admin/36692-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v1.incomplete3

Browse Source
This commit is contained in:
Flatlogic Bot 2025-12-05 19:56:41 +00:00
parent fc1839d4b8
commit 4a8a75e6db
8 changed files with 363 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
admin/add_service.php Normal file
View File

@ -0,0 +1,67 @@
<?php
require_once __DIR__ . '/../includes/header.php';
require_once __DIR__ . '/../db/config.php';
if (!isset($_SESSION['user_id'])) {
header('Location: /login.php');
exit;
}
$pdo = db();
$stmt = $pdo->prepare("SELECT role FROM users WHERE id = ?");
$stmt->execute([$_SESSION['user_id']]);
$user = $stmt->fetch();
if (!$user || $user['role'] !== 'admin') {
header('Location: /dashboard.php?error=unauthorized');
exit;
}
$message = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$name = $_POST['name'];
$description = $_POST['description'];
$price = $_POST['price'];
$duration_days = $_POST['duration_days'];
if (empty($name) || empty($description) || empty($price) || empty($duration_days)) {
$message = '<div class="alert alert-danger">All fields are required.</div>';
} else {
$stmt = $pdo->prepare("INSERT INTO services (name, description, price, duration_days) VALUES (?, ?, ?, ?)");
if ($stmt->execute([$name, $description, $price, $duration_days])) {
header('Location: services.php?success=added');
exit;
} else {
$message = '<div class="alert alert-danger">Failed to add service.</div>';
}
}
}
?>
<div class="container">
<h1 class="mt-5">Add New Service</h1>
<?php echo $message; ?>
<form action="add_service.php" method="post">
<div class="mb-3">
<label for="name" class="form-label">Service Name</label>
<input type="text" class="form-control" id="name" name="name" required>
</div>
<div class="mb-3">
<label for="description" class="form-label">Description</label>
<textarea class="form-control" id="description" name="description" rows="3" required></textarea>
</div>
<div class="mb-3">
<label for="price" class="form-label">Price</label>
<input type="number" step="0.01" class="form-control" id="price" name="price" required>
</div>
<div class="mb-3">
<label for="duration_days" class="form-label">Duration (Days)</label>
<input type="number" class="form-control" id="duration_days" name="duration_days" required>
</div>
<button type="submit" class="btn btn-primary">Add Service</button>
<a href="services.php" class="btn btn-secondary">Cancel</a>
</form>
</div>
<?php require_once __DIR__ . '/../includes/footer.php'; ?>

32
admin/delete_service.php Normal file
View File

@ -0,0 +1,32 @@
<?php
require_once __DIR__ . '/../db/config.php';
session_start();
if (!isset($_SESSION['user_id'])) {
header('Location: /login.php');
exit;
}
$pdo = db();
$stmt = $pdo->prepare("SELECT role FROM users WHERE id = ?");
$stmt->execute([$_SESSION['user_id']]);
$user = $stmt->fetch();
if (!$user || $user['role'] !== 'admin') {
header('Location: /dashboard.php?error=unauthorized');
exit;
}
$service_id = $_GET['id'] ?? null;
if ($service_id) {
$stmt = $pdo->prepare("DELETE FROM services WHERE id = ?");
if ($stmt->execute([$service_id])) {
header('Location: services.php?success=deleted');
exit;
}
}
header('Location: services.php?error=delete_failed');
exit;
?>

