<?php
session_start();
if(isset($_SESSION['password'])){
	header("Location: dashboard.php");
	exit();
}
require_once('../includes/functions.php');
require_once('inc/admin-functions.php');

if(isset($_POST['submit'])) {
	
	$username = clean($_POST['username']);
	$password = phash(clean($_POST['password']));
	
	$sql="SELECT * FROM ". TB_USERS ." WHERE username='". $username ."' and password='". $password ."'";
	$result=mysql_query($sql);
	$count=mysql_num_rows($result);
	
	if($count==1){
		$row = mysql_fetch_assoc($result);
	
		$_SESSION['username'] = $row['username'];
		$_SESSION['user_id'] = $row['user_id'];
		$_SESSION['password'] = $password;
		$_SESSION['role'] = $row['role_id'];
		$_SESSION['last_name'] = $row['last_name'];
		$_SESSION['first_name'] = $row['first_name'];
		$_SESSION['email'] = $row['email'];
		
		$success = "Successful Login";
		header("Location: dashboard.php");
		exit();
	}	else {
		$error = "Invalid username or password";
	}
}

?>
<?php get_template('header', 'Login'); ?>
	
	<div id="main">
		<?php display_messages(); ?>
		
		<h1>Control Panel Login</h1>
		
		<form id="login" method="post" action="<?php echo get_filename(); ?>" >
			<table>
			<tr>
				<td class="label"><label for="username">Username</label></td>
				<td colspan="2"><input type="text" class="text" id="username" name="username" value="" /></td>
			</tr>
			<tr>
				<td class="label"><label for="password">Password</label></td>
				<td colspan="2"><input type="password" class="text" id="password" name="password" value="" /></td>
			</tr>
			<tr>
				<td colspan="3"><input type="submit" class="submit" name="submit" value="Login" /></td>
			</tr>
			</table>
			
		</form>
	  <p class="hint" ><a href="./reset.php">Reset Password</a></p>
			
	</div>
	

<?php get_template('footer'); ?>