From 1d20fd7815c61c96fa1071ff687e37234906e570 Mon Sep 17 00:00:00 2001
From: Valentin <43043885+itsmrval@users.noreply.github.com>
Date: Fri, 14 Jun 2024 11:29:01 +0200
Subject: [PATCH] feat(admin) user delete & admin creation
---
components/admin/main.php | 49 ++++++++++++++++++++++++++------
components/admin/modal.php | 4 +++
components/admin/users_list.php | 23 ++++++++++-----
components/register/main.php | 50 ++++++++++++++++++++-------------
4 files changed, 90 insertions(+), 36 deletions(-)
diff --git a/components/admin/main.php b/components/admin/main.php
index 8865de0..d0c2cb0 100644
--- a/components/admin/main.php
+++ b/components/admin/main.php
@@ -8,7 +8,7 @@ if (!isset($_SESSION['is_admin']) || $_SESSION['is_admin'] !== 1) {
function getUsers() {
global $conn;
try {
- $query = $conn->prepare("SELECT id, email, firstName, lastName FROM users");
+ $query = $conn->prepare("SELECT id, email, firstName, lastName, is_admin FROM users");
$query->execute();
return $query->fetchAll(PDO::FETCH_ASSOC);
} catch (PDOException $e) {
@@ -18,16 +18,16 @@ function getUsers() {
$users = getUsers();
-function updateUserDetails($userId, $email, $firstName, $lastName, $password = null) {
+function updateUserDetails($userId, $email, $firstName, $lastName, $is_admin, $password = null) {
global $conn;
try {
if ($password) {
- $query = $conn->prepare("UPDATE users SET email = ?, firstName = ?, lastName = ?, password = ? WHERE id = ?");
+ $query = $conn->prepare("UPDATE users SET email = ?, firstName = ?, lastName = ?, password = ?, is_admin = ? WHERE id = ?");
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
- $query->execute([$email, $firstName, $lastName, $hashedPassword, $userId]);
+ $query->execute([$email, $firstName, $lastName, $hashedPassword, $is_admin, $userId]);
} else {
- $query = $conn->prepare("UPDATE users SET email = ?, firstName = ?, lastName = ? WHERE id = ?");
- $query->execute([$email, $firstName, $lastName, $userId]);
+ $query = $conn->prepare("UPDATE users SET email = ?, firstName = ?, lastName = ?, is_admin = ? WHERE id = ?");
+ $query->execute([$email, $firstName, $lastName, $is_admin, $userId]);
}
return true;
} catch(PDOException $e) {
@@ -35,10 +35,40 @@ function updateUserDetails($userId, $email, $firstName, $lastName, $password = n
}
}
-if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['userId'])) {
- $password = !empty($_POST['password']) ? $_POST['password'] : null;
+function deleteUser($userId) {
+ global $conn;
+ try {
+ $query = $conn->prepare("DELETE FROM users WHERE id = ?");
+ $query->execute([$userId]);
+ return true;
+ } catch(PDOException $e) {
+ return false;
+ }
+}
- $success = updateUserDetails($_POST['userId'], $_POST['email'], $_POST['firstName'], $_POST['lastName'], $password);
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['userId'])) {
+ if (isset($_POST['delete'])) {
+ if ($_POST['userId'] == $_SESSION['user_id']) {
+ echo 222;
+ $_SESSION['message'] = 'You cannot delete yourself.
';
+ header("Location: " . $_SERVER['REQUEST_URI']);
+ exit();
+ }
+ $success = deleteUser($_POST['userId']);
+ if ($success) {
+ $_SESSION['message'] = 'User deleted successfully.
';
+ } else {
+ $_SESSION['message'] = 'Failed to delete user.
';
+ }
+ header("Location: " . $_SERVER['REQUEST_URI']);
+ exit();
+ }
+
+ $password = !empty($_POST['password']) ? $_POST['password'] : null;
+ $_POST['is_admin'] = isset($_POST['is_admin']) ? 1 : 0;
+
+
+ $success = updateUserDetails($_POST['userId'], $_POST['email'], $_POST['firstName'], $_POST['lastName'], $_POST['is_admin'], $password);
if ($success) {
$_SESSION['message'] = 'User updated successfully.
';
@@ -69,5 +99,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['userId'])) {
editUserModal.querySelector('#editEmail').value = event.relatedTarget.getAttribute('data-email');
editUserModal.querySelector('#editFirstName').value = event.relatedTarget.getAttribute('data-firstname');
editUserModal.querySelector('#editLastName').value = event.relatedTarget.getAttribute('data-lastname');
+ editUserModal.querySelector('#editIsAdmin').checked = event.relatedTarget.getAttribute('data-isadmin') === '1';
});
diff --git a/components/admin/modal.php b/components/admin/modal.php
index 1d5dcfb..08c3a3c 100644
--- a/components/admin/modal.php
+++ b/components/admin/modal.php
@@ -25,6 +25,10 @@
Leave blank if you do not want to change the password
+
+
+
+
diff --git a/components/admin/users_list.php b/components/admin/users_list.php
index 3adefdc..0326ae6 100644
--- a/components/admin/users_list.php
+++ b/components/admin/users_list.php
@@ -16,15 +16,24 @@
|
|
-
+
+
+
+
|
+
\ No newline at end of file
diff --git a/components/register/main.php b/components/register/main.php
index 96ac001..984e688 100644
--- a/components/register/main.php
+++ b/components/register/main.php
@@ -1,30 +1,40 @@
prepare("SELECT * FROM users WHERE email = :email");
+ if ($_POST['password'] !== $_POST['confirmPassword']) {
+ $errorMessage = "Password doesnt match";
+ } else {
+ $query = $conn->prepare("SELECT * FROM users WHERE email = :email");
+ $query->bindParam(':email', $_POST['email']);
+ $query->execute();
+ $user = $query->fetch(PDO::FETCH_ASSOC);
+
+ if ($user) {
+ $errorMessage = "Email already used.";
+ }
+
+ if (!isset($errorMessage)) {
+ $query = $conn->prepare("INSERT INTO users (firstName, lastName, email, password) VALUES (:firstName, :lastName, :email, :password)");
+ $query->bindParam(':firstName', $_POST['firstName']);
+ $query->bindParam(':lastName', $_POST['lastName']);
+ $query->bindParam(':email', $_POST['email']);
+ $query->bindParam(':password', password_hash($_POST['password'], PASSWORD_DEFAULT));
+ $query->execute();
+
+ $query = $conn->prepare("SELECT COUNT(*) as count FROM users");
+ $query->execute();
+ $result = $query->fetch(PDO::FETCH_ASSOC);
+
+ if ($result['count'] == 1) {
+ $query = $conn->prepare("UPDATE users SET is_admin = 1 WHERE email = :email");
$query->bindParam(':email', $_POST['email']);
$query->execute();
- $user = $query->fetch(PDO::FETCH_ASSOC);
+ }
- if ($user) {
- $errorMessage = "Email already used.";
- }
-
- if (!isset($errorMessage)) {
- $query = $conn->prepare("INSERT INTO users (firstName, lastName, email, password) VALUES (:firstName, :lastName, :email, :password)");
- $query->bindParam(':firstName', $_POST['firstName']);
- $query->bindParam(':lastName', $_POST['lastName']);
- $query->bindParam(':email', $_POST['email']);
- $query->bindParam(':password', password_hash($_POST['password'], PASSWORD_DEFAULT));
- $query->execute();
-
- header("Location: login.php");
- exit();
- }
+ header("Location: login.php");
+ exit();
}
+ }
}
?>