From 6f244ec88aa74107c22329537772679794411595 Mon Sep 17 00:00:00 2001
From: Flatlogic Bot <support@flatlogic.com>
Date: Sat, 28 Feb 2026 05:37:18 +0000
Subject: [PATCH] editing user profile

---
 charity-settings.php                          | 62 ++++++++++++++++-
 ...014_add_super_admin_and_extra_settings.sql | 11 +++
 includes/footer.php                           | 12 +++-
 includes/header.php                           | 42 ++++++-----
 includes/settings.php                         | 64 +++++++++++++++++
 login.php                                     | 15 ++--
 users.php                                     | 69 ++++++++++++++++---
 7 files changed, 240 insertions(+), 35 deletions(-)
 create mode 100644 db/migrations/014_add_super_admin_and_extra_settings.sql
 create mode 100644 includes/settings.php

diff --git a/charity-settings.php b/charity-settings.php
index 3a180a5..32620c7 100644
--- a/charity-settings.php
+++ b/charity-settings.php
@@ -67,6 +67,22 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['update_charity'])) {
     redirect('charity-settings.php');
 }
 
+// Handle Advanced Settings Update (Super Admin Only)
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['update_advanced'])) {
+    if (!isSuperAdmin()) {
+        $_SESSION['error'] = 'عذراً، هذا الإجراء متاح للمدير الخارق فقط';
+    } else {
+        $site_maintenance = isset($_POST['site_maintenance']) ? 1 : 0;
+        $allow_registration = isset($_POST['allow_registration']) ? 1 : 0;
+        $site_footer = $_POST['site_footer'];
+
+        $stmt = db()->prepare("UPDATE charity_settings SET site_maintenance = ?, allow_registration = ?, site_footer = ? WHERE id = 1");
+        $stmt->execute([$site_maintenance, $allow_registration, $site_footer]);
+        $_SESSION['success'] = 'تم تحديث الإعدادات المتقدمة بنجاح';
+    }
+    redirect('charity-settings.php');
+}
+
 // Handle SMTP Settings Update
 if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['update_smtp'])) {
     if (!canEdit('settings')) {
@@ -200,6 +216,11 @@ $post_max = ini_get('post_max_size');
                     <li class="nav-item" role="presentation">
                         <button class="nav-link px-4 py-3" id="statuses-tab" data-bs-toggle="tab" data-bs-target="#statuses" type="button" role="tab">حالات البريد</button>
                     </li>
+                    <?php if (isSuperAdmin()): ?>
+                    <li class="nav-item" role="presentation">
+                        <button class="nav-link px-4 py-3 text-danger fw-bold" id="advanced-tab" data-bs-toggle="tab" data-bs-target="#advanced" type="button" role="tab">إعدادات متقدمة</button>
+                    </li>
+                    <?php endif; ?>
                     <li class="nav-item" role="presentation">
                         <button class="nav-link px-4 py-3" id="logs-tab" data-bs-toggle="tab" data-bs-target="#logs" type="button" role="tab">سجلات البريد</button>
                     </li>
@@ -350,6 +371,45 @@ $post_max = ini_get('post_max_size');
                         </div>
                     </div>
 
