From 3ca10395b5609cfaae0e61b6b59716a6936bcbf2 Mon Sep 17 00:00:00 2001
From: Andrea Fiorencis <me@andrestork.moe>
Date: Wed, 8 Apr 2026 11:48:50 +0200
Subject: [PATCH 1/8] Creata dashboard amministratore

---
 src/admin/index.php | 76 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 76 insertions(+)
 create mode 100644 src/admin/index.php

diff --git a/src/admin/index.php b/src/admin/index.php
new file mode 100644
index 0000000..9d2829e
--- /dev/null
+++ b/src/admin/index.php
@@ -0,0 +1,76 @@
+<?php
+session_start();
+include '../db_conf.php';
+
+// Controlla se l'utente è loggato
+if (!isset($_SESSION['id'])) {
+    header('Location: ../login.php');
+    exit();
+}
+
+// Controlla se l'utente ha ruolo admin
+$user_id = $_SESSION['id'];
+$sql_role = "SELECT Role FROM Users WHERE UserID = ?";
+$stmt_role = $conn->prepare($sql_role);
+$stmt_role->bind_param("i", $user_id);
+$stmt_role->execute();
+$stmt_role->bind_result($role);
+$stmt_role->fetch();
+$stmt_role->close();
+
+if ($role !== 'admin') {
+    http_response_code(403);
+    die("Accesso negato. Solo gli amministratori possono accedere a questa sezione.");
+}
+
+// Query per ottenere tutti i prodotti
+$sql = "SELECT p.ProductID, p.ProductName, c.Name AS 'CategoryName', p.Description, p.Price, p.StockQuantity, p.ImagePath FROM Products p JOIN Categories c ON p.CategoryID=c.CategoryID";
+$result = $conn->query($sql);
+
+if ($result === false) {
+    die("Errore nella query: " . $conn->error);
+}
+?>
+
+<!DOCTYPE html>
+<html lang="it">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Dashboard amministratore - TechStore</title>
+    <link rel="stylesheet" href="/assets/style.css">
+    <script src="/assets/js/cart.js"></script>
+</head>
+<body>
+    <header style="display: flex; justify-content: space-between; align-items: center; padding: 10px; background-color: #f2f2f2; border-bottom: 1px solid #ddd;">
+        <div id="logo" style="font-size: 24px; font-weight: bold;"><a href="/index.php"><img src="/img/logo.png" alt="Logo TechStore" height="32px"></a></div>
+        <div>
+            <a href="/cart.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #007bff; color: white; border: none; border-radius: 4px; cursor: pointer;">Carrello</button></a>
+            <?php if (isset($_SESSION['name'])): ?>
+                <a href="/logout.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #dc3545; color: white; border: none; border-radius: 4px; cursor: pointer;">Logout</button></a>
+                <span style="margin-left: 10px;">Benvenuto, <?php echo htmlspecialchars($_SESSION['name']); ?></span>
+            <?php else: ?>
+                <a href="/login.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #28a745; color: white; border: none; border-radius: 4px; cursor: pointer;">Accesso</button></a>
+            <?php endif; ?>
+        </div>
+    </header>
+
+    <?php if (isset($_SESSION['name'])): ?>
+        <div class="account-layout">
+            <div class="my-sidebar">
+                <ul>
+                    <li><a href="/admin">Dashboard</a></li>
+                    <li><a href="/admin/manageOrders.php">Gestione ordini</a></li>
+                </ul>
+            </div>
+            <div class="my-container">
+                <h1>Hello World!<h1>
+            </div>
+        </div>
+    <?php else: ?>
+        <?php header('Location: login.php'); ?>
+    <?php endif; ?>
+
+    <?php $conn->close(); ?>
+</body>
+</html>

From 397c899115beb5703129a559f9745746f3962560 Mon Sep 17 00:00:00 2001
From: Andrea Fiorencis <me@andrestork.moe>
Date: Fri, 10 Apr 2026 11:39:37 +0200
Subject: [PATCH 2/8] Implementata pagina gestione ordini

---
 src/admin/manageOrders.php | 163 +++++++++++++++++++++++++++++++++++++
 src/assets/style.css       |  66 +++++++++++++++
 2 files changed, 229 insertions(+)
 create mode 100644 src/admin/manageOrders.php

