admin/35866-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
35866-vm/login.php
Flatlogic Bot 903cf599f0 rfresh1
2025-11-20 09:45:59 +00:00

109 lines
4.5 KiB
PHP
Raw Blame History

<?php
session_start();
require_once 'db/config.php';
$error_message = '';
if (isset($_SESSION['user_id'])) {
header('Location: ' . ($_SESSION['role'] === 'admin' ? 'admin/index.php' : 'profile.php'));
exit;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = $_POST['username'] ?? '';
$password = $_POST['password'] ?? '';
if (empty($username) || empty($password)) {
$error_message = 'Please enter both username and password.';
} else {
try {
$pdo = db();
$stmt = $pdo->prepare('SELECT * FROM users WHERE username = :username');
$stmt->execute([':username' => $username]);
$user = $stmt->fetch();
if ($user && password_verify($password, $user['password'])) {
if ($user['role'] === 'customer' && $user['phone_verified_at']) {
$verification_code = str_pad(rand(0, 999999), 6, '0', STR_PAD_LEFT);
$stmt = $pdo->prepare('UPDATE users SET two_factor_secret = ? WHERE id = ?');
$stmt->execute([$verification_code, $user['id']]);
require_once 'mail/SmsService.php';
SmsService::sendSms($user['phone_number'], "Your login code is: {$verification_code}");
$_SESSION['user_id_2fa'] = $user['id'];
header('Location: login_2fa.php');
exit;
} else {
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['role'] = $user['role'];
header('Location: ' . ($user['role'] === 'admin' ? 'admin/index.php' : 'profile.php'));
exit;
}
} else {
$error_message = 'Invalid username or password.';
}
} catch (PDOException $e) {
error_log('Login Error: ' . $e->getMessage());
$error_message = 'An error occurred. Please try again later.';
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login - rfresh</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=Georgia&family=Helvetica+Neue&display=swap" rel="stylesheet">
<link rel="stylesheet" href="assets/css/custom.css?v=<?php echo time(); ?>">
</head>
<body>
<div class="auth-section">
<div class="card auth-card">
<div class="card-body">
<div class="text-center mb-4">
<a class="navbar-brand" href="/">rfresh</a>
</div>
<h1 class="card-title text-center mb-4">Welcome Back</h1>
<?php if ($error_message): ?>
<div class="alert alert-danger" role="alert"><?php echo htmlspecialchars($error_message); ?></div>
<?php endif; ?>
<form action="login.php" method="POST">
<div class="mb-3">
<label for="username" class="form-label">Username</label>
<input type="text" class="form-control" id="username" name="username" required>
</div>
<div class="mb-3">
<label for="password" class="form-label">Password</label>
<input type="password" class="form-control" id="password" name="password" required>
</div>
<div class="d-grid mt-4">
<button type="submit" class="btn btn-primary">Login</button>
</div>
</form>
<div class="text-center my-3">
<small class="text-muted">OR</small>
</div>
<div class="d-grid gap-2">
<a href="google_login.php" class="btn btn-social btn-google">Login with Google</a>
<a href="facebook_login.php" class="btn btn-social btn-facebook">Login with Facebook</a>
</div>
<div class="text-center mt-4">
<small>Don't have an account? <a href="register.php">Sign Up</a></small>
</div>
</div>
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink