V1.1
This commit is contained in:
Flatlogic Bot
parent
8d771ec57c
commit
f078900c8f
42
db/seed_test_data.php
Normal file
42
db/seed_test_data.php
Normal file
@ -0,0 +1,42 @@
|
||||
<?php
|
||||
require_once __DIR__ . '/config.php';
|
||||
|
||||
try {
|
||||
$pdo = db();
|
||||
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
|
||||
// Hashed password for 'password123'
|
||||
$hashed_password = password_hash('password123', PASSWORD_DEFAULT);
|
||||
|
||||
// --- Company 1 & User 1 ---
|
||||
$stmt = $pdo->prepare("INSERT INTO companies (name) VALUES (?)");
|
||||
$stmt->execute(['Test Company Alpha']);
|
||||
$company1_id = $pdo->lastInsertId();
|
||||
|
||||
$stmt = $pdo->prepare("INSERT INTO users (company_id, email, password, role) VALUES (?, ?, ?, ?)");
|
||||
$stmt->execute([$company1_id, 'user.alpha@example.com', $hashed_password, 'admin']);
|
||||
$user1_id = $pdo->lastInsertId();
|
||||
|
||||
// --- Company 2 & User 2 ---
|
||||
$stmt = $pdo->prepare("INSERT INTO companies (name) VALUES (?)");
|
||||
$stmt->execute(['Test Company Beta']);
|
||||
$company2_id = $pdo->lastInsertId();
|
||||
|
||||
$stmt = $pdo->prepare("INSERT INTO users (company_id, email, password, role) VALUES (?, ?, ?, ?)");
|
||||
$stmt->execute([$company2_id, 'user.beta@example.com', $hashed_password, 'admin']);
|
||||
$user2_id = $pdo->lastInsertId();
|
||||
|
||||
// --- User 3 (in Company 2, not admin) ---
|
||||
$stmt = $pdo->prepare("INSERT INTO users (company_id, email, password, role) VALUES (?, ?, ?, ?)");
|
||||
$stmt->execute([$company2_id, 'employee.beta@example.com', $hashed_password, 'employee']);
|
||||
$user3_id = $pdo->lastInsertId();
|
||||
|
||||
echo "Successfully created 2 companies and 3 test users.\n";
|
||||
echo "You can log in with:\n";
|
||||
echo "- user.alpha@example.com (password: password123)\n";
|
||||
echo "- user.beta@example.com (password: password123)\n";
|
||||
echo "- employee.beta@example.com (password: password123)\n";
|
||||
|
||||
} catch (PDOException $e) {
|
||||
die("Database seeding failed: " . $e->getMessage());
|
||||
}
|
||||
12
login.php
12
login.php
@ -19,20 +19,26 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$pdo = db();
|
||||
$stmt = $pdo->prepare("SELECT * FROM users WHERE email = ?");
|
||||
$stmt->execute([$email]);
|
||||
$user = $stmt->fetch();
|
||||
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
if ($user && password_verify($password, $user['password'])) {
|
||||
$_SESSION['user_id'] = $user['id'];
|
||||
$_SESSION['company_id'] = $user['company_id'];
|
||||
$_SESSION['role'] = $user['role'];
|
||||
$_SESSION['is_superadmin'] = !empty($user['is_superadmin']);
|
||||
|
||||
header('Location: /dashboard.php');
|
||||
if (!empty($user['is_superadmin'])) {
|
||||
header('Location: /superadmin/index.php');
|
||||
} else {
|
||||
header('Location: /dashboard.php');
|
||||
}
|
||||
exit;
|
||||
} else {
|
||||
$error_message = 'Invalid email or password.';
|
||||
}
|
||||
} catch (PDOException $e) {
|
||||
$error_message = "Login failed: " . $e->getMessage();
|
||||
error_log("Login PDOException: " . $e->getMessage());
|
||||
$error_message = "An error occurred during login. Please try again.";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -8,12 +8,9 @@ if (!isset($_SESSION['user_id'])) {
|
||||
exit;
|
||||
}
|
||||
|
||||
$pdo = db();
|
||||
$stmt = $pdo->prepare("SELECT is_superadmin FROM users WHERE id = ?");
|
||||
$stmt->execute([$_SESSION['user_id']]);
|
||||
$user = $stmt->fetch();
|
||||
|
||||
if (!$user || $user['is_superadmin'] != 1) {
|
||||
// Check if the user is a superadmin based on the session variable
|
||||
if (empty($_SESSION['is_superadmin'])) {
|
||||
// If not a superadmin, redirect to the regular user dashboard
|
||||
header('Location: /dashboard.php');
|
||||
exit;
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user