diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..c31d39b --- /dev/null +++ b/Dockerfile @@ -0,0 +1,7 @@ +FROM php:8.1-apache + +# Installa l'estensione mysqli per PHP +RUN docker-php-ext-install mysqli + +# Copia il contenuto della cartella src/ nella directory di lavoro di Apache +COPY src/ /var/www/html/ \ No newline at end of file diff --git a/assets/db/base_db.sql b/assets/db/base_db.sql index 850a06f..ad24de1 100644 --- a/assets/db/base_db.sql +++ b/assets/db/base_db.sql @@ -7,7 +7,7 @@ CREATE TABLE Users( UserID INTEGER PRIMARY KEY AUTO_INCREMENT, Name VARCHAR(32), Surname VARCHAR(32), - Email VARCHAR(256), + Email VARCHAR(256) UNIQUE, Password VARCHAR(255), Role VARCHAR(8) DEFAULT 'user' ); diff --git a/src/account.php b/src/account.php index 5acaa4d..7d48394 100644 --- a/src/account.php +++ b/src/account.php @@ -40,13 +40,17 @@ if ($result === false) {

Account di

Nome completo:


- Elimina account + Modifica password + Elimina account

diff --git a/src/account/delete.php b/src/account/delete.php new file mode 100644 index 0000000..e085c89 --- /dev/null +++ b/src/account/delete.php @@ -0,0 +1,92 @@ + + + + + + Elimina Account - TechStore + + + + prepare($sql)) { + $stmt->bind_param("i", $_SESSION['id']); + $stmt->execute(); + $stmt->bind_result($hashed_password); + $stmt->fetch(); + $stmt->close(); + + if (!password_verify($current_password, $hashed_password)) { + $error = 'La password non è corretta.'; + } else { + // Elimina gli ordini associati all'utente + $sql_delete_order_items = "DELETE oi FROM OrderItems oi JOIN Orders o ON oi.OrderID = o.OrderID WHERE o.UserID = ?"; + $stmt_delete_order_items = $conn->prepare($sql_delete_order_items); + $stmt_delete_order_items->bind_param("i", $_SESSION['id']); + $stmt_delete_order_items->execute(); + $stmt_delete_order_items->close(); + + $sql_delete_orders = "DELETE FROM Orders WHERE UserID = ?"; + $stmt_delete_orders = $conn->prepare($sql_delete_orders); + $stmt_delete_orders->bind_param("i", $_SESSION['id']); + $stmt_delete_orders->execute(); + $stmt_delete_orders->close(); + + $sql_delete_user = "DELETE FROM Users WHERE UserID = ?"; + $stmt_delete_user = $conn->prepare($sql_delete_user); + $stmt_delete_user->bind_param("i", $_SESSION['id']); + $stmt_delete_user->execute(); + $stmt_delete_user->close(); + + session_unset(); + session_destroy(); + + $message = 'Il tuo account è stato eliminato insieme a tutti i tuoi ordini.'; + } + } else { + $error = 'Errore nel database.'; + } + } + } + ?> + +
+

Elimina Account

+

Questa operazione cancellerà il tuo account e tutti gli ordini associati. Inserisci la tua password per confermare.

+ + +

+ +

+ + +

+ +

+ + + +
+ + +

Annulla e torna al mio account

+
+ + \ No newline at end of file diff --git a/src/account/passwordChange.php b/src/account/passwordChange.php new file mode 100644 index 0000000..ac49b8b --- /dev/null +++ b/src/account/passwordChange.php @@ -0,0 +1,90 @@ + + + + + + Cambio Password - TechStore + + + + prepare($sql)) { + $stmt->bind_param("i", $_SESSION['id']); + $stmt->execute(); + $stmt->bind_result($hashed_password); + $stmt->fetch(); + $stmt->close(); + + if (!password_verify($current_password, $hashed_password)) { + $error = 'La password corrente non è corretta.'; + } else { + $new_hashed = password_hash($new_password, PASSWORD_DEFAULT); + $sql_update = "UPDATE Users SET Password = ? WHERE UserID = ?"; + if ($stmt_update = $conn->prepare($sql_update)) { + $stmt_update->bind_param("si", $new_hashed, $_SESSION['id']); + $stmt_update->execute(); + $stmt_update->close(); + + $message = 'Password aggiornata con successo.'; + } else { + $error = 'Errore durante l\'aggiornamento della password.'; + } + } + } else { + $error = 'Errore nel database.'; + } + } + } + ?> + +
+

