Several fixes (sign up/sign in, recover password, etc).

2020-09-26 20:08:39 +08:00 · 2020-09-26 20:08:39 +08:00 · df3b48553a
parent f8995eec6f
commit df3b48553a
17 changed files with 914 additions and 771 deletions
--- a/Admin.php
+++ b/Admin.php
@ -1,7 +1,14 @@
 <?php
 $page="admin";
 include 'Header.php';
 ?>
 <?php
 if ($_SESSION['user_type'] != "Lecturer") {
    $_SESSION["info_login"]="You must log in first.";
    echo $_SESSION["info_login"];
    header("Location: index.php");
 }
 ?>
 <style>
@ -35,11 +42,20 @@ include 'Header.php';
        <div class="container">
 <!-- Nav tabs -->
  <ul class="nav nav-tabs" role="tablist">
    <li class="nav-item">
      <a class="nav-link active" data-toggle="tab" href="#home">Create New Account</a>
    </li>
    <li class="nav-item">
      <a class="nav-link" data-toggle="tab" href="#menu2">Batch Create New Student Accounts</a>
    </li>
    <li class="nav-item">
      <a class="nav-link" data-toggle="tab" href="#menu1">Existing Accounts</a>
    </li>
@ -48,6 +64,7 @@ include 'Header.php';
  <!-- Tab panes -->
  <div class="tab-content">
    <div id="home" class="container tab-pane active"><br>
        <b>Create Lecturer/TA Accounts </b>
@ -89,16 +106,14 @@ if(isset($_SESSION['info_Admin_Users'])) {
      <div id="menu1" class="container tab-pane fade"><br>
 <table class="table-bordered" style="font-size: 10pt;">
    <tr style="font-size:10pt;">
        <th>ID</th>
-		<th>Name</th>
+        <th>Name</th>
        <th>Email</th>
-            <th>Passport / ID </th>
+        <th>Passport / ID </th>
-               <th>Reset Password </th>
+        <th>Reset Password </th>
-               <th>Block/Activate </th>
+        <th>Block/Activate </th>
    </tr>
 <?php
@ -123,6 +138,18 @@ if(isset($_SESSION['info_Admin_Users'])) {
     </div>
        <!-- code contributed by Xu Xiaopeng (https://github.com/xxp1999) -->
   	<div id="menu2"  class="container tab-pane fade" style="margin-top:10px" >
 		<b>Please separate student numbers with spaces.</b><br>
 		<form action="batch_insert.php" method="post">
 		    <p>
 			<textarea cols="80" rows="16" name="users" required=""></textarea>
 	            </p>
 			<input type="submit" class="btn btn-primary" value="Create All"><br>
 		</form>	
   	</div>
  </div>
 </div>
--- a/Connect.php
+++ b/Connect.php
@ -1,23 +1,16 @@
 <?php
 $servername = "localhost";
 $username = "root";
 $password = "";
 // $servername = "sql202.epizy.com";
 // $username = "epiz_23626301";
 // $password = "wtn2rmj3";
 // Create connection
 $con = new mysqli($servername, $username, $password,'lrr');
 // Check connection
 if ($con->connect_error) {
    die("Database Connection failed: " . $conn->connect_error);
 } 
 // else
 // {
 // echo "Connected";
 // }
 session_start();
 $con=mysqli_connect("localhost","username","password","lrr");
 // Check connection
 if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
 else
 {
 echo "Connected";
 }
--- a/Course.php
+++ b/Course.php
@ -15,7 +15,9 @@ include 'Header.php';
         . " ON users_table.User_ID=courses_table.Lecturer_User_ID where URL='$course_url' ");
 if(mysqli_num_rows($result)==0)
-    {} else { while($row = mysqli_fetch_assoc($result)) {
+    {echo "should not be here";} else {
                   while($row = mysqli_fetch_assoc($result)) {
 			$name=$row['Course_Name'];
                        $code=$row['Course_Code'];
                         $faculty=$row['Faculty'];	
@ -27,7 +29,7 @@ include 'Header.php';
                echo    "  <div class='alert' style='margin-left:20px;border-bottom:2px solid #1D91EF;'> <a href='~\..\Courses.php?course=$url'>
  Courses > $name ($code) > Lab Reports
