193 lines
8.6 KiB
PHP
Executable File
193 lines
8.6 KiB
PHP
Executable File
<?php
|
|
include('../inc/check_login.php');
|
|
require_once('../inc/db.php');
|
|
|
|
// Nur Admins haben Zugriff
|
|
if ($_SESSION['role'] !== 'admin') {
|
|
die("Zugriff nur für Admins");
|
|
}
|
|
|
|
$message = '';
|
|
$message_type = '';
|
|
$edit_mode = false;
|
|
$edit_user = null;
|
|
|
|
// --- Logik zum Löschen und Bearbeiten von Benutzern ---
|
|
|
|
// Aktion Löschen
|
|
if (isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id'])) {
|
|
$id = $_GET['id'];
|
|
$stmt = mysqli_prepare($conn, "DELETE FROM users WHERE id = ?");
|
|
mysqli_stmt_bind_param($stmt, "i", $id);
|
|
if (mysqli_stmt_execute($stmt)) {
|
|
$message = "Benutzer erfolgreich gelöscht!";
|
|
$message_type = 'success';
|
|
} else {
|
|
$message = "Fehler beim Löschen des Benutzers.";
|
|
$message_type = 'danger';
|
|
}
|
|
mysqli_stmt_close($stmt);
|
|
}
|
|
|
|
// Aktion Bearbeiten (Formular laden)
|
|
if (isset($_GET['action']) && $_GET['action'] == 'edit' && isset($_GET['id'])) {
|
|
$id = $_GET['id'];
|
|
$stmt = mysqli_prepare($conn, "SELECT id, username, role FROM users WHERE id = ?");
|
|
mysqli_stmt_bind_param($stmt, "i", $id);
|
|
mysqli_stmt_execute($stmt);
|
|
$result = mysqli_stmt_get_result($stmt);
|
|
$edit_user = mysqli_fetch_assoc($result);
|
|
mysqli_stmt_close($stmt);
|
|
$edit_mode = true;
|
|
}
|
|
|
|
// --- Logik zum Hinzufügen oder Speichern von Benutzern ---
|
|
|
|
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
|
$username = $_POST['username'];
|
|
$password = $_POST['password'];
|
|
$role = $_POST['role'] === 'admin' ? 'admin' : 'member';
|
|
$id = $_POST['id'] ?? null;
|
|
|
|
if ($id) { // Update-Logik
|
|
// Überprüfen, ob ein neues Passwort gesetzt wurde
|
|
if (!empty($password)) {
|
|
$password_hashed = password_hash($password, PASSWORD_DEFAULT);
|
|
$stmt = mysqli_prepare($conn, "UPDATE users SET username = ?, password = ?, role = ? WHERE id = ?");
|
|
mysqli_stmt_bind_param($stmt, "sssi", $username, $password_hashed, $role, $id);
|
|
} else {
|
|
$stmt = mysqli_prepare($conn, "UPDATE users SET username = ?, role = ? WHERE id = ?");
|
|
mysqli_stmt_bind_param($stmt, "ssi", $username, $role, $id);
|
|
}
|
|
|
|
if (mysqli_stmt_execute($stmt)) {
|
|
$message = "Benutzer erfolgreich aktualisiert!";
|
|
$message_type = 'success';
|
|
} else {
|
|
$message = "Fehler beim Aktualisieren des Benutzers.";
|
|
$message_type = 'danger';
|
|
}
|
|
mysqli_stmt_close($stmt);
|
|
} else { // Insert-Logik
|
|
$password_hashed = password_hash($password, PASSWORD_DEFAULT);
|
|
$stmt = mysqli_prepare($conn, "INSERT INTO users (username, password, role) VALUES (?, ?, ?)");
|
|
mysqli_stmt_bind_param($stmt, "sss", $username, $password_hashed, $role);
|
|
if (mysqli_stmt_execute($stmt)) {
|
|
$message = "Benutzer erfolgreich hinzugefügt.";
|
|
$message_type = 'success';
|
|
} else {
|
|
$message = "Fehler beim Hinzufügen: " . mysqli_error($conn);
|
|
$message_type = 'danger';
|
|
}
|
|
mysqli_stmt_close($stmt);
|
|
}
|
|
}
|
|
|
|
// Benutzerübersicht abrufen
|
|
$users = [];
|
|
$result = mysqli_query($conn, "SELECT id, username, role FROM users ORDER BY username ASC");
|
|
if ($result) {
|
|
while ($row = mysqli_fetch_assoc($result)) {
|
|
$users[] = $row;
|
|
}
|
|
}
|
|
|
|
require_once('../inc/header.php');
|
|
?>
|
|
|
|
<div class="container mt-5">
|
|
<h2 class="mb-4">Benutzerverwaltung</h2>
|
|
|
|
<?php if ($message) : ?>
|
|
<div id="status-message" class="alert alert-<?php echo $message_type; ?> alert-dismissible fade show" role="alert">
|
|
<?php echo htmlspecialchars($message); ?>
