diff --git a/icsls/application/.htaccess b/icsls/application/.htaccess
index 14249c5..e69de29 100644
--- a/icsls/application/.htaccess
+++ b/icsls/application/.htaccess
@@ -1 +0,0 @@
-Deny from all
\ No newline at end of file
diff --git a/icsls/application/controllers/librarian.php b/icsls/application/controllers/librarian.php
index 98170d6..73aeb75 100644
--- a/icsls/application/controllers/librarian.php
+++ b/icsls/application/controllers/librarian.php
@@ -57,7 +57,7 @@ public function display_search_results($query_id = 0, $offset = 0){
$query_array = array(
'category' => $this->input->get('selectCategory'),
- 'text' => htmlspecialchars($this->input->get('inputText')),
+ 'text' => htmlspecialchars($this->input->get('inputText'), ENT_QUOTES),
'sortCategory' => $this->input->get('selectSortCategory'),
'row' => $this->input->get('selectRows'),
'accessType' => $this->input->get('selectAccessType'),
@@ -66,12 +66,14 @@ public function display_search_results($query_id = 0, $offset = 0){
'match' => $this->input->get('radioMatch')
);
- //Do not continue if user tried to make the database retrieval fail by editing URL's GET
+ //Do not continue if user tried to make the database retrieval fail by XSS Node deletion
foreach($query_array as $element):
if($element === FALSE)
redirect('librarian/search_reference_index');
endforeach;
+
+
$offset = $this->input->get('per_page') ? $this->input->get('per_page') : 0;
$data['total_rows'] = $this->librarian_model->get_number_of_rows($query_array);
@@ -151,14 +153,25 @@ public function edit_reference(){
//Filter the user's input of HTML special symbols
$title = htmlspecialchars(mysql_real_escape_string(trim($this->input->post('title'))));
$author = htmlspecialchars(mysql_real_escape_string(trim($this->input->post('author'))));
- $isbn = $this->input->post('isbn');
- $category = $this->input->post('category');
+ $isbn = htmlspecialchars(mysql_real_escape_string($this->input->post('isbn')));
+ $category = htmlspecialchars(mysql_real_escape_string($this->input->post('category')));
$publisher = htmlspecialchars(mysql_real_escape_string(trim($this->input->post('publisher'))));
- $publication_year = $this->input->post('publication_year');
- $access_type = $this->input->post('access_type');
- $course_code = $this->input->post('course_code');
+ $publication_year = htmlspecialchars(mysql_real_escape_string($this->input->post('publication_year')));
+ $access_type = htmlspecialchars(mysql_real_escape_string($this->input->post('access_type')));
+ $course_code = htmlspecialchars(mysql_real_escape_string($this->input->post('course_code')));
$description = htmlspecialchars(mysql_real_escape_string(trim($this->input->post('description'))));
- $total_stock = $this->input->post('total_stock');
+ $total_stock = htmlspecialchars(mysql_real_escape_string($this->input->post('total_stock')));
+
+ //DO NOT TRUST the user's input. Server-side input validation
+ if($total_stock <= 0)
+ redirect('librarian/edit_reference_index/' . $id);
+ if(! in_array(strtoupper($category), array('B', 'S', 'C', 'J', 'M', 'T')))
+ redirect('librarian/edit_reference_index/' . $id);
+ if(! is_int(intval($publication_year)))
+ redirect('librarian/edit_reference_index/' . $id);
+ //if(preg_match("\A[A-Z]{2,3}\d{2,3}\z", $course_code) === FALSE)
+ // redirect('librarian/edit_reference_index/' . $id);
+
//Store the input from user to be passed on the model
$query_array = array(
@@ -176,28 +189,12 @@ public function edit_reference(){
);
$result = $this->librarian_model->edit_reference($query_array);
- redirect('librarian');
+ redirect('librarian/view_reference/' . $id);
}//end of function edit_reference
/* ******************** END OF EDIT REFERENCE MODULE ******************** */
/* ******************** DELETE REFERENCE MODULE ******************** */
- /*
- public function delete_ready_reference(){
- if(!empty($_POST['chch'])):
- if(count($_POST['chch'])>0):
- $toDelete = $_POST['chch'];
-
