3 changed files with 6 additions and 84 deletions
--- a/Script.php
+++ b/Script.php
@ -76,17 +76,9 @@ if (!empty($_POST["form_signup"])) {
        return;
    }
    $_SESSION['user_fullname'] = $_POST["fullname"];
    $_SESSION['user_fullname_temp'] = $_POST["fullname"];
    $_SESSION['user_email'] = $_POST["email"];
    $_SESSION['user_student_id_temp'] = $_POST["user_student_id"];
    // validate student number
    if (!is_valid_student_number($student_id)) {
        $_SESSION["info_signup"] = "Invalid student number.";
        $_SESSION['user_fullname'] = null;
        header("Location: signup.php");
        return;
    }
@ -95,10 +87,6 @@ if (!empty($_POST["form_signup"])) {
    $result = mysqli_query($con, "SELECT * FROM `students_data` WHERE Student_ID='$student_id'");
    if (mysqli_num_rows($result) == 0) {
        $_SESSION["info_signup"] = "Your entered student number could not be verified.  Please contact Student Management Office <lanhui at zjnu.edu.cn>.  Thanks.";
          $_SESSION['user_fullname'] = null;
        header("Location: signup.php");
        return;
    }
@ -109,7 +97,6 @@ if (!empty($_POST["form_signup"])) {
    $student_result = mysqli_query($con, "SELECT * FROM `users_table` WHERE Student_ID='$student_id'");
    if (mysqli_num_rows($student_result) > 0) {
        $_SESSION["info_signup"] = "This Student ID is already in use! Please contact Student Management Office <lanhui at zjnu.edu.cn> for help.";
        $_SESSION['user_fullname'] = null;
        header("Location: signup.php");
        return;
    }
@ -119,56 +106,7 @@ if (!empty($_POST["form_signup"])) {
 if (!empty($_POST["form_signup"])) {
    $fullname = mysqli_real_escape_string($con, $_POST["fullname"]);
    $student_id = mysqli_real_escape_string($con, $_POST["user_student_id"]);
-
+    $_SESSION['user_fullname'] = $fullname;
    $email = mysqli_real_escape_string($con, $_POST["email"]);
    $password = mysqli_real_escape_string($con, $_POST["password"]);
    $confirmpassword = mysqli_real_escape_string($con, $_POST["confirmpassword"]);
    $_SESSION['user_student_id'] = $_POST["student_id"];
    $_SESSION['user_type'] = "Student";
    // check confirmed password
    if (strcasecmp($password, $confirmpassword) != 0) {
        $_SESSION['info_signup'] = "Password confirmation failed.";
        $_SESSION['user_fullname'] = null;  // such that Header.php do not show the header information.        
        header("Location: signup.php");
        return;
    }
    // validate email
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $_SESSION['info_signup'] = "Invalid email address.";
        $_SESSION['user_fullname'] = null;
        header("Location: signup.php");
        return;
    }
    $upperLetter     = preg_match('@[A-Z]@',    $password);
    $smallLetter     = preg_match('@[a-z]@',    $password);
    $containsDigit   = preg_match('@[0-9]@',    $password);
    $containsSpecial = preg_match('@[^\w]@',    $password);
    $containsAll = $upperLetter && $smallLetter && $containsDigit && $containsSpecial;
    // check for strong password
    if (!$containsAll) {
        $_SESSION['info_signup'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and special characters (e.g., !?.,*^).";
        $_SESSION['user_fullname'] = null;
        header("Location: signup.php");
        return;
    }
    // check if email is taken
    $result = mysqli_query($con, "SELECT * FROM users_table WHERE email='$email'");
    if (mysqli_num_rows($result) != 0) {
        $_SESSION["info_signup"] = "Email address " . $email . "  is already in use.";
        $_SESSION['user_fullname'] = null;
        header("Location: signup.php");
        return;
    }
    $_SESSION['user_type'] = "Student";
    $_SESSION['user_email'] = $email;
    $_SESSION['user_student_id'] = $student_id;