-   <br> <span style='font-size:8pt'>Faculty : $faculty  Year :   $academic  Lecturer  :$lecturer  </span>
+   <br> <span style='font-size:8pt'>Faculty: $faculty  | Year: $academic | Lecturer: $lecturer  </span>
 </a></div>
@ -75,7 +77,7 @@ if( $_SESSION['user_type']=="Student")
    <!-- Nav tabs -->
 <ul class="nav nav-tabs" role="tablist">
    <li class="nav-item">
-      <a class="nav-link active" data-toggle="tab" href="#menu1">New Labs Reports</a>
+      <a class="nav-link active" data-toggle="tab" href="#menu1">New Lab Reports</a>
    </li>
    <li class="nav-item">
      <a class="nav-link" data-toggle="tab" href="#menu2">Missed Lab Reports </a>
@ -100,20 +102,18 @@ course_groups_table  on course_group_members_table.Course_Group_id = course_grou
 WHERE course_group_members_table.Student_ID=$student_id and course_groups_table.Course_id=$course_id";
- 
+ $resultx1 = mysqli_query($con,$sql);
 $resultx1 = mysqli_query($con,$sql);
 while($row = mysqli_fetch_assoc($resultx1)) {$_SESSION['group_id']=$row['Course_Group_id'];}  
 $group_id=$_SESSION['group_id'];
 if($group_id==""){$group_id=-1;}
 $group_id=$_SESSION['group_id'];
 $var="SELECT Type,Lab_Report_ID,Marks, `Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, lab_reports_table.Title, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`
      FROM `lab_reports_table` WHERE Course_ID=$course_id  "
         . ""
-         . "and (deadline > '$c_date' or Lab_Report_ID in (SELECT `Lab_Report_ID` FROM `extended_deadlines_table`"
+         . "and (Deadline > '$c_date' or Lab_Report_ID in (SELECT `Lab_Report_ID` FROM `extended_deadlines_table`"
         . " WHERE  Lab_Report_ID in (select Lab_Report_ID from lab_reports_table where Course_ID=$course_id) and Student_ID=$student_id and Extended_Deadline_Date > '$c_date')       ) "   
         . ""
         . ""
@ -124,9 +124,7 @@ $var="SELECT Type,Lab_Report_ID,Marks, `Course_ID`, `Posted_Date`, `Deadline`, `
         . ""
         . " ORDER by Lab_Report_ID DESC";
-
+$result1 = mysqli_query($con,$var);
 $result1 = mysqli_query($con,$var);
 if(mysqli_num_rows($result1)==0)
    {
@ -652,11 +650,10 @@ where course_group_members_table.Course_Group_id=$id");
        ?>
-<script src="css/jquery-1.11.1.min.js"></script>
+<script src="./css/jquery-1.11.1.min.js"></script>
 <script src="./css/jquery-ui.min.js"></script>
 <link rel="stylesheet" href="./css/jquery-ui.css" />
 <script src="css/jquery-ui.min.js"></script>
 <link rel="stylesheet" href="css/jquery-ui.css" />
 <script>
    function CreateGroup() {
--- a/Courses.php
+++ b/Courses.php
@ -30,11 +30,11 @@ $user_d=$_SESSION['user_id'];
 <div class="row" style="width:80%;margin:auto; text-align:left;">
-  <script src="css/jquery-1.11.1.min.js"></script>
+<script src="./css/jquery-1.11.1.min.js"></script>
 <script src="./css/jquery-ui.min.js"></script>
 <link rel="stylesheet" href="./css/jquery-ui.css" />
 <script src="css/jquery-ui.min.js"></script>
 <link rel="stylesheet" href="css/jquery-ui.css" />
 <script>
@ -139,7 +139,7 @@ New Date/Time <br><input type="date" name="date" required=""> <input type="time"
    $sql = "UPDATE `lab_reports_table` SET `Deadline` = ('" . $Deadline . "'), `Instructions` = ('" . $instructions . "'), `Title` = ('" . $title . "'), `Marks` = ('" . $marks . "') WHERE `lab_reports_table`.`Lab_Report_ID` = '$getid'";
    if ($con->query($sql) === TRUE) {
-      $_SESSION["info_updated"]="Assignment information updated successfully.";
+      $_SESSION["info_Updated"]="Information Updated Successfull";
   } else {
       echo "Error: " . $sql . "<br>" . $con->error;
@ -253,9 +253,9 @@ Submission Type  <input type='radio' name='type' value='Individual' required=''>
