EduProjects/techstore
1
0
Fork 0
mirror of https://codeberg.org/ThisIsMiseryy/techstore synced 2026-05-14 12:42:04 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

Merge branch 'main' into dotenv

Browse Source
This commit is contained in:
Andrea Fiorencis
2026-04-15 11:24:58 +02:00
parent 08983ba213 0ee113601e
commit df31b46864
14 changed files with 1217 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+7
View File
@@ -0,0 +1,7 @@
FROM php:8.1-apache
# Installa l'estensione mysqli per PHP
RUN docker-php-ext-install mysqli
# Copia il contenuto della cartella src/ nella directory di lavoro di Apache
COPY src/ /var/www/html/
assets/db/base_db.sql
+1 -1
View File
@@ -7,7 +7,7 @@ CREATE TABLE Users(
UserID INTEGER PRIMARY KEY AUTO_INCREMENT,
Name VARCHAR(32),
Surname VARCHAR(32),
Email VARCHAR(256),
Email VARCHAR(256) UNIQUE,
Password VARCHAR(255),
Role VARCHAR(8) DEFAULT 'user'
);
src/account.php
+5 -1
View File
@@ -40,13 +40,17 @@ if ($result === false) {
<ul>
<li><a href="account.php">Il mio account</a></li>
<li><a href="orders.php">I miei ordini</a></li>
<?php if ($_SESSION['role'] == 'admin'): ?>
<li><a href="admin">Pannello admin</a></li>
<?php endif; ?>
</ul>
</div>
<div class="my-container">
<h1>Account di <?php echo htmlspecialchars($_SESSION['name']); ?><?php if ($_SESSION['role'] == 'admin') { echo ' (Admin)'; } ?></h1>
<p><strong>Nome completo:</strong> <?php echo htmlspecialchars($_SESSION['name']) . ' ' . htmlspecialchars($_SESSION['surname']); ?></p>
<br>
<a href="deleteAccount.php" style="padding: 8px 16px; background-color: #dc3545; color: white; border: none; border-radius: 4px; cursor: pointer;">Elimina account</a>
<a href="account/passwordChange.php" style="padding: 8px 16px; background-color: #17a2b8; color: white; border: none; border-radius: 4px; text-decoration: none; cursor: pointer;">Modifica password</a>
<a href="account/delete.php" style="padding: 8px 16px; background-color: #dc3545; color: white; border: none; border-radius: 4px; text-decoration: none; cursor: pointer;">Elimina account</a>
<br><br>
</div>
</div>
src/account/delete.php
+92
View File
@@ -0,0 +1,92 @@
<!DOCTYPE html>
<html lang="it">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Elimina Account - TechStore</title>
<link rel="stylesheet" href="../assets/style.css">
</head>
<body>
<?php
session_start();
include '../db_conf.php';
if (!isset($_SESSION['id'])) {
header('Location: ../login.php');
exit();
}
$message = '';
$error = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$current_password = $_POST['current_password'] ?? '';
if (empty($current_password)) {
$error = 'Inserisci la password per confermare.';
} else {
$sql = "SELECT Password FROM Users WHERE UserID = ?";
if ($stmt = $conn->prepare($sql)) {
$stmt->bind_param("i", $_SESSION['id']);
$stmt->execute();
$stmt->bind_result($hashed_password);
$stmt->fetch();
$stmt->close();
if (!password_verify($current_password, $hashed_password)) {
$error = 'La password non è corretta.';
} else {
// Elimina gli ordini associati all'utente
$sql_delete_order_items = "DELETE oi FROM OrderItems oi JOIN Orders o ON oi.OrderID = o.OrderID WHERE o.UserID = ?";
$stmt_delete_order_items = $conn->prepare($sql_delete_order_items);
$stmt_delete_order_items->bind_param("i", $_SESSION['id']);
$stmt_delete_order_items->execute();
$stmt_delete_order_items->close();
$sql_delete_orders = "DELETE FROM Orders WHERE UserID = ?";
$stmt_delete_orders = $conn->prepare($sql_delete_orders);
$stmt_delete_orders->bind_param("i", $_SESSION['id']);
$stmt_delete_orders->execute();
$stmt_delete_orders->close();
$sql_delete_user = "DELETE FROM Users WHERE UserID = ?";
$stmt_delete_user = $conn->prepare($sql_delete_user);
$stmt_delete_user->bind_param("i", $_SESSION['id']);
$stmt_delete_user->execute();
$stmt_delete_user->close();
session_unset();
session_destroy();
$message = 'Il tuo account è stato eliminato insieme a tutti i tuoi ordini.';
}
} else {
$error = 'Errore nel database.';
}
}
}
?>
<form action="" method="POST">
<h2>Elimina Account</h2>
<p style="margin-bottom: 20px; color: #333;">Questa operazione cancellerà il tuo account e tutti gli ordini associati. Inserisci la tua password per confermare.</p>
<?php if ($message): ?>
<p style="color: #155724; background-color: #d4edda; border: 1px solid #c3e6cb; padding: 10px; border-radius: 4px; text-align: center;">
<?php echo htmlspecialchars($message); ?>
</p>
<?php endif; ?>
<?php if ($error): ?>
<p style="color: #721c24; background-color: #f8d7da; border: 1px solid #f5c6cb; padding: 10px; border-radius: 4px; text-align: center;">
<?php echo htmlspecialchars($error); ?>
</p>
<?php endif; ?>
<label for="current_password">Password corrente:</label>
<input type="password" id="current_password" name="current_password" required><br>
<button type="submit" style="background-color: #dc3545;">Elimina account</button>
<p style="text-align: center;"><a href="../account.php">Annulla e torna al mio account</a></p>
</form>
</body>
</html>
src/account/passwordChange.php
+90
View File
