From 734d16aa81304cebcc583c3017fe2611ee3d8377 Mon Sep 17 00:00:00 2001
From: Flatlogic Bot <support@flatlogic.com>
Date: Mon, 27 Oct 2025 13:06:57 +0000
Subject: [PATCH] v4

---
 analysis.php                                  |  18 +-
 dashboard.php                                 |   2 +-
 db/migrations/002_create_users_table.sql      |   7 +
 .../003_add_user_id_to_uploaded_files.sql     |   3 +
 edit_user.php                                 | 119 +++++++++++++
 footer.php                                    |   2 +-
 header.php                                    |   9 +-
 index.php                                     |  10 +-
 login.php                                     |  22 ++-
 upload.php                                    |   6 +-
 users.php                                     | 159 ++++++++++++++++++
 11 files changed, 342 insertions(+), 15 deletions(-)
 create mode 100644 db/migrations/002_create_users_table.sql
 create mode 100644 db/migrations/003_add_user_id_to_uploaded_files.sql
 create mode 100644 edit_user.php
 create mode 100644 users.php

diff --git a/analysis.php b/analysis.php
index 4882666..a51f463 100644
--- a/analysis.php
+++ b/analysis.php
@@ -104,7 +104,23 @@ if (!isset($_SESSION['user_email'])) {
                                 <?php
                                 try {
                                     $pdo = db();
-                                    $stmt = $pdo->query('SELECT id, original_filename, upload_time, status, uploaded_by FROM uploaded_files ORDER BY upload_time DESC');
+                                    
+                                    $sql = 'SELECT id, original_filename, upload_time, status, uploaded_by FROM uploaded_files';
+                                    
+                                    if ($_SESSION['user_role'] !== 'admin') {
+                                        $sql .= ' WHERE user_id = ?';
+                                    }
+                                    
+                                    $sql .= ' ORDER BY upload_time DESC';
+                                    
+                                    $stmt = $pdo->prepare($sql);
+                                    
+                                    if ($_SESSION['user_role'] !== 'admin') {
+                                        $stmt->execute([$_SESSION['user_id']]);
+                                    } else {
+                                        $stmt->execute();
+                                    }
+                                    
                                     $files = $stmt->fetchAll();
 
                                     if (empty($files)):
diff --git a/dashboard.php b/dashboard.php
index b18c5bf..0bcc158 100644
--- a/dashboard.php
+++ b/dashboard.php
@@ -13,7 +13,7 @@ if (!isset($_SESSION['user_email'])) {
     <div class="row">
         <div class="col-12">
             <div class="alert alert-success">
-                <strong>Welcome, <?php echo htmlspecialchars($_SESSION[''''user_email''']); ?>!</strong> You are now logged in.
+                                <strong>Welcome, <?php echo htmlspecialchars($_SESSION['user_email']); ?>!</strong> You are now logged in.
             </div>
             <div class="card">
                 <div class="card-header">
diff --git a/db/migrations/002_create_users_table.sql b/db/migrations/002_create_users_table.sql
new file mode 100644
index 0000000..82906e4
--- /dev/null
+++ b/db/migrations/002_create_users_table.sql
@@ -0,0 +1,7 @@
+CREATE TABLE IF NOT EXISTS `users` (
+  `id` INT AUTO_INCREMENT PRIMARY KEY,
+  `email` VARCHAR(255) NOT NULL UNIQUE,
+  `password` VARCHAR(255) NOT NULL,
+  `role` VARCHAR(50) NOT NULL DEFAULT 'user',
+  `created_at` TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+);
diff --git a/db/migrations/003_add_user_id_to_uploaded_files.sql b/db/migrations/003_add_user_id_to_uploaded_files.sql
new file mode 100644
index 0000000..e07e790
--- /dev/null
+++ b/db/migrations/003_add_user_id_to_uploaded_files.sql
@@ -0,0 +1,3 @@
+ALTER TABLE `uploaded_files`
+ADD COLUMN `user_id` INT,
+ADD CONSTRAINT `fk_user_id` FOREIGN KEY (`user_id`) REFERENCES `users`(`id`) ON DELETE SET NULL;
\ No newline at end of file
diff --git a/edit_user.php b/edit_user.php
new file mode 100644
index 0000000..fb7de91
--- /dev/null
+++ b/edit_user.php
@@ -0,0 +1,119 @@
+<?php
+require_once 'config.php';
+require_once 'db/config.php';
+
+// Admin-only access
+if (!isset($_SESSION['user_role']) || $_SESSION['user_role'] !== 'admin') {
+    header('Location: dashboard.php');
+    exit;
+}
+
+$pdo = db();
+$feedback = [];
