Viewing File: /home/quiczmwg/bitmaven.org/admin/login-process.php

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);

// DB connection
require_once('../_db.php');

// Start session FIRST
session_start();

// Validate request
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    header('Location: index.php');
    exit;
}

// Validate input
if (empty($_POST['username']) || empty($_POST['password'])) {
    $_SESSION['mgs'] = '<div class="alert alert-danger">Enter all fields</div>';
    header('Location: index.php');
    exit;
}

$username = trim($_POST['username']);
$password = $_POST['password'];

// Fetch admin
$sql = "SELECT admin_id, email, password 
        FROM admin_login 
        WHERE username = ? 
        LIMIT 1";

$stmt = $conn->prepare($sql);

if (!$stmt) {
    $_SESSION['mgs'] = '<div class="alert alert-danger">Database error</div>';
    header('Location: index.php');
    exit;
}

$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();

if ($result->num_rows !== 1) {
    $_SESSION['mgs'] = '<div class="alert alert-danger">Invalid username or password</div>';
    header('Location: index.php');
    exit;
}

$admin = $result->fetch_assoc();

// Verify password
if (!password_verify($password, $admin['password'])) {
    $_SESSION['mgs'] = '<div class="alert alert-danger">Invalid username or password</div>';
    header('Location: index.php');
    exit;
}

// 🔐 Secure login
session_regenerate_id(true);

// ✅ Set ADMIN sessions
$_SESSION['admin_logged_in'] = true;
$_SESSION['admin_id']       = $admin['admin_id'];
$_SESSION['admin_email']    = $admin['email'];

header('Location: dashboard.php');
exit;