From 0265af9dd2cb1f075dbc9d8c3b25f7f57045f326 Mon Sep 17 00:00:00 2001
From: Vichingo455 <vichingo455@gmail.com>
Date: Wed, 1 Oct 2025 16:55:28 +0200
Subject: [PATCH] Change password feature (maybe)

---
 README.md                       |  1 +
 docker-compose.yml              |  4 --
 htdocs/admin/changepassword.php | 81 +++++++++++++++++++++++++++++++++
 htdocs/admin/index.php          |  5 ++
 htdocs/admin/login.php          |  1 +
 htdocs/admin/login.php.keycloak |  1 +
 6 files changed, 89 insertions(+), 4 deletions(-)
 create mode 100644 htdocs/admin/changepassword.php

diff --git a/README.md b/README.md
index a5a3b3f..ed9bdfc 100644
--- a/README.md
+++ b/README.md
@@ -86,6 +86,7 @@ curl -fsSL https://get.docker.com | bash
 ```bash
 git clone https://git.vichingo455.freeddns.org/emmev-code/orario
 cd orario
+git checkout dev # richiesto per passare alla versione di sviluppo
 docker compose up -d
 ```
 3. Il container dovrebbe diventare disponibile su ``http://localhost:8080``
diff --git a/docker-compose.yml b/docker-compose.yml
index b2ee898..6b1597a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,5 +1,3 @@
-version: "3.8"
-
 services:
   web:
     build: .
@@ -9,7 +7,6 @@ services:
     depends_on:
       - db
     restart: unless-stopped
-
   db:
     image: mariadb:11
     container_name: orario-db
@@ -22,6 +19,5 @@ services:
     volumes:
       - db_data:/var/lib/mysql
       - ./schema.sql:/docker-entrypoint-initdb.d/init.sql:ro
-
 volumes:
   db_data:
\ No newline at end of file
diff --git a/htdocs/admin/changepassword.php b/htdocs/admin/changepassword.php
new file mode 100644
index 0000000..ddec263
--- /dev/null
+++ b/htdocs/admin/changepassword.php
@@ -0,0 +1,81 @@
+<?php
+session_start();
+include("../db.php");
+
+if (!isset($_SESSION['admin']) || $_SESSION['auth_type'] != 'local') {
+    header("Location: login.php");
+    exit;
+}
+
+$message = '';
+
+if ($_SERVER["REQUEST_METHOD"] === "POST") {
+    $old = $_POST['old_password'];
+    $new = $_POST['new_password'];
+    $confirm = $_POST['confirm_password'];
+    $user = $_SESSION['admin'];
+
+    if ($new !== $confirm) {
+        $message = "Le nuove password non coincidono.";
+    } else {
+        // Recupera hash password attuale
+        $stmt = $conn->prepare("SELECT password FROM admins WHERE username = ?");
+        $stmt->bind_param("s", $user);
+        $stmt->execute();
+        $res = $stmt->get_result();
+        $row = $res->fetch_assoc();
+
+        if ($row && password_verify($old, $row['password'])) {
+            $newHash = password_hash($new, PASSWORD_DEFAULT);
+            $stmt = $conn->prepare("UPDATE admins SET password = ? WHERE username = ?");
+            $stmt->bind_param("ss", $newHash, $user);
+            $stmt->execute();
+            $message = "Password cambiata con successo.";
+        } else {
+            $message = "Password attuale errata.";
+        }
+    }
+}
+?>
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Cambia Password</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <link rel="stylesheet" href="style.css">
+</head>
+<body>
+
+<div class="navbar">
+    <div class="logo">Admin Dashboard</div>
+    <div class="links">
+        <a href="index.php">Dashboard</a>
+        <a href="logout.php">Logout</a>
+    </div>
+</div>
+
+<div class="admin-container">
+    <h1>Cambia Password</h1>
+    <?php if ($message): ?>
+        <p style="color:<?php echo strpos($message,'successo')!==false ? 'green':'red'; ?>;"><?php echo $message; ?></p>
+    <?php endif; ?>
+
+    <form method="POST">
+        <label>Password attuale:<br>
+            <input type="password" name="old_password" required>
+        </label><br><br>
+
+        <label>Nuova password:<br>
+            <input type="password" name="new_password" required>
+        </label><br><br>
+
+        <label>Conferma nuova password:<br>
+            <input type="password" name="confirm_password" required>
+        </label><br><br>
+
+        <button type="submit">Cambia password</button>
+    </form>
+</div>
+
+</body>
+</html>
diff --git a/htdocs/admin/index.php b/htdocs/admin/index.php
index 47ca433..52a0c56 100644
--- a/htdocs/admin/index.php
+++ b/htdocs/admin/index.php
@@ -29,6 +29,11 @@ if (!isset($_SESSION['admin'])) {
       <a href="classes.php">Gestisci Classi</a>
       <a href="subjects.php">Gestisci Materie</a>
       <a href="timetable.php">Gestisci Orario</a>
+      <?php
+      if ($_SESSION['auth_type'] === 'local') {
+        echo '<a href="changepassword.php">Cambia Password</a>';
+      }
+      ?>
       <!--<a href="logout.php">Logout</a>-->
     </p>
     <p>
diff --git a/htdocs/admin/login.php b/htdocs/admin/login.php
index e579ea4..5c8a773 100644
--- a/htdocs/admin/login.php
+++ b/htdocs/admin/login.php
@@ -12,6 +12,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
     if ($row = $res->fetch_assoc()) {
         if (password_verify($password, $row['password'])) {
             $_SESSION['admin'] = $row['username'];
+            $_SESSION['auth_type'] = 'local';
             header("Location: index.php");
             exit;
         }
diff --git a/htdocs/admin/login.php.keycloak b/htdocs/admin/login.php.keycloak
index 8347efc..ee100e4 100644
--- a/htdocs/admin/login.php.keycloak
+++ b/htdocs/admin/login.php.keycloak
@@ -14,5 +14,6 @@ $oidc->setRedirectURL('https://<APP_DOMAIN>/admin/login.php');
 $oidc->authenticate();
 $userinfo = $oidc->getVerifiedClaims();
 $_SESSION['admin'] = $userinfo->preferred_username;
+$_SESSION['auth_type'] = 'keycloak';
 header("Location: index.php");
 exit;