fix

2025-12-03 18:35:21 +01:00
commit 4e41ca9bf7
22 changed files with 4836 additions and 0 deletions
--- a/login.php
+++ b/login.php
@@ -0,0 +1,148 @@
+<?php
+/**
+ * Pagina di Login
+ * 
+ * Permette agli utenti di accedere alla piattaforma
+ */
+
+require_once 'includes/config.php';
+require_once 'includes/functions.php';
+
+session_start();
+
+// Se l'utente è già loggato, reindirizza
+if (is_logged_in()) {
+    if (is_admin()) {
+        header('Location: admin/dashboard.php');
+    } else {
+        header('Location: user/dashboard.php');
+    }
+    exit;
+}
+
+// Variabili per il form
+$email = '';
+$error = '';
+
+// Processa il form se inviato
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $email = sanitize_input($_POST['email'] ?? '');
+    $password = $_POST['password'] ?? '';
+    
+    // Validazione
+    if (empty($email) || empty($password)) {
+        $error = 'Inserisci email e password';
+    } elseif (!validate_email($email)) {
+        $error = 'Email non valida';
+    } else {
+        // Cerca l'utente nel database
+        $user = get_user_by_email($email);
+        
+        if ($user && verify_password($password, $user['password'])) {
+            // Password corretta - effettua il login
+            
+            // Aggiorna data ultimo accesso
+            $pdo = get_db_connection();
+            $stmt = $pdo->prepare("UPDATE users SET last_login = NOW() WHERE id = ?");
+            $stmt->execute([$user['id']]);
+            
+            // Log attività
+            $stmt = $pdo->prepare("
+                INSERT INTO activity_log (user_id, action, description, ip_address, user_agent, created_at) 
+                VALUES (?, 'login', 'Utente ha effettuato il login', ?, ?, NOW())
+            ");
+            $stmt->execute([
+                $user['id'],
+                $_SERVER['REMOTE_ADDR'] ?? null,
+                $_SERVER['HTTP_USER_AGENT'] ?? null
+            ]);
+            
+            // Imposta la sessione
+            login_user($user['id'], $user['is_admin']);
+            
+            // Reindirizza alla pagina appropriata
+            if (isset($_SESSION['redirect_after_login'])) {
+                $redirect = $_SESSION['redirect_after_login'];
+                unset($_SESSION['redirect_after_login']);
+                header("Location: $redirect");
+            } elseif ($user['is_admin']) {
+                header('Location: admin/dashboard.php');
+            } else {
+                header('Location: user/dashboard.php');
+            }
+            exit;
+            
+        } else {
+            $error = 'Email o password non corretti';
+        }
+    }
+}
+?>
+<!DOCTYPE html>
+<html lang="it">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Login - Pilates Platform</title>
+    <link rel="stylesheet" href="assets/css/style.css">
+</head>
+<body>
+    <div class="container-sm" style="padding-top: 3rem;">
+        <div class="card">
+            <div class="text-center mb-3">
+                <h1 class="logo">Pilates Studio</h1>
+            </div>
+            
+            <h2 class="card-header text-center">Accedi al tuo account</h2>
+            
+            <?php if ($error): ?>
+                <div class="alert alert-error">
+                    <?php echo htmlspecialchars($error); ?>
+                </div>
+            <?php endif; ?>
+            
+            <form method="POST" action="">
+                <div class="form-group">
+                    <label for="email" class="form-label">Email</label>
+                    <input 
+                        type="email" 
+                        id="email" 
+                        name="email" 
+                        class="form-control" 
+                        value="<?php echo htmlspecialchars($email); ?>"
+                        required
+                        autofocus
+                    >
+                </div>
+                
+                <div class="form-group">
+                    <label for="password" class="form-label">Password</label>
+                    <input 
+                        type="password" 
+                        id="password" 
+                        name="password" 
+                        class="form-control" 
+                        required
+                    >
+                </div>
+                
+                <button type="submit" class="btn btn-primary btn-large" style="width: 100%;">
+                    Accedi
+                </button>
+            </form>
+            
+            <div class="text-center mt-2">
+                <p class="text-muted">
+                    <a href="forgot_password.php">Hai dimenticato la password?</a>
+                </p>
+                <p class="text-muted">
+                    Non hai un account? <a href="register.php"><strong>Registrati</strong></a>
+                </p>
+                <p class="mt-2">
+                    <a href="index.php">← Torna alla home</a>
+                </p>
+            </div>
+        </div>
+    </div>
+</body>
+</html>