Webbserver - Love Blomberg

Show sourcecode

The following files exists in this folder. Click to view.

public_html/exercises/quizproject/admin/

adduser.php
deleteuser.php
edituser.php

adduser.php

101 lines ASCII Windows (CRLF)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
<!doctype html>
<html>

<head>
  <meta charset="utf-8">
  <title>Quizzer Admin | Create User</title>
  <link rel="stylesheet" href="../quiz_styles.css">
  <link rel="shortcut icon" href="../icons/add-user-icon.svg" type="image/x-icon">
</head>

<body>
  <?php
  session_start();
  if (!isset($_SESSION['is_admin']) || $_SESSION['is_admin'] != 1) {
    echo '<div class="page page-narrow"><div class="alert alert-error">Access denied.</div><div class="actions"><a class="btn" href="../index.php">Back to dashboard</a></div></div>';
    exit;
  }

  $message null;
  $messageClass 'alert-warning';
  if (
    isset($_POST['username']) && isset($_POST['password']) &&
    !empty($_POST['username']) && !empty($_POST['password'])
  ) {
    $username $_POST['username'];
    $password $_POST['password'];
    $is_admin = isset($_POST['is_admin']) ? 0;
    $fullname $_POST['fullname'];
    $passwordHash password_hash($passwordPASSWORD_DEFAULT);
    
    include('../dbconnection.php');
    if (!$dbconn) {
      die("Connection failed: Can't connect to database.");
    }
    try {
      $sql "INSERT INTO users (username, password, is_admin, fullname) 
          VALUES (?, ?, ?, ?)";
      $stmt $dbconn->prepare($sql);
      $data = array($username$passwordHash$is_admin$fullname);
      $stmt->execute($data);

      $lastId $dbconn->lastInsertId();
      $messageClass 'alert-success';
      $message "User created successfully. ID: " . (int)$lastId;
    } catch (PDOException $e) {
      $messageClass 'alert-error';
      $message $sql "<br>" htmlspecialchars($e->getMessage());
    }

    $dbconn null;
  } else {
    $message "Please fill in all required fields to add a user.";
  }
  ?>

  <div class="page page-narrow">
    <div class="page-header">
      <div>
        <h1 class="page-title">Add User</h1>
        <p class="page-subtitle">Create a new user account.</p>
      </div>
      <div class="actions">
        <a class="btn btn-ghost" href="../index.php">&#8592; Back to dashboard</a>
      </div>
    </div>

    <?php if ($message): ?>
      <div class="alert <?= $messageClass?>"><?= $message?></div>
    <?php endif; ?>

    <div class="card">
      <form method="post" action="">
        <table>
          <tr>
            <td>Username*:</td>
            <td><input type="text" name="username" maxlength="16" required></td>
          </tr>
          <tr>
            <td>Password*:</td>
            <td><input type="password" name="password" maxlength="32" required></td>
          </tr>
          <tr>
            <td>Full name:</td>
            <td><input type="text" name="fullname" maxlength="32"></td>
          </tr>
          <tr>
            <td>Admin:</td>
            <td><input type="checkbox" name="is_admin"></td>
          </tr>

          <tr>
            <td class="meta">* = Required</td>
            <td><button type="submit" class="btn btn-success">Add user</button></td>
          </tr>
        </table>
      </form>
    </div>
  </div>
</body>

</html>