| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109 |
- <?php
- require_once __DIR__ . '/../config/database.php';
- require_once __DIR__ . '/../lib/auth.php';
- require_once __DIR__ . '/../lib/csrf.php';
- // Already logged in → go to dashboard
- if (isLoggedIn()) {
- header('Location: /dashboard/dashboard.php');
- exit;
- }
- $error = '';
- if ($_SERVER['REQUEST_METHOD'] === 'POST') {
- if (!verifyCsrfToken($_POST['csrf_token'] ?? '')) {
- $error = 'Invalid request. Please try again.';
- } else {
- $email = trim($_POST['email'] ?? '');
- $password = trim($_POST['password'] ?? '');
- if ($email === '' || $password === '') {
- $error = 'Please enter your email and password.';
- } else {
- $user = loginUser($email, $password);
- if ($user) {
- $redirect = $_GET['redirect'] ?? '/dashboard/dashboard.php';
- // Sanitise redirect to prevent open redirect
- if (!str_starts_with($redirect, '/')) {
- $redirect = '/dashboard/dashboard.php';
- }
- header('Location: ' . $redirect);
- exit;
- } else {
- $error = 'Invalid email or password.';
- }
- }
- }
- }
- $pageTitle = 'Login';
- include __DIR__ . '/_head.php';
- ?>
- <div class="container">
- <div class="row justify-content-center">
- <div class="col-xl-10 col-lg-12 col-md-9">
- <div class="card o-hidden border-0 shadow-lg my-5">
- <div class="card-body p-0">
- <div class="row">
- <div class="col-lg-6 d-none d-lg-block bg-login-image"></div>
- <div class="col-lg-6">
- <div class="p-5">
- <div class="text-center mb-4">
- <h1 class="h4 text-gray-900">Welcome Back!</h1>
- </div>
- <?php if ($error !== ''): ?>
- <div class="alert alert-danger" role="alert">
- <?= htmlspecialchars($error, ENT_QUOTES, 'UTF-8') ?>
- </div>
- <?php endif; ?>
- <?php if (isset($_GET['registered'])): ?>
- <div class="alert alert-success" role="alert">
- Account created! You can now log in.
- </div>
- <?php endif; ?>
- <?php if (isset($_GET['reset'])): ?>
- <div class="alert alert-success" role="alert">
- Password reset successfully. Please log in.
- </div>
- <?php endif; ?>
- <form method="POST" action="/login/login.php" novalidate>
- <input type="hidden" name="csrf_token" value="<?= generateCsrfToken() ?>">
- <div class="mb-3">
- <input type="email" name="email" class="form-control form-control-user"
- placeholder="Email Address"
- value="<?= htmlspecialchars($_POST['email'] ?? '', ENT_QUOTES, 'UTF-8') ?>"
- required autofocus>
- </div>
- <div class="mb-3">
- <input type="password" name="password" class="form-control form-control-user"
- placeholder="Password" required>
- </div>
- <button type="submit" class="btn btn-success btn-user btn-block w-100 mb-3">
- Log In
- </button>
- </form>
- <hr>
- <div class="text-center">
- <a class="small" href="/login/forgot-password.php">Forgot Password?</a>
- </div>
- <div class="text-center">
- <a class="small" href="/login/register.php">Create an Account!</a>
- </div>
- </div>
- </div>
- </div>
- </div>
- </div>
- </div>
- </div>
- </div>
- <?php include __DIR__ . '/_foot.php'; ?>
|
