Task #3


<?php

    ini_set('display_errors', 1);

    ini_set('display_startup_errors', 1);

    error_reporting(E_ALL);



    session_start();

    mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);



    require_once 'Functions/db_credentials.php';

    require_once 'Functions/db_connection.php';



    // check if $dbc is set

    if (!isset($dbc) || !$dbc) {

        die("Database connection failed.");

    }



    

    $errorMessage = "";

    $isSuccessMessage = false; 



    // ***************** HANDLE LOGIN *****************

    if (isset($_POST["BUTTON_send"])) {

        if (empty($_POST["DATA_email"]) || empty($_POST["DATA_password"])) {

            $errorMessage = "Please enter both email and password.";

        } else {

            $email = $_POST["DATA_email"];

            $password = $_POST["DATA_password"];

    

            // ***************** SECURE THE CONNECTION *****************

            $query = "SELECT passwordHash, email FROM user WHERE email = ?";

            $stmt = mysqli_prepare($dbc, $query);

    

            if ($stmt) {

                mysqli_stmt_bind_param($stmt, "s", $email);

                mysqli_stmt_execute($stmt);

                $result = mysqli_stmt_get_result($stmt);

                $user = mysqli_fetch_assoc($result);

                mysqli_stmt_close($stmt);

    

                // ***************** VERIFY PASSWORD *****************

                if (!$user || !password_verify($password, $user["passwordHash"])) {

                    $errorMessage = "Invalid email or password.";

                } else {

                    $_SESSION["email"] = $user["email"];

                }

            } else {

                $errorMessage = "Database error. Please try again later.";

            }

        }

    }





?>



<!DOCTYPE html>

<html lang="en">



<head>

    <meta charset="UTF-8">

    <meta name="viewport" content="width=device-width, initial-scale=1.0">

    <link rel="stylesheet" href="Styles/styles.css">

    <title>Task 3 - Custom CMS</title>

</head>



<body>

    <?php 

        include_once "Functions/errorHandler.php"; 

        include_once "Pages/nav.php"; 

    ?>



    <?php

        $page = "welcome"; // default page



        if (isset($_GET['page'])) {

            $page = $_GET['page'];

        }



        $filePath = "Pages/" . $page . ".php";



        if ($page === "cms") {

            include_once "cms.php"; // cms.php is not in pages folder and has to be checked seperately

        } elseif (file_exists($filePath)) {

            include_once $filePath; 

        } else {

            include_once "Pages/page_not_found.php";

        }



        // close the database connection only if it's valid

        if (isset($dbc) && $dbc) {

            mysqli_close($dbc);

        }

    ?>

    <?php include_once "Functions/errorDisplay.php"; ?>

</body>

</html>