Location: PHPKode > projects > PhpMyInventory > pmi281/createUser.php
<?
  Include("Includes/global.inc.php");
  checkPermissions(1, 900);

  If ($HTTP_POST_VARS["btnSubmit"] != "") {
      $strFirstName   = validateText("First Name", $txtFirstName, 2, 40, TRUE, FALSE);
      $strMiddleInit  = validateText("Middle Initial", $txtMiddleInit, 1, 1, FALSE, FALSE);
      $strLastName    = validateText("Last Name", $txtLastName, 2, 40, TRUE, FALSE);
      If (($cboLevel == "") AND ($sessionSecurity < 1)) {
          fillError("Please select a security level.");
      } ElseIf (($cboLevel < 3) AND ($sessionSecurity > 0)) {
          fillError("Nice try. Your actions have been recorded");
          $msgBody = makeHomeURL("createUser.php")." user: $userID";
          mail($adminEmail, "Hack Attempt: ".date("m-d-Y H:i"), $msgBody,
            "From: $adminEmail\r\nReply-To: $adminEmail\r\n");
      } ElseIf ($cboLevel < 3) {
          $requireExtras = TRUE;
      }
      $strUserID      = validateText("User ID", $txtUserID, 3, 20, $requireExtras, FALSE);
      $strEmail       = validateEmail("Email Address", $txtEmail, $requireExtras);

      If (!$strError AND ($requireExtras OR $strUserID)) {
          $strSQL = "SELECT id FROM tblSecurity WHERE userID='$strUserID'";
          $result = dbquery($strSQL);
          $intFound = mysql_num_rows($result);
          If ($intFound != 0) {
               $strError = "That userID has been taken. Please choose another.";
          }
      }
      If (!$strError AND ($requireExtras OR $strEmail)) {
          $strSQL = "SELECT id FROM tblSecurity WHERE email='$strEmail'";
          $result = dbquery($strSQL);
          $intFound = mysql_num_rows($result);
          If ($intFound != 0) {
              $strError = "That email address already exists.";
          }
      }

      If (!$strError) {
          If ($cboLevel != 3) {
              $strTempString = "ABCDEFGHIJKLMNPQRSTUVWXYZ123456789";
              for ($i = 0; $i < 8; $i++) {
                   srand ((double) microtime() * 1000000);
                   $intPos = rand(0, 33);
                   $strTempChar = substr($strTempString, $intPos, 1);
                   $strPassword = $strPassword.$strTempChar;
              }
          } Else {
              $strPassword = "";
          }

          $strPassword2 = md5($strPassword);
          $strSQL = "INSERT INTO tblSecurity (userID, password, firstName, middleInit, lastName, email, securityLevel, accountID) VALUES ('$strUserID', '$strPassword2', '$strFirstName', '$strMiddleInit', '$strLastName', '$strEmail', $cboLevel, $accountID)";
          $result = dbquery($strSQL);
          $strError = "$strFirstName $strLastName has been added successfully.";
          $addSuccessful = TRUE;

          If ($cboLevel != 3) {
              $strURL = makeHomeURL("createUser.php");

              $msgBody = "Your PMI username is '$strUserID' and your temporary password is '$strPassword'. ";
              $msgBody .= "You may log in at $strURL.";
              mail($strEmail, "PMI account created: ".date("m-d-Y"), $msgBody,
                "From: $adminEmail\r\nReply-To: $adminEmail\r\n");

              $strError .= " They have been emailed their password.";
          }
      }
  }

  writeHeader("Create a new user");
  declareError(TRUE);

  If ($sessionSecurity < 1) { 
?>
New users with permission to access your inventory will automatically be emailed a random password,
which they can then use to log in for the first time.<p>

<table border='0' cellpadding='3' cellspacing='0'>
  <tr><td colspan='2'><i>Explanation of Security Levels</i>:</td></tr>
  <tr>
    <td width='90' valign='top'><u>Full Access</u></td>
    <td>These users can do anything, including create and delete users. Your account, 
    for example, has full access.</td>
  <tr>
    <td width='90' valign='top'><u>Limited Access</u></td>
    <td>These users can edit the inventory database in any way, <i>except</i> for
    the ability to delete entries, or alter other users (other than "No Access" users).</td>
  <tr>
    <td width='90' valign='top'><u>Read Only</u></td>
    <td>These users can view data in this database, but not alter it in any way.</td>
  <tr>
    <td width='90' valign='top'><u>No Access</u></td>
    <td>These users cannot access this inventory at all; they will not receive an email
    containing account information, or anything else that alerts them to the existence of 
    this system. "No Access" users can still be assigned systems, software, and peripherals.</td>
  </tr>
</table><p>
<?
  }
?>
<font color='ff0000'>*</font> Indicates a required field.<br>
<font color='006633'>*</font> Indicates a required field, except for "No Access" users.
<p>
<form name="form1" method="POST" action="createUser.php">
  <p><table border='0' width='415' cellpadding='2'>
    <tr>
      <td width='115'><font color='006633'>*</font> UserID:</td>
      <td width='300'><input type="text" name="txtUserID" value="<?echo $strUserID;?>" size="20" maxlength="20"></td>
    </tr>
    <tr>
      <td width='115'><font color='ff0000'>*</font> First Name:</td>
      <td width='300'><input type="text" name="txtFirstName" value="<?echo $strFirstName;?>" size="40" maxlength="40"></td>
    </tr>
    <tr>
      <td width='115'>Middle Initial:</td>
      <td width='300'><input type="text" name="txtMiddleInit" value="<?echo $strMiddleInit;?>" size="1" maxlength="1"></td>
    </tr>
    <tr>
      <td width='115'><font color='ff0000'>*</font> Last Name:</td>
      <td width='300'><input type="text" name="txtLastName" value="<?echo $strLastName;?>" size="40" maxlength="40"></td>
    </tr>
    <tr>
      <td width='115'><font color='006633'>*</font> Email:</td>
      <td width='300'><input type="text" name="txtEmail" value="<?echo $strEmail;?>" size="40" maxlength="50"></td>
    </tr>
    <tr>
      <td width='115'><font color='ff0000'>*</font> Security Level:</td>
      <td width='300'>
          <select name='cboLevel'>
  <? If ($sessionSecurity < 1) { ?>
              <option value=''>&nbsp;</option>
              <option value='0' <? echo writeSelected($cboLevel, "0"); ?>>Full Access</option>
              <option value='1' <? echo writeSelected($cboLevel, "1"); ?>>Limited Access</option>
              <option value='2' <? echo writeSelected($cboLevel, "2"); ?>>Read Only</option>
  <? } ?>
              <option value='3' <? echo writeSelected($cboLevel, "3"); ?>>No Access</option>
          </select>
      </td>
    </tr>

  </table><p>

  <? If (!$addSuccessful) { ?>
  <input type="submit" value="Submit" name="btnSubmit">
  <input type="reset" value="Reset" name="reset">
  <? } ?>
</form>

<?
  writeFooter();
?>
Return current item: PhpMyInventory