+$userId = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT);
+
+if (!$userId) {
+    header('Location: users.php');
+    exit;
+}
+
+// Handle Update User
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'update') {
+    $email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
+    $role = $_POST['role'];
+    $password = $_POST['password']; // New password
+    $postedUserId = filter_input(INPUT_POST, 'user_id', FILTER_VALIDATE_INT);
+
+    if (!$email || !in_array($role, ['user', 'admin']) || $postedUserId != $userId) {
+        $feedback = ['type' => 'danger', 'message' => 'Invalid input. Please check all fields.'];
+    } else {
+        // Prevent admin from changing their own role if they are the last admin
+        if ($userId == $_SESSION['user_id'] && $role !== 'admin') {
+            $stmt = $pdo->prepare("SELECT COUNT(*) FROM users WHERE role = 'admin'");
+            $stmt->execute();
+            $adminCount = $stmt->fetchColumn();
+            if ($adminCount <= 1) {
+                $feedback = ['type' => 'danger', 'message' => 'You cannot change your role as you are the only admin.'];
+            }
+        }
+
+        if (empty($feedback)) {
+            $sql = "UPDATE users SET email = ?, role = ?";
+            $params = [$email, $role];
+
+            if (!empty($password)) {
+                $sql .= ", password = ?";
+                $params[] = password_hash($password, PASSWORD_DEFAULT);
+            }
+
+            $sql .= " WHERE id = ?";
+            $params[] = $userId;
+
+            $stmt = $pdo->prepare($sql);
+            if ($stmt->execute($params)) {
+                header('Location: users.php?update=success');
+                exit;
+            } else {
+                $feedback = ['type' => 'danger', 'message' => 'Failed to update user.'];
+            }
+        }
+    }
+}
+
+// Fetch user data
+$stmt = $pdo->prepare("SELECT id, email, role FROM users WHERE id = ?");
+$stmt->execute([$userId]);
+$user = $stmt->fetch();
+
+if (!$user) {
+    header('Location: users.php');
+    exit;
+}
+
+include 'header.php';
+?>
+
+<div class="container py-5">
+    <div class="d-flex justify-content-between align-items-center mb-4">
+        <h1 class="text-primary">Edit User</h1>
+        <a href="users.php" class="btn btn-outline-secondary">Back to User List</a>
+    </div>
+
+    <?php if (!empty($feedback)):
+        ?>
+        <div class="alert alert-<?php echo htmlspecialchars($feedback['type']); ?> alert-dismissible fade show" role="alert">
+            <?php echo htmlspecialchars($feedback['message']); ?>
+            <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
+        </div>
+    <?php endif; ?>
+
+    <div class="card shadow-sm">
+        <div class="card-header bg-light">
+            <h5 class="mb-0">Editing User: <?php echo htmlspecialchars($user['email']); ?></h5>
+        </div>
+        <div class="card-body">
+            <form action="edit_user.php?id=<?php echo $user['id']; ?>" method="POST">
+                <input type="hidden" name="action" value="update">
+                <input type="hidden" name="user_id" value="<?php echo $user['id']; ?>">
+                <div class="mb-3">
+                    <label for="email" class="form-label">Email</label>
+                    <input type="email" class="form-control" id="email" name="email" value="<?php echo htmlspecialchars($user['email']); ?>" required>
+                </div>
+                <div class="mb-3">
+                    <label for="role" class="form-label">Role</label>
+                    <select class="form-select" id="role" name="role">
+                        <option value="user" <?php if ($user['role'] === 'user') echo 'selected'; ?>>User</option>
+                        <option value="admin" <?php if ($user['role'] === 'admin') echo 'selected'; ?>>Admin</option>
+                    </select>
+                </div>
+                <div class="mb-3">
+                    <label for="password" class="form-label">New Password</label>
+                    <input type="password" class="form-control" id="password" name="password" placeholder="Leave blank to keep current password">
+                </div>
+                <button type="submit" class="btn btn-primary">Update User</button>
+            </form>
+        </div>
+    </div>
+</div>
+
+<?php include 'footer.php'; ?>
diff --git a/footer.php b/footer.php
index dfa5f5d..5dee881 100644
--- a/footer.php
+++ b/footer.php
@@ -1,6 +1,6 @@
 <footer class="footer mt-auto py-3 bg-light">
   <div class="container text-center">
