feat: user dashboard admin

public/css/styles.css

@@ -197,6 +197,97 @@ textarea {
   text-decoration: none;
 }
 
+.overlay {
+  /* Position the overlay to cover the entire viewport */
+  position: fixed;
+  top: 0;
+  left: 0;
+  width: 100%;
+  height: 100%;
+  /* Add background image or color for the overlay */
+  background: rgba(0, 0, 0, 0.5); /* Semi-transparent black overlay */
+  backdrop-filter: blur(5px); /* Apply a blur effect to the background */
+  display: flex;
+  justify-content: center; /* Center content horizontally */
+  align-items: center; /* Center content vertically */
+}
+
+.overlay .form {
+  position: fixed;
+  top: 0;
+  left: 0;
+}
+
+.popup {
+  display: flex;
+  flex-direction: column;
+  background: white;
+  padding: 30px 40px 30px 40px;
+  width: 30%;
+  border-radius: 8px;
+  background: var(--neutral-grey-dark, #21252C);
+  margin-top: 5%;
+  margin-bottom: 5%;
+}
+
+.popup p {
+  color: var(--neutral-grey-light, #BABDC3);
+  font-style: normal;
+  font-weight: 400;
+  text-align: center;
+}
+
+.popup div {
+  display: flex;
+  flex-direction: row;
+  justify-content: space-between;
+  gap: 30px;
+}
+
+.button-delete {
+  border:none;
+  border-radius: 8px;
+  background: #eb5050;
+  color: white;
+  width: 100%;
+  padding-top: 10px;
+  padding-bottom: 10px;
+  transition: all 0.5s;
+  cursor: pointer;
+  font-weight: bold;
+  margin-top: 20px;
+  margin-bottom: 20px;
+  align-self: stretch;
+}
+
+.button-delete:hover {background-color: #ff9898}
+
+.button-delete:active {
+  background-color: #b63131;
+}
+
+.button-cancel {
+  border:none;
+  border-radius: 8px;
+  background: var(--primary-base, #5360DC);
+  color: white;
+  width: 100%;
+  padding-top: 10px;
+  padding-bottom: 10px;
+  transition: all 0.5s;
+  cursor: pointer;
+  font-weight: bold;
+  margin-top: 20px;
+  margin-bottom: 20px;
+  align-self: stretch;
+}
+
+.button-cancel:hover {background-color: #7580e3}
+
+.button-cancel:active {
+  background-color: #313c9f;
+}
+
 @media only screen and (max-width: 800px) {
   .form-container {
     width: 100%;

src/App.php

@@ -12,6 +12,7 @@ use app\controllers\ProfileController;
 use app\controllers\ReviewController;
 use app\controllers\RegisterController;
 use app\controllers\UpdateFilmController;
+use app\controllers\UserDashboardController;
 use app\repositories\UserRepository;
 use app\repositories\ReviewRepository;
 use app\services\UserService;
@@ -41,5 +42,6 @@ class App
     $this->router->addRoute('/add-film', CreateFilmController::class);
     $this->router->addRoute('/update-film', UpdateFilmController::class);
     $this->router->addRoute('/profile', ProfileController::class);
+    $this->router->addRoute('/user-dashboard', UserDashboardController::class);
   }
 }

src/base/BaseRepository.php

@@ -242,7 +242,8 @@ abstract class BaseRepository
     $sql .= "$primaryKey = :primaryKey";
 
     $stmt = $this->pdo->prepare($sql);
-    $stmt->bindValue(":primaryKey", $model->get('$primaryKey'), PDO::PARAM_INT);
+    $stmt->bindValue(":primaryKey", $model->get($primaryKey), PDO::PARAM_INT);
+
 
     $stmt->execute();
     return $stmt->rowCount();

src/controllers/ProfileController.php

@@ -57,11 +57,12 @@ class ProfileController extends BaseController
 
       // Call service
       $response = $this->service->update($user);
-      echo $response;
       $msg = "";
 
-      $_SESSION['username'] = $username;
-      $msg = "Successfully updated profile!";
+      if ($response != null) {
+        $_SESSION['username'] = $username;
+        $msg = "Successfully updated profile!";
+      }
 
