From 3ca10395b5609cfaae0e61b6b59716a6936bcbf2 Mon Sep 17 00:00:00 2001 From: Andrea Fiorencis Date: Wed, 8 Apr 2026 11:48:50 +0200 Subject: [PATCH 01/21] Creata dashboard amministratore --- src/admin/index.php | 76 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 src/admin/index.php diff --git a/src/admin/index.php b/src/admin/index.php new file mode 100644 index 0000000..9d2829e --- /dev/null +++ b/src/admin/index.php @@ -0,0 +1,76 @@ +prepare($sql_role); +$stmt_role->bind_param("i", $user_id); +$stmt_role->execute(); +$stmt_role->bind_result($role); +$stmt_role->fetch(); +$stmt_role->close(); + +if ($role !== 'admin') { + http_response_code(403); + die("Accesso negato. Solo gli amministratori possono accedere a questa sezione."); +} + +// Query per ottenere tutti i prodotti +$sql = "SELECT p.ProductID, p.ProductName, c.Name AS 'CategoryName', p.Description, p.Price, p.StockQuantity, p.ImagePath FROM Products p JOIN Categories c ON p.CategoryID=c.CategoryID"; +$result = $conn->query($sql); + +if ($result === false) { + die("Errore nella query: " . $conn->error); +} +?> + + + + + + + Dashboard amministratore - TechStore + + + + +
+ +
+ + + + Benvenuto, + + + +
+
+ + +
+
+ +
+
+

Hello World!