            echo "<div class='col-md-7'>  <h3> Lab Report Assignment list </h3>";  
 error_reporting(0);
- if(isset($_SESSION["info_updated"])){
+ if(isset($_SESSION["info_Updated"])){
-  echo '<hr><div class="alert alert-info" role="alert">' . $_SESSION['info_updated'] . '</div>';
+  echo '<hr><div class="alert alert-info" role="alert">' . $_SESSION['info_Updated'] . '</div>';
-  $_SESSION['info_updated'] = null;
+  $_SESSION['info_Updated'] = null;
 }
 if (isset($_SESSION['info_courses'])) {
    echo '<hr><div class="alert alert-info" role="alert">' . $_SESSION['info_courses'] . '</div>';
--- a/Header.php
+++ b/Header.php
@ -5,7 +5,7 @@ error_reporting(0);
  date_default_timezone_set('Asia/Shanghai');
-$con=mysqli_connect("localhost","root","","lrr");
+$con=mysqli_connect("localhost","username","password","lrr");
 // Check connection
 if (mysqli_connect_errno())
  {
@ -25,15 +25,14 @@ else
 <html>
 <header>
 <title>Lab Report Repository System</title>
-<link href="css/bootstrap.min.css" rel="stylesheet" type="text/css"/>
+   
-<link href="font-awesome/css/font-awesome.min.css" rel="stylesheet" type="text/css"/>
+<link href="./css/bootstrap.min.css" rel="stylesheet" type="text/css"/>
-<script src="http://118.25.96.118/nor/css/jquery.min.js" type="text/javascript"></script>
+<link href="./font-awesome/css/font-awesome.min.css" rel="stylesheet" type="text/css"/>
-<script src="http://118.25.96.118/nor/css/bootsrap.min.js" type="text/javascript"></script>
+<script src="./css/jquery.min.js" type="text/javascript"></script>
-<link href="http://118.25.96.118/nor/css/bootstrap.min.css" rel="stylesheet" type="text/css"/>
+<script src="./css/bootsrap.min.js" type="text/javascript"></script>
-<script src="http://118.25.96.118/nor/css/jquery.datetimepicker.min.js" type="text/javascript"></script>
+<link href="./css/bootstrap.min.css" rel="stylesheet" type="text/css"/>
-<link rel = "shortcut icon" href = "logo_text.png">
+<script src="./css/jquery.datetimepicker.min.js" type="text/javascript"></script>
@ -60,7 +59,7 @@ else
      <li class="nav-item active">
             <li class="nav-item active">
-                <a class='nav-link' href='~\..\Visitors.php'>     <i class='fa fa-globe'></i>  Visitor Portal <span class='sr-only'>(current)</span></a>
+                <!-- <a class='nav-link' href='~\..\Visitors.php'>     <i class='fa fa-globe'></i>  Visitor Portal <span class='sr-only'>(current)</span></a> -->
            </li>
            <?php
            if(isset($_SESSION["user_fullname"]))
@ -83,12 +82,18 @@ else
        ?>
 <?php
 if ($_SESSION['user_type'] == "Lecturer") {
   echo  "&nbsp;&nbsp;&nbsp;  <i class=\"fa fa-cog\" style=\"color:#fff;\"> </i> &nbsp;<a style='color:#fff !important' href=\"~\..\Admin.php\">Admin </a>";
 }
 ?>
      &nbsp;&nbsp;&nbsp;  <i class="fa fa-user" style="color:#fff;"> </i>
      &nbsp;<a href="#" style='color:#fff !important' onclick="updatePass(<?php echo $_SESSION['user_id'];?>)">Update password</a>
      &nbsp;&nbsp;&nbsp;  <i class="fa fa-lock" style="color:#fff;"> </i> &nbsp;<a style='color:#fff !important' href="~\..\logout.php">Logout </a>
      &nbsp; |  &nbsp;<a href="#" style='color:#fff !important' onclick="updatePass(<?php echo $_SESSION['user_id'];?>)">Update Password</a>
    <?php
            }
            ?>
@ -162,9 +167,9 @@ else
    function updatePass(id)
    {
-       var pass=  prompt("Enter your New Password : ", "...");
+       var pass=  prompt("Enter your new password : ", "...");
-      if(!confirm('Are you  sure to Reset your  Password?'))
+      if(!confirm('Are you sure to reset your password?'))
