Skip to main content

Attendance Management System using PHP with Source Code

Language

The Attendance Management System with Source Code is a PHP project that can maintain daily attendance records easily and conveniently. This system was created using PHP, HTML, MYSQLi, and Javascript.

This application is easy to use, the user has access to all data that is related to student information. You can view the details and add some new information for courses, units, etc. The system data/lists can be printed and exported to CSV, Excel, and PDF. The administrator can manipulate the information and also maintain the security of the system. Database backups can also be generated through admin permission.

Features

  • Manage Courses
  • Manage Units
  • Manage Student
  • Manage Attendance
  • Manage Website Settings
  • Manage User Accounts
  • Manage User Groups

How to Run

Requirements

  • Download and Install any local web server such as XAMPP/WAMP.
  • Download and Extract the source code zip file.

Installation

  • Open the XAMPP/WAMP's Control Panel and start "Apache" and "MySQL".
  • If you are using XAMPP, copy the extracted folder and paste it into the XAMPP's "htdocs" directory. If you are using WAMP, paste it into the "www" directory.
  • Locate the SQL file in the extracted source code folder. The SQL file is known as "attendance_management.sql" and located inside the "db" folder.
  • Open a web browser and browse the PHPMyAdmin. (http://localhost/phpmyadmin)
  • Create a new database naming "attendance_management".
  • Import the SQL file to your newly created database.
  • Open a web browser and browse the web application. (http://localhost/Attendance%20Management%20System/)

Admin Access

Username: admin
Password: admin

Demo

That's it! I hope that this system can help you with what you are looking for. For more updates and tutorials just kindly visit this site.

Enjoy Coding!!

Note: Due to the size or complexity of this submission, the author has submitted it as a .zip file to shorten your download time. After downloading it, you will need a program like Winzip to decompress it.

Virus note: All files are scanned once-a-day by SourceCodester.com for viruses, but new viruses come out every day, so no prevention program can catch 100% of them.

FOR YOUR OWN SAFETY, PLEASE:

1. Re-scan downloaded files using your personal virus checker before using it.
2. NEVER, EVER run compiled files (.exe's, .ocx's, .dll's etc.)--only run source code.

Comments

Submitted byFeras Al Kassar (not verified)on Fri, 11/26/2021 - 01:47

Some values can pass the sanitizer function then there are many SQL injections in the project. The sanitizer function called makeSafe in file admin/incFunctions.php The value can pass the function is "\\\\'\\\\\\'or 1=1; -- " Code example to pass the function:
  1. <?php
  2. $servername = "localhost";
  3. $username = "root";
  4. $password = "123";
  5. $dbname = "testsqli";
  6.  
  7.  
  8. function makeSafe($string, $is_gpc = true){
  9. //if($is_gpc) $string = (get_magic_quotes_gpc() ? stripslashes($string) : $string);
  10. //if(!db_link()){ sql("select 1+1", $eo); }
  11.  
  12. // prevent double escaping
  13. $na = explode(',', "\x00,\n,\r,',\",\x1a");
  14. $escaped = true;
  15. $nosc = true; // no special chars exist
  16. $x = 1;
  17. foreach($na as $ns){
  18. $dan = substr_count($string, $ns);
  19. $esdan = substr_count($string, "\\{$ns}");
  20. echo $x . " " . $dan . " " . $esdan . "\n";
  21. $x = $x + 1;
  22. if($dan != $esdan) $escaped = false;
  23. if($dan) $nosc = false;
  24. }
  25. if($nosc){
  26. // find unescaped \
  27. $dan = substr_count($string, '\\');
  28. $esdan = substr_count($string, '\\\\');
  29. if($dan != $esdan * 2) $escaped = false;
  30. }
  31.  
  32. if ($escaped == true) {echo "true\n";}
  33. if ($escaped == false) {echo "false\n";}
  34.  
  35. return $escaped;
  36.  
  37. //return ($escaped ? $string : db_escape($string));
  38. }
  39.  
  40. // Create connection
  41. $conn = new mysqli($servername, $username, $password, $dbname);
  42. // Check connection
  43. if ($conn->connect_error) {
  44. die("Connection failed: " . $conn->connect_error);
  45. }
  46.  
  47. //$x = $_GET['p1'];
  48. $x = "\\\\'\\\\\\'or 1=1; -- ";
  49.  
  50. if(makeSafe($x) == false){
  51. exit("false");
  52. }
  53.  
  54. $sql = "SELECT id, first, last FROM person where first = '$x'; ";
  55. $result = $conn->query($sql);
  56.  
  57. if ($result->num_rows > 0) {
  58. // output data of each row
  59. while($row = $result->fetch_assoc()) {
  60. echo "<br> id: ". $row["id"]. " - Name: ". $row["first"]. " " . $row["last"] . "<br>";
  61. }
  62. } else {
  63. echo "0 results";
  64. }
  65.  
  66. $conn->close();
Submitted byFeras Al Kassar (not verified)on Fri, 12/03/2021 - 03:04

In reply to by Feras Al Kassar (not verified)

CVE-2021-44280 is assigned. attendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function.
Submitted byFeras Al Kassar (not verified)on Fri, 11/26/2021 - 01:53

Update the previous comment. The value that can pass the sanitizer is $x = "\\'\\\'or 1=1; -- ";
Submitted bytopsec_pengyuyan (not verified)on Tue, 12/14/2021 - 16:15

http://127.0.0.1:8887/admin/pageUploadCSV.php?action=delect_csv&csv=xxx Arbitrary file deletion vulnerability exists: Since "get_csv" does not filter the received CSV parameters, "delete_csv" is directly called to cause arbitrary files. The specific code is as follows: ---------------------------------------------------------------------------------------------------------------------------------------------------------- protected function get_csv($options = array()){ $csv_ok = true; $csv = $this->request['csv']; if(!$csv) $csv_ok = false; if($csv_ok){ $csv = basename($csv); if(!is_readable("{$this->curr_dir}/csv/{$csv}")) $csv_ok = false; } if(!$csv_ok){ if(isset($options['htmlpage'])){ echo $this->header(); echo errorMsg($this->lang['csv file upload error'] . $this->error_back_link . $this->debug(__LINE__)); echo $this->footer(); } return false; } return $csv; } public function delete_csv(){ $deleted = false; @header('Content-type: application/json'); $csv_folder = "{$this->curr_dir}/csv/"; $csv = $this->get_csv(); if($csv && @unlink($csv_folder . $csv)) $deleted = true; echo json_encode(array('deleted' => $deleted)); }

Add new comment