+

+
+ + + + + close(); ?> + + From 94de053c595a1eb68cfffe6d1d7c56bd49085974 Mon Sep 17 00:00:00 2001 From: Andrea Fiorencis Date: Thu, 9 Apr 2026 08:42:46 +0200 Subject: [PATCH 02/21] Creazione Dockerfile base (preso da [php.classeviva2](https://git.xushidev.cc/scuola/php.classeviva2/src/commit/faf069f24ee86d0c078640707a388c0bf948f8e3/Dockerfile)) --- Dockerfile | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..c31d39b --- /dev/null +++ b/Dockerfile @@ -0,0 +1,7 @@ +FROM php:8.1-apache + +# Installa l'estensione mysqli per PHP +RUN docker-php-ext-install mysqli + +# Copia il contenuto della cartella src/ nella directory di lavoro di Apache +COPY src/ /var/www/html/ \ No newline at end of file From 3abf99d4cf96f9c10306d7d558c50c9a88919c6f Mon Sep 17 00:00:00 2001 From: Andrea Fiorencis Date: Thu, 9 Apr 2026 08:42:46 +0200 Subject: [PATCH 03/21] Creazione Dockerfile base (preso da https://git.xushidev.cc/scuola/php.classeviva2/src/commit/faf069f24ee86d0c078640707a388c0bf948f8e3/Dockerfile [php.classeviva2]) --- Dockerfile | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..c31d39b --- /dev/null +++ b/Dockerfile @@ -0,0 +1,7 @@ +FROM php:8.1-apache + +# Installa l'estensione mysqli per PHP +RUN docker-php-ext-install mysqli + +# Copia il contenuto della cartella src/ nella directory di lavoro di Apache +COPY src/ /var/www/html/ \ No newline at end of file From 397c899115beb5703129a559f9745746f3962560 Mon Sep 17 00:00:00 2001 From: Andrea Fiorencis Date: Fri, 10 Apr 2026 11:39:37 +0200 Subject: [PATCH 04/21] Implementata pagina gestione ordini --- src/admin/manageOrders.php | 163 +++++++++++++++++++++++++++++++++++++ src/assets/style.css | 66 +++++++++++++++ 2 files changed, 229 insertions(+) create mode 100644 src/admin/manageOrders.php diff --git a/src/admin/manageOrders.php b/src/admin/manageOrders.php new file mode 100644 index 0000000..c6e4a6b --- /dev/null +++ b/src/admin/manageOrders.php @@ -0,0 +1,163 @@ +prepare($sql_role); +$stmt_role->bind_param("i", $user_id); +$stmt_role->execute(); +$stmt_role->bind_result($role); +$stmt_role->fetch(); +$stmt_role->close(); + +if ($role !== 'admin') { + http_response_code(403); + die("Accesso negato. Solo gli amministratori possono accedere a questa sezione."); +} + +// Gestisci azioni (cambio stato, eliminazione) +if ($_SERVER['REQUEST_METHOD'] === 'POST') { + $action = $_POST['action'] ?? ''; + $order_id = $_POST['order_id'] ?? 0; + + if ($action === 'update_status') { + $new_status = $_POST['status'] ?? ''; + if (in_array($new_status, ['pending', 'completed', 'cancelled'])) { + $sql_update = "UPDATE Orders SET Status = ? WHERE OrderID = ?"; + $stmt_update = $conn->prepare($sql_update); + $stmt_update->bind_param("si", $new_status, $order_id); + $stmt_update->execute(); + $stmt_update->close(); + } + } elseif ($action === 'delete_order') { + // Elimina gli items dell'ordine prima di eliminare l'ordine + $sql_delete_items = "DELETE FROM OrderItems WHERE OrderID = ?"; + $stmt_delete_items = $conn->prepare($sql_delete_items); + $stmt_delete_items->bind_param("i", $order_id); + $stmt_delete_items->execute(); + $stmt_delete_items->close(); + + // Elimina l'ordine + $sql_delete = "DELETE FROM Orders WHERE OrderID = ?"; + $stmt_delete = $conn->prepare($sql_delete); + $stmt_delete->bind_param("i", $order_id); + $stmt_delete->execute(); + $stmt_delete->close(); + } +} + +// Query per ottenere tutti gli ordini con dettagli utente +$sql = "SELECT o.OrderID, o.UserID, u.Name, u.Surname, u.Email, o.OrderDate, o.Total, o.Status, + GROUP_CONCAT(p.ProductName SEPARATOR ', ') AS Products + FROM Orders o + LEFT JOIN Users u ON o.UserID = u.UserID + LEFT JOIN OrderItems oi ON o.OrderID = oi.OrderID + LEFT JOIN Products p ON oi.ProductID = p.ProductID + GROUP BY o.OrderID + ORDER BY o.OrderDate DESC"; +$result = $conn->query($sql); + +if ($result === false) { + die("Errore nella query: " . $conn->error); +} +?> + + + + + + + Dashboard amministratore - TechStore + + + + +
+ +
+ + + + Benvenuto, + + + +
+
+ + + + + + + + close(); ?> + + diff --git a/src/assets/style.css b/src/assets/style.css index 5a66723..4b3d3e5 100644 --- a/src/assets/style.css +++ b/src/assets/style.css @@ -319,4 +319,70 @@ form button:hover { .order-details p { margin: 5px 0; color: #666; +} + +/* Stili per la pagina admin di gestione ordini */ +.admin-table { + width: 100%; + border-collapse: collapse; + margin-top: 20px; + background-color: #fff; +} + +.admin-table th, +.admin-table td { + border: 1px solid #ddd; + padding: 12px; + text-align: left; +} + +.admin-table th { + background-color: #f2f2f2; + font-weight: bold; +} + +.admin-table tbody tr:hover { + background-color: #f9f9f9; +} + +.status-select { + padding: 5px 8px; + border: 1px solid #ddd; + border-radius: 4px; + cursor: pointer; +} + +.status-select.status-pending { + background-color: #fff3cd; + color: #212529; +} + +.status-select.status-completed { + background-color: #d4edda; + color: #155724; +} + +.status-select.status-cancelled { + background-color: #f8d7da; + color: #721c24; +} + +.btn-delete { + padding: 5px 10px; + background-color: #dc3545; + color: white; + border: none; + border-radius: 4px; + cursor: pointer; + font-size: 12px; +} + +.btn-delete:hover { + background-color: #c82333; +} + +.admin-table td form { + display: contents; + margin: 0; + padding: 0; } \ No newline at end of file From 504db2e5b54c5e96a48f80f148a5bd6ac4849c97 Mon Sep 17 00:00:00 2001 From: Andrea Fiorencis Date: Fri, 10 Apr 2026 11:45:38 +0200 Subject: [PATCH 05/21] Modifiche pannello account e admin --- src/account.php | 3 +++ src/admin/index.php | 4 ++++ src/admin/manageOrders.php | 4 ++++ src/orders.php | 3 +++ 4 files changed, 14 insertions(+) diff --git a/src/account.php b/src/account.php index 5acaa4d..eca6fcb 100644 --- a/src/account.php +++ b/src/account.php @@ -40,6 +40,9 @@ if ($result === false) {
diff --git a/src/admin/index.php b/src/admin/index.php index 9d2829e..0eaa1c9 100644 --- a/src/admin/index.php +++ b/src/admin/index.php @@ -61,6 +61,10 @@ if ($result === false) {
diff --git a/src/admin/manageOrders.php b/src/admin/manageOrders.php index c6e4a6b..96ca661 100644 --- a/src/admin/manageOrders.php +++ b/src/admin/manageOrders.php @@ -99,6 +99,10 @@ if ($result === false) {
