Geizkragen/admin_users.php

<?php
// admin_users.php

require_once __DIR__ . '/lib/bootstrap.php';

// 1) Zugriffskontrolle – nur ADMIN
if (empty($_SESSION['user_id']) || empty($_SESSION['user_roles']) || !in_array('ADMIN', $_SESSION['user_roles'], true)) {
    die("Zugriff verweigert. Nur Administratoren dürfen diese Seite sehen.");
}

$conn = db_connect();

// 2) Aktion: Benutzer löschen
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_user_id'])) {
    $deleteId = (int)$_POST['delete_user_id'];
    
    // Vermeide Selbstlöschung zur Sicherheit
    if ($deleteId !== (int)$_SESSION['user_id']) {
        $delStmt = $conn->prepare("DELETE FROM users WHERE userID = ?");
        $delStmt->bind_param("i", $deleteId);
        $delStmt->execute();
        $delStmt->close();
        
        $successMsg = "Benutzer erfolgreich gelöscht.";
    } else {
        $errorMsg = "Du kannst dich nicht selbst löschen.";
    }
}

// 3) Alle Benutzer laden
$usersResult = $conn->query("SELECT userID, email, displayname, profilePicture, isActive FROM users ORDER BY userID ASC");

?>

<?php include 'header.php'; ?>

<main class="auth" role="main">
    <section class="auth__grid" style="display: block; max-width: 900px; margin: 40px auto; width: 90%;">
        <div class="auth__card" style="width: 100%;">
            <header class="auth__header">
                <h1 class="auth__title">Benutzerverwaltung</h1>
                <p style="text-align: center; color: #94a3b8; font-size: 0.9rem; margin-top: 5px;">Hier siehst du alle registrierten Benutzer.</p>
            </header>

            <?php if (!empty($successMsg)): ?>
                <div class="auth__message auth__message--success" style="color: #4ade80; background: #064e3b; padding: 10px; border-radius: 4px; margin-bottom: 15px; text-align: center;"><?= htmlspecialchars($successMsg) ?></div>
            <?php endif; ?>
            <?php if (!empty($errorMsg)): ?>
                <div class="auth__message auth__message--error" style="color: #f87171; background: #7f1d1d; padding: 10px; border-radius: 4px; margin-bottom: 15px; text-align: center;"><?= htmlspecialchars($errorMsg) ?></div>
            <?php endif; ?>

            <div style="overflow-x: auto; margin-top: 20px;">
                <table style="width: 100%; border-collapse: collapse; text-align: left; color: #f8fafc;">
                    <thead>
                        <tr style="border-bottom: 2px solid #334155;">
                            <th style="padding: 12px 10px;">ID</th>
                            <th style="padding: 12px 10px;">Profil</th>
                            <th style="padding: 12px 10px;">Name</th>
                            <th style="padding: 12px 10px;">E-Mail</th>
                            <th style="padding: 12px 10px;">Aktionen</th>
                        </tr>
                    </thead>
                    <tbody>
                        <?php while ($user = $usersResult->fetch_assoc()): ?>
                            <tr style="border-bottom: 1px solid #1e293b;">
                                <td style="padding: 12px 10px;"><?= $user['userID'] ?></td>
                                <td style="padding: 12px 10px;">
                                    <img src="<?= !empty($user['profilePicture']) ? htmlspecialchars($user['profilePicture']) : 'assets/images/placeholder.png' ?>" 
                                         alt="Profil" style="width: 40px; height: 40px; border-radius: 50%; object-fit: cover; display: block;">
                                </td>
                                <td style="padding: 12px 10px;"><?= htmlspecialchars($user['displayname']) ?></td>
                                <td style="padding: 12px 10px; word-break: break-all;"><?= htmlspecialchars($user['email']) ?></td>
                                <td style="padding: 12px 10px;">
                                    <?php if ((int)$user['userID'] !== (int)$_SESSION['user_id']): ?>
                                        <form method="post" action="admin_users.php" onsubmit="return confirm('Benutzer wirklich löschen?');" style="margin: 0;">
                                            <input type="hidden" name="delete_user_id" value="<?= $user['userID'] ?>">
                                            <button type="submit" class="auth__submit" style="background-color: #ef4444; color: white; border: none; padding: 6px 12px; border-radius: 4px; cursor: pointer; font-size: 0.85rem; width: auto; margin: 0;">Löschen</button>
                                        </form>
                                    <?php else: ?>
                                        <span style="color: #94a3b8; font-size: 0.85rem; padding: 6px 0; display: inline-block;">Das bist du</span>
                                    <?php endif; ?>
                                </td>
                            </tr>
                        <?php endwhile; ?>
                    </tbody>
                </table>
            </div>
            
            <div class="auth__actions" style="margin-top: 30px; text-align: center;">
                <a href="account.php" style="color: #64748b; text-decoration: none; font-size: 0.95rem;">&larr; Zurück zum Profil</a>
            </div>
        </div>
    </section>
</main>

<?php include 'footer.php'; ?>