new_teacher.php | searchcode

/new_teacher.php

https://gitlab.com/javednayeem/grecenter · PHP · 89 lines · 60 code · 14 blank · 15 comment · 5 complexity · eceb4f25e173a8a1e83cdce438c4018f MD5 · raw file


<?php require_once("includes/heder.php"); ?>
<?php require_once("includes/db_con.php"); ?>
<?php require_once("includes/function.php"); ?>
<?php require_once("includes/validation_functions.php"); ?>

<?php if($_SESSION["username"]!="gre"){
	redirect_to("login.php");
}
?>

<?php 

if(isset($_POST["submit"])){
	

	$required_field = array("username", "password");
	validate_presence($required_field);
	
	$fields_with_max_length = array("username" => 30);
	validate_max_length($fields_with_max_length);
	
	
	if(empty($errors)){
	//$username = $_POST["username"];
	//$hashed_password = $_POST["password"];
	//$hashed_password = $_POST["password"];
	//$username = mysql_real_escape_string(stripslashes(mysql_prep($_POST["username"])));
	
	//$username = mysql_prep($_POST["username"]);
	//$hashed_password = password_encrypt($_POST["password"]);
	$username = mysql_prep($_POST["username"]);
	$hashed_password = crypt(md5($_POST["password"]),st);
	//$hashed_password = password_encrypt($_POST["password"]);
	//$hashed_password = md5($_POST["password"]);
	//$hashed_password = mysql_real_escape_string(stripslashes(md5(uniqid(mt_rand($_POST["password"]),true))));	
	//$hashed_password = md5(uniqid(mt_rand($_POST["password"]),true));	
	//$result = mysql_query("INSERT INTO admin (`name`,`pass`)VALUES('{$username}','{$hashed_password}')");
	$query  = "INSERT INTO admin ( ";
	$query .= "name, pass , role, active";
	$query .= ") VALUES ( ";
	$query .= "'{$username}', '{$hashed_password}', 'Teacher', 1";
	$query .= ")";
	
	if (!mysql_query($query)){
	die('Error: ' . mysql_error(). mysql_errno());
	}
		if($query){ 
		//success
			$_SESSION["message"] = "Teacher created.";
			redirect_to("login.php");
		}else{
			//failed
			$_SESSION["message"] = "Teacher creation failed.";
		}
}
}else{
// Probably get request	
}
//----------Single form submission processing finishing line-------------------------
?>
<?php $layout_context = "Admin"; ?>

    <div class="container" id="new_admin">
      <div class="col-md-12 col-xs-12">
      		<?php echo message(); ?>
      		<?php echo form_errors($errors); ?>
            
      		<h2 style="text-align:center;">Create Teacher</h2>
            <form  role="form" action="new_teacher.php" method="post">
                <div class="from-gorup">
				<p>User Name:
                    <input class="form-control" type="text" name="username" value="" />
                </p>
				</div>
				<div class="from-group">
                <p>Password:
                    <input class="form-control" type="password" name="password" value="" />
                </p>
				</div>
                <input type="submit" class="btn btn-default" name="submit" value="Create Teacher" />
				<a class="btn btn-default pull-right" href="logout.php">Cancel</a>
            </form>
            <br>
      </div>
    </div>

</body>
</html>

Alerts (5)

'$_POST[' Unbounded request input detected; limit size (e.g., check Content-Length or use max input vars) to prevent memory exhaustion
13 31 32
'md5(' Weak hashing detected; use password_hash() with PASSWORD_DEFAULT for secure password storage
32
'die(' Abrupt termination detected; use try-catch or custom error handlers for better control
45