From 8b37e33a9fd23205728fbf47981f6336a20f489b Mon Sep 17 00:00:00 2001
From: Andrea Fiorencis <me@andrestork.moe>
Date: Fri, 10 Apr 2026 12:48:54 +0200
Subject: [PATCH] Implementazione pagina cambio password

---
 src/account.php                |  4 +-
 src/account/passwordChange.php | 90 ++++++++++++++++++++++++++++++++++
 2 files changed, 92 insertions(+), 2 deletions(-)
 create mode 100644 src/account/passwordChange.php

diff --git a/src/account.php b/src/account.php
index f664fa6..7d48394 100644
--- a/src/account.php
+++ b/src/account.php
@@ -49,8 +49,8 @@ if ($result === false) {
                 <h1>Account di <?php echo htmlspecialchars($_SESSION['name']); ?><?php if ($_SESSION['role'] == 'admin') { echo ' (Admin)'; } ?></h1>
                 <p><strong>Nome completo:</strong> <?php echo htmlspecialchars($_SESSION['name']) . ' ' . htmlspecialchars($_SESSION['surname']); ?></p>
                 <br>
-                <a href="passwordChange.php" style="padding: 8px 16px; background-color: #17a2b8; color: white; border: none; border-radius: 4px; text-decoration: none; cursor: pointer;">Modifica password</a>
-                <a href="deleteAccount.php" style="padding: 8px 16px; background-color: #dc3545; color: white; border: none; border-radius: 4px; text-decoration: none; cursor: pointer;">Elimina account</a>
+                <a href="account/passwordChange.php" style="padding: 8px 16px; background-color: #17a2b8; color: white; border: none; border-radius: 4px; text-decoration: none; cursor: pointer;">Modifica password</a>
+                <a href="account/delete.php" style="padding: 8px 16px; background-color: #dc3545; color: white; border: none; border-radius: 4px; text-decoration: none; cursor: pointer;">Elimina account</a>
                 <br><br>
             </div>
         </div>
diff --git a/src/account/passwordChange.php b/src/account/passwordChange.php
new file mode 100644
index 0000000..ac49b8b
--- /dev/null
+++ b/src/account/passwordChange.php
@@ -0,0 +1,90 @@
+<!DOCTYPE html>
+<html lang="it">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Cambio Password - TechStore</title>
+    <link rel="stylesheet" href="../assets/style.css">
+</head>
+<body>
+    <?php
+        session_start();
+        include '../db_conf.php';
+        
+        if (!isset($_SESSION['id'])) {
+            header('Location: ../login.php');
+            exit();
+        }
+
+        $message = '';
+        $error = '';
+
+        if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+            $current_password = $_POST['current_password'] ?? '';
+            $new_password = $_POST['new_password'] ?? '';
+            $confirm_password = $_POST['confirm_password'] ?? '';
+
+            if (empty($current_password) || empty($new_password) || empty($confirm_password)) {
+                $error = 'Compila tutti i campi.';
+            } elseif ($new_password !== $confirm_password) {
+                $error = 'La nuova password e la conferma non coincidono.';
+            } elseif (strlen($new_password) < 8) {
+                $error = 'La nuova password deve avere almeno 8 caratteri.';
+            } else {
+                $sql = "SELECT Password FROM Users WHERE UserID = ?";
+                if ($stmt = $conn->prepare($sql)) {
+                    $stmt->bind_param("i", $_SESSION['id']);
+                    $stmt->execute();
+                    $stmt->bind_result($hashed_password);
+                    $stmt->fetch();
+                    $stmt->close();
+
+                    if (!password_verify($current_password, $hashed_password)) {
+                        $error = 'La password corrente non è corretta.';
+                    } else {
+                        $new_hashed = password_hash($new_password, PASSWORD_DEFAULT);
+                        $sql_update = "UPDATE Users SET Password = ? WHERE UserID = ?";
+                        if ($stmt_update = $conn->prepare($sql_update)) {
+                            $stmt_update->bind_param("si", $new_hashed, $_SESSION['id']);
+                            $stmt_update->execute();
+                            $stmt_update->close();
+
+                            $message = 'Password aggiornata con successo.';
+                        } else {
+                            $error = 'Errore durante l\'aggiornamento della password.';
+                        }
+                    }
+                } else {
+                    $error = 'Errore nel database.';
+                }
+            }
+        }
+    ?>
+
+    <form action="" method="POST">
+        <h2>Cambio Password</h2>
+        <?php if ($message): ?>
+            <p style="color: #155724; background-color: #d4edda; border: 1px solid #c3e6cb; padding: 10px; border-radius: 4px; text-align: center;">
+                <?php echo htmlspecialchars($message); ?>
+            </p>
+        <?php endif; ?>
+        <?php if ($error): ?>
+            <p style="color: #721c24; background-color: #f8d7da; border: 1px solid #f5c6cb; padding: 10px; border-radius: 4px; text-align: center;">
+                <?php echo htmlspecialchars($error); ?>
+            </p>
+        <?php endif; ?>
+
+        <label for="current_password">Password corrente:</label>
+        <input type="password" id="current_password" name="current_password" required><br>
+
+        <label for="new_password">Nuova password:</label>
+        <input type="password" id="new_password" name="new_password" required><br>
+
+        <label for="confirm_password">Conferma nuova password:</label>
+        <input type="password" id="confirm_password" name="confirm_password" required><br>
+
+        <button type="submit">Aggiorna password</button>
+        <p style="text-align: center;"><a href="../account.php">Torna al mio account</a></p>
+    </form>
+</body>
+</html>
\ No newline at end of file