prepare("DELETE FROM users WHERE id = ?"); $stmt->execute([$user_id_to_delete]); $_SESSION['success_message'] = 'User deleted successfully!'; } catch (PDOException $e) { $_SESSION['error_message'] = 'Error deleting user: ' . htmlspecialchars($e->getMessage()); } } else { $_SESSION['error_message'] = 'Invalid user ID or cannot delete your own account.'; } header('Location: admin_users.php'); exit(); } $pageTitle = "Admin | User Management"; require_once __DIR__ . '/partials/header.php'; ?>

User Management

Existing Users
query("SELECT id, name, email, role, created_at FROM users ORDER BY created_at DESC"); $users = $stmt->fetchAll(PDO::FETCH_ASSOC); } catch (PDOException $e) { echo '
Error fetching users: ' . htmlspecialchars($e->getMessage()) . '
'; } ?>

No users found.

ID Name Email Role Created At Actions
Edit Delete
prepare("SELECT id, name, email, role FROM users WHERE id = ?"); $stmt->execute([$edit_user_id]); $edit_user = $stmt->fetch(PDO::FETCH_ASSOC); if ($edit_user) { $name = $edit_user['name']; $email = $edit_user['email']; $role = $edit_user['role']; } else { $_SESSION['error_message'] = 'User not found.'; header('Location: admin_users.php'); exit(); } } catch (PDOException $e) { $_SESSION['error_message'] = 'Error fetching user for edit: ' . htmlspecialchars($e->getMessage()); header('Location: admin_users.php'); exit(); } } } // Handle form submission for Add or Edit if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (isset($_POST['add_user']) || isset($_POST['edit_user'])) { $name = trim($_POST['name']); $email = trim($_POST['email']); $role = $_POST['role']; $password = isset($_POST['password']) ? $_POST['password'] : ''; $confirm_password = isset($_POST['confirm_password']) ? $_POST['confirm_password'] : ''; $current_user_id = isset($_POST['user_id']) ? filter_var($_POST['user_id'], FILTER_VALIDATE_INT) : null; if (empty($name)) { $errors[] = 'Name is required.'; } if (empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)) { $errors[] = 'Valid email is required.'; } if (empty($role)) { $errors[] = 'Role is required.'; } if (isset($_POST['add_user'])) { // For adding new user if (empty($password)) { $errors[] = 'Password is required.'; } if ($password !== $confirm_password) { $errors[] = 'Passwords do not match.'; } } else if (isset($_POST['edit_user'])) { // For editing existing user if (!empty($password) && $password !== $confirm_password) { $errors[] = 'Passwords do not match.'; } } if (empty($errors)) { try { if (isset($_POST['add_user'])) { $hashed_password = password_hash($password, PASSWORD_DEFAULT); $stmt = db()->prepare("INSERT INTO users (name, email, password, role) VALUES (?, ?, ?, ?)"); $stmt->execute([$name, $email, $hashed_password, $role]); $_SESSION['success_message'] = 'User added successfully!'; } else if (isset($_POST['edit_user'])) { $sql = "UPDATE users SET name = ?, email = ?, role = ?"; $params = [$name, $email, $role]; if (!empty($password)) { $hashed_password = password_hash($password, PASSWORD_DEFAULT); $sql .= ", password = ?"; $params[] = $hashed_password; } $sql .= " WHERE id = ?"; $params[] = $current_user_id; $stmt = db()->prepare($sql); $stmt->execute($params); $_SESSION['success_message'] = 'User updated successfully!'; } header('Location: admin_users.php'); exit(); } catch (PDOException $e) { if ($e->getCode() === '23000') { // Duplicate entry $errors[] = 'User with this email already exists.'; } else { $errors[] = 'Error processing user: ' . htmlspecialchars($e->getMessage()); } } } } } ?>

>
>
Cancel