json bindings filter && order

json bindings
Merge branch 'main' into features/jsonintegration
2026-06-16 10:20:03 +03:00 · 2026-06-13 20:19:36 +03:00 · 2026-06-11 15:33:30 +03:00 · 2026-06-11 13:41:31 +03:00 · 2026-06-11 09:37:01 +03:00 · 2026-06-10 11:02:43 +02:00
386 changed files with 168501 additions and 1672 deletions
@@ -1,40 +0,0 @@
-APP_ENV=production
-APP_DEBUG=true
-APP_KEY=base64:C+sutHm6xP5sE4QXhoZFhYjArlVN11s2mDU1F8beUkM=
-APP_URL=http://vanguard.test
-
-LOG_CHANNEL=stack
-
-DB_CONNECTION=mysql
-DB_HOST="localhost"
-DB_DATABASE="trfcertest"
-DB_USERNAME="solocla"
-DB_PASSWORD="!Massarosa2"
-DB_PREFIX="auth_"
-
-BROADCAST_DRIVER=log
-CACHE_DRIVER=file
-QUEUE_DRIVER=sync
-SESSION_DRIVER=database
-SESSION_LIFETIME=120
-
-REDIS_HOST=127.0.0.1
-REDIS_PASSWORD=null
-REDIS_PORT=6379
-
-MAIL_MAILER=mail
-MAIL_FROM_NAME=Vanguard
-MAIL_FROM_ADDRESS=vanguard@test.dev
-MAIL_HOST=smtp.mailtrap.io
-MAIL_PORT=2525
-MAIL_USERNAME=null
-MAIL_PASSWORD=null
-MAIL_ENCRYPTION=null
-
-PUSHER_APP_ID=
-PUSHER_APP_KEY=
-PUSHER_APP_SECRET=
-PUSHER_APP_CLUSTER=mt1
-
-MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
-MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
@@ -1,16 +1,16 @@
 APP_ENV=production
-APP_DEBUG=false
-APP_KEY=
+APP_DEBUG=true
+APP_KEY=base64:C+sutHm6xP5sE4QXhoZFhYjArlVN11s2mDU1F8beUkM=
 APP_URL=http://vanguard.test

 LOG_CHANNEL=stack

 DB_CONNECTION=mysql
-DB_HOST=localhost
-DB_DATABASE=vanguard
-DB_USERNAME=homestead
-DB_PASSWORD=secret
-DB_PREFIX=vg_
+DB_HOST="localhost"
+DB_DATABASE="xxxx"
+DB_USERNAME="xxxx"
+DB_PASSWORD="xxxxx"
+DB_PREFIX="auth_"

 BROADCAST_DRIVER=log
 CACHE_DRIVER=file
@@ -39,3 +39,10 @@ PUSHER_APP_CLUSTER=mt1
 MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
 MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"

+# Credenziali API VisualLims
+SIMULATE_EXPORT_LIMS=true
+API_BASE_URL=https://bvcpsitaly-elims.com/limsapi
+API_USERNAME=WebApiUser
+API_PASSWORD=webapiuser01
+
+BASE_URL=http://localhost:8000/userarea/
@@ -1,23 +1,63 @@
 .DS_Store
+
 /node_modules
-/public/hot
-/public/storage
-/storage/*.key
 /vendor
+
 /.idea
 /.fleet
 /.vscode
 /.vagrant
-Homestead.json
-Homestead.yaml
-npm-debug.log
-yarn-error.log
-.env
-.phpunit.result.cache
-.php_cs.cache
-/documentation
-/.phpunit.cache
+
+/public/hot
+/public/storage
 /public/build
+
+/storage/*.key
+
+.env
 .env.backup
 .env.production
 auth.json
+
+.phpunit.result.cache
+.php_cs.cache
+/.phpunit.cache
+
+npm-debug.log
+yarn-error.log
+
+/documentation
+
+# --- Runtime / Debug (userarea) ---
+/public/userarea/*.json
+/public/userarea/*.log
+/public/userarea/*.txt
+/public/userarea/*_response.json
+/public/userarea/customfield_values_response.json
+/public/userarea/error_log.txt
+/public/userarea/import_debug.log
+/public/userarea/last_url.txt
+/public/userarea/logaspi/
+/public/userarea/logs/api/
+/public/userarea/logs/api/**
+/public/userarea/logs/
+/public/userarea/logs/**
+/public/userarea/photostrf/
+/public/userarea/class/*.log
+/public/userarea/class/curl_auth_debug.log
+/public/userarea/class/curl_request_debug.log
+/public/userarea/schema_dettagli_response.json
+public/userarea/schemi_base_response.json
+
+# File XLSX temporanei importati
+/public/userarea/imported_trf/*.xlsx
+/public/userarea/xlstemplates/*.xlsx
+
+# Cartelle foto generate
+/public/photostrf/
+/public/photostrf/qrcodes/
+
+# Ignora tutti i log ovunque
+*.log
+
+public/userarea/cache/
@@ -0,0 +1,74 @@
+<?php
+
+namespace App\Http\Controllers\Userarea;
+
+use App\Http\Controllers\Controller;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Storage;
+
+class UploadPhotosMobileController extends Controller
+{
+    public function index(Request $request)
+    {
+        $iddatadb = $request->query('iddatadb');
+
+        if (empty($iddatadb)) {
+            return response('ID riga non fornito', 400);
+        }
+
+        // Show the upload form
+        return view('userarea.upload_photos_mobile', [
+            'iddatadb' => $iddatadb
+        ]);
+    }
+
+    public function upload(Request $request)
+    {
+        // Validation
+        $request->validate([
+            'photo' => 'required|file|mimes:jpeg,png,gif,heic,heif|max:5120', // 5MB
+            'iddatadb' => 'required|integer'
+        ]);
+
+        $iddatadb = $request->input('iddatadb');
+        $photo = $request->file('photo');
+        $iduserlogin = auth()->id(); // assuming Laravel authentication
+
+        // Check if user exists
+        $userExists = DB::table('auth_users')->where('id', $iduserlogin)->exists();
+        if (!$userExists) {
+            return response()->json(['success' => false, 'message' => 'Utente non valido']);
+        }
+
+        // Upload folder
+        $uploadDir = public_path('photostrf');
+        if (!is_dir($uploadDir)) {
+            mkdir($uploadDir, 0755, true);
+        }
+        if (!is_writable($uploadDir)) {
+            return response()->json(['success' => false, 'message' => 'La cartella photostrf non è scrivibile']);
+        }
+
+        // New filename
+        $timestamp = now()->format('YmdHis');
+        $originalName = pathinfo($photo->getClientOriginalName(), PATHINFO_FILENAME);
+        $extension = strtolower($photo->getClientOriginalExtension());
+
+        $newFileName = "{$iddatadb}-{$timestamp}-{$originalName}.{$extension}";
+        $destination = $uploadDir . '/' . $newFileName;
+
+        // Move uploaded file
+        $photo->move($uploadDir, $newFileName);
+
+        // Save DB record
+        DB::table('datadb_photos')->insert([
+            'iddatadb' => $iddatadb,
+            'file_path' => $newFileName,
+            'file_name' => $newFileName,
+            'uploaded_by' => $iduserlogin
+        ]);
+
+        return response()->json(['success' => true, 'message' => 'Foto caricata con successo']);
+    }
+}
@@ -110,7 +110,7 @@ class LoginController extends Controller
        if ($user->hasRole('Admin')) {
            return redirect()->to('userarea/import_dashboard.php');
        } elseif ($user->hasRole('User')) {
-            return redirect()->to('userarea/index.php');
+            return redirect()->to('userarea/import_dashboard.php');
        }

        // Se il ruolo non è specificato, reindirizza alla home predefinita
@@ -28,10 +28,21 @@ class AppServiceProvider extends ServiceProvider
        \Illuminate\Database\Schema\Builder::defaultStringLength(191);

        Factory::guessFactoryNamesUsing(function (string $modelName) {
-            return 'Database\Factories\\'.class_basename($modelName).'Factory';
+            return 'Database\Factories\\' . class_basename($modelName) . 'Factory';
        });

        \Illuminate\Pagination\Paginator::useBootstrap();
+
+        // Register Microsoft Socialite driver
+        $this->app->make('Laravel\Socialite\Contracts\Factory')->extend('microsoft', function ($app) {
+            $config = $app['config']['services.microsoft'];
+            return new \SocialiteProviders\Microsoft\Provider(
+                $app['request'],
+                $config['client_id'],
+                $config['client_secret'],
+                $config['redirect']
+            );
+        });
    }

    /**
@@ -34,6 +34,9 @@ class EventServiceProvider extends ServiceProvider
        Verified::class => [
            ActivateUser::class,
        ],
+        \SocialiteProviders\Manager\SocialiteWasMapped::class => [
+            \SocialiteProviders\Microsoft\MicrosoftExtendSocialite::class,
+        ],
    ];

    /**
@@ -12,7 +12,7 @@
 */

 $app = new Illuminate\Foundation\Application(
-    realpath(__DIR__.'/../')
+    realpath(__DIR__ . '/../')
 );

 /*
@@ -38,12 +38,13 @@
        "laravel/fortify": "^1.21",
        "laravel/framework": "^11.0",
        "laravel/sanctum": "^4.0",
-        "laravel/socialite": "^5.0",
+        "laravel/socialite": "^5.16",
        "laravel/tinker": "^2.7",
        "laravel/ui": "^4.0",
        "phpmailer/phpmailer": "^6.9",
        "phpoffice/phpspreadsheet": "^4.1",
        "proengsoft/laravel-jsvalidation": "^4.0.0",
+        "socialiteproviders/microsoft": "^4.7",
        "spatie/laravel-query-builder": "^5.0",
        "vanguardapp/activity-log": "^6.0",
        "vanguardapp/announcements": "^6.0",
@@ -4,7 +4,7 @@
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
        "This file is @generated automatically"
    ],
-    "content-hash": "ef3e05e7260284f5b7c7b4b6f93b252b",
+    "content-hash": "9c4f1e3bc3ee2180211c055e70635aef",
    "packages": [
        {
            "name": "akaunting/laravel-setting",
@@ -2240,16 +2240,16 @@
        },
        {
            "name": "laravel/socialite",
-            "version": "v5.15.1",
+            "version": "v5.16.0",
            "source": {
                "type": "git",
                "url": "https://github.com/laravel/socialite.git",
-                "reference": "cc02625f0bd1f95dc3688eb041cce0f1e709d029"
+                "reference": "40a2dc98c53d9dc6d55eadb0d490d3d72b73f1bf"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/laravel/socialite/zipball/cc02625f0bd1f95dc3688eb041cce0f1e709d029",
-                "reference": "cc02625f0bd1f95dc3688eb041cce0f1e709d029",
+                "url": "https://api.github.com/repos/laravel/socialite/zipball/40a2dc98c53d9dc6d55eadb0d490d3d72b73f1bf",
+                "reference": "40a2dc98c53d9dc6d55eadb0d490d3d72b73f1bf",
                "shasum": ""
            },
            "require": {
@@ -2271,16 +2271,16 @@
            },
            "type": "library",
            "extra": {
-                "branch-alias": {
-                    "dev-master": "5.x-dev"
-                },
                "laravel": {
-                    "providers": [
-                        "Laravel\\Socialite\\SocialiteServiceProvider"
-                    ],
                    "aliases": {
                        "Socialite": "Laravel\\Socialite\\Facades\\Socialite"
-                    }
+                    },
+                    "providers": [
+                        "Laravel\\Socialite\\SocialiteServiceProvider"
+                    ]
+                },
+                "branch-alias": {
+                    "dev-master": "5.x-dev"
                }
            },
            "autoload": {
@@ -2308,7 +2308,7 @@
                "issues": "https://github.com/laravel/socialite/issues",
                "source": "https://github.com/laravel/socialite"
            },
-            "time": "2024-06-28T20:09:34+00:00"
+            "time": "2024-09-03T09:46:57+00:00"
        },
        {
            "name": "laravel/tinker",
@@ -4980,6 +4980,131 @@
            ],
            "time": "2024-04-27T21:32:50+00:00"
        },
+        {
+            "name": "socialiteproviders/manager",
+            "version": "v4.8.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/SocialiteProviders/Manager.git",
+                "reference": "8180ec14bef230ec2351cff993d5d2d7ca470ef4"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/SocialiteProviders/Manager/zipball/8180ec14bef230ec2351cff993d5d2d7ca470ef4",
+                "reference": "8180ec14bef230ec2351cff993d5d2d7ca470ef4",
+                "shasum": ""
+            },
+            "require": {
+                "illuminate/support": "^8.0 || ^9.0 || ^10.0 || ^11.0 || ^12.0",
+                "laravel/socialite": "^5.5",
+                "php": "^8.1"
+            },
+            "require-dev": {
+                "mockery/mockery": "^1.2",
+                "phpunit/phpunit": "^9.0"
+            },
+            "type": "library",
+            "extra": {
+                "laravel": {
+                    "providers": [
+                        "SocialiteProviders\\Manager\\ServiceProvider"
+                    ]
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "SocialiteProviders\\Manager\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Andy Wendt",
+                    "email": "andy@awendt.com"
+                },
+                {
+                    "name": "Anton Komarev",
+                    "email": "a.komarev@cybercog.su"
+                },
+                {
+                    "name": "Miguel Piedrafita",
+                    "email": "soy@miguelpiedrafita.com"
+                },
+                {
+                    "name": "atymic",
+                    "email": "atymicq@gmail.com",
+                    "homepage": "https://atymic.dev"
+                }
+            ],
+            "description": "Easily add new or override built-in providers in Laravel Socialite.",
+            "homepage": "https://socialiteproviders.com",
+            "keywords": [
+                "laravel",
+                "manager",
+                "oauth",
+                "providers",
+                "socialite"
+            ],
+            "support": {
+                "issues": "https://github.com/socialiteproviders/manager/issues",
+                "source": "https://github.com/socialiteproviders/manager"
+            },
+            "time": "2025-02-24T19:33:30+00:00"
+        },
+        {
+            "name": "socialiteproviders/microsoft",
+            "version": "4.7.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/SocialiteProviders/Microsoft.git",
+                "reference": "824ef97a4f6e3f363c21702b76676d54e8265573"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/SocialiteProviders/Microsoft/zipball/824ef97a4f6e3f363c21702b76676d54e8265573",
+                "reference": "824ef97a4f6e3f363c21702b76676d54e8265573",
+                "shasum": ""
+            },
+            "require": {
+                "ext-json": "*",
+                "firebase/php-jwt": "^6.8",
+                "php": "^8.0",
+                "socialiteproviders/manager": "^4.4"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "SocialiteProviders\\Microsoft\\": ""
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Brian Faust",
+                    "email": "hello@brianfaust.de"
+                }
+            ],
+            "description": "Microsoft OAuth2 Provider for Laravel Socialite",
+            "keywords": [
+                "laravel",
+                "microsoft",
+                "oauth",
+                "provider",
+                "socialite"
+            ],
+            "support": {
+                "docs": "https://socialiteproviders.com/microsoft",
+                "issues": "https://github.com/socialiteproviders/providers/issues",
+                "source": "https://github.com/socialiteproviders/providers"
+            },
+            "time": "2025-07-06T00:25:25+00:00"
+        },
        {
            "name": "spatie/laravel-package-tools",
            "version": "1.16.4",
@@ -228,6 +228,7 @@ return [
        Proengsoft\JsValidation\JsValidationServiceProvider::class,
        Anhskohbo\NoCaptcha\NoCaptchaServiceProvider::class,
        Laravel\Socialite\SocialiteServiceProvider::class,
+        \SocialiteProviders\Manager\ServiceProvider::class,
        Webpatser\Countries\CountriesServiceProvider::class,
        Intervention\Image\ImageServiceProvider::class,
        Jenssegers\Agent\AgentServiceProvider::class,
@@ -11,9 +11,9 @@ return [
    |
    */

-  //  'social' => [
-    //    'providers' => ['facebook', 'twitter', 'google'],
-   // ],
+    'social' => [
+        'providers' => ['microsoft'],
+    ],

    /*
    |--------------------------------------------------------------------------
@@ -64,6 +64,12 @@ return [
        'redirect' => env('GOOGLE_CALLBACK_URI'),
    ],

