adduser.php at IPD's eGovernance Application Suite

<?php
    include_once('include/functions.php');
    include_once('include/constants.php');
    include_once('smarty_survey.php');
    include_once('pear/DB.php');

    //Adduser Page
    $SMARTY = new Smarty_Survey;

    session_start();
    // is the one accessing this page logged in or not?
    is_Logged($_SESSION['login']);

    if ($_REQUEST["action"] == "insert") {
        // Connecting, selecting database
        $dbconnect =& DB::connect("pgsql://". user .":" . password."@" . server ."/" . database, $options);
        is_dbError($dbconnect);

       // check if Registration Details is already existing
       if (isset($_REQUEST['username']) && trim($_REQUEST['username'] != "")) {
           if (strlen($_REQUEST['username']) > 3){
               $query = $dbconnect->query("SELECT username FROM ". usertbl ." WHERE username = '".addslashes($_REQUEST['username'])."'");
               is_dbError($query);
               $query->fetchInto($result);
               is_dbError($result);
               // check if username exists   
               if ($result[0]) {
                   $err_msg .= "Username already exists !<br />";
                   $err++;
               } else {
                   // check if password is not null
                   if (trim($_REQUEST['password']) != ""){ 
                       // check if password consists of at least 4 chars
                       if (strlen($_REQUEST['password']) > 3){
                           // Check if password entered are the same
                           if (trim($_REQUEST['password'] != $_REQUEST['cpassword'])) {
                               $err_msg .= "Password entered is not the same!";
                               $err++;
                           } else {
                               $password = sha1(strip_tags(trim($_REQUEST['password'])).PASS_HASH);
                           }
                       } else {
                           $err_msg .= "Password should not be less than 4 characters!";
                           $err++;
                       }
                   } else {
                       $err_msg .= "Password should not be empty !";
                       $err++;
                   }
               }
           } else {
               $err_msg .= "Username should not be less than 4 characters!";
               $err++;
           } 
       } else {
            $err_msg .= "Username should not be empty !";
            $err++;
       }
       if ($err){ 
           $SMARTY->assign("msg_font", "red");
           $SMARTY->assign("message", $err_msg);
       } else {
           // Determine rights of the created user
           if ($_REQUEST[user_options] == "Admin"){
               $user_options = 'S';
           } else {
               $user_options = 'U';
           }
           // Performing SQL query
           $result =& $dbconnect->query("INSERT INTO " . usertbl .
                                        "(username," .
                                        " password," .
                                        " rights)" .
                                        " VALUES('".addslashes($_REQUEST[username])."'," .
                                        " '".addslashes($password)."',".
                                        " '".$user_options."')");
           is_dbError($result);
           if ($result) {
               $SMARTY->assign("msg_font", "blue");
               $SMARTY->assign("message", "User has been successfully created !!!");
           }
       }
       // Closing connection
       $result->free;
       $dbconnect->disconnect;
    }
    getUserRights($SMARTY);
    $SMARTY->assign("user_rights",$_SESSION['rights']);    
    $SMARTY->display("adduser.html");
?>