+                    <!-- Advanced Settings (Super Admin Only) -->
+                    <?php if (isSuperAdmin()): ?>
+                    <div class="tab-pane fade" id="advanced" role="tabpanel">
+                        <h5 class="fw-bold mb-4 text-danger">إعدادات النظام المتقدمة</h5>
+                        <form method="POST">
+                            <input type="hidden" name="update_advanced" value="1">
+                            <div class="row g-4">
+                                <div class="col-md-6">
+                                    <div class="p-3 border rounded">
+                                        <div class="form-check form-switch mb-2">
+                                            <input class="form-check-input" type="checkbox" name="site_maintenance" id="site_maintenance" <?= $charity['site_maintenance'] ? 'checked' : '' ?>>
+                                            <label class="form-check-label fw-bold" for="site_maintenance">وضع الصيانة (Maintenance Mode)</label>
+                                        </div>
+                                        <p class="small text-muted mb-0">عند تفعيل هذا الوضع، لن يتمكن سوى المديرين من الدخول للنظام.</p>
+                                    </div>
+                                </div>
+                                <div class="col-md-6">
+                                    <div class="p-3 border rounded">
+                                        <div class="form-check form-switch mb-2">
+                                            <input class="form-check-input" type="checkbox" name="allow_registration" id="allow_registration" <?= $charity['allow_registration'] ? 'checked' : '' ?>>
+                                            <label class="form-check-label fw-bold" for="allow_registration">السماح بالتسجيل الذاتي</label>
+                                        </div>
+                                        <p class="small text-muted mb-0">تفعيل خيار "إنشاء حساب جديد" في صفحة تسجيل الدخول.</p>
+                                    </div>
+                                </div>
+                                <div class="col-12">
+                                    <div class="mb-3">
+                                        <label class="form-label fw-bold">نص تذييل الموقع (Footer Text)</label>
+                                        <textarea name="site_footer" class="form-control" rows="3" placeholder="أدخل النص الذي سيظهر في أسفل جميع الصفحات..."><?= htmlspecialchars($charity['site_footer'] ?? '') ?></textarea>
+                                    </div>
+                                </div>
+                            </div>
+                            <div class="text-end mt-4">
+                                <button type="submit" class="btn btn-danger px-4">حفظ الإعدادات المتقدمة</button>
+                            </div>
+                        </form>
+                    </div>
+                    <?php endif; ?>
+
                     <!-- Statuses Settings -->
                     <div class="tab-pane fade" id="statuses" role="tabpanel">
                         <div class="d-flex justify-content-between align-items-center mb-4">
@@ -587,4 +647,4 @@ document.addEventListener('DOMContentLoaded', function() {
 });
 </script>
 
-<?php require_once __DIR__ . '/includes/footer.php'; ?>
+<?php require_once __DIR__ . '/includes/footer.php'; ?>
\ No newline at end of file
diff --git a/db/migrations/014_add_super_admin_and_extra_settings.sql b/db/migrations/014_add_super_admin_and_extra_settings.sql
new file mode 100644
index 0000000..84502c6
--- /dev/null
+++ b/db/migrations/014_add_super_admin_and_extra_settings.sql
@@ -0,0 +1,11 @@
+-- Migration: Add Super Admin and Extra Settings
+ALTER TABLE users ADD COLUMN is_super_admin TINYINT(1) DEFAULT 0 AFTER role;
+
+-- Mark initial admin as super admin
+UPDATE users SET is_super_admin = 1 WHERE username = 'admin';
+
+-- Add more settings to charity_settings
+ALTER TABLE charity_settings 
+ADD COLUMN site_maintenance TINYINT(1) DEFAULT 0,
+ADD COLUMN site_footer TEXT DEFAULT NULL,
+ADD COLUMN allow_registration TINYINT(1) DEFAULT 0;
diff --git a/includes/footer.php b/includes/footer.php
index 80fa553..89e5306 100644
--- a/includes/footer.php
+++ b/includes/footer.php
@@ -5,11 +5,17 @@
 <footer class="footer mt-auto py-4 bg-white border-top">
     <div class="container-fluid px-md-4 text-center">
         <div class="d-flex flex-column align-items-center">
+            <?php if (!empty($sys_settings['site_footer'])): ?>
+                <div class="mb-3 text-secondary" style="max-width: 800px; line-height: 1.6;">
+                    <?= nl2br(htmlspecialchars($sys_settings['site_footer'])) ?>
+                </div>
+            <?php endif; ?>
+            
             <span class="text-muted small mb-1">
-                &copy; <?= date('Y') ?> <?= htmlspecialchars($charity_info['charity_name'] ?? 'نظام إدارة البريد') ?>. جميع الحقوق محفوظة.
+                &copy; <?= date('Y') ?> <?= htmlspecialchars($sys_settings['site_name']) ?>. جميع الحقوق محفوظة.
             </span>
             <div class="d-flex align-items-center gap-3">
-                <span class="badge bg-secondary opacity-50 fw-normal" style="font-size: 0.65rem;">نسخة النظام 1.2.0</span>
+                <span class="badge bg-secondary opacity-50 fw-normal" style="font-size: 0.65rem;">نسخة النظام 1.3.0</span>
                 <?php if (isAdmin()): ?>
                 <a href="charity-settings.php" onclick="localStorage.setItem('activeSettingsTab', '#general');" class="text-muted text-decoration-none small hover-primary border-start ps-3">
                     <i class="fas fa-cog me-1"></i> الإعدادات
@@ -62,4 +68,4 @@
 if (ob_get_level() > 0) {
     ob_end_flush();
 }
-?>
+?>
\ No newline at end of file
diff --git a/includes/header.php b/includes/header.php
index e9e521d..2fc26bf 100644
--- a/includes/header.php
+++ b/includes/header.php
@@ -3,12 +3,18 @@ ob_start();
 session_start();
 require_once __DIR__ . '/../db/config.php';
 
