admin/36352-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
36352-vm/users.php
Flatlogic Bot e15fa31a20 t6
2025-11-27 10:42:12 +00:00

319 lines
16 KiB
PHP
Raw Blame History

<?php
session_start();
// Authentication check
if (!isset($_SESSION['user_id']) || $_SESSION['role_name'] !== 'admin') {
header('Location: login.php');
exit();
}
require_once 'db/config.php';
try {
$pdo = db();
// Create users table if it doesn't exist
$pdo->exec("CREATE TABLE IF NOT EXISTS users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(255) NOT NULL UNIQUE,
email VARCHAR(255) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL,
role_id INT,
first_name VARCHAR(255),
last_name VARCHAR(255),
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (role_id) REFERENCES roles(id) ON DELETE SET NULL
)");
// Fetch all roles for the dropdown
$roles = $pdo->query("SELECT * FROM roles ORDER BY role_name")->fetchAll();
// Function to log activity
function log_activity($user_id, $action) {
global $pdo;
$stmt = $pdo->prepare("INSERT INTO activities (user_id, action) VALUES (:user_id, :action)");
$stmt->execute(['user_id' => $user_id, 'action' => $action]);
}
// Handle Create and Update
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['add_user'])) {
$username = trim($_POST['username']);
$email = trim($_POST['email']);
$password = $_POST['password'];
$role_id = $_POST['role_id'];
$first_name = trim($_POST['first_name']);
$last_name = trim($_POST['last_name']);
if (!empty($username) && !empty($email) && !empty($password) && !empty($role_id)) {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$stmt = $pdo->prepare("INSERT INTO users (username, email, password, role_id, first_name, last_name) VALUES (:username, :email, :password, :role_id, :first_name, :last_name)");
$stmt->execute([
'username' => $username,
'email' => $email,
'password' => $hashed_password,
'role_id' => $role_id,
'first_name' => $first_name,
'last_name' => $last_name
]);
$new_user_id = $pdo->lastInsertId();
log_activity($_SESSION['user_id'], "Created user {$username} (ID: {$new_user_id})");
}
} elseif (isset($_POST['update_user'])) {
$id = $_POST['user_id'];
$username = trim($_POST['username']);
$email = trim($_POST['email']);
$password = $_POST['password'];
$role_id = $_POST['role_id'];
$first_name = trim($_POST['first_name']);
$last_name = trim($_POST['last_name']);
if (!empty($id) && !empty($username) && !empty($email) && !empty($role_id)) {
if (!empty($password)) {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$stmt = $pdo->prepare("UPDATE users SET username = :username, email = :email, password = :password, role_id = :role_id, first_name = :first_name, last_name = :last_name WHERE id = :id");
$stmt->execute([
'username' => $username,
'email' => $email,
'password' => $hashed_password,
'role_id' => $role_id,
'first_name' => $first_name,
'last_name' => $last_name,
'id' => $id
]);
} else {
$stmt = $pdo->prepare("UPDATE users SET username = :username, email = :email, role_id = :role_id, first_name = :first_name, last_name = :last_name WHERE id = :id");
$stmt->execute([
'username' => $username,
'email' => $email,
'role_id' => $role_id,
'first_name' => $first_name,
'last_name' => $last_name,
'id' => $id
]);
}
log_activity($_SESSION['user_id'], "Updated user {$username} (ID: {$id})");
} elseif (isset($_POST['link_parent_child'])) {
$parent_id = $_POST['parent_id'];
$child_id = $_POST['child_id'];
if (!empty($parent_id) && !empty($child_id)) {
$stmt = $pdo->prepare("INSERT INTO parent_child (parent_id, child_id) VALUES (:parent_id, :child_id)");
$stmt->execute(['parent_id' => $parent_id, 'child_id' => $child_id]);
log_activity($_SESSION['user_id'], "Linked parent (ID: {$parent_id}) to child (ID: {$child_id})");
}
header("Location: users.php?link_success=1");
exit;
}
