admin/35791-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Now to subscription

Browse Source
This commit is contained in:
Flatlogic Bot 2025-12-07 10:32:02 +00:00
parent 6087fe4bc6
commit 403c8e4f27
5 changed files with 156 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
db/migrations/024_add_is_active_to_users.sql Normal file
View File

@ -0,0 +1 @@
ALTER TABLE users ADD COLUMN is_active BOOLEAN NOT NULL DEFAULT 0;

42
includes/auth_check.php
View File

@ -3,8 +3,46 @@ if (session_status() == PHP_SESSION_NONE) {
session_start();
}
// If user is not logged in or is not an admin, redirect to login page
if (!isset($_SESSION['user_id']) || ($_SESSION['role'] !== 'admin' && $_SESSION['role'] !== 'teacher')) {
// If user is not logged in, redirect to login page
if (!isset($_SESSION['user_id'])) {
header("Location: login.php");
exit;
}
// Check if the user's account is active
require_once __DIR__ . '/../db/config.php';
try {
$pdo = db();
$stmt = $pdo->prepare("SELECT is_active FROM users WHERE id = ?");
$stmt->execute([$_SESSION['user_id']]);
$is_active = $stmt->fetchColumn();
if (!$is_active) {
// User is not active, log them out and redirect to subscription page
$_SESSION['user_id_for_activation'] = $_SESSION['user_id']; // Preserve user ID for activation
// Unset all other session variables
unset($_SESSION['user_id']);
unset($_SESSION['username']);
unset($_SESSION['role']);
unset($_SESSION['school_id']);
if (isset($_SESSION['can_edit_workload'])) {
unset($_SESSION['can_edit_workload']);
}
header("Location: /subscription.php?reason=inactive");
exit;
}
} catch (PDOException $e) {
// On DB error, log out user for safety
session_destroy();
header("Location: /login.php?error=db_error");
exit;
}
// Role-based access check (existing logic)
$allowed_roles = ['admin', 'teacher'];
if (!isset($_SESSION['role']) || !in_array($_SESSION['role'], $allowed_roles)) {
header("Location: /login.php?error=unauthorized");
exit;
}

42
login.php
View File

@ -25,23 +25,31 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if ($user && password_verify($password, $user['password'])) {
// Password is correct, start session
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['role'] = $user['role'];
$_SESSION['school_id'] = $user['school_id'];
// Check if account is active
if ($user['is_active']) {
// Password is correct, start session
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['role'] = $user['role'];
$_SESSION['school_id'] = $user['school_id'];
// If the user is a teacher, fetch their workload editing permission
if ($user['role'] === 'teacher') {
$stmt = $pdo->prepare("SELECT can_edit_workload FROM teachers WHERE user_id = ?");
$stmt->execute([$user['id']]);
$teacher_permission = $stmt->fetchColumn();
$_SESSION['can_edit_workload'] = (bool)$teacher_permission;
// If the user is a teacher, fetch their workload editing permission
if ($user['role'] === 'teacher') {
$stmt = $pdo->prepare("SELECT can_edit_workload FROM teachers WHERE user_id = ?");
$stmt->execute([$user['id']]);
$teacher_permission = $stmt->fetchColumn();
$_SESSION['can_edit_workload'] = (bool)$teacher_permission;
}
// Redirect to the main page
header("Location: dashboard.php");
exit;
} else {
// Account is not active, redirect to subscription page
$_SESSION['user_id_for_activation'] = $user['id'];
header("Location: subscription.php");
exit;
}
// Redirect to the main page
header("Location: dashboard.php");
exit;
} else {
$error = 'Invalid username or password.';
}
@ -74,6 +82,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
<div class="card-body p-4">
<h1 class="h3 fw-bold text-center mb-4">Login</h1>
<?php if (isset($_GET['status']) && $_GET['status'] === 'activated'): ?>
<div class="alert alert-success">Your account has been activated! Please log in to continue.</div>
<?php endif; ?>
<?php if ($error): ?>
<div class="alert alert-danger"><?php echo $error; ?></div>
<?php endif; ?>

9
register.php
View File

@ -43,7 +43,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$stmt = $pdo->prepare("INSERT INTO users (username, password, email, school_id, role) VALUES (?, ?, ?, ?, 'admin')");
if ($stmt->execute([$username, $hashed_password, $email, $school_id])) {
$pdo->commit();
$message = 'Registration successful! You can now <a href="login.php">login</a>.';
// Start session and store user ID for activation
session_start();
$_SESSION['user_id_for_activation'] = $pdo->lastInsertId();
// Redirect to subscription page
header("Location: subscription.php");
exit;
} else {
$error = 'Failed to register user.';
$pdo->rollBack();

80
subscription.php Normal file
View File

@ -0,0 +1,80 @@
<?php
session_start();
require_once __DIR__ . '/db/config.php';
// Ensure user has just registered
if (!isset($_SESSION['user_id_for_activation'])) {
header('Location: register.php');
exit;
}
$user_id = $_SESSION['user_id_for_activation'];
$message = '';
$error = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['activate'])) {
try {
$pdo = db();
$stmt = $pdo->prepare("UPDATE users SET is_active = 1 WHERE id = ?");
if ($stmt->execute([$user_id])) {
// Activation successful
unset($_SESSION['user_id_for_activation']);
session_destroy(); // Clean up session
// Redirect to login with a success message
header('Location: login.php?status=activated');
exit;
} else {
$error = "Failed to activate your account. Please contact support.";
}
} catch (PDOException $e) {
$error = "Database error: " . $e->getMessage();
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Activate Your Account - Haki Schedule</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="assets/css/custom.css?v=<?php echo time(); ?>">
</head>
<body>
<?php include 'includes/navbar.php'; ?>
<main class="container py-5">
<div class="row justify-content-center">
<div class="col-lg-6">
<div class="card text-center shadow">
<div class="card-body p-5">
<h1 class="h2 fw-bold mb-3">One More Step!</h1>
<p class="lead mb-4">Your account has been created, but you need to activate it to get access to the application.</p>
<?php if ($error): ?>
<div class="alert alert-danger"><?php echo $error; ?></div>
<?php endif; ?>
<div class="p-4 bg-light rounded border">
<h3 class="h5 fw-bold">Basic Plan</h3>
<p class="fs-1 fw-bold mb-2">$10<span class="fs-6 fw-normal">/month</span></p>
<p class="text-muted">Full access for one school administrator.</p>
<form action="subscription.php" method="POST">
<div class="d-grid">
<button type="submit" name="activate" class="btn btn-primary btn-lg">Activate Your Account</button>
</div>
</form>
</div>
<p class="mt-4 text-muted small">For now, clicking 'Activate' will simulate a successful payment. In a real application, you would be redirected to a payment processor.</p>
</div>
</div>
</div>
</div>
</main>
<footer class="bg-dark text-white py-4 mt-5"><div class="container text-center"><p>&copy; <?php echo date("Y"); ?> Haki Schedule. All Rights Reserved.</p></div></footer>
</body>
</html>