'User Management'] ]; $success = ''; $error = ''; $action = $_GET['action'] ?? 'list'; // Handle form submissions if ($_SERVER['REQUEST_METHOD'] === 'POST') { try { $postAction = $_POST['action'] ?? ''; switch ($postAction) { case 'add_user': $username = sanitizeInput($_POST['username']); $email = sanitizeInput($_POST['email']); $fullName = sanitizeInput($_POST['full_name']); $phone = sanitizeInput($_POST['phone'] ?? ''); $role = sanitizeInput($_POST['role']); $password = $_POST['password'] ?? ''; // Validation if (empty($username) || empty($email) || empty($fullName) || empty($password) || empty($role)) { throw new Exception('All required fields must be filled.'); } if (!isValidEmail($email)) { throw new Exception('Please enter a valid email address.'); } if (strlen($password) < 8) { throw new Exception('Password must be at least 8 characters long.'); } if ($phone && !isValidPhone($phone)) { throw new Exception('Please enter a valid phone number.'); } // Check if username or email already exists $existingUser = fetchRow( "SELECT id FROM users WHERE username = ? OR email = ?", [$username, $email] ); if ($existingUser) { throw new Exception('Username or email already exists.'); } // Create user $userData = [ 'username' => $username, 'email' => $email, 'password' => hashPassword($password), 'full_name' => $fullName, 'phone' => $phone, 'role' => $role, 'status' => 'active', 'created_at' => date('Y-m-d H:i:s') ]; $userId = insertData('users', $userData); if ($userId) { logSystemActivity('Add User', "Created user: {$username} ({$role})", $currentUser['id']); $success = 'User created successfully!'; } else { throw new Exception('Failed to create user.'); } break; case 'update_user': $userId = (int)$_POST['user_id']; $username = sanitizeInput($_POST['username']); $email = sanitizeInput($_POST['email']); $fullName = sanitizeInput($_POST['full_name']); $phone = sanitizeInput($_POST['phone'] ?? ''); $role = sanitizeInput($_POST['role']); $status = sanitizeInput($_POST['status']); // Validation if (empty($username) || empty($email) || empty($fullName) || empty($role)) { throw new Exception('All required fields must be filled.'); } if (!isValidEmail($email)) { throw new Exception('Please enter a valid email address.'); } if ($phone && !isValidPhone($phone)) { throw new Exception('Please enter a valid phone number.'); } // Check if username or email already exists (excluding current user) $existingUser = fetchRow( "SELECT id FROM users WHERE (username = ? OR email = ?) AND id != ?", [$username, $email, $userId] ); if ($existingUser) { throw new Exception('Username or email already exists.'); } // Don't allow changing own status to inactive if ($userId == $currentUser['id'] && $status === 'inactive') { throw new Exception('You cannot deactivate your own account.'); } // Update user $updateData = [ 'username' => $username, 'email' => $email, 'full_name' => $fullName, 'phone' => $phone, 'role' => $role, 'status' => $status ]; updateData('users', $updateData, 'id = ?', [$userId]); logSystemActivity('Update User', "Updated user ID: {$userId}", $currentUser['id']); $success = 'User updated successfully!'; break; case 'reset_password': $userId = (int)$_POST['user_id']; $newPassword = generateSecurePassword(); updateData('users', [ 'password' => hashPassword($newPassword) ], 'id = ?', [$userId]); // Get user details for logging $user = fetchRow("SELECT username, email FROM users WHERE id = ?", [$userId]); logSystemActivity('Reset Password', "Password reset for user: {$user['username']}", $currentUser['id']); $success = "Password reset successfully! New password: {$newPassword} (Please share this securely with the user)"; break; case 'delete_user': $userId = (int)$_POST['user_id']; // Don't allow deleting own account if ($userId == $currentUser['id']) { throw new Exception('You cannot delete your own account.'); } // Check if user has associated data $salesCount = fetchRow("SELECT COUNT(*) as count FROM sales WHERE created_by = ?", [$userId])['count']; $expensesCount = fetchRow("SELECT COUNT(*) as count FROM expenses WHERE created_by = ?", [$userId])['count']; if ($salesCount > 0 || $expensesCount > 0) { throw new Exception('Cannot delete user with existing sales or expense records. Please deactivate instead.'); } // Get user details for logging $user = fetchRow("SELECT username FROM users WHERE id = ?", [$userId]); // Delete user executeQuery("DELETE FROM users WHERE id = ?", [$userId]); logSystemActivity('Delete User', "Deleted user: {$user['username']}", $currentUser['id']); $success = 'User deleted successfully!'; break; } } catch (Exception $e) { $error = $e->getMessage(); } } // Get users list with statistics $users = fetchAll(" SELECT u.*, (SELECT COUNT(*) FROM sales WHERE created_by = u.id) as sales_count, (SELECT COUNT(*) FROM expenses WHERE created_by = u.id) as expenses_count, (SELECT SUM(amount) FROM sales WHERE created_by = u.id) as total_sales, (SELECT SUM(amount) FROM expenses WHERE created_by = u.id) as total_expenses FROM users u ORDER BY u.created_at DESC "); include '../includes/header.php'; ?>

User Management

Manage system users, roles, and permissions.

Total Users
$u['status'] === 'active')); ?>
Active Users
$u['role'] === 'admin')); ?>
Administrators
$u['role'] === 'manager')); ?>
Managers
System Users
No Users Found

Start by adding your first user.

User Contact Role Status Activity Joined Actions
sales
expenses