query('SELECT id, name FROM roles ORDER BY name');
$roles = $stmt->fetchAll(PDO::FETCH_ASSOC);
if ($roles === false) {
throw new Exception("Failed to fetch roles from the database.");
}
} catch (PDOException $e) {
error_log('PDO Error in add-user.php: ' . $e->getMessage());
die("Error: A database error occurred while trying to fetch roles. Please check the logs. Message: " . $e->getMessage());
} catch (Exception $e) {
die("Error: " . $e->getMessage());
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$name = $_POST['name'] ?? '';
$email = $_POST['email'] ?? '';
$password = $_POST['password'] ?? '';
$role_id = $_POST['role_id'] ?? null;
if (empty($name) || empty($email) || empty($password) || empty($role_id)) {
$error_message = 'Please fill in all required fields.';
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error_message = 'Invalid email format.';
} else {
try {
$pdo = db();
$stmt = $pdo->prepare('SELECT id FROM users WHERE email = ?');
$stmt->execute([$email]);
if ($stmt->fetch()) {
$error_message = 'A user with this email address already exists.';
} else {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$sql = "INSERT INTO users (name, email, password, role_id) VALUES (?, ?, ?, ?)";
$stmt = $pdo->prepare($sql);
$stmt->execute([$name, $email, $hashed_password, $role_id]);
header("Location: users.php?success=user_added");
exit;
}
} catch (PDOException $e) {
$error_message = 'Database error: ' . $e->getMessage();
}
}
}
?>
Add New User - IC-Inventory