function TestInvaidNames()
{
$validator = new Validator();
$sanitiser = new Sanitiser();
// tested with the sanitiser
$name = $sanitiser->sanitise('Isuru Kusumal Rajapakse');
$this->assertTrue(1 == $validator->CheckValidName($name));
$name = $sanitiser->sanitise('<h1>troll name</h1>');
$this->assertFalse(1 == $validator->CheckValidName("{$name}"));
}
global $errors;
global $validator;
if (strlen($value) <= 0) {
$errors .= "<li>Course code is empty</li>";
} else {
if (!$validator->CheckValueInRange(strlen($value), 1, 50)) {
$errors .= "<li>Course code is too long. Please keep it less than 50 characters</li>";
}
}
if (strlen($errors) > 0) {
return false;
}
return true;
}
//Sanatise ALL the Data :D
$i_ccode = $sanitiser->sanitise($_POST["ccode"]);
$i_cname = $sanitiser->sanitise($_POST["cname"]);
//Start Validating :D
$valid = true;
$valid = cname($i_cname) && $valid;
$valid = ccode($i_ccode) && $valid;
if (!$valid) {
header("location:create_course.php?errors={$errors}");
die;
}
//check if the university already exist
$email = $_SESSION['username'];
$u_university = $_SESSION['u_university'];
include_once "settings.php";
$conn = mysqli_connect($host, $user, $pwd, $sql_db);
if (!$conn) {
{
global $errors;
global $validator;
if (!$validator->CheckValidWebsite($value)) {
$errors .= "<li>Please enter a valid webaddress</li>";
return false;
}
return true;
}
//Validate dob
function ucountry($value)
{
return $value != '';
}
//Sanatise ALL the Data :D
$i_uname = $sanitiser->sanitise($_POST["uname"]);
$i_uwebsite = $sanitiser->sanitise($_POST["uweb"]);
$i_ucountry = $sanitiser->sanitise($_POST["pcountry"]);
//Start Validating :D
$valid = true;
$valid = uname($i_uname) && $valid;
$valid = uwebsite($i_uwebsite) && $valid;
$valid = ucountry($i_ucountry) && $valid;
if (!$valid) {
header("location:create_university.php?errors={$errors}");
die;
} else {
//check if the university already exist
$email = $_SESSION['username'];
include_once "settings.php";
$conn = mysqli_connect($host, $user, $pwd, $sql_db);
//user hasnt selected his course
header("location:select_course.php");
die;
}
if (!isset($_POST['selectedUnit'])) {
if (!isset($_SESSION['selectedUnit'])) {
//invalid request
header("location:select_unit.php");
die;
}
}
require_once 'unit_tests/classes/sanitiser.php';
// create sanitise objects
$sanitiser = new Sanitiser();
if (isset($_POST['selectedUnit'])) {
$selectedUnit = $sanitiser->sanitise($_POST['selectedUnit']);
}
if (isset($_SESSION['selectedUnit'])) {
$selectedUnit = $sanitiser->sanitise($_SESSION['selectedUnit']);
}
$email = $_SESSION['username'];
if (isset($_GET['makeconnection'])) {
//user's course has to be linked with this course
include_once "settings.php";
$conn = mysqli_connect($host, $user, $pwd, $sql_db);
if (!$conn) {
header("location:error.php?type=database");
die;
}
$courseID = $_SESSION['u_course'];
$query = "INSERT INTO CourseUnit (CourseID,UnitID) VALUES ('{$courseID}','{$selectedUnit}');";
<?php
session_start();
require_once 'unit_tests/classes/sanitiser.php';
$sanitiser = new Sanitiser();
if (isset($_GET['type'])) {
$get = $sanitiser->sanitise($_GET['type']);
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Lobby</title>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<!--[if lte IE 8]><script src="assets/js/ie/html5shiv.js"></script><![endif]-->
<link rel="stylesheet" href="assets/css/main.css" />
<!--[if lte IE 8]><link rel="stylesheet" href="assets/css/ie8.css" /><![endif]-->
<!--[if lte IE 9]><link rel="stylesheet" href="assets/css/ie9.css" /><![endif]-->
</head>
<body>
<!-- Header -->
<?php
require "header.php";
?>
<!-- Nav -->
<?php
require "navigation.php";
?>
{
global $errors;
global $validator;
if (strlen($value) <= 0) {
$errors .= "<li>Unit code is empty</li>";
}
if (!$validator->CheckValueInRange(strlen($value), 1, 50)) {
$errors .= "<li>Unit code is too long. Please keep it less than 50 characters</li>";
}
if (strlen($errors) > 0) {
return false;
}
return true;
}
//Sanatise ALL the Data :D
