admin/35273-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
35273-vm/edit_user.php
Flatlogic Bot 734d16aa81 v4
2025-10-27 13:06:57 +00:00

120 lines
4.5 KiB
PHP
Raw Permalink Blame History

<?php
require_once 'config.php';
require_once 'db/config.php';
// Admin-only access
if (!isset($_SESSION['user_role']) || $_SESSION['user_role'] !== 'admin') {
header('Location: dashboard.php');
exit;
}
$pdo = db();
$feedback = [];
$userId = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT);
if (!$userId) {
header('Location: users.php');
exit;
}
// Handle Update User
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'update') {
$email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
$role = $_POST['role'];
$password = $_POST['password']; // New password
$postedUserId = filter_input(INPUT_POST, 'user_id', FILTER_VALIDATE_INT);
if (!$email || !in_array($role, ['user', 'admin']) || $postedUserId != $userId) {
$feedback = ['type' => 'danger', 'message' => 'Invalid input. Please check all fields.'];
} else {
// Prevent admin from changing their own role if they are the last admin
if ($userId == $_SESSION['user_id'] && $role !== 'admin') {
$stmt = $pdo->prepare("SELECT COUNT(*) FROM users WHERE role = 'admin'");
$stmt->execute();
$adminCount = $stmt->fetchColumn();
if ($adminCount <= 1) {
$feedback = ['type' => 'danger', 'message' => 'You cannot change your role as you are the only admin.'];
}
}
if (empty($feedback)) {
$sql = "UPDATE users SET email = ?, role = ?";
$params = [$email, $role];
if (!empty($password)) {
$sql .= ", password = ?";
$params[] = password_hash($password, PASSWORD_DEFAULT);
}
$sql .= " WHERE id = ?";
$params[] = $userId;
$stmt = $pdo->prepare($sql);
if ($stmt->execute($params)) {
header('Location: users.php?update=success');
exit;
} else {
$feedback = ['type' => 'danger', 'message' => 'Failed to update user.'];
}
}
}
}
// Fetch user data
$stmt = $pdo->prepare("SELECT id, email, role FROM users WHERE id = ?");
$stmt->execute([$userId]);
$user = $stmt->fetch();
if (!$user) {
header('Location: users.php');
exit;
}
include 'header.php';
?>
<div class="container py-5">
<div class="d-flex justify-content-between align-items-center mb-4">
<h1 class="text-primary">Edit User</h1>
<a href="users.php" class="btn btn-outline-secondary">Back to User List</a>
</div>
<?php if (!empty($feedback)):
?>
<div class="alert alert-<?php echo htmlspecialchars($feedback['type']); ?> alert-dismissible fade show" role="alert">
<?php echo htmlspecialchars($feedback['message']); ?>
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
</div>
<?php endif; ?>
<div class="card shadow-sm">
<div class="card-header bg-light">
<h5 class="mb-0">Editing User: <?php echo htmlspecialchars($user['email']); ?></h5>
</div>
<div class="card-body">
<form action="edit_user.php?id=<?php echo $user['id']; ?>" method="POST">
<input type="hidden" name="action" value="update">
<input type="hidden" name="user_id" value="<?php echo $user['id']; ?>">
<div class="mb-3">
<label for="email" class="form-label">Email</label>
<input type="email" class="form-control" id="email" name="email" value="<?php echo htmlspecialchars($user['email']); ?>" required>
</div>
<div class="mb-3">
<label for="role" class="form-label">Role</label>
<select class="form-select" id="role" name="role">
<option value="user" <?php if ($user['role'] === 'user') echo 'selected'; ?>>User</option>
<option value="admin" <?php if ($user['role'] === 'admin') echo 'selected'; ?>>Admin</option>
</select>
</div>
<div class="mb-3">
<label for="password" class="form-label">New Password</label>
<input type="password" class="form-control" id="password" name="password" placeholder="Leave blank to keep current password">
</div>
<button type="submit" class="btn btn-primary">Update User</button>
</form>
</div>
</div>
</div>
<?php include 'footer.php'; ?>
Reference in New Issue View Git Blame Copy Permalink