-// Auth helpers
+// --- Helper Functions (MUST BE DEFINED BEFORE settings.php) ---
+
 function isLoggedIn() {
     return isset($_SESSION['user_id']);
 }
 
+function isSuperAdmin() {
+    return isset($_SESSION['is_super_admin']) && $_SESSION['is_super_admin'] == 1;
+}
+
 function isAdmin() {
+    if (isSuperAdmin()) return true;
     if (isset($_SESSION['user_role']) && strtolower($_SESSION['user_role']) === 'admin') return true;
     if (isset($_SESSION['role']) && strtolower($_SESSION['role']) === 'admin') return true;
     return false;
@@ -60,6 +66,9 @@ function canViewInternal() {
     return canView('internal');
 }
 
+// Now load centralized settings (which may use the helpers above)
+require_once __DIR__ . '/settings.php'; 
+
 // Fetch user info (theme and permissions)
 $user_theme = 'light';
 $current_user = null;
@@ -77,6 +86,7 @@ if (isLoggedIn()) {
         $_SESSION['name'] = $current_user['full_name'] ?: $current_user['username'];
         $_SESSION['user_role'] = strtolower($current_user['role']);
         $_SESSION['role'] = strtolower($current_user['role']);
+        $_SESSION['is_super_admin'] = (int)$current_user['is_super_admin'];
 
         // Load granular permissions
         if (!isset($_SESSION['permissions']) || empty($_SESSION['permissions'])) {
@@ -100,17 +110,13 @@ if (isLoggedIn()) {
 if (!isLoggedIn() && basename($_SERVER['PHP_SELF']) !== 'login.php' && basename($_SERVER['PHP_SELF']) !== 'forgot_password.php') {
     redirect('login.php');
 }
-
-// Fetch charity info for header/favicon
-$charity_stmt = db()->query("SELECT * FROM charity_settings WHERE id = 1");
-$charity_info = $charity_stmt->fetch();
 ?>
 <!DOCTYPE html>
 <html lang="ar" dir="rtl" data-bs-theme="<?= $user_theme ?>">
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title><?= htmlspecialchars($charity_info['charity_name'] ?? 'نظام إدارة البريد') ?></title>
+    <title><?= htmlspecialchars($sys_settings['site_name']) ?></title>
     
     <!-- Bootstrap 5 RTL -->
     <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.rtl.min.css">
@@ -122,8 +128,8 @@ $charity_info = $charity_stmt->fetch();
     <!-- Custom CSS -->
     <link rel="stylesheet" href="assets/css/custom.css?v=<?= time() ?>">
     
-    <?php if ($charity_info['charity_favicon']): ?>
-    <link rel="icon" type="image/x-icon" href="<?= $charity_info['charity_favicon'] ?>">
+    <?php if ($sys_settings['site_favicon']): ?>
+    <link rel="icon" type="image/x-icon" href="<?= $sys_settings['site_favicon'] ?>">
     <?php endif; ?>
 
     <style>
@@ -248,10 +254,10 @@ $charity_info = $charity_stmt->fetch();
     <!-- Sidebar -->
     <div class="sidebar d-flex flex-column" id="sidebar">
         <div class="p-3 text-center border-bottom border-secondary">
-            <?php if ($charity_info['charity_logo']): ?>
-                <img src="<?= $charity_info['charity_logo'] ?>" alt="Logo" class="img-fluid mb-2" style="max-height: 50px;">
+            <?php if ($sys_settings['site_logo']): ?>
+                <img src="<?= $sys_settings['site_logo'] ?>" alt="Logo" class="img-fluid mb-2" style="max-height: 50px;">
             <?php endif; ?>
-            <h5 class="mb-0 fw-bold"><?= htmlspecialchars($charity_info['charity_name'] ?? 'إدارة البريد') ?></h5>
+            <h5 class="mb-0 fw-bold"><?= htmlspecialchars($sys_settings['site_name']) ?></h5>
         </div>
         
