PackIt/admin/login.php

<?php
require_once __DIR__ . '/auth.php';

if (ADMIN_LOGGED_IN) {
    header('Location: index.php');
    exit;
}

$error = '';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $user = trim($_POST['username'] ?? '');
    $pass = $_POST['password'] ?? '';

    if ($user === '' || $pass === '') {
        $error = 'Please enter username and password.';
    } else {
        $pdo = get_pdo();
        $stmt = $pdo->prepare("SELECT password_hash FROM admin_users WHERE username = ?");
        $stmt->execute([$user]);
        $row = $stmt->fetch();

        if ($row && password_verify($pass, $row['password_hash'])) {
            session_regenerate_id(true);
            $_SESSION['admin_logged_in'] = true;
            $_SESSION['admin_user']      = $user;
            header('Location: index.php');
            exit;
        } else {
            $error = 'Invalid username or password.';
            // Slow down brute-force attempts
            sleep(1);
        }
    }
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>PackIt Admin – Login</title>
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Bebas+Neue&family=DM+Sans:wght@300;400;500;600&display=swap" rel="stylesheet">
<style>
:root{--bg:#0f1117;--surface:#181c27;--border:#2a2f3f;--accent:#e8c547;--accent2:#4fd1c5;--text:#e8eaf0;--muted:#7a8099;--danger:#e05555;--radius:10px;}
*,*::before,*::after{box-sizing:border-box;margin:0;padding:0;}
body{background:var(--bg);color:var(--text);font-family:'DM Sans',sans-serif;min-height:100vh;display:flex;align-items:center;justify-content:center;}
body::before{content:'';position:fixed;inset:0;background:radial-gradient(ellipse 60% 60% at 50% 40%, rgba(232,197,71,.05) 0%, transparent 70%);pointer-events:none;}
.login-box{background:var(--surface);border:1px solid var(--border);border-radius:var(--radius);padding:2.5rem 2rem;width:100%;max-width:360px;position:relative;}
.login-logo{font-family:'Bebas Neue',sans-serif;font-size:2.8rem;color:var(--accent);letter-spacing:.05em;margin-bottom:.25rem;}
.login-sub{font-size:.78rem;color:var(--muted);text-transform:uppercase;letter-spacing:.1em;margin-bottom:2rem;}
label{display:block;font-size:.75rem;font-weight:600;color:var(--muted);text-transform:uppercase;letter-spacing:.08em;margin-bottom:.3rem;}
input{display:block;width:100%;background:var(--bg);border:1.5px solid var(--border);color:var(--text);padding:.6rem .85rem;border-radius:var(--radius);font-family:'DM Sans',sans-serif;font-size:.9rem;outline:none;margin-bottom:1rem;transition:border-color .15s;}
input:focus{border-color:var(--accent2);}
.btn-login{width:100%;background:var(--accent);color:#0f1117;border:none;padding:.75rem;border-radius:var(--radius);font-family:'DM Sans',sans-serif;font-size:.95rem;font-weight:600;cursor:pointer;margin-top:.5rem;transition:background .15s;}
.btn-login:hover{background:#f0d260;}
.error-msg{background:rgba(224,85,85,.1);border:1px solid rgba(224,85,85,.3);color:var(--danger);padding:.65rem .9rem;border-radius:var(--radius);font-size:.85rem;margin-bottom:1rem;}
</style>
</head>
<body>
<div class="login-box">
  <div class="login-logo">PackIt</div>
  <div class="login-sub">Admin Access</div>
  <?php if ($error): ?>
  <div class="error-msg"><?= htmlspecialchars($error) ?></div>
  <?php endif; ?>
  <form method="POST">
    <label for="username">Username</label>
    <input type="text" id="username" name="username"
           value="<?= htmlspecialchars($_POST['username'] ?? '') ?>"
           autocomplete="username" required>
    <label for="password">Password</label>
    <input type="password" id="password" name="password"
           autocomplete="current-password" required>
    <button class="btn-login" type="submit">Sign in</button>
  </form>
</div>
</body>
</html>