|
|
@@ -0,0 +1,308 @@
|
|
|
+<?php
|
|
|
+require_once '../includes/config.php';
|
|
|
+require_once '../includes/database.php';
|
|
|
+require_once '../includes/auth.php';
|
|
|
+require_once '../includes/translation.php';
|
|
|
+
|
|
|
+// Start session for language preference
|
|
|
+session_start();
|
|
|
+
|
|
|
+// Initialize translation system
|
|
|
+try {
|
|
|
+ $translation = Translation::getInstance();
|
|
|
+} catch (Exception $e) {
|
|
|
+ // Fallback to basic translations if translation system fails
|
|
|
+ $translation = null;
|
|
|
+}
|
|
|
+
|
|
|
+// Check if user is logged in and has admin privileges
|
|
|
+$auth = new Auth();
|
|
|
+if (!$auth->isLoggedIn() || !$auth->isAdmin()) {
|
|
|
+ header('Location: login.php');
|
|
|
+ exit;
|
|
|
+}
|
|
|
+
|
|
|
+// Handle user actions
|
|
|
+$action = $_GET['action'] ?? 'list';
|
|
|
+$user_id = $_GET['id'] ?? null;
|
|
|
+$message = '';
|
|
|
+$error = '';
|
|
|
+
|
|
|
+// Get database instance
|
|
|
+$db = Database::getInstance();
|
|
|
+
|
|
|
+switch ($action) {
|
|
|
+ case 'list':
|
|
|
+ // Get all users with pagination
|
|
|
+ $page = max(1, (int)($_GET['page'] ?? 1));
|
|
|
+ $limit = 20;
|
|
|
+ $offset = ($page - 1) * $limit;
|
|
|
+
|
|
|
+ // Get total users count
|
|
|
+ $total_users = $db->fetch("SELECT COUNT(*) as count FROM users")['count'];
|
|
|
+ $total_pages = ceil($total_users / $limit);
|
|
|
+
|
|
|
+ // Get users for current page
|
|
|
+ $sql = "SELECT id, username, email, auth_type, created_at, last_login FROM users ORDER BY created_at DESC LIMIT ? OFFSET ?";
|
|
|
+ $users = $db->fetchAll($sql, [$limit, $offset]);
|
|
|
+
|
|
|
+ break;
|
|
|
+
|
|
|
+ case 'edit':
|
|
|
+ if (!$user_id) {
|
|
|
+ header('Location: users.php');
|
|
|
+ exit;
|
|
|
+ }
|
|
|
+
|
|
|
+ // Get user details
|
|
|
+ $user = $db->fetch("SELECT * FROM users WHERE id = ?", [$user_id]);
|
|
|
+ if (!$user) {
|
|
|
+ $error = 'User not found';
|
|
|
+ break;
|
|
|
+ }
|
|
|
+
|
|
|
+ break;
|
|
|
+
|
|
|
+ case 'delete':
|
|
|
+ if (!$user_id) {
|
|
|
+ header('Location: users.php');
|
|
|
+ exit;
|
|
|
+ }
|
|
|
+
|
|
|
+ // Don't allow deletion of the currently logged-in user
|
|
|
+ if ($user_id == $_SESSION['user_id']) {
|
|
|
+ $error = 'You cannot delete your own account';
|
|
|
+ break;
|
|
|
+ }
|
|
|
+
|
|
|
+ // Delete user
|
|
|
+ $db->delete('users', 'id = ?', [$user_id]);
|
|
|
+ $message = 'User deleted successfully';
|
|
|
+
|
|
|
+ // Redirect back to user list
|
|
|
+ header('Location: users.php?action=list&message=' . urlencode($message));
|
|
|
+ exit;
|
|
|
+
|
|
|
+ case 'create':
|
|
|
+ // Handle user creation
|
|
|
+ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
|
+ $username = trim($_POST['username'] ?? '');
|
|
|
+ $email = trim($_POST['email'] ?? '');
|
|
|
+ $password = trim($_POST['password'] ?? '');
|
|
|