diff --git a/src/admin/manageOrders.php b/src/admin/manageOrders.php
new file mode 100644
index 0000000..c6e4a6b
--- /dev/null
+++ b/src/admin/manageOrders.php
@@ -0,0 +1,163 @@
+<?php
+session_start();
+include '../db_conf.php';
+
+// Controlla se l'utente è loggato
+if (!isset($_SESSION['id'])) {
+    header('Location: ../login.php');
+    exit();
+}
+
+// Controlla se l'utente ha ruolo admin
+$user_id = $_SESSION['id'];
+$sql_role = "SELECT Role FROM Users WHERE UserID = ?";
+$stmt_role = $conn->prepare($sql_role);
+$stmt_role->bind_param("i", $user_id);
+$stmt_role->execute();
+$stmt_role->bind_result($role);
+$stmt_role->fetch();
+$stmt_role->close();
+
+if ($role !== 'admin') {
+    http_response_code(403);
+    die("Accesso negato. Solo gli amministratori possono accedere a questa sezione.");
+}
+
+// Gestisci azioni (cambio stato, eliminazione)
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $action = $_POST['action'] ?? '';
+    $order_id = $_POST['order_id'] ?? 0;
+
+    if ($action === 'update_status') {
+        $new_status = $_POST['status'] ?? '';
+        if (in_array($new_status, ['pending', 'completed', 'cancelled'])) {
+            $sql_update = "UPDATE Orders SET Status = ? WHERE OrderID = ?";
+            $stmt_update = $conn->prepare($sql_update);
+            $stmt_update->bind_param("si", $new_status, $order_id);
+            $stmt_update->execute();
+            $stmt_update->close();
+        }
+    } elseif ($action === 'delete_order') {
+        // Elimina gli items dell'ordine prima di eliminare l'ordine
+        $sql_delete_items = "DELETE FROM OrderItems WHERE OrderID = ?";
+        $stmt_delete_items = $conn->prepare($sql_delete_items);
+        $stmt_delete_items->bind_param("i", $order_id);
+        $stmt_delete_items->execute();
+        $stmt_delete_items->close();
+
+        // Elimina l'ordine
+        $sql_delete = "DELETE FROM Orders WHERE OrderID = ?";
+        $stmt_delete = $conn->prepare($sql_delete);
+        $stmt_delete->bind_param("i", $order_id);
+        $stmt_delete->execute();
+        $stmt_delete->close();
+    }
+}
+
+// Query per ottenere tutti gli ordini con dettagli utente
+$sql = "SELECT o.OrderID, o.UserID, u.Name, u.Surname, u.Email, o.OrderDate, o.Total, o.Status,
+               GROUP_CONCAT(p.ProductName SEPARATOR ', ') AS Products
+        FROM Orders o
+        LEFT JOIN Users u ON o.UserID = u.UserID
+        LEFT JOIN OrderItems oi ON o.OrderID = oi.OrderID
+        LEFT JOIN Products p ON oi.ProductID = p.ProductID
+        GROUP BY o.OrderID
+        ORDER BY o.OrderDate DESC";
+$result = $conn->query($sql);
+
+if ($result === false) {
+    die("Errore nella query: " . $conn->error);
+}
+?>
+
+<!DOCTYPE html>
+<html lang="it">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Dashboard amministratore - TechStore</title>
+    <link rel="stylesheet" href="/assets/style.css">
+    <script src="/assets/js/cart.js"></script>
+</head>
+<body>
+    <header style="display: flex; justify-content: space-between; align-items: center; padding: 10px; background-color: #f2f2f2; border-bottom: 1px solid #ddd;">
+        <div id="logo" style="font-size: 24px; font-weight: bold;"><a href="/index.php"><img src="/img/logo.png" alt="Logo TechStore" height="32px"></a></div>
+        <div>
+            <a href="/cart.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #007bff; color: white; border: none; border-radius: 4px; cursor: pointer;">Carrello</button></a>
+            <?php if (isset($_SESSION['name'])): ?>
+                <a href="/logout.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #dc3545; color: white; border: none; border-radius: 4px; cursor: pointer;">Logout</button></a>
+                <span style="margin-left: 10px;">Benvenuto, <?php echo htmlspecialchars($_SESSION['name']); ?></span>
+            <?php else: ?>
+                <a href="/login.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #28a745; color: white; border: none; border-radius: 4px; cursor: pointer;">Accesso</button></a>
+            <?php endif; ?>
+        </div>
+    </header>
+
+    <?php if (isset($_SESSION['name'])): ?>
+        <div class="account-layout">
+            <div class="my-sidebar">
+                <ul>
+                    <li><a href="/admin">Dashboard</a></li>
+                    <li><a href="/admin/manageOrders.php">Gestione ordini</a></li>
+                </ul>
+            </div>
+            <div class="my-container">
+                <h1>Gestione Ordini</h1>
+                
+                <?php if ($result && $result->num_rows > 0): ?>
+                    <table class="admin-table">
+                        <thead>
+                            <tr>
+                                <th>ID Ordine</th>
