valentin/subway
1
0
Fork 0
mirror of synced 2025-12-28 00:23:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(admin) user delete & admin creation

Browse Source
This commit is contained in:
Valentin
2024-06-14 11:29:01 +02:00
parent b04fc41ab2
commit 1d20fd7815
4 changed files with 90 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
components/admin/main.php
View File

@@ -8,7 +8,7 @@ if (!isset($_SESSION['is_admin']) || $_SESSION['is_admin'] !== 1) {
function getUsers() {
global $conn;
try {
$query = $conn->prepare("SELECT id, email, firstName, lastName FROM users");
$query = $conn->prepare("SELECT id, email, firstName, lastName, is_admin FROM users");
$query->execute();
return $query->fetchAll(PDO::FETCH_ASSOC);
} catch (PDOException $e) {
@@ -18,16 +18,16 @@ function getUsers() {
$users = getUsers();
function updateUserDetails($userId, $email, $firstName, $lastName, $password = null) {
function updateUserDetails($userId, $email, $firstName, $lastName, $is_admin, $password = null) {
global $conn;
try {
if ($password) {
$query = $conn->prepare("UPDATE users SET email = ?, firstName = ?, lastName = ?, password = ? WHERE id = ?");
$query = $conn->prepare("UPDATE users SET email = ?, firstName = ?, lastName = ?, password = ?, is_admin = ? WHERE id = ?");
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
$query->execute([$email, $firstName, $lastName, $hashedPassword, $userId]);
$query->execute([$email, $firstName, $lastName, $hashedPassword, $is_admin, $userId]);
} else {
$query = $conn->prepare("UPDATE users SET email = ?, firstName = ?, lastName = ? WHERE id = ?");
$query->execute([$email, $firstName, $lastName, $userId]);
$query = $conn->prepare("UPDATE users SET email = ?, firstName = ?, lastName = ?, is_admin = ? WHERE id = ?");
$query->execute([$email, $firstName, $lastName, $is_admin, $userId]);
}
return true;
} catch(PDOException $e) {
@@ -35,10 +35,40 @@ function updateUserDetails($userId, $email, $firstName, $lastName, $password = n
}
}
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['userId'])) {
$password = !empty($_POST['password']) ? $_POST['password'] : null;
function deleteUser($userId) {
global $conn;
try {
$query = $conn->prepare("DELETE FROM users WHERE id = ?");
$query->execute([$userId]);
return true;
} catch(PDOException $e) {
return false;
}
}
$success = updateUserDetails($_POST['userId'], $_POST['email'], $_POST['firstName'], $_POST['lastName'], $password);
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['userId'])) {
if (isset($_POST['delete'])) {
if ($_POST['userId'] == $_SESSION['user_id']) {
echo 222;
$_SESSION['message'] = '<div class="alert alert-danger text-center" role="alert">You cannot delete yourself.</div>';
header("Location: " . $_SERVER['REQUEST_URI']);
exit();
}
$success = deleteUser($_POST['userId']);
if ($success) {
$_SESSION['message'] = '<div class="alert alert-success text-center" role="alert">User deleted successfully.</div>';
} else {
$_SESSION['message'] = '<div class="alert alert-danger text-center" role="alert">Failed to delete user.</div>';
}
header("Location: " . $_SERVER['REQUEST_URI']);
exit();
}
$password = !empty($_POST['password']) ? $_POST['password'] : null;
$_POST['is_admin'] = isset($_POST['is_admin']) ? 1 : 0;
$success = updateUserDetails($_POST['userId'], $_POST['email'], $_POST['firstName'], $_POST['lastName'], $_POST['is_admin'], $password);
if ($success) {
$_SESSION['message'] = '<div class="alert alert-success text-center" role="alert">User updated successfully.</div>';
@@ -69,5 +99,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['userId'])) {
editUserModal.querySelector('#editEmail').value = event.relatedTarget.getAttribute('data-email');
editUserModal.querySelector('#editFirstName').value = event.relatedTarget.getAttribute('data-firstname');
editUserModal.querySelector('#editLastName').value = event.relatedTarget.getAttribute('data-lastname');
editUserModal.querySelector('#editIsAdmin').checked = event.relatedTarget.getAttribute('data-isadmin') === '1';
});
</script>