admin/34802-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement admin login and dashboard

Browse Source
This commit is contained in:
Flatlogic Bot 2025-10-08 14:10:03 +00:00
parent 7d19b0ffb4
commit 36729457a7
6 changed files with 194 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
add_patient.php
View File

@ -1,8 +1,16 @@
<?php <?php
session_start();
require_once 'db/config.php'; require_once 'db/config.php';
header('Content-Type: application/json'); header('Content-Type: application/json');
// Proteger el endpoint
if (!isset($_SESSION['user_id'])) {
http_response_code(401);
echo json_encode(['success' => false, 'message' => 'Unauthorized']);
exit;
}
$response = ['success' => false, 'message' => 'An error occurred.']; $response = ['success' => false, 'message' => 'An error occurred.'];
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {

54
auth.php Normal file
View File

@ -0,0 +1,54 @@
<?php
session_start();
require_once 'db/config.php';
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
header('Location: login.php');
exit;
}
$username = $_POST['username'] ?? '';
$password = $_POST['password'] ?? '';
if (empty($username) || empty($password)) {
$_SESSION['error'] = 'Por favor, complete todos los campos.';
header('Location: login.php');
exit;
}
try {
$pdo = db();
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = :username");
$stmt->bindParam(':username', $username);
$stmt->execute();
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if ($user && password_verify($password, $user['password'])) {
// Regenerate session ID to prevent session fixation
session_regenerate_id(true);
// Store user data in session
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['role'] = $user['role'];
// Redirect based on role
if ($user['role'] === 'admin') {
header('Location: dashboard.php');
} else {
// Redirect to a general user page or index if not admin
header('Location: index.php');
}
exit;
} else {
$_SESSION['error'] = 'Usuario o contraseña incorrectos.';
header('Location: login.php');
exit;
}
} catch (PDOException $e) {
// In a real app, log this error instead of showing it to the user
$_SESSION['error'] = 'Error de base de datos. Intente de nuevo más tarde.';
// error_log($e->getMessage());
header('Location: login.php');
exit;
}

43
dashboard.php Normal file
View File

@ -0,0 +1,43 @@
<?php
session_start();
// Proteger la página
if (!isset($_SESSION['user_id']) || $_SESSION['role'] !== 'admin') {
$_SESSION['error'] = "Acceso denegado. Por favor, inicie sesión como administrador.";
header('Location: login.php');
exit;
}
$username = $_SESSION['username'] ?? 'Admin';
?>
<!DOCTYPE html>
<html lang="es">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Dashboard - CDT Health Care</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="assets/css/custom.css">
</head>
<body>
<nav class="navbar navbar-expand-lg navbar-light bg-white shadow-sm">
<div class="container">
<a class="navbar-brand" href="#">CDT Health Care</a>
<ul class="navbar-nav ms-auto">
<li class="nav-item">
<a class="nav-link" href="logout.php">Cerrar Sesión</a>
</li>
</ul>
</div>
</nav>
<main class="container mt-5">
<div class="p-5 mb-4 bg-white rounded-3">
<div class="container-fluid py-5">
<h1 class="display-5 fw-bold">Bienvenido, <?= htmlspecialchars($username) ?></h1>
<p class="col-md-8 fs-4">Este es el panel de administración. Desde aquí podrás gestionar usuarios, ver reportes y configurar el sistema.</p>
</div>
</div>
</main>
</body>
</html>

40
index.php
View File

@ -1,13 +1,23 @@
<?php
session_start();
// Proteger la página
if (!isset($_SESSION['user_id'])) {
header('Location: login.php');
exit;
}
$username = $_SESSION['username'] ?? 'Usuario';
?>
<!DOCTYPE html> <!DOCTYPE html>
<html lang="en"> <html lang="en">
<head> <head>
<meta charset="UTF-8"> <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>SdC - Patient Transfer</title> <title>CDT Health Care - Patient Transfer</title>
<meta name="description" content="Built with Flatlogic Generator"> <meta name="description" content="Built with CDT Health Care">
<meta name="keywords" content="patient transfer, ambulance, hospital, emergency, medical, Built with Flatlogic Generator"> <meta name="keywords" content="patient transfer, ambulance, hospital, emergency, medical, Built with CDT Health Care">
<meta property="og:title" content="SdC - Patient Transfer"> <meta property="og:title" content="CDT Health Care - Patient Transfer">
<meta property="og:description" content="Built with Flatlogic Generator"> <meta property="og:description" content="Built with CDT Health Care">
<meta property="og:image" content=""> <meta property="og:image" content="">
<meta name="twitter:card" content="summary_large_image"> <meta name="twitter:card" content="summary_large_image">
<meta name="twitter:image" content=""> <meta name="twitter:image" content="">
@ -15,6 +25,25 @@
<link rel="stylesheet" href="assets/css/custom.css"> <link rel="stylesheet" href="assets/css/custom.css">
</head> </head>
<body> <body>
<nav class="navbar navbar-expand-lg navbar-light bg-light shadow-sm">
<div class="container">
<a class="navbar-brand" href="index.php">CDT Health Care</a>
<ul class="navbar-nav ms-auto">
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false">
<?= htmlspecialchars($username) ?>
</a>
<ul class="dropdown-menu" aria-labelledby="navbarDropdown">
<?php if ($_SESSION['role'] === 'admin'): ?>
<li><a class="dropdown-item" href="dashboard.php">Admin Dashboard</a></li>
<li><hr class="dropdown-divider"></li>
<?php endif; ?>
<li><a class="dropdown-item" href="logout.php">Cerrar Sesión</a></li>
</ul>
</li>
</ul>
</div>
</nav>
<header class="bg-primary text-white text-center py-3"> <header class="bg-primary text-white text-center py-3">
<h1>Patient Transfer Request</h1> <h1>Patient Transfer Request</h1>
</header> </header>
@ -65,6 +94,7 @@
</div> </div>
</div> </div>
</main> </main>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/js/bootstrap.bundle.min.js"></script>
<script src="assets/js/main.js"></script> <script src="assets/js/main.js"></script>
</body> </body>
</html> </html>

42
login.php Normal file
View File

@ -0,0 +1,42 @@
<?php
session_start();
$error = $_SESSION['error'] ?? null;
unset($_SESSION['error']);
?>
<!DOCTYPE html>
<html lang="es">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login - CDT Health Care</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="assets/css/custom.css">
</head>
<body>
<div class="container vh-100 d-flex justify-content-center align-items-center">
<div class="card shadow" style="width: 24rem;">
<div class="card-body p-5">
<h3 class="card-title text-center mb-4">Iniciar Sesión</h3>
<?php if ($error): ?>
<div class="alert alert-danger" role="alert">
<?= htmlspecialchars($error) ?>
</div>
<?php endif; ?>
<form action="auth.php" method="POST">
<div class="mb-3">
<label for="username" class="form-label">Usuario</label>
<input type="text" class="form-control" id="username" name="username" required>
</div>
<div class="mb-4">
<label for="password" class="form-label">Contraseña</label>
<input type="password" class="form-control" id="password" name="password" required>
</div>
<div class="d-grid">
<button type="submit" class="btn btn-primary">Ingresar</button>
</div>
</form>
</div>
</div>
</div>
</body>
</html>

12
logout.php Normal file
View File

@ -0,0 +1,12 @@
<?php
session_start();
// Unset all of the session variables
$_SESSION = array();
// Destroy the session
session_destroy();
// Redirect to login page
header("Location: login.php");
exit;