- for($i=0;$i< count($toDelete);$i++){
- $result = $this->librarian_model->delete_references($toDelete[$i]);
- }
-
- endif;
- endif;
-
- redirect( base_url() . 'index.php/librarian','refresh');
- }
- */
/**
* Delete selected references specified by its respective checkbox
@@ -208,8 +205,8 @@ public function delete_reference(){
$data['title'] = 'Delete Reference';
$cannotBeDeleted = array();
- if(!empty($_POST['ch'])){
- if(count($_POST['ch'])>0):
+ if(! empty($_POST['ch'])){
+ if(count($_POST['ch']) > 0):
$toDelete = $_POST['ch'];
for($i = 0; $i < count($toDelete); $i++){
@@ -220,7 +217,7 @@ public function delete_reference(){
endif;
}
- if(count($cannotBeDeleted)>0){
+ if(count($cannotBeDeleted) > 0){
$data['forDeletion'] = $this->librarian_model->get_selected_books($cannotBeDeleted);
$this->load->view('for_deletion_view',$data);
}
@@ -235,7 +232,7 @@ public function delete_reference(){
public function change_forDeletion(){
$data['title'] = 'Delete Reference';
- if(!empty($_POST['ch'])):
+ if(! empty($_POST['ch'])):
$toUpdate = $_POST['ch'];
for($i = 0; $i < count($toUpdate); $i++){
$this->librarian_model->update_for_deletion($toUpdate[$i]);
@@ -304,7 +301,7 @@ public function file_upload(){
}
else{
$uploadData = array('upload_data' => $this->upload->data());
- $filename='./uploads/'.$uploadData['upload_data']['file_name'];
+ $filename='./uploads/' . $uploadData['upload_data']['file_name'];
$this->load->library('csvreader');
$data['csvData'] = $this->csvreader->parse_file($filename);
$this->load->view("uploadSuccess_view", $data);
diff --git a/icsls/application/controllers/login.php b/icsls/application/controllers/login.php
index 9b74d38..c6c3619 100644
--- a/icsls/application/controllers/login.php
+++ b/icsls/application/controllers/login.php
@@ -12,8 +12,8 @@ public function index(){
$password = "";
}
else{
- $username = $_POST["username"];
- $password = md5($_POST["password"]);
+ $username = $_POST['username'];//mysql_real_escape_string($_POST["username"]);
+ $password = md5($_POST['password']);//mysql_real_escape_string(md5($_POST["password"]));
}
//Checks if the user is registered
diff --git a/icsls/application/helpers/MY_Helper.php b/icsls/application/helpers/MY_Helper.php
new file mode 100644
index 0000000..dbc6a8f
--- /dev/null
+++ b/icsls/application/helpers/MY_Helper.php
@@ -0,0 +1,19 @@
+set_value($field, $default), $field);
+}
\ No newline at end of file
diff --git a/icsls/application/js/delete_script.js b/icsls/application/js/delete_script.js
new file mode 100644
index 0000000..72b5f32
--- /dev/null
+++ b/icsls/application/js/delete_script.js
@@ -0,0 +1,78 @@
+//Confirm to Delete the selected books
+function confirmDelete(){
+ var noOfBooksToDelete = $('#booktable').find("input:checkbox:checked").length;
+ if(noOfBooksToDelete > 0){
+ var option= confirm("Are you Sure?");
+ if(option==true){
+ alert(noOfBooksToDelete+" Book"+((noOfBooksToDelete>1)?'s':'')+" Selected.");
+ }else{
+ return false;
+ }
+ }else{
+ alert("No books selected.");
+ return false;
+ }
+ }
+
+//Confirm To Delete Ready for Deletion Books
+function confirmDeleteReady(){
+ var noOfBooksToDelete = $('#readytodeletetable').find("input:checkbox:checked").length;
+ if(noOfBooksToDelete > 0){
+ var option= confirm("Are you Sure?");
+ if(option==true){
+ alert(noOfBooksToDelete+" Book"+((noOfBooksToDelete>1)?'s':'')+" Selected.");
+ }else{
+ return false;
+ }
+ }else{
+ alert("No books selected.");
+ return false;
+ }
+ }
+
+//Confirm to change the ForDeletion
+function confirmChangeForDeletion(){
+ var noOfBooksToDelete = $('#booktable').find("input:checkbox:checked").length;
+ if(noOfBooksToDelete > 0){
+ var option= confirm("Are you Sure?");
+ if(option==true){
+ alert(noOfBooksToDelete+" Book"+((noOfBooksToDelete>1)?'s':'')+" Selected.");
+ }else{
+ return false;
+ }
+ }else{
+ alert("No books selected.");
+ }
+ }
+
+//Mark All checkboxes when choosing
+$('#markAll').click(function (){
+ var buttonText = $('#markAll').text();