Cambio Password

+ +

+ +

+ + +

+ +

+ + + +
+ + +
+ + +
+ + +

Torna al mio account

+
+ + \ No newline at end of file diff --git a/src/admin/index.php b/src/admin/index.php new file mode 100644 index 0000000..a3a8ae5 --- /dev/null +++ b/src/admin/index.php @@ -0,0 +1,112 @@ +prepare($sql_role); +$stmt_role->bind_param("i", $user_id); +$stmt_role->execute(); +$stmt_role->bind_result($role); +$stmt_role->fetch(); +$stmt_role->close(); + +if ($role !== 'admin') { + http_response_code(403); + die("Accesso negato. Solo gli amministratori possono accedere a questa sezione."); +} + +// Lettura dei contatori per la dashboard +$totalOrders = 0; +$pendingOrders = 0; +$totalProducts = 0; + +$sql_total_orders = "SELECT COUNT(*) FROM Orders"; +$result_total_orders = $conn->query($sql_total_orders); +if ($result_total_orders) { + $totalOrders = $result_total_orders->fetch_row()[0]; + $result_total_orders->close(); +} + +$sql_pending_orders = "SELECT COUNT(*) FROM Orders WHERE Status = 'pending'"; +$result_pending_orders = $conn->query($sql_pending_orders); +if ($result_pending_orders) { + $pendingOrders = $result_pending_orders->fetch_row()[0]; + $result_pending_orders->close(); +} + +$sql_total_products = "SELECT COUNT(*) FROM Products"; +$result_total_products = $conn->query($sql_total_products); +if ($result_total_products) { + $totalProducts = $result_total_products->fetch_row()[0]; + $result_total_products->close(); +} +?> + + + + + + + Dashboard amministratore - TechStore + + + + +
+ +
+ + + + Benvenuto, + + + +
+
+ + +
+
+ +
+
+

Dashboard

+
+
+

+

Ordini totali

+
+
+

+

Ordini in corso

+
+
+

+

Prodotti totali

+
+
+
+
+ + + + + close(); ?> + + diff --git a/src/admin/manageOrders.php b/src/admin/manageOrders.php new file mode 100644 index 0000000..cd087d6 --- /dev/null +++ b/src/admin/manageOrders.php @@ -0,0 +1,167 @@ +prepare($sql_role); +$stmt_role->bind_param("i", $user_id); +$stmt_role->execute(); +$stmt_role->bind_result($role); +$stmt_role->fetch(); +$stmt_role->close(); + +if ($role !== 'admin') { + http_response_code(403); + die("Accesso negato. Solo gli amministratori possono accedere a questa sezione."); +} + +// Gestisci azioni (cambio stato, eliminazione) +if ($_SERVER['REQUEST_METHOD'] === 'POST') { + $action = $_POST['action'] ?? ''; + $order_id = $_POST['order_id'] ?? 0; + + if ($action === 'update_status') { + $new_status = $_POST['status'] ?? ''; + if (in_array($new_status, ['pending', 'completed', 'cancelled'])) { + $sql_update = "UPDATE Orders SET Status = ? WHERE OrderID = ?"; + $stmt_update = $conn->prepare($sql_update); + $stmt_update->bind_param("si", $new_status, $order_id); + $stmt_update->execute(); + $stmt_update->close(); + } + } elseif ($action === 'delete_order') { + // Elimina gli items dell'ordine prima di eliminare l'ordine + $sql_delete_items = "DELETE FROM OrderItems WHERE OrderID = ?"; + $stmt_delete_items = $conn->prepare($sql_delete_items); + $stmt_delete_items->bind_param("i", $order_id); + $stmt_delete_items->execute(); + $stmt_delete_items->close(); + + // Elimina l'ordine + $sql_delete = "DELETE FROM Orders WHERE OrderID = ?"; + $stmt_delete = $conn->prepare($sql_delete); + $stmt_delete->bind_param("i", $order_id); + $stmt_delete->execute(); + $stmt_delete->close(); + } +} + +// Query per ottenere tutti gli ordini con dettagli utente +$sql = "SELECT o.OrderID, o.UserID, u.Name, u.Surname, u.Email, o.OrderDate, o.Total, o.Status, + GROUP_CONCAT(p.ProductName SEPARATOR ', ') AS Products + FROM Orders o + LEFT JOIN Users u ON o.UserID = u.UserID + LEFT JOIN OrderItems oi ON o.OrderID = oi.OrderID + LEFT JOIN Products p ON oi.ProductID = p.ProductID + GROUP BY o.OrderID + ORDER BY o.OrderDate DESC"; +$result = $conn->query($sql); + +if ($result === false) { + die("Errore nella query: " . $conn->error); +} +?> + + + + + + + Gestione Ordini - TechStore + + + + +
+ +
+ + + + Benvenuto, + + + +
+
+ + +
+
+ +
+
+

