solocla/yogiboook_new
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

api settings user e school

Browse Source
This commit is contained in:
Claudio 2026-01-18 11:30:56 +01:00
parent c62d93c3db
commit 3fb512e713
5 changed files with 395 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
public/userarea/api/api_school_settings.php Normal file
View File

@ -0,0 +1,108 @@
<?php
declare(strict_types=1);
require_once __DIR__ . '/_bootstrap.php'; // $pdo, $iduserlogin
try {
$school_id = isset($_GET['school_id']) ? (int)$_GET['school_id'] : 0;
if ($school_id <= 0) {
http_response_code(422);
echo json_encode(['success' => false, 'message' => 'Missing school_id']);
exit;
}
// --- Security: user must be active in this school ---
$chk = $pdo->prepare("
SELECT 1
FROM user_schools us
JOIN schools s ON s.id = us.school_id
WHERE us.user_id = ?
AND us.school_id = ?
AND us.status = 'active'
AND s.status = 'active'
LIMIT 1
");
$chk->execute([$iduserlogin, $school_id]);
if (!$chk->fetchColumn()) {
http_response_code(403);
echo json_encode(['success' => false, 'message' => 'Forbidden: user not allowed for this school']);
exit;
}
// --- Defaults (same as your include) ---
$defaults = [
'portal_purchases_enabled' => 1,
'allowed_product_types' => 'subscription,carnet,drop_in',
'payment_methods' => 'manual',
'currency_code' => 'EUR',
'enable_notifications' => 1,
'allow_freeze_global' => 1,
'freeze_max_days_global' => 30,
'auto_propagate_on_purchase' => 1,
'allow_full_access_rebooking' => 1,
// Add here any other defaults you want to guarantee
];
// --- Load settings row ---
$stmt = $pdo->prepare("
SELECT *
FROM school_settings
WHERE school_id = ?
LIMIT 1
");
$stmt->execute([$school_id]);
$settings = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$settings) {
// Create row with defaults (only school_id is required by your schema)
$ins = $pdo->prepare("INSERT INTO school_settings (school_id) VALUES (?)");
$ins->execute([$school_id]);
// Reload
$stmt = $pdo->prepare("SELECT * FROM school_settings WHERE school_id = ? LIMIT 1");
$stmt->execute([$school_id]);
$settings = $stmt->fetch(PDO::FETCH_ASSOC) ?: [];
}
// Merge defaults (fallback for NULL / missing fields)
$schoolSettings = array_merge($defaults, $settings);
// Ensure arrays
$paymentMethods = array_values(array_filter(array_map('trim', explode(',', (string)($schoolSettings['payment_methods'] ?? '')))));
$productTypes = array_values(array_filter(array_map('trim', explode(',', (string)($schoolSettings['allowed_product_types'] ?? '')))));
$schoolSettings['payment_methods_array'] = $paymentMethods;
$schoolSettings['allowed_product_types_array'] = $productTypes;
// Optional: cast some known int flags to int (helps Flutter)
foreach (
[
'portal_purchases_enabled',
'enable_notifications',
'allow_freeze_global',
'freeze_max_days_global',
'auto_propagate_on_purchase',
'allow_full_access_rebooking'
] as $k
) {
if (isset($schoolSettings[$k])) {
$schoolSettings[$k] = is_numeric($schoolSettings[$k]) ? (int)$schoolSettings[$k] : $schoolSettings[$k];
}
}
echo json_encode([
'success' => true,
'school_id' => $school_id,
'settings' => $schoolSettings
], JSON_UNESCAPED_UNICODE);
} catch (Throwable $e) {
http_response_code(500);
echo json_encode([
'success' => false,
'message' => 'Server error.',
'error' => $e->getMessage()
]);
}

