index.php

<?php
session_start();
$errors = [];
require_once 'classes/manage.php';
$query = new Manage();


if (empty($_SESSION['key']))
    $_SESSION['key'] = bin2hex(random_bytes(32));
//  echo $_SESSION['key'];
$csrf = hash_hmac('sha256', 'this is some string:index.php ', $_SESSION['key']);

if (isset($_POST['log'])) {
    if (hash_equals($csrf, $_POST['csrf'])) {

        if (empty($_POST['email'])) {
            $errors['email'] = 'Phone number or email required';
        }
        if (empty($_POST['password'])) {
            $errors['pass'] = 'Password required';
        }

        $email = $_POST['email'];
        $pass = $_POST['password'];
        // var_dump($pass);  
        ///  return $Row['Data'] ?? 'default value';       
        if (!empty($email) and !empty($pass)) {
            $row = $query->getClients($email);
            $hashpass = $row['security_key'];
            if (password_verify($pass, $hashpass)) {
                session_regenerate_id();
                $_SESSION['admin-log'] = TRUE;

                $_SESSION['branch'] = $row['branchId'];
                $_SESSION['staff'] = $row['staffId'];
                $_SESSION['department'] = $row['departmentId'];
                $_SESSION['role']  =  $row['roles'];
                $_SESSION['dash']  =  $row['dash_type'];

                header('location:home');
            } else {
                $errors['login_fail'] = "Wrong email / password";
            }
        } else {
            $_SESSION['message'] = "Database error. Login failed!";
            $_SESSION['type'] = "alert-danger";
        }
    } else {
        header("location:clients-account");
    }
}





?>
<!DOCTYPE html>

<html lang="en" class="light-style customizer-hide" dir="ltr" data-theme="theme-default" data-assets-path="../assets/" data-template="vertical-menu-template-free">

<head>
    <meta charset="utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no, minimum-scale=1.0, maximum-scale=1.0" />

    <title>NSITF EBS </title>

    <meta name="description" content="" />

    <!-- Favicon -->
    <link rel="icon" type="image/x-icon" href="" />

    <!-- Fonts -->
    <link rel="preconnect" href="https://fonts.googleapis.com" />
    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
    <link href="https://fonts.googleapis.com/css2?family=Public+Sans:ital,wght@0,300;0,400;0,500;0,600;0,700;1,300;1,400;1,500;1,600;1,700&display=swap" rel="stylesheet" />

    <!-- Icons. Uncomment required icon fonts -->
    <link rel="stylesheet" href="assets/vendor/fonts/boxicons.css" />

    <!-- Core CSS -->
    <link rel="stylesheet" href="assets/vendor/css/core.css" class="template-customizer-core-css" />
    <!-- <link rel="stylesheet" href="../assets/vendor/css/theme-default.css" class="template-customizer-theme-css" /> -->
    <!-- assets\assets\vendor\css\theme-default.css -->
    <link rel="stylesheet" href="assets/assets/vendor/css/theme-default.css" class="template-customizer-theme-css" />
    <link rel="stylesheet" href="assets/css/demo.css" />

    <!-- Vendors CSS -->
    <link rel="stylesheet" href="assets/vendor/libs/perfect-scrollbar/perfect-scrollbar.css" />

    <!-- Page CSS -->
    <!-- Page -->
    <link rel="stylesheet" href="assets/vendor/css/pages/page-auth.css" />
    <!-- Helpers -->
    <script src="assets/vendor/js/helpers.js"></script>

    <!--! Template customizer & Theme config files MUST be included after core stylesheets and helpers.js in the <head> section -->
    <!--? Config:  Mandatory theme config file contain global vars & default theme options, Set your preferred theme option in this file.  -->
    <script src="assets/js/config.js"></script>
</head>

<body>
    <!-- Content -->

    <div class="container-xxl">
        <div class="authentication-wrapper authentication-basic container-p-y">
            <div class="authentication-inner">
                <!-- Register -->
                <div class="card">
                    <div class="card-body">
                        <!-- Logo -->
                        <div class="app-brand justify-content-center">
                            <a href="index.html" class="app-brand-link gap-2">
                                <span class="app-brand-logo demo">
                                    <img src="ikl.png" style="width:100px;">
                                </span>

                            </a>
                        </div>
                        <!-- /Logo -->
                        <h5 class="" style="text-align:center; font-weight:bold; line-height:1.4;">Nigeria Social
                            Insurance Trust Fund Enterprise Business Suite (EBS)</h5>



                        <?php if (count($errors) > 0) : ?>
                            <div class="alert alert-danger">
                                <?php foreach ($errors as $error) : ?>
                                    <li>
                                        <?php echo $error; ?>
                                    </li>
                                <?php endforeach; ?>
                            </div>
                        <?php endif; ?>


                        <?php if ($_SESSION['error']) : ?>
                            <div class="alert alert-danger" role="danger">
                                <?= $_SESSION['error'] ?>
                            </div>
                        <?php unset($_SESSION['error']);
                        endif; ?>

                        <?php if ($_SESSION['success']) : ?>
                            <div class="alert alert-success" role="danger">
                                <?= $_SESSION['success'] ?>
                            </div>
                        <?php unset($_SESSION['success']);
                        endif; ?>


                        <form id="" class="mb-3" action="" method="POST">

                            <input type="hidden" value="<?php echo $csrf ?>" name="csrf">
                            <div class="mb-3">
                                <label for="email" class="form-label">Email </label>
                                <input type="text" class="form-control" id="email" name="email" placeholder="Enter your email or username" autofocus />
                            </div>
                            <div class="mb-3 form-password-toggle">
                                <div class="d-flex justify-content-between">
                                    <label class="form-label" for="password">Password</label>
                                    <a href="forgot-password">
                                        <small>Forgot Password?</small>
                                    </a>
                                </div>
                                <div class="input-group input-group-merge">
                                    <input type="password" id="password" class="form-control" name="password" placeholder="&#xb7;&#xb7;&#xb7;&#xb7;&#xb7;&#xb7;&#xb7;&#xb7;&#xb7;&#xb7;&#xb7;&#xb7;" aria-describedby="password" />
                                    <span class="input-group-text cursor-pointer"><i class="bx bx-hide"></i></span>
                                </div>
                            </div>
                            <div class="mb-3">
                                <div class="form-check">
                                    <input class="form-check-input" type="checkbox" id="remember-me" />
                                    <label class="form-check-label" for="remember-me"> Remember Me </label>
                                </div>
                            </div>
                            <div class="mb-3">
                                <button class="btn btn-primary d-grid w-100" style="background-color:#50664d; border-color:#50664d;" type="submit" name="log">Login</button>
                            </div>
                        </form>
                        <hr>
                        <div class="my-3">
                            <a href="change-email-password" class="btn btn-secondary w-100">Change @nsitf.gov.ng Email password</a>
                        </div>


                    </div>
                </div>
                <!-- /Register -->
            </div>
        </div>
    </div>

    <!-- / Content -->

    <script type="text/javascript">
        var Tawk_API = Tawk_API || {},
            Tawk_LoadStart = new Date();
        (function() {
            var s1 = document.createElement("script"),
                s0 = document.getElementsByTagName("script")[0];
            s1.async = true;
            s1.src = 'https://embed.tawk.to/5c5aed266cb1ff3c14cb5c37/default';
            s1.charset = 'UTF-8';
            s1.setAttribute('crossorigin', '*');
            s0.parentNode.insertBefore(s1, s0);
        })();
    </script>

    <!-- Core JS -->
    <!-- build:js assets/vendor/js/core.js -->
    <script src="assets/vendor/libs/jquery/jquery.js"></script>
    <script src="assets/vendor/libs/popper/popper.js"></script>
    <script src="assets/vendor/js/bootstrap.js"></script>
    <script src="assets/vendor/libs/perfect-scrollbar/perfect-scrollbar.js"></script>

    <script src="assets/vendor/js/menu.js"></script>
    <!-- endbuild -->

    <!-- Vendors JS -->

    <!-- Main JS -->
    <script src="assets/js/main.js"></script>

    <!-- Page JS -->

    <!-- Place this tag in your head or just before your close body tag. -->
    <script async defer src="https://buttons.github.io/buttons.js"></script>
</body>

</html>