Reset_password.php: add whitespaces around =

fix:fix the Stored XSS
fix:fix the sql injection
2022-10-25 16:33:17 +08:00 · 2022-10-13 19:53:39 +08:00 · 2022-10-12 14:17:50 +08:00 · 2022-10-12 14:17:33 +08:00 · 2022-10-12 14:05:56 +08:00 · 2022-10-12 13:57:35 +08:00
7 changed files with 71 additions and 237 deletions
--- a/Admin.php
+++ b/Admin.php
@ -7,15 +7,14 @@ $page = "admin";
 include 'Header.php';
 ?>

-
 <?php
-// Only Lecturer or Admin could access this page
-if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
-    die("Sorry.  Nothing to see here.");
+if ($_SESSION['user_type'] != "Lecturer") {
+  $_SESSION["info_login"] = "You must log in first.";
+  echo $_SESSION["info_login"];
+  header("Location: index.php");
 }
 ?>

-
 <style>
  .col-md-4 {
    border-right: 1px solid skyblue;
@ -37,21 +36,10 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
        <hr>
    -->
  <div class="col-md-6">
+    <h4> User Account Management </h4>
+    <hr>

-  <?php 
-  if ($_SESSION['user_type'] == "Lecturer") {
-           
-        echo " <h4> TA Account Management </h4> 
-        <hr> " ;
-        echo    "<b>TA Accounts </b><br>" ;
-      }
-  else if($_SESSION['user_type'] == "Admin"){
-        echo " <h4> Lecturer Account Management </h4> 
-        <hr> ";
-        echo "<b>Lecturer Accounts </b><br>";
-    }
-    
-  ?>
+    <b>Lecturer / TA Accounts </b><br>

    <div class="container">

@ -77,45 +65,20 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {

        <div id="home" class="container tab-pane active"><br>

-      <?php 
-        if ($_SESSION['user_type'] == "Lecturer") {
-                
-            echo "<b>Create TA Accounts </b>";
-             
-          }
-        else if($_SESSION['user_type'] == "Admin"){
-           echo "<b>Create Lecturer Accounts </b>";
-          }
-    
-      ?>
+          <b>Create Lecturer/TA Accounts </b>
          <form method="post" action="Script.php" id="create_account_form">
            <input type="hidden" name="frm_createlecturrer" value="true" required="" />
-            Full Name
+            Full_Name
            <input type="text" name="fullname" placeholder="Full Name" class="form-control" required="">
            Email
            <input type="text" name="email" placeholder="Email / Student Number" class="form-control" required="">

-            Passport Number / ID (Used as Initial Password)
+            Passport_Number / ID (Used as Intial Password)
            <input type="text" class="form-control" name="passport" placeholder="Passport No./ID" required="">
            <br> User Type :
-
-          <?php 
-
-              if ($_SESSION['user_type'] == "Lecturer") {
-                      
-                    echo ' <input type="radio" name="type" value="TA" required="" id="role_TA"> TA (Teaching Assistant) ';
-
-                }
-              else if($_SESSION['user_type'] == "Admin"){
-                    
-                    echo " <input type='radio' name = 'type' value = 'Lecturer' required = '' id='role_lecturer' > Lecturer ";
-                  
-                }
-
-            ?>  
-
+            <input type="radio" name="type" value="Lecturer" required="" id="role_lecturer"> Lecturer
+            <input type="radio" name="type" value="TA" required="" id="role_TA"> T/A
            <input type="submit" class="btn btn-primary" value="Create" id="create_btn"><br>
-            
            <?php

            error_reporting(E_ALL);
@ -149,21 +112,10 @@ if ($_SESSION['user_type'] != "Lecturer" && $_SESSION['user_type'] != "Admin") {
            </tr>
            <?php

