change gitignore

public/propagatesingleorder.php

@@ -1,20 +1,20 @@
 <?php
+
 use PHPMailer\PHPMailer\PHPMailer;
 use PHPMailer\PHPMailer\Exception;
-?>
-<?php
-    header('Content-Type: text/html; charset=utf-8'); 
+
+header('Content-Type: text/html; charset=utf-8');
 ini_set('display_errors', '1');
 ini_set('display_startup_errors', '1');
 error_reporting(E_ALL);
 include('Connections/bkngstm.php');
-//require_once('include/headscript.php'); ?>
-<?php
+
 // take idorder
 if (isset($_GET['idorder'])) {
-$idorder = $_GET['idorder']; }
-// Crea la connessione al database
+    $idorder = $_GET['idorder'];
+}
 
+// Crea la connessione al database
 $conn = new mysqli($servername, $username, $password, $dbname);
 
 // Verifica la connessione
@@ -23,8 +23,11 @@ if ($conn->connect_error) {
 }
 
 // Seleziona i record con status 'pending' dalla tabella orderbook
-$select_query = "SELECT * FROM orderbook WHERE orderbook.idorderbook='$idorder'";
-$result = $conn->query($select_query);
+$select_query = "SELECT * FROM orderbook WHERE idorderbook = ?";
+$stmt = $conn->prepare($select_query);
+$stmt->bind_param("i", $idorder);
+$stmt->execute();
+$result = $stmt->get_result();
 
 if ($result->num_rows > 0) {
     while ($row = $result->fetch_assoc()) {
@@ -35,245 +38,225 @@ if ($result->num_rows > 0) {
         $service_id = $row["idservice"];
         $quantity_class = $row["quantityclass"];
         $ordern = $row["order_id"];
-        
+        $first_lesson_date = $row["first_lesson_date"];
 
-        
         echo "Elaborazione record con ID: $order_id, Service ID: $service_id\n";
-        
-        $user_query = "SELECT id FROM auth_users WHERE email = '$billing_email'";
-        $user_result = $conn->query($user_query);
+
+        $user_query = "SELECT id FROM auth_users WHERE email = ?";
+        $stmt_user = $conn->prepare($user_query);
+        $stmt_user->bind_param("s", $billing_email);
+        $stmt_user->execute();
+        $user_result = $stmt_user->get_result();
 
         if ($user_result->num_rows > 0) {
             $user_row = $user_result->fetch_assoc();
             $user_id = $user_row["id"];
-
-            $update_query = "UPDATE orderbook SET iduser = '$user_id' WHERE idorderbook = '$order_id'";
-            $conn->query($update_query);
+            $update_query = "UPDATE orderbook SET iduser = ? WHERE idorderbook = ?";
+            $stmt_update = $conn->prepare($update_query);
+            $stmt_update->bind_param("ii", $user_id, $order_id);
+            $stmt_update->execute();
+            $stmt_update->close();
         } else {
-             // Genera una password casuale e crea l'hash
-            $password = "YogiBook159"; // La password casuale
+            $password = "YogiBook159";
             $hashed_password = password_hash($password, PASSWORD_DEFAULT);
-            // Inserisci un nuovo utente in auth_users
             $todaydate = date('Y-m-d H:i:s');
             $insert_query = "INSERT INTO auth_users (email, password, first_name, last_name, role_id, status, created_at, avatar)
-                             VALUES ('$billing_email', '$hashed_password', '$first_name', '$last_name', 2, 'Active', '$todaydate', 'meditationb.png')";
-            $conn->query($insert_query);
-
-            // Ottieni l'ID appena inserito
+                             VALUES (?, ?, ?, ?, 2, 'Active', ?, 'meditationb.png')";
+            $stmt_insert = $conn->prepare($insert_query);
+            $stmt_insert->bind_param("sssss", $billing_email, $hashed_password, $first_name, $last_name, $todaydate);
+            $stmt_insert->execute();
             $new_user_id = $conn->insert_id;
+            $stmt_insert->close();
 
