/var/www/hkosl.com/e-ims/webadmin/sys_login_add.php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

<?php
include 'config.php';

// Check if the user is logged in

if ((!isSet($_SESSION['loginname'])) || ($loggin <> '1'))
{
header("Location: login.php");
exit;
}
?>
<?php
require("configure.php"); 
require_once 'function_auth.php';
$username        htmlspecialchars($_POST["username"],ENT_QUOTES);
$role             htmlspecialchars($_POST["role"],ENT_QUOTES);
$loginname        htmlspecialchars($_POST["loginname"],ENT_QUOTES);
$strength        Password::strength($_POST["loginpw"], $_POST["username"]);
if(!$strength){
    exit('Insufficient password strength');    
}
$loginpw        Password::hash($_POST["loginpw"]);
$nowdate         date("Y-m-d H:i:s");
//print_r($_POST); 

$sql "SELECT * FROM sys_login WHERE loginname = :loginname";
$sth Db::getDbh()->prepare($sql);
$sth->execute(array(":loginname" => $loginname));
if( $error $sth->getError(array(":loginname" => $loginname)) ){
    var_dump($error);
}
$colcount $sth->rowCount();


if ($colcount 0)    {
    echo"<script language='javascript'>
            alert('Your login name has been assigned, Please choose another.');
            history.back();
        </script>";
}    elseif($_POST["loginpw"] <> $_POST["loginpw_check"] ) {
    echo"<script language='javascript'>
            alert('Confirm Password Error');
            history.back();
        </script>";
}    else    {

    $sql "select max(loginid) as maxid from sys_login";
    $sth Db::getDbh()->prepare($sql);
    $sth->execute();
    if( $error $sth->getError() ){
        var_dump($error);
    }
    $row $sth->fetch(PDO::FETCH_ASSOC);
    $loginid $row{'maxid'}+1;

    $sql "insert into sys_login (loginid, username, loginname, loginpw, role, status, createby, createdate, lastupby, lastupdate, deleted) VALUES(:loginid, :username, :loginname, :loginpw, :role, :status, :createby, :createdate, :lastupby, :lastupdate, :deleted)";
    $sth Db::getDbh()->prepare($sql);
    $sql_param = array();
    $sql_param[':loginid'] = $loginid;
    $sql_param[':username'] = $username;
    $sql_param[':loginname'] = $loginname;
    $sql_param[':loginpw'] = $loginpw;
    $sql_param[':role'] = $role;
    $sql_param[':status'] = '1';
    $sql_param[':createby'] = $_SESSION['loginid'];
    $sql_param[':createdate'] = $nowdate;
    $sql_param[':lastupby'] = $_SESSION['loginid'];
    $sql_param[':lastupdate'] = $nowdate;
    $sql_param[':deleted'] = '0';
    $sth->execute($sql_param);
    if( $error $sth->getError($sql_param) ){
        var_dump($error);
    }
    
    $dbh null;
    
    header("Location: sys_login_index.php?msg=Add Successful");
}
?>