-          if ($_SESSION['user_type'] == "Lecturer") {
-                                  
-                $result = mysqli_query(
-                  $con,
-                  "SELECT * FROM Users_Table  WHERE UserType in ('TA')"
-                );
-            }
-
-          else if($_SESSION['user_type'] == "Admin"){
-                $result = mysqli_query(
-                  $con,
-                  "SELECT * FROM Users_Table  WHERE UserType in ('Lecturer')"
-                );
-            }
-
+            $result = mysqli_query(
+              $con,
+              "SELECT * FROM Users_Table  WHERE UserType in ('Lecturer','TA')"
+            );
            while ($row = mysqli_fetch_assoc($result)) {
              $pass = $row['Passport_Number'];
              $btn = "<button class='btn-primary' onclick=\"updatePass(" . $row['User_ID'] . ",'$pass')\">Reset</button>";
--- a/Course.php
+++ b/Course.php
@ -57,9 +57,9 @@ if(!empty($_GET["url"]))
    
 <?php
    
-if (isset($_SESSION['info_general'])) {
-    echo '<hr><div class="alert alert-info" role="alert" style="float:left;">' . $_SESSION['info_general'] . '</div>';
-    $_SESSION['info_general']=null;
+if (isset($_SESSION['info_ReMarking'])) {
+    echo '<hr><div class="alert alert-info" role="alert" style="float:left;">' . $_SESSION['info_ReMarking'] . '</div>';
+    $_SESSION['info_ReMarking']=null;
 }
   
 if (isset($_SESSION['info_courses'])) {
@ -529,37 +529,21 @@ course_groups_table.Course_Group_id=course_group_members_table.Course_Group_id W
                $extra3="   <a href='#' class='' onclick='accept($id,0)'>Decline</a></small>"; 
                                
            }
-
-            # Add "delete group" button and allow only group creator to delete it
-            $extra4 = "<button onclick='delete_group($id)' class='btn btn-danger' style='height: 25px; width: 90px; 
-                        line-height: 10px; font-size: 10px'>DELETE GROUP</button>";
-
-            echo "<div  class='btn-default'><small> $name ($status)  $extra  $extra2  $extra3" . 
-            (($status == "Created")? "$extra4": "")
-            ."</small></div>";
+            echo "<div  class='btn-default'><small> $name ($status)  $extra  $extra2  $extra3</small></div>";
                        
            $rs2=mysqli_query($con,"SELECT `ID`, `Course_Group_id`, course_group_members_table.Student_ID, 
                            course_group_members_table.`Status`,users_table.Full_Name FROM `course_group_members_table` 
 INNER JOIN users_table on users_table.Student_ID=course_group_members_table.Student_ID
 where course_group_members_table.Course_Group_id=$id");
-            
-            #Check whether the current user in session is the creator of the group
-            $rs3 = mysqli_query($con, "SELECT `Status` from course_group_members_table where Student_ID = $student_id");
-            $flag = mysqli_fetch_assoc($rs3)['Status'] == "Created";
-
+                        
            while($row = mysqli_fetch_assoc($rs2)) {
                $name=$row['Full_Name'];
                $id=$row['Course_Group_id'];
                $status=$row['Status'];
                $Student_ID=$row['Student_ID'];
                        
-                #Show group members + remove button next to each member except the creator of the group
-                if($flag){
-                    echo "<li><small> $name-$Student_ID ($status)</small>".(($status != "Created")?"<button onclick='remove_member($Student_ID, $id)' 
-                class='btn btn-danger' style='height: 25px; width: 80px; line-height: 10px;'>remove</button>":"")."</li>";
-                }else{
-                    echo "<li><small> $name-$Student_ID ($status)</small>";
-                } 
+                        
+                echo "<li><small> $name-$Student_ID ($status)</small></li>";
                        
            }
                        
@ -704,62 +688,5 @@ function remarking(data)
    window.location.href = data+"&details="+details;
 }
  
