 Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/gositeme/.cursor-server/data/User/History/-34cbb391/ |
<?php
// Include security functions
require_once '../includes/security.php';
// Include database configuration
require_once '../config/database.php';
// Function to log security events
function logSecurityEvent($event_type, $details, $user_id = null, $admin_id = null) {
try {
$pdo = getDBConnection();
$stmt = $pdo->prepare("
INSERT INTO security_events (event_type, details, user_id, admin_id, ip_address, user_agent, created_at)
VALUES (?, ?, ?, ?, ?, ?, NOW())
");
$stmt->execute([
$event_type,
$details,
$user_id,
$admin_id,
$_SERVER['REMOTE_ADDR'] ?? 'unknown',
$_SERVER['HTTP_USER_AGENT'] ?? 'unknown'
]);
} catch (Exception $e) {
error_log("Failed to log security event: " . $e->getMessage());
}
}
// Function to update user login history
function updateUserLoginHistory($user_id, $success = true) {
try {
$pdo = getDBConnection();
// Update user's last login info
$stmt = $pdo->prepare("
UPDATE users SET
last_login_ip = ?,
last_login_at = NOW(),
failed_login_attempts = ?
WHERE id = ?
");
if ($success) {
$stmt->execute([
$_SERVER['REMOTE_ADDR'] ?? 'unknown',
0, // Reset failed attempts on successful login
$user_id
]);
} else {
// Increment failed login attempts
$stmt = $pdo->prepare("
UPDATE users SET
failed_login_attempts = failed_login_attempts + 1,
last_failed_login = NOW()
WHERE id = ?
");
$stmt->execute([$user_id]);
}
// Log to login history table
$stmt = $pdo->prepare("
INSERT INTO user_login_history (user_id, ip_address, user_agent, login_success, created_at)
VALUES (?, ?, ?, ?, NOW())
");
$stmt->execute([
$user_id,
$_SERVER['REMOTE_ADDR'] ?? 'unknown',
$_SERVER['HTTP_USER_AGENT'] ?? 'unknown',
$success ? 1 : 0
]);
} catch (Exception $e) {
error_log("Failed to update login history: " . $e->getMessage());
}
}
// Check if user is already logged in
if (isset($_SESSION['user_id'])) {
// Check if this is an AJAX request
if (isset($_GET['ajax']) || (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest')) {
// Return JSON response for AJAX navigation
header('Content-Type: application/json');
echo json_encode([
'success' => true,
'redirect' => '/dashboard.php',
'message' => 'Already logged in'
]);
exit;
} else {
// Regular redirect for full page loads
header('Location: /dashboard.php');
exit;
}
}
// Handle login form submission
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Validate CSRF token
if (!validateCSRFToken($_POST['csrf_token'] ?? '')) {
$error = 'Security validation failed. Please try again.';
logSecurityEvent('csrf_violation', 'CSRF token validation failed', null, null);
} else {
$email = validateEmail($_POST['email'] ?? '');
$password = $_POST['password'] ?? '';
if (!$email) {
$error = 'Invalid email format';
logSecurityEvent('invalid_email', 'Invalid email format attempted: ' . ($_POST['email'] ?? 'unknown'), null, null);
} else {
// Authenticate user with database
$user = authenticateUser($email, $password);
if ($user) {
// SUCCESSFUL LOGIN
$_SESSION['user_id'] = $user['id'];
$_SESSION['user_name'] = $user['name'];
$_SESSION['user_email'] = $user['email'];
$_SESSION['credits'] = $user['credits'];
$_SESSION['plan'] = $user['plan'];
$_SESSION['is_admin'] = $user['is_admin'] ?? false;
// Log successful login
logSecurityEvent('login_success', 'User logged in successfully: ' . $user['email'], $user['id'], null);
updateUserLoginHistory($user['id'], true);
