From 4fb5c927e3afe90a985ec6ad79f24ea92493ccd1 Mon Sep 17 00:00:00 2001 From: Flatlogic Bot Date: Wed, 1 Apr 2026 04:12:16 +0000 Subject: [PATCH] update install --- admin_users.php | 63 ++++++++++++++++++++++++++++++++++++--------- install.php | 4 +-- login.php | 3 ++- queue_bootstrap.php | 24 ++++++++++++++++- 4 files changed, 77 insertions(+), 17 deletions(-) diff --git a/admin_users.php b/admin_users.php index 0e24fef..82e1bd9 100644 --- a/admin_users.php +++ b/admin_users.php @@ -15,14 +15,15 @@ if (($_SERVER['REQUEST_METHOD'] ?? '') === 'POST') { if ($action === 'create_user') { $username = trim($_POST['username'] ?? ''); $password = $_POST['password'] ?? ''; + $role = $_POST['role'] ?? 'admin'; if ($username === '' || $password === '') { $error = qh_t('Username and password are required.', 'اسم المستخدم وكلمة المرور مطلوبان.'); } else { try { $hash = password_hash($password, PASSWORD_DEFAULT); - $stmt = $pdo->prepare("INSERT INTO users (username, password) VALUES (:username, :password)"); - $stmt->execute(['username' => $username, 'password' => $hash]); + $stmt = $pdo->prepare("INSERT INTO users (username, password, role) VALUES (:username, :password, :role)"); + $stmt->execute(['username' => $username, 'password' => $hash, 'role' => $role]); $success = qh_t('User created successfully.', 'تم إنشاء المستخدم بنجاح.'); } catch (PDOException $e) { if ($e->getCode() == 23000) { @@ -36,6 +37,7 @@ if (($_SERVER['REQUEST_METHOD'] ?? '') === 'POST') { $id = (int)($_POST['id'] ?? 0); $username = trim($_POST['username'] ?? ''); $password = $_POST['password'] ?? ''; + $role = $_POST['role'] ?? 'admin'; if ($id <= 0 || $username === '') { $error = qh_t('Invalid user data.', 'بيانات المستخدم غير صالحة.'); @@ -43,11 +45,11 @@ if (($_SERVER['REQUEST_METHOD'] ?? '') === 'POST') { try { if ($password !== '') { $hash = password_hash($password, PASSWORD_DEFAULT); - $stmt = $pdo->prepare("UPDATE users SET username = :username, password = :password WHERE id = :id"); - $stmt->execute(['username' => $username, 'password' => $hash, 'id' => $id]); + $stmt = $pdo->prepare("UPDATE users SET username = :username, password = :password, role = :role WHERE id = :id"); + $stmt->execute(['username' => $username, 'password' => $hash, 'role' => $role, 'id' => $id]); } else { - $stmt = $pdo->prepare("UPDATE users SET username = :username WHERE id = :id"); - $stmt->execute(['username' => $username, 'id' => $id]); + $stmt = $pdo->prepare("UPDATE users SET username = :username, role = :role WHERE id = :id"); + $stmt->execute(['username' => $username, 'role' => $role, 'id' => $id]); } $success = qh_t('User updated successfully.', 'تم تحديث المستخدم بنجاح.'); } catch (PDOException $e) { @@ -74,10 +76,13 @@ if (($_SERVER['REQUEST_METHOD'] ?? '') === 'POST') { } try { - $users = $pdo->query("SELECT id, username, created_at FROM users ORDER BY id ASC")->fetchAll(); + $users = $pdo->query("SELECT id, username, role, created_at FROM users ORDER BY id ASC")->fetchAll(); } catch (PDOException $e) { - if ($e->getCode() == '42S02') { - $pdo->exec("CREATE TABLE IF NOT EXISTS users (id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY, username VARCHAR(50) NOT NULL UNIQUE, password VARCHAR(255) NOT NULL, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci"); + if (str_contains($e->getMessage(), "Unknown column 'role'")) { + $pdo->exec("ALTER TABLE users ADD COLUMN role VARCHAR(20) DEFAULT 'admin'"); + $users = $pdo->query("SELECT id, username, role, created_at FROM users ORDER BY id ASC")->fetchAll(); + } elseif ($e->getCode() == '42S02') { + $pdo->exec("CREATE TABLE IF NOT EXISTS users (id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY, username VARCHAR(50) NOT NULL UNIQUE, password VARCHAR(255) NOT NULL, role VARCHAR(20) DEFAULT 'admin', created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci"); $users = []; $error = qh_t('Users table was missing and has been created.', 'كان جدول المستخدمين مفقوداً وتم إنشاؤه.'); } else { @@ -86,6 +91,13 @@ try { } $stats = qh_admin_stats(); +$roles = [ + 'admin' => qh_t('Admin', 'مدير'), + 'reception' => qh_t('Reception', 'استقبال'), + 'nursing' => qh_t('Nursing', 'تمريض'), + 'doctor' => qh_t('Doctor', 'طبيب'), +]; + qh_page_start( 'admin', qh_t('System Users', 'مستخدمو النظام'), @@ -125,6 +137,7 @@ qh_page_start( ID + @@ -134,13 +147,17 @@ qh_page_start( # + + + 1): ?> @@ -157,7 +174,7 @@ qh_page_start( - + @@ -186,6 +203,14 @@ qh_page_start( +
