edit user as admin

kuldp18 · Apr 6, 2024 · 3c5e131 · 3c5e131
1 parent 3dd20e8
commit 3c5e131
Show file tree

Hide file tree

Showing 5 changed files with 242 additions and 23 deletions.
diff --git a/includes/admin_edit_user.inc.php b/includes/admin_edit_user.inc.php
@@ -0,0 +1,87 @@
+<?php
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $updated_name = $_POST['updated_name'];
+    $updated_email = $_POST['updated_email'];
+    $updated_username = $_POST['updated_username'];
+    $updated_role = $_POST['updated_role'];
+    $updated_status = $_POST['updated_status']; // active or inactive
+    $selected_user_id = $_POST['selected_user_id'];
+
+    try {
+        require_once "./db_handler.inc.php";
+        require_once "./config_session.inc.php";
+        require_once "../models/edit_profile.inc.php";
+        require_once "../models/register.inc.php";
+        require_once "../models/users.inc.php";
+        require_once "../controllers/edit_profile.inc.php";
+        require_once "../controllers/register.inc.php";
+
+        $current_user = get_current_user_details($pdo, $selected_user_id);
+
+        // Error handlers
+
+        $errors = [];
+
+
+
+        // Check for empty inputs
+        if (empty($updated_name) && empty($updated_email) && empty($updated_username)) {
+            // make sure to use local variables here
+            $errors["empty_input"] = "Please fill at least one field to update your profile";
+        } else {
+            // Check if at least one field is different from the old one
+            if (!is_email_new($updated_email, $current_user['email']) && !is_username_new($updated_username, $current_user['username']) && !is_name_new($updated_name, $current_user['full_name'])) {
+                $errors["no_changes"] = "No changes were made";
+            }
+
+            // Check if email is invalid
+            else if (is_email_invalid($updated_email) && !empty($updated_email)) {
+                $errors["invalid_email"] = "Please enter a valid email address";
+            }
+
+            // Check if username is taken
+            else if (is_username_taken($pdo, $updated_username) && !empty($updated_username)) {
+                $errors["username_taken"] = "Username is already taken";
+            }
+
+            // Check if email is already registered
+            else if (is_email_registered($pdo, $updated_email) && !empty($updated_email)) {
+                $errors["email_taken"] = "Email is already registered";
+            }
+        }
+
+        // the fields that are still empty should be filled with the old values
+        if (empty($updated_name)) {
+            $updated_name = $current_user['full_name'];
+        }
+        if (empty($updated_email)) {
+            $updated_email = $current_user['email'];
+        }
+        if (empty($updated_username)) {
+            $updated_username = $current_user['username'];
+        }
+
+
+
+        if ($errors) {
+            $_SESSION["errors_admin_edit_user"] = $errors;
+            header('Location: ../pages/admin_manage_users.php');
+            die();
+        }
+
+        // update user as admin
+        update_user_as_admin($pdo, $selected_user_id, $updated_name, $updated_email, $updated_username, $updated_role, $updated_status);
+        header('Location: ../pages/admin_manage_users.php?user_update=success');
+
+
+        $pdo = null;
+        $stmt = null;
+        die();
+    } catch (PDOException $e) {
+        die("Failed to update user as admin: " . $e->getMessage());
+    }
+} else {
+    header('Location: ../index.php');
+    die();
+}
diff --git a/models/users.inc.php b/models/users.inc.php
@@ -9,3 +9,20 @@ function get_all_users(object $pdo): array
     $stmt = $pdo->query($query);
     return $stmt->fetchAll(PDO::FETCH_ASSOC);
 }
+
+// return user by id
+function get_user_by_id(object $pdo, int $user_id): array
+{
+    $query = "SELECT * FROM users WHERE user_id = :user_id";
+    $stmt = $pdo->prepare($query);
+    $stmt->execute(['user_id' => $user_id]);
+    return $stmt->fetch(PDO::FETCH_ASSOC);
+}
+
+// update user as admin
+function update_user_as_admin(object $pdo, int $user_id, string $updated_name, string $updated_email, string $updated_username, string $updated_role, string $updated_status): void
+{
+    $query = "UPDATE users SET full_name = :updated_name, email = :updated_email, username = :updated_username, role = :updated_role, is_active = :updated_status WHERE user_id = :user_id";
+    $stmt = $pdo->prepare($query);
+    $stmt->execute(['updated_name' => $updated_name, 'updated_email' => $updated_email, 'updated_username' => $updated_username, 'updated_role' => $updated_role, 'updated_status' => $updated_status, 'user_id' => $user_id]);
+}
diff --git a/pages/admin_edit_user.php b/pages/admin_edit_user.php
@@ -0,0 +1,107 @@
+<?php
+require_once "../includes/db_handler.inc.php";
