OwlCyberSecurity - MANAGER

Edit File: add_admin.php

<?php
// add_admin.php

// Ensure session_start() is NOT called here.
// // session_start(); // Keep this commented out or remove.

require_once './config/config.php';
require_once 'includes/auth_validate.php';

//Only super admin is allowed to access this page
if ($_SESSION['admin_type'] !== 'super') {
    // Use flash message and redirect instead of echo
    $_SESSION['failure'] = "Permission Denied";
    // FIX: Redirect to admin_users page via content.php
    header('location: content.php?page=admin_users');
    exit();
}

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $data_to_store = filter_input_array(INPUT_POST);

// Basic sanitization for user_name
    if (isset($data_to_store['user_name'])) {
        $data_to_store['user_name'] = htmlspecialchars(trim($data_to_store['user_name']), ENT_QUOTES, 'UTF-8');
    } else {
        $_SESSION['failure'] = "User name is required.";
        header('location: content.php?page=add_admin'); // Redirect back to add form
        exit();
    }

$db = getDbInstance();
    //Check whether the user name already exists ;
    $db->where('user_name', $data_to_store['user_name']);
    $db->get('admin_accounts');

if($db->count >=1){
        $_SESSION['failure'] = "User name already exists";
        // FIX: Redirect to add_admin page via content.php
        header('location: content.php?page=add_admin');
        exit();
    }

//Encrypt password
    if (isset($data_to_store['password'])) {
        $data_to_store['password'] = password_hash($data_to_store['password'], PASSWORD_DEFAULT);
    } else {
        // Handle case where password might be missing
        $_SESSION['failure'] = "Password is required.";
        header('location: content.php?page=add_admin'); // Redirect back to add form
        exit();
    }
    
    //reset db instance (not strictly necessary here as it's a new instance but good practice if reused)
    $db = getDbInstance(); 
    $last_id = $db->insert ('admin_accounts', $data_to_store);
    if($last_id)
    {
        $_SESSION['success'] = "Admin user added successfully!";
        // FIX: Redirect to admin_users page via content.php
        header('location: content.php?page=admin_users');
        exit();
    } else {
        $_SESSION['failure'] = "Failed to add Admin user: " . $db->getLastError();
        // FIX: Redirect back to add_admin page via content.php on failure
        header('location: content.php?page=add_admin'); 
        exit();
    }

}

$edit = false; // For the form, if it's reused for add/edit

require_once 'includes/header.php';
?>
<div id="page-wrapper">
    <div class="row">
        <div class="col-lg-12">
            <h2 class="page-header">Add User</h2>
        </div>
    </div>
    <?php
    include_once('includes/flash_messages.php');
    ?>
    <form class="well form-horizontal" action=" " method="post"  id="contact_form" enctype="multipart/form-data">
        <?php include_once './forms/admin_users_form.php'; ?>
    </form>
</div>

<?php include_once 'includes/footer.php'; ?>