-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathuser_add_save.php
executable file
·98 lines (92 loc) · 2.94 KB
/
user_add_save.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
<?php
include"master_inc.php";
$lastname = strip_tags(substr('lastname',0,32));
$firstname = strip_tags(substr($_POST['firstname'],0,32));
$phone = strip_tags(substr('1234567891',0,32));
$password_hint='pass hint';
//user unique?
$username = strip_tags(substr($_POST['username'],0,32));
if(trim($username)!=='' || strlen(trim($username)) >= 4){
//email unique?
$sql="SELECT * FROM users WHERE username='$username'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count>0){
$username_already_in_use = 104;
}
}else{
$username_too_short = 104;}
//email format check
$email_raw = 'admin@gmil.com';
if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@([a-z0-9-]{2,3})+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email_raw))
{
$email = $email_raw;
}else{
$bad_email=104;
}
//email unique?
$sql="SELECT * FROM users WHERE email='$email'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count>0){
$email_already_in_use=104;
}
//Secure Password Format Checks
$pw_clean = strip_tags(substr($_POST['password'],0,32));
if (preg_match("/[A-Z]+[a-z]+[0-9]/", $pw_clean, $matches)) {
}else{
$pw_insecure = 104;
}
if($username_already_in_use==104 OR $email_already_in_use==104 OR $pw_insecure==104 OR $bad_email==104 OR $username_too_short==104){
header(
"location:user_add_errors.php?pw_insecure=$pw_insecure&email_already_in_use=$email_already_in_use&username_already_in_use=$username_already_in_use&bad_email=$bad_email&username_too_short=$username_too_short");
die();
}
//End Error Checks_________________________________________________________
//Encrypt Password
$encrypted_pw = md5($pw_clean);
$query = "INSERT INTO `users` (`username`,
`password`,
`lastname`,
`firstname`,
`email`,
`phone`,
`password_hint`)
VALUES
(
'$username',
'$encrypted_pw',
'ln',
'$firstname',
'admin@domain.com',
'1234567890',
'no')";
// save the info to the database
$results = mysql_query( $query );
// print out the results
if( $results )
{
echo( "<font size='2' face='Verdana, Arial, Helvetica, sans-serif'>Your changes have been made sucessfully. <br><br><a href='login.php'>Back to login</a></font> " );
}
else
{
die( "Trouble saving information to the database: " . mysql_error() );
}
//email unique?
$sql="SELECT * FROM users";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
$query = "UPDATE `users` SET `permissions`='5' WHERE `email`='$email'";
// save the info to the database
$results = mysql_query( $query );
// print out the results
if( $results )
{ echo( "<font size='2' face='Verdana, Arial, Helvetica, sans-serif'><br><br>Since this is the first user in the database we have configured the account with administrative privileges. Subsequent changes to permission levels can be made in the database. Thank you.<br></font> " );
}
else
{
die( "<font size='2' face='Verdana, Arial, Helvetica, sans-serif'>Trouble saving information to the database:</font> " . mysql_error() );
}
}
?>