82
admin/edit_service.php Normal file
View File

@ -0,0 +1,82 @@
<?php
require_once __DIR__ . '/../includes/header.php';
require_once __DIR__ . '/../db/config.php';
if (!isset($_SESSION['user_id'])) {
header('Location: /login.php');
exit;
}
$pdo = db();
$stmt = $pdo->prepare("SELECT role FROM users WHERE id = ?");
$stmt->execute([$_SESSION['user_id']]);
$user = $stmt->fetch();
if (!$user || $user['role'] !== 'admin') {
header('Location: /dashboard.php?error=unauthorized');
exit;
}
$message = '';
$service_id = $_GET['id'] ?? null;
if (!$service_id) {
header('Location: services.php');
exit;
}
$stmt = $pdo->prepare("SELECT * FROM services WHERE id = ?");
$stmt->execute([$service_id]);
$service = $stmt->fetch();
if (!$service) {
header('Location: services.php');
exit;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$name = $_POST['name'];
$description = $_POST['description'];
$price = $_POST['price'];
$duration_days = $_POST['duration_days'];
if (empty($name) || empty($description) || empty($price) || empty($duration_days)) {
$message = '<div class="alert alert-danger">All fields are required.</div>';
} else {
$stmt = $pdo->prepare("UPDATE services SET name = ?, description = ?, price = ?, duration_days = ? WHERE id = ?");
if ($stmt->execute([$name, $description, $price, $duration_days, $service_id])) {
header('Location: services.php?success=updated');
exit;
} else {
$message = '<div class="alert alert-danger">Failed to update service.</div>';
}
}
}
?>
<div class="container">
<h1 class="mt-5">Edit Service</h1>
<?php echo $message; ?>
<form action="edit_service.php?id=<?php echo $service['id']; ?>" method="post">
<div class="mb-3">
<label for="name" class="form-label">Service Name</label>
<input type="text" class="form-control" id="name" name="name" value="<?php echo htmlspecialchars($service['name']); ?>" required>
</div>
<div class="mb-3">
<label for="description" class="form-label">Description</label>
<textarea class="form-control" id="description" name="description" rows="3" required><?php echo htmlspecialchars($service['description']); ?></textarea>
</div>
<div class="mb-3">
<label for="price" class="form-label">Price</label>
<input type="number" step="0.01" class="form-control" id="price" name="price" value="<?php echo htmlspecialchars($service['price']); ?>" required>
</div>
<div class="mb-3">
<label for="duration_days" class="form-label">Duration (Days)</label>
<input type="number" class="form-control" id="duration_days" name="duration_days" value="<?php echo htmlspecialchars($service['duration_days']); ?>" required>
</div>
<button type="submit" class="btn btn-primary">Update Service</button>
<a href="services.php" class="btn btn-secondary">Cancel</a>
</form>
</div>
<?php require_once __DIR__ . '/../includes/footer.php'; ?>

32
admin/index.php Normal file
View File

@ -0,0 +1,32 @@
<?php
require_once __DIR__ . '/../includes/header.php';
require_once __DIR__ . '/../db/config.php';
if (!isset($_SESSION['user_id'])) {
header('Location: /login.php');
exit;
}
$pdo = db();
$stmt = $pdo->prepare("SELECT role FROM users WHERE id = ?");
$stmt->execute([$_SESSION['user_id']]);
$user = $stmt->fetch();
if (!$user || $user['role'] !== 'admin') {
// Redirect to the dashboard or show an error message
header('Location: /dashboard.php?error=unauthorized');
exit;
}
?>
<div class="container">
<h1 class="mt-5">Admin Panel</h1>
<p>Welcome to the admin panel. Here you can manage users and services.</p>
<ul>
<li><a href="users.php">Manage Users</a></li>
<li><a href="services.php">Manage Services</a></li>
</ul>
</div>
<?php require_once __DIR__ . '/../includes/footer.php'; ?>

62
admin/services.php Normal file
View File

@ -0,0 +1,62 @@
<?php
require_once __DIR__ . '/../includes/header.php';
require_once __DIR__ . '/../db/config.php';
if (!isset($_SESSION['user_id'])) {
header('Location: /login.php');
exit;
}
$pdo = db();
$stmt = $pdo->prepare("SELECT role FROM users WHERE id = ?");
$stmt->execute([$_SESSION['user_id']]);
$user = $stmt->fetch();
if (!$user || $user['role'] !== 'admin') {
header('Location: /dashboard.php?error=unauthorized');
exit;
}
// Fetch all services
$stmt = $pdo->query("SELECT id, name, description, price, duration_days FROM services ORDER BY id DESC");
$services = $stmt->fetchAll();
?>
<div class="container">
<h1 class="mt-5">Service Management</h1>
<p>This page allows you to manage the services offered to users.</p>
<a href="add_service.php" class="btn btn-primary mb-3">Add New Service</a>
<div class="table-responsive">
<table class="table table-striped">
<thead>
<tr>
<th>ID</th>
<th>Name</th>
<th>Description</th>
<th>Price</th>
<th>Duration (Days)</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php foreach ($services as $service): ?>
<tr>
<td><?php echo htmlspecialchars($service['id']); ?></td>
<td><?php echo htmlspecialchars($service['name']); ?></td>
<td><?php echo htmlspecialchars($service['description']); ?></td>
<td><?php echo htmlspecialchars($service['price']); ?></td>
<td><?php echo htmlspecialchars($service['duration_days']); ?></td>
<td>
<a href="edit_service.php?id=<?php echo $service['id']; ?>" class="btn btn-sm btn-info">Edit</a>
<a href="delete_service.php?id=<?php echo $service['id']; ?>" class="btn btn-sm btn-danger" onclick="return confirm('Are you sure you want to delete this service?');">Delete</a>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
<?php require_once __DIR__ . '/../includes/footer.php'; ?>

