Gestionnaire de fichiers

Gestionnaire de fichiers - Editer - /home/pack/admin/users.php

Arrière
<?php require_once "../config.php"; require_once "../auth.php"; require_staff_or_admin(); // admin + staff เท่านั้น include "header.php"; // ฟังก์ชันสุ่มรหัสผ่านใหม่ function random_password($length = 8) { $chars = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz23456789'; return substr(str_shuffle($chars), 0, $length); } /* ========================================================== ADD USER ========================================================== / if (isset($_POST['add_user'])) { $username = trim($_POST['username']); $fullname = trim($_POST['fullname']); $role = $_POST['role']; $password = $_POST['password']; // staff ห้ามสร้าง admin if ($ROLE === 'staff' && $role === 'admin') { echo "<script>alert('Staff ไม่สามารถสร้างบัญชี Admin ได้');</script>"; } else { $hash = hash("sha256", $password); $stmt = $conn->prepare(" INSERT INTO users (username, password_hash, fullname, role) VALUES (?, ?, ?, ?) "); $stmt->bind_param("ssss", $username, $hash, $fullname, $role); $stmt->execute(); echo "<script>alert('เพิ่มผู้ใช้สำเร็จ');</script>"; } } / ========================================================== EDIT USER ========================================================== / if (isset($_POST['edit_user'])) { $uid = $_POST['user_id']; $username = trim($_POST['username']); $fullname = trim($_POST['fullname']); $role = $_POST['role']; // staff ห้ามแก้ admin staff_cannot_edit_admin($uid, $conn); // staff ห้ามเปลี่ยน role ให้เป็น admin if ($ROLE === "staff" && $role === "admin") { echo "<script>alert('Staff ไม่สามารถกำหนด role Admin ได้');</script>"; } else { $stmt = $conn->prepare(" UPDATE users SET username=?, fullname=?, role=? WHERE id=? "); $stmt->bind_param("sssi", $username, $fullname, $role, $uid); $stmt->execute(); echo "<script>alert('บันทึกข้อมูลเรียบร้อย');</script>"; } } / ========================================================== RESET PASSWORD ========================================================== / if (isset($_GET['reset'])) { $uid = intval($_GET['reset']); // staff ห้าม reset password ของ admin staff_cannot_edit_admin($uid, $conn); $newpass = random_password(8); $hash = hash("sha256", $newpass); $conn->query("UPDATE users SET password_hash='$hash' WHERE id=$uid"); echo "<script>alert('รหัสผ่านใหม่คือ: $newpass');</script>"; } / ========================================================== DELETE USER ========================================================== / if (isset($_GET['del'])) { $uid = intval($_GET['del']); // staff ห้ามลบ admin staff_cannot_edit_admin($uid, $conn); $conn->query("DELETE FROM users WHERE id=$uid"); echo "<script>alert('ลบผู้ใช้เรียบร้อย');</script>"; } ?> <style> .user-card { border-radius: 12px; padding: 15px; background: #fff; border: 1px solid #e0e0e0; transition: .2s; } .user-card:hover { transform: translateY(-4px); box-shadow: 0 4px 18px rgba(0,0,0,0.12); } .badge-role { font-size: 12px; } </style> <h3><i class="bi bi-people"></i> จัดการผู้ใช้</h3> <hr> <!-- ADD USER BUTTON --> <button class="btn btn-primary mb-3" data-bs-toggle="modal" data-bs-target="#addModal"> <i class="bi bi-person-plus"></i> เพิ่มผู้ใช้ </button> <div class="row g-3"> <?php $res = $conn->query("SELECT FROM users ORDER BY role DESC, fullname ASC"); while ($u = $res->fetch_assoc()): ?> <div class="col-md-4"> <div class="user-card"> <h5><?