<?php
require_once '../includes/helpers.php';
require_once '../includes/DB.php';
$loggedInUser = checkLoggedInUser();
if ($loggedInUser->isLoggedIn && $loggedInUser->isAdmin) {
$userID = DB::getInstance()->escape($_SESSION['user_id']);
$sql = "SELECT user.*, role.role_name\n\t\t\t\tFROM user\n\t\t\t\tINNER JOIN role\n\t\t\t\ton(role.role_id = user.id_role)";
$usersResult = DB::getInstance()->select($sql);
} else {
gotolink('index.php');
}
?>
<?php
include '../includes/header.php';
?>
<nav role="navigation" class="navbar navbar-default">
<div class="container-fluid">
<div class="collapse navbar-collapse pull-right" style="padding-top: 8px">
<a class="btn btn-success" href="<?php
echo SITE_ROOT;
?>
/account/account_new.php?return_url=users">Krijo Perdorues te Ri</a>
</div>
</div>
</nav>
<div class="row">
$loggedInUser = checkLoggedInUser();
if ($loggedInUser->isLoggedIn && $loggedInUser->isAdmin) {
//ON LOGIN SUBMIT
if (isset($_POST['save_acc_details'])) {
$db = new DB();
$userID = $db->escape($_POST['hidden_user_id']);
$firstname = $db->escape($_POST['firstname']);
$lastname = $db->escape($_POST['lastname']);
$description = $db->escape($_POST['description']);
$email = $db->escape($_POST['email']);
$active = $db->escape($_POST['active_chbox']);
$active = isset($active) && $active != "" ? 1 : 0;
$id_role = $db->escape($_POST['id_role']);
$sql = "SELECT *\n\t\t\t\t\tFROM USER\n\t\t\t\t\tWHERE user_id = {$userID}\n\t\t\t\t\tLimit 1";
$existingUser = $db->select($sql);
if (count($existingUser) > 0) {
$sql = "UPDATE user SET \n\t\t\t\t\t\tfirstname = '{$firstname}'\n\t\t\t\t\t\t, lastname = '{$lastname}'\n\t\t\t\t\t\t, description = '{$description}'\n\t\t\t\t\t\t, email = '{$email}'\n\t\t\t\t\t\t, active = {$active}\n\t\t\t\t\t\t, id_role = {$id_role}\n\t\t\t\t\t\tWHERE user_id = {$userID}";
if (!$db->query($sql)) {
die('error');
}
if (isset($_POST['return_url']) && $_POST['return_url'] == 'users') {
gotolink('/users.php');
} else {
gotolink('/account.php');
}
} else {
echo "user doesn't exist";
exit;
}
}
}
<?php
require_once '../../includes/helpers.php';
require_once '../../includes/DB.php';
$loggedInUser = checkLoggedInUser();
if ($loggedInUser->isLoggedIn && $loggedInUser->isAdmin) {
if (isset($_GET['user_id'])) {
$db = new DB();
$userID = $db->escape($_GET['user_id']);
$sql = "SELECT *\n\t\t\t\t\tFROM USER\n\t\t\t\t\tWHERE user_id = {$userID}\n\t\t\t\t\tLimit 1";
$existingUser = $db->select($sql);
if (count($existingUser) > 0) {
$sql = "DELETE FROM user \n\t\t\t\t\t\tWHERE user_id = {$userID}";
if (!$db->query($sql)) {
die('error');
}
gotolink('/users.php');
} else {
echo "user doesn't exist";
exit;
}
}
}
$loggedInUser = checkLoggedInUser();
if ($loggedInUser->isLoggedIn && ($loggedInUser->isAdmin || $_GET['user_id'] == $_SESSION['user_id'])) {
if (isset($_GET['user_id'])) {
$userID = DB::getInstance()->escape($_GET['user_id']);
$sql = "SELECT * \n\t\t\t\t\tFROM USER\n\t\t\t\t\tWHERE user_id = {$userID}\n\t\t\t\t\tLimit 1";
$result = DB::getInstance()->select($sql);
$userDetails = $result[0];
$sqlRoles = "SELECT role_id, role_name\n\t\t\t\t\t\t FROM role";
$rolesList = DB::getInstance()->select($sqlRoles);
} else {
//insert
gotolink('/account/account_new.php');
}
} else {
//header('Location: http://localhost/'.SITE_ROOT.'login.php');
gotolink('login.php');
}
?>
<?php
include '../../includes/header.php';
?>
<div class="row">
<h4 style="padding: 20px 100px 30px">Ndrysho te dhenat e perdoruesit <span class="label label-info"><?php
echo $userDetails->username;
?>
<span></h4>
<form class="form-horizontal" role="form" action="<?php