+require_once "../includes/config_session.inc.php";
+require_once "../models/users.inc.php";
+// require_once "../views/video_tags.inc.php";
+?>
+
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Admin Dashboard - User Management</title>
+    <!-- Bootstrap CSS -->
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.3/css/bootstrap.min.css" integrity="sha512-jnSuA4Ss2PkkikSOLtYs8BlYIeeIK1h99ty4YfvRPAlzr377vr3CXDb7sb7eEEBYjDtcYj+AjBH3FLv5uSJuXg==" crossorigin="anonymous" referrerpolicy="no-referrer" />
+
+    <link rel="stylesheet" href="../css/global.css">
+    <link rel="stylesheet" href="../css/navbar.css" />
+
+    <style>
+        .table {
+            border: 1px solid whitesmoke;
+            font-size: 1.2rem;
+        }
+
+        form {
+            font-size: 1.25rem;
+        }
+
+        label,
+        input.form-control,
+        select.form-select,
+        option {
+            font-size: inherit;
+        }
+    </style>
+</head>
+
+<body>
+
+    <?php include_once('../includes/components/navbar.inc.php') ?>
+    <?php
+    // check is user is not logged in or is not admin
+    if (!isset($_SESSION['user_id']) || !isset($_SESSION['user_role']) || $_SESSION['user_role'] !== 'admin') {
+        // if not, redirect to home page
+        header('Location: ../index.php');
+        exit();
+    }
+    $selected_user_id = $_GET['user_id'];
+    $selected_user = get_user_by_id($pdo, $selected_user_id);
+
+
+
+    ?>
+
+    <div class="container mt-3">
+        <h1 class="mb-4 heading">Admin - Manage Users</h1>
+
+        <!-- Update User Form (Hidden by default) -->
+        <div class="mb-4" id="updateUserForm">
+            <h2>Update User: <?php echo $selected_user_id; ?></h2>
+            <form method="POST" action="../includes/admin_edit_user.inc.php">
+                <div class="mb-3">
+                    <label for="updateName" class="form-label">Name</label>
+                    <input type="text" class="form-control" id="updateName" placeholder="<?php echo $selected_user['full_name'] ?>" name="updated_name">
+                </div>
+                <div class="mb-3">
+                    <label for="updateEmail" class="form-label">Email</label>
+                    <input type="email" class="form-control" id="updateEmail" placeholder="<?php echo $selected_user['email'] ?>" name="updated_email">
+                </div>
+                <div class="mb-3">
+                    <label for="updateUsername" class="form-label">Username</label>
+                    <input type="text" class="form-control" id="updateUsername" placeholder="<?php echo $selected_user['username'] ?>" name="updated_username">
+                </div>
+                <div class="mb-3">
+                    <label for="updateRole" class="form-label">Role</label>
+                    <select class="form-select" name="updated_role">
+                        <option value="admin" <?php echo $selected_user['role'] === 'admin' ? 'selected' : '' ?>>Admin</option>
+                        <option value="user" <?php echo $selected_user['role'] === 'user' ? 'selected' : '' ?>>User</option>
+                    </select>
+                </div>
+                <div class="mb-3">
+                    <label for="updateActive" class="form-label">Active</label>
+                    <select class="form-select" name="updated_status">
+                        <option value="Y" <?php echo $selected_user['is_active'] === 'Y' ? 'selected' : '' ?>>Yes</option>
+                        <option value="N" <?php echo $selected_user['is_active'] === 'N' ? 'selected' : '' ?>>No</option>
+                    </select>
+                </div>
+                <input type="hidden" name="selected_user_id" value="<?php echo $selected_user_id; ?>">
+                <button type="submit" class="btn btn-primary">Update</button>
+                <button type="button" class="btn btn-secondary" id="cancelUpdate">Cancel</button>
+            </form>
+        </div>
+
+
+
+    </div>
+
+    <!-- Bootstrap JS (optional, only if you need Bootstrap JavaScript features) -->
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js" integrity="sha512-v2CJ7UaYy4JwqLDIrZUI/4hqeoQieOmAZNXBeQyjo21dadnwR+8ZaIJVT8EE2iyI61OV8e6M8PP2/4hpQINQ/g==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
+
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.3/js/bootstrap.min.js" integrity="sha512-ykZ1QQr0Jy/4ZkvKuqWn4iF3lqPZyij9iRv6sGqLRdTPkY69YX6+7wvVGmsdBbiIfN/8OdsI7HABjvEok6ZopQ==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
+
+</body>
+
+</html>
diff --git a/pages/admin_manage_users.php b/pages/admin_manage_users.php
@@ -2,7 +2,7 @@
 require_once "../includes/db_handler.inc.php";
 require_once "../includes/config_session.inc.php";
 require_once "../models/users.inc.php";
-// require_once "../views/video_tags.inc.php";
+require_once "../views/admin_manage_users.php";
 ?>
 
