Borgal/domili
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Menü erneuert

Browse Source
This commit is contained in:
Borgal
2025-10-30 03:13:51 +01:00
parent 0f34cf93a4
commit 7abaaede8b
2 changed files with 234 additions and 210 deletions
Download Patch File Download Diff File Expand all files Collapse all files

210
admin/users.php
View File

@@ -1,210 +0,0 @@
<?php
include('../inc/check_login.php');
include('../inc/check_admin.php');
require_once('../inc/db.php');
$message = '';
$message_type = '';
$edit_mode = false;
$edit_user = null;
// --- Logik zum Löschen und Bearbeiten von Benutzern ---
// Aktion Löschen
if (isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id'])) {
$id = $_GET['id'];
$stmt = mysqli_prepare($conn, "DELETE FROM users WHERE id = ?");
mysqli_stmt_bind_param($stmt, "i", $id);
if (mysqli_stmt_execute($stmt)) {
$message = "Benutzer erfolgreich gelöscht!";
$message_type = 'success';
} else {
$message = "Fehler beim Löschen des Benutzers.";
$message_type = 'danger';
}
mysqli_stmt_close($stmt);
}
// Aktion Bearbeiten (Formular laden)
if (isset($_GET['action']) && $_GET['action'] == 'edit' && isset($_GET['id'])) {
$id = $_GET['id'];
// E-Mail-Feld zur Abfrage hinzugefügt, da es für das Bearbeiten benötigt wird
$stmt = mysqli_prepare($conn, "SELECT id, username, email, role FROM users WHERE id = ?");
mysqli_stmt_bind_param($stmt, "i", $id);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$edit_user = mysqli_fetch_assoc($result);
mysqli_stmt_close($stmt);
$edit_mode = true;
}
// --- Logik zum Hinzufügen oder Speichern von Benutzern ---
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = $_POST['username'];
$password = $_POST['password'];
// E-Mail-Feld aus dem Formular auslesen
$email = $_POST['email'] ?? null;
$role = $_POST['role'] === 'admin' ? 'admin' : 'member';
$id = $_POST['id'] ?? null;
if ($id) { // Update-Logik
// Überprüfen, ob ein neues Passwort gesetzt wurde
if (!empty($password)) {
$password_hashed = password_hash($password, PASSWORD_DEFAULT);
// E-Mail-Feld zum UPDATE-Statement hinzugefügt
$stmt = mysqli_prepare($conn, "UPDATE users SET username = ?, password = ?, email = ?, role = ? WHERE id = ?");
// `email` zur Parameter-Bindung hinzugefügt
mysqli_stmt_bind_param($stmt, "ssssi", $username, $password_hashed, $email, $role, $id);
} else {
// E-Mail-Feld zum UPDATE-Statement hinzugefügt
$stmt = mysqli_prepare($conn, "UPDATE users SET username = ?, email = ?, role = ? WHERE id = ?");
// `email` zur Parameter-Bindung hinzugefügt
mysqli_stmt_bind_param($stmt, "sssi", $username, $email, $role, $id);
}
if (mysqli_stmt_execute($stmt)) {
$message = "Benutzer erfolgreich aktualisiert!";
$message_type = 'success';
} else {
$message = "Fehler beim Aktualisieren des Benutzers.";
$message_type = 'danger';
}
mysqli_stmt_close($stmt);
} else { // Insert-Logik
$password_hashed = password_hash($password, PASSWORD_DEFAULT);
// E-Mail-Feld zum INSERT-Statement hinzugefügt
$stmt = mysqli_prepare($conn, "INSERT INTO users (username, password, email, role) VALUES (?, ?, ?, ?)");
// `email` zur Parameter-Bindung hinzugefügt
mysqli_stmt_bind_param($stmt, "ssss", $username, $password_hashed, $email, $role);
if (mysqli_stmt_execute($stmt)) {
$message = "Benutzer erfolgreich hinzugefügt.";
$message_type = 'success';
} else {
$message = "Fehler beim Hinzufügen: " . mysqli_error($conn);
$message_type = 'danger';
}
mysqli_stmt_close($stmt);
}
}
// Benutzerübersicht abrufen (E-Mail-Feld entfernt)
$users = [];
$result = mysqli_query($conn, "SELECT id, username, role FROM users ORDER BY id ASC");
if ($result) {
while ($row = mysqli_fetch_assoc($result)) {
$users[] = $row;
}
}
require_once('../inc/header.php');
?>
<div class="container mt-5">
<?php if ($message) : ?>
<div id="status-message" class="alert alert-<?php echo $message_type; ?> alert-dismissible fade show" role="alert">
