admin/39414-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update install

Browse Source
This commit is contained in:
Flatlogic Bot 2026-04-01 04:12:16 +00:00
parent a232fc60a3
commit 4fb5c927e3
4 changed files with 77 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
admin_users.php
View File

@ -15,14 +15,15 @@ if (($_SERVER['REQUEST_METHOD'] ?? '') === 'POST') {
if ($action === 'create_user') { if ($action === 'create_user') {
$username = trim($_POST['username'] ?? ''); $username = trim($_POST['username'] ?? '');
$password = $_POST['password'] ?? ''; $password = $_POST['password'] ?? '';
$role = $_POST['role'] ?? 'admin';
if ($username === '' || $password === '') { if ($username === '' || $password === '') {
$error = qh_t('Username and password are required.', 'اسم المستخدم وكلمة المرور مطلوبان.'); $error = qh_t('Username and password are required.', 'اسم المستخدم وكلمة المرور مطلوبان.');
} else { } else {
try { try {
$hash = password_hash($password, PASSWORD_DEFAULT); $hash = password_hash($password, PASSWORD_DEFAULT);
$stmt = $pdo->prepare("INSERT INTO users (username, password) VALUES (:username, :password)"); $stmt = $pdo->prepare("INSERT INTO users (username, password, role) VALUES (:username, :password, :role)");
$stmt->execute(['username' => $username, 'password' => $hash]); $stmt->execute(['username' => $username, 'password' => $hash, 'role' => $role]);
$success = qh_t('User created successfully.', 'تم إنشاء المستخدم بنجاح.'); $success = qh_t('User created successfully.', 'تم إنشاء المستخدم بنجاح.');
} catch (PDOException $e) { } catch (PDOException $e) {
if ($e->getCode() == 23000) { if ($e->getCode() == 23000) {
@ -36,6 +37,7 @@ if (($_SERVER['REQUEST_METHOD'] ?? '') === 'POST') {
$id = (int)($_POST['id'] ?? 0); $id = (int)($_POST['id'] ?? 0);
$username = trim($_POST['username'] ?? ''); $username = trim($_POST['username'] ?? '');
$password = $_POST['password'] ?? ''; $password = $_POST['password'] ?? '';
$role = $_POST['role'] ?? 'admin';
if ($id <= 0 || $username === '') { if ($id <= 0 || $username === '') {
$error = qh_t('Invalid user data.', 'بيانات المستخدم غير صالحة.'); $error = qh_t('Invalid user data.', 'بيانات المستخدم غير صالحة.');
@ -43,11 +45,11 @@ if (($_SERVER['REQUEST_METHOD'] ?? '') === 'POST') {
try { try {
if ($password !== '') { if ($password !== '') {
$hash = password_hash($password, PASSWORD_DEFAULT); $hash = password_hash($password, PASSWORD_DEFAULT);
$stmt = $pdo->prepare("UPDATE users SET username = :username, password = :password WHERE id = :id"); $stmt = $pdo->prepare("UPDATE users SET username = :username, password = :password, role = :role WHERE id = :id");
$stmt->execute(['username' => $username, 'password' => $hash, 'id' => $id]); $stmt->execute(['username' => $username, 'password' => $hash, 'role' => $role, 'id' => $id]);
} else { } else {
$stmt = $pdo->prepare("UPDATE users SET username = :username WHERE id = :id"); $stmt = $pdo->prepare("UPDATE users SET username = :username, role = :role WHERE id = :id");
$stmt->execute(['username' => $username, 'id' => $id]); $stmt->execute(['username' => $username, 'role' => $role, 'id' => $id]);
} }
$success = qh_t('User updated successfully.', 'تم تحديث المستخدم بنجاح.'); $success = qh_t('User updated successfully.', 'تم تحديث المستخدم بنجاح.');
} catch (PDOException $e) { } catch (PDOException $e) {
@ -74,10 +76,13 @@ if (($_SERVER['REQUEST_METHOD'] ?? '') === 'POST') {
} }
try { try {
$users = $pdo->query("SELECT id, username, created_at FROM users ORDER BY id ASC")->fetchAll(); $users = $pdo->query("SELECT id, username, role, created_at FROM users ORDER BY id ASC")->fetchAll();
} catch (PDOException $e) { } catch (PDOException $e) {
if ($e->getCode() == '42S02') { if (str_contains($e->getMessage(), "Unknown column 'role'")) {