         <ul class="nav flex-column mt-3 mb-4">
@@ -373,10 +379,14 @@ $charity_info = $charity_stmt->fetch();
             <div class="ms-auto d-flex align-items-center">
                 <div class="dropdown">
                     <a class="nav-link dropdown-toggle d-flex align-items-center" href="#" role="button" data-bs-toggle="dropdown">
-                        <div class="bg-primary text-white rounded-circle d-flex align-items-center justify-content-center me-2" style="width: 32px; height: 32px; font-size: 0.8rem;">
-                            <?= mb_substr($_SESSION['name'] ?? 'U', 0, 1) ?>
-                        </div>
-                        <span class="d-none d-md-inline"><?= htmlspecialchars($_SESSION['name'] ?? 'المستخدم') ?></span>
+                        <?php if (isset($current_user['profile_image']) && $current_user['profile_image']): ?>
+                            <img src="<?= $current_user['profile_image'] ?>" alt="Profile" class="rounded-circle me-2 shadow-sm" style="width: 32px; height: 32px; object-fit: cover;">
+                        <?php else: ?>
+                            <div class="<?= isSuperAdmin() ? 'bg-danger' : 'bg-primary' ?> text-white rounded-circle d-flex align-items-center justify-content-center me-2" style="width: 32px; height: 32px; font-size: 0.8rem;">
+                                <?= mb_substr($_SESSION['name'] ?? 'U', 0, 1) ?>
+                            </div>
+                        <?php endif; ?>
+                        <span class="d-none d-md-inline"><?= htmlspecialchars($_SESSION['name'] ?? 'المستخدم') ?> <?= isSuperAdmin() ? '<small class="badge bg-danger ms-1">مدير خارق</small>' : '' ?></span>
                     </a>
                     <ul class="dropdown-menu dropdown-menu-end">
                         <li><a class="dropdown-item" href="profile.php"><i class="fas fa-user me-2"></i> الملف الشخصي</a></li>
@@ -389,4 +399,4 @@ $charity_info = $charity_stmt->fetch();
     </nav>
 
     <div class="main-content">
-<?php endif; ?>
+<?php endif; ?>
\ No newline at end of file
diff --git a/includes/settings.php b/includes/settings.php
new file mode 100644
index 0000000..fe45749
--- /dev/null
+++ b/includes/settings.php
@@ -0,0 +1,64 @@
+<?php
+/**
+ * Central Settings Management
+ * Loads all system settings from database tables (charity_settings, smtp_settings)
+ */
+
+if (!function_exists('get_settings')) {
+    function get_settings() {
+        static $settings = null;
+        if ($settings === null) {
+            try {
+                // Fetch Charity Info
+                $charity_stmt = db()->query("SELECT * FROM charity_settings WHERE id = 1");
+                $charity = $charity_stmt->fetch();
+                
+                // Fetch SMTP Info
+                $smtp_stmt = db()->query("SELECT * FROM smtp_settings WHERE id = 1");
+                $smtp = $smtp_stmt->fetch();
+                
+                $settings = [
+                    'site_name' => $charity['charity_name'] ?? 'نظام إدارة البريد',
+                    'site_email' => $charity['charity_email'] ?? '',
+                    'site_phone' => $charity['charity_phone'] ?? '',
+                    'site_address' => $charity['charity_address'] ?? '',
+                    'site_logo' => $charity['charity_logo'] ?? '',
+                    'site_favicon' => $charity['charity_favicon'] ?? '',
+                    'site_maintenance' => (bool)($charity['site_maintenance'] ?? 0),
+                    'site_footer' => $charity['site_footer'] ?? '',
+                    'allow_registration' => (bool)($charity['allow_registration'] ?? 0),
+                    
+                    'smtp' => [
+                        'host' => $smtp['smtp_host'] ?? '',
+                        'port' => $smtp['smtp_port'] ?? 587,
+                        'secure' => $smtp['smtp_secure'] ?? 'tls',
+                        'user' => $smtp['smtp_user'] ?? '',
+                        'pass' => $smtp['smtp_pass'] ?? '',
+                        'from_email' => $smtp['from_email'] ?? '',
+                        'from_name' => $smtp['from_name'] ?? '',
+                        'reply_to' => $smtp['reply_to'] ?? '',
+                        'enabled' => (bool)($smtp['is_enabled'] ?? 1),
+                        'failures' => (int)($smtp['consecutive_failures'] ?? 0),
+                        'max_failures' => (int)($smtp['max_failures'] ?? 5)
+                    ]
+                ];
+            } catch (Exception $e) {
+                // Fallback settings if DB is not ready
+                $settings = [
+                    'site_name' => 'نظام إدارة البريد',
+                    'site_maintenance' => false,
+                    'smtp' => ['enabled' => false]
+                ];
+            }
+        }
+        return $settings;
+    }
+}
+
+// Global settings variable
+$sys_settings = get_settings();
+
+// Maintenance Mode Check
+if ($sys_settings['site_maintenance'] && !isAdmin() && basename($_SERVER['PHP_SELF']) !== 'login.php' && basename($_SERVER['PHP_SELF']) !== 'logout.php') {
+    die("<h1>النظام تحت الصيانة حالياً</h1><p>يرجى المحاولة مرة أخرى في وقت لاحق.</p>");
+}
diff --git a/login.php b/login.php
index fe33e44..d376025 100644
--- a/login.php
+++ b/login.php
@@ -20,6 +20,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
             $_SESSION['user_id'] = $user['id'];
             $_SESSION['username'] = $user['username'];
             $_SESSION['role'] = $user['role'];
+            $_SESSION['is_super_admin'] = (int)$user['is_super_admin'];
             
