admin/36675-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
36675-vm/admin_users.php
Flatlogic Bot 496d2ec7e5 1.0
2025-12-05 06:45:47 +00:00

419 lines
14 KiB
PHP
Raw Blame History

<?php
session_start();
require_once __DIR__ . '/db/config.php';
// Check if user is logged in and is an Admin
if (!isset($_SESSION['user_id']) || $_SESSION['user_role'] !== 'Admin') {
header('Location: login.php');
exit();
}
// Handle delete action
if (isset($_GET['action']) && $_GET['action'] === 'delete' && isset($_GET['id'])) {
$user_id_to_delete = filter_var($_GET['id'], FILTER_VALIDATE_INT);
if ($user_id_to_delete && $user_id_to_delete !== $_SESSION['user_id']) { // Prevent admin from deleting themselves
try {
$stmt = db()->prepare("DELETE FROM users WHERE id = ?");
$stmt->execute([$user_id_to_delete]);
$_SESSION['success_message'] = 'User deleted successfully!';
} catch (PDOException $e) {
$_SESSION['error_message'] = 'Error deleting user: ' . htmlspecialchars($e->getMessage());
}
} else {
$_SESSION['error_message'] = 'Invalid user ID or cannot delete your own account.';
}
header('Location: admin_users.php');
exit();
}
$pageTitle = "Admin | User Management";
require_once __DIR__ . '/partials/header.php';
?>
<div class="container mt-5">
<h1 class="mb-4">User Management</h1>
<!-- Placeholder for user list and forms -->
<div class="card mb-4">
<div class="card-header">
Existing Users
</div>
<div class="card-body">
<?php
$users = [];
try {
$stmt = db()->query("SELECT id, name, email, role, created_at FROM users ORDER BY created_at DESC");
$users = $stmt->fetchAll(PDO::FETCH_ASSOC);
} catch (PDOException $e) {
echo '<div class="alert alert-danger">Error fetching users: ' . htmlspecialchars($e->getMessage()) . '</div>';
}
?>
<?php if (empty($users)): ?>
<p>No users found.</p>
<?php else: ?>
<div class="table-responsive">
<table class="table table-hover table-striped">
<thead>
<tr>
<th>ID</th>
<th>Name</th>
<th>Email</th>
<th>Role</th>
<th>Created At</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php foreach ($users as $user): ?>
<tr>
<td><?php echo htmlspecialchars($user['id']); ?></td>
<td><?php echo htmlspecialchars($user['name']); ?></td>
<td><?php echo htmlspecialchars($user['email']); ?></td>
<td><?php echo htmlspecialchars($user['role']); ?></td>
<td><?php echo htmlspecialchars($user['created_at']); ?></td>
<td>
<a href="?action=edit&id=<?php echo $user['id']; ?>" class="btn btn-sm btn-primary me-2">Edit</a>
<a href="?action=delete&id=<?php echo $user['id']; ?>" class="btn btn-sm btn-danger" onclick="return confirm('Are you sure you want to delete this user?');">Delete</a>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
<?php endif; ?>
</div> </div>
<div class="card">
<div class="card-header">
<?php echo isset($edit_user) ? 'Edit User' : 'Add New User'; ?>
</div>
<div class="card-body">
<?php
$name = $email = $password = $role = '';
$errors = [];
$edit_user_id = null;
$edit_user = null;
// Handle edit action - fetch user data
if (isset($_GET['action']) && $_GET['action'] === 'edit' && isset($_GET['id'])) {
$edit_user_id = filter_var($_GET['id'], FILTER_VALIDATE_INT);
if ($edit_user_id) {
try {
$stmt = db()->prepare("SELECT id, name, email, role FROM users WHERE id = ?");
$stmt->execute([$edit_user_id]);
$edit_user = $stmt->fetch(PDO::FETCH_ASSOC);
if ($edit_user) {
$name = $edit_user['name'];
$email = $edit_user['email'];
$role = $edit_user['role'];
} else {
$_SESSION['error_message'] = 'User not found.';
header('Location: admin_users.php');
exit();
}
} catch (PDOException $e) {
$_SESSION['error_message'] = 'Error fetching user for edit: ' . htmlspecialchars($e->getMessage());
header('Location: admin_users.php');
exit();
}
}
}
// Handle form submission for Add or Edit
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['add_user']) || isset($_POST['edit_user'])) {
$name = trim($_POST['name']);
$email = trim($_POST['email']);
$role = $_POST['role'];
$password = isset($_POST['password']) ? $_POST['password'] : '';
$confirm_password = isset($_POST['confirm_password']) ? $_POST['confirm_password'] : '';
$current_user_id = isset($_POST['user_id']) ? filter_var($_POST['user_id'], FILTER_VALIDATE_INT) : null;
if (empty($name)) {
$errors[] = 'Name is required.';
