<?php
$error = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = $_POST['username'];
$password = $_POST['password'];
echo $username;
echo $password;
$stmt = mysqli_prepare($dbc, "
SELECT pk_Person, password, isAdmin
FROM CINE_Person
WHERE username = ?
LIMIT 1
");
if (!$stmt) {
$error = "Database error: " . mysqli_error($dbc);
} else {
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($result && mysqli_num_rows($result) > 0) {
$user = mysqli_fetch_assoc($result);
if (password_verify($password, $user['password'])) {
// set user id
$_SESSION['user_id'] = (int)$user['pk_Person'];
// set admin status
$_SESSION['is_admin'] = (int)$user['isAdmin'];
header("Location: index.php?page=dashboard");
exit();
} else {
$error = "Invalid username or password.";
}
} else {
$error = "Invalid username or password.";
}
mysqli_stmt_close($stmt);
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login - Ciné Le Paris</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="assets/css/login.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css">
</head>
<body>
<div class="cine-login-page">
<div class="cine-login-logo">
<img src="assets/images/logo.svg" alt="Ciné Le Paris Logo">
</div>
<form method="POST" class="cine-login-form">
<div class="cine-decoration top-left">🎬</div>
<div class="cine-decoration bottom-right">🎞️</div>
<h2>Login</h2>
<label for="username">Username:</label>
<input type="text" name="username" id="username" required>
<label for="password">Password:</label>
<input type="password" name="password" id="password" required>
<input type="submit" value="Login" class="cine-login-button">
<?php if (!empty($error)): ?>
<p class="cine-login-error"><?php echo htmlspecialchars($error); ?></p>
<?php endif; ?>
</form>
</div>
</body>
</html>