Código PHP:
require_once "config.php";
if (strlen(trim($strSessionPath)) > 0)
session_save_path($strSessionPath);
session_start();
$boolError = false;
$strAction = "";
$strMessage = "";
$strName = "";
$strPassword1 = "";
$strPassword2 = "";
$strTempDBInfo = "";
// Critical Error checking
if (empty($_SESSION)) {
$_SESSION['name'] = "";
$_SESSION['message'] = "You must log in to proceed.";
header("Location: index.php");
exit;
}
else {
$strAction = $_SESSION['action'];
}
// User Error checking
if (!empty($HTTP_POST_VARS['name'])) {
$strName = $HTTP_POST_VARS['name'];
}
elseif ($strAction == "Create New User") {
$strMessage = "User was NOT created! You must specify a user. ";
$boolError = true;
}
// boolError checks are in there own clause instead of merging them with the nested if statement.
// Otherwise, the error message of the real error will be overwritten by the last message in the
// last error check.
if (!$boolError) {
if (!empty($HTTP_POST_VARS['password1'])) {
$strPassword1 = $HTTP_POST_VARS['password1'];
}
else {
$strMessage = "You must specify a password.";
$boolError = true;
}
}
if (!$boolError) {
if (!empty($HTTP_POST_VARS['password2'])) {
$strPassword2 = $HTTP_POST_VARS['password2'];
}
else {
$strMessage = "You must validate your password by typing it twice.";
$boolError = true;
}
}
// $boolError can be merged with if statements if there is no 'else' clause
if (!$boolError && ((strlen($strPassword1) < 4) || (strlen($strPassword1) > 32))) {
$strMessage = "Change was NOT successful! Password must be no shorter than 4 characters and no longer than 32 characters.";
$boolError = true;
}
if (!$boolError && ($strPassword1 != $strPassword2)) {
$strMessage = "Change was NOT successful! New password was not the same as the retyped password.";
$boolError = true;
}
if (!$boolError) {
$strTempDBInfo = DBTYPE . "_pconnect";
$conn = $strTempDBInfo($DB_HOST, $DB_USER, $DB_PASS);
if (!$conn) {
$strTempDBInfo = DBTYPE . "_error";
$strMessage = "Unable to connect to DB server: " . $strTempDBInfo($conn);
$boolError = true;
}
else {
$strTempDBInfo = DBTYPE . "_select_db";
}
}
if (!$boolError && (!$strTempDBInfo($DB_NAME))) {
$strTempDBInfo = DBTYPE . "_error";
$strMessage = "Unable to select DB name: " . $strTempDBInfo($conn);
$strTempDBInfo = DBTYPE . "_close";
$strTempDBInfo($conn);
$boolError = true;
}
if (!$boolError) {
if ($strAction == "Create New User") {
$sql = "SELECT UserName FROM login WHERE UserName = '" . $strName . "'";
$strTempDBInfo = DBTYPE . "_query";
$result = $strTempDBInfo($sql);
if (!$result) {
$strTempDBInfo = DBTYPE . "_error";
$strMessage = "Could not successfully run query ($sql) from DB: " . $strTempDBInfo($conn);
$boolError = true;
}
else {
$strTempDBInfo = DBTYPE . "_num_rows";
if ($strTempDBInfo($result) != 0) {
$strMessage = "This user already exists.";
$boolError = true;
}
}
}
}
if (!$boolError) {
if ($strAction == "Change Password") {
$sql = "UPDATE login SET UserPassword = '$strPassword1' " .
"WHERE UserName = '$strName'";
}
if ($strAction == "Create New User") {
$strUserLastIP = $_SERVER['REMOTE_ADDR'];
$sql = "INSERT INTO login ( UserName, UserPassword, UserLastIP ) " .
"VALUES ('$strName', '$strPassword1', '$strUserLastIP')";
}
$strTempDBInfo = DBTYPE . "_query";
$result = $strTempDBInfo($sql);
if (!$result) {
$strTempDBInfo = DBTYPE . "_error";
$strMessage = "Could not successfully run query ($sql) from DB: " . $strTempDBInfo($conn);
$boolError = true;
}
else {
// If $strMessage is not empty and $boolError is false then it's just a Message.
// Otherwise, it's an Error Message.
if ($strAction == "Change Password") {
$strMessage = "Password successfully changed.";
}
if ($strAction == "Create New User") {
$strMessage = "User successfully added.";
}
$boolError = false;
}
$strTempDBInfo = DBTYPE . "_close";
$strTempDBInfo($conn);
}
$_SESSION['message'] = $strMessage;
header("Location: options.php");
Perdon, es que si no se me cansa la vista (como al resto de usuario supongo), ahora le echaré un ojo...