-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathadd_user.php
More file actions
121 lines (97 loc) · 3.96 KB
/
add_user.php
File metadata and controls
121 lines (97 loc) · 3.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
<?php
include('inc/settings.php');
if(isset($_SESSION["login"]) and isset($_SESSION["pass"])){
$login = htmlspecialchars($_SESSION["login"], ENT_QUOTES);
$pass = htmlspecialchars($_SESSION["pass"], ENT_QUOTES);
$query = $sql->query(
"SELECT * FROM users WHERE login = '$login' AND pass = '$pass' "
);
if($sql->num($query) != 1){
unset($_SESSION["login"]);
unset($_SESSION["pass"]);
header("HTTP/1.0 404 Not Found");
return;
}
$row = $sql->row($query);
// проверка прав
$q_access = $sql->query("SELECT * FROM access WHERE id_user = ".$row['id']."");
if($sql->num($q_access) > 0){
$access = $sql->row($q_access);
if($access["access"]&128 != 1){
header("HTTP/1.0 404 Not Found");
return;
}
}else{
header("HTTP/1.0 404 Not Found");
return;
}
}else{
header("HTTP/1.0 404 Not Found");
return;
}
if(isset($_POST["login"]) and isset($_POST["first_name"])
and isset($_POST["last_name"]) and isset($_POST["pass"]) and isset($_POST["rpass"])){
$login = trim(htmlspecialchars($_POST["login"]), ENT_QUOTES);
$first_name = trim(htmlspecialchars($_POST["first_name"]), ENT_QUOTES);
$last_name = trim(htmlspecialchars($_POST["last_name"]), ENT_QUOTES);
$middle_name = trim(htmlspecialchars($_POST["middle_name"]), ENT_QUOTES);
$pass = trim(htmlspecialchars($_POST["pass"]), ENT_QUOTES);
$rpass = trim(htmlspecialchars($_POST["rpass"]), ENT_QUOTES);
try{
if(!$login or !$first_name or !$last_name or !$pass or !$rpass){
throw new Exception('Заполните все поля');
}
if($pass != $rpass){
throw new Exception('Пароли не совпадают');
}
$pass = md5(md5($pass).'sQpwE');
$insert = $sql->query(
"INSERT INTO users (first_name, last_name, middle_name, login, pass)
VALUES ('$first_name', '$last_name', '$middle_name', '$login', '$pass')"
);
if(!$insert){
throw new Exception('Произошла неизвестная ошибка');
}
}catch(Exception $e){
echo '<p error>'.$e->getMessage().'</p>';
}
}
?>
<!doctype html>
<html>
<head>
<title>Добавление пользователя</title>
<link href = "/inc/style.css?1" rel = "stylesheet">
<link href = "/inc/index_form.css" rel = "stylesheet">
</head>
<body>
<form id = "form_auth" method = "POST">
<div class = "form_title">Добавление пользователя</div>
<div class = "form_item">
<label for = "f_login">Логин</label><br>
<input name = "login" id = "f_login" type = "text" placeholder = "Введите логин"><br>
</div>
<div class = "form_item">
<label for = "f_first_name">Имя</label><br>
<input name = "first_name" id = "f_first_name" type = "text" placeholder = "Имя"><br>
</div>
<div class = "form_item">
<label for = "f_last_name">Фамилия</label><br>
<input name = "last_name" id = "f_last_name" type = "text" placeholder = "Фамилия"><br>
</div>
<div class = "form_item">
<label for = "f_middle_name">Отчество</label><br>
<input name = "middle_name" id = "f_middle_name" type = "text" placeholder = "Отчество (если есть)"><br>
</div>
<div class = "form_item">
<label for = "f_pass">Пароль</label><br>
<input name = "pass" id = "f_pass" type = "password" placeholder = "Введите пароль"><br>
</div>
<div class = "form_item">
<label for = "f_rpass">Повторите пароль</label><br>
<input name = "rpass" id = "f_rpass" type = "password" placeholder = "Повторите пароль"><br>
</div>
<button type = "submit">Зарегистрировать</button>
</form>
</body>
</html>