56 lines
1.7 KiB
PHP
56 lines
1.7 KiB
PHP
<?php
|
|
// Start session at the very beginning
|
|
session_start();
|
|
|
|
// Set headers
|
|
header('Content-Type: application/json');
|
|
|
|
// Database connection
|
|
require_once '../db/config.php'; // Adjust path as needed
|
|
|
|
// Get JSON input
|
|
$input = json_decode(file_get_contents('php://input'), true);
|
|
|
|
if (!$input || !isset($input['email']) || !isset($input['password'])) {
|
|
http_response_code(400);
|
|
echo json_encode(['success' => false, 'message' => 'Email and password are required.']);
|
|
exit();
|
|
}
|
|
|
|
$email = trim($input['email']);
|
|
$password = $input['password'];
|
|
|
|
try {
|
|
// Query user from database
|
|
$stmt = $pdo->prepare("SELECT * FROM users WHERE email = ? LIMIT 1");
|
|
$stmt->execute([$email]);
|
|
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if ($user && password_verify($password, $user['password'])) {
|
|
// Regenerate session ID for security
|
|
session_regenerate_id(true);
|
|
|
|
// Set session variables
|
|
$_SESSION['user_id'] = $user['id'];
|
|
$_SESSION['role'] = $user['role'];
|
|
$_SESSION['user_name'] = $user['name'];
|
|
$_SESSION['email'] = $user['email'];
|
|
$_SESSION['logged_in'] = true;
|
|
|
|
// Force session to be written
|
|
session_write_close();
|
|
|
|
echo json_encode([
|
|
'success' => true,
|
|
'message' => 'Login successful',
|
|
'redirect' => 'index.php'
|
|
]);
|
|
} else {
|
|
http_response_code(401);
|
|
echo json_encode(['success' => false, 'message' => 'Invalid email or password.']);
|
|
}
|
|
} catch (Exception $e) {
|
|
error_log("Login error: " . $e->getMessage());
|
|
http_response_code(500);
|
|
echo json_encode(['success' => false, 'message' => 'Server error occurred.']);
|
|
} |