From 403c8e4f275f706f75ce551e79c728a52752c838 Mon Sep 17 00:00:00 2001
From: Flatlogic Bot <support@flatlogic.com>
Date: Sun, 7 Dec 2025 10:32:02 +0000
Subject: [PATCH] Now to subscription

---
 db/migrations/024_add_is_active_to_users.sql |  1 +
 includes/auth_check.php                      | 42 +++++++++-
 login.php                                    | 42 ++++++----
 register.php                                 |  9 ++-
 subscription.php                             | 80 ++++++++++++++++++++
 5 files changed, 156 insertions(+), 18 deletions(-)
 create mode 100644 db/migrations/024_add_is_active_to_users.sql
 create mode 100644 subscription.php

diff --git a/db/migrations/024_add_is_active_to_users.sql b/db/migrations/024_add_is_active_to_users.sql
new file mode 100644
index 0000000..6c7c147
--- /dev/null
+++ b/db/migrations/024_add_is_active_to_users.sql
@@ -0,0 +1 @@
+ALTER TABLE users ADD COLUMN is_active BOOLEAN NOT NULL DEFAULT 0;
\ No newline at end of file
diff --git a/includes/auth_check.php b/includes/auth_check.php
index 8efb8b7..340564b 100644
--- a/includes/auth_check.php
+++ b/includes/auth_check.php
@@ -3,8 +3,46 @@ if (session_status() == PHP_SESSION_NONE) {
     session_start();
 }
 
-// If user is not logged in or is not an admin, redirect to login page
-if (!isset($_SESSION['user_id']) || ($_SESSION['role'] !== 'admin' && $_SESSION['role'] !== 'teacher')) {
+// If user is not logged in, redirect to login page
+if (!isset($_SESSION['user_id'])) {
     header("Location: login.php");
     exit;
 }
+
+// Check if the user's account is active
+require_once __DIR__ . '/../db/config.php';
+try {
+    $pdo = db();
+    $stmt = $pdo->prepare("SELECT is_active FROM users WHERE id = ?");
+    $stmt->execute([$_SESSION['user_id']]);
+    $is_active = $stmt->fetchColumn();
+
+    if (!$is_active) {
+        // User is not active, log them out and redirect to subscription page
+        $_SESSION['user_id_for_activation'] = $_SESSION['user_id']; // Preserve user ID for activation
+        
+        // Unset all other session variables
+        unset($_SESSION['user_id']);
+        unset($_SESSION['username']);
+        unset($_SESSION['role']);
+        unset($_SESSION['school_id']);
+        if (isset($_SESSION['can_edit_workload'])) {
+            unset($_SESSION['can_edit_workload']);
+        }
+
+        header("Location: /subscription.php?reason=inactive");
+        exit;
+    }
+} catch (PDOException $e) {
+    // On DB error, log out user for safety
+    session_destroy();
+    header("Location: /login.php?error=db_error");
+    exit;
+}
+
+// Role-based access check (existing logic)
+$allowed_roles = ['admin', 'teacher'];
+if (!isset($_SESSION['role']) || !in_array($_SESSION['role'], $allowed_roles)) {
+    header("Location: /login.php?error=unauthorized");
+    exit;
+}
diff --git a/login.php b/login.php
index d4ac40d..f5f4457 100644
--- a/login.php
+++ b/login.php
@@ -25,23 +25,31 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
             $user = $stmt->fetch(PDO::FETCH_ASSOC);
 
             if ($user && password_verify($password, $user['password'])) {
-                // Password is correct, start session
-                $_SESSION['user_id'] = $user['id'];
-                $_SESSION['username'] = $user['username'];
-                $_SESSION['role'] = $user['role'];
-                $_SESSION['school_id'] = $user['school_id'];
+                // Check if account is active
+                if ($user['is_active']) {
+                    // Password is correct, start session
+                    $_SESSION['user_id'] = $user['id'];
+                    $_SESSION['username'] = $user['username'];
+                    $_SESSION['role'] = $user['role'];
+                    $_SESSION['school_id'] = $user['school_id'];
 
-                // If the user is a teacher, fetch their workload editing permission
-                if ($user['role'] === 'teacher') {
-                    $stmt = $pdo->prepare("SELECT can_edit_workload FROM teachers WHERE user_id = ?");
-                    $stmt->execute([$user['id']]);
-                    $teacher_permission = $stmt->fetchColumn();
-                    $_SESSION['can_edit_workload'] = (bool)$teacher_permission;
+                    // If the user is a teacher, fetch their workload editing permission
+                    if ($user['role'] === 'teacher') {
+                        $stmt = $pdo->prepare("SELECT can_edit_workload FROM teachers WHERE user_id = ?");
+                        $stmt->execute([$user['id']]);
+                        $teacher_permission = $stmt->fetchColumn();
+                        $_SESSION['can_edit_workload'] = (bool)$teacher_permission;
+                    }
+                    
+                    // Redirect to the main page
+                    header("Location: dashboard.php");
+                    exit;
+                } else {
+                    // Account is not active, redirect to subscription page
+                    $_SESSION['user_id_for_activation'] = $user['id'];
+                    header("Location: subscription.php");
+                    exit;
                 }
-                
-                // Redirect to the main page
-                header("Location: dashboard.php");
-                exit;
             } else {
                 $error = 'Invalid username or password.';
             }
@@ -74,6 +82,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
                     <div class="card-body p-4">
                         <h1 class="h3 fw-bold text-center mb-4">Login</h1>
                         
