185 lines
7.1 KiB
PHP
185 lines
7.1 KiB
PHP
<?php
|
|
session_start();
|
|
// Check if user is logged in and is admin
|
|
// if (!isset($_SESSION['type']) || $_SESSION['type'] !== 'admin') {
|
|
// header("Location: login.php");
|
|
// exit();
|
|
// }
|
|
|
|
// Database connection
|
|
$conn = new mysqli($GLOBALS['host'], $GLOBALS['user'], $GLOBALS['pass'], $GLOBALS['db']);
|
|
$conn->set_charset("utf8");
|
|
if ($conn->connect_error) {
|
|
die("Connection failed: " . $conn->connect_error);
|
|
}
|
|
|
|
// Get user details
|
|
$user = [];
|
|
if (isset($_GET['id'])) {
|
|
$user_id = $conn->real_escape_string($_GET['id']);
|
|
$sql = "SELECT * FROM `".$GLOBALS['arif_users']."` WHERE id = ?";
|
|
$stmt = $conn->prepare($sql);
|
|
$stmt->bind_param("i", $user_id);
|
|
$stmt->execute();
|
|
$result = $stmt->get_result();
|
|
$user = $result->fetch_assoc();
|
|
$stmt->close();
|
|
|
|
if (!$user) {
|
|
die("User not found");
|
|
}
|
|
}
|
|
|
|
// Handle form submission
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$id = $_POST['id'];
|
|
$user_name = $_POST['user_name'];
|
|
$user_phone = $_POST['user_phone'];
|
|
$type = $_POST['type'];
|
|
$user_id = $_POST['user_id'];
|
|
|
|
// Validate inputs
|
|
if (empty($user_name) || empty($user_phone) || empty($user_id)) {
|
|
$error = "All fields are required except password";
|
|
} elseif (!preg_match("/^[0-9]{10}$/", $user_phone)) {
|
|
$error = "Invalid phone number format";
|
|
} else {
|
|
// Update query
|
|
if (!empty($_POST['password'])) {
|
|
// Update with password
|
|
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
|
|
$sql = "UPDATE `".$GLOBALS['arif_users']."` SET
|
|
user_id = ?,
|
|
user_name = ?,
|
|
user_phone = ?,
|
|
type = ?,
|
|
password = ?
|
|
WHERE id = ?";
|
|
$stmt = $conn->prepare($sql);
|
|
$stmt->bind_param("sssssi", $user_id, $user_name, $user_phone, $type, $password, $id);
|
|
} else {
|
|
// Update without password
|
|
$sql = "UPDATE `".$GLOBALS['arif_users']."` SET
|
|
user_id = ?,
|
|
user_name = ?,
|
|
user_phone = ?,
|
|
type = ?
|
|
WHERE id = ?";
|
|
$stmt = $conn->prepare($sql);
|
|
$stmt->bind_param("ssssi", $user_id, $user_name, $user_phone, $type, $id);
|
|
}
|
|
|
|
if ($stmt->execute()) {
|
|
$success = "User updated successfully!";
|
|
// Refresh user data
|
|
$sql = "SELECT * FROM `".$GLOBALS['arif_users']."` WHERE id = ?";
|
|
$stmt = $conn->prepare($sql);
|
|
$stmt->bind_param("i", $id);
|
|
$stmt->execute();
|
|
$result = $stmt->get_result();
|
|
$user = $result->fetch_assoc();
|
|
$stmt->close();
|
|
} else {
|
|
$error = "Error updating user: " . $conn->error;
|
|
}
|
|
}
|
|
}
|
|
?>
|
|
<div>
|
|
<div class="container">
|
|
<h3>Edit User</h3>
|
|
<hr>
|
|
|
|
<?php if (isset($error)): ?>
|
|
<div class="alert alert-danger"><?php echo htmlspecialchars($error); ?></div>
|
|
<?php endif; ?>
|
|
|
|
<?php if (isset($success)): ?>
|
|
<div class="alert alert-success"><?php echo htmlspecialchars($success); ?></div>
|
|
<?php endif; ?>
|
|
|
|
<?php if (!empty($user)): ?>
|
|
<form method="post">
|
|
<input type="hidden" name="id" value="<?php echo htmlspecialchars($user['id']); ?>">
|
|
|
|
<div class="row">
|
|
<div class="col-md-6">
|
|
<div class="form-group mb-3">
|
|
<label for="user_id" class="form-label">User ID</label>
|
|
<input type="text" class="form-control" id="user_id" name="user_id"
|
|
value="<?php echo htmlspecialchars($user['user_id']); ?>" required>
|
|
</div>
|
|
|
|
<div class="form-group mb-3">
|
|
<label for="user_name" class="form-label">Full Name</label>
|
|
<input type="text" class="form-control" id="user_name" name="user_name"
|
|
value="<?php echo htmlspecialchars($user['user_name']); ?>" required>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="col-md-6">
|
|
<div class="form-group mb-3">
|
|
<label for="user_phone" class="form-label">Phone Number</label>
|
|
<input type="tel" class="form-control" id="user_phone" name="user_phone"
|
|
value="<?php echo htmlspecialchars($user['user_phone']); ?>" required>
|
|
</div>
|
|
|
|
<div class="form-group mb-3">
|
|
<label for="type" class="form-label">User Type</label>
|
|
<select class="form-control" id="type" name="type" required>
|
|
<option value="agent" <?php echo $user['type'] === 'agent' ? 'selected' : ''; ?>>Agent</option>
|
|
<option value="admin" <?php echo $user['type'] === 'admin' ? 'selected' : ''; ?>>Admin</option>
|
|
<option value="supervisor" <?php echo $user['type'] === 'supervisor' ? 'selected' : ''; ?>>Supervisor</option>
|
|
</select>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="row">
|
|
<div class="col-md-12">
|
|
<div class="form-group mb-3">
|
|
<label for="password" class="form-label">New Password (leave blank to keep current)</label>
|
|
<input type="password" class="form-control" id="password" name="password">
|
|
<small class="text-muted">Password must be at least 8 characters long</small>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="row">
|
|
<div class="col-md-12">
|
|
<button type="submit" class="btn btn-primary">Update User</button>
|
|
<a href="/Admin/Settings_Agent" class="btn ">Cancel</a>
|
|
</div>
|
|
</div>
|
|
</form>
|
|
<?php else: ?>
|
|
<div class="alert alert-danger">User not found</div>
|
|
<?php endif; ?>
|
|
</div>
|
|
</div>
|
|
<script>
|
|
// Simple password strength check
|
|
document.getElementById('password').addEventListener('input', function(e) {
|
|
if (this.value.length > 0 && this.value.length < 8) {
|
|
this.setCustomValidity("Password must be at least 8 characters");
|
|
} else {
|
|
this.setCustomValidity("");
|
|
}
|
|
});
|
|
</script>
|
|
<style>
|
|
.badge-primary {
|
|
background-color: #007bff;
|
|
}
|
|
.badge-secondary {
|
|
background-color: #6c757d;
|
|
}
|
|
.badge-warning {
|
|
background-color: #ffc107;
|
|
}
|
|
.container {
|
|
max-width: 800px;
|
|
margin-top: 30px;
|
|
}
|
|
</style>
|
|
<?php $conn->close(); ?>
|