Mr_sl1d3r
/
BibliotecaOnline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cose qui

This commit is contained in:
Mr_sl1d3r 2025-12-04 18:16:40 +01:00
parent 9cf1a602bb
commit fe816f0712
4 changed files with 646 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
index.php
View File

@ -37,7 +37,7 @@ if ($alessioCandidate && empty($_SESSION['alessio_blessed'])) {
<div class="flex items-center gap-6">
<a href="#" class="font-semibold text-lg">Biblioteca Online</a>
<div class="hidden md:flex items-center gap-4">
<a href="#" class="hover:text-[#cbff4d]">Catalogo</a>
<a href="./php/catalogo.php" class="hover:text-[#cbff4d]">Catalogo</a>
<a href="#" class="hover:text-[#cbff4d]">Recensioni</a>
</div>
</div>
@ -45,8 +45,7 @@ if ($alessioCandidate && empty($_SESSION['alessio_blessed'])) {
<div class="hidden md:flex items-center gap-4">
<?php if ($isLogged && $roleName === 'admin'): ?>
<a href="./php/admin/users.php" class="hover:text-[#cbff4d]">Gestione Utenti</a>
<a href="#" class="hover:text-[#cbff4d]">Ruoli & Permessi</a>
<a href="#" class="hover:text-[#cbff4d]">Gestione Bibliotecari</a>
<a href="./php/admin/bibliotecari.php" class="hover:text-[#cbff4d]">Gestione Bibliotecari</a>
<?php elseif ($isLogged && $roleName === 'bibliotecario'): ?>
<a href="#" class="hover:text-[#cbff4d]">Elenco Libri</a>
<a href="#" class="hover:text-[#cbff4d]">Elenco Film</a>
@ -290,4 +289,4 @@ if ($alessioCandidate && empty($_SESSION['alessio_blessed'])) {
});
</script>
</body>
</html>
</html>

256
php/admin/bibliotecari.php Normal file
View File

@ -0,0 +1,256 @@
<?php
session_start();
require_once __DIR__ . '/../db/connect.php';
// Access control: solo admin
if (!isset($_SESSION['role_name']) || $_SESSION['role_name'] !== 'admin') {
header('Location: ../../index.php');
exit;
}
$msg = null; $err = null;
// Azioni POST
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$azione = $_POST['azione'] ?? '';
if ($azione === 'set_ruolo') {
$userId = (int)($_POST['user_id'] ?? 0);
$roleId = (int)($_POST['role_id'] ?? 0); // 2=bibliotecario, 3=utente
if ($userId > 0 && in_array($roleId, [2,3], true)) {
$oggi = date('Y-m-d');
$sql = "INSERT INTO `permission` (user_id, role, data) VALUES ($userId, $roleId, '$oggi')";
if (mysqli_query($conn, $sql)) {
$msg = 'Ruolo aggiornato';
} else {
$err = 'Errore aggiornamento ruolo';
}
} else {
$err = 'Dati ruolo non validi';
}
} elseif ($azione === 'crea_bibliotecario') {
// Creazione nuovo account bibliotecario manuale
$nome = trim($_POST['nome'] ?? '');
$cognome = trim($_POST['cognome'] ?? '');
$data_nascita = trim($_POST['data_nascita'] ?? '');
$luogo_nascita = trim($_POST['luogo_nascita'] ?? '');
$cod_fiscale = strtoupper(trim($_POST['cod_fiscale'] ?? ''));
$telefono = preg_replace('/\D+/', '', $_POST['telefono'] ?? '');
$username = trim($_POST['username'] ?? '');
$password = trim($_POST['password'] ?? '');
$errors = [];
if ($nome === '' || $cognome === '' || $luogo_nascita === '') $errors[] = 'Campi anagrafici obbligatori';
if ($data_nascita === '' || !preg_match('/^\d{4}-\d{2}-\d{2}$/', $data_nascita)) $errors[] = 'Data nascita non valida';
if ($cod_fiscale === '' || strlen($cod_fiscale) !== 16) $errors[] = 'Codice Fiscale non valido';
if ($telefono === '' || !preg_match('/^\d{6,10}$/', $telefono)) $errors[] = 'Telefono non valido';
if ($username === '' || strlen($username) < 3) $errors[] = 'Username troppo corto';
if ($password === '' || preg_match('/\s/', $password) || strlen($password) < 8 || !preg_match('/[a-z]/', $password) || !preg_match('/[A-Z]/', $password) || !preg_match('/[^a-zA-Z0-9]/', $password)) {
$errors[] = 'Password non conforme ai requisiti';
}
// Unicità username
$username_e = mysqli_real_escape_string($conn, $username);
$check = mysqli_query($conn, "SELECT user_id FROM `user` WHERE descrizione = '$username_e' LIMIT 1");
if ($check && mysqli_num_rows($check) > 0) $errors[] = 'Username già esistente';
if (!empty($errors)) {
$err = implode(' | ', $errors);
} else {
$nome_e = mysqli_real_escape_string($conn, $nome);
$cognome_e = mysqli_real_escape_string($conn, $cognome);
$data_nascita_e = mysqli_real_escape_string($conn, $data_nascita);
