Sindbad~EG File Manager
<?php
require_once '../config/config.php';
require_once '../classes/Location.php';
require_admin();
$database = new Database();
$conn = $database->getConnection();
$user = new User($conn);
$location = new Location($conn);
$error = '';
$success = '';
$action = $_GET['action'] ?? 'list';
$id = intval($_GET['id'] ?? 0);
// Handle form submissions
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($_POST['form_action'] === 'create') {
$name = sanitize_input($_POST['name'] ?? '');
$email = sanitize_input($_POST['email'] ?? '');
$username = sanitize_input($_POST['username'] ?? '');
$telephone = sanitize_input($_POST['telephone'] ?? '');
$password = $_POST['password'] ?? '';
$address = sanitize_input($_POST['address'] ?? '');
$description = sanitize_input($_POST['description'] ?? '');
$account_type = sanitize_input($_POST['account_type'] ?? '');
$location_id = !empty($_POST['location_id']) ? intval($_POST['location_id']) : null;
if (empty($name) || empty($email) || empty($username) || empty($password)) {
$error = 'Please fill in all required fields';
} elseif (strlen($password) < 6) {
$error = 'Password must be at least 6 characters long';
} elseif ($user->emailExists($email)) {
$error = 'Email already exists';
} elseif ($user->usernameExists($username)) {
$error = 'Username already exists';
} else {
$user_data = [
'name' => $name,
'email' => $email,
'username' => $username,
'telephone' => $telephone,
'password' => $password,
'address' => $address,
'description' => $description,
'account_type' => $account_type,
'location_id' => $location_id
];
if ($user->create($user_data)) {
flash_message('User created successfully!', 'success');
redirect('users.php');
} else {
$error = 'Failed to create user';
}
}
} elseif ($_POST['form_action'] === 'update') {
$name = sanitize_input($_POST['name'] ?? '');
$email = sanitize_input($_POST['email'] ?? '');
$username = sanitize_input($_POST['username'] ?? '');
$telephone = sanitize_input($_POST['telephone'] ?? '');
$address = sanitize_input($_POST['address'] ?? '');
$description = sanitize_input($_POST['description'] ?? '');
$account_type = sanitize_input($_POST['account_type'] ?? '');
$location_id = !empty($_POST['location_id']) ? intval($_POST['location_id']) : null;
$status = sanitize_input($_POST['status'] ?? '');
if (empty($name) || empty($email) || empty($username)) {
$error = 'Please fill in all required fields';
} elseif ($user->emailExists($email, $id)) {
$error = 'Email already exists';
} elseif ($user->usernameExists($username, $id)) {
$error = 'Username already exists';
} else {
$update_data = [
'name' => $name,
'email' => $email,
'username' => $username,
'telephone' => $telephone,
'address' => $address,
'description' => $description,
'account_type' => $account_type,
'location_id' => $location_id,
'status' => $status
];
// Add password if provided
if (!empty($_POST['password'])) {
if (strlen($_POST['password']) < 6) {
$error = 'Password must be at least 6 characters long';
} else {
$update_data['password'] = $_POST['password'];
}
}
if (!$error && $user->update($id, $update_data)) {
flash_message('User updated successfully!', 'success');
redirect('users.php');
} else {
$error = $error ?: 'Failed to update user';
}
}
} elseif ($_POST['form_action'] === 'delete') {
if ($id === $_SESSION['user_id']) {
$error = 'You cannot delete your own account';
} else {
// Get user data to check if it's a superuser
$delete_user_data = $user->getById($id);
if ($delete_user_data && $delete_user_data['account_type'] === 'superuser' && $_SESSION['account_type'] !== 'superuser') {
flash_message('Access denied: Cannot delete superuser account', 'error');
} elseif ($user->delete($id)) {
flash_message('User deleted successfully!', 'success');
