From adc9daef98c2d0d49fa1cda298f4f7db5789ca7d Mon Sep 17 00:00:00 2001
From: Eden <edusolsolomonj123@gmail.com>
Date: Wed, 27 Dec 2023 03:15:49 +0800
Subject: [PATCH 1/2] Fix Bug 430

---
 Script.php | 42 +++++++++++++++++++++++++++++++++++++-----
 index.php  |  2 +-
 signup.php |  6 +++---
 3 files changed, 41 insertions(+), 9 deletions(-)

diff --git a/Script.php b/Script.php
index f664eee..4c3b76c 100644
--- a/Script.php
+++ b/Script.php
@@ -37,9 +37,17 @@ function is_valid_student_number($student_id)
 if (!empty($_POST["form_signup"])) {
     $student_id = trim(mysqli_real_escape_string($con, $_POST["user_student_id"]));
 
+    $_SESSION['user_fullname'] = $_POST["fullname"];
+    $_SESSION['user_fullname_temp'] = $_POST["fullname"];
+    $_SESSION['user_email'] = $_POST["email"];
+    $_SESSION['user_student_id_temp'] = $_POST["user_student_id"];
+   
+
+
     // validate student number
     if (!is_valid_student_number($student_id)) {
         $_SESSION["info_signup"] = "Invalid student number.";
+        $_SESSION['user_fullname'] = null;
         header("Location: signup.php");
         return;
     }
@@ -48,6 +56,10 @@ if (!empty($_POST["form_signup"])) {
     $result = mysqli_query($con, "SELECT * FROM `students_data` WHERE Student_ID='$student_id'");
     if (mysqli_num_rows($result) == 0) {
         $_SESSION["info_signup"] = "Your entered student number could not be verified.  Please contact Student Management Office <lanhui at zjnu.edu.cn>.  Thanks.";
+          $_SESSION['user_fullname'] = null;
+
+        
+
         header("Location: signup.php");
         return;
     }
@@ -58,6 +70,7 @@ if (!empty($_POST["form_signup"])) {
     $student_result = mysqli_query($con, "SELECT * FROM `users_table` WHERE Student_ID='$student_id'");
     if (mysqli_num_rows($student_result) > 0) {
         $_SESSION["info_signup"] = "This Student ID is already in use! Please contact Student Management Office <lanhui at zjnu.edu.cn> for help.";
+        $_SESSION['user_fullname'] = null;
         header("Location: signup.php");
         return;
     }
@@ -70,11 +83,10 @@ if (!empty($_POST["form_signup"])) {
     $email = mysqli_real_escape_string($con, $_POST["email"]);
     $password = mysqli_real_escape_string($con, $_POST["password"]);
     $confirmpassword = mysqli_real_escape_string($con, $_POST["confirmpassword"]);
-    $_SESSION['user_fullname'] = $fullname;
-    $_SESSION['user_type'] = "Student";
-    $_SESSION['user_email'] = $email;
-    $_SESSION['user_student_id'] = $student_id;
 
+    $_SESSION['user_student_id'] = $_POST["student_id"];
+    $_SESSION['user_type'] = "Student";
+    
     // check confirmed password
     if (strcasecmp($password, $confirmpassword) != 0) {
         $_SESSION['info_signup'] = "Password confirmation failed.";
@@ -86,6 +98,8 @@ if (!empty($_POST["form_signup"])) {
     // validate email
     if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
         $_SESSION['info_signup'] = "Invalid email address.";
+        $_SESSION['user_fullname'] = null;
+
         header("Location: signup.php");
         return;
     }
@@ -99,6 +113,8 @@ if (!empty($_POST["form_signup"])) {
     // check for strong password
     if (!$containsAll) {
         $_SESSION['info_signup'] = "Password must have at least characters that include lowercase letters, uppercase letters, numbers and special characters (e.g., !?.,*^).";
+        $_SESSION['user_fullname'] = null;
+
         header("Location: signup.php");
         return;
     }
@@ -116,6 +132,9 @@ if (!empty($_POST["form_signup"])) {
     $password_hash = password_hash($password, PASSWORD_DEFAULT);
     $sql = "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`, `Student_ID`) VALUES "
         . "('$email','$password_hash','$fullname','Student','$student_id')";
+    
+
+    $_SESSION['user_fullname'] =$_SESSION['user_fullname_temp'];
 
     if ($con->query($sql) === TRUE) {
         header("Location: Courses.php");
@@ -131,11 +150,15 @@ if (!empty($_POST["form_login"])) {
     $user = mysqli_real_escape_string($con, $_POST["user"]); // user could be a 12-digit student number or an email address
     $is_student_number = 0;
 
+    $_SESSION["failed_login_user"] = $user;  // Save the entered username in a session variable
+    echo "Failed login user: " . $_SESSION["failed_login_user"];
+
     // Validate student number
     if (is_valid_student_number($user)) {
         $is_student_number = 1;
     }
 
