function TestInvaidNames()
{
$validator = new Validator();
$sanitiser = new Sanitiser();
// tested with the sanitiser
$name = $sanitiser->sanitise('Isuru Kusumal Rajapakse');
$this->assertTrue(1 == $validator->CheckValidName($name));
$name = $sanitiser->sanitise('<h1>troll name</h1>');
$this->assertFalse(1 == $validator->CheckValidName("{$name}"));
}
<?php
session_start();
require_once 'unit_tests/classes/sanitiser.php';
// create sanitise objects
require_once 'unit_tests/classes/validator.php';
// create sanitise objects
$sanitiser = new Sanitiser();
$validator = new Validator();
$email = null;
if (!isset($_SESSION["username"])) {
//problamatic request, redirects to
//header("location:error.php?type=unauthorized");
//die();
}
if ($_SESSION["username"] == 'guest') {
//guests cant create universities
//header("location:error.php?type=unauthorized");
//die();
}
if (!isset($_POST["ccode"]) || !isset($_POST["cname"])) {
//invalid request, redirects to
//header("location:create_course.php?error='invalid request'");
//die();
}
//global errors
$errors = "";
// Validate firstName
function cname($value)
{
global $errors;
session_start();
if (!isset($_SESSION["username"])) {
//problematic request, redirects to
header("location:error.php?type=unauthorized");
die;
}
if ($_SESSION["username"] == 'guest') {
//problamatic request, redirects to
header("location:error.php?type=unauthorized");
die;
}
require_once 'unit_tests/classes/sanitiser.php';
// create sanitise objects
require_once 'unit_tests/classes/validator.php';
// create sanitise objects
$sanitiser = new Sanitiser();
$validator = new Validator();
$email = null;
if (!isset($_SESSION["username"])) {
//problamatic request, redirects to
header("location:error.php?type=unauthorized");
die;
}
if ($_SESSION["username"] == 'guest') {
//guests cant create universities
header("location:error.php?type=unauthorized");
die;
}
if (!isset($_POST["uname"]) || !isset($_POST["uweb"]) || !isset($_POST["pcountry"])) {
//invalid request, redirects to
header("location:create_university.php");
}
if (!isset($_SESSION['u_course'])) {
//user hasnt selected his course
header("location:select_course.php");
die;
}
if (!isset($_POST['selectedUnit'])) {
if (!isset($_SESSION['selectedUnit'])) {
//invalid request
header("location:select_unit.php");
die;
}
}
require_once 'unit_tests/classes/sanitiser.php';
// create sanitise objects
$sanitiser = new Sanitiser();
if (isset($_POST['selectedUnit'])) {
$selectedUnit = $sanitiser->sanitise($_POST['selectedUnit']);
}
if (isset($_SESSION['selectedUnit'])) {
$selectedUnit = $sanitiser->sanitise($_SESSION['selectedUnit']);
}
$email = $_SESSION['username'];
if (isset($_GET['makeconnection'])) {
//user's course has to be linked with this course
include_once "settings.php";
$conn = mysqli_connect($host, $user, $pwd, $sql_db);
if (!$conn) {
header("location:error.php?type=database");
die;
}
<?php
session_start();
require_once 'unit_tests/classes/sanitiser.php';
$sanitiser = new Sanitiser();
if (isset($_GET['type'])) {
$get = $sanitiser->sanitise($_GET['type']);
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Lobby</title>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<!--[if lte IE 8]><script src="assets/js/ie/html5shiv.js"></script><![endif]-->
<link rel="stylesheet" href="assets/css/main.css" />
<!--[if lte IE 8]><link rel="stylesheet" href="assets/css/ie8.css" /><![endif]-->
<!--[if lte IE 9]><link rel="stylesheet" href="assets/css/ie9.css" /><![endif]-->
</head>
<body>
<!-- Header -->
<?php
require "header.php";
?>
<!-- Nav -->
<?php
require "navigation.php";
?>
<?php
session_start();
require_once 'unit_tests/classes/sanitiser.php';
// create sanitise objects
require_once 'unit_tests/classes/validator.php';
// create sanitise objects
$sanitiser = new Sanitiser();