$luogo_nascita_e = mysqli_real_escape_string($conn, $luogo_nascita);
$cod_fiscale_e = mysqli_real_escape_string($conn, $cod_fiscale);
$telefono_e = mysqli_real_escape_string($conn, $telefono);
$password_e = mysqli_real_escape_string($conn, $password);
$oggi = date('Y-m-d');
$sql_person = "INSERT INTO `person` (nome, cognome, data_nascita, luogo_nascita, cod_fiscale, telefono) VALUES ('$nome_e', '$cognome_e', '$data_nascita_e', '$luogo_nascita_e', '$cod_fiscale_e', '$telefono_e')";
if (!mysqli_query($conn, $sql_person)) { $err = 'Errore inserimento persona'; }
else {
$person_id = mysqli_insert_id($conn);
$sql_user = "INSERT INTO `user` (descrizione, data, person_id, password) VALUES ('$username_e', '$oggi', $person_id, '$password_e')";
if (!mysqli_query($conn, $sql_user)) { $err = 'Errore inserimento utente'; }
else {
$user_id = mysqli_insert_id($conn);
$sql_perm = "INSERT INTO `permission` (user_id, role, data) VALUES ($user_id, 2, '$oggi')"; // bibliotecario
if (!mysqli_query($conn, $sql_perm)) { $err = 'Errore assegnazione ruolo'; }
else { $msg = 'Bibliotecario creato correttamente'; }
}
}
}
}
}
// Query elenco bibliotecari
$sql_b = "SELECT u.user_id, u.descrizione AS username, p.nome, p.cognome, p.cod_fiscale, p.telefono
FROM `user` u
JOIN `person` p ON p.id_persona = u.person_id
LEFT JOIN `permission` pm ON pm.user_id = u.user_id
WHERE pm.role = 2
GROUP BY u.user_id, u.descrizione, p.nome, p.cognome, p.cod_fiscale, p.telefono";
$biblios = mysqli_query($conn, $sql_b);
// Query elenco utenti con ultimo ruolo
$sql_u = "SELECT u.user_id, u.descrizione AS username, COALESCE(r.name,'utente') AS ruolo
FROM `user` u
LEFT JOIN `permission` pm ON pm.user_id = u.user_id
LEFT JOIN `role` r ON r.id = pm.role
GROUP BY u.user_id
ORDER BY u.user_id ASC";
$utenti = mysqli_query($conn, $sql_u);
?>
<!DOCTYPE html>
<html lang="it">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Amministrazione | Bibliotecari</title>
<script src="https://cdn.tailwindcss.com"></script>
</head>
<body class="bg-[#f8fafc] text-[#1f2937]">
<nav class="w-full bg-[#545454] text-white shadow">
<div class="max-w-7xl mx-auto px-4">
<div class="flex justify-between items-center h-16">
<a href="../../index.php" class="font-semibold text-lg">Biblioteca Online</a>
<div class="flex items-center gap-3">
<span class="hidden md:inline text-sm">Admin: <?php echo htmlspecialchars($_SESSION['username'] ?? ''); ?></span>
<a href="../auth/logout.php" class="px-4 py-2 bg-[#84dd63] text-[#1f2937] rounded hover:bg-[#cbff4d]">Logout</a>
</div>
</div>
</div>
</nav>
<main class="max-w-7xl mx-auto px-4 py-8">
<div class="flex items-center justify-between mb-6">
<h1 class="text-2xl font-semibold">Gestione Bibliotecari</h1>
<a href="../../index.php" class="text-sm text-[#1f2937] hover:text-[#84dd63]"> Torna alla Home</a>
</div>
<?php if ($msg): ?><div class="p-3 bg-green-50 text-green-700 rounded mb-4"><?php echo htmlspecialchars($msg); ?></div><?php endif; ?>
<?php if ($err): ?><div class="p-3 bg-red-50 text-red-700 rounded mb-4"><?php echo htmlspecialchars($err); ?></div><?php endif; ?>
<div class="grid md:grid-cols-2 gap-8">
<section class="bg-white shadow rounded p-4 border border-[#e5e7eb]">
<h2 class="text-lg font-semibold mb-3">Elenco Bibliotecari</h2>
<div class="overflow-x-auto">
<table class="min-w-full divide-y divide-gray-200">
<thead class="bg-gray-50">
<tr>
<th class="px-4 py-2 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">ID</th>
<th class="px-4 py-2 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Username</th>
<th class="px-4 py-2 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Cognome/Nome</th>
<th class="px-4 py-2 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Telefono</th>
</tr>
</thead>
<tbody class="bg-white divide-y divide-gray-200">
<?php if ($biblios && mysqli_num_rows($biblios) > 0): ?>
<?php while ($b = mysqli_fetch_assoc($biblios)): ?>
<tr class="hover:bg-gray-50">
<td class="px-4 py-2 text-sm text-gray-700"><?php echo (int)$b['user_id']; ?></td>
<td class="px-4 py-2 text-sm text-gray-700"><?php echo htmlspecialchars($b['username']); ?></td>
