barter-system

admin_dashboard.php

@@ -0,0 +1,30 @@
+<?php
+session_start();
+
+// Check if the user is logged in, otherwise redirect to login page
+if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true) {
+    header('Location: login.php');
+    exit;
+}
+?>
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Admin Dashboard</title>
+    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
+</head>
+<body>
+    <div class="container">
+        <div class="jumbotron mt-5">
+            <h1 class="display-4">Welcome, Admin!</h1>
+            <p class="lead">This is your admin dashboard. You have successfully logged in.</p>
+            <hr class="my-4">
+            <p>You can now manage your application from here.</p>
+            <a class="btn btn-primary btn-lg" href="logout.php" role="button">Logout</a>
+        </div>
+    </div>
+</body>
+</html>

login.php

@@ -0,0 +1,91 @@
+<?php
+session_start();
+require_once 'db/config.php';
+
+$error_message = '';
+
+if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+    if (empty($_POST['email']) || empty($_POST['password'])) {
+        $error_message = 'Please enter both email and password.';
+    } else {
+        $email = $_POST['email'];
+        $password = $_POST['password'];
+
+        try {
+            $pdo = db();
+            // Use the correct table name 'public.admin_users'
+            $stmt = $pdo->prepare('SELECT * FROM public.admin_users WHERE email = ?');
+            $stmt->execute([$email]);
+            $user = $stmt->fetch(PDO::FETCH_ASSOC);
+
+            // IMPORTANT: PHP's password_verify function is the correct way to check a bcrypt hash.
+            if ($user && password_verify($password, $user['password'])) {
+                // Password is correct, so start a new session
+                $_SESSION['user_id'] = $user['id'];
+                $_SESSION['user_email'] = $user['email'];
+                $_SESSION['user_fullname'] = $user['full_name'];
+                
+                // Redirect to a protected admin page
+                header("Location: admin_dashboard.php");
+                exit;
+            } else {
+                // Invalid credentials
+                $error_message = 'Invalid email or password.';
+            }
+        } catch (PDOException $e) {
+            // In a real app, you would log this error, not show it to the user.
+            $error_message = 'Database error. Please try again later.';
+            // error_log($e->getMessage());
+        }
+    }
+}
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Admin Login</title>
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
+    <style>
+        body {
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            min-height: 100vh;
+            background-color: #f8f9fa;
+        }
+        .login-card {
+            max-width: 400px;
+            width: 100%;
+        }
+    </style>
+</head>
+<body>
+    <div class="card login-card shadow-sm">
+        <div class="card-body p-4">
+            <h3 class="card-title text-center mb-4">Admin Login</h3>
+            
+            <?php if (!empty($error_message)): ?>
+                <div class="alert alert-danger" role="alert">
+                    <?php echo htmlspecialchars($error_message); ?>
+                </div>
+            <?php endif; ?>
+
+            <form action="login.php" method="post">
+                <div class="mb-3">
+                    <label for="email" class="form-label">Email address</label>
+                    <input type="email" class="form-control" id="email" name="email" required>
+                </div>
+                <div class="mb-3">
+                    <label for="password" class="form-label">Password</label>
+                    <input type="password" class="form-control" id="password" name="password" required>
+                </div>
+                <div class="d-grid">
+                    <button type="submit" class="btn btn-primary">Login</button>
+                </div>
+            </form>
+        </div>
+    </div>
+</body>
+</html>

logout.php

@@ -0,0 +1,13 @@
+<?php
+session_start();
+
+// Unset all of the session variables
+$_SESSION = array();
+
+// Destroy the session.
+session_destroy();
+
+// Redirect to login page
+header("Location: login.php");
+exit;
+?>