admin/38348-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
38348-vm/user_form.php
Flatlogic Bot ac5d28462e Autosave: 20260211-014633
2026-02-11 01:46:33 +00:00

120 lines
4.7 KiB
PHP
Raw Blame History

<?php
// user_form.php
require_once 'db/config.php';
// Auth and Role check
if (!isset($_SESSION['user_id']) || $_SESSION['role'] !== 'Admin') {
$_SESSION['error'] = "Unauthorized access.";
header("Location: index.php");
exit;
}
$id = isset($_GET['id']) ? (int)$_GET['id'] : null;
$user = [
'username' => '',
'full_name' => '',
'role' => 'Sales'
];
if ($id) {
$stmt = db()->prepare("SELECT * FROM users WHERE id = ? AND deleted_at IS NULL");
$stmt->execute([$id]);
$user = $stmt->fetch();
if (!$user) {
$_SESSION['error'] = "User not found.";
header("Location: users.php");
exit;
}
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = $_POST['username'] ?? '';
$full_name = $_POST['full_name'] ?? '';
$role = $_POST['role'] ?? 'Sales';
$password = $_POST['password'] ?? '';
$errors = [];
if (empty($username)) $errors[] = "Username is required.";
if (empty($full_name)) $errors[] = "Full name is required.";
// Check if username already exists
$stmt = db()->prepare("SELECT id FROM users WHERE username = ? AND id != ? AND deleted_at IS NULL");
$stmt->execute([$username, $id ?: 0]);
if ($stmt->fetch()) {
$errors[] = "Username already taken.";
}
if (empty($errors)) {
if ($id) {
if (!empty($password)) {
$stmt = db()->prepare("UPDATE users SET username = ?, full_name = ?, role = ?, password = ? WHERE id = ?");
$stmt->execute([$username, $full_name, $role, password_hash($password, PASSWORD_DEFAULT), $id]);
} else {
$stmt = db()->prepare("UPDATE users SET username = ?, full_name = ?, role = ? WHERE id = ?");
$stmt->execute([$username, $full_name, $role, $id]);
}
$_SESSION['success'] = "User updated successfully.";
} else {
if (empty($password)) {
$_SESSION['error'] = "Password is required for new users.";
} else {
$stmt = db()->prepare("INSERT INTO users (username, full_name, role, password) VALUES (?, ?, ?, ?)");
$stmt->execute([$username, $full_name, $role, password_hash($password, PASSWORD_DEFAULT)]);
$_SESSION['success'] = "User created successfully.";
}
}
if (!isset($_SESSION['error'])) {
header("Location: users.php");
exit;
}
} else {
$_SESSION['error'] = implode("<br>", $errors);
}
}
$page_title = $id ? "Edit User" : "Add User";
require_once 'includes/header.php';
?>
<div class="row justify-content-center">
<div class="col-md-6">
<div class="card">
<div class="card-header bg-white py-3">
<h5 class="fw-bold mb-0"><?= $id ? 'Edit User' : 'Add New User' ?></h5>
</div>
<div class="card-body">
<form method="POST">
<div class="mb-3">
<label class="form-label fw-bold">Username</label>
<input type="text" name="username" class="form-control" value="<?= e($user['username']) ?>" required>
</div>
<div class="mb-3">
<label class="form-label fw-bold">Full Name</label>
<input type="text" name="full_name" class="form-control" value="<?= e($user['full_name']) ?>" required>
</div>
<div class="mb-3">
<label class="form-label fw-bold">Role</label>
<select name="role" class="form-select" required>
<option value="Admin" <?= $user['role'] === 'Admin' ? 'selected' : '' ?>>Admin</option>
<option value="Sales" <?= $user['role'] === 'Sales' ? 'selected' : '' ?>>Sales</option>
<option value="Finance" <?= $user['role'] === 'Finance' ? 'selected' : '' ?>>Finance</option>
</select>
</div>
<div class="mb-3">
<label class="form-label fw-bold">Password <?= $id ? '(leave blank to keep current)' : '' ?></label>
<input type="password" name="password" class="form-control" <?= $id ? '' : 'required' ?>>
</div>
<div class="d-flex justify-content-between pt-3">
<a href="users.php" class="btn btn-outline-secondary">Cancel</a>
<button type="submit" class="btn btn-primary">Save User</button>
</div>
</form>
</div>
</div>
</div>
</div>
<?php require_once 'includes/footer.php'; ?>
Reference in New Issue View Git Blame Copy Permalink