@@ -0,0 +1,90 @@
<!DOCTYPE html>
<html lang="it">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Cambio Password - TechStore</title>
<link rel="stylesheet" href="../assets/style.css">
</head>
<body>
<?php
session_start();
include '../db_conf.php';
if (!isset($_SESSION['id'])) {
header('Location: ../login.php');
exit();
}
$message = '';
$error = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$current_password = $_POST['current_password'] ?? '';
$new_password = $_POST['new_password'] ?? '';
$confirm_password = $_POST['confirm_password'] ?? '';
if (empty($current_password) || empty($new_password) || empty($confirm_password)) {
$error = 'Compila tutti i campi.';
} elseif ($new_password !== $confirm_password) {
$error = 'La nuova password e la conferma non coincidono.';
} elseif (strlen($new_password) < 8) {
$error = 'La nuova password deve avere almeno 8 caratteri.';
} else {
$sql = "SELECT Password FROM Users WHERE UserID = ?";
if ($stmt = $conn->prepare($sql)) {
$stmt->bind_param("i", $_SESSION['id']);
$stmt->execute();
$stmt->bind_result($hashed_password);
$stmt->fetch();
$stmt->close();
if (!password_verify($current_password, $hashed_password)) {
$error = 'La password corrente non è corretta.';
} else {
$new_hashed = password_hash($new_password, PASSWORD_DEFAULT);
$sql_update = "UPDATE Users SET Password = ? WHERE UserID = ?";
if ($stmt_update = $conn->prepare($sql_update)) {
$stmt_update->bind_param("si", $new_hashed, $_SESSION['id']);
$stmt_update->execute();
$stmt_update->close();
$message = 'Password aggiornata con successo.';
} else {
$error = 'Errore durante l\'aggiornamento della password.';
}
}
} else {
$error = 'Errore nel database.';
}
}
}
?>
<form action="" method="POST">
<h2>Cambio Password</h2>
<?php if ($message): ?>
<p style="color: #155724; background-color: #d4edda; border: 1px solid #c3e6cb; padding: 10px; border-radius: 4px; text-align: center;">
<?php echo htmlspecialchars($message); ?>
</p>
<?php endif; ?>
<?php if ($error): ?>
<p style="color: #721c24; background-color: #f8d7da; border: 1px solid #f5c6cb; padding: 10px; border-radius: 4px; text-align: center;">
<?php echo htmlspecialchars($error); ?>
</p>
<?php endif; ?>
<label for="current_password">Password corrente:</label>
<input type="password" id="current_password" name="current_password" required><br>
<label for="new_password">Nuova password:</label>
<input type="password" id="new_password" name="new_password" required><br>
<label for="confirm_password">Conferma nuova password:</label>
<input type="password" id="confirm_password" name="confirm_password" required><br>
<button type="submit">Aggiorna password</button>
<p style="text-align: center;"><a href="../account.php">Torna al mio account</a></p>
</form>
</body>
</html>
src/admin/index.php
+112
View File
@@ -0,0 +1,112 @@
<?php
session_start();
include '../db_conf.php';
// Controlla se l'utente è loggato
if (!isset($_SESSION['id'])) {
header('Location: ../login.php');
exit();
}
// Controlla se l'utente ha ruolo admin
$user_id = $_SESSION['id'];
$sql_role = "SELECT Role FROM Users WHERE UserID = ?";
$stmt_role = $conn->prepare($sql_role);
$stmt_role->bind_param("i", $user_id);
$stmt_role->execute();
$stmt_role->bind_result($role);
$stmt_role->fetch();
$stmt_role->close();
if ($role !== 'admin') {
http_response_code(403);
die("Accesso negato. Solo gli amministratori possono accedere a questa sezione.");
}
// Lettura dei contatori per la dashboard
$totalOrders = 0;
$pendingOrders = 0;
$totalProducts = 0;
$sql_total_orders = "SELECT COUNT(*) FROM Orders";
$result_total_orders = $conn->query($sql_total_orders);
if ($result_total_orders) {
$totalOrders = $result_total_orders->fetch_row()[0];
$result_total_orders->close();
}
$sql_pending_orders = "SELECT COUNT(*) FROM Orders WHERE Status = 'pending'";
$result_pending_orders = $conn->query($sql_pending_orders);
if ($result_pending_orders) {
$pendingOrders = $result_pending_orders->fetch_row()[0];
$result_pending_orders->close();
}
$sql_total_products = "SELECT COUNT(*) FROM Products";
$result_total_products = $conn->query($sql_total_products);
if ($result_total_products) {
$totalProducts = $result_total_products->fetch_row()[0];
$result_total_products->close();
}
?>
<!DOCTYPE html>
<html lang="it">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Dashboard amministratore - TechStore</title>
<link rel="stylesheet" href="/assets/style.css">
<script src="/assets/js/cart.js"></script>
</head>
<body>
<header style="display: flex; justify-content: space-between; align-items: center; padding: 10px; background-color: #f2f2f2; border-bottom: 1px solid #ddd;">
<div id="logo" style="font-size: 24px; font-weight: bold;"><a href="/index.php"><img src="/img/logo.png" alt="Logo TechStore" height="32px"></a></div>
<div>
<a href="/cart.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #007bff; color: white; border: none; border-radius: 4px; cursor: pointer;">Carrello</button></a>
<?php if (isset($_SESSION['name'])): ?>
