admin/39074-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

22

Browse Source
This commit is contained in:
Flatlogic Bot 2026-03-10 06:25:57 +00:00
parent 1a06383009
commit 281e356fda
8 changed files with 587 additions and 271 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
admin.php
View File

@ -1,11 +1,9 @@
<?php
session_start();
require_once 'db/config.php';
require_once 'includes/admin_auth.php';
if (!isset($_SESSION['user']) || $_SESSION['user'] !== 'admin') {
header('Location: login.php');
exit;
}
admin_require_login();
function format_admin_datetime(?string $value): string {
if (!$value) {
@ -25,11 +23,7 @@ function bind_named_values(PDOStatement $stmt, array $params): void {
}
}
$message = '';
if (isset($_SESSION['message'])) {
$message = (string) $_SESSION['message'];
unset($_SESSION['message']);
}
$message = admin_get_flash();
$pdo = db();
$records_per_page = 15;
@ -341,7 +335,7 @@ $export_link = 'export_csv.php' . ($selected_webinar_id > 0 ? '?webinar_id=' . u
<main class="container admin-shell">
<header>
<h1>Webinar registrations dashboard</h1>
<p class="lead-copy mb-0">Welcome, <?php echo htmlspecialchars($_SESSION['user'] ?? 'Admin'); ?>. Review attendee data, edit registrations, export CSV, and monitor daily signup volume.</p>
<p class="lead-copy mb-0">Welcome, <?php echo htmlspecialchars(admin_current_name()); ?>. Review attendee data, edit registrations, export CSV, and monitor daily signup volume.</p>
</header>
<?php if ($message): ?>
@ -368,6 +362,8 @@ $export_link = 'export_csv.php' . ($selected_webinar_id > 0 ? '?webinar_id=' . u
</form>
<div class="d-flex gap-2 flex-wrap">
<a href="<?php echo htmlspecialchars($export_link); ?>" class="btn btn-success">Download CSV</a>
<a href="index.php" class="btn btn-outline-light">View site</a>
<a href="login.php?logout=1" class="btn btn-outline-light">Log out</a>
</div>
</section>

9
db/ensure_schema.php
View File

@ -34,6 +34,15 @@ function ensure_app_schema(PDO $pdo): void {
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4');
$pdo->exec('CREATE TABLE IF NOT EXISTS admin_users (
id INT AUTO_INCREMENT PRIMARY KEY,
email VARCHAR(255) NOT NULL,
password_hash VARCHAR(255) NOT NULL,
display_name VARCHAR(255) NOT NULL DEFAULT "Admin",
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
UNIQUE KEY uniq_admin_users_email (email)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4');
$pdo->exec('CREATE TABLE IF NOT EXISTS attendees (
id INT AUTO_INCREMENT PRIMARY KEY,
webinar_id INT NOT NULL,

8
db/migrations/012_create_admin_users_table.sql Normal file
View File

@ -0,0 +1,8 @@
CREATE TABLE IF NOT EXISTS admin_users (
id INT AUTO_INCREMENT PRIMARY KEY,
email VARCHAR(255) NOT NULL,
password_hash VARCHAR(255) NOT NULL,
display_name VARCHAR(255) NOT NULL DEFAULT 'Admin',
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
UNIQUE KEY uniq_admin_users_email (email)
);

9
delete_attendee.php
View File

@ -1,8 +1,9 @@
<?php
session_start();
require_once 'db/config.php';
require_once 'includes/admin_auth.php';
if (!isset($_SESSION['user']) || $_SESSION['user'] !== 'admin') {
if (!admin_is_logged_in()) {
header('Location: login.php');
exit;
}
@ -14,12 +15,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['id']) && is_numeric($
$stmt->execute([$id]);
if ($stmt->rowCount() > 0) {
$_SESSION['message'] = "Attendee #{$id} has been archived successfully.";
admin_set_flash("Attendee #{$id} has been archived successfully.");
} else {
$_SESSION['message'] = "No active attendee found for ID #{$id}.";
admin_set_flash("No active attendee found for ID #{$id}.");
}
} else {
$_SESSION['message'] = 'Error: Invalid archive request.';
admin_set_flash('Error: Invalid archive request.');
}
header('Location: admin.php');

255
edit_attendee.php
View File

@ -1,142 +1,143 @@
<?php
session_start();
require_once 'db/config.php';
require_once 'includes/admin_auth.php';
// If the user is not logged in as admin, redirect to the login page.
if (!isset($_SESSION['user']) || $_SESSION['user'] !== 'admin') {
header('Location: login.php');
exit;
}
admin_require_login();
$attendee = null;
$message = '';
$webinars = [];
$id = isset($_GET['id']) ? (int) $_GET['id'] : (int) ($_POST['id'] ?? 0);
if (!isset($_GET['id']) && $_SERVER['REQUEST_METHOD'] !== 'POST') {
if ($id <= 0) {
admin_set_flash('Select a valid attendee to edit.');
header('Location: admin.php');
exit;
}
$id = $_GET['id'] ?? $_POST['id'];
try {
$pdo = db();
$webinars = $pdo->query('SELECT id, title FROM webinars ORDER BY scheduled_at DESC, id DESC')->fetchAll(PDO::FETCH_ASSOC);
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Update logic
$fields = ['first_name', 'last_name', 'email', 'company', 'how_did_you_hear', 'consented'];
$sql = 'UPDATE attendees SET ';
$params = [];
foreach ($fields as $field) {
if (isset($_POST[$field])) {
$sql .= "$field = ?, ";
$params[] = $_POST[$field];
}
}
$sql = rtrim($sql, ', ') . ' WHERE id = ?';
$params[] = $_POST['id'];
$webinarId = max(1, (int) ($_POST['webinar_id'] ?? 1));
$firstName = trim((string) ($_POST['first_name'] ?? ''));
$lastName = trim((string) ($_POST['last_name'] ?? ''));
$email = strtolower(trim((string) ($_POST['email'] ?? '')));
$company = trim((string) ($_POST['company'] ?? ''));
$timezone = trim((string) ($_POST['timezone'] ?? ''));
$howDidYouHear = trim((string) ($_POST['how_did_you_hear'] ?? ''));
$consented = !empty($_POST['consented']) ? 1 : 0;
$stmt = $pdo->prepare($sql);
$stmt->execute($params);
if ($firstName === '' || $lastName === '') {
throw new RuntimeException('First name and last name are required.');
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
throw new RuntimeException('Enter a valid email address.');
}
if ($timezone !== '' && !in_array($timezone, timezone_identifiers_list(), true)) {
throw new RuntimeException('Timezone must be a valid IANA timezone, for example Europe/Berlin or America/New_York.');
}
$webinarCheck = $pdo->prepare('SELECT COUNT(*) FROM webinars WHERE id = ?');
$webinarCheck->execute([$webinarId]);
if ((int) $webinarCheck->fetchColumn() === 0) {
throw new RuntimeException('Selected webinar was not found.');
}
$update = $pdo->prepare('UPDATE attendees SET webinar_id = ?, first_name = ?, last_name = ?, email = ?, company = ?, timezone = ?, how_did_you_hear = ?, consented = ? WHERE id = ?');
$update->execute([$webinarId, $firstName, $lastName, $email, $company !== '' ? $company : null, $timezone !== '' ? $timezone : null, $howDidYouHear !== '' ? $howDidYouHear : null, $consented, $id]);
admin_set_flash('Attendee #' . $id . ' was updated successfully.');
header('Location: admin.php');
exit;
}
// Fetch logic
$stmt = $pdo->prepare('SELECT * FROM attendees WHERE id = ?');
$stmt = $pdo->prepare('SELECT * FROM attendees WHERE id = ? LIMIT 1');
$stmt->execute([$id]);
$attendee = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$attendee) {
admin_set_flash('Attendee not found.');
header('Location: admin.php');
exit;
}
} catch (RuntimeException $e) {
admin_set_flash($e->getMessage());
header('Location: edit_attendee.php?id=' . urlencode((string) $id));
exit;
} catch (PDOException $e) {
die("Database error: " . $e->getMessage());
error_log('Edit attendee error: ' . $e->getMessage());
admin_set_flash('Unable to load or save attendee changes right now.');
header('Location: admin.php');
exit;
}
$message = admin_get_flash();
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Edit Attendee</title>
<title>Edit attendee | Webinar admin</title>
<meta name="description" content="Edit webinar attendee details including webinar assignment, consent, timezone, and lead source.">
<meta name="robots" content="noindex, nofollow">
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&family=Space+Grotesk:wght@500;700&display=swap" rel="stylesheet">
<style>
:root {
--bg-start: #0b2083;
--bg-start: #071659;
--bg-end: #1029a0;
--surface: rgba(11, 32, 131, 0.40);
--surface: rgba(11, 32, 131, 0.4);
--line: rgba(221, 226, 253, 0.18);
--text-main: #f3f9ff;
--text-soft: #dde2fd;
--accent: #2c4bd1;
--accent-strong: #1029a0;
--accent-soft: #bbc8fb;
--font-body: "Inter", system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
--font-display: "Space Grotesk", "Inter", system-ui, sans-serif;
--button-shadow: 0 16px 30px rgba(11, 32, 131, 0.28);
}
body {
font-family: var(--font-body);
background:
radial-gradient(circle at top left, rgba(221, 226, 253, 0.22), transparent 28%),
linear-gradient(135deg, var(--bg-start) 0%, #1029a0 55%, var(--bg-end) 100%);
background: radial-gradient(circle at top left, rgba(221, 226, 253, 0.22), transparent 28%), linear-gradient(135deg, var(--bg-start) 0%, #1029a0 55%, var(--bg-end) 100%);
color: var(--text-main);
min-height: 100vh;
}
.container {
max-width: 700px;
padding-top: 3rem;
padding-bottom: 3rem;
}
h1 {
color: var(--text-main);
font-family: var(--font-display);
font-weight: 700;
letter-spacing: -0.04em;
margin-bottom: 1.5rem;
}
.form-label,
.btn {
font-family: var(--font-display);
}
form {
.container { max-width: 840px; padding-top: 3rem; padding-bottom: 3rem; }
.panel {
background: var(--surface);
border: 1px solid var(--line);
border-radius: 22px;
padding: 1.75rem;
border-radius: 24px;
padding: 1.9rem;
box-shadow: 0 25px 60px rgba(3, 11, 25, 0.4);
backdrop-filter: blur(16px);
}
.form-label,
.form-check-label {
color: var(--text-soft);
}
.form-control {
h1, h2, .btn, .form-label { font-family: var(--font-display); }
h1 { font-size: 2rem; letter-spacing: -0.04em; margin-bottom: 0.5rem; }
.lead-copy { color: var(--text-soft); margin-bottom: 1.5rem; }
.form-control, .form-select {
background: rgba(221, 226, 253, 0.08);
border-color: rgba(221, 226, 253, 0.18);
color: var(--text-main);
}
.form-control:focus {
background: rgba(221, 226, 253, 0.10);
.form-control:focus, .form-select:focus {
background: rgba(221, 226, 253, 0.1);
color: var(--text-main);
border-color: rgba(44, 75, 209, 0.65);
box-shadow: 0 0 0 0.2rem rgba(187, 200, 251, 0.18);
}
.form-select option { color: #111827; }
.btn {
border-radius: 14px;
font-weight: 700;
letter-spacing: 0.03em;
transition: transform 0.2s ease, box-shadow 0.2s ease, background 0.2s ease;
}
.btn:hover {
transform: translateY(-1px);
transition: transform 0.2s ease, box-shadow 0.2s ease;
}
.btn:hover { transform: translateY(-1px); }
.btn-primary {
background: linear-gradient(135deg, var(--accent) 0%, var(--accent-strong) 100%);
border: 1px solid rgba(221, 226, 253, 0.14);
@ -147,46 +148,100 @@ try {
border-color: rgba(221, 226, 253, 0.22);
color: var(--text-main);
}
.btn-secondary:hover {
background: rgba(221, 226, 253, 0.18);
border-color: rgba(221, 226, 253, 0.32);
box-shadow: 0 14px 26px rgba(11, 32, 131, 0.18);
.mini-meta {
display: grid;
grid-template-columns: repeat(3, minmax(0, 1fr));
gap: 1rem;
margin-bottom: 1.5rem;
}
.meta-card {
background: rgba(221, 226, 253, 0.08);
border: 1px solid rgba(221, 226, 253, 0.12);
border-radius: 16px;
padding: 0.9rem 1rem;
}
.meta-label { color: var(--text-soft); font-size: 0.82rem; text-transform: uppercase; letter-spacing: 0.06em; }
.meta-value { font-weight: 700; margin-top: 0.35rem; }
@media (max-width: 768px) { .mini-meta { grid-template-columns: 1fr; } }
</style>
</head>
<body>
<div class="container">
<h1 class="mb-4">Edit Attendee #<?= htmlspecialchars($attendee['id']) ?></h1>
<form method="POST">
<input type="hidden" name="id" value="<?= htmlspecialchars($attendee['id']) ?>">
<div class="mb-3">
<label for="first_name" class="form-label">First Name</label>
<input type="text" class="form-control" id="first_name" name="first_name" value="<?= htmlspecialchars($attendee['first_name']) ?>">
<main class="container">
<section class="panel">
<h1>Edit attendee #<?php echo (int) $attendee['id']; ?></h1>
<p class="lead-copy">Update registration details safely. Changes here affect the admin table, CSV export, and registration analytics.</p>
<?php if ($message !== ''): ?>
<div class="alert alert-info"><?php echo htmlspecialchars($message); ?></div>
<?php endif; ?>
<div class="mini-meta" aria-label="Attendee summary">
<div class="meta-card">
<div class="meta-label">Registered at</div>
<div class="meta-value"><?php echo htmlspecialchars((string) ($attendee['created_at'] ?? '—')); ?></div>
</div>
<div class="meta-card">
<div class="meta-label">Current timezone</div>
<div class="meta-value"><?php echo htmlspecialchars((string) ($attendee['timezone'] ?? '—')); ?></div>