-            // Aggiorna l'ID utente nell'ordine
-            $update_query = "UPDATE orderbook SET iduser = '$new_user_id' WHERE idorderbook = '$order_id'";
-            $conn->query($update_query);
+            $update_query = "UPDATE orderbook SET iduser = ? WHERE idorderbook = ?";
+            $stmt_update = $conn->prepare($update_query);
+            $stmt_update->bind_param("ii", $new_user_id, $order_id);
+            $stmt_update->execute();
+            $stmt_update->close();
         }
+        $stmt_user->close();
     }
     echo "Aggiornamento completato con successo.";
 } else {
     echo "Nessun record con status 'pending' trovato.";
 }
+$stmt->close();
 
-
-
-//recupera servischedule
-
-// Seleziona i primi "n" record dalla tabella serviceschedule successivi al momento attuale
-$current_datetime = date("Y-m-d H:i:s");
-$service_schedule_query = "SELECT * FROM serviceschedule WHERE idservice = '$service_id' AND dateschedule >= '$current_datetime' ORDER BY dateschedule";
-$service_schedule_result = $conn->query($service_schedule_query);
+// Recupera servischedule a partire da first_lesson_date
+$service_schedule_query = "SELECT * FROM serviceschedule WHERE idservice = ? AND dateschedule >= ? ORDER BY dateschedule";
+$stmt_schedule = $conn->prepare($service_schedule_query);
+$stmt_schedule->bind_param("is", $service_id, $first_lesson_date);
+$stmt_schedule->execute();
+$service_schedule_result = $stmt_schedule->get_result();
 
 if ($service_schedule_result->num_rows > 0) {
     echo "Record per l'ordine ID: $order_id\n";
-    
-     $inserted_count = 0;  // Numero di inserimenti effettuati con successo
-    
+    $inserted_count = 0;
 
     while ($schedule_row = $service_schedule_result->fetch_assoc()) {
-    
-      if ($inserted_count >= $quantity_class) {
-          break;  // Se il numero di inserimenti riusciti è sufficiente, esci dal ciclo
+        if ($inserted_count >= $quantity_class) {
+            break;
         }
-    
         $date_schedule = $schedule_row["dateschedule"];
         $selected_user_id = isset($new_user_id) ? $new_user_id : $user_id;
-        
         $idservice = $schedule_row["idservice"];
+        $idserviceschedule = $schedule_row["idserviceschedule"];
 
-//recover number of booking
-$idserviceschedule = $schedule_row["idserviceschedule"];
+        $querychk = "SELECT * FROM bookingclass WHERE iduser = ? AND idserviceschedule = ?";
+        $stmt_chk = $conn->prepare($querychk);
+        $stmt_chk->bind_param("ii", $selected_user_id, $idserviceschedule);
+        $stmt_chk->execute();
+        $result = $stmt_chk->get_result();
 
-//check if already booked
-$querychk = "SELECT * FROM bookingclass WHERE iduser = '$user_id' AND idserviceschedule = '$idserviceschedule'";
-$result = mysqli_query($conn, $querychk);
+        if ($result->num_rows == 0) {
+            $service_maxcapacity_query = "SELECT maxcapacity FROM service WHERE idservice = ?";
+            $stmt_maxcapacity = $conn->prepare($service_maxcapacity_query);
+            $stmt_maxcapacity->bind_param("i", $idservice);
+            $stmt_maxcapacity->execute();
+            $service_maxcapacity_result = $stmt_maxcapacity->get_result();
+            $row = $service_maxcapacity_result->fetch_assoc();
+            $maxcapacity = $row['maxcapacity'];
+            $stmt_maxcapacity->close();
 
+            $bookingclass_count_query = "SELECT COUNT(*) as total_records FROM bookingclass WHERE idserviceschedule = ?";
+            $stmt_count = $conn->prepare($bookingclass_count_query);
+            $stmt_count->bind_param("i", $idserviceschedule);
+            $stmt_count->execute();
+            $bookingclass_count_result = $stmt_count->get_result();
+            $rowcount = $bookingclass_count_result->fetch_assoc();
+            $total_records = $rowcount['total_records'];
+            $stmt_count->close();
 
