Project/profilo.php at main · ProgettoTecWeb24/Project · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
<?php

$title = "Il tuo profilo - CorsaIdeale";
$description = "Gestisci le impostazioni del tuo profilo oppure le scarpe che salvate e recensite.";
$keywords = "profilo,utente,ruolo,account,recensioni,preferiti,impostazioni";

require_once('dbconnection.php');
session_start();

use Conn\DbConnection;
setlocale(LC_ALL, 'it_IT');

if (!empty($_SESSION['username'])) {
    $connection = new DbConnection();
    if (!$connection->startDbConnection()) {
        die("Connessione al database fallita.");
    }

    // Gestione logout
    if (isset($_POST['logout'])) {
        session_unset();
        session_destroy();
        session_abort();
        header("Location: index.php");
        exit();
    }

    $error = "";
    // Salvataggio impostazioni profilo
    if(isset($_POST['salvaImpos'])){
        if(!empty($_POST['newUser'])){
            $newUser = $_POST['newUser'];
            if (preg_match('/^[a-z0-9_.]{1,15}$/', $newUser)) {
                $qSalva = "UPDATE UTENTE SET username = '" . $newUser . "', ruolo =? WHERE username ='" . $_SESSION['username'] . "'";
                $modifica = $connection->prepareAndExecute($qSalva, 's', $_POST['kmsett']);
                $_SESSION['username'] = $newUser;
            } else {
                $error= "Il nome utente non valido";
            }
        } else {
            $qSalva = "UPDATE UTENTE SET ruolo =? WHERE username ='" . $_SESSION['username'] . "'";
            $modifica = $connection->prepareAndExecute($qSalva, 's', $_POST['kmsett']);
        }
    }

    if(isset($_POST['deleteUser'])){
        $qDelete = "DELETE FROM UTENTE WHERE username ='" . $_SESSION['username'] . "'";
        $elimina = $connection->query($qDelete);
        session_destroy();
        session_abort();
        header("Location: index.php");
        exit();
    }

    include "header.php";
    $HTMLpage = file_get_contents('HTML/profilo.html');
    $HTMLpage = str_replace("{error_text}", $error , $HTMLpage);

    $HTMLpage = str_replace("{user}", $_SESSION['username'], $HTMLpage);

    $qCategoria = "SELECT ruolo
                    FROM UTENTE
                    WHERE username ='" . $_SESSION['username'] . "'";
    $categorie = $connection->query($qCategoria);

    if (!empty($categorie)) {
        foreach ($categorie as $categoria) {
            $HTMLpage = str_replace('<option value="'. $categoria['ruolo'] . '"', '<option value="'. $categoria['ruolo'] . '" selected', $HTMLpage);
        }
    }

    echo $HTMLpage;
    $connection->endDbConnection();
    include "footer.php";
} else {
    $connection->endDbConnection();
    header('Location: accedi.php');
    die();
}
?>