// Check if this is an AJAX request
if (isset($_GET['ajax']) || (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest')) {
// Return JSON response for AJAX navigation
header('Content-Type: application/json');
echo json_encode([
'success' => true,
'redirect' => '/dashboard.php',
'message' => 'Login successful'
]);
exit;
} else {
// Regular redirect for full page loads
header('Location: /dashboard.php');
exit;
}
} else {
// FAILED LOGIN
$error = 'Invalid email or password';
// Find user by email to log failed attempt
try {
$pdo = getDBConnection();
$stmt = $pdo->prepare("SELECT id FROM users WHERE email = ?");
$stmt->execute([$email]);
$user_record = $stmt->fetch();
if ($user_record) {
// User exists but wrong password
logSecurityEvent('login_failed', 'Failed login attempt for existing user: ' . $email, $user_record['id'], null);
updateUserLoginHistory($user_record['id'], false);
// Check if user should be blocked
$stmt = $pdo->prepare("SELECT failed_login_attempts FROM users WHERE id = ?");
$stmt->execute([$user_record['id']]);
$attempts = $stmt->fetchColumn();
if ($attempts >= 5) {
// Block user after 5 failed attempts
$stmt = $pdo->prepare("
UPDATE users SET
is_blocked = 1,
block_reason = 'Multiple failed login attempts',
blocked_at = NOW()
WHERE id = ?
");
$stmt->execute([$user_record['id']]);
logSecurityEvent('user_blocked', 'User blocked due to multiple failed login attempts: ' . $email, $user_record['id'], null);
$error = 'Account locked due to multiple failed login attempts. Please contact support.';
}
} else {
// User doesn't exist - potential security threat
logSecurityEvent('login_failed_nonexistent', 'Failed login attempt for non-existent user: ' . $email, null, null);
}
} catch (Exception $e) {
error_log("Error logging failed login: " . $e->getMessage());
}
}
}
}
}
// Set page variables for header
$current_page = 'login';
$page_title = 'Login - SoundStudioPro';
$page_description = 'Sign in to your SoundStudioPro account and start creating amazing AI music.';
// Include header
include '../includes/header.php';
?>
<style>
/* Main Content */
.main-content {
margin-top: 0;
padding: 4rem 0;
min-height: calc(100vh - 10rem);
}
/* Hero Section */
.hero {
padding: 8rem 0 6rem;
text-align: center;
color: white;
background: linear-gradient(135deg, #0a0a0a 0%, #1a1a1a 50%, #0a0a0a 100%);
position: relative;
overflow: hidden;
margin-bottom: 4rem;
}
.hero::before {
content: '';
position: absolute;
top: 0;
left: 0;
right: 0;
bottom: 0;
background: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><defs><pattern id="grid" width="10" height="10" patternUnits="userSpaceOnUse"><path d="M 10 0 L 0 0 0 10" fill="none" stroke="rgba(102,126,234,0.1)" stroke-width="0.5"/></pattern></defs><rect width="100" height="100" fill="url(%23grid)"/></svg>');
opacity: 0.3;
}
.hero-content {
max-width: 90rem;
margin: 0 auto;
position: relative;
z-index: 2;
}
.hero-badge {
display: inline-block;
background: linear-gradient(135deg, rgba(102, 126, 234, 0.2), rgba(118, 75, 162, 0.2));
color: #667eea;
padding: 1.2rem 2.4rem;
border-radius: 50px;
font-size: 1.4rem;
font-weight: 600;
margin-bottom: 3rem;
backdrop-filter: blur(10px);
border: 1px solid rgba(102, 126, 234, 0.3);
}
.hero-title {
font-size: 5.6rem;
font-weight: 900;
line-height: 1.1;
margin-bottom: 2.4rem;
background: linear-gradient(135deg, #ffffff, #667eea, #764ba2);
-webkit-background-clip: text;