-if ($result) {
-    // Verifica se esiste almeno una riga nella query
-    if (mysqli_num_rows($result) == 0) {
-
-
-//recover maxcapacity
-$service_maxcapacity_query = "SELECT maxcapacity FROM service WHERE idservice = '$idservice'";
-$service_maxcapacity_result = $conn->query($service_maxcapacity_query);
-
-    $row = $service_maxcapacity_result->fetch_assoc();
-    $maxcapacity = $row['maxcapacity'];
-    
-
-
-$bookingclass_count_query = "SELECT COUNT(*) as total_records FROM bookingclass WHERE idserviceschedule = '$idserviceschedule'";
-$bookingclass_count_result = $conn->query($bookingclass_count_query);
-
-if ($bookingclass_count_result) {
-    $rowcount= $bookingclass_count_result->fetch_assoc();
-    $total_records = $rowcount['total_records'];
-
-    // Ora hai il numero totale di record con l'idserviceschedule specificato
-} else {
-    $total_records='0';
-}
-
-// Check if maxcapacity is greater than total_records before inserting
             if ($maxcapacity > $total_records) {
-
-        // Inserisci il nuovo record in bookingclass
-        $insert_booking_query = "INSERT INTO bookingclass (idserviceschedule, idservice, iduser, bookingstart,idorder)
-                                 VALUES ('{$schedule_row['idserviceschedule']}', '$service_id', '$selected_user_id', '$date_schedule', '$order_id')";
-       if ($conn->query($insert_booking_query)) {
-                echo "Inserito record in bookingclass per l'ordine ID: $order_id\n";
-                $inserted_count++;
+                $insert_booking_query = "INSERT INTO bookingclass (idserviceschedule, idservice, iduser, bookingstart, idorder)
+                                         VALUES (?, ?, ?, ?, ?)";
+                $stmt_insert_booking = $conn->prepare($insert_booking_query);
+                $stmt_insert_booking->bind_param("iiisi", $idserviceschedule, $service_id, $selected_user_id, $date_schedule, $order_id);
+                if ($stmt_insert_booking->execute()) {
+                    echo "Inserito record in bookingclass per l'ordine ID: $order_id\n";
+                    $inserted_count++;
+                } else {
+                    echo "Errore durante l'inserimento: " . $stmt_insert_booking->error . "\n";
+                }
+                $stmt_insert_booking->close();
             } else {
-                echo "Errore durante l'inserimento: " . $conn->error . "\n";
+                echo "La capacità massima è stata raggiunta. Impossibile effettuare la prenotazione.\n";
             }
-        } else {
-            echo "La capacità massima è stata raggiunta. Impossibile effettuare la prenotazione.\n";
         }
-            
-    }}
-    //brackets of while 
+        $stmt_chk->close();
     }
 
