From f3ef8d8e5cf32e7800c685e3efc0d347403624d2 Mon Sep 17 00:00:00 2001
From: newtechAI <newtech7j@gmail.com>
Date: Wed, 6 Dec 2023 02:40:34 +0100
Subject: [PATCH] Fix Bug352

---
 Script.php | 62 +++++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 57 insertions(+), 5 deletions(-)

diff --git a/Script.php b/Script.php
index f664eee..16df7d3 100644
--- a/Script.php
+++ b/Script.php
@@ -1,7 +1,19 @@
 <?php
 include 'NoDirectPhpAcess.php';
+function downloadFile($filename)
+{
+
+        $file_url = './acounts/' . $filename.'.txt';
+        header('content-type: text/plain');
+        header('Cache-Control: no-cache, must-revalidate');
+        header('Content-Disposition: attachment; filename=' . basename($file_url));
+        readfile($file_url);
+        header("Refresh: 5");
+
+}
 ?>
 
+
 <?php
 
 /* 
@@ -12,9 +24,18 @@ session_start();
 
 date_default_timezone_set('Asia/Shanghai');
 
+
 // Connect to MySQL database
-include "get_mysql_credentials.php";
-$con = mysqli_connect("localhost",  $mysql_username, $mysql_password, "lrr");
+$mysql_host= "localhost";
+$mysql_username = "root";
+$mysql_password = "";
+$mysql_db = "lrr";
+
+// $mysql_username, $mysql_password variable declared directly
+$con= mysqli_connect($mysql_host,$mysql_username,$mysql_password,$mysql_db);
+//$con = mysqli_connect("localhost",  "root", "", "lrr");
+
+
 
 // Check connection
 if (mysqli_connect_errno()) {
@@ -264,11 +285,19 @@ if (!empty($_POST["form_reset_password"])) {
 }
 
 // ############################### CREATE Lecturer/TA USER ##################################
-if (!empty($_POST["form_createlecturrer"])) {
+if (!empty($_POST["form_createlecturrer"])){
     $email = mysqli_real_escape_string($con, $_POST["email"]);
     $fullname = mysqli_real_escape_string($con, $_POST["fullname"]);
     $type = mysqli_real_escape_string($con, $_POST["type"]);
     $password = mysqli_real_escape_string($con, $_POST["passport"]);
+    $pass_len=strlen($password);
+   if ($pass_len==0) {
+       $password = generateStrongPassword();
+
+   }
+
+
+//    $passport_no=$password;
     // check if email is taken
     $result = mysqli_query(
         $con,
@@ -277,17 +306,40 @@ if (!empty($_POST["form_createlecturrer"])) {
     if (mysqli_num_rows($result) != 0) {
         $_SESSION["info_Admin_Users"] = "Email address : " . $email . " is already in use.";
         header("Location: Admin.php");
+        exit;
+       // header( "refresh:5;url=Admin.php" );
+
     }
     $password_hash = password_hash("$password", PASSWORD_DEFAULT);
     $sql = "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`) VALUES "
         . "('$email','$password_hash','$fullname','$type')";
 
     if ($con->query($sql) === TRUE) {
-        $_SESSION["info_Admin_Users"] = $type . " user created successfully. Use email " . $email . " as account name and $password as password.";
+       // $file_name = $email.'.txt';
+        $_SESSION["info_Admin_Users"] = $type . " user created successfully. Use email " . $email . " as account name and ". $password ." as password.";
+       // file_put_contents('./acounts/'.$file_name,  $_SESSION["info_Admin_Users"]);
+        //downloadFile($email);
         header("Location: Admin.php");
+
     } else {
-        echo "Error: " . $sql . "<br>" . $con->error;
+      alert("Error: " . $sql . "<br>" . $con->error);
     }
+
+}
+
+// ### FUNCTION TO GENERATE INITIAL PASSWORDS ###//
+function generateStrongPassword() {
+
+    $characters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_';
+    $password_length = 12;
+    $gen_password = '';
+    for ($i = 0; $i < $password_length; $i++) {
+        $random_index = mt_rand(0, strlen($characters) - 1);
+        $gen_password .= $characters[$random_index];
+    }
+
+    // Return the generated password
+    return $gen_password;
 }
 
 // #### FUNCTION CHECK FILE TYPES ////