T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/domains/brickabois.com/public_html/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/domains/brickabois.com/public_html/admin.php
<?php
/**
 * Admin Panel - User Management
 */

// Enable error reporting for debugging
error_reporting(E_ALL);
ini_set('display_errors', 0);
ini_set('log_errors', 1);

require_once dirname(__DIR__) . '/private_html/config.php';
require_once __DIR__ . '/includes/auth.php';

if (!isLoggedIn()) {
    header('Location: /login?redirect=' . urlencode($_SERVER['REQUEST_URI']));
    exit;
}

$currentUser = getCurrentUser();
if (!$currentUser) {
    header('Location: /login?redirect=' . urlencode($_SERVER['REQUEST_URI']));
    exit;
}

// Allow admins or users who are impersonating
if (!isAdmin() && !isImpersonating()) {
    header('Location: /');
    exit;
}

$lang = $_GET['lang'] ?? (isset($_COOKIE['lang']) ? $_COOKIE['lang'] : 'en');
if (!in_array($lang, ['en', 'fr'])) $lang = 'en';
setcookie('lang', $lang, time() + (86400 * 365), '/');

$db = getDBConnection();
$error = '';
$success = '';
$activeTab = $_GET['tab'] ?? 'users';

// Handle stop impersonating
if (isset($_GET['stop_impersonate'])) {
    stopImpersonating();
    header('Location: /admin');
    exit;
}

// Handle password change
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['change_password'])) {
    $user_id = (int)($_POST['user_id'] ?? 0);
    $new_password = $_POST['new_password'] ?? '';
    $confirm_password = $_POST['confirm_password'] ?? '';
    
    if (empty($user_id)) {
        $error = $lang === 'fr' ? 'ID utilisateur requis' : 'User ID required';
    } elseif (empty($new_password)) {
        $error = $lang === 'fr' ? 'Nouveau mot de passe requis' : 'New password required';
    } elseif (strlen($new_password) < 8) {
        $error = $lang === 'fr' ? 'Le mot de passe doit contenir au moins 8 caractères' : 'Password must be at least 8 characters';
    } elseif ($new_password !== $confirm_password) {
        $error = $lang === 'fr' ? 'Les mots de passe ne correspondent pas' : 'Passwords do not match';
    } else {
        // Verify user exists
        $checkStmt = $db->prepare("SELECT id, username FROM users WHERE id = ?");
        $checkStmt->execute([$user_id]);
        $targetUser = $checkStmt->fetch();
        
        if (!$targetUser) {
            $error = $lang === 'fr' ? 'Utilisateur introuvable' : 'User not found';
        } else {
            // Update password
            $newHash = hashPassword($new_password);
            $updateStmt = $db->prepare("UPDATE users SET password_hash = ? WHERE id = ?");
            $updateStmt->execute([$newHash, $user_id]);
            
            $success = $lang === 'fr' 
                ? "Mot de passe modifié avec succès pour l'utilisateur: {$targetUser['username']}"
                : "Password successfully changed for user: {$targetUser['username']}";
        }
    }
}

// Handle user status change
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['change_status'])) {
    $user_id = (int)($_POST['user_id'] ?? 0);
    $new_status = $_POST['new_status'] ?? '';
    
    if (empty($user_id) || !in_array($new_status, ['active', 'suspended', 'pending'])) {
        $error = $lang === 'fr' ? 'Paramètres invalides' : 'Invalid parameters';
    } else {
        $checkStmt = $db->prepare("SELECT id, username FROM users WHERE id = ?");
        $checkStmt->execute([$user_id]);
        $targetUser = $checkStmt->fetch();
        
        if (!$targetUser) {
            $error = $lang === 'fr' ? 'Utilisateur introuvable' : 'User not found';
        } else {
            $updateStmt = $db->prepare("UPDATE users SET status = ? WHERE id = ?");
            $updateStmt->execute([$new_status, $user_id]);
            
            $success = $lang === 'fr' 
                ? "Statut modifié avec succès pour l'utilisateur: {$targetUser['username']}"
                : "Status successfully changed for user: {$targetUser['username']}";
        }
    }
}

// Handle pro account upgrade/downgrade
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['toggle_pro_account'])) {
    $user_id = (int)($_POST['user_id'] ?? 0);
    