 <!DOCTYPE html>
@@ -40,30 +40,14 @@
 
     $user_list = get_all_users($pdo);
 
+    check_and_print_admin_edit_user_errors();
+
 
     ?>
 
     <div class="container mt-3">
         <h1 class="mb-4 heading">Admin - Manage Users</h1>
 
-        <!-- Update User Form (Hidden by default) -->
-        <div class="mb-4 d-none" id="updateUserForm">
-            <h2>Update User</h2>
-            <form>
-                <div class="mb-3">
-                    <label for="updateName" class="form-label">Name</label>
-                    <input type="text" class="form-control" id="updateName" placeholder="Enter name">
-                </div>
-                <div class="mb-3">
-                    <label for="updateEmail" class="form-label">Email</label>
-                    <input type="email" class="form-control" id="updateEmail" placeholder="Enter email">
-                </div>
-                <button type="submit" class="btn btn-primary">Update</button>
-                <button type="button" class="btn btn-secondary" id="cancelUpdate">Cancel</button>
-            </form>
-        </div>
-
-
         <!-- Display Users Table -->
         <div class="mb-4">
             <h2>List of all users</h2>
@@ -105,14 +89,15 @@
                                 <td><?php echo $user['role'] !== null ? htmlspecialchars($user['role']) : 'null'; ?></td>
                                 <td><?php echo $user['is_active'] !== null ? htmlspecialchars($user['is_active']) : 'null'; ?></td>
                                 <td>
-                                    <button class="btn btn-primary btn-sm update-btn">Edit</button>
-                                    <button class="btn btn-danger btn-sm delete-btn">Delete</button>
-                                    <button class="btn btn-success btn-sm more-btn">More</button>
+                                    <a href="<?php
+                                                echo "./admin_edit_user.php?user_id=" . $user['user_id'];
+                                                ?>" class="btn btn-primary btn-sm update-btn">Edit</a>
+                                    <a href="#" class="btn btn-danger btn-sm delete-btn">Delete</a>
+                                    <a href="#" class="btn btn-success btn-sm more-btn">More</a>
                                 </td>
                             </tr>
                         <?php endforeach; ?>
                     <?php endif; ?>
-
                 </tbody>
             </table>
         </div>
@@ -138,6 +123,8 @@
             });
         });
     </script>
+
+    <script src="../js/close_modal.js"></script>
 </body>
 
 </html>
diff --git a/views/admin_manage_users.php b/views/admin_manage_users.php
@@ -0,0 +1,21 @@
+<?php
+
+declare(strict_types=1);
+
+// check and print admin edit user errors
+function check_and_print_admin_edit_user_errors()
+{
+    if (isset($_SESSION["errors_admin_edit_user"])) {
+        $errors = $_SESSION["errors_admin_edit_user"];
+        if (count($errors) > 0) {
+            echo "<section class='modal modal--error'>";
+            echo "<h1 class='modal__title'>Errors while updating user: </h1>";
+            echo "<span class='modal__close modal__close--error'>X</span>";
+            foreach ($errors as $error) {
+                echo "<p class='modal__item'>$error</p>";
+            }
+            echo "</section>";
+            unset($_SESSION["errors_admin_edit_user"]);
+        }
+    }
+}