44 lines
1.1 KiB
PHP
44 lines
1.1 KiB
PHP
<?php
|
|
session_start();
|
|
|
|
if (!isset($_SESSION['user_id'])) {
|
|
header('Location: index.php');
|
|
exit;
|
|
}
|
|
|
|
require_once 'db/config.php';
|
|
|
|
if (isset($_GET['id']) && isset($_GET['status'])) {
|
|
$id = $_GET['id'];
|
|
$status = $_GET['status'];
|
|
|
|
// Basic validation
|
|
if ($status !== 'active' && $status !== 'inactive') {
|
|
$_SESSION['error_message'] = 'Invalid status value.';
|
|
header('Location: users.php');
|
|
exit;
|
|
}
|
|
|
|
// Prevent admin from deactivating themselves
|
|
if ($id == $_SESSION['user_id']) {
|
|
$_SESSION['error_message'] = 'You cannot deactivate your own account.';
|
|
header('Location: users.php');
|
|
exit;
|
|
}
|
|
|
|
|
|
try {
|
|
$pdo = db();
|
|
$sql = "UPDATE users SET status = ? WHERE id = ?";
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute([$status, $id]);
|
|
|
|
$_SESSION['success_message'] = 'User status updated successfully.';
|
|
} catch (PDOException $e) {
|
|
$_SESSION['error_message'] = 'Database error: ' . $e->getMessage();
|
|
}
|
|
}
|
|
|
|
header('Location: users.php');
|
|
exit;
|