emmev-code/orario
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixing untested code with more untested code

Browse Source 
Interamente fatto con Claude AI Pro, se ne vedranno delle belle...
This commit is contained in:
Curry141
2025-10-29 18:42:15 +01:00
parent f561aa8de5
commit 70c7c0d6b9
4 changed files with 237 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
htdocs/admin/subjects.php
View File

@@ -3,20 +3,47 @@ session_start();
if (!isset($_SESSION['admin'])) { header("Location: login.php"); exit; }
include("../lib/db.php");
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['name'])) {
// FIX: Usa prepared statements per sicurezza
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['name']) && !isset($_POST['update'])) {
$name = $_POST['name'];
$teacher = $_POST['teacher'];
$room = $_POST['room'];
if (!empty($name)) {
$conn->query("INSERT INTO subjects (name,teacher,room) VALUES ('$name','$teacher','$room')");
if (!empty($name)) {
$stmt = $conn->prepare("INSERT INTO subjects (name, teacher, room) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $name, $teacher, $room);
$stmt->execute();
$stmt->close();
}
header("Location: subjects.php"); exit;
header("Location: subjects.php");
exit;
}
// FIX: Aggiunto redirect dopo update
if(isset($_POST['update'])){
$id = intval($_POST['id']);
$name = $_POST['name'];
$teacher = $_POST['teacher'];
$room = $_POST['room'];
$stmt = $conn->prepare("UPDATE subjects SET name=?, teacher=?, room=? WHERE id=?");
$stmt->bind_param("sssi", $name, $teacher, $room, $id);
$stmt->execute();
$stmt->close();
header("Location: subjects.php");
exit;
}
// FIX: Usa prepared statement anche per delete
if (isset($_GET['delete'])) {
$id = intval($_GET['delete']);
$conn->query("DELETE FROM subjects WHERE id=$id");
header("Location: subjects.php"); exit;
$stmt = $conn->prepare("DELETE FROM subjects WHERE id=?");
$stmt->bind_param("i", $id);
$stmt->execute();
$stmt->close();
header("Location: subjects.php");
exit;
}
?>
<!DOCTYPE html>
@@ -41,50 +68,50 @@ if (isset($_GET['delete'])) {
<h1>Gestisci Materie</h1>
<a href="index.php" class="back-link">⬅ Torna al Dashboard</a>
<?php
// Mostra form di modifica solo se richiesto
if(isset($_GET['edit'])){
$id = intval($_GET['edit']);
$stmt = $conn->prepare("SELECT * FROM subjects WHERE id=?");
$stmt->bind_param("i", $id);
$stmt->execute();
$res = $stmt->get_result();
if($res->num_rows > 0){
$subject = $res->fetch_assoc();
?>
<h3>Modifica materia</h3>
<form method="post" action="subjects.php">
<input type="hidden" name="id" value="<?php echo $subject['id']; ?>">
<label>Materia:</label>
<input type="text" name="name" value="<?php echo htmlspecialchars($subject['name']); ?>" required><br>
<label>Docente:</label>
<input type="text" name="teacher" value="<?php echo htmlspecialchars($subject['teacher']); ?>" required><br>
<label>Aula (opzionale):</label>
<input type="text" name="room" value="<?php echo htmlspecialchars($subject['room']); ?>"><br>
<button type="submit" name="update">Salva modifiche</button>
<a href="subjects.php" style="margin-left: 10px;">Annulla</a>
</form>
<hr>
<?php
}
$stmt->close();
}
?>
<h2>Aggiungi Nuova Materia</h2>
<form method="POST">
<input type="text" name="name" placeholder="Materia" required>
<input type="text" name="teacher" placeholder="Docente" required>
<input type="text" name="room" placeholder="Laboratorio (opzionale)">
<button type="submit">Aggiungi</button>
</form>
<?php
// 1. Aggiornamento dati
if(isset($_POST['update'])){
$id = intval($_POST['id']);
$name = $conn->real_escape_string($_POST['name']);
