diff --git a/index.php b/index.php
index 9bf867bf..570d8626 100644
--- a/index.php
+++ b/index.php
@@ -1,6 +1,7 @@
multi_query($sql)) {
- echo "✓ Migration executed successfully\n";
-} else {
- echo "✗ Migration error: " . $conn->error . "\n";
-}
-
-$conn->close();
-?>
diff --git a/src/pages/other/about2.php b/src/pages/other/about2.php
new file mode 100644
index 00000000..ad8eac8b
--- /dev/null
+++ b/src/pages/other/about2.php
@@ -0,0 +1,15 @@
+
+
+
+
+
+
+
diff --git a/src/pages/other/test_header.php b/src/pages/other/test_header.php
new file mode 100644
index 00000000..39aa53f9
--- /dev/null
+++ b/src/pages/other/test_header.php
@@ -0,0 +1,48 @@
+Path Diagnostic";
+echo "Path Resolution Diagnostic
";
+echo "
";
+
+echo "Current Directory Information
";
+echo "__FILE__: " . __FILE__ . "
";
+echo "__DIR__: " . __DIR__ . "
";
+echo "
";
+
+echo "Directory Navigation Tests
";
+echo "dirname(__DIR__): " . dirname(__DIR__) . "
";
+echo "dirname(dirname(__DIR__)): " . dirname(dirname(__DIR__)) . "
";
+echo "dirname(dirname(dirname(__DIR__))): " . dirname(dirname(dirname(__DIR__))) . "
";
+echo "
";
+
+echo "\$_SERVER Variables
";
+echo "DOCUMENT_ROOT: " . ($_SERVER['DOCUMENT_ROOT'] ?? 'NOT SET') . "
";
+echo "SCRIPT_FILENAME: " . ($_SERVER['SCRIPT_FILENAME'] ?? 'NOT SET') . "
";
+echo "REQUEST_URI: " . ($_SERVER['REQUEST_URI'] ?? 'NOT SET') . "
";
+echo "SCRIPT_NAME: " . ($_SERVER['SCRIPT_NAME'] ?? 'NOT SET') . "
";
+echo "
";
+
+echo "Path Construction Tests
";
+$rootPath = dirname(dirname(dirname(__DIR__)));
+echo "\$rootPath (dirname × 3): " . $rootPath . "
";
+echo "\$rootPath . '/header.php': " . $rootPath . '/header.php' . "
";
+echo "File exists? " . (file_exists($rootPath . '/header.php') ? 'YES ✓' : 'NO ✗') . "
";
+echo "
";
+
+echo "Alternative Path Tests
";
+if (isset($_SERVER['DOCUMENT_ROOT']) && is_string($_SERVER['DOCUMENT_ROOT'])) {
+ $altPath = $_SERVER['DOCUMENT_ROOT'];
+ echo "\$_SERVER['DOCUMENT_ROOT']: " . $altPath . "
";
+ echo "\$altPath . '/header.php': " . $altPath . '/header.php' . "
";
+ echo "File exists? " . (file_exists($altPath . '/header.php') ? 'YES ✓' : 'NO ✗') . "
";
+} else {
+ echo "DOCUMENT_ROOT not available or not a string
";
+}
+echo "
";
+
+echo "Component Path Tests
";
+echo "\$rootPath . '/components/insta_footer.php': " . $rootPath . '/components/insta_footer.php' . "
";
+echo "File exists? " . (file_exists($rootPath . '/components/insta_footer.php') ? 'YES ✓' : 'NO ✗') . "
";
+
+echo "";
+?>
\ No newline at end of file
diff --git a/src/pages/other/test_minimal.php b/src/pages/other/test_minimal.php
new file mode 100644
index 00000000..28f4a8ac
--- /dev/null
+++ b/src/pages/other/test_minimal.php
@@ -0,0 +1,21 @@
+";
+$rootPath = dirname(dirname(dirname(__DIR__)));
+echo "Step 2: Root path = " . $rootPath . "
";
+echo "Step 3: Header path = " . $rootPath . '/header.php' . "
";
+echo "Step 4: File exists? " . (file_exists($rootPath . '/header.php') ? 'YES' : 'NO') . "
";
+
+$headerStyle = 'light';
+echo "Step 5: About to include header
";
+include_once($rootPath . '/header.php');
+echo "Step 6: Header included successfully
";
+?>
+Test Page Content
+";
+include_once($rootPath . '/components/insta_footer.php');
+echo "Step 8: Footer included successfully
";
+?>
\ No newline at end of file
diff --git a/src/processors/assets/images/pp/30f28b416b64c436a9bbc32dbe7bbe6b.png b/src/processors/assets/images/pp/30f28b416b64c436a9bbc32dbe7bbe6b.png
deleted file mode 100644
index 7ec285db..00000000
Binary files a/src/processors/assets/images/pp/30f28b416b64c436a9bbc32dbe7bbe6b.png and /dev/null differ
diff --git a/src/processors/assets/images/pp/3fbcad3aa80dfa3bc0eb2043b8c40e2c.png b/src/processors/assets/images/pp/3fbcad3aa80dfa3bc0eb2043b8c40e2c.png
deleted file mode 100644
index 7ec285db..00000000
Binary files a/src/processors/assets/images/pp/3fbcad3aa80dfa3bc0eb2043b8c40e2c.png and /dev/null differ
diff --git a/src/processors/assets/images/pp/890eae390ea339ca08307c847d5758a3.png b/src/processors/assets/images/pp/890eae390ea339ca08307c847d5758a3.png
deleted file mode 100644
index fd6f88d4..00000000
Binary files a/src/processors/assets/images/pp/890eae390ea339ca08307c847d5758a3.png and /dev/null differ
diff --git a/src/processors/uploads/pop/c97bc77d8901921ed82978c4ed68ec95.pdf b/src/processors/uploads/pop/c97bc77d8901921ed82978c4ed68ec95.pdf
deleted file mode 100644
index 75687d47..00000000
Binary files a/src/processors/uploads/pop/c97bc77d8901921ed82978c4ed68ec95.pdf and /dev/null differ
diff --git a/src/processors/uploads/signatures/signature_155.png b/src/processors/uploads/signatures/signature_155.png
deleted file mode 100644
index 773e000b..00000000
