Untitled
unknown
plain_text
13 days ago
1.4 kB
4
Indexable
<?php require_once 'includes/config.php'; // Check if the admin is logged in if (!isset($_SESSION['admin_id'])) { header("Location: login.php"); exit; } // Only process POST requests if ($_SERVER['REQUEST_METHOD'] !== 'POST') { header("Location: staff.php"); exit; } // Retrieve and sanitize form data $name = trim($_POST['name']); $account = trim($_POST['account']); $email = trim($_POST['email']); $password = $_POST['password']; // do not trim passwords // Validate required fields if (empty($name) || empty($account) || empty($email) || empty($password)) { header("Location: staff.php?toast=" . urlencode("Please fill in all required fields.")); exit; } // Hash the password using SHA‑256 $hashedPassword = hash('sha256', $password); // Prepare the INSERT statement $sql = "INSERT INTO attendant (account, name, email, password, created_at) VALUES (?, ?, ?, ?, NOW())"; $stmt = $pdo->prepare($sql); try { $stmt->execute([$account, $name, $email, $hashedPassword]); header("Location: staff.php?toast=" . urlencode("Staff member added successfully.")); exit; } catch (PDOException $e) { // In production, consider logging the error rather than exposing it to users header("Location: staff.php?toast=" . urlencode("Error adding staff member: " . $e->getMessage())); exit; } ?>
Editor is loading...
Leave a Comment