$teacher = $conn->real_escape_string($_POST['teacher']);
$room = $conn->real_escape_string($_POST['room']);
$conn->query("UPDATE subjects
SET name='$name', teacher='$teacher', room='$room'
WHERE id=$id");
}
// 2. Mostrare il form se edit richiesto
if(isset($_GET['edit'])){
$id = intval($_GET['edit']);
$res = $conn->query("SELECT * FROM subjects WHERE id=$id");
if($res->num_rows > 0){
$subject = $res->fetch_assoc();
?>
<h3>Modifica materia</h3>
<form method="post" action="subjects.php">
<input type="hidden" name="id" value="<?php echo $subject['id']; ?>">
<label>Materia:</label>
<input type="text" name="name" value="<?php echo htmlspecialchars($subject['name']); ?>"><br>
<label>Docente:</label>
<input type="text" name="teacher" value="<?php echo htmlspecialchars($subject['teacher']); ?>"><br>
<label>Aula:</label>
<input type="text" name="room" value="<?php echo htmlspecialchars($subject['room']); ?>"><br>
<button type="submit" name="update">Salva modifiche</button>
</form>
<?php
}
}
?>
<h2>Elenco Materie</h2>
<table>
<tr>
<th>ID</th>
@@ -98,12 +125,12 @@ if(isset($_GET['edit'])){
while($row=$res->fetch_assoc()){
echo "<tr>
<td>{$row['id']}</td>
<td>{$row['name']}</td>
<td>{$row['teacher']}</td>
<td>{$row['room']}</td>
<td>" . htmlspecialchars($row['name']) . "</td>
<td>" . htmlspecialchars($row['teacher']) . "</td>
<td>" . htmlspecialchars($row['room']) . "</td>
<td>
<a href='subjects.php?edit={$row['id']}' class='edit-link'>Modifica</a> |
<a href='subjects.php?delete={$row['id']}' class='delete-link'>Elimina</a>
<a href='subjects.php?delete={$row['id']}' class='delete-link' onclick='return confirm(\"Sei sicuro di voler eliminare questa materia?\")'>Elimina</a>
</td>
</tr>";
}

64
htdocs/docenti.php
View File

@@ -1,6 +1,5 @@
<?php
include("lib/db.php");
$teacher = $_GET['teacher'];
$days = ["Lunedì","Martedì","Mercoledì","Giovedì","Venerdì","Sabato"];
$hours = [
1 => "Prima ora<br>7:50 - 8:50",
@@ -10,16 +9,19 @@ $hours = [
5 => "Quinta ora<br>11:55 - 12:50",
6 => "Sesta ora<br>12:50 - 13:50"
];
if ($teacher == "No Lezione" || $teacher == "sconosciuto") {
header("Location: index.php");
exit;
}
else if (!isset($_GET['teacher'])) {
if (!isset($_GET['teacher'])) {
header("Location: index.php");
exit;
}
$teacher = $conn->real_escape_string($_GET['teacher']);
if ($teacher == "No Lezione" || $teacher == "sconosciuto") {
header("Location: index.php");
exit;
}
$res = $conn->query("SELECT DISTINCT teacher FROM subjects WHERE teacher = '$teacher' LIMIT 1");
if ($res->num_rows === 0) {
@@ -42,8 +44,11 @@ if ($res->num_rows === 0) {
<a href="index.php">Home</a>
</div>
</div>
<h1>Orario docente <?php echo htmlspecialchars($teacher); ?></h1>
<table>
<!-- Visualizzazione Desktop -->
<table class="desktop-schedule">
<tr>
<th></th>
<?php foreach($days as $d) echo "<th>$d</th>"; ?>
@@ -59,10 +64,12 @@ if ($res->num_rows === 0) {
WHERE subjects.teacher='$teacher' AND timetable.day='$d' AND timetable.hour=$hnum");
if($row = $q->fetch_assoc()){
echo "<td data-label='$d'>
<div class='subject'>{$row['name']}</div>
<div class='teacher'>{$row['class_name']}</div>
<div class='room'>{$row['room']}</div>
</td>";
<div class='subject'>" . htmlspecialchars($row['name']) . "</div>
<div class='teacher'>" . htmlspecialchars($row['class_name']) . "</div>";
if(!empty($row['room'])) {
echo "<div class='room'>" . htmlspecialchars($row['room']) . "</div>";
}
echo "</td>";
} else {
echo "<td data-label='$d'></td>";
}
@@ -71,6 +78,41 @@ if ($res->num_rows === 0) {
}
?>
</table>
<!-- FIX: Visualizzazione Mobile aggiunta -->
<div class="mobile-schedule">
<?php foreach($days as $d): ?>