+    'microsoft' => [
+        'client_id' => env('MICROSOFT_CLIENT_ID'),
+        'client_secret' => env('MICROSOFT_CLIENT_SECRET'),
+        'redirect' => env('MICROSOFT_REDIRECT_URI'),
+    ],
+
    //   'authy' => [
    //       'key' => env('AUTHY_KEY'),
    //   ],
@@ -0,0 +1,6 @@
+# DB LOCALE (Windows 11)
+url=jdbc:mysql://localhost:3306/trfcertest
+username=solocla
+password=!Massarosa2
+driver=com.mysql.cj.jdbc.Driver
+changeLogFile=liquibase/changelog/db.changelog-master.yaml
@@ -32,3 +32,4 @@ $langdatatables = [
    "paginate_next" => "Next",
    "paginate_previous" => "Previous"
 ];
+$quotationstitle = "Quotations";
@@ -0,0 +1,91 @@
+<?php
+header('Content-Type: application/json');
+
+ini_set('display_errors', 1);
+error_reporting(E_ALL);
+
+require_once(__DIR__ . '/include/headscript.php'); // Auth + $iduserlogin + DBHandlerSelect
+
+try {
+    if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+        throw new Exception('Invalid request method');
+    }
+
+    $iddatadb = isset($_POST['iddatadb']) ? (int)$_POST['iddatadb'] : 0;
+
+    if ($iddatadb <= 0) {
+        throw new Exception('Missing iddatadb');
+    }
+
+    // ✅ Supporta sia singola stringa (con |) che array part_descriptions[]
+    $parts = [];
+
+    if (isset($_POST['part_descriptions']) && is_array($_POST['part_descriptions'])) {
+        $parts = $_POST['part_descriptions'];
+    } else {
+        $raw = isset($_POST['part_description']) ? (string)$_POST['part_description'] : '';
+        // split su "|" per multi-part
+        $parts = preg_split('/\s*\|\s*/', $raw);
+    }
+
+    // normalizza: trim + rimuovi vuoti + dedup
+    $cleanParts = [];
+    foreach ($parts as $p) {
+        $p = trim((string)$p);
+        if ($p === '') continue;
+
+        // limita lunghezza come da DB varchar(255)
+        if (mb_strlen($p) > 255) {
+            $p = mb_substr($p, 0, 255);
+        }
+        $cleanParts[] = $p;
+    }
+    $cleanParts = array_values(array_unique($cleanParts));
+
+    if (count($cleanParts) === 0) {
+        throw new Exception('Part description is empty');
+    }
+
+    $db = DBHandlerSelect::getInstance();
+    $pdo = $db->getConnection();
+
+    $pdo->beginTransaction();
+
+    try {
+        // prende il prossimo part_number per iddatadb
+        $stmtMax = $pdo->prepare("SELECT COALESCE(MAX(part_number), 0) AS maxnum FROM identification_parts WHERE iddatadb = ?");
+        $stmtMax->execute([$iddatadb]);
+        $nextNumber = (int)$stmtMax->fetchColumn() + 1;
+
+        $stmtIns = $pdo->prepare("
+            INSERT INTO identification_parts (iddatadb, part_number, part_description)
+            VALUES (?, ?, ?)
+        ");
+
+        $insertedIds = [];
+
+        foreach ($cleanParts as $p) {
+            $ok = $stmtIns->execute([$iddatadb, $nextNumber, $p]);
+            if (!$ok) {
+                throw new Exception('Insert failed');
+            }
+            $insertedIds[] = $pdo->lastInsertId();
+            $nextNumber++;
+        }
+
+        $pdo->commit();
+
+        echo json_encode([
+            'success' => true,
+            'message' => 'Parts added',
+            'count'   => count($insertedIds),
+            'ids'     => $insertedIds
+        ]);
+    } catch (Exception $e) {
+        if ($pdo->inTransaction()) $pdo->rollBack();
+        throw $e;
+    }
+} catch (Exception $e) {
+    echo json_encode(['success' => false, 'message' => $e->getMessage()]);
+}
+exit;
@@ -0,0 +1,73 @@
+<?php
+include('include/headscript.php');
+header('Content-Type: application/json');
+
+try {
+    $input = json_decode(file_get_contents('php://input'), true);
+    $templateId = intval($input['template_id'] ?? 0);
+    $importRefFromClient = trim($input['importreferencecode'] ?? '');
+
+    if (!$templateId) {
+        throw new Exception('Template ID missing');
+    }
+
+    $userId = $iduserlogin ?? 1;
+
+    $db = DBHandlerSelect::getInstance();
+    $pdo = $db->getConnection();
+
+    // Get default idclient from template
+    $stmt = $pdo->prepare("SELECT idclient FROM excel_templates WHERE id = ?");
+    $stmt->execute([$templateId]);
+    $template = $stmt->fetch(PDO::FETCH_ASSOC);
+    $idclient = $template['idclient'] ?? null;
+
+    // Use provided importreferencecode (from filtered page) or generate new
+    $importReferenceCode = $importRefFromClient !== '' ? $importRefFromClient : date('YmdHis') . '-' . uniqid();
+
+    // Insert empty record
+    $stmt = $pdo->prepare("
+        INSERT INTO datadb (templateid, user_id, status, idclient, importreferencecode, importdate)
+        VALUES (?, ?, 'i', ?, ?, NOW())
+    ");
+    $stmt->execute([$templateId, $userId, $idclient, $importReferenceCode]);
+    $iddatadb = (int)$pdo->lastInsertId();
+
+    // Create import_data_details for all mappings (with auto_value support)
+    $mappingStmt = $pdo->prepare("SELECT id, auto_value, manual_default, data_type FROM template_mapping WHERE template_id = ?");
+    $mappingStmt->execute([$templateId]);
+    $mappings = $mappingStmt->fetchAll(PDO::FETCH_ASSOC);
+
+    if (!empty($mappings)) {
+        $insertStmt = $pdo->prepare("INSERT INTO import_data_details (id, mapping_id, field_value) VALUES (?, ?, ?)");
+        foreach ($mappings as $m) {
+            $val = '';
+            $auto = $m['auto_value'] ?? 'none';
+            if ($auto === 'import_date') {
+                $val = date('Y-m-d');
+            } elseif ($auto === 'import_time') {
+                $val = date('H:i');
+            } elseif ($m['data_type'] === 'DATE' && ($m['manual_default'] ?? '') === 'today') {
+                $val = date('Y-m-d');
+            } elseif (!empty($m['manual_default'])) {
+                $val = $m['manual_default'];
+            }
+            $insertStmt->execute([$iddatadb, $m['id'], $val]);
+        }
+    }
+
+    // Get user name
+    $userStmt = $pdo->prepare("SELECT CONCAT(first_name, ' ', last_name) AS user_name FROM auth_users WHERE id = ?");
+    $userStmt->execute([$userId]);
+    $userName = $userStmt->fetchColumn() ?: '';
+
+    echo json_encode([
+        'success' => true,
+        'iddatadb' => $iddatadb,
+        'importreferencecode' => $importReferenceCode,
+        'user_name' => $userName,
+    ]);
+} catch (Exception $e) {
+    http_response_code(500);
+    echo json_encode(['success' => false, 'message' => $e->getMessage()]);
+}
@@ -0,0 +1,854 @@
+(function () {
+    "use strict";
+    let analysisMatriciMap = {};
+    let analysisLoadedCache = {};
+    let analysisAssignedState = {};
+    let analysisSelectedState = {};
+
+    function loadAnalysisMatrixNames() {
+        return $.ajax({
+            url: "get_matrici_db.php",
+            method: "GET",
+            dataType: "json",
+        })
+            .done(function (data) {
+                analysisMatriciMap = {};
+
+                (data.value || []).forEach(function (matrice) {
+                    analysisMatriciMap[String(matrice.IdMatrice)] =
+                        matrice.NomeMatrice || "#" + matrice.IdMatrice;
+                });
+
+                applyAnalysisMatrixNames();
+            })
+            .fail(function () {
+                analysisMatriciMap = {};
+                applyAnalysisMatrixNames();
+            });
+    }
+
+    function applyAnalysisMatrixNames() {
+        const modal = document.getElementById("analysisModal");
+        if (!modal) return;
+
+        modal.querySelectorAll(".analysis-matrix-item").forEach((item) => {
+            const matrixId = item.getAttribute("data-matrix-id");
+            const nameEl = item.querySelector(".analysis-matrix-name");
+
+            let matrixName = "No Matrix";
+            if (matrixId && matrixId !== "NO_MATRIX") {
+                matrixName =
+                    analysisMatriciMap[String(matrixId)] || "#" + matrixId;
+            }
+
+            item.setAttribute("data-matrix-name", matrixName);
+
+            if (nameEl) {
+                nameEl.textContent = matrixName;
+            }
+        });
+
+        modal.querySelectorAll(".analysis-part-matrix-name").forEach((el) => {
+            const matrixId = el.getAttribute("data-matrix-id");
+
+            if (!matrixId || matrixId === "NO_MATRIX") {
+                el.textContent = "No Matrix";
+                return;
+            }
+
+            el.textContent =
+                analysisMatriciMap[String(matrixId)] || "#" + matrixId;
+        });
+    }
+    function readInitialAssignedAnalyses() {
+        const jsonEl = document.getElementById("analysisAssignedInitialData");
+        if (!jsonEl) {
+            analysisAssignedState = {};
+            return;
+        }
+
+        try {
+            analysisAssignedState =
+                JSON.parse(jsonEl.textContent || "{}") || {};
+        } catch (e) {
+            analysisAssignedState = {};
+        }
+    }
+
+    function getSelectedPartIds() {
+        const modal = document.getElementById("analysisModal");
+        if (!modal) return [];
+
+        return Array.from(
+            modal.querySelectorAll(".analysis-part-checkbox:checked"),
+        ).map((el) => String(el.value));
+    }
+
+    function getCurrentSelectedAnalysisRecordKeys() {
+        return Object.keys(analysisSelectedState).filter(function (key) {
+            return analysisSelectedState[key] === true;
+        });
+    }
+
+    function renderAssignedAnalysesForPart(partId) {
+        const container = document.getElementById(
+            "analysisAssignedListPart" + partId,
+        );
+        if (!container) return;
+
+        const items = Array.isArray(analysisAssignedState[String(partId)])
+            ? analysisAssignedState[String(partId)]
+            : [];
+
+        if (!items.length) {
+            container.innerHTML = "";
+            return;
+        }
+
+        container.innerHTML = items
+            .map(function (item) {
+                const recordKey = item.analysis_recordkey || "";
+                const title = item.analysis_name || "Unnamed analysis";
+                const method = item.analysis_method || "";
+
+                return `
+            <div class="analysis-assigned-chip" data-recordkey="${escapeHtml(recordKey)}">
+                <div class="analysis-assigned-chip-text">
+                    <div class="analysis-assigned-chip-title">${escapeHtml(title)}</div>
+                    ${method ? `<div class="analysis-assigned-chip-method">${escapeHtml(method)}</div>` : ""}
+                </div>
+                <button type="button"
+                    class="analysis-remove-btn"
+                    data-part-id="${escapeHtml(partId)}"
+                    data-recordkey="${escapeHtml(recordKey)}"
+                    title="Remove analysis">×</button>
+            </div>
+        `;
+            })
+            .join("");
+    }
+
+    function renderAssignedAnalysesForSelectedParts() {
+        const modal = document.getElementById("analysisModal");
+        if (!modal) return;
+
+        modal.querySelectorAll(".analysis-part-item").forEach(function (item) {
+            const partId = item.getAttribute("data-part-id");
+            renderAssignedAnalysesForPart(partId);
+        });
+    }
+
+    function syncSelectedAnalysisRows() {
+        const modal = document.getElementById("analysisModal");
+        if (!modal) return;
+
+        modal
+            .querySelectorAll(".analysis-analysis-item")
+            .forEach(function (item) {
+                const recordKey = item.getAttribute("data-recordkey") || "";
+                if (recordKey && analysisSelectedState[recordKey]) {
+                    item.classList.add("analysis-selected");
+                } else {
+                    item.classList.remove("analysis-selected");
+                }
+            });
+    }
+
+    function buildAnalysisPayloadFromRow(rowEl) {
+        return {
+            analysis_recordkey: rowEl.getAttribute("data-recordkey") || "",
+            analysis_name: rowEl.getAttribute("data-analysis-name") || "",
+            analysis_method: rowEl.getAttribute("data-analysis-method") || "",
+            analysis_level: rowEl.getAttribute("data-analysis-level") || "",
+            is_web_selectable: rowEl.getAttribute("data-web") === "1" ? 1 : 0,
+            is_accredited:
+                rowEl.getAttribute("data-accredited") === "1" ? 1 : 0,
+        };
+    }
+
+    function addAnalysisToLocalState(partId, payload, iddatadb, idmatrice) {
+        const key = String(partId);
+        if (!Array.isArray(analysisAssignedState[key])) {
+            analysisAssignedState[key] = [];
+        }
+
+        const exists = analysisAssignedState[key].some(function (item) {
+            return item.analysis_recordkey === payload.analysis_recordkey;
+        });
+
+        if (!exists) {
+            analysisAssignedState[key].push({
+                id: null,
+                part_id: parseInt(partId, 10),
+                iddatadb: iddatadb || null,
+                idmatrice: idmatrice || null,
+                analysis_recordkey: payload.analysis_recordkey,
+                analysis_name: payload.analysis_name,
+                analysis_method: payload.analysis_method,
+                analysis_level:
+                    payload.analysis_level !== ""
+                        ? parseInt(payload.analysis_level, 10)
+                        : null,
+                is_web_selectable: payload.is_web_selectable,
+                is_accredited: payload.is_accredited,
+            });
+        }
+    }
+
+    function removeAnalysisFromLocalState(partId, recordKey) {
+        const key = String(partId);
+        if (!Array.isArray(analysisAssignedState[key])) {
+            return;
+        }
+
+        analysisAssignedState[key] = analysisAssignedState[key].filter(
+            function (item) {
+                return item.analysis_recordkey !== recordKey;
+            },
+        );
+    }
+
+    function saveAnalysisAssociation(partId, payload, callback) {
+        const modal = document.getElementById("analysisModal");
+        if (!modal) return;
+
+        const iddatadb =
+            modal.querySelector("#analysisModalIddatadb")?.value || "";
+        const partItem = modal.querySelector(
+            '.analysis-part-item[data-part-id="' + partId + '"]',
+        );
+        const idmatrice = partItem
+            ? partItem.getAttribute("data-matrix-id") || ""
+            : "";
+
+        $.ajax({
+            url: "save_part_analysis.php",
+            method: "POST",
+            dataType: "json",
+            data: {
+                part_id: partId,
+                iddatadb: iddatadb,
+                idmatrice: idmatrice !== "NO_MATRIX" ? idmatrice : "",
+                analysis_recordkey: payload.analysis_recordkey,
+                analysis_name: payload.analysis_name,
+                analysis_method: payload.analysis_method,
+                analysis_level: payload.analysis_level,
+                is_web_selectable: payload.is_web_selectable,
+                is_accredited: payload.is_accredited,
+            },
+        })
+            .done(function () {
+                addAnalysisToLocalState(
+                    partId,
+                    payload,
+                    iddatadb,
+                    idmatrice !== "NO_MATRIX" ? idmatrice : null,
+                );
+                renderAssignedAnalysesForPart(partId);
+                if (typeof callback === "function") callback(true);
+            })
+            .fail(function (xhr) {
+                let message = "Error saving analysis association";
+                if (xhr && xhr.responseJSON && xhr.responseJSON.message) {
+                    message = xhr.responseJSON.message;
+                }
+                alert(message);
+                if (typeof callback === "function") callback(false);
+            });
+    }
+
+    function deleteAnalysisAssociation(partId, recordKey, callback) {
+        $.ajax({
+            url: "delete_part_analysis.php",
+            method: "POST",
+            dataType: "json",
+            data: {
+                part_id: partId,
+                analysis_recordkey: recordKey,
+            },
+        })
+            .done(function () {
+                removeAnalysisFromLocalState(partId, recordKey);
+                renderAssignedAnalysesForPart(partId);
+                if (typeof callback === "function") callback(true);
+            })
+            .fail(function (xhr) {
+                let message = "Error deleting analysis association";
+                if (xhr && xhr.responseJSON && xhr.responseJSON.message) {
+                    message = xhr.responseJSON.message;
+                }
+                alert(message);
+                if (typeof callback === "function") callback(false);
+            });
+    }
+    function setAnalysisLoadingState(isLoading) {
+        const modal = document.getElementById("analysisModal");
+        if (!modal) return;
+
+        const loadingEl = modal.querySelector("#analysisLoadingBox");
+        if (!loadingEl) return;
+
+        if (isLoading) {
+            loadingEl.classList.remove("d-none");
+        } else {
+            loadingEl.classList.add("d-none");
+        }
+    }
+
+    function showAnalysisError(message) {
+        const modal = document.getElementById("analysisModal");
+        if (!modal) return;
+
+        const errorEl = modal.querySelector("#analysisErrorBox");
+        const emptyEl = modal.querySelector("#analysisEmptyBox");
+        const listEl = modal.querySelector("#analysisList");
+
+        if (listEl) listEl.innerHTML = "";
+        if (emptyEl) emptyEl.classList.add("d-none");
+
+        if (errorEl) {
+            errorEl.textContent = message || "Error loading analyses";
+            errorEl.classList.remove("d-none");
+        }
+    }
+
+    function showAnalysisEmpty(message) {
+        const modal = document.getElementById("analysisModal");
+        if (!modal) return;
+
+        const errorEl = modal.querySelector("#analysisErrorBox");
+        const emptyEl = modal.querySelector("#analysisEmptyBox");
+        const listEl = modal.querySelector("#analysisList");
+
+        if (listEl) listEl.innerHTML = "";
+        if (errorEl) errorEl.classList.add("d-none");
+
+        if (emptyEl) {
+            emptyEl.textContent =
+                message || "No analyses found for this matrix";
+            emptyEl.classList.remove("d-none");
+        }
+    }
+
+    function escapeHtml(value) {
+        return String(value ?? "")
+            .replace(/&/g, "&amp;")
+            .replace(/</g, "&lt;")
+            .replace(/>/g, "&gt;")
+            .replace(/"/g, "&quot;")
+            .replace(/'/g, "&#039;");
+    }
+
+    function renderAnalysesList(analyses) {
+        const modal = document.getElementById("analysisModal");
+        if (!modal) return;
+
+        const errorEl = modal.querySelector("#analysisErrorBox");
+        const emptyEl = modal.querySelector("#analysisEmptyBox");
+        const listEl = modal.querySelector("#analysisList");
+
+        if (!listEl) return;
+
+        if (errorEl) errorEl.classList.add("d-none");
+
+        if (!Array.isArray(analyses) || analyses.length === 0) {
+            showAnalysisEmpty("No analyses found for this matrix");
+            return;
+        }
+
+        if (emptyEl) emptyEl.classList.add("d-none");
+
+        listEl.innerHTML = analyses
+            .map(function (item) {
+                const recordKey = item.RecordKey || "";
+                const analysisName =
+                    item.NomeAnalisiTraduzione ||
+                    item.NomeAnalisi ||
+                    "Unnamed analysis";
+                const methodName = item.MetodoNome || "";
+                const selectable = item.SelezionabileSuWeb === true;
+                const accredited = item.Accreditato === true;
+                const level = item.Livello ?? "";
+                const searchText = (
+                    analysisName +
+                    " " +
+                    methodName
+                ).toLowerCase();
+
+                let badges = "";
+                if (selectable) {
+                    badges += '<span class="badge bg-success">Web</span>';
+                } else {
+                    badges += '<span class="badge bg-secondary">Not web</span>';
+                }
+
+                if (accredited) {
+                    badges +=
+                        '<span class="badge bg-info text-dark">Accredited</span>';
+                }
+
+                if (level !== "") {
+                    badges +=
+                        '<span class="badge bg-light text-dark border">Level ' +
+                        escapeHtml(level) +
+                        "</span>";
+                }
+
+                return `
+                    <div 
+                        class="list-group-item analysis-analysis-item"
+                        data-recordkey="${escapeHtml(recordKey)}"
+                        data-analysis-name="${escapeHtml(analysisName)}"
+                        data-analysis-method="${escapeHtml(methodName)}"
+                        data-analysis-level="${escapeHtml(level)}"
+                        data-web="${selectable ? "1" : "0"}"
+                        data-accredited="${accredited ? "1" : "0"}"
+                        data-search="${escapeHtml(searchText)}"
+                    >
+                        <div class="fw-semibold">${escapeHtml(analysisName)}</div>
+
+                        ${methodName ? `<div class="analysis-analysis-meta mt-1">${escapeHtml(methodName)}</div>` : ""}
+
+                        <div class="analysis-analysis-badges mt-2">
+                            ${badges}
+                        </div>
+                    </div>
+                `;
+            })
+            .join("");
+
+        filterAnalysisList();
+        syncSelectedAnalysisRows();
+    }
+
+    function filterAnalysisList() {
+        const modal = document.getElementById("analysisModal");
+        if (!modal) return;
+
+        const webOnlyEl = modal.querySelector("#analysisWebOnly");
+        const searchEl = modal.querySelector("#analysisSearchInput");
+        const items = modal.querySelectorAll(".analysis-analysis-item");
+        const emptyEl = modal.querySelector("#analysisEmptyBox");
+        const errorEl = modal.querySelector("#analysisErrorBox");
+
+        const webOnly = true;
+        const searchValue = searchEl ? searchEl.value.trim().toLowerCase() : "";
+
+        let visibleCount = 0;
+
+        items.forEach((item) => {
+            const isWeb = item.getAttribute("data-web") === "1";
+            const searchText = (
+                item.getAttribute("data-search") || ""
+            ).toLowerCase();
+
+            let visible = true;
+
+            if (webOnly && !isWeb) {
+                visible = false;
+            }
+
+            if (visible && searchValue && !searchText.includes(searchValue)) {
+                visible = false;
+            }
+
+            item.style.display = visible ? "" : "none";
+
+            if (visible) {
+                visibleCount++;
+            }
+        });
+
+        if (errorEl) {
+            errorEl.classList.add("d-none");
+        }
+
+        if (emptyEl) {
+            if (items.length === 0) {
+                emptyEl.textContent = "No analyses found for this matrix";
+                emptyEl.classList.remove("d-none");
+            } else if (visibleCount === 0) {
+                emptyEl.textContent = "No analyses match the current filters";
+                emptyEl.classList.remove("d-none");
+            } else {
+                emptyEl.classList.add("d-none");
+            }
+        }
+    }
+
+    function loadAnalysesByMatrix(matrixId) {
+        const modal = document.getElementById("analysisModal");
+        if (!modal) return;
+
+        if (!matrixId || matrixId === "NO_MATRIX") {
+            showAnalysisEmpty("No matrix selected");
+            return;
+        }
+
+        const listEl = modal.querySelector("#analysisList");
+        const errorEl = modal.querySelector("#analysisErrorBox");
+        const emptyEl = modal.querySelector("#analysisEmptyBox");
+
+        if (listEl) listEl.innerHTML = "";
+        if (errorEl) errorEl.classList.add("d-none");
+        if (emptyEl) {
+            emptyEl.textContent = "";
+            emptyEl.classList.add("d-none");
+        }
+
+        const cacheKey = String(matrixId) + "_WEB_ONLY";
+
+        if (analysisLoadedCache[cacheKey]) {
+            renderAnalysesList(analysisLoadedCache[cacheKey]);
+            return;
+        }
+
+        setAnalysisLoadingState(true);
+
+        $.ajax({
+            url: "get_analisi_matrice_filter.php",
+            method: "GET",
+            dataType: "json",
+            data: {
+                id_matrice: matrixId,
+                web_only: 1,
+            },
+        })
+            .done(function (response) {
+                const analyses = Array.isArray(response.value)
+                    ? response.value.filter(function (item) {
+                          return (
+                              item.SelezionabileSuWeb === true ||
+                              item.SelezionabileSuWeb === 1 ||
+                              item.SelezionabileSuWeb === "1"
+                          );
+                      })
+                    : [];
+
+                analysisLoadedCache[cacheKey] = analyses;
+                renderAnalysesList(analyses);
+            })
+            .fail(function (xhr) {
+                let message = "Error loading analyses";
+                if (xhr && xhr.responseJSON && xhr.responseJSON.error) {
+                    message = xhr.responseJSON.error;
+                }
+                showAnalysisError(message);
+            })
+            .always(function () {
+                setAnalysisLoadingState(false);
+            });
+    }
+
+    function updateSelectedPartsInfo() {
+        const modal = document.getElementById("analysisModal");
+        if (!modal) return;
+
+        const checked = modal.querySelectorAll(
+            ".analysis-part-checkbox:checked",
+        );
+        const ids = Array.from(checked).map((el) => el.value);
+
+        const countEl = modal.querySelector("#analysisSelectedPartsCount");
+        const idsEl = modal.querySelector("#analysisSelectedPartsIds");
+
+        if (countEl) {
+            countEl.textContent = `${ids.length} selected`;
+        }
+
+        if (idsEl) {
+            idsEl.textContent = ids.length ? ids.join(", ") : "-";
+        }
+
+        modal.querySelectorAll(".analysis-part-item").forEach((item) => {
+            const checkbox = item.querySelector(".analysis-part-checkbox");
+            if (checkbox && checkbox.checked) {
+                item.classList.add("part-checked");
+            } else {
+                item.classList.remove("part-checked");
+            }
+        });
+    }
+
+    function selectPartsByMatrix(matrixId, matrixLabel) {
+        const modal = document.getElementById("analysisModal");
+        if (!modal) return;
+
+        const partItems = modal.querySelectorAll(".analysis-part-item");
+        const matrixLabelEl = modal.querySelector("#analysisCurrentMatrix");
+
+        partItems.forEach((item) => {
+            const itemMatrixId = item.getAttribute("data-matrix-id");
+            const checkbox = item.querySelector(".analysis-part-checkbox");
+
+            item.classList.remove("matrix-active");
+
+            if (itemMatrixId === String(matrixId)) {
+                item.classList.add("matrix-active");
+                if (checkbox) checkbox.checked = true;
+            } else {
+                if (checkbox) checkbox.checked = false;
+            }
+        });
+
+        if (matrixLabelEl) {
+            matrixLabelEl.textContent = matrixLabel || "-";
+        }
+        analysisSelectedState = {};
+
+        const selectedPartIds = getSelectedPartIds();
+        selectedPartIds.forEach(function (partId) {
+            const assigned = Array.isArray(
+                analysisAssignedState[String(partId)],
+            )
+                ? analysisAssignedState[String(partId)]
+                : [];
+
+            assigned.forEach(function (item) {
+                if (item.analysis_recordkey) {
+                    analysisSelectedState[item.analysis_recordkey] = true;
+                }
+            });
+        });
+        updateSelectedPartsInfo();
+        loadAnalysesByMatrix(matrixId);
+    }
+
+    function clearAnalysisSelection() {
+        const modal = document.getElementById("analysisModal");
+        if (!modal) return;
+
+        modal.querySelectorAll(".analysis-matrix-item").forEach((item) => {
+            item.classList.remove("active");
+        });
+
+        modal.querySelectorAll(".analysis-part-item").forEach((item) => {
+            item.classList.remove("matrix-active", "part-checked");
+        });
+
+        modal.querySelectorAll(".analysis-part-checkbox").forEach((cb) => {
+            cb.checked = false;
+        });
+
+        const matrixLabelEl = modal.querySelector("#analysisCurrentMatrix");
+        if (matrixLabelEl) matrixLabelEl.textContent = "-";
+
+        const webOnlyEl = modal.querySelector("#analysisWebOnly");
+        if (webOnlyEl) webOnlyEl.checked = false;
+
+        const searchEl = modal.querySelector("#analysisSearchInput");
+        if (searchEl) searchEl.value = "";
+
+        const listEl = modal.querySelector("#analysisList");
+        if (listEl) listEl.innerHTML = "";
+
+        showAnalysisEmpty("Select a matrix to load analyses");
+        updateSelectedPartsInfo();
+    }
+
+    function initAnalysisModal() {
+        const modal = document.getElementById("analysisModal");
+        if (!modal) return;
+
+        analysisLoadedCache = {};
+        analysisSelectedState = {};
+        readInitialAssignedAnalyses();
+        renderAssignedAnalysesForSelectedParts();
+
+        modal.querySelectorAll(".analysis-matrix-item").forEach((btn) => {
+            btn.addEventListener("click", function () {
+                modal
+                    .querySelectorAll(".analysis-matrix-item")
+                    .forEach((x) => x.classList.remove("active"));
+                this.classList.add("active");
+
+                const matrixId = this.getAttribute("data-matrix-id");
+                const matrixLabel =
+                    this.getAttribute("data-matrix-name") ||
+                    this.textContent.trim();
+
+                selectPartsByMatrix(matrixId, matrixLabel);
+            });
+        });
+
+        modal.querySelectorAll(".analysis-part-checkbox").forEach((cb) => {
+            cb.addEventListener("change", function () {
+                updateSelectedPartsInfo();
+            });
+        });
+
+        const clearBtn = modal.querySelector("#analysisClearSelectionBtn");
+        if (clearBtn) {
+            clearBtn.addEventListener("click", function () {
+                clearAnalysisSelection();
+            });
+        }
+
+        // WEB only is now fixed by default
+
+        const searchEl = modal.querySelector("#analysisSearchInput");
+        if (searchEl) {
+            searchEl.addEventListener("input", function () {
+                filterAnalysisList();
+            });
+        }
+        modal.addEventListener("click", function (e) {
+            const removeBtn = e.target.closest(".analysis-remove-btn");
+            if (removeBtn) {
+                e.preventDefault();
+                e.stopPropagation();
+
+                const partId = removeBtn.getAttribute("data-part-id");
+                const recordKey = removeBtn.getAttribute("data-recordkey");
+
+                deleteAnalysisAssociation(partId, recordKey, function () {
+                    const stillUsed = Object.keys(analysisAssignedState).some(
+                        function (pid) {
+                            return (
+                                Array.isArray(analysisAssignedState[pid]) &&
+                                analysisAssignedState[pid].some(
+                                    function (item) {
+                                        return (
+                                            item.analysis_recordkey ===
+                                            recordKey
+                                        );
+                                    },
+                                )
+                            );
+                        },
+                    );
+
+                    if (!stillUsed) {
+                        delete analysisSelectedState[recordKey];
+                    }
+
+                    syncSelectedAnalysisRows();
+                });
+
+                return;
+            }
+
+            const row = e.target.closest(".analysis-analysis-item");
+            if (!row) return;
+
+            const selectedPartIds = getSelectedPartIds();
+            if (!selectedPartIds.length) {
+                alert("Select at least one part first");
+                return;
+            }
+
+            const payload = buildAnalysisPayloadFromRow(row);
+            if (!payload.analysis_recordkey) {
+                alert("Invalid analysis record key");
+                return;
+            }
+
+            const recordKey = payload.analysis_recordkey;
+            const alreadySelected = !!analysisSelectedState[recordKey];
+
+            if (alreadySelected) {
+                selectedPartIds.forEach(function (partId) {
+                    deleteAnalysisAssociation(partId, recordKey);
+                });
+
+                delete analysisSelectedState[recordKey];
+                syncSelectedAnalysisRows();
+                return;
+            }
+
+            let pending = selectedPartIds.length;
+            let atLeastOneSaved = false;
+
+            selectedPartIds.forEach(function (partId) {
+                saveAnalysisAssociation(partId, payload, function (ok) {
+                    if (ok) atLeastOneSaved = true;
+
+                    pending--;
+                    if (pending <= 0 && atLeastOneSaved) {
+                        analysisSelectedState[recordKey] = true;
+                        syncSelectedAnalysisRows();
+                    }
+                });
+            });
+        });
+
+        const firstActiveMatrix = modal.querySelector(
+            ".analysis-matrix-item.active",
+        );
+        if (firstActiveMatrix) {
+            const matrixId = firstActiveMatrix.getAttribute("data-matrix-id");
+            const matrixLabel =
+                firstActiveMatrix.getAttribute("data-matrix-name") ||
+                firstActiveMatrix.textContent.trim();
+
+            selectPartsByMatrix(matrixId, matrixLabel);
+        } else {
+            updateSelectedPartsInfo();
+        }
+    }
+
+    // OPEN ANALYSIS MODAL FROM PARTS MODAL BUTTON
+    $(document).on("click", ".open-analysis-modal-btn", function () {
+        const partsModal = document.getElementById("partsModal");
+        const iddatadb = $("#partsModal").data("iddatadb");
+
+        if (!iddatadb) {
+            console.error("iddatadb not found on #partsModal");
+            alert("iddatadb not found");
+            return;
+        }
+
+        $.ajax({
+            url: "modal_analysis.php",
+            method: "GET",
+            data: { iddatadb: iddatadb },
+            success: function (response) {
+                $("#analysisModalContainer").html(response);
+
+                const modalElement = document.getElementById("analysisModal");
+                if (!modalElement) {
+                    console.error("Analysis modal not found: #analysisModal");
+                    return;
+                }
+
+                let modal = bootstrap.Modal.getInstance(modalElement);
+                if (!modal) {
+                    modal = new bootstrap.Modal(modalElement, {
+                        backdrop: true,
+                        keyboard: true,
+                        focus: true,
+                    });
+                }
+
+                loadAnalysisMatrixNames().always(function () {
+                    initAnalysisModal();
+                    modal.show();
+                });
+            },
+            error: function (xhr, status, error) {
+                console.error("Error loading analysis modal:", error);
+                alert("Error loading analysis modal: " + error);
+            },
+        });
+    });
+
+    // CLEANUP ON CLOSE
+    $(document).on("hidden.bs.modal", "#analysisModal", function () {
+        const modalElement = document.getElementById("analysisModal");
+        if (modalElement) {
+            const modal = bootstrap.Modal.getInstance(modalElement);
+            if (modal) modal.dispose();
+        }
+
+        $("#analysisModalContainer").empty();
+
+        // keep parts modal alive, but remove extra backdrop leftovers
+        $(".modal-backdrop").last().remove();
+
+        if ($("#partsModal").hasClass("show")) {
+            $("body").addClass("modal-open");
+        } else {
+            $("body").removeClass("modal-open").css("padding-right", "");
+        }
+    });
+})();
@@ -0,0 +1,53 @@
+<?php
+ob_start();
+session_start();
+require_once '../../vendor/autoload.php';
+
+Dotenv\Dotenv::createImmutable(dirname(__DIR__, 2))->safeLoad();
+date_default_timezone_set($_ENV['APP_TIMEZONE'] ?? 'Europe/Rome');
+
+$response = ['error' => '', 'rows' => [], 'columns' => [], 'template_id' => 0, 'filename' => '', 'excel_data' => []];
+
+try {
+    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+        $input = json_decode(file_get_contents('php://input'), true);
+        $template_id = isset($input['template_id']) ? intval($input['template_id']) : 0;
+        $filename = $input['routine_data']['filename'] ?? '';
+        $headerrow = $input['routine_data']['headerrow'] ?? 1;
+        $excelData = $input['excel_data'] ?? [];
+        $routineData = $input['routine_data'] ?? [];
+
+        if (!$filename || empty($excelData)) {
+            throw new Exception("Dati della routine mancanti.");
+        }
+
+        $routineFile = __DIR__ . '/routines/' . $filename;
+        if (file_exists($routineFile)) {
+            include_once $routineFile;
+            $routineData['xls_headers'] = $_SESSION['headers'] ?? [];
+            applyRoutine($excelData, $routineData); // Modifica $excelData in place
