michael
/
Podcast-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Podcast-server/admin/users.php

162 lines
7.8 KiB
PHP
Raw Blame History

<?php
require_once '../includes/db.php';
require_once '../includes/functions.php';
requireRole('admin');
$error = '';
$success = '';
// Handle Delete
if (isset($_GET['delete'])) {
$id = (int)$_GET['delete'];
if ($id !== $_SESSION['admin_id']) {
$stmt = $pdo->prepare("DELETE FROM admins WHERE id = ?");
$stmt->execute([$id]);
logActivity($_SESSION['admin_id'], 'USER_DELETE', "Deleted user ID: $id");
$success = "User deleted successfully.";
} else {
$error = "You cannot delete yourself.";
}
}
// Handle Add/Edit
$editUser = null;
if (isset($_GET['edit'])) {
$stmt = $pdo->prepare("SELECT * FROM admins WHERE id = ?");
$stmt->execute([(int)$_GET['edit']]);
$editUser = $stmt->fetch();
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = $_POST['username'] ?? '';
$password = $_POST['password'] ?? '';
$role = $_POST['role'] ?? 'editor';
$userId = $_POST['user_id'] ?? null;
if ($userId) {
// Update
if ($password) {
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
$stmt = $pdo->prepare("UPDATE admins SET username = ?, password = ?, role = ? WHERE id = ?");
$stmt->execute([$username, $hashedPassword, $role, $userId]);
} else {
$stmt = $pdo->prepare("UPDATE admins SET username = ?, role = ? WHERE id = ?");
$stmt->execute([$username, $role, $userId]);
}
logActivity($_SESSION['admin_id'], 'USER_UPDATE', "Updated user: $username (ID: $userId)");
$success = "User updated successfully.";
header("Location: users.php?success=" . urlencode($success));
exit;
} else {
// Create
if ($username && $password) {
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
$stmt = $pdo->prepare("INSERT INTO admins (username, password, role) VALUES (?, ?, ?)");
try {
$stmt->execute([$username, $hashedPassword, $role]);
logActivity($_SESSION['admin_id'], 'USER_CREATE', "Created new user: $username (Role: $role)");
$success = "User created successfully.";
} catch (PDOException $e) {
$error = "Username already exists.";
}
} else {
$error = "Please fill in all fields.";
}
}
}
$stmt = $pdo->query("SELECT * FROM admins ORDER BY username ASC");
$users = $stmt->fetchAll();
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Manage Users - <?php echo getSetting($pdo, 'site_title'); ?></title>
<link rel="stylesheet" href="../assets/css/style.css">
</head>
<body>
<nav>
<a href="<?php echo PROJECT_ROOT_URL; ?>/" class="logo">Admin Dashboard</a>
<div class="nav-links">
<a href="dashboard.php">Episodes</a>
<a href="upload.php">Upload New</a>
<a href="settings.php">Site Settings</a>
<a href="users.php" style="color: var(--primary-color);">Manage Users</a>
<a href="system.php">System</a>
<a href="logout.php">Logout</a>
</div>
</nav>
<div class="container" style="margin-top: 3rem;">
<div style="display: flex; justify-content: space-between; align-items: flex-start; gap: 4rem;">
<div style="flex: 1;">
<h2>Manage Users</h2>
<?php if (isset($_GET['success'])): ?>
<p style="color: #10b981; margin-top: 1rem;"><?php echo htmlspecialchars($_GET['success']); ?></p>
<?php endif; ?>
<?php if ($success): ?>
<p style="color: #10b981; margin-top: 1rem;"><?php echo $success; ?></p>
<?php endif; ?>
<?php if ($error): ?>
<p style="color: #ef4444; margin-top: 1rem;"><?php echo $error; ?></p>
<?php endif; ?>
<table style="width: 100%; border-collapse: collapse; margin-top: 2rem;">
<thead>
<tr style="text-align: left; border-bottom: 1px solid var(--glass-border);">
<th style="padding: 1rem;">Username</th>
<th style="padding: 1rem;">Role</th>
<th style="padding: 1rem; text-align: right;">Actions</th>
</tr>
</thead>
<tbody>
<?php foreach ($users as $user): ?>
<tr style="border-bottom: 1px solid var(--glass-border);">
<td style="padding: 1rem;"><?php echo htmlspecialchars($user['username']); ?></td>
<td style="padding: 1rem;"><span class="status-badge" style="background: rgba(99,102,241,0.1); color: var(--primary-color); padding: 0.2rem 0.6rem; border-radius: 12px; font-size: 0.8rem;"><?php echo ucfirst($user['role']); ?></span></td>
<td style="padding: 1rem; text-align: right;">
<a href="?edit=<?php echo $user['id']; ?>" style="color: var(--primary-color); text-decoration: none; margin-right: 1rem;">Edit</a>
<?php if ($user['id'] !== $_SESSION['admin_id']): ?>
<a href="?delete=<?php echo $user['id']; ?>" style="color: #ef4444; text-decoration: none;" onclick="return confirm('Delete this user?')">Delete</a>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
<div class="episode-card" style="width: 400px;">
<h3><?php echo $editUser ? 'Edit User' : 'Add New User'; ?></h3>
<form method="POST" style="margin-top: 1.5rem;">
<input type="hidden" name="user_id" value="<?php echo $editUser['id'] ?? ''; ?>">
<div class="form-group">
<label for="username">Username</label>
<input type="text" id="username" name="username" value="<?php echo htmlspecialchars($editUser['username'] ?? ''); ?>" required>
</div>
<div class="form-group">
<label for="password">Password <?php echo $editUser ? '(Leave blank to keep current)' : ''; ?></label>
<input type="password" id="password" name="password" <?php echo $editUser ? '' : 'required'; ?>>
</div>
<div class="form-group">
<label for="role">Role</label>
<select name="role" id="role" style="width: 100%; padding: 0.75rem; background: rgba(255,255,255,0.05); border: 1px solid var(--glass-border); border-radius: 12px; color: white;">
<option value="editor" <?php echo ($editUser['role'] ?? '') === 'editor' ? 'selected' : ''; ?>>Editor</option>
<option value="admin" <?php echo ($editUser['role'] ?? '') === 'admin' ? 'selected' : ''; ?>>Administrator</option>
</select>
</div>
<button type="submit" class="btn btn-primary" style="width: 100%;"><?php echo $editUser ? 'Update User' : 'Create User'; ?></button>
<?php if ($editUser): ?>
<a href="users.php" class="btn" style="width: 100%; margin-top: 0.5rem; background: rgba(255,255,255,0.05); text-align: center;">Cancel</a>
<?php endif; ?>
</form>
</div>
</div>
</div>
<?php include '../includes/footer.php'; ?>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink