­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ pdo, $this->config); $this->requireAdmin($u); $this->render('admin/index.php', ['u' => $u]); } // ----------------------------- // Users // ----------------------------- public function users(): void { $u = require_login($this->pdo, $this->config); $this->requireAdmin($u); $rows = $this->pdo->query(" SELECT u.id, u.name, u.email, u.mobile, u.is_active, r.code AS role_code, r.name_en AS role_name_en, b.name_en AS branch_name_en, b.name_ar AS branch_name_ar FROM users u JOIN roles r ON r.id=u.role_id LEFT JOIN branches b ON b.id=u.branch_id ORDER BY u.id DESC LIMIT 500 ")->fetchAll(); $this->render('admin/users.php', ['u'=>$u, 'rows'=>$rows]); } public function user_create(): void { $u = require_login($this->pdo, $this->config); $this->requireAdmin($u); $roles = $this->pdo->query("SELECT id, code, name_en, name_ar FROM roles ORDER BY id")->fetchAll(); $branches = $this->pdo->query("SELECT id, name_en, name_ar, city FROM branches WHERE is_active=1 ORDER BY id")->fetchAll(); if ($_SERVER['REQUEST_METHOD'] === 'POST') { require_post(); csrf_check(); $name = trim($_POST['name'] ?? ''); $email = trim($_POST['email'] ?? ''); $mobile = trim($_POST['mobile'] ?? ''); $roleId = (int)($_POST['role_id'] ?? 0); $branchId = (int)($_POST['branch_id'] ?? 0); $supervisorId = (int)($_POST['supervisor_user_id'] ?? 0); $lang = ($_POST['language_pref'] ?? 'en') === 'ar' ? 'ar' : 'en'; $isActive = (int)($_POST['is_active'] ?? 1) === 1 ? 1 : 0; $password = trim($_POST['password'] ?? ''); if ($password === '') $password = 'Password@123'; if ($name === '' || $email === '' || $roleId <= 0) { flash_set('danger', 'Name, Email and Role are required'); redirect(base_url($this->config, '/index.php?r=admin/user_create')); } $hash = password_hash($password, PASSWORD_DEFAULT); $st = $this->pdo->prepare(" INSERT INTO users(role_id, branch_id, supervisor_user_id, name, mobile, email, password_hash, language_pref, is_active, created_at) VALUES(?,?,?,?,?,?,?,?,?,?) "); $st->execute([ $roleId, $branchId > 0 ? $branchId : null, $supervisorId > 0 ? $supervisorId : null, $name, $mobile, $email, $hash, $lang, $isActive, now() ]); $uid = (int)$this->pdo->lastInsertId(); $this->log('user', $uid, 'USER_CREATED', (int)$u['id'], ['email'=>$email, 'role_id'=>$roleId]); flash_set('success', 'User created'); redirect(base_url($this->config, '/index.php?r=admin/users')); } // supervisors list (optional) $supervisors = $this->pdo->query(" SELECT u.id, u.name, u.email FROM users u JOIN roles r ON r.id=u.role_id WHERE r.code='CC_SUP' AND u.is_active=1 ORDER BY u.name ")->fetchAll(); $this->render('admin/user_form.php', [ 'u'=>$u, 'mode'=>'create', 'roles'=>$roles, 'branches'=>$branches, 'supervisors'=>$supervisors, 'row'=>null ]); } public function user_edit(): void { $u = require_login($this->pdo, $this->config); $this->requireAdmin($u); $id = (int)($_GET['id'] ?? 0); $st = $this->pdo->prepare("SELECT * FROM users WHERE id=?"); $st->execute([$id]); $row = $st->fetch(); if (!$row) { http_response_code(404); echo "User not found"; exit; } $roles = $this->pdo->query("SELECT id, code, name_en, name_ar FROM roles ORDER BY id")->fetchAll(); $branches = $this->pdo->query("SELECT id, name_en, name_ar, city FROM branches WHERE is_active=1 ORDER BY id")->fetchAll(); $supervisors = $this->pdo->query(" SELECT u.id, u.name, u.email FROM users u JOIN roles r ON r.id=u.role_id WHERE r.code='CC_SUP' AND u.is_active=1 ORDER BY u.name ")->fetchAll(); if ($_SERVER['REQUEST_METHOD'] === 'POST') { require_post(); csrf_check(); $name = trim($_POST['name'] ?? ''); $email = trim($_POST['email'] ?? ''); $mobile = trim($_POST['mobile'] ?? ''); $roleId = (int)($_POST['role_id'] ?? 0); $branchId = (int)($_POST['branch_id'] ?? 0); $supervisorId = (int)($_POST['supervisor_user_id'] ?? 0); $lang = ($_POST['language_pref'] ?? 'en') === 'ar' ? 'ar' : 'en'; $isActive = (int)($_POST['is_active'] ?? 1) === 1 ? 1 : 0; if ($name === '' || $email === '' || $roleId <= 0) { flash_set('danger', 'Name, Email and Role are required'); redirect(base_url($this->config, '/index.php?r=admin/user_edit&id='.