+            error_log("Routine {$routineData['name']} applicata (file: {$filename}) per template {$template_id}, header row: {$headerrow}");
+        } else {
+            throw new Exception("File della routine non trovato: $routineFile");
+        }
+
+        // Aggiorna la sessione con i dati modificati
+        $_SESSION['excel_data'] = $excelData;
+
+        $response['excel_data'] = $excelData;
+        $response['rows'] = array_column($excelData, 'data');
+        $response['columns'] = $_SESSION['headers'];
+        $response['template_id'] = $template_id;
+        $response['filename'] = $input['filename'] ?? '';
+    } else {
+        $response['error'] = "Richiesta non valida.";
+    }
+} catch (Exception $e) {
+    $response['error'] = "Errore durante l'applicazione della routine: " . $e->getMessage();
+    error_log("Exception in apply_routine.php: " . $e->getMessage());
+}
+
+ob_end_clean();
+header('Content-Type: application/json');
+echo json_encode($response);
+exit;
@@ -0,0 +1,58 @@
+<?php
+header('Content-Type: application/json');
+
+// URL dell'API e credenziali
+$api_url = 'https://93.43.5.102/limsapi/api/authentication/authenticate';
+$credentials = [
+    'Username' => 'WebApiUser',
+    'Password' => 'webapiuser01'
+];
+
+// Inizializza cURL
+$ch = curl_init($api_url);
+
+// Configura le opzioni di cURL
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+curl_setopt($ch, CURLOPT_POST, true);
+curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($credentials));
+curl_setopt($ch, CURLOPT_HTTPHEADER, [
+    'Content-Type: application/json',
+    'Accept: application/json'
+]);
+curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // Solo per test
+curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); // Solo per test
+curl_setopt($ch, CURLOPT_VERBOSE, true);
+$log = fopen('curl_auth_debug.log', 'w');
+curl_setopt($ch, CURLOPT_STDERR, $log);
+
+// Esegui la richiesta
+$response = curl_exec($ch);
+$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+$curl_error = curl_error($ch);
+fclose($log);
+
+// Verifica errori
+if ($response === false || $http_code != 200) {
+    http_response_code($http_code ? $http_code : 500);
+    echo json_encode([
+        'error' => 'Errore nella richiesta API',
+        'http_code' => $http_code,
+        'curl_error' => $curl_error,
+        'response' => substr($response, 0, 1000)
+    ]);
+} else {
+    $decoded = json_decode($response);
+    if (json_last_error() === JSON_ERROR_NONE) {
+        http_response_code($http_code);
+        echo $response;
+    } else {
+        http_response_code(500);
+        echo json_encode([
+            'error' => 'Risposta non JSON valida',
+            'http_code' => $http_code,
+            'response' => substr($response, 0, 1000)
+        ]);
+    }
+}
+
+curl_close($ch);
@@ -0,0 +1,277 @@
+<?php
+include('include/headscript.php');
+
+$db = DBHandlerSelect::getInstance();
+$pdo = $db->getConnection();
+
+// Filtro opzionale per template.
+$templateFilter = isset($_GET['template_id']) ? intval($_GET['template_id']) : 0;
+
+$templates = $pdo->query("SELECT id, name FROM excel_templates ORDER BY name")->fetchAll(PDO::FETCH_ASSOC);
+
+$where = '';
+$params = [];
+if ($templateFilter > 0) {
+    $where = 'WHERE b.template_id = ?';
+    $params[] = $templateFilter;
+}
+
+$sql = "SELECT b.id, b.template_id, b.mapping_id, b.field_id, b.json_value,
+               b.lims_value_id, b.lims_value, b.updated_at,
+               t.name AS template_name,
+               m.field_label
+        FROM json_lims_binding b
+        LEFT JOIN excel_templates t ON t.id = b.template_id
+        LEFT JOIN template_mapping m ON m.id = b.mapping_id
+        $where
+        ORDER BY t.name, m.field_label, b.json_value";
+$stmt = $pdo->prepare($sql);
+$stmt->execute($params);
+$bindings = $stmt->fetchAll(PDO::FETCH_ASSOC);
+?>
+<!doctype html>
+<html lang="en">
+
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <link rel="icon" href="assets/images/favicon-32x32.png" type="image/png" />
+    <?php include('cssinclude.php'); ?>
+    <link href="https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css" rel="stylesheet">
+    <style>
+        .json-value {
+            font-family: Consolas, Monaco, monospace;
+            font-weight: 600;
+        }
+
+        td .select2-container {
+            min-width: 220px;
+        }
+
+        .row-status {
+            font-size: 12px;
+        }
+    </style>
+    <title>Gestione Binding JSON &rarr; LIMS - <?= htmlspecialchars($titlewebsite ?? '', ENT_QUOTES, 'UTF-8'); ?></title>
+</head>
+
+<body>
+    <div class="wrapper">
+        <?php include('include/navbar.php'); ?>
+        <?php include('include/topbar.php'); ?>
+        <div class="page-wrapper">
+            <div class="page-content">
+
+                <div class="card radius-10">
+                    <div class="card-header">
+                        <div class="d-flex align-items-center justify-content-between flex-wrap gap-2">
+                            <h6 class="mb-0">Gestione Binding JSON &rarr; LIMS</h6>
+                            <div class="d-flex align-items-center gap-2 flex-wrap">
+                                <input type="text" id="bindingSearch" class="form-control form-control-sm" style="width:220px;"
+                                    placeholder="Cerca (campo, valore...)">
+                                <form method="GET" class="d-flex align-items-center gap-2 mb-0">
+                                    <label class="small text-muted mb-0">Template</label>
+                                    <select name="template_id" class="form-select form-select-sm" onchange="this.form.submit()">
+                                        <option value="0">Tutti</option>
+                                        <?php foreach ($templates as $t): ?>
+                                            <option value="<?= (int) $t['id'] ?>" <?= $templateFilter === (int) $t['id'] ? 'selected' : '' ?>>
+                                                <?= htmlspecialchars($t['name']) ?>
+                                            </option>
+                                        <?php endforeach; ?>
+                                    </select>
+                                </form>
+                            </div>
+                        </div>
+                    </div>
+
+                    <div class="card-body">
+                        <div id="globalError" class="alert alert-danger" style="display:none;"></div>
+
+                        <div class="alert alert-secondary small">
+                            Le modifiche ai binding si applicano alle <strong>importazioni future</strong>.
+                            I record gi&agrave; importati non vengono ricalcolati.
+                        </div>
+
+                        <div class="table-responsive">
+                            <table class="table table-striped table-bordered align-middle" id="bindingsTable">
+                                <thead>
+                                    <tr>
+                                        <th class="sortable" data-col="0" style="cursor:pointer;">Template <span class="sort-caret"></span></th>
+                                        <th class="sortable" data-col="1" style="cursor:pointer;">Campo (template_mapping) <span class="sort-caret"></span></th>
+                                        <th class="sortable" data-col="2" style="cursor:pointer;">Valore JSON <span class="sort-caret"></span></th>
+                                        <th class="sortable" data-col="3" style="cursor:pointer;">Valore LIMS <span class="sort-caret"></span></th>
+                                        <th style="width:170px;">Azioni</th>
+                                    </tr>
+                                </thead>
+                                <tbody>
+                                    <?php if (empty($bindings)): ?>
+                                        <tr class="no-data-row">
+                                            <td colspan="5" class="text-center text-muted">Nessun binding presente.</td>
+                                        </tr>
+                                    <?php else: ?>
+                                        <?php foreach ($bindings as $b): ?>
+                                            <tr data-id="<?= (int) $b['id'] ?>"
+                                                data-mapping-id="<?= (int) $b['mapping_id'] ?>"
+                                                data-field-id="<?= (int) $b['field_id'] ?>"
+                                                data-template-id="<?= (int) $b['template_id'] ?>"
+                                                data-json-value="<?= htmlspecialchars($b['json_value'], ENT_QUOTES) ?>">
+                                                <td><?= htmlspecialchars($b['template_name'] ?? ('#' . $b['template_id'])) ?></td>
+                                                <td><?= htmlspecialchars($b['field_label'] ?? ('mapping ' . $b['mapping_id'])) ?></td>
+                                                <td class="json-value"><?= htmlspecialchars($b['json_value']) ?></td>
+                                                <td>
+                                                    <select class="form-select binding-select" data-field-id="<?= (int) $b['field_id'] ?>">
+                                                        <?php if ($b['lims_value_id']): ?>
+                                                            <option value="<?= (int) $b['lims_value_id'] ?>" selected>
+                                                                <?= htmlspecialchars($b['lims_value']) ?>
+                                                            </option>
+                                                        <?php endif; ?>
+                                                    </select>
+                                                    <span class="row-status text-muted"></span>
+                                                </td>
+                                                <td>
+                                                    <button type="button" class="btn btn-sm btn-success save-binding-btn" disabled>
+                                                        <i class="fas fa-save"></i> Salva
+                                                    </button>
+                                                    <button type="button" class="btn btn-sm btn-outline-danger delete-binding-btn">
+                                                        <i class="fas fa-trash"></i>
+                                                    </button>
+                                                </td>
+                                            </tr>
+                                        <?php endforeach; ?>
+                                    <?php endif; ?>
+                                </tbody>
+                            </table>
+                        </div>
+                    </div>
+                </div>
+
+            </div>
+        </div>
+        <div class="overlay toggle-icon"></div>
+        <a href="javaScript:;" class="back-to-top"><i class='bx bxs-up-arrow-alt'></i></a>
+        <?php include('include/footer.php'); ?>
+    </div>
+
+    <?php include('jsinclude.php'); ?>
+    <script src="https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/select2.min.js"></script>
+
+    <script>
+        $(function() {
+            const $globalError = $('#globalError');
+
+            // Filtro testuale generale su tutte le colonne.
+            const $rows = () => $('#bindingsTable tbody tr').not('.no-data-row');
+            $('#bindingSearch').on('input', function() {
+                const q = $(this).val().toLowerCase().trim();
+                $rows().each(function() {
+                    const text = $(this).text().toLowerCase();
+                    $(this).toggle(q === '' || text.indexOf(q) !== -1);
+                });
+            });
+
+            // Ordinamento per colonna (click sull'intestazione).
+            $('#bindingsTable thead .sortable').on('click', function() {
+                const col = +$(this).data('col');
+                const asc = !($(this).data('asc'));
+                $('#bindingsTable thead .sortable').data('asc', null).find('.sort-caret').html('');
+                $(this).data('asc', asc).find('.sort-caret').html(asc ? ' &#9650;' : ' &#9660;');
+
+                const $tbody = $('#bindingsTable tbody');
+                const rows = $tbody.find('tr').not('.no-data-row').get();
+                rows.sort((a, b) => {
+                    const x = $(a).find('td').eq(col).text().trim().toLowerCase();
+                    const y = $(b).find('td').eq(col).text().trim().toLowerCase();
+                    return asc ? x.localeCompare(y) : y.localeCompare(x);
+                });
+                rows.forEach(r => $tbody.append(r));
+            });
+
+            $('.binding-select').each(function() {
+                const fieldId = $(this).data('field-id');
+                const initialVal = $(this).val();
+
+                $(this).select2({
+                    width: '220px',
+                    ajax: {
+                        url: 'search_customfield_values.php',
+                        dataType: 'json',
+                        delay: 200,
+                        data: params => ({
+                            field_id: fieldId,
+                            q: params.term || '',
+                            limit: 50
+                        }),
+                        processResults: data => ({
+                            results: data.results || []
+                        })
+                    },
+                    minimumInputLength: 0
+                });
+
+                // Abilito Salva solo quando il valore cambia davvero.
+                $(this).data('original-val', initialVal);
+            });
+
+            $('.binding-select').on('change', function() {
+                const $row = $(this).closest('tr');
+                const changed = String($(this).val()) !== String($(this).data('original-val'));
+                $row.find('.save-binding-btn').prop('disabled', !changed);
+            });
+
+            $('.save-binding-btn').on('click', function() {
+                const $row = $(this).closest('tr');
+                const $select = $row.find('.binding-select');
+                const selectedData = $select.select2('data')[0] || {};
+                const $status = $row.find('.row-status');
+                const $btn = $(this);
+
+                $globalError.hide();
+                $btn.prop('disabled', true);
+                $status.text('Salvataggio...').removeClass('text-success text-danger').addClass('text-muted');
+
+                $.post('save_binding.php', {
+                    mapping_id: $row.data('mapping-id'),
+                    field_id: $row.data('field-id'),
+                    template_id: $row.data('template-id'),
+                    json_value: String($row.data('json-value')),
+                    lims_value_id: $select.val(),
+                    lims_value: selectedData.text || ''
+                }).then(resp => {
+                    if (resp && resp.success) {
+                        $status.text('Salvato').removeClass('text-muted').addClass('text-success');
+                        $select.data('original-val', $select.val());
+                    } else {
+                        throw new Error((resp && resp.error) || 'Errore salvataggio');
+                    }
+                }).catch(err => {
+                    $status.text('Errore').removeClass('text-muted').addClass('text-danger');
+                    $globalError.text(err.message || 'Errore durante il salvataggio.').show();
+                    $btn.prop('disabled', false);
+                });
+            });
+
+            $('.delete-binding-btn').on('click', function() {
+                if (!confirm('Eliminare questo binding?')) return;
+                const $row = $(this).closest('tr');
+                const $btn = $(this);
+                $globalError.hide();
+                $btn.prop('disabled', true);
+
+                $.post('delete_binding.php', {
+                    id: $row.data('id')
+                }).then(resp => {
+                    if (resp && resp.success) {
+                        $row.fadeOut(200, () => $row.remove());
+                    } else {
+                        throw new Error((resp && resp.error) || 'Errore eliminazione');
+                    }
+                }).catch(err => {
+                    $globalError.text(err.message || 'Errore durante l\'eliminazione.').show();
+                    $btn.prop('disabled', false);
+                });
+            });
+        });
+    </script>
+</body>
+
+</html>
@@ -0,0 +1,131 @@
+<?php
+require_once "class/VisualLimsApiClient.class.php";
+include('include/headscript.php');
+
+$dbHandler = DBHandlerSelect::getInstance();
+$pdo = $dbHandler->getConnection();
+
+header("Content-Type: application/json");
+
+// 🔹 Configura directory log (creala se non esiste)
+$logDir = __DIR__ . '/logs/api/';
+if (!is_dir($logDir)) {
+    mkdir($logDir, 0755, true);
+}
+
+// 🔹 Base URL API
+$apiBaseUrl = 'https://93.43.5.102/limsapi/api/odata/';
+
+// 🔹 Hardcoded values
+$iddatadb = 846;
+$commessaId = 533357;
+
+try {
+    // 🔹 STEP 4: Fetch Field Values with Labels (usa dati reali per iddatadb=845)
+    $stmt = $pdo->prepare("
+        SELECT
+          idd.field_value,
+          m.field_label,
+          m.schema_id,
+          m.field_id
+        FROM
+          import_data_details as idd
+          JOIN template_mapping m ON idd.mapping_id = m.id
+        WHERE idd.id = :iddatadb
+    ");
+    $stmt->execute(['iddatadb' => $iddatadb]);
+    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+    $fieldValues = [];
+    $valueMap = [];  // Mappa per field_id -> valore
+    foreach ($rows as $row) {
+        $fieldValues[] = [
+            "IdCommesseCustomFields" => (int) $row['field_id'],
+            "Valore" => $row['field_value'],
+            "FieldLabel" => $row['field_label']
+        ];
+        $valueMap[(int) $row['field_id']] = $row['field_value'];  // Mappa per ID definizione
+    }
+
+    // Logga i fieldValues in error_log
+    $logFieldValues = "FieldValues dal DB (iddatadb={$iddatadb}):\n" . json_encode($fieldValues, JSON_PRETTY_PRINT);
+    error_log($logFieldValues);
+
+    // 🔹 Initialize API client
+    $api = VisualLimsApiClient::getInstance();
+
+    // 🔹 STEP A: GET iniziale per CommesseCustomFields con espansione CustomField
+    $expand = "CommesseCustomFields(\$expand=CustomField)";  // Espansione come da istruzioni fornitore
+    $commessaWithFields = $api->get("CommessaWeb(" . $commessaId . ")?\$expand=" . $expand);
+
+    // 🔹 STEP B: Prepara payload PATCH (tutti i campi, sovrascrivi se match su CustomField.IdCustomField == field_id)
+    $commessaCustomFields = [];
+    foreach ($commessaWithFields["CommesseCustomFields"] as $customField) {
+        $definitionId = (int) ($customField["CustomField"]["IdCustomField"] ?? 0);  // Usa IdCustomField dal CustomField
