prepare("UPDATE users SET username = :username, fullname = :fullname, email = :email, phone = :phone, role = :role, is_active = :is_active, updated_at = NOW() WHERE id = :id"); $stmt->bindParam(':username', $username); $stmt->bindParam(':fullname', $fullname); $stmt->bindParam(':email', $email); $stmt->bindParam(':phone', $phone); $stmt->bindParam(':role', $role); $stmt->bindParam(':is_active', $is_active); $stmt->bindParam(':id', $id); if ($stmt->execute()) { $message = "User updated successfully!"; $message_type = "success"; $action = 'add'; // Reset to add mode // Reset form $username = $fullname = $email = $phone = ''; $role = 'admin'; $is_active = 1; $id = ''; } else { $message = "Error updating user. Please try again."; $message_type = "danger"; } } } catch (PDOException $e) { if ($e->getCode() == 23000) { if (strpos($e->getMessage(), 'username') !== false) { $message = "Username already exists. Please choose a different username."; } elseif (strpos($e->getMessage(), 'email') !== false) { $message = "Email already exists. Please use a different email address."; } else { $message = "Database constraint error. Please check your input."; } } else { $message = "Database error: " . $e->getMessage(); } $message_type = "danger"; } } else { $message = implode("
", $errors); $message_type = "danger"; } } } // Handle delete request if (isset($_GET['delete'])) { $delete_id = sanitize_input($_GET['delete']); // Prevent deleting the current user if ($delete_id == $_SESSION['user_id']) { $message = "You cannot delete your own account."; $message_type = "danger"; } else { try { $stmt = $DBcon->prepare("DELETE FROM users WHERE id = :id"); $stmt->bindParam(':id', $delete_id); if ($stmt->execute()) { $message = "User deleted successfully!"; $message_type = "success"; } else { $message = "Error deleting user. Please try again."; $message_type = "danger"; } } catch (PDOException $e) { $message = "Database error: " . $e->getMessage(); $message_type = "danger"; } } } // Handle edit request if (isset($_GET['edit'])) { $edit_id = sanitize_input($_GET['edit']); try { $stmt = $DBcon->prepare("SELECT * FROM users WHERE id = :id"); $stmt->bindParam(':id', $edit_id); $stmt->execute(); if ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $id = $row['id']; $username = $row['username']; $fullname = $row['fullname']; $email = $row['email']; $phone = $row['phone']; $role = $row['role']; $is_active = $row['is_active']; $action = 'edit'; } else { $message = "User not found."; $message_type = "danger"; } } catch (PDOException $e) { $message = "Database error: " . $e->getMessage(); $message_type = "danger"; } } // Handle role change request if (isset($_GET['change_role'])) { $user_id = sanitize_input($_GET['change_role']); $new_role = sanitize_input($_GET['role']); // Prevent changing own role if ($user_id == $_SESSION['user_id']) { $message = "You cannot change your own role."; $message_type = "danger"; } else { try { $stmt = $DBcon->prepare("UPDATE users SET role = :role, updated_at = NOW() WHERE id = :id"); $stmt->bindParam(':role', $new_role); $stmt->bindParam(':id', $user_id); if ($stmt->execute()) { $message = "User role updated successfully!"; $message_type = "success"; } else { $message = "Error updating user role. Please try again."; $message_type = "danger"; } } catch (PDOException $e) { $message = "Database error: " . $e->getMessage(); $message_type = "danger"; } } } // Handle status toggle request if (isset($_GET['toggle_status'])) { $user_id = sanitize_input($_GET['toggle_status']); // Prevent deactivating own account if ($user_id == $_SESSION['user_id']) { $message = "You cannot deactivate your own account."; $message_type = "danger"; } else { try { // Get current status $stmt = $DBcon->prepare("SELECT is_active FROM users WHERE id = :id"); $stmt->bindParam(':id', $user_id); $stmt->execute(); if ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $new_status = $row['is_active'] ? 0 : 1; $stmt = $DBcon->prepare("UPDATE users SET is_active = :is_active, updated_at = NOW() WHERE id = :id"); $stmt->bindParam(':is_active', $new_status); $stmt->bindParam(':id', $user_id); if ($stmt->execute()) { $status_text = $new_status ? 'activated' : 'deactivated'; $message = "User {$status_text} successfully!"; $message_type = "success"; } else { $message = "Error updating user status. Please try again."; $message_type = "danger"; } } } catch (PDOException $e) { $message = "Database error: " . $e->getMessage(); $message_type = "danger"; } } } // Handle search if (isset($_GET['search'])) { $search_term = sanitize_input($_GET['search']); } // Fetch all users for display $users = []; $total_users = 0; $active_users = 0; $admin_users = 0; try { if (!empty($search_term)) { $stmt = $DBcon->prepare("SELECT * FROM users WHERE username LIKE :search OR fullname LIKE :search OR email LIKE :search ORDER BY created_at DESC"); $search_param = "%$search_term%"; $stmt->bindParam(':search', $search_param); } else { $stmt = $DBcon->prepare("SELECT * FROM users ORDER BY created_at DESC"); } $stmt->execute(); $users = $stmt->fetchAll(PDO::FETCH_ASSOC); $total_users = count($users); // Count active and admin users foreach ($users as $user) { if ($user['is_active']) $active_users++; if ($user['role'] == 'admin') $admin_users++; } } catch (PDOException $e) { $message = "Error fetching users: " . $e->getMessage(); $message_type = "danger"; } ?>