$pdo->exec("CREATE TABLE IF NOT EXISTS users (id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY, username VARCHAR(50) NOT NULL UNIQUE, password VARCHAR(255) NOT NULL, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci"); $pdo->exec("ALTER TABLE users ADD COLUMN role VARCHAR(20) DEFAULT 'admin'");
$users = $pdo->query("SELECT id, username, role, created_at FROM users ORDER BY id ASC")->fetchAll();
} elseif ($e->getCode() == '42S02') {
$pdo->exec("CREATE TABLE IF NOT EXISTS users (id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY, username VARCHAR(50) NOT NULL UNIQUE, password VARCHAR(255) NOT NULL, role VARCHAR(20) DEFAULT 'admin', created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci");
$users = []; $users = [];
$error = qh_t('Users table was missing and has been created.', 'كان جدول المستخدمين مفقوداً وتم إنشاؤه.'); $error = qh_t('Users table was missing and has been created.', 'كان جدول المستخدمين مفقوداً وتم إنشاؤه.');
} else { } else {
@ -86,6 +91,13 @@ try {
} }
$stats = qh_admin_stats(); $stats = qh_admin_stats();
$roles = [
'admin' => qh_t('Admin', 'مدير'),
'reception' => qh_t('Reception', 'استقبال'),
'nursing' => qh_t('Nursing', 'تمريض'),
'doctor' => qh_t('Doctor', 'طبيب'),
];
qh_page_start( qh_page_start(
'admin', 'admin',
qh_t('System Users', 'مستخدمو النظام'), qh_t('System Users', 'مستخدمو النظام'),
@ -125,6 +137,7 @@ qh_page_start(
<tr> <tr>
<th scope="col" class="px-4 py-3">ID</th> <th scope="col" class="px-4 py-3">ID</th>
<th scope="col" class="px-4 py-3"><?= qh_h(qh_t('Username', 'اسم المستخدم')) ?></th> <th scope="col" class="px-4 py-3"><?= qh_h(qh_t('Username', 'اسم المستخدم')) ?></th>
<th scope="col" class="px-4 py-3"><?= qh_h(qh_t('Role / Permissions', 'الدور / الصلاحيات')) ?></th>
<th scope="col" class="px-4 py-3"><?= qh_h(qh_t('Created At', 'تاريخ الإنشاء')) ?></th> <th scope="col" class="px-4 py-3"><?= qh_h(qh_t('Created At', 'تاريخ الإنشاء')) ?></th>
<th scope="col" class="px-4 py-3 text-end"><?= qh_h(qh_t('Actions', 'الإجراءات')) ?></th> <th scope="col" class="px-4 py-3 text-end"><?= qh_h(qh_t('Actions', 'الإجراءات')) ?></th>
</tr> </tr>
@ -134,13 +147,17 @@ qh_page_start(
<tr> <tr>
<td class="px-4 py-3 text-muted">#<?= qh_h((string)$user['id']) ?></td> <td class="px-4 py-3 text-muted">#<?= qh_h((string)$user['id']) ?></td>
<td class="px-4 py-3 fw-medium text-gray-900"><?= qh_h($user['username']) ?></td> <td class="px-4 py-3 fw-medium text-gray-900"><?= qh_h($user['username']) ?></td>
<td class="px-4 py-3">
<span class="badge bg-secondary"><?= qh_h($roles[$user['role']] ?? $user['role']) ?></span>
</td>
<td class="px-4 py-3 text-muted"><?= qh_h($user['created_at']) ?></td> <td class="px-4 py-3 text-muted"><?= qh_h($user['created_at']) ?></td>
<td class="px-4 py-3 text-end"> <td class="px-4 py-3 text-end">
<button type="button" class="btn btn-sm btn-outline-secondary me-2" <button type="button" class="btn btn-sm btn-outline-secondary me-2"
data-bs-toggle="modal" data-bs-toggle="modal"
data-bs-target="#editUserModal" data-bs-target="#editUserModal"
data-id="<?= qh_h((string)$user['id']) ?>" data-id="<?= qh_h((string)$user['id']) ?>"
data-username="<?= qh_h($user['username']) ?>"> data-username="<?= qh_h($user['username']) ?>"
data-role="<?= qh_h($user['role'] ?? 'admin') ?>">
<?= qh_h(qh_t('Edit', 'تعديل')) ?> <?= qh_h(qh_t('Edit', 'تعديل')) ?>
</button> </button>
<?php if (count($users) > 1): ?> <?php if (count($users) > 1): ?>
@ -157,7 +174,7 @@ qh_page_start(
<?php endforeach; ?> <?php endforeach; ?>
<?php if (empty($users)): ?> <?php if (empty($users)): ?>
<tr> <tr>
<td colspan="4" class="px-4 py-4 text-center text-muted"> <td colspan="5" class="px-4 py-4 text-center text-muted">
<?= qh_h(qh_t('No users found.', 'لا يوجد مستخدمين.')) ?> <?= qh_h(qh_t('No users found.', 'لا يوجد مستخدمين.')) ?>
