new user management system using ajax

sys0-code/api/delete_user.php

@@ -0,0 +1,44 @@
+<?php
+session_start();
+if (!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true || $_SESSION["role"][3] !== "1") {
+    header("location: /login/login.php");
+    exit;
+}
+
+require_once "../config/config.php";
+
+function deleteDirectory($dir) {
+    if (!is_dir($dir)) {
+        return false; // Gibt false zurück, wenn das Verzeichnis nicht existiert
+    }
+
+    $files = array_diff(scandir($dir), array('.', '..')); // Ignoriert "." und ".."
+    foreach ($files as $file) {
+        $path = $dir . DIRECTORY_SEPARATOR . $file;
+        if (is_dir($path)) {
+            deleteDirectory($path); // Rekursiver Aufruf für Unterordner
+        } else {
+            unlink($path); // Datei löschen
+        }
+    }
+    return rmdir($dir); // Verzeichnis löschen
+}
+
+$userId = $_POST['userId'];
+
+$sql = "SELECT username FROM users WHERE id = ?";
+$stmt = $link->prepare($sql);
+$stmt->bind_param("i", $userId);
+$stmt->execute();
+$stmt->bind_result($username);
+$stmt->fetch();
+$stmt->close();
+
+$sql = "DELETE FROM users WHERE id = ?";
+$stmt = $link->prepare($sql);
+$stmt->bind_param("i", $userId);
+$stmt->execute();
+$stmt->close();
+
+deleteDirectory("/var/www/html/user_files/$username/");
+?>

sys0-code/api/fetch_users.php

@@ -0,0 +1,52 @@
+<?php
+session_start();
+if (!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true || $_SESSION["role"][3] !== "1") {
+    header("location: /login/login.php");
+    exit;
+}
+require_once "../config/config.php";
+
+$username = isset($_GET['username']) ? '%' . htmlspecialchars($_GET['username']) . '%' : '%';
+
+$sql = "SELECT users.id, users.username, users.role, users.class_id, users.banned, class.name 
+        FROM users
+        LEFT JOIN class ON users.class_id = class.id 
+        WHERE users.username LIKE ?";
+$stmt = $link->prepare($sql);
+$stmt->bind_param("s", $username);
+$stmt->execute();
+$result = $stmt->get_result();
+
+while ($row = $result->fetch_assoc()) {
+    echo "<tr>";
+    echo "<td>{$row['username']}</td>";
+    echo "<td>
+        <select class='form-select updateField' data-field='class_id' data-userid='{$row['id']}'>";
+    $classQuery = $link->query("SELECT id, name FROM class");
+    while ($class = $classQuery->fetch_assoc()) {
+        $selected = $class['id'] == $row['class_id'] ? 'selected' : '';
+        echo "<option value='{$class['id']}' $selected>{$class['name']}</option>";
+    }
+    if($row["class_id"]==0){
+	echo "<option value='0' selected>Lehrperson</option>";
+    }
+    echo "</select>
+    </td>";
+
+    $role=substr($row['role'],0,11);
+    foreach (str_split($role) as $index => $perm) {
+        $checked = $perm === "1" ? "checked" : "";
+        echo "<td>
+            <input type='checkbox' class='form-check-input updateField' data-field='role[$index]' data-userid='{$row['id']}' $checked>
+        </td>";
+    }
+
+    if($row['banned']==1)
+    	echo "<td><button class='btn btn-success verify_user' data-userid='{$row['id']}'>Manuell verifizieren</button></td>";
+    else
+	echo "<td>Bereits verifiziert</td>";
+    echo "<td><button class='btn btn-danger deleteUser' data-userid='{$row['id']}'>Löschen</button></td>";
+    echo "</tr>";
+}
+$stmt->close();
+?>

sys0-code/api/update_user.php

@@ -0,0 +1,34 @@
+<?php
+session_start();
+if (!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true || $_SESSION["role"][3] !== "1") {
+    header("location: /login/login.php");
+    exit;
+}
+require_once "../config/config.php";
+
+$userId = $_POST['userId'];
+$field = $_POST['field'];
+$value = $_POST['value'];
+
+if (strpos($field, 'role') !== false) {
+    $index = (int)filter_var($field, FILTER_SANITIZE_NUMBER_INT);
+    $sql = "SELECT role FROM users WHERE id = ?";
+    $stmt = $link->prepare($sql);
+    $stmt->bind_param("i", $userId);
+    $stmt->execute();
+    $stmt->bind_result($role);
+    $stmt->fetch();
+    $stmt->close();
+
+    $role[$index] = $value;
+    $sql = "UPDATE users SET role = ? WHERE id = ?";
+    $stmt = $link->prepare($sql);
+    $stmt->bind_param("si", $role, $userId);
+} else {
+    $sql = "UPDATE users SET $field = ? WHERE id = ?";
+    $stmt = $link->prepare($sql);
+    $stmt->bind_param("ii", $value, $userId);
+}
+$stmt->execute();
+$stmt->close();
+?>

sys0-code/api/verify_user.php

@@ -0,0 +1,18 @@
+<?php
+session_start();
+if (!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true || $_SESSION["role"][3] !== "1") {
+    header("location: /login/login.php");
+    exit;
+}
+
+require_once "../config/config.php";
+
+$userId = $_POST['userId'];
+
+$sql = "UPDATE users SET banned = 0 WHERE id = ?";
+$stmt = $link->prepare($sql);
+$stmt->bind_param("i", $userId);
+$stmt->execute();
+$stmt->close();
+
+?>