header("Location: users.php");
exit;
}
// Handle Delete
if (isset($_GET['delete_id'])) {
$id = $_GET['delete_id'];
// Get username for logging
$stmt = $pdo->prepare("SELECT username FROM users WHERE id = :id");
$stmt->execute(['id' => $id]);
$deleted_user = $stmt->fetch();
$stmt = $pdo->prepare("DELETE FROM users WHERE id = :id");
$stmt->execute(['id' => $id]);
if ($deleted_user) {
log_activity($_SESSION['user_id'], "Deleted user {$deleted_user['username']} (ID: {$id})");
}
header("Location: users.php");
exit;
}
// Fetch all users with their role names
$users = $pdo->query("
SELECT users.*, roles.role_name AS role_name
FROM users
LEFT JOIN roles ON users.role_id = roles.id
ORDER BY users.id DESC
")->fetchAll();
// Fetch all parents and students
$parents = $pdo->query("SELECT u.id, u.first_name, u.last_name FROM users u JOIN roles r ON u.role_id = r.id WHERE r.role_name = 'parent'")->fetchAll();
$students = $pdo->query("SELECT u.id, u.first_name, u.last_name FROM users u JOIN roles r ON u.role_id = r.id WHERE r.role_name = 'student'")->fetchAll();
// Fetch user for editing
$editing_user = null;
if (isset($_GET['edit_id'])) {
$id = $_GET['edit_id'];
$stmt = $pdo->prepare("SELECT * FROM users WHERE id = :id");
$stmt->execute(['id' => $id]);
$editing_user = $stmt->fetch();
}
} catch (PDOException $e) {
die("Database error: " . $e->getMessage());
}
?>
<!DOCTYPE html>
<html lang="fa" dir="rtl">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>مدیریت کاربران</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.rtl.min.css" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=Vazirmatn:wght@400;700&display=swap" rel="stylesheet">
<link rel="stylesheet" href="assets/css/custom.css?v=<?php echo time(); ?>">
<script src="https://unpkg.com/feather-icons"></script>
</head>
<body>
<header class="p-3 mb-3 border-bottom sticky-top bg-light">
<div class="container">
<div class="d-flex flex-wrap align-items-center justify-content-center justify-content-lg-start">
<a href="/" class="d-flex align-items-center mb-2 mb-lg-0 text-dark text-decoration-none">
<span class="fs-4">مدیریت مدرسه</span>
</a>
<ul class="nav col-12 col-lg-auto me-lg-auto mb-2 justify-content-center mb-md-0">
<li><a href="index.php" class="nav-link px-2 link-dark">خانه</a></li>
<li><a href="roles.php" class="nav-link px-2 link-dark">مدیریت نقش‌ها</a></li>
<li><a href="users.php" class="nav-link px-2 link-secondary">مدیریت کاربران</a></li>
<li><a href="activities.php" class="nav-link px-2 link-dark">Activities</a></li>
<li><a href="exams.php" class="nav-link px-2 link-dark">Exams</a></li>
<li><a href="attendance.php" class="nav-link px-2 link-dark">Attendance</a></li>
</ul>
<div class="text-end">
<?php if (isset($_SESSION['user_id'])): ?>
<a href="logout.php" class="btn btn-outline-primary">خروج</a>
<?php else: ?>
<a href="login.php" class="btn btn-primary">ورود</a>
<?php endif; ?>
</div>
</div>
</div>
</header>
<main class="container py-5">
<div class="row">
<div class="col-md-8">
<h2>فهرست کاربران</h2>
<div class="table-responsive">
<table class="table table-striped table-hover">
<thead>
<tr>
<th>#</th>
<th>نام کاربری</th>
<th>ایمیل</th>
<th>نقش</th>
<th>عملیات</th>
</tr>
</thead>
<tbody>
<?php foreach ($users as $user): ?>
<tr>
<td><?php echo htmlspecialchars($user['id']); ?></td>
<td><?php echo htmlspecialchars($user['username']); ?></td>
<td><?php echo htmlspecialchars($user['email']); ?></td>
<td><?php echo htmlspecialchars($user['role_name'] ?? 'بدون نقش'); ?></td>
<td>
<a href="users.php?edit_id=<?php echo $user['id']; ?>" class="btn btn-sm btn-outline-primary">ویرایش</a>
<a href="users.php?delete_id=<?php echo $user['id']; ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('آیا مطمئن هستید؟')">حذف</a>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
<div class="col-md-4">