-webkit-text-fill-color: transparent;
background-clip: text;
}
.hero-subtitle {
font-size: 2rem;
font-weight: 400;
margin-bottom: 4rem;
opacity: 0.9;
max-width: 70rem;
margin-left: auto;
margin-right: auto;
color: #a0aec0;
}
/* Login Content */
.login-content {
background: linear-gradient(135deg, #1a1a1a 0%, #2d2d2d 100%);
padding: 6rem 0;
border-radius: 40px 40px 0 0;
margin-top: -2rem;
position: relative;
z-index: 10;
}
.login-container {
max-width: 50rem;
margin: 0 auto;
}
/* Login Form */
.login-form {
background: rgba(255, 255, 255, 0.05);
padding: 4rem;
border-radius: 24px;
backdrop-filter: blur(20px);
border: 1px solid rgba(255, 255, 255, 0.1);
box-shadow: 0 30px 80px rgba(102, 126, 234, 0.1);
}
.form-header {
text-align: center;
margin-bottom: 3rem;
}
.form-title {
font-size: 3.2rem;
font-weight: 700;
color: white;
margin-bottom: 1rem;
}
.form-subtitle {
font-size: 1.6rem;
color: #a0aec0;
}
.form-group {
margin-bottom: 2rem;
}
.form-label {
display: block;
font-size: 1.4rem;
font-weight: 600;
color: white;
margin-bottom: 1rem;
}
.form-input {
width: 100%;
padding: 1.5rem 2rem;
border: 2px solid rgba(255, 255, 255, 0.1);
border-radius: 12px;
background: rgba(255, 255, 255, 0.05);
color: white;
font-size: 1.6rem;
transition: all 0.3s ease;
}
.form-input:focus {
outline: none;
border-color: #667eea;
background: rgba(255, 255, 255, 0.1);
box-shadow: 0 0 20px rgba(102, 126, 234, 0.2);
}
.form-input::placeholder {
color: rgba(255, 255, 255, 0.5);
}
.login-btn {
width: 100%;
padding: 1.8rem;
background: linear-gradient(135deg, #667eea, #764ba2);
color: white;
border: none;
border-radius: 12px;
font-size: 1.6rem;
font-weight: 600;
cursor: pointer;
transition: all 0.3s ease;
margin-bottom: 2rem;
display: flex;
align-items: center;
justify-content: center;
gap: 1rem;
}
.login-btn:hover {
transform: translateY(-3px);
box-shadow: 0 15px 40px rgba(102, 126, 234, 0.4);
}
.error {
background: rgba(239, 68, 68, 0.2);
border: 1px solid rgba(239, 68, 68, 0.3);
color: #fca5a5;
padding: 1.5rem;
border-radius: 12px;
margin-bottom: 2rem;
font-size: 1.4rem;
text-align: center;
}
.signup-link {
text-align: center;
font-size: 1.4rem;
color: #a0aec0;
margin-bottom: 2rem;
}
.signup-link a {
color: #667eea;
text-decoration: none;
font-weight: 600;
transition: all 0.3s ease;
}
.signup-link a:hover {
color: white;
text-decoration: underline;
}
.demo-credentials {
background: rgba(255, 255, 255, 0.05);
border: 1px solid rgba(255, 255, 255, 0.1);
border-radius: 12px;
padding: 2rem;
margin-top: 2rem;
text-align: center;
}
.demo-credentials h4 {
color: white;
font-size: 1.6rem;
font-weight: 600;
margin-bottom: 1rem;
}
.demo-credentials p {
color: #a0aec0;
font-size: 1.4rem;
margin-bottom: 0.5rem;
}
.demo-credentials strong {
color: #667eea;
}
/* Responsive */
@media (max-width: 768px) {
.hero-title {
font-size: 4rem;
}
.login-form {
padding: 2rem;
}
.form-title {
font-size: 2.4rem;
}
}
</style>
<!-- Hero Section -->
<section class="hero">
<div class="container">
<div class="hero-content">
<div class="hero-badge">🔐 Welcome Back</div>
<h1 class="hero-title">Sign In to Your Account</h1>
<p class="hero-subtitle">Access your AI music creation studio and continue making amazing tracks with our advanced tools.</p>
</div>
</div>
</section>
<!-- Login Content -->
<section class="login-content">
<div class="container">
<div class="login-container">
<div class="login-form">
<div class="form-header">
<h2 class="form-title">🎵 SoundStudioPro</h2>
<p class="form-subtitle">Your AI Music Creation Studio</p>
</div>
<?php if (isset($error)): ?>
<div class="error">
<i class="fas fa-exclamation-triangle"></i>
<?php echo htmlspecialchars($error); ?>
</div>
<?php endif; ?>
<form method="POST">
<input type="hidden" name="csrf_token" value="<?= generateCSRFToken() ?>">
<div class="form-group">
<label class="form-label" for="email">Email Address</label>
<input type="email" id="email" name="email" class="form-input" placeholder="Enter your email address" required>
</div>
<div class="form-group">
<label class="form-label" for="password">Password</label>
<input type="password" id="password" name="password" class="form-input" placeholder="Enter your password" required>
</div>
<button type="submit" class="login-btn">
<i class="fas fa-sign-in-alt"></i> Sign In to Your Account
</button>
</form>
<div class="signup-link">
Don't have an account? <a href="/auth/register.php">Sign up for free</a>
</div>
<div class="demo-credentials">
<h4><i class="fas fa-info-circle"></i> Demo Credentials</h4>
<p><strong>Email:</strong> demo@soundstudiopro.com</p>
<p><strong>Password:</strong> demo123</p>
</div>
</div>
</div>
</div>
</section>
<?php
include '../includes/footer.php';
// Ensure global player is included for AJAX navigation
// Global player now included via footer.php
?>
<script>
// Handle login form submission for AJAX navigation
document.addEventListener('DOMContentLoaded', function() {
const loginForm = document.querySelector('form[method="POST"]');
if (loginForm) {
loginForm.addEventListener('submit', function(e) {
// Check if we're in AJAX navigation context
if (window.location.search.includes('ajax=1') ||
document.querySelector('.ajax-nav') ||
window.ajaxNavigation) {
e.preventDefault();
const formData = new FormData(loginForm);
const submitBtn = loginForm.querySelector('button[type="submit"]');
const originalText = submitBtn.innerHTML;
// Show loading state
submitBtn.innerHTML = '<i class="fas fa-spinner fa-spin"></i> Signing In...';
submitBtn.disabled = true;
// Submit via AJAX
fetch('/auth/login.php?ajax=1', {
method: 'POST',
body: formData
})
.then(response => response.json())
.then(data => {
if (data.success) {
console.log('🎵 Login successful, navigating to dashboard...');
// Navigate to dashboard via AJAX
if (typeof window.navigateTo === 'function') {
window.location.href = '/dashboard.php';
} else {
// Fallback to regular navigation
window.location.href = data.redirect;
}
} else {
// Show error
const errorDiv = document.querySelector('.error') || document.createElement('div');
errorDiv.className = 'error';
errorDiv.innerHTML = '<i class="fas fa-exclamation-triangle"></i> ' + (data.message || 'Login failed');
if (!document.querySelector('.error')) {
loginForm.insertBefore(errorDiv, loginForm.firstChild);
}
// Reset button
submitBtn.innerHTML = originalText;
submitBtn.disabled = false;
}
})
.catch(error => {
console.error('🎵 Login error:', error);
// Show error
const errorDiv = document.querySelector('.error') || document.createElement('div');
errorDiv.className = 'error';
errorDiv.innerHTML = '<i class="fas fa-exclamation-triangle"></i> Login failed. Please try again.';
if (!document.querySelector('.error')) {
loginForm.insertBefore(errorDiv, loginForm.firstChild);
}
// Reset button
submitBtn.innerHTML = originalText;
submitBtn.disabled = false;
});
}
});
}
});
</script>