'', 'full_name' => '', 'role' => 'Sales' ]; if ($id) { $stmt = db()->prepare("SELECT * FROM users WHERE id = ? AND deleted_at IS NULL"); $stmt->execute([$id]); $user = $stmt->fetch(); if (!$user) { $_SESSION['error'] = "User not found."; header("Location: users.php"); exit; } } if ($_SERVER['REQUEST_METHOD'] === 'POST') { $username = $_POST['username'] ?? ''; $full_name = $_POST['full_name'] ?? ''; $role = $_POST['role'] ?? 'Sales'; $password = $_POST['password'] ?? ''; $errors = []; if (empty($username)) $errors[] = "Username is required."; if (empty($full_name)) $errors[] = "Full name is required."; // Check if username already exists $stmt = db()->prepare("SELECT id FROM users WHERE username = ? AND id != ? AND deleted_at IS NULL"); $stmt->execute([$username, $id ?: 0]); if ($stmt->fetch()) { $errors[] = "Username already taken."; } if (empty($errors)) { if ($id) { if (!empty($password)) { $stmt = db()->prepare("UPDATE users SET username = ?, full_name = ?, role = ?, password = ? WHERE id = ?"); $stmt->execute([$username, $full_name, $role, password_hash($password, PASSWORD_DEFAULT), $id]); } else { $stmt = db()->prepare("UPDATE users SET username = ?, full_name = ?, role = ? WHERE id = ?"); $stmt->execute([$username, $full_name, $role, $id]); } $_SESSION['success'] = "User updated successfully."; } else { if (empty($password)) { $_SESSION['error'] = "Password is required for new users."; } else { $stmt = db()->prepare("INSERT INTO users (username, full_name, role, password) VALUES (?, ?, ?, ?)"); $stmt->execute([$username, $full_name, $role, password_hash($password, PASSWORD_DEFAULT)]); $_SESSION['success'] = "User created successfully."; } } if (!isset($_SESSION['error'])) { header("Location: users.php"); exit; } } else { $_SESSION['error'] = implode("
", $errors); } } $page_title = $id ? "Edit User" : "Add User"; require_once 'includes/header.php'; ?>
>
Cancel