<td class="px-4 py-2 text-sm text-gray-700"><?php echo htmlspecialchars($b['cognome'] . ' ' . $b['nome']); ?></td>
<td class="px-4 py-2 text-sm text-gray-700"><?php echo htmlspecialchars($b['telefono']); ?></td>
</tr>
<?php endwhile; ?>
<?php else: ?>
<tr><td colspan="4" class="px-4 py-6 text-center text-sm text-gray-500">Nessun bibliotecario</td></tr>
<?php endif; ?>
</tbody>
</table>
</div>
</section>
<section class="bg-white shadow rounded p-4 border border-[#e5e7eb]">
<h2 class="text-lg font-semibold mb-3">Crea Bibliotecario</h2>
<form method="post" class="grid grid-cols-1 md:grid-cols-2 gap-3">
<input type="hidden" name="azione" value="crea_bibliotecario" />
<div>
<label class="block text-sm text-[#69747c]">Nome</label>
<input type="text" name="nome" required class="mt-1 w-full border rounded px-3 py-2">
</div>
<div>
<label class="block text-sm text-[#69747c]">Cognome</label>
<input type="text" name="cognome" required class="mt-1 w-full border rounded px-3 py-2">
</div>
<div>
<label class="block text-sm text-[#69747c]">Data di nascita</label>
<input type="date" name="data_nascita" required class="mt-1 w-full border rounded px-3 py-2">
</div>
<div>
<label class="block text-sm text-[#69747c]">Luogo di nascita</label>
<input type="text" name="luogo_nascita" required class="mt-1 w-full border rounded px-3 py-2">
</div>
<div>
<label class="block text-sm text-[#69747c]">Codice Fiscale</label>
<input type="text" name="cod_fiscale" maxlength="16" required class="mt-1 w-full border rounded px-3 py-2 uppercase">
</div>
<div>
<label class="block text-sm text-[#69747c]">Telefono</label>
<input type="tel" name="telefono" maxlength="10" required class="mt-1 w-full border rounded px-3 py-2">
</div>
<div class="md:col-span-2 border-t pt-3">
<h3 class="text-md font-semibold text-[#545454]">Credenziali</h3>
</div>
<div>
<label class="block text-sm text-[#69747c]">Username</label>
<input type="text" name="username" required class="mt-1 w-full border rounded px-3 py-2">
</div>
<div>
<label class="block text-sm text-[#69747c]">Password</label>
<input type="password" name="password" required class="mt-1 w-full border rounded px-3 py-2">
</div>
<div class="md:col-span-2 mt-2">
<button class="px-4 py-2 bg-[#6baa75] text-white rounded hover:bg-[#84dd63]">Crea Bibliotecario</button>
</div>
</form>
</section>
</div>
<section class="mt-8 bg-white shadow rounded p-4 border border-[#e5e7eb]">
<h2 class="text-lg font-semibold mb-3">Utenti e Ruoli</h2>
<div class="overflow-x-auto">
<table class="min-w-full divide-y divide-gray-200">
<thead class="bg-gray-50">
<tr>
<th class="px-4 py-2 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">ID</th>
<th class="px-4 py-2 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Username</th>
<th class="px-4 py-2 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Ruolo</th>
<th class="px-4 py-2 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Azione</th>
</tr>
</thead>
<tbody class="bg-white divide-y divide-gray-200">
<?php if ($utenti && mysqli_num_rows($utenti) > 0): ?>
<?php while ($u = mysqli_fetch_assoc($utenti)): ?>
<tr class="hover:bg-gray-50">
<td class="px-4 py-2 text-sm text-gray-700"><?php echo (int)$u['user_id']; ?></td>
<td class="px-4 py-2 text-sm text-gray-700"><?php echo htmlspecialchars($u['username']); ?></td>
<td class="px-4 py-2 text-sm">
<span class="px-2 py-1 rounded bg-[#84dd63] text-[#1f2937] text-xs font-medium"><?php echo htmlspecialchars($u['ruolo']); ?></span>
</td>
<td class="px-4 py-2 text-sm">
<form method="post" class="inline">
<input type="hidden" name="azione" value="set_ruolo" />
<input type="hidden" name="user_id" value="<?php echo (int)$u['user_id']; ?>" />
<?php if ($u['ruolo'] !== 'bibliotecario'): ?>
<input type="hidden" name="role_id" value="2" />
<button class="px-3 py-1 bg-[#6baa75] text-white rounded hover:bg-[#84dd63]">Promuovi a Bibliotecario</button>
<?php else: ?>
<input type="hidden" name="role_id" value="3" />
<button class="px-3 py-1 bg-[#69747c] text-white rounded hover:bg-[#545454]">Retrocedi a Utente</button>
<?php endif; ?>
</form>
</td>
</tr>
