Show sourcecode
The following files exists in this folder. Click to view.
public_html/crumbs/admin/users/
adduser.php
deleteuser.php
edituser.php
edituser.php
229 lines UTF-8 Windows (CRLF)
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229
<?php
$basePath = '../../';
$pageTitle = 'Redigera Användare';
$activePage = 'edituser';
session_start();
if (!isset($_SESSION['is_admin']) || $_SESSION['is_admin'] != 1) {
header('Location: ../../login.php');
die();
}
include('../../dbconnection.php');
if (!$dbconn) {
die("Connection failed: Can't connect to database.");
}
$message = null;
$messageClass = 'alert-warning';
$getid = null;
$getusername = null;
$getadmin = null;
$getfullname = null;
$getemail = null;
$getphone = null;
if (
isset($_POST['username']) &&
isset($_POST['user_id']) && !empty($_POST['username']) &&
!empty($_POST['user_id'])
) {
$user_id = (int)$_POST['user_id'];
$username = trim($_POST['username']);
$email = trim($_POST['email'] ?? '');
$phone = trim($_POST['phone'] ?? '');
$new_password = $_POST['new_password'] ?? '';
$fullname = trim($_POST['fullname'] ?? '');
$is_admin = isset($_POST['is_admin']) ? 1 : 0;
// Admin-kontot (ID 1) kan inte förlora adminrättigheter, även om formuläret manipuleras
if ($user_id === 1) {
$is_admin = 1;
}
// Validera indata innan vi fortsätter
$errors = [];
if (!empty($new_password) && strlen($new_password) < 4) {
$errors[] = "Lösenordet måste vara minst 4 tecken.";
}
if (!empty($email) && !filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors[] = "Ogiltig e-postadress.";
}
if (empty($errors)) {
try {
// Kontrollera om användarnamnet används av en annan användare
$checkStmt = $dbconn->prepare("SELECT user_id FROM users WHERE username = ? AND user_id != ?");
$checkStmt->execute([$username, $user_id]);
if ($checkStmt->fetch()) {
$errors[] = "Användarnamnet används redan av en annan användare.";
} else {
if (!empty($new_password)) {
$passwordHash = password_hash($new_password, PASSWORD_DEFAULT);
$sql = "UPDATE users SET username=?, email=?, phone=?, password=?, is_admin=?, fullname=? WHERE user_id=?";
$data = [$username, $email, $phone, $passwordHash, $is_admin, $fullname, $user_id];
} else {
$sql = "UPDATE users SET username=?, email=?, phone=?, is_admin=?, fullname=? WHERE user_id=?";
$data = [$username, $email, $phone, $is_admin, $fullname, $user_id];
}
$stmt = $dbconn->prepare($sql);
$stmt->execute($data);
$messageClass = 'alert-success';
$message = "Användare uppdaterad.";
$_GET['user_id'] = null;
}
} catch (PDOException $e) {
// Logga det riktiga felet men visa ett generiskt meddelande för användaren
error_log("edituser error: " . $e->getMessage());
$messageClass = 'alert-error';
$message = "Ett databasfel uppstod. Försök igen senare.";
}
}
if (!empty($errors)) {
$messageClass = 'alert-error';
$message = implode(' ', $errors);
}
}
if (isset($_GET['user_id']) && !empty($_GET['user_id'])) {
$user_id = $_GET['user_id'];
try {
$sql = "SELECT user_id, username, fullname, email, phone, is_admin FROM users WHERE user_id=?";
$stmt = $dbconn->prepare($sql);
$stmt->execute(array($user_id));
$res = $stmt->fetch(PDO::FETCH_ASSOC);
if ($res) {
$getid = htmlentities($res['user_id']);
$getusername = htmlentities($res['username']);
$getemail = htmlentities($res['email']);
$getphone = htmlentities($res['phone']);
$getadmin = $res['is_admin'];
$getfullname = htmlentities($res['fullname']);
$messageClass = 'alert-success';