<a href="/logout.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #dc3545; color: white; border: none; border-radius: 4px; cursor: pointer;">Logout</button></a>
<span style="margin-left: 10px;">Benvenuto, <?php echo htmlspecialchars($_SESSION['name']); ?></span>
<?php else: ?>
<a href="/login.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #28a745; color: white; border: none; border-radius: 4px; cursor: pointer;">Accesso</button></a>
<?php endif; ?>
</div>
</header>
<?php if (isset($_SESSION['name'])): ?>
<div class="account-layout">
<div class="my-sidebar">
<ul>
<li><a href="/admin">Dashboard</a></li>
<li><a href="/admin/manageOrders.php">Gestione ordini</a></li>
<li><a href="/admin/manageProducts.php">Gestione prodotti</a></li>
<li><a href="/admin/manageUsers.php">Gestione utenti</a></li>
<hr class="admin-divider">
<li><a href="../account.php">Ritorna al tuo account</a></li>
</ul>
</div>
<div class="my-container">
<h1>Dashboard</h1>
<div class="admin-stats-grid">
<div class="admin-stat-card">
<h2><?php echo htmlspecialchars($totalOrders); ?></h2>
<p>Ordini totali</p>
</div>
<div class="admin-stat-card admin-stat-pending">
<h2><?php echo htmlspecialchars($pendingOrders); ?></h2>
<p>Ordini in corso</p>
</div>
<div class="admin-stat-card admin-stat-products">
<h2><?php echo htmlspecialchars($totalProducts); ?></h2>
<p>Prodotti totali</p>
</div>
</div>
</div>
</div>
<?php else: ?>
<?php header('Location: login.php'); ?>
<?php endif; ?>
<?php $conn->close(); ?>
</body>
</html>
src/admin/manageOrders.php
+167
View File
@@ -0,0 +1,167 @@
<?php
session_start();
include '../db_conf.php';
// Controlla se l'utente è loggato
if (!isset($_SESSION['id'])) {
header('Location: ../login.php');
exit();
}
// Controlla se l'utente ha ruolo admin
$user_id = $_SESSION['id'];
$sql_role = "SELECT Role FROM Users WHERE UserID = ?";
$stmt_role = $conn->prepare($sql_role);
$stmt_role->bind_param("i", $user_id);
$stmt_role->execute();
$stmt_role->bind_result($role);
$stmt_role->fetch();
$stmt_role->close();
if ($role !== 'admin') {
http_response_code(403);
die("Accesso negato. Solo gli amministratori possono accedere a questa sezione.");
}
// Gestisci azioni (cambio stato, eliminazione)
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$action = $_POST['action'] ?? '';
$order_id = $_POST['order_id'] ?? 0;
if ($action === 'update_status') {
$new_status = $_POST['status'] ?? '';
if (in_array($new_status, ['pending', 'completed', 'cancelled'])) {
$sql_update = "UPDATE Orders SET Status = ? WHERE OrderID = ?";
$stmt_update = $conn->prepare($sql_update);
$stmt_update->bind_param("si", $new_status, $order_id);
$stmt_update->execute();
$stmt_update->close();
}
} elseif ($action === 'delete_order') {
// Elimina gli items dell'ordine prima di eliminare l'ordine
$sql_delete_items = "DELETE FROM OrderItems WHERE OrderID = ?";
$stmt_delete_items = $conn->prepare($sql_delete_items);
$stmt_delete_items->bind_param("i", $order_id);
$stmt_delete_items->execute();
$stmt_delete_items->close();
// Elimina l'ordine
$sql_delete = "DELETE FROM Orders WHERE OrderID = ?";
$stmt_delete = $conn->prepare($sql_delete);
$stmt_delete->bind_param("i", $order_id);
$stmt_delete->execute();
$stmt_delete->close();
}
}
// Query per ottenere tutti gli ordini con dettagli utente
$sql = "SELECT o.OrderID, o.UserID, u.Name, u.Surname, u.Email, o.OrderDate, o.Total, o.Status,
GROUP_CONCAT(p.ProductName SEPARATOR ', ') AS Products
FROM Orders o
LEFT JOIN Users u ON o.UserID = u.UserID
LEFT JOIN OrderItems oi ON o.OrderID = oi.OrderID
LEFT JOIN Products p ON oi.ProductID = p.ProductID
GROUP BY o.OrderID
ORDER BY o.OrderDate DESC";
$result = $conn->query($sql);
if ($result === false) {
die("Errore nella query: " . $conn->error);
}
?>
<!DOCTYPE html>
<html lang="it">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Gestione Ordini - TechStore</title>
<link rel="stylesheet" href="/assets/style.css">
<script src="/assets/js/cart.js"></script>
</head>
<body>
<header style="display: flex; justify-content: space-between; align-items: center; padding: 10px; background-color: #f2f2f2; border-bottom: 1px solid #ddd;">
<div id="logo" style="font-size: 24px; font-weight: bold;"><a href="/index.php"><img src="/img/logo.png" alt="Logo TechStore" height="32px"></a></div>
<div>
<a href="/cart.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #007bff; color: white; border: none; border-radius: 4px; cursor: pointer;">Carrello</button></a>
<?php if (isset($_SESSION['name'])): ?>
<a href="/logout.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #dc3545; color: white; border: none; border-radius: 4px; cursor: pointer;">Logout</button></a>
<span style="margin-left: 10px;">Benvenuto, <?php echo htmlspecialchars($_SESSION['name']); ?></span>
<?php else: ?>
<a href="/login.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #28a745; color: white; border: none; border-radius: 4px; cursor: pointer;">Accesso</button></a>
<?php endif; ?>
</div>
</header>
<?php if (isset($_SESSION['name'])): ?>
<div class="account-layout">
<div class="my-sidebar">
<ul>
<li><a href="/admin">Dashboard</a></li>