diff --git a/src/orders.php b/src/orders.php index d5c626a..69da5bd 100644 --- a/src/orders.php +++ b/src/orders.php @@ -56,6 +56,9 @@ if (!$result) {
From 49d2614528526f3080d93de1a1f4df7a4fd51080 Mon Sep 17 00:00:00 2001 From: Andrea Fiorencis Date: Fri, 10 Apr 2026 11:54:04 +0200 Subject: [PATCH 06/21] Implementazione gestione utenti --- src/admin/manageUsers.php | 178 ++++++++++++++++++++++++++++++++++++++ src/assets/style.css | 34 +++++++- 2 files changed, 211 insertions(+), 1 deletion(-) create mode 100644 src/admin/manageUsers.php diff --git a/src/admin/manageUsers.php b/src/admin/manageUsers.php new file mode 100644 index 0000000..a3cd7af --- /dev/null +++ b/src/admin/manageUsers.php @@ -0,0 +1,178 @@ +prepare($sql_role); +$stmt_role->bind_param("i", $user_id); +$stmt_role->execute(); +$stmt_role->bind_result($role); +$stmt_role->fetch(); +$stmt_role->close(); + +if ($role !== 'admin') { + http_response_code(403); + die("Accesso negato. Solo gli amministratori possono accedere a questa sezione."); +} + +// Gestisci azioni (reset password, cambio ruolo, eliminazione) +if ($_SERVER['REQUEST_METHOD'] === 'POST') { + $action = $_POST['action'] ?? ''; + $user_id = $_POST['user_id'] ?? 0; + + if ($action === 'reset_password') { + // Genera una password temporanea + $temp_password = bin2hex(random_bytes(4)); + $hashed_password = password_hash($temp_password, PASSWORD_DEFAULT); + + $sql_reset = "UPDATE Users SET Password = ? WHERE UserID = ?"; + $stmt_reset = $conn->prepare($sql_reset); + $stmt_reset->bind_param("si", $hashed_password, $user_id); + $stmt_reset->execute(); + $stmt_reset->close(); + + $reset_message = "Password temporanea generata: " . htmlspecialchars($temp_password); + } elseif ($action === 'update_role') { + $new_role = $_POST['role'] ?? ''; + if (in_array($new_role, ['user', 'admin'])) { + $sql_update = "UPDATE Users SET Role = ? WHERE UserID = ?"; + $stmt_update = $conn->prepare($sql_update); + $stmt_update->bind_param("si", $new_role, $user_id); + $stmt_update->execute(); + $stmt_update->close(); + } + } elseif ($action === 'delete_user') { + // Elimina gli ordini dell'utente prima di eliminare l'utente + $sql_delete_orders = "DELETE FROM Orders WHERE UserID = ?"; + $stmt_delete_orders = $conn->prepare($sql_delete_orders); + $stmt_delete_orders->bind_param("i", $user_id); + $stmt_delete_orders->execute(); + $stmt_delete_orders->close(); + + // Elimina l'utente + $sql_delete = "DELETE FROM Users WHERE UserID = ?"; + $stmt_delete = $conn->prepare($sql_delete); + $stmt_delete->bind_param("i", $user_id); + $stmt_delete->execute(); + $stmt_delete->close(); + } +} + +// Query per ottenere tutti gli utenti +$sql = "SELECT UserID, Name, Surname, Email, Role FROM Users ORDER BY UserID DESC"; +$result = $conn->query($sql); + +if ($result === false) { + die("Errore nella query: " . $conn->error); +} +?> + + + + + + + Dashboard amministratore - TechStore + + + + +
+ +
+ + + + Benvenuto, + + + +
+
+ + + + + + + + close(); ?> + + diff --git a/src/assets/style.css b/src/assets/style.css index 4b3d3e5..1121585 100644 --- a/src/assets/style.css +++ b/src/assets/style.css @@ -385,4 +385,36 @@ form button:hover { display: contents; margin: 0; padding: 0; -} \ No newline at end of file +} + +/* Stili per role-select */ +.role-select { + border: 1px solid #ddd; + border-radius: 4px; + cursor: pointer; +} + +.role-select.role-user { + background-color: #e7f3ff; + color: #004085; +} + +.role-select.role-admin { + background-color: #fff3cd; + color: #856404; +} + +/* Stili per btn-reset */ +.btn-reset { + background-color: #17a2b8; + color: white; + border: none; + border-radius: 4px; + cursor: pointer; + font-size: 12px; + margin-right: 5px; +} + +.btn-reset:hover { + background-color: #138496; +} From e60cc7802468747849cc3922d38a3df9b650fdfa Mon Sep 17 00:00:00 2001 From: Andrea Fiorencis Date: Fri, 10 Apr 2026 12:04:58 +0200 Subject: [PATCH 07/21] Rimozione pulsante Elimina in gestione utente Rimosso in quanto impossibile eliminare utenti a cui sono associati ordini dal DBMS --- src/admin/manageUsers.php | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/admin/manageUsers.php b/src/admin/manageUsers.php index a3cd7af..4192f80 100644 --- a/src/admin/manageUsers.php +++ b/src/admin/manageUsers.php @@ -154,11 +154,6 @@ if ($result === false) { -
- - - -
From a6a991db6487905c2dbddee38700f000bf95416a Mon Sep 17 00:00:00 2001 From: Andrea Fiorencis Date: Fri, 10 Apr 2026 12:33:06 +0200 Subject: [PATCH 08/21] feat: implementazione dashboard --- src/admin/index.php | 44 ++++++++++++++++++++++++++++++++++++++------ src/assets/style.css | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+), 6 deletions(-) diff --git a/src/admin/index.php b/src/admin/index.php index 0eaa1c9..332c703 100644 --- a/src/admin/index.php +++ b/src/admin/index.php @@ -23,12 +23,30 @@ if ($role !== 'admin') { die("Accesso negato. Solo gli amministratori possono accedere a questa sezione."); } -// Query per ottenere tutti i prodotti -$sql = "SELECT p.ProductID, p.ProductName, c.Name AS 'CategoryName', p.Description, p.Price, p.StockQuantity, p.ImagePath FROM Products p JOIN Categories c ON p.CategoryID=c.CategoryID"; -$result = $conn->query($sql); +// Lettura dei contatori per la dashboard +$totalOrders = 0; +$pendingOrders = 0; +$totalProducts = 0; -if ($result === false) { - die("Errore nella query: " . $conn->error); +$sql_total_orders = "SELECT COUNT(*) FROM Orders"; +$result_total_orders = $conn->query($sql_total_orders); +if ($result_total_orders) { + $totalOrders = $result_total_orders->fetch_row()[0]; + $result_total_orders->close(); +} + +$sql_pending_orders = "SELECT COUNT(*) FROM Orders WHERE Status = 'pending'"; +$result_pending_orders = $conn->query($sql_pending_orders); +if ($result_pending_orders) { + $pendingOrders = $result_pending_orders->fetch_row()[0]; + $result_pending_orders->close(); +} + +$sql_total_products = "SELECT COUNT(*) FROM Products"; +$result_total_products = $conn->query($sql_total_products); +if ($result_total_products) { + $totalProducts = $result_total_products->fetch_row()[0]; + $result_total_products->close(); } ?> @@ -68,7 +86,21 @@ if ($result === false) {
-