-function remove_member(student_id, group_id) {
-    
-    try
-    {
-        
-
-        $('<form id="frm" method="get" action="Script.php"><input type="hidden" name="removemember" value="true">\n\
- <input type="hidden" name="student_id" value="'+student_id+'" > \n\
- <input type="hidden" name="group_id" value="'+group_id+'">\n\
-<input type="hidden" name="url" value="<?php echo $url; ?>"></form>').dialog({
-    modal: true,
-    title:'Remove '+student_id+'?',
-    buttons: {
-        'Confirm': function () {
-            $('#frm').submit();
-	    
-            $(this).dialog('close');
-        },
-        'X': function () {
-	    
-            $(this).dialog('close');
-        }
-	
-    }
-});
-
-    } catch(e){ alert(e); }
-}
-
-function delete_group(id) {
-    
-    try
-    {
-        
-
-        $('<form id="frm" method="get" action="Script.php"><input type="hidden" name="deletegroup" value="true">\n\
- <input type="hidden" name="group_id" value="'+id+'" > \n\
-<input type="hidden" name="url" value="<?php echo $url; ?>"></form>').dialog({
-    modal: true,
-    title:'Delete this group?',
-    buttons: {
-        'Confirm': function () {
-            $('#frm').submit();
-	    
-            $(this).dialog('close');
-        },
-        'X': function () {
-	    
-            $(this).dialog('close');
-        }
-	
-    }
-});
-
-    } catch(e){ alert(e); }
-}
-
 </script>
    
--- a/Courses.php
+++ b/Courses.php
@ -153,14 +153,14 @@ New Date/Time <br><input type="date" name="date" required=""> <input type="time"
                    <input type='hidden' name='course_id' value='<?php echo "$id" ?>' required=''/>
                    <input type='hidden' name='url' value='<?php echo ".$course_url." ?>' required=''/>
           
-                    Deadline Date/Time
+                    Dealine Date/Time
                        <div class='row'> 
                    <div class='col-md-7'><input type='date' id='date' name='deadlinedate' placeholder='' class='form-control' required='' value="<?php echo isset($_GET['act']) && $_GET['act']=="edit" ? $Date : ""; ?>"> </div>
                    <div class='col-md-5'> <input type='text' id='time' class='form-control' name='deadlinetime' value="<?php echo isset($_GET['act']) && $_GET['act']=="edit" ? $Time : ""; ?>"> </div> 
                    </div>

                    Title
-                        <input type='text'  name='title' placeholder='Title' class='form-control' required='' value="<?php echo isset($_GET['act']) && $_GET['act']=="edit" ? $Title : ""; ?>">
+                        <input type='text'  name='title' placeholder='Ttle' class='form-control' required='' value="<?php echo isset($_GET['act']) && $_GET['act']=="edit" ? $Title : ""; ?>">
                    Instructions
                        <textarea  name='instructions' placeholder='Assignment Instructions' class='form-control' required='' ><?php echo isset($_GET['act']) && $_GET['act']=='edit' ? $Instructions : ''; ?></textarea>
                    Marks
@ -181,9 +181,9 @@ New Date/Time <br><input type="date" name="date" required=""> <input type="time"

 <?php
                    if ($Type == "Individual") {
-                        echo "Submission Type  <input type='radio' name='type' value='Individual' checked /> Individual  <input type='radio' name='type' value='Group' /> Group";
+                        echo "Submission Type  <input type='radio' name='type' value='Individual' checked /> Invidual  <input type='radio' name='type' value='Group' /> Group";
                    } else {
-                        echo "Submission Type  <input type='radio' name='type' value='Individual' /> Individual  <input type='radio' name='type' value='Group' checked> Group";
+                        echo "Submission Type  <input type='radio' name='type' value='Individual' /> Invidual  <input type='radio' name='type' value='Group' checked> Group";
                    }		 
                    ?>

@ -213,14 +213,14 @@ New Date/Time <br><input type="date" name="date" required=""> <input type="time"
                    <input type='hidden' name='course_id' value='<?php echo "$id" ?>' required=''/>
                    <input type='hidden' name='url' value='<?php echo ".$course_url." ?>' required=''/>
                     
-                    Deadline Date/Time
+                    Dealine Date/Time
                        <div class='row'> 
                    <div class='col-md-7'><input type='date' id='date' name='deadlinedate' placeholder='' class='form-control' required='' value=""> </div>
                    <div class='col-md-5'> <input type='time' class='form-control' name='deadlinetime' value=""> </div> 
                    </div>

