New verify_otp.php

.htaccess

@@ -0,0 +1 @@
+ErrorDocument 404 /page-not-found.html

README.md

@@ -118,6 +118,20 @@ PHP School management system developed for schools or small institutes. You can
    <b> visit on the url : <i>http://localhost/school-management-system</i> </b>
    <br> Visit to the given URL to see the running website
 
+## Important Message 
+Make sure `makecert.bat` & `v3.ext` is under the `xampp\apache` directory. DO NOT PUT THEM INSIDE THE conf folder.
+
+The `conf` folder is supposed to be placed under `xampp\apache\conf` for setting up the HTTPS connection. Ensure this is done correctly to avoid configuration issues.
+To finish the SSL certificate setup, please run the following steps:
+1. Go to `xampp\apache\conf\ssl.crt` and run `server.crt`.
+2. Click `Install Certificate` and select `Local Machine`.
+3. Choose `Place all certificates in the following store`. Then click `Browse` & select `Trusted Root Certification Authorities`. Click Ok, Next and Finish.
+4. Restart XAMPP's Apache server and retry. If it doesn't work, then try restarting your machine.
+
+<b>Cut and paste </b> the two file that are named as shown below in the root directory (C:\xampp\htdocs) before running the application </b> <br>
+   <br> 1. .htaccess </br>
+   <br> 2. page-not-found.html
+
 ## 🔐 Emails and Passwords
 
 The project comes with default user on each panel you can remove and update them also.<br>

assets/config.php

@@ -1,16 +1,13 @@
 <?php
-    $server = "localhost";
-
-    $user = "root";
-    $password = "";
-    $db = "_sms";
-
-    $conn = mysqli_connect($server, $user, $password, $db);
+$server = "localhost";
 
-    if (!$conn) {
-        header('Location: ../errors/error.html');
-        exit();
-    }
+$user = "root";
+$password = "root";
+$db = "_sms";
 
+$conn = mysqli_connect($server, $user, $password, $db);
 
-?>
+if (!$conn) {
+    header('Location: ../errors/error.html');
+    exit();
+}

assets/noSessionRedirect.php

@@ -1,8 +1,39 @@
 <?php
-  session_start();
-  if(!isset($_SESSION['uid'])){
-        header("Location: ../");
-        exit();
-  }
+session_start();
+
+// Set session timeout duration (1 hour)
+$timeout_duration = 3600;
+
+// Check if the user is logged in and if the session has timed out
+if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY']) > $timeout_duration) {
+  // Last request was more than $timeout_duration seconds ago
+  session_unset();     // Unset $_SESSION variable for the run-time
+  session_destroy();   // Destroy session data in storage
+
+  // show alert message and redirect to login page
+
+  echo "<script>alert('Session Expired! Please login again.')</script>";
+
+  echo "<script>window.location.href = '../login.php';</script>";
+
+  exit();
+}
+
+// Notify user that session will expire in 10 seconds due to inactivity
+echo "<script>
+  setTimeout(function() {
+    alert('Due to inactivity, your session will expire in 10 seconds.');
+  }, ($timeout_duration - 10) * 1000);
+</script>";
+
+// Update last activity time stamp
+$_SESSION['LAST_ACTIVITY'] = time();
+
+// Check if user is logged in
+if (!isset($_SESSION['uid'])) {
+  // Redirect to login page or handle unauthorized access
+  header("Location: ../login.php");
+  exit();
+}
 