Hello World!

+

Dashboard

+
+
+

+

Ordini totali

+
+
+

+

Ordini in corso

+
+
+

+

Prodotti totali

+
+
diff --git a/src/assets/style.css b/src/assets/style.css index 1121585..31af370 100644 --- a/src/assets/style.css +++ b/src/assets/style.css @@ -256,6 +256,44 @@ form button:hover { padding: 20px; } +.admin-stats-grid { + display: grid; + grid-template-columns: repeat(auto-fit, minmax(180px, 1fr)); + gap: 16px; + margin-top: 20px; +} + +.admin-stat-card { + padding: 20px; + border: 1px solid #ddd; + border-radius: 12px; + background-color: #fff; + box-shadow: 0 1px 4px rgba(0,0,0,0.06); + text-align: center; +} + +.admin-stat-card h2 { + margin: 0 0 10px; + font-size: 36px; + color: #333; +} + +.admin-stat-card p { + margin: 0; + color: #666; + font-weight: 600; +} + +.admin-stat-pending { + border-color: #ffc107; + background-color: #fff8e1; +} + +.admin-stat-products { + border-color: #17a2b8; + background-color: #e9f7fb; +} + @media (max-width: 768px) { .account-layout { flex-direction: column; From 81fe7ba295f4290ef1e2c08bb425e95a6fc9f959 Mon Sep 17 00:00:00 2001 From: Andrea Fiorencis Date: Fri, 10 Apr 2026 12:33:57 +0200 Subject: [PATCH 09/21] WIP: creazione pagina gestione prodotti --- src/admin/manageProducts.php | 73 ++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 src/admin/manageProducts.php diff --git a/src/admin/manageProducts.php b/src/admin/manageProducts.php new file mode 100644 index 0000000..d62a3eb --- /dev/null +++ b/src/admin/manageProducts.php @@ -0,0 +1,73 @@ +prepare($sql_role); +$stmt_role->bind_param("i", $user_id); +$stmt_role->execute(); +$stmt_role->bind_result($role); +$stmt_role->fetch(); +$stmt_role->close(); + +if ($role !== 'admin') { + http_response_code(403); + die("Accesso negato. Solo gli amministratori possono accedere a questa sezione."); +} +?> + + + + + + + Gestione prodotti - TechStore + + + + +
+ +
+ + + + Benvenuto, + + + +
+
+ + + + + + + + close(); ?> + + From f1cdb1fe9c1abbe6ad05934502ce71682532f48c Mon Sep 17 00:00:00 2001 From: Andrea Fiorencis Date: Fri, 10 Apr 2026 12:35:08 +0200 Subject: [PATCH 10/21] fix: titoli pagine gestione errati --- src/admin/manageOrders.php | 2 +- src/admin/manageProducts.php | 2 +- src/admin/manageUsers.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/admin/manageOrders.php b/src/admin/manageOrders.php index 96ca661..4a293dd 100644 --- a/src/admin/manageOrders.php +++ b/src/admin/manageOrders.php @@ -75,7 +75,7 @@ if ($result === false) { - Dashboard amministratore - TechStore + Gestione Ordini - TechStore diff --git a/src/admin/manageProducts.php b/src/admin/manageProducts.php index d62a3eb..354b686 100644 --- a/src/admin/manageProducts.php +++ b/src/admin/manageProducts.php @@ -29,7 +29,7 @@ if ($role !== 'admin') { - Gestione prodotti - TechStore + Gestione Prodotti - TechStore diff --git a/src/admin/manageUsers.php b/src/admin/manageUsers.php index 4192f80..5a100a2 100644 --- a/src/admin/manageUsers.php +++ b/src/admin/manageUsers.php @@ -80,7 +80,7 @@ if ($result === false) { - Dashboard amministratore - TechStore + Gestione Utenti - TechStore From 5f23a26c340736c9229e108911b52bb96eedd5ab Mon Sep 17 00:00:00 2001 From: Andrea Fiorencis Date: Fri, 10 Apr 2026 12:43:46 +0200 Subject: [PATCH 11/21] Aggiunta pulsante modifica password --- src/account.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/account.php b/src/account.php index eca6fcb..f664fa6 100644 --- a/src/account.php +++ b/src/account.php @@ -49,7 +49,8 @@ if ($result === false) {

Account di

Nome completo:


