/* Decoded by unphp.net */ session_start(); require '../../db_connection.php'; if (!isset($_SESSION['user_id'])) { header("Location: /admin/login"); exit; } $sql = "SELECT * FROM benutzer WHERE id = ".$_SESSION['user_id']; $result = $conn->query($sql); $user = $result->fetch_assoc(); if (!$user ||$user['admin'] != 1) { header("Location: $login_url"); exit; } if ($_SERVER['REQUEST_METHOD'] === 'POST') { $userId = $_POST['userId']; $userName = $_POST['userName']; $userAdminRights = $_POST['userAdminRights']; $checkSuperAdminSql = "SELECT * FROM benutzer WHERE id = ? AND super_admin = 1"; $checkSuperAdminStmt = $conn->prepare($checkSuperAdminSql); $checkSuperAdminStmt->bind_param("i",$userId); $checkSuperAdminStmt->execute(); $superAdminUser = $checkSuperAdminStmt->fetch(); if ($superAdminUser) { $_SESSION['error_message'] = "Du darfst einen Superadmin nicht bearbeiten."; header("Location: ".($phpenable === 'true'?$siteurl .$admin_directory .$users_url_admin .'.php': $siteurl .$admin_directory .$users_url_admin)); exit; } if (!empty($_POST['userPassword'])) { $userPassword = $_POST['userPassword']; $hashedPassword = password_hash($userPassword,PASSWORD_DEFAULT); $updateSql = "UPDATE benutzer SET name = ?, password = ?, admin = ? WHERE id = ?"; $stmt = $conn->prepare($updateSql); $stmt->bind_param("ssii",$userName,$hashedPassword,$userAdminRights,$userId); }else { $updateSql = "UPDATE benutzer SET name = ?, admin = ? WHERE id = ?"; $stmt = $conn->prepare($updateSql); $stmt->bind_param("sii",$userName,$userAdminRights,$userId); } if ($stmt->execute()) { $_SESSION['success_message'] = "Die Benutzer-Daten wurden erfolgreich geändert."; header("Location: ".($phpenable === 'true'?$siteurl .$admin_directory .$users_url_admin .'.php': $siteurl .$admin_directory .$users_url_admin)); exit; }else { $_SESSION['error_message'] = "Fehler"; header("Location: ".($phpenable === 'true'?$siteurl .$admin_directory .$users_url_admin .'.php': $siteurl .$admin_directory .$users_url_admin)); exit; } }else { $_SESSION['error_message'] = "Fehler"; header("Location: ".($phpenable === 'true'?$siteurl .$admin_directory .$users_url_admin .'.php': $siteurl .$admin_directory .$users_url_admin)); exit; } ;