Location: PHPKode > projects > HypatiaDB > hypatiadb/users.php
<?php
include("common_db.php");
include("functions.php");
dbconnect($host, $username, $password); //from common_db.php
$strings = loadStrings($lang, 'AD_USERS');
headers();
html();
head($strings['ADMIN_USERS']);
menu();
navpane();
//check for permissions
if($_SESSION['session_user_status']!='admin') {
	printAuthError();
	//we should be dead by now, but let's die again anyway
	die();
}
//if we're here, it's safe to say everything's worked so far
if(isset($_REQUEST['action'])) {
	//TODO: error checking (no username)/bad password
	$username = mysql_escape_string($_REQUEST['newname']);
	$password = mysql_escape_string($_REQUEST['newpass']);
	$email = mysql_escape_string($_REQUEST['newemail']);
	$status = mysql_escape_string($_REQUEST['newstatus']);		//TODO: check this
	$sql = "INSERT INTO users(username, password, email, status) VALUES ('$username','$password','$email','$status')";
	mysql_select_db('HypatiaDB');
	if(!mysql_query($sql)) {
		//ERROR! TODO: handling
		die('errah' . mysql_error());
	}
}
?>
	<div id="mainpane">
		<?php echo($strings['ADUSER_INTRO']); ?>
		<table class="browse">
			<tr class="firstrow"><th><?php echo($strings['ADUSER_NAME']) ?></th><th><?php echo($strings['ADUSER_EMAIL']); ?></th><th><?php echo($strings['ADUSER_STATUS']); ?></th></tr>
<?php
	//get all the users
	$sql = "SELECT username, email, status FROM users";
	mysql_select_db('HypatiaDB');
	$users = mysql_query($sql);
	$i = 1;
	while($u = mysql_fetch_array($users)) {
		if(is_null($u['email'])) {
			$u['email'] = $strings['ADUSER_UKEMAIL'];
		}
		echo("<tr" . ( $i % 2 == 0 ? ' class="banded"' : '' ) . "><td>$u[username]</td><td>$u[email]</td><td>$u[status]</td></tr>");
		$i++;
	}
?>
		</table>
		<h2><?php echo($strings['ADUSER_NEWUSER']); ?></h2>
		<?php echo($strings['ADUSER_INFO']); ?>
		<form action="users.php" method="post" class="standalone lblock">
			<label for="newname"><?php echo($strings['ADUSER_NAMEFIELD']); ?> <input type="text" name="newname"  /></label>
			<label for="newpass"><?php echo($strings['ADUSER_PASSFIELD']); ?> <input type="password" name="newpass" /></label>
			<label for="newcpwd"><?php echo($strings['ADUSER_CONFPASSFIELD']); ?> <input type="password" name="newcpwd" /></label>
			<label for="newemail"><?php echo($strings['ADUSER_EMAILFIELD']); ?> <input type="text" name="newemail" /></label>
			<label for="newstatus"><?php echo($strings['ADUSER_STATUSFIELD']); ?> <select name="newstatus">
				<option value="viewer" selected="selected"><?php echo($strings['ADUSER_STATVIEWER']); ?></option>
				<option value="normal"><?php echo($strings['ADUSER_STATNORMAL']); ?></option>
				<option value="admin"><?php echo($strings['ADUSER_STATADMIN']); ?></option>
			</select></label>
			<input type="submit" name="action" value="<?php echo($strings['ADUSER_ADDUSER']); ?>" />
		</form>
	</div>
<?php
endhtml();
?>
Return current item: HypatiaDB