sistema_funcionando_lastwar/login.php

<?php
ini_set('session.cookie_secure', 1);
ini_set('session.cookie_httponly', 1);
if (session_status() === PHP_SESSION_NONE) {
    session_start();
}

// If user is already logged in, redirect to index.php
if (isset($_SESSION['user_id'])) {
    header('Location: index.php');
    exit();
}

// Generate CSRF token
if (empty($_SESSION['csrf_token'])) {
    $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
$csrf_token = $_SESSION['csrf_token'];

// Incluir el helper de URLs
require_once __DIR__ . '/includes/url_helper.php';

$error = $_GET['error'] ?? '';
?>
<!DOCTYPE html>
<html lang="es">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Iniciar Sesión - Bot Discord</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
</head>
<body style="background-image: url('<?php echo site_url('galeria/login.png'); ?>'); background-size: cover; background-repeat: no-repeat; background-position: center center;">
    <div class="container-fluid">
        <div class="row justify-content-center align-items-center vh-100">
            <div class="col-md-4">
                <div class="card">
                    <div class="card-body">
                        <h3 class="card-title text-center mb-4">Iniciar Sesión</h3>
                        <?php if ($error === 'invalid_credentials'): ?>
                            <div class="alert alert-danger">Usuario o contraseña incorrectos.</div>
                        <?php elseif ($error === 'missing_fields'): ?>
                            <div class="alert alert-danger">Por favor, completa todos los campos.</div>
                        <?php elseif ($error === 'db_error'): ?>
                             <div class="alert alert-danger">Error del sistema. Inténtalo más tarde.</div>
                        <?php elseif ($error === 'csrf_error'): ?>
                             <div class="alert alert-danger">Error de validación. Por favor, inténtalo de nuevo.</div>
                        <?php endif; ?>
                        <form action="<?php echo site_url('includes/auth.php'); ?>" method="POST">
                            <input type="hidden" name="csrf_token" value="<?php echo htmlspecialchars($csrf_token); ?>">
                            <div class="mb-3">
                                <label for="username" class="form-label">Usuario</label>
                                <input type="text" class="form-control" id="username" name="username" required>
                            </div>
                            <div class="mb-3">
                                <label for="password" class="form-label">Contraseña</label>
                                <input type="password" class="form-control" id="password" name="password" required>
                            </div>
                            <div class="d-grid">
                                <button type="submit" class="btn btn-primary">Entrar</button>
                            </div>
                        </form>
                    </div>
                </div>
            </div>
        </div>
    </div>
</body>
</html>