</div>
<div class="meta-card">
<div class="meta-label">Lead source</div>
<div class="meta-value"><?php echo htmlspecialchars((string) ($attendee['how_did_you_hear'] ?? '—')); ?></div>
</div>
</div>
<div class="mb-3">
<label for="last_name" class="form-label">Last Name</label>
<input type="text" class="form-control" id="last_name" name="last_name" value="<?= htmlspecialchars($attendee['last_name']) ?>">
</div>
<div class="mb-3">
<label for="email" class="form-label">Email</label>
<input type="email" class="form-control" id="email" name="email" value="<?= htmlspecialchars($attendee['email']) ?>">
</div>
<div class="mb-3">
<label for="company" class="form-label">Company</label>
<input type="text" class="form-control" id="company" name="company" value="<?= htmlspecialchars($attendee['company']) ?>">
</div>
<div class="mb-3">
<label for="how_did_you_hear" class="form-label">How did you hear?</label>
<input type="text" class="form-control" id="how_did_you_hear" name="how_did_you_hear" value="<?= htmlspecialchars($attendee['how_did_you_hear']) ?>">
</div>
<div class="mb-3 form-check">
<input type="hidden" name="consented" value="0">
<input type="checkbox" class="form-check-input" id="consented" name="consented" value="1" <?= $attendee['consented'] ? 'checked' : '' ?>>
<label class="form-check-label" for="consented">Consented</label>
</div>
<button type="submit" class="btn btn-primary">Save Changes</button>
<a href="admin.php" class="btn btn-secondary">Cancel</a>
</form>
</div>
<form method="POST" action="edit_attendee.php">
<input type="hidden" name="id" value="<?php echo (int) $attendee['id']; ?>">
<div class="row g-3">
<div class="col-md-6">
<label for="first_name" class="form-label">First name</label>
<input type="text" class="form-control" id="first_name" name="first_name" value="<?php echo htmlspecialchars((string) $attendee['first_name']); ?>" required>
</div>
<div class="col-md-6">
<label for="last_name" class="form-label">Last name</label>
<input type="text" class="form-control" id="last_name" name="last_name" value="<?php echo htmlspecialchars((string) $attendee['last_name']); ?>" required>
</div>
<div class="col-md-6">
<label for="email" class="form-label">Email</label>
<input type="email" class="form-control" id="email" name="email" value="<?php echo htmlspecialchars((string) $attendee['email']); ?>" required>
</div>
<div class="col-md-6">
<label for="company" class="form-label">Company</label>
<input type="text" class="form-control" id="company" name="company" value="<?php echo htmlspecialchars((string) ($attendee['company'] ?? '')); ?>">
</div>
<div class="col-md-6">
<label for="webinar_id" class="form-label">Webinar</label>
<select class="form-select" id="webinar_id" name="webinar_id" required>
<?php foreach ($webinars as $webinar): ?>
<option value="<?php echo (int) $webinar['id']; ?>" <?php echo (int) $webinar['id'] === (int) $attendee['webinar_id'] ? 'selected' : ''; ?>>
<?php echo htmlspecialchars((string) $webinar['title']); ?>
</option>
<?php endforeach; ?>
</select>
</div>
<div class="col-md-6">
<label for="timezone" class="form-label">Timezone</label>
<input type="text" class="form-control" id="timezone" name="timezone" value="<?php echo htmlspecialchars((string) ($attendee['timezone'] ?? '')); ?>" placeholder="Europe/Berlin">
</div>
<div class="col-12">
<label for="how_did_you_hear" class="form-label">How did you hear about the webinar?</label>
<input type="text" class="form-control" id="how_did_you_hear" name="how_did_you_hear" value="<?php echo htmlspecialchars((string) ($attendee['how_did_you_hear'] ?? '')); ?>" placeholder="LinkedIn, newsletter, referral...">
</div>
<div class="col-12">
<div class="form-check mt-2">
<input type="hidden" name="consented" value="0">
<input type="checkbox" class="form-check-input" id="consented" name="consented" value="1" <?php echo !empty($attendee['consented']) ? 'checked' : ''; ?>>
<label class="form-check-label" for="consented">Marketing consent received</label>
</div>
</div>
</div>
<div class="d-flex gap-2 flex-wrap mt-4">
<button type="submit" class="btn btn-primary">Save changes</button>
<a href="admin.php" class="btn btn-secondary">Back to admin</a>
<a href="login.php?logout=1" class="btn btn-secondary">Log out</a>
</div>
</form>
</section>
</main>
</body>
</html>

