user.php
require_once "config.php";

if (strlen(trim($strSessionPath)) > 0)
session_save_path($strSessionPath);

session_start();

$boolError = false;
$strAction = "";
$strMessage = "";
$strName = "";
$strPassword1 = "";
$strPassword2 = "";
$strTempDBInfo = "";

// Critical Error checking
if (empty($_SESSION))
{
$_SESSION['name'] = "";
$_SESSION['message'] = "You must log in to proceed.";
header("Location: index.php");
exit;
}
else
{
$strAction = $_SESSION['action'];
}

// User Error checking
if (!empty($HTTP_POST_VARS['name']))
{
$strName = $HTTP_POST_VARS['name'];
}
elseif ($strAction == "Create New User")
{
$strMessage = "User was NOT created! You must specify a user. ";
$boolError = true;
}

// boolError checks are in there own clause instead of merging them with the nested if statement.
// Otherwise, the error message of the real error will be overwritten by the last message in the
// last error check.
if (!$boolError)
{
if (!empty($HTTP_POST_VARS['password1']))
{
$strPassword1 = $HTTP_POST_VARS['password1'];
}
else
{
$strMessage = "You must specify a password.";
$boolError = true;
}
}

if (!$boolError)
{
if (!empty($HTTP_POST_VARS['password2']))
{
$strPassword2 = $HTTP_POST_VARS['password2'];
}
else
{
$strMessage = "You must validate your password by typing it twice.";
$boolError = true;
}
}

// $boolError can be merged with if statements if there is no 'else' clause
if (!$boolError && ((strlen($strPassword1) < 4) || (strlen($strPassword1) > 32)))
{
$strMessage = "Change was NOT successful! Password must be no shorter than 4 characters and no longer than 32 characters.";
$boolError = true;
}

if (!$boolError && ($strPassword1 != $strPassword2))
{
$strMessage = "Change was NOT successful! New password was not the same as the retyped password.";
$boolError = true;
}

if (!$boolError)
{
$strTempDBInfo = DBTYPE."_pconnect";
$conn = $strTempDBInfo($DB_HOST,$DB_USER,$DB_PASS);

if (!$conn)
{
$strTempDBInfo = DBTYPE."_error";
$strMessage = "Unable to connect to DB server: " . $strTempDBInfo($conn);
$boolError = true;
}
else
{
$strTempDBInfo = DBTYPE."_select_db";
}
}

if (!$boolError && (!$strTempDBInfo($DB_NAME)))
{
$strTempDBInfo = DBTYPE."_error";
$strMessage = "Unable to select DB name: " . $strTempDBInfo($conn);
$strTempDBInfo = DBTYPE."_close";
$strTempDBInfo($conn);
$boolError = true;
}

if (!$boolError)
{
if ($strAction == "Create New User")
{
$sql = "SELECT UserName FROM login WHERE UserName = '" . $strName . "'";
$strTempDBInfo = DBTYPE."_query";
$result = $strTempDBInfo($sql);

if (!$result)
{
$strTempDBInfo = DBTYPE."_error";
$strMessage = "Could not successfully run query ($sql) from DB: " . $strTempDBInfo($conn);
$boolError = true;
}
else
{
$strTempDBInfo = DBTYPE."_num_rows";

if ($strTempDBInfo($result) != 0)
{
$strMessage = "This user already exists.";
$boolError = true;
}
}
}
}

if (!$boolError)
{
if ($strAction == "Change Password")
{
$sql = "UPDATE login SET UserPassword = '$strPassword1' " .
"WHERE UserName = '$strName'";
}

if ($strAction == "Create New User")
{
$strUserLastIP = $_SERVER['REMOTE_ADDR'];
$sql = "INSERT INTO login ( UserName, UserPassword, UserLastIP ) " .
"VALUES ('$strName', '$strPassword1', '$strUserLastIP')";
}

$strTempDBInfo = DBTYPE."_query";
$result = $strTempDBInfo($sql);

if (!$result)
{
$strTempDBInfo = DBTYPE."_error";
$strMessage = "Could not successfully run query ($sql) from DB: " . $strTempDBInfo($conn);
$boolError = true;
}
else
{
// If $strMessage is not empty and $boolError is false then it's just a Message.
// Otherwise, it's an Error Message.
if ($strAction == "Change Password")
{
$strMessage = "Password successfully changed.";
}

if ($strAction == "Create New User")
{
$strMessage = "User successfully added.";
}

$boolError = false;
}

$strTempDBInfo = DBTYPE."_close";
$strTempDBInfo($conn);
}

$_SESSION['message'] = $strMessage;
header("Location: options.php");
?>