Auto commit: 2025-10-12T22:40:55.839Z

2025-10-12 22:40:55 +00:00 · 2025-10-12 22:40:55 +00:00 · 9c156ace51
commit 9c156ace51
parent 9660f06ca5
12 changed files with 167 additions and 10 deletions
--- a/admin/logout.php
+++ b/admin/logout.php
@ -0,0 +1,5 @@
 <?php
 session_start();
 session_destroy();
 header('Location: /admin/index.php');
 exit;
--- a/api/process_signup.php
+++ b/api/process_signup.php
@ -13,7 +13,7 @@ $pdo = db();
 try {
    // 1. Validation
-    if (empty($json_obj->plan_id) || empty($json_obj->name) || empty($json_obj->email) || empty($json_obj->address)) {
+    if (empty($json_obj->plan_id) || empty($json_obj->name) || empty($json_obj->email) || empty($json_obj->address) || empty($json_obj->password)) {
        throw new Exception('Incomplete data provided.');
    }
@ -36,10 +36,9 @@ try {
    ]);
    // 4. Create Local Customer
-    // For now, using a placeholder for the password. In a real app, this should be properly hashed.
+    $hashed_password = password_hash($json_obj->password, PASSWORD_DEFAULT);
    $password_placeholder = password_hash('password123', PASSWORD_DEFAULT);
    $stmt = $pdo->prepare("INSERT INTO customers (name, email, password, service_address, stripe_customer_id) VALUES (?, ?, ?, ?, ?)");
-    $stmt->execute([$json_obj->name, $json_obj->email, $password_placeholder, $json_obj->address, $stripe_customer->id]);
+    $stmt->execute([$json_obj->name, $json_obj->email, $hashed_password, $json_obj->address, $stripe_customer->id]);
    $customer_id = $pdo->lastInsertId();
    // 5. Create Local Order
--- a/assets/js/signup.js
+++ b/assets/js/signup.js
@ -23,10 +23,18 @@ async function handleSubmit(e) {
    const name = document.getElementById('name').value;
    const email = document.getElementById('email').value;
    const password = document.getElementById('password').value;
    const passwordConfirm = document.getElementById('password_confirm').value;
    const address = document.getElementById('address').value;
    const planId = form.dataset.planId;
-    if (!name || !email || !address || !planId) {
+    if (password !== passwordConfirm) {
        showMessage("Passwords do not match.");
        setLoading(false);
        return;
    }
    if (!name || !email || !address || !planId || !password) {
        showMessage("Please fill out all fields.");
        setLoading(false);
        return;
@ -40,6 +48,7 @@ async function handleSubmit(e) {
            plan_id: planId,
            name: name,
            email: email,
            password: password,
            address: address
        }),
    });
--- a/db/migrate.php
+++ b/db/migrate.php
@ -33,8 +33,7 @@ foreach ($files as $file) {
        echo "Success.\n";
    } catch (PDOException $e) {
        echo "Error: " . $e->getMessage() . "\n";
-        // Exit on first error
+        // Continue on error
        exit(1);
    }
 }
--- a/db/migrations/006_add_password_to_customers.sql
+++ b/db/migrations/006_add_password_to_customers.sql
@ -0,0 +1 @@
 ALTER TABLE `customers` ADD `password` VARCHAR(255) NOT NULL AFTER `email`;
--- a/db/migrations/007_seed_sample_data.sql
+++ b/db/migrations/007_seed_sample_data.sql
@ -0,0 +1,4 @@
 -- Seed the pages table with an "About Us" and "Terms of Service" page
 INSERT INTO `pages` (`title`, `slug`, `content`) VALUES
 ('About Us', 'about-us', '<h1>About Us</h1><p>We are a leading provider of telecommunication services, committed to connecting you to the world. This page was generated by the CMS.</p>'),
 ('Terms of Service', 'terms-of-service', '<h1>Terms of Service</h1><p>By using our services, you agree to our terms. This is a sample page.</p>');
--- a/footer.php
+++ b/footer.php
@ -1,10 +1,44 @@
    </main>
-    <footer class="py-4 bg-dark text-white text-center">
+    <footer class="py-4 bg-dark text-white">
        <div class="container">
            <div class="row">
                <div class="col-md-4">
                    <h5>Quick Links</h5>
                    <ul class="list-unstyled">
                        <li><a href="index.php#hero" class="text-white">Home</a></li>
                        <li><a href="index.php#plans" class="text-white">Plans</a></li>
                        <li><a href="support.php" class="text-white">Support</a></li>
                        <li><a href="index.php#about" class="text-white">About</a></li>
                        <li><a href="index.php#contact" class="text-white">Contact</a></li>
                    </ul>
                </div>
                <div class="col-md-4">
                    <h5>Our Pages</h5>
                    <ul class="list-unstyled">
                        <?php
                        require_once __DIR__ . '/db/config.php';
                        try {
                            $pdo = db();
                            $stmt = $pdo->query("SELECT * FROM pages WHERE is_published = 1 ORDER BY title");
                            $pages = $stmt->fetchAll();
                        } catch (PDOException $e) {
                            error_log($e->getMessage());
                            $pages = [];
                        }
                        foreach ($pages as $page) {
                            echo '<li><a href="page.php?slug=' . htmlspecialchars($page['slug']) . '" class="text-white">' . htmlspecialchars($page['title']) . '</a></li>';
                        }
                        ?>
                    </ul>
                </div>
                <div class="col-md-4">
                    <h5>Connect</h5>
                    <p>&copy; <?php echo date('Y'); ?> Australia Broadband Internet. All Rights Reserved.</p>
                    <p><a href="privacy.php" class="text-white">Privacy Policy</a></p>
                </div>
