-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaddUsers.php
executable file
·109 lines (96 loc) · 3.39 KB
/
addUsers.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
<!DOCTYPE html>
<!-- Add Part Info to Table Part -->
<?php
$currentpage="Sign Up";
?>
<html>
<head>
<title>Sign Up</title>
<!--<link rel="stylesheet" href="index.css">-->
<!--<script type = "text/javascript" src = "verifyInput.js" > </script>-->
</head>
<body>
<?php
// change the value of $dbuser and $dbpass to your username and password
include 'databasevars.php';
$msg = "Sign up for a new account!";
$conn = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if (!$conn) {
die('Could not connect: ' . mysql_error());
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
function debug_to_console( $data ) {
$output = $data;
if ( is_array( $output ) )
$output = implode( ',', $output);
echo "<script>console.log( 'Debug Objects: " . $output . "' );</script>";
}
// Escape user inputs for security
$username = mysqli_real_escape_string($conn, $_POST['username']);
$firstname = mysqli_real_escape_string($conn, $_POST['firstName']);
$lastname = mysqli_real_escape_string($conn, $_POST['lastName']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$age = mysqli_real_escape_string($conn, $_POST['age']);
// See if pid is already in the table
$queryIn = "SELECT * FROM Users where username='$username' ";
$resultIn = mysqli_query($conn, $queryIn);
if (mysqli_num_rows($resultIn)> 0) {
$msg ="<h2>Can't Add to Table</h2> There is already a user with username $username<p>";
} else {
$salt = uniqid(mt_rand(), true);
$salt = substr($salt,0,20);
debug_to_console($password . $salt);
debug_to_console(hash("Ripemd128", $password . $salt));
$hashedPassword = hash("Ripemd128", $password . $salt);
$query = "INSERT INTO `Users` (`username`, `firstName`, `lastName`, `email`, `password`, `age`, `salt`) VALUES ('$username', '$firstname', '$lastname', '$email', '$hashedPassword', '$age','$salt')";
if(mysqli_query($conn, $query)){
$msg = "Record added successfully.<p>";
} else{
echo "ERROR: Could not able to execute $query. " . mysqli_error($conn);
}
}
}
// close connection
mysqli_close($conn);
?>
<section>
<h2> <?php echo $msg; ?> </h2>
<form method="post" id="addForm">
<fieldset>
<legend>SIGN UP TODAY:</legend>
<p>
<label for="username">User Name:</label>
<input type="text" class="required" name="username" id="username">
</p>
<p>
<label for="firstName">First Name:</label>
<input type="text" class="required" name="firstName" id="firstName">
</p>
<p>
<label for="lastName">Last Name:</label>
<input type="text" class="required" name="lastName" id="lastName">
</p>
<p>
<label for="email">Email:</label>
<input type="email" class="required" name="email" id="email">
</p>
<p>
<label for="password">Password:</label>
<input type="password" class="required" name="password" id="password">
</p>
<p>
<label for="age">Age:</label>
<input type="number" min=1 max = 120 class="optional" name="age" id="age" title="age should be numeric">
</p>
</fieldset>
<p>
<input type = "submit" value = "Submit" />
<input type = "reset" value = "Clear Form" />
</p>
</form>
</body>
<a href="./users.php" style="font-size:30pt">See the growing community - - > </a>
<br>
<a href="./login.php" style="font-size:30pt">Log in to your account - - > </a>
</html>