| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 |
- <?php
- declare(strict_types=1);
- use App\App\Bootstrap;
- use App\Admin\Auth;
- use App\Security\Csrf;
- require dirname(__DIR__) . '/src/autoload.php';
- Bootstrap::init();
- $auth = new Auth();
- if (isset($_GET['logout']) && $_GET['logout'] === '1') {
- $auth->logout();
- header('Location: /admin/login.php');
- exit;
- }
- if ($auth->isLoggedIn()) {
- header('Location: /admin/index.php');
- exit;
- }
- $error = '';
- if ($_SERVER['REQUEST_METHOD'] === 'POST') {
- if (!Csrf::validate((string) ($_POST['csrf'] ?? ''))) {
- $error = 'Ungültiges CSRF-Token.';
- } else {
- $password = (string) ($_POST['password'] ?? '');
- if ($auth->login($password)) {
- header('Location: /admin/index.php');
- exit;
- }
- $error = 'Login fehlgeschlagen.';
- }
- }
- $csrf = Csrf::token();
- ?><!doctype html>
- <html lang="de">
- <head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
- <title>Admin Login</title>
- <link rel="stylesheet" href="/assets/css/tokens.css">
- <link rel="stylesheet" href="/assets/css/base.css">
- </head>
- <body>
- <main class="container">
- <section class="card">
- <h1>Admin Login</h1>
- <?php if ($error !== ''): ?>
- <p class="error"><?= htmlspecialchars($error) ?></p>
- <?php endif; ?>
- <form method="post">
- <input type="hidden" name="csrf" value="<?= htmlspecialchars($csrf) ?>">
- <div class="field">
- <label for="password">Passwort</label>
- <input id="password" name="password" type="password" required>
- </div>
- <button type="submit">Anmelden</button>
- </form>
- </section>
- </main>
- </body>
- </html>
|