+ $auth_type = trim($_POST['auth_type'] ?? 'local');
|
|
|
+
|
|
|
+ // Validation
|
|
|
+ if (empty($username)) $error = 'Username is required';
|
|
|
+ elseif (empty($email)) $error = 'Email is required';
|
|
|
+ elseif (empty($password) && $auth_type === 'local') $error = 'Password is required for local authentication';
|
|
|
+ elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) $error = 'Invalid email format';
|
|
|
+
|
|
|
+ if (!$error) {
|
|
|
+ // Check if username already exists
|
|
|
+ $existing_user = $db->fetch("SELECT id FROM users WHERE username = ?", [$username]);
|
|
|
+ if ($existing_user) {
|
|
|
+ $error = 'Username already exists';
|
|
|
+ } else {
|
|
|
+ // Create new user
|
|
|
+ $hashed_password = password_hash($password, PASSWORD_DEFAULT);
|
|
|
+ $sql = "INSERT INTO users (username, email, password, auth_type, created_at) VALUES (?, ?, ?, ?, NOW())";
|
|
|
+ $db->query($sql, [$username, $email, $hashed_password, $auth_type]);
|
|
|
+
|
|
|
+ $message = 'User created successfully';
|
|
|
+
|
|
|
+ // If LDAP is enabled, we could also create LDAP user here
|
|
|
+ if ($auth_type === 'ldap' && LDAP_ENABLED) {
|
|
|
+ // Additional LDAP user creation logic could be added here
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ break;
|
|
|
+
|
|
|
+ default:
|
|
|
+ header('Location: users.php');
|
|
|
+ exit;
|
|
|
+}
|
|
|
+?>
|
|
|
+<!DOCTYPE html>
|
|
|
+<html lang="<?php echo getCurrentLanguage(); ?>">
|
|
|
+<head>
|
|
|
+ <meta charset="UTF-8">
|
|
|
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
|
+ <title><?php echo t('manage_users'); ?> - <?php echo SITE_TITLE; ?></title>
|
|
|
+ <link rel="stylesheet" href="../css/style.css">
|
|
|
+</head>
|
|
|
+<body>
|
|
|
+ <header class="admin-header">
|
|
|
+ <div class="container">
|
|
|
+ <h1><a href="index.php"><?php echo SITE_TITLE; ?></a></h1>
|
|
|
+ <nav class="admin-nav">
|
|
|
+ <a href="index.php"><?php echo t('nav_dashboard'); ?></a>
|
|
|
+ <a href="edit.php"><?php echo t('manage_publications'); ?></a>
|
|
|
+ <a href="publications.php"><?php echo t('manage_publications'); ?></a>
|
|
|
+ <a href="categories.php"><?php echo t('manage_categories'); ?></a>
|
|
|
+ <a href="users.php" class="active"><?php echo t('manage_users'); ?></a>
|
|
|
+ <?php if (LDAP_ENABLED): ?>
|
|
|
+ <a href="ldap-users.php"><?php echo t('nav_ldap_users'); ?></a>
|
|
|
+ <?php endif; ?>
|
|
|
+ <a href="logout.php"><?php echo t('logout'); ?></a>
|
|
|
+ </nav>
|
|
|
+ </div>
|
|
|
+ </header>
|
|
|
+
|
|
|
+ <main class="admin-main">
|
|
|
+ <div class="container">
|
|
|
+ <?php if ($message): ?>
|
|
|
+ <div class="alert alert-success">
|
|
|
+ <?php echo htmlspecialchars($message); ?>
|
|
|
+ </div>
|
|
|
+ <?php endif; ?>
|
|
|
+
|
|
|
+ <?php if ($error): ?>
|
|
|
+ <div class="alert alert-error">
|
|
|
+ <?php echo htmlspecialchars($error); ?>
|
|
|
+ </div>
|
|
|
