Mini Shell
| Direktori : /home/mhcadmin/www/ |
|
|
| Current File : /home/mhcadmin/www/admin_users.php |
<?php
session_start();
require_once 'config/config.php';
require_once 'include/auth_validate.php';
/////// Code for new access control on header menu /////////////////////////
$User = $_SESSION['id'];
$UserAccessName="";
$result = mysqli_query( $connection,"SELECT * FROM admin_accounts WHERE id = '$User' ");
$num = mysqli_num_rows($result);
if ($num >0){
$rows = mysqli_fetch_array($result);
$UserAccessName = $rows['UserAccessName'];
}
if ($UserAccessName == 'Administrator'){
//Only super admin is allowed to access this page
if ($_SESSION['admin_type'] !== 'super') {
// show permission denied message
header('HTTP/1.1 401 Unauthorized', true, 401);
exit("401 Unauthorized");
}
$db = getDbInstance();
//Get data from query string
$search_string = filter_input(INPUT_GET, 'search_string');
$del_id = filter_input(INPUT_GET, 'del_id');
$filter_col = filter_input(INPUT_GET, 'filter_col');
$order_by = filter_input(INPUT_GET, 'order_by');
$page = filter_input(INPUT_GET, 'page');
$pagelimit = 5;
if ($page == "") {
$page = 1;
}
// If filter types are not selected we show latest added data first
if ($filter_col == "") {
$filter_col = "id";
}
if ($order_by == "") {
$order_by = "desc";
}
// select the columns
//$db->where('Full_Name', 'Administrator');
$select = array('id', 'Full_Name', 'user_name','Phone','UserAccessName','Region');
// If user searches
if ($search_string) {
$db->where('user_name', '%' . $search_string . '%', 'like');
}
if ($order_by) {
$db->orderBy($filter_col, $order_by);
}
$db->pageLimit = $pagelimit;
$result = $db->arraybuilder()->paginate("admin_accounts", $page, $select);
$total_pages = $db->totalPages;
// get columns for order filter
foreach ($result as $value) {
foreach ($value as $col_name => $col_value) {
$filter_options[$col_name] = $col_name;
}
//execute only once
break;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
$Full_Name = $_POST['Full_Name'];
$Name = $_POST['user_name'];
$Phone = $_POST['Phone'];
$Password = md5($_POST['passwd']);
$Region = $_POST['Region'];
$sql = mysqli_query($connection,"INSERT INTO admin_accounts (Full_Name,user_name,Phone,passwd,admin_type,UserAccessName,Region)
VALUES ('$Full_Name','$Name','$Phone','$Password','super','Administrator','$Region')");
$_SESSION['success'] = "User added successfully!";
header('location: admin_users.php');
exit();
}
$query3 = "SELECT * FROM `admin_accounts`";
$result3 = mysqli_query($connection, $query3);
include_once 'include/AdminHeader.php';
?>
<div id="page-wrapper">
<div class="row">
<div class="col-lg-6">
<h4 class="page-header">Manage User Accounts</h4>
</div>
<div class="col-lg-6" style="">
<div class="page-action-links text-right">
<a href="" data-toggle="modal" data-target="#Adding-NewUser" >
<button class="btn btn-success"><span class="glyphicon glyphicon-plus"></span> Add User</button>
</a>
<a href=""> <button class="btn btn-success"><span class="glyphicon glyphicon-refresh"></span> Refresh</button></a>
</div>
</div>
</div>
<?php include('include/flash_messages.php') ?>
<?php
if (isset($del_stat) && $del_stat == 1) {
echo '<div class="alert alert-info">Successfully deleted</div>';
}
?>
<!-- Begin filter section-->
<div class="well text-center filter-form">
<form class="form form-inline" action="">
<label for="input_search" >Search</label>
<input type="text" class="form-control" id="input_search" name="search_string" value="<?php echo $search_string; ?>">
<label for ="input_order">Order By</label>
<select name="filter_col" class="form-control">
<?php
foreach ($filter_options as $option) {
($filter_col === $option) ? $selected = "selected" : $selected = "";
echo ' <option value="' . $option . '" ' . $selected . '>' . $option . '</option>';
}
?>
</select>
<select name="order_by" class="form-control" id="input_order">
<option value="Asc" <?php
if ($order_by == 'Asc') {
echo "selected";
}
?> >Asc</option>
<option value="Desc" <?php