    // Check if pro_account column exists
    $columns = $db->query("SHOW COLUMNS FROM users LIKE 'pro_account'")->fetch();
    if (!$columns) {
        $error = $lang === 'fr' ? 'La colonne pro_account n\'existe pas encore. Veuillez exécuter la migration SQL.' : 'pro_account column does not exist yet. Please run the SQL migration.';
    } elseif (empty($user_id)) {
        $error = $lang === 'fr' ? 'ID utilisateur requis' : 'User ID required';
    } else {
        $checkStmt = $db->prepare("SELECT id, username, pro_account FROM users WHERE id = ?");
        $checkStmt->execute([$user_id]);
        $targetUser = $checkStmt->fetch();
        
        if (!$targetUser) {
            $error = $lang === 'fr' ? 'Utilisateur introuvable' : 'User not found';
        } else {
            $newProStatus = $targetUser['pro_account'] ? 0 : 1;
            $updateStmt = $db->prepare("UPDATE users SET pro_account = ? WHERE id = ?");
            $updateStmt->execute([$newProStatus, $user_id]);
            
            $proText = $newProStatus ? ($lang === 'fr' ? 'Compte Pro activé' : 'Pro account enabled') : ($lang === 'fr' ? 'Compte Pro désactivé' : 'Pro account disabled');
            $success = $lang === 'fr' 
                ? "{$proText} pour l'utilisateur: {$targetUser['username']}"
                : "{$proText} for user: {$targetUser['username']}";
        }
    }
}

// Handle sign in as user (impersonation)
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['sign_in_as'])) {
    $user_id = (int)($_POST['user_id'] ?? 0);
    
    if (empty($user_id)) {
        $error = $lang === 'fr' ? 'ID utilisateur requis' : 'User ID required';
    } else {
        $checkStmt = $db->prepare("SELECT id, username, status FROM users WHERE id = ?");
        $checkStmt->execute([$user_id]);
        $targetUser = $checkStmt->fetch();
        
        if (!$targetUser) {
            $error = $lang === 'fr' ? 'Utilisateur introuvable' : 'User not found';
        } elseif ($targetUser['status'] !== 'active') {
            $error = $lang === 'fr' ? 'Impossible de se connecter en tant qu\'utilisateur inactif' : 'Cannot sign in as inactive user';
        } else {
            // Store original admin ID in session
            startSession();
            $_SESSION['original_admin_id'] = $currentUser['id'];
            $_SESSION['impersonating'] = true;
            
            // Login as target user
            loginUser($user_id);
            
            header('Location: /dashboard');
            exit;
        }
    }
}

// Get all users
$search_query = trim($_GET['search'] ?? '');
$status_filter = $_GET['status'] ?? '';

// Check if pro_account column exists
$columns = $db->query("SHOW COLUMNS FROM users LIKE 'pro_account'")->fetch();
$proAccountField = $columns ? ', pro_account' : '';

$sql = "SELECT id, username, email, display_name, role, status{$proAccountField}, created_at, last_login 
        FROM users WHERE 1=1";
$params = [];

if (!empty($search_query)) {
    $sql .= " AND (username LIKE ? OR email LIKE ? OR display_name LIKE ?)";
    $search_param = '%' . $search_query . '%';
    $params = array_merge($params, [$search_param, $search_param, $search_param]);
}

if (!empty($status_filter)) {
    $sql .= " AND status = ?";
    $params[] = $status_filter;
}

$sql .= " ORDER BY created_at DESC";
$usersStmt = $db->prepare($sql);
$usersStmt->execute($params);
$users = $usersStmt->fetchAll();