                    Title
-                        <input type='text'  name='title' placeholder='Title' class='form-control' required='' value="">
+                        <input type='text'  name='title' placeholder='Ttle' class='form-control' required='' value="">
                    Instructions
                        <textarea  name='instructions' placeholder='Assignment Instructions' class='form-control' required='' value=""></textarea>
                    Marks
@ -238,7 +238,7 @@ New Date/Time <br><input type="date" name="date" required=""> <input type="time"
                    Attachment 4
                        <input type='file'  name='attachment4' placeholder='Attachment 4' class='form-control' >
                    <br>
-                    Submission Type  <input type='radio' name='type' value='Individual' required=''> Individual
+                    Submission Type  <input type='radio' name='type' value='Individual' required=''> Invidual

                                                <input type='radio' name='type' value='Group' required=''> Group
                    <hr>
--- a/NoDirectPhpAcess.php
+++ b/NoDirectPhpAcess.php
@ -2,6 +2,6 @@
    // https://stackoverflow.com/questions/33999475/prevent-direct-url-access-to-php-file
    if (!isset($_SERVER['HTTP_REFERER']) ) {
        /* choose the appropriate page to redirect users */
-        die( header( 'location: logout.php' ) );
+        die( header( 'location: index.php' ) );
    }
 ?>
--- a/README.md
+++ b/README.md
@ -18,17 +18,15 @@ Our mission is to make the experience of submitting assignments great for tens o
 # Installation Instructions


-## Hui steps
+## Hui's steps

 I spent about two hours installing LRR to a bare, remote Ubuntu server (Ubuntu 20.04 LTS).

-LRR needs Apache and MySQL to run.  I followed [How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-20-04) to set up these server applications.  [How to install and configure PHP](https://ubuntu.com/server/docs/programming-php) is also a good guide.
+LRR needs Apache and MySQL to run.  I followed [How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-20-04) to set up these server applications.

-LRR uses a database called `lrr`.  So create this database using MySQL root account.  Open MySQL's prompt using `sudo mysql`.  Create the database using command `CREATE DATABASE lrr;`, and grant all privileges to MySQL user `lrr` using command `GRANT ALL PRIVILEGES ON lrr.* TO 'mnc'@'localhost' WITH GRANT OPTION;`.   If MySQL user mnc does not exist, create it using command `CREATE USER 'mnc'@'localhost' IDENTIFIED BY 'password'`.
-
-To facilitate data migration, I need to export the existing `lrr` to a plain text file (including many sql commands) and import that text file to the newly created `lrr` database on the new server.
-The command for exporting the database is `mysqldump -u mnc -p lrr > lrr_database_dump.txt`, where mnc after -u is MySQL's username, and lrr after -p is the database name.
-The command for importing is `mysql -u mnc -p lrr < lrr_database_dump.txt`.  Read [How to Import and Export MySQL Databases in Linux](https://phoenixnap.com/kb/import-and-export-mysql-database) for more detail. Do not have lrr_database_dump.txt?  You can use lrr_database.sql in this repo instead.
+LRR uses a database called `lrr`.  I need to export the existing `lrr` to a plain text file (including many sql commands) and import that text file to the newly created `lrr` database on the new server.
+The command for exporting the database is `mysqldump -u mnc -p lrr > lrr_database_dump.txt`.
+The command for importing is `mysql -u mnc -p lrr < lrr_database_dump.txt`.  Read [How to Import and Export MySQL Databases in Linux](https://phoenixnap.com/kb/import-and-export-mysql-database) for more detail.

 LRR also needs to store assignment submissions.  We store them in a folder called `../../lrr_submission`.  Note that `lrr_submission` is two levels above the project folder (where many PHP files reside).  I copied this folder from the existing one.  I think it is also OK if you create an empty folder.   
 We need to set a proper owner and accessibility for `lrr_submission` using the following two commands:
@ -51,7 +49,7 @@ Enable the site lrr: `sudo a2ensite lrr`.  Restart the apache server: `sudo syst
 Visit the LRR application by entering this URL in a web browser: http://121.4.94.30/.


