techstore/src/admin/index.php

<?php
session_start();
include '../db_conf.php';

// Controlla se l'utente è loggato
if (!isset($_SESSION['id'])) {
    header('Location: ../login.php');
    exit();
}

// Controlla se l'utente ha ruolo admin
$user_id = $_SESSION['id'];
$sql_role = "SELECT Role FROM Users WHERE UserID = ?";
$stmt_role = $conn->prepare($sql_role);
$stmt_role->bind_param("i", $user_id);
$stmt_role->execute();
$stmt_role->bind_result($role);
$stmt_role->fetch();
$stmt_role->close();

if ($role !== 'admin') {
    http_response_code(403);
    die("Accesso negato. Solo gli amministratori possono accedere a questa sezione.");
}

// Lettura dei contatori per la dashboard
$totalOrders = 0;
$pendingOrders = 0;
$totalProducts = 0;

$sql_total_orders = "SELECT COUNT(*) FROM Orders";
$result_total_orders = $conn->query($sql_total_orders);
if ($result_total_orders) {
    $totalOrders = $result_total_orders->fetch_row()[0];
    $result_total_orders->close();
}

$sql_pending_orders = "SELECT COUNT(*) FROM Orders WHERE Status = 'pending'";
$result_pending_orders = $conn->query($sql_pending_orders);
if ($result_pending_orders) {
    $pendingOrders = $result_pending_orders->fetch_row()[0];
    $result_pending_orders->close();
}

$sql_total_products = "SELECT COUNT(*) FROM Products";
$result_total_products = $conn->query($sql_total_products);
if ($result_total_products) {
    $totalProducts = $result_total_products->fetch_row()[0];
    $result_total_products->close();
}
?>

<!DOCTYPE html>
<html lang="it">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Dashboard amministratore - TechStore</title>
    <link rel="stylesheet" href="/assets/style.css">
    <script src="/assets/js/cart.js"></script>
</head>
<body>
    <header style="display: flex; justify-content: space-between; align-items: center; padding: 10px; background-color: #f2f2f2; border-bottom: 1px solid #ddd;">
        <div id="logo" style="font-size: 24px; font-weight: bold;"><a href="/index.php"><img src="/img/logo.png" alt="Logo TechStore" height="32px"></a></div>
        <div>
            <a href="/cart.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #007bff; color: white; border: none; border-radius: 4px; cursor: pointer;">Carrello</button></a>
            <?php if (isset($_SESSION['name'])): ?>
                <a href="/logout.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #dc3545; color: white; border: none; border-radius: 4px; cursor: pointer;">Logout</button></a>
                <span style="margin-left: 10px;">Benvenuto, <?php echo htmlspecialchars($_SESSION['name']); ?></span>
            <?php else: ?>
                <a href="/login.php"><button style="margin-left: 10px; padding: 8px 16px; background-color: #28a745; color: white; border: none; border-radius: 4px; cursor: pointer;">Accesso</button></a>
            <?php endif; ?>
        </div>
    </header>

    <?php if (isset($_SESSION['name'])): ?>
        <div class="account-layout">
            <div class="my-sidebar">
                <ul>
                    <li><a href="/admin">Dashboard</a></li>
                    <li><a href="/admin/manageOrders.php">Gestione ordini</a></li>
                    <li><a href="/admin/manageProducts.php">Gestione prodotti</a></li>
                    <li><a href="/admin/manageUsers.php">Gestione utenti</a></li>
                    <hr>
                    <li><a href="../account.php">Ritorna al tuo account</a></li>
                </ul>
            </div>
            <div class="my-container">
                <h1>Dashboard</h1>
                <div class="admin-stats-grid">
                    <div class="admin-stat-card">
                        <h2><?php echo htmlspecialchars($totalOrders); ?></h2>
                        <p>Ordini totali</p>
                    </div>
                    <div class="admin-stat-card admin-stat-pending">
                        <h2><?php echo htmlspecialchars($pendingOrders); ?></h2>
                        <p>Ordini in corso</p>
                    </div>
                    <div class="admin-stat-card admin-stat-products">
                        <h2><?php echo htmlspecialchars($totalProducts); ?></h2>
                        <p>Prodotti totali</p>
                    </div>
                </div>
            </div>
        </div>
    <?php else: ?>
        <?php header('Location: login.php'); ?>
    <?php endif; ?>

    <?php $conn->close(); ?>
</body>
</html>