$validator = new Validator();
$email = null;
if (!isset($_SESSION["username"])) {
//problamatic request, redirects to
header("location:error.php?type=unauthorized");
die;
}
if ($_SESSION["username"] == 'guest') {
//guests cant create universities
header("location:error.php?type=unauthorized");
die;
}
if (!isset($_POST["unitcode"]) || !isset($_POST["unitname"])) {
//invalid request, redirects to
header("location:create_unit.php");
die;
}
if (!isset($_SESSION["u_course"])) {
//no course? weird
header("location:select_course.php");
die;
}
//global errors
<?php
session_start();
if (!isset($_POST["username"]) || !isset($_POST["password"])) {
header("location:login.php?error='Invalid request'");
die;
}
require_once 'unit_tests/classes/sanitiser.php';
// create sanitise objects
require_once 'unit_tests/classes/validator.php';
// create sanitise objects
$sanitiser = new Sanitiser();
$validator = new Validator();
$email = $sanitiser->sanitise($_POST["username"]);
$password = md5($_POST["password"]);
// dont sanitise passwords
if ($email == '') {
header("location:login.php?error='Please enter a valid email address'");
die;
}
if ($email == 'guest') {
$_SESSION["username"] = "******";
header("location:index.php");
die;
}
include_once "settings.php";
$sql_table = "users";
$conn = mysqli_connect($host, $user, $pwd, $sql_db);
if (!$conn) {
header("location:login.php?error=Cant connect to database, please try again");
die;
echo "</tr>";
$row = mysqli_fetch_assoc($result);
}
$result = @mysqli_query($conn, $query);
$row = mysqli_fetch_assoc($result);
if (!$row) {
echo "<tr>";
echo "<td><em>No Assignments has been registed for this unit yet</em></td>";
echo "<td>-</td>";
echo "</tr>";
}
} else {
if ($mode == 'group') {
require_once 'unit_tests/classes/sanitiser.php';
// create sanitise objects
$sanitiser = new Sanitiser();
$assignmentID = $sanitiser->sanitise($_GET['assignment']);
$query = "SELECT * FROM Groups g NATURAL JOIN Assignment a NATURAL JOIN Student s WHERE a.AssignmentID='{$assignmentID}' AND g.AdminID=s.StudentID;";
$result = @mysqli_query($conn, $query);
$row = mysqli_fetch_assoc($result);
while ($row) {
echo "<tr>";
echo "<td>{$row['FirstName']} {$row['LastName']}</td>";
echo "<td>{$row['Description']}</td>";
$groupID = $row['GroupID'];
echo "<td>{$row['Target']},{$groupID}</td>";
//Get count of students
$queryC = "SELECT COUNT(*) AS 'number' FROM StudentGroup sg WHERE GroupID='{$groupID}' AND Approved=1 GROUP BY GroupID;";
$resultC = @mysqli_query($conn, $queryC);
$rowC = mysqli_fetch_assoc($resultC);
echo "<td align='right'>{$rowC['number']}/{$row['MemberCount']}</td>";
<?php
session_start();
require_once 'unit_tests/classes/sanitiser.php';
// create sanitise objects
require_once 'unit_tests/classes/validator.php';
// create sanitise objects
$sanitiser = new Sanitiser();
$validator = new Validator();
$email = null;
if (isset($_SESSION["username"])) {
$email = $_SESSION["username"];
//problamatic request, redirects to
header("location:error.php?type=already-registered");
die;
}
if (!isset($_POST["pfname"])) {
//invalid request, redirects to
header("location:register_form.php");
die;
}
//global errors
$errors = "";
// Validate firstName
function fName($value)
{
global $errors;
global $validator;
if (strlen($value) <= 0) {
$errors .= "<li>Your first name is empty</li>";
}
<?php
session_start();
if (isset($_SESSION["username"])) {
//problamatic request, redirects to
header("location:error.php?type=already-verfied");
die;
}
if (!isset($_SESSION["i_email"])) {
//invalid request, redirects to
header("location:error.php?type=unauthorized");
die;
}
require_once 'unit_tests/classes/sanitiser.php';
// create sanitise objects
$sanitiser = new Sanitiser();
$post_code = $sanitiser->sanitise($_POST['code']);
if ($_SESSION['code'] == $post_code) {
