mrlan
/
LRR
3
0
Fork 2
Code Issues Pull Requests 10 Projects Releases Wiki Activity
LRR/SecurityQuestions.php

140 lines
6.6 KiB
PHP
Raw Blame History

<?php
session_start();
error_reporting(0);
date_default_timezone_set('Asia/Shanghai');
include 'NoDirectPhpAcess.php';
include "get_mysql_credentials.php"; // Database credentials
error_reporting(E_ALL);
ini_set('display_errors', 1);
$con = mysqli_connect("localhost", $mysql_username, $mysql_password, "lrr");
if (mysqli_connect_errno()) {
die("Connection failed: " . mysqli_connect_error());
}
// Check if user_id is set in the session
if (!isset($_SESSION['user_id'])) {
echo '<div class="alert alert-danger" role="alert">Session expired. Please log in again.</div>';
exit(); // Stop script execution if user_id is not set
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Get the security questions and answers from the form
$question1 = mysqli_real_escape_string($con, $_POST['security_question1']);
$answer1 = strtolower(mysqli_real_escape_string($con, $_POST['security_answer1']));
$question2 = mysqli_real_escape_string($con, $_POST['security_question2']);
$answer2 = strtolower(mysqli_real_escape_string($con, $_POST['security_answer2']));
// Get the user ID and user type from the session
$user_id = $_SESSION['user_id']; // Use user_id from session
$user_type = $_SESSION['user_type']; //Get user type from session
$email = $_SESSION['user_email'];
$student_id = isset($_SESSION['user_student_id']) ? $_SESSION['user_student_id'] : NULL; //Handle student_id for students
// Prepare SQL statement
if($user_type == 'Student') {
$sql = "INSERT INTO password_recovery_security_questions (user_id,user_type, student_id, email, question1, answer1, question2, answer2)
VALUES ('$user_id', '$user_type', '$student_id', '$email', '$question1', '$answer1', '$question2', '$answer2')
ON DUPLICATE KEY UPDATE
question1='$question1',
answer1='$answer1',
question2='$question2',
answer2='$answer2'";
} else {
// For non-students (Lecturer, TA, etc.), exclude student_id
$sql = "INSERT INTO password_recovery_security_questions (user_id, user_type, email, question1, answer1, question2, answer2)
VALUES ('$user_id', '$user_type', '$email', '$question1', '$answer1', '$question2', '$answer2')
ON DUPLICATE KEY UPDATE
question1='$question1',
answer1='$answer1',
question2='$question2',
answer2='$answer2'";
}
// Execute the query and check for success
if (mysqli_query($con, $sql)) {
echo '<div id="alertgood" class="alert alert-success" role="alert">Password recovery details set successfully. Please remember your answers! Redirecting to Courses page...</div>';
echo '<script>';
echo ' setTimeout(function() {';
echo ' var userType = "'. $_SESSION['user_type'] . '";';
echo ' if (userType === "Admin") {';
echo ' window.location.href = "Admin.php";';
echo ' } else {';
echo ' window.location.href = "Courses.php";';
echo ' }';
echo ' }, 2000);';
echo '</script>';
} else {
echo '<div class="alert alert-danger" role="alert">Error: ' . mysqli_error($con) . '</div>';
}
}
mysqli_close($con);
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Security Questions</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.1/dist/css/bootstrap.min.css" rel="stylesheet">
</head>
<body>
<nav class="navbar navbar-expand-lg bg-body-tertiary" style="padding-left:180px;padding-right:150px;margin:auto;">
<div class="container-fluid">
<a class="navbar-brand" href="#"> <img src="logo.png" style="width:30px;height:30px;" alt="LRR Logo"> LRR </a>
</nav>
<br/><br/><br/>
<div class="container">
<div class="col-md-5"></div>
<form action="SecurityQuestions.php" method="POST">
<label> Set Password Recovery (Make sure you remember your answers) </label>
<div class="mb-3">
<br/>
<label for="security_question1" class="form-label">Select Security Question 1</label>
<select class="form-select" id="security_question1" name="security_question1" required>
<option value="">-- Select a question --</option>
<option value="What is the name of your first pet?">What is the name of your first pet?</option>
<option value="What is your mother's maiden name?">What is your mother's maiden name?</option>
<option value="What is the name of the town where you were born?">What is the name of the town where you were born?</option>
<option value="What was the name of your first best friend?">What was the name of your first best friend?</option>
<option value="What is your favorite book?">What is your favorite book?</option>
<option value="What was the make and model of your first car?">What was the make and model of your first car?</option>
<!-- Add more options if needed -->
</select>
</div>
<div class="mb-3">
<label for="security_answer1" class="form-label">Answer 1</label>
<input type="text" class="form-control" id="security_answer1" name="security_answer1" required>
</div>
<br/>
<div class="mb-3">
<label for="security_question2" class="form-label">Select Security Question 2</label>
<select class="form-select" id="security_question2" name="security_question2" required>
<option value="">-- Select a question --</option>
<option value="What was the name of your first school?">What was the name of your first school?</option>
<option value="What is your favorite movie?">What is your favorite movie?</option>
<option value="What was your childhood nickname?">What was your childhood nickname?</option>
<option value="What is the name of your favorite teacher?">What is the name of your favorite teacher?</option>
<option value="What street did you grow up on?">What street did you grow up on?</option>
<option value="What is your favorite food?">What is your favorite food?</option>
<!-- Add more options if needed -->
</select>
</div>
<div class="mb-3">
<label for="security_answer2" class="form-label">Answer 2</label>
<input type="text" class="form-control" id="security_answer2" name="security_answer2" required>
</div>
<br/>
<button id="submit_recovery" type="submit" class="btn btn-primary">Save Answers</button>
</form>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink