EduProjects/techstore
1
0
Fork 0
mirror of https://codeberg.org/ThisIsMiseryy/techstore synced 2026-05-14 14:52:04 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

Merge implementazione gestione utente

Browse Source
This commit is contained in:
Andrea Fiorencis
2026-04-10 13:18:20 +02:00
parent 5209f5e515 5551ee4235
commit 82b6ef48ce
3 changed files with 184 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/account.php
+2 -1
View File
@@ -49,7 +49,8 @@ if ($result === false) {
<h1>Account di <?php echo htmlspecialchars($_SESSION['name']); ?><?php if ($_SESSION['role'] == 'admin') { echo ' (Admin)'; } ?></h1> <h1>Account di <?php echo htmlspecialchars($_SESSION['name']); ?><?php if ($_SESSION['role'] == 'admin') { echo ' (Admin)'; } ?></h1>
<p><strong>Nome completo:</strong> <?php echo htmlspecialchars($_SESSION['name']) . ' ' . htmlspecialchars($_SESSION['surname']); ?></p> <p><strong>Nome completo:</strong> <?php echo htmlspecialchars($_SESSION['name']) . ' ' . htmlspecialchars($_SESSION['surname']); ?></p>
<br> <br>
<a href="deleteAccount.php" style="padding: 8px 16px; background-color: #dc3545; color: white; border: none; border-radius: 4px; cursor: pointer;">Elimina account</a> <a href="account/passwordChange.php" style="padding: 8px 16px; background-color: #17a2b8; color: white; border: none; border-radius: 4px; text-decoration: none; cursor: pointer;">Modifica password</a>
<a href="account/delete.php" style="padding: 8px 16px; background-color: #dc3545; color: white; border: none; border-radius: 4px; text-decoration: none; cursor: pointer;">Elimina account</a>
<br><br> <br><br>
</div> </div>
</div> </div>
src/account/delete.php
+92
View File
@@ -0,0 +1,92 @@
<!DOCTYPE html>
<html lang="it">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Elimina Account - TechStore</title>
<link rel="stylesheet" href="../assets/style.css">
</head>
<body>
<?php
session_start();
include '../db_conf.php';
if (!isset($_SESSION['id'])) {
header('Location: ../login.php');
exit();
}
$message = '';
$error = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$current_password = $_POST['current_password'] ?? '';
if (empty($current_password)) {
$error = 'Inserisci la password per confermare.';
} else {
$sql = "SELECT Password FROM Users WHERE UserID = ?";
if ($stmt = $conn->prepare($sql)) {
$stmt->bind_param("i", $_SESSION['id']);
$stmt->execute();
$stmt->bind_result($hashed_password);
$stmt->fetch();
$stmt->close();
if (!password_verify($current_password, $hashed_password)) {
$error = 'La password non è corretta.';
} else {
// Elimina gli ordini associati all'utente
$sql_delete_order_items = "DELETE oi FROM OrderItems oi JOIN Orders o ON oi.OrderID = o.OrderID WHERE o.UserID = ?";
$stmt_delete_order_items = $conn->prepare($sql_delete_order_items);
$stmt_delete_order_items->bind_param("i", $_SESSION['id']);
$stmt_delete_order_items->execute();
$stmt_delete_order_items->close();
$sql_delete_orders = "DELETE FROM Orders WHERE UserID = ?";
$stmt_delete_orders = $conn->prepare($sql_delete_orders);
$stmt_delete_orders->bind_param("i", $_SESSION['id']);
$stmt_delete_orders->execute();
$stmt_delete_orders->close();
$sql_delete_user = "DELETE FROM Users WHERE UserID = ?";
$stmt_delete_user = $conn->prepare($sql_delete_user);
$stmt_delete_user->bind_param("i", $_SESSION['id']);
$stmt_delete_user->execute();
$stmt_delete_user->close();
session_unset();
session_destroy();
$message = 'Il tuo account è stato eliminato insieme a tutti i tuoi ordini.';
}
} else {
$error = 'Errore nel database.';
}
}
}
?>
<form action="" method="POST">
<h2>Elimina Account</h2>