$id)); } $st = $this->pdo->prepare(" UPDATE users SET role_id=?, branch_id=?, supervisor_user_id=?, name=?, mobile=?, email=?, language_pref=?, is_active=?, updated_at=? WHERE id=? "); $st->execute([ $roleId, $branchId > 0 ? $branchId : null, $supervisorId > 0 ? $supervisorId : null, $name, $mobile, $email, $lang, $isActive, now(), $id ]); $this->log('user', $id, 'USER_UPDATED', (int)$u['id'], ['email'=>$email, 'role_id'=>$roleId]); flash_set('success', 'User updated'); redirect(base_url($this->config, '/index.php?r=admin/users')); } $this->render('admin/user_form.php', [ 'u'=>$u, 'mode'=>'edit', 'roles'=>$roles, 'branches'=>$branches, 'supervisors'=>$supervisors, 'row'=>$row ]); } public function user_reset_password(): void { $u = require_login($this->pdo, $this->config); $this->requireAdmin($u); require_post(); csrf_check(); $id = (int)($_POST['id'] ?? 0); $newPass = trim($_POST['new_password'] ?? ''); if ($newPass === '') { flash_set('danger', 'New password required'); redirect(base_url($this->config, '/index.php?r=admin/users')); } $hash = password_hash($newPass, PASSWORD_DEFAULT); $st = $this->pdo->prepare("UPDATE users SET password_hash=?, updated_at=? WHERE id=?"); $st->execute([$hash, now(), $id]); $this->log('user', $id, 'PASSWORD_RESET', (int)$u['id'], []); flash_set('success', 'Password reset'); redirect(base_url($this->config, '/index.php?r=admin/users')); } // ----------------------------- // Roles // ----------------------------- public function roles(): void { $u = require_login($this->pdo, $this->config); $this->requireAdmin($u); $rows = $this->pdo->query("SELECT * FROM roles ORDER BY id")->fetchAll(); $this->render('admin/roles.php', ['u'=>$u, 'rows'=>$rows]); } public function role_save(): void { $u = require_login($this->pdo, $this->config); $this->requireAdmin($u); require_post(); csrf_check(); $id = (int)($_POST['id'] ?? 0); $code = strtoupper(trim($_POST['code'] ?? '')); $nameEn = trim($_POST['name_en'] ?? ''); $nameAr = trim($_POST['name_ar'] ?? ''); if ($code === '' || $nameEn === '' || $nameAr === '') { flash_set('danger', 'Role code/name required'); redirect(base_url($this->config, '/index.php?r=admin/roles')); } if ($id > 0) { $st = $this->pdo->prepare("UPDATE roles SET code=?, name_en=?, name_ar=?, updated_at=? WHERE id=?"); $st->execute([$code, $nameEn, $nameAr, now(), $id]); $this->log('system', 0, 'ROLE_UPDATED', (int)$u['id'], ['role_id'=>$id,'code'=>$code]); } else { $st = $this->pdo->prepare("INSERT INTO roles(code, name_en, name_ar) VALUES(?,?,?)"); $st->execute([$code, $nameEn, $nameAr]); $rid = (int)$this->pdo->lastInsertId(); $this->log('system', 0, 'ROLE_CREATED', (int)$u['id'], ['role_id'=>$rid,'code'=>$code]); } flash_set('success', 'Saved'); redirect(base_url($this->config, '/index.php?r=admin/roles')); } // ----------------------------- // Branches // ----------------------------- public function branches(): void { $u = require_login($this->pdo, $this->config); $this->requireAdmin($u); $rows = $this->pdo->query("SELECT * FROM branches ORDER BY id")->fetchAll(); $this->render('admin/branches.php', ['u'=>$u, 'rows'=>$rows]); } public function branch_save(): void { $u = require_login($this->pdo, $this->config); $this->requireAdmin($u); require_post(); csrf_check(); $id = (int)($_POST['id'] ?? 0); $nameEn = trim($_POST['name_en'] ?? ''); $nameAr = trim($_POST['name_ar'] ?? ''); $city = trim($_POST['city'] ?? ''); $locationUrl = trim($_POST['location_url'] ?? ''); $isActive = (int)($_POST['is_active'] ?? 1) === 1 ? 1 : 0; if ($nameEn === '' || $nameAr === '' || $city === '') { flash_set('danger', 'Branch name and city required'); redirect(base_url($this->config, '/index.php?r=admin/branches')); } if ($id > 0) { $st = $this->pdo->prepare(" UPDATE branches SET name_en=?, name_ar=?, city=?, location_url=?, is_active=?, updated_at=? WHERE id=? "); $st->execute([$nameEn, $nameAr, $city, ($locationUrl ?: null), $isActive, now(), $id]); $this->log('system', 0, 'BRANCH_UPDATED', (int)$u['id'], ['branch_id'=>$id]); } else { $st = $this->pdo->prepare(" INSERT INTO branches(name_en, name_ar, city, location_url, is_active, created_at) VALUES(?,?,?,?,?,?) "); $st->execute([$nameEn, $nameAr, $city, ($locationUrl ?: null), $isActive, now()]); $bid = (int)$this->pdo->lastInsertId(); $this->log('system', 0, 'BRANCH_CREATED', (int)$u['id'], ['branch_id'=>$bid]); } flash_set('success', 'Saved'); redirect(base_url($this->config, '/index.php?r=admin/branches')); } }