95 lines
3.0 KiB
PHP
95 lines
3.0 KiB
PHP
<?php
|
|
session_start();
|
|
if (!isset($_SESSION["user_id"])) {
|
|
header("Location: auth/login.php");
|
|
exit();
|
|
}
|
|
|
|
if (!isset($_SESSION['user_rol']) || $_SESSION['user_rol'] !== 'Administrador General') {
|
|
$_SESSION['error_message'] = 'No tienes permiso para realizar esta acción.';
|
|
header('Location: colaboradores.php');
|
|
exit();
|
|
}
|
|
|
|
require_once 'db/config.php';
|
|
|
|
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
|
$id = $_POST['id'];
|
|
$nombre = trim($_POST['nombre']);
|
|
$email = trim($_POST['email']);
|
|
$password = $_POST['password'];
|
|
$rol = $_POST['rol'];
|
|
|
|
// Validations
|
|
if (empty($id) || empty($nombre) || empty($email) || empty($rol)) {
|
|
$_SESSION['error_message'] = "Todos los campos, excepto la contraseña, son obligatorios.";
|
|
header("Location: editar_colaborador.php?id=" . $id);
|
|
exit();
|
|
}
|
|
|
|
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
|
$_SESSION['error_message'] = "El formato del correo electrónico no es válido.";
|
|
header("Location: editar_colaborador.php?id=" . $id);
|
|
exit();
|
|
}
|
|
|
|
if (!in_array($rol, ['Administrador General', 'Encargado de Stock'])) {
|
|
$_SESSION['error_message'] = "El rol seleccionado no es válido.";
|
|
header("Location: editar_colaborador.php?id=" . $id);
|
|
exit();
|
|
}
|
|
|
|
try {
|
|
$pdo = db();
|
|
|
|
// Check if email already exists for another user
|
|
$stmt = $pdo->prepare("SELECT id FROM usuarios WHERE email = :email AND id != :id");
|
|
$stmt->execute([':email' => $email, ':id' => $id]);
|
|
if ($stmt->fetch()) {
|
|
$_SESSION['error_message'] = "El correo electrónico ya está registrado por otro usuario.";
|
|
header("Location: editar_colaborador.php?id=" . $id);
|
|
exit();
|
|
}
|
|
|
|
// Build the query
|
|
$sql_parts = [
|
|
"nombre = :nombre",
|
|
"email = :email",
|
|
"rol = :rol"
|
|
];
|
|
$params = [
|
|
':nombre' => $nombre,
|
|
':email' => $email,
|
|
':rol' => $rol,
|
|
':id' => $id
|
|
];
|
|
|
|
// If password is provided, add it to the query
|
|
if (!empty($password)) {
|
|
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
|
|
$sql_parts[] = "password = :password";
|
|
$params[':password'] = $hashed_password;
|
|
}
|
|
|
|
$sql = "UPDATE usuarios SET " . implode(", ", $sql_parts) . " WHERE id = :id";
|
|
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute($params);
|
|
|
|
$_SESSION['success_message'] = "Colaborador actualizado exitosamente.";
|
|
header("Location: colaboradores.php");
|
|
exit();
|
|
|
|
} catch (PDOException $e) {
|
|
error_log("Error al editar colaborador: " . $e->getMessage());
|
|
$_SESSION['error_message'] = "Error al conectar con la base de datos. Por favor, inténtelo de nuevo.";
|
|
header("Location: editar_colaborador.php?id=" . $id);
|
|
exit();
|
|
}
|
|
|
|
} else {
|
|
header("Location: colaboradores.php");
|
|
exit();
|
|
}
|
|
?>
|