debug...

main/login.php

@@ -11,12 +11,15 @@ session_start();
 
 try {
     $config = require 'config.php';
+    error_log("Config loaded: " . print_r($config, true));
+    
     $db = new PDO(
         "mysql:host={$config['db']['host']};dbname={$config['db']['name']}", 
         $config['db']['user'], 
         $config['db']['pass']
     );
     $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+    error_log("Database connected successfully");
 } catch (PDOException $e) {
     error_log("Database connection error: " . $e->getMessage());
     die("Database connection error");
@@ -28,19 +31,24 @@ $success = '';
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
     $password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
+    error_log("Login attempt for user: " . $username);
 
     if ($username && $password) {
         try {
             $stmt = $db->prepare('SELECT id, password, is_blocked, login_attempts, last_attempt FROM users WHERE username = ?');
             $stmt->execute([$username]);
             $user = $stmt->fetch(PDO::FETCH_ASSOC);
+            error_log("User query result: " . print_r($user, true));
 
             if ($user) {
                 if ($user['is_blocked']) {
                     $error = 'Account is blocked';
+                    error_log("Blocked account attempt: " . $username);
                 } else if ($user['login_attempts'] >= 5 && strtotime($user['last_attempt']) > strtotime('-15 minutes')) {
                     $error = 'Too many login attempts';
+                    error_log("Too many attempts for user: " . $username);
                 } else if (password_verify($password, $user['password'])) {
+                    error_log("Successful login for user: " . $username);
                     $stmt = $db->prepare('UPDATE users SET login_attempts = 0, last_attempt = NOW() WHERE id = ?');
                     $stmt->execute([$user['id']]);
                     $_SESSION['user_id'] = $user['id'];
@@ -48,15 +56,19 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
                     header('Location: index.php');
                     exit;
                 } else {
+                    error_log("Invalid password for user: " . $username);
                     $stmt = $db->prepare('UPDATE users SET login_attempts = login_attempts + 1, last_attempt = NOW() WHERE id = ?');
                     $stmt->execute([$user['id']]);
                     $error = 'Invalid password';
                 }
             } else {
+                error_log("User not found: " . $username);
                 $error = 'User not found';
             }
         } catch (PDOException $e) {
             error_log("Login error: " . $e->getMessage());
+            error_log("SQL State: " . $e->getCode());
+            error_log("Error Info: " . print_r($db->errorInfo(), true));
             $error = 'Server error';
         }
     }