<?php 
session_start();
include '../../koneksi.php';
$nama  = $_POST['nama'];
$username = $_POST['username'];
$password = md5($_POST['password']);
$level = $_POST['level'];

// Cek user Exists
$sql = "SELECT * FROM user WHERE user_username = '" . $username . "'";
$query = mysqli_query($koneksi, $sql) or die(mysqli_error($koneksi));
$count = mysqli_num_rows($query);

if($count > 0) {
	$msg = 'SILAHKAN INPUT DENGAN NAMA YANG BERBEDA';
	$_SESSION['error'] = $msg;
	header("location:user.php");
}else{


$rand = rand();
$allowed =  array('gif','png','jpg','jpeg');
$filename = $_FILES['foto']['name'];

if($filename == ""){
	mysqli_query($koneksi, "insert into user values (NULL,'$nama','$username','$password','','$level')");
	header("location:user.php?alert=berhasil");
}else{
	$ext = pathinfo($filename, PATHINFO_EXTENSION);

	if(!in_array($ext,$allowed) ) {
		header("location:user.php?alert=gagal");
	}else{
		move_uploaded_file($_FILES['foto']['tmp_name'], '../file/user/'.$rand.'_'.$filename);
		$file_gambar = $rand.'_'.$filename;
		mysqli_query($koneksi, "insert into user values (NULL,'$nama','$username','$password','$file_gambar','$level')");
		header("location:user.php?alert=berhasil");
	}
}

}