@ -177,9 +115,6 @@ if (!empty($_POST["form_signup"])) {
    $password_hash = password_hash($password, PASSWORD_DEFAULT);
    $sql = "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`, `Student_ID`) VALUES "
        . "('$email','$password_hash','$fullname','Student','$student_id')";
    $_SESSION['user_fullname'] =$_SESSION['user_fullname_temp'];
    if ($con->query($sql) === TRUE) {
        header("Location: Courses.php");
@ -195,15 +130,11 @@ if (!empty($_POST["form_login"])) {
    $user = mysqli_real_escape_string($con, $_POST["user"]); // user could be a 12-digit student number or an email address
    $is_student_number = 0;
    $_SESSION["failed_login_user"] = $user;  // Save the entered username in a session variable
    echo "Failed login user: " . $_SESSION["failed_login_user"];
    // Validate student number
    if (is_valid_student_number($user)) {
        $is_student_number = 1;
    }
    // Validate email address if what provided is not a student number
    if (!$is_student_number && !filter_var($user, FILTER_VALIDATE_EMAIL)) {
        $_SESSION["info_login"] = "Invalid email address: " . "$user";
@ -245,19 +176,10 @@ if (!empty($_POST["form_login"])) {
                    header("Location: Admin.php");
                }
                //  report wrong pass if not correct
-                return;
+            } else {
            }  else {
                $_SESSION["wrong_pass"] = "Wrong Password.";
                echo $_SESSION["wrong_pass"];  // Optional: Display the error message for debugging
                header("Location: index.php");
                exit();  // Add this line to prevent further execution after redirect
            }
            // Add the following line to reset the session variable when needed
            unset($_SESSION["failed_login_user"]);
        }
    }
 }
--- a/index.php
+++ b/index.php
@ -30,7 +30,7 @@ if (isset($_SESSION["user_fullname"])) {
 		<legend>Sign in</legend>
 		<input type="hidden" name="form_login" value="true"/>
 		<label for="user_name" class="form-label">Account name</label>
-		<input type="text" name="user" placeholder="Student Number / Email address" class="form-control" required="required" id="user_name" value="<?php echo isset($_SESSION['failed_login_user']) ? htmlspecialchars($_SESSION['failed_login_user']) : ''; ?>" />
+		<input type="text" name="user" placeholder="Student Number / Email address" class="form-control" required="required" id="user_name" />
 		<br>
 		<label for="user_password" class="form-label">Password</label>
 		<input type="password" class="form-control"  name="password" placeholder="password" required="required" id="user_password" />
--- a/signup.php
+++ b/signup.php
@ -22,10 +22,10 @@ include 'Header.php';
 		<input type="hidden" name="form_signup" value="true" />
 		Full Name
-		<input type="text" name="fullname" placeholder="Your full name" class="form-control" value="<?php echo isset($_SESSION['user_fullname_temp']) ? $_SESSION['user_fullname_temp'] : ''; ?>" required="required" id="full_name"/> <br>
+		<input type="text" name="fullname" placeholder="Your full name" class="form-control" value="<?php echo $_SESSION['user_fullname']; ?>" required="required" id="full_name"/> <br>
-		
+
 		Student ID
-		<input type="text" name="user_student_id" placeholder="Entre your student ID" class="form-control" value="<?php  echo isset($_SESSION['user_student_id_1']) ? $_SESSION['user_student_id_temp'] : ''; ?>" required="required" id="student_id"> <br>
+		<input type="text" name="user_student_id" placeholder="Entre your student ID" class="form-control" value="<?php echo $_SESSION['user_student_id']; ?>" required="required" id="student_id"> <br>
 		Email
 		<input type="text" name="email" placeholder="Email" class="form-control" value="<?php echo $_SESSION['user_email']; ?>" required="required" id="email" /> <br>