prepare("INSERT INTO users (username, password, role, branch_code, allowed_branches, name_ar, name_en, permissions) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
$perms = isset($_POST["permissions"]) ? json_encode($_POST["permissions"]) : "{}";
$allowed_branches = isset($_POST["allowed_branches"]) && is_array($_POST["allowed_branches"]) ? implode(",", $_POST["allowed_branches"]) : null;
$stmt->execute([$username, $hash, $role, $branch_code, $allowed_branches, $name_ar, $name_en, $perms]);
set_flash('success', tr('تمت إضافة المستخدم بنجاح.', 'User added successfully.'));
} catch (PDOException $e) {
set_flash('error', tr('حدث خطأ، قد يكون اسم المستخدم موجوداً مسبقاً.', 'Error occurred, username might already exist.'));
}
} else {
set_flash('error', tr('يرجى تعبئة الحقول المطلوبة.', 'Please fill required fields.'));
}
redirect_to('users.php');
}
if ($action === 'edit') {
if (!has_permission('users', 'edit')) { set_flash('error', tr('ليس لديك صلاحية', 'No permission')); redirect_to('users.php'); }
$id = (int)($_POST['id'] ?? 0);
$username = trim($_POST['username'] ?? '');
$name_ar = trim($_POST['name_ar'] ?? '');
$name_en = trim($_POST['name_en'] ?? '');
$role = $_POST['role'] ?? 'cashier';
$branch_code = $_POST['branch_code'] ?? 'muscat';
$password = $_POST['password'] ?? '';
if ($id && $username && $name_ar) {
try {
if ($password) {
$hash = password_hash($password, PASSWORD_DEFAULT);
$stmt = db()->prepare("UPDATE users SET username=?, password=?, role=?, branch_code=?, allowed_branches=?, name_ar=?, name_en=?, permissions=? WHERE id=?");
$perms = isset($_POST["permissions"]) ? json_encode($_POST["permissions"]) : "{}";
$allowed_branches = isset($_POST["allowed_branches"]) && is_array($_POST["allowed_branches"]) ? implode(",", $_POST["allowed_branches"]) : null;
$stmt->execute([$username, $hash, $role, $branch_code, $allowed_branches, $name_ar, $name_en, $perms, $id]);
} else {
$stmt = db()->prepare("UPDATE users SET username=?, role=?, branch_code=?, allowed_branches=?, name_ar=?, name_en=?, permissions=? WHERE id=?");
$perms = isset($_POST["permissions"]) ? json_encode($_POST["permissions"]) : "{}";
$allowed_branches = isset($_POST["allowed_branches"]) && is_array($_POST["allowed_branches"]) ? implode(",", $_POST["allowed_branches"]) : null;
$stmt->execute([$username, $role, $branch_code, $allowed_branches, $name_ar, $name_en, $perms, $id]);
}
set_flash('success', tr('تم تعديل المستخدم بنجاح.', 'User updated successfully.'));
} catch (PDOException $e) {
set_flash('error', tr('حدث خطأ أثناء التعديل.', 'Error occurred during update.'));
}
}
redirect_to('users.php');
}
if ($action === 'delete') {
if (!has_permission('users', 'del')) { set_flash('error', tr('ليس لديك صلاحية', 'No permission')); redirect_to('users.php'); }
$id = (int)($_POST['id'] ?? 0);
if ($id && $id !== $user['id']) {
$stmt = db()->prepare("DELETE FROM users WHERE id=?");
$stmt->execute([$id]);
set_flash('success', tr('تم حذف المستخدم بنجاح.', 'User deleted successfully.'));
} else {
set_flash('error', tr('لا يمكن حذف حسابك الحالي.', 'Cannot delete your own account.'));
}
redirect_to('users.php');
}
}
// Search logic
$search = $_GET['q'] ?? '';
$searchQuery = "%{$search}%";
if ($search) {
$stmt = db()->prepare("SELECT * FROM users WHERE name_ar LIKE ? OR name_en LIKE ? OR username LIKE ? ORDER BY id DESC");
$stmt->execute([$searchQuery, $searchQuery, $searchQuery]);
} else {
$stmt = db()->query("SELECT * FROM users ORDER BY id DESC");
}
$filteredAccounts = $stmt->fetchAll();
// Pagination logic
$page = max(1, (int)($_GET['p'] ?? 1));
$limit = 10;
$total = count($filteredAccounts);
$totalPages = max(1, ceil($total / $limit));
$offset = ($page - 1) * $limit;
$accounts = array_slice($filteredAccounts, $offset, $limit, true);
$availableBranches = branches();
require __DIR__ . '/includes/header.php';
?>