if ($order_by == 'Desc') {
echo "selected";
}
?>>Desc</option>
</select>
<input type="submit" value="Go" class="btn btn-primary">
</form>
</div>
<!-- Filter section end-->
<hr>
<table class="table table-striped table-bordered table-condensed">
<thead>
<tr style= "background-color:#BAC4CC;">
<th>Full Name</th>
<th>User Name</th>
<th>Phone</th>
<th>Region</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php foreach ($result as $row) : ?>
<tr>
<td><h5><?php echo htmlspecialchars($row['Full_Name']) ?></h5></td>
<td><h5><?php echo htmlspecialchars($row['user_name']) ?></h5></td>
<td><h5><?php echo htmlspecialchars($row['Phone']) ?></h5></td>
<td><h5><?php echo htmlspecialchars($row['Region']) ?></h5></td>
<td>
<ul class="nav navbar-top-links navbar-right">
<!-- /.dropdown -->
<!-- /.dropdown -->
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<i class="fa fa-folder-open"></i>
</a>
<ul class="dropdown-menu dropdown-user">
<li class="divider"></li>
<li><h6><a href="" data-toggle="modal" data-target="#Update-Account-<?php echo $row['id'] ?>" ><span class="btn btn-primary" > Update Record</span></a>
</h6></li>
<li class="divider"></li>
<li><h6><a href="" data-toggle="modal" data-target="#confirm-delete-<?php echo $row['id'] ?>" ><span class="btn btn-danger delete_btn"> Delete Record</span></a>
</h6></li>
</ul>
</div>
<!-- /.dropdown-user -->
<!-- /.dropdown -->
</ul>
</td>
</tr>
<!-- Record Updation Modal-->
<div class="modal fade" id="Update-Account-<?php echo $row['id'] ?>" role="dialog">
<div class="modal-dialog">
<form action="edit_admin.php" method="POST">
<!-- Modal content-->
<?php
$UserID = $row['id'];
$queryv = "SELECT * FROM `admin_accounts` WHERE id = '$UserID'";
$resultv = mysqli_query($connection, $queryv);
$numv = mysqli_num_rows($resultv);
if ($numv >0){
$rowsv = mysqli_fetch_array($resultv);
$UserAccessName = $rowsv['UserAccessName'];
}
?>
<div class="modal-content">
<div class="modal-header" style="text-align:center; background-color:#BAC4CC;">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title">Update User Account Record</h4>
</div>
<div class="modal-body">
<div class="form-group">
<label class="control-label">Full Name *</label>
<input type="text" name="Full_Name" placeholder="user name" class="form-control" value="<?php echo $rowsv['Full_Name'] ?>" required autocomplete="off">
<input type="hidden" name="UserID" class="form-control" value="<?php echo $rowsv['id'] ?>" required autocomplete="off">
</div>
<div class="form-group">
<label class="control-label">User Name *</label>
<input type="text" name="user_name" placeholder="user name" class="form-control" value="<?php echo $rowsv['user_name'] ?>" required autocomplete="off">
</div>
<div class="form-group">
<label class="control-label">Phone *</label>
<input type="text" name="Phone" placeholder="Phone" class="form-control" value="<?php echo $rowsv['Phone'] ?>" required autocomplete="off">
</div>
<div class="form-group">
<label class="control-label">Password *</label>
<input type="password" name="passwd" placeholder="Password" class="form-control" value="" required="" autocomplete="off">
</div>
<div class="form-group">
<label class="control-label">Region*</label>
<select name="Region" class="form-control selectpicker" required >
<option value="<?php echo $rowsv['Region'] ?>" > <?php echo $rowsv['Region'] ?></option>
<option value="South" >South</option>
<option value="East" >East</option>
<option value="Center" >Center</option>
<option value="North" >North</option>
<option value="Administrator" >System Admin</option>
</select>
</div>
<div class="form-group">
<label class="control-label">Access Level*</label>
<select name="Access" class="form-control selectpicker" required >
<option value="<?php echo $rowsv['UserAccessName'] ?>" > <?php echo $rowsv['UserAccessName'] ?></option>
<option value="Client" >System User</option>
<option value="Administrator" >System Admin</option>
</select>
</div>
<div class="form-group">
</div>
</div>
