diff --git a/Admin.php b/Admin.php index 3c6ca89..4982a35 100644 --- a/Admin.php +++ b/Admin.php @@ -1,335 +1,362 @@ - - - - -
-

Administration Panel

- -
-
- - - - -
-

User account Management

- - Lecturer / TA Accounts
- - - - - - -
- - - - -
-

- - Create Lecturer/TA Accounts -
- - Full_Name - -Email - - - Passport_Number / ID (Used as Intial Password) - -
User Type : - Lecturer - T/A -
-'; - $_SESSION['info_Admin_Users']=null; -} -if(isset($_SESSION['info_Admin_Users'])) { - echo '
'; - $_SESSION['info_Admin_Users']=null; -} - -?> - -
- -
- - - -
- - - - - - -
-
- - -
- -
- - - -
- - - - -
- - - - - -
- - -
- - - - - - \ No newline at end of file diff --git a/Connect.php b/Connect.php index d82d890..2c362e2 100644 --- a/Connect.php +++ b/Connect.php @@ -1,23 +1,16 @@ -connect_error) { - die("Database Connection failed: " . $conn->connect_error); -} -// else -// { - -// echo "Connected"; -// } -session_start(); \ No newline at end of file + Courses > $name ($code) > Lab Reports -
Faculty : $faculty Year : $academic Lecturer :$lecturer +
Faculty: $faculty | Year: $academic | Lecturer: $lecturer
@@ -75,7 +77,7 @@ if( $_SESSION['user_type']=="Student")
- \ No newline at end of file + diff --git a/Script.php b/Script.php index 5c5a595..144729a 100644 --- a/Script.php +++ b/Script.php @@ -10,7 +10,7 @@ session_start(); date_default_timezone_set('Asia/Shanghai'); // CONNeCTION -$con=mysqli_connect("localhost","Teecloudy","5q7Ol2e!#!","lrr"); +$con=mysqli_connect("localhost","username","password","lrr"); // Check connection if (mysqli_connect_errno()) { @@ -30,17 +30,30 @@ if (mysqli_connect_errno()) error_reporting(0); if (!empty($_POST["frm_signup_1"])) { - $student_id=mysqli_real_escape_string($con,$_POST["student_id"]); - $passport=mysqli_real_escape_string($con,$_POST["passport"]); - - echo $student_id.' and '.$passport; + $student_id = mysqli_real_escape_string($con,$_POST["student_id"]); + $passport = mysqli_real_escape_string($con,$_POST["passport"]); + + // validate student number + if (strlen($student_id) != 12 || is_numeric($student_id) == FALSE) { + $_SESSION["info_signup1"] = "Invalid student number."; + header("Location: index.php"); + return; + } + + // passport should be empty (not used) + if (strcmp(trim($passport), '') != 0) { + $_SESSION["info_signup1"] = "Passport is disused. Please leave it empty."; + header("Location: index.php"); + return; + } + $result = mysqli_query($con, "SELECT * FROM `students_data` WHERE Student_ID='$student_id'"); // Just removed this condition from the above command and (Passport_Number='$passport' or Passport_Number = '') if(mysqli_num_rows($result)==0) { - $_SESSION["info_signup1"]="Student Information could not be verified ! Please contact Student Management Office."; + $_SESSION["info_signup1"]="Student number could not be verified! Please contact Student Management Office (lanhui at zjnu.edu.cn). Thanks."; header("Location: index.php"); return; } @@ -61,7 +74,7 @@ if (!empty($_POST["frm_signup_1"])) { } else { - $_SESSION["info_signup1"]="Student ID already in use ! Please contact Student Management Office if you failed to login to your account."; + $_SESSION["info_signup1"]="Student ID already in use! Please contact Student Management Office (lanhui at zjnu.edu.cn)."; header("Location: index.php"); return; } @@ -83,35 +96,40 @@ if (!empty($_POST["frm_signup_1"])) { // ############################### CREATE STUDENT USER ################################## if (!empty($_POST["frm_signup_2"])) { - $email=mysqli_real_escape_string($con,$_POST["email"]); - $password=mysqli_real_escape_string($con,$_POST["password"]); - $confirmpassword=mysqli_real_escape_string($con,$_POST["confirmpassword"]); - $fullname=mysqli_real_escape_string($con,$_POST["fullname"]); - $student_id=$_SESSION['user_student_id']; - $passport= $_SESSION['user_passport']; - $_SESSION['user_fullname']=$fullname; - $_SESSION['user_type']="Student"; - $_SESSION['user_email']=$email; + $email = mysqli_real_escape_string($con,$_POST["email"]); + $password = mysqli_real_escape_string($con,$_POST["password"]); + $confirmpassword = mysqli_real_escape_string($con,$_POST["confirmpassword"]); + $fullname = mysqli_real_escape_string($con,$_POST["fullname"]); + $student_id = $_SESSION['user_student_id']; + $passport = $_SESSION['user_passport']; + $_SESSION['user_fullname'] = $fullname; + $_SESSION['user_type'] = "Student"; + $_SESSION['user_email'] = $email; // check confirmed password if ( strcasecmp( $password, $confirmpassword ) != 0 ){ - $_SESSION['info_signup2']="Incorrect Password confirmation"; - header("Location: signup.php"); - return; + $_SESSION['info_signup2']="Password