domili/admin/users.php

<?php
include('../inc/check_login.php');
include('../inc/check_admin.php');
require_once('../inc/db.php');

$message = '';
$message_type = '';
$edit_mode = false;
$edit_user = null;

// --- Logik zum Löschen und Bearbeiten von Benutzern ---

// Aktion Löschen
if (isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id'])) {
    $id = $_GET['id'];
    $stmt = mysqli_prepare($conn, "DELETE FROM users WHERE id = ?");
    mysqli_stmt_bind_param($stmt, "i", $id);
    if (mysqli_stmt_execute($stmt)) {
        $message = "Benutzer erfolgreich gelöscht!";
        $message_type = 'success';
    } else {
        $message = "Fehler beim Löschen des Benutzers.";
        $message_type = 'danger';
    }
    mysqli_stmt_close($stmt);
}

// Aktion Bearbeiten (Formular laden)
if (isset($_GET['action']) && $_GET['action'] == 'edit' && isset($_GET['id'])) {
    $id = $_GET['id'];
    // E-Mail-Feld zur Abfrage hinzugefügt, da es für das Bearbeiten benötigt wird
    $stmt = mysqli_prepare($conn, "SELECT id, username, email, role FROM users WHERE id = ?");
    mysqli_stmt_bind_param($stmt, "i", $id);
    mysqli_stmt_execute($stmt);
    $result = mysqli_stmt_get_result($stmt);
    $edit_user = mysqli_fetch_assoc($result);
    mysqli_stmt_close($stmt);
    $edit_mode = true;
}

// --- Logik zum Hinzufügen oder Speichern von Benutzern ---

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $username = $_POST['username'];
    $password = $_POST['password'];
    // E-Mail-Feld aus dem Formular auslesen
    $email = $_POST['email'] ?? null;
    $role = $_POST['role'] === 'admin' ? 'admin' : 'member';
    $id = $_POST['id'] ?? null;

    if ($id) { // Update-Logik
        // Überprüfen, ob ein neues Passwort gesetzt wurde
        if (!empty($password)) {
            $password_hashed = password_hash($password, PASSWORD_DEFAULT);
            // E-Mail-Feld zum UPDATE-Statement hinzugefügt
            $stmt = mysqli_prepare($conn, "UPDATE users SET username = ?, password = ?, email = ?, role = ? WHERE id = ?");
            // `email` zur Parameter-Bindung hinzugefügt
            mysqli_stmt_bind_param($stmt, "ssssi", $username, $password_hashed, $email, $role, $id);
        } else {
            // E-Mail-Feld zum UPDATE-Statement hinzugefügt
            $stmt = mysqli_prepare($conn, "UPDATE users SET username = ?, email = ?, role = ? WHERE id = ?");
            // `email` zur Parameter-Bindung hinzugefügt
            mysqli_stmt_bind_param($stmt, "sssi", $username, $email, $role, $id);
        }

        if (mysqli_stmt_execute($stmt)) {
            $message = "Benutzer erfolgreich aktualisiert!";
            $message_type = 'success';
        } else {
            $message = "Fehler beim Aktualisieren des Benutzers.";
            $message_type = 'danger';
        }
        mysqli_stmt_close($stmt);
    } else { // Insert-Logik
        $password_hashed = password_hash($password, PASSWORD_DEFAULT);
        // E-Mail-Feld zum INSERT-Statement hinzugefügt
        $stmt = mysqli_prepare($conn, "INSERT INTO users (username, password, email, role) VALUES (?, ?, ?, ?)");
        // `email` zur Parameter-Bindung hinzugefügt
        mysqli_stmt_bind_param($stmt, "ssss", $username, $password_hashed, $email, $role);
        if (mysqli_stmt_execute($stmt)) {
            $message = "Benutzer erfolgreich hinzugefügt.";
            $message_type = 'success';
        } else {
            $message = "Fehler beim Hinzufügen: " . mysqli_error($conn);
            $message_type = 'danger';
        }
        mysqli_stmt_close($stmt);
    }
}

// Benutzerübersicht abrufen (E-Mail-Feld entfernt)
$users = [];
$result = mysqli_query($conn, "SELECT id, username, role FROM users ORDER BY id ASC");
if ($result) {
    while ($row = mysqli_fetch_assoc($result)) {
        $users[] = $row;
    }
}

require_once('../inc/header.php');
?>

<div class="container mt-5">

    <?php if ($message) : ?>
        <div id="status-message" class="alert alert-<?php echo $message_type; ?> alert-dismissible fade show" role="alert">
            <?php echo htmlspecialchars($message); ?>
            <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
        </div>
    <?php endif; ?>

    <div class="d-flex justify-content-between align-items-center mb-4">
        <h2 class="mb-0">Benutzerverwaltung</h2>
        <a class="btn btn-sm btn-outline-primary" data-bs-toggle="collapse" href="#userFormCollapse" role="button" aria-expanded="false" aria-controls="userFormCollapse">
            <span class="material-symbols-outlined">add</span>
        </a>
    </div>