<p style="margin-bottom: 20px; color: #333;">Questa operazione cancellerà il tuo account e tutti gli ordini associati. Inserisci la tua password per confermare.</p>
<?php if ($message): ?>
<p style="color: #155724; background-color: #d4edda; border: 1px solid #c3e6cb; padding: 10px; border-radius: 4px; text-align: center;">
<?php echo htmlspecialchars($message); ?>
</p>
<?php endif; ?>
<?php if ($error): ?>
<p style="color: #721c24; background-color: #f8d7da; border: 1px solid #f5c6cb; padding: 10px; border-radius: 4px; text-align: center;">
<?php echo htmlspecialchars($error); ?>
</p>
<?php endif; ?>
<label for="current_password">Password corrente:</label>
<input type="password" id="current_password" name="current_password" required><br>
<button type="submit" style="background-color: #dc3545;">Elimina account</button>
<p style="text-align: center;"><a href="../account.php">Annulla e torna al mio account</a></p>
</form>
</body>
</html>
src/account/passwordChange.php
+90
View File
@@ -0,0 +1,90 @@
<!DOCTYPE html>
<html lang="it">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Cambio Password - TechStore</title>
<link rel="stylesheet" href="../assets/style.css">
</head>
<body>
<?php
session_start();
include '../db_conf.php';
if (!isset($_SESSION['id'])) {
header('Location: ../login.php');
exit();
}
$message = '';
$error = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$current_password = $_POST['current_password'] ?? '';
$new_password = $_POST['new_password'] ?? '';
$confirm_password = $_POST['confirm_password'] ?? '';
if (empty($current_password) || empty($new_password) || empty($confirm_password)) {
$error = 'Compila tutti i campi.';
} elseif ($new_password !== $confirm_password) {
$error = 'La nuova password e la conferma non coincidono.';
} elseif (strlen($new_password) < 8) {
$error = 'La nuova password deve avere almeno 8 caratteri.';
} else {
$sql = "SELECT Password FROM Users WHERE UserID = ?";
if ($stmt = $conn->prepare($sql)) {
$stmt->bind_param("i", $_SESSION['id']);
$stmt->execute();
$stmt->bind_result($hashed_password);
$stmt->fetch();
$stmt->close();
if (!password_verify($current_password, $hashed_password)) {
$error = 'La password corrente non è corretta.';
} else {
$new_hashed = password_hash($new_password, PASSWORD_DEFAULT);
$sql_update = "UPDATE Users SET Password = ? WHERE UserID = ?";
if ($stmt_update = $conn->prepare($sql_update)) {
$stmt_update->bind_param("si", $new_hashed, $_SESSION['id']);
$stmt_update->execute();
$stmt_update->close();
$message = 'Password aggiornata con successo.';
} else {
$error = 'Errore durante l\'aggiornamento della password.';
}
}
} else {
$error = 'Errore nel database.';
}
}
}
?>
<form action="" method="POST">
<h2>Cambio Password</h2>
<?php if ($message): ?>
<p style="color: #155724; background-color: #d4edda; border: 1px solid #c3e6cb; padding: 10px; border-radius: 4px; text-align: center;">
<?php echo htmlspecialchars($message); ?>
</p>
<?php endif; ?>
<?php if ($error): ?>
<p style="color: #721c24; background-color: #f8d7da; border: 1px solid #f5c6cb; padding: 10px; border-radius: 4px; text-align: center;">
<?php echo htmlspecialchars($error); ?>
</p>
<?php endif; ?>
<label for="current_password">Password corrente:</label>
<input type="password" id="current_password" name="current_password" required><br>
<label for="new_password">Nuova password:</label>
<input type="password" id="new_password" name="new_password" required><br>
<label for="confirm_password">Conferma nuova password:</label>
<input type="password" id="confirm_password" name="confirm_password" required><br>
<button type="submit">Aggiorna password</button>
<p style="text-align: center;"><a href="../account.php">Torna al mio account</a></p>
</form>
</body>
</html>