Script: add_user.php

<?php

include "../dbcon.php";

include "../functions.php";

//initialise variables

$err="";

$errmsg=false;

$rndpass= "";

//create rnd password

$rndpass=genpass()

//is form submitted?

if(isset($_POST['submit'])){

//check that the form values are not empty, if so, set errormsg value

if(empty($_POST['uname'])){

$errmsg="The username field is empty, please enter a username";

$err=true;

}

if(empty($_POST['fname'])){

$errmsg="The name field is empty, please enter your name";

$err=true;

}

if(empty($_POST['sname'])){

$err=true;

$errmsg .="The surname field is empty, please enter your surname";

}

if(empty($_POST['email'])){

$errmsg="The email field is empty, please enter a email address";

$err=true;

}

if(empty($_POST['level'])){

$err=true;

$errmsg .="Please select a access level for the user.";

}

/*End empty field check*/

//check that the username is in correct format

if(!$err){

if(!checkformat($_POST['uname'])){

$err=true;

$errmsg .="The username that you entered has a incorrect format.";

}

}

//check that the email address is in correct format

if(!$err){

if(!checkmailformat($_POST['email'])){

$err=true;

$errmsg .="The email address that you entered has a incorrect format.";

}

}

/*End format check*/

//if there is no errors above, then clean the form values before using in query.

if(!$err){

//clean vars before inserting into database

$cuname = mysql_escape_string($_POST['uname']);

$cupass = mysql_escape_string($_POST['upass']);

$cname = mysql_escape_string($_POST['fname']);

$csname = mysql_escape_string($_POST['sname']);

$cemail = mysql_escape_string($_POST['email']);

$clevel = mysql_escape_string($_POST['level']);

//insert the data

$query = "INSERT INTO users SET name='" .trim(addslashes($cname)) . "',";

$query .= "sname='" .trim(addslashes($csname)). "', uname= '" .trim(addslashes($cuname)). "',";

$query .= "upass='" .trim(addslashes($cupass)). "', level= '" .trim(addslashes($clevel)). "',";

$query .= "email='" .trim(addslashes($cemail)) . "',last_login='" .trim(addslashes($td)). "'";

$result=mysql_query($query);

if(!$result){

echo mysql_error();

}else{

/*email password to user

//this text will appear in the subject line of the email

$subject = "Project Management - New User Registration";

//this is the recipient of the email

$to = $cleanemail;

//sender name

$from_name = "Project Management Application";

//sender address

$from_email = "website@mywebsite.com";

$headers = "From: " . $from_name . " <" . $from_email . ">";

//build message

$msg = "Dear ".$csname."<br>";

$msg .="<br>";

$msg .= "Below is your new username and password:<br>";

$msg .= "Username: ".$cuname."<br>";

$msg .= "Password:".$cupass."<br>";

$msg .= "<br>";

$msg .= "Thank you for joining"

$msg .= "<br>";

$msg .= "The Management";

mail($to, $subject, $msg, $headers);

*/

header("location:list_users.php");

}

}

}//end submit

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/admin.dwt.php"

codeOutsideHTMLIsLocked="false" -->

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<!-- InstanceBeginEditable name="doctitle" -->

<title>Project Management</title>

<!-- InstanceEndEditable -->

<!-- InstanceBeginEditable name="head" -->

<!-- InstanceEndEditable -->

<link href="../Templates/main.css" rel="stylesheet" type="text/css" />

</head>

<body>

<table width="100%" border="0">

<tr>

<td width="38%">&nbsp;</td>

<td width="22%">&nbsp;</td>

<td width="40%">Logged in:<!-- InstanceBeginEditable name="EditRegion4" --><? echo $_SESSION['name'];?> | <a

href="../logout.php">Logout</a><!-- InstanceEndEditable --></td>

</tr>

<tr>

<td colspan="3" bgcolor="#6699CC"><span class="headertxt">Project Management Software -Administration </span></td>

</tr>

<tr>

<td colspan="3"><!-- InstanceBeginEditable name="EditRegion3" -->

<form name="form1" action="add_user.php" method="post">

<table width="657" border="0" class="formborder">

<tr>

<td colspan="2" class="loginheader">Create New User </td>

</tr>

<tr>

<td colspan="2">&nbsp;</td>

</tr>

<?php if(isset($errmsg)){?>

<tr>

<td colspan="2" class="errmsg"><?php echo $errmsg; ?></td>

</tr>

<tr>

<td colspan="2">&nbsp;</td>

</tr>

<tr>

<?php

}

?>

<tr>

<td width="122"><div align="left">Name:</div></td>

<td width="525"><input name="fname" type="text" class="input40" size="40"></td>

</tr>

<tr>

<td width="122"><div align="left">Surname:</div></td>

<td width="525" class="login"><input name="sname" type="text" size="40"></td>

</tr>

<tr>

<td width="122"><div align="left">Username:</div></td>

<td width="525" class="login"><input name="uname" type="text" size="40">

<span class="tooltip">username must be in format: <strong>name.surname</strong></span></td>

</tr>

<tr>

<td width="122"><div align="left">Password:</div></td>

<td width="525" class="login"><input name="upass" type="text" size="40" value="<?php echo $rndpass; ?>"></td>

</tr>

<tr>

<td><div align="left">Email:</div></td>

<td class="login"><input name="email" type="text" size="40"></td>

</tr>

<tr>

<td><div align="left">Access Level</div></td>

<td class="login"><label>

<select name="select">

<option>admin</option>

<option>normal</option>

</select>

</label></td>

</tr>

<tr>

<td></td>

<td> <input name="submit" type="submit"></td>

</tr>

</table>

</form>

<!-- InstanceEndEditable --></td>

</tr>

<tr>

<td colspan="3"><!-- InstanceBeginEditable name="EditRegion5" --><a href="#">List Users</a> <!-- InstanceEndEditable

--></td>

</tr>

<tr>

<td colspan="3" class="cright"><div align="right">copyright &copy; 2007 PM </div></td>

</tr>

</table>

</body>

<!-- InstanceEnd --></html>