Home Explore Help
Sign In
socket_
/
Noodle
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
Noodle
/
admin
/
useradd.php

useradd.php 3.1 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 
  1. <?php
    2. 

  2. $root = $_SERVER['DOCUMENT_ROOT'];
    3. 

  3. include($root . "/util/session.php"); //checks that the user is logged in
    4. 

  4. include($root . "/util/privilege_check.php");
    5. 

  5. checkPrivilege("admin");
    6. 

  6. if ($_SERVER["REQUEST_METHOD"] == "POST") {
    7. 

  7. 	$username = mysqli_real_escape_string($db, $_POST['username']);
    8. 

  8. 

  9. 	$sql_query = "select * from users where username = '$username'";
    10. 

  10. 	$result = mysqli_query($db, $sql_query);
    11. 

  11. 	//check if user exists
    12. 

  12. 	if (mysqli_num_rows($result) != 0) {
    13. 

  13. 		$error = "User exists";
    14. 

  14. 	} else {
    15. 

  15. 		$password = mysqli_real_escape_string($db, $_POST['password']);
    16. 

  16. 		$hash = password_hash($password, PASSWORD_DEFAULT);
    17. 

  17. 		$full_name = mysqli_real_escape_string($db, $_POST['full_name']);
    18. 

  18. 		$usertype = mysqli_real_escape_string($db, $_POST['usertype']);
    19. 

  19. 		$ssn = mysqli_real_escape_string($db, $_POST['ssn']);
    20. 

  20. 		$gender = mysqli_real_escape_string($db, $_POST['gender']);
    21. 

  21. 		$phone = mysqli_real_escape_string($db, $_POST['phone']);
    22. 

  22. 		$email = mysqli_real_escape_string($db, $_POST['email']);
    23. 

  23. 		$users_sql_query = "INSERT INTO `users` (`username`, `password`, `usertype`) VALUES ('$username', '$hash', '$usertype')";
    24. 

  24. 		$users_result = mysqli_query($db, $users_sql_query);
    25. 

  25. 		$user_info_sql_query = "INSERT INTO `user_info` (`login`, `full_name`, `ssn`, `gender`, `phone`, `email`, `picture`) VALUES ('$username', '$full_name', '$ssn', '$gender', '$phone', '$email', NULL)";
    26. 

  26. 		$users_info_result = mysqli_query($db, $user_info_sql_query);
    27. 

  27. 

  28. 		if ($users_result && $users_info_result) {
    29. 

  29. 			header("Location: /admin/admin.php?msg=User added");
    30. 

  30. 		}
    31. 

  31. 	}
    32. 

  32. }
    33. 

  33. ?>
    34. 

  34. 

  35. <html>
    36. 

  36. 

  37. <head>
    38. 

  38. 	<title>Add a user</title>
    39. 

  39. 	<link rel="stylesheet" type="text/css" href="adminStyle.css">
    40. 

  40. </head>
    41. 

  41. <?php
    42. 

  42. include($root . "/admin/header.php");
    43. 

  43. ?>
    44. 

  44. <main>
    45. 

  45. 

  46. 	<body>
    47. 

  47. 

  48. 		<li><a href="/admin/admin.php">Back</a></li>
    49. 

  49. 		<form action="/admin/useradd.php" method="post">
    50. 

  50. 			<label for="username">Username:</label><br>
    51. 

  51. 			<input type="text" id="username" name="username" required><br>
    52. 

  52. 			<label for="password">User password:</label><br>
    53. 

  53. 			<input type="password" id="password" name="password" required><br>
    54. 

  54. 			<label for="full_name">Full name:</label><br>
    55. 

  55. 			<input type="text" id="full_name" name="full_name"><br>
    56. 

  56. 			<label for="usertype">User type:</label><br>
    57. 

  57. 			<input type="radio" id="student" name="usertype" value="student">
    58. 

  58. 			<label for="student">Student</label><br>
    59. 

  59. 			<input type="radio" id="teacher" name="usertype" value="teacher">
    60. 

  60. 			<label for="teacher">Teacher</label><br>
    61. 

  61. 			<input type="radio" id="admin" name="usertype" value="admin">
    62. 

  62. 			<label for="admin">Admin</label><br>
    63. 

  63. 			<label for="ssn">Social Security Number:</label><br>
    64. 

  64. 			<input type="text" id="ssn" name="ssn"><br>
    65. 

  65. 			<label for="gender">Gender:</label><br>
    66. 

  66. 			<input type="text" id="gender" name="gender"><br>
    67. 

  67. 			<label for="phone">Phone Number:</label><br>
    68. 

  68. 			<input type="text" id="phone" name="phone"><br>
    69. 

  69. 			<label for="email">Email Address:</label><br>
    70. 

  70. 			<input type="email" id="email" name="email"><br>
    71. 

  71. 			<input type="submit" value="Add">
    72. 

  72. 		</form>
    73. 

  73. 		<div style="font-size:11px; color:#cc0000; margin-top:10px"><?php if (isset($error)) {
    74. 

  74. 																		echo $error;
    75. 

  75. 																	} ?></div>
    76. 

  76. 

  77. 

  78. 	</body>
    79. 

  79. </main>
    80. 

  80. <?php
    81. 

  81. include($root . "/admin/footer.php");
    82. 

  82. ?>
    83. 

  83. 

  84. </html>
    85.