NoticeBoard/index.php at main · ishrakhann/NoticeBoard · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);

session_start();

/* ================= DATABASE ================= */
// Use constants or a separate config file for better security
$conn = mysqli_connect("localhost", "root", "", "socmacs_db");
if (!$conn) {
    die("Connection Failed: " . mysqli_connect_error());
}

$error_msg = "";

/* ================= LOGIN LOGIC ================= */
if (isset($_POST['login_btn'])) {

    $email = $_POST['u_email'];
    $password = $_POST['u_pass'];
    $login_type = $_POST['login_type']; // student | staff

    $table = ($login_type === 'student') ? 'students' : 'staff';

    // 1. Use Prepared Statements to prevent SQL Injection
    $stmt = $conn->prepare("SELECT * FROM $table WHERE email = ? LIMIT 1");
    $stmt->bind_param("s", $email);
    $stmt->execute();
    $result = $stmt->get_result();

    if ($result && $result->num_rows === 1) {
        $row = $result->fetch_assoc();

        // 2. Verify Password
        if (password_verify($password, $row['password'])) {

            if ($login_type === 'student') {
                /* ===== STUDENT LOGIC ===== */
                if ((int)$row['otp_verified'] !== 1) {
                    $error_msg = "Please verify your email using OTP.";
                } else {
                    session_regenerate_id(true); // Security best practice
                    $_SESSION['role'] = 'student';
                    $_SESSION['user_id'] = $row['id'];
                    $_SESSION['user_name'] = $row['name'];
                    $_SESSION['user_email'] = $row['email'];
                    $_SESSION['course'] = $row['course'];
                    $_SESSION['year'] = $row['year'];

                    header("Location: student.php");
                    exit();
                }
            } else {
                /* ===== STAFF / ADMIN LOGIC ===== */
                $isAdmin = ($row['role'] === 'admin');
                $isApproved = ((int)$row['is_approved'] === 1);

                if ($isAdmin || $isApproved) {
                    session_regenerate_id(true);
                    $_SESSION['role'] = $row['role'];
                    $_SESSION['user_id'] = $row['id'];
                    $_SESSION['user_name'] = $row['name'];
                    $_SESSION['user_email'] = $row['email'];

                    header("Location: admin.php");
                    exit();
                } else {
                    $error_msg = "Account pending admin approval.";
                }
            }
        } else {
            $error_msg = "Invalid password.";
        }
    } else {
        $error_msg = "No account found for this email.";
    }
    $stmt->close();
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Login | SOCMACS Portal</title>
    <script src="https://cdn.tailwindcss.com"></script>
    <style>
        .tab-active { border-bottom: 4px solid #1e3a8a; color: #1e3a8a; }
        .tab-inactive { color: #9ca3af; }
    </style>
</head>
<body class="bg-slate-100 flex items-center justify-center min-h-screen">

<div class="bg-white shadow-2xl rounded-2xl flex max-w-4xl w-full overflow-hidden border m-4">

    <div class="hidden md:flex w-1/2 bg-blue-900 p-12 text-white flex-col justify-center"
         style="background-image:linear-gradient(rgba(26,35,126,.8),rgba(26,35,126,.8)),url('https://socmacs.edu.in/wp-content/uploads/2021/07/campus-view.jpg');background-size:cover;background-position:center;">
        <h1 class="text-5xl font-bold text-white">SOCMACS</h1>
        <p class="mt-4 text-blue-100">Official Notice Board & Task Portal</p>
    </div>

    <div class="w-full md:w-1/2 p-8 md:p-12">

        <div class="text-center mb-6">
            <img src="https://socmacs.edu.in/assist/logo/logo1.png" alt="Logo" class="h-16 mx-auto mb-4">
            <h2 class="text-2xl font-bold uppercase text-gray-800">Portal Login</h2>
        </div>

        <div class="flex mb-8 border-b">
            <button type="button" onclick="setTab('student')" id="btn-student"
                    class="flex-1 py-3 font-bold transition-all tab-active">STUDENT</button>
            <button type="button" onclick="setTab('staff')" id="btn-staff"
                    class="flex-1 py-3 font-bold transition-all tab-inactive">STAFF / ADMIN</button>
        </div>

        <?php if ($error_msg): ?>
            <div class="bg-red-50 text-red-600 p-3 mb-6 text-xs font-bold border-l-4 border-red-500 animate-pulse">
                <?php echo htmlspecialchars($error_msg); ?>
            </div>
        <?php endif; ?>

        <form method="POST" action="">
            <input type="hidden" name="login_type" id="login_type" value="student">

            <div class="mb-5">
                <label class="text-[10px] font-black uppercase text-gray-500">Email Address</label>
                <input type="email" name="u_email" required
                       class="w-full px-4 py-3 rounded-xl border focus:ring-2 focus:ring-blue-900 outline-none transition-all">
            </div>

            <div class="mb-8">
                <label class="text-[10px] font-black uppercase text-gray-500">Password</label>
                <input type="password" name="u_pass" required
                       class="w-full px-4 py-3 rounded-xl border focus:ring-2 focus:ring-blue-900 outline-none transition-all">
            </div>

            <button type="submit" name="login_btn"
                    class="w-full bg-blue-900 hover:bg-blue-800 text-white py-4 rounded-xl font-black transition-colors shadow-lg">
                SIGN IN
            </button>
        </form>

        <div class="mt-8 text-center text-xs font-bold text-gray-400">
            Don't have an account?
            <a href="register.php" class="text-blue-900 underline hover:text-blue-700">REGISTER NOW</a>
        </div>

    </div>
</div>

<script>
function setTab(type) {
    const loginTypeInput = document.getElementById('login_type');
    const studentBtn = document.getElementById('btn-student');
    const staffBtn = document.getElementById('btn-staff');

    loginTypeInput.value = type;

    if (type === 'student') {
        studentBtn.classList.add('tab-active');
        studentBtn.classList.remove('tab-inactive');
        staffBtn.classList.add('tab-inactive');
        staffBtn.classList.remove('tab-active');
    } else {
        staffBtn.classList.add('tab-active');
        staffBtn.classList.remove('tab-inactive');
        studentBtn.classList.add('tab-inactive');
        studentBtn.classList.remove('tab-active');
    }
}
</script>

</body>
</html>