getConnection(); // Verifica utente loggato if (!isset($iduserlogin)) { header("Location: login.php"); exit; } // Controlla se esiste almeno un salone $stmt = $pdo->prepare("SELECT COUNT(*) FROM shops WHERE owner_id = ?"); $stmt->execute([$iduserlogin]); if ((int)$stmt->fetchColumn() === 0) { header("Location: onboarding_salon.php"); exit; } // Prendi il primo salone $stmt = $pdo->prepare(" SELECT id, name FROM shops WHERE owner_id = ? ORDER BY created_at ASC LIMIT 1 "); $stmt->execute([$iduserlogin]); $shop = $stmt->fetch(PDO::FETCH_ASSOC); if (!$shop) { die("Errore: salone non trovato."); } $shop_id = (int)$shop['id']; $shop_name = $shop['name']; // =========================== // Helpers (flash, validazioni) // =========================== function setFlash(string $type, string $text): void { $_SESSION['flash'] = ['type' => $type, 'text' => $text]; } function getFlash(): ?array { if (!isset($_SESSION['flash'])) return null; $f = $_SESSION['flash']; unset($_SESSION['flash']); return $f; } function clampInt($val, int $min, int $max, int $fallback): int { if ($val === null || $val === '') return $fallback; if (!is_numeric($val)) return $fallback; $n = (int)$val; if ($n < $min) return $min; if ($n > $max) return $max; return $n; } // =========================== // POST actions (add/edit/delete) // =========================== if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) { $action = $_POST['action']; try { if ($action === 'add' || $action === 'edit') { $id = ($action === 'edit') ? (int)($_POST['id'] ?? 0) : 0; $first_name = trim($_POST['first_name'] ?? ''); $last_name = trim($_POST['last_name'] ?? ''); $nickname = trim($_POST['nickname'] ?? ''); $role = trim($_POST['role'] ?? ''); $phone = trim($_POST['phone'] ?? ''); $email = trim($_POST['email'] ?? ''); $color_hex = trim($_POST['color_hex'] ?? ''); $max_app_day = clampInt($_POST['max_appointments_per_day'] ?? null, 1, 50, 10); $can_book_online = isset($_POST['can_book_online']) ? 1 : 0; $is_active = isset($_POST['is_active']) ? 1 : 0; $notes = trim($_POST['notes'] ?? ''); // Validazioni base if ($first_name === '' || $last_name === '') { setFlash('danger', "Nome e Cognome sono obbligatori."); header("Location: staff.php"); exit; } if ($color_hex !== '' && !preg_match('/^#[0-9A-Fa-f]{6}$/', $color_hex)) { setFlash('danger', "Colore non valido. Usa formato #FFAA00."); header("Location: staff.php"); exit; } if ($action === 'add') { $stmt = $pdo->prepare(" INSERT INTO staff (shop_id, first_name, last_name, nickname, role, phone, email, color_hex, max_appointments_per_day, can_book_online, is_active, notes) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) "); $ok = $stmt->execute([ $shop_id, $first_name, $last_name, $nickname ?: null, $role ?: null, $phone ?: null, $email ?: null, $color_hex ?: null, $max_app_day, $can_book_online, $is_active, $notes ?: null ]); setFlash($ok ? 'success' : 'danger', $ok ? "Collaboratore aggiunto!" : "Errore durante l'aggiunta."); header("Location: staff.php"); exit; } else { if ($id <= 0) { setFlash('danger', "ID non valido."); header("Location: staff.php"); exit; } $stmt = $pdo->prepare(" UPDATE staff SET first_name = ?, last_name = ?, nickname = ?, role = ?, phone = ?, email = ?, color_hex = ?, max_appointments_per_day = ?, can_book_online = ?, is_active = ?, notes = ?, updated_at = NOW() WHERE id = ? AND shop_id = ? "); $ok = $stmt->execute([ $first_name, $last_name, $nickname ?: null, $role ?: null, $phone ?: null, $email ?: null, $color_hex ?: null, $max_app_day, $can_book_online, $is_active, $notes ?: null, $id, $shop_id ]); setFlash($ok ? 'success' : 'danger', $ok ? "Collaboratore aggiornato!" : "Errore durante l'aggiornamento."); header("Location: staff.php"); exit; } } if ($action === 'delete') { $id = (int)($_POST['id'] ?? 0); if ($id <= 0) { setFlash('danger', "ID non valido."); header("Location: staff.php"); exit; } $stmt = $pdo->prepare("DELETE FROM staff WHERE id = ? AND shop_id = ?"); $ok = $stmt->execute([$id, $shop_id]); setFlash($ok ? 'success' : 'danger', $ok ? "Collaboratore eliminato!" : "Errore durante l'eliminazione."); header("Location: staff.php"); exit; } setFlash('danger', "Azione non valida."); header("Location: staff.php"); exit; } catch (Throwable $e) { setFlash('danger', "Errore: " . $e->getMessage()); header("Location: staff.php"); exit; } } // =========================== // Fetch staff // =========================== $stmt = $pdo->prepare(" SELECT id, first_name, last_name, nickname, role, phone, email, color_hex, max_appointments_per_day, can_book_online, is_active, notes FROM staff WHERE shop_id = ? ORDER BY last_name ASC, first_name ASC "); $stmt->execute([$shop_id]); $staff_list = $stmt->fetchAll(PDO::FETCH_ASSOC); $flash = getFlash(); ?> Staff / Parrucchieri - <?= htmlspecialchars($shop_name) ?>
Staff / Parrucchieri -
Dashboard
Non hai ancora aggiunto collaboratori.
Aggiungine uno per gestire le prenotazioni.
Nome Ruolo Telefono / Email Max app/giorno Online Attivo Colore Azioni
(@)

No No -