- Elimina account + Modifica password + Elimina account

From 8b37e33a9fd23205728fbf47981f6336a20f489b Mon Sep 17 00:00:00 2001 From: Andrea Fiorencis Date: Fri, 10 Apr 2026 12:48:54 +0200 Subject: [PATCH 12/21] Implementazione pagina cambio password --- src/account.php | 4 +- src/account/passwordChange.php | 90 ++++++++++++++++++++++++++++++++++ 2 files changed, 92 insertions(+), 2 deletions(-) create mode 100644 src/account/passwordChange.php diff --git a/src/account.php b/src/account.php index f664fa6..7d48394 100644 --- a/src/account.php +++ b/src/account.php @@ -49,8 +49,8 @@ if ($result === false) {

Account di

Nome completo:


- Modifica password - Elimina account + Modifica password + Elimina account

diff --git a/src/account/passwordChange.php b/src/account/passwordChange.php new file mode 100644 index 0000000..ac49b8b --- /dev/null +++ b/src/account/passwordChange.php @@ -0,0 +1,90 @@ + + + + + + Cambio Password - TechStore + + + + prepare($sql)) { + $stmt->bind_param("i", $_SESSION['id']); + $stmt->execute(); + $stmt->bind_result($hashed_password); + $stmt->fetch(); + $stmt->close(); + + if (!password_verify($current_password, $hashed_password)) { + $error = 'La password corrente non è corretta.'; + } else { + $new_hashed = password_hash($new_password, PASSWORD_DEFAULT); + $sql_update = "UPDATE Users SET Password = ? WHERE UserID = ?"; + if ($stmt_update = $conn->prepare($sql_update)) { + $stmt_update->bind_param("si", $new_hashed, $_SESSION['id']); + $stmt_update->execute(); + $stmt_update->close(); + + $message = 'Password aggiornata con successo.'; + } else { + $error = 'Errore durante l\'aggiornamento della password.'; + } + } + } else { + $error = 'Errore nel database.'; + } + } + } + ?> + +
+

Cambio Password

+ +

+ +

+ + +

+ +

+ + + +
+ + +
+ + +
+ + +

Torna al mio account

+
+ + \ No newline at end of file From 5551ee423507796784e170e36b0614c439eae476 Mon Sep 17 00:00:00 2001 From: Andrea Fiorencis Date: Fri, 10 Apr 2026 13:02:36 +0200 Subject: [PATCH 13/21] Implementazione eliminazione utente --- src/account/delete.php | 92 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 src/account/delete.php diff --git a/src/account/delete.php b/src/account/delete.php new file mode 100644 index 0000000..e085c89 --- /dev/null +++ b/src/account/delete.php @@ -0,0 +1,92 @@ + + + + + + Elimina Account - TechStore + + + + prepare($sql)) { + $stmt->bind_param("i", $_SESSION['id']); + $stmt->execute(); + $stmt->bind_result($hashed_password); + $stmt->fetch(); + $stmt->close(); + + if (!password_verify($current_password, $hashed_password)) { + $error = 'La password non è corretta.'; + } else { + // Elimina gli ordini associati all'utente + $sql_delete_order_items = "DELETE oi FROM OrderItems oi JOIN Orders o ON oi.OrderID = o.OrderID WHERE o.UserID = ?"; + $stmt_delete_order_items = $conn->prepare($sql_delete_order_items); + $stmt_delete_order_items->bind_param("i", $_SESSION['id']); + $stmt_delete_order_items->execute(); + $stmt_delete_order_items->close(); + + $sql_delete_orders = "DELETE FROM Orders WHERE UserID = ?"; + $stmt_delete_orders = $conn->prepare($sql_delete_orders); + $stmt_delete_orders->bind_param("i", $_SESSION['id']); + $stmt_delete_orders->execute(); + $stmt_delete_orders->close(); + + $sql_delete_user = "DELETE FROM Users WHERE UserID = ?"; + $stmt_delete_user = $conn->prepare($sql_delete_user); + $stmt_delete_user->bind_param("i", $_SESSION['id']); + $stmt_delete_user->execute(); + $stmt_delete_user->close(); + + session_unset(); + session_destroy(); + + $message = 'Il tuo account è stato eliminato insieme a tutti i tuoi ordini.'; + } + } else { + $error = 'Errore nel database.'; + } + } + } + ?> + +
+

Elimina Account

+

Questa operazione cancellerà il tuo account e tutti gli ordini associati. Inserisci la tua password per confermare.

