Location: PHPKode > projects > myBloggie > adduser.php
<?

// Blog Script - File Name : adduser.php
// Copyright (C) myBloggie Sean
// http://www.mywebland.com , http://mybloggie.mywebland.com

// You are requested to retain this copyright notice in order to use
// this software.


//This program is free software; you can redistribute it and/or
//modify it under the terms of the GNU General Public License
//as published by the Free Software Foundation; either version 2
//of the License, or (at your option) any later version.

//This program is distributed in the hope that it will be useful,
//but WITHOUT ANY WARRANTY; without even the implied warranty of
//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//GNU General Public License for more details.

//You should have received a copy of the GNU General Public License
//along with this program; if not, write to the Free Software
//Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.

if ( !defined('IN_MYBLOGGIE') )
  {
    die("You are not allowed to access this page directly !");
  }
$errormsg = "";
if (!isset($_SESSION['username']) && !isset($_SESSION['passwd'])) {
  header( "Location: ./login.php" );
  }
else {
  $username = $_SESSION['username'];
  $sql =  "SELECT id, user, level FROM ".USER_TBL." WHERE user='$username'" ;
  $result = $db->sql_query($sql);
  $userid = $db->sql_fetchrow($result);
  $_SESSION['user_id'] =   $userid['id'];
  $accesslevel =   $userid['level'];
}

if ($accesslevel==1) {

$template->set_filenames(array(
        'userform' => 'admin/userform.tpl'));

$template->assign_vars(array(
     'FORMHEADER'       => "ADD USER",
     'L_LEVEL'       => $lang['Level'],
     'L_PASSWORD'       => $lang['Password'],
     'L_REENTER_PASS'       => $lang['Reenter_password'],
     ));
$template->assign_block_vars('pass', array(
     'L_PASSWORD'       => $lang['Password'],
     'L_REENTER_PASS'   => $lang['Reenter_password'],
     ));


 if (isset($_POST["submit"])) {
     if (isset($_POST['user'])) $user = htmlspecialchars($_POST['user']);
     if (isset($_POST['password'])) $password = $_POST['password'];
     if (isset($_POST['repassword'])) $repassword = $_POST['repassword'];
     if (isset($_POST['level'])) $level = intval($_POST['level']);
     $user = trim($user);
     $password = md5(trim($password));
     $level = trim($level);

     $sql = "SELECT user FROM ".USER_TBL." WHERE user='$user'";
     $result = $db->sql_query($sql);
     if( $db->sql_numrows($result)> 0 ) {
     error( $lang['Error'], $lang['Msg_user_available'] );
     if ($repassword!=$password) {
     $error_flag = true;
     $errormsg = $lang['Msg_pwd_notmatch']."<br />";  }
     if ( !isset($user) or $user=="") {
     $error_flag = true;
     $errormsg =$errormsg." ".$lang['Msg_req_name']."<br />" ; }
     if( $password == "" || $repassword == "" || empty($password) ||  !isset($password))  {
     $error_flag = true;
     $errormsg = $errormsg." ".$lang['Msg_2x_pwd']."<br />" ; }
     if (!isset($error_flag)) $error_flag = false;
     if ($error_flag) error( $lang['Error'], "$errormsg");
     }
     if ($level==1 or $level==2) {
       $sql = "INSERT INTO ".USER_TBL." SET user='$user', password='$password', level='$level'";
       $result = $db->sql_query($sql);
       message($lang['Msg_add_user'], ".........".$lang['Msg_posted']);
       metaredirect(self_url()."/admin.php?mode=adduser",1);
       //echo "<meta http-equiv=\"Refresh\" content=\"3;url=./admin.php?\" />";
     } else {
       message($lang['Error'], 'Abnormal Operation ! Request Aborted.');
       metaredirect(self_url()."/admin.php",0);
     }

} else {

    $template->pparse('userform');
    }
} else {
message($lang['Error'], 'Abnormal Operation ! Request Aborted.');
metaredirect(self_url()."/admin.php",0);
}

?>
Return current item: myBloggie