OwlCyberSecurity - MANAGER

Edit File: login.php

<?php
// session_start(); // REMOVE THIS LINE IF IT'S STILL HERE (Already handled by content.php)
require_once 'config/config.php';
$token = bin2hex(openssl_random_pseudo_bytes(16));

// This block processes the login form submission
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    // Get input data
    $username = filter_input(INPUT_POST, 'username');
    $passwd = filter_input(INPUT_POST, 'passwd');
    $remember = filter_input(INPUT_POST, 'remember');

// Get DB instance. Assuming getDbInstance() is defined in config.php
    $db = getDbInstance();
    $db->where('user_name', $username); // Assuming 'user_name' is your username column
    $row = $db->getOne('admin_accounts'); // Assuming 'admin_accounts' is your users table

if ($db->count >= 1) {
        $db_password = $row['password']; // Assuming 'password' is your hashed password column

if (password_verify($passwd, $db_password)) {
            // Login successful: Set session variables
            $_SESSION['user_logged_in'] = TRUE;
            $_SESSION['admin_type'] = $row['admin_type'];
            $_SESSION['user_id'] = $row['id']; // Store user ID in session

// Handle "Remember Me" logic (make sure clearAuthCookie and setAuthCookie are available)
            if ($remember) {
                $series_id = bin2hex(openssl_random_pseudo_bytes(16));
                $remember_token = bin2hex(openssl_random_pseudo_bytes(16));
                $expiry_time = time() + (86400 * 10); // 10 days expiry

$data_to_store = array(
                    'series_id' => $series_id,
                    'remember_token' => password_hash($remember_token, PASSWORD_DEFAULT),
                    'expires' => date('Y-m-d H:i:s', $expiry_time)
                );
                $db->where('id', $_SESSION['user_id']);
                $db->update('admin_accounts', $data_to_store);

setcookie('series_id', $series_id, $expiry_time, '/');
                setcookie('remember_token', $remember_token, $expiry_time, '/');
            }

// Redirect to dashboard after successful login
            header('Location: content.php?page=index');
            exit(); // IMPORTANT: Always exit after a header redirect
        } else {
            // Password does not match
            $_SESSION['login_failure'] = "Invalid username or password.";
            header('Location: content.php?page=login');
            exit(); // IMPORTANT: Always exit after a header redirect
        }
    } else {
        // Username not found
        $_SESSION['login_failure'] = "Invalid username or password.";
        header('Location: content.php?page=login');
        exit(); // IMPORTANT: Always exit after a header redirect
    }
}

// If User has already logged in, redirect to dashboard page.
if (isset($_SESSION['user_logged_in']) && $_SESSION['user_logged_in'] === TRUE)
{
	header('Location:content.php?page=index'); // <-- This redirect is for direct access/already logged in
}

// If user has previously selected "remember me option":
if (isset($_COOKIE['series_id']) && isset($_COOKIE['remember_token']))
{
	// Get user credentials from cookies.
	$series_id = filter_var($_COOKIE['series_id']);
	$remember_token = filter_var($_COOKIE['remember_token']);
	$db = getDbInstance();
	// Get user By series ID:
	$db->where('series_id', $series_id);
	$row = $db->getOne('admin_accounts');

if ($db->count >= 1)
	{
		// User found. verify remember token
		if (password_verify($remember_token, $row['remember_token']))
        {
			// Verify if expiry time is modified.
			$expires = strtotime($row['expires']);

if (strtotime(date()) > $expires)
			{
				// Remember Cookie has expired.
				clearAuthCookie();
				header('Location:content.php?page=login'); // <-- Ensure this is content.php?page=login
				exit;
			}

$_SESSION['user_logged_in'] = TRUE;
			$_SESSION['admin_type'] = $row['admin_type'];
			header('Location:content.php?page=index'); // <-- Ensure this is content.php?page=index
			exit;
		}
		else
		{
			clearAuthCookie();
			header('Location:content.php?page=login'); // <-- Ensure this is content.php?page=login
			exit;
		}
	}
	else
	{
		clearAuthCookie();
		header('Location:content.php?page=login'); // <-- Ensure this is content.php?page=login
		exit;
	}
}

include BASE_PATH.'/includes/header.php';
?>
<div id="page-" class="col-md-4 col-md-offset-4">
	<form class="form loginform" method="POST" action="content.php">
		<div class="login-panel panel panel-default">
			<div class="panel-heading text-center">
				<h3 style="font-weight: bold; margin-bottom: 5px;">Welcome to the TDCP Vehicle Booking System</h3>
				<h5 style="margin-top: 0;">Please Sign in</h5>
			</div>
			<div class="panel-body">
				<div class="form-group">
					<label class="control-label">username</label>
					<input type="text" name="username" class="form-control" required="required">
				</div>
				<div class="form-group">
					<label class="control-label">password</label>
					<input type="password" name="passwd" class="form-control" required="required">
				</div>
				<div class="checkbox">
					<label>
						<input name="remember" type="checkbox" value="1">Remember Me
					</label>
				</div>
				<?php if (isset($_SESSION['login_failure'])): ?>
				<div class="alert alert-danger alert-dismissable fade in">
					<a href="#" class="close" data-dismiss="alert" aria-label="close">&times;</a>
					<?php
					echo $_SESSION['login_failure'];
					unset($_SESSION['login_failure']);
					?>
				</div>
				<?php endif; ?>
				<button type="submit" class="btn btn-success loginField">Login</button>
			</div>
		</div>
	</form>
</div>
<?php include BASE_PATH.'/includes/footer.php'; ?>