$translations = [
    'en' => [
        'title' => 'Admin Panel',
        'users' => 'Users',
        'search_users' => 'Search users...',
        'filter_status' => 'Filter by status',
        'all_statuses' => 'All Statuses',
        'username' => 'Username',
        'email' => 'Email',
        'display_name' => 'Display Name',
        'role' => 'Role',
        'status' => 'Status',
        'created_at' => 'Created',
        'last_login' => 'Last Login',
        'actions' => 'Actions',
        'change_password' => 'Change Password',
        'change_status' => 'Change Status',
        'new_password' => 'New Password',
        'confirm_password' => 'Confirm Password',
        'update_password' => 'Update Password',
        'cancel' => 'Cancel',
        'active' => 'Active',
        'suspended' => 'Suspended',
        'pending' => 'Pending',
        'citizen' => 'Citizen',
        'steward' => 'Steward',
        'creator' => 'Creator',
        'admin' => 'Admin',
    ],
    'fr' => [
        'title' => 'Panneau d\'Administration',
        'users' => 'Utilisateurs',
        'search_users' => 'Rechercher des utilisateurs...',
        'filter_status' => 'Filtrer par statut',
        'all_statuses' => 'Tous les statuts',
        'username' => 'Nom d\'utilisateur',
        'email' => 'Email',
        'display_name' => 'Nom d\'affichage',
        'role' => 'Rôle',
        'status' => 'Statut',
        'created_at' => 'Créé le',
        'last_login' => 'Dernière connexion',
        'actions' => 'Actions',
        'change_password' => 'Changer le mot de passe',
        'change_status' => 'Changer le statut',
        'sign_in_as' => 'Se connecter en tant que',
        'upgrade_to_pro' => 'Passer au compte Pro',
        'downgrade_from_pro' => 'Rétrograder du compte Pro',
        'pro_account' => 'Compte Pro',
        'new_password' => 'Nouveau mot de passe',
        'confirm_password' => 'Confirmer le mot de passe',
        'update_password' => 'Mettre à jour le mot de passe',
        'cancel' => 'Annuler',
        'active' => 'Actif',
        'suspended' => 'Suspendu',
        'pending' => 'En attente',
        'citizen' => 'Citoyen',
        'steward' => 'Intendant',
        'creator' => 'Créateur',
        'admin' => 'Administrateur',
    ]
];

$t = $translations[$lang];
?>
<!DOCTYPE html>
<html lang="<?= $lang ?>">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title><?= htmlspecialchars($t['title']) ?> - Free Village Network</title>
    <link rel="stylesheet" href="/assets/css/main.css">
    <link rel="stylesheet" href="/assets/css/navbar-modern.css">
    <link rel="stylesheet" href="/assets/css/themes.css">
    <script>
        // Initialize theme immediately
        (function() {
            const theme = localStorage.getItem('theme') || 'dark';
            document.documentElement.setAttribute('data-theme', theme);
            const colorTheme = localStorage.getItem('colorTheme') || 'forest';
            document.documentElement.setAttribute('data-color-theme', colorTheme);
        })();
    </script>
    <style>
        body {
            background: var(--color-bg);
            color: var(--color-text);
            min-height: 100vh;
        }
        .admin-container {
            max-width: 1400px;
            margin: 100px auto 3rem;
            padding: 0 2rem;
        }
        
        .admin-header {
            margin-bottom: 2rem;
        }
        
        .admin-header h1 {
            font-size: 2.5rem;
            color: var(--color-accent);
            margin-bottom: 0.5rem;
        }
        
        .admin-tabs {
            display: flex;
            gap: 1rem;
            border-bottom: 2px solid var(--color-border);
            margin-bottom: 2rem;
        }
        
        .admin-tab {
            padding: 1rem 1.5rem;
            background: transparent;
            border: none;
            border-bottom: 3px solid transparent;
            color: var(--color-text-secondary);
            font-size: 1rem;
            font-weight: 600;
            cursor: pointer;
            transition: all 0.3s ease;
        }
        
        .admin-tab:hover {
            color: var(--color-text);
            background: rgba(212, 165, 116, 0.1);
        }
        
        .admin-tab.active {
            color: var(--color-accent);
            border-bottom-color: var(--color-accent);
        }
        
        .admin-filters {
            display: flex;
            gap: 1rem;
            margin-bottom: 2rem;
            flex-wrap: wrap;
        }
        
        .admin-search {
            flex: 1;
            min-width: 250px;
            padding: 0.75rem 1rem;
            background: var(--color-bg-card);
            border: 1px solid var(--color-border);
            border-radius: 10px;
            color: var(--color-text);
            font-size: 1rem;
        }
        