+ + +

+ +

+ + +

+ +

+ + + +
+ + +

Annulla e torna al mio account

+
+ + \ No newline at end of file From d6a64fd4599f3633edea2d68d44c7c495f884005 Mon Sep 17 00:00:00 2001 From: Andrea Fiorencis Date: Fri, 10 Apr 2026 13:15:46 +0200 Subject: [PATCH 14/21] fix: stylesheet separatore pannello admin --- src/admin/index.php | 2 +- src/admin/manageOrders.php | 2 +- src/admin/manageProducts.php | 2 +- src/admin/manageUsers.php | 2 +- src/assets/style.css | 9 +++++++++ 5 files changed, 13 insertions(+), 4 deletions(-) diff --git a/src/admin/index.php b/src/admin/index.php index 332c703..a3a8ae5 100644 --- a/src/admin/index.php +++ b/src/admin/index.php @@ -81,7 +81,7 @@ if ($result_total_products) {
  • Gestione ordini
  • Gestione prodotti
  • Gestione utenti
    • -
    +
  • Ritorna al tuo account
    • diff --git a/src/admin/manageOrders.php b/src/admin/manageOrders.php index 4a293dd..cd087d6 100644 --- a/src/admin/manageOrders.php +++ b/src/admin/manageOrders.php @@ -101,7 +101,7 @@ if ($result === false) {
  • Gestione ordini
  • Gestione prodotti
  • Gestione utenti
    • -
    +
  • Ritorna al tuo account
    • diff --git a/src/admin/manageProducts.php b/src/admin/manageProducts.php index 354b686..c79c661 100644 --- a/src/admin/manageProducts.php +++ b/src/admin/manageProducts.php @@ -55,7 +55,7 @@ if ($role !== 'admin') {
  • Gestione ordini
  • Gestione prodotti
  • Gestione utenti
    • -
    +
  • Ritorna al tuo account
    • diff --git a/src/admin/manageUsers.php b/src/admin/manageUsers.php index 5a100a2..153a6d9 100644 --- a/src/admin/manageUsers.php +++ b/src/admin/manageUsers.php @@ -106,7 +106,7 @@ if ($result === false) {
  • Gestione ordini
  • Gestione prodotti
  • Gestione utenti
    • -
    +
  • Ritorna al tuo account
    • diff --git a/src/assets/style.css b/src/assets/style.css index 31af370..72a7100 100644 --- a/src/assets/style.css +++ b/src/assets/style.css @@ -256,6 +256,15 @@ form button:hover { padding: 20px; } +.admin-divider{ + display: block; + height: 1px; + border: 0; + border-top: 1px solid #ddd; + margin: 1em 0; + padding: 0; +} + .admin-stats-grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(180px, 1fr)); From 83adb359f86df6fa0f7407a2cb03755e538c3993 Mon Sep 17 00:00:00 2001 From: Andrea Fiorencis Date: Fri, 10 Apr 2026 13:43:07 +0200 Subject: [PATCH 15/21] Implementazione gestione prodotti in pannello admin --- src/admin/manageProducts.php | 112 ++++++++++++++++++++++++++++++++++- 1 file changed, 110 insertions(+), 2 deletions(-) diff --git a/src/admin/manageProducts.php b/src/admin/manageProducts.php index c79c661..0270496 100644 --- a/src/admin/manageProducts.php +++ b/src/admin/manageProducts.php @@ -22,6 +22,63 @@ if ($role !== 'admin') { http_response_code(403); die("Accesso negato. Solo gli amministratori possono accedere a questa sezione."); } + +// Gestione aggiornamenti +if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['save'])) { + $product_id = $_POST['product_id']; + $name = $_POST['name']; + $description = $_POST['description']; + $category_id = $_POST['category_id']; + $price = $_POST['price']; + $stock = $_POST['stock']; + + // Gestione immagine + $image_path = $_POST['current_image']; + if (isset($_FILES['image']) && $_FILES['image']['error'] == 0) { + $target_dir = "../img/"; + $target_file = $target_dir . basename($_FILES["image"]["name"]); + $imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION)); + // Controlli base + if (in_array($imageFileType, ['jpg', 'png', 'jpeg', 'gif'])) { + if (move_uploaded_file($_FILES["image"]["tmp_name"], $target_file)) { + $image_path = "/img/" . basename($_FILES["image"]["name"]); + } + } + } + + // Update DB + $sql_update = "UPDATE Products SET ProductName = ?, Description = ?, CategoryID = ?, Price = ?, StockQuantity = ?, ImagePath = ? WHERE ProductID = ?"; + $stmt_update = $conn->prepare($sql_update); + $stmt_update->bind_param("ssidisi", $name, $description, $category_id, $price, $stock, $image_path, $product_id); + $stmt_update->execute(); + $stmt_update->close(); + + // Redirect + header("Location: manageProducts.php"); + exit(); +} + +// Ottieni categorie +$categories = []; +$sql_cat = "SELECT CategoryID, Name FROM Categories"; +$stmt_cat = $conn->prepare($sql_cat); +$stmt_cat->execute(); +$result_cat = $stmt_cat->get_result(); +while ($row = $result_cat->fetch_assoc()) { + $categories[] = $row; +} +$stmt_cat->close(); + +// Ottieni prodotti +$products = []; +$sql_prod = "SELECT ProductID, ProductName, Description, Price, StockQuantity, ImagePath, CategoryID FROM Products"; +$stmt_prod = $conn->prepare($sql_prod); +$stmt_prod->execute(); +$result_prod = $stmt_prod->get_result(); +while ($row = $result_prod->fetch_assoc()) { + $products[] = $row; +} +$stmt_prod->close(); ?> @@ -32,6 +89,13 @@ if ($role !== 'admin') { Gestione Prodotti - TechStore +
    @@ -60,8 +124,52 @@ if ($role !== 'admin') {
    -

