<?php
require_once '../includes/constants.php';
require_once '../includes/session.php';
require_once '../includes/functions.php';
?>
<!DOCTYPE html>
<html>
<head>
    <title><?php echo SITE_TITLE . ' | Admin Login'; ?></title>
    <link rel="stylesheet" href="css/admin.css">
</head>
<body>
<div class="container">
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $username = $_POST['username'] ?? '';
    $password = $_POST['password'] ?? '';

    $stmt = $pdo->prepare("SELECT * FROM admin_users WHERE username = ? AND is_active = 1");
    $stmt->execute([$username]);
    $admin = $stmt->fetch(PDO::FETCH_ASSOC);

    if ($admin && password_verify($password, $admin['password_hash'])) {
        $_SESSION['admin_id'] = $admin['id'];
        $_SESSION['admin_role'] = $admin['role'];
        $_SESSION['admin_username'] = $admin['username'];
        header("Location: index.php");
        exit;
    } else {
        echo "<p class='error'>❌ Invalid credentials or inactive account.</p>";
    }
}

// Login form
echo "<h2>🔐 Admin Login</h2>
<form method='post'>
    <label>Username:<br>
        <input name='username' placeholder='Username' required>
    </label><br>
    <label>Password:<br>
        <input name='password' type='password' placeholder='Password' required>
    </label><br>
    <button type='submit'>Login</button>
</form>";
?>
</div>
</body>
</html>