From da6711e5929907f7a8388370c5da5d6b9c9e3a33 Mon Sep 17 00:00:00 2001
From: Flatlogic Bot <support@flatlogic.com>
Date: Wed, 8 Apr 2026 06:36:38 +0000
Subject: [PATCH] update users login

---
 cookie.txt        | 5 +++++
 includes/app.php  | 5 +++++
 includes/auth.php | 3 +++
 login.php         | 6 +++++-
 4 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 cookie.txt

diff --git a/cookie.txt b/cookie.txt
new file mode 100644
index 0000000..80908d5
--- /dev/null
+++ b/cookie.txt
@@ -0,0 +1,5 @@
+# Netscape HTTP Cookie File
+# https://curl.se/docs/http-cookies.html
+# This file was generated by libcurl! Edit at your own risk.
+
+127.0.0.1	FALSE	/	FALSE	0	PHPSESSID	69opohn4d8347kh0d07rl59f2n
diff --git a/includes/app.php b/includes/app.php
index 3cb69fd..ff90459 100644
--- a/includes/app.php
+++ b/includes/app.php
@@ -5,6 +5,11 @@ if (session_status() === PHP_SESSION_NONE) {
     session_start();
 }
 
+// Prevent browser caching globally
+header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
+header('Cache-Control: post-check=0, pre-check=0', false);
+header('Pragma: no-cache');
+
 require_once __DIR__ . '/../db/config.php';
 
 function h(?string $value): string
diff --git a/includes/auth.php b/includes/auth.php
index ec57f45..89db63f 100644
--- a/includes/auth.php
+++ b/includes/auth.php
@@ -6,6 +6,9 @@ function require_login() {
         header('Location: login.php');
         exit;
     }
+    header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
+    header('Cache-Control: post-check=0, pre-check=0', false);
+    header('Pragma: no-cache');
 }
 
 function get_logged_in_user() {
diff --git a/login.php b/login.php
index f1cfde8..673294f 100644
--- a/login.php
+++ b/login.php
@@ -19,7 +19,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         if ($user && password_verify($password, $user['password'])) {
             $_SESSION['user_id'] = $user['id'];
             $_SESSION['user_role'] = $user['role'];
-            header('Location: admin.php');
+            if ($user['role'] === 'admin' || !empty($user['role_id'])) {
+                header('Location: admin.php');
+            } else {
+                header('Location: index.php');
+            }
             exit;
         } else {
             $error = t('Invalid email or password.', 'البريد الإلكتروني أو كلمة المرور غير صحيحة.');