56 lines
1.9 KiB
PHP
56 lines
1.9 KiB
PHP
<?php
|
|
session_start();
|
|
require_once __DIR__ . '/../../db/config.php';
|
|
|
|
class Authentication_Handler {
|
|
private $pdo;
|
|
|
|
public function __construct() {
|
|
$this->pdo = db();
|
|
}
|
|
|
|
public function Login($User_Type, $Email, $Password, $User_ID) {
|
|
$Table = ($User_Type === 'Voter') ? 'Voters' : 'Officers';
|
|
|
|
$sql = "SELECT * FROM $Table WHERE Email = ? AND User_ID = ?";
|
|
$stmt = $this->pdo->prepare($sql);
|
|
$stmt->execute([$Email, $User_ID]);
|
|
$User = $stmt->fetch();
|
|
|
|
if ($User && password_verify($Password, $User['Password'])) {
|
|
$_SESSION['User_ID'] = $User['User_ID'];
|
|
$_SESSION['User_Role'] = ($User_Type === 'Voter') ? 'Voter' : $User['Role'];
|
|
$_SESSION['Access_Level'] = ($User_Type === 'Voter') ? 0 : $User['Access_Level'];
|
|
$_SESSION['User_Name'] = $User['Name'] ?? 'Voter';
|
|
|
|
// Log to Audit_Trail if Access_Level >= 1
|
|
if ($_SESSION['Access_Level'] >= 1) {
|
|
$this->Log_Action($User['User_ID'], $_SESSION['User_Role'], 'Login', 'Successful login to the system');
|
|
}
|
|
|
|
return ['success' => true];
|
|
}
|
|
|
|
return ['success' => false, 'error' => 'Invalid credentials'];
|
|
}
|
|
|
|
public function Log_Action($User_ID, $User_Role, $Action_Type, $Action_Details) {
|
|
$sql = "INSERT INTO Audit_Trail (User_ID, User_Role, Action_Type, Action_Details) VALUES (?, ?, ?, ?)";
|
|
$stmt = $this->pdo->prepare($sql);
|
|
$stmt->execute([$User_ID, $User_Role, $Action_Type, $Action_Details]);
|
|
}
|
|
|
|
public function Check_Auth() {
|
|
if (!isset($_SESSION['User_ID'])) {
|
|
header('Location: ../../Screens/Login.php');
|
|
exit;
|
|
}
|
|
}
|
|
|
|
public function Logout() {
|
|
session_destroy();
|
|
header('Location: ../../Screens/Login.php');
|
|
exit;
|
|
}
|
|
}
|