<?php
require_once("Functions/Error/errorHandler.php");
if ($_SERVER["REQUEST_METHOD"] === "POST") {
$firstName = trim($_POST["firstName"]);
$lastName = trim($_POST["lastName"]);
$email = trim($_POST["email"]);
$password = $_POST["password"];
$isAdmin = isset($_POST["isAdmin"]) ? 1 : 0;
if (empty($firstName) || empty($lastName) || empty($email) || empty($password)) {
setError("All fields are required.");
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
setError("Invalid email address.");
} else {
$stmt = mysqli_prepare($dbc, "SELECT email FROM citeLeParis_user WHERE email = ?");
mysqli_stmt_bind_param($stmt, "s", $email);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
if (mysqli_stmt_num_rows($stmt) > 0) {
setError("An employee with this email already exists.");
} else {
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
$stmt = mysqli_prepare($dbc, "INSERT INTO citeLeParis_user (firstName, lastName, email, passwordHash, isAdmin, isActive) VALUES (?, ?, ?, ?, ?, 1)");
mysqli_stmt_bind_param($stmt, "ssssi", $firstName, $lastName, $email, $hashedPassword, $isAdmin);
if (!mysqli_stmt_execute($stmt)) {
setError("Error adding employee: " . mysqli_error($dbc));
}
mysqli_stmt_close($stmt);
}
}
}
?>
<?php include("Functions/Error/errorDisplay.php"); ?>
<style>main{padding:0 !important;}</style>
<section class="add-employee-panel">
<h2>Add New Employee</h2>
<form method="POST" class="form-add-employee">
<label>
First Name:
<input type="text" name="firstName" required>
</label>
<label>
Last Name:
<input type="text" name="lastName" required>
</label>
<label>
Email:
<input type="email" name="email" required>
</label>
<label>
Password:
<input type="password" name="password" required>
</label>
<label>
<input type="checkbox" name="isAdmin"> Admin
</label>
<button class="btn" type="submit">Add Employee</button>
</form>
</section>