Gestione Ordini

+ + num_rows > 0): ?> + + + + + + + + + + + + + + + fetch_assoc()): ?> + + + + + + + + + + + + +
ID OrdineClienteEmailProdottiDataTotaleStatoAzioni
# +
+ + + +
+ 		+
+ + + +
+
+ +

Nessun ordine trovato.

+ +
+
+ + + + + close(); ?> + + diff --git a/src/admin/manageProducts.php b/src/admin/manageProducts.php new file mode 100644 index 0000000..b886971 --- /dev/null +++ b/src/admin/manageProducts.php @@ -0,0 +1,261 @@ +prepare($sql_role); +$stmt_role->bind_param("i", $user_id); +$stmt_role->execute(); +$stmt_role->bind_result($role); +$stmt_role->fetch(); +$stmt_role->close(); + +if ($role !== 'admin') { + http_response_code(403); + die("Accesso negato. Solo gli amministratori possono accedere a questa sezione."); +} + +// Gestione aggiornamenti +if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['save'])) { + $product_id = $_POST['product_id']; + $name = $_POST['name']; + $description = $_POST['description']; + $category_id = $_POST['category_id']; + $price = $_POST['price']; + $stock = $_POST['stock']; + + // Gestione immagine + $image_path = basename($_POST['current_image']); + if (isset($_FILES['image']) && $_FILES['image']['error'] == 0) { + $target_dir = "../img/"; + $image_name = basename($_FILES["image"]["name"]); + $target_file = $target_dir . $image_name; + $imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION)); + // Controlli base + if (in_array($imageFileType, ['jpg', 'png', 'jpeg', 'gif'])) { + if (move_uploaded_file($_FILES["image"]["tmp_name"], $target_file)) { + $image_path = $image_name; + } + } + } + + // Update DB + $sql_update = "UPDATE Products SET ProductName = ?, Description = ?, CategoryID = ?, Price = ?, StockQuantity = ?, ImagePath = ? WHERE ProductID = ?"; + $stmt_update = $conn->prepare($sql_update); + $stmt_update->bind_param("ssidisi", $name, $description, $category_id, $price, $stock, $image_path, $product_id); + $stmt_update->execute(); + $stmt_update->close(); + + // Redirect + header("Location: manageProducts.php"); + exit(); +} + +// Gestione aggiunta nuovo prodotto +if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['add'])) { + $name = $_POST['name']; + $description = $_POST['description']; + $category_id = $_POST['category_id']; + $price = $_POST['price']; + $stock = $_POST['stock']; + $image_path = ''; + + if (isset($_FILES['image']) && $_FILES['image']['error'] == 0) { + $target_dir = "../img/"; + $image_name = basename($_FILES["image"]["name"]); + $target_file = $target_dir . $image_name; + $imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION)); + if (in_array($imageFileType, ['jpg', 'png', 'jpeg', 'gif'])) { + if (move_uploaded_file($_FILES["image"]["tmp_name"], $target_file)) { + $image_path = $image_name; + } + } + } + + $sql_insert = "INSERT INTO Products (ProductName, Description, CategoryID, Price, StockQuantity, ImagePath) VALUES (?, ?, ?, ?, ?, ?)"; + $stmt_insert = $conn->prepare($sql_insert); + $stmt_insert->bind_param("ssidis", $name, $description, $category_id, $price, $stock, $image_path); + $stmt_insert->execute(); + $stmt_insert->close(); + + header("Location: manageProducts.php"); + exit(); +} + +// Ottieni categorie +$categories = []; +$sql_cat = "SELECT CategoryID, Name FROM Categories"; +$stmt_cat = $conn->prepare($sql_cat); +$stmt_cat->execute(); +$result_cat = $stmt_cat->get_result(); +while ($row = $result_cat->fetch_assoc()) { + $categories[] = $row; +} +$stmt_cat->close(); + +// Ottieni prodotti +$products = []; +$sql_prod = "SELECT ProductID, ProductName, Description, Price, StockQuantity, ImagePath, CategoryID FROM Products"; +$stmt_prod = $conn->prepare($sql_prod); +$stmt_prod->execute(); +$result_prod = $stmt_prod->get_result(); +while ($row = $result_prod->fetch_assoc()) { + $products[] = $row; +} +$stmt_prod->close(); +?> + + + + + + + Gestione Prodotti - TechStore + + + + + +
+ +
+ + + + Benvenuto, + + + +
+
+ + +
+
+ +
+
+