<?php echo htmlspecialchars($message); ?>
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
</div>
<?php endif; ?>
<div class="d-flex justify-content-between align-items-center mb-4">
<h2 class="mb-0">Benutzerverwaltung</h2>
</div>
<div class="collapse <?= $edit_mode ? 'show' : '' ?>" id="userFormCollapse">
<div class="card shadow mb-4">
<div class="card-header bg-primary-subtle text-secondary">
<h4 class="mb-0"><?= $edit_mode ? 'Benutzer bearbeiten' : 'Neuen Benutzer hinzufügen'; ?></h4>
</div>
<div class="card-body">
<form action="users.php" method="post">
<?php if ($edit_mode): ?>
<input type="hidden" name="id" value="<?= htmlspecialchars($edit_user['id']); ?>">
<?php endif; ?>
<div class="row g-1 align-items-end">
<div class="col-md-3">
<label for="username" class="form-label">Benutzername</label>
<input type="text" class="form-control" id="username" name="username" value="<?= htmlspecialchars($edit_user['username'] ?? ''); ?>" required>
<div class="form-text" style="visibility: hidden;">&nbsp;</div>
</div>
<div class="col-md-3">
<label for="email" class="form-label">E-Mail (optional)</label>
<input type="email" class="form-control" id="email" name="email" value="<?= htmlspecialchars($edit_user['email'] ?? ''); ?>">
<div class="form-text" style="visibility: hidden;">&nbsp;</div>
</div>
<div class="col-md-3">
<label for="password" class="form-label">Passwort</label>
<input type="password" class="form-control" id="password" name="password" <?= $edit_mode ? '' : 'required'; ?>>
<div class="form-text">
<?= $edit_mode ? 'Feld leer lassen, um das Passwort nicht zu ändern.' : '&nbsp;'; ?>
</div>
</div>
<div class="col-md-3">
<label for="role" class="form-label">Rolle</label>
<select class="form-select" id="role" name="role">
<option value="member" <?= (($edit_user['role'] ?? '') === 'member') ? 'selected' : ''; ?>>Mitglied</option>
<option value="admin" <?= (($edit_user['role'] ?? '') === 'admin') ? 'selected' : ''; ?>>Admin</option>
</select>
<div class="form-text" style="visibility: hidden;">&nbsp;</div>
</div>
<div class="col-12 d-flex justify-content-start">
<button type="submit" class="btn btn-sm btn-outline-<?= $edit_mode ? 'success' : 'primary'; ?> w-auto me-2">
<?= $edit_mode ? 'Speichern' : 'Hinzufügen'; ?>
</button>
<a href="users.php" class="btn btn-sm btn-outline-secondary w-auto">Abbrechen</a>
</div>
</div>
</form>
</div>
</div>
<hr class="mt-4 mb-4">
</div>
<div class="card shadow">
<div class="card-header bg-secondary bg-opacity-50 text-secondary d-flex justify-content-between align-items-center mb-4">
<h4 class="mb-0">Benutzerübersicht</h4>
<a class="btn btn-sm d-flex align-items-center justify-content-center" data-bs-toggle="collapse" href="#userFormCollapse" role="button" aria-expanded="false" aria-controls="userFormCollapse">Add
<span class="material-symbols-outlined">add</span>
</a>
</div>
<div class="card-body">
<div class="table-responsive">
<table class="table table-striped table-hover">
<thead>
<tr>
<th>ID</th>
<th>Benutzername</th>
<th>Rolle</th>
<th>Aktionen</th>
</tr>
</thead>
<tbody>
<?php foreach ($users as $user): ?>
<tr>
<td><?= htmlspecialchars($user['id']) ?></td>
<td><?= htmlspecialchars($user['username']) ?></td>
<td>
<span class="badge rounded-pill bg-<?= $user['role'] === 'admin' ? 'info' : 'secondary' ?>">
<?= htmlspecialchars($user['role']) ?>
</span>
</td>
<td>
<a href="users.php?action=edit&id=<?= htmlspecialchars($user['id']) ?>" class="text-dark me-1 text-decoration-none" data-bs-toggle="tooltip" data-bs-placement="top" title="Bearbeiten">
<span class="material-icons">mode_edit_outline</span>
</a>
<a href="users.php?action=delete&id=<?= htmlspecialchars($user['id']) ?>" class="text-danger text-decoration-none" data-bs-toggle="tooltip" data-bs-placement="top" title="Löschen" onclick="return confirm('Sind Sie sicher, dass Sie diesen Benutzer löschen möchten?');">
