Home Explore Help
Register Sign In
benjamin.harris
/
soil-report-ai
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 356985b9ce
Branches Tags
soil-report-ai
/
login
/
login.php

login.php 5.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121 
  1. <?php
    2. 

  2. require_once __DIR__ . '/../config/database.php';
    3. 

  3. require_once __DIR__ . '/../lib/auth.php';
    4. 

  4. require_once __DIR__ . '/../lib/csrf.php';
    5. 

  5. 

  6. /**
    7. 

  7.  * Return the default landing page for a user based on their type.
    8. 

  8.  * Consultants and admins go to the consultant dashboard.
    9. 

  9.  */
    10. 

  10. function defaultDashboard(): string
    11. 

  11. {
    12. 

  12.     return match (getCurrentUserType()) {
    13. 

  13.         'consultant', 'admin' => '/dashboard/consultant/index.php',
    14. 

  14.         default               => '/dashboard/dashboard.php',
    15. 

  15.     };
    16. 

  16. }
    17. 

  17. 

  18. // Already logged in → go to appropriate dashboard
    19. 

  19. if (isLoggedIn()) {
    20. 

  20.     header('Location: ' . defaultDashboard());
    21. 

  21.     exit;
    22. 

  22. }
    23. 

  23. 

  24. $error = '';
    25. 

  25. 

  26. if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    27. 

  27.     if (!verifyCsrfToken($_POST['csrf_token'] ?? '')) {
    28. 

  28.         $error = 'Invalid request. Please try again.';
    29. 

  29.     } else {
    30. 

  30.         $email    = trim($_POST['email']    ?? '');
    31. 

  31.         $password = trim($_POST['password'] ?? '');
    32. 

  32. 

  33.         if ($email === '' || $password === '') {
    34. 

  34.             $error = 'Please enter your email and password.';
    35. 

  35.         } else {
    36. 

  36.             $user = loginUser($email, $password);
    37. 

  37.             if ($user) {
    38. 

  38.                 // If a specific redirect was requested honour it (internal paths only)
    39. 

  39.                 $redirect = $_GET['redirect'] ?? '';
    40. 

  40.                 if ($redirect === '' || !str_starts_with($redirect, '/')) {
    41. 

  41.                     $redirect = defaultDashboard();
    42. 

  42.                 }
    43. 

  43.                 header('Location: ' . $redirect);
    44. 

  44.                 exit;
    45. 

  45.             } else {
    46. 

  46.                 $error = 'Invalid email or password.';
    47. 

  47.             }
    48. 

  48.         }
    49. 

  49.     }
    50. 

  50. }
    51. 

  51. 

  52. $pageTitle = 'Login';
    53. 

  53. include __DIR__ . '/_head.php';
    54. 

  54. ?>
    55. 

  55. 

  56. <div class="container">
    57. 

  57.     <div class="row justify-content-center">
    58. 

  58.         <div class="col-xl-10 col-lg-12 col-md-9">
    59. 

  59.             <div class="card o-hidden border-0 shadow-lg my-5">
    60. 

  60.                 <div class="card-body p-0">
    61. 

  61.                     <div class="row">
    62. 

  62.                         <div class="col-lg-6 d-none d-lg-block bg-login-image"></div>
    63. 

  63.                         <div class="col-lg-6">
    64. 

  64.                             <div class="p-5">
    65. 

  65.                                 <div class="text-center mb-4">
    66. 

  66.                                     <h1 class="h4 text-gray-900">Welcome Back!</h1>
    67. 

  67.                                 </div>
    68. 

  68. 

  69.                                 <?php if ($error !== ''): ?>
    70. 

  70.                                     <div class="alert alert-danger" role="alert">
    71. 

  71.                                         <?= htmlspecialchars($error, ENT_QUOTES, 'UTF-8') ?>
    72. 

  72.                                     </div>
    73. 

  73.                                 <?php endif; ?>
    74. 

  74. 

  75.                                 <?php if (isset($_GET['registered'])): ?>
    76. 

  76.                                     <div class="alert alert-success" role="alert">
    77. 

  77.                                         Account created! You can now log in.
    78. 

  78.                                     </div>
    79. 

  79.                                 <?php endif; ?>
    80. 

  80. 

  81.                                 <?php if (isset($_GET['reset'])): ?>
    82. 

  82.                                     <div class="alert alert-success" role="alert">
    83. 

  83.                                         Password reset successfully. Please log in.
    84. 

  84.                                     </div>
    85. 

  85.                                 <?php endif; ?>
    86. 

  86. 

  87.                                 <form method="POST" action="/login/login.php" novalidate>
    88. 

  88.                                     <input type="hidden" name="csrf_token" value="<?= generateCsrfToken() ?>">
    89. 

  89. 

  90.                                     <div class="mb-3">
    91. 

  91.                                         <input type="email" name="email" class="form-control form-control-user"
    92. 

  92.                                                placeholder="Email Address"
    93. 

  93.                                                value="<?= htmlspecialchars($_POST['email'] ?? '', ENT_QUOTES, 'UTF-8') ?>"
    94. 

  94.                                                required autofocus>
    95. 

  95.                                     </div>
    96. 

  96.                                     <div class="mb-3">
    97. 

  97.                                         <input type="password" name="password" class="form-control form-control-user"
    98. 

  98.                                                placeholder="Password" required>
    99. 

  99.                                     </div>
    100. 

  100.                                     <button type="submit" class="btn btn-success btn-user w-100 mb-3">
    101. 

  101.                                         Log In
    102. 

  102.                                     </button>
    103. 

  103.                                 </form>
    104. 

  104. 

  105.                                 <hr>
    106. 

  106.                                 <div class="text-center">
    107. 

  107.                                     <a class="small" href="/login/forgot-password.php">Forgot Password?</a>
    108. 

  108.                                 </div>
    109. 

  109.                                 <div class="text-center">
    110. 

  110.                                     <a class="small" href="/login/register.php">Create an Account!</a>
    111. 

  111.                                 </div>
    112. 

  112.                             </div>
    113. 

  113.                         </div>
    114. 

  114.                     </div>
    115. 

  115.                 </div>
    116. 

  116.             </div>
    117. 

  117.         </div>
    118. 

  118.     </div>
    119. 

  119. </div>
    120. 

  120. 

  121. <?php include __DIR__ . '/_foot.php'; ?>
    122.