} else {
flash_message('Failed to delete user', 'error');
}
}
redirect('admin/users.php');
}
}
// Get locations for dropdowns
$locations = $location->getAll();
// Get user data for edit
$user_data = null;
if ($action === 'edit' && $id) {
$user_data = $user->getById($id);
if (!$user_data) {
flash_message('User not found', 'error');
redirect('admin/users.php');
}
// Prevent non-superusers from editing superuser accounts
if ($user_data['account_type'] === 'superuser' && $_SESSION['account_type'] !== 'superuser') {
flash_message('Access denied: Cannot edit superuser account', 'error');
redirect('admin/users.php');
}
}
// Get all users for list view with filters
$filters = [];
if (!empty($_GET['account_type'])) {
$filters['account_type'] = $_GET['account_type'];
}
if (!empty($_GET['status'])) {
$filters['status'] = $_GET['status'];
}
if (!empty($_GET['location_type'])) {
$filters['location_type'] = $_GET['location_type'];
}
if (!empty($_GET['search'])) {
$filters['search'] = $_GET['search'];
}
// Only superusers can see other superuser accounts
if ($_SESSION['account_type'] === 'superuser') {
$filters['show_superuser'] = true;
}
$users = $user->getAll($filters);
// Pagination variables (for compatibility with existing pagination code)
$page = max(1, intval($_GET['page'] ?? 1));
$limit = 20;
$total_users = count($users);
$total_pages = ceil($total_users / $limit);
// Apply pagination to results
$offset = ($page - 1) * $limit;
$users = array_slice($users, $offset, $limit);
$flash = get_flash_message();
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Manage Users - COP News Portal</title>
<link rel="stylesheet" href="../assets/css/style.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
</head>
<body>
<header class="header">
<nav class="navbar">
<a href="../dashboard.php" class="logo">
<i class="fas fa-church"></i>
COP News Portal
</a>
<ul class="nav-links">
<li><a href="../dashboard.php"><i class="fas fa-tachometer-alt"></i> Dashboard</a></li>
<li><a href="../news/index.php"><i class="fas fa-newspaper"></i> News</a></li>
<li><a href="index.php"><i class="fas fa-cog"></i> Admin</a></li>
<li><a href="../profile.php"><i class="fas fa-user"></i> Profile</a></li>
<li><a href="../logout.php"><i class="fas fa-sign-out-alt"></i> Logout</a></li>
</ul>
</nav>
</header>
<main class="container" style="margin-top: 2rem;">
<?php if ($flash): ?>
<div class="alert alert-<?php echo $flash['type']; ?>">
<i class="fas fa-info-circle"></i> <?php echo $flash['message']; ?>
</div>
<?php endif; ?>
<?php if ($error): ?>
<div class="alert alert-error">
<i class="fas fa-exclamation-circle"></i> <?php echo $error; ?>
</div>
<?php endif; ?>
<?php if ($action === 'list'): ?>
<!-- Users List -->
<div class="card">
<div class="card-header">
<div class="flex justify-between items-center">
<h1><i class="fas fa-users"></i> Manage Users</h1>
<a href="?action=create" class="btn btn-primary">
<i class="fas fa-user-plus"></i> Add User
</a>
</div>
</div>
<div class="card-body">
<?php if (empty($users)): ?>
<div class="text-center p-4">
<i class="fas fa-users" style="font-size: 4rem; color: var(--light-grey); margin-bottom: 1rem;"></i>
<h3>No users found</h3>
<p style="color: var(--primary-grey);">Start by creating your first user.</p>
<a href="?action=create" class="btn btn-primary mt-2">
<i class="fas fa-user-plus"></i> Create User
</a>
</div>
<?php else: ?>
<div class="table-responsive">
<table class="table">
<thead>
<tr>
<th>Name</th>
<th>Email</th>
<th>Username</th>
<th>Account Type</th>
<th>Location</th>
<th>Status</th>
<th>Created</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php foreach ($users as $u): ?>
<tr>
<td><strong><?php echo htmlspecialchars($u['name']); ?></strong></td>
