session_start();

// --------- CONFIG: change if needed ----------
$ADMIN_USER = 'BalaInfotech';
$ADMIN_PASS = 'BalaInfotech@2025#@';
// Optional: change redirect after login (null = same page)
$after_login_redirect = null; // e.g. '/manage.php' or null
// --------------------------------------------

// Logout handling
if (isset($_GET['auth_action']) && $_GET['auth_action'] === 'logout') {
    $_SESSION = [];
    session_destroy();
    // redirect to same page without query
    $loc = strtok($_SERVER['REQUEST_URI'], '?');
    header("Location: $loc");
    exit;
}

// If already logged in -> continue
if (!empty($_SESSION['auth_logged_in']) && $_SESSION['auth_user'] === $ADMIN_USER) {
    return; // allow page to render
}

// Process login form
$login_error = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['auth_user'], $_POST['auth_pass'])) {
    $u = trim($_POST['auth_user']);
    $p = $_POST['auth_pass'];

    if ($u === $ADMIN_USER && $p === $ADMIN_PASS) {
        // success
        $_SESSION['auth_logged_in'] = true;
        $_SESSION['auth_user'] = $ADMIN_USER;

        // Redirect to avoid form resubmission
        if ($after_login_redirect) {
            header("Location: $after_login_redirect");
            exit;
        } else {
            $loc = strtok($_SERVER['REQUEST_URI'], '?');
            header("Location: $loc");
            exit;
        }
    } else {
        $login_error = "Invalid username or password.";
    }
}

// If not logged in -> show login form and stop further rendering
// (This outputs a minimal Bootstrap-styled login box; you can replace CSS if needed)
?><!doctype html>
<html lang="en">
<head>
  <meta charset="utf-8">
  <title>Protected — Login</title>
  <meta name="viewport" content="width=device-width,initial-scale=1">
  <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
  <style>
    body{ background:#f5f7fb; }
    .login-box{ max-width:420px; margin:80px auto; background:#fff; padding:22px; border-radius:8px; box-shadow:0 8px 30px rgba(0,0,0,0.06); }
    .brand { font-weight:700; letter-spacing:0.3px; }
  </style>
</head>
<body>
  <div class="login-box">
    <h5 class="mb-3">🔒 Protected Page — Login</h5>
        <form method="post" autocomplete="off">
      <div class="mb-2">
        <label class="form-label">Username</label>
        <input name="auth_user" class="form-control" required autofocus>
      </div>
      <div class="mb-3">
        <label class="form-label">Password</label>
        <input name="auth_pass" type="password" class="form-control" required>
      </div>
      <div class="d-flex justify-content-between align-items-center">
        <button class="btn btn-primary">Login</button>
        <small class="text-muted">Contact site admin if you can't login.</small>
      </div>
    </form>

    <hr>
    <div class="small text-muted">Note: This is a simple session-based protection. For production, use HTTPS and stronger auth (DB + hashed password or server .htpasswd).</div>
  </div>
</body>
</html>