36670-vm/manage_users.php

<?php
session_start();
require_once 'auth_check.php';
require_once 'db/config.php';
require_once 'includes/helpers.php';

if (!isset($_SESSION['user_id']) || $_SESSION['role'] !== 'admin') {
    header('Location: login.php');
    exit;
}

$pdo = db();

$users = $pdo->query('SELECT id, username, role FROM users')->fetchAll();

?>

<?php include 'header.php'; ?>


    <h2>Manage Users</h2>

    <?php
    if (isset($_SESSION['upload_success']) && $_SESSION['upload_success']) {
        echo '<div class="alert alert-success">' . $_SESSION['upload_success'] . '</div>';
        unset($_SESSION['upload_success']);
    }
    if (isset($_SESSION['upload_error']) && $_SESSION['upload_error']) {
        echo '<div class="alert alert-danger">' . $_SESSION['upload_error'] . '</div>';
        unset($_SESSION['upload_error']);
    }
    if (isset($_SESSION['success_message']) && $_SESSION['success_message']) {
        echo '<div class="alert alert-success">' . $_SESSION['success_message'] . '</div>';
        unset($_SESSION['success_message']);
    }
    if (isset($_SESSION['error_message']) && $_SESSION['error_message']) {
        echo '<div class="alert alert-danger">' . $_SESSION['error_message'] . '</div>';
        unset($_SESSION['error_message']);
    }
    ?>

    <div class="card mb-4">
        <div class="card-header">Create Users</div>
        <div class="card-body">
            <a href="create_user.php" class="btn btn-success">Create Single User</a>
            <hr>
            <h5>Upload CSV to Create Users</h5>
            <form action="upload_users_csv.php" method="post" enctype="multipart/form-data">
                <div class="form-group">
                    <label for="csv_file">Select CSV file</label>
                    <input type="file" name="csv_file" class="form-control-file" id="csv_file" accept=".csv" required>
                </div>
                <button type="submit" class="btn btn-primary">Upload and Create</button>
            </form>
        </div>
    </div>

    <div class="card">
        <div class="card-header">Existing Users</div>
        <div class="card-body">
            <table class="table table-striped">
                <thead>
                    <tr>
                        <th>Username</th>
                        <th>Role</th>
                        <th>Actions</th>
                    </tr>
                </thead>
                <tbody>
                    <?php foreach ($users as $user): ?>
                        <tr>
                            <td><?php echo htmlspecialchars($user['username']); ?></td>
                            <td><?php echo htmlspecialchars($user['role']); ?></td>
                            <td>
                                <a href="edit_user.php?id=<?php echo $user['id']; ?>" class="btn btn-sm btn-warning">Edit</a>
                                <a href="delete_user.php?id=<?php echo $user['id']; ?>" class="btn btn-sm btn-danger" onclick="return confirm('Are you sure you want to delete this user?');">Delete</a>
                            </td>
                        </tr>
                    <?php endforeach; ?>
                </tbody>
            </table>
        </div>
    </div>
<?php include 'footer.php'; // Assuming you have a footer file ?>