fix 11
This commit is contained in:
Flatlogic Bot
parent
28184556fb
commit
2497a13797
@ -1,7 +1,13 @@
|
|||||||
<?php
|
<?php
|
||||||
|
error_log("--- auth-check.php: Start ---");
|
||||||
|
error_log("auth-check.php: Session status: " . session_status());
|
||||||
|
error_log("auth-check.php: Session ID: " . session_id());
|
||||||
|
error_log("auth-check.php: Checking for user_id in \$_SESSION: " . print_r($_SESSION, true));
|
||||||
|
|
||||||
if (!isset($_SESSION['user_id'])) {
|
if (!isset($_SESSION['user_id'])) {
|
||||||
|
error_log("auth-check.php: user_id NOT SET. Redirecting to login.php");
|
||||||
header("Location: login.php");
|
header("Location: login.php");
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
?>
|
error_log("auth-check.php: user_id IS SET. User is authenticated.");
|
||||||
|
?>
|
||||||
@ -1,5 +1,9 @@
|
|||||||
<?php
|
<?php
|
||||||
session_start();
|
session_start();
|
||||||
|
error_log("--- index.php: Start ---");
|
||||||
|
error_log("index.php: Session status: " . session_status());
|
||||||
|
error_log("index.php: Session ID: " . session_id());
|
||||||
|
error_log("index.php: Initial \$_SESSION: " . print_r($_SESSION, true));
|
||||||
require_once 'db/config.php';
|
require_once 'db/config.php';
|
||||||
require_once 'auth-check.php';
|
require_once 'auth-check.php';
|
||||||
require_once 'auth-helpers.php';
|
require_once 'auth-helpers.php';
|
||||||
@ -271,4 +275,4 @@ function getStatusClass($status) {
|
|||||||
feather.replace();
|
feather.replace();
|
||||||
</script>
|
</script>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|||||||
13
login.php
13
login.php
@ -1,21 +1,28 @@
|
|||||||
<?php
|
<?php
|
||||||
session_start();
|
session_start();
|
||||||
|
error_log("--- login.php: Start ---");
|
||||||
|
error_log("login.php: Session status: " . session_status());
|
||||||
|
error_log("login.php: Session ID: " . session_id());
|
||||||
|
error_log("login.php: Initial \$_SESSION: " . print_r($_SESSION, true));
|
||||||
require_once 'db/config.php';
|
require_once 'db/config.php';
|
||||||
|
|
||||||
$error_message = '';
|
$error_message = '';
|
||||||
|
|
||||||
// If user is already logged in, redirect to dashboard
|
// If user is already logged in, redirect to dashboard
|
||||||
if (isset($_SESSION['user_id'])) {
|
if (isset($_SESSION['user_id'])) {
|
||||||
|
error_log("login.php: User already logged in. Redirecting to index.php");
|
||||||
header("Location: index.php");
|
header("Location: index.php");
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||||
|
error_log("login.php: POST request received.");
|
||||||
$email = $_POST['email'] ?? '';
|
$email = $_POST['email'] ?? '';
|
||||||
$password = $_POST['password'] ?? '';
|
$password = $_POST['password'] ?? '';
|
||||||
|
|
||||||
if (empty($email) || empty($password)) {
|
if (empty($email) || empty($password)) {
|
||||||
$error_message = 'Please enter both email and password.';
|
$error_message = 'Please enter both email and password.';
|
||||||
|
error_log("login.php: " . $error_message);
|
||||||
} else {
|
} else {
|
||||||
try {
|
try {
|
||||||
$pdo = db();
|
$pdo = db();
|
||||||
@ -24,16 +31,20 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|||||||
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||||
|
|
||||||
if ($user && password_verify($password, $user['password'])) {
|
if ($user && password_verify($password, $user['password'])) {
|
||||||
|
error_log("login.php: Login successful for user ID: " . $user['id']);
|
||||||
$_SESSION['user_id'] = $user['id'];
|
$_SESSION['user_id'] = $user['id'];
|
||||||
$_SESSION['user_name'] = $user['name'];
|
$_SESSION['user_name'] = $user['name'];
|
||||||
$_SESSION['user_role'] = $user['role'];
|
$_SESSION['user_role'] = $user['role'];
|
||||||
|
error_log("login.php: \$_SESSION after login: " . print_r($_SESSION, true));
|
||||||
header("Location: index.php");
|
header("Location: index.php");
|
||||||
exit;
|
exit;
|
||||||
} else {
|
} else {
|
||||||
$error_message = 'Invalid email or password.';
|
$error_message = 'Invalid email or password.';
|
||||||
|
error_log("login.php: " . $error_message);
|
||||||
}
|
}
|
||||||
} catch (PDOException $e) {
|
} catch (PDOException $e) {
|
||||||
$error_message = 'Database error: ' . $e->getMessage();
|
$error_message = 'Database error: ' . $e->getMessage();
|
||||||
|
error_log("login.php: " . $error_message);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -84,4 +95,4 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|||||||
|
|
||||||
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
|
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
@ -86,7 +86,7 @@ $users = get_users($allowed_fields);
|
|||||||
<?php elseif (empty($users)): ?>
|
<?php elseif (empty($users)): ?>
|
||||||
<div class="text-center p-5">
|
<div class="text-center p-5">
|
||||||
<h4>No users found.</h4>
|
<h4>No users found.</h4>
|
||||||
<?php if (can($_SESSION['user_role'], 'user', 'create'])): ?>
|
<?php if (can($_SESSION['user_role'], 'user', 'create')): ?>
|
||||||
<p>Get started by adding your first user.</p>
|
<p>Get started by adding your first user.</p>
|
||||||
<a href="add-user.php" class="btn btn-primary">Add User</a>
|
<a href="add-user.php" class="btn btn-primary">Add User</a>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
@ -112,7 +112,7 @@ $users = get_users($allowed_fields);
|
|||||||
<?php if (can($_SESSION['user_role'], 'user', 'update')): ?>
|
<?php if (can($_SESSION['user_role'], 'user', 'update')): ?>
|
||||||
<a href="edit-user.php?id=<?php echo $user['id']; ?>" class="btn btn-sm btn-outline-primary">Edit</a>
|
<a href="edit-user.php?id=<?php echo $user['id']; ?>" class="btn btn-sm btn-outline-primary">Edit</a>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
<?php if (can($_SESSION['user_role'], 'user', 'delete'])): ?>
|
<?php if (can($_SESSION['user_role'], 'user', 'delete')): ?>
|
||||||
<a href="delete-user.php?id=<?php echo $user['id']; ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Are you sure you want to delete this user?');">Delete</a>
|
<a href="delete-user.php?id=<?php echo $user['id']; ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Are you sure you want to delete this user?');">Delete</a>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
</td>
|
</td>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user