From 8845b83634be5c26c82a80b4fb6f73341f9e84e4 Mon Sep 17 00:00:00 2001
From: Andrea Fiorencis <me@andrestork.moe>
Date: Thu, 9 Apr 2026 08:33:28 +0200
Subject: [PATCH 1/5] Aggiunta supporto variabili d'ambiente per parametri
 connessione DB

---
 .env.example    | 4 ++++
 .gitignore      | 3 ++-
 src/db_conf.php | 8 ++++----
 3 files changed, 10 insertions(+), 5 deletions(-)
 create mode 100644 .env.example

diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..dce6e29
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,4 @@
+DB_HOST=localhost
+DB_USERNAME=techstore
+DB_PASSWORD=dioporco
+DB_DATABASE=TechStore
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 1a806e8..b548c8d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 img/*
 !img/example/
-!img/logo.png
\ No newline at end of file
+!img/logo.png
+.env
\ No newline at end of file
diff --git a/src/db_conf.php b/src/db_conf.php
index 2cc2573..80c4c2b 100644
--- a/src/db_conf.php
+++ b/src/db_conf.php
@@ -1,9 +1,9 @@
 <?php
 // Configurazione connessione database
-$host = 'localhost';
-$username = 'techstore';
-$password = 'dioporco';
-$database = 'TechStore';
+$host = getenv("DB_HOST") ?: 'localhost';
+$username = getenv("DB_USERNAME") ?:'root';
+$password = getenv("DB_PASSWORD") ?: '';
+$database = getenv("DB_DATABASE") ?: 'TechStore';
 
 // Creazione connessione
 $conn = mysqli_connect($host, $username, $password, $database);

From 3ffa3435a4a37d07471e727fb4f8ddc9cbdc3842 Mon Sep 17 00:00:00 2001
From: Andrea Fiorencis <me@andrestork.moe>
Date: Wed, 15 Apr 2026 11:16:44 +0200
Subject: [PATCH 2/5] Fix warning session_start()

---
 src/login.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/login.php b/src/login.php
index 61b34e2..5ad289b 100644
--- a/src/login.php
+++ b/src/login.php
@@ -1,3 +1,8 @@
+<?php
+session_start();
+include 'db_conf.php';
+?>
+
 <!DOCTYPE html>
 <html lang="it">
 <head>
@@ -8,9 +13,6 @@
 </head>
 <body>
     <?php
-        session_start();
-        include 'db_conf.php';
-        
         $error = '';
         
         if ($_SERVER['REQUEST_METHOD'] === 'POST') {

From a8690feafcf312c43af14ab8dd3839c1c882c2fa Mon Sep 17 00:00:00 2001
From: Andrea Fiorencis <me@andrestork.moe>
Date: Wed, 15 Apr 2026 11:20:15 +0200
Subject: [PATCH 3/5] fix: login non funzionante in apache (container)

---
 src/login.php | 75 ++++++++++++++++++++++++++-------------------------
 1 file changed, 38 insertions(+), 37 deletions(-)

diff --git a/src/login.php b/src/login.php
index 5ad289b..c314ef5 100644
--- a/src/login.php
+++ b/src/login.php
@@ -1,6 +1,44 @@
 <?php
 session_start();
 include 'db_conf.php';
+
+$error = '';
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $email = $_POST['email'];
+    $password = $_POST['password'];
+    
+    $sql = "SELECT UserID, Name, Surname, Password, Role FROM Users WHERE Email = ?";
+    if ($stmt = $conn->prepare($sql)) {
+        $stmt->bind_param("s", $email);
+        $stmt->execute();
+        $stmt->store_result();
+        
+        if ($stmt->num_rows > 0) {
+            $stmt->bind_result($user_id, $name, $surname, $hashed_password, $role);
+            $stmt->fetch();
+            
+            if (password_verify($password, $hashed_password)) {
+                $_SESSION['id'] = $user_id;
+                $_SESSION['name'] = $name;
+                $_SESSION['surname'] = $surname;
+                $_SESSION['role'] = $role;
+                header('Location: index.php');
+                exit();
+            } else {
+                $error = 'Credenziali errate.';
+            }
+        } else {
+            $error = 'Credenziali errate.';
+        }
+        
+        $stmt->close();
+    } else {
+        $error = 'Errore nel database.';
+    }
+}
+
+$conn->close();
 ?>
 