-## Enock steps
+## Enock's steps

 Enock, a graduate student here, has made a tutorial about how he deployed LRR to a remote server (http://lanlab.org/course/2021s/spm/PuTTY-Server.txt).

--- a/Script.php
+++ b/Script.php
@ -57,14 +57,14 @@ if (!empty($_POST["form_signup"])) {

    $student_result = mysqli_query($con, "SELECT * FROM `users_table` WHERE Student_ID='$student_id'");
    if (mysqli_num_rows($student_result) > 0) {
-        $_SESSION["info_signup"] = "This Student ID is already in use! Please contact Student Management Office <lanhui at zjnu.edu.cn> for help.";
+        $_SESSION["info_signup"] = "This Student ID is already in use! Please contact Student Management Office <lanhui at zjnu.edu.cn> for help.";        
        header("Location: signup.php");
        return;
    }
 }

 // ############################### CREATE STUDENT USER ##################################
-if (!empty($_POST["form_signup"])) {
+if (!empty($_POST["form_signup"])) {    
    $fullname = mysqli_real_escape_string($con, $_POST["fullname"]);
    $student_id = mysqli_real_escape_string($con, $_POST["user_student_id"]);
    $email = mysqli_real_escape_string($con, $_POST["email"]);
@ -98,15 +98,16 @@ if (!empty($_POST["form_signup"])) {

    // check for strong password
    if (!$containsAll) {
-        $_SESSION['info_signup'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and special characters (e.g., !?.,*^).";
+        $_SESSION['info_signup'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and sepcial characters (e.g., !?.,*^).";
        header("Location: signup.php");
        return;
    }

    // check if email is taken
    $result = mysqli_query($con, "SELECT * FROM users_table WHERE email='$email'");
-    if (mysqli_num_rows($result) != 0) {
-        $_SESSION["info_signup"] = "Email address " . $email . "  is already in use.";
+    if(mysqli_num_rows($result) != 0)
+    {
+        $_SESSION["info_signup"]="Email address ".$email."  is already in use.";
        $_SESSION['user_fullname'] = null;
        header("Location: signup.php");
        return;
@ -146,7 +147,7 @@ if (!empty($_POST["frm_login"])) {
    $password = mysqli_real_escape_string($con, $_POST["password"]);
    $result = mysqli_query($con, "SELECT * FROM users_table WHERE (Student_ID='$user') OR (Email='$user')");
    if (mysqli_num_rows($result) == 0) {
-        $_SESSION["info_login"] = "Invalid user name information.";
+        $_SESSION["info_login"] = "Inavlid user name information.";
        echo $_SESSION["info_login"];
        header("Location: index.php");
    } else {
@ -195,6 +196,7 @@ if (!empty($_POST["frm_recover_password"])) {
    // validate student number
    if (strlen($student_id) != 12  || is_numeric($student_id) == FALSE) {
        $_SESSION["info_recover_password"] = "Invalid student number.";
+        #echo "Invalid student number.";
        header("Location: recover_password.php");
        return;
    }
@ -270,20 +272,18 @@ if (!empty($_POST["frm_createlecturrer"])) {
    $type = mysqli_real_escape_string($con, $_POST["type"]);
    $password = mysqli_real_escape_string($con, $_POST["passport"]);
    // check if email is taken
-    $result = mysqli_query(
-        $con,
-        "SELECT * FROM Users_Table WHERE email='$email'"
-    );
-    if (mysqli_num_rows($result) != 0) {
-        $_SESSION["info_Admin_Users"] = "Email address : " . $email . " is already in use.";
-        header("Location: Admin.php");
+    $result = mysqli_query($con,
+                           "SELECT * FROM Users_Table WHERE email='$email'");
+    if(mysqli_num_rows($result)!=0)
+    {
+        $_SESSION["info_Admin_Users"]="Email address : ".$email." is already in use.";
+        header("Location: Admin.php");        
    }
-    $password_hash = password_hash("$password", PASSWORD_DEFAULT);
-    $sql = "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`) VALUES "
-        . "('$email','$password_hash','$fullname','$type')";
+    $sql= "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`) VALUES "
+        . "('$email','$password','$fullname','$type')";