+ if(buttonText === 'Mark All'){
+ $('#booktable').find('input[name="ch[]"]').each(function(){
+ $(this).prop('checked', true);
+ });
+ $('#markAll').text('UnMark All');
+ }
+ else if(buttonText === 'UnMark All'){
+ $('#booktable').find('input[name="ch[]"]').each(function(){
+ $(this).prop('checked', false);
+ });
+ $('#markAll').text('Mark All');
+ }
+});
+$('#markAlla').click(function (){
+ var buttonText = $('#markAlla').text();
+ if(buttonText === 'Mark All'){
+ $('#readytodeletetable').find('input[name="chch[]"]').each(function(){
+ $(this).prop('checked', true);
+ });
+ $('#markAlla').text('UnMark All');
+ }
+ else if(buttonText === 'UnMark All'){
+ $('#readytodeletetable').find('input[name="chch[]"]').each(function(){
+ $(this).prop('checked', false);
+ });
+ $('#markAlla').text('Mark All');
+ }
+});
\ No newline at end of file
diff --git a/icsls/application/js/scripts.js b/icsls/application/js/scripts.js
new file mode 100644
index 0000000..7357071
--- /dev/null
+++ b/icsls/application/js/scripts.js
@@ -0,0 +1,18 @@
+function changeUserSearchTextCriteria(){
+ var category = document.getElementById("category").value;
+ var input = document.getElementById("search_text");
+
+ if(category == "username"){
+ input.title = "Must be 4-30 characters.";
+ input.pattern = "[a-z]{1,1}[a-z0-9_]{3,29}";
+ }else if(category == "student_number"){
+ input.title = "Must be 10 characters.";
+ input.pattern = "[0-9]{4}-[0-9]{5}";
+ }else if(category == "employee_number"){
+ input.title = "Must be 9 characters.";
+ input.pattern = "[0-9]{9,9}";
+ }else if(category == "first_name" || category == "last_name"){
+ input.title = 'Must be 2-30 characters.';
+ input.pattern='[A-Za-z]{2,30}'
+ }
+}
\ No newline at end of file
diff --git a/icsls/application/js/validate_script.js b/icsls/application/js/validate_script.js
new file mode 100644
index 0000000..2f81dd3
--- /dev/null
+++ b/icsls/application/js/validate_script.js
@@ -0,0 +1,171 @@
+ /*
+ The following codes are javascript validations
+ */
+
+ /* Title :
+ * Required field
+ * Any characters(symbols & alphanumeric characters)
+ * Must have at least one Alphanumeric characters
+ */
+ function validate_title(){
+ var title = edit_form.title.value;
+ var error = "";
+
+ if(title==""){
+ error = "Title is required";
+ alert(error);
+ document.getElementById('title').focus();
+ }else if(!title.match(/^.*[A-Za-z0-9]{1,}.*$/)){
+ error = "Must have atleast one alphanumeric character.";
+ alert(error);
+ document.getElementById('title').focus();
+ }
+
+ if(error=="") return true;
+ }
+
+ /* Author :
+ * Required field
+ * Alphabets, spaces, periods, and commas only
+ * Must start with an alphabet
+ */
+
+
+ function validate_author(){
+ var author = edit_form.author.value;
+ var error = "";
+
+ if(author==""){
+ error = "Author is required";
+ alert(error);
+ document.getElementById('author').focus();
+ }else if(!author.match(/^[a-zA-Z\ ][a-zA-Z\ \.\,]*$/)){
+ error = "Alphabet, periods and commas only. Must start with an alphabet.";
+ alert(error);
+ document.getElementById('author').focus();
+ }
+ if(error=="") return true;
+ }
+
+
+ /* ISBN :
+ * Numbers and hypens only
+ * Must start and end with a number
+ * Length must be 13 characters
+ */
+
+ function validate_isbn(){
+ var isbn = edit_form.isbn.value;
+ var error = "";
+
+ if(isbn==""){
+ return true;
+ }else if(!isbn.match(/^[0-9][0-9\-]{11}[0-9]$/)){
+ error = "Numbers and hypens only. Must start and end with a number. Length must be 13 characters.";
+ alert(error);
+ document.getElementById('isbn').focus();
+ }
+ if(error=="") return true;
+ }
+
+ /* Publisher :
+ * Any characters(symbols & alphanumeric characters)
+ * Must have at least one Alphanumeric characters
+ */
+
+ function validate_publisher(){
+ var publisher = edit_form.publisher.value;
+ var error = "";
+
+ if(publisher==""){
+ return true;
+ }else if(!publisher.match(/^.*[A-Za-z0-9]{1,}.*$/)){
+ error = "Must have atleast one alphanumeric character.";