+                                <th>Cliente</th>
+                                <th>Email</th>
+                                <th>Prodotti</th>
+                                <th>Data</th>
+                                <th>Totale</th>
+                                <th>Stato</th>
+                                <th>Azioni</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            <?php while ($order = $result->fetch_assoc()): ?>
+                                <tr>
+                                    <td>#<?php echo htmlspecialchars($order['OrderID']); ?></td>
+                                    <td><?php echo htmlspecialchars($order['Name'] . ' ' . $order['Surname']); ?></td>
+                                    <td><?php echo htmlspecialchars($order['Email']); ?></td>
+                                    <td><?php echo htmlspecialchars($order['Products'] ?? 'N/A'); ?></td>
+                                    <td><?php echo date('d/m/Y H:i', strtotime($order['OrderDate'])); ?></td>
+                                    <td>€<?php echo number_format($order['Total'], 2, ',', '.'); ?></td>
+                                    <td>
+                                        <form method="POST" style="display: inline;">
+                                            <input type="hidden" name="action" value="update_status">
+                                            <input type="hidden" name="order_id" value="<?php echo $order['OrderID']; ?>">
+                                            <select name="status" onchange="this.form.submit()" class="status-select status-<?php echo htmlspecialchars($order['Status']); ?>">
+                                                <option value="pending" <?php echo $order['Status'] === 'pending' ? 'selected' : ''; ?>>In sospeso</option>
+                                                <option value="completed" <?php echo $order['Status'] === 'completed' ? 'selected' : ''; ?>>Completato</option>
+                                                <option value="cancelled" <?php echo $order['Status'] === 'cancelled' ? 'selected' : ''; ?>>Cancellato</option>
+                                            </select>
+                                        </form>
+                                    </td>
+                                    <td>
+                                        <form method="POST" style="display: inline;" onsubmit="return confirm('Sei sicuro di voler eliminare questo ordine?');">
+                                            <input type="hidden" name="action" value="delete_order">
+                                            <input type="hidden" name="order_id" value="<?php echo $order['OrderID']; ?>">
+                                            <button type="submit" class="btn-delete">Elimina</button>
+                                        </form>
+                                    </td>
+                                </tr>
+                            <?php endwhile; ?>
+                        </tbody>
+                    </table>
+                <?php else: ?>
+                    <p>Nessun ordine trovato.</p>
+                <?php endif; ?>
+            </div>
+        </div>
+    <?php else: ?>
+        <?php header('Location: login.php'); ?>
+    <?php endif; ?>
+
+    <?php $conn->close(); ?>
+</body>
+</html>
diff --git a/src/assets/style.css b/src/assets/style.css
index 5a66723..4b3d3e5 100644
--- a/src/assets/style.css
+++ b/src/assets/style.css
@@ -319,4 +319,70 @@ form button:hover {
 .order-details p {
     margin: 5px 0;
     color: #666;
+}
+
+/* Stili per la pagina admin di gestione ordini */
+.admin-table {
+    width: 100%;
+    border-collapse: collapse;
+    margin-top: 20px;
+    background-color: #fff;
+}
+
+.admin-table th,
+.admin-table td {
+    border: 1px solid #ddd;
+    padding: 12px;
+    text-align: left;
+}
+
+.admin-table th {
+    background-color: #f2f2f2;
+    font-weight: bold;
+}
+
+.admin-table tbody tr:hover {
+    background-color: #f9f9f9;
+}
+
+.status-select {
+    padding: 5px 8px;
+    border: 1px solid #ddd;
+    border-radius: 4px;
+    cursor: pointer;
+}
+
+.status-select.status-pending {
+    background-color: #fff3cd;
+    color: #212529;
+}
+
+.status-select.status-completed {
+    background-color: #d4edda;
+    color: #155724;
+}
+
+.status-select.status-cancelled {
+    background-color: #f8d7da;
+    color: #721c24;
+}
+
+.btn-delete {
+    padding: 5px 10px;
+    background-color: #dc3545;
+    color: white;
+    border: none;
+    border-radius: 4px;
+    cursor: pointer;
+    font-size: 12px;
+}
+
+.btn-delete:hover {
+    background-color: #c82333;
+}
+
+.admin-table td form {
+    display: contents;
+    margin: 0;
+    padding: 0;
 }
\ No newline at end of file

From 504db2e5b54c5e96a48f80f148a5bd6ac4849c97 Mon Sep 17 00:00:00 2001
From: Andrea Fiorencis <me@andrestork.moe>
Date: Fri, 10 Apr 2026 11:45:38 +0200
Subject: [PATCH 3/8] Modifiche pannello account e admin

---
 src/account.php            | 3 +++
 src/admin/index.php        | 4 ++++
 src/admin/manageOrders.php | 4 ++++
 src/orders.php             | 3 +++
 4 files changed, 14 insertions(+)

diff --git a/src/account.php b/src/account.php
index 5acaa4d..eca6fcb 100644
--- a/src/account.php
+++ b/src/account.php
@@ -40,6 +40,9 @@ if ($result === false) {
                 <ul>
                     <li><a href="account.php">Il mio account</a></li>
                     <li><a href="orders.php">I miei ordini</a></li>
+                    <?php if ($_SESSION['role'] == 'admin'): ?>
+                        <li><a href="admin">Pannello admin</a></li>
+                    <?php endif; ?>
                 </ul>
             </div>
             <div class="my-container">
diff --git a/src/admin/index.php b/src/admin/index.php
index 9d2829e..0eaa1c9 100644
--- a/src/admin/index.php
+++ b/src/admin/index.php
@@ -61,6 +61,10 @@ if ($result === false) {
                 <ul>
                     <li><a href="/admin">Dashboard</a></li>
                     <li><a href="/admin/manageOrders.php">Gestione ordini</a></li>
+                    <li><a href="/admin/manageProducts.php">Gestione prodotti</a></li>
+                    <li><a href="/admin/manageUsers.php">Gestione utenti</a></li>
+                    <hr>
+                    <li><a href="../account.php">Ritorna al tuo account</a></li>
                 </ul>
             </div>
             <div class="my-container">
diff --git a/src/admin/manageOrders.php b/src/admin/manageOrders.php
index c6e4a6b..96ca661 100644
--- a/src/admin/manageOrders.php
+++ b/src/admin/manageOrders.php
@@ -99,6 +99,10 @@ if ($result === false) {
                 <ul>
                     <li><a href="/admin">Dashboard</a></li>
                     <li><a href="/admin/manageOrders.php">Gestione ordini</a></li>
+                    <li><a href="/admin/manageProducts.php">Gestione prodotti</a></li>
+                    <li><a href="/admin/manageUsers.php">Gestione utenti</a></li>
+                    <hr>
+                    <li><a href="../account.php">Ritorna al tuo account</a></li>
                 </ul>
             </div>
             <div class="my-container">
diff --git a/src/orders.php b/src/orders.php
index d5c626a..69da5bd 100644
--- a/src/orders.php
+++ b/src/orders.php
@@ -56,6 +56,9 @@ if (!$result) {
                 <ul>
                     <li><a href="account.php">Il mio account</a></li>
                     <li><a href="orders.php">I miei ordini</a></li>
+                    <?php if ($_SESSION['role'] == 'admin'): ?>
+                        <li><a href="admin">Pannello admin</a></li>
+                    <?php endif; ?>
                 </ul>
             </div>
             <div class="my-container">

From 49d2614528526f3080d93de1a1f4df7a4fd51080 Mon Sep 17 00:00:00 2001
From: Andrea Fiorencis <me@andrestork.moe>
Date: Fri, 10 Apr 2026 11:54:04 +0200
Subject: [PATCH 4/8] Implementazione gestione utenti

---
 src/admin/manageUsers.php | 178 ++++++++++++++++++++++++++++++++++++++
 src/assets/style.css      |  34 +++++++-
 2 files changed, 211 insertions(+), 1 deletion(-)
 create mode 100644 src/admin/manageUsers.php

