Heray-Was-Here
Server : LiteSpeed
System : Linux uk-fast-web1372.main-hosting.eu 4.18.0-553.121.1.lve.el8.x86_64 #1 SMP Thu Apr 30 16:40:41 UTC 2026 x86_64
User : u390967363 ( 390967363)
PHP Version : 8.2.30
Disable Function : system, exec, shell_exec, passthru, mysql_list_dbs, ini_alter, dl, symlink, link, chgrp, leak, popen, apache_child_terminate, virtual, mb_send_mail
Directory :  /home/u390967363/domains/aibenproperties.com/public_html/app/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/u390967363/domains/aibenproperties.com/public_html/app/user-edit.php
<?php require 'includes/header.php'; 

$roleNorm = strtolower(str_replace([' ', '-'], '_', (string)($_SESSION['user_role'] ?? 'guest')));
$isSuperAdmin = in_array($roleNorm, ['super_admin','super_admins'], true);
if (!in_array($roleNorm, ['admin','head_admin','admin_head','super_admin','super_admins'], true)) {
    header("Location: dashboard.php");
    exit;
}

$currentRole = $isSuperAdmin ? 'super_admin' : $roleNorm;
$id = $_GET['id'] ?? null;
if (!$id) {
    header("Location: users.php");
    exit;
}

$stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?");
$stmt->execute([$id]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);

if (!$user) {
    echo "User not found.";
    exit;
}

if (in_array($currentRole, ['admin','head_admin','admin_head'], true) && in_array($user['role'], ['super_admin','chairman_ceo'], true)) {
    header("Location: users.php");
    exit;
}

$companyId = 0;
try { $companyId = (int)(function_exists('getCurrentCompanyId') ? (getCurrentCompanyId() ?: 0) : ($_SESSION['company_id'] ?? 0)); } catch (Throwable $e) { $companyId = (int)($_SESSION['company_id'] ?? 0); }
try {
    if (function_exists('ensureDepartmentsTable')) { ensureDepartmentsTable($pdo); }
    if (function_exists('ensureDefaultDepartments')) { ensureDefaultDepartments($pdo, $companyId, (int)($_SESSION['user_id'] ?? 0)); }
} catch (Throwable $e) {}
$deptOptions = [];
try {
    $where = "WHERE 1=1";
    $params = [];
    if ($companyId && function_exists('tableHasColumn') && tableHasColumn('departments','company_id')) {
        $where .= " AND (company_id = ? OR company_id IS NULL)";
        $params[] = $companyId;
    }
    $st = $pdo->prepare("SELECT name, slug FROM departments {$where} ORDER BY name ASC");
    $st->execute($params);
    $deptOptions = $st->fetchAll(PDO::FETCH_ASSOC) ?: [];
} catch (Throwable $e) { $deptOptions = []; }
$canUserDept = function_exists('tableHasColumn') && tableHasColumn('users', 'department');

$error = '';
$success = '';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $name = $_POST['name'];
    $email = $_POST['email'];
    $role = $_POST['role'];
    $password = $_POST['password'];
    $department = trim((string)($_POST['department'] ?? ''));

    if (empty($name) || empty($email)) {
        $error = "Name and Email are required.";
    } elseif (!$isSuperAdmin && in_array($role, ['super_admin','chairman_ceo','head_admin','admin_head'], true)) {
        $error = "Only Super Admin can assign Super Admin, Head Admin, or Executive roles.";
    } else {
        // Update basic info
        if ($canUserDept) {
            $query = "UPDATE users SET name = ?, email = ?, role = ?, department = ? WHERE id = ?";
            $params = [$name, $email, $role, ($department !== '' ? $department : null), $id];
        } else {
            $query = "UPDATE users SET name = ?, email = ?, role = ? WHERE id = ?";
            $params = [$name, $email, $role, $id];
        }

        // Update password if provided
        if (!empty($password)) {
            $hashed = password_hash($password, PASSWORD_DEFAULT);
            if ($canUserDept) {
                $query = "UPDATE users SET name = ?, email = ?, role = ?, department = ?, password = ? WHERE id = ?";
                $params = [$name, $email, $role, ($department !== '' ? $department : null), $hashed, $id];
            } else {
                $query = "UPDATE users SET name = ?, email = ?, role = ?, password = ? WHERE id = ?";
                $params = [$name, $email, $role, $hashed, $id];
            }
        }

        $stmt = $pdo->prepare($query);
        if ($stmt->execute($params)) {
            $success = "User updated successfully!";
            // Refresh user data
            $stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?");
            $stmt->execute([$id]);
            $user = $stmt->fetch(PDO::FETCH_ASSOC);
        } else {
            $error = "Failed to update user.";
        }
    }
}
?>