       // Render response
       parent::redirect("/", ["Msg" => $msg]);

src/controllers/UserDashboardController.php

+<?php
+
+namespace app\controllers;
+
+use app\base\BaseController;
+use app\exceptions\BadRequestException;
+use app\services\UserService;
+use Exception;
+
+class UserDashboardController extends BaseController
+{
+  public function __construct()
+  {
+    parent::__construct(UserService::getInstance());
+  }
+
+  protected function get($urlParams)
+  {
+    if (!isset($_SESSION['role']) or $_SESSION['role'] != 'admin') {
+      // TODO: make error controller
+      parent::redirect("/error", [], 401);
+      return;
+    }
+    $urlParams['users'] = $this->service->getAllUser();
+    if (isset($urlParams['context']) and $urlParams['context'] == 'update') {
+      $user = $this->service->getById($urlParams['user_id']);
+      if ($urlParams['action'] == 'edit') {
+        $urlParams['email'] = $user->email;
+        $urlParams['username'] = $user->username;
+        parent::render($urlParams, "update-user", "layouts/base");
+      }
+      if ($urlParams['action'] == 'delete') {
+        $urlParams['username'] = $user->username;
+        parent::render($urlParams, "delete-user", "layouts/base");
+      }
+      unset($urlParams['context']);
+    } else {
+
+      parent::render($urlParams, "user-dashboard", "layouts/base");
+    }
+  }
+
+  protected function post($urlParams)
+  {
+    if (!isset($_SESSION['role']) or $_SESSION['role'] != 'admin') {
+      parent::redirect("/error", [], 401);
+      return;
+    }
+    if (isset($urlParams['context']) and $urlParams['context'] == 'update') {
+      if ($urlParams['action'] == 'edit') {
+        try {
+          $user = $this->service->getById($urlParams['user_id']);
+          $old_pass = $user->password;
+
+          // Get data
+          $email = $_POST['email'];
+          $username = $_POST['username'];
+          $password = $_POST['password'] ? $_POST['password'] : $old_pass;
+          $confirm_password = $_POST['confirm-password'] ? $_POST['confirm-password'] : $old_pass;
+
+          if ($this->service->isEmailExist($email) and $user->email != $email) {
+            throw new BadRequestException("Email Already Exists!");
+          }
+
+          if ($this->service->isUsernameExist($username) and $user->username != $username) {
+            throw new BadRequestException("Username Already Exists!");
+          }
+
+          if ($password != $confirm_password) {
+            throw new BadRequestException("Password does not match!");
+          }
+
+          $user
+            ->set('email', $email)
+            ->set('username', $username)
+            ->set('password', $_POST['password'] ? password_hash($password, PASSWORD_DEFAULT) : $password);
+
+          // Call service
+          $response = $this->service->update($user);
+
+          if ($response == 1) {
+            $msg = "User updated successfully!";
+            $urlParams['msg'] = $msg;
+          }
+
+          // Unset the parameters
+          unset($urlParams['context']);
+          unset($urlParams['action']);
+          unset($urlParams['user_id']);
+          // Redirect to own link, but with no params
+          parent::redirect("/user-dashboard", $urlParams);
+        } catch (Exception $e) {
+          $msg = $e->getMessage();
+          $urlParams['errorMsg'] = $msg;
+          parent::redirect("/user-dashboard", $urlParams);
+        }
+      }
+      if ($urlParams['action'] == 'delete') {
+        try {
+          $user = $this->service->getById($urlParams['user_id']);
+          $confirm_delete = $_POST['delete_confirm'];
+
+          if ($confirm_delete == 'yes') {
+            $response = $this->service->deleteById($user->user_id);
+            if ($response == 1) {
+              $msg = "User $user->username deleted successfully";
+              $urlParams['msg'] = $msg;
+            }
+            // Unset the parameters
+            unset($urlParams['context']);
+            unset($urlParams['action']);
+            unset($urlParams['user_id']);
+            unset($urlParams['delete_confirm']);
+            // Redirect to own link, but with no params
+            parent::redirect("/user-dashboard", $urlParams);
+          } else {
+            // Unset the parameters
+            unset($urlParams['context']);
+            unset($urlParams['action']);
+            unset($urlParams['user_id']);
+            unset($urlParams['delete_confirm']);
+            // Redirect to own link, but with no params
+            parent::redirect("/user-dashboard", $urlParams);
+          }
+        } catch (Exception $e) {
+          $msg = $e->getMessage();
+          $urlParams['errorMsg'] = $msg;
+          parent::redirect("/user-dashboard", $urlParams);
+        }
+      }
+    } else {
+      $action = $_POST['action'];
+      $user_id = $_POST['user_id'];
+
+      $urlParams = ['context' => 'update'];
+      $urlParams['action'] = $action;
+      $urlParams['user_id'] = $user_id;
+
+      parent::redirect("/user-dashboard", $urlParams);
+    }
+  }
+}

src/repositories/UserRepository.php

@@ -3,6 +3,7 @@
 namespace app\repositories;
 
 use app\base\BaseRepository;
+use app\models\UserModel;
 use PDO;
 
 class UserRepository extends BaseRepository
@@ -36,4 +37,12 @@ class UserRepository extends BaseRepository
   {
     return $this->findOne(['username' => [$username, PDO::PARAM_STR]]);
   }
+
+  public function deleteById($user_id)
+  {
+    $user = $this->getById($user_id);
+    $userModel = new UserModel();
+    $userModel->constructFromArray($user);
+    return $this->delete($userModel);
+  }
 }