80
public/userarea/api/api_user_settings.php Normal file
View File

@ -0,0 +1,80 @@
<?php
declare(strict_types=1);
require_once __DIR__ . '/_bootstrap.php'; // $pdo, $iduserlogin
try {
$user_id = (int)$iduserlogin;
if ($user_id <= 0) {
http_response_code(401);
echo json_encode(['success' => false, 'message' => 'Unauthorized']);
exit;
}
$defaults = [
'notify_email' => 1,
'notify_whatsapp' => 0,
'notify_push' => 0,
'notify_booking_confirm' => 1,
'notify_booking_cancel' => 1,
'notify_session_cancel' => 1,
'notify_payment_receipt' => 1,
'notify_expiration_reminder' => 1,
'newsletter_opt_in' => 0,
'marketing_opt_in' => 0,
'locale' => 'it',
'timezone' => 'Europe/Rome',
];
$stmt = $pdo->prepare("
SELECT *
FROM user_settings
WHERE user_id = ?
LIMIT 1
");
$stmt->execute([$user_id]);
$settings = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$settings) {
// Create row with defaults (user_id only required by your schema)
$ins = $pdo->prepare("INSERT INTO user_settings (user_id) VALUES (?)");
$ins->execute([$user_id]);
// Reload
$stmt = $pdo->prepare("SELECT * FROM user_settings WHERE user_id = ? LIMIT 1");
$stmt->execute([$user_id]);
$settings = $stmt->fetch(PDO::FETCH_ASSOC) ?: [];
}
$userSettings = array_merge($defaults, $settings);
// Cast numeric flags to int for Flutter
foreach (
[
'notify_email',
'notify_whatsapp',
'notify_push',
'notify_booking_confirm',
'notify_booking_cancel',
'notify_session_cancel',
'notify_payment_receipt',
'notify_expiration_reminder',
'newsletter_opt_in',
'marketing_opt_in',
] as $k
) {
if (isset($userSettings[$k])) {
$userSettings[$k] = is_numeric($userSettings[$k]) ? (int)$userSettings[$k] : $userSettings[$k];
}
}
echo json_encode([
'success' => true,
'user_id' => $user_id,
'settings' => $userSettings
], JSON_UNESCAPED_UNICODE);
} catch (Throwable $e) {
http_response_code(500);
echo json_encode(['success' => false, 'message' => 'Server error.', 'error' => $e->getMessage()]);
}

70
public/userarea/api/api_user_settings_update.php Normal file
View File

@ -0,0 +1,70 @@
<?php
declare(strict_types=1);
require_once __DIR__ . '/_bootstrap.php'; // $pdo, $iduserlogin
try {
if (strtoupper($_SERVER['REQUEST_METHOD'] ?? '') !== 'POST') {
http_response_code(405);
echo json_encode(['success' => false, 'message' => 'Method not allowed. Use POST.']);
exit;
}
$user_id = (int)$iduserlogin;
$raw = file_get_contents('php://input');
$data = json_decode($raw ?: '', true);
if (!is_array($data)) $data = $_POST;
// Whitelist fields you allow to be updated
$allowed = [
'notify_email',
'notify_whatsapp',
'notify_push',
'notify_booking_confirm',
'notify_booking_cancel',
'notify_session_cancel',
'notify_payment_receipt',
'notify_expiration_reminder',
'newsletter_opt_in',
'marketing_opt_in',
'locale',
'timezone',
];
$updates = [];
$params = [];
foreach ($allowed as $field) {
if (array_key_exists($field, $data)) {
$val = $data[$field];
// Normalize booleans/numbers for tinyint fields
if (is_bool($val)) $val = $val ? 1 : 0;
$updates[] = "{$field} = ?";
$params[] = $val;
}
}
if (empty($updates)) {
http_response_code(422);
echo json_encode(['success' => false, 'message' => 'No valid fields to update.']);
exit;
}
// Ensure row exists
$pdo->prepare("INSERT IGNORE INTO user_settings (user_id) VALUES (?)")->execute([$user_id]);
$params[] = $user_id;
$sql = "UPDATE user_settings SET " . implode(', ', $updates) . " WHERE user_id = ?";
$stmt = $pdo->prepare($sql);
$stmt->execute($params);
echo json_encode(['success' => true]);
} catch (Throwable $e) {
http_response_code(500);
echo json_encode(['success' => false, 'message' => 'Server error.', 'error' => $e->getMessage()]);
}

