diff --git a/public/userarea/api/api_school_settings.php b/public/userarea/api/api_school_settings.php new file mode 100644 index 0000000..40dbaed --- /dev/null +++ b/public/userarea/api/api_school_settings.php @@ -0,0 +1,108 @@ + false, 'message' => 'Missing school_id']); + exit; + } + + // --- Security: user must be active in this school --- + $chk = $pdo->prepare(" + SELECT 1 + FROM user_schools us + JOIN schools s ON s.id = us.school_id + WHERE us.user_id = ? + AND us.school_id = ? + AND us.status = 'active' + AND s.status = 'active' + LIMIT 1 + "); + $chk->execute([$iduserlogin, $school_id]); + + if (!$chk->fetchColumn()) { + http_response_code(403); + echo json_encode(['success' => false, 'message' => 'Forbidden: user not allowed for this school']); + exit; + } + + // --- Defaults (same as your include) --- + $defaults = [ + 'portal_purchases_enabled' => 1, + 'allowed_product_types' => 'subscription,carnet,drop_in', + 'payment_methods' => 'manual', + 'currency_code' => 'EUR', + 'enable_notifications' => 1, + 'allow_freeze_global' => 1, + 'freeze_max_days_global' => 30, + 'auto_propagate_on_purchase' => 1, + 'allow_full_access_rebooking' => 1, + // Add here any other defaults you want to guarantee + ]; + + // --- Load settings row --- + $stmt = $pdo->prepare(" + SELECT * + FROM school_settings + WHERE school_id = ? + LIMIT 1 + "); + $stmt->execute([$school_id]); + $settings = $stmt->fetch(PDO::FETCH_ASSOC); + + if (!$settings) { + // Create row with defaults (only school_id is required by your schema) + $ins = $pdo->prepare("INSERT INTO school_settings (school_id) VALUES (?)"); + $ins->execute([$school_id]); + + // Reload + $stmt = $pdo->prepare("SELECT * FROM school_settings WHERE school_id = ? LIMIT 1"); + $stmt->execute([$school_id]); + $settings = $stmt->fetch(PDO::FETCH_ASSOC) ?: []; + } + + // Merge defaults (fallback for NULL / missing fields) + $schoolSettings = array_merge($defaults, $settings); + + // Ensure arrays + $paymentMethods = array_values(array_filter(array_map('trim', explode(',', (string)($schoolSettings['payment_methods'] ?? ''))))); + $productTypes = array_values(array_filter(array_map('trim', explode(',', (string)($schoolSettings['allowed_product_types'] ?? ''))))); + + $schoolSettings['payment_methods_array'] = $paymentMethods; + $schoolSettings['allowed_product_types_array'] = $productTypes; + + // Optional: cast some known int flags to int (helps Flutter) + foreach ( + [ + 'portal_purchases_enabled', + 'enable_notifications', + 'allow_freeze_global', + 'freeze_max_days_global', + 'auto_propagate_on_purchase', + 'allow_full_access_rebooking' + ] as $k + ) { + if (isset($schoolSettings[$k])) { + $schoolSettings[$k] = is_numeric($schoolSettings[$k]) ? (int)$schoolSettings[$k] : $schoolSettings[$k]; + } + } + + echo json_encode([ + 'success' => true, + 'school_id' => $school_id, + 'settings' => $schoolSettings + ], JSON_UNESCAPED_UNICODE); +} catch (Throwable $e) { + http_response_code(500); + echo json_encode([ + 'success' => false, + 'message' => 'Server error.', + 'error' => $e->getMessage() + ]); +} diff --git a/public/userarea/api/api_user_settings.php b/public/userarea/api/api_user_settings.php new file mode 100644 index 0000000..fb0b773 --- /dev/null +++ b/public/userarea/api/api_user_settings.php @@ -0,0 +1,80 @@ + false, 'message' => 'Unauthorized']); + exit; + } + + $defaults = [ + 'notify_email' => 1, + 'notify_whatsapp' => 0, + 'notify_push' => 0, + 'notify_booking_confirm' => 1, + 'notify_booking_cancel' => 1, + 'notify_session_cancel' => 1, + 'notify_payment_receipt' => 1, + 'notify_expiration_reminder' => 1, + 'newsletter_opt_in' => 0, + 'marketing_opt_in' => 0, + 'locale' => 'it', + 'timezone' => 'Europe/Rome', + ]; + + $stmt = $pdo->prepare(" + SELECT * + FROM user_settings + WHERE user_id = ? + LIMIT 1 + "); + $stmt->execute([$user_id]); + $settings = $stmt->fetch(PDO::FETCH_ASSOC); + + if (!