$i_uname = $sanitiser->sanitise($_POST["unitname"]);
$i_ucode = $sanitiser->sanitise($_POST["unitcode"]);
//Start Validating :D
$valid = true;
$valid = uname($i_uname) && $valid;
$valid = ucode($i_ucode) && $valid;
if (!$valid) {
header("location:create_unit.php?errors={$errors}");
die;
} else {
//check if the unit already exist
$email = $_SESSION['username'];
$courseID = $_SESSION['u_course'];
$universityID = $_SESSION['u_university'];
include_once "settings.php";
$conn = mysqli_connect($host, $user, $pwd, $sql_db);
<?php
session_start();
if (!isset($_POST["username"]) || !isset($_POST["password"])) {
header("location:login.php?error='Invalid request'");
die;
}
require_once 'unit_tests/classes/sanitiser.php';
// create sanitise objects
require_once 'unit_tests/classes/validator.php';
// create sanitise objects
$sanitiser = new Sanitiser();
$validator = new Validator();
$email = $sanitiser->sanitise($_POST["username"]);
$password = md5($_POST["password"]);
// dont sanitise passwords
if ($email == '') {
header("location:login.php?error='Please enter a valid email address'");
die;
}
if ($email == 'guest') {
$_SESSION["username"] = "******";
header("location:index.php");
die;
}
include_once "settings.php";
$sql_table = "users";
$conn = mysqli_connect($host, $user, $pwd, $sql_db);
if (!$conn) {
header("location:login.php?error=Cant connect to database, please try again");
die;
$row = mysqli_fetch_assoc($result);
}
$result = @mysqli_query($conn, $query);
$row = mysqli_fetch_assoc($result);
if (!$row) {
echo "<tr>";
echo "<td><em>No Assignments has been registed for this unit yet</em></td>";
echo "<td>-</td>";
echo "</tr>";
}
} else {
if ($mode == 'group') {
require_once 'unit_tests/classes/sanitiser.php';
// create sanitise objects
$sanitiser = new Sanitiser();
$assignmentID = $sanitiser->sanitise($_GET['assignment']);
$query = "SELECT * FROM Groups g NATURAL JOIN Assignment a NATURAL JOIN Student s WHERE a.AssignmentID='{$assignmentID}' AND g.AdminID=s.StudentID;";
$result = @mysqli_query($conn, $query);
$row = mysqli_fetch_assoc($result);
while ($row) {
echo "<tr>";
echo "<td>{$row['FirstName']} {$row['LastName']}</td>";
echo "<td>{$row['Description']}</td>";
$groupID = $row['GroupID'];
echo "<td>{$row['Target']},{$groupID}</td>";
//Get count of students
$queryC = "SELECT COUNT(*) AS 'number' FROM StudentGroup sg WHERE GroupID='{$groupID}' AND Approved=1 GROUP BY GroupID;";
$resultC = @mysqli_query($conn, $queryC);
$rowC = mysqli_fetch_assoc($resultC);
echo "<td align='right'>{$rowC['number']}/{$row['MemberCount']}</td>";
echo "<td align='right'><a href='view_group.php?group={$groupID}'>Join</a></td>";
return true;
}
}
//Validate tos
function tos()
{
global $errors;
if (!isset($_POST["ptos"])) {
$errors .= "<li> Please agree for terms of service </li>";
return false;
} else {
return true;
}
}
//Sanatise ALL the Data :D
$i_firstname = $sanitiser->sanitise($_POST["pfname"]);
$i_lastname = $sanitiser->sanitise($_POST["plname"]);
$i_email = $sanitiser->sanitise($_POST["pemail"]);
$i_dob = $sanitiser->sanitise($_POST["pyear"] . "-" . $_POST["pmonth"] . "-" . $_POST["pdate"]);
if (isset($_POST["pgender"])) {
$i_sex = $sanitiser->sanitise($_POST["pgender"]);
} else {
$i_sex = '';
}
$i_phone = $sanitiser->sanitise($_POST["pphone"]);
$i_adress = $sanitiser->sanitise($_POST["padress"]);
$i_country = $sanitiser->sanitise($_POST["pcountry"]);
if (isset($_POST["ptos"])) {
$i_tos = $sanitiser->sanitise($_POST["ptos"]);
} else {
$i_tos = '';
<?php
session_start();
if (isset($_SESSION["username"])) {
//problamatic request, redirects to
header("location:error.php?type=already-verfied");
die;
}
if (!isset($_SESSION["i_email"])) {
//invalid request, redirects to
header("location:error.php?type=unauthorized");
die;
}
require_once 'unit_tests/classes/sanitiser.php';
// create sanitise objects
$sanitiser = new Sanitiser();
$post_code = $sanitiser->sanitise($_POST['code']);
if ($_SESSION['code'] == $post_code) {
header("location:create_user.php");
