</div>
<div class="form-group">
<div class="checkbox">
<label>
<input type="checkbox" name="add_admin" value="True">Admin
</label>
</div>
</div>';
if (isset($_POST['submit']) and $_POST['submit'] == "Add User") {
// Handle the form.
if ($_POST['new_user'] == '') {
echo '<font color="red">Must fill out all fields.</font>';
} elseif ($_POST['vfy_new_pass'] != $_POST['new_pass']) {
echo '<font color="red">New passwords don\'t match.</font>';
}
if (name_reg($_POST['new_user']) and pass_reg($_POST['new_pass'])) {
$hash = sha1($_POST['new_pass']);
$new_user = $_POST['new_user'];
if (isset($_POST['add_admin'])) {
$group = 1;
} else {
$group = 0;
}
$q = 'SELECT COUNT(user_id) as n FROM users';
$r = @mysqli_query($dbc, $q);
// Run the query.
while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) {
$uid = $row['n'] + 1;
}
$q = 'SELECT COUNT(name) as n FROM users WHERE name = "' . $new_user . '"';
$r = @mysqli_query($dbc, $q);
<div class="modal-body">
<form class="form col-md-12 center-block" action="login.php" method="post">
<div class="form-group">
<input type="text" name="name" id="Input" class="form-control input-lg" placeholder="Username">
</div>
<div class="form-group">
<input type="password" name="pass" id="Input" class="form-control input-lg" placeholder="Password">
</div>
<div class="form-group">
<input type="submit" name="submit" value="Submit" id="Button" class="btn btn-primary btn-lg btn-block"/>
<?php
if (isset($_POST["submit"])) {
require_once MYSQL;
$trimmed = array_map('trim', $_POST);
$n = $p = FALSE;
if (name_reg($trimmed['name'])) {
$n = mysqli_real_escape_string($dbc, $trimmed['name']);
}
if (pass_reg($trimmed['pass'])) {
$p = mysqli_real_escape_string($dbc, $trimmed['pass']);
}
if ($n && $p) {
session_start();
$q = "SELECT user_id, name, user_level FROM users WHERE (name='{$n}' AND pass=SHA1('{$p}'))";
$r = mysqli_query($dbc, $q) or trigger_error("Query: {$q}\n<br />MySQL Error: " . mysqli_error($dbc));
if (@mysqli_num_rows($r) == 1) {
$_SESSION = mysqli_fetch_array($r, MYSQLI_ASSOC);
mysqli_free_result($r);
mysqli_close($dbc);
ob_end_clean();
header("Location: index.php");
if ($trimmed['throw_count']) {
$throw_count = mysqli_real_escape_string($dbc, $trimmed['throw_count']);
}
} else {
$throw_flag = 'no';
$throw_count = "no";
}
if ($_POST['enable_iframe'] == 'True') {
$iframe_flag = 'yes';
if (name_reg($trimmed['iframe_url'])) {
$iframe_url = mysqli_real_escape_string($dbc, $trimmed['iframe_url']);
}
if (name_reg($trimmed['iframe_title'])) {
$iframe_title = mysqli_real_escape_string($dbc, $trimmed['iframe_title']);
}
if (name_reg($trimmed['iframe_icon_url'])) {
$iframe_icon_url = mysqli_real_escape_string($dbc, $trimmed['iframe_icon_url']);
}
} else {
$iframe_flag = 'no';
$iframe_url = 'no';
$iframe_title = 'no';
$iframe_icon_url = 'no';
}
if ($_POST['enable_debug'] == 'True') {
$debug_flag = 'yes';
} else {
$debug_flag = 'no';
}
if ($name && $iframe_flag && $debug_flag && $throw_count) {
// If everything's OK...