Keine Beschreibung

addUser.php 1.6KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253
  1. <?php
  2. require_once 'config.php';
  3. require_once 'dbh.inc.php';
  4. require_once 'checkLogin.php';
  5. // EXAMPLE INPUT...
  6. // array(3) { ["name"]=> string(0) "" ["email"]=> string(0) "" ["addUser"]=> string(0) "" }
  7. if(isset($_POST['addUser'])) {
  8. $name = mysqli_real_escape_string($connection, trim($_POST['name']));
  9. $email = mysqli_real_escape_string($connection, trim($_POST['email']));
  10. // Check if name is not an empty string
  11. if($name === '') {
  12. http_response_code(400);
  13. echo json_encode(array("error" => "Must specify name."));
  14. exit();
  15. }
  16. // Check if email is not an empty string
  17. // And that email is valid email
  18. // And that email is from UPR
  19. // And that email is not already registered
  20. if($email === '') {
  21. http_response_code(400);
  22. echo json_encode(array("error" => "Must specify email."));
  23. exit();
  24. } else if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
  25. http_response_code(400);
  26. echo json_encode(array("error" => "Invalid email."));
  27. exit();
  28. } else if(explode("@", $email)[1] !== "upr.edu") {
  29. http_response_code(400);
  30. echo json_encode(array("error" => "Email has to be from UPR."));
  31. exit();
  32. } else if(mysqli_query($connection, "SELECT * FROM researcher WHERE email = '$email';")->num_rows !== 0) {
  33. http_response_code(400);
  34. echo json_encode(array("error" => "Given email already registered."));
  35. exit();
  36. }
  37. // Insert user
  38. $queryUser = "INSERT INTO researcher (`name`, `email`) VALUES ('$name', '$email');";
  39. mysqli_query($connection, $queryUser) or die("Error: " . mysqli_error($connection));
  40. header("Location: ../users.php");
  41. }