             // Redirect to dashboard
             redirect('user_dashboard.php');
@@ -37,10 +38,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         <div class="card shadow-sm border-0">
             <div class="card-body p-4">
                 <div class="text-center mb-4">
-                    <?php if (!empty($charity_info['charity_logo'])): ?>
-                        <img src="<?php echo htmlspecialchars($charity_info['charity_logo']); ?>" alt="Logo" class="img-fluid mb-3" style="max-height: 80px;">
+                    <?php if (!empty($sys_settings['site_logo'])): ?>
+                        <img src="<?php echo htmlspecialchars($sys_settings['site_logo']); ?>" alt="Logo" class="img-fluid mb-3" style="max-height: 80px;">
                     <?php endif; ?>
-                    <h4 class="fw-bold mb-0"><?php echo htmlspecialchars($charity_info['charity_name'] ?? 'تسجيل الدخول'); ?></h4>
+                    <h4 class="fw-bold mb-0"><?php echo htmlspecialchars($sys_settings['site_name']); ?></h4>
                     <p class="text-muted small">يرجى إدخال بيانات الاعتماد الخاصة بك</p>
                 </div>
 
@@ -67,10 +68,16 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
                     <div class="mt-4">
                         <button type="submit" class="btn btn-primary w-100 fw-bold py-2" tabindex="3">تسجيل الدخول</button>
                     </div>
+                    
+                    <?php if ($sys_settings['allow_registration']): ?>
+                    <div class="mt-3 text-center">
+                        <p class="small text-muted">ليس لديك حساب؟ <a href="register.php" class="text-decoration-none text-primary">إنشاء حساب جديد</a></p>
+                    </div>
+                    <?php endif; ?>
                 </form>
             </div>
         </div>
     </div>
 </div>
 
-<?php require_once __DIR__ . '/includes/footer.php'; ?>
\ No newline at end of file
+<?php require_once __DIR__ . '/includes/footer.php'; ?>
diff --git a/users.php b/users.php
index 1a80492..99455a4 100644
--- a/users.php
+++ b/users.php
@@ -21,6 +21,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     $action = $_POST['action'] ?? '';
     $username = $_POST['username'] ?? '';
     $full_name = $_POST['full_name'] ?? '';
+    $email = $_POST['email'] ?? '';
     $role = $_POST['role'] ?? 'staff';
     $password = $_POST['password'] ?? '';
     $id = $_POST['id'] ?? 0;
@@ -31,6 +32,27 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     $can_edit = isset($_POST['can_edit_global']) ? 1 : 0;
     $can_delete = isset($_POST['can_delete_global']) ? 1 : 0;
 
