desmondrawls/setupusers.php

## setupusers.php
<?php //setupusers
require_once 'login.php'; //login.php defines $db_hostname, $db_username, $db_password, $db_database
$db_server = mysql_connect($db_hostname, $db_username, $db_password);
if (!$db_server) die("Unable to connect to MySQL: " . mysql_error());
mysql_select_db($db_database)
  or die("Unable to select database: " . mysql_error());

$salt1 = "qm&h*";
$salt2 = "pg!@";

//forename, surname, username, password set by the user
$forename = mysql_real_escape_string($_POST['forename']);
$surname  = mysql_real_escape_string($_POST['surname']);
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$token    = md5("$salt1$password$salt2");

$search = mysql_query("SELECT * FROM users WHERE username==$username");
$existingusers = mysql_num_rows($search);


if ($forename == ""){
	echo "Please enter your first name.";
}
else if ($surname == ""){
	echo "Please enter your last name.";
}
else if ($username == ""){
	echo "Please enter a username.";
}
else if ($password == ""){
	echo "Please enter a password.";
}

else if ($existingusers > 0){
	echo "That username is taken. Please choose another username.";
}

else {
	function add_user($fn, $sn, $un, $pw){
		$query = "INSERT INTO users VALUES('$fn', '$sn', '$un', '$pw')";
		$result = mysql_query($query);
		if (!$result) die ("Database access failed: " . mysql_error());
	}

	add_user($forename, $surname, $username, $token);

	echo "Thank You!";
}
?>
	<?php //setupusers
	require_once 'login.php'; //login.php defines $db_hostname, $db_username, $db_password, $db_database
	$db_server = mysql_connect($db_hostname, $db_username, $db_password);
	if (!$db_server) die("Unable to connect to MySQL: " . mysql_error());
	mysql_select_db($db_database)
	or die("Unable to select database: " . mysql_error());

	$salt1 = "qm&h*";
	$salt2 = "pg!@";

	//forename, surname, username, password set by the user
	$forename = mysql_real_escape_string($_POST['forename']);
	$surname = mysql_real_escape_string($_POST['surname']);
	$username = mysql_real_escape_string($_POST['username']);
	$password = mysql_real_escape_string($_POST['password']);
	$token = md5("$salt1$password$salt2");

	$search = mysql_query("SELECT * FROM users WHERE username==$username");
	$existingusers = mysql_num_rows($search);


	if ($forename == ""){
	echo "Please enter your first name.";
	}
	else if ($surname == ""){
	echo "Please enter your last name.";
	}
	else if ($username == ""){
	echo "Please enter a username.";
	}
	else if ($password == ""){
	echo "Please enter a password.";
	}

	else if ($existingusers > 0){
	echo "That username is taken. Please choose another username.";
	}

	else {
	function add_user($fn, $sn, $un, $pw){
	$query = "INSERT INTO users VALUES('$fn', '$sn', '$un', '$pw')";
	$result = mysql_query($query);
	if (!$result) die ("Database access failed: " . mysql_error());
	}

	add_user($forename, $surname, $username, $token);

	echo "Thank You!";
	}
	?>