+
     // Validate email address if what provided is not a student number
     if (!$is_student_number && !filter_var($user, FILTER_VALIDATE_EMAIL)) {
         $_SESSION["info_login"] = "Invalid email address: " . "$user";
@@ -177,10 +200,19 @@ if (!empty($_POST["form_login"])) {
                     header("Location: Admin.php");
                 }
                 //  report wrong pass if not correct
-            } else {
+                return;
+
+            }  else {
+                
                 $_SESSION["wrong_pass"] = "Wrong Password.";
+                echo $_SESSION["wrong_pass"];  // Optional: Display the error message for debugging
+               
                 header("Location: index.php");
+                exit();  // Add this line to prevent further execution after redirect
             }
+            // Add the following line to reset the session variable when needed
+            unset($_SESSION["failed_login_user"]);
+
         }
     }
 }
diff --git a/index.php b/index.php
index 6aaf75a..7204502 100644
--- a/index.php
+++ b/index.php
@@ -30,7 +30,7 @@ if (isset($_SESSION["user_fullname"])) {
 		<legend>Sign in</legend>
 		<input type="hidden" name="form_login" value="true"/>
 		<label for="user_name" class="form-label">Account name</label>
-		<input type="text" name="user" placeholder="Student Number / Email address" class="form-control" required="required" id="user_name" />
+		<input type="text" name="user" placeholder="Student Number / Email address" class="form-control" required="required" id="user_name" value="<?php echo isset($_SESSION['failed_login_user']) ? htmlspecialchars($_SESSION['failed_login_user']) : ''; ?>" />
 		<br>
 		<label for="user_password" class="form-label">Password</label>
 		<input type="password" class="form-control"  name="password" placeholder="password" required="required" id="user_password" />
diff --git a/signup.php b/signup.php
index 3e45d0c..5763947 100644
--- a/signup.php
+++ b/signup.php
@@ -22,10 +22,10 @@ include 'Header.php';
 		<input type="hidden" name="form_signup" value="true" />
 
 		Full Name
-		<input type="text" name="fullname" placeholder="Your full name" class="form-control" value="<?php echo $_SESSION['user_fullname']; ?>" required="required" id="full_name"/> <br>
-
+		<input type="text" name="fullname" placeholder="Your full name" class="form-control" value="<?php echo isset($_SESSION['user_fullname_temp']) ? $_SESSION['user_fullname_temp'] : ''; ?>" required="required" id="full_name"/> <br>
+		
 		Student ID
-		<input type="text" name="user_student_id" placeholder="Entre your student ID" class="form-control" value="<?php echo $_SESSION['user_student_id']; ?>" required="required" id="student_id"> <br>
+		<input type="text" name="user_student_id" placeholder="Entre your student ID" class="form-control" value="<?php  echo isset($_SESSION['user_student_id_1']) ? $_SESSION['user_student_id_temp'] : ''; ?>" required="required" id="student_id"> <br>
 
 		Email
 		<input type="text" name="email" placeholder="Email" class="form-control" value="<?php echo $_SESSION['user_email']; ?>" required="required" id="email" /> <br>
-- 
2.17.1


From 5bbd812189c92b4128aa4c6f97a7a2a26bafd28e Mon Sep 17 00:00:00 2001
From: Lan Hui <lanhui@zjnu.edu.cn>
Date: Sun, 15 Sep 2024 16:02:40 +0800
Subject: [PATCH 2/2] Fix bug 430

---
 Script.php | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/Script.php b/Script.php
index 93a798f..3db0e5f 100644
--- a/Script.php
+++ b/Script.php
@@ -119,7 +119,7 @@ if (!empty($_POST["form_signup"])) {
 if (!empty($_POST["form_signup"])) {
     $fullname = mysqli_real_escape_string($con, $_POST["fullname"]);
     $student_id = mysqli_real_escape_string($con, $_POST["user_student_id"]);
-<<<<<<< HEAD
+
     $email = mysqli_real_escape_string($con, $_POST["email"]);
     $password = mysqli_real_escape_string($con, $_POST["password"]);
     $confirmpassword = mysqli_real_escape_string($con, $_POST["confirmpassword"]);
@@ -168,13 +168,11 @@ if (!empty($_POST["form_signup"])) {
         return;
     }
 
-=======
-    $_SESSION['user_fullname'] = $fullname;
+
     $_SESSION['user_type'] = "Student";
     $_SESSION['user_email'] = $email;
     $_SESSION['user_student_id'] = $student_id;
 
->>>>>>> fde44f76006082d6bda9431727d06cbd23a134be
     // apply password_hash()
     $password_hash = password_hash($password, PASSWORD_DEFAULT);
     $sql = "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`, `Student_ID`) VALUES "
-- 
2.17.1