      {
        return;  
      }
--- a/Script.php
+++ b/Script.php
@ -10,7 +10,7 @@
 session_start();
  date_default_timezone_set('Asia/Shanghai');
 // CONNeCTION
-$con=mysqli_connect("localhost","Teecloudy","5q7Ol2e!#!","lrr");
+$con=mysqli_connect("localhost","username","password","lrr");
 // Check connection
 if (mysqli_connect_errno())
  {
@ -30,17 +30,30 @@ if (mysqli_connect_errno())
 error_reporting(0);
 if (!empty($_POST["frm_signup_1"])) {
-     $student_id=mysqli_real_escape_string($con,$_POST["student_id"]);
+     $student_id = mysqli_real_escape_string($con,$_POST["student_id"]);
-     $passport=mysqli_real_escape_string($con,$_POST["passport"]);
+     $passport = mysqli_real_escape_string($con,$_POST["passport"]);
    // validate student number
    if (strlen($student_id) != 12  || is_numeric($student_id) == FALSE) {
       $_SESSION["info_signup1"] = "Invalid student number.";
       header("Location: index.php");
       return;       
    }
   // passport should be empty (not used)
   if (strcmp(trim($passport), '') != 0) {
       $_SESSION["info_signup1"] = "Passport is disused.  Please leave it empty.";
       header("Location: index.php");
       return;       
   }
    echo $student_id.' and '.$passport;
   $result = mysqli_query($con,
       "SELECT * FROM `students_data` WHERE Student_ID='$student_id'");
      //  Just removed this condition from the above command and (Passport_Number='$passport' or Passport_Number = '')
     if(mysqli_num_rows($result)==0)
    {
-        $_SESSION["info_signup1"]="Student Information could not be verified ! Please contact Student Management Office.";
+        $_SESSION["info_signup1"]="Student number could not be verified! Please contact Student Management Office (lanhui at zjnu.edu.cn).  Thanks.";
        header("Location: index.php");     
        return;		
    }
@ -61,7 +74,7 @@ if (!empty($_POST["frm_signup_1"])) {
    }
    else
    { 
-        $_SESSION["info_signup1"]="Student ID already in use ! Please contact Student Management Office if you failed to login to your account.";
+        $_SESSION["info_signup1"]="Student ID already in use! Please contact Student Management Office (lanhui at zjnu.edu.cn).";
        header("Location: index.php");
        return;		
    } 
@ -83,35 +96,40 @@ if (!empty($_POST["frm_signup_1"])) {
    // ############################### CREATE STUDENT USER ##################################
    if (!empty($_POST["frm_signup_2"])) {
-     $email=mysqli_real_escape_string($con,$_POST["email"]);
+       $email = mysqli_real_escape_string($con,$_POST["email"]);
-     $password=mysqli_real_escape_string($con,$_POST["password"]);
+       $password = mysqli_real_escape_string($con,$_POST["password"]);
-      $confirmpassword=mysqli_real_escape_string($con,$_POST["confirmpassword"]);
+       $confirmpassword = mysqli_real_escape_string($con,$_POST["confirmpassword"]);
-    $fullname=mysqli_real_escape_string($con,$_POST["fullname"]);
+       $fullname = mysqli_real_escape_string($con,$_POST["fullname"]);
-         $student_id=$_SESSION['user_student_id'];   
+       $student_id = $_SESSION['user_student_id'];   
-    $passport= $_SESSION['user_passport'];
+       $passport =  $_SESSION['user_passport'];
-    $_SESSION['user_fullname']=$fullname;
+       $_SESSION['user_fullname'] = $fullname;
-    $_SESSION['user_type']="Student";
+       $_SESSION['user_type'] = "Student";
-      $_SESSION['user_email']=$email;
+       $_SESSION['user_email'] = $email;
    // check confirmed password
    if ( strcasecmp( $password, $confirmpassword ) != 0 ){
-        $_SESSION['info_signup2']="Incorrect Password confirmation";
+        $_SESSION['info_signup2']="Password confirmation failed.";
-       header("Location: signup.php");
+        header("Location: signup.php");
-       return;
+        return;
    }
-  //  $containsLetter  = preg_match('/[a-zA-Z]/',    $password);
+
-  //  $containsDigit   = preg_match('/\d/',          $password);
+   // validate email
-  //  $containsSpecial = preg_match('/[^a-zA-Z\d]/', $password);
+   if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
-  $upperLetter  = preg_match('@[A-Z]@',    $password);
+      $_SESSION['info_signup2']="Invalid email address.";
-  $smallLetter  = preg_match('@[a-z]@',    $password);
+      header("Location: signup.php");
-  $containsDigit   = preg_match('@[0-9]@', $password);
+      return;
-  $containsSpecial = preg_match('@[^\w]@', $password);
+   }
   $upperLetter  = preg_match('@[A-Z]@',    $password);