56
admin/users.php Normal file
View File

@ -0,0 +1,56 @@
<?php
require_once __DIR__ . '/../includes/header.php';
require_once __DIR__ . '/../db/config.php';
if (!isset($_SESSION['user_id'])) {
header('Location: /login.php');
exit;
}
$pdo = db();
$stmt = $pdo->prepare("SELECT role FROM users WHERE id = ?");
$stmt->execute([$_SESSION['user_id']]);
$user = $stmt->fetch();
if (!$user || $user['role'] !== 'admin') {
header('Location: /dashboard.php?error=unauthorized');
exit;
}
// Fetch all users
$stmt = $pdo->query("SELECT id, name, email, role, created_at FROM users ORDER BY created_at DESC");
$users = $stmt->fetchAll();
?>
<div class="container">
<h1 class="mt-5">User Management</h1>
<p>This page lists all the users in the database.</p>
<div class="table-responsive">
<table class="table table-striped">
<thead>
<tr>
<th>ID</th>
<th>Name</th>
<th>Email</th>
<th>Role</th>
<th>Registered On</th>
</tr>
</thead>
<tbody>
<?php foreach ($users as $user_row): ?>
<tr>
<td><?php echo htmlspecialchars($user_row['id']); ?></td>
<td><?php echo htmlspecialchars($user_row['name']); ?></td>
<td><?php echo htmlspecialchars($user_row['email']); ?></td>
<td><?php echo htmlspecialchars($user_row['role']); ?></td>
<td><?php echo htmlspecialchars($user_row['created_at']); ?></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
<?php require_once __DIR__ . '/../includes/footer.php'; ?>

23
db/migrations/005_add_role_to_users_table.php Normal file
View File

@ -0,0 +1,23 @@
<?php
require_once __DIR__ . '/../config.php';
function migrate_005_add_role_to_users_table() {
$pdo = db();
try {
$sql = '
ALTER TABLE users
ADD COLUMN role VARCHAR(50) NOT NULL DEFAULT \'user\';
';
$pdo->exec($sql);
echo "Migration 005: Added role column to users table successfully." . PHP_EOL;
} catch (PDOException $e) {
die("Migration 005 failed: " . $e->getMessage() . PHP_EOL);
}
}
// Self-invocation check
if (basename(__FILE__) == basename($_SERVER["SCRIPT_FILENAME"])) {
migrate_005_add_role_to_users_table();
}

9
includes/header.php
View File

@ -73,6 +73,15 @@
Hi, <?php echo htmlspecialchars($_SESSION['user_name']); ?>
</a>
<ul class="dropdown-menu" aria-labelledby="navbarDropdown">
<?php
require_once __DIR__ . '/../db/config.php';
$pdo = db();
$stmt = $pdo->prepare("SELECT role FROM users WHERE id = ?");
$stmt->execute([$_SESSION['user_id']]);
$user = $stmt->fetch();
if ($user && $user['role'] === 'admin'): ?>
<li><a class="dropdown-item" href="admin/index.php">Admin</a></li>
<?php endif; ?>
<li><a class="dropdown-item" href="profile.php">Profile</a></li>
<li><a class="dropdown-item" href="logout.php">Logout</a></li>
</ul>