isLoggedIn()) {
redirect(BASE_URL . '/login.php');
}
// Check superadmin
if (!$session->isSuperAdmin()) {
$session->logout();
redirect(BASE_URL . '/login.php');
}
$user_name = $session->getFullName();
$user_email = $session->getEmail();
$page = $_GET['page'] ?? 'dashboard';
$success = $session->getFlash('success');
$error = $session->getFlash('error');
// ============================================================================
// ACTIONS HANDLER
// ============================================================================
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$action = $_POST['action'] ?? '';
switch ($action) {
case 'create_user':
// Crea nuovo user
$first_name = sanitize_string($_POST['first_name'] ?? '');
$last_name = sanitize_string($_POST['last_name'] ?? '');
$user_email_new = sanitize_email($_POST['email'] ?? '');
$phone = sanitize_string($_POST['phone'] ?? '');
$role = $_POST['role'] ?? 'user';
$password = $_POST['password'] ?? '';
if (!$first_name || !$last_name || !$user_email_new || !validate_role($role)) {
$session->setFlash('error', 'Tutti i campi obbligatori devono essere compilati');
} else {
// Genera password se vuota
if (empty($password)) {
$password = generate_token(14);
// Assicura policy
if (!preg_match('/[A-Z]/', $password)) $password = 'A' . $password;
if (!preg_match('/[a-z]/', $password)) $password .= 'a';
if (!preg_match('/[0-9]/', $password)) $password .= '1';
if (!preg_match('/[^A-Za-z0-9]/', $password)) $password .= '!';
}
$password_plain = $password;
$password_hash = hash_password($password);
// Max devices per ruolo
$max_devices = match($role) {
'superadmin' => 999,
'admin' => 3,
'user' => 6,
default => 3
};
// Allowed device types
$allowed_types = match($role) {
'superadmin' => 'desktop,laptop,mobile,tablet',
'admin' => 'desktop,laptop',
'user' => 'desktop,laptop,mobile,tablet',
default => 'desktop,laptop'
};
try {
$user_id = $db->insert('users', [
'first_name' => $first_name,
'last_name' => $last_name,
'email' => $user_email_new,
'phone' => $phone ?: null,
'password_hash' => $password_hash,
'role' => $role,
'status' => 'active',
'max_devices' => $max_devices,
'allowed_device_types' => $allowed_types,
'created_at' => date('Y-m-d H:i:s'),
'created_by' => $session->getEmail()
]);
// Invia email benvenuto
$new_user = [
'id' => $user_id,
'first_name' => $first_name,
'last_name' => $last_name,
'email' => $user_email_new
];
$email->sendWelcomeWithSetup($new_user, $password_plain, []);
// Audit log
$db->insert('audit_log', [
'user_id' => $user_id,
'action' => 'user_created',
'ip_address' => get_client_ip(),
'user_agent' => get_user_agent(),
'created_at' => date('Y-m-d H:i:s')
]);
$session->setFlash('success', "User creato! Email inviata a $user_email_new");
redirect(BASE_URL . '/superadmin_panel.php?page=users');
} catch (Exception $e) {
$session->setFlash('error', 'Errore creazione user: email già esistente?');
}
}
break;
case 'reset_password':
$user_id = (int)$_POST['user_id'];
// Genera nuova password
$new_password = generate_token(14);
if (!preg_match('/[A-Z]/', $new_password)) $new_password = 'A' . $new_password;
if (!preg_match('/[a-z]/', $new_password)) $new_password .= 'a';
if (!preg_match('/[0-9]/', $new_password)) $new_password .= '1';
if (!preg_match('/[^A-Za-z0-9]/', $new_password)) $new_password .= '!';
$password_hash = hash_password($new_password);
$db->update('users', ['password_hash' => $password_hash], ['id' => $user_id]);
$db->select('users', ['id' => $user_id]);
$user = $db->fetch();
$email->sendPasswordReset($user, $new_password);
$session->setFlash('success', "Password reimpostata! Email inviata a {$user['email']}");
redirect(BASE_URL . '/superadmin_panel.php?page=users');
break;
case 'delete_user':
$user_id = (int)$_POST['user_id'];
$db->delete('users', ['id' => $user_id]);
$session->setFlash('success', 'User eliminato!');
redirect(BASE_URL . '/superadmin_panel.php?page=users');
break;
}
}
// Stats
$db->query("SELECT COUNT(*) as total FROM users");
$total_users = $db->fetch()['total'];
$db->query("SELECT COUNT(*) as total FROM devices");
$total_devices = $db->fetch()['total'];
$db->query("SELECT COUNT(*) as total FROM devices WHERE status = 'active'");
$active_devices = $db->fetch()['total'];
$db->query("SELECT COUNT(*) as total FROM devices WHERE status = 'pending'");
$pending_devices = $db->fetch()['total'];
?>
SuperAdmin Panel