<span class="material-icons">delete_outline</span>
</a>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
</div>
</div>
<?php include('../inc/footer.php'); ?>

234
users.php Executable file
View File

@@ -0,0 +1,234 @@
<?php
include('inc/check_login.php');
require_once('inc/db.php');
$is_admin = ($_SESSION['role'] === 'admin');
$message = '';
$message_type = '';
$edit_mode = false;
$edit_user = null;
// --- Nur Admins: Löschen ---
if ($is_admin && isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id'])) {
$id = (int)$_GET['id'];
if ($id == $_SESSION['user_id']) {
$message = "Sie können Ihren eigenen Account nicht löschen.";
$message_type = 'danger';
} else {
$stmt = mysqli_prepare($conn, "DELETE FROM users WHERE id = ?");
mysqli_stmt_bind_param($stmt, "i", $id);
if (mysqli_stmt_execute($stmt)) {
$message = "Benutzer erfolgreich gelöscht!";
$message_type = 'success';
} else {
$message = "Fehler beim Löschen des Benutzers.";
$message_type = 'danger';
}
mysqli_stmt_close($stmt);
}
header("Location: users.php");
exit();
}
// --- Nur Admins: Bearbeiten ---
if ($is_admin && isset($_GET['action']) && $_GET['action'] == 'edit' && isset($_GET['id'])) {
$id = (int)$_GET['id'];
$stmt = mysqli_prepare($conn, "SELECT id, username, email, role FROM users WHERE id = ?");
mysqli_stmt_bind_param($stmt, "i", $id);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$edit_user = mysqli_fetch_assoc($result);
mysqli_stmt_close($stmt);
$edit_mode = true;
if (!$edit_user) {
$message = "Benutzer nicht gefunden.";
$message_type = 'warning';
}
}
// --- Nur Admins: Speichern ---
if ($is_admin && $_SERVER["REQUEST_METHOD"] == "POST") {
$username = trim($_POST['username'] ?? '');
$password = $_POST['password'] ?? '';
$email_raw = trim($_POST['email'] ?? '');
$role = ($_POST['role'] ?? 'member') === 'admin' ? 'admin' : 'member';
$id = !empty($_POST['id']) ? (int)$_POST['id'] : null;
$email = !empty($email_raw) ? $email_raw : null;
if (empty($username)) {
$message = "Benutzername ist erforderlich.";
$message_type = 'danger';
} else {
if ($id) {
if (!empty($password)) {
$password_hashed = password_hash($password, PASSWORD_DEFAULT);
$stmt = mysqli_prepare($conn, "UPDATE users SET username = ?, password = ?, email = ?, role = ? WHERE id = ?");
mysqli_stmt_bind_param($stmt, "ssssi", $username, $password_hashed, $email, $role, $id);
} else {
$stmt = mysqli_prepare($conn, "UPDATE users SET username = ?, email = ?, role = ? WHERE id = ?");
mysqli_stmt_bind_param($stmt, "sssi", $username, $email, $role, $id);
}
} else {
if (empty($password)) {
$message = "Passwort ist beim Erstellen erforderlich.";
$message_type = 'danger';
} else {
$password_hashed = password_hash($password, PASSWORD_DEFAULT);
$stmt = mysqli_prepare($conn, "INSERT INTO users (username, password, email, role) VALUES (?, ?, ?, ?)");
mysqli_stmt_bind_param($stmt, "ssss", $username, $password_hashed, $email, $role);
}
}
if (!isset($message)) {
if (isset($stmt) && mysqli_stmt_execute($stmt)) {
$message = $id ? "Benutzer aktualisiert!" : "Neuer Benutzer hinzugefügt!";
$message_type = 'success';
} else {
$message = "Fehler beim Speichern.";
$message_type = 'danger';
}
if (isset($stmt)) mysqli_stmt_close($stmt);
header("Location: users.php");
exit();
}
}
}
// --- Mitgliederliste für alle ---
$users = [];
$result = mysqli_query($conn, "SELECT id, username, role FROM users ORDER BY id ASC");
while ($row = mysqli_fetch_assoc($result)) {
$users[] = $row;
}
require_once 'inc/header.php';
?>
<div class="container mt-5">
<?php if ($message): ?>
<div class="alert alert-<?= htmlspecialchars($message_type) ?> alert-dismissible fade show" role="alert">
<?= htmlspecialchars($message) ?>
<button type="button" class="btn-close" data-bs-dismiss="alert"></button>
</div>
<?php endif; ?>
<div class="d-flex justify-content-between align-items-center mb-4">
<h2 class="mb-0">Benutzerübersicht</h2>
</div>
