<?php //new user clickedif($_GET['action'] == "newuser") { $newuser = tr

1. <?php
2. //new user clicked
3. if($_GET['action'] == "newuser") {
4. $newuser = true; }
5.  
6. //new user
7. if($_POST) {
8. $createuser = mysql_escape_string($_POST['createuser']);
9. $createname = mysql_escape_string($_POST['createname']);
10. $createpass = mysql_escape_string($_POST['createpass']);
11. $createpass2 = mysql_escape_string($_POST['createpass2']);
12. $createaccess = mysql_escape_string($_POST['createaccess']); }
13.  
14.  
15. if (!empty($createuser) && !empty($createname) && !empty($createpass) && !empty($createpass2)) {
16.  
17. //check access
18. if ($createaccess == "employee") {
19. $createaccess = '0'; }
20. elseif ($createaccess == "supervisor") {
21. $createaccess = '2'; }
22.  
23. //check for username
24. $usertest = mysql_query("SELECT * FROM users WHERE username = '$createuser'");
25. if ($usertest > 0) {
26. $stop = true; }
27.  
28.  
29. if ($createpass == $createpass2 && !$stop) {
30. mysql_query("INSERT INTO users (username, password, real_name, access, status, id) VALUES ('$createuser', MD5('$createpass'), '$createname', '$createaccess', '0', NULL);");
31. $created = "yes";
32. }
33.  
34. else {
35. $created = "no"; }
36. ?>