Mini Shell
<?php
// Start output buffering to prevent header issues
ob_start();
session_start();
$rootPath = realpath(dirname(__FILE__) . '/..');
require_once $rootPath . '/Portal/AccessControl.php'; // Use clean AccessControl file
require_once $rootPath . '/Portal/include/auth_validate.php'; // Use clean config file
$AccessName = "";
$AccessLevelID = filter_input(INPUT_GET, 'Access_id');
// Validate AccessLevelID
if (!$AccessLevelID) {
$_SESSION['error'] = "Invalid Access Level ID";
header('location: AccessLevelListing.php');
exit();
}
// Fetch existing access level data
$result = mysqli_query($conn, "SELECT * FROM accesslevelmanagement WHERE accesslevelmanagementID = $AccessLevelID");
if (!$result || mysqli_num_rows($result) == 0) {
$_SESSION['error'] = "Access Level not found";
header('location: AccessLevelListing.php');
exit();
}
$Accessrow = mysqli_fetch_array($result);
// Match database column names exactly
$Manager_Reg_Users = isset($Accessrow['Manager_Reg_Users']) ? $Accessrow['Manager_Reg_Users'] : 0;
$ManagerUsers = $Accessrow['ManagerUsers'];
$ManageAccessLevels = $Accessrow['ManageAccessLevels'];
$ManageDatabase = $Accessrow['ManageDatabase'];
$Add_File = isset($Accessrow['Add_File']) ? $Accessrow['Add_File'] : 0;
$Delete_File = isset($Accessrow['Delete_File']) ? $Accessrow['Delete_File'] : 0;
$View_Dept_Files = isset($Accessrow['View_Dept_Files']) ? $Accessrow['View_Dept_Files'] : 0;
$View_Reg_Files = isset($Accessrow['View_Reg_Files']) ? $Accessrow['View_Reg_Files'] : 0;
$View_All_Files = isset($Accessrow['View_All_Files']) ? $Accessrow['View_All_Files'] : 0;
$Manage_Departments = isset($Accessrow['Manage_Departments']) ? $Accessrow['Manage_Departments'] : 0;
$OldAccessName = $Accessrow['AccessName'];
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Check if database connection exists
if (!isset($conn) || !$conn) {
$_SESSION['error'] = "Database connection error. Please try again.";
header('location: AccessLevelListing.php');
exit();
}
// Sanitize and validate Access Name
$AccessName = trim($_POST["Access"]);
if (empty($AccessName)) {
$_SESSION['error'] = "Access Level Name is required!";
header('location: AccessLevelListing.php');
exit();
}
// Escape the AccessName for safe SQL usage
$AccessName = mysqli_real_escape_string($conn, $AccessName);
// Process checkboxes - set to 1 if checked, otherwise 0
$Manager_Reg_Users = isset($_POST['Manager_Reg_Users']) && is_array($_POST['Manager_Reg_Users']) ? 1 : 0;
$ManagerUsers = isset($_POST['ManageUsers']) && is_array($_POST['ManageUsers']) ? 1 : 0;
$ManageAccessLevels = isset($_POST['ManageAccessLevels']) && is_array($_POST['ManageAccessLevels']) ? 1 : 0;
$ManageDatabase = isset($_POST['ManageDatabase']) && is_array($_POST['ManageDatabase']) ? 1 : 0;
$Add_File = isset($_POST['Add_File']) && is_array($_POST['Add_File']) ? 1 : 0;
$Delete_File = isset($_POST['Delete_File']) && is_array($_POST['Delete_File']) ? 1 : 0;
$View_Dept_Files = isset($_POST['View_Dept_Files']) && is_array($_POST['View_Dept_Files']) ? 1 : 0;
$View_Reg_Files = isset($_POST['View_Reg_Files']) && is_array($_POST['View_Reg_Files']) ? 1 : 0;
$View_All_Files = isset($_POST['View_All_Files']) && is_array($_POST['View_All_Files']) ? 1 : 0;
$Manage_Departments = isset($_POST['Manage_Departments']) && is_array($_POST['Manage_Departments']) ? 1 : 0;
// Use prepared statement to prevent SQL injection for UPDATE
$sql = "UPDATE accesslevelmanagement SET
AccessName = ?,
Manager_Reg_Users = ?,
ManagerUsers = ?,
ManageAccessLevels = ?,
ManageDatabase = ?,
Add_File = ?,
Delete_File = ?,
View_Dept_Files = ?,
View_Reg_Files = ?,
View_All_Files = ?,
Manage_Departments = ?