+ + +
@@ -216,6 +241,14 @@ qh_page_start(
+
+ + +
@@ -238,12 +271,18 @@ document.addEventListener('DOMContentLoaded', function () { const button = event.relatedTarget; const id = button.getAttribute('data-id'); const username = button.getAttribute('data-username'); + const role = button.getAttribute('data-role'); editModal.querySelector('#editUserId').value = id; editModal.querySelector('#editUserUsername').value = username; + + const roleSelect = editModal.querySelector('#editUserRole'); + if (roleSelect && role) { + roleSelect.value = role; + } }); } }); PDO::ERRMODE_EXCEPTION]); - // Rewrite db/config.php $configContent = " PDO::ERRMODE_EXCEPTION,\n" . " PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,\n" . " ]);\n" . diff --git a/login.php b/login.php index 26b1ea2..1a20860 100644 --- a/login.php +++ b/login.php @@ -16,13 +16,14 @@ if (($_SERVER['REQUEST_METHOD'] ?? 'GET') === 'POST') { $error = qh_t('Please enter your username and password.', 'يرجى إدخال اسم المستخدم وكلمة المرور.'); } else { try { - $stmt = db()->prepare("SELECT id, password FROM users WHERE username = :username LIMIT 1"); + $stmt = db()->prepare("SELECT id, password, role FROM users WHERE username = :username LIMIT 1"); $stmt->execute(['username' => $username]); $user = $stmt->fetch(); if ($user && password_verify($password, $user['password'])) { $_SESSION['user_id'] = (int) $user['id']; $_SESSION['username'] = $username; + $_SESSION['role'] = $user['role'] ?? 'admin'; qh_redirect('index.php'); } else { $error = qh_t('Invalid username or password.', 'اسم المستخدم أو كلمة المرور غير صحيحة.'); diff --git a/queue_bootstrap.php b/queue_bootstrap.php index 47bf5dd..ee6eaa8 100644 --- a/queue_bootstrap.php +++ b/queue_bootstrap.php @@ -15,6 +15,25 @@ if (file_exists(__DIR__ . "/.installed") && !in_array($currentPage, $publicPages header("Location: login.php"); exit; } + + $role = $_SESSION["role"] ?? "admin"; + $allowed = false; + if ($role === "admin") { + $allowed = true; + } elseif ($currentPage === "index.php") { + $allowed = true; + } elseif ($role === "reception" && $currentPage === "reception.php") { + $allowed = true; + } elseif ($role === "nursing" && $currentPage === "nursing.php") { + $allowed = true; + } elseif ($role === "doctor" && $currentPage === "doctor.php") { + $allowed = true; + } + + if (!$allowed) { + header("Location: index.php"); + exit; + } } @@ -109,6 +128,9 @@ SQL; try { db()->exec("ALTER TABLE hospital_profile_settings ADD COLUMN default_language VARCHAR(10) DEFAULT 'en'"); } catch (\Throwable $e) {} } + try { db()->exec("CREATE TABLE IF NOT EXISTS users (id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY, username VARCHAR(50) NOT NULL UNIQUE, password VARCHAR(255) NOT NULL, role VARCHAR(20) DEFAULT 'admin', created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci"); } catch (\Throwable $e) {} + try { db()->exec("ALTER TABLE users ADD COLUMN role VARCHAR(20) DEFAULT 'admin'"); } catch (\Throwable $e) {} + function qh_seed_demo_data(): void { $pdo = db(); @@ -1014,7 +1036,7 @@ function qh_admin_handle_request(): void } $action = trim((string) ($_POST['action'] ?? '')); - if ($action === '' || in_array($action, ['add_video', 'delete_video', 'toggle_status', 'add_news', 'delete_news', 'toggle_news_status'])) { + if ($action === '' || in_array($action, ['add_video', 'delete_video', 'toggle_status', 'add_news', 'delete_news', 'toggle_news_status', 'create_user', 'update_user', 'delete_user'])) { return; }