prepare("INSERT INTO users (username, password, full_name, role, can_view, can_add, can_edit, can_delete) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->execute([$username, $hashed_password, $full_name, $role, $can_view, $can_add, $can_edit, $can_delete]);
$_SESSION['success'] = 'تم إضافة المستخدم بنجاح';
redirect('users.php');
} catch (PDOException $e) {
if ($e->getCode() == 23000) {
$error = 'اسم المستخدم موجود مسبقاً';
} else {
$error = 'حدث خطأ: ' . $e->getMessage();
}
}
} else {
$error = 'يرجى ملء جميع الحقول المطلوبة';
}
} elseif ($action === 'edit') {
if ($username && $full_name && $id) {
try {
if ($password) {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$stmt = db()->prepare("UPDATE users SET username = ?, full_name = ?, role = ?, password = ?, can_view = ?, can_add = ?, can_edit = ?, can_delete = ? WHERE id = ?");
$stmt->execute([$username, $full_name, $role, $hashed_password, $can_view, $can_add, $can_edit, $can_delete, $id]);
} else {
$stmt = db()->prepare("UPDATE users SET username = ?, full_name = ?, role = ?, can_view = ?, can_add = ?, can_edit = ?, can_delete = ? WHERE id = ?");
$stmt->execute([$username, $full_name, $role, $can_view, $can_add, $can_edit, $can_delete, $id]);
}
$_SESSION['success'] = 'تم تحديث بيانات المستخدم بنجاح';
redirect('users.php');
} catch (PDOException $e) {
$error = 'حدث خطأ: ' . $e->getMessage();
}
} else {
$error = 'يرجى ملء جميع الحقول المطلوبة';
}
}
}
if (isset($_GET['action']) && $_GET['action'] === 'delete' && isset($_GET['id'])) {
if ($_GET['id'] != $_SESSION['user_id']) {
$stmt = db()->prepare("DELETE FROM users WHERE id = ?");
$stmt->execute([$_GET['id']]);
$_SESSION['success'] = 'تم حذف المستخدم بنجاح';
redirect('users.php');
} else {
$error = 'لا يمكنك حذف حسابك الحالي';
}
}
// Get session messages
if (isset($_SESSION['success'])) {
$success = $_SESSION['success'];
unset($_SESSION['success']);
}
if (isset($_SESSION['error'])) {
$error = $_SESSION['error'];
unset($_SESSION['error']);
}
$stmt = db()->query("SELECT * FROM users ORDER BY created_at DESC");
$users = $stmt->fetchAll();
// Handle Deep Link for Edit
$deepLinkData = null;
if (isset($_GET['action']) && $_GET['action'] === 'edit' && isset($_GET['id'])) {
$stmt = db()->prepare("SELECT * FROM users WHERE id = ?");
$stmt->execute([$_GET['id']]);
$deepLinkData = $stmt->fetch();
}
?>
إدارة المستخدمين والصلاحيات
| الاسم الكامل |
اسم المستخدم |
الدور |
الصلاحيات |
تاريخ الإنشاء |
الإجراءات |
|
|
مدير
كاتب
موظف
|
ع
إ
ت
ح
|
|
حذف
|