-    // Aggiorna lo status a 'booked' nella tabella orderbook
-    $update_order_status_query = "UPDATE orderbook SET status = 'booked' WHERE idorderbook = '$order_id'";
-    $conn->query($update_order_status_query);
-
+    $update_order_status_query = "UPDATE orderbook SET status = 'booked' WHERE idorderbook = ?";
+    $stmt_status = $conn->prepare($update_order_status_query);
+    $stmt_status->bind_param("i", $order_id);
+    $stmt_status->execute();
+    $stmt_status->close();
     echo "Aggiornato lo status a 'booked' per l'ordine ID: $order_id\n";
-    
-    //send email to user
-    
+
     require 'phpmailer/src/Exception.php';
-require 'phpmailer/src/PHPMailer.php';
-require 'phpmailer/src/SMTP.php';
-$name=$first_name;
-
-$messageedit="    <p style='font-size: 14px; line-height: 190%;'><span style='font-size: 18px; line-height: 34.2px;'><strong><span style='line-height: 34.2px; font-size: 18px;'> Ciao $name , </span></strong></span></p>
-<p style='font-size: 14px; line-height: 190%;'><span style='font-size: 16px; line-height: 30.4px;'>Le prenotazioni relative al tuo ultimo ordine n. $ordern sono state inserite con successo!</span></p>
-<p style='font-size: 14px; line-height: 190%;'><span style='font-size: 16px; line-height: 30.4px;'>Puoi vederle e riprogrammarle dall'indirizzo https://yogibook.yogasoul.it </span></p>
-<br>
-<p style='font-size: 14px; line-height: 190%;'><span style='font-size: 16px; line-height: 30.4px;'>Per il primo accesso devi per prima cosa resettare la password cliccando di seguito</span></p>
-<br>
-<a href='https://yogibook.yogasoul.it/public/password/reset' target='_blank' class='v-button v-font-size' style='box-sizing: border-box;display: inline-block;text-decoration: none;-webkit-text-size-adjust: none;text-align: center;color: #FFFFFF; background-color: #3AAEE0; border-radius: 4px;-webkit-border-radius: 4px; -moz-border-radius: 4px; width:auto; max-width:100%; overflow-wrap: break-word; word-break: break-word; word-wrap:break-word; mso-border-alt: none;font-size: 14px;'>
-      <span style='display:block;padding:10px 20px;line-height:120%;'><span style='line-height: 16.8px;'>Reset Password</span></span>
-    </a>
-<br>
-<br>
-<p style='font-size: 14px; line-height: 190%;'><span style='font-size: 16px; line-height: 30.4px;'>Ci vediamo sul tappetino!</span></p>
-<p style='font-size: 14px; line-height: 190%;'><span style='font-size: 16px; line-height: 30.4px;'>Il Team Yogasoul</span></p>";
-
-$buttonedit="<a href='https://yogibook.yogasoul.it/' target='_blank' class='v-button v-font-size' style='box-sizing: border-box;display: inline-block;text-decoration: none;-webkit-text-size-adjust: none;text-align: center;color: #FFFFFF; background-color: #3AAEE0; border-radius: 4px;-webkit-border-radius: 4px; -moz-border-radius: 4px; width:auto; max-width:100%; overflow-wrap: break-word; word-break: break-word; word-wrap:break-word; mso-border-alt: none;font-size: 14px;'>
-      <span style='display:block;padding:10px 20px;line-height:120%;'><span style='line-height: 16.8px;'>YogiBook - YogaSoul</span></span>
-    </a>";
-
-    //mail to client
-
-$mail = new PHPMailer(true);
-
-$mail->isSMTP();                                      // Set mailer to use SMTP
-$mail->Host = 'mail.yogasoul.it';  // Specify main and backup server
-$mail->SMTPAuth = true;                               // Enable SMTP authentication
-$mail->Username = 'info@yogasoul.it';                            // SMTP username
-$mail->Password = '!Testolina88';                           // SMTP password
-$mail->SMTPSecure = 'tls';                            // Enable encryption, 'ssl' also accepted
-$mail->Port       = '587'; 
-    
-
-include('mail/emailtemplate2.php');
-// Email body content 
-
-//$trfnmbmail=$appformn.'r'.$revnumb;
-$htmlContent = $mailmessage1; 
-    
-    
-$mail->From = 'info@yogasoul.it';
-$mail->FromName = 'YogiBook [YogaSoul]';
-$mail->addAddress($billing_email);  // Add a recipient
-    
-