11
export_csv.php
View File

@ -1,8 +1,9 @@
<?php
session_start();
require_once 'db/config.php';
require_once 'includes/admin_auth.php';
if (!isset($_SESSION['user']) || $_SESSION['user'] !== 'admin') {
if (!admin_is_logged_in()) {
http_response_code(403);
echo 'Forbidden';
exit;
@ -42,7 +43,13 @@ $stmt->execute();
$attendees = $stmt->fetchAll(PDO::FETCH_ASSOC);
header('Content-Type: text/csv; charset=utf-8');
header('Content-Disposition: attachment; filename=attendees.csv');
$filename = 'attendees';
if ($selected_webinar_id > 0) {
$filename .= '-webinar-' . $selected_webinar_id;
}
$filename .= '-' . date('Y-m-d') . '.csv';
header('Content-Disposition: attachment; filename=' . $filename);
$output = fopen('php://output', 'w');
fputs($output, "\xEF\xBB\xBF");

70
includes/admin_auth.php Normal file
View File

@ -0,0 +1,70 @@
<?php
require_once __DIR__ . '/../db/config.php';
function admin_session_start_if_needed(): void {
if (session_status() !== PHP_SESSION_ACTIVE) {
session_start();
}
}
function admin_is_logged_in(): bool {
admin_session_start_if_needed();
return isset($_SESSION['admin_user_id']) && (int) $_SESSION['admin_user_id'] > 0 && (($_SESSION['user'] ?? null) === 'admin');
}
function admin_require_login(): void {
if (!admin_is_logged_in()) {
header('Location: login.php');
exit;
}
}
function admin_logout(): void {
admin_session_start_if_needed();
unset($_SESSION['admin_user_id'], $_SESSION['admin_email'], $_SESSION['admin_name'], $_SESSION['user']);
}
function admin_set_flash(string $message): void {
admin_session_start_if_needed();
$_SESSION['message'] = $message;
}
function admin_get_flash(): string {
admin_session_start_if_needed();
$message = isset($_SESSION['message']) ? (string) $_SESSION['message'] : '';
unset($_SESSION['message']);
return $message;
}
function admin_count_users(): int {
$stmt = db()->query('SELECT COUNT(*) FROM admin_users');
return (int) $stmt->fetchColumn();
}
function admin_get_by_email(string $email): ?array {
$stmt = db()->prepare('SELECT id, email, password_hash, display_name, created_at FROM admin_users WHERE email = ? LIMIT 1');
$stmt->execute([$email]);
$admin = $stmt->fetch(PDO::FETCH_ASSOC);
return $admin ?: null;
}
function admin_create_user(string $email, string $password, string $displayName = 'Admin'): int {
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
$stmt = db()->prepare('INSERT INTO admin_users (email, password_hash, display_name) VALUES (?, ?, ?)');
$stmt->execute([$email, $passwordHash, $displayName]);
return (int) db()->lastInsertId();
}
function admin_login_user(array $admin): void {
admin_session_start_if_needed();
$_SESSION['user'] = 'admin';
$_SESSION['admin_user_id'] = (int) $admin['id'];
$_SESSION['admin_email'] = (string) $admin['email'];
$_SESSION['admin_name'] = (string) ($admin['display_name'] ?? 'Admin');
}
function admin_current_name(): string {
admin_session_start_if_needed();
return (string) ($_SESSION['admin_name'] ?? 'Admin');
}