Binary files a/src/processors/uploads/signatures/signature_155.png and /dev/null differ
diff --git a/src/processors/validate_login.php b/src/processors/validate_login.php
deleted file mode 100644
index 9182c8b4..00000000
--- a/src/processors/validate_login.php
+++ /dev/null
@@ -1,223 +0,0 @@
- 'error', 'message' => 'Database connection failed.']);
- exit();
-}
-
-// Google Client Setup
-$client = new Google_Client();
-$client->setClientId($_ENV['GOOGLE_CLIENT_ID']);
-$client->setClientSecret($_ENV['GOOGLE_CLIENT_SECRET']);
-$client->setRedirectUri($_ENV['HOST'] . '/validate_login');
-$client->addScope("email");
-$client->addScope("profile");
-// 👇 Add this to force the account picker
-$client->setPrompt('select_account');
-
-// Check if Google login code is set
-if (isset($_GET['code'])) {
- $token = $client->fetchAccessTokenWithAuthCode($_GET['code']);
- if (!isset($token["error"])) {
- $client->setAccessToken($token['access_token']);
- $google_oauth = new Google_Service_Oauth2($client);
- $google_account_info = $google_oauth->userinfo->get();
-
- // Get user info from Google
- $email = $google_account_info->email;
- $name = $google_account_info->name;
- $first_name = $google_account_info->given_name;
- $last_name = $google_account_info->family_name;
- $picture = $google_account_info->picture;
-
- // Check if the user exists in the database
- $query = "SELECT * FROM users WHERE email = ?";
- $stmt = $conn->prepare($query);
- $stmt->bind_param("s", $email);
- $stmt->execute();
- $result = $stmt->get_result();
-
- if ($result->num_rows == 0) {
- // User does not exist, so register them
- $password = null; // No password for Google login
- $query = "INSERT INTO users (email, first_name, last_name, profile_pic, password, is_verified) VALUES (?, ?, ?, ?, ?, ?)";
- $stmt = $conn->prepare($query);
- $is_verified = 1; // Assuming Google users are considered verified
- $stmt->bind_param("sssssi", $email, $first_name, $last_name, $picture, $password, $is_verified);
- if ($stmt->execute()) {
- // User successfully registered, set session and redirect
- sendEmail('chrispintoza@gmail.com', '4WDCSA: New User Login', $name.' has just created an account using Google Login.');
- $_SESSION['user_id'] = $conn->insert_id;
- $_SESSION['first_name'] = $first_name;
- $_SESSION['profile_pic'] = $picture;
- processLegacyMembership($_SESSION['user_id']);
- // echo json_encode(['status' => 'success', 'message' => 'Google login successful']);
- header("Location: index");
- exit();
- } else {
- // echo json_encode(['status' => 'error', 'message' => 'Failed to register user.']);
- header("Location: index");
- exit();
- }
- } else {
- // User exists, set session and redirect
- $row = $result->fetch_assoc();
- $_SESSION['user_id'] = $row['user_id'];
- $_SESSION['first_name'] = $row['first_name'];
- $_SESSION['profile_pic'] = $row['profile_pic'];
- sendEmail('chrispintoza@gmail.com', '4WDCSA: New User Login', $name.' has just logged in using Google Login.');
- // echo json_encode(['status' => 'success', 'message' => 'Google login successful']);
- header("Location: index");
- exit();
- }
-
- $stmt->close();
- } else {
- echo "Login failed.";
- exit();
- }
-}
-
-// Check if email and password login is requested
-if (isset($_POST['email']) && isset($_POST['password'])) {
- // CSRF Token Validation
- if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
- auditLog(null, 'CSRF_VALIDATION_FAILED', 'users', null, ['endpoint' => 'validate_login.php']);
- echo json_encode(['status' => 'error', 'message' => 'Security token validation failed. Please try again.']);
- exit();
- }
-
- // Retrieve and validate email input
- $email = validateEmail($_POST['email']);
- if ($email === false) {
- auditLog(null, 'INVALID_EMAIL_FORMAT', 'users', null, ['email' => $_POST['email']]);
- echo json_encode(['status' => 'error', 'message' => 'Invalid email format.']);
- exit();
- }
-
- // Retrieve and sanitize password
- $password = isset($_POST['password']) ? trim($_POST['password']) : '';
-
- // Basic validation
- if (empty($email) || empty($password)) {
- echo json_encode(['status' => 'error', 'message' => 'Please enter both email and password.']);
- exit();
- }
-
- // Check for account lockout
- $lockoutStatus = checkAccountLockout($email);
- if ($lockoutStatus['is_locked']) {
- auditLog(null, 'LOGIN_ATTEMPT_LOCKED_ACCOUNT', 'users', null, [
- 'email' => $email,
- 'locked_until' => $lockoutStatus['locked_until']
- ]);
- echo json_encode([
- 'status' => 'error',
- 'message' => 'Account is temporarily locked due to multiple failed login attempts. Please try again in ' . $lockoutStatus['minutes_remaining'] . ' minutes.'
