adding user-management for the backend

admin/login.php

@@ -1,5 +1,6 @@
 <?php
 require_once __DIR__ . '/../config.php';
+require_once __DIR__ . '/../includes/functions.php';
 
 // Handle logout
 if (isset($_GET['logout'])) {
@@ -12,14 +13,16 @@ if (isset($_GET['logout'])) {
 $error = '';
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $username = sanitize($_POST['username'] ?? '');
     $password = $_POST['password'] ?? '';
     
-    if (password_verify($password, ADMIN_PASSWORD_HASH)) {
+    $users = defined('ADMIN_USERS') ? ADMIN_USERS : [];
+    if (isset($users[$username]) && password_verify($password, $users[$username])) {
         $_SESSION['admin_logged_in'] = true;
         header('Location: index.php');
         exit;
     } else {
-        $error = 'Falsches Passwort.';
+        $error = 'Benutzername oder Passwort falsch.';
     }
 }
 
@@ -54,9 +57,13 @@ if (isset($_SESSION['admin_logged_in']) && $_SESSION['admin_logged_in']) {
             <?php endif; ?>
             
             <form method="POST" style="background: white; padding: 2rem; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1);">
+                <div class="form-group">
+                    <label for="username">Benutzername:</label>
+                    <input type="text" id="username" name="username" required autofocus>
+                </div>
                 <div class="form-group">
                     <label for="password">Passwort:</label>
-                    <input type="password" id="password" name="password" required autofocus>
+                    <input type="password" id="password" name="password" required>
                 </div>
                 <button type="submit" class="btn" style="width: 100%;">Anmelden</button>
             </form>

config.php

@@ -7,7 +7,7 @@ define('SITE_URL', ''); // Leave empty for relative URLs
 
 // Admin settings
 // Default password: admin123
-// Change this hash after first login!
+// Change these hashes after first login!
 //
 // To generate a new password hash in bash (using Python bcrypt):
 // python3 -c "import bcrypt; print(bcrypt.hashpw(b'your_new_password', bcrypt.gensalt(rounds=10, prefix=b'2y')).decode())"
@@ -15,9 +15,17 @@ define('SITE_URL', ''); // Leave empty for relative URLs
 // Alternative using htpasswd (if Apache tools are installed):
 // htpasswd -bnBC 10 "" your_new_password | sed 's/^://' | sed 's/\$2y\$/\$2y\$/'
 //
-// Copy the output hash and replace the value below.
+// To add a new admin user:
+// 1) Create a new hash for the password (see commands above).
+// 2) Add a new entry to ADMIN_USERS: 'username' => 'hash'
 //
-define('ADMIN_PASSWORD_HASH', '$2y$10$gArNDW.HhPmDcwYJ/xWRiOPkNop3695UIYzkV.G8WHQRUtLJVPLhy');
+// Example:
+// 'max' => '$2y$10$your_hash_here'
+//
+define('ADMIN_USERS', [
+    'admin' => '$2y$10$gArNDW.HhPmDcwYJ/xWRiOPkNop3695UIYzkV.G8WHQRUtLJVPLhy',
+    'manager' => '$2y$10$gArNDW.HhPmDcwYJ/xWRiOPkNop3695UIYzkV.G8WHQRUtLJVPLhy'
+]);
 
 // Reservation settings
 define('RESERVATION_EXPIRY_DAYS', 60);