From f078900c8fab174166306adb136a6b0bb9489bc8 Mon Sep 17 00:00:00 2001 From: Flatlogic Bot Date: Sat, 11 Oct 2025 14:14:03 +0000 Subject: [PATCH] V1.1 --- db/seed_test_data.php | 42 ++++++++++++++++++++++++++++++++++++++++++ login.php | 14 ++++++++++---- superadmin/header.php | 9 +++------ 3 files changed, 55 insertions(+), 10 deletions(-) create mode 100644 db/seed_test_data.php diff --git a/db/seed_test_data.php b/db/seed_test_data.php new file mode 100644 index 0000000..2630132 --- /dev/null +++ b/db/seed_test_data.php @@ -0,0 +1,42 @@ +setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + + // Hashed password for 'password123' + $hashed_password = password_hash('password123', PASSWORD_DEFAULT); + + // --- Company 1 & User 1 --- + $stmt = $pdo->prepare("INSERT INTO companies (name) VALUES (?)"); + $stmt->execute(['Test Company Alpha']); + $company1_id = $pdo->lastInsertId(); + + $stmt = $pdo->prepare("INSERT INTO users (company_id, email, password, role) VALUES (?, ?, ?, ?)"); + $stmt->execute([$company1_id, 'user.alpha@example.com', $hashed_password, 'admin']); + $user1_id = $pdo->lastInsertId(); + + // --- Company 2 & User 2 --- + $stmt = $pdo->prepare("INSERT INTO companies (name) VALUES (?)"); + $stmt->execute(['Test Company Beta']); + $company2_id = $pdo->lastInsertId(); + + $stmt = $pdo->prepare("INSERT INTO users (company_id, email, password, role) VALUES (?, ?, ?, ?)"); + $stmt->execute([$company2_id, 'user.beta@example.com', $hashed_password, 'admin']); + $user2_id = $pdo->lastInsertId(); + + // --- User 3 (in Company 2, not admin) --- + $stmt = $pdo->prepare("INSERT INTO users (company_id, email, password, role) VALUES (?, ?, ?, ?)"); + $stmt->execute([$company2_id, 'employee.beta@example.com', $hashed_password, 'employee']); + $user3_id = $pdo->lastInsertId(); + + echo "Successfully created 2 companies and 3 test users.\n"; + echo "You can log in with:\n"; + echo "- user.alpha@example.com (password: password123)\n"; + echo "- user.beta@example.com (password: password123)\n"; + echo "- employee.beta@example.com (password: password123)\n"; + +} catch (PDOException $e) { + die("Database seeding failed: " . $e->getMessage()); +} diff --git a/login.php b/login.php index 9c6e4be..3f790eb 100644 --- a/login.php +++ b/login.php @@ -19,20 +19,26 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { $pdo = db(); $stmt = $pdo->prepare("SELECT * FROM users WHERE email = ?"); $stmt->execute([$email]); - $user = $stmt->fetch(); + $user = $stmt->fetch(PDO::FETCH_ASSOC); if ($user && password_verify($password, $user['password'])) { $_SESSION['user_id'] = $user['id']; $_SESSION['company_id'] = $user['company_id']; $_SESSION['role'] = $user['role']; - - header('Location: /dashboard.php'); + $_SESSION['is_superadmin'] = !empty($user['is_superadmin']); + + if (!empty($user['is_superadmin'])) { + header('Location: /superadmin/index.php'); + } else { + header('Location: /dashboard.php'); + } exit; } else { $error_message = 'Invalid email or password.'; } } catch (PDOException $e) { - $error_message = "Login failed: " . $e->getMessage(); + error_log("Login PDOException: " . $e->getMessage()); + $error_message = "An error occurred during login. Please try again."; } } } diff --git a/superadmin/header.php b/superadmin/header.php index 9b5f6ed..bebcbaf 100644 --- a/superadmin/header.php +++ b/superadmin/header.php @@ -8,12 +8,9 @@ if (!isset($_SESSION['user_id'])) { exit; } -$pdo = db(); -$stmt = $pdo->prepare("SELECT is_superadmin FROM users WHERE id = ?"); -$stmt->execute([$_SESSION['user_id']]); -$user = $stmt->fetch(); - -if (!$user || $user['is_superadmin'] != 1) { +// Check if the user is a superadmin based on the session variable +if (empty($_SESSION['is_superadmin'])) { + // If not a superadmin, redirect to the regular user dashboard header('Location: /dashboard.php'); exit; }