-    <span class="text-muted">© <?php echo date("Y"); ?> E-PRTR+LCP Integrated Data Reporting. All rights reserved.</span>
+    <span class="text-muted">© <?php echo date("Y"); ?> IEPR Integrated Data Reporting. All rights reserved.</span>
   </div>
 </footer>
 <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
diff --git a/header.php b/header.php
index cf624d6..0e4f89f 100644
--- a/header.php
+++ b/header.php
@@ -6,7 +6,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>Integrated Environmental Management System</title>
     <meta name="description" content="Built with Flatlogic Generator">
-    <meta name="keywords" content="E-PRTR, LCP, data reporting, environmental pollutants, emissions, Industrial Emissions Directive, IED, data model, XML submission, environmental data, EU regulations, Built with Flatlogic Generator">
+    <meta name="keywords" content="IEPR, data reporting, environmental pollutants, emissions, Industrial Emissions Directive, IED, data model, XML submission, environmental data, EU regulations, Built with Flatlogic Generator">
     <meta property="og:title" content="Integrated Environmental Management System">
     <meta property="og:description" content="Built with Flatlogic Generator">
     <meta property="og:image" content="">
@@ -24,7 +24,7 @@
   <div class="container">
     <a class="navbar-brand" href="index.php" style="font-family: 'Montserrat', sans-serif; color: #005bac;">
         <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-shield-check d-inline-block align-text-top me-2"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"></path><polyline points="9 12 11 14 15 10"></polyline></svg>
-        E-PRTR+LCP
+        IEPR
     </a>
     <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNav" aria-controls="navbarNav" aria-expanded="false" aria-label="Toggle navigation">
       <span class="navbar-toggler-icon"></span>
@@ -38,6 +38,11 @@
             <li class="nav-item">
               <a class="nav-link" href="dashboard.php">Dashboard</a>
             </li>
+            <?php if (isset($_SESSION['user_role']) && $_SESSION['user_role'] === 'admin'): ?>
+            <li class="nav-item">
+              <a class="nav-link" href="users.php">User Management</a>
+            </li>
+            <?php endif; ?>
             <li class="nav-item">
               <a class="nav-link" href="index.php?logout=1">Logout</a>
             </li>
diff --git a/index.php b/index.php
index 9dedd62..7fd2d92 100644
--- a/index.php
+++ b/index.php
@@ -12,12 +12,20 @@ if (isset($_GET['logout'])) {
 <main class="container mt-5 flex-grow-1">
     <div class="p-5 mb-4 bg-white rounded-3 shadow-sm border">
         <div class="container-fluid py-5">
-            <h1 class="display-5 fw-bold">E-PRTR+LCP Integrated Data Reporting</h1>
+            <h1 class="display-5 fw-bold">IEPR Integrated Data Reporting</h1>
             <p class="col-md-8 fs-4">A comprehensive system for reporters, validators, and analysts to manage environmental data submissions under EU regulations.</p>
             <a href="login.php" class="btn btn-primary btn-lg">Login & Get Started</a>
         </div>
     </div>
 
+    <div class="p-5 mb-4 bg-light rounded-3 shadow-sm border">
+        <div class="container-fluid py-3">
+            <h2 class="display-6 fw-bold">Transition to the Industrial Emissions Portal Regulation (IEPR)</h2>
+            <p class="col-md-12 fs-5">The European Union has updated its regulations on environmental data reporting, replacing the former European Pollutant Release and Transfer Register (E-PRTR) with the new Industrial Emissions Portal Regulation (IEPR). This new regulation aims to enhance public access to environmental information and streamline the reporting process for industrial facilities.</p>
+            <p class="col-md-12 fs-5">Our platform has been fully updated to align with the IEPR requirements. All data submission, validation, and analysis tools are now compliant with the new format, ensuring a seamless transition for all users.</p>
+        </div>
+    </div>
+
     <div class="row align-items-md-stretch">
         <div class="col-md-6 mb-4">
             <div class="h-100 p-5 text-white rounded-3" style="background-color: #005bac;">
diff --git a/login.php b/login.php
index 85b521d..8a76147 100644
--- a/login.php
+++ b/login.php
@@ -12,11 +12,21 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
         $error = 'Please enter a valid email address.';
     } else {
-        // In a real application, you would validate credentials against a database.
-        // For this demo, we'll just simulate a successful login.