+ <?php endif; ?>
|
|
|
+
|
|
|
+ <?php if ($action === 'list'): ?>
|
|
|
+ <div class="users-management">
|
|
|
+ <div class="section-header">
|
|
|
+ <h2><?php echo t('manage_users'); ?></h2>
|
|
|
+ <div class="section-actions">
|
|
|
+ <a href="users.php?action=create" class="btn btn-primary"><?php echo t('create_user'); ?></a>
|
|
|
+ </div>
|
|
|
+ </div>
|
|
|
+
|
|
|
+ <div class="users-table">
|
|
|
+ <table class="admin-table">
|
|
|
+ <thead>
|
|
|
+ <tr>
|
|
|
+ <th><?php echo t('username'); ?></th>
|
|
|
+ <th><?php echo t('email'); ?></th>
|
|
|
+ <th><?php echo t('auth_type'); ?></th>
|
|
|
+ <th><?php echo t('created'); ?></th>
|
|
|
+ <th><?php echo t('last_login'); ?></th>
|
|
|
+ <th><?php echo t('actions'); ?></th>
|
|
|
+ </tr>
|
|
|
+ </thead>
|
|
|
+ <tbody>
|
|
|
+ <?php foreach ($users as $user): ?>
|
|
|
+ <tr>
|
|
|
+ <td><?php echo htmlspecialchars($user['username']); ?></td>
|
|
|
+ <td><?php echo htmlspecialchars($user['email']); ?></td>
|
|
|
+ <td>
|
|
|
+ <span class="auth-type <?php echo $user['auth_type']; ?>">
|
|
|
+ <?php echo ucfirst($user['auth_type']); ?>
|
|
|
+ </span>
|
|
|
+ </td>
|
|
|
+ <td><?php echo date('Y-m-d H:i', strtotime($user['created_at'])); ?></td>
|
|
|
+ <td><?php echo $user['last_login'] ? date('Y-m-d H:i', strtotime($user['last_login'])) : 'Never'; ?></td>
|
|
|
+ <td>
|
|
|
+ <a href="users.php?action=edit&id=<?php echo $user['id']; ?>" class="btn btn-sm"><?php echo t('edit'); ?></a>
|
|
|
+ <?php if ($user['id'] != $_SESSION['user_id']): ?>
|
|
|
+ <a href="users.php?action=delete&id=<?php echo $user['id']; ?>" class="btn btn-sm btn-danger" onclick="return confirm('<?php echo t('delete_user_confirm'); ?>')"><?php echo t('delete'); ?></a>
|
|
|
+ <?php endif; ?>
|
|
|
+ </td>
|
|
|
+ </tr>
|
|
|
+ <?php endforeach; ?>
|
|
|
+ </tbody>
|
|
|
+ </table>
|
|
|
+
|
|
|
+ <?php if ($total_pages > 1): ?>
|
|
|
+ <div class="pagination">
|
|
|
+ <?php if ($page > 1): ?>
|
|
|
+ <a href="users.php?page=<?php echo $page - 1; ?>" class="btn"><?php echo t('previous'); ?></a>
|
|
|
+ <?php endif; ?>
|
|
|
+
|
|
|
+ <span class="page-info">
|
|
|
+ <?php echo t('page'); ?> <?php echo $page; ?> <?php echo t('of'); ?> <?php echo $total_pages; ?>
|
|
|
+ </span>
|
|
|
+
|
|
|
+ <?php if ($page < $total_pages): ?>
|
|
|
+ <a href="users.php?page=<?php echo $page + 1; ?>" class="btn"><?php echo t('next'); ?></a>
|
|
|
+ <?php endif; ?>
|
|
|
+ </div>
|
|
|
+ <?php endif; ?>
|
|
|
+ </div>
|
|
|
+ </div>
|
|
|
+
|
|
|
+ <?php elseif ($action === 'edit' && isset($user)): ?>
|
|
|
+ <div class="user-edit">
|
|
|
+ <div class="section-header">
|
|
|
+ <h2><?php echo t('edit_user'); ?></h2>
|
|
|
+ </div>
|
|
|
+
|
|
|
+ <form method="post" class="admin-form">
|
|
|
+ <div class="form-group">
|
|
|
+ <label for="username"><?php echo t('username'); ?>:</label>
|
|
|