<div class="modal-footer">
<button type="submit" name="submit" id="submit" class="btn btn-warning pull-left" value = "Submit" >Save <span class="glyphicon glyphicon-send"></button>
<button type="button" class="btn btn-primary" data-dismiss="modal">Cancel <span class="glyphicon glyphicon-remove"></button>
</div>
</div>
</form>
</div>
</div>
<!-- Delete Confirmation Modal-->
<div class="modal fade" id="confirm-delete-<?php echo $row['id'] ?>" role="dialog">
<div class="modal-dialog">
<form action="delete_user.php" method="POST">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header" style="text-align:center; background-color:#BAC4CC;">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title">Confirm</h4>
</div>
<div class="modal-body">
<input type="hidden" name="del_id" id = "del_id" value="<?php echo $row['id'] ?>">
<p>Are you sure you want to delete this user?</p>
</div>
<div class="modal-footer">
<button type="submit" name="submit" id="submit" class="btn btn-danger delete_btn pull-left" value = "Submit" > Delete <span class="glyphicon glyphicon-trash"></button>
<button type="button" class="btn btn-primary" data-dismiss="modal">Cancel <span class="glyphicon glyphicon-remove"></button>
</div>
</div>
</form>
</div>
</div>
<?php endforeach; ?>
</tbody>
</table>
<!-- Adding a New User Modal-->
<div class="modal fade" id="Adding-NewUser" role="dialog">
<div class="modal-dialog">
<form action=" " method="post" id="contact_form" enctype="multipart/form-data">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header" style="text-align:center; background-color:#BAC4CC;">
<button type="button" class="close" data-dismiss="modal">×</button>
<h5 class="modal-title" style="text-align:center;"><strong>ADD A NEW SYSTEM USER</strong> </h5>
</div>
<div class="modal-body">
<div class="form-group">
<label class="control-label">Full Name *</label>
<input type="text" name="Full_Name" placeholder="user name" class="form-control" required autocomplete="off">
</div>
<div class="form-group">
<label class="control-label">User Name *</label>
<input type="text" name="user_name" placeholder="user name" class="form-control" required autocomplete="off">
</div>
<div class="form-group">
<label class="control-label">Phone *</label>
<input type="text" name="Phone" placeholder="Phone" class="form-control" required autocomplete="off">
</div>
<div class="form-group">
<label class="control-label">Password *</label>
<input type="password" name="passwd" placeholder="Password" class="form-control" required="" autocomplete="off">
</div>
<div class="form-group">
<label class="control-label">Region*</label>
<select name="Region" class="form-control selectpicker" required >
<option value="" >Select Region here</option>
<option value="South" >South</option>
<option value="East" >East</option>
<option value="Center" >Center</option>
<option value="North" >North</option>
<option value="Administrator" >System Admin</option>
</select>
</div>
<div class="form-group">
</div>
</div>
<div class="modal-footer">
<button type="submit" name="submit" id="submit" class="btn btn-warning pull-left" value = "Submit" >Save <span class="glyphicon glyphicon-send"></button>
<button type="button" class="btn btn-primary" data-dismiss="modal">Cancel <span class="glyphicon glyphicon-remove"></button>
</div>
</div>
</form></div> </div>
<!-- Pagination links-->
<div class="text-center">
<?php
if (!empty($_GET)) {
//we must unset $_GET[page] if built by http_build_query function
unset($_GET['page']);
$http_query = "?" . http_build_query($_GET);
} else {
$http_query = "?";
}
if ($total_pages > 1) {
echo '<ul class="pagination text-center">';
for ($i = 1; $i <= $total_pages; $i++) {
($page == $i) ? $li_class = ' class="active"' : $li_class = "";
echo '<li' . $li_class . '><a href="admin_users.php' . $http_query . '&page=' . $i . '">' . $i . '</a></li>';
}
echo '</ul></div>';
}
?>
</div>
</div>
<?php
}else{
header('location: AccessLevelMessage.php');
}
include_once 'include/footer.php'; ?>