confirmation failed."; + header("Location: signup.php"); + return; } - // $containsLetter = preg_match('/[a-zA-Z]/', $password); - // $containsDigit = preg_match('/\d/', $password); - // $containsSpecial = preg_match('/[^a-zA-Z\d]/', $password); - $upperLetter = preg_match('@[A-Z]@', $password); - $smallLetter = preg_match('@[a-z]@', $password); - $containsDigit = preg_match('@[0-9]@', $password); - $containsSpecial = preg_match('@[^\w]@', $password); + + // validate email + if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { + $_SESSION['info_signup2']="Invalid email address."; + header("Location: signup.php"); + return; + } + + $upperLetter = preg_match('@[A-Z]@', $password); + $smallLetter = preg_match('@[a-z]@', $password); + $containsDigit = preg_match('@[0-9]@', $password); + $containsSpecial = preg_match('@[^\w]@', $password); $containsAll = $upperLetter && $smallLetter && $containsDigit && $containsSpecial; - // check for strong password - if($containsAll < 8) - { - $_SESSION['info_signup2']="Password should contain Letters , Numbers and sepcial characters"; - header("Location: signup.php"); - return; + + // check for strong password + if($containsAll < 8) { + $_SESSION['info_signup2']="Password must have at least characters that include letters, numbers and sepcial characters."; + header("Location: signup.php"); + return; } // check if email is taked $result = mysqli_query($con, @@ -128,12 +146,12 @@ if (!empty($_POST["frm_signup_1"])) { . "('$email','$password_hash','$fullname','Student','$student_id','$passport')"; if ($con->query($sql) === TRUE) { - header("Location: Courses.php"); - -} else { - echo "Error: " . $sql . "
" . $con->error; + header("Location: Courses.php"); + } else { + // echo "Error: " . $sql . "
" . $con->error; + echo "Something really bad happend during sign up."; + } } - } @@ -142,6 +160,24 @@ if (!empty($_POST["frm_signup_1"])) { if (!empty($_POST["frm_login"])) { $user=mysqli_real_escape_string($con,$_POST["user"]); + + $is_student_number = 0; + + // Validate student number + if (is_numeric($user) && strlen($user) != 12) { + $_SESSION["info_login"] = "Invalid student number:"."$user"; + header("Location: index.php"); + return; + } else { + $is_student_number = 1; + } + + if ($is_student_number == 0 && !filter_var($user, FILTER_VALIDATE_EMAIL)) { + $_SESSION["info_login"] = "Invalid email address: "."$user"; + header("Location: index.php"); + return; + } + $password=mysqli_real_escape_string($con,$_POST["password"]); // $hashed_password=hash('sha512', $password); Not necessary in the login $result = mysqli_query($con, "SELECT * FROM users_table WHERE (Student_ID='$user') OR (Email='$user')"); @@ -149,16 +185,16 @@ if(mysqli_num_rows($result)==0) { $_SESSION["info_login"]="Inavlid login information."; -echo $_SESSION["info_login"]; + echo $_SESSION["info_login"]; -header("Location: index.php"); + header("Location: index.php"); } else { while($row = mysqli_fetch_assoc($result)) { // verify the hashed password and unhashed password $sha512pass = hash('sha512', $password); // for backward compatibility. Old passwords were hashed using SHA512 algorithm. - if(password_verify($password, $row["Password"]) or $sha512pass == $row["HashPassword"] or $password == $row["Password"]){ + if(password_verify($password, $row["Password"]) or $sha512pass == $row["HashPassword"]) { $_SESSION['user_id']=$row['User_ID']; $_SESSION['user_email']=$row['Email']; $_SESSION['user_student_id']=$row['Student_ID']; @@ -205,85 +241,39 @@ header("Location: index.php"); - // ################################ Recover Password ##################################### if (!empty($_POST["frm_recover_password"])) { - $email=mysqli_real_escape_string($con,$_POST["email"]); - - $result = mysqli_query($con, - "SELECT * FROM Users_Table WHERE email='$email'"); -if(mysqli_num_rows($result)==0) - { - $_SESSION["info_recover_password"]="Email address is not recognised."; - + $student_id = mysqli_real_escape_string($con,$_POST["sno"]); + $email = mysqli_real_escape_string($con,$_POST["email"]); -echo "Email address was not recognised"; -return; -header("Location: recover_password.php"); - } - else - { - while($row = mysqli_fetch_assoc($result)) { + // validate student number + if (strlen($student_id) != 12 || is_numeric($student_id) == FALSE) { + echo "Invalid student number."; + return; + } - $userid=$row['User_ID']; - - $email=urlencode($row['Email']); - $pure_email=$row['Email']; - $id=$row['Student_ID']; - - $token=$userid*$userid*$userid+$userid*0.00343; - - $name=$row['Full_Name']; -$link="Click Here (点击这里) "; -$msg=urlencode("