+ <input type="text" id="username" name="username" value="<?php echo htmlspecialchars($user['username']); ?>" required>
|
|
|
+ </div>
|
|
|
+
|
|
|
+ <div class="form-group">
|
|
|
+ <label for="email"><?php echo t('email'); ?>:</label>
|
|
|
+ <input type="email" id="email" name="email" value="<?php echo htmlspecialchars($user['email']); ?>" required>
|
|
|
+ </div>
|
|
|
+
|
|
|
+ <div class="form-group">
|
|
|
+ <label for="auth_type"><?php echo t('auth_type'); ?>:</label>
|
|
|
+ <select id="auth_type" name="auth_type">
|
|
|
+ <option value="local" <?php echo $user['auth_type'] === 'local' ? 'selected' : ''; ?>><?php echo t('local'); ?></option>
|
|
|
+ <option value="ldap" <?php echo $user['auth_type'] === 'ldap' ? 'selected' : ''; ?>><?php echo t('ldap'); ?></option>
|
|
|
+ </select>
|
|
|
+ </div>
|
|
|
+
|
|
|
+ <div class="form-actions">
|
|
|
+ <button type="submit" class="btn btn-primary"><?php echo t('update'); ?></button>
|
|
|
+ <a href="users.php" class="btn"><?php echo t('cancel'); ?></a>
|
|
|
+ </div>
|
|
|
+ </form>
|
|
|
+ </div>
|
|
|
+
|
|
|
+ <?php elseif ($action === 'create'): ?>
|
|
|
+ <div class="user-create">
|
|
|
+ <div class="section-header">
|
|
|
+ <h2><?php echo t('create_user'); ?></h2>
|
|
|
+ </div>
|
|
|
+
|
|
|
+ <form method="post" class="admin-form">
|
|
|
+ <div class="form-group">
|
|
|
+ <label for="username"><?php echo t('username'); ?>:</label>
|
|
|
+ <input type="text" id="username" name="username" value="<?php echo htmlspecialchars($username ?? ''); ?>" required>
|
|
|
+ </div>
|
|
|
+
|
|
|
+ <div class="form-group">
|
|
|
+ <label for="email"><?php echo t('email'); ?>:</label>
|
|
|
+ <input type="email" id="email" name="email" value="<?php echo htmlspecialchars($email ?? ''); ?>" required>
|
|
|
+ </div>
|
|
|
+
|
|
|
+ <div class="form-group">
|
|
|
+ <label for="password"><?php echo t('password'); ?>:</label>
|
|
|
+ <input type="password" id="password" name="password" value="<?php echo htmlspecialchars($password ?? ''); ?>" required>
|
|
|
+ </div>
|
|
|
+
|
|
|
+ <div class="form-group">
|
|
|
+ <label for="auth_type"><?php echo t('auth_type'); ?>:</label>
|
|
|
+ <select id="auth_type" name="auth_type">
|
|
|
+ <option value="local"><?php echo t('local'); ?></option>
|
|
|
+ <?php if (LDAP_ENABLED): ?>
|
|
|
+ <option value="ldap"><?php echo t('ldap'); ?></option>
|
|
|
+ <?php endif; ?>
|
|
|
+ </select>
|
|
|
+ </div>
|
|
|
+
|
|
|
+ <div class="form-actions">
|
|
|
+ <button type="submit" class="btn btn-primary"><?php echo t('create'); ?></button>
|
|
|
+ <a href="users.php" class="btn"><?php echo t('cancel'); ?></a>
|
|
|
+ </div>
|
|
|
+ </form>
|
|
|
+ </div>
|
|
|
+ <?php endif; ?>
|
|
|
+ </div>
|
|
|
+ </main>
|
|
|
+
|
|
|
+ <footer>
|
|
|
+ <p>© <?php echo date('Y'); ?> <?php echo t('copyright', ['site' => SITE_TITLE]); ?></p>
|
|
|
+ </footer>
|
|
|
+</body>
|
|
|
+</html>
|