    Gestione prodotti

    -

    WIP

    +

    Gestione Prodotti

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    IDNomeDescrizioneCategoriaPrezzoStockImmagineAzioni
    + + +
    + + + +
    +     		+ Immagine
    + +
    From 72c8872c39214861d3631c8cd1a8115370ced91c Mon Sep 17 00:00:00 2001 From: Andrea Fiorencis Date: Fri, 10 Apr 2026 13:47:54 +0200 Subject: [PATCH 16/21] fix: percorso immagine in pagina gestione prodotti gestito incorrettamente --- src/admin/manageProducts.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/admin/manageProducts.php b/src/admin/manageProducts.php index 0270496..88a3cd5 100644 --- a/src/admin/manageProducts.php +++ b/src/admin/manageProducts.php @@ -33,15 +33,16 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['save'])) { $stock = $_POST['stock']; // Gestione immagine - $image_path = $_POST['current_image']; + $image_path = basename($_POST['current_image']); if (isset($_FILES['image']) && $_FILES['image']['error'] == 0) { $target_dir = "../img/"; - $target_file = $target_dir . basename($_FILES["image"]["name"]); + $image_name = basename($_FILES["image"]["name"]); + $target_file = $target_dir . $image_name; $imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION)); // Controlli base if (in_array($imageFileType, ['jpg', 'png', 'jpeg', 'gif'])) { if (move_uploaded_file($_FILES["image"]["tmp_name"], $target_file)) { - $image_path = "/img/" . basename($_FILES["image"]["name"]); + $image_path = $image_name; } } } @@ -161,9 +162,10 @@ $stmt_prod->close(); - Immagine
    + + Immagine
    - + From caef4421f16f699a1b7d5faa28c7e83ebeaa6717 Mon Sep 17 00:00:00 2001 From: Andrea Fiorencis Date: Mon, 13 Apr 2026 13:19:41 +0200 Subject: [PATCH 17/21] Aggiunta stylesheet pagina gestione prodotti --- src/admin/manageProducts.php | 39 ++++++++-------- src/assets/style.css | 86 ++++++++++++++++++++++++++++++++++++ 2 files changed, 107 insertions(+), 18 deletions(-) diff --git a/src/admin/manageProducts.php b/src/admin/manageProducts.php index 88a3cd5..75a64e7 100644 --- a/src/admin/manageProducts.php +++ b/src/admin/manageProducts.php @@ -141,32 +141,35 @@ $stmt_prod->close(); - -
    - - - - - + + + + - - -
    - - - + + +
    + + +
    - + - Immagine
    - - - + Immagine
    +
    + + +
    + + diff --git a/src/assets/style.css b/src/assets/style.css index 72a7100..53457d6 100644 --- a/src/assets/style.css +++ b/src/assets/style.css @@ -256,6 +256,92 @@ form button:hover { padding: 20px; } +.product-table { + width: 100%; + border-collapse: collapse; + margin-top: 20px; +} + +.product-table th, +.product-table td { + border: 1px solid #ddd; + padding: 12px; + vertical-align: top; +} + +.product-table th { + background-color: #f8f9fa; + font-weight: 700; + text-align: left; +} + +.product-row:hover { + background-color: #f7f9fb; +} + +.product-name-input, +.product-description-textarea, +.product-category-select, +.product-price-input, +.stock-input, +.product-image-input { + width: 100%; + padding: 10px; + border: 1px solid #ccc; + border-radius: 4px; + box-sizing: border-box; +} + +.product-description-textarea { + min-height: 80px; + resize: vertical; +} + +.stock-control { + display: flex; + align-items: center; + gap: 8px; +} + +.stock-button { + width: 32px; + height: 32px; + border: none; + border-radius: 4px; + background-color: #007bff; + color: #fff; + cursor: pointer; +} + +.stock-button:hover { + background-color: #0056b3; +} + +.product-image-preview { + max-width: 100px; + display: block; + margin-bottom: 8px; +} + +.image-upload { + display: flex; + flex-direction: column; + gap: 8px; +} + +.save-button { + padding: 10px 16px; + background-color: #28a745; + color: #fff; + border: none; + border-radius: 4px; + cursor: pointer; +} + +.save-button:hover { + background-color: #218838; +} + .admin-divider{ display: block; height: 1px; From 364c512bfbd49168502e7dba4f439491ffe23067 Mon Sep 17 00:00:00 2001 From: Andrea Fiorencis Date: Mon, 13 Apr 2026 13:32:22 +0200 Subject: [PATCH 18/21] Implementazione aggiunta prodotto in pagina admin --- src/admin/manageProducts.php | 75 ++++++++++++++++++++++++++++++++++++ src/assets/style.css | 48 +++++++++++++++++++++++ 2 files changed, 123 insertions(+) diff --git a/src/admin/manageProducts.php b/src/admin/manageProducts.php index 75a64e7..b886971 100644 --- a/src/admin/manageProducts.php +++ b/src/admin/manageProducts.php @@ -59,6 +59,37 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['save'])) { exit(); } +// Gestione aggiunta nuovo prodotto +if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['add'])) { + $name = $_POST['name']; + $description = $_POST['description']; + $category_id = $_POST['category_id']; + $price = $_POST['price']; + $stock = $_POST['stock']; + $image_path = ''; + + if (isset($_FILES['image']) && $_FILES['image']['error'] == 0) { + $target_dir = "../img/"; + $image_name = basename($_FILES["image"]["name"]); + $target_file = $target_dir . $image_name; + $imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION)); + if (in_array($imageFileType, ['jpg', 'png', 'jpeg', 'gif'])) { + if (move_uploaded_file($_FILES["image"]["tmp_name"], $target_file)) { + $image_path = $image_name; + } + } + } + + $sql_insert = "INSERT INTO Products (ProductName, Description, CategoryID, Price, StockQuantity, ImagePath) VALUES (?, ?, ?, ?, ?, ?)"; + $stmt_insert = $conn->prepare($sql_insert); + $stmt_insert->bind_param("ssidis", $name, $description, $category_id, $price, $stock, $image_path); + $stmt_insert->execute(); + $stmt_insert->close(); + + header("Location: manageProducts.php"); + exit(); +} + // Ottieni categorie $categories = []; $sql_cat = "SELECT CategoryID, Name FROM Categories"; @@ -91,11 +122,20 @@ $stmt_prod->close(); @@ -126,6 +166,41 @@ $stmt_prod->close();

