<?php
$error = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = trim($_POST['username'] ?? '');
$password = $_POST['password'] ?? '';
if ($username === '' || $password === '') {
$error = 'Enter both username and password.';
} else {
$sql = "SELECT U.pk_User, U.password, U.firstName, U.lastName, U.fk_Group, G.name
FROM TICKET_User U
LEFT JOIN TICKET_Group G ON U.fk_Group = G.pk_Group
WHERE U.username = ?
LIMIT 1";
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, 's', $username);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $id, $hash, $first, $last, $gid, $gname);
if (mysqli_stmt_fetch($stmt) && password_verify($password, $hash)) {
do_login($id, "$first $last", $gid, $gname);
mysqli_stmt_close($stmt);
header('Location: index.php?page=dashboard');
exit;
}
mysqli_stmt_close($stmt);
}
$error = 'Invalid credentials.';
}
}
?>
<div class="page-login">
<div class="login-container">
<div class="login-header">
<h1 class="login-title">Welcome Back</h1>
<p class="login-subtitle">Sign in to your account to continue</p>
</div>
<?php if ($error): ?>
<div class="error-message"><?php echo htmlspecialchars($error); ?></div>
<?php endif; ?>
<form method="post" class="login-form">
<div class="form-group">
<label class="form-label" for="username">Username</label>
<input type="text" id="username" name="username" class="form-input" required
value="<?php echo htmlspecialchars($_POST['username'] ?? ''); ?>">
</div>
<div class="form-group">
<label class="form-label" for="password">Password</label>
<input type="password" id="password" name="password" class="form-input" required>
</div>
<button type="submit" class="btn btn-primary login-button">Sign In</button>
</form>
<div class="login-footer">
<p>Secure login powered by Ticket System</p>
</div>
</div>
</div>