WRLC · shieldss · Apr 8, 2026 · Apr 8, 2026
diff --git a/public/header.php b/public/header.php
@@ -11,14 +11,14 @@
             // Destroy the session and redirect to login
             session_unset();
             session_destroy();
-            header("Location: login.php");
+            header("Location: /login.php");
             exit();
         }
     }
     // Update last activity timestamp
     $_SESSION['last_activity'] = time();
 } else {
-    header("Location: login.php");
+    header("Location: /login.php");
     exit();
 }
 

diff --git a/public/login.php b/public/login.php
@@ -1,105 +1,98 @@
+<?php
+require_once 'connect.php';
+
+$login = isset($_GET['login']) ? trim($_GET['login']) : '';
+
+$staffNames = array();
+
+$sql = "SELECT name FROM Staff ORDER BY name ASC";
+$query = mysqli_query($conn, $sql);
+
+if ($query instanceof mysqli_result) {
+    while ($row = mysqli_fetch_assoc($query)) {
+        $staffNames[] = isset($row['name']) ? $row['name'] : '';
+    }
+    mysqli_free_result($query);
+}
+
+if (isset($conn) && $conn instanceof mysqli) {
+    mysqli_close($conn);
+}
+
+function h($value)
+{
+    return htmlspecialchars((string)(isset($value) ? $value : ''), ENT_QUOTES, 'UTF-8');
+}
+?>
 <!DOCTYPE html>
 <html>
 <head>
-<?php include('connect.php'); ?>
-<!-- https://materializecss.com/getting-started.html -->
-<!--Import Google Icon Font-->
-<link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
-<!--Import materialize.css-->
-<link type="text/css" rel="stylesheet" href="css/materialize.min.css"  media="screen,projection"/>
- <link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" />
-<!--Let browser know website is optimized for mobile-->
-<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+    <meta charset="UTF-8">
+    <title>SCF Processing Login</title>
+    <link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
+    <link type="text/css" rel="stylesheet" href="css/materialize.min.css" media="screen,projection"/>
+    <link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
 </head>
 <body class="grey lighten-3">
 <nav>
-  <div class="nav-wrapper blue"> <img src="images/wrlc-logo-white.png" height="50px" style="margin:5px 0 0 20px; position:absolute;"> <a href="#" class="brand-logo" style="margin-left:90px;">SCF Processing</a> 
-
-  </div>
+    <div class="nav-wrapper blue">
+        <img src="images/wrlc-logo-white.png" height="50" style="margin:5px 0 0 20px; position:absolute;" alt="WRLC logo">
+        <a href="#" class="brand-logo" style="margin-left:90px;">SCF Processing</a>
+    </div>
 </nav>
 
-  <div class="row">
-     <div class="col s12 push-m3 m6">
-      <div class="card white lighten-1 mt-6">
-        <div class="card-content blue-text"> <span class="card-title">Staff Login</span>
-          <?php
-
-          $login = $_GET['login'] ?? '';
+<div class="row">
+    <div class="col s12 push-m3 m6">
+        <div class="card white lighten-1 mt-6">
+            <div class="card-content blue-text">
+                <span class="card-title">Staff Login</span>
 
-          if ($login === 'false') {
-            echo '<h3 class="card-title" style="color:#ee6e73;">Login failed.  Please try again.</h3>';
-          }
-
-
-
-
-					?>
-          <div class="row"> 
-
-            <!-- <form action="https://docs.google.com/forms/d/e/1FAIpQLSelZJBA1YQg4vJx6OTHotkmQ-TCZx24q2peSQ_BoMqKllqfDQ/formResponse" method="GET"> -->
-
-            <form action="create_session.php" class="col s12" method="post">
-              <div class="row">
-                <div class="input-field col s10"> <i class="material-icons prefix">account_circle</i>
-                  <select name="username">
-                    <option value="" disabled selected>Select Name</option>
-                    <?php
-
-
-
-	  /////Get Staff information	  
-$sql = "SELECT * FROM Staff ORDER by name ASC";
-$query 	= mysqli_query($conn, $sql);
-while ($row = mysqli_fetch_array($query))
+                <?php if ($login === 'false'): ?>
+                    <h3 class="card-title" style="color:#ee6e73;">Login failed. Please try again.</h3>
+                <?php endif; ?>
 
