🐘
login.php
Back
📝 Php ⚡ Executable Ctrl+S: Save • Ctrl+R: Run • Ctrl+F: Find
<?php session_start(); require_once __DIR__ . '/../db_config.php'; $pdo = getDB(); $message = ''; /** * Accept a redirect (relative path preferred). * Fallback to HTTP_REFERER, then SITE_URL. * Prevent open redirects to other domains. */ function resolve_redirect(): string { $site = rtrim(SITE_URL, '/'); $raw = $_POST['redirect'] ?? $_GET['redirect'] ?? ''; if (!$raw && !empty($_SERVER['HTTP_REFERER'])) { // Use path part of referrer if same host $ref = parse_url($_SERVER['HTTP_REFERER']); if (!empty($ref['host']) && !empty($_SERVER['HTTP_HOST']) && $ref['host'] === $_SERVER['HTTP_HOST']) { $path = ($ref['path'] ?? '/'); $qs = isset($ref['query']) ? ('?' . $ref['query']) : ''; return $path . $qs; } } if ($raw) { // Allow only relative URLs or same-host absolute URLs if (str_starts_with($raw, '/')) return $raw; $u = parse_url($raw); if (!empty($u['host']) && !empty($_SERVER['HTTP_HOST']) && $u['host'] === $_SERVER['HTTP_HOST']) { $path = ($u['path'] ?? '/'); $qs = isset($u['query']) ? ('?' . $u['query']) : ''; return $path . $qs; } } return '/'; // final fallback -> site root path (not full URL) } $redirect_path = resolve_redirect(); if ($_SERVER['REQUEST_METHOD'] === 'POST') { $login_username = trim($_POST['username'] ?? ''); $login_password = $_POST['password'] ?? ''; if ($login_username === '' || $login_password === '') { $message = '<div class="error">Both fields are required!</div>'; } else { try { // PLAIN TEXT auth (testing only!) $stmt = $pdo->prepare(" SELECT id, username, email, plan_type FROM users WHERE username = ? AND password_hash = ? AND status = 'active' LIMIT 1 "); $stmt->execute([$login_username, $login_password]); $user = $stmt->fetch(); if ($user) { session_regenerate_id(true); $_SESSION['user_id'] = $user['id']; $_SESSION['username'] = $user['username']; $_SESSION['plan_type'] = $user['plan_type']; $update = $pdo->prepare("UPDATE users SET last_login = NOW() WHERE id = ?"); $update->execute([$user['id']]); // Use a relative Location so it returns to the folder/index page header('Location: ' . $redirect_path); exit; } else { $message = '<div class="error">Invalid username or password!</div>'; } } catch (PDOException $e) { $message = '<div class="error">Login error.</div>'; } } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <title>Login - DevBrewing</title> <style> body { font-family: Arial; margin: 0; background: linear-gradient(135deg,#667eea 0%,#764ba2 100%); min-height: 100vh; display:flex;align-items:center;justify-content:center; padding:1rem;} .container { background: white; padding: 2rem; border-radius: 10px; box-shadow: 0 10px 25px rgba(0,0,0,0.1); width:100%; max-width:400px;} h1 { text-align: center; margin-bottom: 1.5rem; } .form-group { margin-bottom: 1rem; } label { display:block; margin-bottom:.5rem; font-weight:bold; } input { width:100%; padding:.75rem; border:1px solid #ddd; border-radius:5px; font-size:1rem;} .btn { width:100%; padding:.75rem; background:#667eea; color:#fff; border:none; border-radius:5px; cursor:pointer;} .btn:hover { background:#5a67d8; } .error { background:#fee; color:#c33; padding:.75rem; border-radius:5px; margin-bottom:1rem; } .links { text-align:center; margin-top:1rem; } .links a { color:#667eea; text-decoration:none; } .links a:hover { text-decoration:underline; } </style> </head> <body> <div class="container"> <h1>🎮 Welcome Back</h1> <?php echo $message; ?> <form method="POST"> <!-- Preserve redirect through POST --> <input type="hidden" name="redirect" value="<?php echo htmlspecialchars($redirect_path); ?>"> <div class="form-group"> <label>Username:</label> <input type="text" name="username" value="<?php echo isset($_POST['username']) ? htmlspecialchars($_POST['username']) : ''; ?>" required> </div> <div class="form-group"> <label>Password:</label> <input type="password" name="password" required> </div> <button type="submit" class="btn">Login</button> </form> <div class="links"> <a href="signup.php?redirect=<?php echo urlencode($redirect_path); ?>">Sign up</a> | <a href="<?php echo htmlspecialchars($redirect_path); ?>">Back</a> </div> </div> </body> </html>