-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaddadmin.php
More file actions
103 lines (92 loc) · 3.72 KB
/
Copy pathaddadmin.php
File metadata and controls
103 lines (92 loc) · 3.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
<?php
session_start();
include('connect.php');
if (!isset($_SESSION['isSuperAdmin']) || $_SESSION['isSuperAdmin'] !== true) {
header("Location: index.php?error=Access Denied. You are not a super admin.");
exit;
}
// Handle form submission
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['makeAdmin'])) {
$userIDs = $_POST['makeAdmin']; // Array of selected UserIDs
foreach ($userIDs as $userID) {
// Fetch user details from the users table
$sql = "SELECT FirstName, LastName, email, password FROM users WHERE UserID = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("i", $userID);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
$user = $result->fetch_assoc();
// Insert into admins table
$sqlInsert = "
INSERT INTO admin (adminName, email, role, dateAdded, password)
VALUES (?, ?, 'admin', NOW(), ?)
";
$stmtInsert = $conn->prepare($sqlInsert);
$adminName = $user['FirstName'] . ' ' . $user['LastName'];
$stmtInsert->bind_param("sss", $adminName, $user['email'], $user['password']);
$stmtInsert->execute();
$stmtInsert->close();
}
$stmt->close();
}
header("Location: addadmin.php?success=Admins added successfully");
exit;
}
}
// Fetch all users from the users table
$sql = "SELECT UserID, FirstName, LastName, email FROM users";
$result = $conn->query($sql);
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Add Admins</title>
<link rel="stylesheet" href="style.css">
</head>
<body>
<div class="container">
<h1>Add Admins</h1>
<?php if (isset($_GET['success'])): ?>
<p style="color: green;"><?= htmlspecialchars($_GET['success']); ?></p>
<?php endif; ?>
<form action="addadmin.php" method="post">
<table border="1" cellspacing="0" cellpadding="10">
<thead>
<tr>
<th>Select</th>
<th>User ID</th>
<th>First Name</th>
<th>Last Name</th>
<th>Email</th>
</tr>
</thead>
<tbody>
<?php if ($result->num_rows > 0): ?>
<?php while ($row = $result->fetch_assoc()): ?>
<tr>
<td>
<input type="checkbox" name="makeAdmin[]" value="<?= $row['UserID']; ?>">
</td>
<td><?= $row['UserID']; ?></td>
<td><?= htmlspecialchars($row['FirstName']); ?></td>
<td><?= htmlspecialchars($row['LastName']); ?></td>
<td><?= htmlspecialchars($row['email']); ?></td>
</tr>
<?php endwhile; ?>
<?php else: ?>
<tr>
<td colspan="5">No users found.</td>
</tr>
<?php endif; ?>
</tbody>
</table>
<button type="submit">Make Selected Users Admins</button>
</form>
<a href="dashboard.php">Back to Dashboard</a>
</div>
</body>
</html>