Fix Bug352
parent
ef87c1248f
commit
f3ef8d8e5c
62
Script.php
62
Script.php
|
|
@ -1,7 +1,19 @@
|
||||||
<?php
|
<?php
|
||||||
include 'NoDirectPhpAcess.php';
|
include 'NoDirectPhpAcess.php';
|
||||||
|
function downloadFile($filename)
|
||||||
|
{
|
||||||
|
|
||||||
|
$file_url = './acounts/' . $filename.'.txt';
|
||||||
|
header('content-type: text/plain');
|
||||||
|
header('Cache-Control: no-cache, must-revalidate');
|
||||||
|
header('Content-Disposition: attachment; filename=' . basename($file_url));
|
||||||
|
readfile($file_url);
|
||||||
|
header("Refresh: 5");
|
||||||
|
|
||||||
|
}
|
||||||
?>
|
?>
|
||||||
|
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
@ -12,9 +24,18 @@ session_start();
|
||||||
|
|
||||||
date_default_timezone_set('Asia/Shanghai');
|
date_default_timezone_set('Asia/Shanghai');
|
||||||
|
|
||||||
|
|
||||||
// Connect to MySQL database
|
// Connect to MySQL database
|
||||||
include "get_mysql_credentials.php";
|
$mysql_host= "localhost";
|
||||||
$con = mysqli_connect("localhost", $mysql_username, $mysql_password, "lrr");
|
$mysql_username = "root";
|
||||||
|
$mysql_password = "";
|
||||||
|
$mysql_db = "lrr";
|
||||||
|
|
||||||
|
// $mysql_username, $mysql_password variable declared directly
|
||||||
|
$con= mysqli_connect($mysql_host,$mysql_username,$mysql_password,$mysql_db);
|
||||||
|
//$con = mysqli_connect("localhost", "root", "", "lrr");
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
// Check connection
|
// Check connection
|
||||||
if (mysqli_connect_errno()) {
|
if (mysqli_connect_errno()) {
|
||||||
|
|
@ -264,11 +285,19 @@ if (!empty($_POST["form_reset_password"])) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// ############################### CREATE Lecturer/TA USER ##################################
|
// ############################### CREATE Lecturer/TA USER ##################################
|
||||||
if (!empty($_POST["form_createlecturrer"])) {
|
if (!empty($_POST["form_createlecturrer"])){
|
||||||
$email = mysqli_real_escape_string($con, $_POST["email"]);
|
$email = mysqli_real_escape_string($con, $_POST["email"]);
|
||||||
$fullname = mysqli_real_escape_string($con, $_POST["fullname"]);
|
$fullname = mysqli_real_escape_string($con, $_POST["fullname"]);
|
||||||
$type = mysqli_real_escape_string($con, $_POST["type"]);
|
$type = mysqli_real_escape_string($con, $_POST["type"]);
|
||||||
$password = mysqli_real_escape_string($con, $_POST["passport"]);
|
$password = mysqli_real_escape_string($con, $_POST["passport"]);
|
||||||
|
$pass_len=strlen($password);
|
||||||
|
if ($pass_len==0) {
|
||||||
|
$password = generateStrongPassword();
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// $passport_no=$password;
|
||||||
// check if email is taken
|
// check if email is taken
|
||||||
$result = mysqli_query(
|
$result = mysqli_query(
|
||||||
$con,
|
$con,
|
||||||
|
|
@ -277,17 +306,40 @@ if (!empty($_POST["form_createlecturrer"])) {
|
||||||
if (mysqli_num_rows($result) != 0) {
|
if (mysqli_num_rows($result) != 0) {
|
||||||
$_SESSION["info_Admin_Users"] = "Email address : " . $email . " is already in use.";
|
$_SESSION["info_Admin_Users"] = "Email address : " . $email . " is already in use.";
|
||||||
header("Location: Admin.php");
|
header("Location: Admin.php");
|
||||||
|
exit;
|
||||||
|
// header( "refresh:5;url=Admin.php" );
|
||||||
|
|
||||||
}
|
}
|
||||||
$password_hash = password_hash("$password", PASSWORD_DEFAULT);
|
$password_hash = password_hash("$password", PASSWORD_DEFAULT);
|
||||||
$sql = "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`) VALUES "
|
$sql = "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`) VALUES "
|
||||||
. "('$email','$password_hash','$fullname','$type')";
|
. "('$email','$password_hash','$fullname','$type')";
|
||||||
|
|
||||||
if ($con->query($sql) === TRUE) {
|
if ($con->query($sql) === TRUE) {
|
||||||
$_SESSION["info_Admin_Users"] = $type . " user created successfully. Use email " . $email . " as account name and $password as password.";
|
// $file_name = $email.'.txt';
|
||||||
|
$_SESSION["info_Admin_Users"] = $type . " user created successfully. Use email " . $email . " as account name and ". $password ." as password.";
|
||||||
|
// file_put_contents('./acounts/'.$file_name, $_SESSION["info_Admin_Users"]);
|
||||||
|
//downloadFile($email);
|
||||||
header("Location: Admin.php");
|
header("Location: Admin.php");
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
echo "Error: " . $sql . "<br>" . $con->error;
|
alert("Error: " . $sql . "<br>" . $con->error);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
// ### FUNCTION TO GENERATE INITIAL PASSWORDS ###//
|
||||||
|
function generateStrongPassword() {
|
||||||
|
|
||||||
|
$characters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_';
|
||||||
|
$password_length = 12;
|
||||||
|
$gen_password = '';
|
||||||
|
for ($i = 0; $i < $password_length; $i++) {
|
||||||
|
$random_index = mt_rand(0, strlen($characters) - 1);
|
||||||
|
$gen_password .= $characters[$random_index];
|
||||||
|
}
|
||||||
|
|
||||||
|
// Return the generated password
|
||||||
|
return $gen_password;
|
||||||
}
|
}
|
||||||
|
|
||||||
// #### FUNCTION CHECK FILE TYPES ////
|
// #### FUNCTION CHECK FILE TYPES ////
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue