41 lines
1.2 KiB
PHP
41 lines
1.2 KiB
PHP
<?php
|
|
header('Content-Type: application/json');
|
|
|
|
session_start();
|
|
|
|
require_once __DIR__ . '/db/config.php';
|
|
|
|
// 1. Validation
|
|
if (empty($_POST['email']) || empty($_POST['password'])) {
|
|
echo json_encode(['success' => false, 'error' => 'Email and password are required.']);
|
|
exit;
|
|
}
|
|
|
|
$email = $_POST['email'];
|
|
$password = $_POST['password'];
|
|
|
|
try {
|
|
$pdo = db();
|
|
|
|
// 2. Fetch user by email
|
|
$stmt = $pdo->prepare("SELECT id, firstName, role, password FROM User WHERE email = ?");
|
|
$stmt->execute([$email]);
|
|
$user = $stmt->fetch();
|
|
|
|
// 3. Verify password
|
|
if ($user && password_verify($password, $user['password'])) {
|
|
// 4. Set session variables
|
|
$_SESSION['user_id'] = $user['id'];
|
|
$_SESSION['user_name'] = $user['firstName'];
|
|
$_SESSION['user_role'] = $user['role'];
|
|
|
|
echo json_encode(['success' => true, 'redirect' => 'dashboard.php']);
|
|
} else {
|
|
echo json_encode(['success' => false, 'error' => 'Invalid email or password.']);
|
|
}
|
|
|
|
} catch (PDOException $e) {
|
|
error_log('Login Error: ' . $e->getMessage());
|
|
echo json_encode(['success' => false, 'error' => 'A server error occurred. Please try again later.']);
|
|
}
|