<li><a href="/admin/manageOrders.php">Gestione ordini</a></li>
<li><a href="/admin/manageProducts.php">Gestione prodotti</a></li>
<li><a href="/admin/manageUsers.php">Gestione utenti</a></li>
<hr class="admin-divider">
<li><a href="../account.php">Ritorna al tuo account</a></li>
</ul>
</div>
<div class="my-container">
<h1>Gestione Ordini</h1>
<?php if ($result && $result->num_rows > 0): ?>
<table class="admin-table">
<thead>
<tr>
<th>ID Ordine</th>
<th>Cliente</th>
<th>Email</th>
<th>Prodotti</th>
<th>Data</th>
<th>Totale</th>
<th>Stato</th>
<th>Azioni</th>
</tr>
</thead>
<tbody>
<?php while ($order = $result->fetch_assoc()): ?>
<tr>
<td>#<?php echo htmlspecialchars($order['OrderID']); ?></td>
<td><?php echo htmlspecialchars($order['Name'] . ' ' . $order['Surname']); ?></td>
<td><?php echo htmlspecialchars($order['Email']); ?></td>
<td><?php echo htmlspecialchars($order['Products'] ?? 'N/A'); ?></td>
<td><?php echo date('d/m/Y H:i', strtotime($order['OrderDate'])); ?></td>
<td>€<?php echo number_format($order['Total'], 2, ',', '.'); ?></td>
<td>
<form method="POST" style="display: inline;">
<input type="hidden" name="action" value="update_status">
<input type="hidden" name="order_id" value="<?php echo $order['OrderID']; ?>">
<select name="status" onchange="this.form.submit()" class="status-select status-<?php echo htmlspecialchars($order['Status']); ?>">
<option value="pending" <?php echo $order['Status'] === 'pending' ? 'selected' : ''; ?>>In sospeso</option>
<option value="completed" <?php echo $order['Status'] === 'completed' ? 'selected' : ''; ?>>Completato</option>
<option value="cancelled" <?php echo $order['Status'] === 'cancelled' ? 'selected' : ''; ?>>Cancellato</option>
</select>
</form>
</td>
<td>
<form method="POST" style="display: inline;" onsubmit="return confirm('Sei sicuro di voler eliminare questo ordine?');">
<input type="hidden" name="action" value="delete_order">
<input type="hidden" name="order_id" value="<?php echo $order['OrderID']; ?>">
<button type="submit" class="btn-delete">Elimina</button>
</form>
</td>
</tr>
<?php endwhile; ?>
</tbody>
</table>
<?php else: ?>
<p>Nessun ordine trovato.</p>
<?php endif; ?>
</div>
</div>
<?php else: ?>
<?php header('Location: login.php'); ?>
<?php endif; ?>
<?php $conn->close(); ?>
</body>
</html>
src/admin/manageProducts.php
+261
View File
@@ -0,0 +1,261 @@
<?php
session_start();
include '../db_conf.php';
// Controlla se l'utente è loggato
if (!isset($_SESSION['id'])) {
header('Location: ../login.php');
exit();
}
// Controlla se l'utente ha ruolo admin
$user_id = $_SESSION['id'];
$sql_role = "SELECT Role FROM Users WHERE UserID = ?";
$stmt_role = $conn->prepare($sql_role);
$stmt_role->bind_param("i", $user_id);
$stmt_role->execute();
$stmt_role->bind_result($role);
$stmt_role->fetch();
$stmt_role->close();
if ($role !== 'admin') {
http_response_code(403);
die("Accesso negato. Solo gli amministratori possono accedere a questa sezione.");
}
// Gestione aggiornamenti
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['save'])) {
$product_id = $_POST['product_id'];
$name = $_POST['name'];
$description = $_POST['description'];
$category_id = $_POST['category_id'];
$price = $_POST['price'];
$stock = $_POST['stock'];
// Gestione immagine
$image_path = basename($_POST['current_image']);
if (isset($_FILES['image']) && $_FILES['image']['error'] == 0) {
$target_dir = "../img/";
$image_name = basename($_FILES["image"]["name"]);
$target_file = $target_dir . $image_name;
$imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION));
// Controlli base
if (in_array($imageFileType, ['jpg', 'png', 'jpeg', 'gif'])) {
if (move_uploaded_file($_FILES["image"]["tmp_name"], $target_file)) {
$image_path = $image_name;
}
}
}
// Update DB
$sql_update = "UPDATE Products SET ProductName = ?, Description = ?, CategoryID = ?, Price = ?, StockQuantity = ?, ImagePath = ? WHERE ProductID = ?";
$stmt_update = $conn->prepare($sql_update);
$stmt_update->bind_param("ssidisi", $name, $description, $category_id, $price, $stock, $image_path, $product_id);
$stmt_update->execute();
$stmt_update->close();
// Redirect
header("Location: manageProducts.php");
exit();
}
// Gestione aggiunta nuovo prodotto
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['add'])) {
$name = $_POST['name'];
$description = $_POST['description'];
$category_id = $_POST['category_id'];
$price = $_POST['price'];
$stock = $_POST['stock'];
$image_path = '';
if (isset($_FILES['image']) && $_FILES['image']['error'] == 0) {
$target_dir = "../img/";
$image_name = basename($_FILES["image"]["name"]);
$target_file = $target_dir . $image_name;
$imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION));
if (in_array($imageFileType, ['jpg', 'png', 'jpeg', 'gif'])) {
if (move_uploaded_file($_FILES["image"]["tmp_name"], $target_file)) {
$image_path = $image_name;
}
}
}
$sql_insert = "INSERT INTO Products (ProductName, Description, CategoryID, Price, StockQuantity, ImagePath) VALUES (?, ?, ?, ?, ?, ?)";
$stmt_insert = $conn->prepare($sql_insert);