480
login.php
View File

@ -1,39 +1,109 @@
<?php
session_start();
require_once 'db/config.php';
require_once 'mail/MailService.php';
require_once 'includes/admin_auth.php';
$error = '';
$success = '';
if (isset($_GET['logout']) && $_GET['logout'] === '1') {
admin_logout();
unset($_SESSION['user_id']);
session_regenerate_id(true);
header('Location: login.php');
exit;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['email'])) {
$email = trim($_POST['email']);
$password = isset($_POST['password']) ? $_POST['password'] : '';
$adminError = '';
$adminSuccess = '';
$participantError = '';
// Admin Login
// Hardcoded admin credentials (consider a more secure solution)
if ($email === 'admin@example.com' && $password === 'admin') {
$_SESSION['user'] = 'admin';
header('Location: admin.php');
exit;
}
// Participant Login
try {
$stmt = db()->prepare("SELECT * FROM attendees WHERE email = ?");
$stmt->execute([$email]);
$attendee = $stmt->fetch();
try {
$adminCount = admin_count_users();
} catch (Throwable $e) {
error_log('Admin bootstrap error: ' . $e->getMessage());
$adminCount = 0;
$adminError = 'Unable to load admin access right now. Please try again in a moment.';
}
if ($attendee && password_verify($password, $attendee['password'])) {
$_SESSION['user_id'] = $attendee['id'];
header('Location: dashboard.php');
exit;
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$loginType = $_POST['login_type'] ?? '';
if ($loginType === 'admin_setup' && $adminCount === 0) {
$displayName = trim((string) ($_POST['display_name'] ?? ''));
$email = strtolower(trim((string) ($_POST['email'] ?? '')));
$password = (string) ($_POST['password'] ?? '');
$passwordConfirm = (string) ($_POST['password_confirm'] ?? '');
if ($displayName === '') {
$adminError = 'Enter an admin name to finish setup.';
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$adminError = 'Enter a valid admin email address.';
} elseif (strlen($password) < 10) {
$adminError = 'Admin password must be at least 10 characters.';
} elseif ($password !== $passwordConfirm) {
$adminError = 'Admin passwords do not match.';
} else {
$error = 'Invalid email or password. Would you like to <a href="register.php" style="color: #bbc8fb; font-weight: 600;">register for the webinar</a>?';
try {
$newAdminId = admin_create_user($email, $password, $displayName);
admin_login_user([
'id' => $newAdminId,
'email' => $email,
'display_name' => $displayName,
]);
admin_set_flash('Admin access has been created successfully.');
header('Location: admin.php');
exit;
} catch (PDOException $e) {
error_log('Admin setup failed: ' . $e->getMessage());
$adminError = 'Could not create the admin user. Please try a different email.';
}
}
}
if ($loginType === 'admin_login' && $adminCount > 0) {
$email = strtolower(trim((string) ($_POST['email'] ?? '')));
$password = (string) ($_POST['password'] ?? '');
if (!filter_var($email, FILTER_VALIDATE_EMAIL) || $password === '') {
$adminError = 'Enter your admin email and password.';
} else {
try {
$admin = admin_get_by_email($email);
if ($admin && password_verify($password, $admin['password_hash'])) {
admin_login_user($admin);
header('Location: admin.php');
exit;
}
$adminError = 'Invalid admin email or password.';
} catch (PDOException $e) {
error_log('Admin login failed: ' . $e->getMessage());
$adminError = 'Admin login is temporarily unavailable.';
}
}
}
if ($loginType === 'participant_login') {
$email = strtolower(trim((string) ($_POST['email'] ?? '')));
$password = (string) ($_POST['password'] ?? '');
if (!filter_var($email, FILTER_VALIDATE_EMAIL) || $password === '') {
$participantError = 'Enter your registration email and password.';
} else {
try {
$stmt = db()->prepare('SELECT * FROM attendees WHERE email = ? AND deleted_at IS NULL LIMIT 1');
$stmt->execute([$email]);
$attendee = $stmt->fetch(PDO::FETCH_ASSOC);
if ($attendee && !empty($attendee['password']) && password_verify($password, $attendee['password'])) {
$_SESSION['user_id'] = (int) $attendee['id'];
header('Location: dashboard.php');
exit;
}
$participantError = 'Invalid email or password. If you have not registered yet, please use the webinar form.';
} catch (PDOException $e) {
error_log('Participant login failed: ' . $e->getMessage());
$participantError = 'Participant login is temporarily unavailable.';
}
}
} catch (PDOException $e) {
error_log($e->getMessage());
$error = 'A database error occurred. Please try again later.';
}
}
?>
@ -42,7 +112,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['email'])) {
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login - Webinar Platform</title>
<title>Login | Webinar Platform</title>
<meta name="description" content="Secure admin and attendee login for the webinar registration platform.">
<meta name="robots" content="noindex, nofollow">
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&family=Space+Grotesk:wght@500;700&display=swap" rel="stylesheet">
@ -50,191 +122,289 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['email'])) {
:root {
--primary-color: #2c4bd1;
--primary-hover: #1029a0;
--background-start: #0b2083;
--background-start: #071659;
--background-end: #1029a0;
--card-background: rgba(9, 24, 47, 0.84);
--card-background: rgba(9, 24, 47, 0.8);
--card-soft: rgba(221, 226, 253, 0.08);
--text-color: #f3f9ff;
--muted-text: #bbc8fb;
--input-border: rgba(221, 226, 253, 0.18);
--input-focus-border: #2c4bd1;
--error-color: #ff8ea0;
--input-focus-border: #6ed4ff;
--error-color: #ff99a9;
--success-color: #18d1b3;
--font-body: "Inter", system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
--font-display: "Space Grotesk", "Inter", system-ui, sans-serif;