 <!DOCTYPE html>
@@ -12,43 +50,6 @@ include 'db_conf.php';
     <link rel="stylesheet" href="assets/style.css">
 </head>
 <body>
-    <?php
-        $error = '';
-        
-        if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-            $email = $_POST['email'];
-            $password = $_POST['password'];
-            
-            $sql = "SELECT UserID, Name, Surname, Password, Role FROM Users WHERE Email = ?";
-            if ($stmt = $conn->prepare($sql)) {
-                $stmt->bind_param("s", $email);
-                $stmt->execute();
-                $stmt->store_result();
-                
-                if ($stmt->num_rows > 0) {
-                    $stmt->bind_result($user_id, $name, $surname, $hashed_password, $role);
-                    $stmt->fetch();
-                    
-                    if (password_verify($password, $hashed_password)) {
-                        $_SESSION['id'] = $user_id;
-                        $_SESSION['name'] = $name;
-                        $_SESSION['surname'] = $surname;
-                        $_SESSION['role'] = $role;
-                        header('Location: index.php');
-                        exit();
-                    } else {
-                        $error = 'Credenziali errate.';
-                    }
-                } else {
-                    $error = 'Credenziali errate.';
-                }
-                
-                $stmt->close();
-            } else {
-                $error = 'Errore nel database.';
-            }
-        }
-    ?>
     <form action="" method="POST">
         <h2>Login</h2>
         <label for="email">Indirizzo e-mail:</label>

From 2e7cfa93cf4451b0f9048b5eecae7969d073ed68 Mon Sep 17 00:00:00 2001
From: Andrea Fiorencis <me@andrestork.moe>
Date: Wed, 15 Apr 2026 11:25:51 +0200
Subject: [PATCH 4/5] Cambio creds predefinite

---
 src/db_conf.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/db_conf.php b/src/db_conf.php
index 80c4c2b..b475761 100644
--- a/src/db_conf.php
+++ b/src/db_conf.php
@@ -1,8 +1,8 @@
 <?php
 // Configurazione connessione database
 $host = getenv("DB_HOST") ?: 'localhost';
-$username = getenv("DB_USERNAME") ?:'root';
-$password = getenv("DB_PASSWORD") ?: '';
+$username = getenv("DB_USERNAME") ?:'techstore';
+$password = getenv("DB_PASSWORD") ?: 'dioporco';
 $database = getenv("DB_DATABASE") ?: 'TechStore';
 
 // Creazione connessione

From 1823553f554b9bb96f6f745f3f6f46892b2e18f6 Mon Sep 17 00:00:00 2001
From: Andrea Fiorencis <me@andrestork.moe>
Date: Wed, 15 Apr 2026 11:39:59 +0200
Subject: [PATCH 5/5] Fix gestione errori connessione db (password mostrata in
 chiaro in pagina)

---
 src/db_conf.php | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/db_conf.php b/src/db_conf.php
index b475761..961b997 100644
--- a/src/db_conf.php
+++ b/src/db_conf.php
@@ -5,12 +5,13 @@ $username = getenv("DB_USERNAME") ?:'techstore';
 $password = getenv("DB_PASSWORD") ?: 'dioporco';
 $database = getenv("DB_DATABASE") ?: 'TechStore';
 
-// Creazione connessione
-$conn = mysqli_connect($host, $username, $password, $database);
-
-// Controllo connessione
-if ($conn->connect_error) {
-    die("Connessione fallita: " . $conn->connect_error);
+// Creazione e gestione eccezioni connessione
+try{
+    $conn = mysqli_connect($host, $username, $password, $database);
+}
+catch(Exception $e) {
+    error_log("Errore connessione database: " . $e->getMessage());
+    die("Errore di connessione al database. Riprova più tardi.");
 }
 
 // Opzionale: impostare charset