prepare("SELECT id, password, role, status FROM users WHERE email = ? LIMIT 1"); $stmt->execute([$email]); $user = $stmt->fetch(); if ($user && password_verify($password, $user['password'])) { if ($user['status'] === 'pending') { $errors[] = 'Your account is pending approval.'; } elseif ($user['status'] === 'rejected') { $errors[] = 'Your account has been rejected.'; } elseif ($user['status'] === 'suspended') { $errors[] = 'Your account has been suspended.'; } else { // Login successful $_SESSION['user_id'] = $user['id']; $_SESSION['user_role'] = $user['role']; // Redirect based on role if ($user['role'] === 'admin') { header('Location: ' . url_with_lang('admin_dashboard.php')); } elseif ($user['role'] === 'shipper') { header('Location: ' . url_with_lang('shipper_dashboard.php')); } else { header('Location: ' . url_with_lang('truck_owner_dashboard.php')); } exit; } } else { $errors[] = 'Invalid email or password.'; } } } elseif (isset($_POST['action']) && $_POST['action'] === 'reset_password') { $email = trim($_POST['reset_email'] ?? ''); if ($email === '') { $errors[] = 'Please enter your email to reset password.'; } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $errors[] = 'Please enter a valid email address.'; } else { $stmt = db()->prepare("SELECT id FROM users WHERE email = ? LIMIT 1"); $stmt->execute([$email]); if ($stmt->fetch()) { // In a real app we'd send an email with a reset token here. // Since this is a demo, we will just show a success message. $successMessage = 'A password reset link has been sent to your email address (simulated).'; } else { // To prevent email enumeration, still say a link was sent. $successMessage = 'A password reset link has been sent to your email address (simulated).'; } } } } render_header('Login / Reset Password', 'login'); ?>