$stmt_insert->bind_param("ssidis", $name, $description, $category_id, $price, $stock, $image_path);
$stmt_insert->execute();
$stmt_insert->close();
header("Location: manageProducts.php");
exit();
}
// Ottieni categorie
$categories = [];
$sql_cat = "SELECT CategoryID, Name FROM Categories";
$stmt_cat = $conn->prepare($sql_cat);
$stmt_cat->execute();
$result_cat = $stmt_cat->get_result();
while ($row = $result_cat->fetch_assoc()) {
$categories[] = $row;
}
$stmt_cat->close();
// Ottieni prodotti
$products = [];
$sql_prod = "SELECT ProductID, ProductName, Description, Price, StockQuantity, ImagePath, CategoryID FROM Products";
$stmt_prod = $conn->prepare($sql_prod);
$stmt_prod->execute();
$result_prod = $stmt_prod->get_result();
while ($row = $result_prod->fetch_assoc()) {
$products[] = $row;
}
$stmt_prod->close();
?>
<!DOCTYPE html>
<html lang="it">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Gestione Prodotti - TechStore</title>
<link rel="stylesheet" href="/assets/style.css">
<script src="/assets/js/cart.js"></script>
<script>
function adjustStock(input, delta) {
var value = parseInt(input.value) + delta;
if (value < 0) value = 0;
input.value = value;
}
function toggleAddProductPanel() {
var panel = document.getElementById('add-product-panel');
var button = document.getElementById('toggle-add-product');
if (!panel || !button) return;
var collapsed = panel.classList.toggle('collapsed');
button.textContent = collapsed ? 'Nuovo prodotto' : 'Chiudi aggiunta prodotto';
}
</script>
</head>
<body>
<header style="display: flex; justify-content: space-between; align-items: center; padding: 10px; background-color: #f2f2f2; border-bottom: 1px solid #ddd;">
<div id="logo" style="font-size: 24px; font-weight: bold;"><a href="/index.php"><img src="/img/logo.png" alt="Logo TechStore" height="32px"></a></div>
<div>
<a href="/cart.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #007bff; color: white; border: none; border-radius: 4px; cursor: pointer;">Carrello</button></a>
<?php if (isset($_SESSION['name'])): ?>
<a href="/logout.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #dc3545; color: white; border: none; border-radius: 4px; cursor: pointer;">Logout</button></a>
<span style="margin-left: 10px;">Benvenuto, <?php echo htmlspecialchars($_SESSION['name']); ?></span>
<?php else: ?>
<a href="/login.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #28a745; color: white; border: none; border-radius: 4px; cursor: pointer;">Accesso</button></a>
<?php endif; ?>
</div>
</header>
<?php if (isset($_SESSION['name'])): ?>
<div class="account-layout">
<div class="my-sidebar">
<ul>
<li><a href="/admin">Dashboard</a></li>
<li><a href="/admin/manageOrders.php">Gestione ordini</a></li>
<li><a href="/admin/manageProducts.php">Gestione prodotti</a></li>
<li><a href="/admin/manageUsers.php">Gestione utenti</a></li>
<hr class="admin-divider">
<li><a href="../account.php">Ritorna al tuo account</a></li>
</ul>
</div>
<div class="my-container">
<h1>Gestione Prodotti</h1>
<button id="toggle-add-product" class="toggle-button" type="button" onclick="toggleAddProductPanel()">Nuovo prodotto</button>
<section id="add-product-panel" class="add-product-panel collapsed">
<h2>Aggiungi nuovo prodotto</h2>
<form class="add-product-form" action="" method="post" enctype="multipart/form-data">
<div class="form-row">
<label for="new-name">Nome</label>
<input id="new-name" class="product-name-input" type="text" name="name" required>
</div>
<div class="form-row">
<label for="new-description">Descrizione</label>
<textarea id="new-description" class="product-description-textarea" name="description" required></textarea>
</div>
<div class="form-row">
<label for="new-category">Categoria</label>
<select id="new-category" class="product-category-select" name="category_id" required>
<?php foreach ($categories as $cat): ?>
<option value="<?php echo $cat['CategoryID']; ?>"><?php echo htmlspecialchars($cat['Name']); ?></option>
<?php endforeach; ?>
</select>
</div>
<div class="form-row">
<label for="new-price">Prezzo</label>
<input id="new-price" class="product-price-input" type="number" name="price" step="0.01" required>
</div>
<div class="form-row">
<label for="new-stock">Stock</label>
<input id="new-stock" class="stock-input" type="number" name="stock" min="0" value="0" required>
</div>
<div class="form-row">
<label for="new-image">Immagine</label>
<input id="new-image" class="product-image-input" type="file" name="image" accept="image/*">
</div>
<button class="save-button" type="submit" name="add">Aggiungi prodotto</button>
</form>
</section>
<table class="product-table">
<thead>
<tr>
<th>ID</th>
<th>Nome</th>
<th>Descrizione</th>
<th>Categoria</th>
<th>Prezzo</th>
<th>Stock</th>
<th>Immagine</th>
<th>Azioni</th>
</tr>
</thead>
<tbody>
<?php foreach ($products as $product): ?>
<tr class="product-row">
<form class="product-form" action="" method="post" enctype="multipart/form-data">
<td class="product-id-cell"><?php echo $product['ProductID']; ?><input type="hidden" name="product_id" value="<?php echo $product['ProductID']; ?>"></td>