header("location:create_user.php");
die;
} else {
header("location:verify.php?error=invalid");
die;
}
<?php
session_start();
if (!isset($_SESSION["username"])) {
//problematic request, redirects to
header("location:error.php?type=unauthorized");
die;
}
if ($_SESSION["username"] == 'guest') {
//problamatic request, redirects to
header("location:error.php?type=unauthorized");
die;
}
require_once 'unit_tests/classes/sanitiser.php';
// create sanitise objects
$sanitiser = new Sanitiser();
if (isset($_GET['error'])) {
$get_error = $sanitiser->sanitise($_GET['error']);
} else {
$get_error = false;
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Profile Picture</title>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<!--[if lte IE 8]><script src="assets/js/ie/html5shiv.js"></script><![endif]-->
<link rel="stylesheet" href="assets/css/main.css" />
<!--[if lte IE 8]><link rel="stylesheet" href="assets/css/ie8.css" /><![endif]-->
header("location:error.php?type=unauthorized");
die;
}
if ($_SESSION["username"] == "guest") {
//no guest is allowed
header("location:error.php?type=unauthorized");
die;
}
if (!isset($_GET['group'])) {
//invalid request
header("location:lobby.php");
die;
}
require_once 'unit_tests/classes/sanitiser.php';
// create sanitise objects
$sanitiser = new Sanitiser();
$groupID = $sanitiser->sanitise($_GET['group']);
include_once "settings.php";
$conn = @mysqli_connect($host, $user, $pwd, $sql_db);
if (!$conn) {
//no database :(
header("location:error.php?type=database");
die;
}
$query = "SELECT * FROM Groups WHERE GroupID='{$groupID}';";
$result = @mysqli_query($conn, $query);
$group = mysqli_fetch_assoc($result);
$adminID = $group['AdminID'];
$assignmentID = $group['AssignmentID'];
$query = "SELECT * FROM Assignment WHERE AssignmentID='{$assignmentID}';";
$result = @mysqli_query($conn, $query);
echo "</tr>";
$row = mysqli_fetch_assoc($result);
}
$result = @mysqli_query($conn, $query);
$row = mysqli_fetch_assoc($result);
if (!$row) {
echo "<tr>";
echo "<td><em>No courses has been registed for this university yet</em></td>";
echo "<td>-</td>";
echo "</tr>";
}
} else {
if ($mode == 'unit') {
require_once 'unit_tests/classes/sanitiser.php';
// create sanitise objects
$sanitiser = new Sanitiser();
$courseID = $sanitiser->sanitise($_GET['course']);
$query = "SELECT * FROM Unit NATURAL JOIN CourseUnit WHERE CourseID='{$courseID}';";
$result = @mysqli_query($conn, $query);
$row = mysqli_fetch_assoc($result);
while ($row) {
echo "<tr>";
echo "<td>{$row['UnitCode']}</td>";
echo "<td>{$row['UnitName']}</td>";
$assignmentCode = $row['AssignmentCode'];
echo "<td align='right'><span class='button disabled'>Register to view</span></td>";
//echo "<td align='right'><a href='lobby_guest.php?view=assignment&assignment=$assignmentCode'' class='button alt'>Browse</a></td>";
echo "</tr>";
$row = mysqli_fetch_assoc($result);
}
$result = @mysqli_query($conn, $query);
}
if (!isset($_SESSION["i_email"])) {
//invalid request, redirects to
header("location:error.php?type=unauthorized");
die;
}
if (!isset($_POST["password"])) {
//invalid request, redirects to
header("location:error.php?type=unauthorized");
die;
}
require_once 'unit_tests/classes/validator.php';
// create sanitise objects
require_once 'unit_tests/classes/sanitiser.php';
// create sanitise objects
$sanitiser = new Sanitiser();
$validator = new Validator();
$password = $sanitiser->sanitise($_POST["password"]);
if (!$validator->CheckValidPassword($password)) {
header("location:create_user.php?error=invalid");
die;
}
//hash the passwords
$password = md5($password);
//get session information
$i_email = $_SESSION['$i_email'];
$i_firstname = $_SESSION['i_firstname'];
$i_lastname = $_SESSION['i_lastname'];
$i_email = $_SESSION['i_email'];
$i_dob = $_SESSION['i_dob'];
$i_sex = $_SESSION['i_sex'];