   $smallLetter  = preg_match('@[a-z]@',    $password);
   $containsDigit   = preg_match('@[0-9]@', $password);
   $containsSpecial = preg_match('@[^\w]@', $password);
   $containsAll = $upperLetter && $smallLetter && $containsDigit && $containsSpecial;
- // check for strong password
+
-     if($containsAll < 8)
+   // check for strong password
-   {
+   if($containsAll < 8) {
-      $_SESSION['info_signup2']="Password should contain Letters , Numbers and sepcial characters";
+      $_SESSION['info_signup2']="Password must have at least characters that include letters, numbers and sepcial characters.";
-     header("Location: signup.php");
+      header("Location: signup.php");
-     return;
+      return;
    }
   // check if email is taked
     $result = mysqli_query($con,
@ -128,12 +146,12 @@ if (!empty($_POST["frm_signup_1"])) {
            . "('$email','$password_hash','$fullname','Student','$student_id','$passport')";
   if ($con->query($sql) === TRUE) {
-   header("Location: Courses.php"); 
+       header("Location: Courses.php");    
-    
+   } else {
-} else {
+      // echo "Error: " . $sql . "<br>" . $con->error;
-    echo "Error: " . $sql . "<br>" . $con->error;
+      echo "Something really bad happend during sign up.";
   }
 }
 }
@ -142,6 +160,24 @@ if (!empty($_POST["frm_signup_1"])) {
 if (!empty($_POST["frm_login"])) {
  $user=mysqli_real_escape_string($con,$_POST["user"]);
  $is_student_number = 0;
  // Validate student number
  if (is_numeric($user) && strlen($user) != 12) {
     $_SESSION["info_login"] = "Invalid student number:"."$user";
     header("Location: index.php");
     return;       
  }  else {
     $is_student_number = 1;
  }
  if ($is_student_number == 0 && !filter_var($user, FILTER_VALIDATE_EMAIL)) {
     $_SESSION["info_login"] = "Invalid email address: "."$user";
     header("Location: index.php");
     return;       
  }
  $password=mysqli_real_escape_string($con,$_POST["password"]);
  // $hashed_password=hash('sha512', $password); Not necessary in the login
 $result = mysqli_query($con, "SELECT * FROM users_table WHERE (Student_ID='$user') OR (Email='$user')");
@ -149,16 +185,16 @@ if(mysqli_num_rows($result)==0)
 {
     $_SESSION["info_login"]="Inavlid login information.";
-echo $_SESSION["info_login"];
+     echo $_SESSION["info_login"];
-header("Location: index.php");        
+     header("Location: index.php");        
 }
 else 
 { 
     while($row = mysqli_fetch_assoc($result)) {
       //  verify the hashed password and unhashed password
       $sha512pass = hash('sha512', $password); // for backward compatibility.  Old passwords were hashed using SHA512 algorithm.
-       if(password_verify($password, $row["Password"]) or $sha512pass == $row["HashPassword"] or $password == $row["Password"]){
+       if(password_verify($password, $row["Password"]) or $sha512pass == $row["HashPassword"]) {
      $_SESSION['user_id']=$row['User_ID'];
     $_SESSION['user_email']=$row['Email'];
     $_SESSION['user_student_id']=$row['Student_ID'];
@ -205,85 +241,39 @@ header("Location: index.php");
 // ################################ Recover Password  #####################################
 if (!empty($_POST["frm_recover_password"])) {
  $email=mysqli_real_escape_string($con,$_POST["email"]);
  $student_id = mysqli_real_escape_string($con,$_POST["sno"]);
  $email = mysqli_real_escape_string($con,$_POST["email"]);
- $result = mysqli_query($con,
+  // validate student number
-     "SELECT * FROM Users_Table WHERE email='$email'");
+  if (strlen($student_id) != 12  || is_numeric($student_id) == FALSE) {
-if(mysqli_num_rows($result)==0)
+     echo "Invalid student number.";
- {
+     return;       
-     $_SESSION["info_recover_password"]="Email address is not recognised.";
+  }
-
+  // validate email
-echo "Email address was not recognised";
+  if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
-return;
+      echo "Invalid email address.";
-header("Location: recover_password.php");        
+      return;
 }
 else 
 { 
     while($row = mysqli_fetch_assoc($result)) {
      $userid=$row['User_ID'];
     $email=urlencode($row['Email']);
     $pure_email=$row['Email'];
     $id=$row['Student_ID'];
     $token=$userid*$userid*$userid+$userid*0.00343;
    $name=$row['Full_Name'];
 $link="<a href='http://118.25.96.118/nor/Reset_password.php?token=$token&email=$email'>Click Here (点击这里) </a>";
 $msg=urlencode(" <h3>Lab Report Repository System - ZJNU</h3>  <br>  Hi <b>"
 .$name. 
 " </b> Here is your password recovery link , "
 .$link.
