Your IP : 216.73.216.165
<?php
// login.php
require_once 'config.php';
require_once 'auth.php';
$error = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['login'])) {
if (verifyCSRFToken($_POST['csrf_token'] ?? '')) {
$username = $_POST['username'] ?? '';
$password = $_POST['password'] ?? '';
if (Authentication::login($username, $password)) {
header('Location: admin.php');
exit;
} else {
$error = "Invalid credentials!";
}
} else {
$error = "Security token invalid!";
}
}
if (Authentication::isLoggedIn()) {
header('Location: admin.php');
exit;
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Admin Login</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
</head>
<body>
<div class="container mt-5">
<div class="row justify-content-center">
<div class="col-md-4">
<div class="card">
<div class="card-header">
<h4>Admin Login</h4>
</div>
<div class="card-body">
<?php if ($error): ?>
<div class="alert alert-danger"><?php echo htmlspecialchars($error); ?></div>
<?php endif; ?>
<form method="POST">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<div class="mb-3">
<label class="form-label">Username</label>
<input type="text" name="username" class="form-control" required>
</div>
<div class="mb-3">
<label class="form-label">Password</label>
<input type="password" name="password" class="form-control" required>
</div>
<button type="submit" name="login" value="1" class="btn btn-primary w-100">Login</button>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
</html>