-        $_SESSION['user_email'] = $email;
-        header('Location: dashboard.php');
-        exit;
+        require_once 'db/config.php';
+        $pdo = db();
+        $stmt = $pdo->prepare("SELECT * FROM users WHERE email = :email");
+        $stmt->execute(['email' => $email]);
+        $user = $stmt->fetch();
+
+        if ($user && password_verify($password, $user['password'])) {
+            $_SESSION['user_id'] = $user['id'];
+            $_SESSION['user_email'] = $user['email'];
+            $_SESSION['user_role'] = $user['role'];
+            header('Location: dashboard.php');
+            exit;
+        } else {
+            $error = 'Invalid credentials.';
+        }
     }
 }
 ?>
@@ -29,7 +39,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
                     <h3 class="my-4">Login</h3>
                 </div>
                 <div class="card-body p-4">
-                    <p class="text-center text-muted mb-4">Access your E-PRTR+LCP account</p>
+                    <p class="text-center text-muted mb-4">Access your IEPR account</p>
                     <?php if ($error): ?>
                         <div class="alert alert-danger"><?php echo htmlspecialchars($error); ?></div>
                     <?php endif; ?>
diff --git a/upload.php b/upload.php
index bb462ca..2f344fc 100644
--- a/upload.php
+++ b/upload.php
@@ -45,9 +45,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['xmlfile'])) {
                 try {
                     $pdo = db();
                     $stmt = $pdo->prepare(
-                        'INSERT INTO uploaded_files (original_filename, new_filename, uploaded_by) VALUES (?, ?, ?)'
+                        'INSERT INTO uploaded_files (original_filename, new_filename, uploaded_by, user_id) VALUES (?, ?, ?, ?)'
                     );
-                    $stmt->execute([$original_filename, $new_filename, $_SESSION['user_email']]);
+                    $stmt->execute([$original_filename, $new_filename, $_SESSION['user_email'], $_SESSION['user_id']]);
                     $message = '<strong>Success!</strong> Your file "' . htmlspecialchars($original_filename) . '" has been uploaded and is pending validation.';
                     $message_type = 'success';
                 } catch (PDOException $e) {
@@ -73,7 +73,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['xmlfile'])) {
                     <h2>Submit a new Report</h2>
                 </div>
                 <div class="card-body">
-                    <p class="card-text">Please select the E-PRTR XML report file you wish to submit. The file will be validated against the required schema before being processed.</p>
+                    <p class="card-text">Please select the IEPR XML report file you wish to submit. The file will be validated against the required schema before being processed.</p>
                     
                     <?php if ($message): ?>
                         <div class="alert alert-<?php echo $message_type; ?>">
diff --git a/users.php b/users.php
new file mode 100644
index 0000000..09d60f1
--- /dev/null
+++ b/users.php
@@ -0,0 +1,159 @@
+<?php
+require_once 'config.php';
+require_once 'db/config.php';
+
+// Admin-only access
+if (!isset($_SESSION['user_role']) || $_SESSION['user_role'] !== 'admin') {
+    header('Location: dashboard.php');
+    exit;
+}
+
+$pdo = db();
+$feedback = [];
+
+if (isset($_GET['update']) && $_GET['update'] === 'success') {
+    $feedback = ['type' => 'success', 'message' => 'User updated successfully.'];
+}
+
+// Handle Create User
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'create') {
+    $email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
+    $password = $_POST['password'];
+    $role = $_POST['role'];
+
+    if (!$email || empty($password) || !in_array($role, ['user', 'admin'])) {
+        $feedback = ['type' => 'danger', 'message' => 'Invalid input. Please check all fields.'];
+    } else {
+        // Check if user already exists
+        $stmt = $pdo->prepare("SELECT id FROM users WHERE email = ?");
+        $stmt->execute([$email]);
+        if ($stmt->fetch()) {
+            $feedback = ['type' => 'danger', 'message' => 'User with this email already exists.'];
+        } else {
+            $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
+            $stmt = $pdo->prepare("INSERT INTO users (email, password, role) VALUES (?, ?, ?)");
+            if ($stmt->execute([$email, $hashedPassword, $role])) {
+                $feedback = ['type' => 'success', 'message' => 'User created successfully.'];
+            } else {
+                $feedback = ['type' => 'danger', 'message' => 'Failed to create user.'];
+            }
+        }
+    }
+}
+
+// Handle Delete User
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'delete') {
+    $userId = filter_input(INPUT_POST, 'user_id', FILTER_VALIDATE_INT);
+    // Prevent admin from deleting themselves
+    if ($userId && $userId != $_SESSION['user_id']) {
+        $stmt = $pdo->prepare("DELETE FROM users WHERE id = ?");
+        if ($stmt->execute([$userId])) {
+            $feedback = ['type' => 'success', 'message' => 'User deleted successfully.'];
+        } else {