<td class="product-name-cell"><input class="product-name-input" type="text" name="name" value="<?php echo htmlspecialchars($product['ProductName']); ?>" required></td>
<td class="product-description-cell"><textarea class="product-description-textarea" name="description" required><?php echo htmlspecialchars($product['Description']); ?></textarea></td>
<td class="product-category-cell">
<select class="product-category-select" name="category_id" required>
<?php foreach ($categories as $cat): ?>
<option value="<?php echo $cat['CategoryID']; ?>" <?php if ($cat['CategoryID'] == $product['CategoryID']) echo 'selected'; ?>><?php echo htmlspecialchars($cat['Name']); ?></option>
<?php endforeach; ?>
</select>
</td>
<td class="product-price-cell"><input class="product-price-input" type="number" name="price" step="0.01" value="<?php echo $product['Price']; ?>" required></td>
<td class="product-stock-cell">
<div class="stock-control">
<button type="button" class="stock-button" onclick="adjustStock(this.nextElementSibling, -1)">-</button>
<input class="stock-input" type="number" name="stock" min="0" value="<?php echo $product['StockQuantity']; ?>" required>
<button type="button" class="stock-button" onclick="adjustStock(this.previousElementSibling, 1)">+</button>
</div>
</td>
<td class="product-image-cell">
<?php $image_display = '/img/' . ltrim($product['ImagePath'], '/'); ?>
<img class="product-image-preview" src="<?php echo htmlspecialchars($image_display); ?>" alt="Immagine"><br>
<div class="image-upload">
<input class="product-image-input" type="file" name="image" accept="image/*">
<input type="hidden" name="current_image" value="<?php echo htmlspecialchars(basename($product['ImagePath'])); ?>">
</div>
</td>
<td class="product-action-cell"><button class="save-button" type="submit" name="save">Salva</button></td>
</form>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
<?php else: ?>
<?php header('Location: login.php'); ?>
<?php endif; ?>
<?php $conn->close(); ?>
</body>
</html>
src/admin/manageUsers.php
+173
View File
@@ -0,0 +1,173 @@
<?php
session_start();
include '../db_conf.php';
// Controlla se l'utente è loggato
if (!isset($_SESSION['id'])) {
header('Location: ../login.php');
exit();
}
// Controlla se l'utente ha ruolo admin
$user_id = $_SESSION['id'];
$sql_role = "SELECT Role FROM Users WHERE UserID = ?";
$stmt_role = $conn->prepare($sql_role);
$stmt_role->bind_param("i", $user_id);
$stmt_role->execute();
$stmt_role->bind_result($role);
$stmt_role->fetch();
$stmt_role->close();
if ($role !== 'admin') {
http_response_code(403);
die("Accesso negato. Solo gli amministratori possono accedere a questa sezione.");
}
// Gestisci azioni (reset password, cambio ruolo, eliminazione)
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$action = $_POST['action'] ?? '';
$user_id = $_POST['user_id'] ?? 0;
if ($action === 'reset_password') {
// Genera una password temporanea
$temp_password = bin2hex(random_bytes(4));
$hashed_password = password_hash($temp_password, PASSWORD_DEFAULT);
$sql_reset = "UPDATE Users SET Password = ? WHERE UserID = ?";
$stmt_reset = $conn->prepare($sql_reset);
$stmt_reset->bind_param("si", $hashed_password, $user_id);
$stmt_reset->execute();
$stmt_reset->close();
$reset_message = "Password temporanea generata: " . htmlspecialchars($temp_password);
} elseif ($action === 'update_role') {
$new_role = $_POST['role'] ?? '';
if (in_array($new_role, ['user', 'admin'])) {
$sql_update = "UPDATE Users SET Role = ? WHERE UserID = ?";
$stmt_update = $conn->prepare($sql_update);
$stmt_update->bind_param("si", $new_role, $user_id);
$stmt_update->execute();
$stmt_update->close();
}
} elseif ($action === 'delete_user') {
// Elimina gli ordini dell'utente prima di eliminare l'utente
$sql_delete_orders = "DELETE FROM Orders WHERE UserID = ?";
$stmt_delete_orders = $conn->prepare($sql_delete_orders);
$stmt_delete_orders->bind_param("i", $user_id);
$stmt_delete_orders->execute();
$stmt_delete_orders->close();
// Elimina l'utente
$sql_delete = "DELETE FROM Users WHERE UserID = ?";
$stmt_delete = $conn->prepare($sql_delete);
$stmt_delete->bind_param("i", $user_id);
$stmt_delete->execute();
$stmt_delete->close();
}
}
// Query per ottenere tutti gli utenti
$sql = "SELECT UserID, Name, Surname, Email, Role FROM Users ORDER BY UserID DESC";
$result = $conn->query($sql);
if ($result === false) {
die("Errore nella query: " . $conn->error);
}
?>
<!DOCTYPE html>
<html lang="it">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Gestione Utenti - TechStore</title>
<link rel="stylesheet" href="/assets/style.css">
<script src="/assets/js/cart.js"></script>
</head>
<body>
<header style="display: flex; justify-content: space-between; align-items: center; padding: 10px; background-color: #f2f2f2; border-bottom: 1px solid #ddd;">
<div id="logo" style="font-size: 24px; font-weight: bold;"><a href="/index.php"><img src="/img/logo.png" alt="Logo TechStore" height="32px"></a></div>
<div>
