Add password change functionality and profile image upload

- Add profile_image field to Profile model with default value
- Update profile edit route to handle profile image file uploads
- Add password change route with validation in auth module
- Create change password template with form
- Update profile template to include image upload with preview
- Add password change link to admin sidebar
- Update homepage to use dynamic profile image from database

routes/admin.py

@@ -78,12 +78,25 @@ def profile_edit():
         flash('Profilo non trovato.', 'danger')
         return redirect(url_for('admin.profile_manage'))
 
+    # Handle profile image upload
+    profile_image_url = request.form.get('profile_image', profile.profile_image)
+    if 'profile_image_file' in request.files:
+        file = request.files['profile_image_file']
+        if file.filename:
+            uploaded_path = save_uploaded_file(file)
+            if uploaded_path:
+                profile_image_url = uploaded_path
+            else:
+                flash('Formato immagine non valido. Usa: png, jpg, jpeg, gif, webp', 'danger')
+                return redirect(url_for('admin.profile_manage'))
+
     profile.title = request.form.get('title', profile.title)
     profile.lead_text = request.form.get('lead_text', profile.lead_text)
     profile.description_1 = request.form.get('description_1', profile.description_1)
     profile.description_2 = request.form.get('description_2', profile.description_2)
     profile.years_experience = int(request.form.get('years_experience', profile.years_experience))
     profile.cv_url = request.form.get('cv_url', profile.cv_url)
+    profile.profile_image = profile_image_url
 
     db.session.commit()
     flash('Profilo aggiornato con successo!', 'success')

routes/auth.py

@@ -8,7 +8,7 @@ Authentication routes for login/logout
 """
 
 from flask import Blueprint, render_template, request, redirect, url_for, flash
-from flask_login import login_user, logout_user, current_user
+from flask_login import login_user, logout_user, current_user, login_required
 from models import User, db
 from datetime import datetime
 
@@ -60,3 +60,42 @@ def logout():
     logout_user()
     flash('Logout effettuato con successo.', 'info')
     return redirect(url_for('route_home.home'))
+
+
+@route_auth.route('/change-password', methods=['GET', 'POST'])
+@login_required
+def change_password():
+    """Change password page"""
+    if request.method == 'POST':
+        current_password = request.form.get('current_password')
+        new_password = request.form.get('new_password')
+        confirm_password = request.form.get('confirm_password')
+
+        # Validation
+        if not current_password or not new_password or not confirm_password:
+            flash('Tutti i campi sono obbligatori.', 'danger')
+            return render_template('auth/change_password.html')
+
+        # Check current password
+        if not current_user.check_password(current_password):
+            flash('La password attuale non è corretta.', 'danger')
+            return render_template('auth/change_password.html')
+
+        # Check if new passwords match
+        if new_password != confirm_password:
+            flash('Le nuove password non corrispondono.', 'danger')
+            return render_template('auth/change_password.html')
+
+        # Check password length
+        if len(new_password) < 6:
+            flash('La nuova password deve essere di almeno 6 caratteri.', 'danger')
+            return render_template('auth/change_password.html')
+
+        # Update password
+        current_user.set_password(new_password)
+        db.session.commit()
+
+        flash('Password modificata con successo!', 'success')
+        return redirect(url_for('admin.dashboard'))
+
+    return render_template('auth/change_password.html')