<?php
// Start session
session_start();
// Check if user is logged in and is admin or developer
if (!isset($_SESSION['user_id']) || ($_SESSION['role'] !== 'admin' && $_SESSION['role'] !== 'developer')) {
header('Location: login.php');
exit;
}
// Include database connection
require_once 'database/db_config.php';
// Initialize variables
$username = $email = $password = $first_name = $last_name = $phone = $bio = '';
$role = isset($_GET['role']) ? $_GET['role'] : 'student';
$status = 'active';
$errors = [];
$success = false;
// Handle form submission
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Get form data
$username = trim($_POST['username']);
$email = trim($_POST['email']);
$password = $_POST['password'];
$first_name = trim($_POST['first_name']);
$last_name = trim($_POST['last_name']);
$phone = trim($_POST['phone']);
$bio = trim($_POST['bio']);
$role = $_POST['role'];
$status = $_POST['status'];
// Validate form data
if (empty($username)) {
$errors[] = "Username is required";
} elseif (strlen($username) < 3) {
$errors[] = "Username must be at least 3 characters long";
}
if (empty($email)) {
$errors[] = "Email is required";
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors[] = "Invalid email format";
}
if (empty($password)) {
$errors[] = "Password is required";
} elseif (strlen($password) < 6) {
$errors[] = "Password must be at least 6 characters long";
}
if (empty($first_name)) {
$errors[] = "First name is required";
}
if (empty($last_name)) {
$errors[] = "Last name is required";
}
// Check if username or email already exists
if (empty($errors)) {
$check_query = "SELECT id FROM users WHERE username = ? OR email = ?";
$check_stmt = $conn->prepare($check_query);
$check_stmt->bind_param("ss", $username, $email);
$check_stmt->execute();
$result = $check_stmt->get_result();
if ($result->num_rows > 0) {
$errors[] = "Username or email already exists";
}
}
// Handle profile image upload
$profile_image_path = null;
if (empty($errors) && isset($_FILES['profile_image']) && $_FILES['profile_image']['error'] === UPLOAD_ERR_OK) {
$allowed_types = ['image/jpeg', 'image/png', 'image/gif'];
$max_size = 5 * 1024 * 1024; // 5MB
if (!in_array($_FILES['profile_image']['type'], $allowed_types)) {
$errors[] = "Invalid file type. Only JPG, PNG and GIF are allowed.";
} elseif ($_FILES['profile_image']['size'] > $max_size) {
$errors[] = "File size too large. Maximum size is 5MB.";
} else {
$upload_dir = '../uploads/profiles/';
if (!file_exists($upload_dir)) {
mkdir($upload_dir, 0777, true);
}
$file_extension = pathinfo($_FILES['profile_image']['name'], PATHINFO_EXTENSION);
$file_name = uniqid() . '.' . $file_extension;
$target_path = $upload_dir . $file_name;
if (move_uploaded_file($_FILES['profile_image']['tmp_name'], $target_path)) {
$profile_image_path = 'uploads/profiles/' . $file_name;
} else {
$errors[] = "Failed to upload profile image";
}
}
}
// If no errors, proceed with user creation
if (empty($errors)) {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$insert_query = "INSERT INTO users (username, email, password, first_name, last_name, phone, bio, profile_image, role, status, created_at)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW())";
$stmt = $conn->prepare($insert_query);
$stmt->bind_param("ssssssssss", $username, $email, $hashed_password, $first_name, $last_name, $phone, $bio, $profile_image_path, $role, $status);
if ($stmt->execute()) {
$success = true;
$_SESSION['message'] = "User created successfully.";
$_SESSION['message_type'] = "success";
// Redirect based on role
if ($role === 'instructor') {
header("Location: instructors.php");
exit;
} else {
header("Location: users.php");
exit;
}
} else {
$errors[] = "User creation failed. Please try again: " . $conn->error;
}
}
}
// Include header file - moved after all redirects
include 'includes/header.php';
?>
<div class="container-fluid">
<div class="row">
<!-- Sidebar -->
<?php include 'includes/sidebar.php'; ?>
<!-- Main content -->
<main class="col-md-9 ms-sm-auto col-lg-10 px-md-4">
<div class="d-flex justify-content-between flex-wrap flex-md-nowrap align-items-center pt-3 pb-2 mb-3 border-bottom">
<h1 class="h2">Add New <?php echo ucfirst($role); ?></h1>
<div class="btn-toolbar mb-2 mb-md-0">
<a href="<?php echo $role === 'instructor' ? 'instructors.php' : 'users.php'; ?>" class="btn btn-secondary">Back to List</a>
</div>
</div>
<?php if (!empty($errors)): ?>
<div class="alert alert-danger">
<ul class="mb-0">
<?php foreach ($errors as $error): ?>
<li><?php echo $error; ?></li>
