requireAdmin(); // Only admin can access this page $page_title = 'Users Management'; $success_message = ''; $error_message = ''; // Handle form submissions if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['action'])) { switch ($_POST['action']) { case 'create_user': $full_name = trim($_POST['full_name'] ?? ''); $phone = trim($_POST['phone'] ?? ''); $username = trim($_POST['username'] ?? ''); $password = $_POST['password'] ?? ''; $role = $_POST['role'] ?? 'manager'; // Validation if (empty($full_name) || empty($phone) || empty($username) || empty($password)) { $error_message = 'All fields are required.'; } elseif (strlen($password) < 6) { $error_message = 'Password must be at least 6 characters long.'; } elseif (!preg_match('/^[0-9+\-\s]{10,15}$/', $phone)) { $error_message = 'Please enter a valid phone number.'; } elseif (!preg_match('/^[a-zA-Z0-9_]{3,}$/', $username)) { $error_message = 'Username must be at least 3 characters and contain only letters, numbers, and underscore.'; } else { try { // Check if username already exists $stmt = $pdo->prepare("SELECT id FROM users WHERE username = ?"); $stmt->execute([$username]); if ($stmt->fetch()) { $error_message = 'Username already exists.'; } else { // Create new user $hashed_password = password_hash($password, PASSWORD_DEFAULT); $stmt = $pdo->prepare("INSERT INTO users (full_name, phone, username, password, role) VALUES (?, ?, ?, ?, ?)"); if ($stmt->execute([$full_name, $phone, $username, $hashed_password, $role])) { $_SESSION['success_message'] = 'User created successfully.'; header("Location: users.php"); exit(); } else { $error_message = 'Failed to create user.'; } } } catch (PDOException $e) { $error_message = 'Database error: ' . $e->getMessage(); } } break; case 'toggle_status': $user_id = $_POST['user_id'] ?? 0; $new_status = $_POST['status'] ?? 'active'; try { $stmt = $pdo->prepare("UPDATE users SET status = ? WHERE id = ? AND id != ?"); if ($stmt->execute([$new_status, $user_id, $_SESSION['user_id']])) { $_SESSION['success_message'] = 'User status updated successfully.'; } else { $_SESSION['error_message'] = 'Failed to update user status.'; } } catch (PDOException $e) { $_SESSION['error_message'] = 'Database error.'; } header("Location: users.php"); exit(); break; } } } // Fetch all users try { $stmt = $pdo->prepare("SELECT id, full_name, phone, username, role, status, created_at FROM users ORDER BY created_at DESC"); $stmt->execute(); $users = $stmt->fetchAll(PDO::FETCH_ASSOC); } catch (PDOException $e) { $users = []; $error_message = 'Failed to fetch users.'; } include 'includes/header.php'; ?>

Users Management

Manage system users and their permissions

Create New User

Existing Users

No Users Found

Create your first user using the form above.

Name Username Phone Role Status Created Actions
Current User