function TestInvaidNames() { $validator = new Validator(); $sanitiser = new Sanitiser(); // tested with the sanitiser $name = $sanitiser->sanitise('Isuru Kusumal Rajapakse'); $this->assertTrue(1 == $validator->CheckValidName($name)); $name = $sanitiser->sanitise('<h1>troll name</h1>'); $this->assertFalse(1 == $validator->CheckValidName("{$name}")); }
global $errors; global $validator; if (strlen($value) <= 0) { $errors .= "<li>Course code is empty</li>"; } else { if (!$validator->CheckValueInRange(strlen($value), 1, 50)) { $errors .= "<li>Course code is too long. Please keep it less than 50 characters</li>"; } } if (strlen($errors) > 0) { return false; } return true; } //Sanatise ALL the Data :D $i_ccode = $sanitiser->sanitise($_POST["ccode"]); $i_cname = $sanitiser->sanitise($_POST["cname"]); //Start Validating :D $valid = true; $valid = cname($i_cname) && $valid; $valid = ccode($i_ccode) && $valid; if (!$valid) { header("location:create_course.php?errors={$errors}"); die; } //check if the university already exist $email = $_SESSION['username']; $u_university = $_SESSION['u_university']; include_once "settings.php"; $conn = mysqli_connect($host, $user, $pwd, $sql_db); if (!$conn) {
{ global $errors; global $validator; if (!$validator->CheckValidWebsite($value)) { $errors .= "<li>Please enter a valid webaddress</li>"; return false; } return true; } //Validate dob function ucountry($value) { return $value != ''; } //Sanatise ALL the Data :D $i_uname = $sanitiser->sanitise($_POST["uname"]); $i_uwebsite = $sanitiser->sanitise($_POST["uweb"]); $i_ucountry = $sanitiser->sanitise($_POST["pcountry"]); //Start Validating :D $valid = true; $valid = uname($i_uname) && $valid; $valid = uwebsite($i_uwebsite) && $valid; $valid = ucountry($i_ucountry) && $valid; if (!$valid) { header("location:create_university.php?errors={$errors}"); die; } else { //check if the university already exist $email = $_SESSION['username']; include_once "settings.php"; $conn = mysqli_connect($host, $user, $pwd, $sql_db);
//user hasnt selected his course header("location:select_course.php"); die; } if (!isset($_POST['selectedUnit'])) { if (!isset($_SESSION['selectedUnit'])) { //invalid request header("location:select_unit.php"); die; } } require_once 'unit_tests/classes/sanitiser.php'; // create sanitise objects $sanitiser = new Sanitiser(); if (isset($_POST['selectedUnit'])) { $selectedUnit = $sanitiser->sanitise($_POST['selectedUnit']); } if (isset($_SESSION['selectedUnit'])) { $selectedUnit = $sanitiser->sanitise($_SESSION['selectedUnit']); } $email = $_SESSION['username']; if (isset($_GET['makeconnection'])) { //user's course has to be linked with this course include_once "settings.php"; $conn = mysqli_connect($host, $user, $pwd, $sql_db); if (!$conn) { header("location:error.php?type=database"); die; } $courseID = $_SESSION['u_course']; $query = "INSERT INTO CourseUnit (CourseID,UnitID) VALUES ('{$courseID}','{$selectedUnit}');";
<?php session_start(); require_once 'unit_tests/classes/sanitiser.php'; $sanitiser = new Sanitiser(); if (isset($_GET['type'])) { $get = $sanitiser->sanitise($_GET['type']); } ?> <!DOCTYPE HTML> <html> <head> <title>Lobby</title> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <!--[if lte IE 8]><script src="assets/js/ie/html5shiv.js"></script><![endif]--> <link rel="stylesheet" href="assets/css/main.css" /> <!--[if lte IE 8]><link rel="stylesheet" href="assets/css/ie8.css" /><![endif]--> <!--[if lte IE 9]><link rel="stylesheet" href="assets/css/ie9.css" /><![endif]--> </head> <body> <!-- Header --> <?php require "header.php"; ?> <!-- Nav --> <?php require "navigation.php"; ?>
