Siteβ―Builder
Editing:
users.php
writable 0666
<?php /***************************************************************** * Admin β User manager (2025 styled + hardβconfirm on delete) *****************************************************************/ require_once __DIR__.'/../lib/auth.php'; // includes session_start() require_login(); if (current_user()['role'] !== 'admin') forbidden_page(); require_once __DIR__.'/../lib/db.php'; require_once __DIR__.'/../lib/mail.php'; /*ββββββββββββββββββββββ POST actions ββββββββββββββββββββββ*/ if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (!hash_equals($_SESSION['csrf'] ?? '', $_POST['csrf'] ?? '')) exit('Bad CSRF'); $act = $_POST['act'] ?? ''; $uid = intval($_POST['uid'] ?? 0); switch ($act) { case 'toggleRole': $db->prepare('UPDATE users SET role = IF(role="admin","user","admin") WHERE id=?')->execute([$uid]); break; case 'suspend': $db->prepare('UPDATE users SET status="suspended" WHERE id=?') ->execute([$uid]); break; case 'activate': $db->prepare('UPDATE users SET status="active" WHERE id=?') ->execute([$uid]); break; case 'sendReset': $e = $db->prepare('SELECT email FROM users WHERE id=?'); $e->execute([$uid]); $row = $e->fetch(PDO::FETCH_ASSOC); if (!$row) break; $tok = bin2hex(random_bytes(32)); $hash = hash('sha256', $tok); $db->prepare('DELETE FROM password_resets WHERE user_id=?') ->execute([$uid]); $db->prepare('INSERT INTO password_resets (user_id,token,expires) VALUES (?, ?, DATE_ADD(NOW(),INTERVAL 30 MINUTE))') ->execute([$uid, $hash]); $link = SITE_URL . '/members/reset.php?t=' . $tok; send_mail($row['email'], 'Password reset', "Reset link (valid 30β―min):\n\n$link"); break; case 'delete': $db->prepare('DELETE FROM users WHERE id=?')->execute([$uid]); break; } header('Location: users.php'); exit; } /*ββββββββββββββββββββββ filters βββββββββββββββββββββββββββ*/ $f = []; $p = []; if ($q = trim($_GET['q'] ?? '')) { $f[] = '(email LIKE ? OR username LIKE ?)'; $p[] = "%$q%"; $p[] = "%$q%"; } if ($role = ($_GET['role'] ?? '')) { $f[] = 'role=?'; $p[] = $role; } if ($stat = ($_GET['status'] ?? '')) { $f[] = 'status=?'; $p[] = $stat; } $where = $f ? 'WHERE ' . implode(' AND ', $f) : ''; $users = $db->prepare("SELECT * FROM users $where ORDER BY id"); $users->execute($p); /* CSRF */ $_SESSION['csrf'] = bin2hex(random_bytes(16)); ?> <!doctype html> <title>User manager βΒ BestDealOn</title> <meta name="viewport" content="width=device-width,initial-scale=1"> <style> :root{ --brand:#0066ff;--bg:#f9fbff;--fg:#111; font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica,Arial,sans-serif; } *{box-sizing:border-box} body{margin:0;background:var(--bg);color:var(--fg)} main{max-width:960px;margin:2.2rem auto;padding:0 1rem} .card{background:#fff;border-radius:12px;box-shadow:0 6px 24px rgba(0,0,0,.07);padding:2rem} h1{margin-top:0;font-size:1.7rem} .filter{display:flex;flex-wrap:wrap;gap:.6rem;margin-bottom:1.4rem} .filter input,.filter select,.filter button{padding:.55rem .7rem;font:inherit;border:1px solid #ccd2e2;border-radius:6px} .filter button{background:var(--brand);color:#fff;border:none;cursor:pointer} table{width:100%;border-collapse:collapse;font-size:.92rem} th,td{padding:.6rem .7rem;border-bottom:1px solid #e2e8f3;text-align:left} th{background:#f1f6ff;font-weight:600} tr.susp td{color:#888} select[name=act]{padding:.35rem .45rem} @media(prefers-color-scheme:dark){ :root{--bg:#0d1117;--fg:#e6edf3;--brand:#2f81f7} .card{background:#161b22;box-shadow:0 4px 14px rgba(0,0,0,.6)} th{background:#0d47a1} table,th,td{border-color:#30363d} .filter input,.filter select{background:#0d1117;color:var(--fg);border-color:#30363d} } </style> <main class="card"> <h1>User manager</h1> <!-- filter bar --> <form class="filter" method="get"> <input name="q" placeholder="Search by user / eβmail" value="<?=htmlspecialchars($_GET['q']??'')?>"> <select name="role"> <option value="">Any role</option> <option value="user" <?=($_GET['role']??'')==='user' ?'selected':''?>>user</option> <option value="admin" <?=($_GET['role']??'')==='admin'?'selected':''?>>admin</option> </select> <select name="status"> <option value="">Any status</option> <option value="active" <?=($_GET['status']??'')==='active'?'selected':''?>>active</option> <option value="suspended" <?=($_GET['status']??'')==='suspended'?'selected':''?>>suspended</option> </select> <button>Filter</button> </form> <!-- results --> <table> <tr><th>ID</th><th>User / eβmail</th><th>Role</th><th>Status</th><th>Actions</th></tr> <?php foreach ($users as $u): ?> <tr class="<?= $u['status']==='suspended' ? 'susp' : '' ?>"> <td><?= $u['id'] ?></td> <td><a href="user-acl.php?id=<?= $u['id'] ?>"> <?= htmlspecialchars($u['username'].' β '.$u['email']) ?></a></td> <td><?= $u['role'] ?></td> <td><?= $u['status'] ?></td> <td> <form method="post"> <input type="hidden" name="csrf" value="<?= $_SESSION['csrf'] ?>"> <input type="hidden" name="uid" value="<?= $u['id'] ?>"> <select name="act" onchange=" if (this.value==='delete' && !confirm('Delete this user permanently? This cannot be undone.') ){ this.selectedIndex=0; return; } this.form.submit(); "> <option value="">β</option> <option value="toggleRole">Toggle role</option> <option value="<?= $u['status']==='active' ? 'suspend' : 'activate' ?>"> <?= $u['status']==='active' ? 'Suspend' : 'Activate' ?> </option> <option value="sendReset">Send reset link</option> <option value="delete">Delete user</option> </select> </form> </td> </tr> <?php endforeach ?> </table> <p style="margin-top:1.8rem"> <a href="/members/dashboard.php">βΒ Back to dashboard</a> </p> </main>
Save changes
Create folder
writable 0777
Create
Cancel