Update navigation links to point to employee-login.php and enhance login error handling

php/process_login.php

@@ -14,27 +14,36 @@ if ($conn->connect_error) {
 }
 
 // Retrieve form data
-$username = $_POST['username'];
-$password = $_POST['password'];
+$username = isset($_POST['username']) ? trim(htmlspecialchars($_POST['username'])) : '';
+$password = isset($_POST['password']) ? trim(htmlspecialchars($_POST['password'])) : '';
 
 // Validate credentials
 $sql = "SELECT id, password_hash FROM employees WHERE username = ?";
 $stmt = $conn->prepare($sql);
-$stmt->bind_param("s", $username);
-$stmt->execute();
-$stmt->bind_result($user_id, $password_hash);
-$stmt->fetch();
-
-if ($password_hash && password_verify($password, $password_hash)) {
-    // Start session and store user ID
-    session_start();
-    $_SESSION['user_id'] = $user_id;
-    echo "Login successful!";
-    header("Location: ../qr/qr.html"); // Redirect to QR scanner page
+if ($stmt) {
+    $stmt->bind_param("s", $username);
+    $stmt->execute();
+    $stmt->bind_result($user_id, $password_hash);
+    $stmt->fetch();
 } else {
-    echo "Invalid login credentials.";
+    header("Location: ../employee-login.html?error=server_error");
+    exit();
 }
 
-$stmt->close();
-$conn->close();
+try {
+    if ($password_hash && password_verify($password, $password_hash)) {
+        // Start session and store user ID
+        session_start();
+        $_SESSION['user_id'] = $user_id;
+        header("Location: ../qr/qr.html"); // Redirect to QR scanner page
+        exit();
+    } else {
+        // Redirect back to login page with an error message
+        header("Location: ../employee-login.html?error=invalid_credentials");
+        exit();
+    }
+} finally {
+    $stmt->close();
+    $conn->close();
+}
 ?>