solocla/yogiboook_new
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
yogiboook_new/public/userarea/add_user.php
solocla dda63d9711 add_user functionality
2026-01-20 09:57:44 +01:00

369 lines
17 KiB
PHP
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
// add_user.php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
include('include/headscript.php');
require_once 'class/mailer.php';
$dbHandler = DBHandlerSelect::getInstance();
$pdo = $dbHandler->getConnection();
if (!isset($iduserlogin)) {
die("Errore: utente non loggato.");
}
// 1. Recupera SOLO la scuola corrente del proprietario loggato
$stmt = $pdo->prepare("
SELECT id, name, email AS school_email
FROM schools
WHERE owner_id = ? AND status = 'active'
");
$stmt->execute([$iduserlogin]);
$school = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$school) {
die("Nessuna scuola trovata per questo proprietario.");
}
$school_id = $school['id'];
$school_name = $school['name'];
$school_email = $school['school_email'];
// 2. Messaggi di feedback
$success_message = $_GET['success'] ?? null;
$error_message = $_GET['error'] ?? null;
// 3. GESTIONE POST - Aggiungi/Collega Utente
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'add_or_link_user') {
$email = trim($_POST['email'] ?? '');
$first_name = trim($_POST['first_name'] ?? '');
$last_name = trim($_POST['last_name'] ?? '');
$phone = trim($_POST['phone'] ?? '');
// Validazioni
if (empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error_message = "Email non valida.";
} elseif (empty($first_name) || empty($last_name)) {
$error_message = "Nome e cognome obbligatori.";
} else {
// CASE 1: Verifica se utente ESISTE già (case-insensitive)
$stmt = $pdo->prepare("
SELECT id, first_name, last_name, email_verified_at, status
FROM auth_users
WHERE LOWER(email) = LOWER(?)
");
$stmt->execute([$email]);
$existingUser = $stmt->fetch(PDO::FETCH_ASSOC);
if ($existingUser) {
// ✅ UTENTE ESISTE → SOLO COLLEGA alla scuola
$user_id = $existingUser['id'];
// Verifica se è già collegato a questa scuola
$stmt = $pdo->prepare("
SELECT id FROM user_schools
WHERE user_id = ? AND school_id = ?
");
$stmt->execute([$user_id, $school_id]);
if ($stmt->fetch()) {
$error_message = "Questo utente è già associato alla tua scuola.";
} else {
// COLLEGAMENTO
$stmt = $pdo->prepare("
INSERT INTO user_schools (user_id, school_id, status, created_at, updated_at)
VALUES (?, ?, 'active', NOW(), NOW())
");
$stmt->execute([$user_id, $school_id]);
// 📧 EMAIL: "Sei stato agganciato alla scuola XXXX"
$subject = "Associato a {$school_name} - Yogibook";
$body = "
<h2>Ciao {$first_name} {$last_name},</h2>
<p>Sei stato <strong>associato alla scuola {$school_name}</strong> sulla piattaforma Yogibook.</p>
<p>Ora puoi accedere con le tue credenziali e vedere le lezioni di questa scuola.</p>
<p><strong>Login:</strong> <a href='https://app.yogiboook.com/login'>app.yogiboook.com/login</a></p>
<hr>
<p><em>Se non riconosci questa scuola, contatta: {$school_email}</em></p>
<p style='color:#666; font-size:0.9em;'>Messaggio automatico non rispondere.</p>
";
$emailResult = sendEmail($email, $subject, $body);
if ($emailResult['success']) {
$success_message = "Utente <strong>{$first_name} {$last_name}</strong> collegato con successo a {$school_name}! 📧 Email inviata.";
} else {
$error_message = "Utente collegato, ma errore email: " . $emailResult['message'];
}
}
} else {
// ❌ UTENTE NON ESISTE → CREA + link reset password
$tempPassword = bin2hex(random_bytes(16)); // Password random (inutile)
$hashedPassword = password_hash($tempPassword, PASSWORD_DEFAULT);
$stmt = $pdo->prepare("
INSERT INTO auth_users (
email, first_name, last_name, phone,