+        $currentValue = $customField["Valore"] ?? '';
+        $newValue = isset($valueMap[$definitionId]) ? $valueMap[$definitionId] : $currentValue;
+
+        $commessaCustomFields[] = [
+            "IdCommesseCustomFields" => (int) $customField["IdCommesseCustomFields"],
+            "Valore" => $newValue
+        ];
+    }
+
+    // 🔹 Unico file di log per tutto
+    $logFile = $logDir . "commessa_{$commessaId}_patch_and_get_" . time() . ".txt";
+    $logContent = "FieldValues dal DB (iddatadb={$iddatadb}):\n" . json_encode($fieldValues, JSON_PRETTY_PRINT) . "\n\n";
+
+    // Log curl-like per GET iniziale
+    $logContent .= "GET iniziale:\n" .
+        "curl --location --request GET '{$apiBaseUrl}CommessaWeb({$commessaId})?\$expand=CommesseCustomFields(\$expand=CustomField)' \\\n" .
+        "--header 'Authorization: Bearer ••••••'\n\n" .
+        "RESPONSE:\n" . json_encode($commessaWithFields, JSON_PRETTY_PRINT) . "\n\n---\n";
+
+    if (!empty($commessaCustomFields)) {
+        $updatePayload = ["CommesseCustomFields" => $commessaCustomFields];
+
+        // Log curl-like per PATCH
+        $jsonPayload = json_encode($updatePayload, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
+        $logContent .= "PATCH:\n" .
+            "curl --location --request PATCH '{$apiBaseUrl}CommessaWeb({$commessaId})' \\\n" .
+            "--header 'Content-Type: application/json' \\\n" .
+            "--header 'Authorization: Bearer ••••••' \\\n" .
+            "--data '{$jsonPayload}'\n\n";
+
+        $patchResponse = $api->patch("CommessaWeb({$commessaId})", $updatePayload);
+
+        $logContent .= "PATCH RESPONSE:\n" . json_encode($patchResponse, JSON_PRETTY_PRINT) . "\n\n---\n";
+    } else {
+        $logContent .= "PATCH: Nessun campo custom da aggiornare\n\n---\n";
+    }
+
+    // 🔹 STEP C: GET di controllo post-PATCH
+    $commessaAfterPatch = $api->get("CommessaWeb(" . $commessaId . ")?\$expand=" . $expand);
+
+    // Log curl-like per GET di controllo
+    $logContent .= "GET di controllo:\n" .
+        "curl --location --request GET '{$apiBaseUrl}CommessaWeb({$commessaId})?\$expand=CommesseCustomFields(\$expand=CustomField)' \\\n" .
+        "--header 'Authorization: Bearer ••••••'\n\n" .
+        "RESPONSE:\n" . json_encode($commessaAfterPatch, JSON_PRETTY_PRINT);
+
+    // Salva log unico
+    file_put_contents($logFile, $logContent);
+
+    // 🔹 Output a schermo
+    echo json_encode([
+        "success" => true,
+        "message" => "PATCH eseguito su commessa {$commessaId} con dati da iddatadb {$iddatadb}",
+        "commessaAfterPatch" => $commessaAfterPatch,
+        "totalCustomFieldsUpdated" => count($commessaCustomFields),
+        "fieldValues" => $fieldValues,
+        "logFile" => $logFile
+    ]);
+} catch (Exception $e) {
+    error_log("Patch Error: " . $e->getMessage() . "\nTrace: " . $e->getTraceAsString());
+
+    echo json_encode([
+        "success" => false,
+        "message" => "Patch failed: " . $e->getMessage(),
+        "logFile" => $logFile ?? 'Nessun log generato'
+    ]);
+}
@@ -0,0 +1,314 @@
+<?php
+require_once dirname(__DIR__, 3) . '/vendor/autoload.php'; // Torna al livello di public
+
+use Dotenv\Dotenv;
+
+class VisualLimsApiClient
+{
+    private static $instance = null;
+    private $baseUrl;
+    private $username;
+    private $password;
+    private $token = null;
+
+    private function __construct()
+    {
+        $dotenv = Dotenv::createImmutable(dirname(__DIR__, 3)); // Torna al livello di public
+        $dotenv->load();
+
+        $this->baseUrl = $_ENV['API_BASE_URL'];
+        $this->username = $_ENV['API_USERNAME'];
+        $this->password = $_ENV['API_PASSWORD'];
+    }
+
+    public static function getInstance()
+    {
+        if (self::$instance === null) {
+            $dotenv = Dotenv::createImmutable(dirname(__DIR__, 3));
+            $dotenv->load();
+
+            $simulate = ($_ENV['SIMULATE_EXPORT_LIMS'] ?? '') === 'true';
+
+            if ($simulate) {
+                require_once __DIR__ . '/VisualLimsApiClientMock.class.php';
+                self::$instance = new VisualLimsApiClientMock();
+            } else {
+                self::$instance = new VisualLimsApiClient();
+            }
+        }
+        return self::$instance;
+    }
+
+    private function authenticate($retryCount = 0, $maxRetries = 3)
+    {
+        $ch = curl_init("{$this->baseUrl}/api/authentication/authenticate");
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+        curl_setopt($ch, CURLOPT_POST, true);
+        curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode([
+            'Username' => $this->username,
+            'Password' => $this->password
+        ]));
+        curl_setopt($ch, CURLOPT_HTTPHEADER, [
+            'Content-Type: application/json',
+            'Accept: application/json'
+        ]);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
+        curl_setopt($ch, CURLOPT_VERBOSE, true);
+        $log = fopen(__DIR__ . '/curl_auth_debug.log', 'a') ?: fopen('php://stderr', 'w');
+        curl_setopt($ch, CURLOPT_STDERR, $log);
+
+        $response = curl_exec($ch);
+        $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+        $curl_error = curl_error($ch);
+        $log_message = date('Y-m-d H:i:s') . " - Auth attempt {$retryCount}: HTTP {$http_code}, Error: {$curl_error}, Response: " . substr($response, 0, 1000) . "\n";
+        fwrite($log, $log_message);
+        fclose($log);
+        curl_close($ch);
+
+        if ($response === false || $http_code != 200) {
+            if ($http_code === 400 && strpos($response, 'Cannot persist the object') !== false && $retryCount < $maxRetries) {
+                usleep(500000); // Ritardo di 500ms
+                return $this->authenticate($retryCount + 1, $maxRetries); // Riprova
+            }
+            throw new Exception("Autenticazione fallita: HTTP {$http_code}, Errore cURL: {$curl_error}, Risposta: " . substr($response, 0, 1000));
+        }
+
+        $token_data = json_decode($response, true);
+        $this->token = null;
+
+        if (is_array($token_data) && isset($token_data['token'])) {
+            $this->token = $token_data['token'];
+        } elseif (is_string($token_data) && !empty($token_data)) {
+            $this->token = trim($token_data, '"');
+        } elseif (is_string($response) && !empty($response)) {
+            $this->token = trim($response, '"');
+        }
+
+        if (empty($this->token)) {
+            throw new Exception("Token non ricevuto: " . substr($response, 0, 1000));
+        }
+    }
+
+    private function getToken()
+    {
+        if ($this->token === null) {
+            $this->authenticate();
+        }
+        return $this->token;
+    }
+
+    public function get($endpoint)
+    {
+        $token = $this->getToken();
+        $url = "{$this->baseUrl}/api/odata/{$endpoint}";
+
+        $ch = curl_init($url);
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+        curl_setopt($ch, CURLOPT_HTTPHEADER, [
+            "Authorization: Bearer {$token}",
+            "Accept: application/json"
+        ]);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
+        curl_setopt($ch, CURLOPT_VERBOSE, true);
+        $log = fopen(__DIR__ . '/curl_request_debug.log', 'w') ?: fopen('php://stderr', 'w');
+        curl_setopt($ch, CURLOPT_STDERR, $log);
+
+        $response = curl_exec($ch);
+        $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+        $curl_error = curl_error($ch);
+        fclose($log);
+        curl_close($ch);
+
+        if ($response === false) {
+            throw new Exception("Errore nella richiesta: {$curl_error}");
+        }
+
+        if ($http_code !== 200) {
+            throw new Exception("Errore nel recupero dati: HTTP {$http_code}, Risposta: " . substr($response, 0, 1000));
+        }
+
+        $data = json_decode($response, true);
+        if (json_last_error() !== JSON_ERROR_NONE) {
+            throw new Exception("Risposta non JSON valida: " . substr($response, 0, 1000));
+        }
+
+        return $data;
+    }
+
+    public function post($endpoint, $payload)
+    {
+        $token = $this->getToken();
+        $url = "{$this->baseUrl}/api/odata/{$endpoint}";
+
+        $ch = curl_init($url);
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+        curl_setopt($ch, CURLOPT_POST, true);
+        curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload));
+        curl_setopt($ch, CURLOPT_HTTPHEADER, [
+            "Authorization: Bearer {$token}",
+            "Content-Type: application/json",
+            "Accept: application/json"
+        ]);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
+
+        $response = curl_exec($ch);
+        $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+        $curl_error = curl_error($ch);
+        curl_close($ch);
+
+        if ($response === false) {
+            throw new Exception("Errore nella richiesta POST: {$curl_error}");
+        }
+
+        if ($http_code < 200 || $http_code >= 300) {
+            throw new Exception("POST fallito: HTTP {$http_code}, Risposta: " . substr($response, 0, 1000));
+        }
+
+        return json_decode($response, true);
+    }
+
+    public function patch($endpoint, $payload)
+    {
+        $token = $this->getToken();
+        $url = "{$this->baseUrl}/api/odata/{$endpoint}";
+
+        $ch = curl_init($url);
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PATCH");
+        curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload));
+        curl_setopt($ch, CURLOPT_HTTPHEADER, [
+            "Authorization: Bearer {$token}",
+            "Content-Type: application/json",
+            "Accept: application/json"
+        ]);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
+
+        $response = curl_exec($ch);
+        $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+        $curl_error = curl_error($ch);
+        curl_close($ch);
+
+        if ($response === false) {
+            throw new Exception("Errore nella richiesta PATCH: {$curl_error}");
+        }
+
+        if ($http_code < 200 || $http_code >= 300) {
+            throw new Exception("PATCH fallito: HTTP {$http_code}, Risposta: " . substr($response, 0, 1000));
+        }
+
+        return json_decode($response, true);
+    }
+
+    /**
+     * POST a file as multipart/form-data (used for photo/attachment uploads).
+     *
+     * @param string $endpoint    OData endpoint, e.g. "Campione(613388)/UploadCampioneFile"
+     * @param string $filePath    Absolute path to the file on disk
+     * @param string $fileName    Original file name to send
+     * @param array  $extraFields Additional form fields to include
+     * @return array|null         Decoded JSON response
+     */
+    public function postMultipart($endpoint, $filePath, $fileName, array $extraFields = [])
+    {
+        $token = $this->getToken();
+        $url = "{$this->baseUrl}/api/odata/{$endpoint}";
+
+        $cfile = new CURLFile($filePath, mime_content_type($filePath) ?: 'application/octet-stream', $fileName);
+
+        $payload = array_merge($extraFields, [
+            'file' => $cfile,
+        ]);
+
+        $ch = curl_init($url);
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+        curl_setopt($ch, CURLOPT_POST, true);
+        curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
+        curl_setopt($ch, CURLOPT_HTTPHEADER, [
+            "Authorization: Bearer {$token}",
+            "Accept: application/json",
+            // Content-Type is set automatically to multipart/form-data by cURL
+        ]);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
+
+        $response  = curl_exec($ch);
+        $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+        $curl_error = curl_error($ch);
+        curl_close($ch);
+
+        if ($response === false) {
+            throw new Exception("Errore nella richiesta POST multipart: {$curl_error}");
+        }
+
+        if ($http_code < 200 || $http_code >= 300) {
+            throw new Exception("POST multipart fallito: HTTP {$http_code}, Risposta: " . substr($response, 0, 1000));
+        }
+
+        return json_decode($response, true);
+    }
+
+    public function getBaseUrl()
+    {
+        return $this->baseUrl;
+    }
+
+    /**
+     * Get raw/binary content from VisualLims API.
+     * Used for PDF downloads from MediaFile/DownloadStream.
+     */
+    public function getRaw($endpoint)
+    {
+        $token = $this->getToken();
+
+        /*
+     * Normal JSON OData calls use:
+     *   {$this->baseUrl}/api/odata/...
+     *
+     * Media file downloads use:
+     *   {$this->baseUrl}/api/MediaFile/DownloadStream...
+     */
+        $url = rtrim($this->baseUrl, '/') . '/api/' . ltrim($endpoint, '/');
+
+        $ch = curl_init($url);
+
+        curl_setopt_array($ch, [
+            CURLOPT_RETURNTRANSFER => true,
+            CURLOPT_HTTPHEADER => [
+                "Authorization: Bearer {$token}",
+                "Accept: application/pdf,*/*"
+            ],
+            CURLOPT_SSL_VERIFYPEER => false,
+            CURLOPT_SSL_VERIFYHOST => false,
+            CURLOPT_FOLLOWLOCATION => true,
+            CURLOPT_TIMEOUT => 60
+        ]);
+
+        $response = curl_exec($ch);
+        $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+        $contentType = curl_getinfo($ch, CURLINFO_CONTENT_TYPE);
+        $curlError = curl_error($ch);
+
+        curl_close($ch);
+
+        if ($response === false) {
+            throw new Exception("Errore cURL download raw: " . $curlError);
+        }
+
+        if ($httpCode < 200 || $httpCode >= 300) {
+            throw new Exception(
+                "Errore HTTP {$httpCode} durante download raw. Content-Type: {$contentType}. Response: " .
+                    substr($response, 0, 500)
+            );
+        }
+
+        if (empty($response)) {
+            throw new Exception("Risposta vuota dal download raw.");
+        }
+
+        return $response;
+    }
+}
@@ -0,0 +1,123 @@
+<?php
+require_once dirname(__DIR__, 3) . '/vendor/autoload.php'; // Torna al livello di public
+
+use Dotenv\Dotenv;
+
+class VisualLimsApiClient
+{
+    private static $instance = null;
+    private $baseUrl;
+    private $username;
+    private $password;
+    private $token = null;
+
+    private function __construct()
+    {
+        $dotenv = Dotenv::createImmutable(dirname(__DIR__, 3)); // Torna al livello di public
+        $dotenv->load();
+
+        $this->baseUrl = $_ENV['API_BASE_URL'];
+        $this->username = $_ENV['API_USERNAME'];
+        $this->password = $_ENV['API_PASSWORD'];
+    }
+
+    public static function getInstance()
+    {
+        if (self::$instance === null) {
+            self::$instance = new VisualLimsApiClient();
+        }
+        return self::$instance;
+    }
+
+    private function authenticate()
+    {
+        $ch = curl_init("{$this->baseUrl}/api/authentication/authenticate");
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+        curl_setopt($ch, CURLOPT_POST, true);
+        curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode([
+            'Username' => $this->username,
+            'Password' => $this->password
+        ]));
+        curl_setopt($ch, CURLOPT_HTTPHEADER, [
+            'Content-Type: application/json',
+            'Accept: application/json'
+        ]);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
+        curl_setopt($ch, CURLOPT_VERBOSE, true);
+        $log = fopen(__DIR__ . '/curl_auth_debug.log', 'w') ?: fopen('php://stderr', 'w');
+        curl_setopt($ch, CURLOPT_STDERR, $log);
+
+        $response = curl_exec($ch);
+        $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+        $curl_error = curl_error($ch);
+        fclose($log);
+        curl_close($ch);
+
+        if ($response === false || $http_code != 200) {
+            throw new Exception("Autenticazione fallita: HTTP {$http_code}, Errore cURL: {$curl_error}, Risposta: " . substr($response, 0, 1000));
+        }
+
+        $token_data = json_decode($response, true);
+        $this->token = null;
+
+        if (is_array($token_data) && isset($token_data['token'])) {
+            $this->token = $token_data['token'];
+        } elseif (is_string($token_data) && !empty($token_data)) {
+            $this->token = trim($token_data, '"');
+        } elseif (is_string($response) && !empty($response)) {
+            $this->token = trim($response, '"');
+        }
+
+        if (empty($this->token)) {
+            throw new Exception("Token non ricevuto: " . substr($response, 0, 1000));
+        }
+    }
+
+    private function getToken()
+    {
+        if ($this->token === null) {
+            $this->authenticate();
+        }
+        return $this->token;
+    }
+
+    public function get($endpoint)
+    {
+        $token = $this->getToken();
+        $url = "{$this->baseUrl}/api/odata/{$endpoint}";
+
+        $ch = curl_init($url);
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+        curl_setopt($ch, CURLOPT_HTTPHEADER, [
+            "Authorization: Bearer {$token}",
+            "Accept: application/json"
+        ]);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
+        curl_setopt($ch, CURLOPT_VERBOSE, true);
+        $log = fopen(__DIR__ . '/curl_request_debug.log', 'w') ?: fopen('php://stderr', 'w');
+        curl_setopt($ch, CURLOPT_STDERR, $log);
+
+        $response = curl_exec($ch);
+        $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+        $curl_error = curl_error($ch);
+        fclose($log);
+        curl_close($ch);
+
+        if ($response === false) {
+            throw new Exception("Errore nella richiesta: {$curl_error}");
+        }
+
+        if ($http_code !== 200) {
+            throw new Exception("Errore nel recupero dati: HTTP {$http_code}, Risposta: " . substr($response, 0, 1000));
+        }
+
+        $data = json_decode($response, true);
+        if (json_last_error() !== JSON_ERROR_NONE) {
+            throw new Exception("Risposta non JSON valida: " . substr($response, 0, 1000));
+        }
+
+        return $data;
+    }
+}
@@ -0,0 +1,135 @@
+<?php
+
+/**
+ * Mock implementation of VisualLimsApiClient.
+ * Activated when SIMULATE_EXPORT_LIMS=true in .env.
+ * All HTTP calls are skipped; fake but structurally valid data is returned.
+ * Every simulated call is logged via error_log() with a [SIMULATE] prefix.
+ */
+class VisualLimsApiClientMock
+{
+    private int $fakeCommessaId;
+
+    public function __construct()
+    {
+        // Stable fake ID for the lifetime of a single request
+        $this->fakeCommessaId = mt_rand(90001, 99999);
+        error_log("[SIMULATE] VisualLimsApiClientMock initialised (fakeCommessaId={$this->fakeCommessaId})");
+    }
+
+    public function get(string $endpoint): array
+    {
+        error_log("[SIMULATE] GET {$endpoint}");
+
+        // --- Fixed-field dropdown lists ---
+
+        if (str_starts_with($endpoint, 'MoltiplicatorePrezzi')) {
+            return ['value' => [
+                ['IdMoltiplicatorePrezzo' => 1, 'Codice' => 'MP-01', 'Descrizione' => 'Standard (1x)'],
