admin/36352-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
36352-vm/users.php
Flatlogic Bot 082d14fa79 v5
2025-11-27 10:17:29 +00:00

251 lines
12 KiB
PHP
Raw Blame History

<?php
session_start();
// Authentication check
if (!isset($_SESSION['user_id']) || $_SESSION['role_name'] !== 'admin') {
header('Location: login.php');
exit();
}
require_once 'db/config.php';
try {
$pdo = db();
// Create users table if it doesn't exist
$pdo->exec("CREATE TABLE IF NOT EXISTS users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(255) NOT NULL UNIQUE,
email VARCHAR(255) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL,
role_id INT,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (role_id) REFERENCES roles(id) ON DELETE SET NULL
)");
// Fetch all roles for the dropdown
$roles = $pdo->query("SELECT * FROM roles ORDER BY name")->fetchAll();
// Function to log activity
function log_activity($user_id, $action) {
global $pdo;
$stmt = $pdo->prepare("INSERT INTO activities (user_id, action) VALUES (:user_id, :action)");
$stmt->execute(['user_id' => $user_id, 'action' => $action]);
}
// Handle Create and Update
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['add_user'])) {
$username = trim($_POST['username']);
$email = trim($_POST['email']);
$password = $_POST['password'];
$role_id = $_POST['role_id'];
if (!empty($username) && !empty($email) && !empty($password) && !empty($role_id)) {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$stmt = $pdo->prepare("INSERT INTO users (username, email, password, role_id) VALUES (:username, :email, :password, :role_id)");
$stmt->execute([
'username' => $username,
'email' => $email,
'password' => $hashed_password,
'role_id' => $role_id
]);
$new_user_id = $pdo->lastInsertId();
log_activity($_SESSION['user_id'], "Created user {$username} (ID: {$new_user_id})");
}
} elseif (isset($_POST['update_user'])) {
$id = $_POST['user_id'];
$username = trim($_POST['username']);
$email = trim($_POST['email']);
$password = $_POST['password'];
$role_id = $_POST['role_id'];
if (!empty($id) && !empty($username) && !empty($email) && !empty($role_id)) {
if (!empty($password)) {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$stmt = $pdo->prepare("UPDATE users SET username = :username, email = :email, password = :password, role_id = :role_id WHERE id = :id");
$stmt->execute([
'username' => $username,
'email' => $email,
'password' => $hashed_password,
'role_id' => $role_id,
'id' => $id
]);
} else {
$stmt = $pdo->prepare("UPDATE users SET username = :username, email = :email, role_id = :role_id WHERE id = :id");
$stmt->execute([
'username' => $username,
'email' => $email,
'role_id' => $role_id,
'id' => $id
]);
}
log_activity($_SESSION['user_id'], "Updated user {$username} (ID: {$id})");
}
}
header("Location: users.php");
exit;
}
// Handle Delete
if (isset($_GET['delete_id'])) {
$id = $_GET['delete_id'];
// Get username for logging
$stmt = $pdo->prepare("SELECT username FROM users WHERE id = :id");
$stmt->execute(['id' => $id]);
$deleted_user = $stmt->fetch();
$stmt = $pdo->prepare("DELETE FROM users WHERE id = :id");
$stmt->execute(['id' => $id]);
if ($deleted_user) {
log_activity($_SESSION['user_id'], "Deleted user {$deleted_user['username']} (ID: {$id})");
}
header("Location: users.php");
exit;
}
// Fetch all users with their role names
$users = $pdo->query("
SELECT users.*, roles.name AS role_name
FROM users
LEFT JOIN roles ON users.role_id = roles.id
ORDER BY users.id DESC
")->fetchAll();
// Fetch user for editing
$editing_user = null;
if (isset($_GET['edit_id'])) {
$id = $_GET['edit_id'];
$stmt = $pdo->prepare("SELECT * FROM users WHERE id = :id");
$stmt->execute(['id' => $id]);
$editing_user = $stmt->fetch();
}
} catch (PDOException $e) {
die("Database error: " . $e->getMessage());
}
?>
<!DOCTYPE html>
<html lang="fa" dir="rtl">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>مدیریت کاربران</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.rtl.min.css" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=Vazirmatn:wght@400;700&display=swap" rel="stylesheet">
<link rel="stylesheet" href="assets/css/custom.css?v=<?php echo time(); ?>">
