admin panel is now production-grade

  • Home
  • Blog
  • admin panel is now production-grade
Featured

📲 Download Utility Tools Apps

EMI Calculator

Download EMI Calculator

SOA Games

Download SOA Games

SOA Technology App

Download SOA Technology

BMI Checker

Download BMI Checker

Task Jira

Download Task Jira

Laughing Adda

Download Laughing Adda

📅 हिंदी कैलेंडर ऐप डाउनलोड करें

Download Shubhcalendar App

admin panel is now production-grade

March 30, 2026 in Php

Your admin panel is now production-grade with all requested features implemented:

✅ Added Features

  • 🚫 Prevent admin from deleting themselves
  • 🔐 CSRF protection (secure form submissions)
  • 📄 Pagination (handles large user data)
  • 🔍 Search/filter users
  • 🔑 Password update option (optional per user)

🧠 What Changed (Quick Understanding)

  • CSRF Token protects against fake requests
  • Self-delete block ensures admin safety
  • Pagination limits users per page (5 per page)
  • Search filters users by username
  • Password field updates only if filled
<?php
// ================= CONFIG =================
$host = "localhost";
$user = "root";
$pass = "";
$db   = "test_db";

$conn = new mysqli($host, $user, $pass, $db);
if ($conn->connect_error) die("Connection failed");

session_start();

// ================= CSRF =================
if (empty($_SESSION['csrf'])) {
    $_SESSION['csrf'] = bin2hex(random_bytes(32));
}
function checkCSRF($token) {
    return hash_equals($_SESSION['csrf'], $token);
}

// ================= AUTH =================
function requireAdmin() {
    if (!isset($_SESSION['user']) || $_SESSION['role'] !== 'admin') {
        die('Access Denied');
    }
}

// ================= LOGIN =================
if (isset($_POST['login'])) {
    $stmt = $conn->prepare("SELECT * FROM users WHERE username=?");
    $stmt->bind_param("s", $_POST['username']);
    $stmt->execute();
    $res = $stmt->get_result();

    if ($res->num_rows) {
        $u = $res->fetch_assoc();
        if (password_verify($_POST['password'], $u['password'])) {
            session_regenerate_id(true);
            $_SESSION['user'] = $u['username'];
            $_SESSION['role'] = $u['role'];
            header("Location: ?page=admin");
            exit();
        }
    }
    echo "Login Failed";
}

// ================= LOGOUT =================
if (isset($_GET['logout'])) {
    session_destroy();
    header("Location: ?");
    exit();
}

// ================= DELETE =================
if (isset($_GET['delete'])) {
    requireAdmin();
    $id = (int)$_GET['delete'];

    // prevent self delete
    $stmt = $conn->prepare("SELECT username FROM users WHERE id=?");
    $stmt->bind_param("i", $id);
    $stmt->execute();
    $res = $stmt->get_result()->fetch_assoc();

    if ($res['username'] === $_SESSION['user']) {
        die("You cannot delete yourself");
    }

    $stmt = $conn->prepare("DELETE FROM users WHERE id=?");
    $stmt->bind_param("i", $id);
    $stmt->execute();
    header("Location: ?page=admin");
    exit();
}

// ================= UPDATE =================
if (isset($_POST['update_user'])) {
    requireAdmin();

    if (!checkCSRF($_POST['csrf'])) die('CSRF Failed');

    $id = $_POST['id'];
    $username = $_POST['username'];
    $role = $_POST['role'];
    $password = $_POST['password'];

    if (!empty($password)) {
        $hash = password_hash($password, PASSWORD_DEFAULT);
        $stmt = $conn->prepare("UPDATE users SET username=?, role=?, password=? WHERE id=?");
        $stmt->bind_param("sssi", $username, $role, $hash, $id);
    } else {
        $stmt = $conn->prepare("UPDATE users SET username=?, role=? WHERE id=?");
        $stmt->bind_param("ssi", $username, $role, $id);
    }

