isLoggedIn() || !$auth->isAdmin()) { header('Location: login.php'); exit; } // Handle user actions $action = $_GET['action'] ?? 'list'; $user_id = $_GET['id'] ?? null; $message = ''; $error = ''; // Get database instance $db = Database::getInstance(); switch ($action) { case 'list': // Get filter parameters $search = trim($_GET['search'] ?? ''); $role_filter = $_GET['role'] ?? 'all'; $status_filter = $_GET['status'] ?? 'all'; $page = max(1, (int)($_GET['page'] ?? 1)); $limit = 20; $offset = ($page - 1) * $limit; // Build WHERE clause for filtering $where_conditions = []; $params = []; if (!empty($search)) { $where_conditions[] = "(username LIKE ? OR email LIKE ?)"; $params[] = "%$search%"; $params[] = "%$search%"; } if ($role_filter !== 'all') { $where_conditions[] = "role = ?"; $params[] = $role_filter; } if ($status_filter !== 'all') { $where_conditions[] = "status = ?"; $params[] = $status_filter; } $where_clause = !empty($where_conditions) ? "WHERE " . implode(" AND ", $where_conditions) : ""; // Get total users count with filters $count_sql = "SELECT COUNT(*) as count FROM users $where_clause"; $total_users = $db->fetch($count_sql, $params)['count']; $total_pages = ceil($total_users / $limit); // Get users for current page with filters $sql = "SELECT id, username, email, auth_type, role, status, created_at, last_login FROM users $where_clause ORDER BY created_at DESC LIMIT ? OFFSET ?"; $query_params = array_merge($params, [$limit, $offset]); $users = $db->fetchAll($sql, $query_params); break; case 'edit': if (!$user_id) { header('Location: users.php'); exit; } // Handle form submission for user update if ($_SERVER['REQUEST_METHOD'] === 'POST') { $username = trim($_POST['username'] ?? ''); $email = trim($_POST['email'] ?? ''); $auth_type = trim($_POST['auth_type'] ?? 'local'); $role = trim($_POST['role'] ?? 'user'); $status = trim($_POST['status'] ?? 'active'); $password = trim($_POST['password'] ?? ''); // Validation if (empty($username)) $error = t('admin_username_required'); elseif (empty($email)) $error = t('admin_email_required'); elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) $error = t('admin_email_invalid'); if (!$error) { try { $update_data = [ 'username' => $username, 'email' => $email, 'auth_type' => $auth_type, 'role' => $role, 'status' => $status ]; // Update password if provided if (!empty($password)) { $update_data['password'] = password_hash($password, PASSWORD_DEFAULT); } $db->update('users', $update_data, 'id = ?', [$user_id]); $message = t('admin_user_updated_success'); // Redirect to avoid form resubmission header('Location: users.php?message=' . urlencode($message)); exit; } catch (Exception $e) { if (strpos($e->getMessage(), 'Duplicate') !== false) { $error = t('admin_username_exists'); } else { $error = t('admin_user_update_error') . ' ' . $e->getMessage(); } } } } // Get user details $user = $db->fetch("SELECT * FROM users WHERE id = ?", [$user_id]); if (!$user) { $error = t('admin_user_not_found'); break; } break; case 'delete': if (!$user_id) { header('Location: users.php'); exit; } // Don't allow deletion of the currently logged-in user if ($user_id == $_SESSION['user_id']) { $error = t('admin_user_cannot_delete_own'); break; } // Delete user $db->delete('users', 'id = ?', [$user_id]); $message = t('admin_user_deleted_success'); // Redirect back to user list header('Location: users.php?action=list&message=' . urlencode($message)); exit; case 'create': // Handle user creation if ($_SERVER['REQUEST_METHOD'] === 'POST') { $username = trim($_POST['username'] ?? ''); $email = trim($_POST['email'] ?? ''); $password = trim($_POST['password'] ?? ''); $auth_type = trim($_POST['auth_type'] ?? 'local'); // Validation if (empty($username)) $error = t('admin_username_required'); elseif (empty($email)) $error = t('admin_email_required'); elseif (empty($password) && $auth_type === 'local') $error = t('admin_password_required_local'); elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) $error = t('admin_email_invalid'); // Get role and status from form $role = trim($_POST['role'] ?? 'user'); $status = trim($_POST['status'] ?? 'active'); if (!$error) { // Check if username already exists $existing_user = $db->fetch("SELECT id FROM users WHERE username = ?", [$username]); if ($existing_user) { $error = t('admin_username_exists'); } else { // Create new user $hashed_password = password_hash($password, PASSWORD_DEFAULT); $sql = "INSERT INTO users (username, email, password, auth_type, role, status, created_at) VALUES (?, ?, ?, ?, ?, ?, NOW())"; $db->query($sql, [$username, $email, $hashed_password, $auth_type, $role, $status]); $message = t('admin_user_created_success'); // If LDAP is enabled, we could also create LDAP user here if ($auth_type === 'ldap' && LDAP_ENABLED) { // Additional LDAP user creation logic could be added here } } } } break; default: header('Location: users.php'); exit; } ?> <?php echo t('manage_users'); ?> - <?php echo SITE_TITLE; ?>

1): ?>