WHERE accesslevelmanagementID = ?";
$stmt = mysqli_prepare($conn, $sql);
if ($stmt) {
mysqli_stmt_bind_param($stmt, "siiiiiiiiiii", $AccessName, $Manager_Reg_Users, $ManagerUsers, $ManageAccessLevels, $ManageDatabase,
$Add_File, $Delete_File, $View_Dept_Files, $View_Reg_Files, $View_All_Files,
$Manage_Departments, $AccessLevelID);
if (mysqli_stmt_execute($stmt)) {
// Update admin accounts with new access level name
$sql2 = mysqli_query($conn, "UPDATE admin_accounts SET Access_Level = '$AccessName' WHERE Access_Level = '$OldAccessName'");
// Event Trail
date_default_timezone_set('Africa/Blantyre');
$EventTime = date('d-m-Y H:i', time());
$Action = 'Update Record';
$RecordType = 'Access Level';
$Details = $AccessName;
$Date = $EventTime;
$User = isset($_SESSION['Full_Name']) ? $_SESSION['Full_Name'] : 'System';
// Use prepared statement for event trail
$sql3 = "INSERT INTO eventtrail (Action, RecordType, Details, Date, User) VALUES (?, ?, ?, ?, ?)";
$stmt3 = mysqli_prepare($conn, $sql3);
if ($stmt3) {
mysqli_stmt_bind_param($stmt3, "sssss", $Action, $RecordType, $Details, $Date, $User);
mysqli_stmt_execute($stmt3);
mysqli_stmt_close($stmt3);
}
$_SESSION['success'] = "Access Level Updated successfully!";
header('location: AccessLevelListing.php');
exit();
} else {
$_SESSION['error'] = "Error updating Access Level: " . mysqli_error($conn);
header('location: AccessLevelListing.php');
exit();
}
mysqli_stmt_close($stmt);
} else {
$_SESSION['error'] = "Database error: Failed to prepare statement";
header('location: AccessLevelListing.php');
exit();
}
}
include_once('include/AdminHeader.php');
?>
<div id="page-wrapper">
<div class="row">
<div class="col-lg-12">
<div class="page-header">
<?php include('include/flash_messages.php') ?>
<h1>Update Access Level</h1>
</div>
<form action="" method="post" class="form">
<style>
/* Premium Dashboard Styling - White & Green Theme */
:root {
--primary-green: #2ecc71;
--dark-green: #27ae60;
--light-green: #d4edda;
--pure-white: #ffffff;
--off-white: #f8f9fa;
--light-gray: #e9ecef;
--medium-gray: #ced4da;
--dark-gray: #6c757d;
--charcoal: #343a40;
--shadow: 0 4px 12px rgba(0,0,0,0.08);
--shadow-lg: 0 10px 30px rgba(0,0,0,0.12);
}
body {
background: var(--off-white);
}
.premium-dashboard .card {
border: none;
border-radius: 20px;
overflow: hidden;
box-shadow: var(--shadow);
transition: all 0.4s cubic-bezier(0.165, 0.84, 0.44, 1);
background: var(--pure-white);
height: 100%;
position: relative;
max-width: 280px;
margin: 0 auto;
}
.premium-dashboard .card::before {
content: '';
position: absolute;
top: 0;
left: 0;
right: 0;
bottom: 0;
border-radius: 20px;
box-shadow: var(--shadow-lg);
opacity: 0;
transition: opacity 0.4s ease;
z-index: -1;
}
.premium-dashboard .card:hover {
transform: translateY(-8px) scale(1.01);
box-shadow: var(--shadow-lg);
}
.premium-dashboard .card:hover::before {
opacity: 1;
}
.premium-dashboard .card-header {
padding: 15px 15px;
border: none;
position: relative;
overflow: hidden;
background: linear-gradient(135deg, var(--pure-white) 0%, var(--off-white) 100%);
border-bottom: 3px solid var(--primary-green);
}
.premium-dashboard .card-header::after {
content: '';
position: absolute;
top: -50%;
right: -50%;
width: 200%;
height: 200%;
background: rgba(46, 204, 113, 0.05);
transform: rotate(45deg);
transition: all 0.6s ease;
}
.premium-dashboard .card:hover .card-header::after {
transform: rotate(45deg) translate(20%, 20%);
}
.premium-dashboard .card-header i {
font-size: 2rem;
filter: drop-shadow(2px 4px 6px rgba(0,0,0,0.1));
transition: all 0.4s ease;
color: var(--primary-green);