 "   to reset your password , <br> please ignore this message if you did not request password recovery.<br><br> <hr><br><br>  
 您好 $name, 这是你的密码恢复链接，点击上面的链接 重置你的密码，
 如果您没有请求密码恢复，请忽略此消息。  <br><br><br><br><br> <small>LRR System by Mohamed Nor. </small><hr>");
 $title=urlencode("Password recovery Request for LRR system - ZJNU ");
 $url="http://sms.samesoftware.com/email/send/?Subject=$title&Body=$msg&ToAddress=$email&token=s1234";
 //$response = file_get_contents($url);
 $ch = curl_init();
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_URL, $url);
    $data = curl_exec($ch);
    if(curl_errno($ch))
    echo 'Curl error: '.curl_error($ch);
 curl_close ($ch); 
 echo $data."<hr>";
 $_SESSION["info_login"]="<br> Please check your Inbox & Junk folders for the recovery email , a reset link was sent to your email <b> $pure_email </b>";
 header("Location: index.php");
     }
    }
  }
-
+  $result = mysqli_query($con, "SELECT * FROM users_table WHERE Email='$email' and Student_ID='$student_id'");
-
+  if(mysqli_num_rows($result)==0)
  {
     $_SESSION["info_recover_password"]="Email address is not recognised.";
     $_SESSION["info_recover_password"] = "Identity not recognized.  Try again or send an inquiry email message to lanhui at zjnu.edu.cn.";
     header("Location: recover_password.php");        
  } else 
  {
     $result = mysqli_query($con, "DELETE FROM users_table WHERE Email='$email' and Student_ID='$student_id'");
     $_SESSION["info_recover_password"] = "<b>Reset done.  Please go to the sign up page and sign up again</b>.";
     header("Location: recover_password.php");
  }
 }
@ -1399,47 +1389,54 @@ header("Location: Course.php?url=".$url);
 //action=passchange&uid=1&pass=1929
-   if (!empty($_GET["action"])) {
+if (!empty($_GET["action"])) {
-	   $action=$_GET["action"];
+    $action=$_GET["action"];
-	    $uid=$_GET["uid"];
+    $uid=$_GET["uid"];
 		 $pass=$_GET["pass"];
 		 $status=$_GET["status"];
-	   if($action=="passchange")
+    $pass = $_GET["pass"];
-	   {
+    $pass = password_hash($pass, PASSWORD_DEFAULT);
 		 $sql= "UPDATE users_table set Password='$pass' where User_ID=$uid;";
   if ($con->query($sql) === TRUE) {
       error_reporting(0);
-       echo "Password has been changed";
+    $status=$_GET["status"];
    // validate uid
    if (intval($uid) < 0) {
       header("Location: index.php");
       return;       
-	    $_SESSION["info_Admin_Users"]=$type." User  Password was Reset to his/her Passport/ID successfully ";
+    }
   header("Location: Admin.php");
                                   }
 	   }
 	   else {
    echo "Error: " . $sql . "<br>" . $con->error;
 }
 	   if($action=="statuschange")
 	   {
 		   $sql= "UPDATE users_table set Status='$status' where User_ID=$uid;";
   if ($con->query($sql) === TRUE) {
-	       $_SESSION["info_Admin_Users"]=$type." user  Status updated successfully ";
+    if($action=="passchange")
-		      header("Location: Admin.php");
+    {
 	 $sql= "UPDATE users_table set Password='$pass' where User_ID=$uid;";
         if ($con->query($sql) === TRUE) {
            error_reporting(0);
            echo "Password has been changed";
            // return;
 	    $_SESSION["infoChangePassword"]=$type." User password was changed successfully.";
            header("Location: index.php");
 	} else {
            // echo "Error: " . $sql . "<br>" . $con->error;
 	    echo "Something really bad happened while changing password.  Contact lanhui at zjnu.edu.cn.  Thanks!";
        }
    }
    if($action=="statuschange")
    {
        $sql= "UPDATE users_table set Status='$status' where User_ID=$uid;";
       if ($con->query($sql) === TRUE) {
           $_SESSION["info_Admin_Users"]=$type." user  Status updated successfully ";
 	   header("Location: Admin.php");
       } else {
          // echo "Error: " . $sql . "<br>" . $con->error;
          echo "Something really bad happened while changing status.  Contact lanhui at zjnu.edu.cn.  Thanks!";	  
       }  	   
   }
-	   }else {
+ }
    echo "Error: " . $sql . "<br>" . $con->error;
 }
   }
--- a/Submissions.php
+++ b/Submissions.php
@ -556,11 +556,11 @@ where course_group_members_table.Course_Group_id=$id");
-<script src="css/jquery-1.11.1.min.js"></script>
+<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-<script src="css/jquery-ui.min.js"></script>
+<script src="https://code.jquery.com/ui/1.11.1/jquery-ui.min.js"></script>
-<link rel="stylesheet" href="css/jquery-ui.css" />
