prepare("SELECT id, userrole, username FROM app_users WHERE username = ?"); $queryprm->bind_param("s", $username); $queryprm->execute(); $queryprmres = $queryprm->get_result()->fetch_assoc(); $cruserrole = $queryprmres["userrole"]; if ($cruserrole == 'admin' || $cruserrole == 'superadmin') { // Get the role of the user whose role is being updated, from the 'app_users' table $queryusr = $mysqli->prepare("SELECT id, userrole, sip_username FROM app_users WHERE sip_username = ?"); $queryusr->bind_param("s", $sipUsername); $queryusr->execute(); $queryusrres = $queryusr->get_result()->fetch_assoc(); $rolefromdb = $queryusrres["userrole"]; if ($cruserrole == 'superadmin') { $query = $mysqli->prepare("UPDATE `app_users` SET `userrole`=?, `user_groups`=? WHERE `sip_username`=?"); $query->bind_param("sss", $newrole, $usergroups, $sipUsername); if ($query->execute()) { $messagetosend = 'success'; } else { $messagetosend = 'An error occurred while attempting to save user data to the database!'; } } elseif ($cruserrole == 'admin' && $newrole == 'superadmin') { $messagetosend = 'Admins cannot make other users Superadmins.'; } elseif ($cruserrole == 'admin' && $newrole == 'regular_user' && $rolefromdb != 'regular_user') { $messagetosend = 'Admins cannot assign the role of Regular User to Admins or Superadmins.'; } elseif ($cruserrole == 'admin' && $newrole == 'regular_user' && $rolefromdb == 'regular_user') { $query = $mysqli->prepare("UPDATE `app_users` SET `userrole`=?, `user_groups`=? WHERE `sip_username`=?"); $query->bind_param("sss", $newrole, $usergroups, $sipUsername); if ($query->execute()) { $messagetosend = 'success'; } else { $messagetosend = 'An error occurred while attempting to save user data to the database!'; } } elseif ($cruserrole == 'admin' && $newrole == 'admin' && $rolefromdb == 'regular_user') { $query = $mysqli->prepare("UPDATE `app_users` SET `userrole`=?, `user_groups`=? WHERE `sip_username`=?"); $query->bind_param("sss", $newrole, $usergroups, $sipUsername); if ($query->execute()) { $messagetosend = 'success'; } else { $messagetosend = 'An error occurred while attempting to save user data to the database!'; } } elseif ($cruserrole == 'admin' && $newrole == 'admin' && $rolefromdb == 'admin') { $messagetosend = 'Admins cannot change the user groups of other Admins.'; } elseif ($cruserrole == 'admin' && $newrole == 'admin' && $rolefromdb == 'superadmin') { $messagetosend = 'Admins cannot assign the role of Admin to Superadmins.'; } } else { $messagetosend = 'Only Admins and Superadmins can change the role and user groups of Roundpin users.'; } $response = array('result' => $messagetosend); echo json_encode($response); } else { header("Location: ../login.php"); } ?>