Lab Report Repository System - ZJNU


Hi " -.$name. -" Here is your password recovery link , " -.$link. -" to reset your password ,
please ignore this message if you did not request password recovery.



-您好 $name, 这是你的密码恢复链接,点击上面的链接 重置你的密码, -如果您没有请求密码恢复,请忽略此消息。




LRR System by Mohamed Nor.
"); - - -$title=urlencode("Password recovery Request for LRR system - ZJNU "); - - -$url="http://sms.samesoftware.com/email/send/?Subject=$title&Body=$msg&ToAddress=$email&token=s1234"; - -//$response = file_get_contents($url); - - -$ch = curl_init(); - - curl_setopt($ch, CURLOPT_HEADER, 0); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); - curl_setopt($ch, CURLOPT_URL, $url); - - $data = curl_exec($ch); - - if(curl_errno($ch)) - echo 'Curl error: '.curl_error($ch); -curl_close ($ch); - - - -echo $data."
"; - - - -$_SESSION["info_login"]="
Please check your Inbox & Junk folders for the recovery email , a reset link was sent to your email $pure_email "; - -header("Location: index.php"); - - - } - } + // validate email + if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { + echo "Invalid email address."; + return; } - - + $result = mysqli_query($con, "SELECT * FROM users_table WHERE Email='$email' and Student_ID='$student_id'"); + if(mysqli_num_rows($result)==0) + { + $_SESSION["info_recover_password"]="Email address is not recognised."; + $_SESSION["info_recover_password"] = "Identity not recognized. Try again or send an inquiry email message to lanhui at zjnu.edu.cn."; + header("Location: recover_password.php"); + } else + { + $result = mysqli_query($con, "DELETE FROM users_table WHERE Email='$email' and Student_ID='$student_id'"); + $_SESSION["info_recover_password"] = "Reset done. Please go to the sign up page and sign up again."; + header("Location: recover_password.php"); + } +} @@ -1399,47 +1389,54 @@ header("Location: Course.php?url=".$url); //action=passchange&uid=1&pass=1929 - if (!empty($_GET["action"])) { +if (!empty($_GET["action"])) { - $action=$_GET["action"]; - $uid=$_GET["uid"]; - - $pass=$_GET["pass"]; - $status=$_GET["status"]; + $action=$_GET["action"]; + $uid=$_GET["uid"]; + + + $pass = $_GET["pass"]; + $pass = password_hash($pass, PASSWORD_DEFAULT); + + + $status=$_GET["status"]; + + + // validate uid + if (intval($uid) < 0) { + header("Location: index.php"); + return; + } + - if($action=="passchange") - { - $sql= "UPDATE users_table set Password='$pass' where User_ID=$uid;"; - if ($con->query($sql) === TRUE) { - - error_reporting(0); - - echo "Password has been changed"; - return; - $_SESSION["info_Admin_Users"]=$type." User Password was Reset to his/her Passport/ID successfully "; - header("Location: Admin.php"); - } - } - else { - echo "Error: " . $sql . "
" . $con->error; -} - - if($action=="statuschange") - { - $sql= "UPDATE users_table set Status='$status' where User_ID=$uid;"; - if ($con->query($sql) === TRUE) { - - $_SESSION["info_Admin_Users"]=$type." user Status updated successfully "; - header("Location: Admin.php"); + if($action=="passchange") + { + $sql= "UPDATE users_table set Password='$pass' where User_ID=$uid;"; + if ($con->query($sql) === TRUE) { + error_reporting(0); + echo "Password has been changed"; + // return; + $_SESSION["infoChangePassword"]=$type." User password was changed successfully."; + header("Location: index.php"); + } else { + // echo "Error: " . $sql . "
" . $con->error; + echo "Something really bad happened while changing password. Contact lanhui at zjnu.edu.cn. Thanks!"; + } + } + + + if($action=="statuschange") + { + $sql= "UPDATE users_table set Status='$status' where User_ID=$uid;"; + if ($con->query($sql) === TRUE) { + $_SESSION["info_Admin_Users"]=$type." user Status updated successfully "; + header("Location: Admin.php"); + } else { + // echo "Error: " . $sql . "
" . $con->error; + echo "Something really bad happened while changing status. Contact lanhui at zjnu.edu.cn. Thanks!"; + } } - }else { - echo "Error: " . $sql . "
" . $con->error; -} - - - - } - + } diff --git a/Student.php b/Student.php index 6d062b0..86dfd48 100644 --- a/Student.php +++ b/Student.php @@ -1,20 +1,20 @@ - - -


