emmev-code/orario
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Manage users

Browse Source
This commit is contained in:
Vichingo455
2025-10-02 09:17:32 +02:00
parent 8a37f24b40
commit b599691c2e
3 changed files with 121 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
htdocs/admin/index.php
View File

@@ -31,7 +31,12 @@ if (!isset($_SESSION['admin'])) {
<a href="timetable.php">Gestisci Orario</a> <a href="timetable.php">Gestisci Orario</a>
<?php <?php
if ($_SESSION['auth_type'] === 'local') { if ($_SESSION['auth_type'] === 'local') {
echo '<a href="changepassword.php">Cambia Password</a>'; echo '<a href="password.php">Cambia Password</a>';
}
?>
<?php
if ($_SESSION['auth_type'] === 'local' && $_SESSION['admin'] === 'admin') {
echo '<a href="users.php">Gestisci Amministratori</a>';
} }
?> ?>
</p> </p>

0
htdocs/admin/changepassword.php → htdocs/admin/password.php
View File

115
htdocs/admin/users.php Normal file
View File

@@ -0,0 +1,115 @@
<?php
session_start();
include("../db.php");
if (!isset($_SESSION['admin']) || $_SESSION['auth_type'] != 'local' || $_SESSION['admin'] != 'admin') {
header("Location: login.php");
exit;
}
$message = "";
// Add admin
if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST['add_user'])) {
$username = trim($_POST['username']);
$password = $_POST['password'];
if (!empty($username) && !empty($password)) {
$hash = password_hash($password, PASSWORD_DEFAULT);
$stmt = $conn->prepare("INSERT INTO admins (username, password) VALUES (?, ?)");
$stmt->bind_param("ss", $username, $hash);
if ($stmt->execute()) {
$message = "Utente admin aggiunto con successo.";
} else {
$message = "Errore durante l'aggiunta: " . $conn->error;
}
} else {
$message = "Compila tutti i campi.";
}
}
// Delete admin
if (isset($_GET['delete'])) {
$id = intval($_GET['delete']);
if ($id != 1) { // proteggi super admin
$stmt = $conn->prepare("DELETE FROM admins WHERE id = ?");
$stmt->bind_param("i", $id);
$stmt->execute();
$message = "Utente admin rimosso.";
} else {
$message = "Non puoi eliminare il super admin.";
}
}
// Fetch admins
$result = $conn->query("SELECT id, username FROM admins ORDER BY id ASC");
?>
<!DOCTYPE html>
<html>
<head>
<title>Gestione Admin</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="style.css">
</head>
<body>
<div class="navbar">
<div class="logo">Admin Dashboard</div>
<div class="links">
<a href="index.php">Dashboard</a>
<a href="logout.php">Logout</a>
</div>
</div>
<div class="admin-container">
<h1>Gestione Amministratori</h1>
<a href="index.php" class="back-link">⬅ Torna al Dashboard</a>
<?php if ($message): ?>
<p style="color:<?php echo strpos($message,'successo')!==false ? 'green':'red'; ?>;">
<?php echo htmlspecialchars($message); ?>
</p>
<?php endif; ?>
<h2>Utenti Attivi</h2>
<table border="1" cellspacing="0" cellpadding="6" width="100%">
<thead>
<tr>
<th>ID</th>
<th>Username</th>
<th>Azione</th>
</tr>
</thead>
<tbody>
<?php while ($row = $result->fetch_assoc()): ?>
<tr>
<td><?php echo $row['id']; ?></td>
<td><?php echo htmlspecialchars($row['username']); ?></td>
<td>
<?php if ($row['id'] != 1): ?>
<a href="?delete=<?php echo $row['id']; ?>"
onclick="return confirm('Vuoi davvero eliminare questo amministratore?')"
style="color:red;">Elimina</a>
<?php else: ?>
<em>Super Admin</em>
<?php endif; ?>
</td>
</tr>
<?php endwhile; ?>
</tbody>
</table>
<h2>Aggiungi Nuovo Admin</h2>
<form method="POST">
<label>Username:<br>
<input type="text" name="username" required>
</label><br><br>
<label>Password:<br>
<input type="password" name="password" required>
</label><br><br>
<button type="submit" name="add_user">Aggiungi</button>
</form>
</div>
</body>
</html>