</td> </td>
</tr> </tr>
@ -186,6 +203,14 @@ qh_page_start(
<label class="form-label text-muted small fw-bold text-uppercase"><?= qh_h(qh_t('Username', 'اسم المستخدم')) ?></label> <label class="form-label text-muted small fw-bold text-uppercase"><?= qh_h(qh_t('Username', 'اسم المستخدم')) ?></label>
<input type="text" name="username" class="form-control form-control-lg bg-light" required> <input type="text" name="username" class="form-control form-control-lg bg-light" required>
</div> </div>
<div class="mb-3">
<label class="form-label text-muted small fw-bold text-uppercase"><?= qh_h(qh_t('Role / Permissions', 'الدور / الصلاحيات')) ?></label>
<select name="role" class="form-select form-select-lg bg-light" required>
<?php foreach ($roles as $key => $label): ?>
<option value="<?= qh_h($key) ?>"><?= qh_h($label) ?></option>
<?php endforeach; ?>
</select>
</div>
<div class="mb-3"> <div class="mb-3">
<label class="form-label text-muted small fw-bold text-uppercase"><?= qh_h(qh_t('Password', 'كلمة المرور')) ?></label> <label class="form-label text-muted small fw-bold text-uppercase"><?= qh_h(qh_t('Password', 'كلمة المرور')) ?></label>
<input type="password" name="password" class="form-control form-control-lg bg-light" required> <input type="password" name="password" class="form-control form-control-lg bg-light" required>
@ -216,6 +241,14 @@ qh_page_start(
<label class="form-label text-muted small fw-bold text-uppercase"><?= qh_h(qh_t('Username', 'اسم المستخدم')) ?></label> <label class="form-label text-muted small fw-bold text-uppercase"><?= qh_h(qh_t('Username', 'اسم المستخدم')) ?></label>
<input type="text" name="username" id="editUserUsername" class="form-control form-control-lg bg-light" required> <input type="text" name="username" id="editUserUsername" class="form-control form-control-lg bg-light" required>
</div> </div>
<div class="mb-3">
<label class="form-label text-muted small fw-bold text-uppercase"><?= qh_h(qh_t('Role / Permissions', 'الدور / الصلاحيات')) ?></label>
<select name="role" id="editUserRole" class="form-select form-select-lg bg-light" required>
<?php foreach ($roles as $key => $label): ?>
<option value="<?= qh_h($key) ?>"><?= qh_h($label) ?></option>
<?php endforeach; ?>
</select>
</div>
<div class="mb-3"> <div class="mb-3">
<label class="form-label text-muted small fw-bold text-uppercase"><?= qh_h(qh_t('New Password (Optional)', 'كلمة مرور جديدة (اختياري)')) ?></label> <label class="form-label text-muted small fw-bold text-uppercase"><?= qh_h(qh_t('New Password (Optional)', 'كلمة مرور جديدة (اختياري)')) ?></label>
<input type="password" name="password" class="form-control form-control-lg bg-light" placeholder="<?= qh_h(qh_t('Leave blank to keep current password', 'اتركه فارغاً للاحتفاظ بكلمة المرور الحالية')) ?>"> <input type="password" name="password" class="form-control form-control-lg bg-light" placeholder="<?= qh_h(qh_t('Leave blank to keep current password', 'اتركه فارغاً للاحتفاظ بكلمة المرور الحالية')) ?>">
@ -238,12 +271,18 @@ document.addEventListener('DOMContentLoaded', function () {
const button = event.relatedTarget; const button = event.relatedTarget;
const id = button.getAttribute('data-id'); const id = button.getAttribute('data-id');
const username = button.getAttribute('data-username'); const username = button.getAttribute('data-username');
const role = button.getAttribute('data-role');
editModal.querySelector('#editUserId').value = id; editModal.querySelector('#editUserId').value = id;
editModal.querySelector('#editUserUsername').value = username; editModal.querySelector('#editUserUsername').value = username;
const roleSelect = editModal.querySelector('#editUserRole');
if (roleSelect && role) {
roleSelect.value = role;
}
}); });
} }
}); });
</script> </script>
<?php <?php
qh_page_end(); qh_page_end();