 ?>

conf/charset.conv

@@ -0,0 +1,55 @@
+
+# Lang-abbv Charset     Language 
+#---------------------------------
+en          ISO-8859-1  English
+UTF-8       utf8        UTF-8
+Unicode     ucs         Unicode
+th          Cp874       Thai
+ja          SJIS        Japanese
+ko          Cp949       Korean
+zh          Cp950       Chinese-Traditional
+zh-cn       GB2312      Chinese-Simplified
+zh-tw       Cp950       Chinese
+cs          ISO-8859-2  Czech
+hu          ISO-8859-2  Hungarian
+hr          ISO-8859-2  Croation
+pl          ISO-8859-2  Polish
+ro          ISO-8859-2  Romanian
+sr          ISO-8859-2  Serbian
+sk          ISO-8859-2  Slovak
+sl          ISO-8859-2  Slovenian
+sq          ISO-8859-2  Albanian
+bg          ISO-8859-5  Bulgarian
+be          ISO-8859-5  Byelorussian
+mk          ISO-8859-5  Macedonian
+ru          ISO-8859-5  Russian
+uk          ISO-8859-5  Ukrainian
+ca          ISO-8859-1  Catalan
+de          ISO-8859-1  German
+da          ISO-8859-1  Danish
+fi          ISO-8859-1  Finnish
+fr          ISO-8859-1  French
+es          ISO-8859-1  Spanish
+is          ISO-8859-1  Icelandic
+it          ISO-8859-1  Italian
+nl          ISO-8859-1  Dutch
+no          ISO-8859-1  Norwegian
+pt          ISO-8859-1  Portuguese
+sv          ISO-8859-1  Swedish
+af          ISO-8859-1  Afrikaans
+eu          ISO-8859-1  Basque
+fo          ISO-8859-1  Faroese
+gl          ISO-8859-1  Galician
+ga          ISO-8859-1  Irish
+gd          ISO-8859-1  Scottish
+mt          ISO-8859-3  Maltese
+eo          ISO-8859-3  Esperanto
+el          ISO-8859-7  Greek
+tr          ISO-8859-9  Turkish
+he          ISO-8859-8  Hebrew
+iw          ISO-8859-8  Hebrew
+ar          ISO-8859-6  Arabic
+et          ISO-8859-1  Estonian
+lv          ISO-8859-2  Latvian
+lt          ISO-8859-2  Lithuanian
+

conf/extra/httpd-ajp.conf

@@ -0,0 +1,12 @@
+<Proxy *>
+Require all granted
+</Proxy>
+
+
+#ProxyPass /myapp ajp://127.0.0.1:8009/myapp
+#ProxyPassReverse /myapp ajp://127.0.0.1:8009/myapp
+
+ProxyPass /examples ajp://127.0.0.1:8009/examples smax=0 ttl=60 retry=5
+#ProxyPass /ajax ajp://127.0.0.1:8009/ajax smax=0 ttl=60 retry=5
+#ProxyPass /servlet ajp://127.0.0.1:8009/servlet smax=0 ttl=60 retry=5
+#ProxyPass /infostore ajp://127.0.0.1:8009/infostore smax=0 ttl=60 retry=5

