pguzman
663fde3909
Full source for loveandrosary.com: slide-based Rosary/novena/Divine Mercy Chaplet presentation tool with multi-user roles, SVG bead ring, audio uploads, donate strip, and public session profiles. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
97 lines
3.8 KiB
PHP
97 lines
3.8 KiB
PHP
<?php
|
|
require_once __DIR__ . '/config/db.php';
|
|
require_once __DIR__ . '/includes/auth.php';
|
|
|
|
_auth_start();
|
|
|
|
// Already logged in
|
|
if (!empty($_SESSION['user_id'])) {
|
|
header('Location: ' . BASE_URL . '/admin/');
|
|
exit;
|
|
}
|
|
|
|
$error = '';
|
|
$username = '';
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$username = trim($_POST['username'] ?? '');
|
|
$password = $_POST['password'] ?? '';
|
|
|
|
if ($username === '' || $password === '') {
|
|
$error = 'Please enter your username/email and password.';
|
|
} else {
|
|
$pdo = get_pdo();
|
|
// Allow login by username OR email
|
|
$stmt = $pdo->prepare('SELECT * FROM users WHERE username = ? OR email = ? LIMIT 1');
|
|
$stmt->execute([$username, $username]);
|
|
$user = $stmt->fetch();
|
|
|
|
if (!$user || !password_verify($password, $user['password_hash'])) {
|
|
$error = 'Invalid username or password.';
|
|
} elseif (!$user['email_confirmed']) {
|
|
$error = 'Please confirm your email address before logging in. Check your inbox for the confirmation link.';
|
|
} else {
|
|
session_regenerate_id(true);
|
|
$_SESSION['user_id'] = $user['id'];
|
|
$_SESSION['username'] = $user['username'];
|
|
$_SESSION['email'] = $user['email'];
|
|
$_SESSION['role'] = $user['role'];
|
|
$_SESSION['display_name'] = $user['display_name'] ?? $user['username'];
|
|
$_SESSION['rosary_limit'] = (int)$user['rosary_limit'];
|
|
header('Location: ' . BASE_URL . '/admin/');
|
|
exit;
|
|
}
|
|
}
|
|
}
|
|
|
|
$confirmed_msg = isset($_GET['confirmed']) ? 'Email confirmed! You can now log in.' : '';
|
|
$reset_msg = isset($_GET['reset']) ? 'Password reset successfully. Please log in.' : '';
|
|
?>
|
|
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<link rel="icon" type="image/svg+xml" href="<?= BASE_URL ?>/favicon.svg">
|
|
<title>Login — <?= htmlspecialchars(get_setting('site_name', APP_NAME)) ?></title>
|
|
<link rel="stylesheet" href="<?= BASE_URL ?>/assets/css/setup.css">
|
|
</head>
|
|
<body class="login-page">
|
|
<div class="login-box">
|
|
<h1>✝ <?= htmlspecialchars(get_setting('site_name', APP_NAME)) ?></h1>
|
|
<h2>Sign In</h2>
|
|
|
|
<?php if ($confirmed_msg): ?>
|
|
<div class="alert alert-success"><?= htmlspecialchars($confirmed_msg) ?></div>
|
|
<?php endif; ?>
|
|
<?php if ($reset_msg): ?>
|
|
<div class="alert alert-success"><?= htmlspecialchars($reset_msg) ?></div>
|
|
<?php endif; ?>
|
|
<?php if ($error): ?>
|
|
<div class="alert alert-error"><?= htmlspecialchars($error) ?></div>
|
|
<?php endif; ?>
|
|
|
|
<form method="post" action="<?= BASE_URL ?>/login">
|
|
<div class="form-group">
|
|
<label for="username">Username or Email</label>
|
|
<input type="text" id="username" name="username"
|
|
value="<?= htmlspecialchars($username) ?>"
|
|
autocomplete="username" autofocus required>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="password">Password</label>
|
|
<input type="password" id="password" name="password"
|
|
autocomplete="current-password" required>
|
|
</div>
|
|
<button type="submit" class="btn btn-primary btn-full">Sign In</button>
|
|
</form>
|
|
|
|
<div style="margin-top:20px;text-align:center;font-size:14px;color:#6b7280">
|
|
<a href="<?= BASE_URL ?>/forgot-password" style="color:#1e3a5f">Forgot password?</a>
|
|
•
|
|
<a href="<?= BASE_URL ?>/register" style="color:#1e3a5f">Create an account</a>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html>
|