        .admin-select {
            padding: 0.75rem 1rem;
            background: var(--color-bg-card);
            border: 1px solid var(--color-border);
            border-radius: 10px;
            color: var(--color-text);
            font-size: 1rem;
            cursor: pointer;
        }
        
        .users-table {
            width: 100%;
            background: var(--color-bg-card);
            border: 1px solid var(--color-border);
            border-radius: 12px;
            overflow: hidden;
        }
        
        .users-table table {
            width: 100%;
            border-collapse: collapse;
        }
        
        .users-table th {
            background: var(--color-bg-light);
            padding: 1rem;
            text-align: left;
            font-weight: 600;
            color: var(--color-text);
            border-bottom: 2px solid var(--color-border);
        }
        
        .users-table td {
            padding: 1rem;
            border-bottom: 1px solid var(--color-border);
            color: var(--color-text-secondary);
        }
        
        .users-table tr:hover {
            background: rgba(212, 165, 116, 0.05);
        }
        
        .users-table tr:last-child td {
            border-bottom: none;
        }
        
        .status-badge {
            display: inline-block;
            padding: 0.4rem 0.8rem;
            border-radius: 20px;
            font-size: 0.85rem;
            font-weight: 600;
        }
        
        .status-active {
            background: rgba(34, 197, 94, 0.2);
            color: #22c55e;
        }
        
        .status-suspended {
            background: rgba(239, 68, 68, 0.2);
            color: #ef4444;
        }
        
        .status-pending {
            background: rgba(251, 191, 36, 0.2);
            color: #fbbf24;
        }
        
        .role-badge {
            display: inline-block;
            padding: 0.4rem 0.8rem;
            border-radius: 20px;
            font-size: 0.85rem;
            font-weight: 600;
            background: rgba(212, 165, 116, 0.2);
            color: var(--color-accent);
        }
        
        .action-buttons {
            display: flex;
            gap: 0.5rem;
        }
        
        .btn-action {
            padding: 0.5rem 1rem;
            background: rgba(212, 165, 116, 0.1);
            border: 1px solid rgba(212, 165, 116, 0.3);
            border-radius: 8px;
            color: var(--color-accent);
            font-size: 0.9rem;
            font-weight: 600;
            cursor: pointer;
            transition: all 0.3s ease;
        }
        
        .btn-action:hover {
            background: rgba(212, 165, 116, 0.2);
            border-color: var(--color-accent);
        }
        
        .modal {
            display: none;
            position: fixed;
            top: 0;
            left: 0;
            right: 0;
            bottom: 0;
            background: rgba(0, 0, 0, 0.8);
            backdrop-filter: blur(5px);
            z-index: 2000;
            align-items: center;
            justify-content: center;
        }
        
        .modal.active {
            display: flex;
        }
        
        .modal-content {
            background: var(--color-bg-card);
            border: 2px solid var(--color-border);
            border-radius: 16px;
            padding: 2rem;
            max-width: 500px;
            width: 90%;
            max-height: 90vh;
            overflow-y: auto;
        }
        
        .modal-header {
            margin-bottom: 1.5rem;
        }
        
        .modal-header h2 {
            color: var(--color-accent);
            font-size: 1.5rem;
            margin-bottom: 0.5rem;
        }
        
        .form-group {
            margin-bottom: 1.5rem;
        }
        
        .form-group label {
            display: block;
            margin-bottom: 0.5rem;
            color: var(--color-text);
            font-weight: 600;
        }
        
        .form-group input,
        .form-group select {
            width: 100%;
            padding: 0.75rem;
            background: var(--color-bg);
            border: 1px solid var(--color-border);
            border-radius: 8px;
            color: var(--color-text);
            font-size: 1rem;
        }
        
        .form-group input:focus,
        .form-group select:focus {
            outline: none;
            border-color: var(--color-accent);
        }
        
        .form-actions {
            display: flex;
            gap: 1rem;
            justify-content: flex-end;
        }
        
        .btn-primary {
            padding: 0.75rem 1.5rem;
            background: var(--color-accent);
            border: none;
            border-radius: 8px;
            color: var(--color-bg);
            font-weight: 600;
            cursor: pointer;
            transition: all 0.3s ease;
        }
        
        .btn-primary:hover {
            background: var(--color-accent-light);
            transform: translateY(-2px);
        }
        