}
.premium-dashboard .card:hover .card-header i {
transform: scale(1.05) rotate(5deg);
color: var(--dark-green);
}
.premium-dashboard .card-header h6 {
font-weight: 800;
font-size: 1.2rem;
letter-spacing: 1px;
color: var(--charcoal);
margin-bottom: 5px;
}
.premium-dashboard .badge-count {
background: rgba(46, 204, 113, 0.1);
padding: 4px 10px;
border-radius: 50px;
font-size: 0.8rem;
font-weight: 700;
border: 2px solid var(--primary-green);
color: var(--primary-green);
display: inline-block;
}
.premium-dashboard .card-body {
padding: 15px 12px;
background: var(--pure-white);
}
.premium-dashboard .checkbox-item {
display: flex;
align-items: center;
padding: 10px 12px;
margin: 8px 0;
background: linear-gradient(135deg, var(--off-white) 0%, var(--light-gray) 100%);
border-radius: 18px;
transition: all 0.3s ease;
border: 1px solid transparent;
cursor: pointer;
position: relative;
overflow: hidden;
}
.premium-dashboard .checkbox-item::before {
content: '';
position: absolute;
top: 0;
left: -100%;
width: 100%;
height: 100%;
background: linear-gradient(90deg, transparent, rgba(46, 204, 113, 0.2), transparent);
transition: all 0.6s ease;
}
.premium-dashboard .checkbox-item:hover {
background: linear-gradient(135deg, var(--light-green) 0%, rgba(46, 204, 113, 0.2) 100%);
border-color: var(--primary-green);
transform: translateX(5px);
box-shadow: 0 5px 15px rgba(46, 204, 113, 0.2);
}
.premium-dashboard .checkbox-item:hover::before {
left: 100%;
}
.premium-dashboard .checkbox-item input[type="checkbox"] {
width: 26px;
height: 26px;
margin-right: 15px;
cursor: pointer;
accent-color: var(--primary-green);
position: relative;
z-index: 1;
transform: scale(1.1);
}
.premium-dashboard .checkbox-item label {
cursor: pointer;
font-weight: 700;
color: var(--charcoal);
flex: 1;
margin: 0;
font-size: 1.1rem;
letter-spacing: 0.4px;
position: relative;
z-index: 1;
display: flex;
align-items: center;
}
.premium-dashboard .checkbox-item i {
font-size: 1.4rem;
width: 2rem;
transition: all 0.3s ease;
}
.premium-dashboard .checkbox-item:hover i {
transform: scale(1.1);
}
.premium-dashboard .action-bar {
display: flex;
justify-content: space-between;
align-items: center;
gap: 20px;
margin-top: 40px;
margin-bottom: 20px;
flex-wrap: wrap;
}
.premium-dashboard .access-input-wrapper {
flex: 1;
min-width: 300px;
background: var(--pure-white);
border-radius: 60px;
padding: 6px 6px 6px 25px;
box-shadow: var(--shadow);
border: 2px solid var(--light-gray);
transition: all 0.3s ease;
display: flex;
align-items: center;
}
.premium-dashboard .access-input-wrapper:hover {
transform: translateY(-3px);
box-shadow: 0 10px 30px rgba(46, 204, 113, 0.2);
border-color: var(--primary-green);
}
.premium-dashboard .access-input-wrapper:focus-within {
transform: translateY(-3px);
box-shadow: 0 10px 30px rgba(46, 204, 113, 0.2);
border-color: var(--primary-green);
}
.premium-dashboard .access-input-wrapper label {
font-weight: 700;
color: var(--charcoal);
margin-right: 15px;
font-size: 1rem;
white-space: nowrap;
color: var(--primary-green);
}
.premium-dashboard .access-input-wrapper input {
border: none;
padding: 14px 0;
font-size: 1.1rem;
font-weight: 500;
background: transparent;
flex: 1;
outline: none;
color: var(--charcoal);
}
.premium-dashboard .action-buttons {
display: flex;
gap: 15px;
flex-wrap: wrap;
}
.premium-dashboard .btn-submit {
background: linear-gradient(135deg, var(--primary-green) 0%, var(--dark-green) 100%);
color: var(--pure-white);
padding: 14px 30px;
border-radius: 50px;
font-weight: 800;
font-size: 1rem;
letter-spacing: 1px;
border: none;
transition: all 0.4s ease;
