diff --git a/includes/actions.php b/includes/actions.php index 2c6900b..54b1073 100644 --- a/includes/actions.php +++ b/includes/actions.php @@ -1082,7 +1082,7 @@ if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'POST') $active = isset($_POST['active']) ? 1 : 0; if ($id && $text_en && $text_ar) { - $stmt = $db->prepare("UPDATE queue_ads SET text_en = ?, text_ar = ?, active = ? WHERE id = ?"); + $stmt = $db->prepare("UPDATE queue_ads SET text_en = ?, text_ar, active = ? WHERE id = ?"); $stmt->execute([$text_en, $text_ar, $active, $id]); $_SESSION['flash_message'] = __('edit_ad') . ' ' . __('successfully'); $redirect = true; @@ -1167,6 +1167,60 @@ if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'POST') $_SESSION['flash_message'] = __('transaction_deleted_success'); $redirect = true; } + } elseif ($_POST['action'] === 'add_user') { + require_role('admin'); + try { + $name = $_POST['name']; + $email = $_POST['email']; + $password = password_hash($_POST['password'], PASSWORD_DEFAULT); + $role_id = $_POST['role_id']; + $active = isset($_POST['active']) ? 1 : 0; + + $stmt = $db->prepare("INSERT INTO users (name, email, password, role_id, active) VALUES (?, ?, ?, ?, ?)"); + $stmt->execute([$name, $email, $password, $role_id, $active]); + $_SESSION['flash_message'] = __('user_created'); + } catch (Exception $e) { + $_SESSION['flash_message'] = "Error: " . $e->getMessage(); + } + $redirect = true; + } elseif ($_POST['action'] === 'edit_user') { + require_role('admin'); + try { + $id = $_POST['id']; + $name = $_POST['name']; + $email = $_POST['email']; + $role_id = $_POST['role_id']; + $active = isset($_POST['active']) ? 1 : 0; + + $sql = "UPDATE users SET name = ?, email = ?, role_id = ?, active = ? WHERE id = ?"; + $params = [$name, $email, $role_id, $active, $id]; + + if (!empty($_POST['password'])) { + $sql = "UPDATE users SET name = ?, email = ?, role_id = ?, active = ?, password = ? WHERE id = ?"; + $params = [$name, $email, $role_id, $active, password_hash($_POST['password'], PASSWORD_DEFAULT), $id]; + } + + $stmt = $db->prepare($sql); + $stmt->execute($params); + $_SESSION['flash_message'] = __('user_updated'); + } catch (Exception $e) { + $_SESSION['flash_message'] = "Error: " . $e->getMessage(); + } + $redirect = true; + } elseif ($_POST['action'] === 'delete_user') { + require_role('admin'); + try { + $id = $_POST['id']; + if ($id == $_SESSION['user_id']) { + throw new Exception("You cannot delete yourself."); + } + $stmt = $db->prepare("DELETE FROM users WHERE id = ?"); + $stmt->execute([$id]); + $_SESSION['flash_message'] = __('user_deleted'); + } catch (Exception $e) { + $_SESSION['flash_message'] = "Error: " . $e->getMessage(); + } + $redirect = true; } } @@ -1174,4 +1228,4 @@ if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'POST') header("Location: " . $_SERVER['REQUEST_URI']); exit; } -} \ No newline at end of file +} diff --git a/includes/pages/users.php b/includes/pages/users.php index 1f4b56f..2f753ef 100644 --- a/includes/pages/users.php +++ b/includes/pages/users.php @@ -1,54 +1,4 @@ prepare("INSERT INTO users (name, email, password, role_id, active) VALUES (?, ?, ?, ?, ?)"); - $stmt->execute([$name, $email, $password, $role_id, $active]); - $_SESSION['flash_message'] = __('user_created'); - } elseif ($_POST['action'] === 'edit_user') { - $id = $_POST['id']; - $name = $_POST['name']; - $email = $_POST['email']; - $role_id = $_POST['role_id']; - $active = isset($_POST['active']) ? 1 : 0; - - $sql = "UPDATE users SET name = ?, email = ?, role_id = ?, active = ? WHERE id = ?"; - $params = [$name, $email, $role_id, $active, $id]; - - if (!empty($_POST['password'])) { - $sql = "UPDATE users SET name = ?, email = ?, role_id = ?, active = ?, password = ? WHERE id = ?"; - $params = [$name, $email, $role_id, $active, password_hash($_POST['password'], PASSWORD_DEFAULT), $id]; - } - - $stmt = $db->prepare($sql); - $stmt->execute($params); - $_SESSION['flash_message'] = __('user_updated'); - } elseif ($_POST['action'] === 'delete_user') { - $id = $_POST['id']; - // Prevent deleting self - if ($id == $_SESSION['user_id']) { - throw new Exception("You cannot delete yourself."); - } - $stmt = $db->prepare("DELETE FROM users WHERE id = ?"); - $stmt->execute([$id]); - $_SESSION['flash_message'] = __('user_deleted'); - } - } catch (Exception $e) { - $_SESSION['flash_message'] = "Error: " . $e->getMessage(); - } - header("Location: users.php"); - exit; - } -} - // Fetch Users $stmt = $db->query("SELECT u.*, r.name as role_name FROM users u JOIN roles r ON u.role_id = r.id ORDER BY u.id DESC"); $users = $stmt->fetchAll(PDO::FETCH_ASSOC);