{ global $errors; global $validator; if (strlen($value) <= 0) { $errors .= "<li>Unit code is empty</li>"; } if (!$validator->CheckValueInRange(strlen($value), 1, 50)) { $errors .= "<li>Unit code is too long. Please keep it less than 50 characters</li>"; } if (strlen($errors) > 0) { return false; } return true; } //Sanatise ALL the Data :D $i_uname = $sanitiser->sanitise($_POST["unitname"]); $i_ucode = $sanitiser->sanitise($_POST["unitcode"]); //Start Validating :D $valid = true; $valid = uname($i_uname) && $valid; $valid = ucode($i_ucode) && $valid; if (!$valid) { header("location:create_unit.php?errors={$errors}"); die; } else { //check if the unit already exist $email = $_SESSION['username']; $courseID = $_SESSION['u_course']; $universityID = $_SESSION['u_university']; include_once "settings.php"; $conn = mysqli_connect($host, $user, $pwd, $sql_db);
<?php session_start(); if (!isset($_POST["username"]) || !isset($_POST["password"])) { header("location:login.php?error='Invalid request'"); die; } require_once 'unit_tests/classes/sanitiser.php'; // create sanitise objects require_once 'unit_tests/classes/validator.php'; // create sanitise objects $sanitiser = new Sanitiser(); $validator = new Validator(); $email = $sanitiser->sanitise($_POST["username"]); $password = md5($_POST["password"]); // dont sanitise passwords if ($email == '') { header("location:login.php?error='Please enter a valid email address'"); die; } if ($email == 'guest') { $_SESSION["username"] = "******"; header("location:index.php"); die; } include_once "settings.php"; $sql_table = "users"; $conn = mysqli_connect($host, $user, $pwd, $sql_db); if (!$conn) { header("location:login.php?error=Cant connect to database, please try again"); die;
$row = mysqli_fetch_assoc($result); } $result = @mysqli_query($conn, $query); $row = mysqli_fetch_assoc($result); if (!$row) { echo "<tr>"; echo "<td><em>No Assignments has been registed for this unit yet</em></td>"; echo "<td>-</td>"; echo "</tr>"; } } else { if ($mode == 'group') { require_once 'unit_tests/classes/sanitiser.php'; // create sanitise objects $sanitiser = new Sanitiser(); $assignmentID = $sanitiser->sanitise($_GET['assignment']); $query = "SELECT * FROM Groups g NATURAL JOIN Assignment a NATURAL JOIN Student s WHERE a.AssignmentID='{$assignmentID}' AND g.AdminID=s.StudentID;"; $result = @mysqli_query($conn, $query); $row = mysqli_fetch_assoc($result); while ($row) { echo "<tr>"; echo "<td>{$row['FirstName']} {$row['LastName']}</td>"; echo "<td>{$row['Description']}</td>"; $groupID = $row['GroupID']; echo "<td>{$row['Target']},{$groupID}</td>"; //Get count of students $queryC = "SELECT COUNT(*) AS 'number' FROM StudentGroup sg WHERE GroupID='{$groupID}' AND Approved=1 GROUP BY GroupID;"; $resultC = @mysqli_query($conn, $queryC); $rowC = mysqli_fetch_assoc($resultC); echo "<td align='right'>{$rowC['number']}/{$row['MemberCount']}</td>"; echo "<td align='right'><a href='view_group.php?group={$groupID}'>Join</a></td>";
return true; } } //Validate tos function tos() { global $errors; if (!isset($_POST["ptos"])) { $errors .= "<li> Please agree for terms of service </li>"; return false; } else { return true; } } //Sanatise ALL the Data :D $i_firstname = $sanitiser->sanitise($_POST["pfname"]); $i_lastname = $sanitiser->sanitise($_POST["plname"]); $i_email = $sanitiser->sanitise($_POST["pemail"]); $i_dob = $sanitiser->sanitise($_POST["pyear"] . "-" . $_POST["pmonth"] . "-" . $_POST["pdate"]); if (isset($_POST["pgender"])) { $i_sex = $sanitiser->sanitise($_POST["pgender"]); } else { $i_sex = ''; } $i_phone = $sanitiser->sanitise($_POST["pphone"]); $i_adress = $sanitiser->sanitise($_POST["padress"]); $i_country = $sanitiser->sanitise($_POST["pcountry"]); if (isset($_POST["ptos"])) { $i_tos = $sanitiser->sanitise($_POST["ptos"]); } else { $i_tos = '';
<?php session_start(); if (isset($_SESSION["username"])) { //problamatic request, redirects to header("location:error.php?type=already-verfied"); die; } if (!isset($_SESSION["i_email"])) { //invalid request, redirects to header("location:error.php?type=unauthorized"); die; } require_once 'unit_tests/classes/sanitiser.php'; // create sanitise objects $sanitiser = new Sanitiser(); $post_code = $sanitiser->sanitise($_POST['code']); if ($_SESSION['code'] == $post_code) { header("location:create_user.php"); die; } else { header("location:verify.php?error=invalid"); die; }