diff --git a/src/admin/manageUsers.php b/src/admin/manageUsers.php
new file mode 100644
index 0000000..a3cd7af
--- /dev/null
+++ b/src/admin/manageUsers.php
@@ -0,0 +1,178 @@
+<?php
+session_start();
+include '../db_conf.php';
+
+// Controlla se l'utente è loggato
+if (!isset($_SESSION['id'])) {
+    header('Location: ../login.php');
+    exit();
+}
+
+// Controlla se l'utente ha ruolo admin
+$user_id = $_SESSION['id'];
+$sql_role = "SELECT Role FROM Users WHERE UserID = ?";
+$stmt_role = $conn->prepare($sql_role);
+$stmt_role->bind_param("i", $user_id);
+$stmt_role->execute();
+$stmt_role->bind_result($role);
+$stmt_role->fetch();
+$stmt_role->close();
+
+if ($role !== 'admin') {
+    http_response_code(403);
+    die("Accesso negato. Solo gli amministratori possono accedere a questa sezione.");
+}
+
+// Gestisci azioni (reset password, cambio ruolo, eliminazione)
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $action = $_POST['action'] ?? '';
+    $user_id = $_POST['user_id'] ?? 0;
+
+    if ($action === 'reset_password') {
+        // Genera una password temporanea
+        $temp_password = bin2hex(random_bytes(4));
+        $hashed_password = password_hash($temp_password, PASSWORD_DEFAULT);
+        
+        $sql_reset = "UPDATE Users SET Password = ? WHERE UserID = ?";
+        $stmt_reset = $conn->prepare($sql_reset);
+        $stmt_reset->bind_param("si", $hashed_password, $user_id);
+        $stmt_reset->execute();
+        $stmt_reset->close();
+        
+        $reset_message = "Password temporanea generata: " . htmlspecialchars($temp_password);
+    } elseif ($action === 'update_role') {
+        $new_role = $_POST['role'] ?? '';
+        if (in_array($new_role, ['user', 'admin'])) {
+            $sql_update = "UPDATE Users SET Role = ? WHERE UserID = ?";
+            $stmt_update = $conn->prepare($sql_update);
+            $stmt_update->bind_param("si", $new_role, $user_id);
+            $stmt_update->execute();
+            $stmt_update->close();
+        }
+    } elseif ($action === 'delete_user') {
+        // Elimina gli ordini dell'utente prima di eliminare l'utente
+        $sql_delete_orders = "DELETE FROM Orders WHERE UserID = ?";
+        $stmt_delete_orders = $conn->prepare($sql_delete_orders);
+        $stmt_delete_orders->bind_param("i", $user_id);
+        $stmt_delete_orders->execute();
+        $stmt_delete_orders->close();
+
+        // Elimina l'utente
+        $sql_delete = "DELETE FROM Users WHERE UserID = ?";
+        $stmt_delete = $conn->prepare($sql_delete);
+        $stmt_delete->bind_param("i", $user_id);
+        $stmt_delete->execute();
+        $stmt_delete->close();
+    }
+}
+
+// Query per ottenere tutti gli utenti
+$sql = "SELECT UserID, Name, Surname, Email, Role FROM Users ORDER BY UserID DESC";
+$result = $conn->query($sql);
+
+if ($result === false) {
+    die("Errore nella query: " . $conn->error);
+}
+?>
+
+<!DOCTYPE html>
+<html lang="it">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Dashboard amministratore - TechStore</title>
+    <link rel="stylesheet" href="/assets/style.css">
+    <script src="/assets/js/cart.js"></script>
+</head>
+<body>
+    <header style="display: flex; justify-content: space-between; align-items: center; padding: 10px; background-color: #f2f2f2; border-bottom: 1px solid #ddd;">
+        <div id="logo" style="font-size: 24px; font-weight: bold;"><a href="/index.php"><img src="/img/logo.png" alt="Logo TechStore" height="32px"></a></div>
+        <div>
+            <a href="/cart.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #007bff; color: white; border: none; border-radius: 4px; cursor: pointer;">Carrello</button></a>
+            <?php if (isset($_SESSION['name'])): ?>
+                <a href="/logout.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #dc3545; color: white; border: none; border-radius: 4px; cursor: pointer;">Logout</button></a>
+                <span style="margin-left: 10px;">Benvenuto, <?php echo htmlspecialchars($_SESSION['name']); ?></span>
+            <?php else: ?>
+                <a href="/login.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #28a745; color: white; border: none; border-radius: 4px; cursor: pointer;">Accesso</button></a>
+            <?php endif; ?>
+        </div>
+    </header>
+
+    <?php if (isset($_SESSION['name'])): ?>
+        <div class="account-layout">
+            <div class="my-sidebar">
+                <ul>
+                    <li><a href="/admin">Dashboard</a></li>
+                    <li><a href="/admin/manageOrders.php">Gestione ordini</a></li>
+                    <li><a href="/admin/manageProducts.php">Gestione prodotti</a></li>
+                    <li><a href="/admin/manageUsers.php">Gestione utenti</a></li>
+                    <hr>
+                    <li><a href="../account.php">Ritorna al tuo account</a></li>
+                </ul>
+            </div>
+            <div class="my-container">
+                <h1>Gestione Utenti</h1>
+                
+                <?php if (isset($reset_message)): ?>
+                    <div style="background-color: #d4edda; color: #155724; padding: 12px; border-radius: 4px; margin-bottom: 20px;">
+                        <?php echo $reset_message; ?>
+                    </div>
+                <?php endif; ?>
+                
+                <?php if ($result && $result->num_rows > 0): ?>
+                    <table class="admin-table">
+                        <thead>
+                            <tr>
+                                <th>ID</th>
+                                <th>Nome</th>
+                                <th>Cognome</th>
+                                <th>Email</th>
+                                <th>Ruolo</th>
+                                <th>Azioni</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            <?php while ($user = $result->fetch_assoc()): ?>
+                                <tr>
+                                    <td>#<?php echo htmlspecialchars($user['UserID']); ?></td>
+                                    <td><?php echo htmlspecialchars($user['Name']); ?></td>
+                                    <td><?php echo htmlspecialchars($user['Surname']); ?></td>
+                                    <td><?php echo htmlspecialchars($user['Email']); ?></td>
+                                    <td>
+                                        <form method="POST" style="display: inline;">
+                                            <input type="hidden" name="action" value="update_role">
+                                            <input type="hidden" name="user_id" value="<?php echo $user['UserID']; ?>">
+                                            <select name="role" onchange="this.form.submit()" class="role-select role-<?php echo htmlspecialchars($user['Role']); ?>">
+                                                <option value="user" <?php echo $user['Role'] === 'user' ? 'selected' : ''; ?>>User</option>
+                                                <option value="admin" <?php echo $user['Role'] === 'admin' ? 'selected' : ''; ?>>Admin</option>
+                                            </select>
+                                        </form>
+                                    </td>
+                                    <td>
+                                        <form method="POST" style="display: inline;">
+                                            <input type="hidden" name="action" value="reset_password">
+                                            <input type="hidden" name="user_id" value="<?php echo $user['UserID']; ?>">
+                                            <button type="submit" class="btn-reset" title="Genera una nuova password temporanea">Reset Password</button>
+                                        </form>
+                                        <form method="POST" style="display: inline;" onsubmit="return confirm('Sei sicuro di voler eliminare questo utente e tutti i suoi ordini?');">
+                                            <input type="hidden" name="action" value="delete_user">
+                                            <input type="hidden" name="user_id" value="<?php echo $user['UserID']; ?>">
+                                            <button type="submit" class="btn-delete">Elimina</button>
+                                        </form>
+                                    </td>
+                                </tr>
+                            <?php endwhile; ?>
+                        </tbody>
+                    </table>
+                <?php else: ?>
+                    <p>Nessun utente trovato.</p>
+                <?php endif; ?>
+            </div>
+        </div>
+    <?php else: ?>
+        <?php header('Location: login.php'); ?>
+    <?php endif; ?>
+
+    <?php $conn->close(); ?>
+</body>
+</html>
diff --git a/src/assets/style.css b/src/assets/style.css
index 4b3d3e5..1121585 100644
--- a/src/assets/style.css
+++ b/src/assets/style.css
@@ -385,4 +385,36 @@ form button:hover {
     display: contents;
     margin: 0;
     padding: 0;
-}
\ No newline at end of file
+}
+
+/* Stili per role-select */
+.role-select {
+    border: 1px solid #ddd;
+    border-radius: 4px;
+    cursor: pointer;
+}
+
+.role-select.role-user {
+    background-color: #e7f3ff;
+    color: #004085;
+}
+
+.role-select.role-admin {
+    background-color: #fff3cd;
+    color: #856404;
+}
+
+/* Stili per btn-reset */
+.btn-reset {
+    background-color: #17a2b8;
+    color: white;
+    border: none;
+    border-radius: 4px;
+    cursor: pointer;
+    font-size: 12px;
+    margin-right: 5px;
+}
+
+.btn-reset:hover {
+    background-color: #138496;
+}

