File: /home/imensosw/demo.imensosoftware.com/matrix/admin/admin_code.php
<?php
require_once '../config.php';
/**
* ============================
* HANDLE LOGIN
* ============================
*/
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$email = trim($_POST['email'] ?? '');
$password = $_POST['password'] ?? '';
// ✅ Basic validation
if (empty($email) || empty($password)) {
$_SESSION['error'] = 'Please enter Email and Password!';
header('Location: index.php');
exit;
}
try {
// ✅ Prepared statement (SECURE)
$stmt = $conn->prepare("
SELECT u.id, u.name, u.password, r.id as role_id
FROM users u
INNER JOIN role_user ru ON u.id = ru.user_id
INNER JOIN roles r ON ru.role_id = r.id
WHERE u.email = ?
LIMIT 1
");
$stmt->bind_param("s", $email);
$stmt->execute();
$result = $stmt->get_result();
$user = $result->fetch_assoc();
// ❌ User not found
if (!$user) {
$_SESSION['error'] = 'Invalid Email or Password!';
header('Location: index.php');
exit;
}
// ❌ Not admin
if ((int)$user['role_id'] !== 1) {
$_SESSION['error'] = 'Unauthorized User!';
header('Location: index.php');
exit;
}
// ❌ Wrong password
if (!password_verify($password, $user['password'])) {
$_SESSION['error'] = 'Invalid Email or Password!';
header('Location: index.php');
exit;
}
// ✅ SUCCESS LOGIN
// Prevent session fixation
session_regenerate_id(true);
$_SESSION['user_id'] = $user['id'];
$_SESSION['role_id'] = $user['role_id'];
$_SESSION['name'] = $user['name'];
header('Location: assignment.php');
exit;
} catch (Exception $e) {
error_log($e->getMessage());
$_SESSION['error'] = 'Something went wrong. Try again.';
header('Location: index.php');
exit;
}
}