<?php
require_login();
require_admin();
// Handle form submission
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
if ($_POST['action'] === 'create_user') {
$username = trim($_POST['username']);
$firstName = trim($_POST['firstName']);
$lastName = trim($_POST['lastName']);
$email = trim($_POST['email']);
$password = $_POST['password'];
$confirmPassword = $_POST['confirmPassword'];
$groupId = !empty($_POST['groupId']) ? (int)$_POST['groupId'] : null;
$errors = [];
// Validation
if (empty($username)) $errors[] = "Username is required";
if (empty($firstName)) $errors[] = "First name is required";
if (empty($lastName)) $errors[] = "Last name is required";
if (empty($email)) $errors[] = "Email is required";
if (empty($password)) $errors[] = "Password is required";
if ($password !== $confirmPassword) $errors[] = "Passwords do not match";
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) $errors[] = "Invalid email format";
// Check if username already exists
if (empty($errors)) {
$username_escaped = mysqli_real_escape_string($conn, $username);
$check_username_query = "SELECT COUNT(*) as count FROM TICKET_User WHERE username = '$username_escaped'";
$result = mysqli_query($conn, $check_username_query);
$row = mysqli_fetch_assoc($result);
if ($row['count'] > 0) {
$errors[] = "Username already exists";
}
}
// Check if email already exists
if (empty($errors)) {
$email_escaped = mysqli_real_escape_string($conn, $email);
$check_email_query = "SELECT COUNT(*) as count FROM TICKET_User WHERE email = '$email_escaped'";
$result = mysqli_query($conn, $check_email_query);
$row = mysqli_fetch_assoc($result);
if ($row['count'] > 0) {
$errors[] = "Email already exists";
}
}
// Create user if no errors
if (empty($errors)) {
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
$username_escaped = mysqli_real_escape_string($conn, $username);
$firstName_escaped = mysqli_real_escape_string($conn, $firstName);
$lastName_escaped = mysqli_real_escape_string($conn, $lastName);
$email_escaped = mysqli_real_escape_string($conn, $email);
$password_escaped = mysqli_real_escape_string($conn, $hashedPassword);
$insert_query = "INSERT INTO TICKET_User (username, firstName, lastName, email, password, fk_Group) VALUES ('$username_escaped', '$firstName_escaped', '$lastName_escaped', '$email_escaped', '$password_escaped', " . ($groupId ? $groupId : "NULL") . ")";
if (mysqli_query($conn, $insert_query)) {
$success = "User created successfully!";
// Clear form data
$username = $firstName = $lastName = $email = '';
$groupId = null;
} else {
$errors[] = "Failed to create user. Please try again.";
}
}
}
if ($_POST['action'] === 'delete_user') {
$userId = (int)$_POST['user_id'];
$errors = [];
// Validate user ID
if (empty($userId)) {
$errors[] = "Invalid user ID";
}
// Check if user exists
if (empty($errors)) {
$check_user_query = "SELECT pk_User, firstName, lastName FROM TICKET_User WHERE pk_User = $userId";
$result = mysqli_query($conn, $check_user_query);
if (mysqli_num_rows($result) === 0) {
$errors[] = "User not found";
} else {
$user_to_delete = mysqli_fetch_assoc($result);
}
}
// Check if user has any requests
if (empty($errors)) {
$check_requests_query = "SELECT COUNT(*) as count FROM TICKET_Request WHERE fk_User = $userId";
$result = mysqli_query($conn, $check_requests_query);
$row = mysqli_fetch_assoc($result);
if ($row['count'] > 0) {
$errors[] = "Cannot delete user. User has " . $row['count'] . " request(s) associated with their account.";
}
}
// Check if user is assigned as an actor in any workflow states
if (empty($errors)) {
$check_actor_query = "SELECT COUNT(*) as count FROM TICKET_StateActor WHERE actorType = 'USER' AND actorUser = $userId";
$result = mysqli_query($conn, $check_actor_query);
$row = mysqli_fetch_assoc($result);
if ($row['count'] > 0) {
$errors[] = "Cannot delete user. User is assigned as an actor in " . $row['count'] . " workflow state(s).";
}
}
// Delete user if no errors
if (empty($errors)) {
// Start transaction
mysqli_autocommit($conn, false);
try {
// Delete user notifications first
$delete_notifications_query = "DELETE FROM TICKET_Notification WHERE fk_User = $userId";
if (!mysqli_query($conn, $delete_notifications_query)) {