+            $feedback = ['type' => 'danger', 'message' => 'Failed to delete user.'];
+        }
+    } else {
+        $feedback = ['type' => 'danger', 'message' => 'Invalid request or you cannot delete your own account.'];
+    }
+}
+
+
+$stmt = $pdo->query("SELECT id, email, role, created_at FROM users ORDER BY created_at DESC");
+$users = $stmt->fetchAll();
+
+include 'header.php';
+?>
+
+<div class="container py-5">
+    <div class="d-flex justify-content-between align-items-center mb-4">
+        <h1 class="text-primary">User Management</h1>
+        <a href="dashboard.php" class="btn btn-outline-secondary">Back to Dashboard</a>
+    </div>
+
+    <?php if (!empty($feedback)): ?>
+        <div class="alert alert-<?php echo htmlspecialchars($feedback['type']); ?> alert-dismissible fade show" role="alert">
+            <?php echo htmlspecialchars($feedback['message']); ?>
+            <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
+        </div>
+    <?php endif; ?>
+
+    <!-- Create User Form -->
+    <div class="card shadow-sm mb-4">
+        <div class="card-header bg-light">
+            <h5 class="mb-0">Create New User</h5>
+        </div>
+        <div class="card-body">
+            <form action="users.php" method="POST">
+                <input type="hidden" name="action" value="create">
+                <div class="row">
+                    <div class="col-md-4 mb-3">
+                        <label for="email" class="form-label">Email</label>
+                        <input type="email" class="form-control" id="email" name="email" required>
+                    </div>
+                    <div class="col-md-3 mb-3">
+                        <label for="password" class="form-label">Password</label>
+                        <input type="password" class="form-control" id="password" name="password" required>
+                    </div>
+                    <div class="col-md-3 mb-3">
+                        <label for="role" class="form-label">Role</label>
+                        <select class="form-select" id="role" name="role">
+                            <option value="user" selected>User</option>
+                            <option value="admin">Admin</option>
+                        </select>
+                    </div>
+                    <div class="col-md-2 d-flex align-items-end">
+                        <button type="submit" class="btn btn-primary w-100">Create User</button>
+                    </div>
+                </div>
+            </form>
+        </div>
+    </div>
+
+    <div class="card shadow-sm">
+        <div class="card-header bg-light">
+            <h5 class="mb-0">All Users</h5>
+        </div>
+        <div class="card-body">
+            <div class="table-responsive">
+                <table class="table table-striped table-hover">
+                    <thead class="table-light">
+                        <tr>
+                            <th>ID</th>
+                            <th>Email</th>
+                            <th>Role</th>
+                            <th>Registered At</th>
+                            <th class="text-end">Actions</th>
+                        </tr>
+                    </thead>
+                    <tbody>
+                        <?php if (empty($users)):
+                            ?>
+                            <tr>
+                                <td colspan="5" class="text-center text-muted">No users found.</td>
+                            </tr>
+                        <?php else: ?>
+                            <?php foreach ($users as $user): ?>
+                                <tr>
+                                    <td><?php echo htmlspecialchars($user['id']); ?></td>
+                                    <td><?php echo htmlspecialchars($user['email']); ?></td>
+                                    <td><span class="badge bg-secondary"><?php echo htmlspecialchars($user['role']); ?></span></td>
+                                    <td><?php echo htmlspecialchars(date('Y-m-d H:i', strtotime($user['created_at']))); ?></td>
+                                    <td class="text-end">
+                                        <a href="edit_user.php?id=<?php echo $user['id']; ?>" class="btn btn-sm btn-outline-primary">Edit</a>
+                                        <form action="users.php" method="POST" class="d-inline" onsubmit="return confirm('Are you sure you want to delete this user?');">
+                                            <input type="hidden" name="action" value="delete">
+                                            <input type="hidden" name="user_id" value="<?php echo $user['id']; ?>">
+                                            <button type="submit" class="btn btn-sm btn-outline-danger" <?php if($user['id'] == $_SESSION['user_id']) echo 'disabled'; ?>>Delete</button>
+                                        </form>
+                                    </td>
+                                </tr>
+                            <?php endforeach; ?>
+                        <?php endif; ?>
+                    </tbody>
+                </table>
+            </div>
+        </div>
+    </div>
+</div>
+
+<?php include 'footer.php'; ?>
\ No newline at end of file