<?php if ($is_admin): ?>
<div class="collapse <?= $edit_mode ? 'show' : '' ?>" id="userFormCollapse">
<div class="card shadow mb-4">
<div class="card-header bg-primary-subtle text-secondary">
<h4 class="mb-0"><?= $edit_mode ? 'Benutzer bearbeiten' : 'Neuen Benutzer hinzufügen'; ?></h4>
</div>
<div class="card-body">
<form action="users.php" method="post">
<?php if ($edit_mode): ?>
<input type="hidden" name="id" value="<?= htmlspecialchars($edit_user['id']); ?>">
<?php endif; ?>
<div class="row g-3">
<div class="col-md-3">
<label class="form-label">Benutzername</label>
<input type="text" class="form-control" name="username" value="<?= htmlspecialchars($edit_user['username'] ?? ''); ?>" required>
</div>
<div class="col-md-3">
<label class="form-label">E-Mail (optional)</label>
<input type="email" class="form-control" name="email" value="<?= htmlspecialchars($edit_user['email'] ?? ''); ?>">
</div>
<div class="col-md-3">
<label class="form-label">Passwort</label>
<input type="password" class="form-control" name="password" placeholder="<?= $edit_mode ? 'Leer lassen = unverändert' : 'Erforderlich' ?>">
<?php if ($edit_mode): ?>
<div class="form-text">Leer lassen, um Passwort nicht zu ändern.</div>
<?php endif; ?>
</div>
<div class="col-md-3">
<label class="form-label">Rolle</label>
<select class="form-select" name="role">
<option value="member" <?= (($edit_user['role'] ?? 'member') === 'member') ? 'selected' : ''; ?>>Mitglied</option>
<option value="admin" <?= (($edit_user['role'] ?? 'member') === 'admin') ? 'selected' : ''; ?>>Admin</option>
</select>
</div>
<div class="col-12 d-flex justify-content-start">
<button type="submit" class="btn btn-sm btn-outline-<?= $edit_mode ? 'success' : 'primary'; ?> me-2">
<?= $edit_mode ? 'Speichern' : 'Hinzufügen'; ?>
</button>
<a href="users.php" class="btn btn-sm btn-outline-secondary">Abbrechen</a>
</div>
</div>
</form>
</div>
</div>
</div>
<?php endif; ?>
<div class="card shadow">
<div class="card-header bg-secondary bg-opacity-50 text-secondary d-flex justify-content-between align-items-center">
<h4 class="mb-0">Mitglieder</h4>
<?php if ($is_admin): ?>
<a class="btn btn-sm d-flex align-items-center justify-content-center" data-bs-toggle="collapse" href="#userFormCollapse" role="button" aria-expanded="false" aria-controls="userFormCollapse">Add
<span class="material-symbols-outlined">add</span>
</a>
<?php endif; ?>
</div>
<div class="card-body">
<div class="table-responsive">
<table class="table table-striped table-hover">
<thead>
<tr>
<th>ID</th>
<th>Benutzername</th>
<th>Rolle</th>
<?php if ($is_admin): ?>
<th>Aktionen</th>
<?php endif; ?>
</tr>
</thead>
<tbody>
<?php foreach ($users as $user): ?>
<tr>
<td><?= htmlspecialchars($user['id']) ?></td>
<td><?= htmlspecialchars($user['username']) ?></td>
<td>
<span class="badge rounded-pill bg-<?= $user['role'] === 'admin' ? 'info' : 'secondary' ?>">
<?= htmlspecialchars($user['role']) ?>
</span>
</td>
<?php if ($is_admin): ?>
<td class="text-end align-middle">
<div class="dropdown">
<a href="#" class="text-secondary" role="button" data-bs-toggle="dropdown" aria-expanded="false">
<span class="material-icons">more_vert</span>
</a>
<ul class="dropdown-menu dropdown-menu-end">
<li>
<a class="dropdown-item d-flex align-items-center" href="users.php?action=edit&id=<?= htmlspecialchars($user['id']) ?>">
<span class="material-icons me-2">mode_edit_outline</span> Bearbeiten
</a>
</li>
<?php if ($user['id'] != $_SESSION['user_id']): ?>
<li>
<a class="dropdown-item d-flex align-items-center text-danger" href="users.php?action=delete&id=<?= htmlspecialchars($user['id']) ?>" onclick="return confirm('Wirklich löschen?')">
<span class="material-icons me-2">delete_outline</span> Löschen
</a>
</li>
<?php endif; ?>
</ul>
</div>
</td>
<?php endif; ?>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
</div>
</div>
<?php include('inc/footer.php'); ?>