- ]);
- exit();
- }
-
- // Check recent failed attempts
- $recentFailedAttempts = countRecentFailedAttempts($email);
- if ($recentFailedAttempts >= 5) {
- // Lock account for 15 minutes
- lockAccount($email, 15);
- auditLog(null, 'ACCOUNT_LOCKED_THRESHOLD', 'users', null, [
- 'email' => $email,
- 'failed_attempts' => $recentFailedAttempts
- ]);
- echo json_encode([
- 'status' => 'error',
- 'message' => 'Account locked due to multiple failed login attempts. Please try again in 15 minutes.'
- ]);
- exit();
- }
-
- // Prepare SQL statement to fetch user details
- $query = "SELECT * FROM users WHERE email = ?";
- $stmt = $conn->prepare($query);
-
- if (!$stmt) {
- echo json_encode(['status' => 'error', 'message' => 'Database query preparation failed.']);
- exit();
- }
-
- $stmt->bind_param("s", $email);
- $stmt->execute();
- $result = $stmt->get_result();
-
- // Check if user exists and verify password
- if ($result->num_rows == 1) {
- $row = $result->fetch_assoc();
-
- // Check if the user is verified
- if ($row['is_verified'] == 0) {
- recordLoginAttempt($email, false);
- auditLog(null, 'LOGIN_ATTEMPT_UNVERIFIED_ACCOUNT', 'users', $row['user_id']);
- echo json_encode(['status' => 'error', 'message' => 'Your account is not verified. Please check your email for the verification link.']);
- exit();
- }
-
- if (password_verify($password, $row['password'])) {
- // Record successful attempt
- recordLoginAttempt($email, true);
-
- // Regenerate session ID to prevent session fixation attacks
- session_regenerate_id(true);
-
- // Password is correct, set up session
- $_SESSION['user_id'] = $row['user_id'];
- $_SESSION['first_name'] = $row['first_name'];
- $_SESSION['profile_pic'] = $row['profile_pic'];
-
- // Set session timeout (30 minutes)
- $_SESSION['login_time'] = time();
- $_SESSION['session_timeout'] = 1800; // 30 minutes in seconds
-
- auditLog($row['user_id'], 'LOGIN_SUCCESS', 'users', $row['user_id']);
- echo json_encode(['status' => 'success', 'message' => 'Successful Login']);
- } else {
- // Password is incorrect - record failed attempt
- recordLoginAttempt($email, false);
- auditLog(null, 'LOGIN_FAILED_INVALID_PASSWORD', 'users', null, ['email' => $email]);
-
- // Check if this was the threshold failure
- $newFailureCount = countRecentFailedAttempts($email);
- if ($newFailureCount >= 5) {
- lockAccount($email, 15);
- echo json_encode([
- 'status' => 'error',
- 'message' => 'Too many failed login attempts. Account locked for 15 minutes.'
- ]);
- } else {
- $attemptsRemaining = 5 - $newFailureCount;
- echo json_encode([
- 'status' => 'error',
- 'message' => 'Invalid password. ' . $attemptsRemaining . ' attempts remaining before account lockout.'
- ]);
- }
- }
- } else {
- // User does not exist - still record attempt
- recordLoginAttempt($email, false);
- auditLog(null, 'LOGIN_FAILED_USER_NOT_FOUND', 'users', null, ['email' => $email]);
- echo json_encode(['status' => 'error', 'message' => 'User with that email does not exist.']);
- }
-
- // Close the statement and connection
- $stmt->close();
-}
-
-// Close connection
-$conn->close();
-exit();
-?>
-
diff --git a/validate_login.php b/validate_login.php
index 9c06bd38..59e3bdbd 100644
--- a/validate_login.php
+++ b/validate_login.php
@@ -1,9 +1,10 @@