107 lines
4.0 KiB
PHP
107 lines
4.0 KiB
PHP
<?php
|
|
// pages/users_logic.php
|
|
|
|
// Handle Actions
|
|
if (isset($_POST['add_user'])) {
|
|
if (can('users_add')) {
|
|
$username = $_POST['username'] ?? '';
|
|
$password = $_POST['password'] ?? '';
|
|
$email = $_POST['email'] ?? '';
|
|
$phone = $_POST['phone'] ?? '';
|
|
$group_id = (int)($_POST['group_id'] ?? 0) ?: null;
|
|
$outlet_ids = $_POST['outlet_ids'] ?? [];
|
|
|
|
if ($username && $password) {
|
|
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
|
|
$stmt = db()->prepare("INSERT INTO users (username, password, email, phone, group_id) VALUES (?, ?, ?, ?, ?)");
|
|
try {
|
|
$stmt->execute([$username, $hashed_password, $email, $phone, $group_id]);
|
|
$user_id = db()->lastInsertId();
|
|
|
|
if (!empty($outlet_ids)) {
|
|
$stmtOut = db()->prepare("INSERT INTO user_outlets (user_id, outlet_id) VALUES (?, ?)");
|
|
foreach ($outlet_ids as $oid) {
|
|
$stmtOut->execute([$user_id, $oid]);
|
|
}
|
|
}
|
|
|
|
$message = "User added successfully!";
|
|
} catch (PDOException $e) {
|
|
if ($e->getCode() == '23000') {
|
|
$message = "Error: Username already exists.";
|
|
} else {
|
|
$message = "Error adding user: " . $e->getMessage();
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if (isset($_POST['edit_user'])) {
|
|
if (can('users_edit')) {
|
|
$id = (int)$_POST['id'];
|
|
$username = $_POST['username'] ?? '';
|
|
$email = $_POST['email'] ?? '';
|
|
$phone = $_POST['phone'] ?? '';
|
|
$group_id = (int)($_POST['group_id'] ?? 0) ?: null;
|
|
$status = $_POST['status'] ?? 'active';
|
|
$outlet_ids = $_POST['outlet_ids'] ?? [];
|
|
|
|
if ($id && $username) {
|
|
$stmt = db()->prepare("UPDATE users SET username = ?, email = ?, phone = ?, group_id = ?, status = ? WHERE id = ?");
|
|
$stmt->execute([$username, $email, $phone, $group_id, $status, $id]);
|
|
|
|
if (!empty($_POST['password'])) {
|
|
$hashed_password = password_hash($_POST['password'], PASSWORD_DEFAULT);
|
|
$stmt = db()->prepare("UPDATE users SET password = ? WHERE id = ?");
|
|
$stmt->execute([$hashed_password, $id]);
|
|
}
|
|
|
|
// Update Outlets
|
|
db()->prepare("DELETE FROM user_outlets WHERE user_id = ?")->execute([$id]);
|
|
if (!empty($outlet_ids)) {
|
|
$stmtOut = db()->prepare("INSERT INTO user_outlets (user_id, outlet_id) VALUES (?, ?)");
|
|
foreach ($outlet_ids as $oid) {
|
|
$stmtOut->execute([$id, $oid]);
|
|
}
|
|
}
|
|
|
|
$message = "User updated successfully!";
|
|
}
|
|
}
|
|
}
|
|
|
|
if (isset($_POST['delete_user'])) {
|
|
if (can('users_delete')) {
|
|
$id = (int)$_POST['id'];
|
|
if ($id) {
|
|
$stmt = db()->prepare("DELETE FROM users WHERE id = ?");
|
|
$stmt->execute([$id]);
|
|
$message = "User deleted successfully!";
|
|
}
|
|
}
|
|
}
|
|
|
|
// Fetch Data
|
|
$page_num = isset($_GET['p']) ? max(1, (int)$_GET['p']) : 1;
|
|
$items_per_page = 20;
|
|
$offset = ($page_num - 1) * $items_per_page;
|
|
|
|
$total_users = db()->query("SELECT COUNT(*) FROM users")->fetchColumn();
|
|
$total_pages = ceil($total_users / $items_per_page);
|
|
|
|
$data['users'] = db()->query("
|
|
SELECT u.*, g.name as group_name, GROUP_CONCAT(uo.outlet_id) as outlet_ids
|
|
FROM users u
|
|
LEFT JOIN role_groups g ON u.group_id = g.id
|
|
LEFT JOIN user_outlets uo ON u.id = uo.user_id
|
|
GROUP BY u.id
|
|
ORDER BY u.username ASC
|
|
LIMIT $items_per_page OFFSET $offset
|
|
")->fetchAll();
|
|
|
|
$data['role_groups'] = db()->query("SELECT id, name FROM role_groups ORDER BY name ASC")->fetchAll();
|
|
$data['outlets'] = db()->query("SELECT * FROM outlets ORDER BY name ASC")->fetchAll();
|
|
$data['current_page'] = $page_num;
|
|
$data['total_pages'] = $total_pages;
|