admin/34394-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
34394-vm/index.php
Flatlogic Bot b5c30c0773 0001
2025-09-25 20:21:56 +00:00

117 lines
4.5 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
session_start();
require_once __DIR__ . '/db/config.php';
// If user is already logged in, redirect to dashboard
if (isset($_SESSION['user_id'])) {
header('Location: dashboard.php');
exit;
}
$error_message = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$email = $_POST['email'] ?? '';
$password = $_POST['password'] ?? '';
if (empty($email) || empty($password)) {
$error_message = 'Please enter both email and password.';
} else {
try {
$pdo = db();
$stmt = $pdo->prepare("SELECT * FROM users WHERE email = ?");
$stmt->execute([$email]);
$user = $stmt->fetch();
if ($user && password_verify($password, $user['password_enc'])) {
if ($user['status'] === 'active') {
$_SESSION['user_id'] = $user['id'];
$_SESSION['user_email'] = $user['email'];
$_SESSION['user_role'] = $user['role'];
$_SESSION['user_display_name'] = $user['display_name'];
// Regenerate session ID to prevent session fixation
session_regenerate_id(true);
// Update last login timestamp
$updateStmt = $pdo->prepare("UPDATE users SET last_login_at = CURRENT_TIMESTAMP WHERE id = ?");
$updateStmt->execute([$user['id']]);
header('Location: dashboard.php');
exit;
} else {
$error_message = 'Your account is disabled. Please contact an administrator.';
}
} else {
$error_message = 'Invalid email or password.';
}
} catch (PDOException $e) {
// In a real app, you would log this error.
$error_message = 'A database error occurred. Please try again later.';
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>FlexPass Secure Login</title>
<!-- SEO & Meta Tags -->
<meta name="description" content="Secure login for FlexPass, the HIPAA-ready credentials vault.">
<meta name="robots" content="noindex, nofollow"> <!-- Internal tool, no need to index -->
<!-- Open Graph -->
<meta property="og:title" content="FlexPass Secure Login">
<meta property="og:description" content="A secure, multi-tenant internal web app to store and manage client credentials.">
<meta property="og:type" content="website">
<meta property="og:url" content="">
<!-- Stylesheets -->
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;700&display=swap" rel="stylesheet">
<link rel="stylesheet" href="assets/css/custom.css?v=<?php echo time(); ?>">
</head>
<body>
<main class="login-container">
<div class="login-card">
<h1>FlexPass</h1>
<p class="tagline">HIPAA-Ready Credential Vault</p>
<?php if (!empty($error_message)): ?>
<div class="alert alert-danger" role="alert">
<?php echo htmlspecialchars($error_message); ?>
</div>
<?php endif; ?>
<form id="loginForm" method="POST">
<div class="mb-3 text-start">
<label for="email" class="form-label">Email Address</label>
<input type="email" class="form-control" id="email" name="email" required>
</div>
<div class="mb-4 text-start">
<label for="password" class="form-label">Password</label>
<input type="password" class="form-control" id="password" name="password" required>
</div>
<button type="submit" class="btn btn-primary w-100">Sign In</button>
</form>
<div class="phi-banner">
<strong>Reminder:</strong> Do not store Protected Health Information (PHI) in notes or other non-encrypted fields.
</div>
</div>
</main>
<!-- Scripts -->
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
<script src="assets/js/main.js?v=<?php echo time(); ?>"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink