'success', 'message' => 'User updated successfully.']; } // Handle Create User if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'create') { $email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL); $password = $_POST['password']; $role = $_POST['role']; if (!$email || empty($password) || !in_array($role, ['user', 'admin'])) { $feedback = ['type' => 'danger', 'message' => 'Invalid input. Please check all fields.']; } else { // Check if user already exists $stmt = $pdo->prepare("SELECT id FROM users WHERE email = ?"); $stmt->execute([$email]); if ($stmt->fetch()) { $feedback = ['type' => 'danger', 'message' => 'User with this email already exists.']; } else { $hashedPassword = password_hash($password, PASSWORD_DEFAULT); $stmt = $pdo->prepare("INSERT INTO users (email, password, role) VALUES (?, ?, ?)"); if ($stmt->execute([$email, $hashedPassword, $role])) { $feedback = ['type' => 'success', 'message' => 'User created successfully.']; } else { $feedback = ['type' => 'danger', 'message' => 'Failed to create user.']; } } } } // Handle Delete User if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'delete') { $userId = filter_input(INPUT_POST, 'user_id', FILTER_VALIDATE_INT); // Prevent admin from deleting themselves if ($userId && $userId != $_SESSION['user_id']) { $stmt = $pdo->prepare("DELETE FROM users WHERE id = ?"); if ($stmt->execute([$userId])) { $feedback = ['type' => 'success', 'message' => 'User deleted successfully.']; } else { $feedback = ['type' => 'danger', 'message' => 'Failed to delete user.']; } } else { $feedback = ['type' => 'danger', 'message' => 'Invalid request or you cannot delete your own account.']; } } $stmt = $pdo->query("SELECT id, email, role, created_at FROM users ORDER BY created_at DESC"); $users = $stmt->fetchAll(); include 'header.php'; ?>

User Management

Back to Dashboard

Create New User

All Users

ID	Email	Role	Registered At	Actions
No users found.
				Edit