From e60cc7802468747849cc3922d38a3df9b650fdfa Mon Sep 17 00:00:00 2001
From: Andrea Fiorencis <me@andrestork.moe>
Date: Fri, 10 Apr 2026 12:04:58 +0200
Subject: [PATCH 5/8] Rimozione pulsante Elimina in gestione utente

Rimosso in quanto impossibile eliminare utenti a cui sono associati ordini dal DBMS
---
 src/admin/manageUsers.php | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/src/admin/manageUsers.php b/src/admin/manageUsers.php
index a3cd7af..4192f80 100644
--- a/src/admin/manageUsers.php
+++ b/src/admin/manageUsers.php
@@ -154,11 +154,6 @@ if ($result === false) {
                                             <input type="hidden" name="user_id" value="<?php echo $user['UserID']; ?>">
                                             <button type="submit" class="btn-reset" title="Genera una nuova password temporanea">Reset Password</button>
                                         </form>
-                                        <form method="POST" style="display: inline;" onsubmit="return confirm('Sei sicuro di voler eliminare questo utente e tutti i suoi ordini?');">
-                                            <input type="hidden" name="action" value="delete_user">
-                                            <input type="hidden" name="user_id" value="<?php echo $user['UserID']; ?>">
-                                            <button type="submit" class="btn-delete">Elimina</button>
-                                        </form>
                                     </td>
                                 </tr>
                             <?php endwhile; ?>

From a6a991db6487905c2dbddee38700f000bf95416a Mon Sep 17 00:00:00 2001
From: Andrea Fiorencis <me@andrestork.moe>
Date: Fri, 10 Apr 2026 12:33:06 +0200
Subject: [PATCH 6/8] feat: implementazione dashboard