box-shadow: 0 10px 25px rgba(46, 204, 113, 0.3);
position: relative;
overflow: hidden;
cursor: pointer;
}
.premium-dashboard .btn-reset {
background: linear-gradient(135deg, var(--light-gray) 0%, var(--medium-gray) 100%);
color: var(--charcoal);
padding: 14px 30px;
border-radius: 50px;
font-weight: 800;
font-size: 1rem;
letter-spacing: 1px;
border: none;
transition: all 0.4s ease;
box-shadow: 0 10px 25px rgba(0, 0, 0, 0.1);
position: relative;
overflow: hidden;
cursor: pointer;
}
.premium-dashboard .btn-submit::before, .premium-dashboard .btn-reset::before {
content: '';
position: absolute;
top: 0;
left: -100%;
width: 100%;
height: 100%;
background: linear-gradient(90deg, transparent, rgba(255,255,255,0.3), transparent);
transition: all 0.6s ease;
}
.premium-dashboard .btn-submit:hover, .premium-dashboard .btn-reset:hover {
transform: translateY(-3px) scale(1.02);
box-shadow: 0 15px 30px rgba(0,0,0,0.2);
}
.premium-dashboard .btn-submit:hover::before, .premium-dashboard .btn-reset:hover::before {
left: 100%;
}
@media (min-width: 992px) {
.premium-dashboard .row {
justify-content: center;
}
.premium-dashboard .col-lg-3 {
flex: 0 0 auto;
width: 25%;
max-width: 300px;
}
}
@media (max-width: 1199px) {
.premium-dashboard .card {
max-width: 260px;
}
.premium-dashboard .col-lg-3 {
width: 33.333%;
}
}
@media (max-width: 991px) {
.premium-dashboard .card {
max-width: 100%;
}
.premium-dashboard .col-lg-3 {
width: 50%;
}
}
@media (max-width: 767px) {
.premium-dashboard .col-lg-3 {
width: 100%;
}
.premium-dashboard .action-bar {
flex-direction: column;
align-items: stretch;
gap: 15px;
}
.premium-dashboard .access-input-wrapper {
min-width: auto;
}
}
@keyframes float {
0% { transform: translateY(0px); }
50% { transform: translateY(-3px); }
100% { transform: translateY(0px); }
}
.premium-dashboard .card {
animation: float 6s ease-in-out infinite;
}
.page-header {
background: var(--pure-white);
padding: 20px 25px;
border-radius: 15px;
margin-bottom: 30px;
box-shadow: var(--shadow);
border-left: 4px solid var(--primary-green);
}
.page-header h1 {
color: var(--charcoal);
margin: 0;
font-size: 28px;
font-weight: 700;
letter-spacing: 1px;
}
.page-header h1::before {
content: '⚡';
margin-right: 10px;
color: var(--primary-green);
}
</style>
<div class="premium-dashboard">
<div class="row">
<!-- File Tracking Panel -->
<div class="col-lg-3 col-md-6 mb-4">
<div class="card">
<div class="card-header gradient-primary text-white">
<div class="d-flex justify-content-between align-items-center">
<i class="fas fa-file"></i>
<div class="text-end">
<h6 class="mb-1 fw-bold">FILE TRACKING</h6>
<span class="badge-count">5 Options</span>
</div>
</div>
</div>
<div class="card-body">
<div class="checkbox-item">
<input type="checkbox" name="Add_File[]" value="1" id="Add_File" <?php if ($Add_File == 1) { ?> checked="checked" <?php } ?>>
<label for="Add_File">
<i class="fas fa-plus-circle text-success me-2"></i>
Add File
</label>
</div>
<div class="checkbox-item">
<input type="checkbox" name="Delete_File[]" value="1" id="Delete_File" <?php if ($Delete_File == 1) { ?> checked="checked" <?php } ?>>
<label for="Delete_File">
<i class="fas fa-trash-alt text-danger me-2"></i>
Delete File
</label>
</div>
<div class="checkbox-item">
<input type="checkbox" name="View_Dept_Files[]" value="1" id="View_Dept_Files" <?php if ($View_Dept_Files == 1) { ?> checked="checked" <?php } ?>>
<label for="View_Dept_Files">
<i class="fas fa-building text-info me-2"></i>
View Department Files
</label>
</div>
<div class="checkbox-item">
