admin/37650-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
37650-vm/admin/users.php
Flatlogic Bot 9c65e16259 sad
2026-01-21 14:05:59 +00:00

115 lines
5.1 KiB
PHP
Raw Blame History

<?php
session_start();
if (!isset($_SESSION['user_id']) || $_SESSION['role'] !== 'admin') {
header("Location: ../login.php");
exit();
}
require_once '../db/config.php';
$pdo = db();
// Handle user actions (delete)
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$userId = filter_input(INPUT_POST, 'user_id', FILTER_VALIDATE_INT);
if ($userId && $userId != $_SESSION['user_id']) { // Prevent admin from deleting themselves
if (isset($_POST['delete_user'])) {
$stmt = $pdo->prepare("DELETE FROM users WHERE id = ?");
$stmt->execute([$userId]);
}
}
header("Location: users.php");
exit();
}
// Fetch users with filters
$search = $_GET['search'] ?? '';
// Schema: id, username, password, role, created_at
$sql = "SELECT id, username, role, created_at FROM users";
$params = [];
$where = [];
if (!empty($search)) {
$where[] = "(username LIKE ?)";
$params[] = "%$search%";
}
if (!empty($where)) {
$sql .= " WHERE " . implode(' AND ', $where);
}
$sql .= " ORDER BY created_at DESC";
$stmt = $pdo->prepare($sql);
$stmt->execute($params);
$users = $stmt->fetchAll(PDO::FETCH_ASSOC);
$projectName = 'Manage Users';
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title><?= htmlspecialchars($projectName) ?></title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.1/font/bootstrap-icons.css">
<link rel="stylesheet" href="../assets/css/custom.css?v=<?= time() ?>">
</head>
<body>
<div class="admin-wrapper">
<?php include 'partials/sidebar.php'; ?>
<main class="admin-main-content">
<div class="container-fluid">
<div class="d-flex justify-content-between align-items-center pt-3 pb-2 mb-3 border-bottom">
<h1 class="h2">Manage Users</h1>
</div>
<div class="card">
<div class="card-body">
<div class="table-responsive">
<table class="table table-hover align-middle">
<thead class="table-light">
<tr><th>User</th><th>Role</th><th>Joined</th><th>Actions</th></tr>
</thead>
<tbody>
<?php if (empty($users)): ?>
<tr><td colspan="4" class="text-center">No users found.</td></tr>
<?php endif; ?>
<?php foreach ($users as $user): ?>
<tr>
<td>
<div class="d-flex align-items-center">
<img src="https://i.pravatar.cc/40?u=<?= htmlspecialchars($user['username']) ?>" class="rounded-circle me-3" alt="<?= htmlspecialchars($user['username']) ?>">
<div>
<b><?= htmlspecialchars($user['username']) ?></b>
</div>
</div>
</td>
<td><span class="badge bg-<?= $user['role'] === 'admin' ? 'primary' : 'secondary' ?>"><?= htmlspecialchars(ucfirst($user['role'])) ?></span></td>
<td><?= date("M d, Y", strtotime($user['created_at'])) ?></td>
<td>
<?php if ($user['id'] != $_SESSION['user_id']): // Prevent admin from editing themselves ?>
<form method="POST" class="d-inline-flex gap-2">
<input type="hidden" name="user_id" value="<?= $user['id'] ?>">
<button type="submit" name="delete_user" class="btn btn-sm btn-outline-danger" onclick="return confirm('Are you sure you want to delete this user?');" title="Delete User">
<i class="bi bi-trash"></i>
</button>
</form>
<?php else: ?>
<span class="text-muted fst-italic">Current User</span>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
</div>
</div>
</main>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink