Show sourcecode
The following files exists in this folder. Click to view.
public_html/exercises/quizproject/admin/
adduser.php
deleteuser.php
edituser.php
deleteuser.php
102 lines UTF-8 Windows (CRLF)
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Quizzer | Delete User</title>
<link rel="stylesheet" href="../quiz_styles.css">
<link rel="shortcut icon" href="../icons/remove-user-icon.svg" type="image/x-icon">
</head>
<body>
<?php
session_start();
if (!isset($_SESSION['is_admin']) || $_SESSION['is_admin'] != 1) {
echo '<div class="page page-narrow"><div class="alert alert-error">Access denied.</div><div class="actions"><a class="btn" href="../index.php">Back to dashboard</a></div></div>';
exit;
}
include('../dbconnection.php');
if (!$dbconn) {
die("Connection failed: Can't connect to database.");
}
$message = null;
// Sätt typ av meddelande
$messageClass = 'alert-warning';
$user_id = null;
if (isset($_POST['user_id']) && !empty($_POST['user_id'])) {
$user_id = $_POST['user_id'];
try {
$sql = "DELETE FROM users WHERE user_id=?";
$stmt = $dbconn->prepare($sql);
$data = array($user_id);
$stmt->execute($data);
$messageClass = 'alert-success';
$message = "User deleted successfully.";
} catch (PDOException $e) {
$messageClass = 'alert-error';
$message = $sql . "<br>" . htmlspecialchars($e->getMessage());
}
}
?>
<div class="page">
<div class="page-header">
<div>
<h1 class="page-title">Delete User</h1>
<p class="page-subtitle">Remove a user account from the system.</p>
<p class="alert alert-warning">CAUTION: All quizzes created by user will also be deleted.<br>This action cannot be undone.</p>
</div>
<div class="actions">
<a class="btn btn-ghost" href="../index.php">← Back to dashboard</a>
</div>
</div>
<?php if ($message): ?>
<div class="alert <?= $messageClass; ?>"><?= $message; ?></div>
<?php endif; ?>
<?php
// Output table with all users
$sql = "SELECT * FROM users";
$stmt = $dbconn->prepare($sql);
$data = array();
$stmt->execute($data);
$output = "<table class='table'><caption>Users:</caption>";
$output .= "<thead><tr><th>ID</th><th>Username</th><th>Admin</th><th></th></tr></thead><tbody>";
while ($res = $stmt->fetch(PDO::FETCH_ASSOC)) {
$idx = htmlentities($res['user_id']);
$username = htmlentities($res['username']);
$is_admin = $res['is_admin'] == 1 ? 'Yes' : 'No';
$output .= "<tr>" .
"<td>$idx</td>" .
"<td>$username</td>" .
"<td>$is_admin</td>" .
"<td><form method='post' action='' class='actions'>" .
"<input type='hidden' name='user_id' value='$idx'>";
// Se till så att admin (ID 1) inte kan tas bort
// Då skulle inga användare finnas och webbsidan är 4 ever låst...
if ($idx == 1) {
$output .=
"<button type='submit' disabled class='btn btn-danger'>Delete</button></form></td>" .
"</tr>";
} else {
$output .=
"<button type='submit' class='btn btn-danger'>Delete</button></form></td>" .
"</tr>";
}
}
$output .= "</tbody></table>";
echo $output;
$dbconn = null;
?>
</div>
</body>
</html>