+++THE FORM_FUNCTIONS CODE+++
Expand|Select|Wrap|Line Numbers
- <?php
- function check_required_fields($required_array) {
- $field_errors = array();
- foreach($required_array as $fieldname) {
- if (!isset($_POST[$fieldname]) || (empty($_POST[$fieldname]) &&
- $_POST[$fieldname] != 0)) {
- $field_errors[] = $fieldname;
- }
- }
- return $field_errors;
- }
- function check_max_field_lenghts($field_lenght_array) {
- global $db_cxn;
- $field_errors = array();
- foreach($field_lenght_array as $fieldname => $maxlenght) {
- if (strlen(mysqli_real_escape_string($db_cxn, trim(htmlspecialchars($_POST[$fieldname])))) > $maxlenght) {$field_errors[] = $fieldname;}
- }
- return $field_errors;
- }
- function display_errors($error_array) {
- echo "<p>Please review the following fields:<br />";
- foreach($error_array as $error) {
- echo " - " . $error . "<br />";
- }
- echo "</p>";
- }
- ?>
+++THIS IS THE MAIN CODE FOR ADDING A NEW AUTHORIZED USER+++
Expand|Select|Wrap|Line Numbers
- <?php require_once("includes/db_connect.php"); ?>
- <?php require_once("includes/functions.php"); ?>
- <?php
- include_once("includes/form_functions.php");
- //START FORM PROCESSING
- if (isset($_POST['submit'])) { //Form has been submitted
- $errors = array();
- //PERFORM VALIDATIONS ON THE FORM DATA
- $required_fields = array('username', 'password');
- $errors = array_merge($errors, check_required_fields($required_fields, $_POST));
- $fields_with_lenghts = array('username' => 20, 'password' => 40);
- $errors = array_merge($errors, check_max_field_lenghts($fields_with_lenghts, $_POST));
- $username = mysqli_real_escape_string($db_cxn, trim(htmlspecialchars($_POST['username'])));
- $password = mysqli_real_escape_string($db_cxn, trim(htmlspecialchars($_POST['password'])));
- $hashed_password = sha1($password);
- if (empty($errors)) {
- $query = "INSERT INTO tblstaff (username, hashed_password) VALUES('{username}', '{hashed_password}')";
- $result = mysqli_query($db_cxn, $query);
- if ($result) {
- $message = "The user was successfully created.";
- } else {
- $message = "The user cannot be created.";
- $message.= "<br />" . mysqli_error($db_cxn);
- }
- } else {
- if (count($errors) == 1) {
- $message = "There was 1 error in the form.";
- } else {
- $message = "There were " . count($errors) . " errors in the form.";
- }
- }
- } else { //FORM HAS NOT BEEN SUBMITTED
- $username = "";
- $password = "";
- }
- ?>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <title>Restricted Access - For Admin Use Only!</title>
- <meta http-equiv="Content-Language" content="English" />
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
- <link rel="stylesheet" type="text/css" href="css/style.css" media="screen" />
- </head>
- <body>
- <div id="wrap">
- <div id="header">
- <div class="logocontainer">
- <div align="center"><img src="images/about/geh.png" alt="gehlogo" width="50" height="48" /></div>
- </div>
- <h1><a href="index.php">Equipment Information Management System</a></h1>
- <h2>Gulf Engineering House Equipment Site</h2>
- </div>
- <div id="menu">
- </div>
- <div id="content">
- <div class="right">
- <h2>THIS PAGE IS FOR ADMINS ONLY! UNAUTHORIZED DATA WILL BE DELETED!</h2>
- <p>+++ Create a new user +++</p>
- <?php
- if (!empty($message)) {echo "<p>". $message . "</p>";}
- echo "<br />";
- if (!empty($errors)) {display_errors($errors);}
- ?>
- <div class="DataInput">
- <table width="336" border="0" cellspacing="0" cellpadding="0">
- <tr>
- <td width="100">Username : </td>
- <td width="236"><input type="text" name="username" id="username" tabindex="1" maxlenght="20"
- value="<?php echo $username; ?>" /></td>
- </tr>
- </table>
- </div>
- <div class="DataInput">
- <table width="337" border="0" cellspacing="0" cellpadding="0">
- <tr>
- <td width="100">Password :</td>
- <td width="237"><input type="password" name="password" id="password" tabindex="2" maxlenght="40"
- value="<?php echo $password; ?>" /></td>
- </tr>
- </table>
- </div>
- <div class="DataInput">
- <form action = "restricetdaccess.php" method = "POST">
- <input type="submit" name="submit" id="submit" value="Add New User" tabindex="3" />
- </form>
- </div>
- <h2><br />
- <br />
- </h2>
- </div>
- <div class="left">
- <h2></h2>
- <ul>
- </ul>
- <h2></h2>
- <ul>
- </ul>
- </div>
- <div style="clear: both;"> </div>
- </div>
- <div id="bottom"></div>
- <div id="footer">
- <br />
- <br />
- </div>
- </body>
- </html>
- <?php
- if (isset($db_cxn)) {
- mysqli_close($db_cxn);
- }
- ?>