soft-delete user as admin

kuldp18 · Apr 6, 2024 · 788c361 · 788c361
1 parent 2be009e
commit 788c361
Show file tree

Hide file tree

Showing 5 changed files with 179 additions and 15 deletions.
diff --git a/includes/admin_delete_user.inc.php b/includes/admin_delete_user.inc.php
@@ -0,0 +1,48 @@
+<?php
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $selected_user_id = $_POST['user_id'];
+
+    try {
+        require_once "./db_handler.inc.php";
+        require_once "./config_session.inc.php";
+        // require_once "../models/edit_profile.inc.php";
+        // require_once "../models/register.inc.php";
+        require_once "../models/users.inc.php";
+        // require_once "../controllers/edit_profile.inc.php";
+        // require_once "../controllers/register.inc.php";
+
+
+        // Error handlers
+
+        $errors = [];
+
+
+
+        // Check for empty inputs
+        if (!empty($selected_user_id) && !does_user_exist($pdo, $selected_user_id)) {
+            $errors['user_id'] = 'User does not exist';
+        }
+
+
+
+
+        if ($errors) {
+            $_SESSION["errors_admin_delete_user"] = $errors;
+            header('Location: ../pages/admin_manage_users.php');
+            die();
+        }
+
+        // delete user as admin (soft delete)
+        delete_user_as_admin($pdo, $selected_user_id);
+        header('Location: ../pages/admin_manage_users.php?user_delete=success');
+        $pdo = null;
+        $stmt = null;
+        die();
+    } catch (PDOException $e) {
+        die("Failed to delete user as admin: " . $e->getMessage());
+    }
+} else {
+    header('Location: ../index.php');
+    die();
+}
diff --git a/models/users.inc.php b/models/users.inc.php
@@ -26,3 +26,21 @@ function update_user_as_admin(object $pdo, int $user_id, string $updated_name, s
     $stmt = $pdo->prepare($query);
     $stmt->execute(['updated_name' => $updated_name, 'updated_email' => $updated_email, 'updated_username' => $updated_username, 'updated_role' => $updated_role, 'updated_status' => $updated_status, 'user_id' => $user_id]);
 }
+
+// delete user as admin
+function delete_user_as_admin(object $pdo, int $user_id): void
+{
+    // just set is_active to N
+    $query = "UPDATE users SET is_active = 'N', deleted_at = CURRENT_TIMESTAMP WHERE user_id = :user_id";
+    $stmt = $pdo->prepare($query);
+    $stmt->execute(['user_id' => $user_id]);
+}
+
+// does user exist or not by id
+function does_user_exist(object $pdo, int $user_id): bool
+{
+    $query = "SELECT user_id FROM users WHERE user_id = :user_id";
+    $stmt = $pdo->prepare($query);
+    $stmt->execute(['user_id' => $user_id]);
+    return $stmt->fetch(PDO::FETCH_ASSOC) ? true : false;
+}
diff --git a/pages/admin_delete_user.php b/pages/admin_delete_user.php
@@ -0,0 +1,84 @@
+<?php
+require_once "../includes/db_handler.inc.php";
+require_once "../includes/config_session.inc.php";
+require_once "../models/users.inc.php";
+// require_once "../views/video_tags.inc.php";
+?>
+
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Admin Dashboard - User Management</title>
+    <!-- Bootstrap CSS -->
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.3/css/bootstrap.min.css" integrity="sha512-jnSuA4Ss2PkkikSOLtYs8BlYIeeIK1h99ty4YfvRPAlzr377vr3CXDb7sb7eEEBYjDtcYj+AjBH3FLv5uSJuXg==" crossorigin="anonymous" referrerpolicy="no-referrer" />
+
+    <link rel="stylesheet" href="../css/global.css">
+    <link rel="stylesheet" href="../css/navbar.css" />
+
+    <style>
+        .table {
+            border: 1px solid whitesmoke;
+            font-size: 1.2rem;
+        }
+
+        form {
+            font-size: 1.25rem;
+        }
+
+        label,
+        input.form-control,
+        select.form-select,
+        option {
+            font-size: inherit;
+        }
+    </style>
+</head>
+
+<body>
+
+    <?php include_once('../includes/components/navbar.inc.php') ?>
+    <?php
+    // check is user is not logged in or is not admin
+    if (!isset($_SESSION['user_id']) || !isset($_SESSION['user_role']) || $_SESSION['user_role'] !== 'admin') {
+        // if not, redirect to home page
+        header('Location: ../index.php');
+        exit();
+    }
+    $selected_user_id = $_GET['user_id'];
+    $selected_user = get_user_by_id($pdo, $selected_user_id);
+
+
+
+    ?>
+
+    <div class="container mt-3">
+        <h1 class="mb-4 heading">Admin - Manage Users</h1>
+
+        <div class="mb-4">
+            <h2>Delete user_id: <?php echo $selected_user_id; ?></h2>
+            <h1><?php echo 'Are you sure you want to delete ' . $selected_user['username'] . '?' ?>
+            </h1>
+            <!-- create a form with yes and no -->
+            <form action="../includes/admin_delete_user.inc.php" method="POST">
+                <input type="hidden" name="user_id" value="<?php echo $selected_user_id; ?>">
+                <button type="submit" name="delete_user" class="btn btn-lg btn-danger">Yes</button>
+                <a href="./admin_manage_users.php" class="btn btn-lg btn-primary">No</a>
+            </form>
+
+        </div>
+
+
+
+    </div>
+
+    <!-- Bootstrap JS (optional, only if you need Bootstrap JavaScript features) -->
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js" integrity="sha512-v2CJ7UaYy4JwqLDIrZUI/4hqeoQieOmAZNXBeQyjo21dadnwR+8ZaIJVT8EE2iyI61OV8e6M8PP2/4hpQINQ/g==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
+
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.3/js/bootstrap.min.js" integrity="sha512-ykZ1QQr0Jy/4ZkvKuqWn4iF3lqPZyij9iRv6sGqLRdTPkY69YX6+7wvVGmsdBbiIfN/8OdsI7HABjvEok6ZopQ==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
+
+</body>
+
+</html>
diff --git a/pages/admin_manage_users.php b/pages/admin_manage_users.php
@@ -41,6 +41,7 @@
     $user_list = get_all_users($pdo);
 
