feat: reservation system improvements and availability fixes

## Reservation System
- Add ReservationReassignmentService for automatic copy reassignment
- Add scripts/check-expired-reservations.php cron job
- Fix availability calendar to correctly handle lost/damaged copies
- Add 'annullato' and 'scaduto' states to prestiti enum (migrate_0.4.3.sql)

## Updater Improvements
- Implement streaming database backup to prevent memory exhaustion
- Add shutdown handler to cleanup maintenance mode on fatal errors
- Add checkStaleMaintenanceMode() to auto-recover stuck updates
- Add memory limit increase for large database updates
- Add concurrent update prevention with file locking

## Bug Fixes
- Fix JavaScript regex escaping in catalog.php (HEREDOC double-escape)
- Fix getBookTotalCopies() fallback logic for lost copies
- Fix SQL column references in ReservationReassignmentService

## Other Changes
- Add English translations for new Updater log messages
- Update MaintenanceService with admin login hook
- Add copy status change logging in CopyController

Author: fabiodalez-dev

app/Controllers/CopyController.php

@@ -5,6 +5,7 @@
 
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
+use App\Support\SecureLogger;
 use mysqli;
 
 class CopyController
@@ -131,6 +132,26 @@ public function updateCopy(Request $request, Response $response, mysqli $db, int
         $stmt->execute();
         $stmt->close();
 
+        // Case 2 & 9: Handle Copy Status Changes
+        try {
+            $reassignmentService = new \App\Services\ReservationReassignmentService($db);
+
+            // Case 2: Copy became unavailable (lost/damaged/etc) -> Reassign any pending reservation
+            if (in_array($stato, ['perso', 'danneggiato', 'manutenzione', 'in_restauro'])) {
+                $reassignmentService->reassignOnCopyLost($copyId);
+            }
+            // Case 9: Copy became available -> Assign to waiting reservation
+            elseif ($stato === 'disponibile') {
+                $reassignmentService->reassignOnReturn($copyId); // reassignOnReturn handles picking a waiting reservation
+            }
+        } catch (\Exception $e) {
+            SecureLogger::error(__('Errore gestione cambio stato copia'), [
+                'copia_id' => $copyId,
+                'stato' => $stato,
+                'error' => $e->getMessage()
+            ]);
+        }
+
         // Ricalcola disponibilità del libro
         $integrity = new \App\Support\DataIntegrity($db);
         $integrity->recalculateBookAvailability($libroId);

app/Controllers/LibriController.php

@@ -6,6 +6,7 @@
 use mysqli;
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
+use App\Support\SecureLogger;
 
 class LibriController
 {
@@ -670,7 +671,7 @@ public function store(Request $request, Response $response, mysqli $db): Respons
             $fields['autori_ids'] = array_map('intval', $data['autori_ids'] ?? []);
 
             // Get scraped author bio if available
-            $scrapedAuthorBio = trim((string)($data['scraped_author_bio'] ?? ''));
+            $scrapedAuthorBio = trim((string) ($data['scraped_author_bio'] ?? ''));
 
             // Gestione autori nuovi da creare (con controllo duplicati normalizzati)
             if (!empty($data['autori_new'])) {
@@ -1195,7 +1196,7 @@ public function update(Request $request, Response $response, mysqli $db, int $id
             }
 
             // Get scraped author bio if available (for update method)
-            $scrapedAuthorBioUpdate = trim((string)($data['scraped_author_bio'] ?? ''));
+            $scrapedAuthorBioUpdate = trim((string) ($data['scraped_author_bio'] ?? ''));
 
             // Gestione autori nuovi da creare (con controllo duplicati normalizzati)
             if (!empty($data['autori_new'])) {
@@ -1348,7 +1349,29 @@ public function update(Request $request, Response $response, mysqli $db, int $id
                         : $baseInventario;
 
