Access Denied. You do not have permission to manage platform users.

'; render_footer(); exit; } $pdo = db(); $message = ''; $error = ''; // Handle Actions if ($_SERVER['REQUEST_METHOD'] === 'POST') { $action = $_POST['action'] ?? ''; if ($action === 'create' || $action === 'edit') { $id = isset($_POST['id']) ? (int)$_POST['id'] : null; $email = trim($_POST['email'] ?? ''); $fullName = trim($_POST['full_name'] ?? ''); $password = $_POST['password'] ?? ''; $selectedPermissions = $_POST['permissions'] ?? []; if (empty($email) || empty($fullName)) { $error = t('error_required'); } else { try { $pdo->beginTransaction(); if ($action === 'create') { // Check if email exists $stmtCheck = $pdo->prepare("SELECT id FROM users WHERE email = ?"); $stmtCheck->execute([$email]); if ($stmtCheck->fetch()) { $error = t('error_email_exists'); } else { if (empty($password)) { $error = t('error_required'); } else { $stmt = $pdo->prepare("INSERT INTO users (email, password, full_name, role, status) VALUES (?, ?, ?, 'admin', 'active')"); $stmt->execute([$email, password_hash($password, PASSWORD_DEFAULT), $fullName]); $id = (int)$pdo->lastInsertId(); $message = t('user_created'); } } } else { // Edit // Check if email exists for other user $stmtCheck = $pdo->prepare("SELECT id FROM users WHERE email = ? AND id != ?"); $stmtCheck->execute([$email, $id]); if ($stmtCheck->fetch()) { $error = t('error_email_exists'); } else { $sql = "UPDATE users SET email = ?, full_name = ? WHERE id = ?"; $params = [$email, $fullName, $id]; if (!empty($password)) { $sql = "UPDATE users SET email = ?, full_name = ?, password = ? WHERE id = ?"; $params = [$email, $fullName, password_hash($password, PASSWORD_DEFAULT), $id]; } $stmt = $pdo->prepare($sql); $stmt->execute($params); $message = t('user_updated'); } } if (!$error && $id) { // Update Permissions $pdo->prepare("DELETE FROM user_permissions WHERE user_id = ?")->execute([$id]); if (!empty($selectedPermissions)) { $stmtPerm = $pdo->prepare("INSERT INTO user_permissions (user_id, permission_id) VALUES (?, ?)"); foreach ($selectedPermissions as $permId) { $stmtPerm->execute([$id, $permId]); } } } if (!$error) { $pdo->commit(); } else { $pdo->rollBack(); } } catch (Exception $e) { $pdo->rollBack(); $error = $e->getMessage(); } } } elseif ($action === 'delete') { $id = (int)($_POST['id'] ?? 0); if ($id === $_SESSION['user_id']) { $error = "You cannot delete your own account."; } else { $pdo->prepare("DELETE FROM users WHERE id = ? AND role = 'admin'")->execute([$id]); $message = t('user_deleted'); } } } // Fetch Users $stmtUsers = $pdo->query("SELECT id, email, full_name, created_at FROM users WHERE role = 'admin' ORDER BY created_at DESC"); $users = $stmtUsers->fetchAll(); // Fetch Permissions $stmtPerms = $pdo->query("SELECT id, slug, name, description FROM permissions ORDER BY name ASC"); $allPermissions = $stmtPerms->fetchAll(); render_header(t('nav_platform_users'), 'platform_users', true); ?>

ID

#