---
 src/admin/index.php  | 44 ++++++++++++++++++++++++++++++++++++++------
 src/assets/style.css | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 76 insertions(+), 6 deletions(-)

diff --git a/src/admin/index.php b/src/admin/index.php
index 0eaa1c9..332c703 100644
--- a/src/admin/index.php
+++ b/src/admin/index.php
@@ -23,12 +23,30 @@ if ($role !== 'admin') {
     die("Accesso negato. Solo gli amministratori possono accedere a questa sezione.");
 }
 
-// Query per ottenere tutti i prodotti
-$sql = "SELECT p.ProductID, p.ProductName, c.Name AS 'CategoryName', p.Description, p.Price, p.StockQuantity, p.ImagePath FROM Products p JOIN Categories c ON p.CategoryID=c.CategoryID";
-$result = $conn->query($sql);
+// Lettura dei contatori per la dashboard
+$totalOrders = 0;
+$pendingOrders = 0;
+$totalProducts = 0;
 
-if ($result === false) {
-    die("Errore nella query: " . $conn->error);
+$sql_total_orders = "SELECT COUNT(*) FROM Orders";
+$result_total_orders = $conn->query($sql_total_orders);
+if ($result_total_orders) {
+    $totalOrders = $result_total_orders->fetch_row()[0];
+    $result_total_orders->close();
+}
+
+$sql_pending_orders = "SELECT COUNT(*) FROM Orders WHERE Status = 'pending'";
+$result_pending_orders = $conn->query($sql_pending_orders);
+if ($result_pending_orders) {
+    $pendingOrders = $result_pending_orders->fetch_row()[0];
+    $result_pending_orders->close();
+}
+
+$sql_total_products = "SELECT COUNT(*) FROM Products";
+$result_total_products = $conn->query($sql_total_products);
+if ($result_total_products) {
+    $totalProducts = $result_total_products->fetch_row()[0];
+    $result_total_products->close();
 }
 ?>
 
@@ -68,7 +86,21 @@ if ($result === false) {
                 </ul>
             </div>
             <div class="my-container">
-                <h1>Hello World!<h1>
+                <h1>Dashboard</h1>
+                <div class="admin-stats-grid">
+                    <div class="admin-stat-card">
+                        <h2><?php echo htmlspecialchars($totalOrders); ?></h2>
+                        <p>Ordini totali</p>
+                    </div>
+                    <div class="admin-stat-card admin-stat-pending">
+                        <h2><?php echo htmlspecialchars($pendingOrders); ?></h2>
+                        <p>Ordini in corso</p>
+                    </div>
+                    <div class="admin-stat-card admin-stat-products">
+                        <h2><?php echo htmlspecialchars($totalProducts); ?></h2>
+                        <p>Prodotti totali</p>
+                    </div>
+                </div>
             </div>
         </div>
     <?php else: ?>
diff --git a/src/assets/style.css b/src/assets/style.css
index 1121585..31af370 100644
--- a/src/assets/style.css
+++ b/src/assets/style.css
@@ -256,6 +256,44 @@ form button:hover {
     padding: 20px;
 }
 
+.admin-stats-grid {
+    display: grid;
+    grid-template-columns: repeat(auto-fit, minmax(180px, 1fr));
+    gap: 16px;
+    margin-top: 20px;
+}
+
+.admin-stat-card {
+    padding: 20px;
+    border: 1px solid #ddd;
+    border-radius: 12px;
+    background-color: #fff;
+    box-shadow: 0 1px 4px rgba(0,0,0,0.06);
+    text-align: center;
+}
+
+.admin-stat-card h2 {
+    margin: 0 0 10px;
+    font-size: 36px;
+    color: #333;
+}
+
+.admin-stat-card p {
+    margin: 0;
+    color: #666;
+    font-weight: 600;
+}
+
+.admin-stat-pending {
+    border-color: #ffc107;
+    background-color: #fff8e1;
+}
+
+.admin-stat-products {
+    border-color: #17a2b8;
+    background-color: #e9f7fb;
+}
+
 @media (max-width: 768px) {
     .account-layout {
         flex-direction: column;

From 81fe7ba295f4290ef1e2c08bb425e95a6fc9f959 Mon Sep 17 00:00:00 2001
From: Andrea Fiorencis <me@andrestork.moe>
Date: Fri, 10 Apr 2026 12:33:57 +0200
Subject: [PATCH 7/8] WIP: creazione pagina gestione prodotti

