EduProjects/techstore
1
0
Fork 0
mirror of https://codeberg.org/ThisIsMiseryy/techstore synced 2026-05-14 12:42:04 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

Implementazione gestione utenti

Browse Source
This commit is contained in:
Andrea Fiorencis
2026-04-10 11:54:04 +02:00
parent 504db2e5b5
commit 49d2614528
2 changed files with 211 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/admin/manageUsers.php
+178
View File
@@ -0,0 +1,178 @@
<?php
session_start();
include '../db_conf.php';
// Controlla se l'utente è loggato
if (!isset($_SESSION['id'])) {
header('Location: ../login.php');
exit();
}
// Controlla se l'utente ha ruolo admin
$user_id = $_SESSION['id'];
$sql_role = "SELECT Role FROM Users WHERE UserID = ?";
$stmt_role = $conn->prepare($sql_role);
$stmt_role->bind_param("i", $user_id);
$stmt_role->execute();
$stmt_role->bind_result($role);
$stmt_role->fetch();
$stmt_role->close();
if ($role !== 'admin') {
http_response_code(403);
die("Accesso negato. Solo gli amministratori possono accedere a questa sezione.");
}
// Gestisci azioni (reset password, cambio ruolo, eliminazione)
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$action = $_POST['action'] ?? '';
$user_id = $_POST['user_id'] ?? 0;
if ($action === 'reset_password') {
// Genera una password temporanea
$temp_password = bin2hex(random_bytes(4));
$hashed_password = password_hash($temp_password, PASSWORD_DEFAULT);
$sql_reset = "UPDATE Users SET Password = ? WHERE UserID = ?";
$stmt_reset = $conn->prepare($sql_reset);
$stmt_reset->bind_param("si", $hashed_password, $user_id);
$stmt_reset->execute();
$stmt_reset->close();
$reset_message = "Password temporanea generata: " . htmlspecialchars($temp_password);
} elseif ($action === 'update_role') {
$new_role = $_POST['role'] ?? '';
if (in_array($new_role, ['user', 'admin'])) {
$sql_update = "UPDATE Users SET Role = ? WHERE UserID = ?";
$stmt_update = $conn->prepare($sql_update);
$stmt_update->bind_param("si", $new_role, $user_id);
$stmt_update->execute();
$stmt_update->close();
}
} elseif ($action === 'delete_user') {
// Elimina gli ordini dell'utente prima di eliminare l'utente
$sql_delete_orders = "DELETE FROM Orders WHERE UserID = ?";
$stmt_delete_orders = $conn->prepare($sql_delete_orders);
$stmt_delete_orders->bind_param("i", $user_id);
$stmt_delete_orders->execute();
$stmt_delete_orders->close();
// Elimina l'utente
$sql_delete = "DELETE FROM Users WHERE UserID = ?";
$stmt_delete = $conn->prepare($sql_delete);
$stmt_delete->bind_param("i", $user_id);
$stmt_delete->execute();
$stmt_delete->close();
}
}
// Query per ottenere tutti gli utenti
$sql = "SELECT UserID, Name, Surname, Email, Role FROM Users ORDER BY UserID DESC";
$result = $conn->query($sql);
if ($result === false) {
die("Errore nella query: " . $conn->error);
}
?>
<!DOCTYPE html>
<html lang="it">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Dashboard amministratore - TechStore</title>
<link rel="stylesheet" href="/assets/style.css">
<script src="/assets/js/cart.js"></script>
</head>
<body>
<header style="display: flex; justify-content: space-between; align-items: center; padding: 10px; background-color: #f2f2f2; border-bottom: 1px solid #ddd;">
<div id="logo" style="font-size: 24px; font-weight: bold;"><a href="/index.php"><img src="/img/logo.png" alt="Logo TechStore" height="32px"></a></div>
<div>
<a href="/cart.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #007bff; color: white; border: none; border-radius: 4px; cursor: pointer;">Carrello</button></a>
<?php if (isset($_SESSION['name'])): ?>