<div class="container-fluid py-4">
    <div class="d-flex flex-column flex-lg-row justify-content-between align-items-lg-center gap-2 mb-3">
        <div>
            <div class="text-muted small"><a href="users.php" class="text-decoration-none">Users</a> <span class="mx-1">/</span> Edit</div>
            <h1 class="h4 mb-0">Edit User</h1>
            <div class="text-muted small"><?= htmlspecialchars((string)($user['name'] ?? '')) ?><?= !empty($user['email']) ? (' ยท ' . htmlspecialchars((string)$user['email'])) : '' ?></div>
        </div>
        <div class="d-flex gap-2">
            <a href="users.php" class="btn btn-outline-secondary btn-sm"><i class="fa-solid fa-arrow-left me-2"></i>Back</a>
        </div>
    </div>

    <div class="row g-3">
        <div class="col-12 col-lg-4">
            <div class="card shadow-sm border-0">
                <div class="card-body">
                    <?php
                        $displayName = trim((string)($user['name'] ?? ''));
                        $initial = $displayName !== '' ? strtoupper(mb_substr($displayName, 0, 1)) : 'U';
                        $roleLabel = trim((string)($user['role'] ?? ''));
                        $deptLabel = trim((string)($user['department'] ?? ''));
                    ?>
                    <div class="d-flex align-items-center gap-3">
                        <div class="rounded-circle bg-primary text-white d-flex align-items-center justify-content-center" style="width:46px;height:46px;">
                            <span class="fw-bold"><?= htmlspecialchars($initial) ?></span>
                        </div>
                        <div class="min-w-0">
                            <div class="fw-semibold text-truncate"><?= htmlspecialchars($displayName !== '' ? $displayName : 'User') ?></div>
                            <div class="text-muted small text-truncate"><?= htmlspecialchars((string)($user['email'] ?? '')) ?></div>
                        </div>
                    </div>
                    <hr class="my-3">
                    <div class="d-flex justify-content-between small mb-2">
                        <span class="text-muted">User ID</span>
                        <span class="fw-semibold">#<?= (int)($user['id'] ?? 0) ?></span>
                    </div>
                    <div class="d-flex justify-content-between small mb-2">
                        <span class="text-muted">Role</span>
                        <span class="fw-semibold"><?= htmlspecialchars($roleLabel !== '' ? $roleLabel : '-') ?></span>
                    </div>
                    <?php if ($canUserDept): ?>
                    <div class="d-flex justify-content-between small">
                        <span class="text-muted">Department</span>
                        <span class="fw-semibold"><?= htmlspecialchars($deptLabel !== '' ? $deptLabel : '-') ?></span>
                    </div>
                    <?php endif; ?>
                </div>
            </div>
        </div>

        <div class="col-12 col-lg-8">
            <div class="card shadow-sm border-0">
                <div class="card-header bg-white">
                    <div class="d-flex align-items-center justify-content-between">
                        <div class="fw-semibold"><i class="fa-solid fa-user-pen me-2 text-primary"></i>User Details</div>
                    </div>
                </div>
                <div class="card-body">
                    <?php if($error): ?>
                        <div class="alert alert-danger alert-dismissible fade show" role="alert">
                            <i class="fa-solid fa-triangle-exclamation me-2"></i><?= htmlspecialchars($error) ?>
                            <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
                        </div>
                    <?php endif; ?>

                    <?php if($success): ?>
                        <div class="alert alert-success alert-dismissible fade show" role="alert">
                            <i class="fa-solid fa-circle-check me-2"></i><?= htmlspecialchars($success) ?>
                            <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
                        </div>
                    <?php endif; ?>

                    <form method="POST" class="row g-3">
                        <div class="col-12 col-md-6">
                            <label class="form-label">Full Name</label>
                            <input type="text" name="name" value="<?= htmlspecialchars((string)($user['name'] ?? '')) ?>" required class="form-control">
                        </div>

                        <div class="col-12 col-md-6">
                            <label class="form-label">Email Address</label>
                            <input type="email" name="email" value="<?= htmlspecialchars((string)($user['email'] ?? '')) ?>" required class="form-control">
                        </div>

