prepare("INSERT INTO users (username, password, role_id) VALUES (?, ?, ?)"); $stmt->execute([$username, $hashed_password, $role_id]); $_SESSION['flash_message'] = ['type' => 'success', 'message' => 'User created successfully.']; } if ($action === 'update_role') { $user_id = $_POST['user_id']; $role_id = $_POST['role_id']; $stmt = $pdo->prepare("UPDATE users SET role_id = ? WHERE id = ?"); $stmt->execute([$role_id, $user_id]); $_SESSION['flash_message'] = ['type' => 'success', 'message' => 'User role updated successfully.']; } if ($action === 'delete_user') { $user_id = $_POST['user_id']; // Prevent admin from deleting themselves if ($user_id == get_user_id()) { $_SESSION['flash_message'] = ['type' => 'danger', 'message' => 'You cannot delete your own account.']; } else { $stmt = $pdo->prepare("DELETE FROM users WHERE id = ?"); $stmt->execute([$user_id]); $_SESSION['flash_message'] = ['type' => 'success', 'message' => 'User deleted successfully.']; } } } catch (PDOException $e) { $_SESSION['flash_message'] = ['type' => 'danger', 'message' => 'Database error: ' . $e->getMessage()]; } header('Location: manage_users.php'); exit(); } // Fetch all users and roles $stmt_users = $pdo->query("SELECT u.id, u.username, r.name as role_name, u.created_at FROM users u JOIN roles r ON u.role_id = r.id ORDER BY u.created_at DESC"); $users_list = $stmt_users->fetchAll(); $stmt_roles = $pdo->query("SELECT id, name FROM roles ORDER BY name"); $roles = $stmt_roles->fetchAll(); ?> Manage Users

Manage Users

Username Role Created At Actions