35429-vm/add_member.php

<?php
session_start();
require_once 'db/config.php';

$status = 'error';
$message = 'An unexpected error occurred.';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $name = trim($_POST['name'] ?? '');
    $email = trim($_POST['email'] ?? '');
    $role = trim($_POST['role'] ?? '');

    if (empty($name) || empty($email) || empty($role)) {
        $message = 'Please fill in all required fields.';
    } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $message = 'Please provide a valid email address.';
    } else {
        try {
            $db = db();
            
            // Check if email already exists
            $stmt = $db->prepare("SELECT id FROM team_members WHERE email = :email");
            $stmt->bindParam(':email', $email);
            $stmt->execute();

            if ($stmt->fetch()) {
                $message = 'A member with this email address already exists.';
            } else {
                // Insert new member
                $password = password_hash('password', PASSWORD_DEFAULT);
                $sql = "INSERT INTO team_members (name, email, role, password) VALUES (:name, :email, :role, :password)";
                $stmt = $db->prepare($sql);
                $stmt->bindParam(':name', $name);
                $stmt->bindParam(':email', $email);
                $stmt->bindParam(':role', $role);
                $stmt->bindParam(':password', $password);
                
                if ($stmt->execute()) {
                    $status = 'success';
                    $message = 'New team member added successfully!';
                } else {
                    $message = 'Failed to add new member. Please try again.';
                }
            }
        } catch (PDOException $e) {
            // In a real app, log the error instead of showing it to the user
            // error_log($e->getMessage());
            $message = 'Database error. Could not add member.';
        }
    }
} else {
    $message = 'Invalid request method.';
}

header('Location: team.php?status=' . $status . '&msg=' . urlencode($message));
exit();