Medowar
/
feuerwehr-freising-antragsformular


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889
							<?php

declare(strict_types=1);

use App\App\Bootstrap;
use App\Admin\Auth;
use App\Security\Csrf;

require dirname(__DIR__) . '/src/autoload.php';
Bootstrap::init();
$app = Bootstrap::config('app');

$auth = new Auth();

if (isset($_GET['logout']) && $_GET['logout'] === '1') {
    $auth->logout();
    header('Location: ' . Bootstrap::url('admin/login.php'));
    exit;
}

if ($auth->isLoggedIn()) {
    header('Location: ' . Bootstrap::url('admin/index.php'));
    exit;
}

$error = '';
$username = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    if (!Csrf::validate((string) ($_POST['csrf'] ?? ''))) {
        $error = 'Ungültiges CSRF-Token.';
    } else {
        $username = trim((string) ($_POST['username'] ?? ''));
        $password = (string) ($_POST['password'] ?? '');
        if ($auth->login($username, $password)) {
            header('Location: ' . Bootstrap::url('admin/index.php'));
            exit;
        }
        $error = 'Login fehlgeschlagen.';
    }
}

$csrf = Csrf::token();
?><!doctype html>
<html lang="de">
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Admin Login</title>
    <link rel="stylesheet" href="<?= htmlspecialchars(Bootstrap::url('assets/css/tokens.css')) ?>">
    <link rel="stylesheet" href="<?= htmlspecialchars(Bootstrap::url('assets/css/base.css')) ?>">
</head>
<body class="admin-page">
<header class="site-header">
    <div class="container header-inner">
        <a class="brand" href="<?= htmlspecialchars(Bootstrap::url('admin/login.php')) ?>">
            <img class="brand-logo" src="<?= htmlspecialchars(Bootstrap::url('assets/images/feuerwehr-logo-invers.webp')) ?>" alt="Feuerwehr Logo">
            <div class="brand-title"><?= htmlspecialchars((string) ($app['project_name'] ?? 'Admin')) ?></div>
        </a>
    </div>
</header>
<main class="container">
    <section class="card auth-container">
        <h1>Admin Login</h1>
        <?php if ($error !== ''): ?>
            <p class="alert alert-error"><?= htmlspecialchars($error) ?></p>
        <?php endif; ?>
        <form method="post">
            <input type="hidden" name="csrf" value="<?= htmlspecialchars($csrf) ?>">
            <div class="field">
                <label for="username">Benutzername</label>
                <input
                    id="username"
                    name="username"
                    type="text"
                    required
                    autocomplete="username"
                    value="<?= htmlspecialchars($username) ?>"
                >
            </div>
            <div class="field">
                <label for="password">Passwort</label>
                <input id="password" name="password" type="password" required autocomplete="current-password">
            </div>
            <button type="submit" class="btn">Anmelden</button>
        </form>
    </section>
</main>
</body>
</html>