+                ['IdMoltiplicatorePrezzo' => 2, 'Codice' => 'MP-02', 'Descrizione' => 'Urgente (1.5x)'],
+                ['IdMoltiplicatorePrezzo' => 3, 'Codice' => 'MP-03', 'Descrizione' => 'Extra Urgente (2x)'],
+            ]];
+        }
+
+        if (str_starts_with($endpoint, 'AnagraficaCertestObject')) {
+            return ['value' => [
+                ['IdAnagrafica' => 1, 'Codice' => 'OBJ-01', 'NomeAnagrafica' => 'Articolo Tessile'],
+                ['IdAnagrafica' => 2, 'Codice' => 'OBJ-02', 'NomeAnagrafica' => 'Componente Meccanico'],
+                ['IdAnagrafica' => 3, 'Codice' => 'OBJ-03', 'NomeAnagrafica' => 'Materiale Plastico'],
+            ]];
+        }
+
+        if (str_starts_with($endpoint, 'AnagraficaCertestService')) {
+            return ['value' => [
+                ['IdAnagrafica' => 1, 'Codice' => 'SRV-01', 'NomeAnagrafica' => 'Analisi Chimica'],
+                ['IdAnagrafica' => 2, 'Codice' => 'SRV-02', 'NomeAnagrafica' => 'Test Meccanico'],
+                ['IdAnagrafica' => 3, 'Codice' => 'SRV-03', 'NomeAnagrafica' => 'Prova Ambientale'],
+            ]];
+        }
+
+        // Cliente? list — get_clienti.php exits early in simulate mode, but guard here too
+        if (str_starts_with($endpoint, 'Cliente?')) {
+            return ['value' => []];
+        }
+
+        // Cliente(N)?$expand=Responsabili
+        if (str_starts_with($endpoint, 'Cliente(')) {
+            preg_match('/Cliente\((\d+)\)/', $endpoint, $m);
+            $clienteId = isset($m[1]) ? (int) $m[1] : 0;
+            return [
+                'IdCliente'    => $clienteId,
+                'Responsabili' => [
+                    ['IdClienteResponsabile' => 1, 'Nominativo' => 'Marco Bianchi'],
+                    ['IdClienteResponsabile' => 2, 'Nominativo' => 'Giulia Ferrari'],
+                    ['IdClienteResponsabile' => 3, 'Nominativo' => 'Andrea Russo'],
+                ],
+            ];
+        }
+
+        // --- CustomField dropdown values (get_customfield_values.php) ---
+
+        if (str_starts_with($endpoint, 'CustomField(')) {
+            preg_match('/CustomField\((\d+)\)/', $endpoint, $m);
+            $fieldId = isset($m[1]) ? (int) $m[1] : 0;
+            return [
+                'CustomFieldsValues' => [
+                    ['IdCustomFieldsValue' => $fieldId * 10 + 1, 'Valore' => 'Opzione A'],
+                    ['IdCustomFieldsValue' => $fieldId * 10 + 2, 'Valore' => 'Opzione B'],
+                    ['IdCustomFieldsValue' => $fieldId * 10 + 3, 'Valore' => 'Opzione C'],
+                ],
+            ];
+        }
+
+        // --- CommessaWeb OData calls (STEP 7 GET + STEP 10 verification) ---
+
+        preg_match('/\((\d+)\)/', $endpoint, $m);
+        $id = isset($m[1]) ? (int) $m[1] : $this->fakeCommessaId;
+
+        return [
+            'IdCommessa'           => $id,
+            'CodiceCommessa'       => "SIM-{$id}",
+            'CommesseCustomFields' => [],   // Empty → PATCH step is skipped correctly
+        ];
+    }
+
+    public function post(string $endpoint, array $payload): array
+    {
+        error_log("[SIMULATE] POST {$endpoint} payload=" . json_encode($payload));
+
+        // CommessaWeb creation
+        if ($endpoint === 'CommessaWeb') {
+            return [
+                'IdCommessa'     => $this->fakeCommessaId,
+                'CodiceCommessa' => "SIM-{$this->fakeCommessaId}",
+                'Richiedente'    => $payload['Richiedente'] ?? '',
+                'Descrizione'    => $payload['Descrizione'] ?? '',
+            ];
+        }
+
+        // Campione creation
+        if ($endpoint === 'Campione') {
+            return [
+                'IdCampione' => mt_rand(10001, 19999),
+                'Commessa'   => $payload['Commessa'] ?? null,
+                'Matrice'    => $payload['Matrice'] ?? null,
+            ];
+        }
+
+        // InviaCommessa / ImportaCommessa (currently commented out upstream)
+        return ['simulated' => true, 'endpoint' => $endpoint];
+    }
+
+    public function patch(string $endpoint, array $payload): array
+    {
+        error_log("[SIMULATE] PATCH {$endpoint} payload=" . json_encode($payload));
+
+        return [];
+    }
+
+    public function postMultipart(string $endpoint, string $filePath, string $fileName, array $extraFields = []): array
+    {
+        error_log("[SIMULATE] POST multipart {$endpoint} file={$fileName}");
+
+        return ['simulated' => true, 'file' => $fileName];
+    }
+}
@@ -0,0 +1,124 @@
+<?php
+require_once dirname(__DIR__, 3) . '/vendor/autoload.php';
+
+use Dotenv\Dotenv;
+
+class VisualLimsApiClientXml
+{
+    private static $instance = null;
+    private $baseUrl;
+    private $username;
+    private $password;
+    private $token = null;
+
+    private function __construct()
+    {
+        $dotenv = Dotenv::createImmutable(dirname(__DIR__, 3));
+        $dotenv->load();
+
+        $this->baseUrl = $_ENV['API_BASE_URL'];
+        $this->username = $_ENV['API_USERNAME'];
+        $this->password = $_ENV['API_PASSWORD'];
+    }
+
+    public static function getInstance()
+    {
+        if (self::$instance === null) {
+            self::$instance = new VisualLimsApiClientXml();
+        }
+        return self::$instance;
+    }
+
+    private function authenticate()
+    {
+        $ch = curl_init("{$this->baseUrl}/api/authentication/authenticate");
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+        curl_setopt($ch, CURLOPT_POST, true);
+        curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode([
+            'Username' => $this->username,
+            'Password' => $this->password
+        ]));
+        curl_setopt($ch, CURLOPT_HTTPHEADER, [
+            'Content-Type: application/json',
+            'Accept: application/json'
+        ]);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
+        curl_setopt($ch, CURLOPT_VERBOSE, true);
+        $log = fopen(__DIR__ . '/curl_auth_debug_xml.log', 'w') ?: fopen('php://stderr', 'w');
+        curl_setopt($ch, CURLOPT_STDERR, $log);
+
+        $response = curl_exec($ch);
+        $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+        $curl_error = curl_error($ch);
+        fclose($log);
+        curl_close($ch);
+
+        if ($response === false || $http_code != 200) {
+            throw new Exception("Autenticazione fallita: HTTP {$http_code}, Errore cURL: {$curl_error}, Risposta: " . substr($response, 0, 1000));
+        }
+
+        $token_data = json_decode($response, true);
+        $this->token = null;
+
+        if (is_array($token_data) && isset($token_data['token'])) {
+            $this->token = $token_data['token'];
+        } elseif (is_string($token_data) && !empty($token_data)) {
+            $this->token = trim($token_data, '"');
+        } elseif (is_string($response) && !empty($response)) {
+            $this->token = trim($response, '"');
+        }
+
+        if (empty($this->token)) {
+            throw new Exception("Token non ricevuto: " . substr($response, 0, 1000));
+        }
+    }
+
+    private function getToken()
+    {
+        if ($this->token === null) {
+            $this->authenticate();
+        }
+        return $this->token;
+    }
+
+    public function get($endpoint, $options = [])
+    {
+        $token = $this->getToken();
+        $query = http_build_query($options);
+        $url = "{$this->baseUrl}/api/odata/{$endpoint}" . ($query ? '?' . $query : '');
+
+        $ch = curl_init($url);
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+        curl_setopt($ch, CURLOPT_HTTPHEADER, [
+            "Authorization: Bearer {$token}",
+            "Accept: application/xml"
+        ]);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
+        curl_setopt($ch, CURLOPT_VERBOSE, true);
+        $log = fopen(__DIR__ . '/curl_request_debug_xml.log', 'w') ?: fopen('php://stderr', 'w');
+        curl_setopt($ch, CURLOPT_STDERR, $log);
+
+        $response = curl_exec($ch);
+        $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+        $curl_error = curl_error($ch);
+        fclose($log);
+        curl_close($ch);
+
+        if ($response === false) {
+            throw new Exception("Errore nella richiesta: {$curl_error}");
+        }
+
+        if ($http_code !== 200) {
+            throw new Exception("Errore nel recupero dati: HTTP {$http_code}, Risposta: " . substr($response, 0, 1000));
+        }
+
+        // Verifica che la risposta sia XML
+        if (strpos($response, '<?xml') !== 0) {
+            throw new Exception("Risposta non valida: atteso formato XML, ricevuto: " . substr($response, 0, 1000));
+        }
+
+        return $response;
+    }
+}
@@ -0,0 +1,124 @@
+<?php
+require_once dirname(__DIR__, 3) . '/vendor/autoload.php';
+
+use Dotenv\Dotenv;
+
+class VisualLimsApiClientXml
+{
+    private static $instance = null;
+    private $baseUrl;
+    private $username;
+    private $password;
+    private $token = null;
+
+    private function __construct()
+    {
+        $dotenv = Dotenv::createImmutable(dirname(__DIR__, 3));
+        $dotenv->load();
+
+        $this->baseUrl = $_ENV['API_BASE_URL'];
+        $this->username = $_ENV['API_USERNAME'];
+        $this->password = $_ENV['API_PASSWORD'];
+    }
+
+    public static function getInstance()
+    {
+        if (self::$instance === null) {
+            self::$instance = new VisualLimsApiClientXml();
+        }
+        return self::$instance;
+    }
+
+    private function authenticate()
+    {
+        $ch = curl_init("{$this->baseUrl}/api/authentication/authenticate");
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+        curl_setopt($ch, CURLOPT_POST, true);
+        curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode([
+            'Username' => $this->username,
+            'Password' => $this->password
+        ]));
+        curl_setopt($ch, CURLOPT_HTTPHEADER, [
+            'Content-Type: application/json',
+            'Accept: application/json'
+        ]);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
+        curl_setopt($ch, CURLOPT_VERBOSE, true);
+        $log = fopen(__DIR__ . '/curl_auth_debug_xml.log', 'w') ?: fopen('php://stderr', 'w');
+        curl_setopt($ch, CURLOPT_STDERR, $log);
+
+        $response = curl_exec($ch);
+        $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+        $curl_error = curl_error($ch);
+        fclose($log);
+        curl_close($ch);
+
+        if ($response === false || $http_code != 200) {
+            throw new Exception("Autenticazione fallita: HTTP {$http_code}, Errore cURL: {$curl_error}, Risposta: " . substr($response, 0, 1000));
+        }
+
+        $token_data = json_decode($response, true);
+        $this->token = null;
+
+        if (is_array($token_data) && isset($token_data['token'])) {
+            $this->token = $token_data['token'];
+        } elseif (is_string($token_data) && !empty($token_data)) {
+            $this->token = trim($token_data, '"');
+        } elseif (is_string($response) && !empty($response)) {
+            $this->token = trim($response, '"');
+        }
+
+        if (empty($this->token)) {
+            throw new Exception("Token non ricevuto: " . substr($response, 0, 1000));
+        }
+    }
+
+    private function getToken()
+    {
+        if ($this->token === null) {
+            $this->authenticate();
+        }
+        return $this->token;
+    }
+
+    public function get($endpoint, $options = [])
+    {
+        $token = $this->getToken();
+        $query = http_build_query($options);
+        $url = "{$this->baseUrl}/api/odata/{$endpoint}" . ($query ? '?' . $query : '');
+
+        $ch = curl_init($url);
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+        curl_setopt($ch, CURLOPT_HTTPHEADER, [
+            "Authorization: Bearer {$token}",
+            "Accept: application/xml"
+        ]);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
+        curl_setopt($ch, CURLOPT_VERBOSE, true);
+        $log = fopen(__DIR__ . '/curl_request_debug_xml.log', 'w') ?: fopen('php://stderr', 'w');
+        curl_setopt($ch, CURLOPT_STDERR, $log);
+
+        $response = curl_exec($ch);
+        $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+        $curl_error = curl_error($ch);
+        fclose($log);
+        curl_close($ch);
+
+        if ($response === false) {
+            throw new Exception("Errore nella richiesta: {$curl_error}");
+        }
+
+        if ($http_code !== 200) {
+            throw new Exception("Errore nel recupero dati: HTTP {$http_code}, Risposta: " . substr($response, 0, 1000));
+        }
+
+        // Verifica che la risposta sia XML
+        if (strpos($response, '<?xml') !== 0) {
+            throw new Exception("Risposta non valida: atteso formato XML, ricevuto: " . substr($response, 0, 1000));
+        }
+
+        return $response;
+    }
+}
@@ -0,0 +1,128 @@
+<?php
+
+// Helpers for JSON -> LIMS value bindings (table json_lims_binding).
+
+function binding_is_list_field(array $mapping): bool
+{
+    $hasList = (int) ($mapping['has_list'] ?? 0) === 1;
+    $isMultiChoice = strcasecmp(trim((string) ($mapping['data_type'] ?? '')), 'SceltaMultipla') === 0;
+    return $hasList || $isMultiChoice;
+}
+
+function binding_lookup(PDO $pdo, int $mappingId, string $jsonValue): ?array
+{
+    $stmt = $pdo->prepare(
+        "SELECT id, lims_value_id, lims_value
+         FROM json_lims_binding
+         WHERE mapping_id = ? AND json_value = ?
+         LIMIT 1"
+    );
+    $stmt->execute([$mappingId, $jsonValue]);
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);
+    return $row ?: null;
+}
+
+function binding_upsert(
+    PDO $pdo,
+    int $templateId,
+    int $mappingId,
+    int $fieldId,
+    string $jsonValue,
+    int $limsValueId,
+    string $limsValue,
+    ?int $createdBy
+): void {
+    $stmt = $pdo->prepare(
+        "INSERT INTO json_lims_binding
+            (template_id, mapping_id, field_id, json_value, lims_value_id, lims_value, created_by)
+         VALUES (?, ?, ?, ?, ?, ?, ?)
+         ON DUPLICATE KEY UPDATE
+            lims_value_id = VALUES(lims_value_id),
+            lims_value    = VALUES(lims_value),
+            field_id      = VALUES(field_id),
+            template_id   = VALUES(template_id)"
+    );
+    $stmt->execute([$templateId, $mappingId, $fieldId, $jsonValue, $limsValueId, $limsValue, $createdBy]);
+}
+
+// LIMS list values for a field, reusing the cache/customfield_{id}.json cache (1h).
+function binding_get_lims_values(int $fieldId): array
+{
+    static $memo = [];
+    if ($fieldId <= 0) {
+        return [];
+    }
+    if (array_key_exists($fieldId, $memo)) {
+        return $memo[$fieldId];
+    }
+
+    $cacheDir = dirname(__DIR__) . '/cache';
+    $cacheFile = $cacheDir . '/customfield_' . $fieldId . '.json';
+
+    try {
+        if (file_exists($cacheFile) && (time() - filemtime($cacheFile) < 3600)) {
+            $values = json_decode(file_get_contents($cacheFile), true);
+        } else {
+            require_once __DIR__ . '/VisualLimsApiClient.class.php';
+            $api = VisualLimsApiClient::getInstance();
+            $data = $api->get("CustomField($fieldId)?\$expand=CustomFieldsValues");
+            $values = $data['CustomFieldsValues'] ?? [];
+            if (!is_dir($cacheDir)) {
+                mkdir($cacheDir, 0777, true);
+            }
+            file_put_contents($cacheFile, json_encode($values));
+        }
+    } catch (Throwable $e) {
+        error_log("binding_get_lims_values failed for field $fieldId: " . $e->getMessage());
+        $values = [];
+    }
+
+    if (!is_array($values)) {
+        $values = [];
+    }
+
+    return $memo[$fieldId] = $values;
+}
+
+// Exactly one case-insensitive match by Valore -> that value, otherwise null.
+function binding_auto_match(array $limsValues, string $jsonValue): ?array
+{
+    $needle = mb_strtolower(trim($jsonValue));
+    if ($needle === '') {
+        return null;
+    }
+
+    $matches = [];
+    foreach ($limsValues as $v) {
+        $valore = (string) ($v['Valore'] ?? '');
+        if (mb_strtolower(trim($valore)) === $needle) {
+            $matches[] = $v;
+        }
+    }
+
+    return count($matches) === 1 ? $matches[0] : null;
+}
+
+// Scrive il valore risolto sui record indicati (datadb_ids gia' delimita l'import corrente).
+function binding_apply_to_details(
+    PDO $pdo,
+    int $mappingId,
+    string $limsValue,
+    array $datadbIds
+): int {
+    $datadbIds = array_values(array_filter(array_map('intval', $datadbIds)));
+    if (empty($datadbIds)) {
+        return 0;
+    }
+
+    $placeholders = implode(',', array_fill(0, count($datadbIds), '?'));
+    $sql = "UPDATE import_data_details
+            SET field_value = ?
+            WHERE mapping_id = ?
+              AND id IN ($placeholders)";
+
+    $params = array_merge([$limsValue, $mappingId], $datadbIds);
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute($params);
+    return $stmt->rowCount();
+}
@@ -0,0 +1,76 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>VisualLims Authentication</title>
+    <style>
+        body {
+            font-family: Arial, sans-serif;
+            max-width: 600px;
+            margin: 20px auto;
+            padding: 20px;
+        }
+
+        #authButton {
+            padding: 10px 20px;
+            background-color: #007bff;
+            color: white;
+            border: none;
+            cursor: pointer;
+        }
+
+        #authButton:hover {
+            background-color: #0056b3;
+        }
+
+        #result {
+            margin-top: 20px;
+            padding: 10px;
+            border: 1px solid #ccc;
+            word-wrap: break-word;
+        }
+    </style>
+</head>
+
+<body>
+    <h1>VisualLims Authentication</h1>
+    <button id="authButton">Authenticate</button>
+    <div id="result"></div>
+
+    <script>
+        document.getElementById('authButton').addEventListener('click', async () => {
+            const resultDiv = document.getElementById('result');
+            resultDiv.textContent = 'Authenticating...';
+
+            try {
+                const response = await fetch('https://93.43.5.102/limsapi/api/authentication/authenticate', {
+                    method: 'POST',
+                    headers: {
+                        'Content-Type': 'application/json',
+                    },
+                    body: JSON.stringify({
+                        Username: 'WebApiUserTest',
+                        Password: 'WebApiUserClienteTest'
+                    })
+                });
+
+                if (!response.ok) {
+                    throw new Error(`HTTP error! status: ${response.status}`);
+                }
+
+                const data = await response.json();
+                if (data && data.token) {
+                    resultDiv.textContent = `Token: ${data.token}`;
+                } else {
+                    resultDiv.textContent = 'Authentication failed: No token received';
+                }
+            } catch (error) {
+                resultDiv.textContent = `Error: ${error.message}`;
+            }
+        });
+    </script>
+</body>
+
+</html>
@@ -3,6 +3,9 @@ require_once dirname(__DIR__, 3) . '/vendor/autoload.php';

