/home/awneajlw/www/codestechvista.com/admin/settings.php
<?php
session_start();
require_once '../config/database.php';
require_once '../includes/auth.php';
// Check if user is admin
if (!isset($_SESSION['user_id']) || $_SESSION['user_role'] !== 'admin') {
header('Location: ../login.php');
exit();
}
$database = new Database();
$db = $database->getConnection();
$success_message = '';
$error_message = '';
// Handle Settings Update
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$action = $_POST['action'] ?? '';
if ($action === 'change_password') {
$current_password = $_POST['current_password'] ?? '';
$new_password = $_POST['new_password'] ?? '';
$confirm_password = $_POST['confirm_password'] ?? '';
if ($new_password !== $confirm_password) {
$error_message = "New passwords do not match!";
} elseif (strlen($new_password) < 6) {
$error_message = "Password must be at least 6 characters!";
} else {
// Verify current password
$query = "SELECT password FROM users WHERE id = ?";
$stmt = $db->prepare($query);
$stmt->execute([$_SESSION['user_id']]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if (password_verify($current_password, $user['password'])) {
$hashed_password = password_hash($new_password, PASSWORD_DEFAULT);
$query = "UPDATE users SET password = ? WHERE id = ?";
$stmt = $db->prepare($query);
$stmt->execute([$hashed_password, $_SESSION['user_id']]);
$success_message = "Password changed successfully!";
} else {
$error_message = "Current password is incorrect!";
}
}
}
}
$page_title = "Settings";
?>
<?php include 'includes/header.php'; ?>
<?php include 'includes/sidebar.php'; ?>
<div class="main-content">
<!-- Page Header -->
<div class="page-header">
<h1 class="page-title">
<i class="fas fa-cog"></i> Settings
</h1>
<nav aria-label="breadcrumb">
<ol class="breadcrumb">
<li class="breadcrumb-item"><a href="dashboard.php">Dashboard</a></li>
<li class="breadcrumb-item active">Settings</li>
</ol>
</nav>
</div>
<!-- Alert Messages -->
<?php if ($success_message): ?>
<div class="alert alert-success alert-dismissible fade show" role="alert">
<i class="fas fa-check-circle"></i> <?php echo htmlspecialchars($success_message); ?>
<button type="button" class="btn-close" data-bs-dismiss="alert"></button>
</div>
<?php endif; ?>
<?php if ($error_message): ?>
<div class="alert alert-danger alert-dismissible fade show" role="alert">
<i class="fas fa-exclamation-triangle"></i> <?php echo htmlspecialchars($error_message); ?>
<button type="button" class="btn-close" data-bs-dismiss="alert"></button>
</div>
<?php endif; ?>
<div class="row g-4">
<!-- Account Settings -->
<div class="col-lg-6">
<div class="content-card">
<div class="card-header-custom">
<h3 class="card-title-custom">
<i class="fas fa-user-shield"></i> Account Settings
</h3>
</div>
<div class="mb-3">
<label class="form-label text-muted">Admin Name</label>
<p class="fw-bold"><?php echo htmlspecialchars($_SESSION['user_name'] ?? 'Admin'); ?></p>
</div>
<div class="mb-3">
<label class="form-label text-muted">Email</label>
<p class="fw-bold"><?php echo htmlspecialchars($_SESSION['user_email'] ?? 'admin@eyeclinic.com'); ?></p>
</div>
<div class="mb-3">
<label class="form-label text-muted">Role</label>
<p><span class="badge-custom badge-success">Administrator</span></p>
</div>
</div>
</div>
<!-- Change Password -->
<div class="col-lg-6">
<div class="content-card">
<div class="card-header-custom">
<h3 class="card-title-custom">
<i class="fas fa-key"></i> Change Password
</h3>
</div>
<form method="POST">
<input type="hidden" name="action" value="change_password">
<div class="mb-3">
<label class="form-label">Current Password *</label>
<input type="password" name="current_password" class="form-control" required>
</div>
<div class="mb-3">
<label class="form-label">New Password *</label>
<input type="password" name="new_password" class="form-control" required>
<small class="text-muted">Minimum 6 characters</small>
</div>
<div class="mb-3">
<label class="form-label">Confirm New Password *</label>
<input type="password" name="confirm_password" class="form-control" required>
</div>
<button type="submit" class="btn-primary-custom w-100">
<i class="fas fa-save"></i> Update Password
</button>
</form>
</div>
</div>
<!-- System Information -->
<div class="col-lg-12">
<div class="content-card">
<div class="card-header-custom">
<h3 class="card-title-custom">
<i class="fas fa-server"></i> System Information
</h3>
</div>
<div class="row">
<div class="col-md-3">
<div class="mb-3">
<label class="form-label text-muted">PHP Version</label>
<p class="fw-bold"><?php echo phpversion(); ?></p>
</div>
</div>
<div class="col-md-3">
<div class="mb-3">
<label class="form-label text-muted">Server Software</label>
<p class="fw-bold"><?php echo $_SERVER['SERVER_SOFTWARE'] ?? 'Unknown'; ?></p>
</div>
</div>
<div class="col-md-3">
<div class="mb-3">
<label class="form-label text-muted">Database</label>
<p class="fw-bold">MySQL</p>
</div>
</div>
<div class="col-md-3">
<div class="mb-3">
<label class="form-label text-muted">Timezone</label>
<p class="fw-bold"><?php echo date_default_timezone_get(); ?></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- jQuery -->
<script src="https://code.jquery.com/jquery-3.7.0.min.js"></script>
<!-- Bootstrap JS -->
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>