edu-senex/edu/api/admin.php

<?php
require_once __DIR__ . '/import.php';
$admin_action = $segments[1] ?? '';

// GET /api/admin/users
if (get_method() === 'GET' && $admin_action === 'users') {
    require_admin();
    $stmt = $pdo->query("SELECT id, username, display_name, is_admin, created_at FROM users ORDER BY id");
    json_ok(['users' => $stmt->fetchAll()]);
}

// POST /api/admin/users
if (get_method() === 'POST' && $admin_action === 'users') {
    require_admin();
    $body = get_json_body();
    $username = trim($body['username'] ?? '');
    $display_name = trim($body['display_name'] ?? '');
    $password = $body['password'] ?? '';
    $is_admin = !empty($body['is_admin']);

    if (!$username || !$password || !$display_name) json_error('Benutzername, Anzeigename und Passwort erforderlich');
    if (mb_strlen($password) < 6) json_error('Passwort muss mindestens 6 Zeichen haben');

    $hash = password_hash($password, PASSWORD_DEFAULT);
    try {
        $stmt = $pdo->prepare("INSERT INTO users (username, password_hash, display_name, is_admin) VALUES (:u, :h, :d, :a) RETURNING id");
        $stmt->execute([':u' => $username, ':h' => $hash, ':d' => $display_name, ':a' => $is_admin]);
        json_ok(['id' => $stmt->fetchColumn(), 'message' => 'Benutzer erstellt']);
    } catch (PDOException $e) {
        if (strpos($e->getMessage(), 'unique') !== false) json_error('Benutzername existiert bereits');
        throw $e;
    }
}

// DELETE /api/admin/users/{id}
if (get_method() === 'DELETE' && $admin_action === 'users' && !empty($segments[2])) {
    require_admin();
    $del_id = (int) $segments[2];
    if ($del_id === $_SESSION['user_id']) json_error('Eigenen Account kann man nicht loeschen');
    $pdo->prepare("DELETE FROM users WHERE id = :id")->execute([':id' => $del_id]);
    json_ok(['ok' => true]);
}

// POST /api/admin/import
if (get_method() === 'POST' && $admin_action === 'import') {
    require_admin();
    $stats = import_all_content($pdo);
    json_ok(['message' => 'Import abgeschlossen', 'stats' => $stats]);
}

json_error('Unbekannter Admin-Endpunkt', 404);
feat: quiz, cheat sheets, admin modules - MC quiz, search, user mgmt, content import 2026-04-02 23:41:19 +02:00			`<?php`
			`require_once __DIR__ . '/import.php';`
			`$admin_action = $segments[1] ?? '';`

			`// GET /api/admin/users`
			`if (get_method() === 'GET' && $admin_action === 'users') {`
			`require_admin();`
			`$stmt = $pdo->query("SELECT id, username, display_name, is_admin, created_at FROM users ORDER BY id");`
			`json_ok(['users' => $stmt->fetchAll()]);`
			`}`

			`// POST /api/admin/users`
			`if (get_method() === 'POST' && $admin_action === 'users') {`
			`require_admin();`
			`$body = get_json_body();`
			`$username = trim($body['username'] ?? '');`
			`$display_name = trim($body['display_name'] ?? '');`
			`$password = $body['password'] ?? '';`
			`$is_admin = !empty($body['is_admin']);`

			`if (!$username \|\| !$password \|\| !$display_name) json_error('Benutzername, Anzeigename und Passwort erforderlich');`
			`if (mb_strlen($password) < 6) json_error('Passwort muss mindestens 6 Zeichen haben');`

			`$hash = password_hash($password, PASSWORD_DEFAULT);`
			`try {`
			`$stmt = $pdo->prepare("INSERT INTO users (username, password_hash, display_name, is_admin) VALUES (:u, :h, :d, :a) RETURNING id");`
			`$stmt->execute([':u' => $username, ':h' => $hash, ':d' => $display_name, ':a' => $is_admin]);`
			`json_ok(['id' => $stmt->fetchColumn(), 'message' => 'Benutzer erstellt']);`
			`} catch (PDOException $e) {`
			`if (strpos($e->getMessage(), 'unique') !== false) json_error('Benutzername existiert bereits');`
			`throw $e;`
			`}`
			`}`

			`// DELETE /api/admin/users/{id}`
			`if (get_method() === 'DELETE' && $admin_action === 'users' && !empty($segments[2])) {`
			`require_admin();`
			`$del_id = (int) $segments[2];`
			`if ($del_id === $_SESSION['user_id']) json_error('Eigenen Account kann man nicht loeschen');`
			`$pdo->prepare("DELETE FROM users WHERE id = :id")->execute([':id' => $del_id]);`
			`json_ok(['ok' => true]);`
			`}`

			`// POST /api/admin/import`
			`if (get_method() === 'POST' && $admin_action === 'import') {`
			`require_admin();`
			`$stats = import_all_content($pdo);`
			`json_ok(['message' => 'Import abgeschlossen', 'stats' => $stats]);`
			`}`

			`json_error('Unbekannter Admin-Endpunkt', 404);`