 use Dotenv\Dotenv;

+Dotenv::createImmutable(dirname(__DIR__, 3))->safeLoad();
+date_default_timezone_set($_ENV['APP_TIMEZONE'] ?? 'Europe/Rome');
+
 class DBHandlerSelect
 {
    private static $instance = null;
@@ -0,0 +1,133 @@
+<?php
+header('Content-Type: application/json');
+include('include/headscript.php');
+
+$dbHandler = DBHandlerSelect::getInstance();
+$pdo = $dbHandler->getConnection();
+$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+
+$data = json_decode(file_get_contents('php://input'), true);
+
+$sourceIddatadb = isset($data['source_iddatadb']) ? (int)$data['source_iddatadb'] : 0;
+$targetList = $data['target_iddatadb_list'] ?? [];
+
+$targetIds = array_values(array_unique(array_filter(array_map('intval', (array)$targetList), function ($v) use ($sourceIddatadb) {
+    return $v > 0 && $v !== $sourceIddatadb;
+})));
+
+if ($sourceIddatadb <= 0 || empty($targetIds)) {
+    echo json_encode([
+        'success' => false,
+        'message' => 'Missing source or target records'
+    ]);
+    exit;
+}
+
+try {
+    $pdo->beginTransaction();
+
+    // 1. Load source parts
+    $stmtParts = $pdo->prepare("
+            SELECT id, part_number, part_description, mix, idmatrice, note, dateexpiry
+            FROM identification_parts
+            WHERE iddatadb = ?
+            AND part_description IS NOT NULL
+            AND TRIM(part_description) <> ''
+            ORDER BY part_number ASC, id ASC
+        ");
+    $stmtParts->execute([$sourceIddatadb]);
+    $sourceParts = $stmtParts->fetchAll(PDO::FETCH_ASSOC);
+
+    if (empty($sourceParts)) {
+        $pdo->rollBack();
+        echo json_encode([
+            'success' => false,
+            'message' => 'No parts found for source record'
+        ]);
+        exit;
+    }
+
+    // 2. Prepare statements
+    $stmtInsertPart = $pdo->prepare("
+        INSERT INTO identification_parts
+        (iddatadb, part_number, part_description, mix, idmatrice, note, dateexpiry, created_at, updated_at)
+        VALUES
+        (:iddatadb, :part_number, :part_description, :mix, :idmatrice, :note, :dateexpiry, NOW(), NOW())
+    ");
+
+    $stmtLoadCF = $pdo->prepare("
+        SELECT field_id, value_id, value_text
+        FROM identification_parts_customfields
+        WHERE part_id = ?
+        ORDER BY id ASC
+    ");
+
+    $stmtInsertCF = $pdo->prepare("
+        INSERT INTO identification_parts_customfields
+        (part_id, field_id, value_id, value_text, created_at, updated_at)
+        VALUES
+        (:part_id, :field_id, :value_id, :value_text, NOW(), NOW())
+    ");
+
+    $details = [];
+    $totalClonedParts = 0;
+
+    // 3. Clone source parts to each target record
+    foreach ($targetIds as $targetIddatadb) {
+        $clonedCountForTarget = 0;
+
+        foreach ($sourceParts as $part) {
+            $stmtInsertPart->execute([
+                ':iddatadb' => $targetIddatadb,
+                ':part_number' => $part['part_number'],
+                ':part_description' => $part['part_description'],
+                ':mix' => $part['mix'] ?? 'N',
+                ':idmatrice' => $part['idmatrice'] !== '' ? $part['idmatrice'] : null,
+                ':note' => $part['note'] ?? null,
+                ':dateexpiry' => $part['dateexpiry'] ?? null,
+            ]);
+
+            $newPartId = (int)$pdo->lastInsertId();
+
+            // Load source custom fields for this part
+            $stmtLoadCF->execute([(int)$part['id']]);
+            $customFields = $stmtLoadCF->fetchAll(PDO::FETCH_ASSOC);
+
+            foreach ($customFields as $cf) {
+                $stmtInsertCF->execute([
+                    ':part_id' => $newPartId,
+                    ':field_id' => (int)$cf['field_id'],
+                    ':value_id' => ($cf['value_id'] !== null && $cf['value_id'] !== '') ? (int)$cf['value_id'] : null,
+                    ':value_text' => $cf['value_text'] !== '' ? $cf['value_text'] : null,
+                ]);
+            }
+
+            $clonedCountForTarget++;
+            $totalClonedParts++;
+        }
+
+        $details[] = [
+            'target_iddatadb' => $targetIddatadb,
+            'cloned_parts' => $clonedCountForTarget
+        ];
+    }
+
+    $pdo->commit();
+
+    echo json_encode([
+        'success' => true,
+        'source_iddatadb' => $sourceIddatadb,
+        'cloned_targets' => count($targetIds),
+        'total_cloned_parts' => $totalClonedParts,
+        'details' => $details
+    ]);
+} catch (Throwable $e) {
+    if ($pdo->inTransaction()) {
+        $pdo->rollBack();
+    }
+
+    echo json_encode([
+        'success' => false,
+        'message' => 'Clone failed: ' . $e->getMessage()
+    ]);
+}
@@ -0,0 +1,228 @@
+<?php
+require_once 'class/db-functions.php';
+
+ini_set('display_errors', 1);
+ini_set('display_startup_errors', 1);
+error_reporting(E_ALL);
+
+if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
+    die("Invalid template ID");
+}
+
+$sourceTemplateId = (int)$_GET['id'];
+
+try {
+    $db = DBHandlerSelect::getInstance();
+    $pdo = $db->getConnection();
+
+    $pdo->beginTransaction();
+
+    // 1. Get source template
+    $stmt = $pdo->prepare("
+        SELECT 
+            name,
+            source_type,
+            header_row,
+            start_column,
+            description,
+            target_table,
+            sample_xlsx,
+            button_size,
+            button_bg_color,
+            button_text_color,
+            button_label,
+            status,
+            client_specific_fields,
+            idclient,
+            clientname,
+            schemaname,
+            idschema,
+            schemajson,
+            xls_headers,
+            api_sample_json,
+            json_nodes,
+            idroutine
+        FROM excel_templates
+        WHERE id = ?
+        LIMIT 1
+    ");
+    $stmt->execute([$sourceTemplateId]);
+    $template = $stmt->fetch(PDO::FETCH_ASSOC);
+
+    if (!$template) {
+        throw new Exception("Template not found.");
+    }
+
+    // 2. Generate unique clone name
+    $baseName = 'Copia di ' . $template['name'];
+    $newName = $baseName;
+
+    $checkStmt = $pdo->prepare("SELECT COUNT(*) FROM excel_templates WHERE name = ?");
+    $checkStmt->execute([$newName]);
+
+    if ((int)$checkStmt->fetchColumn() > 0) {
+        $counter = 2;
+
+        do {
+            $newName = $baseName . ' (' . $counter . ')';
+            $checkStmt->execute([$newName]);
+            $exists = (int)$checkStmt->fetchColumn() > 0;
+            $counter++;
+        } while ($exists);
+    }
+
+    // 3. Insert cloned template
+    $insertTemplate = $pdo->prepare("
+        INSERT INTO excel_templates (
+            name,
+            source_type,
+            created_at,
+            updated_at,
+            header_row,
+            start_column,
+            description,
+            target_table,
+            sample_xlsx,
+            button_size,
+            button_bg_color,
+            button_text_color,
+            button_label,
+            status,
+            client_specific_fields,
+            idclient,
+            clientname,
+            schemaname,
+            idschema,
+            schemajson,
+            xls_headers,
+            api_sample_json,
+            json_nodes,
+            idroutine
+        ) VALUES (
+            :name,
+            :source_type,
+            NOW(),
+            NOW(),
+            :header_row,
+            :start_column,
+            :description,
+            :target_table,
+            :sample_xlsx,
+            :button_size,
+            :button_bg_color,
+            :button_text_color,
+            :button_label,
+            :status,
+            :client_specific_fields,
+            :idclient,
+            :clientname,
+            :schemaname,
+            :idschema,
+            :schemajson,
+            :xls_headers,
+            :api_sample_json,
+            :json_nodes,
+            :idroutine
+        )
+    ");
+
+    $insertTemplate->execute([
+        ':name' => $newName,
+        ':source_type' => $template['source_type'],
+        ':header_row' => $template['header_row'],
+        ':start_column' => $template['start_column'],
+        ':description' => $template['description'],
+        ':target_table' => $template['target_table'],
+        ':sample_xlsx' => $template['sample_xlsx'],
+        ':button_size' => $template['button_size'],
+        ':button_bg_color' => $template['button_bg_color'],
+        ':button_text_color' => $template['button_text_color'],
+        ':button_label' => $template['button_label'],
+        ':status' => $template['status'],
+        ':client_specific_fields' => $template['client_specific_fields'],
+        ':idclient' => $template['idclient'],
+        ':clientname' => $template['clientname'],
+        ':schemaname' => $template['schemaname'],
+        ':idschema' => $template['idschema'],
+        ':schemajson' => $template['schemajson'],
+        ':xls_headers' => $template['xls_headers'],
+        ':api_sample_json' => $template['api_sample_json'],
+        ':json_nodes' => $template['json_nodes'],
+        ':idroutine' => $template['idroutine']
+    ]);
+
+    $newTemplateId = (int)$pdo->lastInsertId();
+
+    if ($newTemplateId <= 0) {
+        throw new Exception("Unable to create cloned template.");
+    }
+
+    // 4. Clone template_mapping rows
+    $cloneMappings = $pdo->prepare("
+        INSERT INTO template_mapping (
+            template_id,
+            schema_id,
+            field_id,
+            excel_column,
+            json_node,
+            is_manual,
+            manual_default,
+            auto_value,
+            data_type,
+            is_required,
+            default_value,
+            has_list,
+            length,
+            decimals,
+            min_value,
+            max_value,
+            default_curr_date,
+            tablename,
+            field_label,
+            main_field,
+            is_visible_import,
+            is_visible_parts
+        )
+        SELECT
+            :new_template_id,
+            schema_id,
+            field_id,
+            excel_column,
+            json_node,
+            is_manual,
+            manual_default,
+            auto_value,
+            data_type,
+            is_required,
+            default_value,
+            has_list,
+            length,
+            decimals,
+            min_value,
+            max_value,
+            default_curr_date,
+            tablename,
+            field_label,
+            main_field,
+            is_visible_import,
+            is_visible_parts
+        FROM template_mapping
+        WHERE template_id = :source_template_id
+    ");
+
+    $cloneMappings->execute([
+        ':new_template_id' => $newTemplateId,
+        ':source_template_id' => $sourceTemplateId
+    ]);
+
+    $pdo->commit();
+
+    header("Location: templates_dashboard.php?cloned=1&new_id=" . $newTemplateId);
+    exit;
+} catch (Exception $e) {
+    if (isset($pdo) && $pdo->inTransaction()) {
+        $pdo->rollBack();
+    }
+
+    die("Clone error: " . htmlspecialchars($e->getMessage(), ENT_QUOTES, 'UTF-8'));
+}
@@ -0,0 +1,211 @@
+<?php
+// Questo file può essere vuoto o contenere logica PHP aggiuntiva se necessario
+?>
+<!DOCTYPE html>
+<html lang="it">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Autenticazione VisualLims</title>
+    <!-- Includi Select2 CSS -->
+    <link href="https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css" rel="stylesheet" />
+    <style>
+        body {
+            font-family: Arial, sans-serif;
+            max-width: 600px;
+            margin: 20px auto;
+            padding: 20px;
+        }
+
+        #authButton {
+            padding: 10px 20px;
+            background-color: #007bff;
+            color: white;
+            border: none;
+            cursor: pointer;
+        }
+
+        #authButton:hover {
+            background-color: #0056b3;
+        }
+
+        #result {
+            margin-top: 20px;
+            padding: 10px;
+            border: 1px solid #ccc;
+            word-wrap: break-word;
+        }
+
+        #schemiResult {
+            margin-top: 20px;
+            padding: 10px;
+            border: 1px solid #ccc;
+            word-wrap: break-word;
+        }
+
+        .select2-container {
+            width: 100% !important;
+        }
+    </style>
+</head>
+
+<body>
+    <h1>Autenticazione VisualLims</h1>
+    <button id="authButton">Autentica</button>
+    <div id="result"></div>
+
+    <!-- Tendina per i clienti -->
+    <h3>Seleziona un cliente:</h3>
+    <select id="clientiSelect" style="width: 100%;">
+        <option value="">Seleziona un cliente...</option>
+    </select>
+
+    <!-- Area per mostrare gli schemi -->
+    <div id="schemiResult"></div>
+
+    <!-- Includi jQuery (necessario per Select2) -->
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