Gestione Prodotti

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IDNomeDescrizioneCategoriaPrezzoStockImmagineAzioni
+ + +
+ + + +
+ 		+ + Immagine
+
+ + +
+
+
+
+ + + + + close(); ?> + + diff --git a/src/admin/manageUsers.php b/src/admin/manageUsers.php new file mode 100644 index 0000000..153a6d9 --- /dev/null +++ b/src/admin/manageUsers.php @@ -0,0 +1,173 @@ +prepare($sql_role); +$stmt_role->bind_param("i", $user_id); +$stmt_role->execute(); +$stmt_role->bind_result($role); +$stmt_role->fetch(); +$stmt_role->close(); + +if ($role !== 'admin') { + http_response_code(403); + die("Accesso negato. Solo gli amministratori possono accedere a questa sezione."); +} + +// Gestisci azioni (reset password, cambio ruolo, eliminazione) +if ($_SERVER['REQUEST_METHOD'] === 'POST') { + $action = $_POST['action'] ?? ''; + $user_id = $_POST['user_id'] ?? 0; + + if ($action === 'reset_password') { + // Genera una password temporanea + $temp_password = bin2hex(random_bytes(4)); + $hashed_password = password_hash($temp_password, PASSWORD_DEFAULT); + + $sql_reset = "UPDATE Users SET Password = ? WHERE UserID = ?"; + $stmt_reset = $conn->prepare($sql_reset); + $stmt_reset->bind_param("si", $hashed_password, $user_id); + $stmt_reset->execute(); + $stmt_reset->close(); + + $reset_message = "Password temporanea generata: " . htmlspecialchars($temp_password); + } elseif ($action === 'update_role') { + $new_role = $_POST['role'] ?? ''; + if (in_array($new_role, ['user', 'admin'])) { + $sql_update = "UPDATE Users SET Role = ? WHERE UserID = ?"; + $stmt_update = $conn->prepare($sql_update); + $stmt_update->bind_param("si", $new_role, $user_id); + $stmt_update->execute(); + $stmt_update->close(); + } + } elseif ($action === 'delete_user') { + // Elimina gli ordini dell'utente prima di eliminare l'utente + $sql_delete_orders = "DELETE FROM Orders WHERE UserID = ?"; + $stmt_delete_orders = $conn->prepare($sql_delete_orders); + $stmt_delete_orders->bind_param("i", $user_id); + $stmt_delete_orders->execute(); + $stmt_delete_orders->close(); + + // Elimina l'utente + $sql_delete = "DELETE FROM Users WHERE UserID = ?"; + $stmt_delete = $conn->prepare($sql_delete); + $stmt_delete->bind_param("i", $user_id); + $stmt_delete->execute(); + $stmt_delete->close(); + } +} + +// Query per ottenere tutti gli utenti +$sql = "SELECT UserID, Name, Surname, Email, Role FROM Users ORDER BY UserID DESC"; +$result = $conn->query($sql); + +if ($result === false) { + die("Errore nella query: " . $conn->error); +} +?> + + + + + + + Gestione Utenti - TechStore + + + + +
+ +
+ + + + Benvenuto, + + + +
+
+ + +
+
+ +
+
+

