user profile

public/userarea/ajax/employee_profile/save_personal.php

@@ -0,0 +1,116 @@
+<?php
+require_once(__DIR__ . '/../hr_auth_check.php');
+
+header('Content-Type: application/json');
+
+if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+    http_response_code(405);
+    echo json_encode(['success' => false, 'message' => 'Metodo non consentito.']);
+    exit;
+}
+
+$pdo = DBHandlerSelect::getInstance()->getConnection();
+
+$employeeId    = (int)($_POST['employee_id'] ?? 0);
+$firstName     = trim($_POST['first_name'] ?? '');
+$lastName      = trim($_POST['last_name'] ?? '');
+$employeeCode  = trim($_POST['employee_code'] ?? '');
+$address       = trim($_POST['address'] ?? '');
+$phone         = trim($_POST['phone'] ?? '');
+$email         = trim($_POST['email'] ?? '');
+$hireDate      = trim($_POST['hire_date'] ?? '');
+$departmentId  = $_POST['department_id'] ?? '';
+$jobRoleId     = $_POST['job_role_id'] ?? '';
+$status        = trim($_POST['status'] ?? '');
+$authUserId    = $_POST['auth_user_id'] ?? '';
+$roleId        = $_POST['role_id'] ?? '';
+
+if ($employeeId <= 0) {
+    echo json_encode(['success' => false, 'message' => 'ID dipendente non valido.']);
+    exit;
+}
+if ($firstName === '' || $lastName === '') {
+    echo json_encode(['success' => false, 'message' => 'Nome e cognome sono obbligatori.']);
+    exit;
+}
+
+$allowedStatus = ['active', 'inactive', 'suspended'];
+if (!in_array($status, $allowedStatus, true)) {
+    $status = 'active';
+}
+
+$departmentId = ($departmentId === '' || $departmentId === null) ? null : (int)$departmentId;
+$jobRoleId    = ($jobRoleId    === '' || $jobRoleId    === null) ? null : (int)$jobRoleId;
+$authUserId   = ($authUserId   === '' || $authUserId   === null) ? null : (int)$authUserId;
+$roleId       = ($roleId       === '' || $roleId       === null) ? null : (int)$roleId;
+$hireDate     = $hireDate === '' ? null : $hireDate;
+
+if ($email !== '' && !filter_var($email, FILTER_VALIDATE_EMAIL)) {
+    echo json_encode(['success' => false, 'message' => 'Email non valida.']);
+    exit;
+}
+
+if ($employeeCode !== '') {
+    $check = $pdo->prepare("SELECT COUNT(*) FROM employees WHERE employee_code = :code AND id <> :id");
+    $check->execute(['code' => $employeeCode, 'id' => $employeeId]);
+    if ((int)$check->fetchColumn() > 0) {
+        echo json_encode(['success' => false, 'message' => 'Codice dipendente già in uso.']);
+        exit;
+    }
+}
+
+if ($authUserId !== null) {
+    $check = $pdo->prepare("SELECT COUNT(*) FROM employees WHERE auth_user_id = :uid AND id <> :id");
+    $check->execute(['uid' => $authUserId, 'id' => $employeeId]);
+    if ((int)$check->fetchColumn() > 0) {
+        echo json_encode(['success' => false, 'message' => 'Questo utente è già associato ad un altro dipendente.']);
+        exit;
+    }
+}
+
+try {
+    $stmt = $pdo->prepare("
+        UPDATE employees
+        SET first_name    = :first_name,
+            last_name     = :last_name,
+            employee_code = :employee_code,
+            address       = :address,
+            phone         = :phone,
+            email         = :email,
+            hire_date     = :hire_date,
+            department_id = :department_id,
+            job_role_id   = :job_role_id,
+            status        = :status,
+            auth_user_id  = :auth_user_id,
+            updated_at    = NOW()
+        WHERE id = :id
+    ");
+    $stmt->execute([
+        'first_name'    => $firstName,
+        'last_name'     => $lastName,
+        'employee_code' => $employeeCode !== '' ? $employeeCode : null,
+        'address'       => $address !== '' ? $address : null,
+        'phone'         => $phone !== '' ? $phone : null,
+        'email'         => $email !== '' ? $email : null,
+        'hire_date'     => $hireDate,
+        'department_id' => $departmentId,
+        'job_role_id'   => $jobRoleId,
+        'status'        => $status,
+        'auth_user_id'  => $authUserId,
+        'id'            => $employeeId,
+    ]);
+
+    // Optionally update Vanguard role for the linked auth_user
+    if ($authUserId !== null && $roleId !== null) {
+        $check = $pdo->prepare("SELECT COUNT(*) FROM auth_roles WHERE id = ?");
+        $check->execute([$roleId]);
+        if ((int)$check->fetchColumn() > 0) {
+            $upd = $pdo->prepare("UPDATE auth_users SET role_id = :role_id, updated_at = NOW() WHERE id = :uid");
+            $upd->execute(['role_id' => $roleId, 'uid' => $authUserId]);
+        }
+    }
+
+    echo json_encode(['success' => true]);
+} catch (Exception $e) {
+    echo json_encode(['success' => false, 'message' => $e->getMessage()]);
+}