Added full user authentication system: register/login with validation, bcrypt, reCAPTCHA integration, session handling, and new landing page with animated form switcher.

inc/php/login.php

@@ -5,13 +5,23 @@ require_once($_SERVER['DOCUMENT_ROOT'] . '/db.php');
 $errors = [];
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $user = trim($_POST['user'] ?? '');
-    $password = $_POST['password'] ?? '';
+    $user = trim($_POST['login_email'] ?? '');
+    $password = $_POST['login_password'] ?? '';
+    $captcha = $_POST['g-recaptcha-response'] ?? '';
 
     if (empty($user) || empty($password)) {
         $errors[] = "All fields are required.";
     }
 
+    // CAPTCHA validation
+    $captcha_secret = '6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe'; // Google's test secret key
+    $captcha_response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret={$captcha_secret}&response={$captcha}");
+    $captcha_data = json_decode($captcha_response);
+
+    if (!$captcha_data->success) {
+        $errors[] = "CAPTCHA verification failed.";
+    }
+
     if (empty($errors)) {
         $conn = getConnection();
         $stmt = $conn->prepare("SELECT id, password, uniqueid FROM users WHERE email = :user OR username = :user");
@@ -27,17 +37,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
             $errors[] = "Invalid credentials.";
         }
     }
+
+    $_SESSION['login_error'] = implode("<br>", $errors);
+    header("Location: /landing.php");
+    exit();
 }
 ?>
-
-<!-- Basic form UI -->
-<h2>Login</h2>
-<form method="POST">
-    <input name="user" placeholder="Username or Email" required><br>
-    <input name="password" type="password" placeholder="Password" required><br>
-    <button type="submit">Login</button>
-</form>
-
-<?php if (!empty($errors)): ?>
-    <ul><?php foreach ($errors as $e) echo "<li>$e</li>"; ?></ul>
-<?php endif; ?>