Gestione Utenti

+ + +
+ +
+ + + num_rows > 0): ?> + + + + + + + + + + + + + fetch_assoc()): ?> + + + + + + + + + + +
IDNomeCognomeEmailRuoloAzioni
# +
+ + + +
+ 		+
+ + + +
+
+ +

Nessun utente trovato.

+ +
+
+ + + + + close(); ?> + + diff --git a/src/assets/style.css b/src/assets/style.css index 5a66723..823f33c 100644 --- a/src/assets/style.css +++ b/src/assets/style.css @@ -256,6 +256,187 @@ form button:hover { padding: 20px; } +.product-table { + width: 100%; + border-collapse: collapse; + margin-top: 20px; +} + +.product-table th, +.product-table td { + border: 1px solid #ddd; + padding: 12px; + vertical-align: top; +} + +.product-table th { + background-color: #f8f9fa; + font-weight: 700; + text-align: left; +} + +.product-row:hover { + background-color: #f7f9fb; +} + +.add-product-panel { + margin-bottom: 24px; + padding: 18px; + border: 1px solid #ddd; + border-radius: 8px; + background-color: #fdfdfd; +} + +.add-product-panel h2 { + margin-top: 0; + margin-bottom: 16px; + color: #333; + font-size: 1.25rem; +} + +.add-product-form { + display: grid; + gap: 16px; +} + +.add-product-form .form-row { + display: grid; + gap: 8px; +} + +.add-product-form label { + font-weight: 600; + color: #444; +} + +.toggle-button { + padding: 10px 16px; + background-color: #17a2b8; + color: #fff; + border: none; + border-radius: 4px; + cursor: pointer; + margin-bottom: 16px; +} + +.toggle-button:hover { + background-color: #117a8b; +} + +.add-product-panel.collapsed { + display: none; +} + +.product-name-input, +.product-description-textarea, +.product-category-select, +.product-price-input, +.stock-input, +.product-image-input { + width: 100%; + padding: 10px; + border: 1px solid #ccc; + border-radius: 4px; + box-sizing: border-box; +} + +.product-description-textarea { + min-height: 80px; + resize: vertical; +} + +.stock-control { + display: flex; + align-items: center; + gap: 8px; +} + +.stock-button { + width: 32px; + height: 32px; + border: none; + border-radius: 4px; + background-color: #007bff; + color: #fff; + cursor: pointer; +} + +.stock-button:hover { + background-color: #0056b3; +} + +.product-image-preview { + max-width: 100px; + display: block; + margin-bottom: 8px; +} + +.image-upload { + display: flex; + flex-direction: column; + gap: 8px; +} + +.save-button { + padding: 10px 16px; + background-color: #28a745; + color: #fff; + border: none; + border-radius: 4px; + cursor: pointer; +} + +.save-button:hover { + background-color: #218838; +} + +.admin-divider{ + display: block; + height: 1px; + border: 0; + border-top: 1px solid #ddd; + margin: 1em 0; + padding: 0; +} + +.admin-stats-grid { + display: grid; + grid-template-columns: repeat(auto-fit, minmax(180px, 1fr)); + gap: 16px; + margin-top: 20px; +} + +.admin-stat-card { + padding: 20px; + border: 1px solid #ddd; + border-radius: 12px; + background-color: #fff; + box-shadow: 0 1px 4px rgba(0,0,0,0.06); + text-align: center; +} + +.admin-stat-card h2 { + margin: 0 0 10px; + font-size: 36px; + color: #333; +} + +.admin-stat-card p { + margin: 0; + color: #666; + font-weight: 600; +} + +.admin-stat-pending { + border-color: #ffc107; + background-color: #fff8e1; +} + +.admin-stat-products { + border-color: #17a2b8; + background-color: #e9f7fb; +} + @media (max-width: 768px) { .account-layout { flex-direction: column; @@ -319,4 +500,102 @@ form button:hover { .order-details