<?php/*NEW.PHPAllows user to create a new entry in the database*

1. <?php
2.  
3. /*
4.  
5. NEW.PHP
6.  
7. Allows user to create a new entry in the database
8.  
9. */
10.  
11.  
12.  
13. // creates the new record form
14.  
15. // since this form is used multiple times in this file, I have made it a function that is easily reusable
16.  
17. function renderForm($user, $pass, $hwid, $code, $banned, $ip, $date, $error)
18.  
19. {
20.  
21. ?>
22.  
23. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
24.  
25. <html>
26.  
27. <head>
28.  
29. <title>New Record</title>
30.  
31. </head>
32.  
33. <body>
34.  
35. <?php
36.  
37. // if there are any errors, display them
38.  
39. if ($error != '')
40.  
41. {
42.  
43. echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
44.  
45. }
46.  
47. ?>
48.  
49.  
50.  
51. <form action="" method="post">
52.  
53. <div>
54.  
55. <strong>username: *</strong> <input type="text" name="username" value="<?php echo $user; ?>" /><br/>
56.  
57. <strong>password: *</strong> <input type="text" name="password" value="<?php echo $pass; ?>" /><br/>
58.  
59. <strong>hwid: *</strong> <input type="text" name="hwid" value="<?php echo $hwid; ?>" /><br/>
60.  
61. <strong>code: *</strong> <input type="text" name="code" value="<?php echo $code; ?>" /><br/>
62.  
63. <strong>banned: *</strong> <input type="text" name="banned" value="<?php echo $banned; ?>" /><br/>
64.  
65. <strong>ip: *</strong> <input type="text" name="ip" value="<?php echo $ip; ?>" /><br/>
66.  
67. <strong>date: *</strong> <input type="text" name="date" value="<?php echo $date; ?>" /><br/>
68.  
69. <p>* required</p>
70.  
71. <input type="submit" name="submit" value="Submit">
72.  
73. </div>
74.  
75. </form>
76.  
77. </body>
78.  
79. </html>
80.  
81. <?php
82.  
83. }
84.  
85.  
86.  
87.  
88.  
89.  
90.  
91.  
92.  
93. // connect to the database
94.  
95. include('connect-db.php');
96.  
97.  
98.  
99. // check if the form has been submitted. If it has, start to process the form and save it to the database
100.  
101. if (isset($_POST['submit']))
102.  
103. {
104.  
105. // get form data, making sure it is valid
106.  
107. $username = mysql_real_escape_string(htmlspecialchars($_POST['username']));
108.  
109. $password = mysql_real_escape_string(htmlspecialchars($_POST['password']));
110.  
111.  
112.  
113. // check to make sure both fields are entered
114.  
115. if ($username == '' || $password == '')
116.  
117. {
118.  
119. // generate error message
120.  
121. $error = 'ERROR: Please fill in all required fields!';
122.  
123.  
124.  
125. // if either field is blank, display the form again
126.  
127. renderForm($user, $pass, $hwid, $code, $banned, $ip, $date, $error);
128.  
129. }
130.  
131. else
132.  
133. {
134.  
135. // save the data to the database
136.  
137. mysql_query("INSERT Account SET username='$user', password='$pass', hwid='$hwid', code='$code', banned='$banned', ip='$date', date='$date'")
138.  
139. or die(mysql_error());
140.  
141.  
142.  
143. // once saved, redirect back to the view page
144.  
145. header("Location: view.php");
146.  
147. }
148.  
149. }
150.  
151. else
152.  
153. // if the form hasn't been submitted, display the form
154.  
155. {
156.  
157. renderForm('','','');
158.  
159. }
160.  
161. ?>