---

<?php
require_once("db.php");
?>
<!DOCTYPE html>
<html lang="ru">
<head>
    <meta charset="UTF-8">
    <title>Авторизация | Буквоежка</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
</head>
<body>

<div class="container mt-5">
    <h2 class="mb-4">Авторизация</h2>

    <div class="mb-3">
        <a href="register.php" class="btn btn-secondary">Регистрация</a>
    </div>

    <?php if (isset($_GET["error"])): ?>
        <div class="alert alert-danger">
            <?php echo htmlspecialchars($_GET["error"]); ?>
        </div>
    <?php endif; ?>

    <form action="login-db.php" method="POST">
        <div class="mb-3">
            <label class="form-label">Логин</label>
            <input type="text" name="login" class="form-control" required>
        </div>

        <div class="mb-3">
            <label class="form-label">Пароль</label>
            <input type="password" name="password" class="form-control" required>
        </div>

        <button type="submit" class="btn btn-dark">Войти</button>
    </form>
</div>

</body>
</html>

<?php
require_once("db.php");

$login = trim($_POST["login"]);
$password = trim($_POST["password"]);

if ($login == "" || $password == "") {
    header("Location: login.php?error=Заполните все поля");
    exit();
}

/* вход администратора */
if ($login === "admin" && $password === "order2026") {
    $_SESSION["admin"] = true;
    header("Location: admin.php");
    exit();
}

/* поиск обычного пользователя */
$sql = "SELECT * FROM users WHERE login='$login'";
$result = mysqli_query($connect, $sql);
$user = mysqli_fetch_assoc($result);

/* проверка пользователя и пароля */
if ($user && password_verify($password, $user["password"])) {
    $_SESSION["user_id"] = $user["id"];
    $_SESSION["fio"] = $user["fio"];

    header("Location: cards.php");
    exit();
} else {
    header("Location: login.php?error=Неверный логин или пароль");
    exit();
}
?>