---
 src/admin/manageProducts.php | 73 ++++++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)
 create mode 100644 src/admin/manageProducts.php

diff --git a/src/admin/manageProducts.php b/src/admin/manageProducts.php
new file mode 100644
index 0000000..d62a3eb
--- /dev/null
+++ b/src/admin/manageProducts.php
@@ -0,0 +1,73 @@
+<?php
+session_start();
+include '../db_conf.php';
+
+// Controlla se l'utente è loggato
+if (!isset($_SESSION['id'])) {
+    header('Location: ../login.php');
+    exit();
+}
+
+// Controlla se l'utente ha ruolo admin
+$user_id = $_SESSION['id'];
+$sql_role = "SELECT Role FROM Users WHERE UserID = ?";
+$stmt_role = $conn->prepare($sql_role);
+$stmt_role->bind_param("i", $user_id);
+$stmt_role->execute();
+$stmt_role->bind_result($role);
+$stmt_role->fetch();
+$stmt_role->close();
+
+if ($role !== 'admin') {
+    http_response_code(403);
+    die("Accesso negato. Solo gli amministratori possono accedere a questa sezione.");
+}
+?>
+
+<!DOCTYPE html>
+<html lang="it">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Gestione prodotti - TechStore</title>
+    <link rel="stylesheet" href="/assets/style.css">
+    <script src="/assets/js/cart.js"></script>
+</head>
+<body>
+    <header style="display: flex; justify-content: space-between; align-items: center; padding: 10px; background-color: #f2f2f2; border-bottom: 1px solid #ddd;">
+        <div id="logo" style="font-size: 24px; font-weight: bold;"><a href="/index.php"><img src="/img/logo.png" alt="Logo TechStore" height="32px"></a></div>
+        <div>
+            <a href="/cart.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #007bff; color: white; border: none; border-radius: 4px; cursor: pointer;">Carrello</button></a>
+            <?php if (isset($_SESSION['name'])): ?>
+                <a href="/logout.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #dc3545; color: white; border: none; border-radius: 4px; cursor: pointer;">Logout</button></a>
+                <span style="margin-left: 10px;">Benvenuto, <?php echo htmlspecialchars($_SESSION['name']); ?></span>
+            <?php else: ?>
+                <a href="/login.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #28a745; color: white; border: none; border-radius: 4px; cursor: pointer;">Accesso</button></a>
+            <?php endif; ?>
+        </div>
+    </header>
+
+    <?php if (isset($_SESSION['name'])): ?>
+        <div class="account-layout">
+            <div class="my-sidebar">
+                <ul>
+                    <li><a href="/admin">Dashboard</a></li>
+                    <li><a href="/admin/manageOrders.php">Gestione ordini</a></li>
+                    <li><a href="/admin/manageProducts.php">Gestione prodotti</a></li>
+                    <li><a href="/admin/manageUsers.php">Gestione utenti</a></li>
+                    <hr>
+                    <li><a href="../account.php">Ritorna al tuo account</a></li>
+                </ul>
+            </div>
+            <div class="my-container">
+                <h1>Gestione prodotti</h1>
+                <p>WIP</p>
+            </div>
+        </div>
+    <?php else: ?>
+        <?php header('Location: login.php'); ?>
+    <?php endif; ?>
+
+    <?php $conn->close(); ?>
+</body>
+</html>

From f1cdb1fe9c1abbe6ad05934502ce71682532f48c Mon Sep 17 00:00:00 2001
From: Andrea Fiorencis <me@andrestork.moe>
Date: Fri, 10 Apr 2026 12:35:08 +0200
Subject: [PATCH 8/8] fix: titoli pagine gestione errati

---
 src/admin/manageOrders.php   | 2 +-
 src/admin/manageProducts.php | 2 +-
 src/admin/manageUsers.php    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/admin/manageOrders.php b/src/admin/manageOrders.php
index 96ca661..4a293dd 100644
--- a/src/admin/manageOrders.php
+++ b/src/admin/manageOrders.php
@@ -75,7 +75,7 @@ if ($result === false) {
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>Dashboard amministratore - TechStore</title>
+    <title>Gestione Ordini - TechStore</title>
     <link rel="stylesheet" href="/assets/style.css">
     <script src="/assets/js/cart.js"></script>
 </head>
diff --git a/src/admin/manageProducts.php b/src/admin/manageProducts.php
index d62a3eb..354b686 100644
--- a/src/admin/manageProducts.php
+++ b/src/admin/manageProducts.php
@@ -29,7 +29,7 @@ if ($role !== 'admin') {
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>Gestione prodotti - TechStore</title>
+    <title>Gestione Prodotti - TechStore</title>
     <link rel="stylesheet" href="/assets/style.css">
     <script src="/assets/js/cart.js"></script>
 </head>
diff --git a/src/admin/manageUsers.php b/src/admin/manageUsers.php
index 4192f80..5a100a2 100644
--- a/src/admin/manageUsers.php
+++ b/src/admin/manageUsers.php
@@ -80,7 +80,7 @@ if ($result === false) {
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>Dashboard amministratore - TechStore</title>
+    <title>Gestione Utenti - TechStore</title>
     <link rel="stylesheet" href="/assets/style.css">
     <script src="/assets/js/cart.js"></script>
 </head>