                     $note = "Copia {$i} di {$newCopieCount}";
-                    $copyRepo->create($id, $numeroInventario, 'disponibile', $note);
+                    $newCopyId = $copyRepo->create($id, $numeroInventario, 'disponibile', $note);
+
+                    // Case 1: Reassign pending reservations to this new copy
+                    try {
+                        $reassignmentService = new \App\Services\ReservationReassignmentService($db);
+                        $reassignmentService->reassignOnNewCopy($id, $newCopyId);
+                    } catch (\Exception $e) {
+                        SecureLogger::error(__('Riassegnazione prenotazione nuova copia fallita'), [
+                            'copia_id' => $newCopyId,
+                            'error' => $e->getMessage()
+                        ]);
+                    }
+
+                    // Also process waitlist (prenotazioni -> prestiti) as we have more capacity now
+                    try {
+                        $reservationManager = new \App\Controllers\ReservationManager($db);
+                        $reservationManager->processBookAvailability($id);
+                    } catch (\Exception $e) {
+                        SecureLogger::error(__('Elaborazione lista attesa fallita'), [
+                            'libro_id' => $id,
+                            'error' => $e->getMessage()
+                        ]);
+                    }
                 }
             } elseif ($newCopieCount < $currentCopieCount) {
                 // Rimuovi copie in eccesso (solo quelle disponibili, non in prestito)
@@ -1634,6 +1657,25 @@ private function handleCoverUpload(mysqli $db, int $bookId, array $file): void
     public function delete(Request $request, Response $response, mysqli $db, int $id): Response
     {
         // CSRF validated by CsrfMiddleware
+
+        // Case 10: Prevent deletion if there are active loans/reservations
+        $stmt = $db->prepare("
+            SELECT COUNT(*) as count
+            FROM prestiti
+            WHERE libro_id = ?
+            AND attivo = 1
+            AND stato IN ('in_corso', 'prenotato', 'pendente', 'in_ritardo')
+        ");
+        $stmt->bind_param('i', $id);
+        $stmt->execute();
+        $count = (int) $stmt->get_result()->fetch_assoc()['count'];
+        $stmt->close();
+
+        if ($count > 0) {
+            $_SESSION['error_message'] = __('Impossibile eliminare il libro: ci sono prestiti o prenotazioni attive. Termina prima i prestiti/prenotazioni.');
+            return $response->withHeader('Location', '/admin/libri/' . $id)->withStatus(302);
+        }
+
         $repo = new \App\Models\BookRepository($db);
         $repo->delete($id);
         return $response->withHeader('Location', '/admin/libri')->withStatus(302);

app/Controllers/PrestitiController.php

@@ -8,6 +8,7 @@
 use Psr\Http\Message\ServerRequestInterface as Request;
 use App\Support\DataIntegrity;
 use App\Support\NotificationService;
+use App\Support\SecureLogger;
 use Exception;
 
 /**
@@ -110,6 +111,20 @@ public function store(Request $request, Response $response, mysqli $db): Respons
             return $response->withHeader('Location', '/admin/prestiti/crea?error=missing_fields')->withStatus(302);
         }
 
+        // Case 8: Prevent multiple active reservations/loans for the same book by the same user
+        $dupStmt = $db->prepare("
+            SELECT id FROM prestiti
+            WHERE libro_id = ? AND utente_id = ? AND attivo = 1
+            AND stato IN ('in_corso', 'prenotato', 'pendente', 'in_ritardo')
+        ");
+        $dupStmt->bind_param('ii', $libro_id, $utente_id);
+        $dupStmt->execute();
+        if ($dupStmt->get_result()->num_rows > 0) {
+            $dupStmt->close();
+            return $response->withHeader('Location', '/admin/prestiti/crea?error=duplicate_reservation')->withStatus(302);
+        }
+        $dupStmt->close();
+
         // Verifica che la data di scadenza sia successiva alla data di prestito
         if (strtotime($data_scadenza) <= strtotime($data_prestito)) {
             return $response->withHeader('Location', '/admin/prestiti/crea?error=invalid_dates')->withStatus(302);
@@ -377,7 +392,7 @@ public function store(Request $request, Response $response, mysqli $db): Respons
                     $integrity->validateAndUpdateLoan($newLoanId);
                 }
             } catch (\Throwable $e) {
-                error_log('DataIntegrity warning (store loan): ' . $e->getMessage());
+                SecureLogger::warning(__('DataIntegrity warning (store loan)'), ['error' => $e->getMessage()]);
             }
 
             // Create in-app notification for new loan
@@ -408,7 +423,7 @@ public function store(Request $request, Response $response, mysqli $db): Respons
                         );
                     }
                 } catch (\Throwable $e) {
-                    error_log('Failed to create loan notification: ' . $e->getMessage());
+                    SecureLogger::warning(__('Notifica prestito fallita'), ['error' => $e->getMessage()]);
                 }
             }
 
@@ -592,7 +607,7 @@ public function processReturn(Request $request, Response $response, mysqli $db,
             // Valida e aggiorna lo stato del prestito
             $validationResult = $integrity->validateAndUpdateLoan($id);
             if (!$validationResult['success']) {
-                error_log("Warning: Loan validation failed for loan {$id}: " . $validationResult['message']);
+                SecureLogger::warning(__('Validazione prestito fallita'), ['loan_id' => $id, 'message' => $validationResult['message']]);
             }
 
             // Se copia torna disponibile, gestisci notifiche
@@ -601,7 +616,15 @@ public function processReturn(Request $request, Response $response, mysqli $db,
                 $notificationService = new NotificationService($db);
                 $notificationService->notifyWishlistBookAvailability($libro_id);
 
-                // Processa prenotazioni attive per questo libro
+                // Case 3: Reassign returned copy to next waiting reservation (NEW SYSTEM - prestiti table)
+                try {
+                    $reassignmentService = new \App\Services\ReservationReassignmentService($db);
+                    $reassignmentService->reassignOnReturn($copia_id);
+                } catch (\Exception $e) {
+                    SecureLogger::error(__('Riassegnazione copia fallita'), ['copia_id' => $copia_id, 'error' => $e->getMessage()]);
+                }
+
+                // Processa prenotazioni attive per questo libro (Future/Scheduled reservations)
                 $reservationManager = new \App\Controllers\ReservationManager($db);
                 $reservationManager->processBookAvailability($libro_id);
             }
@@ -613,7 +636,7 @@ public function processReturn(Request $request, Response $response, mysqli $db,
 
         } catch (Exception $e) {
             $db->rollback();
-            error_log("Error processing loan return {$id}: " . $e->getMessage());
+            SecureLogger::error(__('Errore elaborazione restituzione'), ['loan_id' => $id, 'error' => $e->getMessage()]);
             if ($redirectTo) {
                 $separator = strpos($redirectTo, '?') === false ? '?' : '&';
                 return $response->withHeader('Location', $redirectTo . $separator . 'error=update_failed')->withStatus(302);
@@ -734,7 +757,7 @@ public function renew(Request $request, Response $response, mysqli $db, int $id)
             $integrity = new DataIntegrity($db);
             $validationResult = $integrity->validateAndUpdateLoan($id);
             if (!$validationResult['success']) {
-                error_log("Warning: Loan validation failed for loan {$id}: " . $validationResult['message']);
+                SecureLogger::warning(__('Validazione prestito fallita'), ['loan_id' => $id, 'message' => $validationResult['message']]);
             }
 
             $db->commit();
@@ -746,7 +769,7 @@ public function renew(Request $request, Response $response, mysqli $db, int $id)
 
         } catch (Exception $e) {
             $db->rollback();
-            error_log("Renewal failed for loan {$id}: " . $e->getMessage());
+            SecureLogger::error(__('Rinnovo prestito fallito'), ['loan_id' => $id, 'error' => $e->getMessage()]);
 
             $errorUrl = $redirectTo ?? '/admin/prestiti';
             $separator = strpos($errorUrl, '?') === false ? '?' : '&';
@@ -852,7 +875,7 @@ public function exportCsv(Request $request, Response $response, mysqli $db): Res
         } else {
             $result = $db->query($sql);
             if ($result === false) {
-                error_log('exportCsv query error: ' . $db->error);
+                SecureLogger::error(__('Errore export CSV'), ['error' => $db->error]);
             }
         }
         $loans = [];

app/Controllers/ReservationsController.php

@@ -376,33 +376,43 @@ private function getDateRange($startDate, $endDate)
 
     private function getBookTotalCopies(int $bookId): int
     {
-        // Count only loanable copies from copie table
-        // Exclude permanently unavailable copies: 'perso' (lost), 'danneggiato' (damaged), 'manutenzione' (maintenance)
-        // Include 'disponibile' and 'prestato' (currently on loan but will return)
-        $stmt = $this->db->prepare("
-            SELECT COUNT(*) as total FROM copie
-            WHERE libro_id = ?
-            AND stato NOT IN ('perso', 'danneggiato', 'manutenzione')
-        ");
+        // First check if ANY copies exist in the copie table for this book
+        $stmt = $this->db->prepare("SELECT COUNT(*) as total FROM copie WHERE libro_id = ?");
         $stmt->bind_param('i', $bookId);
         $stmt->execute();
         $result = $stmt->get_result();
         $row = $result ? $result->fetch_assoc() : null;
         $stmt->close();
+        $totalCopiesExist = (int) ($row['total'] ?? 0);
 
-        $total = (int) ($row['total'] ?? 0);
-
-        // Fallback: if no copies exist in copie table, check libri.copie_totali as minimum
-        if ($total === 0) {
-            $stmt = $this->db->prepare("SELECT GREATEST(IFNULL(copie_totali, 1), 1) AS copie_totali FROM libri WHERE id = ?");
+        // If copies exist in copie table, count only loanable ones
+        // Exclude permanently unavailable copies: 'perso' (lost), 'danneggiato' (damaged), 'manutenzione' (maintenance)
+        // Include 'disponibile' and 'prestato' (currently on loan but will return)
+        if ($totalCopiesExist > 0) {
+            $stmt = $this->db->prepare("
+                SELECT COUNT(*) as total FROM copie
+                WHERE libro_id = ?
+                AND stato NOT IN ('perso', 'danneggiato', 'manutenzione')
+            ");
             $stmt->bind_param('i', $bookId);
             $stmt->execute();
             $result = $stmt->get_result();
             $row = $result ? $result->fetch_assoc() : null;
             $stmt->close();
-            $total = (int) ($row['copie_totali'] ?? 1);
+
+            // Return actual loanable copies (can be 0 if all are lost/damaged)
+            return (int) ($row['total'] ?? 0);
         }
 
-        return $total;
+        // Fallback: if NO copies exist in copie table at all, use libri.copie_totali
+        // This handles legacy data where copies weren't tracked individually
+        $stmt = $this->db->prepare("SELECT GREATEST(IFNULL(copie_totali, 1), 1) AS copie_totali FROM libri WHERE id = ?");
+        $stmt->bind_param('i', $bookId);
+        $stmt->execute();
+        $result = $stmt->get_result();
+        $row = $result ? $result->fetch_assoc() : null;
+        $stmt->close();
+
+        return (int) ($row['copie_totali'] ?? 1);
     }
 }