<?php endwhile; ?>
<?php else: ?>
<tr><td colspan="4" class="px-4 py-6 text-center text-sm text-gray-500">Nessun utente</td></tr>
<?php endif; ?>
</tbody>
</table>
</div>
</section>
</main>
</body>
</html>

272
php/admin/users.php
View File

@ -8,6 +8,138 @@ if (!isset($_SESSION['role_name']) || $_SESSION['role_name'] !== 'admin') {
exit;
}
// Messaggi
$msg = null; $error = null;
// Gestione azioni CRUD
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$azione = $_POST['azione'] ?? '';
if ($azione === 'create_user') {
$nome = trim($_POST['nome'] ?? '');
$cognome = trim($_POST['cognome'] ?? '');
$data_nascita = trim($_POST['data_nascita'] ?? '');
$luogo_nascita = trim($_POST['luogo_nascita'] ?? '');
$cod_fiscale = strtoupper(trim($_POST['cod_fiscale'] ?? ''));
$telefono = preg_replace('/\D+/', '', $_POST['telefono'] ?? '');
$username = trim($_POST['username'] ?? '');
$password = trim($_POST['password'] ?? '');
$role_id = (int)($_POST['role_id'] ?? 3); // default utente
$errors = [];
if ($nome === '' || $cognome === '' || $luogo_nascita === '') $errors[] = 'Campi anagrafici obbligatori';
if ($data_nascita === '' || !preg_match('/^\d{4}-\d{2}-\d{2}$/', $data_nascita)) $errors[] = 'Data nascita non valida';
if ($cod_fiscale === '' || strlen($cod_fiscale) !== 16) $errors[] = 'Codice Fiscale non valido';
if ($telefono === '' || !preg_match('/^\d{6,10}$/', $telefono)) $errors[] = 'Telefono non valido';
if ($username === '' || strlen($username) < 3) $errors[] = 'Username troppo corto';
if ($password === '' || preg_match('/\s/', $password) || strlen($password) < 8 || !preg_match('/[a-z]/', $password) || !preg_match('/[A-Z]/', $password) || !preg_match('/[^a-zA-Z0-9]/', $password)) {
$errors[] = 'Password non conforme ai requisiti';
}
if (!in_array($role_id, [2,3], true)) $errors[] = 'Ruolo non valido';
$username_e = mysqli_real_escape_string($conn, $username);
$check = mysqli_query($conn, "SELECT user_id FROM `user` WHERE descrizione = '$username_e' LIMIT 1");
if ($check && mysqli_num_rows($check) > 0) $errors[] = 'Username già esistente';
if (!empty($errors)) {
$error = implode(' | ', $errors);
} else {
$nome_e = mysqli_real_escape_string($conn, $nome);
$cognome_e = mysqli_real_escape_string($conn, $cognome);
$data_nascita_e = mysqli_real_escape_string($conn, $data_nascita);
$luogo_nascita_e = mysqli_real_escape_string($conn, $luogo_nascita);
$cod_fiscale_e = mysqli_real_escape_string($conn, $cod_fiscale);
$telefono_e = mysqli_real_escape_string($conn, $telefono);
$password_e = mysqli_real_escape_string($conn, $password);
$oggi = date('Y-m-d');
$sql_person = "INSERT INTO `person` (nome, cognome, data_nascita, luogo_nascita, cod_fiscale, telefono) VALUES ('$nome_e', '$cognome_e', '$data_nascita_e', '$luogo_nascita_e', '$cod_fiscale_e', '$telefono_e')";
if (!mysqli_query($conn, $sql_person)) { $error = 'Errore inserimento persona'; }
else {
$person_id = mysqli_insert_id($conn);
$sql_user = "INSERT INTO `user` (descrizione, data, person_id, password) VALUES ('$username_e', '$oggi', $person_id, '$password_e')";
if (!mysqli_query($conn, $sql_user)) { $error = 'Errore inserimento utente'; }
else {
$user_id = mysqli_insert_id($conn);
$sql_perm = "INSERT INTO `permission` (user_id, role, data) VALUES ($user_id, $role_id, '$oggi')";
if (!mysqli_query($conn, $sql_perm)) { $error = 'Errore assegnazione ruolo'; }
else { $msg = 'Utente creato correttamente'; }
}
}
}
} elseif ($azione === 'update_user') {
$user_id = (int)($_POST['user_id'] ?? 0);
$username = trim($_POST['username'] ?? '');
$password = trim($_POST['password'] ?? ''); // opzionale
$nome = trim($_POST['nome'] ?? '');
$cognome = trim($_POST['cognome'] ?? '');
$data_nascita = trim($_POST['data_nascita'] ?? '');
$luogo_nascita = trim($_POST['luogo_nascita'] ?? '');
$cod_fiscale = strtoupper(trim($_POST['cod_fiscale'] ?? ''));
$telefono = preg_replace('/\D+/', '', $_POST['telefono'] ?? '');
if ($user_id <= 0) { $error = 'ID utente non valido'; }
else {
$username_e = mysqli_real_escape_string($conn, $username);
$nome_e = mysqli_real_escape_string($conn, $nome);
$cognome_e = mysqli_real_escape_string($conn, $cognome);
