155 lines
7.0 KiB
PHP
155 lines
7.0 KiB
PHP
<?php
|
|
session_start();
|
|
|
|
// If the user is not logged in, or is not an admin, redirect them away
|
|
if (!isset($_SESSION['loggedin']) || $_SESSION['role'] !== 'admin') {
|
|
header('Location: index.php');
|
|
exit;
|
|
}
|
|
|
|
require_once 'db/config.php';
|
|
$pdo = db();
|
|
|
|
// Fetch all users and their roles
|
|
$stmt = $pdo->query("SELECT users.id, users.username, roles.role_name FROM users JOIN roles ON users.role_id = roles.id ORDER BY users.username");
|
|
$users = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
// Handle role change
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'change_role') {
|
|
$user_id = isset($_POST['user_id']) ? (int)$_POST['user_id'] : 0;
|
|
$role_id = isset($_POST['role_id']) ? (int)$_POST['role_id'] : 0;
|
|
|
|
if ($user_id && $role_id) {
|
|
$stmt = $pdo->prepare("UPDATE users SET role_id = ? WHERE id = ?");
|
|
$stmt->execute([$role_id, $user_id]);
|
|
header("Location: admin.php?success=role_changed");
|
|
exit();
|
|
}
|
|
}
|
|
|
|
// Fetch all roles for the dropdown
|
|
$roles_stmt = $pdo->query("SELECT id, role_name FROM roles");
|
|
$roles = $roles_stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
$page_title = "Admin - User Management";
|
|
?>
|
|
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<title><?= htmlspecialchars($page_title) ?> - Bhuddi School</title>
|
|
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
|
|
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css">
|
|
<link rel="stylesheet" href="assets/css/custom.css">
|
|
</head>
|
|
<body class="bg-light">
|
|
<nav class="navbar navbar-expand-lg navbar-light bg-white shadow-sm">
|
|
<div class="container-fluid">
|
|
<a class="navbar-brand" href="index.php">Bhuddi School</a>
|
|
<div class="collapse navbar-collapse" id="navbarNav">
|
|
<ul class="navbar-nav ms-auto">
|
|
<li class="nav-item">
|
|
<a class="nav-link" href="#">Welcome, <?= htmlspecialchars($_SESSION['username']) ?>!</a>
|
|
</li>
|
|
<li class="nav-item">
|
|
<a class="nav-link" href="logout.php">Logout</a>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
</nav>
|
|
|
|
<main class="container my-5">
|
|
<h1 class="h2 mb-4">User Management</h1>
|
|
|
|
<div class="card border-0 shadow-sm">
|
|
<div class="card-body">
|
|
<div class="table-responsive">
|
|
<table class="table table-hover align-middle">
|
|
<thead class="table-light">
|
|
<tr>
|
|
<th>Username</th>
|
|
<th>Role</th>
|
|
<th class="text-end">Actions</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<?php foreach ($users as $user): ?>
|
|
<tr>
|
|
<td><?= htmlspecialchars($user['username']) ?></td>
|
|
<td><?= htmlspecialchars($user['role_name']) ?></td>
|
|
<td class="text-end">
|
|
<?php if ($user['username'] !== 'admin'): // Prevent admin from changing their own role ?>
|
|
<button class="btn btn-sm btn-outline-primary btn-change-role"
|
|
data-bs-toggle="modal"
|
|
data-bs-target="#changeRoleModal"
|
|
data-user-id="<?= $user['id'] ?>"
|
|
data-username="<?= htmlspecialchars($user['username']) ?>"
|
|
data-role-id="<?= $user['role_id'] ?>">
|
|
Change Role
|
|
</button>
|
|
<?php endif; ?>
|
|
</td>
|
|
</tr>
|
|
<?php endforeach; ?>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</main>
|
|
|
|
<!-- Change Role Modal -->
|
|
<div class="modal fade" id="changeRoleModal" tabindex="-1" aria-labelledby="changeRoleModalLabel" aria-hidden="true">
|
|
<div class="modal-dialog">
|
|
<div class="modal-content">
|
|
<div class="modal-header">
|
|
<h5 class="modal-title" id="changeRoleModalLabel">Change User Role</h5>
|
|
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
|
|
</div>
|
|
<form id="changeRoleForm" method="POST">
|
|
<div class="modal-body">
|
|
<input type="hidden" name="action" value="change_role">
|
|
<input type="hidden" id="user_id" name="user_id">
|
|
<p>Change role for <strong id="username_display"></strong>:</p>
|
|
<div class="mb-3">
|
|
<label for="role_id" class="form-label">Role</label>
|
|
<select class="form-select" id="role_id" name="role_id" required>
|
|
<?php foreach ($roles as $role): ?>
|
|
<option value="<?= $role['id'] ?>"><?= htmlspecialchars($role['role_name']) ?></option>
|
|
<?php endforeach; ?>
|
|
</select>
|
|
</div>
|
|
</div>
|
|
<div class="modal-footer">
|
|
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button>
|
|
<button type="submit" class="btn btn-primary">Save changes</button>
|
|
</div>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
|
|
<script>
|
|
document.addEventListener('DOMContentLoaded', function () {
|
|
const changeRoleModal = document.getElementById('changeRoleModal');
|
|
changeRoleModal.addEventListener('show.bs.modal', function (event) {
|
|
const button = event.relatedTarget;
|
|
const userId = button.dataset.userId;
|
|
const username = button.dataset.username;
|
|
const currentRoleId = button.dataset.roleId;
|
|
|
|
const modalForm = document.getElementById('changeRoleForm');
|
|
modalForm.action = 'admin.php';
|
|
|
|
document.getElementById('user_id').value = userId;
|
|
document.getElementById('username_display').innerText = username;
|
|
document.getElementById('role_id').value = currentRoleId;
|
|
});
|
|
});
|
|
</script>
|
|
</body>
|
|
</html>
|