real_escape_string($t); $r=$conn->query("SHOW TABLES LIKE '{$t}'"); return $r && $r->num_rows>0; }
function col_exists($conn,$t,$c){ $t=$conn->real_escape_string($t); $c=$conn->real_escape_string($c); $r=$conn->query("SHOW COLUMNS FROM `{$t}` LIKE '{$c}'"); return $r && $r->num_rows>0; }
$tbl = table_exists($conn,'Users') ? 'Users' : (table_exists($conn,'users') ? 'users' : 'Users');
$loginCandidates = ['Username','username','FIN','fin','login','email'];
$passCandidates = ['Password','password','pass_hash','pass'];
$LOGIN_COL = 'Username';
$PASS_COL = 'Password';
foreach ($loginCandidates as $c) if (col_exists($conn,$tbl,$c)) { $LOGIN_COL=$c; break; }
foreach ($passCandidates as $c) if (col_exists($conn,$tbl,$c)) { $PASS_COL =$c; break; }
// --- 3) Əgər artıq login olunubsa, yönləndir ---
$next = isset($_GET['next']) ? (string)$_GET['next'] : '/public/musteri-list.php';
if (isset($_SESSION['user_id'])) {
header('Location: '.$next); exit;
}
// --- 4) POST emalı ---
$error = '';
if ($_SERVER['REQUEST_METHOD']==='POST') {
$username = trim($_POST['username'] ?? $_POST['fin'] ?? '');
$password = (string)($_POST['password'] ?? $_POST['pw'] ?? '');
if ($username === '' || $password === '') {
$error = 'İstifadəçi adı/FIN və şifrə tələb olunur';
} else {
// Sorğunu qur
$sql = "SELECT `id`, `{$LOGIN_COL}` AS login, `{$PASS_COL}` AS pass FROM `{$tbl}` WHERE `{$LOGIN_COL}`=? LIMIT 1";
$stmt = $conn->prepare($sql);
if (!$stmt) {
$error = 'DB xətası: '.$conn->error;
} else {
$stmt->bind_param('s', $username);
$stmt->execute();
$res = $stmt->get_result();
$row = $res ? $res->fetch_assoc() : null;
$stmt->close();
if (!$row) {
$error = 'İstifadəçi tapılmadı';
} else {
$hash = (string)$row['pass'];
$ok = false;
// 1) password_hash() ilədirsə
$info = password_get_info($hash);
if (!empty($info['algo'])) {
$ok = password_verify($password, $hash);
}
// 2) Fallback: plain/sha256 saxlanıbsa
if (!$ok) {
if (hash_equals($hash, $password)) $ok = true;
elseif (hash_equals($hash, hash('sha256',$password))) $ok = true;
}
if ($ok) {
session_regenerate_id(true);
$_SESSION['user_id'] = (int)$row['id'];
$_SESSION['username'] = (string)$row['login'];
header('Location: '.$next);
exit;
} else {
$error = 'Şifrə səhvdir';
}
}
}
}
}
?>
Daxil ol