<div class="day">
<h2><?= htmlspecialchars($d) ?></h2>
<?php
foreach($hours as $hnum => $hlabel):
$q = $conn->query("SELECT subjects.name, classes.name AS class_name, subjects.room
FROM timetable
LEFT JOIN subjects ON timetable.subject_id = subjects.id
LEFT JOIN classes ON timetable.class_id = classes.id
WHERE subjects.teacher='$teacher' AND timetable.day='$d' AND timetable.hour=$hnum");
if($row = $q->fetch_assoc()):
?>
<div class="lesson">
<div class="hour"><?= strip_tags($hlabel) ?></div>
<div class="subject"><?= htmlspecialchars($row['name']) ?></div>
<div class="teacher"><?= htmlspecialchars($row['class_name']) ?></div>
<?php if(!empty($row['room'])): ?>
<div class="room"><?= htmlspecialchars($row['room']) ?></div>
<?php endif; ?>
</div>
<?php else: ?>
<div class="lesson empty">
<div class="hour"><?= strip_tags($hlabel) ?></div>
<div class="subject">—</div>
</div>
<?php endif; ?>
<?php endforeach; ?>
</div>
<?php endforeach; ?>
</div>
<p style="text-align: center;">Copyright (C) 2025 EmmeV. - Released under <a href="https://git.vichingo455.freeddns.org/emmev-code/orario/src/branch/stable/LICENSE.txt" target="_blank">GNU AGPL 3.0 License</a>.</p>
</body>
</html>

67
htdocs/laboratori.php
View File

@@ -1,6 +1,5 @@
<?php
include("lib/db.php");
$room = $_GET['room']; // aula selezionata
$days = ["Lunedì","Martedì","Mercoledì","Giovedì","Venerdì","Sabato"];
$hours = [
1 => "Prima ora<br>7:50 - 8:50",
@@ -10,6 +9,7 @@ $hours = [
5 => "Quinta ora<br>11:55 - 12:50",
6 => "Sesta ora<br>12:50 - 13:50"
];
if (!isset($_GET['room'])) {
header("Location: index.php");
exit;
@@ -19,7 +19,6 @@ $room = $conn->real_escape_string($_GET['room']);
$res = $conn->query("SELECT DISTINCT room FROM subjects WHERE room = '$room' LIMIT 1");
if ($res->num_rows === 0) {
// Aula non trovata
header("Location: index.php");
exit;
}
@@ -42,7 +41,8 @@ if ($res->num_rows === 0) {
<h1>Orario <?php echo htmlspecialchars($room); ?></h1>
<table>
<!-- Visualizzazione Desktop -->
<table class="desktop-schedule">
<tr>
<th></th>
<?php foreach($days as $d) echo "<th>$d</th>"; ?>
@@ -66,15 +66,13 @@ if ($res->num_rows === 0) {
$entries = [];
while($row = $q->fetch_assoc()){
// salvo materia (prendo la prima, di solito è la stessa per tutti)
if($subject === null) {
$subject = $row['subject_name'];
}
// accumulo classi + docente
$entries[] = $row['class_name'] . " (" . $row['teacher'] . ")";
}
// unisci le classi con " e " se sono 2, altrimenti virgole + "e" finale
// FIX: Gestione corretta di multiple classi
if(count($entries) > 1){
$last = array_pop($entries);
$entries_list = implode(", ", $entries) . " e " . $last;
@@ -83,8 +81,8 @@ if ($res->num_rows === 0) {
}
echo "<td data-label='$d'>
<div class='subject'>$subject</div>
<div class='room'>$entries_list</div>
<div class='subject'>" . htmlspecialchars($subject) . "</div>
<div class='room'>" . htmlspecialchars($entries_list) . "</div>
</td>";
} else {
echo "<td data-label='$d'></td>";
@@ -94,6 +92,57 @@ if ($res->num_rows === 0) {
}
?>
</table>
<p style="text-align: center;">Copyright (C) 2025 EmmeV. All rights reserved.</p>
<!-- FIX: Visualizzazione Mobile aggiunta -->
<div class="mobile-schedule">
<?php foreach($days as $d): ?>
<div class="day">
<h2><?= htmlspecialchars($d) ?></h2>
<?php
foreach($hours as $hnum => $hlabel):
$q = $conn->query("
SELECT subjects.name AS subject_name, subjects.teacher, classes.name AS class_name
FROM timetable
LEFT JOIN subjects ON timetable.subject_id = subjects.id
LEFT JOIN classes ON timetable.class_id = classes.id
WHERE subjects.room='". $conn->real_escape_string($room) ."'
AND timetable.day='$d' AND timetable.hour=$hnum
");
if($q->num_rows > 0):
$subject = null;
$entries = [];
while($row = $q->fetch_assoc()){
if($subject === null) {
$subject = $row['subject_name'];
}
$entries[] = $row['class_name'] . " (" . $row['teacher'] . ")";
}
if(count($entries) > 1){
$last = array_pop($entries);
$entries_list = implode(", ", $entries) . " e " . $last;
} else {
$entries_list = $entries[0];
}
?>
<div class="lesson">
<div class="hour"><?= strip_tags($hlabel) ?></div>
<div class="subject"><?= htmlspecialchars($subject) ?></div>
<div class="room"><?= htmlspecialchars($entries_list) ?></div>
</div>
<?php else: ?>
<div class="lesson empty">
<div class="hour"><?= strip_tags($hlabel) ?></div>
<div class="subject">—</div>
</div>
<?php endif; ?>
<?php endforeach; ?>
</div>
<?php endforeach; ?>
</div>
<p style="text-align: center;">Copyright (C) 2025 EmmeV. - Released under <a href="https://git.vichingo455.freeddns.org/emmev-code/orario/src/branch/stable/LICENSE.txt" target="_blank">GNU AGPL 3.0 License</a>.</p>
</body>
</html>

91
htdocs/studenti.php
View File

@@ -1,5 +1,5 @@
<?php
#include("lib/db.php");
include("lib/db.php"); // FIX: Decommentato
$class_id = intval($_GET['class_id']);
$class = $conn->query("SELECT * FROM classes WHERE id=$class_id")->fetch_assoc();
$days = ["Lunedì","Martedì","Mercoledì","Giovedì","Venerdì","Sabato"];
@@ -11,16 +11,17 @@ $hours = [
5 => "Quinta ora<br>11:55 - 12:50",
6 => "Sesta ora<br>12:50 - 13:50"
];
// FIX: Validazione classe prima di tutto
if (!isset($_GET['class_id'])) {
header("Location: index.php");
exit;
}
$class_id = intval($_GET['class_id']); // sicurezza
$class_id = intval($_GET['class_id']);
$res = $conn->query("SELECT id FROM classes WHERE id = $class_id LIMIT 1");
if ($res->num_rows === 0) {
// Classe non trovata
header("Location: index.php");
exit;
}
@@ -28,7 +29,7 @@ if ($res->num_rows === 0) {
<!DOCTYPE html>
<html>
<head>
<title>Orario <?php echo $class['name']; ?></title>
<title>Orario <?php echo htmlspecialchars($class['name']); ?></title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="css/timetable.css">
<link rel="stylesheet" href="css/navbar.css">
@@ -40,8 +41,10 @@ if ($res->num_rows === 0) {
<a href="index.php">Home</a>
</div>
</div>
<h1>Orario della classe <?php echo $class['name']; ?></h1>
<table>
<h1>Orario della classe <?php echo htmlspecialchars($class['name']); ?></h1>
<!-- Visualizzazione Desktop -->
<table class="desktop-schedule">
<tr>
<th></th>
<?php foreach($days as $d) echo "<th>$d</th>"; ?>
@@ -56,31 +59,34 @@ if ($res->num_rows === 0) {
WHERE class_id=$class_id AND day='$d' AND hour=$hnum");
if($q->num_rows > 0){
$row = $q->fetch_assoc();
$subject = $row['name'];
$room = $row['room'];
// FIX: Gestione corretta di multipli docenti/materie
$entries = [];
$subject = null;
$room = null;
// metto il primo docente
$teachers = [$row['teacher']];
// aggiungo eventuali altri docenti
while($row = $q->fetch_assoc()){
$teachers[] = $row['teacher'];
if($subject === null) {
$subject = $row['name'];