p { margin: 5px 0; color: #666; -} \ No newline at end of file +} + +/* Stili per la pagina admin di gestione ordini */ +.admin-table { + width: 100%; + border-collapse: collapse; + margin-top: 20px; + background-color: #fff; +} + +.admin-table th, +.admin-table td { + border: 1px solid #ddd; + padding: 12px; + text-align: left; +} + +.admin-table th { + background-color: #f2f2f2; + font-weight: bold; +} + +.admin-table tbody tr:hover { + background-color: #f9f9f9; +} + +.status-select { + padding: 5px 8px; + border: 1px solid #ddd; + border-radius: 4px; + cursor: pointer; +} + +.status-select.status-pending { + background-color: #fff3cd; + color: #212529; +} + +.status-select.status-completed { + background-color: #d4edda; + color: #155724; +} + +.status-select.status-cancelled { + background-color: #f8d7da; + color: #721c24; +} + +.btn-delete { + padding: 5px 10px; + background-color: #dc3545; + color: white; + border: none; + border-radius: 4px; + cursor: pointer; + font-size: 12px; +} + +.btn-delete:hover { + background-color: #c82333; +} + +.admin-table td form { + display: contents; + margin: 0; + padding: 0; +} + +/* Stili per role-select */ +.role-select { + border: 1px solid #ddd; + border-radius: 4px; + cursor: pointer; +} + +.role-select.role-user { + background-color: #e7f3ff; + color: #004085; +} + +.role-select.role-admin { + background-color: #fff3cd; + color: #856404; +} + +/* Stili per btn-reset */ +.btn-reset { + background-color: #17a2b8; + color: white; + border: none; + border-radius: 4px; + cursor: pointer; + font-size: 12px; + margin-right: 5px; +} + +.btn-reset:hover { + background-color: #138496; +} diff --git a/src/checkout.php b/src/checkout.php index 6794db7..c49cc38 100644 --- a/src/checkout.php +++ b/src/checkout.php @@ -52,6 +52,22 @@ try { $quantity = $item['quantity']; $price = $item['price']; + // Controlla lo stock disponibile + $sql_check_stock = "SELECT StockQuantity, ProductName FROM Products WHERE ProductID = ?"; + $stmt_check = $conn->prepare($sql_check_stock); + if (!$stmt_check) { + throw new Exception("Errore nella preparazione della query di controllo stock: " . $conn->error); + } + $stmt_check->bind_param("i", $product_id); + $stmt_check->execute(); + $result_check = $stmt_check->get_result(); + $product = $result_check->fetch_assoc(); + $stmt_check->close(); + + if (!$product || $product['StockQuantity'] < $quantity) { + throw new Exception("Quantità insufficiente per il prodotto '" . $product['ProductName'] . "'. Disponibile: " . ($product ? $product['StockQuantity'] : 0)); + } + // Aggiungi item all'ordine $sql_item = "INSERT INTO OrderItems (OrderID, ProductID, Quantity, Price) VALUES (?, ?, ?, ?)"; $stmt_item = $conn->prepare($sql_item); diff --git a/src/index.php b/src/index.php index c44cc25..bac08ca 100644 --- a/src/index.php +++ b/src/index.php @@ -41,7 +41,11 @@ if ($result === false) {
Immagine prodotto

" . htmlspecialchars($row['ProductName']) . ""; ?>

- + 0): ?> + + + + diff --git a/src/orders.php b/src/orders.php index d5c626a..69da5bd 100644 --- a/src/orders.php +++ b/src/orders.php @@ -56,6 +56,9 @@ if (!$result) {
diff --git a/src/product.php b/src/product.php index b8dd98b..ae1075a 100644 --- a/src/product.php +++ b/src/product.php @@ -54,7 +54,11 @@ if ($stmt = $conn->prepare($sql)) {

Descrizione:

Prezzo:

Quantità disponibile:

- + 0): ?> + + + +