41 lines
1.3 KiB
PHP
41 lines
1.3 KiB
PHP
<?php
|
|
session_start();
|
|
require_once '../config/database.php';
|
|
require_once '../includes/auth.php';
|
|
|
|
requireRole(['superadmin', 'admin']);
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$name = trim($_POST['name']);
|
|
$username = trim($_POST['username']);
|
|
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
|
|
$role = $_POST['role'];
|
|
|
|
// Validar rol según permisos
|
|
if (!hasRole('superadmin') && in_array($role, ['admin', 'superadmin'])) {
|
|
$_SESSION['error'] = 'No tienes permisos para crear este tipo de usuario.';
|
|
header('Location: ../users.php');
|
|
exit;
|
|
}
|
|
|
|
try {
|
|
$stmt = $db->prepare("INSERT INTO users (username, password, name, role) VALUES (:username, :password, :name, :role)");
|
|
$stmt->execute([
|
|
'username' => $username,
|
|
'password' => $password,
|
|
'name' => $name,
|
|
'role' => $role
|
|
]);
|
|
$_SESSION['success'] = 'Usuario creado correctamente.';
|
|
} catch (PDOException $e) {
|
|
if ($e->getCode() == 23000) { // UNIQUE constraint failed
|
|
$_SESSION['error'] = 'El nombre de usuario ya existe.';
|
|
} else {
|
|
$_SESSION['error'] = 'Error al crear el usuario. Código: ' . $e->getCode();
|
|
}
|
|
}
|
|
|
|
header('Location: ../users.php');
|
|
exit;
|
|
}
|