147 lines
6.0 KiB
PHP
147 lines
6.0 KiB
PHP
<?php
|
|
require_once 'db/config.php';
|
|
|
|
session_start();
|
|
|
|
$page_title = "Login";
|
|
$error_message = '';
|
|
|
|
// Redirect if already logged in
|
|
if (isset($_SESSION['user_id'])) {
|
|
$user_type = $_SESSION['user_type'];
|
|
header("Location: dashboard.php");
|
|
exit;
|
|
}
|
|
|
|
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
|
$email = trim($_POST['email']);
|
|
$password = $_POST['password'];
|
|
$user_type = $_POST['user_type'];
|
|
|
|
if (empty($email) || empty($password) || empty($user_type)) {
|
|
$error_message = "Please fill in all fields.";
|
|
} else {
|
|
$pdo = db();
|
|
$table_name = '';
|
|
$password_column = '';
|
|
switch ($user_type) {
|
|
case 'donor':
|
|
$table_name = 'donors';
|
|
$password_column = 'password_hash';
|
|
break;
|
|
case 'hospital':
|
|
$table_name = 'hospitals';
|
|
$password_column = 'password';
|
|
break;
|
|
case 'admin':
|
|
$table_name = 'admins';
|
|
$password_column = 'password';
|
|
break;
|
|
default:
|
|
$error_message = "Invalid user type selected.";
|
|
}
|
|
|
|
if ($table_name) {
|
|
try {
|
|
$stmt = $pdo->prepare("SELECT id, " . $password_column . " FROM " . $table_name . " WHERE email = ?");
|
|
$stmt->execute([$email]);
|
|
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if ($user && password_verify($password, $user[$password_column])) {
|
|
// Regenerate session ID to prevent session fixation
|
|
session_regenerate_id(true);
|
|
|
|
// Store user info in session
|
|
$_SESSION['user_id'] = $user['id'];
|
|
$_SESSION['user_type'] = $user_type;
|
|
$_SESSION['user_email'] = $email;
|
|
|
|
// Set a session token in a cookie for "Remember Me" functionality (optional)
|
|
// $token = bin2hex(random_bytes(32));
|
|
// setcookie('session_token', $token, time() + (86400 * 30), "/"); // 30 days
|
|
// $expires_at = date('Y-m-d H:i:s', time() + (86400 * 30));
|
|
// $stmt = $pdo->prepare("INSERT INTO sessions (user_id, user_type, token, expires_at) VALUES (?, ?, ?, ?)");
|
|
// $stmt->execute([$user['id'], $user_type, $token, $expires_at]);
|
|
|
|
header("Location: dashboard.php");
|
|
exit;
|
|
} else {
|
|
$error_message = "Invalid email, password, or role.";
|
|
}
|
|
} catch (PDOException $e) {
|
|
$error_message = "Database error: " . $e->getMessage();
|
|
}
|
|
}
|
|
}
|
|
}
|
|
?>
|
|
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<title><?= htmlspecialchars($page_title) ?> - Organ Donation</title>
|
|
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
|
|
<link rel="stylesheet" href="assets/css/custom.css">
|
|
</head>
|
|
<body>
|
|
<header class="header bg-primary text-white text-center py-4">
|
|
<div class="container">
|
|
<h1 class="display-4">Organ Donation Management</h1>
|
|
<nav class="nav justify-content-center">
|
|
<a class="nav-link text-white" href="index.php">Home</a>
|
|
<a class="nav-link text-white" href="donor_registration.php">Donor Registration</a>
|
|
<a class="nav-link text-white" href="hospital_registration.php">Hospital Registration</a>
|
|
<a class="nav-link text-white active" href="login.php">Login</a>
|
|
</nav>
|
|
</div>
|
|
</header>
|
|
|
|
<main class="container my-5">
|
|
<div class="row justify-content-center">
|
|
<div class="col-md-6 col-lg-4">
|
|
<div class="card shadow-sm">
|
|
<div class="card-header bg-primary text-white">
|
|
<h2 class="h4 mb-0">Login</h2>
|
|
</div>
|
|
<div class="card-body">
|
|
<?php if ($error_message): ?>
|
|
<div class="alert alert-danger"><?= htmlspecialchars($error_message) ?></div>
|
|
<?php endif; ?>
|
|
|
|
<form action="login.php" method="POST">
|
|
<div class="mb-3">
|
|
<label for="email" class="form-label">Email Address</label>
|
|
<input type="email" class="form-control" id="email" name="email" required>
|
|
</div>
|
|
<div class="mb-3">
|
|
<label for="password" class="form-label">Password</label>
|
|
<input type="password" class="form-control" id="password" name="password" required>
|
|
</div>
|
|
<div class="mb-3">
|
|
<label for="user_type" class="form-label">Login as:</label>
|
|
<select class="form-select" id="user_type" name="user_type">
|
|
<option value="donor">Donor</option>
|
|
<option value="hospital">Hospital</option>
|
|
<option value="admin">Admin</option>
|
|
</select>
|
|
</div>
|
|
<div class="d-grid">
|
|
<button type="submit" class="btn btn-primary">Login</button>
|
|
</div>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</main>
|
|
|
|
<footer class="footer bg-light text-center py-3 mt-5">
|
|
<div class="container">
|
|
<p class="mb-0">© <?= date("Y") ?> Organ Donation Management System. All Rights Reserved.</p>
|
|
</div>
|
|
</footer>
|
|
|
|
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
|
|
</body>
|
|
</html>
|