Show sourcecode
The following files exists in this folder. Click to view.
public_html/exercises/quizproject/admin/
adduser.php
deleteuser.php
edituser.php
edituser.php
191 lines UTF-8 Windows (CRLF)
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Quizzer Admin | Edit User</title>
<link rel="stylesheet" href="../quiz_styles.css">
<link rel="shortcut icon" href="../icons/edit-user-icon.svg" type="image/x-icon">
</head>
<body>
<?php
session_start();
if (!isset($_SESSION['is_admin']) || $_SESSION['is_admin'] != 1) {
echo '<div class="page page-narrow"><div class="alert alert-error">Access denied.</div><div class="actions"><a class="btn" href="../index.php">Back to dashboard</a></div></div>';
exit;
}
include('../dbconnection.php');
if (!$dbconn) {
die("Connection failed: Can't connect to database.");
}
$message = null;
$messageClass = 'alert-warning';
$getid = null;
$getusername = null;
$getpassword = null;
$getadmin = null;
$getfullname = null;
if (
isset($_POST['username']) && isset($_POST['password']) &&
isset($_POST['user_id']) && !empty($_POST['username']) &&
!empty($_POST['password']) && !empty($_POST['user_id'])
) {
$user_id = $_POST['user_id'];
$username = $_POST['username'];
$password = $_POST['password'];
$is_admin = isset($_POST['is_admin']) ? 1 : 0;
$fullname = $_POST['fullname'];
try {
// Update password only if provided
if (!empty($new_password)) {
$passwordHash = password_hash($new_password, PASSWORD_DEFAULT);
$sql = "UPDATE users SET username=?, password=?, is_admin=?, fullname=? WHERE user_id=?";
$data = array($username, $passwordHash, $is_admin, $fullname, $user_id);
} else {
$sql = "UPDATE users SET username=?, is_admin=?, fullname=? WHERE user_id=?";
$data = array($username, $is_admin, $fullname, $user_id);
}
$stmt = $dbconn->prepare($sql);
$stmt->execute($data);
$messageClass = 'alert-success';
$message = "User updated successfully.";
$_GET['user_id'] = null;
} catch (PDOException $e) {
$messageClass = 'alert-error';
$message = $sql . "<br>" . htmlspecialchars($e->getMessage());
}
}
if (isset($_GET['user_id']) && !empty($_GET['user_id'])) {
$user_id = $_GET['user_id'];
try {
$sql = "SELECT * FROM users WHERE user_id=?";
$stmt = $dbconn->prepare($sql);
$data = array($user_id);
$stmt->execute($data);
$res = $stmt->fetch(PDO::FETCH_ASSOC);
if ($res) {
$getid = htmlentities($res['user_id']);
$getusername = htmlentities($res['username']);
$getpassword = htmlentities($res['password']);
$getadmin = $res['is_admin'];;
$getfullname = htmlentities($res['fullname']);
$messageClass = 'alert-success';
$message = "User loaded. You can edit the details below.";
} else {
$messageClass = 'alert-error';
$message = "User not found.";
}
} catch (PDOException $e) {
$messageClass = 'alert-error';
$message = $sql . "<br>" . htmlspecialchars($e->getMessage());
}
}
?>
<div class="page">
<div class="page-header">
<div>
<h1 class="page-title">Edit User</h1>
<p class="page-subtitle">Select a user from the list and update their details.</p>
</div>
<div class="actions">
<a class="btn btn-ghost" href="../index.php">← Back to dashboard</a>
</div>
</div>
<?php if ($message): ?>
<div class="alert <?= $messageClass; ?>"><?= $message; ?></div>
<?php endif; ?>
<div class="card">
<?php
// Visa table med alla users
$sql = "SELECT * FROM users";
$stmt = $dbconn->prepare($sql);
$data = array();
$stmt->execute($data);
$output = '<table class="table"><caption>Choose a user to edit</caption>';
$output .= '<thead><tr><th></th><th>ID</th><th>Username</th><th>Password</th><th>Full Name</th><th>Admin</tr></tr></thead><tbody>';
while ($res = $stmt->fetch(PDO::FETCH_ASSOC)) {
$idx = htmlentities($res['user_id']);
$user = htmlentities($res['username']);
$pass = htmlentities($res['password']);
$name = htmlentities($res['fullname']);
$admin = $res['is_admin'] == 1 ? 'Yes' : 'No';
$output .= "<tr>" .
"<td style='margin-right: -50px;'><a class='btn' href='?user_id=$idx'>Select</a></td>" .
"<td>$idx</td>" .
"<td>$user</td>" .
"<td>******</td>" .
"<td>$name</td>" .
"<td>$admin</td>" .
"</tr>";
}
$output .= "</tbody></table>";
echo $output;
$dbconn = null;
?>
<h2>Edit User Details</h2>
<form method="post" action="">
<table>
<tr>
<td>Username*:</td>
<td>
<input type="user" name="username" maxlength="40"
value="<?= $getusername; ?>" required>
</td>
</tr>
<tr>
<td>New Password:</td>
<td>
<input type="password" name="new_password" maxlength="32"
placeholder="Leave blank to keep current">
</td>
</tr>
<tr>
<td>Full name:</td>
<td>
<input type="text" name="fullname" maxlength="30"
value="<?= $getfullname; ?>">
</td>
</tr>
<tr>
<td>Admin:</td>
<?php
// Set till så att användare med ID 1 (default admin) inte kan ändra roll
$isDisabled = $getid == 1 ? 'disabled' : '';
$isAdmin = $getadmin == 1 ? 'checked' : '';
echo "<td><input type='checkbox' name='is_admin' $isAdmin $isDisabled></td>";
?>
</tr>
<tr>
<td class="meta">* = Required</td>
<td>
<input type="hidden" name="user_id" value="<?= $getid; ?>">
<button type="submit" class="btn btn-success">Submit</button>
</td>
</tr>
</table>
</form>
</div>
</div>
</body>
</html>