src/services/UserService.php

@@ -202,4 +202,9 @@ class UserService extends BaseService
     $arrParams['role'] = PDO::PARAM_STR;
     $this->repository->update($user, $arrParams);
   }
+
+  public function deleteById($user_id)
+  {
+    $this->repository->deleteById($user_id);
+  }
 }

views/delete-user.php

+<div>
+  <table class='user-list'>
+    <tr>
+      <th>User Id</th>
+      <th>Username</th>
+      <th>Email</th>
+      <th>Role</th>
+      <th>Actions</th>
+    </tr>
+    <?
+    foreach ($users as $user) {
+      echo
+      "<tr class='user-card'>
+        <td>
+          $user->user_id
+        </td>
+        <td>
+          $user->username
+        </td>
+        <td>
+          $user->email
+        </td>
+        <td>
+          $user->role
+        </td>
+        <td>
+          <form method='post'>
+            <input type='hidden' name='action' value='edit'>
+            <input type='hidden' name='user_id' value='$user->user_id'>
+            <button type='submit'>edit</button>
+          </form>
+        </td>
+        <td>
+          <form method='post'>
+            <input type='hidden' name='action' value='delete'>
+            <input type='hidden' name='user_id' value='$user->user_id'>
+            <button type='submit'>delete</button>
+          </form>
+        </td>
+      </tr>";
+    }
+    ?>
+
+</div>
+<div class="overlay">
+  <div class="popup">
+    <h1 class="header-title">Are you sure?</h1>
+    <p class="error-msg"><?php if (isset($errorMsg)) {
+                            echo "$errorMsg";
+                          } ?></p>
+    <p>User <?= $username ?> will be deleted forever!</p>
+    <div>
+      <form method='post' enctype="multipart/form-data">
+        <input type='hidden' name='delete_confirm' value='yes'>
+        <button type="submit" class="button-delete">Delete</button>
+      </form>
+      <form method='post' enctype="multipart/form-data">
+        <input type='hidden' name='delete_confirm' value='no'>
+        <button type="submit" class="button-cancel">Cancel</button>
+      </form>
+    </div>
+  </div>
+</div>
\ No newline at end of file

views/update-film.php

 <div class="form-container">
-  <h2 class="header-title">Add Film</h2>
+  <h2 class="header-title">Update Film</h2>
   <p class="error-msg"><?php if (isset($errorMsg)) {
                           echo "$errorMsg";
                         } ?></p>

views/update-user.php

+<div class="form-container">
+  <h2 class="header-title">Update User</h2>
+  <p class="error-msg"><?php if (isset($errorMsg)) {
+                          echo "$errorMsg";
+                        } ?></p>
+  <form class="form" method="post" enctype="multipart/form-data">
+    <div class="form-group">
+      <label for="email">Email</label>
+      <br>
+      <input class="input" type="text" id="email" name="email" value="<?= $email ?>" required>
+    </div>
+    <div class="form-group">
+      <label for="username">Username</label>
+      <br>
+      <input class="input" type="text" id="username" name="username" value="<?= $username ?>" required>
+    </div>
+    <div class="form-group">
+      <label for="password">Password</label>
+      <br>
+      <input class="input" type="password" id="password" name="password">
+    </div>
+    <div class="form-group">
+      <label for="confirm-password">Confirm Password</label>
+      <br>
+      <input class="input" type="password" id="confirm-password" name="confirm-password">
+    </div>
+    <div class="form-group">
+      <button class="button" ctype="submit">Update</button>
+    </div>
+  </form>
+</div>
\ No newline at end of file

views/user-dashboard.php

+<div>
+  <p class="error-msg"><?php if (isset($errorMsg)) {
+                          echo "$errorMsg";
+                        } ?></p>
+  <table class='user-list'>
+    <tr>
+      <th>User Id</th>
+      <th>Username</th>
+      <th>Email</th>
+      <th>Role</th>
+      <th>Actions</th>
+    </tr>
+    <?
+    foreach ($users as $user) {
+      echo
+      "<tr class='user-card'>
+        <td>
+          $user->user_id
+        </td>
+        <td>
+          $user->username
+        </td>
+        <td>
+          $user->email
+        </td>
+        <td>
+          $user->role
+        </td>
+        <td>
+          <form method='post'>
+            <input type='hidden' name='action' value='edit'>
+            <input type='hidden' name='user_id' value='$user->user_id'>
+            <button type='submit'>edit</button>
+          </form>
+        </td>
+        <td>
+          <form method='post'>
+            <input type='hidden' name='action' value='delete'>
+            <input type='hidden' name='user_id' value='$user->user_id'>
+            <button type='submit'>delete</button>
+          </form>
+        </td>
+      </tr>";
+    }
+    ?>
+</div>
\ No newline at end of file