<td><?php echo htmlspecialchars($u['email']); ?></td>
<td>@<?php echo htmlspecialchars($u['username']); ?></td>
<td>
<span class="badge badge-<?php echo $u['account_type']; ?>">
<?php echo ucfirst($u['account_type']); ?>
</span>
</td>
<td>
<?php echo ucfirst($u['location_type'] ?? ''); ?>:
<?php echo htmlspecialchars($u['location_name'] ?? ''); ?>
</td>
<td>
<span class="badge badge-<?php echo $u['status']; ?>">
<?php echo ucfirst($u['status']); ?>
</span>
</td>
<td><?php echo date('M j, Y', strtotime($u['created_at'])); ?></td>
<td>
<div class="flex gap-1">
<a href="?action=edit&id=<?php echo $u['id']; ?>"
class="btn btn-sm btn-secondary">
<i class="fas fa-edit"></i>
</a>
<?php if ($u['id'] !== $_SESSION['user_id']): ?>
<a href="?action=delete&id=<?php echo $u['id']; ?>"
class="btn btn-sm btn-danger"
onclick="return confirm('Are you sure you want to delete this user?')">
<i class="fas fa-trash"></i>
</a>
<?php endif; ?>
</div>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
<!-- Pagination -->
<?php if ($total_pages > 1): ?>
<div class="pagination-wrapper text-center mt-4">
<div class="pagination">
<?php if ($page > 1): ?>
<a href="?page=<?php echo $page - 1; ?>" class="btn btn-secondary btn-sm">
<i class="fas fa-chevron-left"></i> Previous
</a>
<?php endif; ?>
<span class="pagination-info">
Page <?php echo $page; ?> of <?php echo $total_pages; ?>
(<?php echo $total_users; ?> total users)
</span>
<?php if ($page < $total_pages): ?>
<a href="?page=<?php echo $page + 1; ?>" class="btn btn-secondary btn-sm">
Next <i class="fas fa-chevron-right"></i>
</a>
<?php endif; ?>
</div>
</div>
<?php endif; ?>
<?php endif; ?>
</div>
</div>
<?php elseif ($action === 'create'): ?>
<!-- Create User -->
<div class="card">
<div class="card-header">
<h1><i class="fas fa-user-plus"></i> Create User</h1>
</div>
<div class="card-body">
<form method="POST" action="">
<input type="hidden" name="form_action" value="create">
<div class="grid grid-2">
<div class="form-group">
<label for="name" class="form-label">Full Name *</label>
<input type="text" id="name" name="name" class="form-control"
value="<?php echo htmlspecialchars($_POST['name'] ?? ''); ?>" required>
</div>
<div class="form-group">
<label for="email" class="form-label">Email *</label>
<input type="email" id="email" name="email" class="form-control"
value="<?php echo htmlspecialchars($_POST['email'] ?? ''); ?>" required>
</div>
<div class="form-group">
<label for="username" class="form-label">Username *</label>
<input type="text" id="username" name="username" class="form-control"
value="<?php echo htmlspecialchars($_POST['username'] ?? ''); ?>" required>
</div>
<div class="form-group">
<label for="telephone" class="form-label">Telephone</label>
<input type="tel" id="telephone" name="telephone" class="form-control"
value="<?php echo htmlspecialchars($_POST['telephone'] ?? ''); ?>">
</div>
<div class="form-group">
<label for="password" class="form-label">Password *</label>
<input type="password" id="password" name="password" class="form-control" required>
<small style="color: var(--primary-grey);">Minimum 6 characters</small>
</div>
<div class="form-group">
<label for="account_type" class="form-label">Account Type</label>
<select id="account_type" name="account_type" class="form-control form-select">
<option value="user" <?php echo ($_POST['account_type'] ?? '') === 'user' ? 'selected' : ''; ?>>User</option>
<option value="editor" <?php echo ($_POST['account_type'] ?? '') === 'editor' ? 'selected' : ''; ?>>Editor</option>
<option value="admin" <?php echo ($_POST['account_type'] ?? '') === 'admin' ? 'selected' : ''; ?>>Admin</option>
<?php if ($_SESSION['account_type'] === 'superuser'): ?>