<h2><?php echo $editing_user ? 'ویرایش کاربر' : 'افزودن کاربر جدید'; ?></h2>
<form method="POST" action="users.php">
<?php if ($editing_user): ?>
<input type="hidden" name="user_id" value="<?php echo $editing_user['id']; ?>">
<?php endif; ?>
<div class="mb-3">
<label for="username" class="form-label">نام کاربری</label>
<input type="text" class="form-control" id="username" name="username" value="<?php echo htmlspecialchars($editing_user['username'] ?? ''); ?>" required>
</div>
<div class="mb-3">
<label for="email" class="form-label">ایمیل</label>
<input type="email" class="form-control" id="email" name="email" value="<?php echo htmlspecialchars($editing_user['email'] ?? ''); ?>" required>
</div>
<div class="mb-3">
<label for="first_name" class="form-label">نام</label>
<input type="text" class="form-control" id="first_name" name="first_name" value="<?php echo htmlspecialchars($editing_user['first_name'] ?? ''); ?>">
</div>
<div class="mb-3">
<label for="last_name" class="form-label">نام خانوادگی</label>
<input type="text" class="form-control" id="last_name" name="last_name" value="<?php echo htmlspecialchars($editing_user['last_name'] ?? ''); ?>">
</div>
<div class="mb-3">
<label for="password" class="form-label">رمز عبور <?php echo $editing_user ? '(خالی بگذارید تا بدون تغییر بماند)' : ''; ?></label>
<input type="password" class="form-control" id="password" name="password" <?php echo !$editing_user ? 'required' : ''; ?>>
</div>
<div class="mb-3">
<label for="role_id" class="form-label">نقش</label>
<select class="form-select" id="role_id" name="role_id" required>
<option value="">یک نقش انتخاب کنید</option>
<?php foreach ($roles as $role): ?>
<option value="<?php echo $role['id']; ?>" <?php echo (isset($editing_user) && $editing_user['role_id'] == $role['id']) ? 'selected' : ''; ?>>
<?php echo htmlspecialchars($role['role_name']); ?>
</option>
<?php endforeach; ?>
</select>
</div>
<?php if ($editing_user): ?>
<button type="submit" name="update_user" class="btn btn-primary w-100">به‌روزرسانی</button>
<a href="users.php" class="btn btn-secondary w-100 mt-2">انصراف</a>
<?php else: ?>
<button type="submit" name="add_user" class="btn btn-success w-100">افزودن</button>
<?php endif; ?>
</form>
</div>
</div>
<div class="row mt-5">
<div class="col-md-12">
<h2>Link Parent to Child</h2>
<?php if (isset($_GET['link_success'])): ?>
<div class="alert alert-success">Parent and child linked successfully.</div>
<?php endif; ?>
<form method="POST" action="users.php">
<div class="row">
<div class="col-md-5">
<label for="parent_id" class="form-label">Parent</label>
<select class="form-select" id="parent_id" name="parent_id" required>
<option value="">Select a parent</option>
<?php foreach ($parents as $parent): ?>
<option value="<?php echo $parent['id']; ?>"><?php echo htmlspecialchars($parent['first_name'] . ' ' . $parent['last_name']); ?></option>
<?php endforeach; ?>
</select>
</div>
<div class="col-md-5">
<label for="child_id" class="form-label">Child</label>
<select class="form-select" id="child_id" name="child_id" required>
<option value="">Select a child</option>
<?php foreach ($students as $student): ?>
<option value="<?php echo $student['id']; ?>"><?php echo htmlspecialchars($student['first_name'] . ' ' . $student['last_name']); ?></option>
<?php endforeach; ?>
</select>
</div>
<div class="col-md-2 d-flex align-items-end">
<button type="submit" name="link_parent_child" class="btn btn-primary w-100">Link</button>
</div>
</div>
</form>
</div>
</div>
</main>
<footer class="footer mt-auto py-3 bg-light">
<div class="container text-center">
<span class="text-muted">© 2025 سیستم مدیریت مدرسه</span>
</div>
</footer>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
<script>
feather.replace()
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink