<?php
require_once '../../library/config.php';
require_once '../library/functions.php';
checkUser();
$action = isset($_GET['action']) ? $_GET['action'] : '';
switch ($action) {
case 'add' :
addUser();
break;
case 'modify' :
modifyUser();
break;
case 'delete' :
deleteUser();
break;
default :
// if action is not defined or unknown
// move to main user page
header('Location: index.php');
}
function addUser()
{
$userName = $_POST['txtUserName'];
$password = $_POST['txtPassword'];
/*
// the password must be at least 6 characters long and is
// a mix of alphabet & numbers
if(strlen($password) < 6 || !preg_match('/[a-z]/i', $password) ||
!preg_match('/[0-9]/', $password)) {
//bad password
}
*/
// check if the username is taken
$sql = "SELECT user_name
FROM tbl_user
WHERE user_name = '$userName'";
$result = dbQuery($sql);
if (dbNumRows($result) == 1) {
header('Location: index.php?view=add&error=' . urlencode('Username already taken. Choose another one'));
} else {
$sql = "INSERT INTO tbl_user (user_name, user_password, user_regdate)
VALUES ('$userName', PASSWORD('$password'), NOW())";
dbQuery($sql);
header('Location: index.php');
}
}
/*
Modify a user
*/
function modifyUser()
{
$userId = (int)$_POST['hidUserId'];
$password = $_POST['txtPassword'];
$sql = "UPDATE tbl_user
SET user_password = PASSWORD('$password')
WHERE user_id = $userId";
dbQuery($sql);
header('Location: index.php');
}
/*
Remove a user
*/
function deleteUser()
{
if (isset($_GET['userId']) && (int)$_GET['userId'] > 0) {
$userId = (int)$_GET['userId'];
} else {
header('Location: index.php');
}
$sql = "DELETE FROM tbl_user
WHERE user_id = $userId";
dbQuery($sql);
header('Location: index.php');
}
?>
|