<a href="/logout.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #dc3545; color: white; border: none; border-radius: 4px; cursor: pointer;">Logout</button></a>
<span style="margin-left: 10px;">Benvenuto, <?php echo htmlspecialchars($_SESSION['name']); ?></span>
<?php else: ?>
<a href="/login.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #28a745; color: white; border: none; border-radius: 4px; cursor: pointer;">Accesso</button></a>
<?php endif; ?>
</div>
</header>
<?php if (isset($_SESSION['name'])): ?>
<div class="account-layout">
<div class="my-sidebar">
<ul>
<li><a href="/admin">Dashboard</a></li>
<li><a href="/admin/manageOrders.php">Gestione ordini</a></li>
<li><a href="/admin/manageProducts.php">Gestione prodotti</a></li>
<li><a href="/admin/manageUsers.php">Gestione utenti</a></li>
<hr>
<li><a href="../account.php">Ritorna al tuo account</a></li>
</ul>
</div>
<div class="my-container">
<h1>Gestione Utenti</h1>
<?php if (isset($reset_message)): ?>
<div style="background-color: #d4edda; color: #155724; padding: 12px; border-radius: 4px; margin-bottom: 20px;">
<?php echo $reset_message; ?>
</div>
<?php endif; ?>
<?php if ($result && $result->num_rows > 0): ?>
<table class="admin-table">
<thead>
<tr>
<th>ID</th>
<th>Nome</th>
<th>Cognome</th>
<th>Email</th>
<th>Ruolo</th>
<th>Azioni</th>
</tr>
</thead>
<tbody>
<?php while ($user = $result->fetch_assoc()): ?>
<tr>
<td>#<?php echo htmlspecialchars($user['UserID']); ?></td>
<td><?php echo htmlspecialchars($user['Name']); ?></td>
<td><?php echo htmlspecialchars($user['Surname']); ?></td>
<td><?php echo htmlspecialchars($user['Email']); ?></td>
<td>
<form method="POST" style="display: inline;">
<input type="hidden" name="action" value="update_role">
<input type="hidden" name="user_id" value="<?php echo $user['UserID']; ?>">
<select name="role" onchange="this.form.submit()" class="role-select role-<?php echo htmlspecialchars($user['Role']); ?>">
<option value="user" <?php echo $user['Role'] === 'user' ? 'selected' : ''; ?>>User</option>
<option value="admin" <?php echo $user['Role'] === 'admin' ? 'selected' : ''; ?>>Admin</option>
</select>
</form>
</td>
<td>
<form method="POST" style="display: inline;">
<input type="hidden" name="action" value="reset_password">
<input type="hidden" name="user_id" value="<?php echo $user['UserID']; ?>">
<button type="submit" class="btn-reset" title="Genera una nuova password temporanea">Reset Password</button>
</form>
<form method="POST" style="display: inline;" onsubmit="return confirm('Sei sicuro di voler eliminare questo utente e tutti i suoi ordini?');">
<input type="hidden" name="action" value="delete_user">
<input type="hidden" name="user_id" value="<?php echo $user['UserID']; ?>">
<button type="submit" class="btn-delete">Elimina</button>
</form>
</td>
</tr>
<?php endwhile; ?>
</tbody>
</table>
<?php else: ?>
<p>Nessun utente trovato.</p>
<?php endif; ?>
</div>
</div>
<?php else: ?>
<?php header('Location: login.php'); ?>
<?php endif; ?>
<?php $conn->close(); ?>
</body>
</html>
src/assets/style.css
+32
View File
@@ -386,3 +386,35 @@ form button:hover {
margin: 0;
padding: 0;
}
/* Stili per role-select */
.role-select {
border: 1px solid #ddd;
border-radius: 4px;
cursor: pointer;
}
.role-select.role-user {
background-color: #e7f3ff;
color: #004085;
}
.role-select.role-admin {
background-color: #fff3cd;
color: #856404;
}
/* Stili per btn-reset */
.btn-reset {
background-color: #17a2b8;
color: white;
border: none;
border-radius: 4px;
cursor: pointer;
font-size: 12px;
margin-right: 5px;
}
.btn-reset:hover {
background-color: #138496;
}