--button-shadow: 0 18px 36px rgba(11, 32, 131, 0.34);
}
* {
box-sizing: border-box;
}
* { box-sizing: border-box; }
body {
font-family: var(--font-body);
background:
radial-gradient(circle at top left, rgba(221, 226, 253, 0.22), transparent 28%),
radial-gradient(circle at top left, rgba(221, 226, 253, 0.22), transparent 24%),
radial-gradient(circle at bottom right, rgba(110, 212, 255, 0.12), transparent 28%),
linear-gradient(135deg, var(--background-start) 0%, #1029a0 55%, var(--background-end) 100%);
color: var(--text-color);
margin: 0;
display: flex;
flex-direction: column;
justify-content: center;
align-items: center;
min-height: 100vh;
padding: 32px 20px;
}
.logo {
font-family: var(--font-display);
font-weight: 700;
font-size: 28px;
margin-bottom: 1.5rem;
color: #bbc8fb;
letter-spacing: -0.02em;
}
.login-container {
.shell {
width: 100%;
max-width: 440px;
padding: 2rem;
max-width: 1160px;
margin: 0 auto;
}
.login-card {
background-color: var(--card-background);
border-radius: 22px;
padding: 2.5rem;
box-shadow: 0 24px 60px rgba(3, 11, 25, 0.4);
border: 1px solid var(--input-border);
backdrop-filter: blur(16px);
}
h1 {
font-family: var(--font-display);
font-size: 30px;
font-weight: 700;
letter-spacing: -0.04em;
margin-top: 0;
margin-bottom: 0.5rem;
text-align: center;
}
.subtitle {
.brand {
text-align: center;
margin-bottom: 2rem;
}
.brand-name {
font-family: var(--font-display);
font-size: 32px;
font-weight: 700;
letter-spacing: -0.04em;
margin: 0 0 0.5rem;
}
.brand-copy {
color: var(--muted-text);
font-size: 0.98rem;
font-weight: 500;
max-width: 700px;
margin: 0 auto;
}
.grid {
display: grid;
grid-template-columns: repeat(2, minmax(0, 1fr));
gap: 24px;
align-items: start;
}
.card {
background: var(--card-background);
border-radius: 24px;
padding: 28px;
border: 1px solid var(--input-border);
box-shadow: 0 24px 60px rgba(3, 11, 25, 0.35);
backdrop-filter: blur(16px);
}
.eyebrow {
display: inline-block;
padding: 7px 12px;
border-radius: 999px;
background: rgba(110, 212, 255, 0.12);
color: #d9f6ff;
font-size: 12px;
font-weight: 700;
letter-spacing: 0.08em;
text-transform: uppercase;
margin-bottom: 0.9rem;
}
h1, h2 {
font-family: var(--font-display);
letter-spacing: -0.04em;
margin-top: 0;
}
h1 { font-size: 40px; margin-bottom: 0.85rem; }
h2 { font-size: 26px; margin-bottom: 0.6rem; }
.subtitle, .helper, .notice {
color: var(--muted-text);
line-height: 1.6;
}
.notice {
background: var(--card-soft);
border: 1px solid rgba(221, 226, 253, 0.12);
border-radius: 16px;
padding: 14px 16px;
margin-bottom: 1rem;
}
.status {
padding: 12px 14px;
border-radius: 14px;
margin-bottom: 1rem;
font-size: 0.95rem;
}
.status.error {
background: rgba(255, 153, 169, 0.12);
border: 1px solid rgba(255, 153, 169, 0.25);
color: #ffd7de;
}
.status.success {
background: rgba(24, 209, 179, 0.12);
border: 1px solid rgba(24, 209, 179, 0.24);
color: #d7fff6;
}
.form-grid {
display: grid;
grid-template-columns: 1fr 1fr;
gap: 14px;
}
.form-group {
margin-bottom: 1.25rem;
margin-bottom: 1rem;
}
.form-group.full {
grid-column: 1 / -1;
}
label {
display: block;
margin-bottom: 0.55rem;
margin-bottom: 0.45rem;
font-weight: 600;
font-size: 0.85rem;
letter-spacing: 0.02em;
color: var(--text-color);
font-size: 0.9rem;
}
input[type="email"], input[type="password"] {
input {
width: 100%;
padding: 13px 14px;
border: 1px solid var(--input-border);
border-radius: 12px;
box-sizing: border-box;
font-size: 16px;
transition: border-color 0.2s, box-shadow 0.2s, background-color 0.2s;
background: rgba(221, 226, 253, 0.08);
color: var(--text-color);
}
input[type="email"]::placeholder, input[type="password"]::placeholder {
color: var(--muted-text);
}
input[type="email"]:focus, input[type="password"]:focus {
input::placeholder { color: var(--muted-text); }
input:focus {
outline: none;
border-color: var(--input-focus-border);
box-shadow: 0 0 0 3px rgba(187, 200, 251, 0.18);
background: rgba(221, 226, 253, 0.10);
box-shadow: 0 0 0 3px rgba(110, 212, 255, 0.14);
background: rgba(221, 226, 253, 0.12);
}
.submit-button {
.btn {
width: 100%;
padding: 14px;
border: 1px solid rgba(221, 226, 253, 0.16);
border-radius: 14px;
padding: 14px 18px;
background: linear-gradient(135deg, var(--primary-color) 0%, var(--primary-hover) 100%);
color: white;
color: #fff;
font-family: var(--font-display);
font-weight: 700;
font-size: 0.96rem;
letter-spacing: 0.04em;
text-transform: uppercase;
border-radius: 15px;
font-size: 1rem;
cursor: pointer;
transition: transform 0.2s ease, box-shadow 0.2s ease, filter 0.2s ease;
box-shadow: var(--button-shadow);
}
.submit-button:hover {
transform: translateY(-1px);
box-shadow: 0 22px 38px rgba(11, 32, 131, 0.4);
filter: brightness(1.05);
.btn:hover { transform: translateY(-1px); }
.actions {
display: flex;
gap: 12px;
flex-wrap: wrap;
margin-top: 1rem;
}
.message {
padding: 1rem;
margin-bottom: 1.5rem;
border-radius: 12px;
text-align: center;
font-size: 14px;
.text-link {
color: #d7ecff;
text-decoration: none;
font-weight: 600;
}
.error {
background-color: rgba(255, 142, 160, 0.12);
color: #ffdbe2;
border: 1px solid rgba(255, 142, 160, 0.34);
}
.success {
background-color: rgba(24, 209, 179, 0.12);
color: #dcfff8;
border: 1px solid rgba(24, 209, 179, 0.34);
}
.footer-link {
text-align: center;
margin-top: 1.5rem;
font-size: 14px;
.text-link:hover { text-decoration: underline; }
ul.feature-list {
margin: 1rem 0 0;
padding-left: 1.2rem;
color: var(--muted-text);
}
.footer-link a,
.back-link a {
font-family: var(--font-display);
letter-spacing: 0.01em;
ul.feature-list li { margin-bottom: 0.55rem; }
@media (max-width: 900px) {
.grid { grid-template-columns: 1fr; }
