1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
<!DOCTYPE html>
<html>
<head>
<title>Extreme Dating - Create User</title>
<head>
<?php
include "php/db.php";
if(isset($_POST['hiddenStuff']) && $_POST['hiddenStuff'] == "Something Strange") {
$password = sha1($_POST['passwd']."salt");
//If there is a $_POST that indicates that the add userscript should be run.
$query = "";
if (isset($_SESSION['userType']) && $_POST['isSuperUser'] == true && $_SESSION['userType'] == 1) {
$query = "INSERT INTO Users (
loginName,
shadow,
firstName,
surName,
eMail,
city,
userType
)
VALUES(
'{$_POST['name']}',
'{$password}',
'{$_POST['firstName']}',
'{$_POST['surName']}',
'{$_POST['eMail']}',
'{$_POST['city']}',
'1'
);";
} else {
$query = "INSERT INTO Users (
loginName,
shadow,
firstName,
surName,
eMail,
city
)
VALUES(
'{$_POST['name']}',
'{$password}',
'{$_POST['firstName']}',
'{$_POST['surName']}',
'{$_POST['eMail']}',
'{$_POST['city']}'
);";
}
$db->exec($query);
echo "<body> <h1> New user added! </h1> </body>";
sleep(.5);
header("Location:./index.php");
} else {
?>
<body id="wrapper">
<div id="profile">
<h1> Create a new user </h1>
<hr \>
<form action="./adduser.php" method="POST">
<table border="0">
<?php
if(isset($_SESSION['userType']) && $_SESSION['userType'] == 1 ) {
//you are a superuser!
//you can add other superusers.
?>
<tr>
<td> <label for="user"> Is the user a Super User? </label> </td>
<td> <input type="checkbox" name="isSuperUser" id="super" \> </td>
</tr>
<?php
}
?>
<tr>
<td> <label for="name"> User Name </label> </td>
<td> <input type="input" name="name" id="name" /> </td>
</tr>
<tr>
<td> <label for="passwd"> Password </label> </td>
<td> <input type="password" name="passwd" id="passwd" /> </td>
</tr>
<tr>
<td> <label for="firstname"> First Name </label> </td>
<td> <input type="input" name="firstName" id="firstname" /> </td>
</tr>
<tr>
<td> <label for="surname"> Sur Name </label> </td>
<td> <input type="input" name="surName" id="surname" /> </td>
</tr>
<tr>
<td> <label for="email"> E-mail </label> </td>
<td> <input type="input" name="eMail" id="email" /> </td>
</tr>
<tr>
<td> <label for="city"> City </label> </td>
<td> <input type="input" name="city" id="city" /> </td>
</tr>
<tr>
<td><input name="hiddenStuff" value="Something Strange" type="hidden"/></td>
<td><input id="input" type="submit" action="./adduser.php" value="Registera mig"/></td>
</tr>
</table>
</form>
<?php
}
?>
</div>
</body>
</html>
|