34894-vm/login.php

<?php
session_start();
require_once 'db/config.php';

// Check if the user is already logged in, if so, redirect to dashboard
if (isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true) {
    header("location: dashboard.php");
    exit;
}

$pdo = db();

// Check if there are any users in the database, if not, create a default admin user
try {
    $stmt = $pdo->query("SELECT id FROM users LIMIT 1");
    if ($stmt->rowCount() == 0) {
        $default_email = "admin@example.com";
        $default_password = "password";
        $hashed_password = password_hash($default_password, PASSWORD_DEFAULT);
        $default_username = "admin";
        $default_role = "Admin";

        $insert_stmt = $pdo->prepare("INSERT INTO users (username, email, password, role) VALUES (:username, :email, :password, :role)");
        $insert_stmt->bindParam(':username', $default_username);
        $insert_stmt->bindParam(':email', $default_email);
        $insert_stmt->bindParam(':password', $hashed_password);
        $insert_stmt->bindParam(':role', $default_role);
        $insert_stmt->execute();
    }
} catch (PDOException $e) {
    // Don't expose error details to the user
    error_log("Error checking/creating default user: " . $e->getMessage());
}


$email = $password = "";
$email_err = $password_err = $login_err = "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (empty(trim($_POST["email"]))) {
        $email_err = "Please enter email.";
    } else {
        $email = trim($_POST["email"]);
    }

    if (empty(trim($_POST["password"]))) {
        $password_err = "Please enter your password.";
    } else {
        $password = trim($_POST["password"]);
    }

    if (empty($email_err) && empty($password_err)) {
        $sql = "SELECT id, username, email, password, role FROM users WHERE email = :email";

        if ($stmt = $pdo->prepare($sql)) {
            $stmt->bindParam(":email", $param_email, PDO::PARAM_STR);
            $param_email = $email;

            if ($stmt->execute()) {
                if ($stmt->rowCount() == 1) {
                    if ($row = $stmt->fetch()) {
                        $id = $row["id"];
                        $username = $row["username"];
                        $hashed_password = $row["password"];
                        $role = $row["role"];
                        if (password_verify($password, $hashed_password)) {
                            session_start();

                            $_SESSION["loggedin"] = true;
                            $_SESSION["id"] = $id;
                            $_SESSION["username"] = $username;
                            $_SESSION["role"] = $role;

                            header("location: dashboard.php");
                        } else {
                            $login_err = "Invalid email or password.";
                        }
                    }
                } else {
                    $login_err = "Invalid email or password.";
                }
            } else {
                echo "Oops! Something went wrong. Please try again later.";
            }
            unset($stmt);
        }
    }
    unset($pdo);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Login - K Design Accounting</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css">
    <link rel="stylesheet" href="assets/css/custom.css">
</head>
<body>
    <div class="container-fluid">
        <div class="row vh-100">
            <div class="col-md-6 d-none d-md-flex justify-content-center align-items-center" style="background: linear-gradient(to bottom right, #2B6CB0, #4A5568);">
                <div class="text-white text-center p-5">
                    <i class="bi bi-journal-check" style="font-size: 6rem;"></i>
                    <h1 class="display-4 mt-3">K Design Accounting</h1>
                    <p class="lead">Streamline your finances with elegance and precision.</p>
                </div>
            </div>
            <div class="col-md-6 d-flex justify-content-center align-items-center bg-light">
                <div class="card shadow-lg border-0 rounded-3" style="width: 25rem;">
                    <div class="card-body p-5">
                        <h2 class="card-title text-center mb-4">Welcome Back</h2>
                        <?php
                        if (!empty($login_err)) {
                            echo '<div class="alert alert-danger">' . $login_err . '</div>';
                        }
                        ?>
                        <form method="POST" action="login.php">
                            <div class="form-floating mb-3">
                                <input type="email" class="form-control <?php echo (!empty($email_err)) ? 'is-invalid' : ''; ?>" id="email" name="email" placeholder="name@example.com" required value="<?php echo $email; ?>">
                                <label for="email">Email address</label>
                                <span class="invalid-feedback"><?php echo $email_err; ?></span>
                            </div>
                            <div class="form-floating mb-3">
                                <input type="password" class="form-control <?php echo (!empty($password_err)) ? 'is-invalid' : ''; ?>" id="password" name="password" placeholder="Password" required>
                                <label for="password">Password</label>
                                <span class="invalid-feedback"><?php echo $password_err; ?></span>
                            </div>
                            <div class="d-flex justify-content-between align-items-center mb-4">
                                <div class="form-check">
                                    <input class="form-check-input" type="checkbox" value="" id="rememberMe">
                                    <label class="form-check-label" for="rememberMe">
                                        Remember me
                                    </label>
                                </div>
                                <a href="#" class="text-decoration-none">Forgot password?</a>
                            </div>
                            <div class="d-grid">
                                <button type="submit" class="btn btn-primary btn-lg">Login</button>
                            </div>
                        </form>
                    </div>
                </div>
            </div>
        </div>
    </div>
    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>