-                          
-
-$mail->Subject = "YogiBook - Prenotazioni effettuate per il tuo ordine $ordern";
-$mail->Body    = $htmlContent;
-$mail->AltBody = 'This is the body in plain text for non-HTML mail clients';
-
+    require 'phpmailer/src/PHPMailer.php';
+    require 'phpmailer/src/SMTP.php';
+    $name = $first_name;
+    $messageedit = "<p style='font-size: 14px; line-height: 190%;'><span style='font-size: 18px; line-height: 34.2px;'><strong><span style='line-height: 34.2px; font-size: 18px;'> Ciao $name , </span></strong></span></p>
+                    <p style='font-size: 14px; line-height: 190%;'><span style='font-size: 16px; line-height: 30.4px;'>Le prenotazioni relative al tuo ultimo ordine n. $ordern sono state inserite con successo!</span></p>
+                    <p style='font-size: 14px; line-height: 190%;'><span style='font-size: 16px; line-height: 30.4px;'>Puoi vederle e riprogrammarle dall'indirizzo https://yogibook.yogasoul.it </span></p>
+                    <br>
+                    <p style='font-size: 14px; line-height: 190%;'><span style='font-size: 16px; line-height: 30.4px;'>Per il primo accesso devi per prima cosa resettare la password cliccando di seguito</span></p>
+                    <br>
+                    <a href='https://yogibook.yogasoul.it/public/password/reset' target='_blank' class='v-button v-font-size' style='box-sizing: border-box;display: inline-block;text-decoration: none;-webkit-text-size-adjust: none;text-align: center;color: #FFFFFF; background-color: #3AAEE0; border-radius: 4px;-webkit-border-radius: 4px; -moz-border-radius: 4px; width:auto; max-width:100%; overflow-wrap: break-word; word-break: break-word; word-wrap:break-word; mso-border-alt: none;font-size: 14px;'>
+                        <span style='display:block;padding:10px 20px;line-height:120%;'><span style='line-height: 16.8px;'>Reset Password</span></span>
+                    </a>
+                    <br>
+                    <br>
+                    <p style='font-size: 14px; line-height: 190%;'><span style='font-size: 16px; line-height: 30.4px;'>Ci vediamo sul tappetino!</span></p>
+                    <p style='font-size: 14px; line-height: 190%;'><span style='font-size: 16px; line-height: 30.4px;'>Il Team Yogasoul</span></p>";
+    $buttonedit = "<a href='https://yogibook.yogasoul.it/' target='_blank' class='v-button v-font-size' style='box-sizing: border-box;display: inline-block;text-decoration: none;-webkit-text-size-adjust: none;text-align: center;color: #FFFFFF; background-color: #3AAEE0; border-radius: 4px;-webkit-border-radius: 4px; -moz-border-radius: 4px; width:auto; max-width:100%; overflow-wrap: break-word; word-break: break-word; word-wrap:break-word; mso-border-alt: none;font-size: 14px;'>
+                    <span style='display:block;padding:10px 20px;line-height:120%;'><span style='line-height: 16.8px;'>YogiBook - YogaSoul</span></span>
+                </a>";
+    $mail = new PHPMailer(true);
+    $mail->isSMTP();
+    $mail->Host = 'mail.yogasoul.it';
+    $mail->SMTPAuth = true;
+    $mail->Username = 'info@yogasoul.it';
+    $mail->Password = '!Testolina88';
+    $mail->SMTPSecure = 'tls';
+    $mail->Port = '587';
+    include('mail/emailtemplate2.php');
+    $htmlContent = $mailmessage1;
+    $mail->From = 'info@yogasoul.it';
+    $mail->FromName = 'YogiBook [YogaSoul]';
+    $mail->addAddress($billing_email);
+    $mail->Subject = "YogiBook - Prenotazioni effettuate per il tuo ordine $ordern";
+    $mail->Body = $htmlContent;
+    $mail->AltBody = 'This is the body in plain text for non-HTML mail clients';
     $mail->send();
-    
-    //mail sent
-
-    
-    
-
-    // ... (il resto del codice come prima)
 } else {
-    echo "Nessun record di schedule futuro trovato per l'ordine ID: $order_id\n";
+    echo "Nessun record di schedule futuro trovato per l'ordine ID: $order_id a partire dalla data della prima lezione: $first_lesson_date\n";
 }
+$stmt_schedule->close();
 