- - -
- -
-

STUEDNT Account Created , Now you can Browse Course Portals

-
- - -
- - - + + +


+ + +
+ +
+

STUEDNT Account Created , Now you can Browse Course Portals

+
+ + +
+ + + diff --git a/Submissions.php b/Submissions.php index 499ba27..688fe89 100644 --- a/Submissions.php +++ b/Submissions.php @@ -556,11 +556,11 @@ where course_group_members_table.Course_Group_id=$id"); - + - + - + + diff --git a/Visitors.php b/Visitors.php index 934c9c3..6d26d0c 100644 --- a/Visitors.php +++ b/Visitors.php @@ -1,67 +1,67 @@ - - - - -
- - LRRS > Visitor Portal > Public Lab Reports -
-
- "; - - $result = mysqli_query($con,"SELECT `Submission_ID`, `Submission_Date`, lab_report_submissions.Student_id, - `Attachment1`, `Notes`, `Attachment2`, `Attachment3`, `Attachment4`, `Marks`, `Title`, `Visibility` , - users_table.Full_Name,course_groups_table.Group_Name -FROM `lab_report_submissions` -left join users_table on users_table.Student_ID=lab_report_submissions.Student_id -left JOIN course_groups_table on course_groups_table.Course_Group_id=lab_report_submissions.Course_Group_id -WHERE Visibility='Public' "); - if(mysqli_num_rows($result)==0) - {} else { while($row = mysqli_fetch_assoc($result)) { - $att1=$row['Attachment1']; - $att2=$row['Attachment2']; - - $sdate=$row['Submission_Date']; - $att3=$row['Attachment3']; - $att4=$row['Attachment4']; - $labid=$row['Lab_Report_ID']; - $title=$row['Title']; - - $submitted_std=$row['Student_id']; - $submitted_group=$row['Course_Group_id']; - $Submission_ID=$row['Submission_ID']; - $sname=$row['Full_Name']; - $gname=$row['Group_Name']; - $Visibility=$row['Visibility']; - - $full_link="$att1"; - - if($att2!=""){ - $full_link= $full_link."| $att2"; - } - if($att3!=""){ - $full_link= $full_link."| $att3"; - } - - if($att4!=""){ - $full_link= $full_link."| $att4"; - } - - - echo" - -
- $title by $gname $sname -
Submission Date :$sdate      Files : $full_link -
- "; - - }}?> - - + + + + +
+ + LRRS > Visitor Portal > Public Lab Reports +
+
+ "; + + $result = mysqli_query($con,"SELECT `Submission_ID`, `Submission_Date`, lab_report_submissions.Student_id, + `Attachment1`, `Notes`, `Attachment2`, `Attachment3`, `Attachment4`, `Marks`, `Title`, `Visibility` , + users_table.Full_Name,course_groups_table.Group_Name +FROM `lab_report_submissions` +left join users_table on users_table.Student_ID=lab_report_submissions.Student_id +left JOIN course_groups_table on course_groups_table.Course_Group_id=lab_report_submissions.Course_Group_id +WHERE Visibility='Public' "); + if(mysqli_num_rows($result)==0) + {} else { while($row = mysqli_fetch_assoc($result)) { + $att1=$row['Attachment1']; + $att2=$row['Attachment2']; + + $sdate=$row['Submission_Date']; + $att3=$row['Attachment3']; + $att4=$row['Attachment4']; + $labid=$row['Lab_Report_ID']; + $title=$row['Title']; + + $submitted_std=$row['Student_id']; + $submitted_group=$row['Course_Group_id']; + $Submission_ID=$row['Submission_ID']; + $sname=$row['Full_Name']; + $gname=$row['Group_Name']; + $Visibility=$row['Visibility']; + + $full_link="$att1"; + + if($att2!=""){ + $full_link= $full_link."| $att2"; + } + if($att3!=""){ + $full_link= $full_link."| $att3"; + } + + if($att4!=""){ + $full_link= $full_link."| $att4"; + } + + + echo" + +
+ $title by $gname $sname +
Submission Date :$sdate      Files : $full_link +
+ "; + + }}?> + + diff --git a/batch_insert.php b/batch_insert.php new file mode 100644 index 0000000..664bf66 --- /dev/null +++ b/batch_insert.php @@ -0,0 +1,55 @@ +" . mysqli_error($conn); + } else { + echo "