$settings) { + // Create row with defaults (user_id only required by your schema) + $ins = $pdo->prepare("INSERT INTO user_settings (user_id) VALUES (?)"); + $ins->execute([$user_id]); + + // Reload + $stmt = $pdo->prepare("SELECT * FROM user_settings WHERE user_id = ? LIMIT 1"); + $stmt->execute([$user_id]); + $settings = $stmt->fetch(PDO::FETCH_ASSOC) ?: []; + } + + $userSettings = array_merge($defaults, $settings); + + // Cast numeric flags to int for Flutter + foreach ( + [ + 'notify_email', + 'notify_whatsapp', + 'notify_push', + 'notify_booking_confirm', + 'notify_booking_cancel', + 'notify_session_cancel', + 'notify_payment_receipt', + 'notify_expiration_reminder', + 'newsletter_opt_in', + 'marketing_opt_in', + ] as $k + ) { + if (isset($userSettings[$k])) { + $userSettings[$k] = is_numeric($userSettings[$k]) ? (int)$userSettings[$k] : $userSettings[$k]; + } + } + + echo json_encode([ + 'success' => true, + 'user_id' => $user_id, + 'settings' => $userSettings + ], JSON_UNESCAPED_UNICODE); +} catch (Throwable $e) { + http_response_code(500); + echo json_encode(['success' => false, 'message' => 'Server error.', 'error' => $e->getMessage()]); +} diff --git a/public/userarea/api/api_user_settings_update.php b/public/userarea/api/api_user_settings_update.php new file mode 100644 index 0000000..123c04f --- /dev/null +++ b/public/userarea/api/api_user_settings_update.php @@ -0,0 +1,70 @@ + false, 'message' => 'Method not allowed. Use POST.']); + exit; + } + + $user_id = (int)$iduserlogin; + + $raw = file_get_contents('php://input'); + $data = json_decode($raw ?: '', true); + if (!is_array($data)) $data = $_POST; + + // Whitelist fields you allow to be updated + $allowed = [ + 'notify_email', + 'notify_whatsapp', + 'notify_push', + 'notify_booking_confirm', + 'notify_booking_cancel', + 'notify_session_cancel', + 'notify_payment_receipt', + 'notify_expiration_reminder', + 'newsletter_opt_in', + 'marketing_opt_in', + 'locale', + 'timezone', + ]; + + $updates = []; + $params = []; + + foreach ($allowed as $field) { + if (array_key_exists($field, $data)) { + $val = $data[$field]; + + // Normalize booleans/numbers for tinyint fields + if (is_bool($val)) $val = $val ? 1 : 0; + + $updates[] = "{$field} = ?"; + $params[] = $val; + } + } + + if (empty($updates)) { + http_response_code(422); + echo json_encode(['success' => false, 'message' => 'No valid fields to update.']); + exit; + } + + // Ensure row exists + $pdo->prepare("INSERT IGNORE INTO user_settings (user_id) VALUES (?)")->execute([$user_id]); + + $params[] = $user_id; + + $sql = "UPDATE user_settings SET " . implode(', ', $updates) . " WHERE user_id = ?"; + $stmt = $pdo->prepare($sql); + $stmt->execute($params); + + echo json_encode(['success' => true]); +} catch (Throwable $e) { + http_response_code(500); + echo json_encode(['success' => false, 'message' => 'Server error.', 'error' => $e->getMessage()]); +} diff --git a/public/userarea/include/navbar.php b/public/userarea/include/navbar.php index 13895f6..11f87e5 100644 --- a/public/userarea/include/navbar.php +++ b/public/userarea/include/navbar.php @@ -1,3 +1,45 @@ +prepare("SELECT name, logo FROM schools WHERE id = ?"); + $stmt_school->execute([$school_id]); + $current_school = $stmt_school->fetch(PDO::FETCH_ASSOC); + + if ($current_school) { + $school_display_name = $current_school['name']; + + $logoRaw = trim($current_school['logo'] ?? ''); + if (!empty($logoRaw)) { + $physicalPath = __DIR__ . '/../' . $logoRaw; // adatta path se necessario + if (file_exists($physicalPath)) { + $school_logo_path = '/' . $logoRaw; // path web root-relative + } + } + } +} +?> +
@@ -11,6 +53,25 @@