                        <div class="col-12 col-md-6">
                            <label class="form-label">Role</label>
                            <select name="role" required class="form-select">
                                <optgroup label="Core">
                                    <option value="staff" <?= ($user['role'] ?? '') == 'staff' ? 'selected' : '' ?>>Staff</option>
                                    <option value="client" <?= ($user['role'] ?? '') == 'client' ? 'selected' : '' ?>>Client</option>
                                    <option value="agent" <?= ($user['role'] ?? '') == 'agent' ? 'selected' : '' ?>>Agent</option>
                                </optgroup>
                                <optgroup label="Departments">
                                    <option value="marketing" <?= ($user['role'] ?? '') == 'marketing' ? 'selected' : '' ?>>Marketing</option>
                                    <option value="customer_rep" <?= ($user['role'] ?? '') == 'customer_rep' ? 'selected' : '' ?>>Customer Representative</option>
                                    <option value="finance" <?= ($user['role'] ?? '') == 'finance' ? 'selected' : '' ?>>Finance Officer</option>
                                    <option value="finance_manager" <?= ($user['role'] ?? '') == 'finance_manager' ? 'selected' : '' ?>>Finance Manager</option>
                                    <option value="procurement_officer" <?= ($user['role'] ?? '') == 'procurement_officer' ? 'selected' : '' ?>>Procurement Officer</option>
                                    <option value="procurement_manager" <?= ($user['role'] ?? '') == 'procurement_manager' ? 'selected' : '' ?>>Procurement Manager</option>
                                    <option value="hr" <?= ($user['role'] ?? '') == 'hr' ? 'selected' : '' ?>>HR Officer</option>
                                    <option value="hr_manager" <?= ($user['role'] ?? '') == 'hr_manager' ? 'selected' : '' ?>>HR Manager</option>
                                    <option value="operations" <?= ($user['role'] ?? '') == 'operations' ? 'selected' : '' ?>>Operations</option>
                                    <option value="operations_officer" <?= ($user['role'] ?? '') == 'operations_officer' ? 'selected' : '' ?>>Operations Officer</option>
                                    <option value="estate_manager" <?= ($user['role'] ?? '') == 'estate_manager' ? 'selected' : '' ?>>Estate Manager</option>
                                    <option value="auditor" <?= ($user['role'] ?? '') == 'auditor' ? 'selected' : '' ?>>Auditor</option>
                                </optgroup>
                                <optgroup label="Administration">
                                    <option value="admin" <?= ($user['role'] ?? '') == 'admin' ? 'selected' : '' ?>>Admin</option>
                                    <option value="admin_officer" <?= ($user['role'] ?? '') == 'admin_officer' ? 'selected' : '' ?>>Admin Officer</option>
                                    <?php if ($currentRole === 'super_admin'): ?>
                                    <option value="head_admin" <?= ($user['role'] ?? '') == 'head_admin' ? 'selected' : '' ?>>Head Admin</option>
                                    <option value="chairman_ceo" <?= ($user['role'] ?? '') == 'chairman_ceo' ? 'selected' : '' ?>>Executive (Chairman/CEO)</option>
                                    <option value="super_admin" <?= ($user['role'] ?? '') == 'super_admin' ? 'selected' : '' ?>>Super Admin</option>
                                    <?php endif; ?>
                                </optgroup>
                            </select>
                        </div>

                        <?php if ($canUserDept): ?>
                        <div class="col-12 col-md-6">
                            <label class="form-label">Department</label>
                            <select name="department" class="form-select">
                                <option value="">Select department...</option>
                                <?php
                                    $curDept = strtolower(trim((string)($user['department'] ?? '')));
                                    foreach ($deptOptions as $d) {
                                        $slug = strtolower(trim((string)($d['slug'] ?? '')));
                                        $nm = trim((string)($d['name'] ?? $slug));
                                        if ($slug === '') continue;
                                        $sel = ($curDept !== '' && $curDept === $slug) ? 'selected' : '';
                                        echo '<option value="' . htmlspecialchars($slug) . '" ' . $sel . '>' . htmlspecialchars($nm) . '</option>';
                                    }
                                ?>
                            </select>
                            <div class="form-text">Used for departmental routing and approvals.</div>
                        </div>
                        <?php endif; ?>

                        <div class="col-12 col-md-6">
                            <label class="form-label">New Password</label>
                            <div class="position-relative">
                                <input type="password" name="password" id="newPassword" class="form-control pe-5" autocomplete="new-password" placeholder="Leave blank to keep current">
                                <button type="button" class="btn btn-link position-absolute top-50 end-0 translate-middle-y me-2 p-0 js-toggle-password" data-target="#newPassword" aria-label="Toggle password visibility">
                                    <i class="fa-regular fa-eye"></i>
                                </button>
                            </div>
                            <div class="form-text">Leave blank to keep the current password.</div>
                        </div>

                        <div class="col-12 d-flex gap-2">
                            <button type="submit" class="btn btn-primary"><i class="fa-solid fa-floppy-disk me-2"></i>Update User</button>
                            <a href="users.php" class="btn btn-outline-secondary">Cancel</a>
                        </div>
                    </form>
                </div>
            </div>
        </div>
    </div>
</div>

<?php require 'includes/footer.php'; ?>

Hry