session_start() and checks for a valid usuario_id in the session before granting access. Unauthenticated or expired sessions are redirected back to the login page automatically.
Roles
There are two roles in the system:| Role | Access |
|---|---|
| Administrator | Full access to all modules: Clients, Rooms, Reservations, and Users |
| Client | Can view available rooms and view their own reservations only |
Logging In
Navigate to the login page
Open
/views/login.php in your browser. If you already have an active session, you will be redirected directly to the dashboard (panel.php).Enter your credentials
Fill in your Email Address and Password, then click Entrar.The seed accounts for testing are:
| Password | Role | |
|---|---|---|
admin@correo.com | 12345 | Administrator |
cliente@correo.com | 12345 | Client |
Your email address must be verified before you can log in. Attempting to log in with an unverified account will display an error and offer a button to resend the verification email.
Registering a New Account
Self-registration is available from the login page. Accounts created via registration are assigned the Client role by default. An associated client record is also created automatically with a placeholder phone number.Open the registration page
Click Crear una cuenta nueva on the login page, or navigate to
/views/registro.php.Fill in the registration form
Provide your Full Name, Email Address, and a Password (the form requires at least 5 characters). Email addresses must be unique — registering with an already-used address will show an error.
Submit the form
Click Registrarse. The system creates your user account and a linked client record, then sends a verification email via PHPMailer.
Email verification is required before your first login. You cannot access the system until your email address has been confirmed.
Recovering a Forgotten Password
Go to the recovery page
Click ¿Olvidaste tu contraseña? on the login page, or navigate to
/views/recuperar.php.Enter your email address
Type the email associated with your account and click Solicitar Enlace. For security, the system always shows a generic success message regardless of whether the email exists in the database.
Open the reset link
Check your inbox for a reset email. Click the link, which routes to
/views/reset_password.php?token=.... The token is validated against the database and expires after 1 hour (expiracion_token_recuperacion). Expired or invalid tokens are rejected.Resending the Verification Email
If you did not receive the verification email or the link expired:Attempt to log in
Go to the login page and submit your credentials. If your account is not yet verified, an error will appear along with a Reenviar correo de verificación button.
Click the resend button
Clicking the button submits your email to
/php/auth/reenviar_verificacion.php. The system generates a new token, updates the database, and sends a fresh verification email.Session Management
- Sessions are started with
session_start()on every protected page. - On successful login,
session_regenerate_id(true)is called to prevent session fixation attacks. - The session stores four values:
usuario_id,usuario_nombre,usuario_rol_id, andusuario_rol_nombre. - Logging out (via
/php/auth/logout.php) destroys the session and redirects to the login page. - If a session has expired or is missing, any protected page redirects the user back to
login.php. - Passwords are compared as plain text — no hashing is applied. Use this system only in controlled local environments.