+<link rel="stylesheet" href="https://code.jquery.com/ui/1.11.1/themes/smoothness/jquery-ui.css" />
 <script>
    function mark(id,title,marks) {
@ -626,3 +626,4 @@ Update Visibility<br><select name="status"> <option> Public </option><option>Pri
 }
    </script>
--- a/batch_insert.php
+++ b/batch_insert.php
@ -0,0 +1,55 @@
 <?php
 // Code contributed by Xu Xiaopeng and his team (https://github.com/lanlab-org/LRR/pull/39/files#diff-b69ba96bf0e469383b373e8c9de257c0)
 //数据库信息
 $servername = "localhost";
 $username = "username";
 $password = "password";
 $dbname = "lrr";
 // 创建连接
 $conn = mysqli_connect($servername, $username, $password, $dbname);
 // 检测连接
 if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
 }
 //获得用户名数据
 $source = $_POST['users'];
 //如有多个空格，删除剩一个空格
 $source1 = preg_replace('/\s\s+/', ' ', $source);
 //去除首尾巴的空格
 $source2 = trim($source1);
 //根据空格拆分
 $user = explode(' ', $source2);
 //插入数据
 for($index=0; $index < count($user); $index++) {
    $result = mysqli_query($conn, "SELECT * FROM `students_data` WHERE Student_ID='$user[$index]'");    
    if (mysqli_num_rows($result) < 1) {
 	if (! mysqli_query($conn, "REPLACE INTO `students_data`(`Student_ID`, `Passport_Number`) VALUES('$user[$index]', '')" ) ) {
            echo "SQL Error: " . $sql_stmt . "<br>" . mysqli_error($conn);
 	} else {
 	    echo "<p>Student number $user[$index] added.</p>";
 	}
    } else {
       echo "<p><b>Student number $user[$index] already exists.</b></p>";
    }
 }
 //返回按钮
 echo "</br><input type='button' name='Back' onclick='javascript:history.back(-1);' value=' 返回 '>";
 //释放缓存
 $result->free();
 //中断连接
 mysqli_close($conn);
 ?>
--- a/index.php
+++ b/index.php
@ -40,21 +40,31 @@ Student ID / Email
  Password
 <input type="password" class="form-control"  name="password" placeholder="password">
  <br> 
-  <input type="submit" class="btn btn-primary" value="Login"><br> <a href="recover_password.php" style="font-weight:bold;color:orange">Recover lost password</a>
+  <input type="submit" class="btn btn-primary" value="Login"><br> <a href="recover_password.php" style="font-weight:normal;color:orange">Reset my password</a>
 <?php 
 error_reporting(E_ALL);
 if(isset($_SESSION['info_login'])) {
  echo  '<hr><div class="alert alert-danger" role="alert">'.$_SESSION['info_login'].'</div>';
  $_SESSION['info_login']=null;
 }
 // wrong pass
 if(isset($_SESSION['wrong_pass'])) {
  echo  '<hr><div class="alert alert-danger" role="alert">'.$_SESSION['wrong_pass'].'</div>';
  $_SESSION['wrong_pass']=null;
 }
 if(isset($_SESSION['infoChangePassword'])) {
  echo  '<hr><div class="alert alert-danger" role="alert">'.$_SESSION['infoChangePassword'].'</div>';
  $_SESSION['infoChangePassword']=null;
 }
 ?>
 </form>
@ -67,7 +77,7 @@ if(isset($_SESSION['wrong_pass'])) {
    <br>
-<h4 class="list-group-item active"> Student Sign up </h4>
+<h4 class="list-group-item active"> Student sign up </h4>
 <div class="list-group-item">
 <form method="post" action="Script.php" name="frm_signup_1">
@ -79,7 +89,7 @@ if(isset($_SESSION['wrong_pass'])) {
 Your Passport / National ID
  <input type="text" class="form-control"  name="passport" placeholder="(Optional)">
  <br>
-  <input type="submit" name="frm_signup_1" class="btn btn-primary" value="Next"> <br>
+  <input type="submit" name="frm_signup_1" class="btn btn-primary" value="Next"> <br> Click Next to set up password
 <?php 
 error_reporting(E_ALL);
@ -112,8 +122,7 @@ if(isset($_SESSION['info_signup1'])) {
 <hr>
 <div style="" id="footer">
-Developed by : Mohamed Nor (201825800050)-houzi you can submit your suggestions & bug reports to  mohamednor@qq.com  <small>Last Update : 18/04/2020 by <i>Ashly</i> </small>
+LRRS was originally developed as a <a href="http://lanlab.org/course/2018f/se/homepage.html" style="color:white;">software engineering course project</a> by Mohamed Nor and Elmahdi Houzi.  Please submit your suggestions or bug reports to  lanhui _at_ zjnu.edu.cn.  Last updated on 18/04/2020 by Ashly. <a href="./homepage" style="color:white;">More information ...</a>
 </div>
 </body>
--- a/logout.php
+++ b/logout.php
@ -1,7 +1,5 @@
 <?php
 // Destory sessions & refiret to index
   session_destroy();   
@ -21,4 +19,4 @@ $session_id = session_id();
    unset( $_SESSION['user_type']);
    unset( $_SESSION['user_student_id']);
       unset( $_SESSION['user_fullname']); 
-  header("Location: index.php");
+header("Location: index.php");
--- a/recover_password.php
+++ b/recover_password.php
@ -6,42 +6,42 @@
 * and open the template in the editor.