$room = $row['room'];
}
$entries[] = $row['teacher'];
}
// se più docenti -> unisci con virgola e "e" finale
if(count($teachers) > 1){
$last = array_pop($teachers);
$teachers_list = implode(", ", $teachers) . " e " . $last;
// Unisci i docenti correttamente
if(count($entries) > 1){
$last = array_pop($entries);
$teachers_list = implode(", ", $entries) . " e " . $last;
} else {
$teachers_list = $teachers[0];
$teachers_list = $entries[0];
}
echo "<td data-label='$d'>
<div class='subject'>$subject</div>
<div class='teacher'>$teachers_list</div>
<div class='room'>$room</div>
</td>";
<div class='subject'>" . htmlspecialchars($subject) . "</div>
<div class='teacher'>" . htmlspecialchars($teachers_list) . "</div>";
if(!empty($room)) {
echo "<div class='room'>" . htmlspecialchars($room) . "</div>";
}
echo "</td>";
} else {
echo "<td data-label='$d'></td>";
}
@@ -89,10 +95,12 @@ if ($res->num_rows === 0) {
}
?>
</table>
<!-- Visualizzazione Mobile -->
<div class="mobile-schedule">
<?php foreach($days as $d): ?>
<div class="day">
<h2><?= $d ?></h2>
<h2><?= htmlspecialchars($d) ?></h2>
<?php
foreach($hours as $hnum => $hlabel):
$q = $conn->query("SELECT subjects.name, subjects.teacher, subjects.room
@@ -101,31 +109,35 @@ if ($res->num_rows === 0) {
WHERE class_id=$class_id AND day='$d' AND hour=$hnum");
if($q->num_rows > 0):
$row = $q->fetch_assoc();
$subject = $row['name'];
$room = $row['room'];
$teachers = [$row['teacher']];
// FIX: Stessa logica corretta anche per mobile
$entries = [];
$subject = null;
$room = null;
while($row = $q->fetch_assoc()){
$teachers[] = $row['teacher'];
if($subject === null) {
$subject = $row['name'];
$room = $row['room'];
}
$entries[] = $row['teacher'];
}
if(count($teachers) > 1){
$last = array_pop($teachers);
$teachers_list = implode(", ", $teachers) . " e " . $last;
if(count($entries) > 1){
$last = array_pop($entries);
$teachers_list = implode(", ", $entries) . " e " . $last;
} else {
$teachers_list = $teachers[0];
$teachers_list = $entries[0];
}
?>
<div class="lesson">
<div class="hour"><?= $hlabel ?></div>
<div class="subject"><?= $subject ?></div>
<div class="teacher"><?= $teachers_list ?></div>
<?php if($room): ?><div class="room"><?= $room ?></div><?php endif; ?>
<div class="hour"><?= strip_tags($hlabel) ?></div>
<div class="subject"><?= htmlspecialchars($subject) ?></div>
<div class="teacher"><?= htmlspecialchars($teachers_list) ?></div>
<?php if(!empty($room)): ?><div class="room"><?= htmlspecialchars($room) ?></div><?php endif; ?>
</div>
<?php else: ?>
<div class="lesson empty">
<div class="hour"><?= $hlabel ?></div>
<div class="hour"><?= strip_tags($hlabel) ?></div>
<div class="subject">—</div>
</div>
<?php endif; ?>
@@ -133,6 +145,7 @@ if ($res->num_rows === 0) {
</div>
<?php endforeach; ?>
</div>
<p style="text-align: center;">Copyright (C) 2025 EmmeV. - Released under <a href="https://git.vichingo455.freeddns.org/emmev-code/orario/src/branch/stable/LICENSE.txt" target="_blank">GNU AGPL 3.0 License</a>.</p>
</body>
</html>