    <div class="collapse <?= $edit_mode ? 'show' : '' ?>" id="userFormCollapse">
        <div class="card shadow mb-4">
            <div class="card-header bg-primary-subtle text-secondary">
                <h4 class="mb-0"><?= $edit_mode ? 'Benutzer bearbeiten' : 'Neuen Benutzer hinzufügen'; ?></h4>
            </div>
            <div class="card-body">
                <form action="users.php" method="post">
                    <?php if ($edit_mode): ?>
                        <input type="hidden" name="id" value="<?= htmlspecialchars($edit_user['id']); ?>">
                    <?php endif; ?>
                    <div class="row g-1 align-items-end">
                        <div class="col-md-3">
                            <label for="username" class="form-label">Benutzername</label>
                            <input type="text" class="form-control" id="username" name="username" value="<?= htmlspecialchars($edit_user['username'] ?? ''); ?>" required>
                            <div class="form-text" style="visibility: hidden;">&nbsp;</div>
                        </div>
                        <div class="col-md-3">
                            <label for="email" class="form-label">E-Mail (optional)</label>
                            <input type="email" class="form-control" id="email" name="email" value="<?= htmlspecialchars($edit_user['email'] ?? ''); ?>">
                            <div class="form-text" style="visibility: hidden;">&nbsp;</div>
                        </div>
                        <div class="col-md-3">
                            <label for="password" class="form-label">Passwort</label>
                            <input type="password" class="form-control" id="password" name="password" <?= $edit_mode ? '' : 'required'; ?>>
                            <div class="form-text">
                                <?= $edit_mode ? 'Feld leer lassen, um das Passwort nicht zu ändern.' : '&nbsp;'; ?>
                            </div>
                        </div>
                        <div class="col-md-3">
                            <label for="role" class="form-label">Rolle</label>
                            <select class="form-select" id="role" name="role">
                                <option value="member" <?= (($edit_user['role'] ?? '') === 'member') ? 'selected' : ''; ?>>Mitglied</option>
                                <option value="admin" <?= (($edit_user['role'] ?? '') === 'admin') ? 'selected' : ''; ?>>Admin</option>
                            </select>
                            <div class="form-text" style="visibility: hidden;">&nbsp;</div>
                        </div>
                        <div class="col-12 d-flex justify-content-start">
                            <button type="submit" class="btn btn-sm btn-outline-<?= $edit_mode ? 'success' : 'primary'; ?> w-auto me-2">
                                <?= $edit_mode ? 'Speichern' : 'Hinzufügen'; ?>
                            </button>
                            <?php if ($edit_mode): ?>
                                <a href="users.php" class="btn btn-sm btn-outline-secondary w-auto">Abbrechen</a>
                            <?php endif; ?>
                        </div>
                    </div>
                </form>
            </div>
        </div>
        <hr class="mt-4 mb-4">
    </div>

    <div class="card shadow">
        <div class="card-header bg-secondary bg-opacity-50 text-secondary">
            <h4 class="mb-0">Benutzerübersicht</h4>
        </div>
        <div class="card-body">
            <div class="table-responsive">
                <table class="table table-striped table-hover">
                    <thead>
                        <tr>
                            <th>ID</th>
                            <th>Benutzername</th>
                            <th>Rolle</th>
                            <th>Aktionen</th>
                        </tr>
                    </thead>
                    <tbody>
                        <?php foreach ($users as $user): ?>
                            <tr>
                                <td><?= htmlspecialchars($user['id']) ?></td>
                                <td><?= htmlspecialchars($user['username']) ?></td>
                                <td>
                                    <span class="badge rounded-pill bg-<?= $user['role'] === 'admin' ? 'info' : 'secondary' ?>">
                                        <?= htmlspecialchars($user['role']) ?>
                                    </span>
                                </td>
                                <td>
                                    <a href="users.php?action=edit&id=<?= htmlspecialchars($user['id']) ?>" class="text-dark me-1 text-decoration-none" data-bs-toggle="tooltip" data-bs-placement="top" title="Bearbeiten">
                                        <span class="material-icons">mode_edit_outline</span>
                                    </a>
                                    <a href="users.php?action=delete&id=<?= htmlspecialchars($user['id']) ?>" class="text-danger text-decoration-none" data-bs-toggle="tooltip" data-bs-placement="top" title="Löschen" onclick="return confirm('Sind Sie sicher, dass Sie diesen Benutzer löschen möchten?');">
                                        <span class="material-icons">delete_outline</span>
                                    </a>
                                </td>
                            </tr>
                        <?php endforeach; ?>
                    </tbody>
                </table>
            </div>
        </div>
    </div>
</div>

<?php include('../inc/footer.php'); ?>