= htmlspecialchars($u['fullname']) ?></h5> <div>ชื่อผู้ใช้: <strong><?= htmlspecialchars($u['username']) ?></strong></div> <div class="mt-1"> <?php $role = $u['role']; $badge = [ "admin" => "danger", "staff" => "warning", "user" => "secondary" ]; ?> <span class="badge bg-<?= $badge[$role] ?> badge-role"> <?= $role ?> </span> </div> <div class="text-end mt-3"> <!-- EDIT --> <button class="btn btn-warning btn-sm" data-bs-toggle="modal" data-bs-target="#editModal<?= $u['id'] ?>"> <i class="bi bi-pencil-square"></i> </button> <!-- RESET PASSWORD --> <?php if (!($ROLE=="staff" && $u['role']=="admin")): ?> <a href="?reset=<?= $u['id'] ?>" onclick="return confirm('Reset password ผู้ใช้นี้?')" class="btn btn-info btn-sm text-white"> <i class="bi bi-key"></i> </a> <?php endif; ?> <!-- DELETE --> <?php if (!($ROLE=="staff" && $u['role']=="admin")): ?> <a href="?del=<?= $u['id'] ?>" onclick="return confirm('ลบผู้ใช้นี้?')" class="btn btn-danger btn-sm"> <i class="bi bi-trash"></i> </a> <?php endif; ?> </div> </div> </div> <!-- EDIT MODAL --> <div class="modal fade" id="editModal<?= $u['id'] ?>"> <div class="modal-dialog"> <div class="modal-content"> <form method="post"> <div class="modal-header"> <h5 class="modal-title">แก้ไขผู้ใช้</h5> <button class="btn-close" data-bs-dismiss="modal"></button> </div> <div class="modal-body"> <input type="hidden" name="user_id" value="<?= $u['id'] ?>"> <label>ชื่อผู้ใช้</label> <input type="text" name="username" class="form-control mb-2" value="<?= htmlspecialchars($u['username']) ?>" required> <label>ชื่อจริง</label> <input type="text" name="fullname" class="form-control mb-2" value="<?= htmlspecialchars($u['fullname']) ?>" required> <label>สิทธิ์</label> <select name="role" class="form-select"> <option value="user" <?= $u['role']=='user'?'selected':'' ?>>user</option> <option value="staff" <?= $u['role']=='staff'?'selected':'' ?>>staff</option> <option value="admin" <?= $u['role']=='admin'?'selected':'' ?> <?= ($ROLE=='staff')?'disabled':'' ?>> admin </option> </select> </div> <div class="modal-footer"> <button name="edit_user" class="btn btn-success"> <i class="bi bi-save"></i> บันทึก </button> </div> </form> </div> </div> </div> <?php endwhile; ?> </div> <!-- ADD MODAL --> <div class="modal fade" id="addModal"> <div class="modal-dialog"> <div class="modal-content"> <form method="post"> <div class="modal-header"> <h5 class="modal-title">เพิ่มผู้ใช้ใหม่</h5> <button class="btn-close" data-bs-dismiss="modal"></button> </div> <div class="modal-body"> <label>ชื่อผู้ใช้</label> <input type="text" name="username" class="form-control mb-2" required> <label>ชื่อจริง</label> <input type="text" name="fullname" class="form-control mb-2" required> <label>สิทธิ์</label> <select name="role" class="form-select mb-2"> <option value="user">user</option> <option value="staff">staff</option> <?php if ($ROLE == 'admin'): ?> <option value="admin">admin</option> <?php endif; ?> </select> <label>รหัสผ่านเริ่มต้น</label> <input type="text" name="password" class="form-control mb-2" required> </div> <div class="modal-footer"> <button name="add_user" class="btn btn-primary"> <i class="bi bi-plus-circle"></i> เพิ่มผู้ใช้ </button> </div> </form> </div> </div> </div> <?php include "../footer.php"; ?>

| ver. 1.4 | Github | . | PHP 7.4.33 | Génération de la page: 0.23 | proxy | phpinfo | Réglages