-{				
-
-		echo '<option value="'.$row['name'].'">'.$row['name'].'</option>';
-
-}			
-	mysqli_close($conn);				
-
-
+                <div class="row">
+                    <form action="create_session.php" class="col s12" method="post">
+                        <div class="row">
+                            <div class="input-field col s10">
+                                <i class="material-icons prefix">account_circle</i>
+                                <select name="username" required>
+                                    <option value="" disabled selected>Select Name</option>
+                                    <?php foreach ($staffNames as $staffName): ?>
+                                        <option value="<?php echo h($staffName); ?>">
+                                            <?php echo h($staffName); ?>
+                                        </option>
+                                    <?php endforeach; ?>
+                                </select>
+                                <label>Select Name</label>
+                            </div>
+                        </div>
 
+                        <div class="row">
+                            <div class="input-field col s10">
+                                <i class="material-icons prefix">lock</i>
+                                <input id="password" name="password" type="password" class="validate" required>
+                                <label for="password">Password</label>
+                            </div>
+                        </div>
 
-?>
-                  </select>
-                  <label>Select Name</label>
+                        <button class="btn waves-effect waves-light right" type="submit">
+                            Login <i class="material-icons right">exit_to_app</i>
+                        </button>
+                    </form>
                 </div>
-              </div>
-              <div class="row">
-                <div class="input-field col s10"> <i class="material-icons prefix">lock</i>
-                  <input id="password" name="password" type="password" class="validate">
-                  <label for="password">Password</label>
-                </div>
-              </div>
-              <button class="btn waves-effect waves-light right" type="submit" >Login <i class="material-icons right">exit_to_app</i> </button>
-            </form>
-          </div>
+            </div>
         </div>
-      </div>
     </div>
-  </div>
-
-
-<!--JavaScript at end of body for optimized loading--> 
-
-<!--  Scripts--> 
-<script src="https://code.jquery.com/jquery-2.1.1.min.js"></script> 
-<script src="js/materialize.js"></script> 
-<script src="js/init.js"></script> 
-<script>document.addEventListener('DOMContentLoaded', function() {
-    var elems = document.querySelectorAll('select');
-    var instances = M.FormSelect.init(elems, options);
-  });
-
-  // Or with jQuery
+</div>
 
-  $(document).ready(function(){
-    $('select').formSelect();
-  });
-
-  </script> 
-<script type="text/javascript" src="js/materialize.min.js"></script>
+<script src="https://code.jquery.com/jquery-2.1.1.min.js"></script>
+<script src="js/materialize.min.js"></script>
+<script>
+document.addEventListener('DOMContentLoaded', function() {
+    M.FormSelect.init(document.querySelectorAll('select'));
+});
+</script>
 </body>
 </html>
diff --git a/public/refile/include/refresh.php b/public/refile/include/refresh.php
@@ -1,20 +1,18 @@
 <script>
-        let inactivityTime = 30 * 60 * 1000; // 30 minutes in milliseconds
-        let activityTimer;
+    let inactivityTime = 28 * 60 * 1000;
+    let activityTimer;
 
-        function resetTimer() {
-            clearTimeout(activityTimer);
-            activityTimer = setTimeout(() => {
-                location.reload(); // Refresh page after 30 minutes of inactivity
-            }, inactivityTime);
-        }
+    function resetTimer() {
+        clearTimeout(activityTimer);
+        activityTimer = setTimeout(function () {
+            window.location.href = '../login.php';
+        }, inactivityTime);
+    }
 
-        // Detect user activity
-        document.addEventListener("mousemove", resetTimer);
-        document.addEventListener("keypress", resetTimer);
-        document.addEventListener("scroll", resetTimer);
-        document.addEventListener("click", resetTimer);
+    document.addEventListener('mousemove', resetTimer);
+    document.addEventListener('keypress', resetTimer);
+    document.addEventListener('scroll', resetTimer);
+    document.addEventListener('click', resetTimer);
 
-        // Initialize timer on page load
-        resetTimer();
-    </script>
+    resetTimer();
+</script>