+    <!-- Includi Select2 JS -->
+    <script src="https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/select2.min.js"></script>
+
+    <script>
+        // Inizializza Select2 sulla tendina
+        $(document).ready(function() {
+            $('#clientiSelect').select2({
+                placeholder: "Cerca un cliente...",
+                allowClear: true
+            });
+
+            // Carica i clienti al caricamento della pagina
+            loadClienti();
+        });
+
+        // Autenticazione
+        document.getElementById('authButton').addEventListener('click', async () => {
+            const resultDiv = document.getElementById('result');
+            resultDiv.textContent = 'Autenticazione in corso...';
+
+            try {
+                const response = await fetch('auth_proxy.php', {
+                    method: 'POST',
+                    headers: {
+                        'Content-Type': 'application/json',
+                    }
+                });
+
+                const data = await response.json();
+                if (!response.ok) {
+                    throw new Error(`Errore HTTP! Stato: ${response.status}, Dettagli: ${data.error || 'Nessun dettaglio disponibile'}`);
+                }
+
+                if (typeof data === 'string' && data.length > 0) {
+                    resultDiv.textContent = `Token: ${data}`;
+                } else if (data && data.token) {
+                    resultDiv.textContent = `Token: ${data.token}`;
+                } else {
+                    resultDiv.textContent = `Autenticazione fallita: Nessun token ricevuto. Dettagli: ${JSON.stringify(data)}`;
+                }
+            } catch (error) {
+                resultDiv.textContent = `Errore: ${error.message}`;
+            }
+        });
+
+        // Funzione per caricare i clienti nella tendina
+        async function loadClienti() {
+            const resultDiv = document.getElementById('result');
+            resultDiv.textContent = 'Caricamento clienti...';
+
+            try {
+                const response = await fetch('get_clienti.php', {
+                    method: 'POST',
+                    headers: {
+                        'Content-Type': 'application/json'
+                    },
+                    body: JSON.stringify({})
+                });
+
+                const data = await response.json();
+
+                if (!response.ok) {
+                    throw new Error(data.error || `Errore HTTP: ${response.status}, Dettagli: ${JSON.stringify(data)}`);
+                }
+
+                if (data.value && Array.isArray(data.value)) {
+                    const select = document.getElementById('clientiSelect');
+                    data.value.forEach(c => {
+                        const nome = c.Nominativo || 'Nome non disponibile';
+                        const id = c.IdCliente || 'ID non disponibile';
+                        const option = new Option(`${nome.trim()} (ID: ${id})`, id);
+                        select.add(option);
+                    });
+                    resultDiv.textContent = 'Clienti caricati con successo.';
+                } else {
+                    resultDiv.textContent = 'Nessun cliente trovato o formato dati non valido.';
+                    console.log('Risposta API:', data);
+                }
+            } catch (err) {
+                resultDiv.textContent = 'Errore: ' + err.message;
+                console.error('Dettagli errore:', err);
+            }
+        }
+
+        // Evento per gestire la selezione di un cliente e recuperare gli schemi
+        $('#clientiSelect').on('select2:select', async function(e) {
+            const clienteId = e.target.value; // Oppure: $(this).val()
+            const schemiDiv = document.getElementById('schemiResult'); // Correzione del nome variabile
+
+            // Log per debug
+            console.log('Cliente selezionato:', clienteId);
+
+            if (!clienteId) {
+                schemiDiv.textContent = '';
+                return;
+            }
+
+            schemiDiv.textContent = 'Caricamento schemi...';
+
+            try {
+                const response = await fetch('get_schemi.php', {
+                    method: 'POST',
+                    headers: {
+                        'Content-Type': 'application/json'
+                    },
+                    body: JSON.stringify({
+                        clienteId
+                    })
+                });
+
+                const data = await response.json();
+
+                if (!response.ok) {
+                    throw new Error(data.error || `Errore HTTP: ${response.status}, Dettagli: ${JSON.stringify(data)}`);
+                }
+
+                if (data.SchemiAbilitati && Array.isArray(data.SchemiAbilitati)) {
+                    let html = '<h3>Schemi Abilitati:</h3><ul>';
+                    data.SchemiAbilitati.forEach(s => {
+                        const nomeSchema = s.NomeSchema || s.Descrizione || 'Schema non specificato';
+                        html += `<li>${nomeSchema}</li>`;
+                    });
+                    html += '</ul>';
+                    schemiDiv.innerHTML = html;
+                } else {
+                    schemiDiv.textContent = 'Nessuno schema trovato per questo cliente.';
+                    console.log('Risposta Schemi:', data);
+                }
+            } catch (err) {
+                schemiDiv.textContent = 'Errore: ' + err.message;
+                console.error('Dettagli errore:', err);
+            }
+        });
+
+        // Gestisci la deselezione (opzionale)
+        $('#clientiSelect').on('select2:unselect', function(e) {
+            const schemiDiv = document.getElementById('schemiResult'); // Correzione del nome variabile
+            schemiDiv.textContent = '';
+        });
+    </script>
+</body>
+
+</html>
@@ -0,0 +1,79 @@
+<?php
+header('Content-Type: application/json');
+
+require_once(__DIR__ . '/include/headscript.php');
+
+$db = DBHandlerSelect::getInstance();
+$pdo = $db->getConnection();
+
+$input = json_decode(file_get_contents('php://input'), true);
+$templateId = (int)($input['template_id'] ?? 0);
+
+if ($templateId <= 0) {
+    echo json_encode(['success' => false, 'message' => 'Invalid template_id']);
+    exit;
+}
+
+// If already exists, do nothing
+$stmt = $pdo->prepare("SELECT COUNT(*) FROM template_fixed_mapping WHERE template_id = ?");
+$stmt->execute([$templateId]);
+if ((int)$stmt->fetchColumn() > 0) {
+    echo json_encode(['success' => true, 'created' => 0, 'message' => 'Fixed fields already exist']);
+    exit;
+}
+
+/**
+ * FIXED FIELDS STANDARD (no UI selection)
+ * is_manual always 1
+ * is_visible_import default 1
+ */
+$fixedFields = [
+    // fixed_field_key, data_type
+    ['ClienteResponsabile', 'INT'],
+    ['ClienteFornitore', 'INT'],
+    ['ClienteAnalisi', 'INT'],
+    ['MoltiplicatorePrezzo', 'INT'],
+    ['AnagraficaCertestObject', 'INT'],
+    ['AnagraficaCertestService', 'INT'],
+    ['ConsegnaRichiesta', 'DATE'],
+];
+
+
+try {
+    $pdo->beginTransaction();
+
+    $ins = $pdo->prepare("
+    INSERT INTO template_fixed_mapping
+    (template_id, fixed_field_key, is_manual, data_type, is_required, default_value, is_visible_import)
+    VALUES
+    (:template_id, :fixed_field_key, 1, :data_type, 1, NULL, 1)
+");
+
+
+    foreach ($fixedFields as $f) {
+        $ins->execute([
+            ':template_id'     => $templateId,
+            ':fixed_field_key' => $f[0],
+            ':data_type'       => $f[1],
+        ]);
+    }
+
+
+    $pdo->commit();
+
+    // Return rows (for client render)
+    $stmt = $pdo->prepare("
+    SELECT id, template_id, fixed_field_key, is_manual, data_type, is_required, default_value, is_visible_import
+    FROM template_fixed_mapping
+    WHERE template_id = ?
+    ORDER BY id ASC
+");
+
+    $stmt->execute([$templateId]);
+    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+    echo json_encode(['success' => true, 'created' => count($rows), 'rows' => $rows]);
+} catch (Exception $e) {
+    if ($pdo->inTransaction()) $pdo->rollBack();
+    echo json_encode(['success' => false, 'message' => $e->getMessage()]);
+}
@@ -0,0 +1,105 @@
+<?php
+require_once dirname(__DIR__, 3) . '/vendor/autoload.php'; // Risale a root/vendor/
+require_once dirname(__FILE__) . '/../class/VisualLimsApiClient.class.php'; // In root/public/userarea/class/
+
+use Dotenv\Dotenv;
+
+// Debug: Log the path where we expect the .env file
+$envPath = dirname(__DIR__, 3);
+file_put_contents(__DIR__ . '/debug_log.txt', date('Y-m-d H:i:s') . ' - Expected .env path: ' . $envPath . PHP_EOL, FILE_APPEND);
+
+// Carica il file .env dalla root del progetto
+try {
+    $dotenv = Dotenv::createImmutable($envPath);
+    $dotenv->load();
+} catch (Exception $e) {
+    file_put_contents(__DIR__ . '/error_log.txt', date('Y-m-d H:i:s') . ' - Errore caricamento .env: ' . $e->getMessage() . PHP_EOL, FILE_APPEND);
+    exit(1);
+}
+
+date_default_timezone_set($_ENV['APP_TIMEZONE'] ?? 'Europe/Rome');
+
+// Recupera le variabili d'ambiente
+$dbHost = $_ENV['DB_HOST'];
+$dbName = $_ENV['DB_DATABASE'];
+$dbUser = $_ENV['DB_USERNAME'];
+$dbPass = $_ENV['DB_PASSWORD'];
+$dbPrefix = $_ENV['DB_PREFIX'];
+
+// Debug: Log database connection details (excluding password)
+file_put_contents(__DIR__ . '/debug_log.txt', date('Y-m-d H:i:s') . " - DB Connection: host=$dbHost, dbname=$dbName, user=$dbUser, prefix=$dbPrefix" . PHP_EOL, FILE_APPEND);
+
+// Connessione al database MySQL
+try {
+    $pdo = new PDO("mysql:host=$dbHost;dbname=$dbName;charset=utf8mb4", $dbUser, $dbPass);
+    $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+} catch (PDOException $e) {
+    file_put_contents(__DIR__ . '/error_log.txt', date('Y-m-d H:i:s') . ' - Errore connessione DB: ' . $e->getMessage() . PHP_EOL, FILE_APPEND);
+    exit(1);
+}
+
+try {
+    $api = VisualLimsApiClient::getInstance();
+
+    // Endpoint per recuperare le Matrici
+    $endpoint = 'Matrice';
+
+    // (Opzionale) aggiungi parametri
+    $options = []; // es. ['$top' => 100]
+
+    // Debug: salva URL usato
+    $base_url = 'https://93.43.5.102/limsapi/api/odata/';
+    $query = http_build_query($options);
+    $full_url = $base_url . $endpoint . ($query ? '?' . $query : '');
+    file_put_contents(__DIR__ . '/last_url.txt', $full_url . PHP_EOL, FILE_APPEND);
+
+    // Chiamata API
+    $data = $api->get($endpoint, $options);
+
+    // Debug: Log the API response size
+    file_put_contents(__DIR__ . '/debug_log.txt', date('Y-m-d H:i:s') . ' - API response received, value count: ' . (isset($data['value']) ? count($data['value']) : 0) . PHP_EOL, FILE_APPEND);
+
+    // Salva il JSON in locale (opzionale, per debug)
+    file_put_contents(__DIR__ . '/matrici_response.json', json_encode($data, JSON_PRETTY_PRINT));
+
+    // Svuota la tabella (dump rapido)
+    $pdo->exec("TRUNCATE TABLE {$dbPrefix}matrici");
+
+    // Debug: Log after truncate
+    file_put_contents(__DIR__ . '/debug_log.txt', date('Y-m-d H:i:s') . ' - Table truncated: ' . $dbPrefix . 'matrici' . PHP_EOL, FILE_APPEND);
+
+    // Prepara l'insert
+    $stmt = $pdo->prepare("
+           INSERT INTO {$dbPrefix}matrici (
+               IdMatrice, NomeMatriceTraduzione, DescrizioneTraduzione, MacroMatrice, NomeMatrice, Descrizione
+           ) VALUES (
+               :IdMatrice, :NomeMatriceTraduzione, :DescrizioneTraduzione, :MacroMatrice, :NomeMatrice, :Descrizione
+           )
+       ");
+
+    // Inserisci i dati
+    $insertedRows = 0;
+    if (isset($data['value']) && is_array($data['value'])) {
+        foreach ($data['value'] as $item) {
+            $stmt->execute([
+                ':IdMatrice' => $item['IdMatrice'],
+                ':NomeMatriceTraduzione' => $item['NomeMatriceTraduzione'],
+                ':DescrizioneTraduzione' => $item['DescrizioneTraduzione'] ?? null,
+                ':MacroMatrice' => $item['MacroMatrice'] ?? null,
+                ':NomeMatrice' => $item['NomeMatrice'],
+                ':Descrizione' => $item['Descrizione'] ?? null,
+            ]);
+            $insertedRows++;
+            // Debug: Log each inserted row
+            file_put_contents(__DIR__ . '/debug_log.txt', date('Y-m-d H:i:s') . ' - Inserted row with IdMatrice: ' . $item['IdMatrice'] . PHP_EOL, FILE_APPEND);
+        }
+    }
+
+    // Log successo
+    file_put_contents(__DIR__ . '/success_log.txt', date('Y-m-d H:i:s') . ' - Aggiornamento completato: ' . $insertedRows . ' record inseriti.' . PHP_EOL, FILE_APPEND);
+} catch (Exception $e) {
+    file_put_contents(__DIR__ . '/error_log.txt', date('Y-m-d H:i:s') . ' - ' . $e->getMessage() . PHP_EOL, FILE_APPEND);
+    exit(1);
+}
+
+exit(0); // Esci con successo per cron
@@ -0,0 +1 @@
+https://93.43.5.102/limsapi/api/odata/Matrice
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`https://93.43.5.102/limsapi/api/odata/Matrice`