From 397c899115beb5703129a559f9745746f3962560 Mon Sep 17 00:00:00 2001
From: Andrea Fiorencis <me@andrestork.moe>
Date: Fri, 10 Apr 2026 11:39:37 +0200
Subject: [PATCH] Implementata pagina gestione ordini

---
 src/admin/manageOrders.php | 163 +++++++++++++++++++++++++++++++++++++
 src/assets/style.css       |  66 +++++++++++++++
 2 files changed, 229 insertions(+)
 create mode 100644 src/admin/manageOrders.php

diff --git a/src/admin/manageOrders.php b/src/admin/manageOrders.php
new file mode 100644
index 0000000..c6e4a6b
--- /dev/null
+++ b/src/admin/manageOrders.php
@@ -0,0 +1,163 @@
+<?php
+session_start();
+include '../db_conf.php';
+
+// Controlla se l'utente è loggato
+if (!isset($_SESSION['id'])) {
+    header('Location: ../login.php');
+    exit();
+}
+
+// Controlla se l'utente ha ruolo admin
+$user_id = $_SESSION['id'];
+$sql_role = "SELECT Role FROM Users WHERE UserID = ?";
+$stmt_role = $conn->prepare($sql_role);
+$stmt_role->bind_param("i", $user_id);
+$stmt_role->execute();
+$stmt_role->bind_result($role);
+$stmt_role->fetch();
+$stmt_role->close();
+
+if ($role !== 'admin') {
+    http_response_code(403);
+    die("Accesso negato. Solo gli amministratori possono accedere a questa sezione.");
+}
+
+// Gestisci azioni (cambio stato, eliminazione)
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $action = $_POST['action'] ?? '';
+    $order_id = $_POST['order_id'] ?? 0;
+
+    if ($action === 'update_status') {
+        $new_status = $_POST['status'] ?? '';
+        if (in_array($new_status, ['pending', 'completed', 'cancelled'])) {
+            $sql_update = "UPDATE Orders SET Status = ? WHERE OrderID = ?";
+            $stmt_update = $conn->prepare($sql_update);
+            $stmt_update->bind_param("si", $new_status, $order_id);
+            $stmt_update->execute();
+            $stmt_update->close();
+        }
+    } elseif ($action === 'delete_order') {
+        // Elimina gli items dell'ordine prima di eliminare l'ordine
+        $sql_delete_items = "DELETE FROM OrderItems WHERE OrderID = ?";
+        $stmt_delete_items = $conn->prepare($sql_delete_items);
+        $stmt_delete_items->bind_param("i", $order_id);
+        $stmt_delete_items->execute();
+        $stmt_delete_items->close();
+
+        // Elimina l'ordine
+        $sql_delete = "DELETE FROM Orders WHERE OrderID = ?";
+        $stmt_delete = $conn->prepare($sql_delete);
+        $stmt_delete->bind_param("i", $order_id);
+        $stmt_delete->execute();
+        $stmt_delete->close();
+    }
+}
+
+// Query per ottenere tutti gli ordini con dettagli utente
+$sql = "SELECT o.OrderID, o.UserID, u.Name, u.Surname, u.Email, o.OrderDate, o.Total, o.Status,
+               GROUP_CONCAT(p.ProductName SEPARATOR ', ') AS Products
+        FROM Orders o
+        LEFT JOIN Users u ON o.UserID = u.UserID
+        LEFT JOIN OrderItems oi ON o.OrderID = oi.OrderID
+        LEFT JOIN Products p ON oi.ProductID = p.ProductID
+        GROUP BY o.OrderID
+        ORDER BY o.OrderDate DESC";
+$result = $conn->query($sql);
+
+if ($result === false) {
+    die("Errore nella query: " . $conn->error);
+}
+?>
+
+<!DOCTYPE html>
+<html lang="it">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Dashboard amministratore - TechStore</title>
+    <link rel="stylesheet" href="/assets/style.css">
+    <script src="/assets/js/cart.js"></script>
+</head>
+<body>
+    <header style="display: flex; justify-content: space-between; align-items: center; padding: 10px; background-color: #f2f2f2; border-bottom: 1px solid #ddd;">
+        <div id="logo" style="font-size: 24px; font-weight: bold;"><a href="/index.php"><img src="/img/logo.png" alt="Logo TechStore" height="32px"></a></div>
+        <div>
+            <a href="/cart.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #007bff; color: white; border: none; border-radius: 4px; cursor: pointer;">Carrello</button></a>
+            <?php if (isset($_SESSION['name'])): ?>
+                <a href="/logout.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #dc3545; color: white; border: none; border-radius: 4px; cursor: pointer;">Logout</button></a>
+                <span style="margin-left: 10px;">Benvenuto, <?php echo htmlspecialchars($_SESSION['name']); ?></span>
+            <?php else: ?>
+                <a href="/login.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #28a745; color: white; border: none; border-radius: 4px; cursor: pointer;">Accesso</button></a>
+            <?php endif; ?>
+        </div>
+    </header>
+
+    <?php if (isset($_SESSION['name'])): ?>
+        <div class="account-layout">
+            <div class="my-sidebar">
+                <ul>
+                    <li><a href="/admin">Dashboard</a></li>
+                    <li><a href="/admin/manageOrders.php">Gestione ordini</a></li>
+                </ul>
+            </div>
+            <div class="my-container">
+                <h1>Gestione Ordini</h1>
+                
+                <?php if ($result && $result->num_rows > 0): ?>
