Viewing views/public/signin.php

filename: views/public/signin.php
branch: main
back to repo
<?php
$pageTitle = "Sign in – Seven O'Clock Dinner";

$errors = [];
$successMessage = null;

if (($_SERVER['REQUEST_METHOD'] ?? 'GET') === 'POST') {
    if (isset($_POST['action']) && $_POST['action'] === 'logout') {
        logoutUser();
        header('Location: ' . url('signin'));
        exit;
    }

    $email = trim($_POST['email'] ?? '');
    $password = $_POST['password'] ?? '';

    if ($email === '' || $password === '') {
        $errors[] = 'Email and password are required to sign in.';
    } else {
        $stmt = $db->prepare('SELECT id, password_hash, is_admin, status FROM users WHERE email = ?');
        $stmt->bind_param('s', $email);
        $stmt->execute();
        $result = $stmt->get_result();
        $user = $result->fetch_assoc();

        if (!$user || !password_verify($password, $user['password_hash'] ?? '')) {
            $errors[] = 'These details do not match our records.';
        } elseif ($user['status'] !== 'active') {
            $errors[] = 'Your membership is not currently active.';
        } else {
            loginUser((int)$user['id'], (bool)$user['is_admin']);

            $now = date('Y-m-d H:i:s');
            $update = $db->prepare('UPDATE users SET last_login_at = ? WHERE id = ?');
            $update->bind_param('si', $now, $user['id']);
            $update->execute();
            header('Location: ' . url(''));
            exit;
        }
    }
}
?>

<div class="page-grid">
    <div class="card" data-animate-initial>
        <div class="muted" style="font-size: 11px; letter-spacing: 0.18em; text-transform: uppercase; margin-bottom: 10px;">
            Sign in
        </div>
        <h1 style="font-family: 'Georgia', 'Times New Roman', serif; font-weight: 400; font-size: 26px; margin: 0 0 12px;">
            Welcome back.
        </h1>
        <?php if ($errors): ?>
            <ul style="margin-top: 16px; padding-left: 18px; color: #9b2c2c; font-size: 13px;">
                <?php foreach ($errors as $err): ?>
                    <li><?= htmlspecialchars($err, ENT_QUOTES, 'UTF-8') ?></li>
                <?php endforeach; ?>
            </ul>
        <?php endif; ?>
    </div>

    <div class="card" data-animate>
        <?php if (isLoggedIn()): ?>
            <p class="muted" style="font-size: 13px; margin-bottom: 12px;">
                You are already signed in.
            </p>
            <form method="post">
                <input type="hidden" name="action" value="logout">
                <button type="submit" class="pill" style="justify-content: center;">Sign out</button>
            </form>
        <?php else: ?>
            <form method="post" style="display: grid; gap: 10px; font-size: 13px;">
                <label>
                    Email<br>
                    <input name="email" type="email" required style="width: 100%; padding: 8px 10px; border-radius: 8px; border: 1px solid rgba(0,0,0,0.12); background: rgba(255,255,255,0.8);">
                </label>
                <label>
                    Password<br>
                    <input name="password" type="password" required style="width: 100%; padding: 8px 10px; border-radius: 8px; border: 1px solid rgba(0,0,0,0.12); background: rgba(255,255,255,0.8);">
                </label>
                <button type="submit" class="pill pill-accent" style="margin-top: 6px; justify-content: center;">
                    Enter
                </button>
            </form>
        <?php endif; ?>
    </div>
</div>