<?php
session_start();
require_once '../config/database.php';

$error = '';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$email = trim($_POST['email']);
$password = $_POST['password'];

    $stmt = $pdo->prepare("SELECT * FROM admin_users WHERE email = ? AND active = 1 LIMIT 1");
$stmt->execute([$email]);
$admin = $stmt->fetch();

    if ($admin && password_verify($password, $admin['password_hash'])) {
$_SESSION['admin_id'] = $admin['id'];
$_SESSION['admin_name'] = $admin['name'];
$_SESSION['admin_role'] = $admin['role'];

        header("Location: dashboard.php");
exit;
} else {
$error = "Invalid email or password.";
}
}
?>

<!DOCTYPE html>
<html>
<head>
<title>Admin Login - RBA Directory</title>
</head>
<body>

<h2>Admin Login</h2>

<?php if ($error): ?>
<p style="color:red;"><?php echo $error; ?></p>
<?php endif; ?>

<form method="POST">
<label>Email:</label><br>
<input type="email" name="email" required><br><br>

    <label>Password:</label><br>
<input type="password" name="password" required><br><br>

    <button type="submit">Login</button>
</form>

</body>
</html>