admin/36670-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
36670-vm/edit_user.php
Flatlogic Bot 8418da20d2 Edit edit_user.php via Editor
2025-12-12 09:16:24 +00:00

126 lines
4.5 KiB
PHP
Raw Blame History

<?php
session_start();
require_once 'auth_check.php';
require_once 'db/config.php';
if (!isset($_SESSION['user_id']) || $_SESSION['role'] !== 'admin') {
header('Location: login.php');
exit;
}
$user_id = $_GET['id'] ?? null;
if (!$user_id) {
header('Location: manage_users.php');
exit;
}
$pdo = db();
$error = '';
$success = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = trim($_POST['username']);
$full_name = trim($_POST['full_name']);
$department = trim($_POST['department']);
$position = trim($_POST['position']);
$role = $_POST['role'];
$password = $_POST['password'];
if (empty($username) || empty($role)) {
$error = 'Username and role are required.';
} else {
$sql = 'UPDATE users SET username = :username, full_name = :full_name, department = :department, position = :position, role = :role';
$params = [
'username' => $username,
'full_name' => $full_name,
'department' => $department,
'position' => $position,
'role' => $role,
'id' => $user_id
];
if (!empty($password)) {
$sql .= ', password = :password';
$params['password'] = password_hash($password, PASSWORD_DEFAULT);
}
$sql .= ' WHERE id = :id';
$stmt = $pdo->prepare($sql);
if ($stmt->execute($params)) {
$success = 'User updated successfully.';
} else {
$error = 'Failed to update user.';
}
}
}
$stmt = $pdo->prepare('SELECT username, full_name, department, position, role FROM users WHERE id = :id');
$stmt->execute(['id' => $user_id]);
$user = $stmt->fetch();
if (!$user) {
header('Location: manage_users.php');
exit;
}
?>
<?php include 'header.php'; ?>
<div class="container mt-4">
<h2>Edit User</h2>
<?php if ($error): ?>
<div class="alert alert-danger"><?php echo $error; ?></div>
<?php endif; ?>
<?php if ($success): ?>
<div class="alert alert-success"><?php echo $success; ?></div>
<?php endif; ?>
<form action="edit_user.php?id=<?php echo $user_id; ?>" method="post">
<div class="form-group">
<label for="username">Username</label>
<input type="text" name="username" class="form-control" id="username" value="<?php echo htmlspecialchars($user['username']); ?>" required>
</div>
<div class="form-group">
<label for="full_name">Full Name</label>
<input type="text" name="full_name" class="form-control" id="full_name" value="<?php echo htmlspecialchars($user['full_name'] ?? ''); ?>">
</div>
<div class="form-group">
<label for="department">Department</label>
<select name="department" class="form-control" id="department">
<?php
$departments = [
"RSS JP Sales", "RSS EA Sales", "RSI Sales", "RSM Sales", "RSP Sales",
"RSS ACC", "RSS HRADM", "RSS WH", "RSS SA", "RSS IT", "RSS QA"
];
foreach ($departments as $dept) {
$selected = ($user['department'] === $dept) ? 'selected' : '';
echo "<option value=\"$dept\" $selected>" . htmlspecialchars($dept) . "</option>";
}
?>
</select>
</div>
<div class="form-group">
<label for="position">Position</label>
<input type="text" name="position" class="form-control" id="position" value="<?php echo htmlspecialchars($user['position'] ?? ''); ?>">
</div>
<div class="form-group">
<label for="password">Password (leave blank to keep current password)</label>
<input type="password" name="password" class="form-control" id="password">
</div>
<div class="form-group">
<label for="role">Role</label>
<select name="role" class="form-control" id="role">
<option value="Requestor" <?php echo ($user['role'] === 'Requestor') ? 'selected' : ''; ?>>Requestor</option>
<option value="Approver" <?php echo ($user['role'] === 'Approver') ? 'selected' : ''; ?>>Approver</option>
<option value="Admin" <?php echo ($user['role'] === 'Admin') ? 'selected' : ''; ?>>Admin</option>
</select>
</div>
<button type="submit" class="btn btn-primary">Update User</button>
<a href="manage_users.php" class="btn btn-secondary">Back to Manage Users</a>
</form>
</div>
<?php include 'footer.php'; ?>
Reference in New Issue View Git Blame Copy Permalink