<?php
require_once("access.inc.php");
function prepSqlValueForCreation($val) {
return (!$val) ? "\"\"" : "\"".addslashes($val)."\"";
}
$log = "";
if(isset($_POST['email']) && isset($_POST['password']) && isset($_POST['firstname']) && isset($_POST['lastname'])) {
$email = prepSqlValueForCreation($_POST['email']);
$password = "\"".md5($_POST['password']). "\"";
$firstname = prepSqlValueForCreation($_POST['firstname']);
$lastname = prepSqlValueForCreation($_POST['lastname']);
// User
$sql = "INSERT INTO `user` (email, password) VALUES ($email, $password)";
$result = mysql_query($sql) or die("Error in SQL : " . $sql);
$log .= $sql . "<br/>";
$idUser = mysql_insert_id();
// Group
$sql = "INSERT INTO `group` (iduser, name) VALUES ($idUser, 'defaut')";
$result = mysql_query($sql) or die("Error in SQL : " . $sql);
$log .= $sql . "<br/>";
$idGroup = mysql_insert_id();
// Person
$sql = "INSERT INTO person (idgroup, firstname, lastname, birthdate, title, note) " .
"VALUES ($idGroup, $firstname, $lastname, \"\", \"\", \"\")";
$result = mysql_query($sql) or die("Error in SQL : " . $sql);
$log .= $sql . "<br/>";
$idPerson = mysql_insert_id();
// user_person
$sql = "INSERT INTO user_person (idperson, iduser, role) " .
"VALUES ($idPerson, $idUser, ". IS .")";
$result = mysql_query($sql) or die("Error in SQL : " . $sql);
$log .= $sql . "<br/>";
$log .= "User created.";
}
?>
<html>
<head>
<title>Admin - Create an user</title>
<link rel="StyleSheet" type="text/css" href="../css/common.css" title="Default" media="screen" />
</head>
<body>
<u>Create an user</u> | <a href="stats.php">Stats</a><hr/>
<h1>Create an user</h1>
<form name="user" method="post" action="createUser.php">
<label for="email">email : </label><input type="text" id="email" name="email"/><br/>
<label for="password">password : </label><input type="password" id="password" name="password"/><br/>
<label for="firstname">firstname : </label><input type="text" id="firstname" name="firstname"/><br/>
<label for="lastname">lastname : </label><input type="text" id="lastname" name="lastname"/><br/>
<label for="submit"> </label><input id="submit" type="submit" value="create"/>
</form>
<strong><?php echo $log; ?></strong>
</body>
</html>