$data_nascita_e = mysqli_real_escape_string($conn, $data_nascita);
$luogo_nascita_e = mysqli_real_escape_string($conn, $luogo_nascita);
$cod_fiscale_e = mysqli_real_escape_string($conn, $cod_fiscale);
$telefono_e = mysqli_real_escape_string($conn, $telefono);
// Trova person_id
$res = mysqli_query($conn, "SELECT person_id FROM `user` WHERE user_id = $user_id");
if ($res && mysqli_num_rows($res) === 1) {
$pi = (int)mysqli_fetch_assoc($res)['person_id'];
// Update person
$ok1 = mysqli_query($conn, "UPDATE `person` SET nome='$nome_e', cognome='$cognome_e', data_nascita='$data_nascita_e', luogo_nascita='$luogo_nascita_e', cod_fiscale='$cod_fiscale_e', telefono='$telefono_e' WHERE id_persona=$pi");
// Update username
$ok2 = mysqli_query($conn, "UPDATE `user` SET descrizione='$username_e' WHERE user_id=$user_id");
// Update password se valorizzata e conforme
$ok3 = true;
if ($password !== '') {
if (preg_match('/\s/', $password) || strlen($password) < 8 || !preg_match('/[a-z]/', $password) || !preg_match('/[A-Z]/', $password) || !preg_match('/[^a-zA-Z0-9]/', $password)) {
$ok3 = false; $error = 'Password non conforme ai requisiti';
} else {
$password_e = mysqli_real_escape_string($conn, $password);
$ok3 = mysqli_query($conn, "UPDATE `user` SET password='$password_e' WHERE user_id=$user_id");
}
}
if ($ok1 && $ok2 && $ok3) { $msg = 'Utente aggiornato'; }
else if (!$error) { $error = 'Errore aggiornamento utente'; }
} else { $error = 'Utente non trovato'; }
}
} elseif ($azione === 'delete_user') {
$user_id = (int)($_POST['user_id'] ?? 0);
if ($user_id <= 0) { $error = 'ID utente non valido'; }
else {
// Rimuove permission, poi utente e infine person
$res = mysqli_query($conn, "SELECT person_id FROM `user` WHERE user_id = $user_id");
if ($res && mysqli_num_rows($res) === 1) {
$pi = (int)mysqli_fetch_assoc($res)['person_id'];
mysqli_query($conn, "DELETE FROM `permission` WHERE user_id = $user_id");
$okU = mysqli_query($conn, "DELETE FROM `user` WHERE user_id = $user_id");
$okP = false;
if ($okU) { $okP = mysqli_query($conn, "DELETE FROM `person` WHERE id_persona = $pi"); }
if ($okU && $okP) { $msg = 'Utente eliminato'; }
else { $error = 'Errore eliminazione utente'; }
} else { $error = 'Utente non trovato'; }
}
} elseif ($azione === 'set_ruolo') {
$userId = (int)($_POST['user_id'] ?? 0);
$roleId = (int)($_POST['role_id'] ?? 0);
if ($userId > 0 && in_array($roleId, [2,3], true)) {
$oggi = date('Y-m-d');
$sql = "INSERT INTO `permission` (user_id, role, data) VALUES ($userId, $roleId, '$oggi')";
if (mysqli_query($conn, $sql)) {
$msg = 'Ruolo aggiornato';
} else {
$error = 'Errore aggiornamento ruolo';
}
} else { $error = 'Dati ruolo non validi'; }
}
}
// Query utenti con persona e ultimo ruolo assegnato
$sql = "SELECT u.user_id, u.descrizione AS username, u.data AS registrato_il,
p.nome, p.cognome, p.cod_fiscale, p.telefono,
@ -23,6 +155,14 @@ $result = mysqli_query($conn, $sql);
if (!$result) {
$error = mysqli_error($conn);
}
// Se editing
$editId = isset($_GET['edit_id']) ? (int)$_GET['edit_id'] : 0;
$editUser = null;
if ($editId > 0) {
$resE = mysqli_query($conn, "SELECT u.user_id, u.descrizione AS username, u.data, u.person_id, p.nome, p.cognome, p.data_nascita, p.luogo_nascita, p.cod_fiscale, p.telefono FROM `user` u JOIN `person` p ON p.id_persona = u.person_id WHERE u.user_id = $editId LIMIT 1");
if ($resE && mysqli_num_rows($resE) === 1) { $editUser = mysqli_fetch_assoc($resE); }
}
?>
<!DOCTYPE html>
<html lang="it">
@ -51,10 +191,116 @@ if (!$result) {
<a href="../../index.php" class="text-sm text-[#1f2937] hover:text-[#84dd63]"> Torna alla Home</a>
</div>
<?php if (!empty($msg)): ?>
<div class="p-4 bg-green-50 text-green-700 rounded mb-4"><?php echo htmlspecialchars($msg); ?></div>
<?php endif; ?>
<?php if (!empty($error)): ?>
<div class="p-4 bg-red-50 text-red-700 rounded mb-4">Errore DB: <?php echo htmlspecialchars($error); ?></div>
<?php endif; ?>
<!-- Crea Utente/Bibliotecario -->
<section class="bg-white shadow rounded p-4 border border-[#e5e7eb] mb-6">
<h2 class="text-lg font-semibold mb-3">Crea Utente / Bibliotecario</h2>