<?php endforeach; ?>
</ul>
</div>
<?php endif; ?>
<div class="card">
<div class="card-body">
<form method="post" action="" enctype="multipart/form-data" class="needs-validation" novalidate>
<div class="row g-3">
<div class="col-md-6">
<div class="mb-3">
<label for="username" class="form-label">Username <span class="text-danger">*</span></label>
<input type="text" class="form-control" id="username" name="username" value="<?php echo htmlspecialchars($username); ?>" required>
</div>
</div>
<div class="col-md-6">
<div class="mb-3">
<label for="email" class="form-label">Email <span class="text-danger">*</span></label>
<input type="email" class="form-control" id="email" name="email" value="<?php echo htmlspecialchars($email); ?>" required>
</div>
</div>
<div class="col-md-6">
<div class="mb-3">
<label for="password" class="form-label">Password <span class="text-danger">*</span></label>
<input type="password" class="form-control" id="password" name="password" required>
</div>
</div>
<div class="col-md-6">
<div class="mb-3">
<label for="confirm_password" class="form-label">Confirm Password <span class="text-danger">*</span></label>
<input type="password" class="form-control" id="confirm_password" required>
</div>
</div>
<div class="col-md-6">
<div class="mb-3">
<label for="first_name" class="form-label">First Name <span class="text-danger">*</span></label>
<input type="text" class="form-control" id="first_name" name="first_name" value="<?php echo htmlspecialchars($first_name); ?>" required>
</div>
</div>
<div class="col-md-6">
<div class="mb-3">
<label for="last_name" class="form-label">Last Name <span class="text-danger">*</span></label>
<input type="text" class="form-control" id="last_name" name="last_name" value="<?php echo htmlspecialchars($last_name); ?>" required>
</div>
</div>
<div class="col-md-6">
<div class="mb-3">
<label for="phone" class="form-label">Phone Number</label>
<input type="tel" class="form-control" id="phone" name="phone" value="<?php echo htmlspecialchars($phone); ?>">
</div>
</div>
<div class="col-md-6">
<div class="mb-3">
<label for="profile_image" class="form-label">Profile Image</label>
<input type="file" class="form-control" id="profile_image" name="profile_image" accept="image/*">
<small class="form-text text-muted">Maximum file size: 5MB. Allowed formats: JPG, PNG, GIF</small>
</div>
</div>
<div class="col-md-6">
<div class="mb-3">
<label for="role" class="form-label">Role <span class="text-danger">*</span></label>
<select class="form-select" id="role" name="role" required>
<option value="student" <?php echo $role === 'student' ? 'selected' : ''; ?>>Student</option>
<option value="instructor" <?php echo $role === 'instructor' ? 'selected' : ''; ?>>Instructor</option>
<option value="admin" <?php echo $role === 'admin' ? 'selected' : ''; ?>>Admin</option>
<option value="director" <?php echo $role === 'director' ? 'selected' : ''; ?>>Director</option>
<option value="developer" <?php echo $role === 'developer' ? 'selected' : ''; ?>>Developer</option>
</select>
</div>
</div>
<div class="col-md-6">
<div class="mb-3">
<label for="status" class="form-label">Status <span class="text-danger">*</span></label>
<select class="form-select" id="status" name="status" required>
<option value="active" <?php echo $status === 'active' ? 'selected' : ''; ?>>Active</option>
<option value="pending" <?php echo $status === 'pending' ? 'selected' : ''; ?>>Pending</option>
<option value="suspended" <?php echo $status === 'suspended' ? 'selected' : ''; ?>>Suspended</option>
</select>
</div>
</div>
<div class="col-12">
<div class="mb-3">
<label for="bio" class="form-label">Biography</label>
<textarea class="form-control" id="bio" name="bio" rows="4"><?php echo htmlspecialchars($bio); ?></textarea>
<small class="form-text text-muted">For instructors, this will be displayed on their profile page.</small>
</div>
</div>
<div class="col-12">
<button type="submit" class="btn btn-primary">Create User</button>
</div>
</div>
</form>
</div>
</div>
</main>
</div>
</div>
<!-- Password validation script -->
<script>
document.addEventListener('DOMContentLoaded', function() {
const password = document.getElementById('password');
const confirmPassword = document.getElementById('confirm_password');
const form = document.querySelector('form');
form.addEventListener('submit', function(event) {
if (password.value !== confirmPassword.value) {
event.preventDefault();
alert('Passwords do not match!');
confirmPassword.focus();
}
});
});
</script>
<?php include 'includes/footer.php'; ?>