}
if (empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors[] = 'Valid email is required.';
}
if (empty($role)) {
$errors[] = 'Role is required.';
}
if (isset($_POST['add_user'])) { // For adding new user
if (empty($password)) {
$errors[] = 'Password is required.';
}
if ($password !== $confirm_password) {
$errors[] = 'Passwords do not match.';
}
} else if (isset($_POST['edit_user'])) { // For editing existing user
if (!empty($password) && $password !== $confirm_password) {
$errors[] = 'Passwords do not match.';
}
}
if (empty($errors)) {
try {
if (isset($_POST['add_user'])) {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$stmt = db()->prepare("INSERT INTO users (name, email, password, role) VALUES (?, ?, ?, ?)");
$stmt->execute([$name, $email, $hashed_password, $role]);
$_SESSION['success_message'] = 'User added successfully!';
} else if (isset($_POST['edit_user'])) {
$sql = "UPDATE users SET name = ?, email = ?, role = ?";
$params = [$name, $email, $role];
if (!empty($password)) {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$sql .= ", password = ?";
$params[] = $hashed_password;
}
$sql .= " WHERE id = ?";
$params[] = $current_user_id;
$stmt = db()->prepare($sql);
$stmt->execute($params);
$_SESSION['success_message'] = 'User updated successfully!';
}
header('Location: admin_users.php');
exit();
} catch (PDOException $e) {
if ($e->getCode() === '23000') { // Duplicate entry
$errors[] = 'User with this email already exists.';
} else {
$errors[] = 'Error processing user: ' . htmlspecialchars($e->getMessage());
}
}
}
}
}
?>
<?php if (!empty($errors)): ?>
<div class="alert alert-danger">
<?php foreach ($errors as $error): ?>
<p class="mb-0"><?php echo htmlspecialchars($error); ?></p>
<?php endforeach; ?>
</div>
<?php endif; ?>
<?php if (isset($_SESSION['success_message'])): ?>
<div class="alert alert-success">
<?php echo $_SESSION['success_message']; ?>
</div>
<?php unset($_SESSION['success_message']); ?>
<?php endif; ?>
<?php if (isset($_SESSION['error_message'])): ?>
<div class="alert alert-danger">
<?php echo $_SESSION['error_message']; ?>
</div>
<?php unset($_SESSION['error_message']); ?>
<?php endif; ?>
<form action="admin_users.php" method="POST">
<?php if ($edit_user): ?>
<input type="hidden" name="user_id" value="<?php echo htmlspecialchars($edit_user['id']); ?>">
<?php endif; ?>
<div class="mb-3">
<label for="name" class="form-label">Name</label>
<input type="text" class="form-control" id="name" name="name" value="<?php echo htmlspecialchars($name); ?>" required>
</div>
<div class="mb-3">
<label for="email" class="form-label">Email</label>
<input type="email" class="form-control" id="email" name="email" value="<?php echo htmlspecialchars($email); ?>" required>
</div>
<div class="mb-3">
<label for="password" class="form-label"><?php echo isset($edit_user) ? 'New Password (leave blank to keep current)' : 'Password'; ?></label>
<input type="password" class="form-control" id="password" name="password" <?php echo isset($edit_user) ? '' : 'required'; ?>>
</div>
<div class="mb-3">
<label for="confirm_password" class="form-label"><?php echo isset($edit_user) ? 'Confirm New Password' : 'Confirm Password'; ?></label>
<input type="password" class="form-control" id="confirm_password" name="confirm_password" <?php echo isset($edit_user) ? '' : 'required'; ?>>
</div>
<div class="mb-3">
<label for="role" class="form-label">Role</label>
<select class="form-select" id="role" name="role" required>
<option value="">Select Role</option>
<option value="Admin" <?php echo ($role === 'Admin') ? 'selected' : ''; ?>>Admin</option>
<option value="Sales Rep" <?php echo ($role === 'Sales Rep') ? 'selected' : ''; ?>>Sales Rep</option>
<option value="Dispatch" <?php echo ($role === 'Dispatch') ? 'selected' : ''; ?>>Dispatch</option>
</select>
</div>
<?php if ($edit_user): ?>
<button type="submit" name="edit_user" class="btn btn-primary">Update User</button>
<a href="admin_users.php" class="btn btn-secondary">Cancel</a>
<?php else: ?>
<button type="submit" name="add_user" class="btn btn-primary">Add User</button>
<?php endif; ?>
</form>
</div> </div>
</div>
<?php
require_once __DIR__ . '/partials/footer.php';
?>
Reference in New Issue View Git Blame Copy Permalink