        .btn-secondary {
            padding: 0.75rem 1.5rem;
            background: transparent;
            border: 1px solid var(--color-border);
            border-radius: 8px;
            color: var(--color-text);
            font-weight: 600;
            cursor: pointer;
            transition: all 0.3s ease;
        }
        
        .btn-secondary:hover {
            background: var(--color-bg-light);
        }
        
        .alert {
            padding: 1rem;
            border-radius: 8px;
            margin-bottom: 1.5rem;
        }
        
        .alert-error {
            background: rgba(239, 68, 68, 0.2);
            border: 1px solid rgba(239, 68, 68, 0.5);
            color: #ef4444;
        }
        
        .alert-success {
            background: rgba(34, 197, 94, 0.2);
            border: 1px solid rgba(34, 197, 94, 0.5);
            color: #22c55e;
        }
        
        @media (max-width: 768px) {
            .admin-container {
                padding: 0 1rem;
                margin-top: 80px;
            }
            
            .users-table {
                overflow-x: auto;
            }
            
            .users-table table {
                min-width: 800px;
            }
            
            .admin-filters {
                flex-direction: column;
            }
            
            .admin-search {
                width: 100%;
            }
        }
    </style>
</head>
<body>
    <?php include __DIR__ . '/includes/navbar.php'; ?>
    
    <div class="admin-container">
        <div class="admin-header">
            <h1><?= htmlspecialchars($t['title']) ?></h1>
            <p style="color: var(--color-text-secondary);"><?= $lang === 'fr' ? 'Gestion des utilisateurs et administration' : 'User management and administration' ?></p>
        </div>
        
        <?php if ($error): ?>
            <div class="alert alert-error"><?= htmlspecialchars($error) ?></div>
        <?php endif; ?>
        
        <?php if ($success): ?>
            <div class="alert alert-success"><?= htmlspecialchars($success) ?></div>
        <?php endif; ?>
        
        <div class="admin-tabs">
            <button class="admin-tab <?= $activeTab === 'users' ? 'active' : '' ?>" onclick="window.location.href='?tab=users'">
                <?= htmlspecialchars($t['users']) ?>
            </button>
        </div>
        
        <?php if ($activeTab === 'users'): ?>
            <div class="admin-filters">
                <form method="GET" style="display: flex; gap: 1rem; flex: 1; flex-wrap: wrap;">
                    <input type="hidden" name="tab" value="users">
                    <input 
                        type="text" 
                        name="search" 
                        class="admin-search" 
                        placeholder="<?= htmlspecialchars($t['search_users']) ?>"
                        value="<?= htmlspecialchars($search_query) ?>"
                    >
                    <select name="status" class="admin-select">
                        <option value=""><?= htmlspecialchars($t['all_statuses']) ?></option>
                        <option value="active" <?= $status_filter === 'active' ? 'selected' : '' ?>><?= htmlspecialchars($t['active']) ?></option>
                        <option value="suspended" <?= $status_filter === 'suspended' ? 'selected' : '' ?>><?= htmlspecialchars($t['suspended']) ?></option>
                        <option value="pending" <?= $status_filter === 'pending' ? 'selected' : '' ?>><?= htmlspecialchars($t['pending']) ?></option>
                    </select>
                    <button type="submit" class="btn-primary" style="padding: 0.75rem 1.5rem;"><?= $lang === 'fr' ? 'Rechercher' : 'Search' ?></button>
                </form>
            </div>
            
