| Server IP : 3.111.61.48 / Your IP : 216.73.216.67 Web Server : Apache System : Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64 User : ubuntu ( 1000) PHP Version : 8.2.31 Disable Function : exec,passthru,shell_exec,system MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /var/www/vhost/itms.arukustech.com/public/api/ |
Upload File : |
<?php
require_once __DIR__ . '/../../app/db.php';
require_once __DIR__ . '/../../app/helpers/auth.php';
auth();
// Only admin/superadmin can add users
if (!in_array($_SESSION['role'], ['admin', 'superadmin'])) {
header("Location: /users.php?error=denied");
exit;
}
$pdo = db();
// Validate required fields
$name = trim($_POST['name']);
$role = trim($_POST['role']);
$email = trim($_POST['email']);
$empid = trim($_POST['employee_id']);
$mobile = trim($_POST['mobile']);
$dept = trim($_POST['department']);
$status = isset($_POST['status']) ? 1 : 0;
$password = trim($_POST['password']);
if ($name === "") {
header("Location: /users_add.php?error=Name is required");
exit;
}
// Password only needed for login users
if ($role !== "employee") {
if ($password === "") {
header("Location: /users_add.php?error=Password is required for login users");
exit;
}
$hashed = password_hash($password, PASSWORD_BCRYPT);
} else {
// Dummy password because DB requires NOT NULL
$hashed = password_hash("employee123", PASSWORD_BCRYPT);
}
// Unique email check
if ($email !== "") {
$check = $pdo->prepare("SELECT id FROM users WHERE email=?");
$check->execute([$email]);
if ($check->fetch()) {
header("Location: /users_add.php?error=Email already exists");
exit;
}
}
$stmt = $pdo->prepare("
INSERT INTO users (employee_id, name, email, mobile, department, role, password, status)
VALUES (?, ?, ?, ?, ?, ?, ?, ?)
");
$stmt->execute([
$empid,
$name,
$email,
$mobile,
$dept,
$role,
$hashed,
$status
]);
header("Location: /users.php?added=1");
exit;