Student number $user[$index] added.

"; + } + } else { + echo "

Student number $user[$index] already exists.

"; + } +} + +//返回按钮 +echo "
"; + +//释放缓存 +$result->free(); + +//中断连接 +mysqli_close($conn); + +?> \ No newline at end of file diff --git a/index.php b/index.php index 2379936..bc59142 100644 --- a/index.php +++ b/index.php @@ -40,21 +40,31 @@ Student ID / Email Password
-
Recover lost password +
Reset my password '; $_SESSION['info_login']=null; } + + // wrong pass if(isset($_SESSION['wrong_pass'])) { echo '
'; $_SESSION['wrong_pass']=null; } + +if(isset($_SESSION['infoChangePassword'])) { + echo '
'; + $_SESSION['infoChangePassword']=null; +} + + ?> @@ -67,7 +77,7 @@ if(isset($_SESSION['wrong_pass'])) {
-

Student Sign up

+

Student sign up

@@ -79,7 +89,7 @@ if(isset($_SESSION['wrong_pass'])) { Your Passport / National ID
-
+
Click Next to set up password diff --git a/logout.php b/logout.php index 9ed46e7..7818fe0 100644 --- a/logout.php +++ b/logout.php @@ -1,24 +1,22 @@ - +
-
- -
- -

Recover lost password

-
- -
- - - - Email - +

- -
* You will recieve email with recovery information - Reset my password +
+ +
+ + + Student number +
+ Email +
+ +
* You will need to sign up again after you click the above button. + + +
+
+
+
+'; + $_SESSION['info_recover_password']=null; +} ?> - -
- -
-
- -
- - - \ No newline at end of file diff --git a/signup.php b/signup.php index 0720b04..27b9c89 100644 --- a/signup.php +++ b/signup.php @@ -1,57 +1,57 @@ - - -
- -
- -
- -

Sign Up

-
- -
-
- - Full Name - - - Email - - - Password - - Confirm Password - -
- - -'; - $_SESSION['info_signup2']=null; -} - -?> -
-
- -
-
- -
- - + + +
+ +
+ +
+ +

Sign Up

+
+ +
+
+ + Full Name + + + Email + + + Password + + Confirm Password + +
+ + +'; + $_SESSION['info_signup2']=null; +} + +?> +
+
+ +
+
+ +
+ + \ No newline at end of file diff --git a/test.php b/test.php new file mode 100644 index 0000000..4780387 --- /dev/null +++ b/test.php @@ -0,0 +1,61 @@ +Hash2=".$hashed_password2; + + + + +$con=mysqli_connect("localhost","username","password","lrr"); +// Check connection +if (mysqli_connect_errno()) + { + echo "Failed to connect to MySQL: " . mysqli_connect_error(); + } +else +{ +echo "Connected "; +} + +mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); +$query = "SELECT * from users_table;"; +$result = mysqli_query($con, $query); + + +if (mysqli_num_rows($result) > 0) { + + echo ""; + + while ($row = mysqli_fetch_assoc($result)) { + +$id=$row["User_ID"]; +$pass=$row["Password"]; +$hash_pass=hash('sha512', $pass); +$inner_query = "update users_table set HashPassword='$hash_pass' where User_ID=$id;"; +if ($con->query($inner_query) === TRUE) { echo " User # $id updated
"; } + + //echo ""; + //echo ""; + //echo ""; + + } + + echo "
{$row['Password']}{$row['Email']}
"; + + +} + +