+                        <?php if (isset($_GET['status']) && $_GET['status'] === 'activated'): ?>
+                            <div class="alert alert-success">Your account has been activated! Please log in to continue.</div>
+                        <?php endif; ?>
+
                         <?php if ($error): ?>
                             <div class="alert alert-danger"><?php echo $error; ?></div>
                         <?php endif; ?>
diff --git a/register.php b/register.php
index 4f42a53..1051cbe 100644
--- a/register.php
+++ b/register.php
@@ -43,7 +43,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
                     $stmt = $pdo->prepare("INSERT INTO users (username, password, email, school_id, role) VALUES (?, ?, ?, ?, 'admin')");
                     if ($stmt->execute([$username, $hashed_password, $email, $school_id])) {
                         $pdo->commit();
-                        $message = 'Registration successful! You can now <a href="login.php">login</a>.';
+                        
+                        // Start session and store user ID for activation
+                        session_start();
+                        $_SESSION['user_id_for_activation'] = $pdo->lastInsertId();
+
+                        // Redirect to subscription page
+                        header("Location: subscription.php");
+                        exit;
                     } else {
                         $error = 'Failed to register user.';
                         $pdo->rollBack();
diff --git a/subscription.php b/subscription.php
new file mode 100644
index 0000000..d7c94ee
--- /dev/null
+++ b/subscription.php
@@ -0,0 +1,80 @@
+<?php
+session_start();
+require_once __DIR__ . '/db/config.php';
+
+// Ensure user has just registered
+if (!isset($_SESSION['user_id_for_activation'])) {
+    header('Location: register.php');
+    exit;
+}
+
+$user_id = $_SESSION['user_id_for_activation'];
+$message = '';
+$error = '';
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    if (isset($_POST['activate'])) {
+        try {
+            $pdo = db();
+            $stmt = $pdo->prepare("UPDATE users SET is_active = 1 WHERE id = ?");
+            if ($stmt->execute([$user_id])) {
+                // Activation successful
+                unset($_SESSION['user_id_for_activation']);
+                session_destroy(); // Clean up session
+
+                // Redirect to login with a success message
+                header('Location: login.php?status=activated');
+                exit;
+            } else {
+                $error = "Failed to activate your account. Please contact support.";
+            }
+        } catch (PDOException $e) {
+            $error = "Database error: " . $e->getMessage();
+        }
+    }
+}
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Activate Your Account - Haki Schedule</title>
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
+    <link rel="stylesheet" href="assets/css/custom.css?v=<?php echo time(); ?>">
+</head>
+<body>
+    <?php include 'includes/navbar.php'; ?>
+
+    <main class="container py-5">
+        <div class="row justify-content-center">
+            <div class="col-lg-6">
+                <div class="card text-center shadow">
+                    <div class="card-body p-5">
+                        <h1 class="h2 fw-bold mb-3">One More Step!</h1>
+                        <p class="lead mb-4">Your account has been created, but you need to activate it to get access to the application.</p>
+                        
+                        <?php if ($error): ?>
+                            <div class="alert alert-danger"><?php echo $error; ?></div>
+                        <?php endif; ?>
+
+                        <div class="p-4 bg-light rounded border">
+                            <h3 class="h5 fw-bold">Basic Plan</h3>
+                            <p class="fs-1 fw-bold mb-2">$10<span class="fs-6 fw-normal">/month</span></p>
+                            <p class="text-muted">Full access for one school administrator.</p>
+                            <form action="subscription.php" method="POST">
+                                <div class="d-grid">
+                                    <button type="submit" name="activate" class="btn btn-primary btn-lg">Activate Your Account</button>
+                                </div>
+                            </form>
+                        </div>
+                        <p class="mt-4 text-muted small">For now, clicking 'Activate' will simulate a successful payment. In a real application, you would be redirected to a payment processor.</p>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </main>
+
+    <footer class="bg-dark text-white py-4 mt-5"><div class="container text-center"><p>&copy; <?php echo date("Y"); ?> Haki Schedule. All Rights Reserved.</p></div></footer>
+</body>
+</html>