die;
} else {
header("location:verify.php?error=invalid");
die;
}
session_start();
if (!isset($_SESSION["username"])) {
//problematic request, redirects to
header("location:error.php?type=unauthorized");
die;
}
if ($_SESSION["username"] == 'guest') {
//problamatic request, redirects to
header("location:error.php?type=unauthorized");
die;
}
require_once 'unit_tests/classes/sanitiser.php';
// create sanitise objects
$sanitiser = new Sanitiser();
if (isset($_GET['error'])) {
$get_error = $sanitiser->sanitise($_GET['error']);
} else {
$get_error = false;
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Profile Picture</title>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<!--[if lte IE 8]><script src="assets/js/ie/html5shiv.js"></script><![endif]-->
<link rel="stylesheet" href="assets/css/main.css" />
<!--[if lte IE 8]><link rel="stylesheet" href="assets/css/ie8.css" /><![endif]-->
<!--[if lte IE 9]><link rel="stylesheet" href="assets/css/ie9.css" /><![endif]-->
<link rel='shortcut icon' type='image/x-icon' href='/favicon.ico' />
die;
}
if ($_SESSION["username"] == "guest") {
//no guest is allowed
header("location:error.php?type=unauthorized");
die;
}
if (!isset($_GET['group'])) {
//invalid request
header("location:lobby.php");
die;
}
require_once 'unit_tests/classes/sanitiser.php';
// create sanitise objects
$sanitiser = new Sanitiser();
$groupID = $sanitiser->sanitise($_GET['group']);
include_once "settings.php";
$conn = @mysqli_connect($host, $user, $pwd, $sql_db);
if (!$conn) {
//no database :(
header("location:error.php?type=database");
die;
}
$query = "SELECT * FROM Groups WHERE GroupID='{$groupID}';";
$result = @mysqli_query($conn, $query);
$group = mysqli_fetch_assoc($result);
$adminID = $group['AdminID'];
$assignmentID = $group['AssignmentID'];
$query = "SELECT * FROM Assignment WHERE AssignmentID='{$assignmentID}';";
$result = @mysqli_query($conn, $query);
$assignment = mysqli_fetch_assoc($result);
$row = mysqli_fetch_assoc($result);
}
$result = @mysqli_query($conn, $query);
$row = mysqli_fetch_assoc($result);
if (!$row) {
echo "<tr>";
echo "<td><em>No courses has been registed for this university yet</em></td>";
echo "<td>-</td>";
echo "</tr>";
}
} else {
if ($mode == 'unit') {
require_once 'unit_tests/classes/sanitiser.php';
// create sanitise objects
$sanitiser = new Sanitiser();
$courseID = $sanitiser->sanitise($_GET['course']);
$query = "SELECT * FROM Unit NATURAL JOIN CourseUnit WHERE CourseID='{$courseID}';";
$result = @mysqli_query($conn, $query);
$row = mysqli_fetch_assoc($result);
while ($row) {
echo "<tr>";
echo "<td>{$row['UnitCode']}</td>";
echo "<td>{$row['UnitName']}</td>";
$assignmentCode = $row['AssignmentCode'];
echo "<td align='right'><span class='button disabled'>Register to view</span></td>";
//echo "<td align='right'><a href='lobby_guest.php?view=assignment&assignment=$assignmentCode'' class='button alt'>Browse</a></td>";
echo "</tr>";
$row = mysqli_fetch_assoc($result);
}
$result = @mysqli_query($conn, $query);
$row = mysqli_fetch_assoc($result);
//invalid request, redirects to
header("location:error.php?type=unauthorized");
die;
}
if (!isset($_POST["password"])) {
//invalid request, redirects to
header("location:error.php?type=unauthorized");
die;
}
require_once 'unit_tests/classes/validator.php';
// create sanitise objects
require_once 'unit_tests/classes/sanitiser.php';
// create sanitise objects
$sanitiser = new Sanitiser();
$validator = new Validator();
$password = $sanitiser->sanitise($_POST["password"]);
if (!$validator->CheckValidPassword($password)) {
header("location:create_user.php?error=invalid");
die;
}
//hash the passwords
$password = md5($password);
//get session information
$i_email = $_SESSION['$i_email'];
$i_firstname = $_SESSION['i_firstname'];
$i_lastname = $_SESSION['i_lastname'];
$i_email = $_SESSION['i_email'];
$i_dob = $_SESSION['i_dob'];
$i_sex = $_SESSION['i_sex'];
$i_country = $_SESSION['i_country'];
$i_phone = $_SESSION['i_phone'];