+ alert(error);
+ document.getElementById('publisher').focus();
+ }
+
+ if(error=="") return true;
+ }
+
+ /* Publication year :
+ * Numbers only
+ * Year format : xxxx
+ * Length: 4
+ */
+
+ function validate_publication_year(){
+ var publication_year = edit_form.publication_year.value;
+ var error = "";
+
+ if(publication_year==""){
+ return true;
+ }else if(!publication_year.match(/^[0-9][0-9][0-9][0-9]$/)){
+ error = "Four numbers only. Year Format: xxxx";
+ alert(error);
+ document.getElementById('publication_year').focus();
+ }
+
+ if(error=="") return true;
+ }
+
+ /* Course code :
+ * Required field
+ * Uppercase letters and numbers only
+ * Max length: 6
+ */
+ function validate_course_code(){
+ var course_code = edit_form.course_code.value;
+ var error = "";
+
+ if(course_code==""){
+ error = "Course code is required";
+ alert(error);
+ document.getElementById('course_code').focus();
+ }else if(!course_code.match(/^[A-Z][A-Z0-9]{0,4}[0-9]$/)){
+ error = "Uppercase letters and numbers only. Max length is six characters.";
+ alert(error);
+ document.getElementById('course_code').focus();
+ }
+
+ if(error=="") return true;
+ }
+
+ /* Description :
+ * Any characters(symbols & alphanumeric characters)
+ * Must have at least one Alphanumeric characters
+ */
+
+
+ function validate_description(){
+ var description = edit_form.description.value;
+ var error = "";
+
+ if(description==""){
+ return true;
+ }else if(!description.match(/^.*[A-Za-z0-9]{1,}.*$/)){
+ error = "Must have atleast one alphanumeric character.";
+ alert(error);
+ document.getElementById('description').focus();
+ }
+ if(error=="") return true;
+ }
+
+ /* Total stock :
+ * Must be greater or equal to total available
+ */
+
+ function validate_total_stock(){
+ var total_stock = document.getElementById('total_stock');
+ var error = "";
+ var total_available = document.getElementById('total_available');
+
+ if(parseInt(total_stock.value) < parseInt(total_available.value)){
+ error = "Total stock can't be less than the total available.";
+ alert(error);
+ total_stock.value = parseInt(total_stock.value) + 1;
+ }else{
+ return true;
+ }
+
+ }
\ No newline at end of file
diff --git a/icsls/application/libraries/MY_Input.php b/icsls/application/libraries/MY_Input.php
new file mode 100644
index 0000000..3b13a9c
--- /dev/null
+++ b/icsls/application/libraries/MY_Input.php
@@ -0,0 +1,24 @@
+db->insert('query_string', array('query_string' => http_build_query($query_array)));
+
+ return $CI->db->insert_id();
+ }
+
+ function load_query($query_id) {
+
+ $CI =& get_instance();
+
+ $rows = $CI->db->get_where('query_string', array('id' => $query_id))->result();
+ if (isset($rows[0])) {
+ parse_str($rows[0]->query_string, $_GET);
+ }
+
+ }
+
+}
diff --git a/icsls/application/models/librarian_model.php b/icsls/application/models/librarian_model.php
index 705386f..020042b 100644
--- a/icsls/application/models/librarian_model.php
+++ b/icsls/application/models/librarian_model.php
@@ -24,13 +24,23 @@ function __construct(){
* @return int
*/
public function get_number_of_rows($query_array){
- $query_array['text'] = $query_array['text'];
+ $categoryArray = array('title', 'author', 'isbn', 'course_code', 'publisher');
+ $sortCategoryArray = array('title', 'author', 'category', 'course_code', 'times_borrowed', 'total_stock');
+ if(! in_array($query_array['category'], $categoryArray))
+ redirect('librarian/search_reference_index');
+ if(! in_array($query_array['sortCategory'], $sortCategoryArray))
+ redirect('librarian/search_reference_index');
+
+ if($query_array['text'] == '')
+ redirect('librarian/search_reference_index');
//Match or Like
if($query_array['match'] == 'like')
$this->db->like($query_array['category'], $query_array['text']);
elseif($query_array['match'] == 'match')
$this->db->where($query_array['category'], $query_array['text']);
+ else
+ redirect('librarian/search_reference_index');
