fetch_all(MYSQLI_ASSOC);
// GET actions
// delete entry
if (isset($_GET["del"])) {
$sql = "DELETE FROM users WHERE id = ?";
$stmt = mysqli_prepare($link, $sql);
mysqli_stmt_bind_param($stmt, "s", $param_id);
$param_id = $_GET["del"];
if (!mysqli_stmt_execute($stmt) || mysqli_stmt_affected_rows($stmt) != 1) {
echo "SQL error: ".mysqli_stmt_error($stmt);
} else header("location: ".$_SERVER['SCRIPT_NAME']);
}
// POST actions
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// add entry
if (isset($_POST["add"])) {
$sql = "INSERT INTO users (username, email, password, verifycode, type, status) VALUES (?, ?, ?, ?, ?, ?)";
$stmt = mysqli_prepare($link, $sql);
mysqli_stmt_bind_param($stmt, "ssssss", $param_username, $param_email, $param_password, $param_verifycode, $param_type, $param_status);
$param_username = $_POST["username"];
$param_email= $_POST["email"];
$param_password = password_hash($_POST["password"], PASSWORD_DEFAULT);
$param_verifycode = base64_encode(random_bytes(12));
$param_type = $_POST["type"];
$param_status = $_POST["status"];
if (!mysqli_stmt_execute($stmt) || (mysqli_stmt_affected_rows($stmt) != 1)) {
echo "SQL error: ".mysqli_stmt_error($stmt);
} else header("location: ".$_SERVER['SCRIPT_NAME']);
}
// edit entry
if (isset($_POST["save"])) {
$sql = "UPDATE users SET username = ?, email = ?, password = ?, type = ?, status = ? WHERE id = ?";
$stmt = mysqli_prepare($link, $sql);
mysqli_stmt_bind_param($stmt, "ssssss", $param_username, $param_email, $param_password, $param_type, $param_status, $param_id);
$param_username = $_POST["username"];
$param_email = $_POST["email"];
$param_password = empty($_POST["password"]) ? getuserbyid($_POST["id"])["password"] : password_hash($_POST["password"], PASSWORD_DEFAULT);
$param_type = $_POST["type"];
$param_status = $_POST["status"];
$param_id = $_POST["id"];
if (!mysqli_stmt_execute($stmt) || (mysqli_stmt_affected_rows($stmt) != 1)) {
echo "SQL error: ".mysqli_stmt_error($stmt);
} else header("location: ".$_SERVER['SCRIPT_NAME']);
}
}
function getuserbyid($id) {
global $users;
foreach ($users as $user) {
if ($user["id"] == $id) {
return $user;
}
}
}
?>
ARFNET CSTIMS
ARFNET Client Service Ticket and Invoice Management System
panel
Users
Edit user ".$user["id"]."
";
}
if (isset($_GET["add"])) {
echo "
";
}
?>
add
id | user | password | email | verifycode | type | regdate | status | action |
".$user['id']." | "
."".$user['username']." | "
."".$user['password']." | "
."".$user['email']." | "
."".$user['verifycode']." | "
."".$user['type']." | "
."".$user['regdate']." | "
."".$user['status']." | "
."del edit | \n";
}
?>