            <div class="users-table">
                <table>
                    <thead>
                        <tr>
                            <th><?= htmlspecialchars($t['username']) ?></th>
                            <th><?= htmlspecialchars($t['email']) ?></th>
                            <th><?= htmlspecialchars($t['display_name']) ?></th>
                            <th><?= htmlspecialchars($t['role']) ?></th>
                            <th><?= htmlspecialchars($t['status']) ?></th>
                            <th><?= htmlspecialchars($t['pro_account']) ?></th>
                            <th><?= htmlspecialchars($t['created_at']) ?></th>
                            <th><?= htmlspecialchars($t['last_login']) ?></th>
                            <th><?= htmlspecialchars($t['actions']) ?></th>
                        </tr>
                    </thead>
                    <tbody>
                        <?php if (empty($users)): ?>
                            <tr>
                                <td colspan="9" style="text-align: center; padding: 2rem; color: var(--color-text-secondary);">
                                    <?= $lang === 'fr' ? 'Aucun utilisateur trouvé' : 'No users found' ?>
                                </td>
                            </tr>
                        <?php else: ?>
                            <?php foreach ($users as $user): ?>
                                <tr>
                                    <td><?= htmlspecialchars($user['username']) ?></td>
                                    <td><?= htmlspecialchars($user['email']) ?></td>
                                    <td><?= htmlspecialchars($user['display_name'] ?: '-') ?></td>
                                    <td><span class="role-badge"><?= htmlspecialchars($t[$user['role']] ?? $user['role']) ?></span></td>
                                    <td>
                                        <span class="status-badge status-<?= htmlspecialchars($user['status']) ?>">
                                            <?= htmlspecialchars($t[$user['status']] ?? $user['status']) ?>
                                        </span>
                                    </td>
                                    <td>
                                        <?php if (isset($user['pro_account']) && !empty($user['pro_account'])): ?>
                                            <span class="status-badge status-active">✓ Pro</span>
                                        <?php else: ?>
                                            <span style="color: var(--color-text-secondary);">-</span>
                                        <?php endif; ?>
                                    </td>
                                    <td><?= date('Y-m-d', strtotime($user['created_at'])) ?></td>
                                    <td><?= $user['last_login'] ? date('Y-m-d H:i', strtotime($user['last_login'])) : '-' ?></td>
                                    <td>
                                        <div class="action-buttons" style="flex-wrap: wrap; gap: 0.5rem;">
                                            <button class="btn-action" onclick="signInAs(<?= $user['id'] ?>)">
                                                <?= htmlspecialchars($t['sign_in_as']) ?>
                                            </button>
                                            <button class="btn-action" onclick="openPasswordModal(<?= $user['id'] ?>, '<?= htmlspecialchars($user['username']) ?>')">
                                                <?= htmlspecialchars($t['change_password']) ?>
                                            </button>
                                            <button class="btn-action" onclick="openStatusModal(<?= $user['id'] ?>, '<?= htmlspecialchars($user['username']) ?>', '<?= htmlspecialchars($user['status']) ?>')">
                                                <?= htmlspecialchars($t['change_status']) ?>
                                            </button>
                                            <?php 
                                            $hasProColumn = $db->query("SHOW COLUMNS FROM users LIKE 'pro_account'")->fetch();
                                            if ($hasProColumn): 
                                            ?>
                                            <button class="btn-action" onclick="toggleProAccount(<?= $user['id'] ?>, <?= (isset($user['pro_account']) && !empty($user['pro_account'])) ? 'true' : 'false' ?>)">
                                                <?= (isset($user['pro_account']) && !empty($user['pro_account'])) ? htmlspecialchars($t['downgrade_from_pro']) : htmlspecialchars($t['upgrade_to_pro']) ?>
                                            </button>
                                            <?php endif; ?>
                                        </div>
                                    </td>
                                </tr>
                            <?php endforeach; ?>
                        <?php endif; ?>
                    </tbody>
                </table>
            </div>
        <?php endif; ?>
    </div>
    
    <!-- Password Change Modal -->
    <div id="passwordModal" class="modal">
        <div class="modal-content">
            <div class="modal-header">
                <h2><?= htmlspecialchars($t['change_password']) ?></h2>
                <p style="color: var(--color-text-secondary);" id="passwordModalUser"></p>
            </div>
            <form method="POST" id="passwordForm">
                <input type="hidden" name="user_id" id="passwordUserId">
                <input type="hidden" name="change_password" value="1">
                <div class="form-group">
                    <label for="new_password"><?= htmlspecialchars($t['new_password']) ?></label>
                    <input type="password" name="new_password" id="new_password" required minlength="8">
                </div>
                <div class="form-group">
                    <label for="confirm_password"><?= htmlspecialchars($t['confirm_password']) ?></label>
                    <input type="password" name="confirm_password" id="confirm_password" required minlength="8">
                </div>
                <div class="form-actions">
                    <button type="button" class="btn-secondary" onclick="closePasswordModal()"><?= htmlspecialchars($t['cancel']) ?></button>
                    <button type="submit" class="btn-primary"><?= htmlspecialchars($t['update_password']) ?></button>
                </div>
            </form>
        </div>
    </div>
    
    <!-- Status Change Modal -->
    <div id="statusModal" class="modal">
        <div class="modal-content">
            <div class="modal-header">
                <h2><?= htmlspecialchars($t['change_status']) ?></h2>
                <p style="color: var(--color-text-secondary);" id="statusModalUser"></p>
            </div>
            <form method="POST" id="statusForm">
                <input type="hidden" name="user_id" id="statusUserId">
                <input type="hidden" name="change_status" value="1">
                <div class="form-group">
                    <label for="new_status"><?= htmlspecialchars($t['status']) ?></label>
                    <select name="new_status" id="new_status" required>
                        <option value="active"><?= htmlspecialchars($t['active']) ?></option>
                        <option value="suspended"><?= htmlspecialchars($t['suspended']) ?></option>
                        <option value="pending"><?= htmlspecialchars($t['pending']) ?></option>
                    </select>
                </div>
                <div class="form-actions">
                    <button type="button" class="btn-secondary" onclick="closeStatusModal()"><?= htmlspecialchars($t['cancel']) ?></button>
                    <button type="submit" class="btn-primary"><?= $lang === 'fr' ? 'Mettre à jour' : 'Update' ?></button>
                </div>
            </form>
        </div>
    </div>
    
    <script>
        function openPasswordModal(userId, username) {
            document.getElementById('passwordUserId').value = userId;
            document.getElementById('passwordModalUser').textContent = '<?= $lang === 'fr' ? 'Utilisateur' : 'User' ?>: ' + username;
            document.getElementById('passwordModal').classList.add('active');
            document.getElementById('new_password').focus();
        }
        
        function closePasswordModal() {
            document.getElementById('passwordModal').classList.remove('active');
            document.getElementById('passwordForm').reset();
        }
        
        function openStatusModal(userId, username, currentStatus) {
            document.getElementById('statusUserId').value = userId;
            document.getElementById('statusModalUser').textContent = '<?= $lang === 'fr' ? 'Utilisateur' : 'User' ?>: ' + username;
            document.getElementById('new_status').value = currentStatus;
            document.getElementById('statusModal').classList.add('active');
        }
        
        function closeStatusModal() {
            document.getElementById('statusModal').classList.remove('active');
        }
        
        // Close modals on outside click
        document.getElementById('passwordModal').addEventListener('click', function(e) {
            if (e.target === this) {
                closePasswordModal();
            }
        });
        
        document.getElementById('statusModal').addEventListener('click', function(e) {
            if (e.target === this) {
                closeStatusModal();
            }
        });
        
        // Close modals on Escape key
        document.addEventListener('keydown', function(e) {
            if (e.key === 'Escape') {
                closePasswordModal();
                closeStatusModal();
            }
        });
        
        function signInAs(userId) {
            if (confirm('<?= $lang === 'fr' ? 'Êtes-vous sûr de vouloir vous connecter en tant que cet utilisateur?' : 'Are you sure you want to sign in as this user?' ?>')) {
                const form = document.createElement('form');
                form.method = 'POST';
                form.innerHTML = '<input type="hidden" name="sign_in_as" value="1"><input type="hidden" name="user_id" value="' + userId + '">';
                document.body.appendChild(form);
                form.submit();
            }
        }
        
        function toggleProAccount(userId, isPro) {
            const action = isPro ? '<?= $lang === 'fr' ? 'rétrograder' : 'downgrade' ?>' : '<?= $lang === 'fr' ? 'passer au compte Pro' : 'upgrade to Pro' ?>';
            if (confirm('<?= $lang === 'fr' ? 'Êtes-vous sûr de vouloir' : 'Are you sure you want to' ?> ' + action + '?')) {
                const form = document.createElement('form');
                form.method = 'POST';
                form.innerHTML = '<input type="hidden" name="toggle_pro_account" value="1"><input type="hidden" name="user_id" value="' + userId + '">';
                document.body.appendChild(form);
                form.submit();
            }
        }
    </script>
</body>
</html>

CasperSecurity Mini