    if ($con->query($sql) === TRUE) {
-        $_SESSION["info_Admin_Users"] = $type . " user created successfully. Use email " . $email . " as account name and $password as password.";
+        $_SESSION["info_Admin_Users"] = $type . " user Created successfully : email " . $email . " and $password as Password.";
        header("Location: Admin.php");
    } else {
        echo "Error: " . $sql . "<br>" . $con->error;
@ -692,7 +692,7 @@ if (!empty($_GET["remarking"])) {

    if ($con->query($sql) === TRUE) {

-        $_SESSION["info_general"] = "Remarking Request Sent";
+        $_SESSION["info_ReMarking"] = "Remarking Request Sent";
        header("Location: Course.php?url=" . $url);
    } else {
        echo "Error: " . $sql . "<br>" . $con->error;
@ -721,7 +721,7 @@ if (!empty($_GET["creategroup"])) {
        $sql = "INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`) 
                          VALUES ('$gid','$student_id','Created')";
        if ($con->query($sql) === TRUE) {
-            $_SESSION["info_general"] = "Course group Created";
+            $_SESSION["info_ReMarking"] = "Course group Created";
            header("Location: Course.php?url=" . $url);
        } else {
            echo "Error: " . $sql . "<br>" . $con->error;
@ -739,21 +739,14 @@ if (!empty($_GET["groupinvite"])) {
    $url = mysqli_real_escape_string($con, $_GET["url"]);
    $courseid = mysqli_real_escape_string($con, $_GET["courseid"]);
    $groupid = mysqli_real_escape_string($con, $_GET["groupid"]);
-    $student = mysqli_query($con, "SELECT * FROM students_data WHERE Student_ID = '$student_id'  ");

-    if (mysqli_num_rows($student) > 0) {
-
-        $result = mysqli_query($con, "SELECT * FROM course_group_members_table where Course_Group_id = '$groupid' and Student_ID = '$student_id'");
-        if (mysqli_num_rows($result) > 0) {
-            $_SESSION["info_general"] = $student_id . " has already been invited.";
-            header("Location: Course.php?url=" . $url);
-        } else {
-            $sql = "INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`)
-                        VALUES ('$groupid','$student_id','Invited')";
-        }
-    } else {
-        $_SESSION["info_general"] = $student_id . " is an invalid student number.";
+    $result = mysqli_query($con, "SELECT * FROM course_group_members_table where Course_Group_id = '$groupid' and Student_ID = '$student_id'");
+    if (mysqli_num_rows($result) > 0) {
+        $_SESSION["info_ReMarking"] = $student_id . " has already been invited";
        header("Location: Course.php?url=" . $url);
+    } else {
+        $sql = "INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`)
+                      VALUES ('$groupid','$student_id','Invited')";
    }

    if ($con->query($sql) === TRUE) {
@ -771,26 +764,26 @@ if (!empty($_GET["groupinvite"])) {

            if ($Group_Member == '0') {
                mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'");
-                $_SESSION["info_general"] = $student_id . " was invited to the group.";
+                $_SESSION["info_ReMarking"] = $student_id . " was invited to the group";
                header("Location: Course.php?url=" . $url);
            } elseif ($Group_Member2 == '0') {
                mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member2` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'");
-                $_SESSION["info_general"] = $student_id . " was invited to the group.";
+                $_SESSION["info_ReMarking"] = $student_id . " was invited to the group";
                header("Location: Course.php?url=" . $url);
            } elseif ($Group_Member3 == '0') {
                mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member3` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'");
-                $_SESSION["info_general"] = $student_id . " was invited to the group.";
+                $_SESSION["info_ReMarking"] = $student_id . " was invited to the group";
                header("Location: Course.php?url=" . $url);
            } elseif ($Group_Member4 == '0') {
                mysqli_query($con, "UPDATE `course_groups_table` SET `Group_Member4` = ('" . $student_id . "') WHERE `course_groups_table`.`Course_Group_id` = '$groupid'");
-                $_SESSION["info_general"] = $student_id . " was invited to the group.";
+                $_SESSION["info_ReMarking"] = $student_id . " was invited to the group";
                header("Location: Course.php?url=" . $url);
            } else {
-                $_SESSION["info_general"] = " You cannot add any more members";
+                $_SESSION["info_ReMarking"] = " You cant add any more members";
                header("Location: Course.php?url=" . $url);
            }
        }
-        $_SESSION["info_general"] = $student_id . " was invited to the group.";
+        $_SESSION["info_ReMarking"] = $student_id . " was invited to the group";
        header("Location: Course.php?url=" . $url);
    } else {
        echo "Error: " . $sql . "<br>" . $con->error;
@ -815,43 +808,7 @@ if (!empty($_GET["acceptinvite"])) {
    }