<a href="/cart.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #007bff; color: white; border: none; border-radius: 4px; cursor: pointer;">Carrello</button></a>
<?php if (isset($_SESSION['name'])): ?>
<a href="/logout.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #dc3545; color: white; border: none; border-radius: 4px; cursor: pointer;">Logout</button></a>
<span style="margin-left: 10px;">Benvenuto, <?php echo htmlspecialchars($_SESSION['name']); ?></span>
<?php else: ?>
<a href="/login.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #28a745; color: white; border: none; border-radius: 4px; cursor: pointer;">Accesso</button></a>
<?php endif; ?>
</div>
</header>
<?php if (isset($_SESSION['name'])): ?>
<div class="account-layout">
<div class="my-sidebar">
<ul>
<li><a href="/admin">Dashboard</a></li>
<li><a href="/admin/manageOrders.php">Gestione ordini</a></li>
<li><a href="/admin/manageProducts.php">Gestione prodotti</a></li>
<li><a href="/admin/manageUsers.php">Gestione utenti</a></li>
<hr class="admin-divider">
<li><a href="../account.php">Ritorna al tuo account</a></li>
</ul>
</div>
<div class="my-container">
<h1>Gestione Utenti</h1>
<?php if (isset($reset_message)): ?>
<div style="background-color: #d4edda; color: #155724; padding: 12px; border-radius: 4px; margin-bottom: 20px;">
<?php echo $reset_message; ?>
</div>
<?php endif; ?>
<?php if ($result && $result->num_rows > 0): ?>
<table class="admin-table">
<thead>
<tr>
<th>ID</th>
<th>Nome</th>
<th>Cognome</th>
<th>Email</th>
<th>Ruolo</th>
<th>Azioni</th>
</tr>
</thead>
<tbody>
<?php while ($user = $result->fetch_assoc()): ?>
<tr>
<td>#<?php echo htmlspecialchars($user['UserID']); ?></td>
<td><?php echo htmlspecialchars($user['Name']); ?></td>
<td><?php echo htmlspecialchars($user['Surname']); ?></td>
<td><?php echo htmlspecialchars($user['Email']); ?></td>
<td>
<form method="POST" style="display: inline;">
<input type="hidden" name="action" value="update_role">
<input type="hidden" name="user_id" value="<?php echo $user['UserID']; ?>">
<select name="role" onchange="this.form.submit()" class="role-select role-<?php echo htmlspecialchars($user['Role']); ?>">
<option value="user" <?php echo $user['Role'] === 'user' ? 'selected' : ''; ?>>User</option>
<option value="admin" <?php echo $user['Role'] === 'admin' ? 'selected' : ''; ?>>Admin</option>
</select>
</form>
</td>
<td>
<form method="POST" style="display: inline;">
<input type="hidden" name="action" value="reset_password">
<input type="hidden" name="user_id" value="<?php echo $user['UserID']; ?>">
<button type="submit" class="btn-reset" title="Genera una nuova password temporanea">Reset Password</button>
</form>
</td>
</tr>
<?php endwhile; ?>
</tbody>
</table>
<?php else: ?>
<p>Nessun utente trovato.</p>
<?php endif; ?>
</div>
</div>
<?php else: ?>
<?php header('Location: login.php'); ?>
<?php endif; ?>
<?php $conn->close(); ?>
</body>
</html>
src/assets/style.css
+279
View File
@@ -256,6 +256,187 @@ form button:hover {
padding: 20px;
}
.product-table {
width: 100%;
border-collapse: collapse;
margin-top: 20px;
}
.product-table th,
.product-table td {
border: 1px solid #ddd;
padding: 12px;
vertical-align: top;
}
.product-table th {
background-color: #f8f9fa;
font-weight: 700;
text-align: left;
}
.product-row:hover {
background-color: #f7f9fb;
}
.add-product-panel {
margin-bottom: 24px;
padding: 18px;
border: 1px solid #ddd;
border-radius: 8px;
background-color: #fdfdfd;
}
.add-product-panel h2 {
margin-top: 0;
margin-bottom: 16px;
color: #333;
font-size: 1.25rem;
}
.add-product-form {
display: grid;
gap: 16px;
}
.add-product-form .form-row {
display: grid;
gap: 8px;
}
.add-product-form label {
font-weight: 600;
color: #444;
}
.toggle-button {
padding: 10px 16px;
background-color: #17a2b8;
color: #fff;
border: none;
border-radius: 4px;
cursor: pointer;
margin-bottom: 16px;
}
.toggle-button:hover {
background-color: #117a8b;
}
.add-product-panel.collapsed {
display: none;
}
.product-name-input,
.product-description-textarea,
.product-category-select,
.product-price-input,
.stock-input,
.product-image-input {
width: 100%;
padding: 10px;
border: 1px solid #ccc;
border-radius: 4px;
box-sizing: border-box;
}
.product-description-textarea {
min-height: 80px;
resize: vertical;
}
.stock-control {
display: flex;
align-items: center;
gap: 8px;
}
.stock-button {
width: 32px;
height: 32px;
border: none;
border-radius: 4px;
background-color: #007bff;
color: #fff;
cursor: pointer;
}
.stock-button:hover {
background-color: #0056b3;
}
.product-image-preview {
max-width: 100px;
display: block;
margin-bottom: 8px;
}
.image-upload {
display: flex;
flex-direction: column;
gap: 8px;
}
.save-button {
padding: 10px 16px;
background-color: #28a745;
color: #fff;
border: none;
border-radius: 4px;
cursor: pointer;
}
.save-button:hover {
background-color: #218838;
}
.admin-divider{
display: block;
height: 1px;
border: 0;
border-top: 1px solid #ddd;
margin: 1em 0;
padding: 0;
}
.admin-stats-grid {
display: grid;
grid-template-columns: repeat(auto-fit, minmax(180px, 1fr));
gap: 16px;
margin-top: 20px;
