From 7bb92b19718658a0a950f4e696e94b21444a57b8 Mon Sep 17 00:00:00 2001
From: DevEnv nis2-agile <dev@certisource.it>
Date: Tue, 10 Mar 2026 11:57:19 +0100
Subject: [PATCH] [FEAT] invite: recipient data (nome/cognome/email/piva)
 pre-compila form registrazione + invite_url->register.html

---
 application/controllers/AuthController.php   |  4 ++++
 application/controllers/InviteController.php | 18 ++++++++++++++----
 public/register.html                         | 15 ++++++++++-----
 3 files changed, 28 insertions(+), 9 deletions(-)

diff --git a/application/controllers/AuthController.php b/application/controllers/AuthController.php
index 73147e1..8979144 100644
--- a/application/controllers/AuthController.php
+++ b/application/controllers/AuthController.php
@@ -358,6 +358,9 @@ class AuthController extends BaseController
 
         $inv = $result['invite'];
 
+        $metadata  = !empty($inv['metadata']) ? json_decode($inv['metadata'], true) : [];
+        $recipient = $metadata['recipient'] ?? null;
+
         $this->jsonSuccess([
             'valid'           => true,
             'plan'            => $inv['plan'],
@@ -368,6 +371,7 @@ class AuthController extends BaseController
             'label'           => $inv['label'],
             'restrict_vat'    => $inv['restrict_vat']    ? true : false,
             'restrict_email'  => $inv['restrict_email']  ? true : false,
+            'recipient'       => $recipient,  // dati pre-compilazione form (null se non presenti)
         ], 'Invito valido');
     }
 }
diff --git a/application/controllers/InviteController.php b/application/controllers/InviteController.php
index 9416ec7..adbd8c8 100644
--- a/application/controllers/InviteController.php
+++ b/application/controllers/InviteController.php
@@ -73,6 +73,15 @@ class InviteController extends BaseController
         $restrictVat    = preg_replace('/[^0-9]/', '', $body['restrict_vat'] ?? '');
         $restrictEmail  = filter_var($body['restrict_email'] ?? '', FILTER_VALIDATE_EMAIL) ?: null;
         $notes          = trim($body['notes'] ?? '') ?: null;
+
+        // Dati destinatario (pre-compilano il form di registrazione)
+        $recipient = [];
+        if (!empty($body['recipient_first_name'])) $recipient['first_name'] = substr(trim($body['recipient_first_name']), 0, 100);
+        if (!empty($body['recipient_last_name']))  $recipient['last_name']  = substr(trim($body['recipient_last_name']),  0, 100);
+        if (!empty($body['recipient_email']))      $recipient['email']      = filter_var(trim($body['recipient_email']), FILTER_VALIDATE_EMAIL) ?: null;
+        if (!empty($body['recipient_company']))    $recipient['company']    = substr(trim($body['recipient_company']),    0, 255);
+        if (!empty($body['recipient_vat']))        $recipient['vat']        = preg_replace('/[^0-9]/', '', $body['recipient_vat']);
+        $metadata = !empty($recipient) ? json_encode(['recipient' => $recipient]) : null;
         $maxUsersPerOrg = isset($body['max_users_per_org']) ? max(1, min(9999, (int)$body['max_users_per_org'])) : null;
         $priceEur       = isset($body['price_eur']) ? round((float)$body['price_eur'], 2) : null;
         $resellerName   = substr(trim($body['reseller_name'] ?? ''), 0, 128) ?: null;
@@ -90,13 +99,13 @@ class InviteController extends BaseController
                  (token_prefix, token_hash, plan, duration_months, label, notes,
                   max_uses, max_users_per_org, price_eur, reseller_name,
                   expires_at, channel, issued_to, issued_by,
-                  restrict_vat, restrict_email)
-                 VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)',
+                  restrict_vat, restrict_email, metadata)
+                 VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)',
                 [
                     $prefix, $tokenHash, $plan, $durationMonths,
                     $label, $notes, $maxUses, $maxUsersPerOrg, $priceEur, $resellerName,
                     $expiresAt, $channel, $issuedTo, $issuedBy,
-                    $restrictVat ?: null, $restrictEmail,
+                    $restrictVat ?: null, $restrictEmail, $metadata,
                 ]
             );
             $inviteId = (int) Database::lastInsertId();
@@ -114,7 +123,8 @@ class InviteController extends BaseController
                 'channel'           => $channel,
                 'issued_to'         => $issuedTo,
                 'label'             => $label,
-                'invite_url'        => APP_URL . '/onboarding.html?invite=' . urlencode($rawToken),
+                'invite_url'        => APP_URL . '/register.html?invite=' . urlencode($rawToken),
+                'recipient'         => !empty($recipient) ? $recipient : null,
                 'provision_hint'    => 'POST /api/services/provision con invite_token: "' . $rawToken . '"',
             ];
 
diff --git a/public/register.html b/public/register.html
index 96ae7c0..2526111 100644
--- a/public/register.html
+++ b/public/register.html
@@ -412,15 +412,20 @@
                         inviteValid = true;
                         inviteToken = val;
                         statusEl.className = 'lookup-status ok';
-                        statusEl.innerHTML = '<i class="fas fa-check-circle"></i> Codice valido — accesso B2B confermato';
+                        const label = data.data?.label ? ` — ${data.data.label}` : '';
+                        statusEl.innerHTML = `<i class="fas fa-check-circle"></i> Codice valido${label} — accesso B2B confermato`;
                         // Pre-fill role if provided
                         if (data.role && document.getElementById('card-' + data.role)) {
                             selectRole(data.role);
                         }
-                        // Pre-fill name/email from invite
-                        if (data.nome) document.getElementById('firstname').value = data.nome;
-                        if (data.cognome) document.getElementById('lastname').value = data.cognome;
-                        if (data.email) document.getElementById('email').value = data.email;
+                        // Pre-fill dai dati destinatario nell'invite (recipient)
+                        const r = data.data?.recipient;
+                        if (r) {
+                            if (r.first_name) document.getElementById('firstname').value = r.first_name;
+                            if (r.last_name)  document.getElementById('lastname').value  = r.last_name;
+                            if (r.email)      document.getElementById('email').value      = r.email;
+                            if (r.vat)        { document.getElementById('piva').value = r.vat; lookupPiva(r.vat); }
+                        }
                     } else {
                         inviteValid = false;
                         inviteToken = null;