conf/extra/httpd-autoindex.conf

@@ -0,0 +1,97 @@
+<IfModule autoindex_module>
+<IfModule alias_module>
+#
+# Directives controlling the display of server-generated directory listings.
+#
+# Required modules: mod_authz_core, mod_authz_host,
+#                   mod_autoindex, mod_alias
+#
+# To see the listing of a directory, the Options directive for the
+# directory must include "Indexes", and the directory must not contain
+# a file matching those listed in the DirectoryIndex directive.
+#
+
+#
+# IndexOptions: Controls the appearance of server-generated directory
+# listings.
+#
+IndexOptions FancyIndexing HTMLTable VersionSort
+
+# We include the /icons/ alias for FancyIndexed directory listings.  If
+# you do not use FancyIndexing, you may comment this out.
+#
+Alias /icons/ "C:/xampp/apache/icons/"
+
+<Directory "C:/xampp/apache/icons">
+    Options Indexes MultiViews
+    AllowOverride None
+    Require all granted
+</Directory>
+
+#
+# AddIcon* directives tell the server which icon to show for different
+# files or filename extensions.  These are only displayed for
+# FancyIndexed directories.
+#
+AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
+
+AddIconByType (TXT,/icons/text.gif) text/*
+AddIconByType (IMG,/icons/image2.gif) image/*
+AddIconByType (SND,/icons/sound2.gif) audio/*
+AddIconByType (VID,/icons/movie.gif) video/*
+
+AddIcon /icons/binary.gif .bin .exe
+AddIcon /icons/binhex.gif .hqx
+AddIcon /icons/tar.gif .tar
+AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+AddIcon /icons/a.gif .ps .ai .eps
+AddIcon /icons/layout.gif .html .shtml .htm .pdf
+AddIcon /icons/text.gif .txt
+AddIcon /icons/c.gif .c
+AddIcon /icons/p.gif .pl .py
+AddIcon /icons/f.gif .for
+AddIcon /icons/dvi.gif .dvi
+AddIcon /icons/uuencoded.gif .uu
+AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+AddIcon /icons/tex.gif .tex
+AddIcon /icons/bomb.gif core
+
+AddIcon /icons/back.gif ..
+AddIcon /icons/hand.right.gif README
+AddIcon /icons/folder.gif ^^DIRECTORY^^
+AddIcon /icons/blank.gif ^^BLANKICON^^
+
+#
+# DefaultIcon is which icon to show for files which do not have an icon
+# explicitly set.
+#
+DefaultIcon /icons/unknown.gif
+
+#
+# AddDescription allows you to place a short description after a file in
+# server-generated indexes.  These are only displayed for FancyIndexed
+# directories.
+# Format: AddDescription "description" filename
+#
+#AddDescription "GZIP compressed document" .gz
+#AddDescription "tar archive" .tar
+#AddDescription "GZIP compressed tar archive" .tgz
+
+#
+# ReadmeName is the name of the README file the server will look for by
+# default, and append to directory listings.
+#
+# HeaderName is the name of a file which should be prepended to
+# directory indexes. 
+ReadmeName README.html
+HeaderName HEADER.html
+
+#
+# IndexIgnore is a set of filenames which directory indexing should ignore
+# and not include in the listing.  Shell-style wildcarding is permitted.
+#
+IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
+
+</IfModule>
+</IfModule>

conf/extra/httpd-dav.conf

@@ -0,0 +1,63 @@
+<IfModule dav_module>
+<IfModule dav_fs_module>
+<IfModule setenvif_module>
+<IfModule alias_module>
+<IfModule auth_digest_module>
+<IfModule authn_file_module>#
+# Distributed authoring and versioning (WebDAV)
+#
+# Required modules: mod_alias, mod_auth_digest, mod_authn_core, mod_authn_file,
+#                   mod_authz_core, mod_authz_user, mod_dav, mod_dav_fs,
+#                   mod_setenvif
+
+# The following example gives DAV write access to a directory called
+# "uploads" under the ServerRoot directory.
+#
+# The User/Group specified in httpd.conf needs to have write permissions
+# on the directory where the DavLockDB is placed and on any directory where
+# "Dav On" is specified.
+
+DavLockDB "C:/xampp/apache/logs/Dav.Lock"
+
+Alias /webdav "C:/xampp/webdav/"
+
+<Directory "C:/xampp/webdav">
+Require all granted
+    Dav On
+
+    AuthType Digest
+    AuthName "XAMPP with WebDAV"
+    # You can use the htdigest program to create the password database:
+    #   htdigest -c "${SRVROOT}/user.passwd" DAV-upload admin
+    AuthUserFile "${SRVROOT}/user.passwd"
+    AuthDigestProvider file
+
+    # Allow universal read-access, but writes are restricted
+    # to the admin user.
+    <LimitExcept GET OPTIONS>
+        require valid-user
+    </LimitExcept>
+</Directory>
+
+#
+# The following directives disable redirects on non-GET requests for
+# a directory that does not include the trailing slash.  This fixes a 
+# problem with several clients that do not appropriately handle 
+# redirects for folders with DAV methods.
+#
+BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+BrowserMatch "MS FrontPage" redirect-carefully
+BrowserMatch "^WebDrive" redirect-carefully
+BrowserMatch "^WebDAVFS/1.[01234]" redirect-carefully
+BrowserMatch "^gnome-vfs/1.0" redirect-carefully
+BrowserMatch "^XML Spy" redirect-carefully
+BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
+BrowserMatch " Konqueror/4" redirect-carefully
+BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
+
+</IfModule>
+</IfModule>
+</IfModule>
+</IfModule>
+</IfModule>
+</IfModule>