throw new Exception("Failed to delete user notifications");
}
// Delete the user
$delete_user_query = "DELETE FROM TICKET_User WHERE pk_User = $userId";
if (!mysqli_query($conn, $delete_user_query)) {
throw new Exception("Failed to delete user");
}
// Commit transaction
mysqli_commit($conn);
$success = "User '" . htmlspecialchars($user_to_delete['firstName'] . ' ' . $user_to_delete['lastName']) . "' has been deleted successfully!";
} catch (Exception $e) {
// Rollback transaction
mysqli_rollback($conn);
$errors[] = "Failed to delete user: " . $e->getMessage();
}
// Re-enable autocommit
mysqli_autocommit($conn, true);
}
}
}
// Fetch all groups for the dropdown
$groups_query = "SELECT pk_Group, name FROM TICKET_Group ORDER BY name";
$groups_result = mysqli_query($conn, $groups_query);
$groups = [];
while ($row = mysqli_fetch_assoc($groups_result)) {
$groups[] = $row;
}
// Fetch all users for display with request counts
$users_query = "
SELECT u.pk_User, u.username, u.firstName, u.lastName, u.email, g.name as groupName,
COUNT(r.pk_Request) as requestCount
FROM TICKET_User u
LEFT JOIN TICKET_Group g ON u.fk_Group = g.pk_Group
LEFT JOIN TICKET_Request r ON u.pk_User = r.fk_User
GROUP BY u.pk_User, u.username, u.firstName, u.lastName, u.email, g.name
ORDER BY u.firstName, u.lastName
";
$users_result = mysqli_query($conn, $users_query);
$users = [];
while ($row = mysqli_fetch_assoc($users_result)) {
$users[] = $row;
}
?>
<div class="page-users">
<div class="users-header">
<h1 class="users-title">User Management</h1>
<p class="users-subtitle">Add and manage user accounts</p>
</div>
<?php if (!empty($errors)): ?>
<div class="alert alert-error">
<ul>
<?php foreach ($errors as $error): ?>
<li><?php echo htmlspecialchars($error); ?></li>
<?php endforeach; ?>
</ul>
</div>
<?php endif; ?>
<?php if (!empty($success)): ?>
<div class="alert alert-success">
<?php echo htmlspecialchars($success); ?>
</div>
<?php endif; ?>
<div class="users-content">
<div class="users-actions">
<button id="addUserBtn" class="btn btn-primary btn-large" onclick="toggleAddUserForm()">
<span id="addUserBtnText">➕ Add User</span>
</button>
</div>
<div id="createUserSection" class="create-user-section" style="display: none;">
<h2 class="section-title">Create New User</h2>
<form method="POST" class="create-user-form">
<input type="hidden" name="action" value="create_user">
<div class="form-row">
<div class="form-group">
<label for="username" class="form-label">Username *</label>
<input type="text" id="username" name="username" class="form-input"
value="<?php echo htmlspecialchars($username ?? ''); ?>" required>
</div>
<div class="form-group">
<label for="email" class="form-label">Email *</label>
<input type="email" id="email" name="email" class="form-input"
value="<?php echo htmlspecialchars($email ?? ''); ?>" required>
</div>
</div>
<div class="form-row">
<div class="form-group">
<label for="firstName" class="form-label">First Name *</label>
<input type="text" id="firstName" name="firstName" class="form-input"
value="<?php echo htmlspecialchars($firstName ?? ''); ?>" required>
</div>
<div class="form-group">
<label for="lastName" class="form-label">Last Name *</label>
<input type="text" id="lastName" name="lastName" class="form-input"
value="<?php echo htmlspecialchars($lastName ?? ''); ?>" required>
</div>
</div>
<div class="form-row">
<div class="form-group">
<label for="password" class="form-label">Password *</label>
<input type="password" id="password" name="password" class="form-input" required>
</div>
<div class="form-group">
<label for="confirmPassword" class="form-label">Confirm Password *</label>
<input type="password" id="confirmPassword" name="confirmPassword" class="form-input" required>
</div>
</div>
<div class="form-group">
<label for="groupId" class="form-label">Group</label>
<select id="groupId" name="groupId" class="form-select">
<option value="">-- No Group --</option>
<?php foreach ($groups as $group): ?>
<option value="<?php echo $group['pk_Group']; ?>"
<?php echo (isset($groupId) && $groupId == $group['pk_Group']) ? 'selected' : ''; ?>>
<?php echo htmlspecialchars($group['name']); ?>
</option>
<?php endforeach; ?>
