Implementazione eliminazione utente

src/account/delete.php

@@ -0,0 +1,92 @@
+<!DOCTYPE html>
+<html lang="it">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Elimina Account - TechStore</title>
+    <link rel="stylesheet" href="../assets/style.css">
+</head>
+<body>
+    <?php
+        session_start();
+        include '../db_conf.php';
+        
+        if (!isset($_SESSION['id'])) {
+            header('Location: ../login.php');
+            exit();
+        }
+
+        $message = '';
+        $error = '';
+
+        if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+            $current_password = $_POST['current_password'] ?? '';
+
+            if (empty($current_password)) {
+                $error = 'Inserisci la password per confermare.';
+            } else {
+                $sql = "SELECT Password FROM Users WHERE UserID = ?";
+                if ($stmt = $conn->prepare($sql)) {
+                    $stmt->bind_param("i", $_SESSION['id']);
+                    $stmt->execute();
+                    $stmt->bind_result($hashed_password);
+                    $stmt->fetch();
+                    $stmt->close();
+
+                    if (!password_verify($current_password, $hashed_password)) {
+                        $error = 'La password non è corretta.';
+                    } else {
+                        // Elimina gli ordini associati all'utente
+                        $sql_delete_order_items = "DELETE oi FROM OrderItems oi JOIN Orders o ON oi.OrderID = o.OrderID WHERE o.UserID = ?";
+                        $stmt_delete_order_items = $conn->prepare($sql_delete_order_items);
+                        $stmt_delete_order_items->bind_param("i", $_SESSION['id']);
+                        $stmt_delete_order_items->execute();
+                        $stmt_delete_order_items->close();
+
+                        $sql_delete_orders = "DELETE FROM Orders WHERE UserID = ?";
+                        $stmt_delete_orders = $conn->prepare($sql_delete_orders);
+                        $stmt_delete_orders->bind_param("i", $_SESSION['id']);
+                        $stmt_delete_orders->execute();
+                        $stmt_delete_orders->close();
+
+                        $sql_delete_user = "DELETE FROM Users WHERE UserID = ?";
+                        $stmt_delete_user = $conn->prepare($sql_delete_user);
+                        $stmt_delete_user->bind_param("i", $_SESSION['id']);
+                        $stmt_delete_user->execute();
+                        $stmt_delete_user->close();
+
+                        session_unset();
+                        session_destroy();
+
+                        $message = 'Il tuo account è stato eliminato insieme a tutti i tuoi ordini.';
+                    }
+                } else {
+                    $error = 'Errore nel database.';
+                }
+            }
+        }
+    ?>
+
+    <form action="" method="POST">
+        <h2>Elimina Account</h2>
+        <p style="margin-bottom: 20px; color: #333;">Questa operazione cancellerà il tuo account e tutti gli ordini associati. Inserisci la tua password per confermare.</p>
+
+        <?php if ($message): ?>
+            <p style="color: #155724; background-color: #d4edda; border: 1px solid #c3e6cb; padding: 10px; border-radius: 4px; text-align: center;">
+                <?php echo htmlspecialchars($message); ?>
+            </p>
+        <?php endif; ?>
+        <?php if ($error): ?>
+            <p style="color: #721c24; background-color: #f8d7da; border: 1px solid #f5c6cb; padding: 10px; border-radius: 4px; text-align: center;">
+                <?php echo htmlspecialchars($error); ?>
+            </p>
+        <?php endif; ?>
+
+        <label for="current_password">Password corrente:</label>
+        <input type="password" id="current_password" name="current_password" required><br>
+
+        <button type="submit" style="background-color: #dc3545;">Elimina account</button>
+        <p style="text-align: center;"><a href="../account.php">Annulla e torna al mio account</a></p>
+    </form>
+</body>
+</html>