mirror of https://github.com/itsmrval/subway
Valentin
parent
b04fc41ab2
commit
f8278ed084
|
|
@ -8,7 +8,7 @@ if (!isset($_SESSION['is_admin']) || $_SESSION['is_admin'] !== 1) {
|
|||
function getUsers() {
|
||||
global $conn;
|
||||
try {
|
||||
$query = $conn->prepare("SELECT id, email, firstName, lastName FROM users");
|
||||
$query = $conn->prepare("SELECT id, email, firstName, lastName, is_admin FROM users");
|
||||
$query->execute();
|
||||
return $query->fetchAll(PDO::FETCH_ASSOC);
|
||||
} catch (PDOException $e) {
|
||||
|
|
@ -18,16 +18,16 @@ function getUsers() {
|
|||
|
||||
$users = getUsers();
|
||||
|
||||
function updateUserDetails($userId, $email, $firstName, $lastName, $password = null) {
|
||||
function updateUserDetails($userId, $email, $firstName, $lastName, $is_admin, $password = null) {
|
||||
global $conn;
|
||||
try {
|
||||
if ($password) {
|
||||
$query = $conn->prepare("UPDATE users SET email = ?, firstName = ?, lastName = ?, password = ? WHERE id = ?");
|
||||
$query = $conn->prepare("UPDATE users SET email = ?, firstName = ?, lastName = ?, password = ?, is_admin = ? WHERE id = ?");
|
||||
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
|
||||
$query->execute([$email, $firstName, $lastName, $hashedPassword, $userId]);
|
||||
$query->execute([$email, $firstName, $lastName, $hashedPassword, $is_admin, $userId]);
|
||||
} else {
|
||||
$query = $conn->prepare("UPDATE users SET email = ?, firstName = ?, lastName = ? WHERE id = ?");
|
||||
$query->execute([$email, $firstName, $lastName, $userId]);
|
||||
$query = $conn->prepare("UPDATE users SET email = ?, firstName = ?, lastName = ?, is_admin = ? WHERE id = ?");
|
||||
$query->execute([$email, $firstName, $lastName, $is_admin, $userId]);
|
||||
}
|
||||
return true;
|
||||
} catch(PDOException $e) {
|
||||
|
|
@ -35,10 +35,40 @@ function updateUserDetails($userId, $email, $firstName, $lastName, $password = n
|
|||
}
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['userId'])) {
|
||||
$password = !empty($_POST['password']) ? $_POST['password'] : null;
|
||||
function deleteUser($userId) {
|
||||
global $conn;
|
||||
try {
|
||||
$query = $conn->prepare("DELETE FROM users WHERE id = ?");
|
||||
$query->execute([$userId]);
|
||||
return true;
|
||||
} catch(PDOException $e) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
$success = updateUserDetails($_POST['userId'], $_POST['email'], $_POST['firstName'], $_POST['lastName'], $password);
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['userId'])) {
|
||||
if (isset($_POST['delete'])) {
|
||||
if ($_POST['userId'] == $_SESSION['user_id']) {
|
||||
echo 222;
|
||||
$_SESSION['message'] = '<div class="alert alert-danger text-center" role="alert">You cannot delete yourself.</div>';
|
||||
header("Location: " . $_SERVER['REQUEST_URI']);
|
||||
exit();
|
||||
}
|
||||
$success = deleteUser($_POST['userId']);
|
||||
if ($success) {
|
||||
$_SESSION['message'] = '<div class="alert alert-success text-center" role="alert">User deleted successfully.</div>';
|
||||
} else {
|
||||
$_SESSION['message'] = '<div class="alert alert-danger text-center" role="alert">Failed to delete user.</div>';
|
||||
}
|
||||
header("Location: " . $_SERVER['REQUEST_URI']);
|
||||
exit();
|
||||
}
|
||||
|
||||
$password = !empty($_POST['password']) ? $_POST['password'] : null;
|
||||
$_POST['is_admin'] = isset($_POST['is_admin']) ? 1 : 0;
|
||||
|
||||
|
||||
$success = updateUserDetails($_POST['userId'], $_POST['email'], $_POST['firstName'], $_POST['lastName'], $_POST['is_admin'], $password);
|
||||
|
||||
if ($success) {
|
||||
$_SESSION['message'] = '<div class="alert alert-success text-center" role="alert">User updated successfully.</div>';
|
||||
|
|
@ -69,5 +99,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['userId'])) {
|
|||
editUserModal.querySelector('#editEmail').value = event.relatedTarget.getAttribute('data-email');
|
||||
editUserModal.querySelector('#editFirstName').value = event.relatedTarget.getAttribute('data-firstname');
|
||||
editUserModal.querySelector('#editLastName').value = event.relatedTarget.getAttribute('data-lastname');
|
||||
editUserModal.querySelector('#editIsAdmin').checked = event.relatedTarget.getAttribute('data-isadmin') === '1';
|
||||
});
|
||||
</script>
|
||||
|
|
|
|||
|
|
@ -25,6 +25,10 @@
|
|||
<input type="password" class="form-control" id="editPassword" name="password">
|
||||
<small class="form-text text-muted">Leave blank if you do not want to change the password</small>
|
||||
</div>
|
||||
<div class="mb-3 form-check">
|
||||
<input type="checkbox" class="form-check-input" id="editIsAdmin" name="is_admin">
|
||||
<label class="form-label" for="editIsAdmin">Admin role</label>
|
||||
</div>
|
||||
<button type="submit" class="btn btn-primary">Save Changes</button>
|
||||
</form>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -16,15 +16,24 @@
|
|||
<td><?php echo htmlspecialchars($user['firstName']); ?></td>
|
||||
<td><?php echo htmlspecialchars($user['lastName']); ?></td>
|
||||
<td>
|
||||
<button type="button" class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#editUserModal"
|
||||
<div class="d-flex">
|
||||
<button type="button" class="btn btn-primary me-2" data-bs-toggle="modal" data-bs-target="#editUserModal"
|
||||
data-id="<?php echo htmlspecialchars($user['id']); ?>"
|
||||
data-email="<?php echo htmlspecialchars($user['email']); ?>"
|
||||
data-firstname="<?php echo htmlspecialchars($user['firstName']); ?>"
|
||||
data-lastname="<?php echo htmlspecialchars($user['lastName']); ?>">
|
||||
data-lastname="<?php echo htmlspecialchars($user['lastName']); ?>"
|
||||
data-isadmin="<?php echo htmlspecialchars($user['is_admin']); ?>"
|
||||
>
|
||||
Edit
|
||||
</button>
|
||||
<form method="POST" action="">
|
||||
<input type="hidden" name="userId" value="<?php echo htmlspecialchars($user['id']); ?>">
|
||||
<button type="submit" name="delete" class="btn btn-danger">Delete</button>
|
||||
</form>
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
</tr>
|
||||
<?php endforeach; ?>
|
||||
</tbody>
|
||||
</table>
|
||||
|
|
@ -21,6 +21,16 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
|||
$query->bindParam(':password', password_hash($_POST['password'], PASSWORD_DEFAULT));
|
||||
$query->execute();
|
||||
|
||||
$query = $conn->prepare("SELECT COUNT(*) as count FROM users");
|
||||
$query->execute();
|
||||
$result = $query->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
if ($result['count'] == 1) {
|
||||
$query = $conn->prepare("UPDATE users SET is_admin = 1 WHERE email = :email");
|
||||
$query->bindParam(':email', $_POST['email']);
|
||||
$query->execute();
|
||||
}
|
||||
|
||||
header("Location: login.php");
|
||||
exit();
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue