170 lines
8.2 KiB
PHP
170 lines
8.2 KiB
PHP
<?php
|
|
require_once '../includes/db.php';
|
|
require_once '../includes/auth.php';
|
|
requireAdmin();
|
|
|
|
$success = '';
|
|
$error = '';
|
|
$edit_user = null;
|
|
|
|
// Handle Edit Mode
|
|
if (isset($_GET['edit'])) {
|
|
$edit_id = (int)$_GET['edit'];
|
|
$stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?");
|
|
$stmt->execute([$edit_id]);
|
|
$edit_user = $stmt->fetch();
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
if (isset($_POST['add_user'])) {
|
|
$username = trim($_POST['username']);
|
|
$email = trim($_POST['email']);
|
|
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
|
|
$role = $_POST['role'];
|
|
|
|
$stmt = $pdo->prepare("INSERT INTO users (username, email, password, role) VALUES (?, ?, ?, ?)");
|
|
try {
|
|
$stmt->execute([$username, $email, $password, $role]);
|
|
$success = "User added successfully!";
|
|
} catch (Exception $e) {
|
|
$error = "Error adding user: " . $e->getMessage();
|
|
}
|
|
} elseif (isset($_POST['update_user'])) {
|
|
$id = (int)$_POST['user_id'];
|
|
$username = trim($_POST['username']);
|
|
$email = trim($_POST['email']);
|
|
$role = $_POST['role'];
|
|
|
|
// Protection: Don't demote yourself
|
|
if ($id == $_SESSION['user_id'] && $role !== 'admin') {
|
|
$error = "You cannot demote yourself from Admin!";
|
|
} else {
|
|
$stmt = $pdo->prepare("UPDATE users SET username = ?, email = ?, role = ? WHERE id = ?");
|
|
try {
|
|
$stmt->execute([$username, $email, $role, $id]);
|
|
$success = "User updated successfully!";
|
|
header("Location: users.php?msg=" . urlencode($success));
|
|
exit;
|
|
} catch (Exception $e) {
|
|
$error = "Error updating user: " . $e->getMessage();
|
|
}
|
|
}
|
|
} elseif (isset($_POST['delete_user'])) {
|
|
$id = (int)$_POST['user_id'];
|
|
if ($id != $_SESSION['user_id']) {
|
|
$pdo->prepare("DELETE FROM users WHERE id = ?")->execute([$id]);
|
|
$success = "User deleted!";
|
|
} else {
|
|
$error = "You cannot delete yourself!";
|
|
}
|
|
}
|
|
}
|
|
|
|
if (isset($_GET['msg'])) $success = $_GET['msg'];
|
|
|
|
$users = $pdo->query("SELECT id, username, email, role, created_at FROM users ORDER BY created_at DESC")->fetchAll();
|
|
|
|
ob_start();
|
|
require_once '../includes/header.php';
|
|
$header = ob_get_clean();
|
|
echo str_replace(['assets/', 'index.php', 'login.php', 'logout.php', 'admin/'], ['../assets/', '../index.php', '../login.php', '../logout.php', './'], $header);
|
|
?>
|
|
|
|
<div style="max-width: 1000px; margin: 40px auto; padding: 0 24px;">
|
|
<div style="display: grid; grid-template-columns: 1fr 350px; gap: 32px;">
|
|
|
|
<!-- User List -->
|
|
<div style="background: var(--bg-card); padding: 24px; border-radius: 16px; border: 1px solid var(--glass-border);">
|
|
<h3>System Users</h3>
|
|
<table style="width: 100%; border-collapse: collapse; margin-top: 20px;">
|
|
<thead>
|
|
<tr style="text-align: left; color: var(--text-muted); font-size: 0.85rem; border-bottom: 1px solid var(--glass-border);">
|
|
<th style="padding: 12px 8px;">Username</th>
|
|
<th style="padding: 12px 8px;">Role</th>
|
|
<th style="padding: 12px 8px;">Action</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<?php foreach ($users as $u): ?>
|
|
<tr style="border-bottom: 1px solid var(--glass-border);">
|
|
<td style="padding: 12px 8px;">
|
|
<div><?= htmlspecialchars($u['username']) ?></div>
|
|
<div style="font-size: 0.75rem; color: var(--text-muted);"><?= htmlspecialchars($u['email']) ?></div>
|
|
</td>
|
|
<td style="padding: 12px 8px;">
|
|
<span style="padding: 2px 8px; border-radius: 4px; font-size: 0.75rem; background: var(--glass);">
|
|
<?= strtoupper($u['role']) ?>
|
|
</span>
|
|
</td>
|
|
<td style="padding: 12px 8px;">
|
|
<div style="display: flex; gap: 12px;">
|
|
<a href="?edit=<?= $u['id'] ?>" style="color: var(--primary-color);"><i class="fas fa-edit"></i></a>
|
|
<form method="POST" style="display:inline;" onsubmit="return confirm('Delete user?')">
|
|
<input type="hidden" name="user_id" value="<?= $u['id'] ?>">
|
|
<button type="submit" name="delete_user" style="background:none; border:none; color:#ff4081; cursor:pointer; padding:0;">
|
|
<i class="fas fa-trash"></i>
|
|
</button>
|
|
</form>
|
|
</div>
|
|
</td>
|
|
</tr>
|
|
<?php endforeach; ?>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<!-- Form Section -->
|
|
<div style="background: var(--bg-card); padding: 24px; border-radius: 16px; border: 1px solid var(--glass-border); height: fit-content;">
|
|
<h3><?= $edit_user ? 'Edit User' : 'Add New User' ?></h3>
|
|
<?php if ($success): ?> <div style="color:#4caf50; font-size:0.9rem; margin:10px 0;"><?= $success ?></div> <?php endif; ?>
|
|
<?php if ($error): ?> <div style="color:#ff4081; font-size:0.9rem; margin:10px 0;"><?= $error ?></div> <?php endif; ?>
|
|
|
|
<form method="POST" style="margin-top: 20px;">
|
|
<?php if ($edit_user): ?>
|
|
<input type="hidden" name="update_user" value="1">
|
|
<input type="hidden" name="user_id" value="<?= $edit_user['id'] ?>">
|
|
<?php else: ?>
|
|
<input type="hidden" name="add_user" value="1">
|
|
<?php endif; ?>
|
|
|
|
<div class="form-group">
|
|
<label class="form-label">Username</label>
|
|
<input type="text" name="username" class="form-control" value="<?= $edit_user ? htmlspecialchars($edit_user['username']) : '' ?>" required>
|
|
</div>
|
|
<div class="form-group">
|
|
<label class="form-label">Email</label>
|
|
<input type="email" name="email" class="form-control" value="<?= $edit_user ? htmlspecialchars($edit_user['email']) : '' ?>" required>
|
|
</div>
|
|
|
|
<?php if (!$edit_user): ?>
|
|
<div class="form-group">
|
|
<label class="form-label">Password</label>
|
|
<input type="password" name="password" class="form-control" required>
|
|
</div>
|
|
<?php endif; ?>
|
|
|
|
<div class="form-group">
|
|
<label class="form-label">Role</label>
|
|
<select name="role" class="form-control">
|
|
<option value="user" <?= ($edit_user && $edit_user['role'] == 'user') ? 'selected' : '' ?>>User (Commenter)</option>
|
|
<option value="moderator" <?= ($edit_user && $edit_user['role'] == 'moderator') ? 'selected' : '' ?>>Moderator (Comments/Reports)</option>
|
|
<option value="editor" <?= ($edit_user && $edit_user['role'] == 'editor') ? 'selected' : '' ?>>Editor (Videos Only)</option>
|
|
<option value="admin" <?= ($edit_user && $edit_user['role'] == 'admin') ? 'selected' : '' ?>>Admin (Full Access)</option>
|
|
</select>
|
|
</div>
|
|
|
|
<button type="submit" class="btn btn-primary" style="width: 100%; margin-top: 10px;">
|
|
<?= $edit_user ? 'Update User' : 'Create User' ?>
|
|
</button>
|
|
|
|
<?php if ($edit_user): ?>
|
|
<a href="users.php" class="btn" style="width: 100%; margin-top: 10px; background: var(--glass); display: block; text-align: center; text-decoration: none; color: white;">Cancel</a>
|
|
<?php endif; ?>
|
|
</form>
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
|
|
<?php require_once '../includes/footer.php'; ?>
|