    if ($con->query($sql) === TRUE) {
-        $_SESSION["info_general"] = " Group Invite Updated";
-        header("Location: Course.php?url=" . $url);
-    } else {
-        echo "Error: " . $sql . "<br>" . $con->error;
-    }
-}
-
-#Remove a member from group
-
-if (!empty($_GET["removemember"])) {
-
-    $student_id = mysqli_real_escape_string($con, $_GET["student_id"]);
-    $group_id = mysqli_real_escape_string($con, $_GET["group_id"]);
-    $url = mysqli_real_escape_string($con, $_GET["url"]);
-
-    $sql = "Delete from  `course_group_members_table`  where  student_id=$student_id and Course_Group_id=$group_id";
-
-    if ($con->query($sql) === TRUE) {
-        $_SESSION["info_general"] = " Member " . $student_id . " removed from the group";
-        header("Location: Course.php?url=" . $url);
-    } else {
-        echo "Error: " . $sql . "<br>" . $con->error;
-    }
-}
-
-#Delete a whole group
-
-if (!empty($_GET["deletegroup"])) {
-
-    $group_id = mysqli_real_escape_string($con, $_GET["group_id"]);
-    $url = mysqli_real_escape_string($con, $_GET["url"]);
-
-    $sql1 = "Delete from  `course_group_members_table`  where  Course_Group_id=$group_id";
-    $sql2 = "Delete from `course_groups_table` where Course_Group_id=$group_id";
-
-    if ($con->query($sql1) === TRUE && $con->query($sql2) === TRUE) {
-        $_SESSION["info_general"] = " Group has been deleted successfully. ";
+        $_SESSION["info_ReMarking"] = " Group Invite Updated";
        header("Location: Course.php?url=" . $url);
    } else {
        echo "Error: " . $sql . "<br>" . $con->error;
@ -1091,7 +1048,7 @@ WHERE lab_report_submissions.Lab_Report_ID='$lab'";
    }

    header("Content-type: application/octet-stream");
-    header("Content-Disposition: attachment; filename=$lab_name Grade Sheet.xls");
+    header("Content-Disposition: attachment; filename=$lab_name Garde Sheet.xls");
    header("Pragma: no-cache");
    header("Expires: 0");
    print "$header\n$data";
--- a/Student.php
+++ b/Student.php
@ -9,7 +9,7 @@ include 'Header.php';
 <div class="row" style="width:80%;margin:auto;">

    <div class="col-md-6">
-        <h1> Student Account Created. Now you can Browse Course Portals </h1>
+        <h1> STUEDNT Account Created , Now you can Browse Course Portals </h1>
    </div>

 </div>
Author	SHA1	Message	Date
Hui Lan	94ca1c51b3	Reset_password.php: add whitespaces around =	2022-10-25 16:33:17 +08:00
徐宣	308df1617c	fix:fix the Stored XSS	2022-10-13 19:53:39 +08:00
徐宣	e8a181d795	fix:fix the sql injection	2022-10-12 14:17:50 +08:00
徐宣	38551c4174	fix:fix the sql injection	2022-10-12 14:17:33 +08:00
徐宣	4bf8d8d970	fix:修复了xss漏洞	2022-10-12 14:05:56 +08:00
徐宣	6e07ddc94c	fix:修复了任意文件读取漏洞	2022-10-12 13:57:35 +08:00