            </div>
        </div>
    </footer>
    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
--- a/header.php
+++ b/header.php
@ -24,8 +24,18 @@
                <ul class="navbar-nav ms-auto">
                    <li class="nav-item"><a class="nav-link" href="index.php#hero">Home</a></li>
                    <li class="nav-item"><a class="nav-link" href="index.php#plans">Plans</a></li>
                    <li class="nav-item"><a class="nav-link" href="support.php">Support</a></li>
                    <li class="nav-item"><a class="nav-link" href="index.php#about">About</a></li>
                    <li class="nav-item"><a class="nav-link" href="index.php#contact">Contact</a></li>
                    <?php if (isset($_SESSION['user_id'])): // Admin user ?>
                        <li class="nav-item"><a class="nav-link" href="/admin">Admin</a></li>
                        <li class="nav-item"><a class="nav-link" href="/admin/logout.php">Logout</a></li>
                    <?php elseif (isset($_SESSION['customer_id'])): // Customer ?>
                        <li class="nav-item"><a class="nav-link" href="portal.php">My Portal</a></li>
                        <li class="nav-item"><a class="nav-link" href="logout.php">Logout</a></li>
                    <?php else: // Guest ?>
                        <li class="nav-item"><a class="nav-link" href="login.php">Login</a></li>
                    <?php endif; ?>
                    <li class="nav-item"><a class="btn btn-primary ms-lg-3" href="index.php#hero">Check Availability</a></li>
                </ul>
            </div>
--- a/login.php
+++ b/login.php
@ -0,0 +1,54 @@
 <?php
 require_once __DIR__ . '/db/config.php';
 include 'header.php';
 $error_message = '';
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    if (empty($_POST['email']) || empty($_POST['password'])) {
        $error_message = 'Please enter both email and password.';
    } else {
        $pdo = db();
        $stmt = $pdo->prepare("SELECT * FROM customers WHERE email = ?");
        $stmt->execute([$_POST['email']]);
        $customer = $stmt->fetch();
        if ($customer && password_verify($_POST['password'], $customer['password'])) {
            $_SESSION['customer_id'] = $customer['id'];
            $_SESSION['customer_name'] = $customer['name'];
            header('Location: portal.php');
            exit;
        } else {
            $error_message = 'Invalid email or password.';
        }
    }
 }
 ?>
 <div class="container mt-5">
    <div class="row justify-content-center">
        <div class="col-md-6">
            <div class="card">
                <div class="card-body">
                    <h1 class="card-title text-center mb-4">Customer Login</h1>
                    <?php if ($error_message): ?>
                        <div class="alert alert-danger"><?php echo $error_message; ?></div>
                    <?php endif; ?>
                    <form method="POST" action="login.php">
                        <div class="mb-3">
                            <label for="email" class="form-label">Email Address</label>
                            <input type="email" id="email" name="email" class="form-control" required>
                        </div>
                        <div class="mb-3">
                            <label for="password" class="form-label">Password</label>
                            <input type="password" id="password" name="password" class="form-control" required>
                        </div>
                        <button type="submit" class="btn btn-primary w-100">Login</button>
                    </form>
                </div>
            </div>
        </div>
    </div>
 </div>
 <?php include 'footer.php'; ?>
--- a/logout.php
+++ b/logout.php
@ -0,0 +1,6 @@
 <?php
 session_start();
 session_unset();
 session_destroy();
 header('Location: index.php');
 exit;
--- a/portal.php
+++ b/portal.php
@ -0,0 +1,26 @@
 <?php
 include 'header.php';
 // Protect this page
 if (!isset($_SESSION['customer_id'])) {
    header('Location: login.php');
    exit;
 }
 ?>
 <div class="container mt-5">
    <div class="row">
        <div class="col-md-12">
            <div class="card">
                <div class="card-body">
                    <h1 class="card-title">Welcome, <?php echo htmlspecialchars($_SESSION['customer_name']); ?>!</h1>
                    <p>This is your customer portal. You can view your account details and manage your services here.</p>
                    <a href="logout.php" class="btn btn-primary">Logout</a>
                </div>
            </div>
        </div>
    </div>
 </div>
 <?php include 'footer.php'; ?>
--- a/signup.php
+++ b/signup.php
@ -42,6 +42,16 @@ if (!$plan) {
                <div class="mb-3">
                    <label for="email" class="form-label">Email Address</label>
                    <input type="email" id="email" class="form-control" required>
                </div>
                <div class="row">
                    <div class="col-md-6 mb-3">
                        <label for="password" class="form-label">Password</label>
                        <input type="password" id="password" class="form-control" required>
                    </div>
                    <div class="col-md-6 mb-3">
                        <label for="password_confirm" class="form-label">Confirm Password</label>
                        <input type="password" id="password_confirm" class="form-control" required>
                    </div>
                </div>
                 <div class="mb-3">
                    <label for="address" class="form-label">Service Address</label>
		`@ -0,0 +1 @@`
							ALTER TABLE `customers` ADD `password` VARCHAR(255) NOT NULL AFTER `email`;