<option value="superuser" <?php echo ($_POST['account_type'] ?? '') === 'superuser' ? 'selected' : ''; ?>>Superuser</option>
<?php endif; ?>
</select>
</div>
<div class="form-group">
<label for="location_id" class="form-label">Location</label>
<select id="location_id" name="location_id" class="form-control form-select">
<option value="">Select Location</option>
<?php foreach ($locations as $loc): ?>
<option value="<?php echo $loc['id']; ?>"
<?php echo ($_POST['location_id'] ?? '') == $loc['id'] ? 'selected' : ''; ?>>
<?php echo htmlspecialchars($loc['name'] . ' (' . ucfirst($loc['type']) . ')'); ?>
</option>
<?php endforeach; ?>
</select>
</div>
</div>
<div class="form-group">
<label for="address" class="form-label">Address</label>
<textarea id="address" name="address" class="form-control" rows="3"><?php echo htmlspecialchars($_POST['address'] ?? ''); ?></textarea>
</div>
<div class="form-group">
<label for="description" class="form-label">Description</label>
<textarea id="description" name="description" class="form-control" rows="3"
placeholder="Brief description about the user..."><?php echo htmlspecialchars($_POST['description'] ?? ''); ?></textarea>
</div>
<div class="flex gap-2">
<button type="submit" class="btn btn-primary">
<i class="fas fa-save"></i> Create User
</button>
<a href="users.php" class="btn btn-secondary">
<i class="fas fa-times"></i> Cancel
</a>
</div>
</form>
</div>
</div>
<?php elseif ($action === 'edit' && $user_data): ?>
<!-- Edit User -->
<div class="card">
<div class="card-header">
<h1><i class="fas fa-user-edit"></i> Edit User</h1>
</div>
<div class="card-body">
<form method="POST" action="">
<input type="hidden" name="form_action" value="update">
<div class="grid grid-2">
<div class="form-group">
<label for="name" class="form-label">Full Name *</label>
<input type="text" id="name" name="name" class="form-control"
value="<?php echo htmlspecialchars($_POST['name'] ?? $user_data['name']); ?>" required>
</div>
<div class="form-group">
<label for="email" class="form-label">Email *</label>
<input type="email" id="email" name="email" class="form-control"
value="<?php echo htmlspecialchars($_POST['email'] ?? $user_data['email']); ?>" required>
</div>
<div class="form-group">
<label for="username" class="form-label">Username *</label>
<input type="text" id="username" name="username" class="form-control"
value="<?php echo htmlspecialchars($_POST['username'] ?? $user_data['username']); ?>" required>
</div>
<div class="form-group">
<label for="telephone" class="form-label">Telephone</label>
<input type="tel" id="telephone" name="telephone" class="form-control"
value="<?php echo htmlspecialchars($_POST['telephone'] ?? $user_data['telephone'] ?? ''); ?>">
</div>
<div class="form-group">
<label for="password" class="form-label">New Password</label>
<input type="password" id="password" name="password" class="form-control">
<small style="color: var(--primary-grey);">Leave blank to keep current password</small>
</div>
<div class="form-group">
<label for="account_type" class="form-label">Account Type</label>
<select id="account_type" name="account_type" class="form-control form-select">
<option value="user" <?php echo ($_POST['account_type'] ?? $user_data['account_type']) === 'user' ? 'selected' : ''; ?>>User</option>
<option value="editor" <?php echo ($_POST['account_type'] ?? $user_data['account_type']) === 'editor' ? 'selected' : ''; ?>>Editor</option>
<option value="admin" <?php echo ($_POST['account_type'] ?? $user_data['account_type']) === 'admin' ? 'selected' : ''; ?>>Admin</option>
<?php if ($_SESSION['account_type'] === 'superuser'): ?>
<option value="superuser" <?php echo ($_POST['account_type'] ?? $user_data['account_type']) === 'superuser' ? 'selected' : ''; ?>>Superuser</option>
<?php endif; ?>
</select>
</div>
<div class="form-group">
<label for="location_id" class="form-label">Location</label>
<select id="location_id" name="location_id" class="form-control form-select">
<option value="">Select Location</option>
<?php foreach ($locations as $loc): ?>
<option value="<?php echo $loc['id']; ?>"
<?php echo ($_POST['location_id'] ?? $user_data['location_id']) == $loc['id'] ? 'selected' : ''; ?>>
<?php echo htmlspecialchars($loc['name'] . ' (' . ucfirst($loc['type']) . ')'); ?>
</option>
<?php endforeach; ?>
</select>
</div>
<div class="form-group">
<label for="status" class="form-label">Status</label>
<select id="status" name="status" class="form-control form-select">
<option value="active" <?php echo ($_POST['status'] ?? $user_data['status']) === 'active' ? 'selected' : ''; ?>>Active</option>
<option value="inactive" <?php echo ($_POST['status'] ?? $user_data['status']) === 'inactive' ? 'selected' : ''; ?>>Inactive</option>
</select>
</div>
</div>
<div class="form-group">
<label for="address" class="form-label">Address</label>
<textarea id="address" name="address" class="form-control" rows="3"><?php echo htmlspecialchars($_POST['address'] ?? $user_data['address'] ?? ''); ?></textarea>
</div>
<div class="form-group">
<label for="description" class="form-label">Description</label>
<textarea id="description" name="description" class="form-control" rows="3"
placeholder="Brief description about the user..."><?php echo htmlspecialchars($_POST['description'] ?? $user_data['description'] ?? ''); ?></textarea>
</div>
<div class="flex gap-2">
<button type="submit" class="btn btn-primary">
<i class="fas fa-save"></i> Update User
</button>
<a href="users.php" class="btn btn-secondary">
<i class="fas fa-times"></i> Cancel
</a>
</div>
</form>
</div>
</div>
<?php elseif ($action === 'delete' && $id): ?>
<!-- Delete Confirmation -->
<?php
$delete_user = $user->getById($id);
if ($delete_user && $delete_user['id'] !== $_SESSION['user_id']):
?>
<div class="card">
<div class="card-header">
<h1><i class="fas fa-user-times"></i> Delete User</h1>
</div>
<div class="card-body">
<div class="alert alert-warning">
<i class="fas fa-exclamation-triangle"></i>
<strong>Warning:</strong> This action cannot be undone. Are you sure you want to delete this user?
</div>
<div class="user-preview" style="background: var(--light-grey); padding: 1.5rem; border-radius: 8px; margin: 1.5rem 0;">
<h3><?php echo htmlspecialchars($delete_user['name']); ?></h3>
<p><strong>Email:</strong> <?php echo htmlspecialchars($delete_user['email']); ?></p>
<p><strong>Username:</strong> @<?php echo htmlspecialchars($delete_user['username']); ?></p>
<p><strong>Account Type:</strong> <?php echo ucfirst($delete_user['account_type']); ?></p>
<p><strong>Location:</strong> <?php echo ucfirst($delete_user['location_type']); ?>: <?php echo htmlspecialchars($delete_user['location_name']); ?></p>
</div>
<form method="POST" action="">
<input type="hidden" name="form_action" value="delete">
<div class="flex gap-2">
<button type="submit" class="btn btn-danger">
<i class="fas fa-trash"></i> Yes, Delete User
</button>
<a href="users.php" class="btn btn-secondary">
<i class="fas fa-times"></i> Cancel
</a>
</div>
</form>
</div>
</div>
<?php endif; ?>
<?php endif; ?>
</main>
<style>
.badge-user {
background: var(--primary-blue);
color: white;
}
.badge-admin {
background: var(--warning);
color: white;
}
.badge-superuser {
background: var(--error);
color: white;
}
.badge-active {
background: var(--success);
color: white;
}
.badge-inactive {
background: var(--primary-grey);
color: white;
}
</style>
</body>
</html>
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists