File: /home/httpd/html/camheart.com/public_html_bad/admin/add_user.php
<?php
require "db.php";
if (isset($_POST['formSubmit'])) {
$_POST = array_map_array('trim', $_POST);
$_POST = array_map_array('strip_tags', $_POST, array('description', 'freeform'));
if ($_POST['username'] == '') {
setMessage('Username is required!', 'error');
} else if (is_array(dbQuery("SELECT `record_num` FROM `users` WHERE `username` = '" . mysqli_real_escape_string($dbconn, $_POST['username']) . "'", false))) {
setMessage('This username is already taken!', 'error');
}
if ($_POST['email'] == '') {
setMessage('E-mail is required!', 'error');
} else if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
setMessage('Invalid e-mail address', 'error');
} else if (is_array(dbQuery("SELECT `record_num` FROM `users` WHERE `email` = '" . mysqli_real_escape_string($dbconn, $_POST['email']) . "'", false))) {
setMessage('This e-mail is not available!', 'error');
}
if (!getMessages(false, 'error')) {
$salt = generateSalt(rand(5, 10));
$profile = array(
'username' => $_POST['username'],
'password' => md5($_POST['password'] . $salt),
'salt' => $salt,
'is_admin' => (int) $_POST['is_admin'],
'email' => $_POST['email'],
'user_level' => (int) $_POST['user_level'],
'freeform' => strip_tags($_POST['freeform']),
'custom' => serialize($_POST['custom']),
'enabled' => (int) $_POST['enabled'],
);
$insert_id = dbInsert('users', $profile);
if (is_numeric($insert_id)) {
setMessage('New user added. <a href="' . $basehttp . '/admin/users.php"><b>Click here to return to Users List</b></a>');
} else {
setMessage('Cannot create new user', 'error');
}
header("Location: ".$_SERVER['REQUEST_URI']);
exit;
} else {
entities_walk($_POST);
}
}
?>
<? require "header.php"; ?>
<div class="content-page">
<div class="header-area">
<div class="breadcrumbs">
<a href="index.php">Admin Home</a>
<span><a href="add_user.php">Add User</a></span>
</div>
</div>
<div class="content-outer">
<h2>Add<strong>User</strong></h2>
<div class="content-inner">
<? echo getMessages(); ?>
<form action="" method="POST" enctype="multipart/form-data" class="form" novalidate autocomplete="off">
<input type="hidden" name="sponsor" value="<?php echo $_GET['id']; ?>" />
<table class="pagetable">
<thead>
<tr>
<th colspan="2">Add New User</th>
</tr>
</thead>
<tr>
<td>Username</td>
<td><input name="username" type="text" value="<?php echo $_POST['username']; ?>" required data-min-length="3" data-max-length="20" /></td>
</tr>
<tr>
<td>Password</td>
<td><input name="password" type="text" value="<?php echo $_POST['password']; ?>" required data-min-length="5" /></td>
</tr>
<tr>
<td>Email</td>
<td><input name="email" type="email" value="<?php echo $_POST['email']; ?>" required /></td>
</tr>
<tr>
<td>Admin Account</td>
<td>
<select name="is_admin">
<option<?php echo ($_POST['is_admin'] == '0') ? ' selected' : ''; ?> value="0">No</option>
<option<?php echo ($_POST['is_admin'] == '1') ? ' selected' : ''; ?> value="1">Yes</option>
</select>
</td>
</tr>
<tr>
<td>Account Enabled</td>
<td>
<select name="enabled">
<option<? echo ($_POST['enabled'] == '0') ? ' selected' : ''; ?> value="0">No</option>
<option<? echo ($_POST['enabled'] == '1') ? ' selected' : ''; ?> value="1">Yes</option>
</select>
</td>
</tr>
<tr class="item submit">
<td colspan="2">
<input type="hidden" name="formSubmit" value="1">
<button type="submit" class="btn action-save">Submit</button>
</td>
</tr>
</table>
</form>
</div>
</div>
</div>
<?php require "footer.php"; ?>