}
.footer-link a {
color: var(--primary-color);
text-decoration: none;
font-weight: 500;
}
.footer-link a:hover {
text-decoration: underline;
@media (max-width: 640px) {
h1 { font-size: 32px; }
.card { padding: 22px; }
.form-grid { grid-template-columns: 1fr; }
}
</style>
</head>
<body>
<div class="login-container">
<div class="logo">WebinarPlatform</div>
<div class="login-card">
<h1>Welcome Back</h1>
<p class="subtitle">Login to access your dashboard</p>
<main class="shell">
<header class="brand">
<div class="eyebrow">Webinar access</div>
<h1 class="brand-name">Secure login for your webinar workspace</h1>
<p class="brand-copy">Use the admin area to manage registrations, edit attendee data, export CSV, and track daily signup trends. Attendees can still log in separately to view their webinar dashboard.</p>
</header>
<?php if ($error): ?><div class="message error"><?= $error ?></div><?php endif; ?>
<?php if ($success): ?><div class="message success"><?= $success ?></div><?php endif; ?>
<section class="grid" aria-label="Login options">
<article class="card">
<div class="eyebrow">Admin</div>
<h2><?php echo $adminCount === 0 ? 'Create the first admin account' : 'Admin login'; ?></h2>
<p class="subtitle">
<?php echo $adminCount === 0
? 'The previous hardcoded admin password has been removed. Create a real admin account to unlock the dashboard.'
: 'Sign in with your saved admin credentials to access registrations and analytics.'; ?>
</p>
<form method="POST" action="login.php">
<div class="form-group">
<label for="email">Email Address</label>
<input type="email" id="email" name="email" required value="<?= isset($_POST['email']) ? htmlspecialchars($_POST['email']) : '' ?>">
<?php if ($adminError !== ''): ?>
<div class="status error"><?php echo htmlspecialchars($adminError); ?></div>
<?php endif; ?>
<?php if ($adminSuccess !== ''): ?>
<div class="status success"><?php echo htmlspecialchars($adminSuccess); ?></div>
<?php endif; ?>
<?php if ($adminCount === 0): ?>
<div class="notice">First-run setup is only shown until one admin account exists. After that, access is password-hashed and database-backed.</div>
<form method="POST" action="login.php" novalidate>
<input type="hidden" name="login_type" value="admin_setup">
<div class="form-grid">
<div class="form-group full">
<label for="display_name">Admin name</label>
<input type="text" id="display_name" name="display_name" placeholder="Jane Admin" required>
</div>
<div class="form-group full">
<label for="admin_email">Admin email</label>
<input type="email" id="admin_email" name="email" placeholder="admin@yourdomain.com" required>
</div>
<div class="form-group">
<label for="admin_password">Password</label>
<input type="password" id="admin_password" name="password" minlength="10" placeholder="At least 10 characters" required>
</div>
<div class="form-group">
<label for="admin_password_confirm">Confirm password</label>
<input type="password" id="admin_password_confirm" name="password_confirm" minlength="10" placeholder="Repeat password" required>
</div>
</div>
<button type="submit" class="btn">Create admin account</button>
</form>
<?php else: ?>
<form method="POST" action="login.php" novalidate>
<input type="hidden" name="login_type" value="admin_login">
<div class="form-group">
<label for="admin_login_email">Admin email</label>
<input type="email" id="admin_login_email" name="email" placeholder="admin@yourdomain.com" required>
</div>
<div class="form-group">
<label for="admin_login_password">Password</label>
<input type="password" id="admin_login_password" name="password" placeholder="Your admin password" required>
</div>
<button type="submit" class="btn">Open admin dashboard</button>
</form>
<?php endif; ?>
<ul class="feature-list">
<li>See all webinar registrations in one place.</li>
<li>Edit attendee details and archive old records safely.</li>
<li>Export filtered data to CSV and watch the daily chart update automatically.</li>
</ul>
</article>
<article class="card">
<div class="eyebrow">Attendee</div>
<h2>Participant login</h2>
<p class="subtitle">Attendees can sign in here to view their webinar dashboard after registration.</p>
<?php if ($participantError !== ''): ?>
<div class="status error"><?php echo htmlspecialchars($participantError); ?></div>
<?php endif; ?>
<form method="POST" action="login.php" novalidate>
<input type="hidden" name="login_type" value="participant_login">
<div class="form-group">
<label for="participant_email">Email</label>
<input type="email" id="participant_email" name="email" placeholder="you@example.com" required>
</div>
<div class="form-group">
<label for="participant_password">Password</label>
<input type="password" id="participant_password" name="password" placeholder="Password from registration" required>
</div>
<button type="submit" class="btn">Open attendee dashboard</button>
</form>
<div class="actions">
<a class="text-link" href="index.php"> Back to homepage</a>
<a class="text-link" href="register.php">Need to register first?</a>
</div>
<div class="form-group">
<label for="password">Password</label>
<input type="password" id="password" name="password" required>
</div>
<button type="submit" class="submit-button">Login</button>
</form>
<div class="footer-link">
Don't have an account? <a href="register.php">Register for the Webinar</a>
</div>
</div>
<div class="footer-link" style="margin-top: 2rem;">
<a href="index.php"> Back to Home</a>
</div>
</div>
<p class="helper">Tip: if you changed static assets recently and do not see updates, hard refresh the page with Ctrl/Cmd + Shift + R.</p>
</article>
</section>
</main>
</body>
</html>
</html>