Jakach/jakach-login
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

improving user mgmt
Deploy / deploy (push) Successful in 32s
Details

Browse Source
This commit is contained in:
janis steiner
2026-05-08 00:21:30 +02:00
parent 5cf23289ee
commit 5fdfddb20c
2 changed files with 73 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app-code/account/manage_users.php
+48 -15
View File
@@ -21,26 +21,44 @@ if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true || !is_adm
<body>
<div class="container my-5">
<div class="row justify-content-center">
<div class="col-md-8 col-lg-6">
<div class="col-md-10 col-lg-8">
<div class="card shadow">
<div class="card-body">
<div class="d-flex justify-content-between align-items-center mb-4">
<div class="d-flex justify-content-between align-items-center mb-3">
<h4 class="card-title mb-0">User Management</h4>
<a href="/account/" class="btn btn-outline-secondary btn-sm"><span class="material-icons" style="font-size: 18px; vertical-align: middle;">arrow_back</span> Back</a>
</div>
<div class="table-responsive">
<div class="row g-2 mb-3">
<div class="col">
<input type="text" id="searchInput" class="form-control" placeholder="Search by username..." oninput="loadUsers()">
</div>
<div class="col-auto">
<select id="sortSelect" class="form-select" onchange="loadUsers()">
<option value="id">ID</option>
<option value="username">Username</option>
</select>
</div>
<div class="col-auto">
<select id="orderSelect" class="form-select" onchange="loadUsers()">
<option value="ASC">Asc</option>
<option value="DESC">Desc</option>
</select>
</div>
</div>
<div class="table-responsive" style="max-height: 60vh; overflow-y: auto;">
<table class="table table-dark table-hover align-middle mb-0">
<thead>
<thead class="sticky-top" style="background: var(--bs-card-bg);">
<tr>
<th>ID</th>
<th style="width: 80px;">ID</th>
<th>Username</th>
<th class="text-end">Actions</th>
<th class="text-end" style="width: 100px;">Actions</th>
</tr>
</thead>
<tbody id="userTableBody">
</tbody>
</table>
</div>
<p id="loadingMessage" class="text-muted text-center mt-3 mb-0">Loading...</p>
<p id="noUsersMessage" class="text-muted text-center mt-3 mb-0" style="display:none;">No users found.</p>
</div>
</div>
@@ -83,15 +101,25 @@ if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true || !is_adm
<script>
let pendingDeleteId = null;
let debounceTimer = null;
async function loadUsers() {
const search = document.getElementById('searchInput').value;
const sort = document.getElementById('sortSelect').value;
const order = document.getElementById('orderSelect').value;
document.getElementById('loadingMessage').style.display = 'block';
document.getElementById('noUsersMessage').style.display = 'none';
async function fetchUsers() {
try {
const response = await fetch('/api/manage/fetch_users.php');
const response = await fetch(`/api/manage/fetch_users.php?search=${encodeURIComponent(search)}&sort=${sort}&order=${order}`);
const data = await response.json();
const userTableBody = document.getElementById('userTableBody');
const noMsg = document.getElementById('noUsersMessage');
const loadingMsg = document.getElementById('loadingMessage');
userTableBody.innerHTML = '';
loadingMsg.style.display = 'none';
if (data.success && data.data.length > 0) {
noMsg.style.display = 'none';
@@ -99,9 +127,9 @@ if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true || !is_adm
const row = document.createElement('tr');
row.innerHTML = `
<td class="text-muted">${user.id}</td>
<td>${user.username}</td>
<td>${escapeHtml(user.username)}</td>
<td class="text-end">
<button class="btn btn-outline-danger btn-sm" onclick="showDeleteConfirm(${user.id}, '${user.username.replace(/'/g, "\\'")}')">Delete</button>
<button class="btn btn-outline-danger btn-sm" onclick="showDeleteConfirm(${user.id}, '${escapeHtml(user.username).replace(/'/g, "\\'")}')">Delete</button>
</td>
`;
userTableBody.appendChild(row);
@@ -111,9 +139,16 @@ if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true || !is_adm
}
} catch (error) {
console.error('Error fetching users:', error);
document.getElementById('loadingMessage').textContent = 'Failed to load users.';
}
}
function escapeHtml(str) {
const div = document.createElement('div');
div.textContent = str;
return div.innerHTML;
}
function showDeleteConfirm(userId, username) {
pendingDeleteId = userId;
document.getElementById('deleteUserName').textContent = username;
@@ -129,15 +164,13 @@ if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true || !is_adm
try {
const response = await fetch(`/api/manage/delete_user.php?id=${userId}`, {
method: 'DELETE',
headers: {
'X-CSRF-Token': window.csrfToken
}
headers: { 'X-CSRF-Token': window.csrfToken }
});
const data = await response.json();
if (data.success) {
showResponseModal('Success', 'User deleted successfully!');
fetchUsers();
loadUsers();
} else {
showResponseModal('Error', data.message || 'Failed to delete user.');
}
@@ -152,7 +185,7 @@ if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true || !is_adm
new bootstrap.Modal(document.getElementById('responseModal')).show();
}
fetchUsers();
loadUsers();
</script>
</body>
</html>
app-code/api/manage/fetch_users.php
+25 -11
View File
@@ -2,9 +2,8 @@
header('Content-Type: application/json');
include "../utils/security.php";
secure_session_start();
//check for permisisons
if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true || !is_admin_session() ) {
echo(json_encode(['success' => false, 'message'=>'not authenticated']));
if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true || !is_admin_session()) {
echo(json_encode(['success' => false, 'message' => 'not authenticated']));
exit();
}
include "../../config/config.php";
@@ -16,8 +15,24 @@ if ($conn->connect_error) {
exit;
}
$query = "SELECT id, username FROM users";
$stmt = $conn->prepare($query);
$search = trim($_GET['search'] ?? '');
$sort = $_GET['sort'] ?? 'id';
$order = strtoupper($_GET['order'] ?? 'ASC') === 'DESC' ? 'DESC' : 'ASC';
$allowedSorts = ['id', 'username'];
if (!in_array($sort, $allowedSorts)) {
$sort = 'id';
}
if ($search !== '') {
$query = "SELECT id, username FROM users WHERE username LIKE ? ORDER BY $sort $order";
$stmt = $conn->prepare($query);
$like = '%' . $search . '%';
$stmt->bind_param('s', $like);
} else {
$query = "SELECT id, username FROM users ORDER BY $sort $order";
$stmt = $conn->prepare($query);
}
if (!$stmt) {
echo json_encode(['success' => false, 'message' => 'Failed to prepare statement']);
@@ -25,15 +40,14 @@ if (!$stmt) {
}
$stmt->execute();
$result = $stmt->get_result();
$stmt->store_result();
$stmt->bind_result($id, $username);
$users = [];
while ($row = $result->fetch_assoc()) {
$users[] = $row;
while ($stmt->fetch()) {
$users[] = ['id' => $id, 'username' => $username];
}
$stmt->close();
$conn->close();
echo json_encode(['success' => true, 'data' => $users]);
?>
?>