Task #8


<?php

session_name("login");

session_start();



//Admin

//Admin

//12345



//It

//joep0224gmail.com

//12345



//User

//noah@gmail.com

//12345





// DB connection

$LINK = mysqli_connect('127.0.0.1','pisjo950','vjPRjFTxDVIoG7)t','pisjo950');

if (!$LINK) {

    die("Connect error: " . mysqli_connect_error());

}



// 1) Handle logout

if (isset($_POST['logout'])) {

    unset($_SESSION['username']);

    // redirect to clear POST data

    header("Location: index.php");

    exit;

}



// 2) Handle login POST

if (isset($_POST['login'])) {

    $username = mysqli_real_escape_string($LINK, trim($_POST['email']));

    $password = $_POST['password'];



    $query = "

      SELECT pk_user,email,password,role

      FROM TicketUser

      WHERE email = '{$username}'

      LIMIT 1

    ";

    $result = mysqli_query($LINK, $query);



    if ($result && mysqli_num_rows($result) === 1) {

        $row = mysqli_fetch_assoc($result);

        if (md5($password) === $row['password']) {

            session_regenerate_id(true);

            $_SESSION['username'] = $username;

            $_SESSION['id'] = $row['pk_user'];

            $_SESSION['group']=$row['role'];

            header("Location: index.php");

            exit;

        } else {

            $error = "Invalid password.";

        }

    } else {

        $error = "No such user.";

    }

}



// 3) If not logged in, show the login form

if (empty($_SESSION['username'])) {

    ?>

    <!DOCTYPE html>

    <html>

    <head><meta charset="utf-8"><title>Login</title></head>

    <body>

      <?php if (!empty($error)) echo "<p style='color:red;'>$error</p>"; ?>

      <form method="POST">

        <p>Email: <input type="text" name="email" required></p>

        <p>Password: <input type="password" name="password" required></p>

        <button type="submit" name="login">Login</button>

      </form>

    </body>

    </html>

    <?php

    exit;

}



// 4) At this point the user is logged in

?>

<!DOCTYPE html>

<html>

<head><meta charset="utf-8"><title>App</title></head>

<body>

  <!-- Logout button -->

  <form method="POST" style="float:right">

    <button type="submit" name="logout">Logout</button>

  </form>



  <!-- Navigation -->

  <nav>

    <?php if($_SESSION['group']=='It' || $_SESSION['group']=='Admin') 

    {

    ?>

    

      <a href="index.php?page=createWorkflow">Create New Workflow</a>

    <?php



    }?>

      <a href="index.php?page=workflow">Create New Ticket</a> |

      <a href="index.php?page=showTickets">Show Tickets</a>

  </nav>



  <hr>



  <!-- Main content -->

  <div id="main">

    <?php

      $page = $_GET['page'] ?? 'welcome';

      switch ($page) {

        case 'workflow':

          include 'Pages/workflow.php';

          break;

         case 'createWorkflow':

           include 'Pages/createWorkflow.php';

           break;

         case 'defineState';

           include 'Pages/defineStates.php';

           break;

          case 'defineFields';

           include 'Pages/defineFields.php';

           break;

          case 'showTickets';

           include 'Pages/showTickets.php';

           break;

        //   break;

        // default:

        //   include 'Pages/welcome.php';

      }

    ?>

  </div>

</body>

</html>