</select>
</div>
<div class="form-actions">
<button type="submit" class="btn btn-primary">Create User</button>
<button type="button" class="btn btn-secondary" onclick="cancelAddUser()">Cancel</button>
<button type="reset" class="btn btn-secondary">Clear Form</button>
</div>
</form>
</div>
<div class="users-list-section">
<h2 class="section-title">Existing Users (<?php echo count($users); ?>)</h2>
<div class="users-table-container">
<table class="users-table">
<thead>
<tr>
<th>Name</th>
<th>Username</th>
<th>Email</th>
<th>Group</th>
<th>Requests</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php foreach ($users as $user): ?>
<tr>
<td><?php echo htmlspecialchars($user['firstName'] . ' ' . $user['lastName']); ?></td>
<td><?php echo htmlspecialchars($user['username']); ?></td>
<td><?php echo htmlspecialchars($user['email']); ?></td>
<td>
<?php if ($user['groupName']): ?>
<span class="group-badge"><?php echo htmlspecialchars($user['groupName']); ?></span>
<?php else: ?>
<span class="no-group">No Group</span>
<?php endif; ?>
</td>
<td>
<span class="request-count"><?php echo $user['requestCount']; ?></span>
</td>
<td>
<div class="action-buttons">
<button class="btn btn-small btn-secondary" onclick="editUser(<?php echo $user['pk_User']; ?>)">Edit</button>
<?php if ($user['requestCount'] == 0): ?>
<button class="btn btn-small btn-danger" onclick="deleteUser(<?php echo $user['pk_User']; ?>, '<?php echo htmlspecialchars($user['firstName'] . ' ' . $user['lastName'], ENT_QUOTES); ?>')">Delete</button>
<?php else: ?>
<button class="btn btn-small btn-danger btn-disabled" disabled title="Cannot delete user with existing requests">Delete</button>
<?php endif; ?>
</div>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
</div>
</div>
<!-- Hidden form for user deletion -->
<form id="deleteUserForm" method="POST" style="display: none;">
<input type="hidden" name="action" value="delete_user">
<input type="hidden" name="user_id" id="deleteUserId">
</form>
<script>
function toggleAddUserForm() {
const section = document.getElementById('createUserSection');
const btn = document.getElementById('addUserBtn');
const btnText = document.getElementById('addUserBtnText');
if (section.style.display === 'none' || section.style.display === '') {
section.style.display = 'block';
btnText.textContent = '❌ Cancel';
btn.scrollIntoView({ behavior: 'smooth', block: 'start' });
// Focus on first input
setTimeout(() => {
document.getElementById('username').focus();
}, 300);
} else {
section.style.display = 'none';
btnText.textContent = '➕ Add User';
}
}
function cancelAddUser() {
const section = document.getElementById('createUserSection');
const btn = document.getElementById('addUserBtn');
const btnText = document.getElementById('addUserBtnText');
section.style.display = 'none';
btnText.textContent = '➕ Add User';
// Clear form
document.querySelector('.create-user-form').reset();
}
function editUser(userId) {
// TODO: Implement edit functionality
alert('Edit functionality coming soon!');
}
function deleteUser(userId, userName) {
if (confirm('Are you sure you want to delete user "' + userName + '"?\n\nThis action cannot be undone and will also delete:\n- All notifications for this user\n\nThe user must not have any requests or workflow assignments.')) {
document.getElementById('deleteUserId').value = userId;
document.getElementById('deleteUserForm').submit();
}
}
// Password confirmation validation
document.getElementById('confirmPassword').addEventListener('input', function() {
const password = document.getElementById('password').value;
const confirmPassword = this.value;
if (password !== confirmPassword) {
this.setCustomValidity('Passwords do not match');
} else {
this.setCustomValidity('');
}
});
document.getElementById('password').addEventListener('input', function() {
const confirmPassword = document.getElementById('confirmPassword');
if (confirmPassword.value) {
confirmPassword.dispatchEvent(new Event('input'));
}
});
// Show form if there are errors (form was submitted)
<?php if (!empty($errors) && !isset($_POST['user_id'])): ?>
document.addEventListener('DOMContentLoaded', function() {
toggleAddUserForm();
});
<?php endif; ?>
</script>