//Display references ONLY for a specific type of people
if($query_array['accessType'] != 'N')
@@ -53,6 +63,17 @@ public function get_number_of_rows($query_array){
* @return object
*/
public function get_search_reference($query_array, $start){
+ $categoryArray = array('title', 'author', 'isbn', 'course_code', 'publisher');
+ $sortCategoryArray = array('title', 'author', 'category', 'course_code', 'times_borrowed', 'total_stock');
+ if(! in_array($query_array['category'], $categoryArray))
+ redirect('librarian/search_reference_index');
+ if(! in_array($query_array['sortCategory'], $sortCategoryArray))
+ redirect('librarian/search_reference_index');
+
+
+ if($query_array['text'] == '')
+ redirect('librarian/search_reference_index');
+
//Match or Like
if($query_array['match'] == 'like')
$this->db->like($query_array['category'], $query_array['text']);
@@ -160,8 +181,10 @@ function add_data(){
'TOTAL_AVAILABLE' => $this->input->post('total_stock'),
'TOTAL_STOCK' => $this->input->post('total_stock'),
'TIMES_BORROWED' => '0',
- 'FOR_DELETION' => 'F'
+ 'FOR_DELETION' => 'F'
);
+
+
$this->db->insert('REFERENCE_MATERIAL', $data);
@@ -245,6 +268,39 @@ public function get_reference($referenceId){
return $this->db->get('reference_material');
}//end of function get_reference
+ /**
+ * Function gets the exact transactions based from type of report (Daily, Weekly or Monthly)
+ * @param $type (string)
+ * @return rows from db || null
+ */
+ public function get_data($type){
+ $day = date('D');
+
+ /*returns rows of data from selected columns of the transaction log based on current date*/
+ if (strcmp($type,'daily') == 0) {//reference_material_id, borrower_id, date_waitlisted, date_reserved, date_borrowed, date_returned
+ return $this->db->query("SELECT * FROM transactions WHERE date_borrowed LIKE CURDATE()");
+ }
+ /*returns rows of data from selected columns of the transasction log based on the whole week
+ * can only be accessed on Fridays
+ */
+ else if (strcmp($type,'weekly')==0 && $day=='Fri') {//reference_material_id, borrower_id, date_waitlisted, date_reserved, date_borrowed, date_returned
+ return $this->db->query("Select * from transactions where DATE_SUB(CURDATE(), INTERVAL 4 DAY)<=date_borrowed");
+ }
+ /*returns rows of data from selected columns of the transaction log based on the whole month*/
+ else if (strcmp($type,'monthly')==0) {//reference_material_id, borrower_id, date_waitlisted, date_reserved, date_borrowed, date_returned
+ return $this->db->query("Select * from transactions where MONTHNAME(date_borrowed) like MONTHNAME(CURDATE())");
+ }
+ }
+
+
+ /**
+ * Function gets the most borrowed reference material
+ * @return rows from db || null
+ */
+ public function get_popular(){
+ return $this->db->query("select * from reference_material where times_borrowed = (select max(times_borrowed) from reference_material)");
+ }
+
}//end of Librarian_model
?>
\ No newline at end of file
diff --git a/icsls/application/models/user_model.php b/icsls/application/models/user_model.php
index 4fb31af..d3bcdb0 100644
--- a/icsls/application/models/user_model.php
+++ b/icsls/application/models/user_model.php
@@ -10,7 +10,6 @@ class User_model extends CI_Model{
*/
public function user_exists($username, $password){
$userCount = $this->db->query("SELECT * FROM users WHERE username='$username' AND password='$password'")->num_rows();
-
return ($userCount == 1 ? true : false);
}
diff --git a/icsls/application/views/create_user_view.php b/icsls/application/views/create_user_view.php
new file mode 100644
index 0000000..4f3dac0
--- /dev/null
+++ b/icsls/application/views/create_user_view.php
@@ -0,0 +1,52 @@
+
+
+
+ <?= $title ?>
+
+
+
+ Account added
+
+
+
+
+
\ No newline at end of file
diff --git a/icsls/application/views/includes/footer.php b/icsls/application/views/includes/footer.php
index 0b9f04e..9b1b7cb 100644
--- a/icsls/application/views/includes/footer.php
+++ b/icsls/application/views/includes/footer.php
@@ -3,4 +3,5 @@
+