FSST/Geizkragen
FSST/Geizkragen
2
0
Fork 0
Code Issues Projects 1 Releases 1 Wiki Activity
c693574575
Geizkragen/admin_users.php

192 lines
11 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
// admin_users.php
require_once __DIR__ . '/lib/bootstrap.php';
// 1) Zugriffskontrolle nur ADMIN
if (empty($_SESSION['user_id']) || empty($_SESSION['user_roles']) || !in_array('ADMIN', $_SESSION['user_roles'], true)) {
die("Zugriff verweigert. Nur Administratoren dürfen diese Seite sehen.");
}
$conn = db_connect();
// 2) Aktion: Benutzer löschen
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_user_id'])) {
$deleteId = (int)$_POST['delete_user_id'];
// Vermeide Selbstlöschung zur Sicherheit
if ($deleteId !== (int)$_SESSION['user_id']) {
// Zunächst Abhängigkeiten wie Rollen löschen
$conn->query("DELETE FROM userRoles WHERE userID = $deleteId");
$delStmt = $conn->prepare("DELETE FROM users WHERE userID = ?");
$delStmt->bind_param("i", $deleteId);
$delStmt->execute();
$delStmt->close();
$successMsg = "Benutzer erfolgreich gelöscht.";
} else {
$errorMsg = "Du kannst dich nicht selbst löschen.";
}
}
// 2b) Aktion: Rollen aktualisieren
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['update_all_roles'])) {
$usersRolesData = isset($_POST['user_roles']) && is_array($_POST['user_roles']) ? $_POST['user_roles'] : [];
$submittedUsers = isset($_POST['submitted_users']) && is_array($_POST['submitted_users']) ? $_POST['submitted_users'] : [];
foreach ($submittedUsers as $uId) {
$updateId = (int)$uId;
if ($updateId === (int)$_SESSION['user_id']) {
continue;
}
$selectedRole = isset($usersRolesData[$updateId]) ? $usersRolesData[$updateId] : '';
$delStmt = $conn->prepare("DELETE FROM userRoles WHERE userID = ?");
$delStmt->bind_param("i", $updateId);
$delStmt->execute();
$delStmt->close();
if (!empty($selectedRole)) {
$insStmt = $conn->prepare("INSERT INTO userRoles (userID, roleID) VALUES (?, ?)");
$roleIdInt = (int)$selectedRole;
$insStmt->bind_param("ii", $updateId, $roleIdInt);
$insStmt->execute();
$insStmt->close();
}
}
$successMsg = "Rollen erfolgreich aktualisiert.";
}
// 2c) Alle verfügbaren Rollen laden
$allRoles = [];
$rolesQuery = $conn->query("SELECT roleID, name FROM roles ORDER BY name ASC");
if ($rolesQuery) {
while ($r = $rolesQuery->fetch_assoc()) {
$allRoles[] = $r;
}
}
// 3) Alle Benutzer laden
$usersResult = $conn->query("
SELECT u.userID, u.email, u.displayname, u.profilePicture, u.isActive,
GROUP_CONCAT(ur.roleID) as roleIDs
FROM users u
LEFT JOIN userRoles ur ON u.userID = ur.userID
GROUP BY u.userID
ORDER BY u.userID ASC
");
?>
<?php include 'header.php'; ?>
<main class="auth" role="main">
<section class="auth__grid" style="display: block; max-width: 900px; margin: 40px auto; width: 90%;">
<div class="auth__card" style="width: 100%;">
<header class="auth__header">
<h1 class="auth__title">Benutzerverwaltung</h1>
<p style="text-align: center; color: #94a3b8; font-size: 0.9rem; margin-top: 5px;">Hier siehst du alle registrierten Benutzer.</p>
</header>
<?php if (!empty($successMsg)): ?>
<div class="auth__message auth__message--success" style="color: #4ade80; background: #064e3b; padding: 10px; border-radius: 4px; margin-bottom: 15px; text-align: center;"><?= htmlspecialchars($successMsg) ?></div>
<?php endif; ?>
<?php if (!empty($errorMsg)): ?>
<div class="auth__message auth__message--error" style="color: #f87171; background: #7f1d1d; padding: 10px; border-radius: 4px; margin-bottom: 15px; text-align: center;"><?= htmlspecialchars($errorMsg) ?></div>
<?php endif; ?>
<form method="post" action="admin_users.php">
<div style="display: flex; justify-content: flex-end; margin-top: 10px;">
<button type="submit" name="update_all_roles" value="1" style="background-color: #3b82f6; color: white; border: none; padding: 10px 16px; border-radius: 4px; cursor: pointer; font-weight: bold; font-size: 0.9rem;">
<svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" style="vertical-align: middle; margin-right: 5px;">
<path d="M19 21H5a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h11l5 5v11a2 2 0 0 1-2 2z"></path>
<polyline points="17 21 17 13 7 13 7 21"></polyline>
<polyline points="7 3 7 8 15 8"></polyline>
</svg>
Alle Rollen speichern
</button>
</div>
<div style="overflow-x: auto; margin-top: 20px;">
<table style="width: 100%; border-collapse: collapse; text-align: left; color: #f8fafc;">
<thead>
<tr style="border-bottom: 2px solid #334155;">
<th style="padding: 12px 10px;">ID</th>
<th style="padding: 12px 10px;">Profil</th>
<th style="padding: 12px 10px;">Name</th>
<th style="padding: 12px 10px;">E-Mail</th>
<th style="padding: 12px 10px; width: 15%;">Aktuelle Rollen</th>
<th style="padding: 12px 10px; width: 25%;">Rollen zuweisen</th>
<th style="padding: 12px 10px;">Aktionen</th>
</tr>
</thead>
<tbody>
<?php while ($user = $usersResult->fetch_assoc()): ?>
<?php
$userRoles = !empty($user['roleIDs']) ? explode(',', $user['roleIDs']) : [];
$isSelf = (int)$user['userID'] === (int)$_SESSION['user_id'];
?>
<tr style="border-bottom: 1px solid #1e293b;">
<td style="padding: 12px 10px;"><?= $user['userID'] ?></td>
<td style="padding: 12px 10px;">
<img src="<?= !empty($user['profilePicture']) ? htmlspecialchars($user['profilePicture']) : 'assets/images/placeholder.png' ?>"
alt="Profil" style="width: 40px; height: 40px; border-radius: 50%; object-fit: cover; display: block;">
</td>
<td style="padding: 12px 10px;"><?= htmlspecialchars($user['displayname']) ?></td>
<td style="padding: 12px 10px; word-break: break-all;"><?= htmlspecialchars($user['email']) ?></td>
<td style="padding: 12px 10px;">
<div style="display: flex; flex-wrap: wrap; gap: 5px;">
<?php foreach ($allRoles as $role): ?>
<?php if (in_array($role['roleID'], $userRoles)): ?>
<span style="background-color: #065f46; border: 1px solid #10b981; color: #a7f3d0; padding: 2px 8px; border-radius: 9999px; font-size: 0.75rem; font-weight: bold;"><?= htmlspecialchars($role['name']) ?></span>
<?php endif; ?>
<?php endforeach; ?>
<?php if (empty($userRoles)): ?>
<span style="color: #64748b; font-size: 0.75rem; font-style: italic;">Keine</span>
<?php endif; ?>
</div>
</td>
<td style="padding: 12px 10px; min-width: 150px;">
<?php if (!$isSelf): ?>
<input type="hidden" name="submitted_users[]" value="<?= $user['userID'] ?>">
<select name="user_roles[<?= $user['userID'] ?>]" style="background: #0f172a; color: #f8fafc; border: 1px solid #334155; padding: 5px; border-radius: 4px; font-size: 0.85rem; width: 100%;">
<option value="">Keine</option>
<?php foreach ($allRoles as $role): ?>
<option value="<?= $role['roleID'] ?>" <?= in_array($role['roleID'], $userRoles) ? 'selected' : '' ?>>
<?= htmlspecialchars($role['name']) ?>
</option>
<?php endforeach; ?>
</select>
<?php else: ?>
<span style="color: #94a3b8; font-size: 0.85rem; font-style: italic;">Du (Gesperrt)</span>
<?php endif; ?>
</td>
<td style="padding: 12px 10px;">
<?php if (!$isSelf): ?>
<button type="submit" name="delete_user_id" value="<?= $user['userID'] ?>" class="auth__submit" style="background-color: #ef4444; color: white; border: none; padding: 6px 12px; border-radius: 4px; cursor: pointer; font-size: 0.85rem; width: auto; margin: 0;" onclick="return confirm('Benutzer wirklich löschen? Dies kann nicht rückgängig gemacht werden!');">Löschen</button>
<?php else: ?>
<span style="color: #94a3b8; font-size: 0.85rem; padding: 6px 0; display: inline-block;">Das bist du</span>
<?php endif; ?>
</td>
</tr>
<?php endwhile; ?>
</tbody>
</table>
</div>
</form>
<div class="auth__actions" style="margin-top: 30px; text-align: center;">
<a href="account.php" style="color: #64748b; text-decoration: none; font-size: 0.95rem;">&larr; Zurück zum Profil</a>
</div>
</div>
</section>
</main>
<?php include 'footer.php'; ?>
Reference in New Issue View Git Blame Copy Permalink