    Gestione Prodotti

    + + diff --git a/src/assets/style.css b/src/assets/style.css index 53457d6..823f33c 100644 --- a/src/assets/style.css +++ b/src/assets/style.css @@ -279,6 +279,54 @@ form button:hover { background-color: #f7f9fb; } +.add-product-panel { + margin-bottom: 24px; + padding: 18px; + border: 1px solid #ddd; + border-radius: 8px; + background-color: #fdfdfd; +} + +.add-product-panel h2 { + margin-top: 0; + margin-bottom: 16px; + color: #333; + font-size: 1.25rem; +} + +.add-product-form { + display: grid; + gap: 16px; +} + +.add-product-form .form-row { + display: grid; + gap: 8px; +} + +.add-product-form label { + font-weight: 600; + color: #444; +} + +.toggle-button { + padding: 10px 16px; + background-color: #17a2b8; + color: #fff; + border: none; + border-radius: 4px; + cursor: pointer; + margin-bottom: 16px; +} + +.toggle-button:hover { + background-color: #117a8b; +} + +.add-product-panel.collapsed { + display: none; +} + .product-name-input, .product-description-textarea, .product-category-select, From 63f6c21e021582db6ffab03b7ad6db24c651fb07 Mon Sep 17 00:00:00 2001 From: Andrea Fiorencis Date: Mon, 13 Apr 2026 13:40:44 +0200 Subject: [PATCH 19/21] Aggiunta controllo StockQuantity (prevenire ordini con prodotti esauriti) --- src/index.php | 6 +++++- src/product.php | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/index.php b/src/index.php index c44cc25..bac08ca 100644 --- a/src/index.php +++ b/src/index.php @@ -41,7 +41,11 @@ if ($result === false) {
    Immagine prodotto

    " . htmlspecialchars($row['ProductName']) . ""; ?>

    - + 0): ?> + + + + diff --git a/src/product.php b/src/product.php index b8dd98b..ae1075a 100644 --- a/src/product.php +++ b/src/product.php @@ -54,7 +54,11 @@ if ($stmt = $conn->prepare($sql)) {

    Descrizione:

    Prezzo:

    Quantità disponibile:

    - + 0): ?> + + + + From b252e86ceda009a2ae9c2a8445bb9e9d20fbea99 Mon Sep 17 00:00:00 2001 From: Andrea Fiorencis Date: Wed, 15 Apr 2026 10:29:31 +0200 Subject: [PATCH 20/21] Aggiunto controllo stock in checkout per prevenire stock negativi --- src/checkout.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/checkout.php b/src/checkout.php index 6794db7..c49cc38 100644 --- a/src/checkout.php +++ b/src/checkout.php @@ -52,6 +52,22 @@ try { $quantity = $item['quantity']; $price = $item['price']; + // Controlla lo stock disponibile + $sql_check_stock = "SELECT StockQuantity, ProductName FROM Products WHERE ProductID = ?"; + $stmt_check = $conn->prepare($sql_check_stock); + if (!$stmt_check) { + throw new Exception("Errore nella preparazione della query di controllo stock: " . $conn->error); + } + $stmt_check->bind_param("i", $product_id); + $stmt_check->execute(); + $result_check = $stmt_check->get_result(); + $product = $result_check->fetch_assoc(); + $stmt_check->close(); + + if (!$product || $product['StockQuantity'] < $quantity) { + throw new Exception("Quantità insufficiente per il prodotto '" . $product['ProductName'] . "'. Disponibile: " . ($product ? $product['StockQuantity'] : 0)); + } + // Aggiungi item all'ordine $sql_item = "INSERT INTO OrderItems (OrderID, ProductID, Quantity, Price) VALUES (?, ?, ?, ?)"; $stmt_item = $conn->prepare($sql_item); From 0ee113601e94880133dbdabf241d4a0b629ce5d9 Mon Sep 17 00:00:00 2001 From: Andrea Fiorencis Date: Wed, 15 Apr 2026 10:44:19 +0200 Subject: [PATCH 21/21] Aggiunto constraint UNIQUE mail utente su database --- assets/db/base_db.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assets/db/base_db.sql b/assets/db/base_db.sql index 850a06f..ad24de1 100644 --- a/assets/db/base_db.sql +++ b/assets/db/base_db.sql @@ -7,7 +7,7 @@ CREATE TABLE Users( UserID INTEGER PRIMARY KEY AUTO_INCREMENT, Name VARCHAR(32), Surname VARCHAR(32), - Email VARCHAR(256), + Email VARCHAR(256) UNIQUE, Password VARCHAR(255), Role VARCHAR(8) DEFAULT 'user' );