Mini Kabibi Habibi

Current Path : C:/xampp/htdocs/clinic/
Upload File :
Current File : C:/xampp/htdocs/clinic/login.php

<?php
// Enable error reporting for debugging (optional: remove in production)
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

// Start session
session_start();

// Include DB connection
include 'includes/db.php'; // Ensure this file correctly sets up $pdo (PDO connection)

$error = ""; // Initialize error message

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    // Trim input to avoid issues with whitespace
    $username = trim($_POST['username']);
    $password = trim($_POST['password']);

    // Prepare SQL to fetch user by username
    $sql = "SELECT * FROM users WHERE username = :username";
    $stmt = $pdo->prepare($sql);
    $stmt->bindParam(':username', $username);
    $stmt->execute();
    $user = $stmt->fetch(PDO::FETCH_ASSOC);

    // Debug: Uncomment to see user data
    // echo "<pre>"; print_r($user); echo "</pre>";

    if ($user) {
        // Verify hashed password
        if (password_verify($password, $user['password'])) {
            // Set session variables
            $_SESSION['user_id'] = $user['id'];
            $_SESSION['username'] = $user['username'];
            $_SESSION['role'] = $user['role'];

            // Redirect based on role
            if ($_SESSION['role'] === 'user') {
                header("Location: user_dashboard.php");
            } else {
                header("Location: admin_dashboard.php");
            }
            exit(); // Stop script after redirect
        } else {
            $error = "Invalid password.";
        }
    } else {
        $error = "Username not found.";
    }
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Clinic Management System - Login</title>
    <link rel="stylesheet" href="assets/styles.css">
</head>
<body>

    <!-- Slim Banner -->
    <div class="banner">
        <p class="large-text">Clinic Management System</p>
        <p>Health and Nutrition Unit</p>
        <p>Schools Division of Batangas City</p>
    </div>

    <!-- Login Container -->
    <div class="login-container">
        <img src="assets/image/sdologo.png" alt="SDO Logo" class="logo">

        <!-- Error Message -->
        <?php if (!empty($error)): ?>
            <div class="error"><?php echo htmlspecialchars($error); ?></div>
        <?php endif; ?>

        <!-- Login Form -->
        <form action="login.php" method="POST">
            <input type="text" name="username" placeholder="Username" required><br>
            <input type="password" name="password" placeholder="Password" required><br>
            <button type="submit">Login</button>
        </form>
    </div>

</body>
</html>