-
-    // Recupera il numero di settimane da expiryparameter
-$expiry_class_query = "SELECT quantityclass FROM orderbook WHERE idorderbook = '$order_id'";
-$expiry_class_result = $conn->query($expiry_class_query);
+// Recupera il numero di settimane da expiryparameter
+$expiry_class_query = "SELECT quantityclass, first_lesson_date FROM orderbook WHERE idorderbook = ?";
+$stmt_expiry = $conn->prepare($expiry_class_query);
+$stmt_expiry->bind_param("i", $order_id);
+$stmt_expiry->execute();
+$expiry_class_result = $stmt_expiry->get_result();
 
 if ($expiry_class_result && $expiry_class_result->num_rows > 0) {
     $row = $expiry_class_result->fetch_assoc();
     $quantity_class = $row['quantityclass'];
+    $first_lesson_date = $row['first_lesson_date'];
 
-    $expiry_weeks_query = "SELECT expiryweeks FROM expiryparameter WHERE quantityclass = '$quantity_class'";
-    $expiry_weeks_result = $conn->query($expiry_weeks_query);
+    $expiry_weeks_query = "SELECT expiryweeks FROM expiryparameter WHERE quantityclass = ?";
+    $stmt_expiry_weeks = $conn->prepare($expiry_weeks_query);
+    $stmt_expiry_weeks->bind_param("i", $quantity_class);
+    $stmt_expiry_weeks->execute();
+    $expiry_weeks_result = $stmt_expiry_weeks->get_result();
 
     if ($expiry_weeks_result && $expiry_weeks_result->num_rows > 0) {
         $expiry_row = $expiry_weeks_result->fetch_assoc();
         $expiry_weeks = $expiry_row['expiryweeks'];
 
-        // Aggiorna la colonna expireon in orderbook
-        $update_expiry_query = "UPDATE orderbook SET expireon = DATE_ADD(order_date_created, INTERVAL $expiry_weeks WEEK) WHERE idorderbook = '$order_id'";
-        $conn->query($update_expiry_query);
+        // Aggiorna la colonna expireon in orderbook basandosi su first_lesson_date
+        $update_expiry_query = "UPDATE orderbook SET expireon = DATE_ADD(first_lesson_date, INTERVAL ? WEEK) WHERE idorderbook = ?";
+        $stmt_update_expiry = $conn->prepare($update_expiry_query);
+        $stmt_update_expiry->bind_param("ii", $expiry_weeks, $order_id);
+        $stmt_update_expiry->execute();
+        $stmt_update_expiry->close();
 
-   echo "Aggiornata la colonna expireon per l'ordine ID: $order_id\n";
+        echo "Aggiornata la colonna expireon per l'ordine ID: $order_id\n";
     } else {
         echo "Nessun record trovato in expiryparameter per quantityclass: $quantity_class\n";
     }
+    $stmt_expiry_weeks->close();
 } else {
     echo "Nessun record trovato in orderbook per l'ordine ID: $order_id\n";
 }
+$stmt_expiry->close();
 
 // Recupera il numero da expiryparameter per maxreschedule
-$reschedule_number_query = "SELECT reschedulenumber FROM expiryparameter WHERE quantityclass = '$quantity_class'";
-$reschedule_number_result = $conn->query($reschedule_number_query);
+$reschedule_number_query = "SELECT reschedulenumber FROM expiryparameter WHERE quantityclass = ?";
+$stmt_reschedule = $conn->prepare($reschedule_number_query);
+$stmt_reschedule->bind_param("i", $quantity_class);
+$stmt_reschedule->execute();
+$reschedule_number_result = $stmt_reschedule->get_result();
 
 if ($reschedule_number_result && $reschedule_number_result->num_rows > 0) {
     $reschedule_row = $reschedule_number_result->fetch_assoc();
     $reschedule_number = $reschedule_row['reschedulenumber'];
 
-    // Aggiorna la colonna maxreschedule in orderbook
-    $update_max_reschedule_query = "UPDATE orderbook SET maxreschedule = '$reschedule_number' WHERE idorderbook = '$order_id'";
-    $conn->query($update_max_reschedule_query);
+    $update_max_reschedule_query = "UPDATE orderbook SET maxreschedule = ? WHERE idorderbook = ?";
+    $stmt_max_reschedule = $conn->prepare($update_max_reschedule_query);
+    $stmt_max_reschedule->bind_param("ii", $reschedule_number, $order_id);
+    $stmt_max_reschedule->execute();
+    $stmt_max_reschedule->close();
 
     echo "Aggiornata la colonna maxreschedule per l'ordine ID: $order_id\n";
     header("Location: orderbooklist.php");
     exit();
-    
 } else {
     echo "Nessun record trovato in expiryparameter per quantityclass: $quantity_class\n";
 }
+$stmt_reschedule->close();
 
-// Chiudi la connessione al database
 $conn->close();
-?>