"use client"; import { useState } from "react"; import { useRouter } from "next/navigation"; export default function StaffLoginPage() { const router = useRouter(); const [formData, setFormData] = useState({ username: "", password: "", }); const [error, setError] = useState(""); const [loading, setLoading] = useState(false); const handleSubmit = async (e: React.FormEvent) => { e.preventDefault(); setError(""); setLoading(true); try { const csrfRes = await fetch("/api/csrf", { credentials: "include", cache: "no-store", }); const csrfData = await csrfRes.json(); const csrfToken: string = csrfData.csrfToken ?? ""; const res = await fetch("/api/staff/auth/login", { method: "POST", headers: { "Content-Type": "application/json", "x-csrf-token": csrfToken, }, credentials: "include", body: JSON.stringify({ username: formData.username, password: formData.password, }), }); const data = await res.json(); if (!res.ok) { setError(data.error || "Invalid credentials"); setLoading(false); return; } if (!data.success) { setError(data.error || "Login failed"); setLoading(false); return; } router.push("/staff/dashboard"); router.refresh(); } catch { setError("An error occurred during login. Please try again."); setLoading(false); } }; return (
{/* Logo */}

Mawidi

Staff Dashboard Access

{/* Login Card */}

Staff Login

Enter your credentials to access the staff dashboard

{error && (

{error}

)}
{/* Username */}
setFormData({ ...formData, username: e.target.value }) } className="w-full px-4 py-3 border border-gray-300 rounded-lg focus:ring-2 focus:ring-green-500 focus:border-transparent transition" placeholder="Enter your username" required autoComplete="username" disabled={loading} />
{/* Password */}
setFormData({ ...formData, password: e.target.value }) } className="w-full px-4 py-3 border border-gray-300 rounded-lg focus:ring-2 focus:ring-green-500 focus:border-transparent transition" placeholder="Enter your password" required autoComplete="current-password" disabled={loading} />
{/* Submit Button */}
{/* Security Notice */}

This area is restricted to authorized Mawidi staff only.
All access is logged and monitored.

); }