array($data) || !isset($data['p'],$data['h'],$data['t'])) return null;
    // anti-replay: 60s window
    if (abs(time() - intval($data['t'])) > 60) return null;
    $calc = hash_hmac('sha256', $data['p'], HMAC_KEY);
    if (!hash_equals($calc, $data['h'])) return null;
    $raw = base64_decode($data['p']);
    $method = 'AES-256-CBC';
    $ivlen = openssl_cipher_iv_length($method);
    $iv = substr($raw, 0, $ivlen);
    $cipher = substr($raw, $ivlen);
    $plain = openssl_decrypt($cipher, $method, ENCRYPTION_KEY, OPENSSL_RAW_DATA, $iv);
    return $plain === false ? null : $plain;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>Login - Nexa Admin Panel</title>
  <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
  <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css" rel="stylesheet">
  <style>
    body { background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); min-height: 100vh; display: flex; align-items: center; justify-content: center; }
    .login-card { background: rgba(255, 255, 255, 0.95); border-radius: 15px; box-shadow: 0 15px 35px rgba(0, 0, 0, 0.1); backdrop-filter: blur(10px); }
    .login-header { background: linear-gradient(135deg, #00d4ff 0%, #0099cc 100%); color: white; padding: 2rem; border-radius: 15px 15px 0 0; text-align: center; }
    .login-body { padding: 2rem; }
    .form-control { border-radius: 10px; border: 2px solid #e9ecef; padding: 12px 15px; }
    .form-control:focus { border-color: #00d4ff; box-shadow: 0 0 0 0.2rem rgba(0, 212, 255, 0.25); }
    .btn-login { background: linear-gradient(135deg, #00d4ff 0%, #0099cc 100%); border: none; border-radius: 10px; padding: 12px; font-weight: 600; transition: all 0.3s ease; }
    .btn-login:hover { transform: translateY(-2px); box-shadow: 0 5px 15px rgba(0, 212, 255, 0.4); }
    .nav-pills .nav-link.active { background: linear-gradient(135deg, #00d4ff 0%, #0099cc 100%); }
  </style>
</head>
<body>
  <div class="container">
    <div class="row justify-content-center">
      <div class="col-md-6 col-lg-5">
        <div class="login-card">
          <div class="login-header">
            <i class="fas fa-shield-alt fa-3x mb-3"></i>
            <h2>Nexa Solutions</h2>
            <p class="mb-0">Admin Panel</p>
          </div>
          <div class="login-body">
            
            <ul class="nav nav-pills nav-fill mb-3" role="tablist">
              <li class="nav-item" role="presentation">
                <button class="nav-link active" data-bs-toggle="pill" data-bs-target="#tab-user" type="button" role="tab">Username/Password</button>
              </li>
              <li class="nav-item" role="presentation">
                <button class="nav-link " data-bs-toggle="pill" data-bs-target="#tab-key" type="button" role="tab">License Key</button>
              </li>
            </ul>

            <div class="tab-content">
              <div class="tab-pane fade show active" id="tab-user" role="tabpanel">
                <form method="POST" action="">
                  <input type="hidden" name="mode" value="user">
                  <div class="mb-3">
                    <label for="username" class="form-label"><i class="fas fa-user"></i> Username</label>
                    <input type="text" class="form-control" id="username" name="username" value="" required autofocus>
                  </div>
                  <div class="mb-4">
                    <label for="password" class="form-label"><i class="fas fa-lock"></i> Password</label>
                    <input type="password" class="form-control" id="password" name="password" required>
                  </div>
                  <button type="submit" class="btn btn-primary btn-login w-100"><i class="fas fa-sign-in-alt"></i> Login</button>
                </form>
              </div>

              <div class="tab-pane fade " id="tab-key" role="tabpanel">
                <form method="POST" action="">
                  <input type="hidden" name="mode" value="key">
                  <div class="mb-3">
                    <label for="license_key" class="form-label"><i class="fas fa-key"></i> License Key</label>
                    <input type="text" class="form-control" id="license_key" name="license_key" value="" required>
                  </div>
                  <div class="mb-2 text-muted small">Only licenses with admin privileges can access the admin panel.</div>
                  <button type="submit" class="btn btn-primary btn-login w-100"><i class="fas fa-sign-in-alt"></i> Login with Key</button>
                </form>
              </div>
            </div>

            <div class="text-center mt-3">
              <small class="text-muted">Default admin: admin / admin123</small>
            </div>
          </div>
        </div>
      </div>
    </div>
  </div>

  <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>