Fix Bug 430

Bug430-Eden
ADMASU EDEN SOLOMON 2023-12-27 03:15:49 +08:00
parent 8d30ecc584
commit adc9daef98
3 changed files with 41 additions and 9 deletions

View File

@ -37,9 +37,17 @@ function is_valid_student_number($student_id)
if (!empty($_POST["form_signup"])) { if (!empty($_POST["form_signup"])) {
$student_id = trim(mysqli_real_escape_string($con, $_POST["user_student_id"])); $student_id = trim(mysqli_real_escape_string($con, $_POST["user_student_id"]));
$_SESSION['user_fullname'] = $_POST["fullname"];
$_SESSION['user_fullname_temp'] = $_POST["fullname"];
$_SESSION['user_email'] = $_POST["email"];
$_SESSION['user_student_id_temp'] = $_POST["user_student_id"];
// validate student number // validate student number
if (!is_valid_student_number($student_id)) { if (!is_valid_student_number($student_id)) {
$_SESSION["info_signup"] = "Invalid student number."; $_SESSION["info_signup"] = "Invalid student number.";
$_SESSION['user_fullname'] = null;
header("Location: signup.php"); header("Location: signup.php");
return; return;
} }
@ -48,6 +56,10 @@ if (!empty($_POST["form_signup"])) {
$result = mysqli_query($con, "SELECT * FROM `students_data` WHERE Student_ID='$student_id'"); $result = mysqli_query($con, "SELECT * FROM `students_data` WHERE Student_ID='$student_id'");
if (mysqli_num_rows($result) == 0) { if (mysqli_num_rows($result) == 0) {
$_SESSION["info_signup"] = "Your entered student number could not be verified. Please contact Student Management Office <lanhui at zjnu.edu.cn>. Thanks."; $_SESSION["info_signup"] = "Your entered student number could not be verified. Please contact Student Management Office <lanhui at zjnu.edu.cn>. Thanks.";
$_SESSION['user_fullname'] = null;
header("Location: signup.php"); header("Location: signup.php");
return; return;
} }
@ -58,6 +70,7 @@ if (!empty($_POST["form_signup"])) {
$student_result = mysqli_query($con, "SELECT * FROM `users_table` WHERE Student_ID='$student_id'"); $student_result = mysqli_query($con, "SELECT * FROM `users_table` WHERE Student_ID='$student_id'");
if (mysqli_num_rows($student_result) > 0) { if (mysqli_num_rows($student_result) > 0) {
$_SESSION["info_signup"] = "This Student ID is already in use! Please contact Student Management Office <lanhui at zjnu.edu.cn> for help."; $_SESSION["info_signup"] = "This Student ID is already in use! Please contact Student Management Office <lanhui at zjnu.edu.cn> for help.";
$_SESSION['user_fullname'] = null;
header("Location: signup.php"); header("Location: signup.php");
return; return;
} }
@ -70,11 +83,10 @@ if (!empty($_POST["form_signup"])) {
$email = mysqli_real_escape_string($con, $_POST["email"]); $email = mysqli_real_escape_string($con, $_POST["email"]);
$password = mysqli_real_escape_string($con, $_POST["password"]); $password = mysqli_real_escape_string($con, $_POST["password"]);
$confirmpassword = mysqli_real_escape_string($con, $_POST["confirmpassword"]); $confirmpassword = mysqli_real_escape_string($con, $_POST["confirmpassword"]);
$_SESSION['user_fullname'] = $fullname;
$_SESSION['user_type'] = "Student";
$_SESSION['user_email'] = $email;
$_SESSION['user_student_id'] = $student_id;
$_SESSION['user_student_id'] = $_POST["student_id"];
$_SESSION['user_type'] = "Student";
// check confirmed password // check confirmed password
if (strcasecmp($password, $confirmpassword) != 0) { if (strcasecmp($password, $confirmpassword) != 0) {
$_SESSION['info_signup'] = "Password confirmation failed."; $_SESSION['info_signup'] = "Password confirmation failed.";
@ -86,6 +98,8 @@ if (!empty($_POST["form_signup"])) {
// validate email // validate email
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$_SESSION['info_signup'] = "Invalid email address."; $_SESSION['info_signup'] = "Invalid email address.";
$_SESSION['user_fullname'] = null;
header("Location: signup.php"); header("Location: signup.php");
return; return;
} }
@ -99,6 +113,8 @@ if (!empty($_POST["form_signup"])) {
// check for strong password // check for strong password
if (!$containsAll) { if (!$containsAll) {
$_SESSION['info_signup'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and special characters (e.g., !?.,*^)."; $_SESSION['info_signup'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and special characters (e.g., !?.,*^).";
$_SESSION['user_fullname'] = null;
header("Location: signup.php"); header("Location: signup.php");
return; return;
} }
@ -116,6 +132,9 @@ if (!empty($_POST["form_signup"])) {
$password_hash = password_hash($password, PASSWORD_DEFAULT); $password_hash = password_hash($password, PASSWORD_DEFAULT);
$sql = "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`, `Student_ID`) VALUES " $sql = "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`, `Student_ID`) VALUES "
. "('$email','$password_hash','$fullname','Student','$student_id')"; . "('$email','$password_hash','$fullname','Student','$student_id')";
$_SESSION['user_fullname'] =$_SESSION['user_fullname_temp'];
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
header("Location: Courses.php"); header("Location: Courses.php");
@ -131,11 +150,15 @@ if (!empty($_POST["form_login"])) {
$user = mysqli_real_escape_string($con, $_POST["user"]); // user could be a 12-digit student number or an email address $user = mysqli_real_escape_string($con, $_POST["user"]); // user could be a 12-digit student number or an email address
$is_student_number = 0; $is_student_number = 0;
$_SESSION["failed_login_user"] = $user; // Save the entered username in a session variable
echo "Failed login user: " . $_SESSION["failed_login_user"];
// Validate student number // Validate student number
if (is_valid_student_number($user)) { if (is_valid_student_number($user)) {
$is_student_number = 1; $is_student_number = 1;
} }
// Validate email address if what provided is not a student number // Validate email address if what provided is not a student number
if (!$is_student_number && !filter_var($user, FILTER_VALIDATE_EMAIL)) { if (!$is_student_number && !filter_var($user, FILTER_VALIDATE_EMAIL)) {
$_SESSION["info_login"] = "Invalid email address: " . "$user"; $_SESSION["info_login"] = "Invalid email address: " . "$user";
@ -177,10 +200,19 @@ if (!empty($_POST["form_login"])) {
header("Location: Admin.php"); header("Location: Admin.php");
} }
// report wrong pass if not correct // report wrong pass if not correct
} else { return;
} else {
$_SESSION["wrong_pass"] = "Wrong Password."; $_SESSION["wrong_pass"] = "Wrong Password.";
echo $_SESSION["wrong_pass"]; // Optional: Display the error message for debugging
header("Location: index.php"); header("Location: index.php");
exit(); // Add this line to prevent further execution after redirect
} }
// Add the following line to reset the session variable when needed
unset($_SESSION["failed_login_user"]);
} }
} }
} }

