2

2026-01-19 09:07:59 +00:00 · 2026-01-19 09:07:59 +00:00 · 12b49853d7
commit 12b49853d7
parent 65bff23a0b
6 changed files with 43 additions and 118 deletions
--- a/assets/js/edit_user.js
+++ b/assets/js/edit_user.js
@ -6,8 +6,8 @@ document.addEventListener('DOMContentLoaded', function () {
    const initialDepartmentId = departmentSelect.dataset.initial;
    const initialRoleId = roleSelect.dataset.initial;

-    function fetchDepartments(divisionId, callback) {
-        fetch(`api.php?action=get_departments&division_id=${divisionId}`)
+    function fetchDepartments(divisionId, selectedDepartmentId) {
+        return fetch(`api.php?action=get_departments&division_id=${divisionId}`)
            .then(response => response.json())
            .then(data => {
                departmentSelect.innerHTML = '<option value="">Select Department</option>';
@ -15,17 +15,22 @@ document.addEventListener('DOMContentLoaded', function () {
                    const option = document.createElement('option');
                    option.value = department.id;
                    option.textContent = department.name;
-                    if (department.id == initialDepartmentId) {
+                    if (department.id == selectedDepartmentId) {
                        option.selected = true;
                    }
                    departmentSelect.appendChild(option);
                });
-                if (callback) callback();
            });
    }

-    function fetchRoles(departmentId, callback) {
-        fetch(`api.php?action=get_roles&department_id=${departmentId}`)
+    function fetchRoles(departmentId, selectedRoleId) {
+        // Only fetch if a department is selected
+        if (!departmentId) {
+            roleSelect.innerHTML = '<option value="">Select Role</option>';
+            return Promise.resolve(); // Return a resolved promise
+        }
+
+        return fetch(`api.php?action=get_roles&department_id=${departmentId}`)
            .then(response => response.json())
            .then(data => {
                roleSelect.innerHTML = '<option value="">Select Role</option>';
@ -33,39 +38,33 @@ document.addEventListener('DOMContentLoaded', function () {
                    const option = document.createElement('option');
                    option.value = role.id;
                    option.textContent = role.name;
-                    if (role.id == initialRoleId) {
+                    if (role.id == selectedRoleId) {
                        option.selected = true;
                    }
                    roleSelect.appendChild(option);
                });
-                if (callback) callback();
            });
    }

    divisionSelect.addEventListener('change', function () {
        const divisionId = this.value;
-        departmentSelect.dataset.initial = ''; // Clear initial value on change
-        roleSelect.dataset.initial = ''; // Clear initial value on change
-        fetchDepartments(divisionId, () => {
-            // After loading departments, if there's a selected one, load its roles
-            if (departmentSelect.value) {
-                fetchRoles(departmentSelect.value);
-            }
+        fetchDepartments(divisionId, null).then(() => {
+            // After departments are loaded, fetch roles for the (now cleared) department selection
+            fetchRoles(departmentSelect.value, null);
        });
    });

    departmentSelect.addEventListener('change', function () {
        const departmentId = this.value;
-        roleSelect.dataset.initial = ''; // Clear initial value on change
-        fetchRoles(departmentId);
+        fetchRoles(departmentId, null);
    });

    // Initial load
    if (divisionSelect.value) {
-        fetchDepartments(divisionSelect.value, () => {
-            if (initialDepartmentId) {
-                fetchRoles(initialDepartmentId);
-            }
+        fetchDepartments(divisionSelect.value, initialDepartmentId).then(() => {
+            // After initial departments are loaded and correct one is selected,
+            // fetch the roles for that department.
+            fetchRoles(departmentSelect.value, initialRoleId);
        });
    }
 });
--- a/db/migrations/007_create_super_admin.sql
+++ b/db/migrations/007_create_super_admin.sql
@ -0,0 +1,16 @@
+-- Create Super Admin Division, Department and Role if they do not exist
+INSERT INTO divisions (name) SELECT 'Super Admin' WHERE NOT EXISTS (SELECT 1 FROM divisions WHERE name = 'Super Admin');
+
+SET @division_id = (SELECT id FROM divisions WHERE name = 'Super Admin');
+INSERT INTO departments (name, division_id) SELECT 'Super Admin', @division_id WHERE NOT EXISTS (SELECT 1 FROM departments WHERE name = 'Super Admin');
+
+SET @department_id = (SELECT id FROM departments WHERE name = 'Super Admin');
+INSERT INTO roles (name, department_id) SELECT 'Admin', @department_id WHERE NOT EXISTS (SELECT 1 FROM roles WHERE name = 'Admin');
+
+-- Create Super Admin User
+SET @role_id = (SELECT id FROM roles WHERE name = 'Admin' AND department_id = @department_id);
+SET @hashed_password = '$2y$10$9.p6A8v.17O7.Q1yJgqjC.H9aJz/O1aB3F2aC6bF.p8aEwS2mS2W'; -- "password"
+
+INSERT INTO users (username, password, email, division_id, department_id, role_id)
+SELECT 'superadmin', @hashed_password, 'superadmin@example.com', @division_id, @department_id, @role_id
+WHERE NOT EXISTS (SELECT 1 FROM users WHERE username = 'superadmin');
--- a/db/migrations/008_add_missing_columns_to_users.sql
+++ b/db/migrations/008_add_missing_columns_to_users.sql
@ -0,0 +1,3 @@
+ALTER TABLE users
+ADD COLUMN division_id INT,
+ADD COLUMN department_id INT;
--- a/edit_user.php
+++ b/edit_user.php
@ -38,7 +38,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {

 try {
    // Fetch user data along with their division, department, and role IDs
-    $stmt = $pdo->prepare("SELECT u.id, u.username, u.email, u.role_id, r.department_id, d.division_id FROM users u LEFT JOIN roles r ON u.role_id = r.id LEFT JOIN departments d ON r.department_id = d.id WHERE u.id = ?");
+    $stmt = $pdo->prepare("SELECT id, username, email, role_id, department_id, division_id FROM users WHERE id = ?");
    $stmt->execute([$user_id]);
    $user = $stmt->fetch();
    if (!$user) {
--- a/login.php
+++ b/login.php
@ -12,15 +12,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        $error = 'Please fill in both fields.';
    } else {
        try {
-            $stmt = db()->prepare("SELECT * FROM users WHERE username = ?");
+            $stmt = db()->prepare("SELECT users.*, roles.name as role_name FROM users JOIN roles ON users.role_id = roles.id WHERE users.username = ?");
            $stmt->execute([$username]);
            $user = $stmt->fetch();

            if ($user && password_verify($password, $user['password'])) {
                $_SESSION['user_id'] = $user['id'];
                $_SESSION['username'] = $user['username'];
-                $_SESSION['role'] = $user['role'];
-                $_SESSION['department'] = $user['department'];
+                $_SESSION['role'] = $user['role_name'];
                header("Location: request_dashboard.php");
                exit;
            } else {
@ -70,9 +69,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
            </div>
            <button type="submit" class="btn btn-primary w-100">Login</button>
        </form>
-        <div class="text-center mt-3">
-            <p>Don't have an account? <a href="register.php">Register here</a></p>
-        </div>
+
    </div>
 </body>
 </html>
--- a/register.php
+++ b/register.php
@ -1,90 +0,0 @@
-<?php
-require_once 'db/config.php';
-
-$error = '';
-$success = '';
-
-if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $username = $_POST['username'] ?? '';
-    $email = $_POST['email'] ?? '';
-    $password = $_POST['password'] ?? '';
-    $confirm_password = $_POST['confirm_password'] ?? '';
-
-    if (empty($username) || empty($email) || empty($password) || empty($confirm_password)) {
-        $error = 'Please fill in all fields.';
-    } elseif ($password !== $confirm_password) {
-        $error = 'Passwords do not match.';
-    } else {
-        try {
-            $stmt = db()->prepare("SELECT * FROM users WHERE username = ? OR email = ?");
-            $stmt->execute([$username, $email]);
-            if ($stmt->fetch()) {
-                $error = 'Username or email already exists.';
-            } else {
-                $hashed_password = password_hash($password, PASSWORD_DEFAULT);
-                $stmt = db()->prepare("INSERT INTO users (username, email, password) VALUES (?, ?, ?)");
-                $stmt->execute([$username, $email, $hashed_password]);
-                $success = 'Registration successful! You can now <a href="login.php">login</a>.';
-            }
-        } catch (PDOException $e) {
-            $error = "DB Error: " . $e->getMessage();
-        }
-    }
-}
-?>
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>Register</title>
-    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
-    <style>
-        body {
-            background-color: #f7f9fc;
-        }
-        .container {
-            max-width: 400px;
-            margin-top: 100px;
-            background-color: #fff;
-            padding: 40px;
-            border-radius: 10px;
-            box-shadow: 0 4px 20px rgba(0,0,0,0.1);
-        }
-    </style>
-</head>
-<body>
-    <div class="container">
-        <h2 class="text-center mb-4">Register</h2>
-        <?php if ($error): ?>
-            <div class="alert alert-danger"><?= htmlspecialchars($error) ?></div>
-        <?php endif; ?>
-        <?php if ($success): ?>
-            <div class="alert alert-success"><?= $success ?></div>
-        <?php else: ?>
-        <form method="POST">
-            <div class="mb-3">
-                <label for="username" class="form-label">Username</label>
-                <input type="text" class="form-control" id="username" name="username" required>
-            </div>
-            <div class="mb-3">
-                <label for="email" class="form-label">Email</label>
-                <input type="email" class="form-control" id="email" name="email" required>
-            </div>
-            <div class="mb-3">
-                <label for="password" class="form-label">Password</label>
-                <input type="password" class="form-control" id="password" name="password" required>
-            </div>
-            <div class="mb-3">
-                <label for="confirm_password" class="form-label">Confirm Password</label>
-                <input type="password" class-="form-control" id="confirm_password" name="confirm_password" required>
-            </div>
-            <button type="submit" class="btn btn-primary w-100">Register</button>
-        </form>
-        <?php endif; ?>
-        <div class="text-center mt-3">
-            <p>Already have an account? <a href="login.php">Login here</a></p>
-        </div>
-    </div>
-</body>
-</html>