prepare($sql)->execute($params); $msg = "Staff updated!"; } else { // INSERT $hash = password_hash($password, PASSWORD_DEFAULT); $stmt = $pdo->prepare("INSERT INTO users (name, email, password_hash, role, permissions) VALUES (?, ?, ?, 'staff', ?)"); $stmt->execute([$name, $email, $hash, $perms]); $msg = "Staff added!"; } } // 2. DELETE STAFF if (isset($_GET['delete'])) { $pdo->prepare("DELETE FROM users WHERE id=? AND role='staff'")->execute([$_GET['delete']]); header("Location: staff.php"); exit(); } // 3. FETCH STAFF $staff_members = $pdo->query("SELECT * FROM users WHERE role='staff' ORDER BY id DESC")->fetchAll(); $edit_staff = null; if (isset($_GET['edit'])) { $edit_staff = $pdo->query("SELECT * FROM users WHERE id=" . $_GET['edit'])->fetch(); } // Helper to check checked boxes function hasPerm($key, $user) { if (!$user) return false; $p = json_decode($user['permissions'], true); return is_array($p) && in_array($key, $p); } ?> Manage Staff

Staff Management

style="padding:10px; width:100%; margin-bottom:20px;">
".ucfirst($p).""; } ?>
NameEmailPermissionsAction
Edit | Delete