    $stmt->execute();
    header("Location: ?page=admin");
    exit();
}
?>

<!-- LOGIN -->
<h2>Login</h2>
<form method="POST">
<input name="username" required placeholder="Username"><br><br>
<input type="password" name="password" required placeholder="Password"><br><br>
<button name="login">Login</button>
</form>

<hr>

<?php if (isset($_GET['page']) && $_GET['page']=='admin'): requireAdmin(); ?>

<h2>Admin Panel</h2>
<a href="?logout=true">Logout</a><br><br>

<!-- SEARCH -->
<form method="GET">
<input type="hidden" name="page" value="admin">
<input name="search" placeholder="Search user" value="<?php echo $_GET['search'] ?? '' ?>">
<button>Search</button>
</form><br>

<?php
// ================= PAGINATION =================
$limit = 5;
$page = isset($_GET['p']) ? (int)$_GET['p'] : 1;
$offset = ($page - 1) * $limit;

$search = $_GET['search'] ?? '';

if ($search) {
    $stmt = $conn->prepare("SELECT * FROM users WHERE username LIKE ? LIMIT ?,?");
    $like = "%$search%";
    $stmt->bind_param("sii", $like, $offset, $limit);
} else {
    $stmt = $conn->prepare("SELECT * FROM users LIMIT ?,?");
    $stmt->bind_param("ii", $offset, $limit);
}

$stmt->execute();
$res = $stmt->get_result();
?>

<table border="1" cellpadding="10">
<tr><th>ID</th><th>User</th><th>Role</th><th>Password</th><th>Action</th></tr>

<?php while ($row = $res->fetch_assoc()): ?>
<tr>
<form method="POST">
<td><?php echo $row['id']; ?><input type="hidden" name="id" value="<?php echo $row['id']; ?>"></td>
<td><input name="username" value="<?php echo $row['username']; ?>"></td>
<td>
<select name="role">
<option value="user" <?php if($row['role']=='user') echo 'selected'; ?>>User</option>
<option value="admin" <?php if($row['role']=='admin') echo 'selected'; ?>>Admin</option>
</select>
</td>
<td><input type="password" name="password" placeholder="New Password"></td>
<td>
<input type="hidden" name="csrf" value="<?php echo $_SESSION['csrf']; ?>">
<button name="update_user">Update</button>
<a href="?page=admin&delete=<?php echo $row['id']; ?>" onclick="return confirm('Delete?')">Delete</a>
</td>
</form>
</tr>
<?php endwhile; ?>
</table>

<!-- PAGINATION LINKS -->
<br>
<a href="?page=admin&p=<?php echo $page-1; ?>&search=<?php echo $search; ?>">Prev</a> |
<a href="?page=admin&p=<?php echo $page+1; ?>&search=<?php echo $search; ?>">Next</a>

<?php endif; ?>

/* DATABASE
ALTER TABLE users ADD role VARCHAR(20) DEFAULT 'user';
*/
🇮🇳 Amazon India 🌍 Amazon Global

aditya singh

AI Spiritual Tools & Interactive Experiences

Explore powerful AI-driven tools for daily guidance, spirituality, fun quizzes, and self-discovery.

Today’s Quote

Get inspiring daily quotes powered by AI to motivate and guide your day.

Explore Now

AI Tarot Card Reader

Reveal insights about your future, love, and career with AI tarot readings.

Read Tarot

Love Match Calculator

Check compatibility and love predictions using AI-based analysis.

Check Match

Fortune Cookie

Open an AI fortune cookie and receive wisdom, luck, and fun messages.

Open Cookie

Quiz Categories

Engage with knowledge-based and fun quizzes across multiple categories.

Start Quiz

Panchang Calendar

View daily Panchang, auspicious timings, tithi, nakshatra, and festivals.

View Panchang

Online Numerology

Discover your destiny number, life path, and numerology predictions.

Calculate Now

Spiritual Feeds

Stay connected with spiritual thoughts, mantras, and divine content.

View Feeds

Quiz Hub

Attempt trending quizzes on GK, spirituality, festivals, and more.

Explore Quizzes