<?php
session_start();
require_once 'database/db_config.php';
// Check if user has admin privileges
require_admin_privileges('login.php');
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['user_id'])) {
$user_id = (int)$_POST['user_id'];
// Prevent self-deletion
if ($user_id === $_SESSION['user_id']) {
$_SESSION['error_messages'] = ["You cannot delete your own account"];
header('Location: users.php');
exit();
}
// Check if user exists
$stmt = $conn->prepare("SELECT id, role, profile_image FROM users WHERE id = ?");
$stmt->bind_param("i", $user_id);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows === 0) {
$_SESSION['error_messages'] = ["User not found"];
header('Location: users.php');
exit();
}
$user = $result->fetch_assoc();
// Prevent deletion of the last admin
if ($user['role'] === 'admin') {
$stmt = $conn->prepare("SELECT COUNT(*) as admin_count FROM users WHERE role = 'admin'");
$stmt->execute();
$admin_count = $stmt->get_result()->fetch_assoc()['admin_count'];
if ($admin_count <= 1) {
$_SESSION['error_messages'] = ["Cannot delete the last admin user"];
header('Location: users.php');
exit();
}
}
// Begin transaction to handle related data
$conn->begin_transaction();
try {
// Delete user's enrollments
$stmt = $conn->prepare("DELETE FROM enrollments WHERE user_id = ?");
$stmt->bind_param("i", $user_id);
$stmt->execute();
// Delete user's submissions
$stmt = $conn->prepare("DELETE FROM submissions WHERE user_id = ?");
$stmt->bind_param("i", $user_id);
$stmt->execute();
// Delete user's payments
$stmt = $conn->prepare("DELETE FROM payments WHERE user_id = ?");
$stmt->bind_param("i", $user_id);
$stmt->execute();
// If user is an instructor, handle their courses
if ($user['role'] === 'instructor') {
// Get all courses by this instructor
$stmt = $conn->prepare("SELECT id FROM courses WHERE instructor_id = ?");
$stmt->bind_param("i", $user_id);
$stmt->execute();
$courses = $stmt->get_result()->fetch_all(MYSQLI_ASSOC);
foreach ($courses as $course) {
// Delete course lessons
$stmt = $conn->prepare("DELETE FROM lessons WHERE course_id = ?");
$stmt->bind_param("i", $course['id']);
$stmt->execute();
// Delete course assignments
$stmt = $conn->prepare("DELETE FROM assignments WHERE course_id = ?");
$stmt->bind_param("i", $course['id']);
$stmt->execute();
// Delete course enrollments
$stmt = $conn->prepare("DELETE FROM enrollments WHERE course_id = ?");
$stmt->bind_param("i", $course['id']);
$stmt->execute();
// Delete course categories
$stmt = $conn->prepare("DELETE FROM course_categories WHERE course_id = ?");
$stmt->bind_param("i", $course['id']);
$stmt->execute();
// Delete the course
$stmt = $conn->prepare("DELETE FROM courses WHERE id = ?");
$stmt->bind_param("i", $course['id']);
$stmt->execute();
}
}
// Delete the user's profile image if exists
if (!empty($user['profile_image'])) {
$profile_image_path = '../' . $user['profile_image'];
if (file_exists($profile_image_path)) {
unlink($profile_image_path);
}
}
// Finally, delete the user
$stmt = $conn->prepare("DELETE FROM users WHERE id = ?");
$stmt->bind_param("i", $user_id);
$stmt->execute();
// Commit the transaction
$conn->commit();
$_SESSION['success_message'] = "User and all related data deleted successfully";
// Redirect based on role
if ($user['role'] === 'instructor') {
header('Location: instructors.php');
} else {
header('Location: users.php');
}
} catch (Exception $e) {
// Rollback the transaction on error
$conn->rollback();
$_SESSION['error_messages'] = ["Error deleting user: " . $e->getMessage()];
header('Location: users.php');
}
exit();
}
// If not POST request or no user_id provided, redirect to users page
header('Location: users.php');
exit();