67
public/userarea/include/navbar.php
View File

@ -1,3 +1,45 @@
<?php
// Recupera logo e nome scuola corrente (da sessione)
$school_logo_path = null;
$school_display_name = 'Nessuna scuola selezionata';
if (!empty($_SESSION['school_id'])) {
$school_id = (int)$_SESSION['school_id'];
$stmt_school = $pdo->prepare("SELECT name, logo FROM schools WHERE id = ?");
$stmt_school->execute([$school_id]);
$current_school = $stmt_school->fetch(PDO::FETCH_ASSOC);
if ($current_school) {
$school_display_name = $current_school['name'];
$logoRaw = trim($current_school['logo'] ?? '');
if (!empty($logoRaw)) {
$physicalPath = __DIR__ . '/../' . $logoRaw; // adatta path se necessario
if (file_exists($physicalPath)) {
$school_logo_path = '/' . $logoRaw; // path web root-relative
}
}
}
}
?>
<style>
.school-info {
background: #f8f9fa;
border-bottom: 1px solid #dee2e6;
}
.school-info img {
box-shadow: 0 2px 8px rgba(0, 0, 0, 0.1);
}
.school-info .fw-bold {
color: #343a40;
white-space: nowrap;
overflow: hidden;
text-overflow: ellipsis;
}
</style>
<div class="sidebar-wrapper" data-simplebar="true">
<div class="sidebar-header">
<div>
@ -11,6 +53,25 @@
</div>
<!--navigation-->
<ul class="metismenu" id="menu">
<!-- Logo e nome scuola corrente -->
<!-- Logo e nome scuola corrente (rettangolare, naturale) -->
<div class="school-info text-center py-3 px-2 border-bottom">
<?php if ($logoRaw): ?>
<img src="<?= htmlspecialchars($logoRaw) ?>"
alt="Logo <?= htmlspecialchars($school_display_name) ?>"
class="img-fluid mb-2"
style="max-height: 80px; width: auto; object-fit: contain; border-radius: 8px; border: 1px solid #e9ecef; box-shadow: 0 2px 6px rgba(0,0,0,0.08);">
<?php else: ?>
<div class="bg-light d-inline-block p-3 mb-2 rounded-3" style="width: 60px; height: 60px;">
<i class="bx bx-building-house bx-md text-muted"></i>
</div>
<?php endif; ?>
<div class="fw-bold text-truncate" style="font-size: 1rem; max-width: 180px; margin: 0 auto;">
<?= htmlspecialchars($school_display_name) ?>
</div>
</div>
<li class="menu-label">Utente</li>
<li>
<a href="user_dashboard.php">
@ -18,6 +79,12 @@
<div class="menu-title">Dashboard Utente</div>
</a>
</li>
<li>
<a href="my_lessons.php">
<div class="parent-icon"><i class="bx bx-store"></i></div>
<div class="menu-title">Le mie prenotazioni</div>
</a>
</li>
<li>
<a href="my_certificates.php">
<div class="parent-icon"><i class="bx bx-store"></i></div>

70
public/userarea/include/user_settings_loader.php Normal file
View File

@ -0,0 +1,70 @@
<?php
// include/user_settings_loader.php
// Evita inclusioni multiple
if (defined('USER_SETTINGS_LOADED')) return;
define('USER_SETTINGS_LOADED', true);
global $userSettings; // o usa $_SESSION['user_settings'] se preferisci
$user_id = (int)($iduserlogin ?? $_SESSION['iduserlogin'] ?? 0);
if ($user_id <= 0) {
// Utente non loggato → valori di default minimi/sicuri
$userSettings = [
'notify_email' => 1,
'notify_whatsapp' => 0,
'notify_push' => 0,
'notify_booking_confirm' => 1,
'notify_booking_cancel' => 1,
'notify_session_cancel' => 1,
'notify_payment_receipt' => 1,
'notify_expiration_reminder' => 1,
'newsletter_opt_in' => 0,
'marketing_opt_in' => 0,
'locale' => 'it',
'timezone' => 'Europe/Rome',
];
} else {
$pdo = DBHandlerSelect::getInstance()->getConnection();
$stmt = $pdo->prepare("
SELECT *
FROM user_settings
WHERE user_id = ?
LIMIT 1
");
$stmt->execute([$user_id]);
$settings = $stmt->fetch(PDO::FETCH_ASSOC);
if ($settings) {
$userSettings = $settings;
} else {
// Utente senza impostazioni → crea record con default
$stmt_insert = $pdo->prepare("
INSERT INTO user_settings (user_id) VALUES (?)
");
$stmt_insert->execute([$user_id]);
// Ricarica dopo insert
$stmt = $pdo->prepare("SELECT * FROM user_settings WHERE user_id = ? LIMIT 1");
$stmt->execute([$user_id]);
$userSettings = $stmt->fetch(PDO::FETCH_ASSOC) ?: [];
}
// Fallback per campi che potrebbero essere NULL o mancanti
$userSettings = array_merge([
'notify_email' => 1,
'notify_whatsapp' => 0,
'notify_push' => 0,
'notify_booking_confirm' => 1,
'notify_booking_cancel' => 1,
'notify_session_cancel' => 1,
'notify_payment_receipt' => 1,
'notify_expiration_reminder' => 1,
'newsletter_opt_in' => 0,
'marketing_opt_in' => 0,
'locale' => 'it',
'timezone' => 'Europe/Rome',
], $userSettings);
}