password, role_id, status,
created_at, updated_at, email_verified_at
) VALUES (?, ?, ?, ?, ?, 2, 'active', NOW(), NOW(), NULL)
");
$success = $stmt->execute([
$email,
$first_name,
$last_name,
empty($phone) ? null : $phone,
$hashedPassword
]);
if ($success) {
$user_id = $pdo->lastInsertId();
// COLLEGA alla scuola
$stmt = $pdo->prepare("
INSERT INTO user_schools (user_id, school_id, status, created_at, updated_at)
VALUES (?, ?, 'active', NOW(), NOW())
");
$stmt->execute([$user_id, $school_id]);
// 📧 EMAIL: Link diretto a reset password
$resetLink = "https://app.yogiboook.com/public/password/reset?email=" . urlencode($email);
$subject = "Benvenuto in {$school_name} - Imposta Password | Yogibook";
$body = "
<h2>Ciao {$first_name}, benvenuto in {$school_name}!</h2>
<p>La scuola ti ha invitato sulla piattaforma Yogibook.</p>
<p><strong>PRIMO PASSO OBBLIGATORIO:</strong> imposta la tua password:</p>
<p style='text-align:center; margin:40px 0;'>
<a href='{$resetLink}' style='background:#0d6efd; color:white; padding:15px 30px; text-decoration:none; border-radius:8px; font-size:16px; font-weight:bold;'>
IMPOSTA LA TUA PASSWORD
</a>
</p>
<p><small>Non funziona il link? Copia-incolla: <br><strong>{$resetLink}</strong></small></p>
<hr>
<p><strong>Login:</strong> <a href='https://app.yogiboook.com/login'>app.yogiboook.com/login</a></p>
<p><em>Contatta la scuola: {$school_email}</em></p>
<p style='color:#666; font-size:0.9em;'>Messaggio automatico non rispondere.</p>
";
$emailResult = sendEmail($email, $subject, $body);
if ($emailResult['success']) {
$success_message = "✅ Nuovo utente <strong>{$first_name} {$last_name}</strong> creato e collegato a {$school_name}! 📧 Link reset password inviato.";
} else {
$error_message = "Utente creato/collegato, ma errore email: " . $emailResult['message'];
}
} else {
$error_message = "Errore creazione utente. Riprova.";
}
}
}
}
// 4. Lista UTENTI ASSOCIATI SOLO A QUESTA SCUOLA (punto 1 ✅)
$stmt = $pdo->prepare("
SELECT
au.id, au.first_name, au.last_name, au.email, au.phone,
au.email_verified_at, au.status AS user_status,
us.status AS school_status, us.created_at
FROM user_schools us
JOIN auth_users au ON us.user_id = au.id
WHERE us.school_id = ?
ORDER BY au.last_name, au.first_name
");
$stmt->execute([$school_id]);
$schoolUsers = $stmt->fetchAll(PDO::FETCH_ASSOC);
?>
<!DOCTYPE html>
<html lang="it">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Gestione Utenti - <?= htmlspecialchars($school_name) ?></title>
<?php include('cssinclude.php'); ?>
<?php include('siteinfo.php'); ?>
</head>
<body>
<div class="wrapper">
<?php include('include/navbar.php'); ?>
<?php include('include/topbar.php'); ?>
<div class="page-wrapper">
<div class="page-content">
<div class="row">
<div class="col-12">
<div class="page-title-box d-sm-flex align-items-center justify-content-between">
<h4 class="mb-sm-0">Gestione Utenti</h4>
<div class="page-title-right">
<a href="school_dashboard.php" class="btn btn-secondary">
<i class="bx bx-arrow-back me-1"></i> Dashboard
</a>
</div>
</div>
</div>
</div>
<!-- MESSAGGI -->
<?php if ($success_message): ?>
<div class="alert alert-success alert-dismissible fade show" role="alert">
<i class="bx bx-check-circle me-2"></i>
<?= $success_message ?>
<button type="button" class="btn-close" data-bs-dismiss="alert"></button>
</div>
<?php endif; ?>
<?php if ($error_message): ?>
<div class="alert alert-danger alert-dismissible fade show" role="alert">
<i class="bx bx-error me-2"></i>
<?= htmlspecialchars($error_message) ?>
<button type="button" class="btn-close" data-bs-dismiss="alert"></button>
</div>
<?php endif; ?>
<div class="row">
<!-- FORM AGGIUNGI UTENTE -->
<div class="col-xl-6">
