prepare("INSERT INTO logs (action, performed_by, log_time) VALUES (?, ?, NOW())"); $stmt->bind_param("ss", $action, $performed_by); $stmt->execute(); $stmt->close(); } if ($_SERVER["REQUEST_METHOD"] == "POST") { $user_name = trim($_POST['username']); $user_password = $_POST['password']; $sql = "SELECT * FROM admin WHERE user_name = ?"; $stmt = $conn->prepare($sql); if ($stmt) { $stmt->bind_param("s", $user_name); $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows > 0) { $row = $result->fetch_assoc(); if (password_verify($user_password, $row['password'])) { $_SESSION['username'] = $row['user_name']; $_SESSION['role'] = $row['role']; // ✅ Log successful login addLog($conn, "Login successful", $row['user_name']); if ($row['role'] === 'admin') { header("Location: admin/dashboard.php"); exit(); } elseif ($row['role'] === 'staff') { header("Location: staff/dashboard.php"); exit(); } else { $error_message = "Unknown user role!"; addLog($conn, "Login failed - unknown role", $row['user_name']); } } else { $error_message = "Invalid password!"; addLog($conn, "Login failed - invalid password", $row['user_name']); } } else { $error_message = "User not found!"; addLog($conn, "Login failed - user not found", $user_name); } $stmt->close(); } else { $error_message = "Database error: " . $conn->error; addLog($conn, "Login failed - database error", $user_name); } } $conn->close(); ?> <?= htmlspecialchars($settings['page_title'] ?? 'Sign in') ?>

Welcome back

Please sign in to continue.