45 lines
1.2 KiB
PHP
45 lines
1.2 KiB
PHP
<?php
|
|
require 'db.php';
|
|
require 'auth.php';
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
$data = json_decode(file_get_contents('php://input'), true);
|
|
$email = strtolower(trim($data['email'] ?? ''));
|
|
$password = strval($data['password'] ?? '');
|
|
|
|
$stmt = $pdo->prepare("
|
|
SELECT u.id, u.email, u.password_hash,
|
|
r.name AS role_name,
|
|
r.can_manage_settings
|
|
FROM users u
|
|
JOIN roles r ON r.id = u.role_id
|
|
WHERE u.email = ?
|
|
LIMIT 1
|
|
");
|
|
$stmt->execute([$email]);
|
|
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if (!$user || !password_verify($password, $user['password_hash'])) {
|
|
http_response_code(401);
|
|
echo json_encode(['success' => false, 'error' => 'Invalid credentials']);
|
|
exit;
|
|
}
|
|
|
|
$_SESSION['user'] = [
|
|
'id' => intval($user['id']),
|
|
'email' => $user['email'],
|
|
'role' => $user['role_name'],
|
|
'can_manage_settings' => intval($user['can_manage_settings']),
|
|
];
|
|
|
|
echo json_encode([
|
|
'success' => true,
|
|
'user' => [
|
|
'id' => $_SESSION['user']['id'],
|
|
'email' => $_SESSION['user']['email'],
|
|
'role' => $_SESSION['user']['role'],
|
|
'can_manage_settings' => $_SESSION['user']['can_manage_settings'],
|
|
]
|
|
]);
|