session_start(); if (!isset($_SESSION["username"])) { //problematic request, redirects to header("location:error.php?type=unauthorized"); die; } if ($_SESSION["username"] == 'guest') { //problamatic request, redirects to header("location:error.php?type=unauthorized"); die; } require_once 'unit_tests/classes/sanitiser.php'; // create sanitise objects $sanitiser = new Sanitiser(); if (isset($_GET['error'])) { $get_error = $sanitiser->sanitise($_GET['error']); } else { $get_error = false; } ?> <!DOCTYPE HTML> <html> <head> <title>Profile Picture</title> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <!--[if lte IE 8]><script src="assets/js/ie/html5shiv.js"></script><![endif]--> <link rel="stylesheet" href="assets/css/main.css" /> <!--[if lte IE 8]><link rel="stylesheet" href="assets/css/ie8.css" /><![endif]--> <!--[if lte IE 9]><link rel="stylesheet" href="assets/css/ie9.css" /><![endif]--> <link rel='shortcut icon' type='image/x-icon' href='/favicon.ico' />
die; } if ($_SESSION["username"] == "guest") { //no guest is allowed header("location:error.php?type=unauthorized"); die; } if (!isset($_GET['group'])) { //invalid request header("location:lobby.php"); die; } require_once 'unit_tests/classes/sanitiser.php'; // create sanitise objects $sanitiser = new Sanitiser(); $groupID = $sanitiser->sanitise($_GET['group']); include_once "settings.php"; $conn = @mysqli_connect($host, $user, $pwd, $sql_db); if (!$conn) { //no database :( header("location:error.php?type=database"); die; } $query = "SELECT * FROM Groups WHERE GroupID='{$groupID}';"; $result = @mysqli_query($conn, $query); $group = mysqli_fetch_assoc($result); $adminID = $group['AdminID']; $assignmentID = $group['AssignmentID']; $query = "SELECT * FROM Assignment WHERE AssignmentID='{$assignmentID}';"; $result = @mysqli_query($conn, $query); $assignment = mysqli_fetch_assoc($result);
$row = mysqli_fetch_assoc($result); } $result = @mysqli_query($conn, $query); $row = mysqli_fetch_assoc($result); if (!$row) { echo "<tr>"; echo "<td><em>No courses has been registed for this university yet</em></td>"; echo "<td>-</td>"; echo "</tr>"; } } else { if ($mode == 'unit') { require_once 'unit_tests/classes/sanitiser.php'; // create sanitise objects $sanitiser = new Sanitiser(); $courseID = $sanitiser->sanitise($_GET['course']); $query = "SELECT * FROM Unit NATURAL JOIN CourseUnit WHERE CourseID='{$courseID}';"; $result = @mysqli_query($conn, $query); $row = mysqli_fetch_assoc($result); while ($row) { echo "<tr>"; echo "<td>{$row['UnitCode']}</td>"; echo "<td>{$row['UnitName']}</td>"; $assignmentCode = $row['AssignmentCode']; echo "<td align='right'><span class='button disabled'>Register to view</span></td>"; //echo "<td align='right'><a href='lobby_guest.php?view=assignment&assignment=$assignmentCode'' class='button alt'>Browse</a></td>"; echo "</tr>"; $row = mysqli_fetch_assoc($result); } $result = @mysqli_query($conn, $query); $row = mysqli_fetch_assoc($result);
//invalid request, redirects to header("location:error.php?type=unauthorized"); die; } if (!isset($_POST["password"])) { //invalid request, redirects to header("location:error.php?type=unauthorized"); die; } require_once 'unit_tests/classes/validator.php'; // create sanitise objects require_once 'unit_tests/classes/sanitiser.php'; // create sanitise objects $sanitiser = new Sanitiser(); $validator = new Validator(); $password = $sanitiser->sanitise($_POST["password"]); if (!$validator->CheckValidPassword($password)) { header("location:create_user.php?error=invalid"); die; } //hash the passwords $password = md5($password); //get session information $i_email = $_SESSION['$i_email']; $i_firstname = $_SESSION['i_firstname']; $i_lastname = $_SESSION['i_lastname']; $i_email = $_SESSION['i_email']; $i_dob = $_SESSION['i_dob']; $i_sex = $_SESSION['i_sex']; $i_country = $_SESSION['i_country']; $i_phone = $_SESSION['i_phone'];