84 lines
2.6 KiB
PHP
84 lines
2.6 KiB
PHP
<?php
|
|
session_start();
|
|
if (!isset($_SESSION["user_id"])) {
|
|
header("Location: auth/login.php");
|
|
exit();
|
|
}
|
|
|
|
if (!isset($_SESSION['user_rol']) || $_SESSION['user_rol'] !== 'Administrador General') {
|
|
$_SESSION['error_message'] = 'No tienes permiso para realizar esta acción.';
|
|
header('Location: colaboradores.php');
|
|
exit();
|
|
}
|
|
|
|
require_once 'db/config.php';
|
|
|
|
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
|
$nombre = trim($_POST['nombre']);
|
|
$email = trim($_POST['email']);
|
|
$password = $_POST['password'];
|
|
$rol = $_POST['rol'];
|
|
|
|
// Validations
|
|
if (empty($nombre) || empty($email) || empty($password) || empty($rol)) {
|
|
$_SESSION['error_message'] = "Todos los campos son obligatorios.";
|
|
header("Location: agregar_colaborador.php");
|
|
exit();
|
|
}
|
|
|
|
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
|
$_SESSION['error_message'] = "El formato del correo electrónico no es válido.";
|
|
header("Location: agregar_colaborador.php");
|
|
exit();
|
|
}
|
|
|
|
if (!in_array($rol, ['Administrador General', 'Encargado de Stock'])) {
|
|
$_SESSION['error_message'] = "El rol seleccionado no es válido.";
|
|
header("Location: agregar_colaborador.php");
|
|
exit();
|
|
}
|
|
|
|
try {
|
|
$pdo = db();
|
|
|
|
// Check if email already exists
|
|
$stmt = $pdo->prepare("SELECT id FROM usuarios WHERE email = :email");
|
|
$stmt->execute([':email' => $email]);
|
|
if ($stmt->fetch()) {
|
|
$_SESSION['error_message'] = "El correo electrónico ya está registrado.";
|
|
header("Location: agregar_colaborador.php");
|
|
exit();
|
|
}
|
|
|
|
// Hash the password
|
|
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
|
|
|
|
// Insert new user
|
|
$sql = "INSERT INTO usuarios (nombre, email, password, rol) VALUES (:nombre, :email, :password, :rol)";
|
|
$stmt = $pdo->prepare($sql);
|
|
|
|
$stmt->execute([
|
|
':nombre' => $nombre,
|
|
':email' => $email,
|
|
':password' => $hashed_password,
|
|
':rol' => $rol
|
|
]);
|
|
|
|
$_SESSION['success_message'] = "Colaborador agregado exitosamente.";
|
|
header("Location: colaboradores.php");
|
|
exit();
|
|
|
|
} catch (PDOException $e) {
|
|
error_log("Error al agregar colaborador: " . $e->getMessage());
|
|
$_SESSION['error_message'] = "Error al conectar con la base de datos. Por favor, inténtelo de nuevo.";
|
|
header("Location: agregar_colaborador.php");
|
|
exit();
|
|
}
|
|
|
|
} else {
|
|
// Redirect if not a POST request
|
|
header("Location: agregar_colaborador.php");
|
|
exit();
|
|
}
|
|
?>
|