 */
 include 'Header.php';
 ?>
 <div class="row">
-<div class="col-md-4 list-group" style="margin:auto;">
+  <div class="col-md-4 list-group" style="margin:auto;">
    <br>
 <h4 class="list-group-item active"> Recover lost password </h4>
 <div class="list-group-item">
    <div class="panel-body">
 <form method="post" action="Script.php" >
      <input type="hidden" name="frm_recover_password" value="true"/>
 Email
 <input type="text" name="email" placeholder="Enter your Email" class="form-control" value="<?php echo $_SESSION['user_email']; ?>">
  <br>
-<input type="submit" class="btn btn-primary" value="Recover">
+   
-<br> * You will recieve email with recovery information
+  <h4 class="list-group-item active"> Reset my password </h4>
    <div class="list-group-item">
      <div class="panel-body">
        <form method="post" action="Script.php" >
        <input type="hidden" name="frm_recover_password" value="true"/>
        Student number  <input type="text" name="sno" placeholder="Enter your student number" class="form-control" value="<?php echo $_SESSION['student_number']; ?>">
 	<br/>
        Email  <input type="text" name="email" placeholder="Enter your email address" class="form-control" value="<?php echo $_SESSION['user_email']; ?>">
 	<br/>
        <input type="submit" class="btn btn-primary" value="Recover">
        <br> * You will need to sign up again after you click the above button.
       </form>
     </div>
 </div>
 </div>
 </div>
 <?php
-
+if(isset($_SESSION['info_recover_password'])) {
  echo  '<hr><div class="alert alert-danger" role="alert">'.$_SESSION['info_recover_password'].'</div>';
  $_SESSION['info_recover_password']=null;
 }
 ?>
 </form>
 </div>
 </div>
 </div>
 </div>
 </form>
 </div> 
 </div>
--- a/signup.php
+++ b/signup.php
@ -22,7 +22,7 @@ include 'Header.php';
    <div class="panel-body">
 <form method="post" action="Script.php" >
-      <input type="hidden" value="true"/>
+      <input type="hidden" name="frm_signup_2" value="true"/>
       Full Name
       <input type="text" name="fullname" placeholder="Your Full Name" class="form-control" value="<?php echo $_SESSION['user_fullname']; ?>">
@ -34,7 +34,7 @@ include 'Header.php';
 Confirm Password
 <input type="password" class="form-control"  name="confirmpassword" placeholder="Confirm password">
  <br>
-<input type="submit" name="frm_signup_2" class="btn btn-primary" value="Sign up">
+<input type="submit" class="btn btn-primary" value="Sign up">
 <?php 
--- a/test.php
+++ b/test.php
@ -0,0 +1,61 @@
 <?php
 error_reporting(E_ALL);
 ini_set('display_errors', 'on');
 echo phpversion();
 $hashed_password1 = hash('sha512', '123a');
 $hashed_password2 = hash('sha512', '123a');
 echo "Hash1=".$hashed_password1;
 echo "<hr>Hash2=".$hashed_password2;
 $con=mysqli_connect("localhost","username","password","lrr");
 // Check connection
 if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
 else
 {
 echo "Connected ";
 }
 mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
 $query  = "SELECT * from users_table;";
 $result = mysqli_query($con, $query);
 if (mysqli_num_rows($result) > 0) {
    echo "<table>";
    while ($row = mysqli_fetch_assoc($result)) {
 $id=$row["User_ID"];
 $pass=$row["Password"];
 $hash_pass=hash('sha512', $pass);
 $inner_query  = "update users_table set HashPassword='$hash_pass' where User_ID=$id;";
 if ($con->query($inner_query) === TRUE) { echo " User # $id updated<br>";  }
        //echo "<tr>";
        //echo "<td>{$row['Password']}</td><td>{$row['Email']}</td>";
        //echo "</tr>";
    }
    echo "</table>";
 }