pilates-platform/user/profile.php

<?php
/**
 * Profilo Utente
 * 
 * Permette all'utente di visualizzare e modificare i propri dati
 */

require_once '../includes/config.php';
require_once '../includes/functions.php';

session_start();
check_session_timeout();
require_login();

$user_id = $_SESSION['user_id'];
$user = get_user_by_id($user_id);

$error = '';
$success = false;

// Processa aggiornamento profilo
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['update_profile'])) {
    $first_name = sanitize_input($_POST['first_name'] ?? '');
    $last_name = sanitize_input($_POST['last_name'] ?? '');
    $email = sanitize_input($_POST['email'] ?? '');
    $phone = sanitize_input($_POST['phone'] ?? '');
    
    if (empty($first_name) || empty($last_name) || empty($email)) {
        $error = 'Nome, cognome ed email sono obbligatori';
    } elseif (!validate_email($email)) {
        $error = 'Email non valida';
    } else {
        // Verifica se l'email è già usata da un altro utente
        $pdo = get_db_connection();
        $stmt = $pdo->prepare("SELECT id FROM users WHERE email = ? AND id != ?");
        $stmt->execute([$email, $user_id]);
        
        if ($stmt->fetch()) {
            $error = 'Questa email è già in uso';
        } else {
            // Aggiorna profilo
            $stmt = $pdo->prepare("
                UPDATE users 
                SET first_name = ?, last_name = ?, email = ?, phone = ?, updated_at = NOW() 
                WHERE id = ?
            ");
            
            if ($stmt->execute([$first_name, $last_name, $email, $phone, $user_id])) {
                $success = true;
                $user = get_user_by_id($user_id); // Ricarica dati
                set_flash_message('success', 'Profilo aggiornato con successo!');
            } else {
                $error = 'Errore durante l\'aggiornamento';
            }
        }
    }
}

// Processa cambio password
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['change_password'])) {
    $current_password = $_POST['current_password'] ?? '';
    $new_password = $_POST['new_password'] ?? '';
    $confirm_password = $_POST['confirm_password'] ?? '';
    
    if (empty($current_password) || empty($new_password)) {
        $error = 'Inserisci la password attuale e la nuova password';
    } elseif (!verify_password($current_password, $user['password'])) {
        $error = 'Password attuale non corretta';
    } elseif (strlen($new_password) < 6) {
        $error = 'La nuova password deve essere di almeno 6 caratteri';
    } elseif ($new_password !== $confirm_password) {
        $error = 'Le password non corrispondono';
    } else {
        $pdo = get_db_connection();
        $hashed_password = hash_password($new_password);
        
        $stmt = $pdo->prepare("UPDATE users SET password = ?, updated_at = NOW() WHERE id = ?");
        
        if ($stmt->execute([$hashed_password, $user_id])) {
            set_flash_message('success', 'Password cambiata con successo!');
            header('Location: profile.php');
            exit;
        } else {
            $error = 'Errore durante il cambio password';
        }
    }
}

?>
<!DOCTYPE html>
<html lang="it">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Profilo - Pilates Platform</title>
    <link rel="stylesheet" href="../assets/css/style.css">
</head>
<body>
    <header class="header">
        <div class="container">
            <div class="header-content">
                <?php if (file_exists('../uploads/images/logo.png')): ?>
                    <div class="logo">
                        <img src="../uploads/images/logo.png" alt="Pilates Studio" class="logo-image">
                    </div>
                <?php else: ?>
                    <h1 class="logo">Pilates Studio</h1>
                <?php endif; ?>
                <nav class="nav">
                    <a href="../index.php" class="btn btn-outline">Home</a>
                    <a href="dashboard.php" class="btn btn-secondary">Le Mie Lezioni</a>
                    <a href="../includes/logout.php" class="btn btn-outline">Logout</a>
                </nav>
            </div>
        </div>
    </header>

    <div class="container">
        <div class="dashboard">
            <!-- Sidebar -->
            <aside class="sidebar">
                <ul class="sidebar-menu">
                    <li><a href="dashboard.php">📚 Le Mie Lezioni</a></li>
                    <li><a href="catalog.php">🔍 Catalogo</a></li>
                    <li><a href="profile.php" class="active">⚙️ Profilo</a></li>
                </ul>
            </aside>

            <!-- Main Content -->
            <main class="main-content">
                <h2 class="section-title" style="text-align: left;">Il Mio Profilo</h2>
                
                <?php echo display_flash_message(); ?>
                
                <?php if ($error): ?>
                    <div class="alert alert-error"><?php echo htmlspecialchars($error); ?></div>
                <?php endif; ?>

                <!-- Form Dati Personali -->
                <div class="card">
                    <h3 class="card-header">Dati Personali</h3>
                    <form method="POST" action="">
                        <div class="form-group">
                            <label for="first_name" class="form-label">Nome</label>
                            <input type="text" id="first_name" name="first_name" class="form-control" 
                                   value="<?php echo htmlspecialchars($user['first_name']); ?>" required>
                        </div>
                        
                        <div class="form-group">
                            <label for="last_name" class="form-label">Cognome</label>
                            <input type="text" id="last_name" name="last_name" class="form-control" 
                                   value="<?php echo htmlspecialchars($user['last_name']); ?>" required>
                        </div>
                        
                        <div class="form-group">
                            <label for="email" class="form-label">Email</label>
                            <input type="email" id="email" name="email" class="form-control" 
                                   value="<?php echo htmlspecialchars($user['email']); ?>" required>
                        </div>
                        
                        <div class="form-group">
                            <label for="phone" class="form-label">Telefono (opzionale)</label>
                            <input type="tel" id="phone" name="phone" class="form-control" 
                                   value="<?php echo htmlspecialchars($user['phone'] ?? ''); ?>">
                        </div>
                        
                        <button type="submit" name="update_profile" class="btn btn-primary">
                            Aggiorna Profilo
                        </button>
                    </form>
                </div>

                <!-- Form Cambio Password -->
                <div class="card">
                    <h3 class="card-header">Cambia Password</h3>
                    <form method="POST" action="">
                        <div class="form-group">
                            <label for="current_password" class="form-label">Password Attuale</label>
                            <input type="password" id="current_password" name="current_password" 
                                   class="form-control" required>
                        </div>
                        
                        <div class="form-group">
                            <label for="new_password" class="form-label">Nuova Password</label>
                            <input type="password" id="new_password" name="new_password" 
                                   class="form-control" required minlength="6">
                        </div>
                        
                        <div class="form-group">
                            <label for="confirm_password" class="form-label">Conferma Nuova Password</label>
                            <input type="password" id="confirm_password" name="confirm_password" 
                                   class="form-control" required minlength="6">
                        </div>
                        
                        <button type="submit" name="change_password" class="btn btn-primary">
                            Cambia Password
                        </button>
                    </form>
                </div>

                <!-- Info Account -->
                <div class="card">
                    <h3 class="card-header">Informazioni Account</h3>
                    <p><strong>Registrato il:</strong> <?php echo format_date($user['created_at']); ?></p>
                    <?php if ($user['last_login']): ?>
                        <p><strong>Ultimo accesso:</strong> <?php echo format_datetime($user['last_login']); ?></p>
                    <?php endif; ?>
                </div>
            </main>
        </div>
    </div>

    <script src="../assets/js/main.js"></script>
</body>
</html>