admin/34878-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V1.1

Browse Source
This commit is contained in:
Flatlogic Bot 2025-10-11 14:14:03 +00:00
parent 8d771ec57c
commit f078900c8f
3 changed files with 55 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
db/seed_test_data.php Normal file
View File

@ -0,0 +1,42 @@
<?php
require_once __DIR__ . '/config.php';
try {
$pdo = db();
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// Hashed password for 'password123'
$hashed_password = password_hash('password123', PASSWORD_DEFAULT);
// --- Company 1 & User 1 ---
$stmt = $pdo->prepare("INSERT INTO companies (name) VALUES (?)");
$stmt->execute(['Test Company Alpha']);
$company1_id = $pdo->lastInsertId();
$stmt = $pdo->prepare("INSERT INTO users (company_id, email, password, role) VALUES (?, ?, ?, ?)");
$stmt->execute([$company1_id, 'user.alpha@example.com', $hashed_password, 'admin']);
$user1_id = $pdo->lastInsertId();
// --- Company 2 & User 2 ---
$stmt = $pdo->prepare("INSERT INTO companies (name) VALUES (?)");
$stmt->execute(['Test Company Beta']);
$company2_id = $pdo->lastInsertId();
$stmt = $pdo->prepare("INSERT INTO users (company_id, email, password, role) VALUES (?, ?, ?, ?)");
$stmt->execute([$company2_id, 'user.beta@example.com', $hashed_password, 'admin']);
$user2_id = $pdo->lastInsertId();
// --- User 3 (in Company 2, not admin) ---
$stmt = $pdo->prepare("INSERT INTO users (company_id, email, password, role) VALUES (?, ?, ?, ?)");
$stmt->execute([$company2_id, 'employee.beta@example.com', $hashed_password, 'employee']);
$user3_id = $pdo->lastInsertId();
echo "Successfully created 2 companies and 3 test users.\n";
echo "You can log in with:\n";
echo "- user.alpha@example.com (password: password123)\n";
echo "- user.beta@example.com (password: password123)\n";
echo "- employee.beta@example.com (password: password123)\n";
} catch (PDOException $e) {
die("Database seeding failed: " . $e->getMessage());
}

10
login.php
View File

@ -19,20 +19,26 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$pdo = db(); $pdo = db();
$stmt = $pdo->prepare("SELECT * FROM users WHERE email = ?"); $stmt = $pdo->prepare("SELECT * FROM users WHERE email = ?");
$stmt->execute([$email]); $stmt->execute([$email]);
$user = $stmt->fetch(); $user = $stmt->fetch(PDO::FETCH_ASSOC);
if ($user && password_verify($password, $user['password'])) { if ($user && password_verify($password, $user['password'])) {
$_SESSION['user_id'] = $user['id']; $_SESSION['user_id'] = $user['id'];
$_SESSION['company_id'] = $user['company_id']; $_SESSION['company_id'] = $user['company_id'];
$_SESSION['role'] = $user['role']; $_SESSION['role'] = $user['role'];
$_SESSION['is_superadmin'] = !empty($user['is_superadmin']);
if (!empty($user['is_superadmin'])) {
header('Location: /superadmin/index.php');
} else {
header('Location: /dashboard.php'); header('Location: /dashboard.php');
}
exit; exit;
} else { } else {
$error_message = 'Invalid email or password.'; $error_message = 'Invalid email or password.';
} }
} catch (PDOException $e) { } catch (PDOException $e) {
$error_message = "Login failed: " . $e->getMessage(); error_log("Login PDOException: " . $e->getMessage());
$error_message = "An error occurred during login. Please try again.";
} }
} }
} }

9
superadmin/header.php
View File

@ -8,12 +8,9 @@ if (!isset($_SESSION['user_id'])) {
exit; exit;
} }
$pdo = db(); // Check if the user is a superadmin based on the session variable
$stmt = $pdo->prepare("SELECT is_superadmin FROM users WHERE id = ?"); if (empty($_SESSION['is_superadmin'])) {
$stmt->execute([$_SESSION['user_id']]); // If not a superadmin, redirect to the regular user dashboard
$user = $stmt->fetch();
if (!$user || $user['is_superadmin'] != 1) {
header('Location: /dashboard.php'); header('Location: /dashboard.php');
exit; exit;
} }