require_once 'config.php';

checkAuth();

if(!isAdmin()) die('Access Denied');

if(isset($_POST['delete_id'])) {

if (!validateCsrf($_POST['csrf_token'])) {

die('CSRF Error');

}

$stmt = $pdo->prepare("DELETE FROM users WHERE id = ? AND role != 'admin'");

$stmt->execute([$_POST['delete_id']]);

}

$users = $pdo->query("SELECT * FROM users")->fetchAll();

<!DOCTYPE html>

<html lang="th">

<head>

<meta charset="UTF-8">

<title>จัดการสมาชิก</title>

<script src="https://cdn.tailwindcss.com"></script>

</head>

<body class="bg-gray-50">

<div class="container mx-auto p-6">

<h2 class="text-2xl font-bold mb-4">จัดการบัญชีผู้ใช้งาน</h2>

<div class="bg-white rounded shadow">

<table class="w-full">

<thead class="bg-gray-100">

<tr>

<th class="p-3 text-left">ชื่อ-นามสกุล</th>

<th class="p-3 text-left">Username</th>

<th class="p-3 text-left">สิทธิ์</th>

<th class="p-3 text-left">จัดการ</th>

</tr>

</thead>

<tbody>

<?php foreach($users as $u): ?>

<tr class="border-b">

<td class="p-3"><?php echo htmlspecialchars($u['fullname']); ?></td>

<td class="p-3"><?php echo htmlspecialchars($u['username']); ?></td>

<td class="p-3 font-bold"><?php echo htmlspecialchars($u['role']); ?></td>

<td class="p-3">

<?php if($u['role'] != 'admin'): ?>

<form method="POST" onsubmit="return confirm('ลบหรือไม่?')" style="display:inline">

<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">

<input type="hidden" name="delete_id" value="<?php echo $u['id']; ?>">

<button type="submit" class="text-red-500 underline">ลบ</button>

</form>

<?php endif; ?>

</td>

</tr>

<?php endforeach; ?>

</tbody>

</table>

</div>

<a href="dashboard.php" class="mt-4 inline-block text-blue-500">กลับสู่หน้าหลัก</a>

</div>

</body>

</html>