Admin User Management Documentation
Overview
The Admin User Management system provides a comprehensive interface for administrators to manage user accounts. It includes features for creating, reading, updating, and deleting users (CRUD operations), with role-based access control.
Access Control
php
if (!isset($_SESSION['username'])) {
echo "<script>alert('You are not logged in!');</script>";
header("Location: /login.php");
exit;
}
if ($_SESSION['role'] !== 'admin') {
echo "<script>alert('You do not have permission to access this page.');</script>";
header("Location: /admin/index.php");
exit;
}- Requires user authentication
- Restricts access to admin users only
- Provides clear error messages
- Secure redirection
Features
1. User Creation
php
if (isset($_POST['addUser'])) {
$username = $_POST['username'];
$email = $_POST['email'];
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$mobile = $_POST['mobile'];
$role = $_POST['role'];
$stmt = $conn->prepare("INSERT INTO users (username, email, password, mobile, role) VALUES (?, ?, ?, ?, ?)");
$stmt->bind_param("sssss", $username, $email, $password, $mobile, $role);- Secure password hashing
- Input validation
- Prepared statements
- Role assignment
- Mobile number support
2. User Updates
php
if (isset($_POST['update'])) {
$editUsername = $_POST['editUsername'];
$editEmail = $_POST['editEmail'];
$editMobile = $_POST['editMobile'];
$editRole = $_POST['editRole'];
$editUserId = $_POST['editUserId'];
$stmt = $conn->prepare("UPDATE users SET username = ?, email = ?, mobile = ?, role = ? WHERE id = ?");- Field-by-field updates
- Secure ID-based updates
- Role modification
- Contact information management
3. User Deletion
php
if (isset($_POST['deleteUser'])) {
$deleteUserId = $_POST['deleteUserId'];
$stmt = $conn->prepare("DELETE FROM users WHERE id = ?");
$stmt->bind_param("i", $deleteUserId);- Secure deletion process
- ID-based removal
- Success confirmation
- Error handling
User Interface Components
1. User Listing
html
<table class="table table-hover table-striped">
<thead class="thead-dark">
<tr>
<th>ID</th>
<th>Username</th>
<th>Email</th>
<th>Mobile</th>
<th>Role</th>
<th>Actions</th>
</tr>
</thead>- Sortable columns
- Striped rows for readability
- Action buttons for each user
- Mobile-responsive design
2. Modal Forms
- Add User Modal
- Edit User Modal
- Delete Confirmation Modal
3. Styling Features
css
.table-container {
background-color: white;
padding: 30px;
border-radius: 10px;
box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);
}
.btn-primary {
background-color: #007bff;
border: none;
border-radius: 50px;
}- Modern design elements
- Consistent color scheme
- Responsive layout
- Interactive elements
Security Features
SQL Injection Prevention
- Prepared statements
- Parameter binding
- Input sanitization
XSS Prevention
phpecho htmlspecialchars($user['username']);- Output escaping
- HTML encoding
- Safe data display
Access Control
- Role-based permissions
- Session validation
- Secure redirects
Error Handling
php
if ($stmt->execute()) {
$alertMessage = 'User updated successfully!';
$alertType = 'success';
} else {
$alertMessage = 'Error: ' . $stmt->error;
$alertType = 'danger';
}- Clear error messages
- Success notifications
- User-friendly alerts
- Database error handling
Dependencies
- Bootstrap 4.5.2
- Font Awesome 4.7.0
- jQuery
- Custom CSS styles
Best Practices
1. Database Operations
- Use of prepared statements
- Transaction handling
- Secure password storage
- Data validation
2. User Interface
- Responsive design
- Clear feedback
- Intuitive layout
- Consistent styling
3. Security
- Role verification
- Session management
- Input sanitization
- Secure redirects
Related Components
- Authentication system
- User profile system
- Admin dashboard
- Session management
Future Enhancements
- Bulk user operations
- Advanced search functionality
- User activity logs
- Password reset functionality
- Export user data
- Role management interface