}
.admin-stat-card {
padding: 20px;
border: 1px solid #ddd;
border-radius: 12px;
background-color: #fff;
box-shadow: 0 1px 4px rgba(0,0,0,0.06);
text-align: center;
}
.admin-stat-card h2 {
margin: 0 0 10px;
font-size: 36px;
color: #333;
}
.admin-stat-card p {
margin: 0;
color: #666;
font-weight: 600;
}
.admin-stat-pending {
border-color: #ffc107;
background-color: #fff8e1;
}
.admin-stat-products {
border-color: #17a2b8;
background-color: #e9f7fb;
}
@media (max-width: 768px) {
.account-layout {
flex-direction: column;
@@ -320,3 +501,101 @@ form button:hover {
margin: 5px 0;
color: #666;
}
/* Stili per la pagina admin di gestione ordini */
.admin-table {
width: 100%;
border-collapse: collapse;
margin-top: 20px;
background-color: #fff;
}
.admin-table th,
.admin-table td {
border: 1px solid #ddd;
padding: 12px;
text-align: left;
}
.admin-table th {
background-color: #f2f2f2;
font-weight: bold;
}
.admin-table tbody tr:hover {
background-color: #f9f9f9;
}
.status-select {
padding: 5px 8px;
border: 1px solid #ddd;
border-radius: 4px;
cursor: pointer;
}
.status-select.status-pending {
background-color: #fff3cd;
color: #212529;
}
.status-select.status-completed {
background-color: #d4edda;
color: #155724;
}
.status-select.status-cancelled {
background-color: #f8d7da;
color: #721c24;
}
.btn-delete {
padding: 5px 10px;
background-color: #dc3545;
color: white;
border: none;
border-radius: 4px;
cursor: pointer;
font-size: 12px;
}
.btn-delete:hover {
background-color: #c82333;
}
.admin-table td form {
display: contents;
margin: 0;
padding: 0;
}
/* Stili per role-select */
.role-select {
border: 1px solid #ddd;
border-radius: 4px;
cursor: pointer;
}
.role-select.role-user {
background-color: #e7f3ff;
color: #004085;
}
.role-select.role-admin {
background-color: #fff3cd;
color: #856404;
}
/* Stili per btn-reset */
.btn-reset {
background-color: #17a2b8;
color: white;
border: none;
border-radius: 4px;
cursor: pointer;
font-size: 12px;
margin-right: 5px;
}
.btn-reset:hover {
background-color: #138496;
}
src/checkout.php
+16
View File
@@ -52,6 +52,22 @@ try {
$quantity = $item['quantity'];
$price = $item['price'];
// Controlla lo stock disponibile
$sql_check_stock = "SELECT StockQuantity, ProductName FROM Products WHERE ProductID = ?";
$stmt_check = $conn->prepare($sql_check_stock);
if (!$stmt_check) {
throw new Exception("Errore nella preparazione della query di controllo stock: " . $conn->error);
}
$stmt_check->bind_param("i", $product_id);
$stmt_check->execute();
$result_check = $stmt_check->get_result();
$product = $result_check->fetch_assoc();
$stmt_check->close();
if (!$product || $product['StockQuantity'] < $quantity) {
throw new Exception("Quantità insufficiente per il prodotto '" . $product['ProductName'] . "'. Disponibile: " . ($product ? $product['StockQuantity'] : 0));
}
// Aggiungi item all'ordine
$sql_item = "INSERT INTO OrderItems (OrderID, ProductID, Quantity, Price) VALUES (?, ?, ?, ?)";
$stmt_item = $conn->prepare($sql_item);
src/index.php
+4
View File
@@ -41,7 +41,11 @@ if ($result === false) {
<a href="product.php?id=<?php echo $row['ProductID']; ?>"><div class="img-square"><img src="img/<?php echo htmlspecialchars($row['ImagePath']); ?>" alt="Immagine prodotto"></div></a>
<h3><?php echo "<a href='product.php?id=" . $row['ProductID'] . "'>" . htmlspecialchars($row['ProductName']) . "</a>"; ?></h3>
<p><?php echo htmlspecialchars($row['Price']); ?>€</p>
<?php if ($row['StockQuantity'] > 0): ?>
<button onclick="addToCart(<?php echo $row['ProductID']; ?>, '<?php echo htmlspecialchars($row['ProductName']); ?>', <?php echo $row['Price']; ?>)">Aggiungi al carrello</button>
<?php else: ?>
<button disabled style="background-color: #ccc; cursor: not-allowed;">Esaurito</button>
<?php endif; ?>
</div>
<?php endwhile; ?>
</div>
src/orders.php
+3
View File
@@ -56,6 +56,9 @@ if (!$result) {
<ul>
<li><a href="account.php">Il mio account</a></li>
<li><a href="orders.php">I miei ordini</a></li>
<?php if ($_SESSION['role'] == 'admin'): ?>
<li><a href="admin">Pannello admin</a></li>
<?php endif; ?>
</ul>
</div>
<div class="my-container">
src/product.php
+4
View File
@@ -54,7 +54,11 @@ if ($stmt = $conn->prepare($sql)) {
<p><strong>Descrizione:</strong> <?php echo htmlspecialchars($product['Description']); ?></p>
<p><strong>Prezzo:</strong> €<?php echo htmlspecialchars($product['Price']); ?></p>
<p><strong>Quantità disponibile:</strong> <?php echo htmlspecialchars($product['StockQuantity']); ?></p>
<?php if ($product['StockQuantity'] > 0): ?>
<button onclick="addToCart(<?php echo $product['ProductID']; ?>, '<?php echo htmlspecialchars($product['ProductName']); ?>', <?php echo $product['Price']; ?>)" style="padding: 10px 20px; background-color: #28a745; color: white; border: none; border-radius: 4px; cursor: pointer;">Aggiungi al carrello</button>
<?php else: ?>
<button disabled style="padding: 10px 20px; background-color: #ccc; color: white; border: none; border-radius: 4px; cursor: not-allowed;">Esaurito</button>
<?php endif; ?>
</div>
</div>
<?php else: ?>