+                    <table class="admin-table">
+                        <thead>
+                            <tr>
+                                <th>ID Ordine</th>
+                                <th>Cliente</th>
+                                <th>Email</th>
+                                <th>Prodotti</th>
+                                <th>Data</th>
+                                <th>Totale</th>
+                                <th>Stato</th>
+                                <th>Azioni</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            <?php while ($order = $result->fetch_assoc()): ?>
+                                <tr>
+                                    <td>#<?php echo htmlspecialchars($order['OrderID']); ?></td>
+                                    <td><?php echo htmlspecialchars($order['Name'] . ' ' . $order['Surname']); ?></td>
+                                    <td><?php echo htmlspecialchars($order['Email']); ?></td>
+                                    <td><?php echo htmlspecialchars($order['Products'] ?? 'N/A'); ?></td>
+                                    <td><?php echo date('d/m/Y H:i', strtotime($order['OrderDate'])); ?></td>
+                                    <td>€<?php echo number_format($order['Total'], 2, ',', '.'); ?></td>
+                                    <td>
+                                        <form method="POST" style="display: inline;">
+                                            <input type="hidden" name="action" value="update_status">
+                                            <input type="hidden" name="order_id" value="<?php echo $order['OrderID']; ?>">
+                                            <select name="status" onchange="this.form.submit()" class="status-select status-<?php echo htmlspecialchars($order['Status']); ?>">
+                                                <option value="pending" <?php echo $order['Status'] === 'pending' ? 'selected' : ''; ?>>In sospeso</option>
+                                                <option value="completed" <?php echo $order['Status'] === 'completed' ? 'selected' : ''; ?>>Completato</option>
+                                                <option value="cancelled" <?php echo $order['Status'] === 'cancelled' ? 'selected' : ''; ?>>Cancellato</option>
+                                            </select>
+                                        </form>
+                                    </td>
+                                    <td>
+                                        <form method="POST" style="display: inline;" onsubmit="return confirm('Sei sicuro di voler eliminare questo ordine?');">
+                                            <input type="hidden" name="action" value="delete_order">
+                                            <input type="hidden" name="order_id" value="<?php echo $order['OrderID']; ?>">
+                                            <button type="submit" class="btn-delete">Elimina</button>
+                                        </form>
+                                    </td>
+                                </tr>
+                            <?php endwhile; ?>
+                        </tbody>
+                    </table>
+                <?php else: ?>
+                    <p>Nessun ordine trovato.</p>
+                <?php endif; ?>
+            </div>
+        </div>
+    <?php else: ?>
+        <?php header('Location: login.php'); ?>
+    <?php endif; ?>
+
+    <?php $conn->close(); ?>
+</body>
+</html>
diff --git a/src/assets/style.css b/src/assets/style.css
index 5a66723..4b3d3e5 100644
--- a/src/assets/style.css
+++ b/src/assets/style.css
@@ -319,4 +319,70 @@ form button:hover {
 .order-details p {
     margin: 5px 0;
     color: #666;
+}
+
+/* Stili per la pagina admin di gestione ordini */
+.admin-table {
+    width: 100%;
+    border-collapse: collapse;
+    margin-top: 20px;
+    background-color: #fff;
+}
+
+.admin-table th,
+.admin-table td {
+    border: 1px solid #ddd;
+    padding: 12px;
+    text-align: left;
+}
+
+.admin-table th {
+    background-color: #f2f2f2;
+    font-weight: bold;
+}
+
+.admin-table tbody tr:hover {
+    background-color: #f9f9f9;
+}
+
+.status-select {
+    padding: 5px 8px;
+    border: 1px solid #ddd;
+    border-radius: 4px;
+    cursor: pointer;
+}
+
+.status-select.status-pending {
+    background-color: #fff3cd;
+    color: #212529;
+}
+
+.status-select.status-completed {
+    background-color: #d4edda;
+    color: #155724;
+}
+
+.status-select.status-cancelled {
+    background-color: #f8d7da;
+    color: #721c24;
+}
+
+.btn-delete {
+    padding: 5px 10px;
+    background-color: #dc3545;
+    color: white;
+    border: none;
+    border-radius: 4px;
+    cursor: pointer;
+    font-size: 12px;
+}
+
+.btn-delete:hover {
+    background-color: #c82333;
+}
+
+.admin-table td form {
+    display: contents;
+    margin: 0;
+    padding: 0;
 }
\ No newline at end of file