+    // Handle Profile Image Upload
+    $profile_image = null;
+    if ($id > 0) {
+        $stmt = db()->prepare("SELECT profile_image FROM users WHERE id = ?");
+        $stmt->execute([$id]);
+        $profile_image = $stmt->fetchColumn();
+    }
+
+    if (isset($_FILES['profile_image']) && $_FILES['profile_image']['error'] === UPLOAD_ERR_OK) {
+        $upload_dir = 'uploads/profiles/';
+        if (!is_dir($upload_dir)) mkdir($upload_dir, 0775, true);
+        
+        $file_ext = pathinfo($_FILES['profile_image']['name'], PATHINFO_EXTENSION);
+        $new_file_name = time() . '_u' . ($id ?: 'new') . '.' . $file_ext;
+        $target_file = $upload_dir . $new_file_name;
+
+        if (move_uploaded_file($_FILES['profile_image']['tmp_name'], $target_file)) {
+            $profile_image = $target_file;
+        }
+    }
+
     if ($action === 'add') {
         if (!canAdd('users')) redirect('users.php');
         if ($username && $password && $full_name) {
@@ -39,8 +61,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
                 $pdo = db();
                 $pdo->beginTransaction();
                 
-                $stmt = $pdo->prepare("INSERT INTO users (username, password, full_name, role, can_view, can_add, can_edit, can_delete) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
-                $stmt->execute([$username, $hashed_password, $full_name, $role, $can_view, $can_add, $can_edit, $can_delete]);
+                $stmt = $pdo->prepare("INSERT INTO users (username, password, full_name, email, role, profile_image, can_view, can_add, can_edit, can_delete) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
+                $stmt->execute([$username, $hashed_password, $full_name, $email, $role, $profile_image, $can_view, $can_add, $can_edit, $can_delete]);
                 $user_id = $pdo->lastInsertId();
                 
                 // Save page permissions
@@ -76,11 +98,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
                 
                 if ($password) {
                     $hashed_password = password_hash($password, PASSWORD_DEFAULT);
-                    $stmt = $pdo->prepare("UPDATE users SET username = ?, full_name = ?, role = ?, password = ?, can_view = ?, can_add = ?, can_edit = ?, can_delete = ? WHERE id = ?");
-                    $stmt->execute([$username, $full_name, $role, $hashed_password, $can_view, $can_add, $can_edit, $can_delete, $id]);
+                    $stmt = $pdo->prepare("UPDATE users SET username = ?, full_name = ?, email = ?, role = ?, profile_image = ?, password = ?, can_view = ?, can_add = ?, can_edit = ?, can_delete = ? WHERE id = ?");
+                    $stmt->execute([$username, $full_name, $email, $role, $profile_image, $hashed_password, $can_view, $can_add, $can_edit, $can_delete, $id]);
                 } else {
-                    $stmt = $pdo->prepare("UPDATE users SET username = ?, full_name = ?, role = ?, can_view = ?, can_add = ?, can_edit = ?, can_delete = ? WHERE id = ?");
-                    $stmt->execute([$username, $full_name, $role, $can_view, $can_add, $can_edit, $can_delete, $id]);
+                    $stmt = $pdo->prepare("UPDATE users SET username = ?, full_name = ?, email = ?, role = ?, profile_image = ?, can_view = ?, can_add = ?, can_edit = ?, can_delete = ? WHERE id = ?");
+                    $stmt->execute([$username, $full_name, $email, $role, $profile_image, $can_view, $can_add, $can_edit, $can_delete, $id]);
                 }
                 
