getConnection(); $userId = (int)($iduserlogin ?? 0); if ($userId <= 0) { die('Utente non valido.'); } if (session_status() === PHP_SESSION_NONE) { session_start(); } if (empty($_SESSION['user_settings_csrf'])) { $_SESSION['user_settings_csrf'] = bin2hex(random_bytes(32)); } $csrfToken = $_SESSION['user_settings_csrf']; $successMessage = ''; $errorMessage = ''; // Load countries. $countries = []; try { $stmtCountries = $pdo->query(" SELECT id, name, iso_3166_2 FROM auth_countries ORDER BY name ASC "); $countries = $stmtCountries->fetchAll(PDO::FETCH_ASSOC); } catch (Exception $e) { $countries = []; } // Load current user. $stmtProfileUser = $pdo->prepare(" SELECT id, email, password, first_name, last_name, phone, avatar, address, country_id, birthday, role_id, status, last_login FROM auth_users WHERE id = ? LIMIT 1 "); $stmtProfileUser->execute([$userId]); $profileUser = $stmtProfileUser->fetch(PDO::FETCH_ASSOC); if (!$profileUser) { die('Utente non trovato.'); } function e($value) { return htmlspecialchars((string)$value, ENT_QUOTES, 'UTF-8'); } function normalizeAvatarPath($avatar) { $avatar = trim((string)$avatar); if ($avatar === '') { return ''; } // If the database already contains a complete relative path, use it as it is. if ( str_starts_with($avatar, '../') || str_starts_with($avatar, './') || str_starts_with($avatar, '/') || str_starts_with($avatar, 'http://') || str_starts_with($avatar, 'https://') ) { return $avatar; } // If the database contains only the filename, build the expected user upload path. return '../upload/users/' . $avatar; } function getAvatarInitials($profileUser) { $first = trim((string)($profileUser['first_name'] ?? '')); $last = trim((string)($profileUser['last_name'] ?? '')); $email = trim((string)($profileUser['email'] ?? '')); $initials = ''; if ($first !== '') { $initials .= mb_substr($first, 0, 1); } if ($last !== '') { $initials .= mb_substr($last, 0, 1); } if ($initials === '' && $email !== '') { $initials = mb_substr($email, 0, 1); } return strtoupper($initials ?: 'U'); } if ($_SERVER['REQUEST_METHOD'] === 'POST') { $postedToken = $_POST['csrf_token'] ?? ''; if (!hash_equals($csrfToken, $postedToken)) { $errorMessage = 'Sessione non valida. Ricarica la pagina e riprova.'; } else { $email = trim($_POST['email'] ?? ''); $firstName = trim($_POST['first_name'] ?? ''); $lastName = trim($_POST['last_name'] ?? ''); $phone = trim($_POST['phone'] ?? ''); $address = trim($_POST['address'] ?? ''); $countryId = $_POST['country_id'] !== '' ? (int)$_POST['country_id'] : null; $birthday = trim($_POST['birthday'] ?? ''); $currentPassword = $_POST['current_password'] ?? ''; $newPassword = $_POST['new_password'] ?? ''; $confirmPassword = $_POST['confirm_password'] ?? ''; $birthdayValue = null; $avatarToSave = $profileUser['avatar']; if ($birthday !== '') { $dateObj = DateTime::createFromFormat('Y-m-d', $birthday); if (!$dateObj || $dateObj->format('Y-m-d') !== $birthday) { $errorMessage = 'La data di nascita non è valida.'; } else { $birthdayValue = $birthday; } } if (!$errorMessage && $email === '') { $errorMessage = 'L’email è obbligatoria.'; } if (!$errorMessage && !filter_var($email, FILTER_VALIDATE_EMAIL)) { $errorMessage = 'L’email inserita non è valida.'; } // Check unique email. if (!$errorMessage) { $stmtCheckEmail = $pdo->prepare(" SELECT id FROM auth_users WHERE email = ? AND id <> ? LIMIT 1 "); $stmtCheckEmail->execute([$email, $userId]); if ($stmtCheckEmail->fetchColumn()) { $errorMessage = 'Questa email è già utilizzata da un altro utente.'; } } // Avatar upload. if (!$errorMessage && isset($_FILES['avatar']) && $_FILES['avatar']['error'] !== UPLOAD_ERR_NO_FILE) { if ($_FILES['avatar']['error'] !