' . 'Access Denied · Finance Planner' . '' . '' . '
' . '
🚫
' . '

Access Denied

' . '

Admin privileges required.

' . '← Back to Dashboard' . '
'; exit; } } /** * Returns true on success, 'suspended' if account suspended, false on bad credentials. */ function attemptLogin(string $username, string $password): bool|string { require_once __DIR__ . '/db.php'; $db = getDB(); $st = $db->prepare("SELECT * FROM users WHERE username = ? LIMIT 1"); $st->execute([trim($username)]); $user = $st->fetch(); if (!$user) return false; if ((int)($user['is_suspended'] ?? 0) === 1) return 'suspended'; if (!password_verify($password, $user['password_hash'])) return false; $_SESSION['user'] = [ 'id' => (int)$user['id'], 'username' => $user['username'], 'display_name' => $user['display_name'] ?? $user['username'], 'is_admin' => (int)($user['is_admin'] ?? 0), ]; return true; } function logout(): void { $_SESSION = []; if (ini_get('session.use_cookies')) { $p = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $p['path'], $p['domain'], $p['secure'], $p['httponly']); } session_destroy(); } function changePassword(int $userId, string $currentPassword, string $newPassword): bool { require_once __DIR__ . '/db.php'; $db = getDB(); $st = $db->prepare("SELECT password_hash FROM users WHERE id = ?"); $st->execute([$userId]); $row = $st->fetch(); if (!$row || !password_verify($currentPassword, $row['password_hash'])) return false; $db->prepare("UPDATE users SET password_hash = ? WHERE id = ?") ->execute([password_hash($newPassword, PASSWORD_DEFAULT), $userId]); return true; } // ── App settings (stored in `settings` table) ───────────────────────────── function getSetting(string $key, string $default = ''): string { try { require_once __DIR__ . '/db.php'; $db = getDB(); $st = $db->prepare("SELECT setting_value FROM settings WHERE setting_key = ?"); $st->execute([$key]); $row = $st->fetch(); return $row ? $row['setting_value'] : $default; } catch (Exception $e) { return $default; } } function setSetting(string $key, string $value): void { require_once __DIR__ . '/db.php'; $db = getDB(); $db->prepare("INSERT INTO settings (setting_key, setting_value) VALUES (?,?) ON DUPLICATE KEY UPDATE setting_value = VALUES(setting_value)") ->execute([$key, $value]); }