|
|
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
|
|
</div>
|
|
<?php endif; ?>
|
|
|
|
<div class="card shadow mb-4">
|
|
<div class="card-header bg-primary-subtle text-secondary">
|
|
<h4 class="mb-0"><?php echo $edit_mode ? 'Benutzer bearbeiten' : 'Neuen Benutzer hinzufügen'; ?></h4>
|
|
</div>
|
|
<div class="card-body">
|
|
<form action="users.php" method="post">
|
|
<?php if ($edit_mode): ?>
|
|
<input type="hidden" name="id" value="<?php echo htmlspecialchars($edit_user['id']); ?>">
|
|
<?php endif; ?>
|
|
<div class="row g-1 align-items-end">
|
|
<div class="col-md-4">
|
|
<label for="username" class="form-label">Benutzername</label>
|
|
<input type="text" class="form-control" id="username" name="username" value="<?php echo htmlspecialchars($edit_user['username'] ?? ''); ?>" required>
|
|
<div class="form-text" style="visibility: hidden;"> </div>
|
|
</div>
|
|
<div class="col-md-4">
|
|
<label for="password" class="form-label">Passwort</label>
|
|
<input type="password" class="form-control" id="password" name="password" <?php echo $edit_mode ? '' : 'required'; ?>>
|
|
<div class="form-text">
|
|
<?php echo $edit_mode ? 'Feld leer lassen, um das Passwort nicht zu ändern.' : ' '; ?>
|
|
</div>
|
|
</div>
|
|
<div class="col-md-4">
|
|
<label for="role" class="form-label">Rolle</label>
|
|
<select class="form-select" id="role" name="role">
|
|
<option value="member" <?php echo ($edit_user['role'] ?? '') === 'member' ? 'selected' : ''; ?>>Mitglied</option>
|
|
<option value="admin" <?php echo ($edit_user['role'] ?? '') === 'admin' ? 'selected' : ''; ?>>Admin</option>
|
|
</select>
|
|
<div class="form-text" style="visibility: hidden;"> </div>
|
|
</div>
|
|
<div class="col-12 d-flex justify-content-start">
|
|
<button type="submit" class="btn btn-sm btn-outline-<?php echo $edit_mode ? 'success' : 'primary'; ?> w-auto me-2">
|
|
<?php echo $edit_mode ? 'Speichern' : 'Hinzufügen'; ?>
|
|
</button>
|
|
<?php if ($edit_mode): ?>
|
|
<a href="users.php" class="btn btn-sm btn-outline-secondary w-auto">Abbrechen</a>
|
|
<?php endif; ?>
|
|
</div>
|
|
</div>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="card shadow">
|
|
<div class="card-header bg-secondary bg-opacity-50 text-secondary">
|
|
<h4 class="mb-0">Benutzerübersicht</h4>
|
|
</div>
|
|
<div class="card-body">
|
|
<div class="table-responsive">
|
|
<table class="table table-striped table-hover">
|
|
<thead>
|
|
<tr>
|
|
<th>ID</th>
|
|
<th>Benutzername</th>
|
|
<th>Rolle</th>
|
|
<th>Aktionen</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<?php foreach ($users as $user): ?>
|
|
<tr>
|
|
<td><?= htmlspecialchars($user['id']) ?></td>
|
|
<td><?= htmlspecialchars($user['username']) ?></td>
|
|
<td>
|
|
<span class="badge rounded-pill bg-<?= $user['role'] === 'admin' ? 'info' : 'secondary' ?>">
|
|
<?= htmlspecialchars($user['role']) ?>
|
|
</span>
|
|
</td>
|
|
<td>
|
|
<a href="users.php?action=edit&id=<?= htmlspecialchars($user['id']) ?>" class="text-dark me-1 text-decoration-none" data-bs-toggle="tooltip" data-bs-placement="top" title="Bearbeiten">
|
|
<span class="material-icons">mode_edit_outline</span>
|
|
</a>
|
|
<a href="users.php?action=delete&id=<?= htmlspecialchars($user['id']) ?>" class="text-danger text-decoration-none" data-bs-toggle="tooltip" data-bs-placement="top" title="Löschen" onclick="return confirm('Sind Sie sicher, dass Sie diesen Benutzer löschen möchten?');">
|
|
<span class="material-icons">delete_outline</span>
|
|
</a>
|
|
</td>
|
|
</tr>
|
|
<?php endforeach; ?>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<?php include('../inc/footer.php'); ?>
|