ipreg/useradd.php

<?php
	include("header.php");
	
	// display only if admin
	if($_SESSION['suser_level'] >= 2) {
	
	// check for submit
	if ($_SERVER['REQUEST_METHOD']=="POST" ) {
		// check for unique username
		$result = mysql_query("SELECT user_name FROM user WHERE user_name='$user_name'") or die(mysql_error());
		if(mysql_num_rows($result) == 0) {
			$user_name = $_POST['user_name'];
			$user_pass = md5($config_user_pass);
			$user_level = $_POST['user_level'];
			$displayname = $_POST['user_name'];
			mysql_query("INSERT INTO user (user_name, user_pass, user_level, displayname) VALUE ('$user_name', '$user_pass', '$user_level', '$displayname')") or die(mysql_error());
			
			header_location("options.php");
		}
		echo '<b>Error!</b>';
	}
?>
	
	<form method="POST" action="useradd.php">
	<table border="0">
		<tr>
			<td colspan="2">
				<b>Add user:</b><br>
			</td>
		</tr>
		<tr>
			<td>
				Username:
			</td>
			<td>
				<input type="text" name="user_name">
			</td>
		</tr>
		<tr>
			<td>
				Password:
			</td>
			<td>
				<?php echo $config_user_pass; ?>
			</td>
		</tr>
		<tr>
			<td>
				Level:
			</td>
			<td>
				<select name="user_level">
					<option value="1">View all</option>
					<option value="2">Edit all</option>
			</td>
		</tr>
		<tr>
			<td colspan="2" align="right">
				<input type="submit" value="Submit"><input type="reset" value="Reset">
			</td>
		</tr>
	</table>
	</form>

<?php
	// end display only if admin
	}
	
	include("footer.php");
?>