$message = "Användare laddad. Redigera fälten nedan.";
} else {
$messageClass = 'alert-error';
$message = "Användaren hittades inte.";
}
} catch (PDOException $e) {
// SÄKERHET: Visa inte detaljerade databasfel (kan avslöja intern information)
error_log("edituser GET error: " . $e->getMessage());
$messageClass = 'alert-error';
$message = "Ett databasfel uppstod. Försök igen senare.";
}
}
include('../../includes/header.php');
?>
<div class="page-header">
<div class="page-header-text">
<h1>Redigera Användare</h1>
<p>Välj en användare att redigera.</p>
</div>
</div>
<?php if ($message): ?>
<div class="alert <?= $messageClass ?>"><?= $message ?></div>
<?php endif; ?>
<div class="card">
<h2><span class="material-symbols-rounded" style="font-size:20px; vertical-align:middle; margin-right:6px">group</span>Användare</h2>
<?php
$sql = "SELECT user_id, username, fullname, email, is_admin FROM users";
$stmt = $dbconn->prepare($sql);
$stmt->execute();
$output = '<table class="table"><thead><tr><th></th><th>ID</th><th>Användarnamn</th><th>Namn</th><th>E-Post</th><th>Lösenord</th><th>Admin</th></tr></thead><tbody>';
while ($res = $stmt->fetch(PDO::FETCH_ASSOC)) {
$idx = htmlentities($res['user_id']);
$user = htmlentities($res['username']);
$name = htmlentities($res['fullname']);
$email = htmlentities($res['email']);
$admin = $res['is_admin'] == 1 ? 'Ja' : 'Nej';
$output .= "<tr>" .
"<td><a class='btn btn-sm' href='?user_id=$idx'><span class='material-symbols-rounded' style='font-size:16px'>edit</span> Välj</a></td>" .
"<td>$idx</td>" .
"<td>$user</td>" .
"<td>$name</td>" .
"<td>$email</td>" .
"<td>******</td>" .
"<td>$admin</td>" .
"</tr>";
}
$output .= "</tbody></table>";
echo $output;
?>
</div>
<div class="card">
<h2><span class="material-symbols-rounded" style="font-size:20px; vertical-align:middle; margin-right:6px">edit</span>Redigera</h2>
<form method="post" action="">
<table>
<tr>
<td>Användarnamn *</td>
<td class="input-wrapper">
<input type="text" name="username" maxlength="32" value="<?= $getusername ?>" required placeholder="Användarnamn">
<span class="char-count">32</span>
</td>
</tr>
<tr>
<td>Namn</td>
<td class="input-wrapper">
<input type="text" name="fullname" maxlength="64" value="<?= $getfullname ?>" required placeholder="Förnamn Efternamn">
<span class="char-count">64</span>
</td>
</tr>
<tr>
<td>E-Post *</td>
<td class="input-wrapper">
<input type="email" name="email" maxlength="64" value="<?= $getemail ?>" required placeholder="E-Post">
<span class="char-count">64</span>
</td>
</tr>
<tr>
<td>Telefon</td>
<td class="input-wrapper">
<input type="tel" name="phone" maxlength="20" value="<?= $getphone ?>" placeholder="+46 70 123 45 78">
<span class="char-count">20</span>
</td>
</tr>
<tr>
<td>Nytt lösenord</td>
<td class="input-wrapper">
<input type="password" name="new_password" maxlength="32" placeholder="Lämna tomt för att behålla">
<span class="char-count">32</span>
</td>
</tr>
<tr>
<td>Admin</td>
<?php
$isDisabled = $getid == 1 ? 'disabled' : '';
$isAdminChecked = $getadmin == 1 ? 'checked' : '';
echo "<td><input type='checkbox' name='is_admin' $isAdminChecked $isDisabled></td>";
?>
</tr>
<tr>
<td class="meta">* = Obligatoriskt</td>
<td>
<input type="hidden" name="user_id" value="<?= $getid ?>">
<button type="submit" class="btn btn-success">
<span class="material-symbols-rounded">save</span>
Spara
</button>
</td>
</tr>
</table>
</form>
</div>
<?php
$dbconn = null;
include('../../includes/footer.php');
?>