<form method="post" class="grid grid-cols-1 md:grid-cols-2 gap-3">
<input type="hidden" name="azione" value="create_user" />
<div>
<label class="block text-sm text-gray-600">Nome</label>
<input type="text" name="nome" required class="mt-1 w-full border rounded px-3 py-2" />
</div>
<div>
<label class="block text-sm text-gray-600">Cognome</label>
<input type="text" name="cognome" required class="mt-1 w-full border rounded px-3 py-2" />
</div>
<div>
<label class="block text-sm text-gray-600">Data di nascita</label>
<input type="date" name="data_nascita" required class="mt-1 w-full border rounded px-3 py-2" />
</div>
<div>
<label class="block text-sm text-gray-600">Luogo di nascita</label>
<input type="text" name="luogo_nascita" required class="mt-1 w-full border rounded px-3 py-2" />
</div>
<div>
<label class="block text-sm text-gray-600">Codice Fiscale</label>
<input type="text" name="cod_fiscale" maxlength="16" required class="mt-1 w-full border rounded px-3 py-2 uppercase" />
</div>
<div>
<label class="block text-sm text-gray-600">Telefono</label>
<input type="tel" name="telefono" maxlength="10" required class="mt-1 w-full border rounded px-3 py-2" />
</div>
<div class="md:col-span-2 border-t pt-3">
<h3 class="text-md font-semibold">Credenziali</h3>
</div>
<div>
<label class="block text-sm text-gray-600">Username</label>
<input type="text" name="username" required class="mt-1 w-full border rounded px-3 py-2" />
</div>
<div>
<label class="block text-sm text-gray-600">Password</label>
<input type="password" name="password" required class="mt-1 w-full border rounded px-3 py-2" />
</div>
<div class="md:col-span-2">
<label class="block text-sm text-gray-600">Ruolo</label>
<select name="role_id" class="mt-1 w-full border rounded px-3 py-2">
<option value="3">Utente</option>
<option value="2">Bibliotecario</option>
</select>
</div>
<div class="md:col-span-2 mt-2">
<button class="px-4 py-2 bg-[#6baa75] text-white rounded hover:bg-[#84dd63]">Crea</button>
</div>
</form>
</section>
<!-- Modifica Utente -->
<?php if ($editUser): ?>
<section class="bg-white shadow rounded p-4 border border-[#e5e7eb] mb-6">
<h2 class="text-lg font-semibold mb-3">Modifica Utente #<?php echo (int)$editUser['user_id']; ?></h2>
<form method="post" class="grid grid-cols-1 md:grid-cols-2 gap-3">
<input type="hidden" name="azione" value="update_user" />
<input type="hidden" name="user_id" value="<?php echo (int)$editUser['user_id']; ?>" />
<div>
<label class="block text-sm text-gray-600">Nome</label>
<input type="text" name="nome" required class="mt-1 w-full border rounded px-3 py-2" value="<?php echo htmlspecialchars($editUser['nome']); ?>" />
</div>
<div>
<label class="block text-sm text-gray-600">Cognome</label>
<input type="text" name="cognome" required class="mt-1 w-full border rounded px-3 py-2" value="<?php echo htmlspecialchars($editUser['cognome']); ?>" />
</div>
<div>
<label class="block text-sm text-gray-600">Data di nascita</label>
<input type="date" name="data_nascita" required class="mt-1 w-full border rounded px-3 py-2" value="<?php echo htmlspecialchars($editUser['data_nascita']); ?>" />
</div>
<div>
<label class="block text-sm text-gray-600">Luogo di nascita</label>
<input type="text" name="luogo_nascita" required class="mt-1 w-full border rounded px-3 py-2" value="<?php echo htmlspecialchars($editUser['luogo_nascita']); ?>" />
</div>
<div>
<label class="block text-sm text-gray-600">Codice Fiscale</label>
<input type="text" name="cod_fiscale" maxlength="16" required class="mt-1 w-full border rounded px-3 py-2 uppercase" value="<?php echo htmlspecialchars($editUser['cod_fiscale']); ?>" />
</div>
<div>
<label class="block text-sm text-gray-600">Telefono</label>
<input type="tel" name="telefono" maxlength="10" required class="mt-1 w-full border rounded px-3 py-2" value="<?php echo htmlspecialchars($editUser['telefono']); ?>" />
</div>
<div class="md:col-span-2 border-t pt-3">
<h3 class="text-md font-semibold">Credenziali</h3>
</div>
<div>
<label class="block text-sm text-gray-600">Username</label>
