-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathadd-user.php
141 lines (104 loc) · 3.45 KB
/
add-user.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
<?php session_start(); ?>
<?php require_once('includes/connection.php'); ?>
<?php require_once('includes/functions.php'); ?>
<?php
// checking if a user is logged in
if (!isset($_SESSION['user_id'])) {
header('Location: index.php');
}
$errors = array();
$first_name = '';
$last_name = '';
$email = '';
$password = '';
if (isset($_POST['submit'])) {
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = $_POST['email'];
$password = $_POST['password'];
// checking required fields
$req_fields = array('first_name', 'last_name', 'email', 'password');
$errors = array_merge($errors, check_req_fields($req_fields));
// checking max length
$max_len_fields = array('first_name' => 50, 'last_name' =>100, 'email' => 100, 'password' => 40);
$errors = array_merge($errors, check_max_len($max_len_fields));
// checking email address
if (!is_email($_POST['email'])) {
$errors[] = 'Email address is invalid.';
}
// checking if email address already exists
$email = mysqli_real_escape_string($connection, $_POST['email']);
$query = "SELECT * FROM ums_tb WHERE email = '{$email}' LIMIT 1";
$result_set = mysqli_query($connection, $query);
if ($result_set) {
if (mysqli_num_rows($result_set) == 1) {
$errors[] = 'Email address already exists';
}
}
if (empty($errors)) {
// no errors found... adding new record
$first_name = mysqli_real_escape_string($connection, $_POST['first_name']);
$last_name = mysqli_real_escape_string($connection, $_POST['last_name']);
$password = mysqli_real_escape_string($connection, $_POST['password']);
// email address is already sanitized
$hashed_password = sha1($password);
$query = "INSERT INTO ums_tb ( ";
$query .= "first_name, last_name, email, password, is_deleted";
$query .= ") VALUES (";
$query .= "'{$first_name}', '{$last_name}', '{$email}', '{$hashed_password}', 0";
$query .= ")";
$result = mysqli_query($connection, $query);
if ($result) {
// query successful... redirecting to users page
header('Location: users.php?user_added=true');
} else {
$errors[] = 'Failed to add the new record.';
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Add New User</title>
<link rel="stylesheet" href="css/main.css">
</head>
<body>
<header>
<div class="appname">User Management System</div>
<div class="loggedin">Welcome <?php echo $_SESSION['first_name']; ?>! <a href="logout.php">Log Out</a></div>
</header>
<main>
<h1><img src="img\Login.png" alt="" height="100px"> Add New User<span> <a href="users.php">< Back to User List</a></span></h1>
<?php
if (!empty($errors)) {
display_errors($errors);
}
?>
<form action="add-user.php" method="post" class="userform">
<p>
<label for="">First Name:</label>
<input type="text" name="first_name" <?php echo 'value="' . $first_name . '"'; ?>>
</p>
<p>
<label for="">Last Name:</label>
<input type="text" name="last_name" <?php echo 'value="' . $last_name . '"'; ?>>
</p>
<p>
<label for="">Email Address:</label>
<input type="text" name="email" <?php echo 'value="' . $email . '"'; ?>>
</p>
<p>
<label for="">New Password:</label>
<input type="password" name="password">
</p>
<p>
<label for=""> </label>
<button type="submit" name="submit">Save</button>
</p>
</form>
</main>
<?php require_once('includes/footer.php'); ?>
</body>
</html>