                 // Update page permissions
@@ -186,8 +208,10 @@ if (isset($_GET['action']) && $_GET['action'] === 'edit' && isset($_GET['id']))
             <table class="table table-hover align-middle mb-0">
                 <thead class="bg-light">
                     <tr>
-                        <th class="ps-4">الاسم الكامل</th>
+                        <th class="ps-4">الصورة</th>
+                        <th>الاسم الكامل</th>
                         <th>اسم المستخدم</th>
+                        <th>البريد الإلكتروني</th>
                         <th>الدور</th>
                         <th>تاريخ الإنشاء</th>
                         <th class="pe-4 text-center">الإجراءات</th>
@@ -196,8 +220,18 @@ if (isset($_GET['action']) && $_GET['action'] === 'edit' && isset($_GET['id']))
                 <tbody>
                     <?php foreach ($users as $user): ?>
                         <tr>
-                            <td class="ps-4 fw-bold"><?= htmlspecialchars($user['full_name']) ?></td>
+                            <td class="ps-4">
+                                <?php if ($user['profile_image']): ?>
+                                    <img src="<?= $user['profile_image'] ?>" alt="Profile" class="rounded-circle shadow-sm" style="width: 40px; height: 40px; object-fit: cover;">
+                                <?php else: ?>
+                                    <div class="rounded-circle bg-light d-inline-flex align-items-center justify-content-center" style="width: 40px; height: 40px;">
+                                        <i class="fas fa-user text-secondary"></i>
+                                    </div>
+                                <?php endif; ?>
+                            </td>
+                            <td class="fw-bold"><?= htmlspecialchars($user['full_name']) ?></td>
                             <td><?= htmlspecialchars($user['username']) ?></td>
+                            <td><?= htmlspecialchars($user['email'] ?? '-') ?></td>
                             <td>
                                 <?php if ($user['role'] === 'admin'): ?>
                                     <span class="badge bg-danger">مدير</span>
@@ -212,7 +246,7 @@ if (isset($_GET['action']) && $_GET['action'] === 'edit' && isset($_GET['id']))
                                 <?php if (canEdit('users')): ?>
                                 <button type="button" class="btn btn-sm btn-outline-primary" 
                                         onclick="openUserModal('edit', <?= htmlspecialchars(json_encode(array_merge($user, ['page_permissions' => $user_perms[$user['id']] ?? []])), ENT_QUOTES, 'UTF-8') ?>)">
-                                    <i class="fas fa-edit"></i> تعديل الصلاحيات
+                                    <i class="fas fa-edit"></i> تعديل
                                 </button>
                                 <?php endif; ?>
                                 <?php if (canDelete('users') && $user['id'] != $_SESSION['user_id']): ?>
@@ -237,7 +271,7 @@ if (isset($_GET['action']) && $_GET['action'] === 'edit' && isset($_GET['id']))
                 <h5 class="modal-title fw-bold" id="userModalLabel">إضافة مستخدم جديد</h5>
                 <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal" aria-label="Close"></button>
             </div>
-            <form id="userForm" method="POST">
+            <form id="userForm" method="POST" enctype="multipart/form-data">
                 <div class="modal-body p-4">
                     <input type="hidden" name="action" id="modalAction" value="add">
                     <input type="hidden" name="id" id="modalId" value="0">
@@ -252,6 +286,17 @@ if (isset($_GET['action']) && $_GET['action'] === 'edit' && isset($_GET['id']))
                             <input type="text" name="username" id="modalUsername" class="form-control" required>
                         </div>
                     </div>
+
+                    <div class="row">
+                        <div class="col-md-6 mb-3">
+                            <label class="form-label fw-bold">البريد الإلكتروني</label>
+                            <input type="email" name="email" id="modalEmail" class="form-control">
+                        </div>
+                        <div class="col-md-6 mb-3">
+                            <label class="form-label fw-bold">الصورة الشخصية</label>
+                            <input type="file" name="profile_image" id="modalProfileImage" class="form-control" accept="image/*">
+                        </div>
+                    </div>
                     
                     <div class="row">
                         <div class="col-md-6 mb-3">
@@ -372,10 +417,12 @@ function openUserModal(action, data = null) {
     const fields = {
         full_name: document.getElementById('modalFullName'),
         username: document.getElementById('modalUsername'),
+        email: document.getElementById('modalEmail'),
         role: document.getElementById('modalRole')
     };
 
     modalAction.value = action;
+    document.getElementById('modalProfileImage').value = '';
     
     if (action === 'add') {
         label.textContent = 'إضافة مستخدم جديد';
@@ -457,4 +504,4 @@ function confirmDelete(id) {
     }
 </style>
 
-<?php require_once __DIR__ . '/includes/footer.php'; ?>
+<?php require_once __DIR__ . '/includes/footer.php'; ?>
\ No newline at end of file