<input type="checkbox" name="View_Reg_Files[]" value="1" id="View_Reg_Files" <?php if ($View_Reg_Files == 1) { ?> checked="checked" <?php } ?>>
<label for="View_Reg_Files">
<i class="fas fa-map-marker-alt text-warning me-2"></i>
View Regional Files
</label>
</div>
<div class="checkbox-item">
<input type="checkbox" name="View_All_Files[]" value="1" id="View_All_Files" <?php if ($View_All_Files == 1) { ?> checked="checked" <?php } ?>>
<label for="View_All_Files">
<i class="fas fa-globe text-primary me-2"></i>
View All Files
</label>
</div>
</div>
</div>
</div>
<!-- System Settings Panel -->
<div class="col-lg-3 col-md-6 mb-4">
<div class="card">
<div class="card-header gradient-info text-white">
<div class="d-flex justify-content-between align-items-center">
<i class="fas fa-sliders-h"></i>
<div class="text-end">
<h6 class="mb-1 fw-bold">SYSTEM SETTINGS</h6>
<span class="badge-count">1 Options</span>
</div>
</div>
</div>
<div class="card-body">
<div class="checkbox-item">
<input type="checkbox" name="Manage_Departments[]" value="1" id="Manage_Departments" <?php if ($Manage_Departments == 1) { ?> checked="checked" <?php } ?>>
<label for="Manage_Departments">
<i class="fas fa-building text-info me-2"></i>
Manage Departments
</label>
</div>
</div>
</div>
</div>
<!-- System Tools Panel -->
<div class="col-lg-3 col-md-6 mb-4">
<div class="card">
<div class="card-header gradient-warning text-white">
<div class="d-flex justify-content-between align-items-center">
<i class="fas fa-tools"></i>
<div class="text-end">
<h6 class="mb-1 fw-bold">SYSTEM TOOLS</h6>
<span class="badge-count">4 Options</span>
</div>
</div>
</div>
<div class="card-body">
<div class="checkbox-item">
<input type="checkbox" name="Manager_Reg_Users[]" value="1" id="Manager_Reg_Users" <?php if ($Manager_Reg_Users == 1) { ?> checked="checked" <?php } ?>>
<label for="Manager_Reg_Users">
<i class="fas fa-users text-info me-2"></i>
Manage Regional Users
</label>
</div>
<div class="checkbox-item">
<input type="checkbox" name="ManageUsers[]" value="1" id="manage_users" <?php if ($ManagerUsers == 1) { ?> checked="checked" <?php } ?>>
<label for="manage_users">
<i class="fas fa-users text-success me-2"></i>
Manage All Users
</label>
</div>
<div class="checkbox-item">
<input type="checkbox" name="ManageAccessLevels[]" value="1" id="access_levels" <?php if ($ManageAccessLevels == 1) { ?> checked="checked" <?php } ?>>
<label for="access_levels">
<i class="fas fa-shield-alt text-info me-2"></i>
Manage Access Levels
</label>
</div>
<div class="checkbox-item">
<input type="checkbox" name="ManageDatabase[]" value="1" id="database_backup" <?php if ($ManageDatabase == 1) { ?> checked="checked" <?php } ?>>
<label for="database_backup">
<i class="fas fa-database text-warning me-2"></i>
Manage Backup
</label>
</div>
</div>
</div>
</div>
</div>
<!-- Action Bar with Access Level Input and Buttons -->
<div class="action-bar">
<div class="access-input-wrapper">
<label for="input_search">Access Level Name</label>
<input type="text" class="form-control" id="input_search" required="required" value="<?php echo htmlspecialchars($OldAccessName); ?>" name="Access">
</div>
<div class="action-buttons">
<button type="submit" class="btn-submit">
<i class="fas fa-save"></i> Update Permissions
</button>
<button type="reset" class="btn-reset">
<i class="fas fa-undo-alt"></i> Reset Changes
</button>
</div>
</div>
</div>
</form>
<!-- Required Font Awesome -->
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css">
<br><br>
</div>
<br>
</div>
</div>
<?php
include_once('include/footer.php');
// Flush the output buffer at the end
ob_end_flush();
?>