This repository was archived by the owner on Apr 20, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathadmin_adduser.php
More file actions
executable file
·100 lines (91 loc) · 3.27 KB
/
admin_adduser.php
File metadata and controls
executable file
·100 lines (91 loc) · 3.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
<?php
// --------------------------------------------------------------------
// admin_adduser.php -- page to allow adding of a new user
//
// Created: 12/29/14 DLB
// --------------------------------------------------------------------
require_once "libs/all.php";
session_start();
log_page();
CheckLogin();
CheckAdmin();
$timer = new timer();
$loc = 'admin_adduser.php';
$error_msg = "";
$success_msg = "";
$param_list = array(
array("FieldName" => "UserName", "FieldType" => "Text"),
array("FieldName" => "Password", "FieldType" => "Password"),
array("FieldName" => "Password2", "FieldType" => "Password", "Caption" => "Password Again"),
array("FieldName" => "LastName", "FieldType" => "Text", "Caption" => "Last Name"),
array("FieldName" => "FirstName", "FieldType" => "Text", "Caption" => "First Name"),
array("FieldName" => "NickName", "FieldType" => "Text", "Caption" => "Nick Name"),
array("FieldName" => "Title", "FieldType" => "Text"),
array("FieldName" => "BadgeID", "FieldType" => "Text", "Caption" => "Badge ID"),
array("FieldName" => "Email", "FieldType" => "Text"),
array("FieldName" => "Tags", "FieldType" => "Text"),
array("FieldName" => "Active", "FieldType" => "Boolean"));
if( $_SERVER["REQUEST_METHOD"] == "POST")
{
PopulateParamList($param_list, $_POST);
// Check for illegal input...
if(!IsSqlTextOkay($_POST))
{
$error_msg = "Illegal characters in input... Do not use quotes and control chars.";
goto GenerateHtml;
}
// Check for required inputs:
$sEmpty = array();
if(empty($_POST["UserName"])) $sEmpty[] = "User Name";
if(empty($_POST["Password"])) $sEmpty[] = "Password";
if(empty($_POST["Password2"])) $sEmpty[] = "Password Again";
if(empty($_POST["LastName"])) $sEmpty[] = "Last Name";
if(empty($_POST["FirstName"])) $sEmpty[] = "First Name";
if(count($sEmpty) > 0)
{
$error_msg = "Required information missing: ";
$c = 0;
foreach($sEmpty as $s)
{
if($c > 0) $error_msg .= ', ';
$error_msg .= $s;
$c++;
}
$error_msg .= '.';
goto GenerateHtml;
}
// Check for password errors...
if(!empty($_POST["Password"]) || !empty($_POST["Password2"]))
{
if($_POST["Password"] != $_POST["Password2"])
{
$error_msg = "Error: new passwords do not match.";
goto GenerateHtml;
}
}
if(empty($_POST["Password"]) || empty($_POST["Password2"]))
{
$error_msg = "Error: Password cannot be blank.";
goto GenerateHtml;
}
$data = ExtractValuesFromParamList($param_list);
$okay = CreateNewUser($data);
if($okay === true)
{
$success_msg = 'User "' . $_POST["UserName"] . '" successfully added.';
foreach($param_list as &$param_spec) { unset($param_spec["Value"]); }
}
else
{
$error_msg = $okay;
}
}
// Render the page based on state variables that were set above...
// These are: $error_msg, $success_msg, $param_list.
GenerateHtml:
include "forms/header.php";
include "forms/navform.php";
include "forms/admin_menubar.php";
include "forms/admin_adduser_form.php";
include "forms/footer.php";
?>