== UPLOAD_ERR_OK) { $errorMessage = 'Errore durante il caricamento dell’avatar.'; } else { $maxFileSize = 2 * 1024 * 1024; // 2 MB if ($_FILES['avatar']['size'] > $maxFileSize) { $errorMessage = 'L’avatar non può superare 2 MB.'; } else { $tmpFile = $_FILES['avatar']['tmp_name']; $originalName = $_FILES['avatar']['name']; $allowedMimeTypes = [ 'image/jpeg' => 'jpg', 'image/png' => 'png', 'image/webp' => 'webp', 'image/gif' => 'gif', ]; $finfo = new finfo(FILEINFO_MIME_TYPE); $mimeType = $finfo->file($tmpFile); if (!array_key_exists($mimeType, $allowedMimeTypes)) { $errorMessage = 'Formato avatar non valido. Sono consentiti JPG, PNG, WEBP o GIF.'; } else { $uploadDir = __DIR__ . '/../upload/users/'; if (!is_dir($uploadDir)) { mkdir($uploadDir, 0755, true); } $extension = $allowedMimeTypes[$mimeType]; $safeOriginalName = preg_replace('/[^A-Za-z0-9_\-\.]/', '_', pathinfo($originalName, PATHINFO_FILENAME)); $fileName = time() . '_' . $userId . '_' . $safeOriginalName . '.' . $extension; $destination = $uploadDir . $fileName; if (!move_uploaded_file($tmpFile, $destination)) { $errorMessage = 'Impossibile salvare il file avatar.'; } else { // Path used by pages inside userarea, for example: // $avatarToSave = $fileName; } } } } } $passwordToSave = null; $wantsPasswordChange = ($currentPassword !== '' || $newPassword !== '' || $confirmPassword !== ''); if (!$errorMessage && $wantsPasswordChange) { if ($currentPassword === '') { $errorMessage = 'Inserisci la password attuale.'; } elseif ($newPassword === '') { $errorMessage = 'Inserisci la nuova password.'; } elseif (strlen($newPassword) < 8) { $errorMessage = 'La nuova password deve contenere almeno 8 caratteri.'; } elseif ($newPassword !== $confirmPassword) { $errorMessage = 'La conferma password non corrisponde.'; } elseif (!password_verify($currentPassword, $profileUser['password'])) { $errorMessage = 'La password attuale non è corretta.'; } else { // Password is encrypted before saving. $passwordToSave = password_hash($newPassword, PASSWORD_DEFAULT); } } if (!$errorMessage) { try { $pdo->beginTransaction(); $stmtUpdate = $pdo->prepare(" UPDATE auth_users SET email = :email, first_name = :first_name, last_name = :last_name, phone = :phone, avatar = :avatar, address = :address, country_id = :country_id, birthday = :birthday, updated_at = NOW() WHERE id = :id LIMIT 1 "); $stmtUpdate->execute([ ':email' => $email, ':first_name' => $firstName !== '' ? $firstName : null, ':last_name' => $lastName !== '' ? $lastName : null, ':phone' => $phone !== '' ? $phone : null, ':avatar' => $avatarToSave !== '' ? $avatarToSave : null, ':address' => $address !== '' ? $address : null, ':country_id' => $countryId, ':birthday' => $birthdayValue, ':id' => $userId, ]); if ($passwordToSave !== null) { $stmtPassword = $pdo->prepare(" UPDATE auth_users SET password = ?, updated_at = NOW() WHERE id = ? LIMIT 1 "); $stmtPassword->execute([$passwordToSave, $userId]); } $pdo->commit(); $successMessage = $passwordToSave !== null ? 'Profilo, avatar e password aggiornati correttamente.' : 'Profilo aggiornato correttamente.'; // Reload updated user. $stmtProfileUser->execute([$userId]); $profileUser = $stmtProfileUser->fetch(PDO::FETCH_ASSOC); $_SESSION['user_settings_csrf'] = bin2hex(random_bytes(32)); $csrfToken = $_SESSION['user_settings_csrf']; } catch (Exception $e) { if ($pdo->inTransaction()) { $pdo->rollBack(); } $errorMessage = 'Errore durante il salvataggio delle impostazioni.'; } } } } $avatarPath = normalizeAvatarPath($profileUser['avatar'] ?? ''); ?> Impostazioni Utente <?= htmlspecialchars($titlewebsite, ENT_QUOTES, 'UTF-8'); ?>

Impostazioni Utente

👤

Profilo personale

Dati anagrafici, contatti e avatar utente

Ruolo, stato account e impostazioni di sicurezza avanzate non sono modificabili da questa pagina.
user avatar

Formati consentiti: JPG, PNG, WEBP, GIF.
Dimensione massima: 2 MB.
Stato account:
Ultimo accesso:
🔐

Cambio password

Compila questa sezione solo se vuoi modificare la password

Se lasci questi campi vuoti, la password attuale rimane invariata. La nuova password deve avere almeno 8 caratteri.
← Torna alla dashboard