<input type="text" name="username" required class="mt-1 w-full border rounded px-3 py-2" value="<?php echo htmlspecialchars($editUser['username']); ?>" />
</div>
<div>
<label class="block text-sm text-gray-600">Nuova Password (opzionale)</label>
<input type="password" name="password" class="mt-1 w-full border rounded px-3 py-2" placeholder="Lascia vuoto per non cambiare" />
</div>
<div class="md:col-span-2 mt-2 flex gap-2">
<button class="px-4 py-2 bg-[#6baa75] text-white rounded hover:bg-[#84dd63]">Salva Modifiche</button>
<a href="./users.php" class="px-4 py-2 bg-[#69747c] text-white rounded hover:bg-[#545454]">Annulla</a>
</div>
</form>
</section>
<?php endif; ?>
<div class="overflow-x-auto bg-white shadow rounded">
<table class="min-w-full divide-y divide-gray-200">
<thead class="bg-gray-50">
@ -67,6 +313,7 @@ if (!$result) {
<th class="px-4 py-2 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Cognome</th>
<th class="px-4 py-2 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Cod. Fiscale</th>
<th class="px-4 py-2 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Telefono</th>
<th class="px-4 py-2 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Azioni</th>
</tr>
</thead>
<tbody class="bg-white divide-y divide-gray-200">
@ -83,11 +330,32 @@ if (!$result) {
<td class="px-4 py-2 text-sm text-gray-700"><?php echo htmlspecialchars($row['cognome']); ?></td>
<td class="px-4 py-2 text-sm text-gray-700 font-mono"><?php echo htmlspecialchars($row['cod_fiscale']); ?></td>
<td class="px-4 py-2 text-sm text-gray-700"><?php echo htmlspecialchars($row['telefono']); ?></td>
<td class="px-4 py-2 text-sm text-gray-700">
<div class="flex items-center gap-2">
<a href="./users.php?edit_id=<?php echo (int)$row['user_id']; ?>" class="px-3 py-1 bg-[#6baa75] text-white rounded hover:bg-[#84dd63]">Modifica</a>
<form method="post" onsubmit="return confirm('Confermi eliminazione?');" class="inline">
<input type="hidden" name="azione" value="delete_user" />
<input type="hidden" name="user_id" value="<?php echo (int)$row['user_id']; ?>" />
<button class="px-3 py-1 bg-red-600 text-white rounded hover:bg-red-700">Elimina</button>
</form>
<form method="post" class="inline">
<input type="hidden" name="azione" value="set_ruolo" />
<input type="hidden" name="user_id" value="<?php echo (int)$row['user_id']; ?>" />
<?php if ($row['role_name'] !== 'bibliotecario'): ?>
<input type="hidden" name="role_id" value="2" />
<button class="px-3 py-1 bg-[#69747c] text-white rounded hover:bg-[#545454]">Promuovi a Bibliotecario</button>
<?php else: ?>
<input type="hidden" name="role_id" value="3" />
<button class="px-3 py-1 bg-[#69747c] text-white rounded hover:bg-[#545454]">Retrocedi a Utente</button>
<?php endif; ?>
</form>
</div>
</td>
</tr>
<?php endwhile; ?>
<?php else: ?>
<tr>
<td colspan="8" class="px-4 py-6 text-center text-sm text-gray-500">Nessun utente trovato</td>
<td colspan="9" class="px-4 py-6 text-center text-sm text-gray-500">Nessun utente trovato</td>
</tr>
<?php endif; ?>
</tbody>
@ -95,4 +363,4 @@ if (!$result) {
</div>
</main>
</body>
</html>
</html>

117
php/catalogo.php Normal file
View File

@ -0,0 +1,117 @@
<?php
session_start();
require_once __DIR__ . '/db/connect.php';
$isLogged = isset($_SESSION['user_id']);
$roleName = $_SESSION['role_name'] ?? null;
// Filtri
$q = trim($_GET['q'] ?? '');
$tipo = trim($_GET['tipo'] ?? ''); // '', 'libro', 'film', 'documentario'
// Costruzione query
$where = ["stato = 'attivo'"];
if ($q !== '') {
$q_e = mysqli_real_escape_string($conn, $q);
$where[] = "(titolo LIKE '%$q_e%' OR autore_regista LIKE '%$q_e%' OR descrizione LIKE '%$q_e%')";
}
if ($tipo !== '' && in_array($tipo, ['libro','film','documentario'])) {
$tipo_e = mysqli_real_escape_string($conn, $tipo);
$where[] = "tipo = '$tipo_e'";
}
$whereSql = implode(' AND ', $where);
$sql = "SELECT id_item, codice, tipo, titolo, autore_regista, descrizione, costo_noleggio, argomento, data_inserimento, copertina_url
FROM item WHERE $whereSql ORDER BY data_inserimento DESC, id_item DESC";
$result = mysqli_query($conn, $sql);
$error = $result ? null : mysqli_error($conn);
?>
<!DOCTYPE html>
<html lang="it">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Catalogo | Biblioteca</title>
<script src="https://cdn.tailwindcss.com"></script>
</head>
<body class="bg-[#f8fafc] text-[#545454]">
<nav class="w-full bg-[#545454] text-white shadow">
<div class="max-w-7xl mx-auto px-4">
<div class="flex justify-between items-center h-16">
<div class="flex items-center gap-6">
<a href="../index.php" class="font-semibold text-lg">Biblioteca Online</a>
<div class="hidden md:flex items-center gap-4">
<a href="./catalogo.php" class="hover:text-[#cbff4d]">Catalogo</a>
<a href="#" class="hover:text-[#cbff4d]">Recensioni</a>
</div>
</div>
<div class="hidden md:flex items-center gap-4">
<?php if ($isLogged && $roleName === 'admin'): ?>
<a href="./admin/users.php" class="hover:text-[#cbff4d]">Gestione Utenti</a>
<a href="./admin/bibliotecari.php" class="hover:text-[#cbff4d]">Gestione Bibliotecari</a>
<?php elseif ($isLogged && $roleName === 'bibliotecario'): ?>
<a href="#" class="hover:text-[#cbff4d]">Elenco Libri</a>
<a href="#" class="hover:text-[#cbff4d]">Elenco Film</a>
<?php elseif ($isLogged && $roleName === 'utente'): ?>
<a href="#" class="hover:text-[#cbff4d]">Prenota</a>
<a href="#" class="hover:text-[#cbff4d]">Le mie Prenotazioni</a>
<?php endif; ?>
</div>
<div class="flex items-center gap-3">
<?php if ($isLogged): ?>
<span class="hidden md:inline text-sm">Ciao, <?php echo htmlspecialchars($_SESSION['username'] ?? ''); ?></span>
<a href="./auth/logout.php" class="px-4 py-2 bg-[#84dd63] text-[#1f2937] rounded hover:bg-[#cbff4d]">Logout</a>
<?php else: ?>
<a href="../index.php" class="px-4 py-2 bg-[#84dd63] text-[#1f2937] rounded hover:bg-[#cbff4d]">Accedi</a>
<?php endif; ?>
</div>
</div>
</div>
</nav>
<main class="max-w-7xl mx-auto px-4 py-8">
<div class="flex items-center justify-between mb-6">
<h1 class="text-2xl font-semibold">Catalogo</h1>
<form method="get" class="flex items-center gap-2">
<select name="tipo" class="border rounded px-3 py-2">
<option value="">Tutti</option>
<option value="libro" <?php echo $tipo==='libro'?'selected':''; ?>>Libri</option>
<option value="film" <?php echo $tipo==='film'?'selected':''; ?>>Film</option>
<option value="documentario" <?php echo $tipo==='documentario'?'selected':''; ?>>Documentari</option>
</select>
<input type="text" name="q" value="<?php echo htmlspecialchars($q); ?>" placeholder="Cerca titolo/autore..." class="border rounded px-3 py-2 w-64" />
<button class="px-4 py-2 bg-[#6baa75] text-white rounded hover:bg-[#84dd63]">Cerca</button>
</form>
</div>
<?php if (!empty($error)): ?>
<div class="p-4 bg-red-50 text-red-700 rounded mb-4">Errore DB: <?php echo htmlspecialchars($error); ?></div>
<?php endif; ?>
<div class="grid grid-cols-1 md:grid-cols-3 gap-6">
<?php if ($result && mysqli_num_rows($result) > 0): ?>
<?php while ($row = mysqli_fetch_assoc($result)): ?>
<div class="bg-white rounded shadow border border-[#e5e7eb] overflow-hidden">
<img src="<?php echo htmlspecialchars($row['copertina_url'] ?: 'https://placehold.co/600x400?text=Copertina'); ?>" alt="Copertina" class="w-full h-40 object-cover" onerror="this.src='https://placehold.co/600x400?text=Copertina'" />
<div class="p-4">
<div class="flex items-center justify-between">
<h3 class="text-lg font-semibold text-[#545454]"><?php echo htmlspecialchars($row['titolo']); ?></h3>
<span class="px-2 py-1 text-xs rounded bg-[#84dd63] text-[#1f2937]"><?php echo htmlspecialchars(ucfirst($row['tipo'])); ?></span>
</div>
<p class="text-sm text-[#69747c] mt-1">di <?php echo htmlspecialchars($row['autore_regista']); ?></p>
<p class="text-sm text-[#69747c] mt-2 line-clamp-3"><?php echo htmlspecialchars($row['descrizione']); ?></p>
<div class="mt-3 flex items-center justify-between">
<span class="text-sm text-[#1f2937] font-medium">Costo: <?php echo number_format((float)$row['costo_noleggio'],2,',','.'); ?></span>
<a href="#" class="text-sm text-[#6baa75] hover:text-[#84dd63]">Dettagli</a>
</div>
</div>
</div>
<?php endwhile; ?>
<?php else: ?>
<div class="md:col-span-3 p-6 bg-white rounded shadow text-center text-sm text-[#69747c]">Nessuna entità trovata</div>
<?php endif; ?>
</div>
</main>
</body>
</html>