4
install.php
View File

@ -23,7 +23,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
try { try {
$pdo = new PDO("mysql:host=$dbHost;dbname=$dbName;charset=utf8mb4", $dbUser, $dbPass, [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]); $pdo = new PDO("mysql:host=$dbHost;dbname=$dbName;charset=utf8mb4", $dbUser, $dbPass, [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]);
// Rewrite db/config.php // Rewrite db/config.php
$configContent = "<?php\n" . $configContent = "<?php\n" .
"define('DB_HOST', '$dbHost');\n" . "define('DB_HOST', '$dbHost');\n" .
@ -33,8 +32,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
"function db() {\n" . "function db() {\n" .
" static \$pdo;\n" . " static \$pdo;\n" .
" if (!\$pdo) {\n" . " if (!\$pdo) {\n" .
" \$pdo = new PDO('mysql:host=".DB_HOST.";dbname=".DB_NAME.";charset=utf8mb4', DB_USER, DB_PASS, [ " \$pdo = new PDO('mysql:host=' . DB_HOST . ';dbname=' . DB_NAME . ';charset=utf8mb4', DB_USER, DB_PASS, [\n" .
" .
" PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,\n" . " PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,\n" .
" PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,\n" . " PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,\n" .
" ]);\n" . " ]);\n" .

3
login.php
View File

@ -16,13 +16,14 @@ if (($_SERVER['REQUEST_METHOD'] ?? 'GET') === 'POST') {
$error = qh_t('Please enter your username and password.', 'يرجى إدخال اسم المستخدم وكلمة المرور.'); $error = qh_t('Please enter your username and password.', 'يرجى إدخال اسم المستخدم وكلمة المرور.');
} else { } else {
try { try {
$stmt = db()->prepare("SELECT id, password FROM users WHERE username = :username LIMIT 1"); $stmt = db()->prepare("SELECT id, password, role FROM users WHERE username = :username LIMIT 1");
$stmt->execute(['username' => $username]); $stmt->execute(['username' => $username]);
$user = $stmt->fetch(); $user = $stmt->fetch();
if ($user && password_verify($password, $user['password'])) { if ($user && password_verify($password, $user['password'])) {
$_SESSION['user_id'] = (int) $user['id']; $_SESSION['user_id'] = (int) $user['id'];
$_SESSION['username'] = $username; $_SESSION['username'] = $username;
$_SESSION['role'] = $user['role'] ?? 'admin';
qh_redirect('index.php'); qh_redirect('index.php');
} else { } else {
$error = qh_t('Invalid username or password.', 'اسم المستخدم أو كلمة المرور غير صحيحة.'); $error = qh_t('Invalid username or password.', 'اسم المستخدم أو كلمة المرور غير صحيحة.');

24
queue_bootstrap.php
View File

@ -15,6 +15,25 @@ if (file_exists(__DIR__ . "/.installed") && !in_array($currentPage, $publicPages
header("Location: login.php"); header("Location: login.php");
exit; exit;
} }
$role = $_SESSION["role"] ?? "admin";
$allowed = false;
if ($role === "admin") {
$allowed = true;
} elseif ($currentPage === "index.php") {
$allowed = true;
} elseif ($role === "reception" && $currentPage === "reception.php") {
$allowed = true;
} elseif ($role === "nursing" && $currentPage === "nursing.php") {
$allowed = true;
} elseif ($role === "doctor" && $currentPage === "doctor.php") {
$allowed = true;
}
if (!$allowed) {
header("Location: index.php");
exit;
}
} }
@ -109,6 +128,9 @@ SQL;
try { db()->exec("ALTER TABLE hospital_profile_settings ADD COLUMN default_language VARCHAR(10) DEFAULT 'en'"); } catch (\Throwable $e) {} try { db()->exec("ALTER TABLE hospital_profile_settings ADD COLUMN default_language VARCHAR(10) DEFAULT 'en'"); } catch (\Throwable $e) {}
} }
try { db()->exec("CREATE TABLE IF NOT EXISTS users (id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY, username VARCHAR(50) NOT NULL UNIQUE, password VARCHAR(255) NOT NULL, role VARCHAR(20) DEFAULT 'admin', created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci"); } catch (\Throwable $e) {}
try { db()->exec("ALTER TABLE users ADD COLUMN role VARCHAR(20) DEFAULT 'admin'"); } catch (\Throwable $e) {}
function qh_seed_demo_data(): void function qh_seed_demo_data(): void
{ {
$pdo = db(); $pdo = db();
@ -1014,7 +1036,7 @@ function qh_admin_handle_request(): void
} }
$action = trim((string) ($_POST['action'] ?? '')); $action = trim((string) ($_POST['action'] ?? ''));
if ($action === '' || in_array($action, ['add_video', 'delete_video', 'toggle_status', 'add_news', 'delete_news', 'toggle_news_status'])) { if ($action === '' || in_array($action, ['add_video', 'delete_video', 'toggle_status', 'add_news', 'delete_news', 'toggle_news_status', 'create_user', 'update_user', 'delete_user'])) {
return; return;
} }