<script src="https://unpkg.com/feather-icons"></script>
</head>
<body>
<header class="p-3 mb-3 border-bottom sticky-top bg-light">
<div class="container">
<div class="d-flex flex-wrap align-items-center justify-content-center justify-content-lg-start">
<a href="/" class="d-flex align-items-center mb-2 mb-lg-0 text-dark text-decoration-none">
<span class="fs-4">مدیریت مدرسه</span>
</a>
<ul class="nav col-12 col-lg-auto me-lg-auto mb-2 justify-content-center mb-md-0">
<li><a href="index.php" class="nav-link px-2 link-dark">خانه</a></li>
<li><a href="roles.php" class="nav-link px-2 link-dark">مدیریت نقش‌ها</a></li>
<li><a href="users.php" class="nav-link px-2 link-secondary">مدیریت کاربران</a></li>
<li><a href="activities.php" class="nav-link px-2 link-dark">Activities</a></li>
<li><a href="exams.php" class="nav-link px-2 link-dark">Exams</a></li>
<li><a href="attendance.php" class="nav-link px-2 link-dark">Attendance</a></li>
</ul>
<div class="text-end">
<?php if (isset($_SESSION['user_id'])): ?>
<a href="logout.php" class="btn btn-outline-primary">خروج</a>
<?php else: ?>
<a href="login.php" class="btn btn-primary">ورود</a>
<?php endif; ?>
</div>
</div>
</div>
</header>
<main class="container py-5">
<div class="row">
<div class="col-md-8">
<h2>فهرست کاربران</h2>
<div class="table-responsive">
<table class="table table-striped table-hover">
<thead>
<tr>
<th>#</th>
<th>نام کاربری</th>
<th>ایمیل</th>
<th>نقش</th>
<th>عملیات</th>
</tr>
</thead>
<tbody>
<?php foreach ($users as $user): ?>
<tr>
<td><?php echo htmlspecialchars($user['id']); ?></td>
<td><?php echo htmlspecialchars($user['username']); ?></td>
<td><?php echo htmlspecialchars($user['email']); ?></td>
<td><?php echo htmlspecialchars($user['role_name'] ?? 'بدون نقش'); ?></td>
<td>
<a href="users.php?edit_id=<?php echo $user['id']; ?>" class="btn btn-sm btn-outline-primary">ویرایش</a>
<a href="users.php?delete_id=<?php echo $user['id']; ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('آیا مطمئن هستید؟')">حذف</a>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
<div class="col-md-4">
<h2><?php echo $editing_user ? 'ویرایش کاربر' : 'افزودن کاربر جدید'; ?></h2>
<form method="POST" action="users.php">
<?php if ($editing_user): ?>
<input type="hidden" name="user_id" value="<?php echo $editing_user['id']; ?>">
<?php endif; ?>
<div class="mb-3">
<label for="username" class="form-label">نام کاربری</label>
<input type="text" class="form-control" id="username" name="username" value="<?php echo htmlspecialchars($editing_user['username'] ?? ''); ?>" required>
</div>
<div class="mb-3">
<label for="email" class="form-label">ایمیل</label>
<input type="email" class="form-control" id="email" name="email" value="<?php echo htmlspecialchars($editing_user['email'] ?? ''); ?>" required>
</div>
<div class="mb-3">
<label for="password" class="form-label">رمز عبور <?php echo $editing_user ? '(خالی بگذارید تا بدون تغییر بماند)' : ''; ?></label>
<input type="password" class="form-control" id="password" name="password" <?php echo !$editing_user ? 'required' : ''; ?>>
</div>
<div class="mb-3">
<label for="role_id" class="form-label">نقش</label>
<select class="form-select" id="role_id" name="role_id" required>
<option value="">یک نقش انتخاب کنید</option>
<?php foreach ($roles as $role): ?>
<option value="<?php echo $role['id']; ?>" <?php echo (isset($editing_user) && $editing_user['role_id'] == $role['id']) ? 'selected' : ''; ?>>
<?php echo htmlspecialchars($role['name']); ?>
</option>
<?php endforeach; ?>
</select>
</div>
<?php if ($editing_user): ?>
<button type="submit" name="update_user" class="btn btn-primary w-100">به‌روزرسانی</button>
<a href="users.php" class="btn btn-secondary w-100 mt-2">انصراف</a>
<?php else: ?>
<button type="submit" name="add_user" class="btn btn-success w-100">افزودن</button>
<?php endif; ?>
</form>
</div>
</div>
</main>
<footer class="footer mt-auto py-3 bg-light">
<div class="container text-center">
<span class="text-muted">© 2025 سیستم مدیریت مدرسه</span>
</div>
</footer>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
<script>
feather.replace()
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink