= 8 && preg_match('/[0-9]/', $password); } function validatePincode($pincode) { return preg_match('/^[0-9]{6}$/', $pincode); } $response = ['success' => false, 'message' => '']; try { if ($_SERVER['REQUEST_METHOD'] !== 'POST') { throw new Exception('Invalid request method'); } $action = $_POST['action'] ?? ''; switch ($action) { case 'login': $mobile = sanitizeInput($_POST['mobile'] ?? ''); $password = $_POST['password'] ?? ''; if (!validateMobile($mobile)) { $response['message'] = 'Invalid mobile number'; break; } $stmt = $conn->prepare("SELECT id, name, role, password FROM users WHERE mobile = ?"); if (!$stmt) { throw new Exception('Database prepare error: ' . $conn->error); } $stmt->bind_param("s", $mobile); if (!$stmt->execute()) { throw new Exception('Database execute error'); } $result = $stmt->get_result(); if ($result->num_rows === 0) { $response['message'] = 'User not found'; break; } $user = $result->fetch_assoc(); if (!password_verify($password, $user['password'])) { $response['message'] = 'Invalid password'; break; } $_SESSION['user_id'] = $user['id']; $_SESSION['user_role'] = $user['role']; $_SESSION['user_name'] = $user['name']; $response['success'] = true; $response['message'] = 'Login successful'; $response['redirect'] = 'index.php'; // Changed to dashboard.php break; case 'register': $name = sanitizeInput($_POST['name'] ?? ''); $mobile = sanitizeInput($_POST['mobile'] ?? ''); $password = $_POST['password'] ?? ''; $role = sanitizeInput($_POST['role'] ?? ''); $city = sanitizeInput($_POST['city'] ?? ''); $pincode = sanitizeInput($_POST['pincode'] ?? ''); // Validate all inputs if (empty($name) || strlen($name) < 3) { $response['message'] = 'Name must be at least 3 characters'; break; } if (!validateMobile($mobile)) { $response['message'] = 'Invalid mobile number (10 digits required)'; break; } if (!validatePassword($password)) { $response['message'] = 'Password must be at least 8 characters with 1 number'; break; } if (empty($role)) { $response['message'] = 'Please select your role'; break; } if (empty($city)) { $response['message'] = 'City is required'; break; } if (!validatePincode($pincode)) { $response['message'] = 'Invalid pincode (6 digits required)'; break; } // Check if mobile already exists $checkStmt = $conn->prepare("SELECT id FROM users WHERE mobile = ?"); if (!$checkStmt) { throw new Exception('Database prepare error: ' . $conn->error); } $checkStmt->bind_param("s", $mobile); if (!$checkStmt->execute()) { throw new Exception('Database execute error'); } if ($checkStmt->get_result()->num_rows > 0) { $response['message'] = 'Mobile number already registered'; break; } $hashedPassword = password_hash($password, PASSWORD_BCRYPT); $stmt = $conn->prepare("INSERT INTO users (name, mobile, password, role, city, pincode) VALUES (?, ?, ?, ?, ?, ?)"); if (!$stmt) { throw new Exception('Database prepare error: ' . $conn->error); } $stmt->bind_param("ssssss", $name, $mobile, $hashedPassword, $role, $city, $pincode); if ($stmt->execute()) { $response['success'] = true; $response['message'] = 'Registration successful! Please login'; } else { throw new Exception('Database execute error: ' . $stmt->error); } break; default: $response['message'] = 'Invalid action'; } } catch (Exception $e) { error_log('Error: ' . $e->getMessage()); $response['message'] = 'An error occurred. Please try again.'; // In development, you might want to show the actual error: // $response['message'] = 'Error: ' . $e->getMessage(); } finally { // Clean any output buffer and send JSON response ob_end_clean(); echo json_encode($response); exit; }