connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT * FROM users WHERE username = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $username);
// Execute the statement
$stmt->execute();
// Get the result
$result = $stmt->get_result();
$stmt->close();
$conn->close();
// Check if the user exists and verify the password
if ($result->num_rows > 0) {
echo '
User already exists!
';
}else{
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD,$DB_DATABASE);
if ($conn->connect_error) {
$success=0;
die("Connection failed: " . $conn->connect_error);
}
$stmt = $conn->prepare("INSERT INTO users (email, username, password,perms,allow_pw_login,send_login_message,use_2fa) VALUES (?, ?, ?, ?,1,0,0)");
$stmt->bind_param("ssss", $email, $username, $hash, $permissions);
$email=htmlspecialchars($_POST["email"]);
$username=htmlspecialchars($_POST["username"]);
$password=$_POST["password"];
$permissions=get_perm_str();
$hash=password_hash($password, PASSWORD_BCRYPT);
$stmt->execute();
$stmt->close();
$conn->close();
echo '
User added successfully!
';
log_action("USER::ADD::SUCCESS","User ".$_SESSION["username"]." added another user ($username).",$_SESSION["id"]);
}
}elseif($block==1){
echo '
You do not have permission to add a user!
';
}
?>