { if (! mysqli_query($conn, "REPLACE INTO `students_data`(`Student_ID`, `Passport_Number`) VALUES('$user[$index]', '')" ) ) { - echo "SQL Error: " . $sql_stmt . "
" . mysqli_error($conn); + echo "SQL Error: " . $sql_stmt . "
" .htmlspecialchars(mysqli_error($conn)); } else { echo "

Student number $user[$index] added.

"; } diff --git a/recover_password.php b/recover_password.php index 0512f13..d9ae8a2 100644 --- a/recover_password.php +++ b/recover_password.php @@ -27,9 +27,9 @@ include 'Header.php';
- Student number + Student number
- Email + Email
@@ -38,7 +38,7 @@ include 'Header.php'; '; + echo '
'; $_SESSION['info_recover_password']=null; }