prepare("SELECT * FROM users WHERE id = ?"); $stmt->execute([$edit_id]); $edit_user = $stmt->fetch(); } if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (isset($_POST['add_user'])) { $username = trim($_POST['username']); $email = trim($_POST['email']); $password = password_hash($_POST['password'], PASSWORD_DEFAULT); $role = $_POST['role']; $stmt = $pdo->prepare("INSERT INTO users (username, email, password, role) VALUES (?, ?, ?, ?)"); try { $stmt->execute([$username, $email, $password, $role]); $success = "User added successfully!"; } catch (Exception $e) { $error = "Error adding user: " . $e->getMessage(); } } elseif (isset($_POST['update_user'])) { $id = (int)$_POST['user_id']; $username = trim($_POST['username']); $email = trim($_POST['email']); $role = $_POST['role']; // Protection: Don't demote yourself if ($id == $_SESSION['user_id'] && $role !== 'admin') { $error = "You cannot demote yourself from Admin!"; } else { $stmt = $pdo->prepare("UPDATE users SET username = ?, email = ?, role = ? WHERE id = ?"); try { $stmt->execute([$username, $email, $role, $id]); $success = "User updated successfully!"; header("Location: users.php?msg=" . urlencode($success)); exit; } catch (Exception $e) { $error = "Error updating user: " . $e->getMessage(); } } } elseif (isset($_POST['delete_user'])) { $id = (int)$_POST['user_id']; if ($id != $_SESSION['user_id']) { $pdo->prepare("DELETE FROM users WHERE id = ?")->execute([$id]); $success = "User deleted!"; } else { $error = "You cannot delete yourself!"; } } } if (isset($_GET['msg'])) $success = $_GET['msg']; $users = $pdo->query("SELECT id, username, email, role, created_at FROM users ORDER BY created_at DESC")->fetchAll(); ob_start(); require_once '../includes/header.php'; $header = ob_get_clean(); echo str_replace(['assets/', 'index.php', 'login.php', 'logout.php', 'admin/'], ['../assets/', '../index.php', '../login.php', '../logout.php', './'], $header); ?>

System Users

Username Role Action

Cancel