View File

@ -30,7 +30,7 @@ if (isset($_SESSION["user_fullname"])) {
<legend>Sign in</legend> <legend>Sign in</legend>
<input type="hidden" name="form_login" value="true"/> <input type="hidden" name="form_login" value="true"/>
<label for="user_name" class="form-label">Account name</label> <label for="user_name" class="form-label">Account name</label>
<input type="text" name="user" placeholder="Student Number / Email address" class="form-control" required="required" id="user_name" /> <input type="text" name="user" placeholder="Student Number / Email address" class="form-control" required="required" id="user_name" value="<?php echo isset($_SESSION['failed_login_user']) ? htmlspecialchars($_SESSION['failed_login_user']) : ''; ?>" />
<br> <br>
<label for="user_password" class="form-label">Password</label> <label for="user_password" class="form-label">Password</label>
<input type="password" class="form-control" name="password" placeholder="password" required="required" id="user_password" /> <input type="password" class="form-control" name="password" placeholder="password" required="required" id="user_password" />

View File

@ -22,10 +22,10 @@ include 'Header.php';
<input type="hidden" name="form_signup" value="true" /> <input type="hidden" name="form_signup" value="true" />
Full Name Full Name
<input type="text" name="fullname" placeholder="Your full name" class="form-control" value="<?php echo $_SESSION['user_fullname']; ?>" required="required" id="full_name"/> <br> <input type="text" name="fullname" placeholder="Your full name" class="form-control" value="<?php echo isset($_SESSION['user_fullname_temp']) ? $_SESSION['user_fullname_temp'] : ''; ?>" required="required" id="full_name"/> <br>
Student ID Student ID
<input type="text" name="user_student_id" placeholder="Entre your student ID" class="form-control" value="<?php echo $_SESSION['user_student_id']; ?>" required="required" id="student_id"> <br> <input type="text" name="user_student_id" placeholder="Entre your student ID" class="form-control" value="<?php echo isset($_SESSION['user_student_id_1']) ? $_SESSION['user_student_id_temp'] : ''; ?>" required="required" id="student_id"> <br>
Email Email
<input type="text" name="email" placeholder="Email" class="form-control" value="<?php echo $_SESSION['user_email']; ?>" required="required" id="email" /> <br> <input type="text" name="email" placeholder="Email" class="form-control" value="<?php echo $_SESSION['user_email']; ?>" required="required" id="email" /> <br>