<div class="card radius-10">
<div class="card-header">
<h5 class="mb-0">👤 Aggiungi / Collega Utente</h5>
</div>
<div class="card-body">
<form method="POST">
<input type="hidden" name="action" value="add_or_link_user">
<div class="mb-3">
<label class="form-label fw-bold">Nome <span class="text-danger">*</span></label>
<input type="text" name="first_name" class="form-control" required
placeholder="Mario" maxlength="50">
</div>
<div class="mb-3">
<label class="form-label fw-bold">Cognome <span class="text-danger">*</span></label>
<input type="text" name="last_name" class="form-control" required
placeholder="Rossi" maxlength="50">
</div>
<div class="mb-3">
<label class="form-label fw-bold">Email <span class="text-danger">*</span></label>
<input type="email" name="email" class="form-control" required
placeholder="mario.rossi@email.com" autocomplete="email">
<div class="form-text">Se esiste già → lo collega. Altrimenti → lo crea.</div>
</div>
<div class="mb-3">
<label class="form-label">Telefono (opzionale)</label>
<input type="tel" name="phone" class="form-control"
placeholder="+39 333 1234567">
</div>
<button type="submit" class="btn btn-primary w-100">
<i class="bx bx-user-plus me-2"></i>
Aggiungi / Collega
</button>
</form>
</div>
</div>
</div>
<!-- STATS RAPIDE -->
<div class="col-xl-6">
<div class="card radius-10">
<div class="card-body text-center">
<h3 class="text-primary mb-1"><?= count($schoolUsers) ?></h3>
<p class="mb-0 text-muted">Utenti associati a <?= htmlspecialchars($school_name) ?></p>
<?php if (count($schoolUsers) > 0): ?>
<small class="text-success">
<i class="bx bx-check-circle"></i>
<?= count(array_filter($schoolUsers, fn($u) => $u['school_status'] === 'active')) ?> attivi
</small>
<?php endif; ?>
</div>
</div>
</div>
</div>
<!-- LISTA UTENTI ASSOCIATI SOLO A QUESTA SCUOLA -->
<div class="card radius-10">
<div class="card-header">
<h5 class="mb-0">👥 Utenti di <?= htmlspecialchars($school_name) ?> (<?= count($schoolUsers) ?>)</h5>
</div>
<div class="card-body">
<?php if (empty($schoolUsers)): ?>
<div class="text-center py-5 text-muted">
<i class="bx bx-user-plus fs-1 mb-3 opacity-50"></i>
<p>Nessun utente associato ancora.</p>
<p class="small">Usa il form qui sopra per aggiungerne uno!</p>
</div>
<?php else: ?>
<div class="table-responsive">
<table class="table table-hover align-middle">
<thead class="table-light">
<tr>
<th>Nome</th>
<th>Email</th>
<th>Telefono</th>
<th>Associato il</th>
<th>Stato Scuola</th>
<th>Email Verificata</th>
</tr>
</thead>
<tbody>
<?php foreach ($schoolUsers as $user): ?>
<tr>
<td>
<strong><?= htmlspecialchars($user['first_name'] . ' ' . $user['last_name']) ?></strong>
</td>
<td>
<small class="text-muted"><?= htmlspecialchars($user['email']) ?></small>
</td>
<td><?= htmlspecialchars($user['phone'] ?: '<span class="text-muted">—</span>') ?></td>
<td>
<small class="text-muted">
<?= date('d/m/Y', strtotime($user['created_at'])) ?>
</small>
</td>
<td>
<span class="badge bg-<?= $user['school_status'] === 'active' ? 'success' : 'warning' ?>">
<?= ucfirst($user['school_status']) ?>
</span>
</td>
<td>
<?= $user['email_verified_at']
? '<span class="badge bg-success"><i class="bx bx-check"></i> Sì</span>'
: '<span class="badge bg-warning">Non ancora</span>' ?>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
<?php endif; ?>
</div>
</div>
</div>
</div>
<?php include('include/footer.php'); ?>
</div>
<?php include('jsinclude.php'); ?>
<script>
// Auto-hide alerts dopo 8 secondi
setTimeout(() => {
document.querySelectorAll('.alert').forEach(alert => {
var bsAlert = new bootstrap.Alert(alert);
bsAlert.close();
});
}, 8000);
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink