Webbserver - Love Blomberg

Show sourcecode

The following files exists in this folder. Click to view.

public_html/exercises/databas/ovn_db2/admin/

adduser.php
createtable.php
deleteuser.php
edituser.php

adduser.php

88 lines ASCII Windows (CRLF)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<!doctype html>
<html>

<head>
  <meta charset="utf-8">
  <title>Create User</title>
</head>

<body>
  <form action="../home.php" method="get"><button type="submit">Back to home</button></form>
  <?php
  session_start();
  if (!isset($_SESSION['is_admin']) || $_SESSION['is_admin'] != 1) {
    die("Access denied.");
  }
  $message null;
  if (
    isset($_POST['username']) && isset($_POST['password']) &&
    isset($_POST['firstname']) && isset($_POST['lastname']) &&
    !empty($_POST['username']) && !empty($_POST['password']) &&
    !empty($_POST['firstname']) && !empty($_POST['lastname'])
  ) {
    $username $_POST['username'];
    $password $_POST['password'];
    $firstname $_POST['firstname'];
    $lastname $_POST['lastname'];
    $is_admin = isset($_POST['is_admin']) ? 0;

    include('../../dbconnection.php');
    if (!$dbconn) {
      die("Connection failed: Can't connect to database.");
    }
    try {
      # prepare
      $sql "INSERT INTO users (username, password, is_admin, firstname, lastname) 
          VALUES (?, ?, ?, ?, ?)";
      $stmt $dbconn->prepare($sql);
      # the data we want to insert
      $data = array($username$password$is_admin$firstname$lastname);
      # execute width array-parameter
      $stmt->execute($data);

      echo "New record created successfully";
      $lastId $dbconn->lastInsertId();
      echo "Last post ID: $lastId";
    } catch (PDOException $e) {
      echo $sql "<br>" $e->getMessage();
    }

    $dbconn null;
  } else {
    $message .= "<p>Please fill in all required fields to add a user.</p>";
  }
  echo $message;
  ?>
  <form method="post" action="">
    <table>
      <tr>
        <td>Username*:</td>
        <td><input type="text" name="username" size=20 maxlength=10>
        </td>
      </tr>
      <tr>
        <td>Password*:</td>
        <td><input type="password" name="password" size=20 maxlength=100></td>
      </tr>
      <tr>
        <td>Firstname*:</td>
        <td><input type="text" name="firstname" size=20 maxlength=30></td>
      </tr>
      <tr>
        <td>Lastname*:</td>
        <td><input type="text" name="lastname" size=20 maxlength=30></td>
      </tr>
      <tr>
        <td>Admin</td>
        <td><input type="checkbox" name="is_admin"></td>
      </tr>

      <tr>
        <td>* = Required</td>
        <td><button type="submit">Add user</button></td>
      </tr>
    </table>
  </form>
</body>

</html>