Initial DEV environment from production snapshot

auth/login.php

@@ -0,0 +1,53 @@
+<?php
+require_once __DIR__ . '/../init.php';
+
+if (is_logged_in()) header('Location: ../game/dashboard.php');
+
+$error = null;
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $email = $_POST['email'] ?? '';
+    $pass  = $_POST['password'] ?? '';
+
+    $pdo = getPDO();
+    $stmt = $pdo->prepare("SELECT id, password_hash FROM users WHERE email = ?");
+    $stmt->execute([$email]);
+    $row = $stmt->fetch();
+
+    if ($row && password_verify($pass, $row['password_hash'])) {
+        $_SESSION['user_id'] = $row['id'];
+        $_SESSION['user_email'] = $email;
+        header('Location: ../game/dashboard.php');
+        exit;
+    } else {
+        $error = 'Credenziali non valide.';
+    }
+}
+
+$page_title = 'Login';
+include __DIR__ . '/../header.php';
+?>
+
+<div class="row justify-content-center">
+  <div class="col-md-6">
+    <h2>Login</h2>
+    <?php if($error): ?>
+      <div class="alert alert-danger"><?= htmlspecialchars($error) ?></div>
+    <?php endif; ?>
+
+    <form method="post">
+      <div class="mb-3">
+        <label>Email</label>
+        <input type="email" name="email" class="form-control" required>
+      </div>
+      <div class="mb-3">
+        <label>Password</label>
+        <input type="password" name="password" class="form-control" required>
+      </div>
+      <button class="btn btn-primary">Accedi</button>
+      <a href="<?= BASE_URL ?>/auth/register.php" class="btn btn-link">Registrati</a>
+    </form>
+  </div>
+</div>
+
+<?php include __DIR__ . '/../footer.php'; ?>