     check_and_print_admin_edit_user_errors();
+    check_and_print_admin_delete_user_errors();
 
     if (isset($_GET["user_update"]) && $_GET["user_update"] === "success") {
         echo <<<HTML
@@ -51,6 +52,15 @@
         HTML;
     }
 
+    if (isset($_GET["user_delete"]) && $_GET["user_delete"] === "success") {
+        echo <<<HTML
+          <section class="modal modal--success">
+            <h1 class="modal__title">User soft-deleted successfully!</h1>
+            <span class="modal__close modal__close--success">X</span>
+          </section>
+        HTML;
+    }
+
 
     ?>
 
@@ -101,7 +111,7 @@
                                     <a href="<?php
                                                 echo "./admin_edit_user.php?user_id=" . $user['user_id'];
                                                 ?>" class="btn btn-primary btn-sm update-btn">Edit</a>
-                                    <a href="#" class="btn btn-danger btn-sm delete-btn">Delete</a>
+                                    <a href="<?php echo "./admin_delete_user.php?user_id=" . $user["user_id"]; ?>" class="btn btn-danger btn-sm delete-btn">Delete</a>
                                     <a href="#" class="btn btn-success btn-sm more-btn">More</a>
                                 </td>
                             </tr>
@@ -119,20 +129,6 @@
 
     <script src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.3/js/bootstrap.min.js" integrity="sha512-ykZ1QQr0Jy/4ZkvKuqWn4iF3lqPZyij9iRv6sGqLRdTPkY69YX6+7wvVGmsdBbiIfN/8OdsI7HABjvEok6ZopQ==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
 
-    <script>
-        // JavaScript for toggling update user form
-        $(document).ready(function() {
-            // Show update user form on edit button click
-            $('.btn-primary').click(function() {
-                $('#updateUserForm').removeClass('d-none');
-            });
-            // Hide update user form on cancel button click
-            $('#cancelUpdate').click(function() {
-                $('#updateUserForm').addClass('d-none');
-            });
-        });
-    </script>
-
     <script src="../js/close_modal.js"></script>
 </body>
 

diff --git a/views/admin_manage_users.php b/views/admin_manage_users.php
@@ -19,3 +19,21 @@ function check_and_print_admin_edit_user_errors()
         }
     }
 }
+
+// check and print admin delete user errors
+function check_and_print_admin_delete_user_errors()
+{
+    if (isset($_SESSION["errors_admin_delete_user"])) {
+        $errors = $_SESSION["errors_admin_delete_user"];
+        if (count($errors) > 0) {
+            echo "<section class='modal modal--error'>";
+            echo "<h1 class='modal__title'>Errors while deleting user: </h1>";
+            echo "<span class='modal__close modal__close--error'>X</span>";
+            foreach ($errors as $error) {
+                echo "<p class='modal__item'>$error</p>";
+            }
+            echo "</section>";
+            unset($_SESSION["errors_admin_delete_user"]);
+        }
+    }
+}